Technical Information
- <Current directory>\µ¥»ú²âêôµçâ¼æ÷.exe
- %TEMP%\fuck1.dll
- %TEMP%\crass.exe
- <Current directory>\µ¥»ú²âêôµçâ¼æ÷.exe
- %TEMP%\fuck1.dll
- %TEMP%\crass.exe
- 'dy#.#aomox.com':8888
- '22#.#86.174.20':52529
- http://22#.###.174.20:52529/zszserver.ini?1 via 22#.#86.174.20
- DNS ASK dy#.#aomox.com
- DNS ASK gg.##-sb.com
- '%TEMP%\crass.exe'
- '<Current directory>\µ¥»ú²âêôµçâ¼æ÷.exe'
- '%WINDIR%\syswow64\reg.exe' delete HKEY_CURRENT_USER\Software\LaoMo3xSoft /F