Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'W32Time' = '%WINDIR%\Inf\svchost.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'W32Time' = '%WINDIR%\Inf\svchost.exe'
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\recycler\s-1-2-06 87119119468910298974667111109.exe
- %WINDIR%\inf\svchost.exe
- C:\mkldr
- C:\boot.ima
- C:\boot.ini
- C:\boot.ima
- C:\mkldr
- C:\boot.ini
- <Drive name for removable media>:\recycler\s-1-2-06 87119119468910298974667111109.exe
- <Drive name for removable media>:\autorun.inf
- '%WINDIR%\inf\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\Inf\svchost.exe' (with hidden window)
- '%WINDIR%\syswow64\explorer.exe' <PATH_SAMPLE>
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\Inf\svchost.exe