Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'pltfg' = 'rundll32.exe "%TEMP%\pltfg.dll",ColorAdjustSaturation'
- %TEMP%\pltfg.dll
- <Полный путь к файлу>
- '12#####.midifilehosting.com':80
- http://12#####.midifilehosting.com/file/id=AQAPAAEAnxgCAAEFBRcAAAAAAAAAAAAAAAAAAAAgCwwPCwAAAPauEM_hEax0rLhtgiZvmW8AAFVVVVVVVVVVVVVVVVVVVVWug9QBPHCWyPj8AQBWVFFcXlNCWH9nd3RrZ3hqegYBAjRW&rt=AAAAAA...
- DNS ASK 12#####.midifilehosting.com
- '<SYSTEM32>\rundll32.exe' "%TEMP%\pltfg.dll",CreateVolumeTextureFromResourceW