Technical Information
- [<HKLM>\System\CurrentControlSet\Services\PSEXESVC] 'ImagePath' = '%WINDIR%\PSEXESVC.exe'
- 'PSEXESVC' %WINDIR%\PSEXESVC.exe
- %WINDIR%\syswow64\psexec64.exe
- %WINDIR%\syswow64\psexec64.exe
- <SYSTEM32>\psexec64.exe
- %WINDIR%\psexesvc.exe
- unc\ckbclsls\pipe\psexesvc
- %WINDIR%\psexesvc.exe
- %WINDIR%\syswow64\psexec64.exe
- <SYSTEM32>\psexec64.exe
- from <Full path to file> to %WINDIR%\temp\ltq1152597\....\temporaryfile
- from <Full path to file> to %WINDIR%\temp\ltq1155156\....\temporaryfile
- <Full path to file>
- %WINDIR%\psexesvc.exe
- from <Full path to file> to %TEMP%\ltq1150881\....\temporaryfile
- '%WINDIR%\syswow64\psexec64.exe' -i -d -s <Full path to file>
- '%WINDIR%\psexesvc.exe'
- '%WINDIR%\syswow64\psexec64.exe' -i -d -s <Full path to file>' (with hidden window)