Technical Information
- 'he###tar.com':443
- 'x1.#.lencr.org':80
- 'r3.#.lencr.org':80
- http://x1.#.lencr.org/
- http://r3.#.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgTfbAL8Ygeaoey4XNHJUH6yrA%3D%3D
- 'he###tar.com':443
- '34.##9.100.209':443
- DNS ASK he###tar.com
- DNS ASK x1.#.lencr.org
- DNS ASK r3.#.lencr.org
- '<SYSTEM32>\cmd.exe' /c mkdir C:\VPNStors\Krosters' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c mkdir C:\VPNStors\Krosters