Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\50673.exe
- %LOCALAPPDATA%\zzuser\slideshow.mp4
- %APPDATA%\del.bat
- 'su####tmozilla.org':80
- http://su####tmozilla.org/cgi-sys/suspendedpage.cgi
- http://su####tmozilla.org/en/gate.php
- DNS ASK su####tmozilla.org
- '%APPDATA%\microsoft\windows\start menu\programs\startup\50673.exe'
- '%APPDATA%\microsoft\windows\start menu\programs\startup\50673.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %APPDATA%\del.bat
- '%WINDIR%\syswow64\ping.exe' localhost -n 3
- '%WINDIR%\syswow64\cmd.exe' /c del "%APPDATA%\del.bat"