Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\MemoryStatus] 'ImagePath' = '%WINDIR%\MemoryStatus.exe'
- %WINDIR%\MemoryStatus.exe
- C:\1.TXT
- 'localhost':8080
- '%WINDIR%\MemoryStatus.exe'
- '<SYSTEM32>\cmd.exe' /c sc create MemoryStatus binPath= %WINDIR%\MemoryStatus.exe
- '<SYSTEM32>\sc.exe' create MemoryStatus binPath= %WINDIR%\MemoryStatus.exe
- '<SYSTEM32>\cmd.exe' /c sc start MemoryStatus
- '<SYSTEM32>\sc.exe' start MemoryStatus