Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ntvtsp' = 'rundll32.exe "%APPDATA%\ntvtsp.dll",AGetStreamInfo'
- %APPDATA%\ntvtsp.dll
- '11#####.###120.hostingbestupload.com':80
- '78.##0.131.158':80
- 11#####.###120.hostingbestupload.com/file/id=BABFAAEAF9ACAAEFCBcAAAAAAAAAAAAAAAAAAAB4DAcCCwAAAIZSWvjhEbzGrLhwgiZvmW8AAFVVVVVVVVVVVVVVVVVVVVX0sM0B4Kz_ThfQAgBWVFFcXlNCWH9nd3RrZ3hqegYBAquRIidhk71gAAAAAAA0VgAA&rt=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- 78.##0.131.158/upload4?id######
- DNS ASK 11#####.###120.hostingbestupload.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''