Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System' = 'RUNDLL32 %WINDIR%\WSOCY32.INI,Zhong'
- <SYSTEM32>\rundll32.exe "%WINDIR%\KSafe.ini",Zhong
- C:\NT_Path.old
- %WINDIR%\WSOCY32.INI
- %WINDIR%\KSafe.ini
- 'ch###y.3322.org':80
- DNS ASK ch###y.3322.org