Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Info' = '<SYSTEM32>\bootok.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SysInfo' = '<SYSTEM32>\bootok.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'KIILHTA' = 'mshta file:///C:/WINDOWS/system32/kiil.hta'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SysInfo' = '<SYSTEM32>\sshjp32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Info' = '<SYSTEM32>\bootok.exe'
- AVPM.EXE
- Drweb32w.exe
- outpost.exe
- AVPCC.EXE
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'CurrentLevel' = '00000000'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'CurrentLevel' = '00000000'
- %TEMP%\hs123457
- 'ds###ain.com':80
- http://ds###ain.com/temp/hs.txt
- DNS ASK ds###ain.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''