Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSIPS' = '<LS_APPDATA>\wualcts.exe'
- %TEMP%\1.tmp
- <LS_APPDATA>\wualcts.exe
- <LS_APPDATA>\wualcts.exe
- 'fr####es.ygto.com':443
- 'fr####es.ygto.com':80
- '11#.#9.18.178':443
- '11#.#9.18.178':80
- fr####es.ygto.com/wKi+gQAL/YVVTRVItNEJCMDlBOUMwMi5BZG1pbmlzdHJhdG9yLEMwN2U.asp
- 11#.#9.18.178/wKi+gQAL/YVVTRVItNEJCMDlBOUMwMi5BZG1pbmlzdHJhdG9yLEMwN2U.asp
- DNS ASK fr####es.ygto.com
- ClassName: 'Indicator' WindowName: ''