Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'УўМШ¶ыЈЁRЈ©ПФїЁЗэ¶ЇіМРт' = '%WINDIR%\Arui.exe'
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\ip[1]
- %WINDIR%\Arui.exe
- <Full path to file>
- 'dd###rui.win':2018
- 'ip.cn':80
- http://ip.cn/
- DNS ASK dd###rui.win
- DNS ASK ip.cn
- '%WINDIR%\Arui.exe'
- '<SYSTEM32>\cmd.exe' /c del <File name>.exe