Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Adobe ARM' = '"%ALLUSERSPROFILE%\Application Data\ifgxpers.exe"'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\cmd.exe
- %ALLUSERSPROFILE%\Application Data\sound.mp3
- %ALLUSERSPROFILE%\Application Data\ifgxpers.exe
- %ALLUSERSPROFILE%\Application Data\1.jpg
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- '95.##3.107.212':80
- '62.##.44.199':80
- '74.##5.232.51':80
- 'localhost':1039
- 95.##3.107.212/ytcowtp6lv/picture.php
- 62.##.44.199/ytcowtp6lv/picture.php
- 95.##3.107.212/ytcowtp6lv/upload/img.jpg
- 95.##3.107.212/ytcowtp6lv/upload/mp3.mp3
- DNS ASK google.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''