Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'winlogon' = '%APPDATA%\winlogin.exe'
- <Drive name for removable media>:\productinstall\fsa-5916-37591-2352322-634621321-6662355\desktop.ini
- <Drive name for removable media>:\productinstall\fsa-5916-37591-2352322-634621321-6662355\install.exe
- <Drive name for removable media>:\autorun.inf
- winlogin.exe
- %APPDATA%\winlogin.exe
- %APPDATA%\winlogin.exe
- <Drive name for removable media>:\productinstall\fsa-5916-37591-2352322-634621321-6662355\install.exe
- DNS ASK bx.####callmeboomx.info
- '%APPDATA%\winlogin.exe'
- '%APPDATA%\winlogin.exe' ' (with hidden window)