Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe %WINDIR%\Config\lsass.exe'
- '%WINDIR%\Config\lsass.exe' <SYSTEM32>\Leet.exe
- '<SYSTEM32>\Leet.exe'
- <SYSTEM32>\MSWINSCK.OCX
- %WINDIR%\Config\lsass.exe
- <SYSTEM32>\Leet.exe
- <SYSTEM32>\Leet.exe
- %TEMP%\~DFDB2.tmp
- 'i.##ner.org':3071
- DNS ASK i.##ner.org