Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /im "<File name>.exe" /f
- '5.##.64.2':80
- 'script.google.com':80
- 'script.google.com':443
- 'pk#.goog':80
- 'sc####.##ogleusercontent.com':443
- http://5.##.64.2/ip.php
- http://5.##.64.2/api/files/client/s11
- http://5.##.64.2/api/files/client/s12
- http://5.##.64.2/api/files/client/s13
- http://5.##.64.2/api/files/client/s14
- http://script.google.com/macros/s/AKfycbxu6XZln0F2VKs8FMpn924RlKozFV5XZApwvto57voh-zMdTnkCnYo38kxDLRAyW0hb/exec?xf#########################################################
- 'script.google.com':443
- 'sc####.##ogleusercontent.com':443
- DNS ASK script.google.com
- DNS ASK pk#.goog
- DNS ASK sc####.##ogleusercontent.com
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "<File name>.exe" /f & erase "<Full path to file>" & exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "<File name>.exe" /f & erase "<Full path to file>" & exit