Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'IntelPowerAgent4' = 'rundll32.exe shell32.dll, ShellExec_RunDLL C:\PROGRA~3\DBD282~1.EXE'
- %WINDIR%\syswow64\icardagt.exe
- iexplore.exe
- firefox.exe process, urlmon.dll module
- iexplore.exe process, urlmon.dll module
- firefox.exe process, crypt32.dll module
- firefox.exe process, advapi32.dll module
- iexplore.exe process, crypt32.dll module
- iexplore.exe process, advapi32.dll module
- %ALLUSERSPROFILE%\dbd2828hhf.exe
- %TEMP%\3492473cd35c8bdceed8
- %LOCALAPPDATA%\cxsd48e.tmp.bat
- %TEMP%\3492473cd35c8bdceed8
- 'microsoft.com':80
- 'eb####tazce-ru.com':443
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'eb####tazce-ru.com':443
- DNS ASK microsoft.com
- DNS ASK eb####tazce-ru.com
- '%WINDIR%\syswow64\icardagt.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%LOCALAPPDATA%\cxsD48E.tmp.bat" "<Full path to file>""' (with hidden window)
- '%WINDIR%\syswow64\icardagt.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%LOCALAPPDATA%\cxsD48E.tmp.bat" "<Full path to file>""
- '%WINDIR%\syswow64\attrib.exe' -r -s -h "<Full path to file>"