Technical Information
- %APPDATA%\microsoft\systemcertificates\my\certificates\d8c5e4a16c2bea0e36baa2d018275111ff62fd09
- %TEMP%\2.1.1.exe
- '14###.za.com':443
- 'pk#.goog':80
- 'ip###ger.com':443
- '45.##4.28.189':80
- http://pk#.goog/gsr1/gsr1.crt
- '14###.za.com':443
- 'ip###ger.com':443
- '34.##0.144.191':443
- DNS ASK 14###.za.com
- DNS ASK pk#.goog
- DNS ASK ip###ger.com
- '%TEMP%\2.1.1.exe'
- '%TEMP%\2.1.1.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ping 127.0.0.1 -n 3 & del "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ping 127.0.0.1 -n 3 & del "<Full path to file>"
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 3
- '%WINDIR%\syswow64\rundll32.exe'