Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Remote Procedure Call Host] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\npf] 'Start' = '00000002'
- '<SYSTEM32>\rpchost.exe'
- '<SYSTEM32>\ipconfig.exe' /flushdns
- <SYSTEM32>\Packet.dll
- <SYSTEM32>\wpcap.dll
- <SYSTEM32>\rpchost.exe
- <DRIVERS>\npf.sys
- '15#.#47.154.251':7250
- DNS ASK my#####date.myftp.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'