Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'amigo' = ''
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'AIUpdateService' = '"%ProgramFiles%\Microsoft Data\<File name>.exe" /reinstall=1'
- %ProgramFiles%\microsoft data\<File name>.exe
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\mttponmxqpmkie.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\5ac94c8201365392359
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\ubzpuelkdnwrxz.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_ui.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_css_compiled.css
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\azurpwcmycxtl.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_compiled.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\mjoxjzzjrkv.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\manifest.json
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\main_compiled.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\injection.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon48.png
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon32.png
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options.html
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_css_compiled.css
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\background.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\ubzpuelkdnwrxz.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_ui.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_css_compiled.css
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_compiled.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options.html
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\mjoxjzzjrkv.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon19.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\yekspzklaothn.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\injection.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon48.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon32.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon19.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon16.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon128.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\main_compiled.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\fovobywqifzq.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon16.png
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon128.png
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\fovobywqifzq.js
- %TEMP%\folder_data_rc_adds\xml\op_data.xml
- %TEMP%\folder_data_rc_adds\adds\addon.xpi
- %TEMP%\folder_data_rc_adds\adds\addon.crx
- %TEMP%\folder_data_rc_adds\adds\addon.oex
- %TEMP%\folder_data_rc_adds\js\ff_set.json
- %TEMP%\folder_data_rc_adds\js\chr_pref.json
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\5ac94c8201365392359
- %TEMP%\folder_data_rc_adds\xml\task.xml
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon16.png
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\mttponmxqpmkie.js
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\yekspzklaothn.js
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\azurpwcmycxtl.js
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\background.js
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\fovobywqifzq.js
- %TEMP%\folder_data_rc_adds\xml\op_wid.xml
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\manifest.json
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon19.png
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\injection.js
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon32.png
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\background.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\azurpwcmycxtl.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\yekspzklaothn.js
- %APPDATA%\opera software\opera stable\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\mttponmxqpmkie.js
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\5ac94c8201365392359
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon48.png
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\ubzpuelkdnwrxz.js
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon128.png
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_compiled.js
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options.html
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\mjoxjzzjrkv.js
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\manifest.json
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\main_compiled.js
- <LS_APPDATA>\google\chrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_ui.js
- %APPDATA%\601481c74847c
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\azurpwcmycxtl.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\ubzpuelkdnwrxz.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_ui.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_css_compiled.css
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_compiled.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options.html
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\mttponmxqpmkie.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\mjoxjzzjrkv.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\manifest.json
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\main_compiled.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\injection.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon48.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon32.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon19.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon16.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon128.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\fovobywqifzq.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\background.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\yekspzklaothn.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\5ac94c8201365392359
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\mttponmxqpmkie.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_ui.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_css_compiled.css
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options_compiled.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\options.html
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\mjoxjzzjrkv.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\manifest.json
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\main_compiled.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\injection.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon48.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon32.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon19.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon16.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\icons\icon128.png
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\fovobywqifzq.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\background.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\azurpwcmycxtl.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\yekspzklaothn.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\1.0.3\ubzpuelkdnwrxz.js
- <LS_APPDATA>\nichrome\user data\default\extensions\cfmnkhhioonhiehehedmnjibmampjiab\5ac94c8201365392359
- DNS ASK vb###wqhqq.ru