Technical Information
- '' (downloaded from the Internet)
- %TEMP%\osPfBdxuCuPjKjLD.zip
- %TEMP%\xJwyLN.exe
- '14#.#6.180.164':80
- http://14#.#6.180.164/klono.rtf
- http://14#.#6.180.164/ovo.jpg
- '%TEMP%\xJwyLN.exe' x osPfBdxuCuPjKjLD.zip -pvim123456 -y
- '<SYSTEM32>\cmd.exe' /k c: & cd\ & cd %HOMEPATH%\Local Settings\Temp & xJwyLN.exe x osPfBdxuCuPjKjLD.zip -pvim123456 -y & exit