Technical Information
- '%TEMP%\mia1.tmp\email-extractor-setup.exe' /m="<Full path to virus>" /k=""
- '<SYSTEM32>\msiexec.exe' -Embedding A3DBA8F1D04729A1A7FC4E5289C24259
- '<SYSTEM32>\msiexec.exe' /V
- %PROGRAM_FILES%\Email Extractor\whois_servers.csv
- %PROGRAM_FILES%\Email Extractor\Interop.SHDocVw.dll
- %PROGRAM_FILES%\Email Extractor\AxInterop.SHDocVw.dll
- C:\Config.Msi\270d4.rbs
- %PROGRAM_FILES%\Email Extractor\EmailExtractor.exe
- %PROGRAM_FILES%\Email Extractor\SearchEngines.xml
- %PROGRAM_FILES%\Email Extractor\fr\EmailExtractor.resources.dll
- %PROGRAM_FILES%\Email Extractor\ICSharpCode.SharpZipLib.dll
- %PROGRAM_FILES%\Email Extractor\DevExpress.BonusSkins.v11.1.dll
- %PROGRAM_FILES%\Email Extractor\ru\EmailExtractor.resources.dll
- %PROGRAM_FILES%\Email Extractor\es\EmailExtractor.resources.dll
- %PROGRAM_FILES%\Email Extractor\de\EmailExtractor.resources.dll
- %TEMP%\mia1\email-extractor-setup.msi
- %TEMP%\{30482B99-CAD6-4370-8A3B-8939BCDC90EC}
- %TEMP%\mia1\mDotNetExec.dll
- %TEMP%\mia1\mMSIExec.dll
- %TEMP%\mia1\mWinRunExec.dll
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\MSI6.tmp
- %WINDIR%\Installer\270d1.msi
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI3.tmp
- %PROGRAM_FILES%\Email Extractor\DevExpress.Data.v11.1.dll
- %WINDIR%\Installer\{30482B99-CAD6-4370-8A3B-8939BCDC90EC}\or5cImg5cEmaiExtractor.ico0.ico
- %WINDIR%\Installer\{30482B99-CAD6-4370-8A3B-8939BCDC90EC}\35cImg5cCommon5cEnable.ico0.ico
- %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\email-extractor-setup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Email Extractor\Email Extractor.lnk
- %ALLUSERSPROFILE%\Desktop\Email Extractor.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Email Extractor\Buy now.lnk
- %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\email-extractor-setup.dat
- %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\email-extractor-setup.par
- %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\instance.dat
- %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\email-extractor-setup.msi
- %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\email-extractor-setup.res
- %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\mia.lib
- %PROGRAM_FILES%\Email Extractor\DevExpress.XtraEditors.v11.1.dll
- %PROGRAM_FILES%\Email Extractor\DevExpress.XtraGrid.v11.1.dll
- %PROGRAM_FILES%\Email Extractor\DevExpress.XtraLayout.v11.1.dll
- %PROGRAM_FILES%\Email Extractor\DevExpress.Printing.v11.1.Core.dll
- %PROGRAM_FILES%\Email Extractor\DevExpress.Utils.v11.1.dll
- %PROGRAM_FILES%\Email Extractor\DevExpress.XtraBars.v11.1.dll
- %PROGRAM_FILES%\Email Extractor\it\EmailExtractor.resources.dll
- %PROGRAM_FILES%\Email Extractor\pl\EmailExtractor.resources.dll
- %ALLUSERSPROFILE%\Start Menu\Programs\Email Extractor\Uninstall.lnk
- %PROGRAM_FILES%\Email Extractor\Microsoft.Office.Interop.Excel.dll
- %PROGRAM_FILES%\Email Extractor\pt\EmailExtractor.resources.dll
- %PROGRAM_FILES%\Email Extractor\DevExpress.OfficeSkins.v11.1.dll
- %TEMP%\mia1\wizard.dfm
- %TEMP%\mia1.tmp\OFFLINE\IF325\8E90A668\EmailExtractor.resources.dll
- %TEMP%\mia1.tmp\OFFLINE\IF322\CF63EFE5\EmailExtractor.resources.dll
- %TEMP%\mia1.tmp\OFFLINE\IF326\CF63EFE5\EmailExtractor.resources.dll
- %TEMP%\mia1.tmp\OFFLINE\IF319\DD918D98\DevExpress.XtraGrid.v11.1.dll
- %TEMP%\mia1.tmp\OFFLINE\IF320\DD918D98\DevExpress.XtraLayout.v11.1.dll
- %TEMP%\mia1.tmp\OFFLINE\IF324\13969254\EmailExtractor.resources.dll
- %TEMP%\mia1.tmp\OFFLINE\IF308\47750E09\EmailExtractor.resources.dll
- %TEMP%\mia1.tmp\OFFLINE\IF312\DD918D98\ICSharpCode.SharpZipLib.dll
- %TEMP%\mia1.tmp\OFFLINE\IF304\D991067D\Interop.SHDocVw.dll
