Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\svchost.lnk
- svchost.exe
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %APPDATA%\svchost.exe
- 'localhost':53896
- DNS ASK bl####il.ddns.net
- ClassName: 'EDIT' WindowName: ''
- '%APPDATA%\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c, "%APPDATA%\svchost.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c copy "<Full path to file>" "%APPDATA%\svchost.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c copy "<Full path to file>" "%APPDATA%\svchost.exe"
- '%WINDIR%\syswow64\cmd.exe' /c, "%APPDATA%\svchost.exe"