Technical Information
- <SYSTEM32>\tasks\opener
- <SYSTEM32>\opener.exe
- 'te########ayyos.000webhostapp.com':443
- 'microsoft.com':80
- 'cd#.##scordapp.com':443
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'te########ayyos.000webhostapp.com':443
- 'cd#.##scordapp.com':443
- DNS ASK te########ayyos.000webhostapp.com
- DNS ASK microsoft.com
- DNS ASK cd#.##scordapp.com
- '<SYSTEM32>\cmd.exe' /c powershell -Command Add-MpPreference -ExclusionPath C:\
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath C:\
- '<SYSTEM32>\cmd.exe' /c powershell -Command Add-MpPreference -ExclusionPath \\localhost\C$\Windows\System32
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath \\localhost\C$\Windows\System32
- '<SYSTEM32>\cmd.exe' /c powershell -Command Add-MpPreference -ExclusionPath \\localhost\C$\
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath \\localhost\C$\
- '<SYSTEM32>\cmd.exe' /c schtasks /create /tn opener /tr <SYSTEM32>\opener.exe /sc ONLOGON
- '<SYSTEM32>\schtasks.exe' /create /tn opener /tr <SYSTEM32>\opener.exe /sc ONLOGON