Major Characteristics : - Create a fake "Windows Update" message - Modifies Windows Host file (C:\Windows\System32\drivers\etc\hosts) to block security web sites. - Disable and Blocks Task Manager (DisableTaskmgr) - Disable Windows Defender (Set-MpPreference -DisableRealtimeMonitoring $true, "C:\Program Files\Windows Defender\mpcmdrun.exe" -removedefinitions -all) - Reruns by adding "Time Trigger Task" in Task Scheduler to run "%LocalAppData%\<Random>-<Random>-<Random>-<Random>-<Random>\<Random>.exe --Task" for every 5 minutes. - Generates additional AZORult malware (Info stealer)