Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe rundll32.exe calc.ifo before1main'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\calc.ifo
- %TEMP%\1.tmp
- '4s#2.cn':80
- 4s#2.cn/ld0/use.php?id##################################
- DNS ASK 4s#2.cn