Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchosts' = '<Full path to file>'
- %APPDATA%\microsoft\windows\start menu\programs\startup\winshort.lnk
- <Full path to file>test.txt
- <Current directory>\winshort.vbs
- <Full path to file>test.txt
- <Current directory>\winshort.vbs
- ClassName: 'ConsoleWindowClass' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "<Current directory>\winshort.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c echo %USERNAME%
- '%WINDIR%\syswow64\cmd.exe' /c whoami
- '%WINDIR%\syswow64\whoami.exe'
- '%WINDIR%\syswow64\cmd.exe' /c winshort.vbs