Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\IBUpdaterService] 'Start' = '00000002'
- <SYSTEM32>\msvcr100.dll
- <SYSTEM32>\msvcp100.dll
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\ARFC\wrtc.exe' = '<SYSTEM32>\ARFC\wrtc.exe:*:Enabled:wrtc'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\dmwu.exe' = '<SYSTEM32>\dmwu.exe:*:Enabled:dmwu'
- '<SYSTEM32>\WNLT\Installation\SKSetup.exe'
- '<SYSTEM32>\dmwu.exe' /StartReportInstallerStat 906 8 1016=0
- '<SYSTEM32>\dmwu.exe' /StartReportInstallerStat 906 6 1016=0
- '<SYSTEM32>\dmwu.exe' /StartReportInstallerStat 906 7 1016=0
- '<SYSTEM32>\dmwu.exe' /setup
- '<SYSTEM32>\ARFC\wrtc.exe' getlastinputinfo
- '<SYSTEM32>\dmwu.exe' /StartReportInstallerStat 906 10 1016=1 1015=32
- '<SYSTEM32>\dmwu.exe' /StartReportInstallerStat 906 9 1016=0
- '<SYSTEM32>\dmwu.exe'
- '<SYSTEM32>\dmwu.exe' /SendReportInstallerStat
- '<SYSTEM32>\WNLT\InstallationFiles\x86\THCH.exe'
- '<SYSTEM32>\dmwu.exe' /StartReportInstallerStat 906 5 1018=0 1019=0 1020= 1023= 1021= 1022=
- '<SYSTEM32>\WNLT\InstallationFiles\x86\SetXPDriverSigningPolicy.exe' 0
- '<SYSTEM32>\dmwu.exe' /StartReportInstallerStat 906 1 1005=1
- '<SYSTEM32>\dmwu.exe' /StartReportInstallerStat 906 3 1016=0
- '<SYSTEM32>\dmwu.exe' /StartReportInstallerStat 906 4 1016=0
- '<SYSTEM32>\WNLT\InstallationFiles\x86\SvcSetup.exe' /install /inf "<SYSTEM32>\WNLT\InstallationFiles\x86\persgsvcXP.inf"
- '<SYSTEM32>\dmwu.exe' /StartReportInstallerStat 906 2 1005=0 1017=0
- '<SYSTEM32>\WNLT\Installation\SKSetup.exe' (downloaded from the Internet)
- <SYSTEM32>\msvcm80.dll
- <SYSTEM32>\dmwu.exe
- <SYSTEM32>\ImHttpComm.dll
- <SYSTEM32>\msvcp80.dll
- <SYSTEM32>\ARFC\wrtc.exe
- <SYSTEM32>\Microsoft.VC80.CRT.manifest
- <SYSTEM32>\msvcr80.dll
- <SYSTEM32>\WNLT\Installation\Uninstall\UninstallerLauncher.exe
- <SYSTEM32>\WNLT\Installation\HSChromeRegSetup.exe
- <SYSTEM32>\WNLT\InstallationFiles\SvcHelper\wrtc.exe
- <SYSTEM32>\WNLT\Installation\Uninstall\msvcp100.dll
- %TEMP%\nss2.tmp\Registry.dll
- %HOMEPATH%\AppData\LocalLow\Microsoft\Internet Explorer\Services\Ask.ico
- <SYSTEM32>\WNLT\Installation\Uninstall\msvcr100.dll
- %TEMP%\nss2.tmp\StarWarsPlugin.dll
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MOE00UY1\ceb[1].htm
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LBMMC3H3\upn[1].aspx
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\upn[1].aspx
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BGGTYMH1\upn[1].aspx
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MOE00UY1\upn[1].aspx
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LBMMC3H3\CA0LQ1LU.gif
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\CA5003HX.gif
- %TEMP%\nss2.tmp\inetc.dll
- <SYSTEM32>\WNLT\Installation\Uninstall\uninstaller.exe
- <LS_APPDATA>\SWDS\SWDS.bin
- <SYSTEM32>\WNLT\Installation\Config.bin
- <SYSTEM32>\config\systemprofile\AppData\LocalLow\dfltCfg.bin
- <SYSTEM32>\WNLT\Installation\SWDS.bin
- <SYSTEM32>\WNLT\Installation\SKSetup.exe
- <SYSTEM32>\WNLT\InstallationFiles\x64\msvcp100.dll
- <SYSTEM32>\WNLT\InstallationFiles\x64\ImHttpComm.dll
- <SYSTEM32>\WNLT\InstallationFiles\x64\persgsvc.cat
- <SYSTEM32>\WNLT\InstallationFiles\x64\msvcr100.dll
- <SYSTEM32>\WNLT\InstallationFiles\x64\THCH.exe
- <SYSTEM32>\WNLT\InstallationFiles\x64\SvcSetup.exe
- <SYSTEM32>\WNLT\InstallationFiles\x64\SetXPDriverSigningPolicy.exe
- <SYSTEM32>\WNLT\InstallationFiles\x64\dmwu.exe
- %TEMP%\nss2.tmp\System.dll
- %TEMP%\nss2.tmp\nsisos.dll
- <SYSTEM32>\WNLT\InstallationFiles\x64\persgsvc.inf
- <SYSTEM32>\WNLT\InstallationFiles\x64\persgsvcXP_old.inf
- <SYSTEM32>\WNLT\InstallationFiles\x64\persgsvc_old.inf
