Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Windows Defender.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\PSEXESVC] 'ImagePath' = '%WINDIR%\PSEXESVC.EXE'
- %TEMP%\patchlist.xml
- %TEMP%\PSEXEC.exe
- %WINDIR%\PSEXESVC.EXE
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\patchlist[1].xml
- %HOMEPATH%\AppData\Roaming\Microsoft\DbgSystem\lsmsm.exe
- %TEMP%\LZMAPU.dll
- %TEMP%\configpc.cmd
- %TEMP%\PSEXEC.exe
- %TEMP%\configpc.cmd
- 'je###imo74.ru':80
- http://je###imo74.ru/update/patchlist.xml
- DNS ASK je###imo74.ru
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\PSEXESVC.EXE'
- '%TEMP%\PSEXEC.exe' -sdi -w %HOMEPATH%\AppData\Roaming\Microsoft\DbgSystem\ %HOMEPATH%\AppData\Roaming\Microsoft\DbgSystem\\svсhost.exe !psw=O4BC8VT8EHLP674
- '%HOMEPATH%\AppData\Roaming\Microsoft\DbgSystem\lsmsm.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\\configpc.cmd