Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'MicrosoftMessenger' = 'msmnsgr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftMessenger' = 'msmnsgr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '' = ':*:Enabled:MicrosoftMessenger'
- <SYSTEM32>\msmnsgr.exe 1584 "<Полный путь к вирусу>"
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %ALLUSERSPROFILE%\Application Data\TEMP:8DD6A802
- <SYSTEM32>\msmnsgr.exe
- <SYSTEM32>\msmnsgr.exe
- '12.##0.5.241':65500
- ClassName: 'mIRC' WindowName: ''
- ClassName: 'ThunderRT6FormDC' WindowName: ''
- ClassName: 'ThunderRT6FormDC' WindowName: 'Shareware Cheater v 3.0'