Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '<SYSTEM32>\system_.exe'
- <SYSTEM32>\system_.exe
- <SYSTEM32>\_uptmp2.sys
- <SYSTEM32>\system_.exe
- 'us####.nofeehost.com':80
- 'xs##4.xs.to':80
- 'im####.filecloud.com':80
- us####.nofeehost.com/ikawarning/index.asp?us#############
- xs##4.xs.to/xs114/07161/probullshit1.jpg
- im####.filecloud.com/419606/probullshit0.jpg
- DNS ASK us####.nofeehost.com
- DNS ASK xs##4.xs.to
- DNS ASK im####.filecloud.com
- ClassName: 'WindowsApp' WindowName: 'Windows App'