Technical Information
- %WINDIR%\dcon.cmd
- C:\dcontrol.tar.aes
- %WINDIR%\ped.cmd
- %WINDIR%\dcon.cmd
- %WINDIR%\ped.cmd
- 't1.##umcdn.net':443
- 'microsoft.com':80
- 'oc##.#tartssl.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- 't1.##umcdn.net':443
- DNS ASK t1.##umcdn.net
- DNS ASK microsoft.com
- DNS ASK oc##.#tartssl.com
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\dCon.cmd' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\Ped.cmd' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\dCon.cmd
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath "C:\dControl"
- '<SYSTEM32>\cmd.exe' /c del "%WINDIR%\dCon.cmd"
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\Ped.cmd
- '<SYSTEM32>\cmd.exe' /c del "%WINDIR%\Ped.cmd"