Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\system32.lnk
- %APPDATA%\sysx64\settings.dat
- %APPDATA%\sysx64\svchost.exe
- %APPDATA%\sysx64\vp8decoder.dll
- %APPDATA%\sysx64\vp8encoder.dll
- %APPDATA%\rms_settings\logs\rms_log_2022-05.html
- 'rm##sys.ru':80
- 'rm#####ver.tektonit.ru':5655
- http://rm##sys.ru/utils/inet_id_notify.php?te####
- 'rm#####ver.tektonit.ru':5655
- DNS ASK rm##sys.ru
- DNS ASK rm#####ver.tektonit.ru
- ClassName: 'EDIT' WindowName: ''
- '%APPDATA%\sysx64\svchost.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%APPDATA%\sysx64\svchost.exe"