Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\microsoft.vbs
- C:\users\public\vvpost2.ps1
- C:\users\public\vvpost2.vbs
- C:\users\public\vvpost2.ps1
- 'jo#######iciasdobrasil.com.br':443
- DNS ASK jo#######iciasdobrasil.com.br
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nologo -ExecutionPolicy Unrestricted -File C:\Users\Public\VVpost2.ps1
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\VVpost2.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nologo -ExecutionPolicy Unrestricted -File C:\Users\Public\VVpost2.ps1' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy "C:\Users\Public\VVpost2.vbs" "%HOMEPATH%/AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbs" /Y' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy "C:\Users\Public\VVpost2.vbs" "%HOMEPATH%/AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbs" /Y