Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Synaptics Pointing Device Driver' = '%ALLUSERSPROFILE%\Synaptics\Synaptics.exe'
- %HOMEPATH%\downloads\chromesetup.exe
- %HOMEPATH%\downloads\icq_rfrset.exe
- %HOMEPATH%\downloads\k-lite_codec_pack_1110_mega.exe
- %HOMEPATH%\downloads\k-lite_codec_pack_1110_mega_dlm.exe
- %HOMEPATH%\downloads\magent_rfrset.exe
- %HOMEPATH%\downloads\mirc741.exe
- %HOMEPATH%\downloads\opera_ni_stable.exe
- %HOMEPATH%\downloads\pidgin-2.10.11.exe
- %HOMEPATH%\downloads\steamsetup.exe
- %HOMEPATH%\downloads\thunderbird setup 31.6.0.exe
- %HOMEPATH%\downloads\winamp5666_full_all.exe
- <Current directory>\._cache_<File name>.exe
- %TEMP%\rcxddbc.tmp
- %TEMP%\miuln21t.exe
- %TEMP%\rcxe0b9.tmp
- %TEMP%\miuln21t.ico
- %TEMP%\rcxe240.tmp
- %TEMP%\3adavahn.exe
- %TEMP%\rcxe406.tmp
- %TEMP%\3adavahn.ico
- %TEMP%\rcxdc35.tmp
- %TEMP%\8i1gkpdw.ico
- %TEMP%\rcxe52f.tmp
- %TEMP%\3tenqvze.ico
- %TEMP%\rcxe985.tmp
- %TEMP%\wyjclkce.exe
- %TEMP%\rcxec05.tmp
- %TEMP%\wyjclkce.ico
- %TEMP%\rcxee38.tmp
- %TEMP%\oeqm8lce.exe
- %TEMP%\rcx2be4.tmp
- %TEMP%\3tenqvze.exe
- %TEMP%\rcxe7a0.tmp
- %TEMP%\8i1gkpdw.exe
- %TEMP%\rcxd744.tmp
- %TEMP%\1tshugxf.ico
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012023030920230310\index.dat
- <Current directory>\._cache_synaptics.exe
- %TEMP%\hfuo8itz.exe
- %TEMP%\rcxaf71.tmp
- %TEMP%\hfuo8itz.ico
- %TEMP%\rcxb23f.tmp
- %TEMP%\zdejrhkg.exe
- %TEMP%\rcxb57b.tmp
- %TEMP%\zdejrhkg.ico
- %ALLUSERSPROFILE%\synaptics\synaptics.exe
- %TEMP%\rcxb878.tmp
- %TEMP%\rcxbe43.tmp
- %TEMP%\cpq2outh.ico
- %TEMP%\rcxc25a.tmp
- %TEMP%\5cmmrsj7.exe
- %TEMP%\rcxc853.tmp
- %TEMP%\5cmmrsj7.ico
- %TEMP%\rcxc9cb.tmp
- %TEMP%\1tshugxf.exe
- %TEMP%\rcxcd55.tmp
- %TEMP%\cpq2outh.exe
- %TEMP%\oeqm8lce.ico
- %TEMP%\rcx2d8b.tmp
- <Current directory>\._cache_<File name>.exe
- %ALLUSERSPROFILE%\synaptics\synaptics.exe
- <Current directory>\._cache_synaptics.exe
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012023030920230310\index.dat
- %TEMP%\wyjclkce.ico
- %TEMP%\wyjclkce.exe
- %TEMP%\3tenqvze.ico
- %TEMP%\3tenqvze.exe
- %TEMP%\3adavahn.ico
- %TEMP%\3adavahn.exe
- %TEMP%\miuln21t.ico
- %TEMP%\miuln21t.exe
- %TEMP%\8i1gkpdw.ico
- %TEMP%\oeqm8lce.exe
- %TEMP%\8i1gkpdw.exe
- %TEMP%\1tshugxf.exe
- %TEMP%\5cmmrsj7.ico
- %TEMP%\5cmmrsj7.exe
- %TEMP%\cpq2outh.ico
- %TEMP%\cpq2outh.exe
- %TEMP%\zdejrhkg.ico
- %TEMP%\zdejrhkg.exe
- %TEMP%\hfuo8itz.ico
- %TEMP%\hfuo8itz.exe
- %TEMP%\1tshugxf.ico
- %TEMP%\oeqm8lce.ico
- from %TEMP%\rcxaf71.tmp to %TEMP%\hfuo8itz.exe
- from %TEMP%\rcxee38.tmp to %TEMP%\wyjclkce.exe
- from %TEMP%\rcxec05.tmp to %TEMP%\wyjclkce.exe
- from %TEMP%\rcxe985.tmp to %TEMP%\3tenqvze.exe
- from %TEMP%\rcxe7a0.tmp to %TEMP%\3tenqvze.exe
- from %TEMP%\rcxe52f.tmp to %TEMP%\3adavahn.exe
- from %TEMP%\rcxe406.tmp to %TEMP%\3adavahn.exe
- from %TEMP%\rcxe240.tmp to %TEMP%\miuln21t.exe
- from %TEMP%\rcxe0b9.tmp to %TEMP%\miuln21t.exe
- from %TEMP%\rcxddbc.tmp to %TEMP%\8i1gkpdw.exe
- from %TEMP%\rcxdc35.tmp to %TEMP%\8i1gkpdw.exe
- from %TEMP%\rcxd744.tmp to %TEMP%\1tshugxf.exe
- from %TEMP%\rcxcd55.tmp to %TEMP%\1tshugxf.exe
- from %TEMP%\rcxc9cb.tmp to %TEMP%\5cmmrsj7.exe
- from %TEMP%\rcxc853.tmp to %TEMP%\5cmmrsj7.exe
- from %TEMP%\rcxc25a.tmp to %TEMP%\cpq2outh.exe
- from %TEMP%\rcxbe43.tmp to %TEMP%\cpq2outh.exe
- from %TEMP%\rcxb878.tmp to %TEMP%\zdejrhkg.exe
- from %TEMP%\rcxb57b.tmp to %TEMP%\zdejrhkg.exe
- from %TEMP%\rcxb23f.tmp to %TEMP%\hfuo8itz.exe
- from %TEMP%\rcx2be4.tmp to %TEMP%\oeqm8lce.exe
- from %TEMP%\rcx2d8b.tmp to %TEMP%\oeqm8lce.exe
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012023030920230310\index.dat
- 'fr####s.afraid.org':80
- http://fr####s.afraid.org/api/?ac###########################################################
- DNS ASK xr##.mooo.com
- DNS ASK fr####s.afraid.org
- ClassName: 'MS_WINHELP' WindowName: ''
- '<Current directory>\._cache_<File name>.exe'
- '%ALLUSERSPROFILE%\synaptics\synaptics.exe' InjUpdate
- '<Current directory>\._cache_synaptics.exe' InjUpdate