Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GcvvvbjD\' = '%APPDATA%\GcvvvbjD\ENaFNeqe.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%APPDATA%\server\server.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %APPDATA%\gcvvvbjd\enafneqe.exe
- %APPDATA%\server\server.exe
- %APPDATA%\user.txt
- http://fr###eoip.net/json/
- http://fr###eoip.net/shutdown
- DNS ASK fr###eoip.net
- DNS ASK mu#####ndigo.no-ip.biz
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe' ' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe'