Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = 'cmd /c %WINDIR%\Temp\ncatyp.exe'
- '<SYSTEM32>\cmd.exe' /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v "Load" /d "cmd /c %WINDIR%\Temp\ncatyp.exe" /f
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v "Load" /d "cmd /c %WINDIR%\Temp\ncatyp.exe" /f
- '<SYSTEM32>\schtasks.exe' /Delete /TN "Update\WinManagerUpdate" /F
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\WinManagerUpdate" /XML "%TEMP%\tmp1.tmp"
- %APPDATA%\23EF5514-3059-436F-A4A7-4CEFAAB20EB1\run.dat
- %TEMP%\tmp1.tmp
- %WINDIR%\Temp\ncatyp.exe
- %WINDIR%\Temp\ncatyp.exe
- %TEMP%\tmp1.tmp
- 'fb###.duckdns.org':21999
- DNS ASK fb###.duckdns.org