Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\BaiDujk.exe'
- '%WINDIR%\BaiDujk.exe'
- C:\MyTemp
- %WINDIR%\BaiDujk.exe
- C:\MyTemp
- 'qw###t.3322.org':8087
- DNS ASK qw###t.3322.org