Technical Information
- <SYSTEM32>\tasks\s03b885dd9
- %APPDATA%\dwm\main.ini
- %APPDATA%\dwm\domain.ini
- %APPDATA%\dwm\irmjzucb.tmp
- %APPDATA%\dwm\irmjzucb.ps1
- '<SYSTEM32>\schtasks.exe' /change /tn GoFast /disable' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /F /create /sc minute /mo 3 /TN "S03B885DD9" /ST 07:00 /TR "wscript /E:vbscript %APPDATA%\dwm\IrMJzuCB.tmp"' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /query /FO CSV /v
- '<SYSTEM32>\schtasks.exe' /change /tn GoFast /disable
- '<SYSTEM32>\schtasks.exe' /F /create /sc minute /mo 3 /TN "S03B885DD9" /ST 07:00 /TR "wscript /E:vbscript %APPDATA%\dwm\IrMJzuCB.tmp"