not-a-virus:AdWare.Win32.MultiPlug.nbjq (Kaspersky), Gen:Variant.Adware.MPlug.3 (B) (Emsisoft), Gen:Variant.Adware.MPlug.3 (AdAware)Behaviour: Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 73eb5753aee9fcabbbece86d83f0fbcc
SHA1: deb37b579a21b36e28939b7206b4a57657f66fcf
SHA256: 56afc32b2ed0cb3ed7cc1ccf937eda3bbbecc1a7e255858e631049102d0a18bc
SSDeep: 49152:FQhVhEdq1dLHXx8bIQ2oLwxXbDGaqXN/2YWHiPeJX23CFuXE:UXCbIQ2oeXWaqXZ2YWCWV23Cs
Size: 2172416 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualCv71EXE, UPolyXv05_v6
Company: no certificate found
Created at: 2014-09-17 14:59:24
Analyzed on: WindowsXP SP3 32-bit
Summary: Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The PUP creates the following process(es):
Vn.exe:1136
regsvr32.exe:468
%original file name%.exe:1532
The PUP injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process Vn.exe:1136 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Program Files%\saveclicker\q.x64.dll (23680 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Program Files%\saveclicker\q.tlb (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\All Users\Application Data\f362fc35c4a3dbfb\{E96338DC-1468-4918-8EC2-8454BFFC5025}.20141101004802 (186 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Program Files%\saveclicker\q.dll (20880 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\All Users\Application Data\saveclicker\Vn.dat (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Program Files%\saveclicker\q.dat (259 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe (21472 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
The process %original file name%.exe:1532 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\bootstrap.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\lsdb.js (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\content\bg.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.dll (3691 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\install.rdf (602 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.exe (3710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.x64.dll (3771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\chrome.manifest (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.tlb (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\CupGD.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\manifest.json (503 bytes)
The PUP deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\bootstrap.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\lsdb.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\content\bg.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\install.rdf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\content.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.x64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\chrome.manifest (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\background.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.tlb (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\CupGD.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\content (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\manifest.json (0 bytes)
Registry activity
The process Vn.exe:1136 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"NoModify" = "1"
"DisplayIcon" = "C:\Windows\System32\msiexec.exe"
[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib]
"Version" = "1.0"
"(Default)" = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"URLUpdateInfo" = "http://saveclickersoft.info/"
[HKCR\SaveClicker.SaveClicker\CLSID]
"(Default)" = "{F2F1364C-6DA1-7164-02B6-94E920F94BCE}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\ProgID]
"(Default)" = "saveclicker.2.1"
[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\TypeLib]
"Version" = "1.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCR\SaveClicker.SaveClicker.2.1\CLSID]
"(Default)" = "{F2F1364C-6DA1-7164-02B6-94E920F94BCE}"
[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR]
"(Default)" = "%Program Files%\saveclicker"
[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\TypeLib]
"(Default)" = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\RegisteredApplicationsEx]
"14072980f35b615cfaea624446a9ac55" = "1"
[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS]
"(Default)" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"_In" = "20141031"
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\InprocServer32]
"(Default)" = "%Program Files%\saveclicker\q.dll"
[HKCR\SaveClicker.SaveClicker]
"(Default)" = "saveclicker"
[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32]
"(Default)" = "%Program Files%\saveclicker\q.tlb"
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\VersionIndependentProgID]
"(Default)" = "saveclicker"
[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}]
"(Default)" = "IRegistry"
[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"NoRepair" = "1"
[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}]
"(Default)" = "IPlaghinMein"
[HKCR\SaveClicker.SaveClicker\CurVer]
"(Default)" = "saveclicker.2.1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"SilentUninstall" = "%Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe /s /n /i:ExecuteCommands;UninstallCommands %Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{F2F1364C-6DA1-7164-02B6-94E920F94BCE}" = "1"
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]
"(Default)" = "saveclicker"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"DisplayVersion" = "1.0.0.1880"
"URLInfoAbout" = "http://saveclickersoft.info/"
[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\TypeLib]
"(Default)" = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 96 EF BD 74 A6 7E 61 16 89 15 D1 AF 2B C4 6B"
[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}]
"(Default)" = "ILocalStorage"
[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0]
"(Default)" = "IEPluginLib"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"CategoryName" = "Apps"
"DisplayName" = "saveclicker"
[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"InstallDate" = "20140917"
[HKCR\SaveClicker.SaveClicker.2.1]
"(Default)" = "saveclicker"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"Publisher" = "saveclicker"
"UninstallString" = "%Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe /s /n /i:ExecuteCommands;UninstallCommands %Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe"
[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\TypeLib]
"Version" = "1.0"
It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]
"(Default)" = "saveclicker"
"NoExplorer" = "1"
The PUP deletes the following registry key(s):
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\VersionIndependentProgID]
[HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]
[HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\Programmable]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\ProgID]
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\InprocServer32]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]
The process regsvr32.exe:468 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 84 52 CC D1 FC 1C A8 A2 4B 75 57 52 7B 16 05"
Dropped PE files
| MD5 | File path |
|---|---|
| eb30b8b0410baa09030d150e8d2fd121 | c:\Documents and Settings\All Users\Application Data\saveclicker\Vn.exe |
| ad41aeafe70701aef008a6a60c4af29d | c:\Program Files\saveclicker\q.dll |
| cca2ae9671e4eb0ab11d5e6a6f9d71b8 | c:\Program Files\saveclicker\q.x64.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
Vn.exe:1136
regsvr32.exe:468
%original file name%.exe:1532 - Delete the original PUP file.
- Delete or disinfect the following files created/modified by the PUP:
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Program Files%\saveclicker\q.x64.dll (23680 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Program Files%\saveclicker\q.tlb (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\All Users\Application Data\f362fc35c4a3dbfb\{E96338DC-1468-4918-8EC2-8454BFFC5025}.20141101004802 (186 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Program Files%\saveclicker\q.dll (20880 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\All Users\Application Data\saveclicker\Vn.dat (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Program Files%\saveclicker\q.dat (259 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe (21472 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\bootstrap.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\lsdb.js (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\content\bg.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.dll (3691 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\install.rdf (602 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.exe (3710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.x64.dll (3771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\iecigt@l-ooue.edu\chrome.manifest (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.tlb (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\CupGD.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\manifest.json (503 bytes)
Static Analysis
VersionInfo
Company Name: Setup
Product Name: Setup
Product Version: 2.5.0.0
Legal Copyright: Copyright (c) 2014
Legal Trademarks:
Original Filename: Setup
Internal Name: Setup
File Version: 2.5.0.0
File Description: Setup
Comments:
Language: Language Neutral
Company Name: SetupProduct Name: SetupProduct Version: 2.5.0.0Legal Copyright: Copyright (c) 2014Legal Trademarks: Original Filename: SetupInternal Name: SetupFile Version: 2.5.0.0File Description: SetupComments: Language: Language Neutral
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 78398 | 78848 | 4.61486 | b1cd3e832a8ba5edf1d2af749ec78597 |
| .rdata | 86016 | 2051628 | 2052096 | 5.4443 | d3c25a17ef9dc2a50ea24a28332ae028 |
| .data | 2138112 | 31016 | 20992 | 1.09238 | a7fbbd86955e4ea11eede05ad005b7c1 |
| .rsrc | 2170880 | 6530 | 6656 | 2.7844 | 70a69fd9f94f0c83303c6fc3634ca638 |
| .reloc | 2179072 | 12706 | 12800 | 3.3392 | d4ce4a7491f543d75b88ebfc1568fbc9 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The PUP connects to the servers at the folowing location(s):