Technical Information
- <SYSTEM32>\tasks\chrome update
- C:\users\toxiceye\rat.exe
- %TEMP%\tmpc89b.tmp.bat
- 'ap#.##legram.org':443
- 'ap#.##legram.org':443
- DNS ASK google.com
- DNS ASK ap#.##legram.org
- 'C:\users\toxiceye\rat.exe'
- '<SYSTEM32>\cmd.exe' /C %TEMP%\tmpC89B.tmp.bat & Del %TEMP%\tmpC89B.tmp.bat' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
- '<SYSTEM32>\cmd.exe' /C %TEMP%\tmpC89B.tmp.bat & Del %TEMP%\tmpC89B.tmp.bat
- '<SYSTEM32>\tasklist.exe' /fi "PID eq 2456"
- '<SYSTEM32>\find.exe' ":"
- '<SYSTEM32>\timeout.exe' /T 1 /Nobreak