Technical Information
- <SYSTEM32>\tasks\avast security
- %APPDATA%\telegram desktop\avast security.exe
- %TEMP%\tmp9626.vbs
- %APPDATA%\telegram desktop\avast security.exe
- %TEMP%\tmp9626.vbs
- '62.##4.41.141':27941
- http://62.###.41.141:27941/i via 62.##4.41.141
- '%APPDATA%\telegram desktop\avast security.exe'
- '<SYSTEM32>\cscript.exe' //nologo "%TEMP%\tmp9626.vbs"
- '<SYSTEM32>\cmd.exe' /c "%APPDATA%\Telegram Desktop\Avast security.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c @echo off & echo const TriggerTypeLogon=9 : const ActionTypeExecutable=0 : const TASK_LOGON_INTERACTIVE_TOKEN=3 : const createOrUpdateTask=6 : Set service=CreateObject("Schedule.Service") : ...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%APPDATA%\Telegram Desktop\Avast security.exe"
- '<SYSTEM32>\cmd.exe' /c @echo off & echo const TriggerTypeLogon=9 : const ActionTypeExecutable=0 : const TASK_LOGON_INTERACTIVE_TOKEN=3 : const createOrUpdateTask=6 : Set service=CreateObject("Schedule.Service") : ...