Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionExtension .exe
- %WINDIR%\syswow64\mservice.exe
- 'gi##ub.com':443
- '91.##.247.21':80
- '91.##.247.21':8405
- http://91.##.247.21/Props.exe
- 'gi##ub.com':443
- DNS ASK gi##ub.com
- '%WINDIR%\syswow64\mservice.exe'
- '%WINDIR%\syswow64\mservice.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c powershell Add-MpPreference -ExclusionExtension .exe