Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft Framework' = '%ProgramFiles%\YgoHrm.lnk'
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\Policies\Explorer\Run] '58333' = '%ProgramFiles%\locals~1\Temp\msnyox.com'
- %WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe
- %WINDIR%\syswow64\svchost.exe
- [<HKCU>\SOFTWARE\Ghisler\Total Commander]
- %PROGRAMDATA%\ygohrm.folder
- %PROGRAMDATA%\ygohrm.path
- %TEMP%\auteac4.tmp
- %PROGRAMDATA%\ygohrm.exe
- %TEMP%\auteb33.tmp
- %PROGRAMDATA%\ygohrm
- %TEMP%\auteb43.tmp
- %TEMP%\name.exe
- %TEMP%\auteefd.tmp
- %PROGRAMDATA%\ygohrm.au3
- %ProgramFiles%\ygohrm.backup
- %ProgramFiles%\ygohrm.vbs
- %ProgramFiles%\ygohrm.lnk
- %ProgramFiles%\locals~1\temp\msnyox.com
- %ProgramFiles%\crw4hhg3
- %TEMP%\auteac4.tmp
- %TEMP%\auteb33.tmp
- %TEMP%\auteb43.tmp
- %TEMP%\auteefd.tmp
- %ProgramFiles%\ygohrm.vbs
- '<DNS_SERVER>':53
- '91.#13.8.38':80
- '%PROGRAMDATA%\ygohrm.exe' %PROGRAMDATA%\YgoHrm.au3
- '%WINDIR%\syswow64\wscript.exe' "%ProgramFiles%\YgoHrm.vbs"
- '%TEMP%\name.exe'
- '%PROGRAMDATA%\ygohrm.exe' %PROGRAMDATA%\YgoHrm.au3' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c %ProgramFiles%\YgoHrm.vbs' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %ProgramFiles%\YgoHrm.vbs
- '%WINDIR%\syswow64\svchost.exe'