Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\odfwbc23] 'Startup' = 'WlxStartupEvent'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\odfwbc23] 'DllName' = '<SYSTEM32>\odfwbc23.dll'
- '<SYSTEM32>\odfwbc23.exe'
- %TEMP%\ED58.tmp
- <SYSTEM32>\odfwbc23.exe
- <SYSTEM32>\odfwbc23.dll
- %TEMP%\ED58.tmp
- 'i.#######kionderunhasdeun.com':80
- i.#######kionderunhasdeun.com/stat.cgi?do#############
- DNS ASK i.#######kionderunhasdeun.com