Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\InTro_hiding] 'Logon' = 'Logon'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\InTro_hiding] 'DllName' = '<SYSTEM32>\intro_hiding.dll'
- <SYSTEM32>\intro_hiding.dll
- %TEMP%\~1.tmp
- 'up####.mocrosoft.com':80
- 'ch#####.ignorelist.com':80
- ch#####.ignorelist.comhttp://checkin.ignorelist.com/forum.php?us#######################
- up####.mocrosoft.comhttp://update.mocrosoft.com/
- ch#####.ignorelist.comhttp://checkin.ignorelist.com/forum.php?us###########################
- DNS ASK up####.mocrosoft.com
- DNS ASK ch#####.ignorelist.com