Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AVSoft' = '%ALLUSERSPROFILE%\Application Data\IBEDEEEKMFMM.exe\IBEDEEEKMFMM.exe'
- '%ALLUSERSPROFILE%\Application Data\IBEDEEEKMFMM.exe\IBEDEEEKMFMM.exe'
- <SYSTEM32>\ctfmon.exe
- %ALLUSERSPROFILE%\Application Data\IBEDEEEKMFMM.exe\IBEDEEEKMFMM.exe
- 'fu####carepay.com':80
- http://fu####carepay.com/event.php?e=#
- DNS ASK fu####carepay.com
- ClassName: 'Shell_TrayWnd' WindowName: ''