Technical Information
- <SYSTEM32>\tasks\ntkernel
- <Full path to file>
- 'pa###bin.com':443
- '2.###.eu.ngrok.io':15580
- DNS ASK pa###bin.com
- DNS ASK 2.###.eu.ngrok.io
- '<SYSTEM32>\schtasks.exe' /Create /TN NTKernel /TR <Full path to file> /RL HIGHEST /SC ONSTART /RU SYSTEM /f' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "attrib +S +H +I ."' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "attrib +S +H +I <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' "/c " systeminfo' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /Create /TN NTKernel /TR <Full path to file> /RL HIGHEST /SC ONSTART /RU SYSTEM /f
- '<SYSTEM32>\cmd.exe' /c "attrib +S +H +I ."
- '<SYSTEM32>\attrib.exe' +S +H +I .
- '<SYSTEM32>\cmd.exe' /c "attrib +S +H +I <Full path to file>"
- '<SYSTEM32>\attrib.exe' +S +H +I <Full path to file>
- '<SYSTEM32>\cmd.exe' "/c " systeminfo
- '<SYSTEM32>\systeminfo.exe'