Technical Information
- [<HKLM>\System\CurrentControlSet\Services\tboot] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\tboot] 'ImagePath' = '<SYSTEM32>\tboot.exe'
- [<HKLM>\System\CurrentControlSet\Services\svtcp] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\svtcp] 'ImagePath' = '<DRIVERS>\svtcp.sys'
- 'tboot' <SYSTEM32>\tboot.exe
- 'svtcp' <DRIVERS>\svtcp.sys
- %WINDIR%\syswow64\00115aad.tmp
- %WINDIR%\syswow64\ctrlycw.acm
- %WINDIR%\syswow64\0011627a.tmp
- %TEMP%\temp_1139337.bat
- %WINDIR%\syswow64\drivers\svtcp.sys
- from %WINDIR%\syswow64\00115aad.tmp to %WINDIR%\syswow64\tboot.exe
- from %WINDIR%\syswow64\0011627a.tmp to %WINDIR%\syswow64\drivers\svtcp.sys
- '%WINDIR%\syswow64\tboot.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\\temp_1139337.bat "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\\temp_1139337.bat "<Full path to file>"