Another persistence method adversaries use is to schedule a task that allows them to execute their malicious program at a specified time or during system startup. Windows utilities such as schtasks and at are normally used by the adversaries to schedule a program or script to execute at a desired date and time. By making use of these utilities, an attacker can create tasks on a local computer or remote computer, provided the account used to create the task is part of an Administrator group. In the following example, the malware (ssub.exe) first creates a file called service.exe in the %AllUsersProfile%\WindowsTask\ directory and then invokes cmd.exe,  which in turn uses the schtasks Windows utility to create a scheduled ...