Техническая информация
- [HKLM\System\CurrentControlSet\Services\UWGDYYJV] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\UWGDYYJV] 'ImagePath' = '%ALLUSERSPROFILE%\wghhjrxxmeic\dmawypjmfpxl.exe'
- [HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%WINDIR%\TEMP\ihcnohmrivbv.sys'
- 'UWGDYYJV' %ALLUSERSPROFILE%\wghhjrxxmeic\dmawypjmfpxl.exe
- 'WinRing0_1_2_0' %WINDIR%\TEMP\ihcnohmrivbv.sys
- %WINDIR%\explorer.exe
- %TEMP%\setup.exe
- %ALLUSERSPROFILE%\wghhjrxxmeic\dmawypjmfpxl.exe
- %WINDIR%\temp\ihcnohmrivbv.sys
- %WINDIR%\temp\udd5c71.tmp
- %WINDIR%\temp\udd5c71.tmp
- 'xm#####.nanopool.org':10300
- 'xm#####.nanopool.org':10300
- DNS ASK xm#####.nanopool.org
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\setup.exe'
- '%ALLUSERSPROFILE%\wghhjrxxmeic\dmawypjmfpxl.exe'
- '<SYSTEM32>\powercfg.exe' /x -hibernate-timeout-ac 0
- '<SYSTEM32>\powercfg.exe' /x -hibernate-timeout-dc 0
- '<SYSTEM32>\powercfg.exe' /x -standby-timeout-ac 0
- '<SYSTEM32>\powercfg.exe' /x -standby-timeout-dc 0
- '<SYSTEM32>\sc.exe' delete "UWGDYYJV"
- '<SYSTEM32>\sc.exe' create "UWGDYYJV" binpath= "%ALLUSERSPROFILE%\wghhjrxxmeic\dmawypjmfpxl.exe" start= "auto"
- '<SYSTEM32>\sc.exe' stop eventlog
- '<SYSTEM32>\sc.exe' start "UWGDYYJV"
- '%WINDIR%\explorer.exe'