Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\a3408977eb0ed5d7b35c2bb2ef1cbb61.lnk
- '%APPDATA%\a3408977eb0ed5d7b35c2bb2ef1cbb61\crossfire.exe'
- '<SYSTEM32>\cmd.exe' /c del <Full path to virus> > nul
- %APPDATA%\a3408977eb0ed5d7b35c2bb2ef1cbb61\a3408977eb0ed5d7b35c2bb2ef1cbb61.lnk
- %APPDATA%\a3408977eb0ed5d7b35c2bb2ef1cbb61\crossfire.exe
- %APPDATA%\a3408977eb0ed5d7b35c2bb2ef1cbb61\a3408977eb0ed5d7b35c2bb2ef1cbb61.lnk
- 'www.xu####aomiao.com':1150
- DNS ASK www.xu####aomiao.com