Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XMI Start' = '<SYSTEM32>\FUXULO\XMI.exe'
- <Текущая директория>\pursuit.hack.exe
- <SYSTEM32>\FUXULO\XMI.exe
- Библиотека-обработчик для всех процессов: <SYSTEM32>\FUXULO\XMI.001
- ClassName: '#32770' WindowName: 'TRW2000 for Windows 9x'
- ClassName: 'OLLYDBG' WindowName: 'OllyDbg'
- ClassName: 'RegmonClass' WindowName: 'Registry Monitor'
- ClassName: '#32770' WindowName: 'API-Log v1.2 by M.o.D. [F2F]'
- ClassName: 'FileMonClass' WindowName: 'File Monitor'
- <SYSTEM32>\FUXULO\XMI.exe
- <Текущая директория>\pursuit.hack.exe
- <SYSTEM32>\FUXULO\XMI.002
- <SYSTEM32>\FUXULO\XMI.004
- <SYSTEM32>\FUXULO\XMI.001
- ClassName: '#32770' WindowName: 'TrainerSpy XP + NT / 2000 / XP + Coded By BofeN'
- ClassName: 'OWL_Window' WindowName: 'The Customiser'
- ClassName: '#32770' WindowName: 'TRAINER SPY'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '#32770' WindowName: 'Hacked Spy '
- ClassName: 'TPEViewForm' WindowName: 'The Customiser Configuration Screen'
- ClassName: '' WindowName: 'TRAINER SPY'
- ClassName: '' WindowName: 'AKLMW'
- ClassName: 'VxDMonClass' WindowName: 'VxD Monitor'
- ClassName: 'TPEViewForm' WindowName: 'Cool Debugger for Win32'
- ClassName: 'OWL_Window' WindowName: 'URSoft W32Dasm Ver 8.93 Program Disassembler/Debugger'