Technical Information
- '<SYSTEM32>\taskkill.exe' /F /im rundll32.exe
- '<SYSTEM32>\taskkill.exe' /F /im powershell.exe
- %APPDATA%\kbtu.js
- '74.##5.232.51':443
- DNS ASK sites.google.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%APPDATA%\kbtu.js"