Hauri analyzed malware used in the Interpark breach, where a shopping mall employee's PC was compromised through an email attachment sent under the guise of an acquaintance. The sample attempted to hide infection by launching a legitimate screensaver file while copying itself into AppData paths such as Microsoft Office and Internet Explorer compatibility directories. Its persistence and execution flow used an /AUTOSTART argument, mutex creation, and a copied ielowutil.exe component under the user's AppData profile. The malware contained encrypted or embedded socket data for SSL-based command communication with 190.185.124.125:443, 220.132.191.110:443, and 202.137.244.198:443, although those servers were reportedly down during analysis. The report is useful for defenders because it documents the initial social-engineering vector, host artifacts, execution paths, and C2 endpoints associated with the intrusion.