Technical Information
- %PROGRAM_FILES%\Funmoods\1.5.23.22\funmoodssrv.exe /regServer
- %TEMP%\is145000\FunmoodsTB.exe -y -o"%APPDATA%\Mozilla\Firefox\Profiles\CWDGT0~1.DEF\EXTENS~1\ffxtlbr@funmoods.com"
- %TEMP%\nse2.tmp\tmp0002.exe /S /aflt=softpb /instlRef=softpb /mhp /mds /mnt /PKL=2 /AL=2
- %TEMP%\nse2.tmp\ns3.tmp "%TEMP%\nse2.tmp\lzma.exe" d %TEMP%\nse2.tmp\inetc.bin %TEMP%\nse2.tmp\inetc.dll
- %TEMP%\nse2.tmp\lzma.exe d %TEMP%\nse2.tmp\inetc.bin %TEMP%\nse2.tmp\inetc.dll
- <SYSTEM32>\regsvr32.exe /s %PROGRAM_FILES%\Funmoods\1.5.23.22\escortEng.dll
- <SYSTEM32>\regsvr32.exe /s %PROGRAM_FILES%\Funmoods\1.5.23.22\escorTlbr.dll
- <SYSTEM32>\regsvr32.exe /s %PROGRAM_FILES%\Funmoods\1.5.23.22\escortShld.dll
- <SYSTEM32>\regsvr32.exe /s %PROGRAM_FILES%\Funmoods\1.5.23.22\\bh\escort.dll
- <SYSTEM32>\regsvr32.exe /s %PROGRAM_FILES%\Funmoods\1.5.23.22\escortApp.dll
- firefox.exe
- iexplore.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\logo.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\install.rdf
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\tmplt.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\META-INF\manifest.mf
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\user.js
- %TEMP%\0002FC09.log
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\preferences.xul
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\funmoods.xul
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\loader.xul
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\funmoods.css
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\mtstart.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\chrome.manifest
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
- %TEMP%\is145000\chrome-extension.localstorage
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\iw[1].0&cv=1053&p=240
- %TEMP%\is145000\payloadflat.cis
- %TEMP%\000235DB.log
- %TEMP%\is145000\payload.cis
- %TEMP%\is145000\escortEng.dll
- %TEMP%\is145000\escorTlbr.dll
- %TEMP%\is145000\escortApp.dll
- %TEMP%\nse2.tmp\tmp0003.tmp
- %TEMP%\is145000\escort.dll
- %TEMP%\nse2.tmp\Math.dll
- %TEMP%\nse2.tmp\md5dll.dll
- %TEMP%\nse2.tmp\System.dll
- %TEMP%\nse2.tmp\lzma.exe
- %TEMP%\nse2.tmp\inetc.bin
- %TEMP%\nse2.tmp\tmp0002.exe
- %PROGRAM_FILES%\is143968.log
- %TEMP%\nse2.tmp\inetc.dll
- %TEMP%\nse2.tmp\nsExec.dll
- %TEMP%\nse2.tmp\ns3.tmp
- %TEMP%\is145000\escortShld.dll
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\searchplugins\Search.xml
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
- <LS_APPDATA>\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage-journal
- <LS_APPDATA>\funmoods-speeddial.crx
- <LS_APPDATA>\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\images\pref.jpg
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\help_16.gif
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ffxtlbr@funmoods.com\ffxtlbr@funmoods.com\content\imgs\home.gif
- %TEMP%\is145000\funmoodssrv.exe
- %TEMP%\is145000\FunmoodsTB.exe
- %TEMP%\is145000\funmoods.crx
- %TEMP%\is145000\favicon.ico
- %TEMP%\is145000\funmoods-speeddial.crx
- <LS_APPDATA>\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdloijijlkoblmigdofommgnheckmaki_0.localstorage
- <LS_APPDATA>\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdloijijlkoblmigdofommgnheckmaki_0.localstorage-journal
- <LS_APPDATA>\funmoods.crx
- %TEMP%\is145000\Sqlite3.dll
- %TEMP%\is145000\uninstall.exe
- <LS_APPDATA>\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdloijijlkoblmigdofommgnheckmaki_0.localstorage-journal
- <LS_APPDATA>\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage-journal
- %TEMP%\is145000\payloadflat.cis
- %TEMP%\nse2.tmp\tmp0003.tmp
- %TEMP%\is145000\payload.cis
- %TEMP%\is145000\chrome-extension.localstorage
- %TEMP%\is145000\Sqlite3.dll
- %TEMP%\0002FC09.log
- %TEMP%\is145000\FunmoodsTB.exe
- %TEMP%\is145000\funmoods-speeddial.crx
- %TEMP%\is145000\funmoods.crx
- %TEMP%\nse2.tmp\inetc.bin
- %TEMP%\nse2.tmp\inetc.dll
- %TEMP%\000235DB.log
- %TEMP%\nse2.tmp\ns3.tmp
- %PROGRAM_FILES%\is143968.log
- %TEMP%\nse2.tmp\lzma.exe
- %TEMP%\nse2.tmp\System.dll
- %TEMP%\nse2.tmp\tmp0002.exe
- %TEMP%\nse2.tmp\nsExec.dll
- %TEMP%\nse2.tmp\Math.dll
- %TEMP%\nse2.tmp\md5dll.dll
- 'rp.###moodscdn.com':80
- 'www.in####lwrapper.com':80
- www.in####lwrapper.com/api/iw/?i=###########################################################
- rp.###moodscdn.com/?pc##########
- DNS ASK rp.###moodscdn.com
- DNS ASK www.in####lwrapper.com
- ClassName: 'Shell_TrayWnd' WindowName: ''