Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SoftwareEducation' = '<SYSTEM32>\msiexec.exe /i "%ALLUSERSPROFILE%\Setup Files\\Setup_2_user.exe" /qn'
- %ALLUSERSPROFILE%\setup files\2.zip
- %ProgramFiles%\setupf~1\find.jpg
- %ALLUSERSPROFILE%\setup files\2.zip
- http://70.##.102.40/SetupFilesP.zip
- http://no#####m.shacknet.us/troBEROamkr0192013.php
- DNS ASK no#####m.shacknet.us
- '<SYSTEM32>\reg.exe' ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "SoftwareEducation" /t REG_SZ /F /D "<SYSTEM32>\msiexec.exe /i \"%ALLUSERSPROFILE%\Setup Files\\Setup_2_user.exe\" /qn"
- '<SYSTEM32>\cmd.exe' /c shutdown -r -t 0 -f
- '<SYSTEM32>\shutdown.exe' -r -t 0 -f