Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '66D01695C4AC46979A3C33DE6C02F473' = '"<Full path to file>"'
- %WINDIR%\syswow64\cmd.exe
- '10#.#06.243.58':4541
- 'ge###ugin.net':80
- http://ge###ugin.net/json.gp
- '10#.#06.243.58':4541
- DNS ASK ge###ugin.net
- '%WINDIR%\syswow64\cmd.exe'