Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<File name>.exe' = '<Full path to file>'
- <Full path to file>
- 'ip#####.#hatismyipaddress.com':443
- 'microsoft.com':80
- 'ip#####.#hatismyipaddress.com':443
- DNS ASK ip#####.#hatismyipaddress.com
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "<Full path to file>"