Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Advanced Network Transport' = 'RUNDLL32.EXE "<SYSTEM32>\advnt.dll",InitF'
- '<SYSTEM32>\RUNDLL32.EXE' "<SYSTEM32>\advnt.dll",InitF
- '<SYSTEM32>\rundll32.exe' "mprcadv.dll",#1
- %TEMP%\adv0361.tmp
- <SYSTEM32>\advnt.dll
- <Текущая директория>\mprcadv.dll
- %TEMP%\adv0361.tmp
- <Текущая директория>\mprcadv.dll
- 'ir##ng.org':80
- ir##ng.org/~mark/cgi-bin/sptr.cgi?BV####################
- ir##ng.org/~mark/cgi-bin/brvc.cgi?BV####################
- DNS ASK ir##ng.org
- ClassName: 'Indicator' WindowName: '(null)'