Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\DRVTEST] 'ImagePath' = '%LOCALAPPDATA%\Microsoft\Windows\<INETFILES>\clWXqz4A.sys'
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\clwxqz4a.sys
- %WINDIR%\temp\udd639f.tmp
- %APPDATA%\additional.exe
- %WINDIR%\temp\udd639f.tmp
- http://fi##.##ndomhack-wf.ru/anti_ban_on_iron/additional.exe
- DNS ASK fi##.##ndomhack-wf.ru
- '%APPDATA%\additional.exe'
- '<SYSTEM32>\cmd.exe' /c pause