Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'service.exe' = '%TEMP%\service.exe'
- service.exe
- %TEMP%\service.exe
- %TEMP%\tmp1.tmp.exe
- %TEMP%\service.exe
- '%TEMP%\service.exe'
- '<SYSTEM32>\cmd.exe' /c ping 0 -n 2 & del "%TEMP%\service.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ping 0 -n 2 & del "%TEMP%\service.exe"
- '<SYSTEM32>\ping.exe' 0 -n 2