Техническая информация
- '' (загружен из сети Интернет)
- 'C:\users\public\vbc.exe'
- vbc.exe
- C:\users\public\vbc.exe
- 'ow.ly':80
- 'ow#######tdywirecord.dns.army':80
- '33####6.duckdns.org':1210
- '33####6.duckdns.org':1210
- DNS ASK ow.ly
- DNS ASK ow#######tdywirecord.dns.army
- DNS ASK 33####6.duckdns.org
- '%WINDIR%\syswow64\cmd.exe' /c start /b powershell –ExecutionPolicy Bypass Start-Process -FilePath '"%TEMP%\ysphqt.exe"' & exit' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c start /b powershell –ExecutionPolicy Bypass Start-Process -FilePath '"%TEMP%\buqprd.exe"' & exit' (со скрытым окном)
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding
- '%WINDIR%\syswow64\cmd.exe' /c start /b powershell –ExecutionPolicy Bypass Start-Process -FilePath '"%TEMP%\ysphqt.exe"' & exit
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' –ExecutionPolicy Bypass Start-Process -FilePath '"%TEMP%\ysphqt.exe"'
- '%WINDIR%\syswow64\cmd.exe' /c start /b powershell –ExecutionPolicy Bypass Start-Process -FilePath '"%TEMP%\buqprd.exe"' & exit
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' –ExecutionPolicy Bypass Start-Process -FilePath '"%TEMP%\buqprd.exe"'