Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'ruj' = '%APPDATA%\Microsoft\MMC\ruj.exe'
- ruj.exe
- %TEMP%\aut68e0.tmp
- %APPDATA%\ipalszliszsprvidkwfndpagl10373.png
- %APPDATA%\microsoft\mmc\ruj.exe
- %TEMP%\auta302.tmp
- %TEMP%\aut68e0.tmp
- %TEMP%\auta302.tmp
- 'cl#####.enigmasolutions.xyz':54578
- DNS ASK cl#####.enigmasolutions.xyz
- '%APPDATA%\microsoft\mmc\ruj.exe'