Technical Information
- <SYSTEM32>\tasks\home lan application
- <SYSTEM32>\svchost.exe
- %PROGRAMDATA%\نللوةحني.exe
- %PROGRAMDATA%\أمههطهيمه.exe
- nul
- %APPDATA%\homelan\نللوةحني.exe
- %APPDATA%\homelan\settings.ini
- %PROGRAMDATA%\نللوةحني.exe
- '94.##3.91.61':443
- '%PROGRAMDATA%\نللوةحني.exe'
- '%APPDATA%\homelan\نللوةحني.exe'
- '%PROGRAMDATA%\نللوةحني.exe' ' (with hidden window)
- '<SYSTEM32>\svchost.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' PowerShell "$f='%PROGRAMDATA%\نللوةحني.exe';DO{Remove-Item -Force $f;$d=Test-Path $f }While($d)"' (with hidden window)
- '%APPDATA%\homelan\نللوةحني.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\ping.exe' 1.1.1.1 -n 1 -w 3000
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\cmd.exe' PowerShell "$f='%PROGRAMDATA%\نللوةحني.exe';DO{Remove-Item -Force $f;$d=Test-Path $f }While($d)"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "$f='%PROGRAMDATA%\نللوةحني.exe';DO{Remove-Item -Force $f;$d=Test-Path $f }While($d)"