Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WebThunder' = 'rundll32.exe <SYSTEM32>\iexplorer.dll,start'
- [<HKLM>\SYSTEM\ControlSet001\Services\FILEMON] 'Start' = '00000000'
- %PROGRAM_FILES%\app0409\loaddriver.exe SW_SHOWNORMAL
- <SYSTEM32>\rundll32.exe <SYSTEM32>\iexplorer.dll,start
- %PROGRAM_FILES%\app0409\loaddriver.exe
- <DRIVERS>\filem.sys
- %PROGRAM_FILES%\app0409\iexplorer.dll
- %PROGRAM_FILES%\app0409\cfg1.cfg
- %PROGRAM_FILES%\app0409\filem.sys
- %PROGRAM_FILES%\app0409\iexplorer.dll в <SYSTEM32>\iexplorer.dll
- %PROGRAM_FILES%\app0409\cfg1.cfg в <SYSTEM32>\cfg1.cfg