- %TEMP%\mia1.tmp\OFFLINE\IF310\162DD470\EmailExtractor.resources.dll
- %TEMP%\mia1.tmp\OFFLINE\IF309\5D2B0243\EmailExtractor.resources.dll
- %TEMP%\mia1.tmp\OFFLINE\IF311\3E6B335F\EmailExtractor.resources.dll
- %TEMP%\mia1.tmp\OFFLINE\IF299\DD918D98\EmailExtractor.exe
- %TEMP%\mia1.tmp\OFFLINE\IF306\DD918D98\AxInterop.SHDocVw.dll
- %TEMP%\mia1.tmp\OFFLINE\IF313\DD918D98\DevExpress.BonusSkins.v11.1.dll
- %TEMP%\mia1.tmp\email-extractor-setup.msi
- %TEMP%\mia1.tmp\OFFLINE\IF302\DD918D98\SearchEngines.xml
- %TEMP%\mia1.tmp\email-extractor-setup.exe
- %TEMP%\mia1.tmp\OFFLINE\IF316\DD918D98\DevExpress.Utils.v11.1.dll
- %TEMP%\mia1.tmp\OFFLINE\IF317\DD918D98\DevExpress.XtraBars.v11.1.dll
- %TEMP%\mia1.tmp\OFFLINE\IF318\DD918D98\DevExpress.XtraEditors.v11.1.dll
- %TEMP%\mia1.tmp\OFFLINE\IF314\DD918D98\DevExpress.Data.v11.1.dll
- %TEMP%\mia1.tmp\OFFLINE\IF323\DD918D98\DevExpress.OfficeSkins.v11.1.dll
- %TEMP%\mia1.tmp\OFFLINE\IF315\DD918D98\DevExpress.Printing.v11.1.Core.dll
- %TEMP%\mia1.tmp\OFFLINE\mDotNet.dll\mDotNetExec.dll
- %TEMP%\mia1\progress.dfm
- %TEMP%\mia1\progressprereq.dfm
- %TEMP%\mia1\readme.dfm
- %TEMP%\mia1\licensecheck.dfm
- %TEMP%\mia1\maintenance.dfm
- %TEMP%\mia1\prereq.dfm
- %TEMP%\mia1\startinstallation.dfm
- %TEMP%\mia1\startmenu.dfm
- %TEMP%\mia1\welcome.dfm
- %TEMP%\mia1\registration.dfm
- %TEMP%\mia1\registrationwithserial.dfm
- %TEMP%\mia1\setuptype.dfm
- %TEMP%\mia1.tmp\mia.lib
- %TEMP%\mia1.tmp\OFFLINE\IF305\DD918D98\EmailExtractor.exe.config
- %TEMP%\mia1.tmp\OFFLINE\IF303\DD918D98\whois_servers.csv
- %TEMP%\mia1.tmp\OFFLINE\IF321\DD918D98\Microsoft.Office.Interop.Excel.dll
- %TEMP%\mia1.tmp\OFFLINE\mMSI.dll\mMSIExec.dll
- %TEMP%\mia1.tmp\OFFLINE\mWinRun.dll\mWinRunExec.dll
- %TEMP%\mia1\componentstree.dfm
- %TEMP%\mia1\destination.dfm
- %TEMP%\mia1\finish.dfm
- %TEMP%\mia1.tmp\email-extractor-setup.res
- %TEMP%\lang.loc
- %TEMP%\mia.tmp
- C:\Config.Msi\270d5.rbf
- C:\Config.Msi\270d4.rbs
- C:\Config.Msi\270d5.rbf
- %WINDIR%\Installer\MSI6.tmp
- %TEMP%\{30482B99-CAD6-4370-8A3B-8939BCDC90EC}
- %WINDIR%\Installer\270d3.ipi
- %WINDIR%\Installer\270d1.msi
- %WINDIR%\Installer\MSI2.tmp
- %TEMP%\mia.tmp
- %TEMP%\lang.loc
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI3.tmp
- from %TEMP%\mia1.tmp\OFFLINE\IF321\DD918D98\Microsoft.Office.Interop.Excel.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF321\DD918D98\Microsoft.Office.Interop.Excel.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF322\CF63EFE5\EmailExtractor.resources.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF322\CF63EFE5\EmailExtractor.resources.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF323\DD918D98\DevExpress.OfficeSkins.v11.1.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF323\DD918D98\DevExpress.OfficeSkins.v11.1.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF320\DD918D98\DevExpress.XtraLayout.v11.1.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF320\DD918D98\DevExpress.XtraLayout.v11.1.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF317\DD918D98\DevExpress.XtraBars.v11.1.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF317\DD918D98\DevExpress.XtraBars.v11.1.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF318\DD918D98\DevExpress.XtraEditors.v11.1.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF318\DD918D98\DevExpress.XtraEditors.v11.1.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF319\DD918D98\DevExpress.XtraGrid.v11.1.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF319\DD918D98\DevExpress.XtraGrid.v11.1.dll
- from %TEMP%\mia1.tmp\OFFLINE\mMSI.dll\mMSIExec.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\mMSI.dll\mMSIExec.dll
