Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{N1PL108U-8CCD-U112-8N61-HD7L0RE41K0D}] 'StubPath' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Runonce' = '<SYSTEM32>\runouce.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = ''
- %HOMEPATH%\Start Menu\Programs\Startup\Firefox1.exe
- <SYSTEM32>\dllcache\conf.exe with <SYSTEM32>\dllcache\conf.exe.new
- <SYSTEM32>\dllcache\wb32.exe with <SYSTEM32>\dllcache\wb32.exe.new
- <SYSTEM32>\dllcache\moviemk.exe with <SYSTEM32>\dllcache\moviemk.exe.new
- <SYSTEM32>\dllcache\cb32.exe with <SYSTEM32>\dllcache\cb32.exe.new
- <SYSTEM32>\dllcache\msimn.exe with <SYSTEM32>\dllcache\msimn.exe.new
- <SYSTEM32>\dllcache\wab.exe with <SYSTEM32>\dllcache\wab.exe.new
- <SYSTEM32>\dllcache\wabmig.exe with <SYSTEM32>\dllcache\wabmig.exe.new
- <SYSTEM32>\dllcache\oemig50.exe with <SYSTEM32>\dllcache\oemig50.exe.new
- <SYSTEM32>\dllcache\setup50.exe with <SYSTEM32>\dllcache\setup50.exe.new
- <SYSTEM32>\dllcache\icwconn1.exe with <SYSTEM32>\dllcache\icwconn1.exe.new
- <SYSTEM32>\dllcache\icwconn2.exe with <SYSTEM32>\dllcache\icwconn2.exe.new
- <SYSTEM32>\dllcache\msinfo32.exe with <SYSTEM32>\dllcache\msinfo32.exe.new
- <SYSTEM32>\dllcache\sapisvr.exe with <SYSTEM32>\dllcache\sapisvr.exe.new
- <SYSTEM32>\dllcache\icwrmind.exe with <SYSTEM32>\dllcache\icwrmind.exe.new
- <SYSTEM32>\dllcache\isignup.exe with <SYSTEM32>\dllcache\isignup.exe.new
- <SYSTEM32>\dllcache\iedw.exe with <SYSTEM32>\dllcache\iedw.exe.new
- <SYSTEM32>\dllcache\icwtutor.exe with <SYSTEM32>\dllcache\icwtutor.exe.new
- <SYSTEM32>\dllcache\inetwiz.exe with <SYSTEM32>\dllcache\inetwiz.exe.new
- %PROGRAM_FILES%\Internet Explorer\iedw.exe.new
- %PROGRAM_FILES%\Movie Maker\moviemk.exe.new
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\inetwiz.exe.new
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\isignup.exe.new
- %PROGRAM_FILES%\NetMeeting\cb32.exe.new
- %PROGRAM_FILES%\Outlook Express\msimn.exe.new
- %PROGRAM_FILES%\Outlook Express\oemig50.exe.new
- %PROGRAM_FILES%\NetMeeting\conf.exe.new
- %PROGRAM_FILES%\NetMeeting\wb32.exe.new
- %PROGRAM_FILES%\Outlook Express\wab.exe
- %PROGRAM_FILES%\Outlook Express\wabmig.exe
- %PROGRAM_FILES%\Outlook Express\oemig50.exe
- %PROGRAM_FILES%\Outlook Express\setup50.exe
- <Auxiliary element>
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwrmind.exe.new
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwtutor.exe.new
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn1.exe.new
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn2.exe.new
- %PROGRAM_FILES%\Outlook Express\setup50.exe.new
- <SYSTEM32>\dllcache\conf.exe.new
- <SYSTEM32>\dllcache\wb32.exe.new
- <SYSTEM32>\dllcache\moviemk.exe.new
- <SYSTEM32>\dllcache\cb32.exe.new
- <SYSTEM32>\dllcache\msimn.exe.new
- <SYSTEM32>\dllcache\wab.exe.new
- <SYSTEM32>\dllcache\wabmig.exe.new
- <SYSTEM32>\dllcache\oemig50.exe.new
- <SYSTEM32>\dllcache\setup50.exe.new
- <SYSTEM32>\dllcache\icwconn1.exe.new
- <SYSTEM32>\dllcache\icwconn2.exe.new
- %PROGRAM_FILES%\Outlook Express\wab.exe.new
- %PROGRAM_FILES%\Outlook Express\wabmig.exe.new
- <SYSTEM32>\dllcache\icwrmind.exe.new
- <SYSTEM32>\dllcache\isignup.exe.new
- <SYSTEM32>\dllcache\iedw.exe.new
- <SYSTEM32>\dllcache\icwtutor.exe.new
- <SYSTEM32>\dllcache\inetwiz.exe.new
- %PROGRAM_FILES%\Outlook Express\msimn.exe
- %PROGRAM_FILES%\FireFox\nsinstall.exe
- %PROGRAM_FILES%\FireFox\plugin-container.exe
- %PROGRAM_FILES%\FireFox\js.exe
- %PROGRAM_FILES%\FireFox\mangle.exe
- %PROGRAM_FILES%\FireFox\shlibsign.exe
- %PROGRAM_FILES%\FireFox\xpcshell.exe
- %PROGRAM_FILES%\FireFox\xpidl.exe
- %PROGRAM_FILES%\FireFox\uninstall\helper.exe
