Техническая информация
- %WINDIR%\Tasks\Ensayfcitumapi.job
- '<SYSTEM32>\Bihipiziom\Arixqo.exe'
- '<SYSTEM32>\wbem\unsecapp.exe' -Embedding
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\services.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\Bihipiziom\DSOUND.dll
- %WINDIR%\Temp\wiyztaebga
- <SYSTEM32>\Bihipiziom\Ugigam.ofy
- %WINDIR%\Temp\xaevydocedwu
- <SYSTEM32>\Azqyvoqoqeaq
- %WINDIR%\Temp\loanuzlybyzyakav
- <SYSTEM32>\Bihipiziom\Arixqo.exe
- %WINDIR%\Temp\wiyztaebga
- %WINDIR%\Temp\xaevydocedwu
- %WINDIR%\Temp\loanuzlybyzyakav
- 'wo###sleb.info':80
- 'lu###orin.org':80
- 'zo###hewa.net':80
- 'ke###stum.org':80
- http://wo###sleb.info/
- http://ke###stum.org/
- http://zo###hewa.net/
- DNS ASK wo###sleb.info
- DNS ASK lu###orin.org
- DNS ASK zo###hewa.net
- DNS ASK ke###stum.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''