Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CRNJEUFU] 'Startup' = 'Startup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CRNJEUFU] 'Logon' = 'Logon'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CRNJEUFU] 'DllName' = '<SYSTEM32>\CRNJEUFU.dll'
- %TEMP%\019f817addbeb41372e2e559d074d38d\go2.exe
- <SYSTEM32>\ntvdm.exe -f -i1
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- <SYSTEM32>\CRNJEUFU.dll
- C:\log.udt
- %TEMP%\019f817addbeb41372e2e559d074d38d\go2.exe
- %TEMP%\019f817addbeb41372e2e559d074d38d\keygen.exe
- %TEMP%\019f817addbeb41372e2e559d074d38d\go2.exe
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-9bc.9c0.370001'