Technical Information
- %TEMP%\b671.tmp\b681.tmp\b682.ps1
- %TEMP%\1960879569\1960879569.exe
- %TEMP%\b671.tmp\b681.tmp\b682.ps1
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK 0.###.ngrok.io
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' –NoProfile -ExecutionPolicy Bypass -File %TEMP%\B671.tmp\B681.tmp\B682.ps1
- '%TEMP%\1960879569\1960879569.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' –NoProfile -ExecutionPolicy Bypass -File %TEMP%\B671.tmp\B681.tmp\B682.ps1' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "powershell -Command Add-MpPreference -ExclusionPath " C:\
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath C:\