Technical Information
- <SYSTEM32>\tasks\824911688
- <Drive name for removable media>:\join.realfs0ciety@sigaint.org.fs0ciety.avi
- %CommonProgramFiles%\<File name>.exe
- %CommonProgramFiles%\update.txt
- '%WINDIR%\syswow64\cmd.exe' /c schtasks /create /sc onlogon /tn 824911688 /rl highest /tr C:\PROGRA~2\COMMON~1\<File name>.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c schtasks /create /sc onlogon /tn 824911688 /rl highest /tr C:\PROGRA~2\COMMON~1\<File name>.exe
- '%WINDIR%\syswow64\schtasks.exe' /create /sc onlogon /tn 824911688 /rl highest /tr C:\PROGRA~2\COMMON~1\<File name>.exe