- from %TEMP%\mia1.tmp\OFFLINE\mWinRun.dll\mWinRunExec.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\mWinRun.dll\mWinRunExec.dll
- from %PROGRAM_FILES%\Email Extractor\pt\EmailExtractor.resources.dll to C:\Config.Msi\270d5.rbf
- from %TEMP%\mia1.tmp\OFFLINE\mDotNet.dll\mDotNetExec.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\mDotNet.dll\mDotNetExec.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF324\13969254\EmailExtractor.resources.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF324\13969254\EmailExtractor.resources.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF325\8E90A668\EmailExtractor.resources.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF325\8E90A668\EmailExtractor.resources.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF326\CF63EFE5\EmailExtractor.resources.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF326\CF63EFE5\EmailExtractor.resources.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF316\DD918D98\DevExpress.Utils.v11.1.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF316\DD918D98\DevExpress.Utils.v11.1.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF305\DD918D98\EmailExtractor.exe.config to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF305\DD918D98\EmailExtractor.exe.config
- from %TEMP%\mia1.tmp\OFFLINE\IF306\DD918D98\AxInterop.SHDocVw.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF306\DD918D98\AxInterop.SHDocVw.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF308\47750E09\EmailExtractor.resources.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF308\47750E09\EmailExtractor.resources.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF304\D991067D\Interop.SHDocVw.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF304\D991067D\Interop.SHDocVw.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF299\DD918D98\EmailExtractor.exe to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF299\DD918D98\EmailExtractor.exe
- from %TEMP%\mia1.tmp\OFFLINE\IF302\DD918D98\SearchEngines.xml to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF302\DD918D98\SearchEngines.xml
- from %TEMP%\mia1.tmp\OFFLINE\IF303\DD918D98\whois_servers.csv to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF303\DD918D98\whois_servers.csv
- from %TEMP%\mia1.tmp\OFFLINE\IF313\DD918D98\DevExpress.BonusSkins.v11.1.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF313\DD918D98\DevExpress.BonusSkins.v11.1.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF314\DD918D98\DevExpress.Data.v11.1.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF314\DD918D98\DevExpress.Data.v11.1.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF315\DD918D98\DevExpress.Printing.v11.1.Core.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF315\DD918D98\DevExpress.Printing.v11.1.Core.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF312\DD918D98\ICSharpCode.SharpZipLib.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF312\DD918D98\ICSharpCode.SharpZipLib.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF309\5D2B0243\EmailExtractor.resources.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF309\5D2B0243\EmailExtractor.resources.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF310\162DD470\EmailExtractor.resources.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF310\162DD470\EmailExtractor.resources.dll
- from %TEMP%\mia1.tmp\OFFLINE\IF311\3E6B335F\EmailExtractor.resources.dll to %ALLUSERSPROFILE%\Application Data\{4BC22E51-319D-401D-BB9A-85E21811A171}\OFFLINE\IF311\3E6B335F\EmailExtractor.resources.dll
- ClassName: 'TApplication' WindowName: 'email-extractor-setup'
- ClassName: 'Shell_TrayWnd' WindowName: ''