Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\lmd.exe
- C:\users\public\downloads\iran.pdf
- 'cy###club.one':80
- http://cy###club.one/Iran.pdf
- http://cy###club.one/lmd.exe
- DNS ASK cy###club.one
- '%APPDATA%\microsoft\windows\start menu\programs\startup\lmd.exe'
- '<SYSTEM32>\cmd.exe' /C C:\users\Public\Downloads\Iran.pdf
- '%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe' "C:\users\Public\Downloads\Iran.pdf"
- '<SYSTEM32>\cmd.exe' /C "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\lmd.exe"