Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'McsMozilaFox' = '"%LOCALAPPDATA%\McsMozilaFox.exe"'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsCleaner' = '"%LOCALAPPDATA%\WindowsCleaner.exe"'
- %APPDATA%\doodle.exe
- %APPDATA%\hwid.exe
- %APPDATA%\install.exe
- %APPDATA%\nvidia.exe
- %TEMP%\is-n0b6h.tmp\install.tmp
- %LOCALAPPDATA%\mcsmozilafox.exe
- %TEMP%\is-89tr4.tmp\_isetup\_setup64.tmp
- %LOCALAPPDATA%\windowscleaner.exe
- %APPDATA%\doodle.exe
- %APPDATA%\nvidia.exe
- %APPDATA%\hwid.exe
- ClassName: 'EDIT' WindowName: ''
- '%APPDATA%\install.exe'
- '%APPDATA%\doodle.exe'
- '%APPDATA%\hwid.exe'
- '%APPDATA%\nvidia.exe'
- '%TEMP%\is-n0b6h.tmp\install.tmp' /SL5="$C0246,17008933,57856,%APPDATA%\Install.exe"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'
- '%WINDIR%\syswow64\wscript.exe' "%LOCALAPPDATA%\Execution5.vbs"