Technical Information
- '%TEMP%\8gchtlt51ek9i.exe'
- %TEMP%\fuck.bat
- %TEMP%\8gchtlt51ek9i.exe
- http://wr#####gsandbows.co.uk/nb3hds
- DNS ASK wr#####gsandbows.co.uk
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\fuck.bat" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\fuck.bat" "