Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'NoBullies' = 'cmd /c "start "NoBullies" "%ProgramFiles%\Microsoft\StopBrandonBully!.exe"'
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "NoBullies" /d "cmd /c """start """NoBullies""" """%ProgramFiles%\Microsoft\StopBrandonBully!.exe"""" /f"
- '<SYSTEM32>\schtasks.exe' /create /tn "NoBullies" /tr "'%ProgramFiles%\Microsoft\StopBrandonBully!.exe' /startup" /sc MINUTE /f /rl highest
- <SYSTEM32>\schtasks.exe
- %APPDATA%\WindowsRecovery\Screenshots\03-27-2017\12.27 AM
- from <Full path to file> to %ProgramFiles%\Microsoft\StopBrandonBully!.exe
- '18#.#1.149.134':6060