КОРИСТУВАЧАМ

Закрити

Пошук
Пошук

Пошук

Підтримка
Цілодобова підтримка | Правила звернення

Напишіть

Запит через форму

Зателефонуйте

Глобальна підтримка:
+7 (495) 789-45-86

Поширені запитання |  Форум |  Бот самопідтримки Telegram

Ваші запити

  • Всі: -
  • Незакриті: -
  • Останій: -
Створити новий запит Поширені запитання

Зателефонуйте

Глобальна підтримка:
+7 (495) 789-45-86

Зв'яжіться з нами Незакриті запити: 

Профіль

Профіль

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрити
Сервіси
Сканери
Dr.Web vxCube
Демо
Експертиза ВКІ
Вірусна бібліотека
База знань

Технології

Терміни

Навчання

Міфи

Новини

Trojan.Encoder.37555

Добавлен в вирусную базу Dr.Web: 2023-05-09

Описание добавлено:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [\REGISTRY\USER\S-1-5-21-1238866942-1249195528-555854008-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'BrowserUpdateCheck' = '%LOCALAPPDATA%\<File name>.exe'
Creates the following files on removable media
  • <Drive name for removable media>:\000814251_video_01.avi
  • <Drive name for removable media>:\samieee_obiee_presentation.pptx
  • <Drive name for removable media>:\roozenedowebinar.pptx
  • <Drive name for removable media>:\middaugh_keynote.pptx
  • <Drive name for removable media>:\stoc13_ml_quoc_le.pptx
  • <Drive name for removable media>:\notepad.exe
  • <Drive name for removable media>:\chromesetup.exe
  • <Drive name for removable media>:\tcm851ax32.exe
  • <Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc
  • <Drive name for removable media>:\lisp_success.doc
  • <Drive name for removable media>:\weeklysheet1215.doc
  • <Drive name for removable media>:\february_catalogue__2015.doc
  • <Drive name for removable media>:\ovp25012015.doc
  • <Drive name for removable media>:\508softwareandos.doc
  • <Drive name for removable media>:\indogerman2010.pptx
  • <Drive name for removable media>:\sdksampleprivdeveloper.cer
  • <Drive name for removable media>:\contoso.cer
  • <Drive name for removable media>:\sdkfailsafeemulator.cer
  • <Drive name for removable media>:\contosoroot.cer
  • <Drive name for removable media>:\contoso_1.cer
  • <Drive name for removable media>:\dialmap.bmp
  • <Drive name for removable media>:\dial.bmp
  • <Drive name for removable media>:\toolbar.bmp
  • <Drive name for removable media>:\dashborder_96.bmp
  • <Drive name for removable media>:\dashborder_192.bmp
  • <Drive name for removable media>:\archer.avi
  • <Drive name for removable media>:\split.avi
  • <Drive name for removable media>:\correct.avi
  • <Drive name for removable media>:\how_to_back_files.html
  • <Drive name for removable media>:\contosoroot_1.cer
  • <Drive name for removable media>:\hypothyroidism_slides.pptx
Malicious functions
Reads files which store third party applications passwords
  • %HOMEPATH%\desktop\000814251_video_01.avi
  • %HOMEPATH%\desktop\uep_form_786_bulletin_1726i602.doc
  • %HOMEPATH%\desktop\trivial-merge.htm
  • %HOMEPATH%\desktop\tree_view.html
  • %HOMEPATH%\desktop\tree_view.htm
  • %HOMEPATH%\desktop\thlps_keeper_mayer_1965.docx
  • %HOMEPATH%\desktop\ovp25012015.doc
  • %HOMEPATH%\desktop\nwfieldnotes1966.docx
  • %HOMEPATH%\desktop\lisp_success.doc
  • %HOMEPATH%\desktop\iisstart.html
  • %HOMEPATH%\desktop\file_p_00000000_1371597592.docx
  • %HOMEPATH%\desktop\dial.bmp
  • %HOMEPATH%\desktop\delete.avi
  • %HOMEPATH%\desktop\dashborder_120.bmp
  • %HOMEPATH%\desktop\contosoroot_1.cer
  • %HOMEPATH%\desktop\coffee.bmp
  • %HOMEPATH%\desktop\browse.htm
  • %HOMEPATH%\desktop\adhd_and_obesity.docx
  • %APPDATA%\thunderbird\profiles.ini
  • %APPDATA%\mozilla\firefox\profiles.ini
Modifies file system
Creates the following files
  • %LOCALAPPDATA%\<File name>.exe
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f17b756097ea7730cd30b737575e8e035771440d
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f051a454b8c8a0ade5399bf26a2e4769d2f2e26e
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ea96e609b604de6e32802827736e4e3fbf8968e1
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\db022c3d5e65699f640d8dea20ee25904d318c2e
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d54da76e598693fed6a7f29197ea9cfafc48c386
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d02765262ff82856f6b6d6bfe3a3c0adfde1f378
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a83086528d2c610b97ace39364df9611a9cd75c1
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a2917ec14a390ebf8c127f40bed1c8139e236dad
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9fad54a82fe60014d7bb27e2d093f77fcd0c58e7
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9bcb0efbbfb5cb5c4bae2f361169e07b5604f4d8
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\975e46e7351b1ee87766961010b1ce54a7e4c8f4
