Pakes
Copyright © MegaSecurity
By ?
Informations
| Author | ? |
| Family | Pakes |
| Category | Remote Access |
| Version | Pakes |
Additional Information
dropped files:
c:\WINDOWS\system32\scvvhost.exe
size: 119,296 bytes
c:\WINDOWS\Temp\C27D8FEF-D7AE-42c0-82E6-F30598265639.exe
size: 3,584 bytes
changes to registry:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows Update"
Old data: svcshost.exe
New data: scvvhost.exe
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce "Microsoft Windows Update"
Old data: svcshost.exe
New data: scvvhost.exe
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows Update"
Old data: svcshost.exe
New data: scvvhost.exe
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce "Microsoft Windows Update"
Old data: svcshost.exe
New data: scvvhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows Update"
Old data: svcshost.exe
New data: scvvhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "Microsoft Windows Update"
Old data: svcshost.exe
New data: scvvhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Microsoft Windows Update"
Old data: svcshost.exe
New data: scvvhost.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Microsoft Update "ImagePath"
Old data: "C:\WINDOWS\System32\svcshost.exe" -netsvcs
New data: "C:\WINDOWS\System32\scvvhost.exe" -netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft Update "ImagePath"
Old data: "C:\WINDOWS\System32\svcshost.exe" -netsvcs
New data: "C:\WINDOWS\System32\scvvhost.exe" -netsvcs
tested on Windows XP
April 21, 2005If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.