Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe,"<SYSTEM32>\clientmon.exe"'
- <SYSTEM32>\cmd.exe
- %APPDATA%\Epicbot-Setup.exe
- %TEMP%\is-FOJ55.tmp\Epicbot-Setup.tmp
- C:\a2f1dba0be975a7e51b9d49e1828f5a9126ffab5
- C:\567953\windowsliveupdater.exe
- <SYSTEM32>\clientmon.exe
- C:\a2f1dba0be975a7e51b9d49e1828f5a9126ffab5
- %TEMP%\is-FOJ55.tmp\Epicbot-Setup.tmp
- 'au#####599.no-ip.biz':7777
- 'bl#####mond15.no-ip.org':7777
- DNS ASK au#####599.no-ip.biz
- DNS ASK bl#####mond15.no-ip.org
- '%APPDATA%\Epicbot-Setup.exe'
- '<Full path to file>'
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn "Windows Live" /rl highest /tr "'\567953\windowsliveupdater.exe' /startup" /f