Technical Information
- %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe
- %APPDATA%\microsoft\windows\start menu\noplezeu1.exe
- http://ch#####.amazonaws.com/
- http://www.ge###ugin.net/json.gp?ip###############
- http://je###rab.xyz/IRemotePanel
- DNS ASK d1###tion.space
- DNS ASK 5i##.#ppcurnet.ru
- DNS ASK je###rab.xyz
- DNS ASK ap#.ip.sb
- DNS ASK ch#####.amazonaws.com
- DNS ASK wh###.iana.org
- DNS ASK WH###.RIPE.NET
- DNS ASK ge###ugin.net
- '%APPDATA%\microsoft\windows\start menu\noplezeu1.exe'
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\dw20.exe' -x -s 2616
- '%WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe'