Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'eeetnmn' = '<Full path to file>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'yГјkle' = '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cihan.exe' = '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'system' = '<SYSTEM32>\MSDCSC\msdcsc.exe'
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\MSDCSC\msdcsc.exe'
- %WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe
- %TEMP%\aut9e5.tmp
- %TEMP%\1.resource
- %TEMP%\aut1186.tmp
- %TEMP%\aut1f13.tmp
- %WINDIR%\syswow64\msdcsc\msdcsc.exe
- %TEMP%\aut9e5.tmp
- %TEMP%\aut1186.tmp
- %TEMP%\aut1f13.tmp
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe'