Technical Information
- %WINDIR%\syswow64\cmd.exe
- iexplore.exe
- iexplore.exe process, urlmon.dll module
- firefox.exe process, urlmon.dll module
- firefox.exe process, crypt32.dll module
- iexplore.exe process, crypt32.dll module
- %PROGRAMDATA%\606bf48fh.exe
- %APPDATA%\fkj5634.tmp.bat
- DNS ASK bl####idomen.com
- '%WINDIR%\syswow64\icardagt.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\fkj5634.tmp.bat" "<Full path to file>""' (with hidden window)
- '%WINDIR%\syswow64\icardagt.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\fkj5634.tmp.bat" "<Full path to file>""
- '%WINDIR%\syswow64\attrib.exe' -r -s -h "<Full path to file>"