Technical Information
- <SYSTEM32>\tasks\defenderfire
- %APPDATA%\system.exe
- DNS ASK ra#.####ubusercontent.com
- '%APPDATA%\system.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn Defenderfire /tr %APPDATA%\system.exe /sc minute /mo 1' (with hidden window)
- '%APPDATA%\system.exe' ' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /tn Defenderfire /tr %APPDATA%\system.exe /sc minute /mo 1
- '<SYSTEM32>\taskeng.exe' {FA1FE125-5905-4F1D-ACE6-47674208C33B} S-1-5-21-1960123792-2022915161-3775307078-1001:qtapuwrmqv\user:Interactive:[1]
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\dw20.exe' -x -s 1396
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\dw20.exe' -x -s 1408