Technical Information
- %TEMP%\gamesense.exe
- %TEMP%\client.exe
- '8.###.ngrok.io':11602
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- '8.###.ngrok.io':11602
- DNS ASK 8.###.ngrok.io
- DNS ASK microsoft.com
- '%TEMP%\gamesense.exe'
- '%TEMP%\client.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' $file='<Full path to file>';for($i=1;$i -le 600 -and (Test-Path $file -PathType leaf);$i++){Remove-Item $file;Start-Sleep -m 100}' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' $file='<Full path to file>';for($i=1;$i -le 600 -and (Test-Path $file -PathType leaf);$i++){Remove-Item $file;Start-Sleep -m 100}