Technical Information
- <SYSTEM32>\tasks\t6dio59nvrmex8mlli6sgujqq5powkg0umx.exe
- <SYSTEM32>\tasks\limerat-admin
- %APPDATA%\t6dio59nvrmex8mlli6sgujqq5powkg0umx.exe
- %TEMP%\wservices.exe
- 'pa##e.ee':443
- 'pa###bin.com':443
- DNS ASK pa##e.ee
- DNS ASK pa###bin.com
- '%APPDATA%\t6dio59nvrmex8mlli6sgujqq5powkg0umx.exe'
- '%TEMP%\wservices.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn t6DIO59NvRMEX8MlLI6sGUjQq5pOwkg0UmX.exe /tr %APPDATA%\t6DIO59NvRMEX8MlLI6sGUjQq5pOwkg0UmX.exe' (with hidden window)
- '%APPDATA%\t6dio59nvrmex8mlli6sgujqq5powkg0umx.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%TEMP%\Wservices.exe'"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn t6DIO59NvRMEX8MlLI6sGUjQq5pOwkg0UmX.exe /tr %APPDATA%\t6DIO59NvRMEX8MlLI6sGUjQq5pOwkg0UmX.exe
- '<SYSTEM32>\taskeng.exe' {9130EEEC-F4B0-4CB0-B631-8AD1270BD0E0} S-1-5-21-1960123792-2022915161-3775307078-1001:xtrxssky\user:Interactive:[1]
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%TEMP%\Wservices.exe'"