Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'HKLM' = '%APPDATA%\Install\winlogon.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D4AEAYNR-V1T0-E43Q-82LB-O6JF320BN6SI}] 'StubPath' = '"%APPDATA%\Install\winlogon.exe"'
- winlogon.exe
- %APPDATA%\install\winlogon.exe
- DNS ASK co####erfinansa.com
- '%APPDATA%\install\winlogon.exe'