Technical Information
- <SYSTEM32>\tasks\utsysc.exe
- %TEMP%\4fdb51ccdc\utsysc.exe
- %TEMP%\238866942124
- %APPDATA%\80c6bf70bf3f8f\cred64.dll
- '18#.#72.128.5':80
- http://18#.#72.128.5/v8sjh3hs8/Plugins/cred64.dll
- http://18#.#72.128.5/v8sjh3hs8/index.php
- '%TEMP%\4fdb51ccdc\utsysc.exe'
- '%TEMP%\4fdb51ccdc\utsysc.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "%TEMP%\4fdb51ccdc\Utsysc.exe" /F' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' %APPDATA%\80c6bf70bf3f8f\cred64.dll, Main' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "%TEMP%\4fdb51ccdc\Utsysc.exe" /F
- '%WINDIR%\syswow64\rundll32.exe' %APPDATA%\80c6bf70bf3f8f\cred64.dll, Main
- '<SYSTEM32>\rundll32.exe' %APPDATA%\80c6bf70bf3f8f\cred64.dll, Main