Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RuntimeBroker' = '"%APPDATA%\Bckvsokdw\RuntimeBroker.exe"'
- %APPDATA%\bckvsokdw\runtimebroker.exe
- 'cl######.homesecuritypc.com':80
- 'di##ord.com':443
- http://cl######.homesecuritypc.com/packages/Saqdtrmx_Pyevhzie.bmp
- 'di##ord.com':443
- DNS ASK cl######.homesecuritypc.com
- DNS ASK di##ord.com
- '%WINDIR%\syswow64\cmd.exe' /c timeout 20' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 20
- '%WINDIR%\syswow64\timeout.exe' 20