Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '"%TEMP%\svchost.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '"%TEMP%\svchost.exe" ..'
- %HOMEPATH%\start menu\programs\startup\svchost.exe
- hidden files
- %TEMP%\svchost.exe
- DNS ASK nj###t.ddns.net
- '%TEMP%\svchost.exe'
- '<SYSTEM32>\schtasks.exe' /Delete /tn NYAN /F' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /tn NYAN /tr "%TEMP%\svchost.exe" /sc minute /mo 1' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /Delete /tn NYAN /F
- '<SYSTEM32>\schtasks.exe' /create /tn NYAN /tr "%TEMP%\svchost.exe" /sc minute /mo 1