Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsLogonHost' = '%APPDATA%\WindowsLogonHost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsLogonProvider' = '%APPDATA%\WindowsLogonProvider.exe'
- %APPDATA%\WindowsLogonHost.exe
- %APPDATA%\WindowsLogonUser.exe
- %APPDATA%\WindowsLogonHost.exe
- %APPDATA%\WindowsLogonUser.exe
- 'mi######tserver.bplaced.net':80
- mi######tserver.bplaced.net/main.txt
- DNS ASK mi######tserver.bplaced.net
- ClassName: 'Indicator' WindowName: ''