Technical Information
- <SYSTEM32>\tasks\test
- %LOCALAPPDATA%\<File name>.exe
- %LOCALAPPDATA%\<File name>.exe
- 'Lo######46878.portmap.io':3460
- DNS ASK Lo######46878.portmap.io
- '%LOCALAPPDATA%\<File name>.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn "test" /tr "%LOCALAPPDATA%\<File name>.exe"' (with hidden window)
- '%LOCALAPPDATA%\<File name>.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn "test" /tr "%LOCALAPPDATA%\<File name>.exe"
- '<SYSTEM32>\taskeng.exe' {C5B84FC3-BA35-49D9-A8D5-7F176FAFA325} S-1-5-21-1960123792-2022915161-3775307078-1001:byfmkwbxqivt\user:Interactive:[1]