Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SMSS' = '%WINDIR%\system\SMSS.EXE /H /S'
- hidden files
- sro_client.exe
- ybclient.exe
- zlclient.exe
- elementclient.exe
- lotroclient.exe
- magent.exe
- fsav.exe
- smc.exe
- zapro.exe
- drweb.exe
- GUARD.EXE
- outpost.exe
- ash.exe
- AVPCC.EXE
- AVP32.EXE
- AVPM.EXE
- AVP.EXE
- nod32.exe
- NAVAPW32.EXE
- AVGCTRL.EXE
- AVSYNMGR.EXE
- Drwebupw.exe
- bdagent.exe
- ZONEALARM.EXE
- MCAGENT.EXE
- mpftray.exe
- <SYSTEM32>\Log\No UserName Typed!1.log
- %WINDIR%\system\SMSS.EXE
- %WINDIR%\system\SMSS.EXE
- 'ft#.##gelfire.com':21
- 'localhost':1036
- DNS ASK ft#.##gelfire.com
- ClassName: 'Shell_TrayWnd' WindowName: ''