Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Rainmeter' = '%ALLUSERSPROFILE%\VR684EC042S\Rainmeter.exe'
- %ALLUSERSPROFILE%\vr684ec042s\rainmeter.dll
- %ALLUSERSPROFILE%\vr684ec042s\rainmeter.exe
- %ALLUSERSPROFILE%\vr684ec042s\rainmeter.txt
- %LOCALAPPDATA%\178bfbff000406f1
- %ALLUSERSPROFILE%\vr684ec042s\key
- 'xd##.selfip.com':8080
- 'xd##.selfip.com':12345
- http://xd##.##lfip.com:8080/9x.dll via xd##.selfip.com
- 'xd##.selfip.com':12345
- DNS ASK xd##.selfip.com
- ClassName: 'EDIT' WindowName: ''
- '%ALLUSERSPROFILE%\vr684ec042s\rainmeter.exe'