Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'gaj' = '%APPDATA%\qeze\sohuvo.exe'
- '%APPDATA%\qeze\sohuvo.exe' -installer "<Полный путь к вирусу>"
- %APPDATA%\qeze\sohuvo.exe
- 'se###ronew.com':80
- '67.##5.160.76':80
- http://www.ya##o.com/ via 67.##5.160.76
- http://se###ronew.com/b/req/7B7159B4ABCFB9E49F40F875
- http://se###ronew.com/b/opt/71495F1ABD0D7A6389823BF2
- DNS ASK se###ronew.com
- DNS ASK www.ya##o.com
- ClassName: 'Indicator' WindowName: ''