Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\rdpsaproxy.url
- '' (downloaded from the Internet)
- '%APPDATA%\vbc.exe'
- %APPDATA%\vbc.exe
- %HOMEPATH%\rdpsaproxy\rdpsaproxy.vbs
- %HOMEPATH%\rdpsaproxy\at.exe
- http://ir############leaseadviseonthepayment.duckdns.org/vbc.exe
- DNS ASK ir############leaseadviseonthepayment.duckdns.org
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding