Technical Information
- <SYSTEM32>\tasks\windowsservice
- %WINDIR%\enplorer.exe
- %WINDIR%\conchost.exe
- nul
- %WINDIR%\enplorer.exe
- %WINDIR%\conchost.exe
- http://64.##7.72.138/foo/amd.exe
- http://64.##7.72.138/foo/starter.exe
- '<SYSTEM32>\cmd.exe' /c schtasks /create /sc ONLOGON /tn ""WindowsService"" /F /tr ""%WINDIR%\conchost.exe""
- '<SYSTEM32>\schtasks.exe' /create /sc ONLOGON /tn ""WindowsService"" /F /tr ""%WINDIR%\conchost.exe""
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "<Full path to file>"
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 3000