Technical Information
- <SYSTEM32>\tasks\wasa
- %PROGRAMDATA%\updata\filesys32.exe
- 'ff#.#ingspy.ml':5555
- DNS ASK ff#.#ingspy.ml
- '%WINDIR%\syswow64\cmd.exe' /c schtasks /Create /SC MINUTE /MO 2 /tn wasa /tr '%ProgramData%\updata\FileSys32.exe' /ec system
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 2 /tn wasa /tr '%PROGRAMDATA%\updata\FileSys32.exe' /ec system