Technical Information
- <SYSTEM32>\tasks\system updater
- C:\users\default\appdata\roaming\updater\system_updater.exe
- %TEMP%\tmp3f9e.tmp.bat
- 'ap#.##legram.org':443
- 'ap#.##legram.org':443
- DNS ASK google.com
- DNS ASK ap#.##legram.org
- 'C:\users\default\appdata\roaming\updater\system_updater.exe'
- '<SYSTEM32>\cmd.exe' /C %TEMP%\tmp3F9E.tmp.bat & Del %TEMP%\tmp3F9E.tmp.bat' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn "System Updater" /tr "C:\Users\Default\AppData\Roaming\Updater\system_updater.exe"' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn "System Updater" /tr "C:\Users\Default\AppData\Roaming\Updater\system_updater.exe"
- '<SYSTEM32>\cmd.exe' /C %TEMP%\tmp3F9E.tmp.bat & Del %TEMP%\tmp3F9E.tmp.bat
- '<SYSTEM32>\tasklist.exe' /fi "PID eq 1540"
- '<SYSTEM32>\find.exe' ":"
- '<SYSTEM32>\timeout.exe' /T 1 /Nobreak