Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'BooboFil' = '%APPDATA%\BooboFil\BooboFil.exe'
- '%TEMP%\filename.exe'
- '%TEMP%\addinprocess32.exe'
- http://vi##anix.in/et/rfghtyv.exe as %temp+%\filename.exe
- addinprocess32.exe
- %TEMP%\filename.exe
- %TEMP%\addinprocess32.exe
- %APPDATA%\boobofil\boobofil.exe
- %APPDATA%\boobofil\boobofil.exe
- http://vi##anix.in/et/rfghtyv.exe
- DNS ASK vi##anix.in