Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\WSIVS] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\wsivs.exe' = '<SYSTEM32>\wsivs.exe:*:Enabled:WSIVS'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\wsivs.exe' = '<SYSTEM32>\wsivs.exe<SYSTEM32>\wsivs.exe:*:Enabled:WSIVS'
- '<SYSTEM32>\wsivs.exe'
- '<SYSTEM32>\wsivs.exe' "<Full path to virus>"
- <SYSTEM32>\prx.log
- <SYSTEM32>\wsivs.exe
- <Current directory>\prx.log
- <SYSTEM32>\wsivs.exe
- '21#.#5.79.152':9005