Technical Information
- %TEMP%\svchost.exe
- from <Full path to file> to %TEMP%\sys5f00.tmp
- ClassName: '' WindowName: ''
- '%TEMP%\svchost.exe'
- '%TEMP%\svchost.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C del /Q /F "%TEMP%\sys5F00.tmp"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C del /Q /F "%TEMP%\sys5F00.tmp"