Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winlogon' = '%APPDATA%\Luffy.exe'
- svchost.exe
- %APPDATA%\luffy.exe
- %APPDATA%\svchost.exe
- %TEMP%\pyinarcl
- 'st####.no-ip.biz':3030
- http://me#####shid.netai.net/index.php?ac##################################################
- DNS ASK st####.no-ip.biz
- DNS ASK au######on.whatismyip.com
- DNS ASK me#####shid.netai.net
- DNS ASK 00###bhost.com
- '%APPDATA%\svchost.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' -x -s 1488