- <SYSTEM32>\WNLT\InstallationFiles\x64\persgsvcXP.inf
- <SYSTEM32>\WNLT\InstallationFiles\x86\dmwu.exe
- <SYSTEM32>\WNLT\InstallationFiles\x86\msvcr80.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\msvcp80.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\msvcm80.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\Microsoft.VC80.CRT.manifest
- <SYSTEM32>\WNLT\InstallationFiles\x86\THCH.exe
- <SYSTEM32>\WNLT\InstallationFiles\x86\SvcSetup.exe
- <SYSTEM32>\WNLT\InstallationFiles\x86\SetXPDriverSigningPolicy.exe
- <SYSTEM32>\WNLT\InstallationFiles\x86\persgsvc_old.inf
- <SYSTEM32>\WNLT\InstallationFiles\x86\persgsvcXP.inf
- <SYSTEM32>\WNLT\InstallationFiles\x86\persgsvc.inf
- <SYSTEM32>\WNLT\InstallationFiles\x86\persgsvcXP_old.inf
- <SYSTEM32>\WNLT\InstallationFiles\x86\msvcr100.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\msvcp100.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\ImHttpComm.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\persgsvc.inf
- <SYSTEM32>\WNLT\InstallationFiles\x86\msvcr80.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\persgsvcXP_old.inf
- <SYSTEM32>\WNLT\InstallationFiles\x86\persgsvcXP.inf
- <SYSTEM32>\WNLT\InstallationFiles\x86\msvcp100.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\msvcm80.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\msvcr100.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\msvcp80.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\persgsvc_old.inf
- %TEMP%\nss2.tmp\Registry.dll
- %TEMP%\nss2.tmp\nsisos.dll
- %TEMP%\nss2.tmp\System.dll
- %TEMP%\nss2.tmp\StarWarsPlugin.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\SvcSetup.exe
- <SYSTEM32>\WNLT\InstallationFiles\x86\SetXPDriverSigningPolicy.exe
- %TEMP%\nss2.tmp\inetc.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\THCH.exe
- <SYSTEM32>\WNLT\InstallationFiles\x86\Microsoft.VC80.CRT.manifest
- <SYSTEM32>\WNLT\InstallationFiles\x64\msvcp100.dll
- <SYSTEM32>\WNLT\InstallationFiles\x64\ImHttpComm.dll
- <SYSTEM32>\WNLT\InstallationFiles\x64\persgsvc.cat
- <SYSTEM32>\WNLT\InstallationFiles\x64\msvcr100.dll
- <SYSTEM32>\config\systemprofile\AppData\LocalLow\dfltCfg.bin
- <SYSTEM32>\WNLT\Installation\Config.bin
- <SYSTEM32>\WNLT\InstallationFiles\x64\dmwu.exe
- <SYSTEM32>\WNLT\InstallationFiles\SvcHelper\wrtc.exe
- <SYSTEM32>\WNLT\InstallationFiles\x64\persgsvc.inf
- <SYSTEM32>\WNLT\InstallationFiles\x64\THCH.exe
- <SYSTEM32>\WNLT\InstallationFiles\x64\SvcSetup.exe
- <SYSTEM32>\WNLT\InstallationFiles\x86\ImHttpComm.dll
- <SYSTEM32>\WNLT\InstallationFiles\x86\dmwu.exe
- <SYSTEM32>\WNLT\InstallationFiles\x64\persgsvcXP_old.inf
- <SYSTEM32>\WNLT\InstallationFiles\x64\persgsvcXP.inf
- <SYSTEM32>\WNLT\InstallationFiles\x64\SetXPDriverSigningPolicy.exe
- <SYSTEM32>\WNLT\InstallationFiles\x64\persgsvc_old.inf
- 's4.##rion.com':80
- 'www.go#####analytics.com':80
- 'ce#.##credimail.com':80
- 'ww###.#ncredimail.com':80
- 'localhost':1041
- www.go#####analytics.com/__utm.gif?ut#########################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
- www.go#####analytics.com/__utm.gif?ut############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
- ce#.##credimail.com/h/upn.aspx?r=#######################################################
- ww###.#ncredimail.com/incredibar/skywalker/update_tail/Config_File/5132/Config.bin
- ww###.#ncredimail.com/incredibar/skywalker/update_tail/Unified/5132/SkywalkerSetup.exe
- s4.##rion.com/AppServer/ceb.aspx
- DNS ASK s4.##rion.com
- DNS ASK www.go#####analytics.com
- DNS ASK ww###.#ncredimail.com
- DNS ASK ce#.##credimail.com
- ClassName: 'Shell_TrayWnd' WindowName: ''