Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- 'cd#.##scordapp.com':443
- 'dd####st1.ddns.net':443
- 'cd#.##scordapp.com':443
- 'dd####st1.ddns.net':443
- DNS ASK cd#.##scordapp.com
- DNS ASK dd####st1.ddns.net
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\