Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\RGzw68TFxR.eu.url
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- %TEMP%\Ao0Q.PB
- %TEMP%\aut1.tmp
- %APPDATA%\RGzw68TFxR\RGzw68TFxR.exe
- %TEMP%\aut1.tmp
- '19#.#64.131.143':4782
- 'fr###eoip.net':80
- 'ip##pi.com':80
- http://fr###eoip.net/xml/
- http://ip##pi.com/json/
- DNS ASK ap#.#pify.org
- DNS ASK fr###eoip.net
- DNS ASK ip##pi.com