Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\lsass.exe'
- %WINDIR%\lsass.exe
- C:\MyTemp
- %WINDIR%\lsass.exe
- C:\MyTemp
- 'ok##0.info':1111
- 'jj##o.info':11523
- 'http://99##5.info/soft/5.asp':80
- DNS ASK ok##0.info
- DNS ASK jj##o.info
- DNS ASK http://99##5.info/Soft/5.asp