Technical Information
- <SYSTEM32>\tasks\windows network
- Windows Defender
- <SYSTEM32>\svchost.exe
- %APPDATA%\wnetwork\fjgxltr.exe
- %APPDATA%\wnetwork\settings.ini
- http://wt###myip.com/text
- DNS ASK wt###myip.com
- '%APPDATA%\wnetwork\fjgxltr.exe'
- '%WINDIR%\syswow64\cmd.exe' sc stop WinDefend' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' sc delete WinDefend' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' powershell Set-MpPreference -DisableRealtimeMonitoring $true' (with hidden window)
- '%APPDATA%\wnetwork\fjgxltr.exe' ' (with hidden window)
- '<SYSTEM32>\svchost.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' sc stop WinDefend
- '%WINDIR%\syswow64\cmd.exe' sc delete WinDefend
- '%WINDIR%\syswow64\cmd.exe' powershell Set-MpPreference -DisableRealtimeMonitoring $true
- '%WINDIR%\syswow64\sc.exe' delete WinDefend
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Set-MpPreference -DisableRealtimeMonitoring $true
- '%WINDIR%\syswow64\sc.exe' stop WinDefend
- '<SYSTEM32>\svchost.exe'