Technical Information
- <SYSTEM32>\tasks\googleupdate
- '34.##5.85.231':80
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted C:\Users\Public\Music\Untitled.ps1
- '<SYSTEM32>\attrib.exe' +h "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\SecurityHealth.exe.manifest"
- '<SYSTEM32>\schtasks.exe' /create /tn GoogleUpdate /sc minute /st 00:10 /tr C:\Users\Public\Music\SecurityHealth.exe
- '<SYSTEM32>\taskeng.exe' {5F123587-1581-47AC-BE79-7B6541B7F5A3} S-1-5-21-1960123792-2022915161-3775307078-1001:yyrdwh\user:Interactive:[1]