Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe <SYSTEM32>\Amoumain.exe'
- %WINDIR%\Tasks\SA.DAT
- hidden files
- Command Prompt (CMD)
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
- System Restore (SR)
- <SYSTEM32>\Amoumain.exe
- ClassName: '' WindowName: 'Windows File Protection'
- <SYSTEM32>\dllcache\framdit.ttf.new
- <SYSTEM32>\dllcache\framd.ttf.new
- <SYSTEM32>\dllcache\script.fon.new
- <SYSTEM32>\dllcache\modern.fon.new
- %WINDIR%\Fonts\script.fon.new
- %WINDIR%\Fonts\framd.ttf.new
- <SYSTEM32>\Amoumain.exe
- %WINDIR%\Fonts\modern.fon.new
- %WINDIR%\Fonts\framdit.ttf.new
- <SYSTEM32>\Amoumain.exe
- %WINDIR%\Fonts\webdings.ttf
- %WINDIR%\Fonts\wingding.ttf
- %WINDIR%\Fonts\vrinda.ttf
- %WINDIR%\Fonts\verdanai.ttf
- %WINDIR%\Fonts\verdanaz.ttf
- %WINDIR%\Fonts\wst_czec.fon
- %WINDIR%\Fonts\wst_ital.fon
- %WINDIR%\Fonts\wst_span.fon
- %WINDIR%\Fonts\wst_germ.fon
- %WINDIR%\Fonts\wst_engl.fon
- %WINDIR%\Fonts\wst_fren.fon
- %WINDIR%\Fonts\verdanab.ttf
- %WINDIR%\Fonts\timesbi.ttf
- %WINDIR%\Fonts\timesi.ttf
- %WINDIR%\Fonts\timesbd.ttf
- %WINDIR%\Fonts\tahomabd.ttf
- %WINDIR%\Fonts\times.ttf
- %WINDIR%\Fonts\trebuc.ttf
- %WINDIR%\Fonts\tunga.ttf
- %WINDIR%\Fonts\verdana.ttf
- %WINDIR%\Fonts\trebucit.ttf
- %WINDIR%\Fonts\trebucbd.ttf
- %WINDIR%\Fonts\trebucbi.ttf
- %WINDIR%\Fonts\wst_swed.fon
- <SYSTEM32>\dllcache\ssflwbox.scr
- <SYSTEM32>\dllcache\ssmarque.scr
- <SYSTEM32>\dllcache\ssbezier.scr
- <SYSTEM32>\dllcache\scrnsave.scr
- <SYSTEM32>\dllcache\ss3dfo.scr
- <SYSTEM32>\dllcache\ssmypics.scr
- <SYSTEM32>\dllcache\sstext3d.scr
- <SYSTEM32>\Restore\MachineGuid.txt
- <SYSTEM32>\dllcache\ssstars.scr
- <SYSTEM32>\dllcache\ssmyst.scr
- <SYSTEM32>\dllcache\sspipes.scr
- <SYSTEM32>\dllcache\logon.scr
- <SYSTEM32>\ssbezier.scr
- <SYSTEM32>\ssflwbox.scr
- <SYSTEM32>\ss3dfo.scr
- <SYSTEM32>\logon.scr
- <SYSTEM32>\scrnsave.scr
- <SYSTEM32>\ssmarque.scr
- <SYSTEM32>\ssstars.scr
- <SYSTEM32>\sstext3d.scr
- <SYSTEM32>\sspipes.scr
- <SYSTEM32>\ssmypics.scr
- <SYSTEM32>\ssmyst.scr
- %WINDIR%\Fonts\georgia.ttf
- %WINDIR%\Fonts\georgiab.ttf
- %WINDIR%\Fonts\gautami.ttf
- %WINDIR%\Fonts\framd.ttf
- %WINDIR%\Fonts\framdit.ttf
- %WINDIR%\Fonts\georgiai.ttf
- %WINDIR%\Fonts\GlobalSerif.CompositeFont
- %WINDIR%\Fonts\GlobalUserInterface.CompositeFont
- %WINDIR%\Fonts\GlobalSansSerif.CompositeFont
- %WINDIR%\Fonts\georgiaz.ttf
- %WINDIR%\Fonts\GlobalMonospace.CompositeFont
- %WINDIR%\Fonts\estre.ttf
- %WINDIR%\Fonts\ariali.ttf
- %WINDIR%\Fonts\ariblk.ttf
- %WINDIR%\Fonts\arialbi.ttf
- %WINDIR%\Fonts\arial.ttf
- %WINDIR%\Fonts\arialbd.ttf
- %WINDIR%\Fonts\comic.ttf
- %WINDIR%\Fonts\courbi.ttf
- %WINDIR%\Fonts\couri.ttf
- %WINDIR%\Fonts\courbd.ttf
- %WINDIR%\Fonts\comicbd.ttf
- %WINDIR%\Fonts\cour.ttf
- %WINDIR%\Fonts\impact.ttf
- %WINDIR%\Fonts\palai.ttf
- %WINDIR%\Fonts\raavi.ttf
- %WINDIR%\Fonts\palabi.ttf
- %WINDIR%\Fonts\pala.ttf
- %WINDIR%\Fonts\palab.ttf
- %WINDIR%\Fonts\roman.fon
- %WINDIR%\Fonts\symbol.ttf
- %WINDIR%\Fonts\tahoma.ttf
- %WINDIR%\Fonts\sylfaen.ttf
- %WINDIR%\Fonts\script.fon
- %WINDIR%\Fonts\shruti.ttf
- %WINDIR%\Fonts\mvboli.ttf
- %WINDIR%\Fonts\lsansd.ttf
- %WINDIR%\Fonts\lsansdi.ttf
- %WINDIR%\Fonts\lsans.ttf
- %WINDIR%\Fonts\kartika.ttf
- %WINDIR%\Fonts\latha.ttf
- %WINDIR%\Fonts\lsansi.ttf
- %WINDIR%\Fonts\micross.ttf
- %WINDIR%\Fonts\modern.fon
- %WINDIR%\Fonts\mangal.ttf
- %WINDIR%\Fonts\lucon.ttf
- %WINDIR%\Fonts\l_10646.ttf
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'TrayNotifyWnd' WindowName: ''
- ClassName: 'TrayClockWClass' WindowName: ''
- ClassName: 'SHELLDLL_DefView' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'BUTTON' WindowName: ''
- ClassName: 'Progman' WindowName: ''