Technical Information
- <SYSTEM32>\rundll32.exe
- %TEMP%\srqwwshphhaotf.tmp
- %TEMP%\dd_vcredist_amd64_20151216210341_001_vcruntimeadditional_x64.log
- %TEMP%\dd_vcredist_amd64_20151216210341.log
- %TEMP%\msi1cfbe.log
- %TEMP%\msic204f.log
- %TEMP%\microsoft .net framework 4.5 setup_20150506_155317844.html
- %TEMP%\dd_vcredist_x86_20151216210157_001_vcruntimeadditional_x86.log
- %TEMP%\dd_setuputility.txt
- %TEMP%\adobe_admlogs\adobe_adm.log
- %TEMP%\microsoft .net framework 4.5.2 setup_20151216_212237215.html
- '18#.#2.56.163':443
- '19#.#36.163.13':443
- 'microsoft.com':80
- '15#.#9.247.216':443
- 'localhost':24249
- 'localhost':1312
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- '18#.#2.56.163':443
- '19#.#36.163.13':443
- '15#.#9.247.216':443
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\rundll32.exe' "<Full path to file>",Eytoyrqw' (with hidden window)
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\shell32.dll",#61 24249' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' "<Full path to file>",Eytoyrqw
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\shell32.dll",#61 24249