Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DoctorPC' = '%PROGRAM_FILES%\Doctor PC\DoctorPC.exe true'
- '%PROGRAM_FILES%\Doctor PC\InstAct.exe' installurl
- '%PROGRAM_FILES%\Doctor PC\InstAct.exe' install 17 0
- '%PROGRAM_FILES%\Doctor PC\DoctorPC.exe' true
- '<SYSTEM32>\msiexec.exe' -Embedding AD202481D4631057DC865FE1A3C11C42 M Global\MSI0000
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\msiexec.exe' -Embedding 1B5231338581D9DBA55127D957A4CF85
- '<SYSTEM32>\msiexec.exe' /i "%APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\DoctorPC.msi" /qn AI_SETUPEXEPATH=<Full path to virus> SETUPEXEDIR=<Current directory>\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "
- '<SYSTEM32>\msiexec.exe' /V
- %PROGRAM_FILES%\Doctor PC\sr-Cyrl-RS\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\Splash.exe
- %PROGRAM_FILES%\Doctor PC\sr-Latn-RS\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\th-TH\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\sv\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\se-FI\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\ja\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\it\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\Microsoft.Deployment.WindowsInstaller.dll
- %PROGRAM_FILES%\Doctor PC\no\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\nl\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\tr-TR\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\es\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\DoctorPC.exe
- %PROGRAM_FILES%\Doctor PC\fil-PH\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\he\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\fr\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\de\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\ar\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\Uninst000.dll
- %PROGRAM_FILES%\Doctor PC\bs-Cyrl-BA\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\da\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\bs-Latn-BA\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\hr-HR\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\bo.dll
- %PROGRAM_FILES%\Doctor PC\InstAct.exe
- %PROGRAM_FILES%\Doctor PC\ComponentFactory.Krypton.Toolkit.dll
- %PROGRAM_FILES%\Doctor PC\Logging.dll
- %PROGRAM_FILES%\Doctor PC\Helper.dll
- %PROGRAM_FILES%\Doctor PC\Uninst000.CA.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\sv\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\sr-Latn-RS\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\th-TH\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\updater.exe
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\tr-TR\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\Microsoft.Win32.TaskScheduler.dll
- %PROGRAM_FILES%\Doctor PC\es\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\de\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\fil-PH\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\he\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\fr\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\da\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\Interop.Shell32.dll
- %PROGRAM_FILES%\Doctor PC\Setup.dll
- %PROGRAM_FILES%\Doctor PC\ar\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\bs-Latn-BA\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\bs-Cyrl-BA\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\se-FI\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\ru\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\sr-Cyrl-RS\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\sv\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\sr-Latn-RS\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\pt\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\it\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\hr-HR\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\ja\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\no\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\nl\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\th-TH\Uninst000.resources.dll
- %TEMP%\~DFE3CA.tmp
- %WINDIR%\Installer\MSIA.tmp
- %HOMEPATH%\My Documents\DoctorPC\logerror.txt
- %HOMEPATH%\My Documents\DoctorPC\log.txt
- <LS_APPDATA>\Doctor_PC\DoctorPC.exe_Url_f4xybd2dcd3coldsotre2jcrgmgycvhr\2.7.0.0\5lrfiwfi.newcfg
- %WINDIR%\Installer\{6552A82C-542C-4461-8737-AC445F002076}\icon.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Doctor PC\Doctor PC.lnk
- %PROGRAM_FILES%\Doctor PC\tr-TR\Uninst000.resources.dll
- %ALLUSERSPROFILE%\Desktop\Doctor PC.lnk
- %WINDIR%\Installer\2c127.msi
- %PROGRAM_FILES%\Doctor PC\updater.ini
- %PROGRAM_FILES%\Doctor PC\he\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\sr-Latn-RS\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\sr-Cyrl-RS\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\sv\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\tr-TR\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\th-TH\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\se-FI\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\it\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\hr-HR\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\ja\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\no\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\nl\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\pt\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\de\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\da\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\es\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\fr\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\fil-PH\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\bs-Latn-BA\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\ru\DoctorPC.resources.dll
- %PROGRAM_FILES%\Doctor PC\pt\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\ru\Splash.resources.dll
- %PROGRAM_FILES%\Doctor PC\bs-Cyrl-BA\Uninst000.resources.dll
