Technical Information
- %WINDIR%\tasks\wmmnnnn.job
- <SYSTEM32>\tasks\wmmnnnn
- %PROGRAMDATA%\gtup\wmmnnnn.exe
- 'st#####rketsplays.com':5001
- DNS ASK st#####rketsplays.com
- '%PROGRAMDATA%\gtup\wmmnnnn.exe' start
- '%PROGRAMDATA%\gtup\wmmnnnn.exe' start' (with hidden window)