Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\cclick.exe'
- %WINDIR%\cclick.exe
- C:\MyTemp
- %WINDIR%\cclick.exe
- C:\MyTemp
- 'any':80
- 'wz##c.co.cc':2011
- DNS ASK wz##c.co.cc