Technical Information
- <SYSTEM32>\tasks\update
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- 'pa###bin.com':443
- '0.###.eu.ngrok.io':13696
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- DNS ASK 0.###.eu.ngrok.io
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\schtasks.exe' /run /TN Update' (with hidden window)
- '<SYSTEM32>\svchost.exe' ' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /run /TN Update
- '<SYSTEM32>\taskeng.exe' {6BD32917-99E9-4DB1-A0A8-AA42DFA78FB2} S-1-5-21-1960123792-2022915161-3775307078-1001:nirugwin\user:Interactive:[1]