b0nkerz.com(buterfly bot)

windows-pc-defender.com     208.73.210.48
1-microsoft.com     208.73.210.48
b0nkerz.com     208.73.210.48
UDP Connections
Remote IP Address: 208.73.210.48 Port: 7006
Send Datagram: packet(s) of size 7
Recv Datagram: 1862 packet(s) of size 0
Remote IP Address: 208.73.210.48 Port: 7006
Send Datagram: packet(s) of size 7
Recv Datagram: 1825 packet(s) of size 0
Remote IP Address: 208.73.210.48 Port: 7006
Send Datagram: packet(s) of size 7
Recv Datagram: 1867 packet(s) of size 0
Remote IP Address: 208.73.210.48 Port: 7006
Send Datagram: packet(s) of size 7
Recv Datagram: 1079 packet(s) of size 0

File Changes by all processes
New Files     C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054Desktop.ini
C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054wmiprvse.exe
C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054wmiprvse.exe
C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054Desktop.ini
.pipeWODituswt
DeviceRasAcd
Opened Files     .PIPElsarpc
Deleted Files   
Chronological Order     Set File Attributes: C:RECYCLER Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Set File Attributes: C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054 Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create File: C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054Desktop.ini
Copy File: c:bot.exe to C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054wmiprvse.exe
Set File Attributes: C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054wmiprvse.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create/Open File: C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054wmiprvse.exe (OPEN_ALWAYS)
Create/Open File: C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054Desktop.ini (OPEN_ALWAYS)
Create NamedPipe: .pipeWODituswt
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Open File: .PIPElsarpc (OPEN_EXISTING)