Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\FontCache3.0] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\FontCache3.0] 'ImagePath' = 'cmd.exe /c start %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\FontCache.exe'
- '' (downloaded from the Internet)
- <SYSTEM32>\svchost.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\FontCache.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\Caches.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\server[1].exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\smss.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\Caches.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\smss.exe
- '12#.#25.114.144':80
- 'localhost':1040
- '0i###.oicp.net':80
- http://0i###.oicp.net/server.exe
- DNS ASK www.ba##u.com
- DNS ASK 0i###.oicp.net
- '<SYSTEM32>\sc.exe' Create "FontCache3.0" type= own type= interact start= auto DisplayName= "Windows Presentation Foundation Fonts 3.0.0.0" binPath= "cmd.exe /c start "%WINDIR%\Microsoft.NET\Framework\v3.0\WPF\Fon...
- '<SYSTEM32>\sc.exe' description "FontCache3.0" Optimize(WPF)applications.
- '<SYSTEM32>\svchost.exe'