Technical Information
- https://codeload.github.com/satcomx00-x00/framewokdeployment/zip/master as c:\users\default\appdata\local\microsoft\microsoftframeworkdeployment.zip
- %TEMP%\9179.tmp\9189.tmp\918a.bat
- %APPDATA%\kernel.dat
- %APPDATA%\service.dll
- %APPDATA%\config_xmr.ini
- %APPDATA%\microsoftframeworkdeployment.exe
- %APPDATA%\flare_client.exe
- 'co####ad.github.com':443
- DNS ASK co####ad.github.com
- '%APPDATA%\microsoftframeworkdeployment.exe' %APPDATA%/config_xmr.ini
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\9179.tmp\9189.tmp\918A.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\9179.tmp\9189.tmp\918A.bat <Full path to file>"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "%APPDATA%/MicrosoftFrameworkDeployment.exe %APPDATA%/config_xmr.ini"
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%APPDATA%\microsoftframeworkdepl...