Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Local host stategy] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Local host stategy] 'ImagePath' = '%WINDIR%\SysWOW64\sshost.exe'
- 'Local host stategy' %WINDIR%\SysWOW64\sshost.exe
- %WINDIR%\syswow64\sshost.exe
- %PROGRAMDATA%\tmp003
- %PROGRAMDATA%\wintls\rtmp0
- '%WINDIR%\syswow64\sshost.exe'
- '<SYSTEM32>\cmd.exe' /c cls
- '<SYSTEM32>\cmd.exe' /c sc start "Local host stategy"
- '<SYSTEM32>\sc.exe' start "Local host stategy"