Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'font' = '%PROGRAMDATA%\fontFiles\rekeywiz.exe'
- %TEMP%\pak_army_deployed_in_country_in_fight_against_coronavirus.pdf
- %TEMP%\dlj1meeyrmldug.hta
- %PROGRAMDATA%\fontfiles\rekeywiz.exe
- %PROGRAMDATA%\fontfiles\duser.dll
- %PROGRAMDATA%\fontfiles\5dmd63o.tmp
- %PROGRAMDATA%\fontfiles\rekeywiz.exe.config
- %TEMP%\dlj1meeyrmldug.hta
- http://www.d0##a.net/plugins/16364/11542/true/true/
- http://www.d0##a.net/cgi/8ee4d36866/16364/11542/58a3a04b/file.hta
- DNS ASK d0##a.net
- '%PROGRAMDATA%\fontfiles\rekeywiz.exe'
- '%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe' "%TEMP%\Pak_Army_Deployed_in_Country_in_Fight_Against_Coronavirus.pdf"
- '%WINDIR%\syswow64\mshta.exe' %TEMP%\dLj1mEEyRmldUg.hta