Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\lsass.exe'
- %WINDIR%\lsass.exe
- C:\MyTemp
- %WINDIR%\lsass.exe
- C:\MyTemp
- 'ok##0.info':1111
- 'jj##o.info':11507
- 'http://we##isit.tk/plug/tj/alone.asp':80
- DNS ASK ok##0.info
- DNS ASK jj##o.info
- DNS ASK http://we##isit.tk/plug/tj/Alone.asp