Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ALYac ' = '%PROGRAM_FILES%\ESTsoft\Common\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\ESTsoft\Common\svchost.exe' = '%PROGRAM_FILES%\ESTsoft\Common\svchost.exe:*:Enabled:Windows'
- %PROGRAM_FILES%\ESTsoft\Common\svchost.exe
- <SYSTEM32>\regsvr32.exe /s msinet.ocx
- <SYSTEM32>\regsvr32.exe /s mswinsck.ocx
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%PROGRAM_FILES%\ESTsoft\Common\svchost.exe" Windows
- %PROGRAM_FILES%\ESTsoft\Common\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\host[1].txt
- <SYSTEM32>\msinet.ocx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mswinsck[1].ocx
- <SYSTEM32>\mswinsck.ocx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\msinet[1].ocx
- %TEMP%\~DF9D2E.tmp
- 'any':62535
- 'localhost':1042
- 'localhost':1036
- 'ac##.#othome.co.kr':80
- ac##.#othome.co.kr/acmd/host.txt
- ac##.#othome.co.kr/acmd/msinet.ocx
- ac##.#othome.co.kr/acmd/mswinsck.ocx
- DNS ASK ac##.#othome.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''