Technical Information
- '' (downloaded from the Internet)
- %TEMP%\PHbwNzloy.zip
- %TEMP%\tABvhDAk.exe
- 'so###eosas.com':80
- http://so###eosas.com/clavados/img/ask/postuy.rtf
- http://so###eosas.com/clavados/img/ask/ovo.jpg
- DNS ASK so###eosas.com
- '%TEMP%\tABvhDAk.exe' x PHbwNzloy.zip -pvim123456 -y
- '<SYSTEM32>\cmd.exe' /k c: & cd\ & cd %HOMEPATH%\Local Settings\Temp & tABvhDAk.exe x PHbwNzloy.zip -pvim123456 -y & exit