Technical Information
- <SYSTEM32>\tasks\update
- %HOMEPATH%\desktop\svcshosts.exe
- %APPDATA%\xfproject\xfproject.exe
- %APPDATA%\logs\08-31-2021
- 'ip##pi.com':80
- '34.##5.181.207':54984
- http://ip##pi.com/json/
- DNS ASK ip##pi.com
- '%HOMEPATH%\desktop\svcshosts.exe'
- '%APPDATA%\xfproject\xfproject.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "Update" /sc ONLOGON /tr "%HOMEPATH%\Desktop\svcshosts.exe" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "Update" /sc ONLOGON /tr "%APPDATA%\XFProject\xfproject.exe" /rl HIGHEST /f