Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'spacessp' = '%LOCALAPPDATA%\storespmgr.exe'
- storespmgr.exe
- %LOCALAPPDATA%\storespmgr.exe
- 'al###1.ddns.net':3535
- DNS ASK al###1.ddns.net
- '%LOCALAPPDATA%\storespmgr.exe'
- '%LOCALAPPDATA%\storespmgr.exe' /stext "%TEMP%\ckbrmhrruxbrnqfyylifzsa"
- '%LOCALAPPDATA%\storespmgr.exe' /stext "%TEMP%\negjnackqftwyxtchwvzcfvjmn"
- '%LOCALAPPDATA%\storespmgr.exe' /stext "%TEMP%\xgtcgkmmeolbalpgygiankpsvtkqd"
- '%WINDIR%\syswow64\cmd.exe' /c copy "<Full path to file>" "%LOCALAPPDATA%\storespmgr.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c, "%LOCALAPPDATA%\storespmgr.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c copy "<Full path to file>" "%LOCALAPPDATA%\storespmgr.exe"
- '%WINDIR%\syswow64\cmd.exe' /c, "%LOCALAPPDATA%\storespmgr.exe"