Technical Information
- %APPDATA%\bitaf8.tmp
- %APPDATA%\bitaf8.tmp
- from %APPDATA%\bitaf8.tmp to %APPDATA%\savtandet.bor
- '87.##1.87.44':80
- http://87.##1.87.44/Regularizi.fla
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "dir;Function Strandkan9 ($Mathe){$Anth=5;$Anth++;For($Premie=5; $Premie -lt $Mathe.Length-1; $Premie+=$Anth){$Corty = 'sub' + 'string';$Molybdit=$Mathe.$Corty.Invoke($Premie, 1);$Atompara=$At...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "dir;Function Strandkan9 ($Mathe){$Anth=5;$Anth++;For($Premie=5; $Premie -lt $Mathe.Length-1; $Premie+=$Anth){$Corty = 'sub' + 'string';$Molybdit=$Mathe.$Corty.Invoke($Premie, 1);$Atompara=$At...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "dir;Function Strandkan9 ($Mathe){$Anth=5;$Anth++;For($Premie=5; $Premie -lt $Mathe.Length-1; $Premie+=$Anth){$Corty = 'sub' + 'string';$Molybdit=$Mathe.$Corty.Invoke($Premie, 1);$Atompara=$At...