Technical Information
- [<HKLM>\software\Wow6432Node\microsoft\windows\CurrentVersion\Run] '<File name>.exe' = '<Full path to file>'
- %TEMP%\name1.txt
- %TEMP%\name1.txt
- '7k#.top':2858
- DNS ASK 7k#.top
- '%WINDIR%\syswow64\cmd.exe' /c wmic path win32_operatingsystem get name > "%TEMP%\name1.txt"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c wmic path win32_operatingsystem get name > "%TEMP%\name1.txt"
- '%WINDIR%\syswow64\wbem\wmic.exe' path win32_operatingsystem get name