Technical Information
- Windows Defender
- %APPDATA%\subdir\winuso.exe
- %APPDATA%\logs\08-10-2021
- 'ip##pi.com':80
- 'localhost':4782
- 'pa########oison.000webhostapp.com':443
- '91.##4.207.16':80
- 'pa########oison.000webhostapp.com':443
- DNS ASK ip##pi.com
- DNS ASK pa########oison.000webhostapp.com
- '%APPDATA%\subdir\winuso.exe'
- '%WINDIR%\syswow64\cmd.exe' /k start /b del /q/f/s %TEMP%\* & exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\F8bo3BA5Ma6l.bat" "' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose
- '%WINDIR%\syswow64\cmd.exe' /k start /b del /q/f/s %TEMP%\* & exit
- '%WINDIR%\syswow64\cmd.exe' /K del /q/f/s %TEMP%\*
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\F8bo3BA5Ma6l.bat" "
- '%WINDIR%\syswow64\chcp.com' 65001
- '%WINDIR%\syswow64\ping.exe' -n 10 localhost