Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Boot File Servicing Utility' = '%WINDIR%\bfsbc.exe'
- '' (downloaded from the Internet)
- %TEMP%\RarSFX0\ICSharpCode.SharpZipLib.dll
- %TEMP%\RarSFX0\Security.exe
- %WINDIR%\bfsbc.exe
- %TEMP%\RarSFX0\System.Data.SQLite.Linq.dll
- %TEMP%\RarSFX0\xNet.dll
- %TEMP%\RarSFX0\System.Data.SQLite.dll
- %TEMP%\RarSFX0\System.Data.SQLite.EF6.dll
- %TEMP%\RarSFX0\System.Data.SQLite.EF6.dll
- %TEMP%\RarSFX0\System.Data.SQLite.Linq.dll
- %TEMP%\RarSFX0\xNet.dll
- %TEMP%\RarSFX0\ICSharpCode.SharpZipLib.dll
- %TEMP%\RarSFX0\Security.exe
- %TEMP%\RarSFX0\System.Data.SQLite.dll
- '80.##.187.244':80
- http:///storage/bfsbc.bin via 80.##.187.244
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\bfsbc.exe'
- '%TEMP%\RarSFX0\Security.exe'