Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,,<SYSTEM32>\SVCH0ST.EXE'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\msapisock.dll
- <SYSTEM32>\SVCH0ST.EXE
- 'ni####aid.3322.org':802
- DNS ASK ni####aid.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''