Technical Information
- <SYSTEM32>\taskhost.exe
- nul
- 'ap##3.com':80
- http://www.ap##3.com/index/api/ma2u3xn
- DNS ASK ap##3.com
- '<SYSTEM32>\taskhost.exe' Hollowed' (with hidden window)
- '<SYSTEM32>\cmd.exe' cmd /c ping 127.0.0.1 -n 1 > nul & del "<Full path to file>"' (with hidden window)
- '<SYSTEM32>\taskhost.exe' Hollowed
- '<SYSTEM32>\cmd.exe' cmd /c ping 127.0.0.1 -n 1 > nul & del "<Full path to file>"
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 1