Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Owhoa' = 'regsvr32.exe /s %APPDATA%\Soyfc\ymbu.dll'
- %WINDIR%\syswow64\msiexec.exe
- %APPDATA%\soyfc\ymbu.dll
- 'cr###sgreen.com':443
- DNS ASK cr###sgreen.com
- '%WINDIR%\syswow64\msiexec.exe'