Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winexplorer' = 'C:\Users\All Users\windowsfonts.exe'
- <PATH_SAMPLE>.log
- 'sm##.gmail.com':587
- DNS ASK sm##.gmail.com
- '%WINDIR%\syswow64\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v winexplorer /t REG_SZ /d "C:\Users\All Users\windowsfonts.exe""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v winexplorer /t REG_SZ /d "C:\Users\All Users\windowsfonts.exe""
- '%WINDIR%\syswow64\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v winexplorer /t REG_SZ /d "C:\Users\All Users\windowsfonts.exe"