Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Winlogon' = '%APPDATA%\winlogon.exe'
- '%APPDATA%\winlogon.exe'
- %APPDATA%\lcd.dll
- %APPDATA%\winlogon.exe
- %APPDATA%\winlogon.exe
- %APPDATA%\lcd.dll
- %APPDATA%\winlogon.exe
- 'fi###deteam.tk':80
- fi###deteam.tk/g/h/adminpanel2/gate.php?us####################################
- DNS ASK fi###deteam.tk