Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'x1' = '%TEMP%\x1\x1.exe'
- %TEMP%\x1\x1.exe
- nul
- '32#.com':443
- DNS ASK 0x##b.com
- '%TEMP%\x1\x1.exe'
- '<SYSTEM32>\cmd.exe' /c timeout 1 > NUL & del "<Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c timeout 1 > NUL & del "<Full path to file>"
- '<SYSTEM32>\timeout.exe' 1