Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lokyreg] 'Startup' = 'lokyreg'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lokyreg] 'DllName' = '%ALLUSERSPROFILE%\Documents\Settings\loky.dll'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Temp\lok335B.tmp
- %TEMP%\lok2C6E.tmp
- %ALLUSERSPROFILE%\Documents\Settings\loky.dll
- 'localhost':80
- localhost/uragan_admin/work.php?sp####################
- DNS ASK microsoft.com