Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CouponXplorer Search Scope Monitor' = '"%PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zsrchmn.exe" /m=2 /w /h'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CouponXplorer_5z Browser Plugin Loader' = '%PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbrmon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CouponXplorer' = 'rundll32 %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbar.dll,S'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CouponXplorer Home Page Guard 32 bit' = '"%PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\AppIntegrator.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\CouponXplorer_5zService] 'Start' = '00000002'
- '%PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe' /m=2 /w /h /r
- '%PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbrmon.exe'
- '%PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zhighin.exe' 5ztpinst.dll,#5
- '%PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe' -remove
- '%PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe' -install
- '%PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe'
- '<SYSTEM32>\ntvdm.exe' -f -i3
- '<SYSTEM32>\ntvdm.exe' -f -i2
- '<SYSTEM32>\ntvdm.exe' -f -i1
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zmlbtn.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zPlugin.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zieovr.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zmedint.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zreghk.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zregiet.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zradio.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zregfft.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zidle.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zfeedmg.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zhighin.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8EXTEX.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8EXTPEX.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zhtmlmu.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zhttpct.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zhkstub.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8HTML.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zscript.dll
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs3.tmp
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\VERIFY.DLL
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs6.tmp
- %PROGRAM_FILES%\CouponXplorer_5z\bar\Settings\s_pid.dat
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs5.tmp
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\UNIFIEDLOGGING.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zskin.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zskplay.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5ztpinst.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\TPIMANAGERCONSOLE.EXE
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zsrchmr.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8TICKER.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\ASSISTMONITOR.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\ASSISTMONITOR64.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\APPINTEGRATORSTUB.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\AppIntegratorStub64.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\CREXT.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\CrExtP5z.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\BOOTSTRAP.JS
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\CHROME.MANIFEST
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\AppIntegrator64.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8RES.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8EPMSUP.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\APPINTEGRATOR.EXE
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\DPNMNGR.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbrmon64.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbrstub.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbprtct.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbrmon.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zdlghk.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zdlghk64.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbrstub64.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zdatact.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbar.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\Hpg64.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\INSTALL.RDF
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\EXEMANAGER.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\FF-NativeMessagingDispatcher.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zauxstb.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zauxstb64.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\LOGO.BMP
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zPlugin.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zradio.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zmedint.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zmlbtn.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zregiet.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zscript.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zregfft.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zreghk.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zieovr.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zhighin.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zhkstub.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8EXTPEX.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zfeedmg.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zhttpct.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zidle.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8HTML.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zhtmlmu.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\VERIFY.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8EPMSUP.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8RES.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\UNIFIEDLOGGING.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zskin.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zskplay.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5ztpinst.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\TPIMANAGERCONSOLE.EXE
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zsrchmr.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8TICKER.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\T8EXTEX.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\ASSISTMONITOR64.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\BOOTSTRAP.JS
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\AppIntegratorStub64.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\ASSISTMONITOR.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\CrExtP5z.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\DPNMNGR.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\CHROME.MANIFEST
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\CREXT.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\APPINTEGRATORSTUB.DLL
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\APPINTEGRATOR.EXE
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\AppIntegrator64.exe
- %WINDIR%\Temp\scs5.tmp
- %WINDIR%\Temp\scs6.tmp
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbrmon64.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbrstub.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbprtct.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbrmon.exe
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zdlghk.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zdlghk64.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbrstub64.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zdatact.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zbar.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\Hpg64.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\INSTALL.RDF
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\EXEMANAGER.DLL
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\FF-NativeMessagingDispatcher.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zauxstb.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\5zauxstb64.dll
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\LOGO.BMP
- %PROGRAM_FILES%\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-ba4.ba8.3a0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b5c.b60.390001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b44.b48.380001'