Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System32' = '%PROGRAM_FILES%\sysconfig\sysdiag.exe'
- hidden files
- %PROGRAM_FILES%\sysconfig\sysdiag.exe
- %PROGRAM_FILES%\sysconfig\services.exe
- %PROGRAM_FILES%\sysconfig\svchost.exe
- %PROGRAM_FILES%\sysconfig\concealer.exe
- %PROGRAM_FILES%\sysconfig\driver-setup.exe -s
- %PROGRAM_FILES%\WinConfig\npf_mgm.exe -r
- Handler for all processes: %WINDIR%\sysk32.dll
- ClassName: 'AOL Frame25' WindowName: ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;'
- [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'CheckExeSignatures' = 'no'
- [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'RunInvalidSignatures' = '00000001'
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg1.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg2.ssf
- %WINDIR%\mfc70.dll
- %ALLUSERSPROFILE%\Application Data\sa\emopts.dat
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg5.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg6.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg3.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg4.ssf
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mfc70[1].dll
- %PROGRAM_FILES%\sysconfig\AC_RunActiveContent.js
- %PROGRAM_FILES%\sysconfig\cl3d.swf
- %WINDIR%\sassr.dat
- %WINDIR%\jimglib.dll
- %PROGRAM_FILES%\sysconfig\rds.exe
- %ALLUSERSPROFILE%\Application Data\sa\defs.tmp
- %PROGRAM_FILES%\sysconfig\charts.swf
- %PROGRAM_FILES%\sysconfig\autoi.sys
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg7.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg13.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg14.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\sslist.dat
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg12.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg17.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg18.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg15.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg16.ssf
- %ALLUSERSPROFILE%\Application Data\sa\sys013.log
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg10.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg11.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg8.ssf
- %ALLUSERSPROFILE%\Application Data\AgentSS\wincfg9.ssf
- %ALLUSERSPROFILE%\Application Data\sa\sys011.log
- %ALLUSERSPROFILE%\Application Data\sa\sys012.log
- %ALLUSERSPROFILE%\Application Data\sa\sys004.log
- %ALLUSERSPROFILE%\Application Data\sa\sys008.log
- %PROGRAM_FILES%\sysconfig\NoStealth.exe
- %PROGRAM_FILES%\sysconfig\license.txt
- %PROGRAM_FILES%\sysconfig\sysdiag.exe
- %PROGRAM_FILES%\sysconfig\services.exe
- %ALLUSERSPROFILE%\Application Data\sa\saopts.dat
- %WINDIR%\clfct.dll
- %WINDIR%\sysk32.dll
- %WINDIR%\SNMPAPI.DLL
- %ALLUSERSPROFILE%\Application Data\defs.tmp
- %TEMP%\~vis0000\miscdata.xyz
- %TEMP%\~vis0000\rebootnt.exe
- %TEMP%\~vis0000\vise32ex.dll
- %TEMP%\~vis0000\English.vlg
- %WINDIR%\sadefs.dat
- %PROGRAM_FILES%\sysconfig\concealer.exe
- %TEMP%\~vis0000\default.bmp
- %TEMP%\~vis0000\rollback.log
- %WINDIR%\sview.exe
- %PROGRAM_FILES%\WinConfig\npf_mgm.exe
- <SYSTEM32>\wpcap.dll
- <DRIVERS>\npf.sys
- <SYSTEM32>\packet.dll
- %PROGRAM_FILES%\sysconfig\svchost.exe
- %WINDIR%\Base64.dll
- <SYSTEM32>\WanPacket.dll
- <SYSTEM32>\pthreadVC.dll
- %TEMP%\0UD6O0BV\driver-setup\lng\Enu.lng
- %TEMP%\0UD6O0BV\unpack.dll
- %TEMP%\0UD6O0BV\Resume.exe
- <SYSTEM32>\sinvfct.dll
- %PROGRAM_FILES%\sysconfig\driver-setup.exe
- %TEMP%\0UD6O0BV\driver-setup\db.pdb
- %TEMP%\0UD6O0BV\driver-setup\main.pdb
- %TEMP%\0UD6O0BV\driver-setup\presetup.rgn
- %TEMP%\0UD6O0BV\driver-setup\presetup.bmp
- %PROGRAM_FILES%\sysconfig\concealer.exe
- %ALLUSERSPROFILE%\Application Data\sa\saopts.dat
- <SYSTEM32>\sinvfct.dll
- %PROGRAM_FILES%\sysconfig\svchost.exe
- %TEMP%\~vis0000\English.vlg
- %TEMP%\~vis0000\rebootnt.exe
- %PROGRAM_FILES%\sysconfig\driver-setup.exe
- %TEMP%\~vis0000\default.bmp
- %PROGRAM_FILES%\WinConfig\npf_mgm.exe
- %ALLUSERSPROFILE%\Application Data\sa\defs.tmp
- %TEMP%\~vis0000\rollback.log
- %TEMP%\~vis0000\vise32ex.dll
- %TEMP%\0UD6O0BV\unpack.dll
- %TEMP%\0UD6O0BV\driver-setup\db.pdb
- %TEMP%\0UD6O0BV\driver-setup\lng\Enu.lng
- %TEMP%\~vis0000\miscdata.xyz
- %ALLUSERSPROFILE%\Application Data\defs.tmp
- %TEMP%\0UD6O0BV\driver-setup\presetup.rgn
- %TEMP%\0UD6O0BV\Resume.exe
- %TEMP%\0UD6O0BV\driver-setup\main.pdb
- %TEMP%\0UD6O0BV\driver-setup\presetup.bmp
- 'www.sp###ch-web.com':80
- 'localhost':1035
- www.sp###ch-web.com/Files/mfc70.dll
- DNS ASK www.sp###ch-web.com
- ClassName: '#32770' WindowName: 'Microsoft Visual C++ Runtime Library'
- ClassName: '#32770' WindowName: 'svchost.exe'
- ClassName: 'SpyAgent_HWND32' WindowName: ''
- ClassName: '#32770' WindowName: 'sysdiag.exe - No Disk'
- ClassName: '#32770' WindowName: 'svchost.exe - Application Error'
- ClassName: '#32770' WindowName: 'Windows - No Disk'
- ClassName: 'PCHShell Window' WindowName: 'System Information'
- ClassName: 'ExploreWClass' WindowName: ''
- ClassName: 'CabinetWClass' WindowName: ''
- ClassName: 'BrowserFrameGripperClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '#32770' WindowName: 'System Configuration Utility'
- ClassName: '' WindowName: 'Microsoft System Information'
- ClassName: 'MozillaUIWindowClass' WindowName: ''
- ClassName: 'OpWindow' WindowName: ''
- ClassName: 'OperaWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'DeployHWND32' WindowName: ''
- ClassName: 'MozillaWindowClass' WindowName: ''
- ClassName: '{1C03B488-D53B-4a81-97F8-754559640193}' WindowName: ''
- ClassName: 'BLDOPERA' WindowName: ''
- ClassName: '#32770' WindowName: 'sysdiag.exe'
- ClassName: '#32770' WindowName: 'sysdiag.exe - Application Error'
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Chrome_XPFrame' WindowName: ''
- ClassName: 'Chrome_WidgetWin_0' WindowName: ''