Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\taskrun.vbs
- <SYSTEM32>\tasks\cs update
- 'cs#######ics.000webhostapp.com':443
- 'microsoft.com':80
- 'up####.strong-host.de':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://up####.strong-host.de/update_static.vbs?0.#######
- 'cs#######ics.000webhostapp.com':443
- DNS ASK google.com
- DNS ASK cs#######ics.000webhostapp.com
- DNS ASK microsoft.com
- DNS ASK up####.strong-host.de
- '<SYSTEM32>\ping.exe' -n 1 -w 300 google.com' (with hidden window)
- '<SYSTEM32>\ping.exe' -n 1 -w 300 google.com
- '<SYSTEM32>\schtasks.exe' /create /f /tn "CS Update" /tr "cscript \"%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\taskrun.vbs\"" /sc once /st 05:20