Technical Information
- '<SYSTEM32>\notepad.exe' "%APPDATA%\in_faith_not.txt"
- '<SYSTEM32>\wbem\wmic.exe'
- %APPDATA%\in_faith_not.txt
- from %APPDATA%\in_faith_not.txt to %APPDATA%\in_faith_not.xsl
- ClassName: 'notepad' WindowName: ''
- ClassName: 'edit' WindowName: ''
- ClassName: 'consolewindowclass' WindowName: ''
- '<SYSTEM32>\notepad.exe' "%APPDATA%\in_faith_not.txt"' (with hidden window)
- '<SYSTEM32>\wbem\wmic.exe' ' (with hidden window)