Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogin.scr
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogin.scr /S
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogin.scr (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\winread[1].txt
- 'sp####.port5.com':80
- 'localhost':1035
- sp####.port5.com/winread.txt
- DNS ASK sp####.port5.com
- ClassName: 'Button' WindowName: '&Unblock'
- ClassName: '#32770' WindowName: 'Windows Security Alert'