Technical Information
- <SYSTEM32>\tasks\t6dio59nvrmex8mlli6sgujqq5powkg0umx.exe
- <SYSTEM32>\tasks\limerat-admin
- %APPDATA%\t6dio59nvrmex8mlli6sgujqq5powkg0umx.exe
- %TEMP%\wservices.exe
- 'pa##e.ee':443
- DNS ASK pa##e.ee
- '%APPDATA%\t6dio59nvrmex8mlli6sgujqq5powkg0umx.exe'
- '%TEMP%\wservices.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn t6DIO59NvRMEX8MlLI6sGUjQq5pOwkg0UmX.exe /tr %APPDATA%\t6DIO59NvRMEX8MlLI6sGUjQq5pOwkg0UmX.exe' (with hidden window)
- '%APPDATA%\t6dio59nvrmex8mlli6sgujqq5powkg0umx.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%TEMP%\Wservices.exe'"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn t6DIO59NvRMEX8MlLI6sGUjQq5pOwkg0UmX.exe /tr %APPDATA%\t6DIO59NvRMEX8MlLI6sGUjQq5pOwkg0UmX.exe
- '<SYSTEM32>\taskeng.exe' {00C7441C-A0EC-4F81-BF4B-8E57F362B509} S-1-5-21-1960123792-2022915161-3775307078-1001:gcvpmpcxvnm\user:Interactive:[1]
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%TEMP%\Wservices.exe'"