Technical Information
- '' (downloaded from the Internet)
- %TEMP%\NmOkhWkhbReVq.zip
- %TEMP%\sePgrAGlMKzy.exe
- '14#.#6.180.164':80
- http://14#.#6.180.164/curjo.rtf
- http://14#.#6.180.164/ovo.jpg
- '%TEMP%\sePgrAGlMKzy.exe' x NmOkhWkhbReVq.zip -pvim123456 -y
- '<SYSTEM32>\cmd.exe' /k c: & cd\ & cd %HOMEPATH%\Local Settings\Temp & sePgrAGlMKzy.exe x NmOkhWkhbReVq.zip -pvim123456 -y & exit