Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\winsync.vbs
- %WINDIR%\syswow64\notepad.exe
- winsync.exe
- %APPDATA%\microsoft\winsync.exe
- %APPDATA%\microsoft\winsync.exe:zoneidentifier
- 'co####t.no-ip.org':5000
- DNS ASK co####t.no-ip.org
- DNS ASK ba####sp.loginto.me
- '%APPDATA%\microsoft\winsync.exe'
- '%APPDATA%\microsoft\winsync.exe' 2 200 1055828
- '%WINDIR%\syswow64\notepad.exe'