The trick with this one is that it will delay installation to avoid detection:
It appears to be a Google Translate or mp3 downloader link, and has infected machines across a range of countries, installing crypto-miner malware that steals computer resources to produce cryptocurrency for the hackers.
Of course the machine infected do not need to be running Turkish to be infected, the user only has to click on the link, even if they cannot read it – but of course that would not happen. Except we have had to deal with other foreign language malware infects, in the past, when the user “just clicked on the link”!
Don’t let that happen to you.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Windows malware delays coinminer install by a month to evade detection (bleepingcomputer.com)