Technical Information
- [<HKCU>\Environment] 'UserInitMprLogonScript' = '%APPDATA%\Microsoft\winlogon.exe'
- from <Full path to file> to %APPDATA%\microsoft\winlogon.exe
- http://www.of####-shima.com/img/home/?fc##########
- http://www.of####-shima.com/img/home/index.php?fc##########
- DNS ASK of####-shima.com
- '%WINDIR%\syswow64\cmd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Environment /v UserInitMprLogonScript /t REG_SZ /d "%APPDATA%\Microsoft\winlogon.exe" /f