Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.js.lnk
- %APPDATA%\<File name>.js
- 'ch##.##ontend-app.com':8880
- DNS ASK ch##.##ontend-app.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Copy-Item -Path '<PATH_SAMPLE>.js' -Destination '%APPDATA%\<File name>.js'' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $WshShell = New-Object -comObject WScript.Shell;$Shortcut = $WshShell.CreateShortcut("""%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\<File name>.js.lnk""");$Shortcut.Arguments = """ ...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Copy-Item -Path '<PATH_SAMPLE>.js' -Destination '%APPDATA%\<File name>.js'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $WshShell = New-Object -comObject WScript.Shell;$Shortcut = $WshShell.CreateShortcut("""%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\<File name>.js.lnk""");$Shortcut.Arguments = """ ...