Technical Information
- %TEMP%\ixp000.tmp\blat.dll
- %TEMP%\ixp000.tmp\blat.exe
- %TEMP%\ixp000.tmp\hw.cmd
- %TEMP%\ixp000.tmp\hw.kix
- %TEMP%\ixp000.tmp\hw-sw.cmd
- %TEMP%\ixp000.tmp\hw-sw.kix
- %TEMP%\ixp000.tmp\hw-swk~1.org
- %TEMP%\ixp000.tmp\kix32.exe
- %TEMP%\ixp000.tmp\wkix32.exe
- %TEMP%\ixp000.tmp\zwzzzn.txt
- %WINDIR%\temp\cab97d8.tmp
- %WINDIR%\temp\tar97d9.tmp
- %WINDIR%\temp\1202e6.mst
- %WINDIR%\temp\1202e7.mst
- %HOMEPATH%\desktop\pc-daten.txt
- %WINDIR%\temp\cab97d8.tmp
- %WINDIR%\temp\tar97d9.tmp
- %WINDIR%\temp\1202e6.mst
- %WINDIR%\temp\1202e7.mst
- 'public-trust.com':80
- 'ma##.##s-hellmann.de':25
- DNS ASK ma##.##s-hellmann.de
- DNS ASK hc###ellmann.de
- DNS ASK public-trust.com
- ClassName: '' WindowName: 'Windows NT Logon Script'
- '%TEMP%\ixp000.tmp\kix32.exe' HW-SW.kix
- '%TEMP%\ixp000.tmp\blat.exe' zwzzzn.txt -f KIX-zwzzzn@hcs-hellmann.de -to kix@hcs-hellmann.de -subject "KIX zwzzzn Sat 04/11/2020" -port 25 -server mail.hcs-hellmann.de -attach zwzzzn.txt
- '<SYSTEM32>\cmd.exe' /c %TEMP%\IXP000.TMP\HW-SW.cmd' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\IXP000.TMP\HW-SW.cmd
- '<SYSTEM32>\cmd.exe' /c dir "zwzzzn.*" /OD /A-D /B