Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\arm65reg] 'Startup' = 'arm65reg'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\arm65reg] 'DllName' = 'c:\Settings\arm65.dll'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Temp\2.sys
- %WINDIR%\Temp\arm4808.tmp
- %WINDIR%\Temp\1.dll
- %WINDIR%\Temp\1.tmp
- C:\Settings\arm65.dll
- '<IP-адрес в локальной сети>':1038