Technical Information
- <SYSTEM32>\tasks\javaupdate
- <Current directory>\temp\nj.bat
- <Current directory>\temp\clicker.exe
- <Current directory>\temp\seced.exe
- <Current directory>\temp\msvcp140d.dll
- <Current directory>\temp\ucrtbased.dll
- <Current directory>\temp\vcruntime140d.dll
- <Current directory>\hydraruzxpnew4af vime helper.exe
- <Current directory>\msvcp140d.dll
- <Current directory>\ucrtbased.dll
- <Current directory>\vcruntime140d.dll
- <Current directory>\temp\clicker.exe
- <Current directory>\temp\msvcp140d.dll
- <Current directory>\temp\seced.exe
- <Current directory>\temp\ucrtbased.dll
- <Current directory>\temp\vcruntime140d.dll
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\temp\nj.bat" "
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC ONLOGON /TN JavaUpdate /TR %APPDATA%\Roaming\.vimeworld\clicker\svchost.exe /F
- '%WINDIR%\syswow64\attrib.exe' +H +S /S /D %APPDATA%\.vimeworld\clicker