Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\test24reg] 'Startup' = 'test24reg'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\test24reg] 'DllName' = '%ALLUSERSPROFILE%\Documents\Settings\test24.dll'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Temp\tesDF27.tmp
- %TEMP%\tes74B2.tmp
- %ALLUSERSPROFILE%\Documents\Settings\test24.dll
- 'localhost':80
- localhost/uragan_admin/work.php?df####################
- DNS ASK microsoft.com