Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'password' = '<Полный путь к файлу>'
- %WINDIR%\Rpndll32.exe
- %WINDIR%\Rpndll32.exe
- <Полный путь к файлу>
- 'po##.#arbowanec.com':3333
- DNS ASK po##.#arbowanec.com
- ClassName: '' WindowName: '360??????????????'
- ClassName: '' WindowName: '360БчБї·А»рЗЅ'
- ClassName: '' WindowName: '360??????????'
- ClassName: '' WindowName: 'µзДФ№ЬјТ-НшВзБчБї№ЬАн'
- ClassName: '' WindowName: '????????-????????????'
- ClassName: '' WindowName: '360НшВзБ¬ЅУІйїґЖч'
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: '' WindowName: 'Task Manager'
- ClassName: '' WindowName: 'Windows ИООс№ЬАнЖч'
- ClassName: '' WindowName: 'Windows ??????????'
- ClassName: '' WindowName: 'ЧКФґјаКУЖч'
- ClassName: '' WindowName: 'ИООс№ЬАнЖч'
- ClassName: '' WindowName: '??????????'
- '%WINDIR%\Rpndll32.exe' -t 1