Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'init' = 'C:\Users\Public\init.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'init' = 'C:\Users\Public\init.exe'
- <SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce /v init /d C:\Users\Public\init.exe /f
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce /v init /d C:\Users\Public\init.exe /f
- <SYSTEM32>\cmd.exe /c C:\holyshit.bat
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- C:\Users\Public\init.exe
- C:\holyshit.bat
- %ALLUSERSPROFILE%\Application Data\TEMP:D56FBB0B
- 'jb###.zapto.org':21
- 'dl.##opbox.com':443
- 'localhost':1036
- DNS ASK jb###.zapto.org
- DNS ASK dl.##opbox.com