Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\nyanxcat.vbs
- 'wi###.publicvm.com':3054
- DNS ASK wi###.publicvm.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -window 1 Copy-Item '<PATH_SAMPLE>.vbs' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\NYANxCAT.vbs';' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -enc IAAkAHQAZQB4AHQAIAA9ACAAKAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABOAFkAQQBOAHgAQwBBAFQAXAApAC4ATgBZAEEATgB4A...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -window 1 Copy-Item '<PATH_SAMPLE>.vbs' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\NYANxCAT.vbs';
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -enc IAAkAHQAZQB4AHQAIAA9ACAAKAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABOAFkAQQBOAHgAQwBBAFQAXAApAC4ATgBZAEEATgB4A...