Technical Information
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "%APPDATA%"
- %APPDATA%\windows media services\hostcheck.exe
- %TEMP%\windowscacheload.bin
- %APPDATA%\windows media services\windowscache1ddcsffdvdf24526842aze.bin
- %APPDATA%\windows media services\windowscache124526fvdfvdftgc842aze.bin
- '45.##8.244.112':80
- http://45.##8.244.112/server/blueloqder.bin
- '%WINDIR%\syswow64\cmd.exe' /c mklink "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\hostcheck.exe.lnk" "<Full path to file>"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Start-Process "%APPDATA%\Windows Media Services\hostcheck.exe"