Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Power Helper SPP Event Service Experience' = 'C:\lwpytinach\ucxopvt.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Block SNMP Removal Cache Windows List] 'ImagePath' = 'C:\lwpytinach\ucxopvt.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Block SNMP Removal Cache Windows List] 'Start' = '00000002'
- 'C:\lwpytinach\efuassuwgano.exe' "c:\lwpytinach\ucxopvt.exe"
- 'C:\lwpytinach\ucxopvt.exe'
- 'C:\lwpytinach\rn72vr8n1ihyydtlnj.exe'
- C:\lwpytinach\ucxopvt.exe
- C:\lwpytinach\efuassuwgano.exe
- C:\lwpytinach\w7olpeyo23
- %WINDIR%\lwpytinach\bkxsyhugzhba
- C:\lwpytinach\bkxsyhugzhba
- C:\lwpytinach\rn72vr8n1ihyydtlnj.exe
- C:\lwpytinach\efuassuwgano.exe
- C:\lwpytinach\ucxopvt.exe
- C:\lwpytinach\rn72vr8n1ihyydtlnj.exe
- %WINDIR%\lwpytinach\bkxsyhugzhba
- %WINDIR%\lwpytinach\bkxsyhugzhba
- '88.##.203.114':40413
- '15#.#82.245.137':33982
- '5.#.166.192':41199
- '20#.#93.204.80':37195
- '17#.#40.117.149':27603
- '77.##7.13.68':30018
- '84.##8.130.85':27132
- '86.##5.19.130':27743
- ClassName: 'Shell_TrayWnd' WindowName: ''