Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Host' = '%WINDIR%\Wservices.exe'
- '<SYSTEM32>\taskkill.exe' /IM rundll32.exe /F
- <SYSTEM32>\rundll32.exe
- ClassName: '', WindowName: 'The Wireshark Network Analyzer'
- %WINDIR%\wservices.exe
- %WINDIR%\ime\drv.dll
- %WINDIR%\wservices.exe
- ClassName: '' WindowName: 'FolderChangesView'
- ClassName: 'ProcessHacker' WindowName: ''
- ClassName: '' WindowName: 'HTTP Debugger'
- ClassName: 'XTPMainFrame' WindowName: ''
- ClassName: '' WindowName: 'Progress Telerik Fiddler Web Debugger'
- ClassName: '' WindowName: 'x64dbg'
- ClassName: '' WindowName: 'KsDumper'
- ClassName: '' WindowName: ''
- '%WINDIR%\wservices.exe'
- '<SYSTEM32>\cmd.exe' /c taskkill /IM rundll32.exe /F
- '<SYSTEM32>\cmd.exe' /c rundll32.exe %WINDIR%\IME\drv.dll,main
- '<SYSTEM32>\rundll32.exe' %WINDIR%\IME\drv.dll,main
- '<SYSTEM32>\cmd.exe' /c start %WINDIR%\Wservices.exe