Technical Information
- %ALLUSERSPROFILE%\152119601237922022915161
- %ALLUSERSPROFILE%\887f8b6976\rween.exe
- %ALLUSERSPROFILE%\50cb447688f8dd\cred.dll
- '17#.#11.174.35':80
- '<LOCALNET>.32.48':80
- http://17#.#11.174.35/fO0r5se3dW/index.php
- '%ALLUSERSPROFILE%\887f8b6976\rween.exe'
- '%ALLUSERSPROFILE%\887f8b6976\rween.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d %ALLUSERSPROFILE%\887f8b6976\' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' %ALLUSERSPROFILE%\50cb447688f8dd\cred.dll, Main' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d %ALLUSERSPROFILE%\887f8b6976\
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d %ALLUSERSPROFILE%\887f8b6976\
- '%WINDIR%\syswow64\rundll32.exe' %ALLUSERSPROFILE%\50cb447688f8dd\cred.dll, Main