Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ntdll' = '"%APPDATA%\NT\ntdll.exe" ddd-36e39e14b94e25b82fe261e90d3d06b1'
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /t REG_SZ /f /v ntdll /d "\"%APPDATA%\NT\ntdll.exe\" ddd-36e39e14b94e25b82fe261e90d3d06b1"
- '%APPDATA%\NT\ntdll.exe' ddd-36e39e14b94e25b82fe261e90d3d06b1
- '<SYSTEM32>\cmd.exe' /c "%APPDATA%\NT\ntdll.exe.cmd"
- %APPDATA%\NT\ntdll.exe.cmd
- %APPDATA%\NT\ntdll.exe
- %APPDATA%\NT\ntdll.exe.cmd
- '41.##.157.34':80
- http://41.##.157.34/aspnet_client/system_web/4_0_30319/update/DefaultForm.txt?c5#################################################################################################################...