Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'HKLM' = '%APPDATA%\Install\winlogon.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{136PK353-UF88-3GCY-ILP2-6AY4D4SNW644}] 'StubPath' = '"%APPDATA%\Install\winlogon.exe"'
- winlogon.exe
- %TEMP%\gfqhm.exe
- %APPDATA%\install\winlogon.exe
- %TEMP%\csutu.exe
- DNS ASK co####erfinansa.com
- '%TEMP%\gfqhm.exe'
- '%APPDATA%\install\winlogon.exe'
- '%TEMP%\csutu.exe'