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8eea81d3add1db638dd9873efefe50f2c1801c76
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f84b6a34b56cec15c1942664ffab6b65e0d2588f
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f55a60e9f1f8dd35b32ea0a75c5d3cf3134eadee
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\814c06500f01028c31a455285e090f30795a42b9
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\7589846a4928998b49801c20a83de33e66e13f8f
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\74faa831a5ad1348de267780d4c0c2f10cbbec39
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\748a6d21cae584312dd1c1370afea70b0f7dda50
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\6bcfeb3762e112d2542e34a8f05f88a9e4e3fb85
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5dc222a516928643f8ed46f83a0a0e72c9bcc556
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5900ec362904c1176f9e26c94e22abd34b7ac911
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\555a30c7d621272ee74028365657a74c84f34f1a
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\54dc5dc926acfd0f0401949db5cbca5383cb6b77
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\4b90ddaeeeea60534fa3d5f56046728fba5f4989
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\479a9c134706bbbd248f73fc995af3aa265cfc1c
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\42c578c60b0903411b144f4fe8f0ac15970ba12d
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8bef30daf9e2434eed4b7575bcd80c38a5a19d6a
  • %APPDATA%\telegram desktop\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ff9cb2bce37ded64cf411113359886d2315b4912
  • %ALLUSERSPROFILE%\package cache\{9d29fc96-9eee-4253-943f-96b3bbfdd0b6}v14.16.27024\packages\vcruntimeadditional_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\packages\vcruntimeminimum_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\packages\vcruntimeadditional_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\packages\vcruntimeminimum_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\packages\vcruntimeminimum_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{e699e009-1c3c-4e50-9b57-2b39f0954c7f}v14.29.30133\packages\vcruntimeadditional_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{ec9807de-b577-47b1-a024-0251805acf24}v14.29.30133\packages\vcruntimeminimum_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{f1b0fb3a-e0ea-47a6-9383-3650655403b0}v14.16.27024\packages\vcruntimeminimum_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{f65db027-aff3-4070-886a-0d87064aabb1}\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\packages\vcruntimeadditional_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{fd9b6070-d13e-45dc-819b-41806bf45b6b}\how_to_back_files.html
  • %ALLUSERSPROFILE%\sun\java\java update\how_to_back_files.html
  • C:\users\default\how_to_back_files.html
  • C:\users\public\desktop\how_to_back_files.html
  • C:\users\public\documents\how_to_back_files.html
  • C:\users\public\downloads\how_to_back_files.html
  • C:\users\public\libraries\how_to_back_files.html
  • C:\users\public\music\sample music\how_to_back_files.html
  • C:\users\public\music\how_to_back_files.html
  • C:\users\public\pictures\sample pictures\how_to_back_files.html
  • C:\users\public\pictures\how_to_back_files.html
  • C:\users\public\recorded tv\sample media\how_to_back_files.html
  • C:\users\public\recorded tv\how_to_back_files.html
  • C:\users\public\videos\sample videos\how_to_back_files.html
  • C:\users\public\videos\how_to_back_files.html
  • C:\users\public\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\428ce5f79975b5b9386d888b4ccf43c454026772
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8221a41daafa532836d3e8eded1aac94d3955d16
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\406421ee1ea3752de381837216a1d0ef0c69fdc3
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\3abe6035282cf9d17dcb0d733614aca8c2c8cf59
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\2895d329d9cde4eec4507c923e0791bb67db775c
  • %HOMEPATH%\favorites\msn websites\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\how_to_back_files.html
  • %APPDATA%\thunderbird\how_to_back_files.html
  • %HOMEPATH%\contacts\how_to_back_files.html
  • %HOMEPATH%\desktop\how_to_back_files.html
  • %HOMEPATH%\documents\how_to_back_files.html
  • %HOMEPATH%\downloads\how_to_back_files.html
  • %HOMEPATH%\favorites\links\how_to_back_files.html
  • %HOMEPATH%\favorites\links for united states\how_to_back_files.html
  • %HOMEPATH%\favorites\microsoft websites\how_to_back_files.html
  • %HOMEPATH%\favorites\windows live\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\49zr3fqa.default\how_to_back_files.html
  • %HOMEPATH%\favorites\how_to_back_files.html
