Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\test17reg] 'Startup' = 'test17reg'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\test17reg] 'DllName' = '%ALLUSERSPROFILE%\Documents\Settings\test17.dll'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Temp\tesD629.tmp
- %TEMP%\tes1E0D.tmp
- %ALLUSERSPROFILE%\Documents\Settings\test17.dll
- 'localhost':80
- localhost/uragan_admin/work.php?df####################
- DNS ASK microsoft.com