Technical Information
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'RMTsys' = 'RMTsys.exe'
- '<SYSTEM32>\net.exe' stop SharedAccess
- %TEMP%\mal_pc.exe
- <SYSTEM32>\rmtsys.exe
- http://ch#####.dyndns.org:8245/ via ch####p.dyndns.org
- DNS ASK rm###s.mine.nu
- DNS ASK ch####p.dyndns.org
- DNS ASK sm##.gmail.com
- '%TEMP%\mal_pc.exe'
- '<SYSTEM32>\cmd.exe' /c net stop SharedAccess' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c"%TEMP%\MAL_PC.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c"%TEMP%\MAL_PC.exe"
- '<SYSTEM32>\cmd.exe' /c net stop SharedAccess
- '<SYSTEM32>\net1.exe' stop SharedAccess