Техническая информация
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] '92f88abdeb5778db908fd07b1402245f' = '"%HOMEPATH%\svchost.exe" ..'
- [<HKLM>\software\Microsoft\Windows\CurrentVersion\Run] '92f88abdeb5778db908fd07b1402245f' = '"%HOMEPATH%\svchost.exe" ..'
- %HOMEPATH%\start menu\programs\startup\92f88abdeb5778db908fd07b1402245f.exe
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\svchost.exe' = '%HOMEPATH%\svchost.exe:*:Enabled:svchos...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\svchost.exe" "svchost.exe" ENABLE
- %APPDATA%\0.exe
- %APPDATA%\1.png
- %HOMEPATH%\svchost.exe
- %HOMEPATH%\svchost.exe
- %HOMEPATH%\start menu\programs\startup\92f88abdeb5778db908fd07b1402245f.exe
- DNS ASK ep#####wpx854mwh.p-e.kr
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- '%APPDATA%\0.exe'
- '%HOMEPATH%\svchost.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\svchost.exe" "svchost.exe" ENABLE' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %APPDATA%\1.png