Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\winh.exe'
- %TEMP%\win3nt.dll -decrypt -key secret -infile %TEMP%\win3nth.dll -outfile %TEMP%\t.exe
- %TEMP%\win3nth.dll
- %TEMP%\t.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\win3nt.dll
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp