Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe rundll32.exe wdpf.xfo mfwchp'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\wdpf.xfo
- %TEMP%\1.tmp
- '76.##.117.154':80
- 76.##.117.154/full/bb.php?v=##################################