Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8ed1d9d8-10bf-0000-3086-00000f68e688' = '%ALLUSERSPROFILE%\Application Data\8ed1d9d8-10bf-0000-3086-00000f68e688\8ed1d9d8-10bf-0000-3086-00000f68e688.exe'
- <SYSTEM32>\cscript.exe
- %HOMEPATH%\Start Menu\Programs\System Care Antivirus\System Care Antivirus.lnk
- %ALLUSERSPROFILE%\Application Data\8ed1d9d8-10bf-0000-3086-00000f68e688\8ed1d9d8-10bf-0000-3086-00000f68e688
- %HOMEPATH%\Desktop\System Care Antivirus.lnk
- %ALLUSERSPROFILE%\Application Data\8ed1d9d8-10bf-0000-3086-00000f68e688\8ed1d9d8-10bf-0000-3086-00000f68e688.exe
- %ALLUSERSPROFILE%\Application Data\8ed1d9d8-10bf-0000-3086-00000f68e688\8ed1d9d8-10bf-0000-3086-00000f68e688.ico
- %HOMEPATH%\Start Menu\Programs\System Care Antivirus\System Care Antivirus.lnk
- %HOMEPATH%\Desktop\System Care Antivirus.lnk
- '5.###.140.175':80
- 5.###.140.175/api/urls/?ts#####################################################
- 5.###.140.175/api/dom/no_respond/?ts###########################################################################################
- ClassName: 'fwcplui_class' WindowName: '(null)'
- ClassName: 'wscui_class' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'msascui_class' WindowName: '(null)'