Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'Microsoft Windows Manager' = '%WINDIR%\M-50504520420505405088605045405080\winmgr.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'Microsoft Windows Manager' = '%WINDIR%\M-50504520420505405088605045405080\winmgr.exe'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\M-50504520420505405088605045405080\winmgr.exe' = '%WINDIR...
- winmgr.exe
- %TEMP%\nsh2e70.tmp
- %TEMP%\soxfailureantimony
- %TEMP%\tweakdiskcleanup_sv.p5p
- %TEMP%\telfer.dll
- %TEMP%\nsm64cc.tmp\system.dll
- %WINDIR%\m-50504520420505405088605045405080\winmgr.exe
- %TEMP%\nsn958c.tmp
- %TEMP%\nsxcca3.tmp\system.dll
- %WINDIR%\m-50504520420505405088605045405080\winmgr.exe
- %TEMP%\nsm64cc.tmp\system.dll
- %TEMP%\nsxcca3.tmp\system.dll
- 'sr##100.ru':5050
- DNS ASK sr##100.ru
- '%WINDIR%\m-50504520420505405088605045405080\winmgr.exe'