Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'bd2.exe' = '<SYSTEM32>\bd2.exe'
- <SYSTEM32>\bd2.exe
- %TEMP%\temp.cmd
- %TEMP%\victiminfo.txt
- <SYSTEM32>\bd2.exe
- %TEMP%\temp.cmd
- http://ch####p.dyndns.org/
- http://www.fl##s.net/
- DNS ASK ft#.#rivehq.com
- DNS ASK ch####p.dyndns.org
- DNS ASK fl##s.net
- '<SYSTEM32>\bd2.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\temp.cmd""