Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Remote Procedure Call Host] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\npf] 'Start' = '00000002'
- '<SYSTEM32>\rpchost.exe'
- '<SYSTEM32>\ipconfig.exe' /flushdns
- <SYSTEM32>\Packet.dll
- <SYSTEM32>\wpcap.dll
- <SYSTEM32>\rpchost.exe
- <DRIVERS>\npf.sys
- '1.##5.41.83':12345
- '1.##5.41.82':12345