Technical Information
- <SYSTEM32>\tasks\apprunlog
- %APPDATA%\3b885d\ltxbhymm2nsqrmez3z9cn4k.ps1
- '<SYSTEM32>\schtasks.exe' /change /tn AI /disable' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /F /create /sc minute /mo 7 /TN "AppRunLog" /ST 03:30 /TR "powershell.exe -ep bypass -win 1 -file %APPDATA%\3B885D\Ltxbhymm2nsqRmEz3z9cn4k.ps1 "' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /change /tn AI /disable
- '<SYSTEM32>\schtasks.exe' /F /create /sc minute /mo 7 /TN "AppRunLog" /ST 03:30 /TR "powershell.exe -ep bypass -win 1 -file %APPDATA%\3B885D\Ltxbhymm2nsqRmEz3z9cn4k.ps1 "