Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '%WINDIR%\iZwyRRA3RM.dll'
- <SYSTEM32>\iZwyRRA3RM.dll
- 'gu##oxyz.tk':80
- 'localhost':1036
- http://gu##oxyz.tk/download/dllpbfree289p07967/BugTrap.dll
- DNS ASK gu##oxyz.tk
- '<SYSTEM32>\cmd.exe' /c color C
- '<SYSTEM32>\cmd.exe' /c CLS