Technical Information
- %TEMP%\test.exe
- %TEMP%\server.exe
- %APPDATA%\ztids.exe
- %TEMP%\xgyreaauc
- %APPDATA%\ztids.exe
- %TEMP%\server.exe
- 'localhost':80
- 'gu####aster.b.gp':80
- DNS ASK au######on.whatismyip.com
- DNS ASK gu####aster.b.gp
- '%TEMP%\test.exe'
- '%TEMP%\server.exe'
- '%APPDATA%\ztids.exe' %TEMP%\Server.exe
- '%APPDATA%\ztids.exe' %TEMP%\Server.exe' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' -x -s 948