Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PmsGuard] 'ImagePath' = '<SYSTEM32>\svchost.exe -k PmsServices'
- [<HKLM>\SYSTEM\ControlSet001\Services\PmsAgent\Parameters] 'ServiceDll' = '<SYSTEM32>\vschost.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\PmsGuard\Parameters] 'ServiceDll' = '<SYSTEM32>\PmsGuard.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\PmsAgent] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\PmsAgent] 'ImagePath' = '<SYSTEM32>\svchost.exe -k PmsServices'
- [<HKLM>\SYSTEM\ControlSet001\Services\PmsGuard] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k PmsServices
- <SYSTEM32>\PmsGuard.dll
- <SYSTEM32>\AgentInstall.exe
- %TEMP%\temp_vschost.dll
- <SYSTEM32>\vschost.dll
- %TEMP%\temp_vschost.dll
- '12#.#78.168.197':30160
- '21#.62.98.3':23766