Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\svp7run.lnk
- %APPDATA%\microsoft\windows\7z.exe
- %APPDATA%\microsoft\windows\1.zip
- %PROGRAMDATA%\powershell.lnk
- %PROGRAMDATA%\run.ps1
- %PROGRAMDATA%\aliyunservice.exe
- %PROGRAMDATA%\log.dll
- %PROGRAMDATA%\run.url
- %PROGRAMDATA%\run001.lnk
- %PROGRAMDATA%\run002.url
- %APPDATA%\microsoft\windows\7z.exe
- %APPDATA%\microsoft\windows\1.zip
- %PROGRAMDATA%\powershell.lnk
- %PROGRAMDATA%\run.ps1
- %PROGRAMDATA%\aliyunservice.exe
- %PROGRAMDATA%\log.dll
- %PROGRAMDATA%\run.url
- %PROGRAMDATA%\run001.lnk
- %PROGRAMDATA%\run002.url
- %PROGRAMDATA%\run.ps1
- '21#.#3.57.64':1024
- ClassName: 'ConsoleWindowClass' WindowName: ''
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy RemoteSigned -File %PROGRAMDATA%\run.ps1
- '%APPDATA%\microsoft\windows\7z.exe' x 1.zip
- '%PROGRAMDATA%\aliyunservice.exe'
- '%APPDATA%\microsoft\windows\7z.exe' x 1.zip' (with hidden window)
- '%PROGRAMDATA%\aliyunservice.exe' ' (with hidden window)