Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\RemoteAccess] 'Start' = '00000002'
- <SYSTEM32>\dllcache\mprdim.dll
- <SYSTEM32>\mprdim.dll with <SYSTEM32>\mprdim.dll
- %WINDIR%\Explorer.EXE
- C:\t.hiv
- <SYSTEM32>\avifil64.dll
- <SYSTEM32>\avifil16.dll
- C:\t.hiv
- <SYSTEM32>\c_a1512.nls
- from <SYSTEM32>\mprdim.dll to <SYSTEM32>\c_a1512.nls
- '12#.#0.47.30':443
- 'ns##.#rabdance.com':443
- DNS ASK ns##.#rabdance.com
- '<Private IP address>':1035
- ClassName: 'shell_traywnd' WindowName: ''