Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\Googleir.exe'
- %WINDIR%\Googleir.exe
- C:\MyTemp
- %WINDIR%\Googleir.exe
- C:\MyTemp
- 'ff####om.8866.org':18185
- 'fa###t.9966.org':80
- DNS ASK ff####om.8866.org
- DNS ASK fa###t.9966.org