Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\skid.exe
- <SYSTEM32>\tasks\winlogstart
- http://18#.#65.185.107/deca.exe as .\skid.exe
- http://18#.#65.185.107/peder.exe as .\skid.exe
- C:\wwservice\eaccservice2.bat
- C:\wwservice\eaccservice.bat
- '18#.#65.185.107':80
- 'ip##pi.com':80
- '10#.#05.181.190':2323
- http://18#.#65.185.107/owersite_2_1.bat
- http://18#.#65.185.107/fudbro.bat
- http://18#.#65.185.107/deca.exe
- http://ip##pi.com/json/
- '10#.#05.181.190':2323
- DNS ASK ip##pi.com
- '%APPDATA%\microsoft\windows\start menu\programs\startup\skid.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\WWService\EACCService.bat""
- '<SYSTEM32>\cmd.exe' /c ""C:\WWService\EACCService2.bat""
- '<SYSTEM32>\schtasks.exe' /create /tn "WinLogStart" /sc ONLOGON /tr "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\skid.exe" /rl HIGHEST /f