Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'snowgay' = 'rundll32.exe "%HOMEPATH%\Microsoft\snowgay.dll", CreLcfAchF'
- <SYSTEM32>\calc.exe
- <SYSTEM32>\rundll32.exe "%HOMEPATH%\Microsoft\snowgay.dll", CreLcfAchF
- %HOMEPATH%\Microsoft\snowgay.dll
- 'be##.#terist.net':80
- be##.#terist.net/pic/pic1.txt
- DNS ASK be##.#terist.net
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'IOASDFkhsdf*&A^*E&f6ds78fy67856&*SDf&*D^78f6*^Dg%XD^&SDfiugfyadsg(*&(*W#kjhdfg!@##O0!@#AFAFO0!@#18' WindowName: 'asdf()&SDgfkdfhgdf^SD&*gfgf&*SE^8gfdfygfd&*S%^d7gf&**W^&%*(shgdfg&635&W(*$tyudfg*&#$SFKhIUYASE#'
- ClassName: '(S*&DFksduhgdkfgh*&S^SDFoiy*^SD&*F6dsf8gt7ysdf&*S^asddafgiuaydfg788&S%^D*#&*^*&WQ^%874dgfdg*(^*SDG!!@#O0!@#18' WindowName: 'asdgfkhSI^*Dgfidfhg*(S^&Dgf8dfhgkjdfghkdfghdfk*sdfguid*(SD^&Gfdkfjghfdg$5t4!ra@erreaEBV0AFAF!@#O0!@#18b'