Техническая информация
- <SYSTEM32>\Winlogom.exe (загружен из сети Интернет)
- %WINDIR%\explorer.exe
- <SYSTEM32>\expressos.cfg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\borlndmm[1].dll
- <SYSTEM32>\borlndmm.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\Winlogom[1].jpg
- <SYSTEM32>\Winlogom.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\expressos[1].cfg
- 'du###sys.com':80
- 'www.ro#####arcaonline.com':80
- 'localhost':1036
- www.ro#####arcaonline.com/link/borlndmm.dll
- du###sys.com/controle/expressos.cfg
- www.ro#####arcaonline.com/link/Winlogom.jpg
- DNS ASK du###sys.com
- DNS ASK www.ro#####arcaonline.com
- ClassName: '' WindowName: 'GINA Logon'
- ClassName: '' WindowName: ''