Техническая информация
Для обеспечения автозапуска и распространения
Устанавливает следующие настройки сервисов
- [HKLM\System\CurrentControlSet\Services\pobus] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\pobus] 'ImagePath' = '%WINDIR%\projone\potcm\pobus64.exe'
Создает следующие сервисы
- 'pobus' %WINDIR%\projone\potcm\pobus64.exe
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\nss45c7.tmp
- %WINDIR%\projone\potcm\swvv64.sys
- %WINDIR%\projone\potcm\poflt64.sys
- %WINDIR%\projone\potcm\poflt64.inf
- %WINDIR%\projone\potcm\workflow64.dll
- %WINDIR%\projone\potcm\clientbase64.dll
- %WINDIR%\projone\potcm\pomqc364.dll
- %WINDIR%\projone\potcm\pobus64.exe
- %WINDIR%\projone\potcm\pohost64.exe
- %WINDIR%\projone\potcm\poda64.exe
- %WINDIR%\projone\potcm\athens64.dll
- %WINDIR%\projone\potcm\libcurl64.dll
- %WINDIR%\projone\potcm\libeay64.dll
- %WINDIR%\projone\potcm\ssleay64.dll
- %WINDIR%\projone\potcm\placeholder32.dll
- %WINDIR%\projone\potcm\nnagent32.dll
- %WINDIR%\projone\potcm\posoftmgr.exe
- %WINDIR%\projone\potcm\docext.dll
- %WINDIR%\projone\potcm\ffebas54.dll
- %WINDIR%\projone\potcm\ffebas53.dll
- %WINDIR%\projone\potcm\ffebas52.dll
- %WINDIR%\projone\potcm\ffebas51.dll
- %WINDIR%\projone\potcm\ffebas50
- %WINDIR%\projone\potcm\assisths.exe
- %WINDIR%\projone\potcm\assisthost.exe
- %WINDIR%\projone\potcm\assisthc.dll
- %WINDIR%\projone\potcm\assistda.exe
- %WINDIR%\projone\potcm\poscsaver.scr
- %WINDIR%\projone\potcm\shlext64.dll
- %WINDIR%\projone\potcm\rtinfo64.dll
- %WINDIR%\projone\potcm\placeholder64.dll
- %WINDIR%\projone\potcm\anyconn64.dll
- %WINDIR%\projone\potcm\powol64.dll
- %WINDIR%\projone\potcm\langrp64.dll
- %WINDIR%\projone\potcm\docscanner64.dll
- %WINDIR%\projone\potcm\sensinfo64.dll
- %WINDIR%\projone\potcm\poprotect64.dll
- %WINDIR%\projone\potcm\poprotect664.sys
- %WINDIR%\projone\potcm\imagent64.dll
- %WINDIR%\projone\potcm\sscanner64.dll
- %WINDIR%\projone\potcm\doced64.dll
- %WINDIR%\projone\potcm\docguard64.dll
- %WINDIR%\projone\potcm\podumper64.dll
- %WINDIR%\projone\potcm\powall64.dll
- %WINDIR%\projone\potcm\powfp643.sys
- %WINDIR%\projone\potcm\potdi643.sys
- %WINDIR%\projone\potcm\filedp64.dll
- %WINDIR%\projone\potcm\patch64.dll
- %WINDIR%\projone\potcm\ctask64.dll
- %WINDIR%\projone\potcm\procmgr64.dll
- %WINDIR%\projone\potcm\spcyex64.dll
- %WINDIR%\projone\potcm\odipus64.dll
- %WINDIR%\projone\potcm\sqlcipher64.dll
- %WINDIR%\projone\potcm\actmon64.dll
- %WINDIR%\projone\potcm\scrnrcd64.dll
- %WINDIR%\projone\potcm\usbmgr64.dll
- %WINDIR%\projone\potcm\leakways64.dll
- %WINDIR%\projone\potcm\backup64.dll
- %WINDIR%\projone\potcm\rtfile64.dll
