Technical Information
- %WINDIR%\syswow64\notepad.exe
- %WINDIR%\explorer.exe
- %WINDIR%\syswow64\control.exe
- iexplore.exe
- firefox.exe
- <Full path to file>
- DNS ASK ip####xtrade.com
- '%WINDIR%\syswow64\notepad.exe'
- '%WINDIR%\syswow64\control.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%WINDIR%\SysWOW64\notepad.exe"