Technical Information
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Wmi' = 'regsvr32 /u /s /i:c:\PerifLogs\Run.txt scrobj.dll'
- C:\periflogs\wmnotwk.exe
- C:\periflogs\regtext.txt
- C:\periflogs\run.txt
- C:\bit1d01.tmp
- C:\bit1d01.tmp
- C:\bit1d01.tmp
- C:\periflogs\regtext.txt
- '12#.#8.144.254':8086
- 'C:\periflogs\wmnotwk.exe' -UAC
- '<SYSTEM32>\regsvr32.exe' /u /s /i:"c:\PerifLogs\RegText.txt" scrobj.dll