Technical Information
- %WINDIR%\syswow64\cmd.exe
- %TEMP%\aut9099.tmp
- %TEMP%\img-0045.jpg
- %TEMP%\aut909a.tmp
- %TEMP%\mimicha.exe
- %TEMP%\aut9099.tmp
- %TEMP%\aut909a.tmp
- http://www.ar###haring.com/do.php?do#########
- DNS ASK ar###haring.com
- '%TEMP%\mimicha.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\mimicha.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\IMG-0045.jpg' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\IMG-0045.jpg
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\mimicha.exe