Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'w32tm' = '%APPDATA%\windows\w32tm.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\w32tm.lnk
- w32tm.exe
- %APPDATA%\w32tm.exe
- %APPDATA%\windows\w32tm.exe
- %APPDATA%\imminent\logs\21-01-2020
- %APPDATA%\imminent\monitoring\network.dat
- %APPDATA%\imminent\monitoring\system.dat
- DNS ASK de###.ddns.net
- '%APPDATA%\w32tm.exe'
- '%WINDIR%\syswow64\cmd.exe' /c copy "<Full path to file>" "%APPDATA%\w32tm.exe"' (with hidden window)
- '%WINDIR%\syswow64\explorer.exe' /c, "%APPDATA%\w32tm.exe"' (with hidden window)
- '%APPDATA%\w32tm.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c copy "<Full path to file>" "%APPDATA%\w32tm.exe"
- '%WINDIR%\syswow64\explorer.exe' /c, "%APPDATA%\w32tm.exe"