Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\mspool] 'Start' = '00000002'
- %TEMP%\5.exe
- <SYSTEM32>\svchost.exe -k LocalService
- <SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\mspool.DLL" BofMrf 0 "%TEMP%\5.exe"
- %ALLUSERSPROFILE%\Application Data\mspool.DLL
- %TEMP%\d.doc
- %TEMP%\5.exe
- %TEMP%\5.exe
- 'he#.##rvequake.com':80
- 'download.windowsupdate.com':80
- DNS ASK he#.##rvequake.com
- DNS ASK download.windowsupdate.com
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''