- %WINDIR%\projone\potcm\libssl-1_1.dll
- %WINDIR%\projone\potcm\rptcache64.dll
- %WINDIR%\projone\potcm\libcrypto-1_1.dll
- %WINDIR%\projone\potcm\setuphlpr.dll
- %WINDIR%\projone\potcm\ssreader.exe
- %WINDIR%\projone\potcm\sscreator.exe
- %WINDIR%\projone\potcm\7z.dll
- %WINDIR%\projone\potcm\7z.exe
- %WINDIR%\projone\potcm\libcurl32.dll
- %WINDIR%\projone\potcm\libeay32.dll
- %WINDIR%\projone\potcm\ssleay32.dll
- %WINDIR%\projone\potcm\clientbase32.dll
- %WINDIR%\projone\potcm\poda32.exe
- %WINDIR%\projone\potcm\athens32.dll
- %WINDIR%\projone\potcm\skin\posoftmgr
- %WINDIR%\projone\potcm\skin\pochat
- %WINDIR%\projone\potcm\skin\woumgr
- %WINDIR%\projone\potcm\skin\bakviewer
- %WINDIR%\projone\potcm\skin\sscannerwnd
- %WINDIR%\projone\potcm\skin\clientinfo
- %WINDIR%\projone\potcm\skin\wfchost
- %WINDIR%\projone\potcm\skin\wfviewer
- %WINDIR%\projone\potcm\skin\shlext
- %WINDIR%\projone\potcm\skin\enced_unauthorized.ico
- %WINDIR%\projone\potcm\skin\enced_offline.ico
- %WINDIR%\projone\potcm\skin\enced_normal.ico
- %WINDIR%\projone\potcm\skin\sscreator
- %WINDIR%\projone\potcm\lang\lang-2052.dll
- %WINDIR%\projone\potcm\lang\zh_cn.json
- %TEMP%\nsi4896.tmp\system.dll
- %TEMP%\setuphlpr.dll
- %WINDIR%\projone\potcm\vsccreator.exe
- %WINDIR%\projone\potcm\assists.exe
- %WINDIR%\projone\potcm\sqlcipher32.dll
- %WINDIR%\projone\potcm\screenhooks32.dll
- %WINDIR%\projone\potcm\pochat.exe
- %WINDIR%\projone\potcm\woumgr.exe
- %WINDIR%\projone\potcm\bakviewer.exe
- %WINDIR%\projone\potcm\sscanner.exe
- %WINDIR%\projone\potcm\podumper32.dll
- %WINDIR%\projone\potcm\deskmgr32.dll
- %WINDIR%\projone\potcm\sirius32.dll
- %WINDIR%\projone\potcm\hecate32.dll
- %WINDIR%\projone\potcm\polocker.exe
- %WINDIR%\projone\potcm\patch.db
- %WINDIR%\projone\potcm\patch32.dll
- %WINDIR%\projone\potcm\spcyex.dll
- %WINDIR%\projone\potcm\spcyex.mui
- %WINDIR%\projone\potcm\hermes32.dll
- %WINDIR%\projone\potcm\magichk32.dll
- %WINDIR%\projone\potcm\nfentry32.dll
- %WINDIR%\projone\potcm\cryptdt.dll
- %WINDIR%\projone\potcm\protocolfilters.dll
- %WINDIR%\projone\potcm\nftdi32.sys
- %WINDIR%\projone\potcm\nfapi.dll
- %WINDIR%\projone\potcm\nf1064.sys
- %WINDIR%\projone\potcm\nf764.sys
- %WINDIR%\projone\potcm\nf732.sys
- %WINDIR%\projone\potcm\clientstat.exe
- %WINDIR%\projone\potcm\wfchost.exe
- %WINDIR%\projone\potcm\wfviewer.exe
- %WINDIR%\projone\potcm\acagent.exe
- %WINDIR%\projone\potcm\pomqc3.dll
- %WINDIR%\projone\potcm\log\pobus64\20241127073023_pobus64-0.log
Другое
Создает и запускает на исполнение
- '%WINDIR%\projone\potcm\pobus64.exe' /i
Запускает на исполнение
- '%WINDIR%\syswow64\regsvr32.exe' /s %WINDIR%\projone\potcm\shlext64.dll
