Technical Information
- %APPDATA%\ftmkp\btmppho
- %ALLUSERSPROFILE%\ftmkp\btmppho
- %ProgramFiles(x86)%\gertufrostfnisetup\gertudfrost.exe
- %TEMP%\nsbd394.tmp
- %TEMP%\nsrd3f3.tmp\langdll.dll
- %APPDATA%\ftmkp\btmppho
- %ALLUSERSPROFILE%\ftmkp\btmppho
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK al####tstudio.com
- DNS ASK microsoft.com
- '%ProgramFiles(x86)%\gertufrostfnisetup\gertudfrost.exe' 53058900021215 g66R6iuOJ1yOssYZW4brWyNqGV16qyQaPX+9eddiCqS7Zvet62jWindymJRQti3JXnq/DjdvGLIejVHkou/liunDXtB+Xeko/kj71ytyl+/hXIJdRV6YrjYHszIwH06r ycjc1v5tHNB6D+dlRxAMkAmGfkbYcwPJ2SfBAl3gvf6Agr83d...
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' 5
- '%WINDIR%\syswow64\cmd.exe' /d /c del /f /q "<Full path to file>"