Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MediaPlayerUpd' = '%WINDIR%\Install_WM.exe'
- %ProgramFiles%\Windows Media Player\plugins\opencl\kernel.cl
- %ProgramFiles%\Windows Media Player\plugins\opencl\__init__.py
- %ProgramFiles%\Windows Media Player\phoenix.cfg
- %ProgramFiles%\Windows Media Player\phoenix.exe
- %ProgramFiles%\Windows Media Player\plugins\opencl\__init__.pyo
- %ProgramFiles%\Windows Media Player\plugins\phatk2\__init__.pyo
- %ProgramFiles%\Windows Media Player\plugins\phatk2\kernel.cl
- %ProgramFiles%\Windows Media Player\plugins\phatk2\__init__.py
- %TEMP%\apm1.tmp
- %ProgramFiles%\Alawar_Crack.exe
- %WINDIR%\Install_WM.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\RarSFX0\003.exe
- %TEMP%\RarSFX0\autorun.exe
- %TEMP%\$inst\0001.tmp
- %TEMP%\RarSFX0\Patch.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\0001.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- 'po###.50btc.com':8332
- 'po####s.50btc.com':8332
- 'localhost':1038
- 'po##.50btc.com':8332
- DNS ASK po####s.50btc.com
- DNS ASK po###.50btc.com
- DNS ASK po##.50btc.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\RarSFX0\autorun.exe'
- '%ProgramFiles%\Windows Media Player\phoenix.exe'
- '%ProgramFiles%\Alawar_Crack.exe'
- '%WINDIR%\Install_WM.exe'