Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'NTSpool' = 'NTSpool.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <SYSTEM32>\NTSpool.exe
- %ALLUSERSPROFILE%\Application Data\TEMP:A5682AEF
- 'se#####ther.whyi.org':2002
- DNS ASK se#####ther.whyI.org
- ClassName: 'ThunderRT6FormDC' WindowName: ''
- ClassName: 'ThunderRT6FormDC' WindowName: 'Shareware Cheater v 3.0'