Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cftmon' = '<SYSTEM32>\1301\cftmon.exe'
- <SYSTEM32>\1301\cftmon.exe
- %TEMP%\golden share Cash\AUTORUN.exe
- <SYSTEM32>\1301\projectblackout.exe
- <SYSTEM32>\1301\Golden.exe
- <SYSTEM32>\wscript.exe "<SYSTEM32>\1301\run.vbs"
- Библиотека-обработчик для всех процессов: <SYSTEM32>\1301\cftmonhk.dll
- %TEMP%\golden share Cash\MCIWNDX.OCX
- %TEMP%\golden share Cash\MSVBVM60.DLL
- %TEMP%\golden share Cash\Flash.ocx
- %TEMP%\golden share Cash\AUTORUN.exe
- %TEMP%\golden share Cash\AUTORUN.INF
- %TEMP%\golden share Cash\RICHTX32.OCX
- %TEMP%\golden share Cash\Data\enter.wav
- %TEMP%\golden share Cash\Data\sys1 .esr
- %TEMP%\golden share Cash\Data\cross.wav
- %TEMP%\golden share Cash\setup.exe
- %TEMP%\golden share Cash\Data\bg1.bmp
- <SYSTEM32>\1301\cftmoni.dll
- <SYSTEM32>\1301\cftmonr.exe
- <SYSTEM32>\1301\run.vbs
- <SYSTEM32>\1301\Golden.exe
- <SYSTEM32>\1301\projectblackout.exe
- <SYSTEM32>\1301\inst.bin
- <SYSTEM32>\1301\cftmon.exe
- <SYSTEM32>\1301\cftmonhk.dll
- <SYSTEM32>\1301\bpk.dat
- <SYSTEM32>\1301\install.log
- <SYSTEM32>\1301\pk.bin
- %TEMP%\~DFCF14.tmp
- 'localhost':1038
- ClassName: '' WindowName: 'PKL Window'
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''