Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%PROGRAM_FILES%\wmpmetvk.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe'
- %WINDIR%\explorer.exe
- 'sm##.gmail.com':465
- DNS ASK sm##.gmail.com
- ClassName: '' WindowName: ''