Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath 'C:\'
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1238866942-1249195528-555854008-1000\83aa4cc77f591dfc2374580bbd95f6ba_d4602615-9d50-4880-be41-678935e93eaa
- %TEMP%\5d57942ed32c09e721562d8d50fa6b4f.bat
- %TEMP%\veryvarietypro.zip
- %TEMP%\veryvarietypro\veryvarietypro.exe
- %TEMP%\ixp000.tmp\veryvariety.exe
- %TEMP%\ixp000.tmp\veryvariiety.exe
- http://18#.#5.105.101/protect/veryvarietypro.zip
- '%TEMP%\veryvarietypro\veryvarietypro.exe'
- '%TEMP%\ixp000.tmp\veryvariety.exe'
- '%TEMP%\veryvarietypro\veryvarietypro.exe' ' (with hidden window)
- '%TEMP%\ixp000.tmp\veryvariety.exe' ' (with hidden window)
- '%ProgramFiles%\java\jre1.8.0_45\bin\javaw.exe' -Dfile.encoding=UTF-8 -classpath "<Full path to file>" org.develnext.jphp.ext.javafx.FXLauncher
- '<SYSTEM32>\cmd.exe' /c %TEMP%\5d57942ed32c09e721562d8d50fa6b4f.bat
- '%WINDIR%\explorer.exe' %TEMP%\veryvarietypro\veryvarietypro.exe