Technical Information
- %TEMP%\rns.bat
- <Current directory>\letter of indemnity (new version).pdf
- %APPDATA%\microsoft\msofficeupdate.sd
- %TEMP%\a9r3ogs00_1i4lba2_25k.tmp
- 'ha###-boy.pe.hu':80
- DNS ASK ha###-boy.pe.hu
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\rns.bat" "' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' MSOfficeUpdate.sd, Doctor' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\rns.bat" "
- '%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe' "<Current directory>\LETTER OF INDEMNITY (new version).pdf"
- '%WINDIR%\syswow64\rundll32.exe' MSOfficeUpdate.sd, Doctor