Technical Information
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'asd' = '%APPDATA%\asd\zzz.exe'
- %APPDATA%\asd\zzz.exe
- %APPDATA%\logs\04-07-2020
- %APPDATA%\asd\zzz.exe
- 'localhost':4782
- http://fr###eoip.net/shutdown
- DNS ASK fr###eoip.net
- '%APPDATA%\asd\zzz.exe'
- '%APPDATA%\asd\zzz.exe' ' (with hidden window)