Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<LS_APPDATA>\r3q2x.dll'
- %WINDIR%\explorer.exe
- %WINDIR%\Explorer.EXE
- %TEMP%\a3a94f6
- <LS_APPDATA>\r3q2x.dll
- 'va####hezoqe.com':80
- 'pu####xasuhu.com':80
- 'zi###elywa.com':80
- 'pa####wuseleri.com':80
- 'zi###ilyxu.com':80
- 'xi###ijuxoj.com':80
- 've###aceke.com':80
- 'gy###elara.com':80
- DNS ASK yg###guxake.com
- DNS ASK ig###roda.com
- DNS ASK ru###yril.com
- DNS ASK zo####weboxe.com
- DNS ASK yd###jyb.com
- DNS ASK yk####agesop.com
- DNS ASK yp###zaba.com
- DNS ASK ut###bolype.com
- DNS ASK gy###elara.com
- DNS ASK ve###aceke.com
- DNS ASK xi###ijuxoj.com
- DNS ASK zi###ilyxu.com
- DNS ASK pa####wuseleri.com
- DNS ASK zi###elywa.com
- DNS ASK pu####xasuhu.com
- DNS ASK va####hezoqe.com
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'BaseBar' WindowName: 'ChanApp'