Technical Information
- <SYSTEM32>\installerservice.exe
- <SYSTEM32>\disupd.ps1
- unc\zzhkhjh*\mailslot\net\netlogon
- <SYSTEM32>\sys.dll
- <SYSTEM32>\disupd.ps1
- 'gi##ub.com':443
- 'ra#.####ubusercontent.com':443
- DNS ASK gi##ub.com
- DNS ASK ra#.####ubusercontent.com
- '<SYSTEM32>\installerservice.exe' <Full path to file>
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -ExecutionPolicy unrestricted -file "<SYSTEM32>\disupd.ps1"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -ExecutionPolicy unrestricted -file "<SYSTEM32>\disupd.ps1"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath <SYSTEM32>, <SYSTEM32>' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath <SYSTEM32>, <SYSTEM32>
- '<SYSTEM32>\mstsc.exe'
- '<SYSTEM32>\sc.exe' config wuauserv start=disabled
- '<SYSTEM32>\sc.exe' query wuauserv
- '<SYSTEM32>\sc.exe' stop wuauserv
- '<SYSTEM32>\reg.exe' QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv / v Start