Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe,<DRIVERS>\SMSS.EXE'
- <SYSTEM32>\mountvol.exe E: /d
- <SYSTEM32>\mountvol.exe A: /d
- C:\recycled\aux.{645FF040-5081-101B-9F08-00AA002F954E}\$$$\usbsn.dll
- <DRIVERS>\SMSS.exe
- C:\recycled\aux.{645FF040-5081-101B-9F08-00AA002F954E}\$$$\usbcs.dll
- C:\recycled\aux.{645FF040-5081-101B-9F08-00AA002F954E}\$$$\flag.ini
- %TEMP%\xpplatinum.ini
- <DRIVERS>\SMSS.exe
- C:\recycled\aux.{645FF040-5081-101B-9F08-00AA002F954E}\$$$\usbsn.dll
- C:\recycled\aux.{645FF040-5081-101B-9F08-00AA002F954E}\$$$\flag.ini
- %TEMP%\xpplatinum.ini