Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,"%APPDATA%\Explorers64\internets64.exe",'
- msbuild.exe
- %TEMP%\_vzycoeomthsrmvhaqknk.vbs
- %APPDATA%\explorers64\internets64.exe
- %TEMP%\msbuild.exe
- 'google.com':80
- '10#.#7.174.26':5050
- DNS ASK google.com
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\_Vzycoeomthsrmvhaqknk.vbs"
- '%TEMP%\msbuild.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Set-MpPreference -ExclusionPath C:\,'%APPDATA%\Explorers64\internets64.exe'' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Set-MpPreference -ExclusionPath C:\,'%APPDATA%\Explorers64\internets64.exe'