Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32] 'Startup' = 'WinlogonStartEX'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32] 'DllName' = 'cryptnet32.dll'
- <SYSTEM32>\dll.dll
- <SYSTEM32>\crt.dat
- <SYSTEM32>\cryptnet32.dll
- <SYSTEM32>\shimg.dll
- <SYSTEM32>\dll.dll
- 'gw##.#octets.co.uk':80
- '89.##9.208.46':8014
- '74.##5.232.51':80
- gw##.#octets.co.uk/skulls.php?ne####################################
- DNS ASK gw##.#octets.co.uk
- DNS ASK www.google.com
- '<IP-адрес в локальной сети>':1036