Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\office.exe.lnk
- %TEMP%\a67e537e-0101-412f-a358-1a61ad4fcdf7\agiledotnetrt64.dll
- %HOMEPATH%\music\saved music\windows music\protobuf-net.dll
- %HOMEPATH%\music\saved music\windows music\bouncycastle.crypto.dll
- http://google.com/generate_204
- http://wi#####updateserver.cf/main/alpha/admin/php/running.php
- http://wi#####updateserver.cf/main/alpha/admin/php/protobuf-net.dll
- http://wi#####updateserver.cf/main/alpha/admin/php/BouncyCastle.Crypto.dll
- DNS ASK google.com
- DNS ASK wi#####updateserver.cf