Technical Information
- vido.com
- %TEMP%\bitbf89.tmp
- %TEMP%\bitbf8a.tmp
- %TEMP%\bitbf8b.tmp
- %TEMP%\po34p
- %TEMP%\bitbf89.tmp
- %TEMP%\bitbf8a.tmp
- %TEMP%\bitbf8b.tmp
- from %TEMP%\bitbf89.tmp to %TEMP%\vido.com
- from %TEMP%\bitbf8a.tmp to %TEMP%\sfera
- from %TEMP%\bitbf8b.tmp to %TEMP%\jabwv.com
- 'ge###ox-bg.site':80
- http://ge###ox-bg.site/Refjh.dat
- http://ge###ox-bg.site/GrteJ.dat
- http://ge###ox-bg.site/JabWV.dat
- DNS ASK ge###ox-bg.site
- '%TEMP%\vido.com' po34p
- '<SYSTEM32>\certutil.exe' -decode sfera po34p