Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'EXPLORER' = 'EXPL0RER.EXE'
- <SYSTEM32>\EXPL0RER.EXE "<Полный путь к вирусу>"
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %ALLUSERSPROFILE%\Application Data\TEMP:C980DA7D
- <SYSTEM32>\Вв_Жов_23_2012.txt
- <SYSTEM32>\win32log.dat
- <SYSTEM32>\EXPL0RER.EXE
- <SYSTEM32>\EXPL0RER.EXE
- 'sm##.gmail.com':25
- DNS ASK sm##.gmail.com
- ClassName: 'ThunderRT6FormDC' WindowName: ''
- ClassName: 'ThunderRT6FormDC' WindowName: 'Shareware Cheater v 3.0'