Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\winlogon.exe' = '<SYSTEM32>\winlogon.exe:*:enabled:@shell32.dll,-1'
- '%TEMP%\usmt\migwiz.exe'
- '%TEMP%\IXP000.TMP\migload.exe'
- <SYSTEM32>\winlogon.exe
- %TEMP%\usmt\migwiz.exe
- %TEMP%\usmt\migwiz.inf
- %TEMP%\usmt\migsys.inf
- %TEMP%\usmt\miguser.inf
- %TEMP%\usmt\script.dll
- %TEMP%\usmt\sysmod.dll
- %TEMP%\usmt\migload.exe
- %TEMP%\usmt\shfolder.dll
- %TEMP%\usmt\sysfiles.inf
- %TEMP%\usmt\usmtdef.inf
- %TEMP%\usmt\guitrn.dll
- %TEMP%\IXP000.TMP\migload.exe
- %TEMP%\IXP000.TMP\migwiz.cab
- %TEMP%\usmt\iconlib.dll
- %TEMP%\usmt\migism.dll
- %TEMP%\usmt\migism.inf
- %TEMP%\usmt\log.dll
- %TEMP%\usmt\migapp.inf
- 'il#.#renz.pl':80
- DNS ASK il#.#renz.pl
- ClassName: 'USMTCobraApp' WindowName: 'Migwiz'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'USMTLoader' WindowName: '(null)'