Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'System' = '<SYSTEM32>\stub1.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe stub1.exe'
- <SYSTEM32>\DisSERVER.exe
- <SYSTEM32>\DisSERVER.exe
- <SYSTEM32>\stub1.exe
- 'www.yo######here.siteburg.com':80
- www.yo######here.siteburg.com/cgi-bin/RAlog.cgi?ac#################################################################################
- DNS ASK www.yo######here.siteburg.com