Техническая информация
- <SYSTEM32>\tasks\visual extensions
- [<HKLM>\System\CurrentControlSet\Services\SystemTypeSvc] 'ImagePath' = '%SystemDrive%\stsvc.exe'
- <SYSTEM32>\svchost.exe
- <Текущая директория>\log_install.tmp
- unc\jkwpxczd\c$\stsvc.exe
- %WINDIR%\temp\~dfc9b50539fb941caf.tmp
- %APPDATA%\extvisual\utuvc.exe
- %WINDIR%\temp\~df532dab5866f034a8.tmp
- %APPDATA%\extvisual\settings.ini
- %WINDIR%\temp\cab3893.tmp
- %WINDIR%\temp\tar3894.tmp
- %WINDIR%\temp\cab38b4.tmp
- %WINDIR%\temp\tar38b5.tmp
- %WINDIR%\temp\~dfc9b50539fb941caf.tmp
- <Текущая директория>\log_install.tmp
- %WINDIR%\temp\~df532dab5866f034a8.tmp
- %WINDIR%\temp\cab3893.tmp
- %WINDIR%\temp\tar3894.tmp
- %WINDIR%\temp\cab38b4.tmp
- %WINDIR%\temp\tar38b5.tmp
- http://19#.#.247.119/tin.png
- http://19#.#.247.119/sin.png
- ClassName: 'ConsoleWindowClass' WindowName: ''
- '%APPDATA%\extvisual\utuvc.exe'
- '<SYSTEM32>\svchost.exe' ' (со скрытым окном)
- '<SYSTEM32>\svchost.exe'