Technical Information
- <SYSTEM32>\tasks\windows service
- %APPDATA%\windows folder\windows service.exe
- %APPDATA%\windows folder\windows service.exe
- 'yo###ite.com':80
- http://yo###ite.com/x64.exe
- DNS ASK yo###ite.com
- ClassName: '' WindowName: 'Task Manager'
- ClassName: '' WindowName: 'Диспетчер задач'
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "Windows Service" /tr "%APPDATA%\Windows Folder\Windows Service.exe" /f' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "Windows Service" /tr "%APPDATA%\Windows Folder\Windows Service.exe" /f
- '<SYSTEM32>\taskeng.exe' {79E2AAEA-2F31-4F8E-A6A4-803C0F1F7165} S-1-5-21-1238866942-1249195528-555854008-1000:kmgrjsfy\user:Interactive:[1]