Technical Information
- '<SYSTEM32>\reg.exe' query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s /v DisplayName
- '<SYSTEM32>\attrib.exe' -r -s -h "<Full path to file>"
- '<SYSTEM32>\cmd.exe' /C "reg.exe query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s /v DisplayName > %TEMP%\121328.TMP"
- '<SYSTEM32>\cmd.exe' /c ""<Current directory>\120265.bat" "<Full path to file>""
- %WINDIR%\Explorer.EXE
- <Current directory>\120265.bat
- 'ch#####dalighthard.org':8080
- 'localhost':1036
- DNS ASK ch#####dalighthard.org