Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\mssrvc] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\mssrvc] 'ImagePath' = '<DRIVERS>\mssrvc.sys'
- <SYSTEM32>\mssrvc.tmp 3
- <SYSTEM32>\msiexec.exe /V
- NtQueryDirectoryFile, handler: mssrvc.sys
- NtQuerySystemInformation, handler: mssrvc.sys
- NtEnumerateValueKey, handler: mssrvc.sys
- NtCreateFile, handler: mssrvc.sys
- NtEnumerateKey, handler: mssrvc.sys
- <SYSTEM32>\mssrvc.tmp
- <DRIVERS>\mssrvc.sys
- <SYSTEM32>\mssrvc.tmp
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\2.tmp
- '19#.#89.246.35':80
- 19#.#89.246.35/task.php?id#####################################################