Technical Information
- [<HKLM>\System\CurrentControlSet\Services\rpyshi] 'ImagePath' = 'cmd.exe /c echo rpyshi > \\.\pipe\rpyshi'
- 'rpyshi' cmd.exe /c echo rpyshi > \\.\pipe\rpyshi
- firefox.exe
- <SYSTEM32>\cmd.exe
- '79.##7.78.168':5005
- '<SYSTEM32>\cmd.exe' /c echo rpyshi > \\.\pipe\rpyshi