Technical Information
- <SYSTEM32>\tasks\systems.exe
- <Current directory>:{32005400-6100-6e00-5000-5a0074007300}
- <Current directory>:{61004800-4100-6e00-4b00-4e0050005700}
- %ALLUSERSPROFILE%\isolated storage\{61004800-4100-6e00-4b00-4e0050005700}
- %APPDATA%\java\java.exe
- %APPDATA%\java:{32005400-6100-6e00-5000-5a0074007300}
- %ALLUSERSPROFILE%\isolated storage\{32005400-6100-6e00-5000-5a0074007300}
- %APPDATA%\java:{61004800-4100-6e00-4b00-4e0050005700}
- %APPDATA%\logs\09-14-2020
- '92.##.199.157':6464
- http://ip##pi.com/json/
- DNS ASK ip##pi.com
- '%APPDATA%\java\java.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "systems.exe" /sc ONLOGON /tr "<Full path to file>" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "systems.exe" /sc ONLOGON /tr "%APPDATA%\Java\Java.exe" /rl HIGHEST /f