Technical Information
- [<HKLM>\System\CurrentControlSet\Services\boshiAnti] 'ImagePath' = '%TEMP%\5.5yyz.com.sys'
- 'boshiAnti' %TEMP%\5.5yyz.com.sys
- C:\fzyz.dll
- %TEMP%\c45b.tmp
- %TEMP%\c4e9.tmp
- %TEMP%\c567.tmp
- %TEMP%\5.5yyz.com.sys
- %TEMP%\c45b.tmp
- %TEMP%\c4e9.tmp
- %TEMP%\c567.tmp
- %TEMP%\5.5yyz.com.sys
- %TEMP%\5.5yyz.com.sys
- '1.##yz.com':80
- http://1.##yz.com/user/User
- DNS ASK 1.##yz.com