Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CRNJEUFU] 'Startup' = 'atan3'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CRNJEUFU] 'Logon' = 'asin3'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CRNJEUFU] 'DllName' = '<SYSTEM32>\CRNJEUFU.dll'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\f9d10a2ce4d4d6fdf7827bc767e250c8.bat
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\CRNJEUFU.dll
- %TEMP%\f9d10a2ce4d4d6fdf7827bc767e250c8.bat