Technical Information
- <SYSTEM32>\tasks\nafifas
- firefox.exe
- %TEMP%\firefox\firefox.exe
- %APPDATA%\remcos\logs.dat
- 'ol####ries.ddns.net':1515
- DNS ASK ol####ries.ddns.net
- '%TEMP%\firefox\firefox.exe'
- '%TEMP%\firefox\firefox.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'%TEMP%\firefox\firefox.exe'" /f
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn "Nafifas" /tr "'%TEMP%\firefox\firefox.exe'" /f
- '%WINDIR%\syswow64\cmd.exe' /C copy "<Full path to file>" "%TEMP%\firefox\firefox.exe"
- '<SYSTEM32>\taskeng.exe' {A9EDA5F0-D521-4E5E-90ED-A41A6674DE09} S-1-5-21-1960123792-2022915161-3775307078-1001:fzkwxdzgbsd\user:Interactive:[1]
- '%WINDIR%\syswow64\cmd.exe' /C copy "%TEMP%\firefox\firefox.exe" "%TEMP%\firefox\firefox.exe"