Technical Information
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\630B.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\6A27.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\60F6.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\6155.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\6A86.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\6B82.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\6CAC.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\6B23.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\6B24.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.js
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\content.js
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Secure Preferences
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.html
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\manifest.json
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\6097.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\60C7.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\options.html
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\6057.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\71D5.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\.curl.1
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.html
- <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\options.html
- %TEMP%\<Virus name>.exe_20141111171900655\resources\libcurl.dll
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\options.html
- %TEMP%\<Virus name>.exe_20141111171900655\.curl.2
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\content.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\manifest.json
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\72F0.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\734F.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\71F5.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\72B1.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\73FC.tmp
- <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\content.js
- <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\manifest.json
- <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.html
- <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.js
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\History-journal
- %TEMP%\etilqs_sEx4rpexAh7A4Lu
- %TEMP%\etilqs_9iTHwyb3IkgVIuH
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Web Data
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\History
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\History Provider Cache
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\47E9.tmp
- %PROGRAM_FILES%\Google\Chrome\Application\debug.log
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\4691.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\MANIFEST-000001
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\000001.dbtmp
- %TEMP%\<Virus name>.exe_20141111171900655\resources.pak
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\MANIFEST-000002
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\First Run
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Web Data-journal
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\000002.dbtmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\LOG
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Favicons-journal
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\content.js
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\manifest.json
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.html
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.js
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\options.html
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Local State
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Preferences
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Secure Preferences
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Favicons
- \Device\Mup\BVNSEUHJ*\MAILSLOT\NET\NETLOGON
- %TEMP%\etilqs_Ggi4pV4ze3AL4Hj
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\4838.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Archived History-journal
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\51BA.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\5277.tmp
- %TEMP%\etilqs_dhsCb8ZUic2FWS7
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Archived History
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Web Data
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Secure Preferences
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Web Data-journal
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\content.js
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.js
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.html
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Favicons
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Archived History-journal
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Archived History
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Favicons-journal
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\History-journal
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\History Provider Cache
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\History
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.html
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Secure Preferences
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Preferences
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\background.js
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\options.html
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\manifest.json
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\content.js
- %TEMP%\<Virus name>.exe_20141111171900655\.curl.1
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\options.html
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil\1.1_0\manifest.json
- %TEMP%\<Virus name>.exe_20141111171900655\.curl.2
- %TEMP%\<Virus name>.exe_20141111171900655\resources\chrome\Local State
- %TEMP%\<Virus name>.exe_20141111171900655\resources\libcurl.dll
- %TEMP%\<Virus name>.exe_20141111171900655\resources.pak
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF960a5.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\MANIFEST-000002
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\LOG
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF960e4.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF961ed.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF96170.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF96122.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\4691.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\MANIFEST-000001
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\CURRENT~RF93be7.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF9494f.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\CURRENT
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF952a1.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF95263.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF9731c.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF972ce.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF9729f.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF9731c.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\First Run
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\73FC.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF9736a.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF96ad3.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF96ad3.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\630B.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF96b5f.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\6CAC.tmp
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF96b9d.TMP
- %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF96b5f.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF96b5f.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\6B24.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF96b5f.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF96b9d.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\6B82.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\6A86.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\6A27.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF96ad3.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\6B23.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF96ad3.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF9731c.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\72F0.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF9731c.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF9736a.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\734F.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF9729f.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\71D5.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\71F5.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\72B1.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF972ce.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\51BA.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF9494f.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF95263.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF952a1.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\5277.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\000002.dbtmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\CURRENT
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\000001.dbtmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\CURRENT
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\CURRENT to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Extension Rules\CURRENT~RF93be7.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\4838.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\47E9.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\60F6.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF96122.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF96170.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF961ed.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\6155.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State~RF960a5.TMP
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\6057.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\6097.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\60C7.tmp to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Local State
- from %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences to %TEMP%\<Virus name>.exe_20141111171900655\UserData\Default\Preferences~RF960e4.TMP
- 'in###ooks.org':80
- in###ooks.org/install/log
- in###ooks.org/install
- DNS ASK in###ooks.org
- DNS ASK www.google.com
- ClassName: 'Chrome_MessageWindow' WindowName: '%TEMP%\<Virus name>.exe_20141111171900655\UserData\'
- ClassName: 'AutoHotkey' WindowName: '<Full path to virus>'