Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Userinit' = '<SYSTEM32>\usernit.exe'
- '<SYSTEM32>\usernit.exe'
- <SYSTEM32>\usernit.exe
- 'we###iznes.com':80
- we###iznes.com/adminka1/online.php
- we###iznes.com/adminka1/work.txt
- DNS ASK we###iznes.com
- ClassName: 'MS_WINHELP' WindowName: '(null)'