Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\mspump] 'Start' = '00000002'
- %WINDIR%\security\mspump.exe
- <SYSTEM32>\net1.exe START "mspump"
- <SYSTEM32>\sc.exe create mspump binpath= "%WINDIR%\security\mspump.exe" displayname= "mspump" depend= Tcpip start= auto type= interact type= own
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\security\slum.bat" "
- %WINDIR%\security\slum.bat
- %WINDIR%\security\mspump.exe
- %WINDIR%\security\mspump.exe
- 'ww##.#twaigua.com':80
- ww##.#twaigua.com/gygydf.txt
- ww##.#twaigua.com/winsdfks/fttpyy.asp?in###########################
- DNS ASK ww##.#twaigua.com
- ClassName: 'Shell_TrayWnd' WindowName: ''