Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bootlui] 'Startup' = 'NotifyStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bootlui] 'Dllname' = 'bootlui.dll'
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\bootlui.dll",DNSetup
- <SYSTEM32>\bootlui.dll
- 'tu##uo.com':80
- tu##uo.com/
- DNS ASK tu##uo.com
- ClassName: '(null)' WindowName: 'Duncan Monitor'