Technical Information
- http://ca#####esothelioma.xyz/z/abrir.exe as %temp%\abrir_aqui.exe
- %TEMP%\880o1mov.bat
- %TEMP%\880o1mov.bat
- %TEMP%\880o1mov.bat
- http://ca#####esothelioma.xyz/z/ABRIR.exe
- DNS ASK ca#####esothelioma.xyz
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\880O1MOV.bat" "<Full path to file>" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\880O1MOV.bat" "<Full path to file>" "
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\Abrir_aQUI.exe