Technical Information
- %TEMP%\testz0rus.exe
- C:\winboot.exe
- %TEMP%\xx--xx--xx.txt
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %TEMP%\xx--xx--xx.txt
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- 'localhost':43594
- DNS ASK fr####at.no-ip.org
- '%TEMP%\testz0rus.exe'
- 'C:\winboot.exe'
- '%TEMP%\testz0rus.exe' ' (with hidden window)