Technical Information
- %ProgramFiles(x86)%\thinkingappszzinstall\thinkingaapp.exe
- %TEMP%\is-5lm2s.tmp\thinkingaapp.tmp
- 'fa####destore.com':443
- 'microsoft.com':80
- 'fa####destore.com':443
- DNS ASK fa####destore.com
- DNS ASK microsoft.com
- DNS ASK st####.rapidssl.com
- '%ProgramFiles(x86)%\thinkingappszzinstall\thinkingaapp.exe'
- '%TEMP%\is-5lm2s.tmp\thinkingaapp.tmp' /SL5="$E0234,28665901,295936,%ProgramFiles(x86)%\ThinkingAppszzInstall\ThinkingaApp.exe"
- '%WINDIR%\syswow64\cmd.exe' /c sc query NPF | FIND /C "RUNNING"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c sc query npcap | FIND /C "RUNNING"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c sc query NPF | FIND /C "RUNNING"
- '%WINDIR%\syswow64\sc.exe' query NPF
- '%WINDIR%\syswow64\find.exe' /C "RUNNING"
- '%WINDIR%\syswow64\cmd.exe' /c sc query npcap | FIND /C "RUNNING"
- '%WINDIR%\syswow64\sc.exe' query npcap
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' 5
- '%WINDIR%\syswow64\cmd.exe' /d /c del /f /q "<Full path to file>"