Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Updater.exe' = '"%APPDATA%\Microsoft Updater.exe" ..'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Updater.exe' = '"%APPDATA%\Microsoft Updater.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\Microsoft Updater.exe
- hidden files
- %APPDATA%\New Client.exe
- %APPDATA%\Microsoft Updater.exe
- %APPDATA%\Microsoft Updater.exe
- '10#.#1.190.137':3388
- '%APPDATA%\New Client.exe'
- '%APPDATA%\Microsoft Updater.exe'
- '<SYSTEM32>\schtasks.exe' /Delete /tn NYAN /F
- '<SYSTEM32>\schtasks.exe' /create /tn NYAN /tr "%APPDATA%\New Client.exe" /sc minute /mo 1
- '<SYSTEM32>\schtasks.exe' /create /tn NYAN /tr "%APPDATA%\Microsoft Updater.exe" /sc minute /mo 1