Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\koleno.exe
- 'ro###.giize.com':1604
- 'ro###.giize.com':1604
- DNS ASK ro###.giize.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' copy-item '<Full path to file>' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\koleno.exe'