Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Store' = '%APPDATA%\taskmgr.exe'
- '%APPDATA%\taskmgr.exe'
- '<SYSTEM32>\taskkill.exe' /f /im rundll32.exe
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Windows Store" /t REG_SZ /d "%APPDATA%\taskmgr.exe" /f
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\store.cmd" "
- %APPDATA%\settings.dat
- %APPDATA%\taskmgr.exe
- %APPDATA%\RUT_settings\Logs\rms_log_2017-11.html
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %APPDATA%\store.cmd
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- 'ip##et.ru':5655
- 'ru##ls.com':80
- http://ru##ls.com/utils/inet_id_notify.php?te####
- DNS ASK ip##et.ru
- DNS ASK ru##ls.com
- ClassName: '' WindowName: ''