Technical Information
- Windows Defender
- %APPDATA%\subdir\client.exe
- %APPDATA%\logs\03-28-2022
- 'ip##pi.com':80
- 'localhost':4782
- 'pa########oison.000webhostapp.com':443
- '91.##4.207.16':80
- http://ip##pi.com/json/
- 'pa########oison.000webhostapp.com':443
- DNS ASK ip##pi.com
- DNS ASK pa########oison.000webhostapp.com
- '%APPDATA%\subdir\client.exe'
- '%WINDIR%\syswow64\cmd.exe' /k start /b del /q/f/s %TEMP%\* & exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\vWIc0UdoDjdV.bat" "' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose
- '%WINDIR%\syswow64\cmd.exe' /k start /b del /q/f/s %TEMP%\* & exit
- '%WINDIR%\syswow64\cmd.exe' /K del /q/f/s %TEMP%\*
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\vWIc0UdoDjdV.bat" "
- '%WINDIR%\syswow64\chcp.com' 65001
- '%WINDIR%\syswow64\ping.exe' -n 10 localhost