- %PROGRAM_FILES%\FireFox\updater.exe
- %CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.EXE
- %CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.exe
- C:\Far2\Far.exe
- %CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE
- %CommonProgramFiles%\Microsoft Shared\Speech\sapisvr.exe
- %PROGRAM_FILES%\FireFox\crashreporter.exe
- %PROGRAM_FILES%\FireFox\firefox.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.exe.new
- %CommonProgramFiles%\Microsoft Shared\Speech\sapisvr.exe.new
- %PROGRAM_FILES%\FireFox\xpt_dump.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
- <SYSTEM32>\dllcache\msinfo32.exe.new
- %PROGRAM_FILES%\Movie Maker\moviemk.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
- <SYSTEM32>\dllcache\sapisvr.exe.new
- %PROGRAM_FILES%\NetMeeting\conf.exe
- %PROGRAM_FILES%\NetMeeting\wb32.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\msnsusii.exe
- %PROGRAM_FILES%\NetMeeting\cb32.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn2.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwrmind.exe
- %PROGRAM_FILES%\FireFox\xpt_link.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn1.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwtutor.exe
- %PROGRAM_FILES%\Internet Explorer\iedw.exe
- %PROGRAM_FILES%\Messenger\msmsgs.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\inetwiz.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\isignup.exe
- '%TEMP%\s2setup.exe' -x "InternetExplorer110960016428x32"
- '%TEMP%\Internet.Explorer-11.0.9600.16428-x32.exe'
- '%TEMP%\Firefox1.exe'
- '%TEMP%\s2setup.exe' (downloaded from the Internet)
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\ctfmon.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\readme.eml
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\certerror\readme.eml
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\feeds\readme.eml
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\readme.eml
- %CommonProgramFiles%\Microsoft Shared\Stationery\readme.eml
- %CommonProgramFiles%\System\ado\readme.eml
- %PROGRAM_FILES%\FireFox\chrome\toolkit\res\readme.eml
- %PROGRAM_FILES%\FireFox\defaults\profile\readme.eml
- %PROGRAM_FILES%\NetMeeting\readme.eml
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\safebrowsing\readme.eml
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\readme.eml
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\cpow\readme.eml
- %WINDIR%\InstallDir\Server.exe
- %TEMP%\Internet.Explorer-11.0.9600.16428-x32.exe
- %TEMP%\nsm4.tmp\System.dll
- %TEMP%\nsm4.tmp\inetc.dll
- %TEMP%\aut1.tmp
- %TEMP%\Firefox1.exe
- %TEMP%\aut2.tmp
- %TEMP%\s2cache.tmp
- %TEMP%\s2setup.exe
- <SYSTEM32>\runouce.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\get[1].SP2&admin=1&name=InternetExplorer110960016428x32
- %TEMP%\nsd5.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\default[1].exe
- <SYSTEM32>\runouce.exe
- %TEMP%\s2setup.exe
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\nsm4.tmp\System.dll
- %TEMP%\nsm4.tmp\inetc.dll
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\nsd5.tmp
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'localhost':81
- 'sy####ow.zapto.org':81
- 'localhost':1039
- 'ap#.#kymonk.net':80
- 'up####.skymonk.net':80
- up####.skymonk.net/installers/default.exe
- ap#.#kymonk.net/installer/get/?la################################################################
- DNS ASK sy####ow.zapto.org
- DNS ASK bt###il.net.cn
- DNS ASK ap#.#kymonk.net
- DNS ASK up####.skymonk.net
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: '_SKYMONK2_STARTER_WND_' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '_SKYMONK2_MAIN_WND_' WindowName: '(null)'