Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'MSAboutDialog' = 'regsvr32 xadowner.dll /s'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'AboutSys' = 'regsvr32.exe msaddon.dll /s'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RegBar' = 'regsvr32.exe /u %PROGRAM_FILES%\blogmark\bocaitoolbar.dll /s /i /n'
- '<SYSTEM32>\regsvr32.exe' /s msplug.dll
- '<SYSTEM32>\regsvr32.exe' /s msaddon.dll
- '<SYSTEM32>\regsvr32.exe' xadowner.dll /s
- '<SYSTEM32>\regsvr32.exe' AdsHlp.dll /s
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\AdsHlp.dll
- <SYSTEM32>\msplug.dll
- <SYSTEM32>\msaddon.dll
- %TEMP%\temp.tmp
- <SYSTEM32>\xadowner.dll
- <SYSTEM32>\script.bin
- 'bl#####kxml.bokee.com':80
- DNS ASK bl#####kxml.bokee.com
- ClassName: 'Indicator' WindowName: '(null)'