Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\test13reg] 'Startup' = 'test13reg'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\test13reg] 'DllName' = '%ALLUSERSPROFILE%\Documents\Settings\test13.dll'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Temp\tesC5A.tmp
- %TEMP%\tesF845.tmp
- %ALLUSERSPROFILE%\Documents\Settings\test13.dll
- %TEMP%\tesF845.tmp в %ALLUSERSPROFILE%\Documents\Settings\test13.dll
- 'localhost':80
- localhost/uragan_admin/work.php?df####################
- DNS ASK microsoft.com