Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Info' = '<SYSTEM32>\bootok.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SysInfo' = '<SYSTEM32>\bootok.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SysInfo' = '<SYSTEM32>\sshjp32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Info' = '<SYSTEM32>\bootok.exe'
- outpost.exe
- %TEMP%\z~123457.tmp
- <SYSTEM32>\ddhjp32.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\123_[1].dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\hs[1].txt
- %TEMP%\hs123457
- %WINDIR%\hosts
- 'bo####online.com':80
- bo####online.com/temp/123_.dll
- bo####online.com/temp/hs.txt
- DNS ASK bo####online.com
- DNS ASK 1.#.###.192.in-addr.arpa
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''