Technical Information
- %TEMP%\domrnjcxeszclvcm.dll
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://ip##pi.com/xml/95.211.190.199
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK pa##e.ee
- DNS ASK vi####tealer-1.site
- DNS ASK ip##pi.com
- '%WINDIR%\syswow64\cmd.exe' /C ping 127.0.0.1 -n 1 -w 3000 > Nul & Del "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C ping 127.0.0.1 -n 1 -w 3000 > Nul & Del "<Full path to file>"
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 1 -w 3000