Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'OBK Start' = '%WINDIR%\VMCOJO\OBK.exe'
- '<LS_APPDATA>\Xenocode\Sandbox\scanner tools\20.1.11.06\2012.06.27T17.36\Native\STUBEXE\@PROFILE@\Local Settings\Temp\Kermit.exe'
- '<LS_APPDATA>\Xenocode\Sandbox\scanner tools\20.1.11.06\2012.06.27T17.36\Native\STUBEXE\@WINDIR@\VMCOJO\OBK.exe'
- '<LS_APPDATA>\Xenocode\Sandbox\scanner tools\20.1.11.06\2012.06.27T17.36\Virtual\STUBEXE\@APPDIR@\Camfrog kermit.exe'
- '<LS_APPDATA>\Xenocode\Sandbox\scanner tools\20.1.11.06\2012.06.27T17.36\Native\STUBEXE\@PROFILE@\Local Settings\Temp\Install.exe'
- Библиотека-обработчик для всех процессов: %WINDIR%\VMCOJO\OBK.001
- %TEMP%\nsr3.tmp
- %WINDIR%\VMCOJO\OBK.exe
- %WINDIR%\VMCOJO\OBK.003
- %TEMP%\nsh4.tmp\ioSpecial.ini
- %WINDIR%\VMCOJO\OBK.008
- %TEMP%\nsh4.tmp\InstallOptions.dll
- %TEMP%\nsh4.tmp\modern-wizard.bmp
- %TEMP%\Kermit.exe
- %TEMP%\Install.exe
- %WINDIR%\VMCOJO\OBK.004
- %WINDIR%\VMCOJO\AKV.exe
- %WINDIR%\VMCOJO\OBK.002
- %WINDIR%\VMCOJO\OBK.001
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'AKLMW'