Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Dofbot' = '%TEMP%\Dofbot\Dofbot.exe'
- '%WINDIR%\install\server.exe'
- '%TEMP%\AppLunch\Dofbot.exe'
- '%TEMP%\Dofbot_G407.exe'
- %TEMP%\%USERNAME%7
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\version[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\lien[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\news[1].txt
- %TEMP%\%USERNAME%8
- %TEMP%\dofbotJournal.txt
- %TEMP%\Dofbot\Dofbot.exe
- %TEMP%\AppLunch\Cho.ine
- %TEMP%\Dofbot_G407.exe
- %APPDATA%\%USERNAME%log.dat
- %TEMP%\%USERNAME%2.txt
- %WINDIR%\install\server.exe
- %APPDATA%\%USERNAME%log.dat
- %TEMP%\AppLunch\Dofbot.exe
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%2.txt
- %TEMP%\AppLunch\Cho.ine в %TEMP%\AppLunch\Dofbot.exe
- 'localhost':99
- 'xm####e.no-ip.info':99
- 'ha###dotcom.fr':80
- ha###dotcom.fr/Dofbots/news.txt
- ha###dotcom.fr/Dofbots/version.txt
- ha###dotcom.fr/Dofbots/lien.txt
- DNS ASK xm####e.no-ip.info
- DNS ASK ha###dotcom.fr
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'