Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'uxuvudyb' = '"C:\ProgramData\elec\exixihyj.exe"'
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\attrib.exe'
- <SYSTEM32>\Dwm.exe
- <SYSTEM32>\taskhost.exe
- <SYSTEM32>\attrib.exe
- C:\ProgramData\izykomuz\iqyrrcim.dat
- C:\ProgramData\izykomuz\omfnysyl.dat
- C:\ProgramData\elec\exixihyj.exe
- %APPDATA%\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3525224950-2885160813-905547259-1000\7ee83745df35bad5ccfc8cd8875de253_fdaad129-04df-4089-bb80-174ce725f721
- C:\ProgramData\izykomuz\emekojus.dat
- C:\ProgramData\Sun\emekojus.bkp
- '20#.#6.232.182':80
- 'wi###edia.org':80
- 'ho###sec-way.ru':443
- 20#.#6.232.182/
- wi###edia.org/
- DNS ASK wi###edia.org
- DNS ASK microsoft.com
- DNS ASK ho###sec-way.ru
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'shell_traywnd' WindowName: '(null)'