Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MicroUpdate' = '%HOMEPATH%\My Documents\MSDCSC\msdcsc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%HOMEPATH%\My Documents\MSDCSC\msdcsc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 's' = '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'te' = '<Full path to file>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'te' = '%APPDATA%\<File name>.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
- Windows Security Center
- User Account Control (UAC)
- Windows Security Center
- '%APPDATA%\vbc.exe'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe'
- '%APPDATA%\<File name>.exe'
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe
- IEXPLORE.EXE
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe
- %TEMP%\aut16.tmp
- %TEMP%\aut15.tmp
- %TEMP%\aut18.tmp
- %TEMP%\aut17.tmp
- %TEMP%\aut14.tmp
- %TEMP%\aut11.tmp
- %TEMP%\aut10.tmp
- %TEMP%\aut13.tmp
- %TEMP%\aut12.tmp
- %TEMP%\aut1E.tmp
- %TEMP%\aut1F.tmp
- %TEMP%\aut21.tmp
- %TEMP%\aut20.tmp
- %TEMP%\aut1D.tmp
- %TEMP%\aut1A.tmp
- %TEMP%\aut19.tmp
- %TEMP%\aut1C.tmp
- %TEMP%\aut1B.tmp
- %TEMP%\autF.tmp
- %TEMP%\aut4.tmp
- %APPDATA%\vbc.exe
- %TEMP%\aut6.tmp
- %TEMP%\aut5.tmp
- %TEMP%\aut3.tmp
- %TEMP%\1.resource
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %APPDATA%\<File name>.exe
- %TEMP%\autC.tmp
- %TEMP%\autB.tmp
- %TEMP%\autE.tmp
- %TEMP%\autD.tmp
- %TEMP%\autA.tmp
- %HOMEPATH%\My Documents\MSDCSC\msdcsc.exe
- %TEMP%\aut7.tmp
- %TEMP%\aut9.tmp
- %TEMP%\aut8.tmp
- %TEMP%\aut18.tmp
- %TEMP%\aut15.tmp
- %TEMP%\aut1A.tmp
- %TEMP%\aut17.tmp
- %TEMP%\aut13.tmp
- %TEMP%\aut11.tmp
- %TEMP%\aut16.tmp
- %TEMP%\aut14.tmp
- %TEMP%\aut1E.tmp
- %TEMP%\aut1F.tmp
- %TEMP%\aut21.tmp
- %TEMP%\aut20.tmp
- %TEMP%\aut1C.tmp
- %TEMP%\aut19.tmp
- %TEMP%\aut1D.tmp
- %TEMP%\aut1B.tmp
- %TEMP%\aut12.tmp
- %TEMP%\aut6.tmp
- %TEMP%\aut5.tmp
- %TEMP%\aut8.tmp
- %TEMP%\aut7.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut3.tmp
- %TEMP%\autE.tmp
- %TEMP%\autD.tmp
- %TEMP%\aut10.tmp
- %TEMP%\autF.tmp
- %TEMP%\autA.tmp
- %TEMP%\aut9.tmp
- %TEMP%\autC.tmp
- %TEMP%\autB.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''