Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dmirb' = '%APPDATA%\inwsclg\plueajsoxt.exe "%TEMP%\vpviupnho.exe" %LOCALAPPDATA%�'
- vpviupnho.exe
- %TEMP%\nsa4653.tmp
- %TEMP%\hogcdndxd.q
- %TEMP%\brkzg.tj
- %TEMP%\vpviupnho.exe
- %APPDATA%\inwsclg\plueajsoxt.exe
- 'ka####a.duckdns.org':1992
- 'ge###ugin.net':80
- http://ge###ugin.net/json.gp
- 'ka####a.duckdns.org':1992
- DNS ASK ka####a.duckdns.org
- DNS ASK ge###ugin.net
- '%TEMP%\vpviupnho.exe' %TEMP%\brkzg.tj
- '%TEMP%\vpviupnho.exe'