Technical Information
- <SYSTEM32>\tasks\<File name>
- %APPDATA%\<File name>.exe
- '82.##5.243.236':1234
- 'st####.gofile.io':443
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- '82.##5.243.236':1234
- 'st####.gofile.io':443
- DNS ASK st####.gofile.io
- DNS ASK microsoft.com
- '%APPDATA%\<File name>.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Start-Sleep -Seconds 3; Set-MpPreference -ExclusionPath C:\' (with hidden window)
- '%APPDATA%\<File name>.exe' ' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Start-Sleep -Seconds 3; Set-MpPreference -ExclusionPath C:\
- '<SYSTEM32>\taskeng.exe' {1337ABF9-1E6F-4BAB-96F0-97ECB35D09BD} S-1-5-21-1960123792-2022915161-3775307078-1001:udrfyh\user:Interactive:[1]