Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Gcode.exe' = '<Full path to file>'
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MyProgram' = '<Full path to file>'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "<Current directory>"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "%APPDATA%"
- %APPDATA%\windowscache.bin
- %APPDATA%\windowscache124ghjnkla526842aze.bin
- %APPDATA%\windowscache124aerf526tgc842aze.bin
- '19#.#22.96.225':80
- http://19#.#22.96.225/server/binary/binary/binary/windowscacheblue1452365895opml123/windowscacheblue1452365895opml123website.bin