Technical Information
- <SYSTEM32>\tasks\agp service
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionProcess "<File name>.exe";Add-MpPreference -ExclusionProcess "Windows.exe";Add-MpPreference -ExclusionExtension ".exe";Add-MpPreference -ExclusionPath '%AppData%\Micr...
- %APPDATA%\microsoft\windows\windows.exe
- %APPDATA%\d4602615-9d50-4880-be41-678935e93eaa\run.dat
- %TEMP%\tmpfb7d.tmp
- %APPDATA%\d4602615-9d50-4880-be41-678935e93eaa\task.dat
- %TEMP%\tmpfb7d.tmp
- '19#.#07.126.86':80
- 'sr######0899.duckdns.org':1199
- http://19#.#07.126.86/dashboard/file/joker.exe
- DNS ASK sr######0899.duckdns.org
- DNS ASK sr#####r089.ddns.net
- '%APPDATA%\microsoft\windows\windows.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /f /tn "AGP Service" /xml "%TEMP%\tmpFB7D.tmp"