Technical Information
- <SYSTEM32>\tasks\systemto
- %APPDATA%\systemto
- DNS ASK pa##e.ee
- '%APPDATA%\systemto'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn SystemTO /tr %APPDATA%\SystemTO' (with hidden window)
- '%APPDATA%\systemto' ' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn SystemTO /tr %APPDATA%\SystemTO
- '<SYSTEM32>\taskeng.exe' {57C829F3-D8C1-425B-9060-AA746F126AC4} S-1-5-21-2922372159-162323534-3872807762-1001:ttqlvkkvs\user:Interactive:[1]