Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'HKLM' = '%APPDATA%\Install\winlogon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{136PK353-UF88-3GCY-ILP2-6AY4D4SNW644}] 'StubPath' = '"%APPDATA%\Install\winlogon.exe"'
- winlogon.exe
- %APPDATA%\install\winlogon.exe
- 'co####erfinansa.com':58460
- DNS ASK co####erfinansa.com
- '%APPDATA%\install\winlogon.exe'