Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Add-MpPreference -ExclusionPath '%HOMEPATH%\Downloads\explorer3.exe'"
- %HOMEPATH%\downloads\explorer3.exe
- %HOMEPATH%\downloads\explorer3.exe
- 'tu####system.com':443
- 'pk#.goog':80
- http://pk#.goog/gsr1/gsr1.crt
- 'tu####system.com':443
- '34.##0.144.191':443
- DNS ASK tu####system.com
- DNS ASK pk#.goog
- '%HOMEPATH%\downloads\explorer3.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Add-MpPreference -ExclusionPath '%HOMEPATH%\Downloads\explorer3.exe'"' (with hidden window)
- '<SYSTEM32>\searchprotocolhost.exe' Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "%...
- '<SYSTEM32>\searchfilterhost.exe' 0 516 520 528 65536 524