Technical Information
- '%APPDATA%\microsoft\windows\templates\465292.dat'
- %APPDATA%\microsoft\windows\templates\465292.dat
- <SYSTEM32>\promo.png
- %TEMP%\get-content.ps1
- %TEMP%\ready.ps1
- 'go####tk.beget.tech':80
- DNS ASK go####tk.beget.tech
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ep bypass & '%TEMP%\\ready.ps1'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -s -NoLogo -NoProfile