Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft Framework' = '%ProgramFiles%\BybUpq.lnk'
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\Policies\Explorer\Run] '49102' = '%ProgramFiles%\locals~1\Temp\msqcsavf.com'
- %WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe
- %WINDIR%\syswow64\svchost.exe
- [<HKCU>\SOFTWARE\Ghisler\Total Commander]
- %PROGRAMDATA%\bybupq.folder
- %PROGRAMDATA%\bybupq.path
- %TEMP%\autbf6e.tmp
- %PROGRAMDATA%\bybupq.exe
- %TEMP%\autbfcd.tmp
- %PROGRAMDATA%\bybupq
- %TEMP%\autbfde.tmp
- %TEMP%\name.exe
- %TEMP%\autc175.tmp
- %PROGRAMDATA%\bybupq.au3
- %ProgramFiles%\bybupq.backup
- %ProgramFiles%\bybupq.vbs
- %ProgramFiles%\bybupq.lnk
- %ProgramFiles%\locals~1\temp\msqcsavf.com
- %ProgramFiles%\haho2mtx
- %TEMP%\autbf6e.tmp
- %TEMP%\autbfcd.tmp
- %TEMP%\autbfde.tmp
- %TEMP%\autc175.tmp
- %ProgramFiles%\bybupq.vbs
- '<DNS_SERVER>':53
- '91.#13.8.38':80
- '%PROGRAMDATA%\bybupq.exe' %PROGRAMDATA%\BybUpq.au3
- '%WINDIR%\syswow64\wscript.exe' "%ProgramFiles%\BybUpq.vbs"
- '%TEMP%\name.exe'
- '%PROGRAMDATA%\bybupq.exe' %PROGRAMDATA%\BybUpq.au3' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c %ProgramFiles%\BybUpq.vbs' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %ProgramFiles%\BybUpq.vbs
- '%WINDIR%\syswow64\svchost.exe'