Technical Information
- %TEMP%\0mbo61y1bd47tw1lobwexzbfrfetqn\cookies_firefox.txt
- %TEMP%\sensfiles.zip
- %TEMP%\0mbo61y1bd47tw1lobwexzbfrfetqn\sensfiles.zip
- %TEMP%\0mbo61y1bd47tw1lobwexzbfrfetqn\telegram\tdata\d877f783d5d3ef8c\map0
- %TEMP%\0mbo61y1bd47tw1lobwexzbfrfetqn\telegram\settings0
- %TEMP%\0mbo61y1bd47tw1lobwexzbfrfetqn\telegram\usertag
- %TEMP%\0mbo61y1bd47tw1lobwexzbfrfetqn\user_info.txt
- %TEMP%\0mbo61y1bd47tw1lobwexzbfrfetqn\screen1.png
- %TEMP%\out.zip
- from <Full path to file> to \:svcmsrpc
- 'ip##o.is':443
- 'microsoft.com':80
- 'ap#.##legram.org':443
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'ip##o.is':443
- 'ap#.##legram.org':443
- DNS ASK ip##o.is
- DNS ASK microsoft.com
- DNS ASK ap#.##legram.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -NonInteractive -NoLogo -Command "Get-Culture | Select -ExpandProperty DisplayName"