Technical Information
- <SYSTEM32>\tasks\<File name>
- %APPDATA%\<File name>.exe
- '17#.#24.215.147':33245
- 'gi##ub.com':443
- 'ra#.####ubusercontent.com':443
- '17#.#24.215.147':33245
- 'gi##ub.com':443
- 'ra#.####ubusercontent.com':443
- DNS ASK gi##ub.com
- DNS ASK ra#.####ubusercontent.com
- '%APPDATA%\<File name>.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Start-Sleep -Seconds 3; Set-MpPreference -ExclusionPath C:\' (with hidden window)
- '%APPDATA%\<File name>.exe' ' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Start-Sleep -Seconds 3; Set-MpPreference -ExclusionPath C:\
- '<SYSTEM32>\taskeng.exe' {C6B19634-ED43-496E-B446-15D8AB1EE85B} S-1-5-21-1960123792-2022915161-3775307078-1001:enhevzklyuu\user:Interactive:[1]