Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'qmfl' = '%WINDIR%\SysWOW64\C_1252I.exe'
- %WINDIR%\syswow64\c_1252i.exe
- %TEMP%\~unins5429.bat
- %WINDIR%\syswow64\c_1252i.exe
- DNS ASK br###makes.com
- '%WINDIR%\syswow64\c_1252i.exe'
- '%WINDIR%\syswow64\c_1252i.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\~unins5429.bat "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\~unins5429.bat "<Full path to file>"