- %PROGRAM_FILES%\Doctor PC\ar\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\fr\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\fil-PH\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\he\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\it\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\hr-HR\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\es\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\bs-Cyrl-BA\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\ar\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\bs-Latn-BA\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\de\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\da\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\ja\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\sv\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\sr-Latn-RS\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\th-TH\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\Helper.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\tr-TR\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\sr-Cyrl-RS\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\no\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\nl\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\pt\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\se-FI\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\ru\DoctorPC.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\ComponentFactory.Krypton.Toolkit.dll
- %WINDIR%\Installer\2c125.ipi
- %WINDIR%\Installer\MSI3.tmp
- %TEMP%\~DFD4A0.tmp
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI2.tmp
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\DoctorPC.msi
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\decoder.dll
- %TEMP%\MSI2ba3e.LOG
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\2c123.msi
- %TEMP%\AI_ResourceCleanerLog.txt
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\InstAct.exe
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\DoctorPC.exe
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\Splash.exe
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\bo.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\updater.exe
- %WINDIR%\Installer\MSI9.tmp
- C:\Config.Msi\2c126.rbs
- %WINDIR%\Installer\MSI6.tmp
- %WINDIR%\Installer\MSI8.tmp
- %TEMP%\AIBB_3040.tmp
- %TEMP%\{FFB44C93-4790-4151-B6A9-BB766F596C27}.bat
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\bs-Latn-BA\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\bs-Cyrl-BA\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\da\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\es\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\de\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\ar\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\th-TH\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\sv\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\tr-TR\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\Uninst000.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\Uninst000.CA.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\fil-PH\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\pt\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\no\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\ru\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\sr-Cyrl-RS\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\se-FI\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\nl\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\he\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\fr\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\hr-HR\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\ja\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\it\Uninst000.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\sr-Latn-RS\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\bs-Latn-BA\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\bs-Cyrl-BA\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\da\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\es\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\de\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\ar\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\Logging.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\Interop.Shell32.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\Microsoft.Deployment.WindowsInstaller.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\Setup.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\Microsoft.Win32.TaskScheduler.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\fil-PH\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\pt\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\no\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\ru\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\sr-Cyrl-RS\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\se-FI\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\nl\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\he\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\fr\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\hr-HR\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\ja\Splash.resources.dll
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\F002076\it\Splash.resources.dll
- C:\Config.Msi\2c126.rbs
- %WINDIR%\Installer\MSIA.tmp
- %WINDIR%\Installer\MSI4.tmp
- %APPDATA%\Doctor PC\Doctor PC 2.7.0\install\decoder.dll
- %WINDIR%\Installer\2c125.ipi
- %WINDIR%\Installer\2c123.msi
- %WINDIR%\Installer\MSI9.tmp
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI8.tmp
- %WINDIR%\Installer\MSI6.tmp
- %WINDIR%\Installer\MSI5.tmp
- from <LS_APPDATA>\Doctor_PC\DoctorPC.exe_Url_f4xybd2dcd3coldsotre2jcrgmgycvhr\2.7.0.0\5lrfiwfi.newcfg to <LS_APPDATA>\Doctor_PC\DoctorPC.exe_Url_f4xybd2dcd3coldsotre2jcrgmgycvhr\2.7.0.0\user.config
- 'localhost':1044
- 'www.do####pc-lab.com':80
- 'wp#d':80
- '14#.#10.147.77':80
- www.do####pc-lab.com/specialoffer?ch###############
- wp#d/wpad.dat
- 14#.#10.147.77/callback/bo.php
- DNS ASK www.do####pc-lab.com
- DNS ASK wp#d
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''