Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\dmssvc\Parameters] 'ServiceDll' = '%ALLUSERSPROFILE%\DeviceMetadataStore\dmseng.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\dmssvc] 'ImagePath' = '<SYSTEM32>\svchost.exe -k dmssvc'
- [<HKLM>\SYSTEM\ControlSet001\Services\dmssvc] 'Start' = '00000002'
- '<SYSTEM32>\attrib.exe' -a -r -s -h "<Полный путь к файлу>"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\349845.bat
- '<SYSTEM32>\svchost.exe' -k dmssvc
- %TEMP%\349845.bat
- %ALLUSERSPROFILE%\DeviceMetadataStore\dmseng.dll
- 'bp#.####dmicrosoft.co.in':443
- 'ap#.####dmicrosoft.co.in':443
- DNS ASK bp#.####dmicrosoft.co.in
- DNS ASK ap#.####dmicrosoft.co.in