Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\winlogon] 'ImagePath' = '"%WINDIR%\Microsoft\winlogon.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\winlogon] 'Start' = '00000002'
- '%WINDIR%\Microsoft\winlogon.exe' /run
- '%WINDIR%\Microsoft\winlogon.exe'
- '%WINDIR%\Microsoft\winlogon.exe' /install
- '<SYSTEM32>\sc.exe' stop winlogon
- '<SYSTEM32>\sc.exe' delete winlogon
- %WINDIR%\Microsoft\Client\settings.dat
- %WINDIR%\Microsoft\Client\taskhost.exe
- %WINDIR%\Microsoft\winlogon.exe
- %WINDIR%\Microsoft\winlogon.InstallState
- %WINDIR%\Microsoft\Client\taskhost.exe
- %WINDIR%\Microsoft\Client\taskhost.exe
- 'do######-new.utorrent.com':80
- 'dl.#####oxusercontent.com':443
- 'wp#d':80
- http://do######-new.utorrent.com/endpoint/bittorrent/os/win/track/stable/
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK do######-new.utorrent.com
- DNS ASK dl.#####oxusercontent.com
- DNS ASK wp#d