Technical Information
- '<SYSTEM32>\cmd.exe' /S /D /c" DEL "
- '<SYSTEM32>\cmd.exe' /S /D /c" ERASE run.cmd"
- '<SYSTEM32>\taskkill.exe' /f /im cmd.exe
- '<SYSTEM32>\cmd.exe' /c run.cmd
- '<SYSTEM32>\cmd.exe' /c DEL | ERASE run.cmd
- '<SYSTEM32>\schtasks.exe' /create /tn SysChecks /tr %APPDATA%\SearchProtocolHosts.exe /sc minute /mo 3
- <SYSTEM32>\cmd.exe
- <Current directory>\run.cmd
- <Current directory>\run.cmd
- ClassName: '' WindowName: ''