Technical Information
- <SYSTEM32>\tasks\win\winon
- %WINDIR%\winon.exe
- %WINDIR%\wo_task.xml
- 'go##le.it':443
- DNS ASK go##le.it
- '%WINDIR%\syswow64\cmd.exe' /c SCHTASKS /CREATE /XML "%WINDIR%\wo_task.xml" /TN "WIN\WINON" -f
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /XML "%WINDIR%\wo_task.xml" /TN "WIN\WINON" -f
- '%WINDIR%\syswow64\cmd.exe' /c cmd.exe
- '%WINDIR%\syswow64\cmd.exe'