Technical Information
- %APPDATA%\lanceur.vbs
- %APPDATA%\txt.txt
- 'ap#.##legram.org':443
- DNS ASK ap#.##legram.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' schtasks /create /sc minute /mo 1 /tn kawad /tr %APPDATA%\Lanceur.vbs
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Lanceur.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' schtasks /create /sc minute /mo 1 /tn kawad /tr %APPDATA%\Lanceur.vbs' (with hidden window)
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Lanceur.vbs"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' ' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn kawad /tr %APPDATA%\Lanceur.vbs
- '<SYSTEM32>\taskeng.exe' {17AE5686-44DC-4141-9C09-DEBABE79D2EC} S-1-5-21-1960123792-2022915161-3775307078-1001:pbswdmso\user:Interactive:[1]
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe'