Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '%PROGRAMDATA%\SoundDriver\svchost.exe'
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\aut6930.tmp
- %TEMP%\test.a3x
- %TEMP%\aut6e70.tmp
- %TEMP%\data.bin
- %TEMP%\aut6ecf.tmp
- %TEMP%\sh.bin
- %TEMP%\image.png
- %PROGRAMDATA%\sounddriver\svchost.exe
- %TEMP%\aut6930.tmp
- %TEMP%\aut6e70.tmp
- %TEMP%\aut6ecf.tmp
- '68.#.72.134':1604
- '%WINDIR%\syswow64\svchost.exe'