Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'caracciolo' = '"%ProgramFiles%\Satterthwaite\bertold.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'bodybuilding' = '"<Full path to file>"'
- '<SYSTEM32>\find.exe' /I "bertold.exe"
- '<SYSTEM32>\tasklist.exe' /NH /FI "IMAGENAME eq bertold.exe"
- '<SYSTEM32>\cmd.exe' /C <SYSTEM32>\tasklist /NH /FI "IMAGENAME eq bertold.exe" | <SYSTEM32>\find /I "bertold.exe"
- %TEMP%\nst2.tmp\ExecCmd.dll