Technical Information
- <SYSTEM32>\tasks\utsysc.exe
- %TEMP%\4fdb51ccdc\utsysc.exe
- %TEMP%\238866942124
- %APPDATA%\80c6bf70bf3f8f\cred64.dll
- '18#.#72.128.5':80
- http://18#.#72.128.5/v8sjh3hs8/Plugins/cred64.dll
- http://18#.#72.128.5/v8sjh3hs8/index.php
- '%TEMP%\4fdb51ccdc\utsysc.exe'
- '%TEMP%\4fdb51ccdc\utsysc.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "%TEMP%\4fdb51ccdc\Utsysc.exe" /F' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' %APPDATA%\80c6bf70bf3f8f\cred64.dll, Main' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "%TEMP%\4fdb51ccdc\Utsysc.exe" /F
- '<SYSTEM32>\taskeng.exe' {E5E53CD2-9F0F-4633-A54A-B37E53364E41} S-1-5-21-1238866942-1249195528-555854008-1000:asewkvrtngfs\user:Interactive:[1]
- '%WINDIR%\syswow64\rundll32.exe' %APPDATA%\80c6bf70bf3f8f\cred64.dll, Main