Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WindowsUserManagement\Parameters] 'ServiceDll' = 'wumsvc.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WindowsUserManagement] 'ImagePath' = '<SYSTEM32>\svchost.exe -k nets'
- [<HKLM>\SYSTEM\ControlSet001\Services\WindowsUserManagement] 'Start' = '00000002'
- '<SYSTEM32>\attrib.exe' \wumsvc.dll -s -h
- '<SYSTEM32>\svchost.exe' -k nets
- '<SYSTEM32>\cmd.exe' /C attrib \wumsvc.dll -s -h
- '<SYSTEM32>\cmd.exe' /C move \wumsvc.dll <SYSTEM32>\wdl.dll
- <SYSTEM32>\wumsvc.dll
- '12#.#43.87.136':8080
- '11#.#1.94.237':8080
- '61.##.211.155':8080
- '61.##4.160.228':8080
- '12#.#43.87.136':81
- '11#.#1.94.237':81
- '61.##.211.155':81
- '61.##4.160.228':81
- '12#.#43.87.136':80
- '11#.#1.94.237':80
- '61.##.211.155':80
- '61.##4.160.228':80
- '12#.#43.87.136':8800
- '11#.#1.94.237':8800
- '61.##.211.155':8800
- '61.##4.160.228':8800
- http://12#.#43.87.136/index.asp?se######################################################
- http://11#.#1.94.237/index.asp?se######################################################
- http://61.##.211.155/index.asp?se######################################################
- http://61.##4.160.228/index.asp?se######################################################