Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "Start-Process -Filepath '%TEMP%\svchost.exe'"
- '<SYSTEM32>\cmd.exe' /c powershell "Start-Process -Filepath '%TEMP%\svchost.exe'"
- %TEMP%\svchost.exe
- <Current directory>\~wrd0000.tmp
- <Current directory>\~wrd0001.tmp
- %TEMP%\svchost.exe
- <Current directory>\~wrd0000.tmp
- <PATH_SAMPLE>.doc
- '<SYSTEM32>\cmd.exe' /c powershell "Start-Process -Filepath '%TEMP%\svchost.exe'"' (with hidden window)