Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\Client.exe
- hidden files
- 're######rypter.myq-see.com':4936
- DNS ASK re######rypter.myq-see.com
- '<SYSTEM32>\schtasks.exe' /Delete /tn NYAN /F
- '<SYSTEM32>\schtasks.exe' /create /tn NYAN /tr "<Full path to file>" /sc minute /mo 1