Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'regsrvc' = '"rundll.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'regsrvc' = '"skilleditor.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'regsrvc' = '"ntdata.dll"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'regsrvc' = '"ntldr.dll"'
- '<SYSTEM32>\reg.exe' ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /V regsrvc /D "\"rundll.exe\"" /f
- '<SYSTEM32>\cmd.exe' /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /V regsrvc /D "\"rundll.exe\"" /f
- '<Current directory>\skilleditor.exe'
- '<SYSTEM32>\reg.exe' ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /V regsrvc /D "\"skilleditor.exe\"" /f
- '<SYSTEM32>\cmd.exe' /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /V regsrvc /D "\"skilleditor.exe\"" /f
- '<Current directory>\rundll.exe'
- '<SYSTEM32>\cmd.exe' /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /V regsrvc /D "\"ntdata.dll\"" /f
- '<SYSTEM32>\cmd.exe' /c ""<Current directory>\check.bat" "
- '<SYSTEM32>\reg.exe' ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /V regsrvc /D "\"ntdata.dll\"" /f
- '<SYSTEM32>\reg.exe' ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /V regsrvc /D "\"ntldr.dll\"" /f
- '<SYSTEM32>\cmd.exe' /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /V regsrvc /D "\"ntldr.dll\"" /f
- <Current directory>\rundll.exe
- <Current directory>\skilleditor.exe
- <Current directory>\ntldr.dll
- <Current directory>\ntdata.dll
- <Current directory>\check.bat
- 'na####r.no-ip.info':1234
- DNS ASK na####r.no-ip.info
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Knight Online Client'
- ClassName: '' WindowName: 'Error'