Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cred' = 'rundll32 %TEMP%\cred.dll, Main'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'scr' = 'rundll32 %TEMP%\scr.dll, Main'
- %PROGRAMDATA%\a174c1ef10e2077451f5b6dda83242a1
- %PROGRAMDATA%\1321ba6d1f\bdif.exe
- %TEMP%\cred.dll
- %TEMP%\scr.dll
- %TEMP%\24fbcbe0ee.jpg
- %TEMP%\24fbcbe0ee.jpg
- '21#.#.117.52':80
- '<LOCALNET>.20.41':80
- http://21#.#.117.52/gBvqLn4Dc/cred.dll
- http://21#.#.117.52/gBvqLn4Dc/scr.dll
- http://21#.#.117.52/gBvqLn4Dc/index.php
- '%PROGRAMDATA%\1321ba6d1f\bdif.exe'
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v cred /t REG_SZ /d "rundll32 %TEMP%\cred.dll, Main"
- '%WINDIR%\syswow64\rundll32.exe' %TEMP%\cred.dll, Main
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v scr /t REG_SZ /d "rundll32 %TEMP%\scr.dll, Main"
- '%WINDIR%\syswow64\rundll32.exe' %TEMP%\scr.dll, Main
- '%WINDIR%\syswow64\cmd.exe' /C SCHTASKS /Create /SC HOURLY /MO 1 /TN a174c1ef10e2077451f5b6dda83242a1 /TR %PROGRAMDATA%\1321ba6d1f\bdif.exe
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d %PROGRAMDATA%\1321ba6d1f
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC HOURLY /MO 1 /TN a174c1ef10e2077451f5b6dda83242a1 /TR %PROGRAMDATA%\1321ba6d1f\bdif.exe