  • %HOMEPATH%\links\how_to_back_files.html
  • %HOMEPATH%\music\how_to_back_files.html
  • %HOMEPATH%\pictures\how_to_back_files.html
  • %HOMEPATH%\saved games\how_to_back_files.html
  • %HOMEPATH%\searches\how_to_back_files.html
  • %HOMEPATH%\videos\how_to_back_files.html
  • %HOMEPATH%\how_to_back_files.html
  • D:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\how_to_back_files.html
  • D:\how_to_back_files.html
  • C:\users\how_to_back_files.html
  • C:\users\public\09f104c96cb66f69613a15ad83c356ab4ff5859b702f50334d34f8e43dcb1dc1
  • %ALLUSERSPROFILE%\package cache\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\packages\vcruntimeadditional_amd64\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\doomed\how_to_back_files.html
  • %APPDATA%\thunderbird\crash reports\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\136a8bd8034c58767248fd9fc2ad68acdd18e0e8
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\03a3284413e76ab9ef6155914780932b53a25664
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\026a91c419276cf4863cd88d801b264a6313a475
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\offlinecache\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\startupcache\how_to_back_files.html
  • %TEMP%\opera installer\how_to_back_files.html
  • %TEMP%\how_to_back_files.html
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\cache2\entries\how_to_back_files.html
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\startupcache\how_to_back_files.html
  • %LOCALAPPDATA%\how_to_back_files.html
  • %LOCALAPPDATA%low\oracle\java\au\how_to_back_files.html
  • %LOCALAPPDATA%low\sun\java\deployment\how_to_back_files.html
  • %LOCALAPPDATA%low\sun\java\jre1.8.0_45_x64\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\crash reports\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\security_state\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\idb\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{6cd9e9ed-906d-4196-8dc3-f987d2f6615f}v14.29.30133\packages\vcruntimeminimum_amd64\how_to_back_files.html
Moves the following files
  • from %APPDATA%\thunderbird\installs.ini to %APPDATA%\thunderbird\installs.ini.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165536.log to %TEMP%\dd_vcredist_x86_20220928165536.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165536_0_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928165536_0_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165536_1_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928165536_1_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165710.log to %TEMP%\dd_vcredist_x86_20220928165710.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165710_0_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928165710_0_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165710_1_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928165710_1_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165916.log to %TEMP%\dd_vcredist_x86_20220928165916.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165916_000_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928165916_000_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165916_001_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928165916_001_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170143.log to %TEMP%\dd_vcredist_x86_20220928170143.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170143_001_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928170143_001_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170143_002_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928170143_002_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170221.log to %TEMP%\dd_vcredist_x86_20220928170221.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170335.log to %TEMP%\dd_vcredist_x86_20220928170335.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170335_001_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928170335_001_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170335_002_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928170335_002_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170410.log to %TEMP%\dd_vcredist_x86_20220928170410.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170328.log to %TEMP%\dd_vcredist_amd64_20220928170328.log.suffering
  • from %TEMP%\javadeployreg.log to %TEMP%\javadeployreg.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170250_002_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928170250_002_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170250.log to %TEMP%\dd_vcredist_amd64_20220928170250.log.suffering
  • from %TEMP%\chrome_installer.log to %TEMP%\chrome_installer.log.suffering
  • from %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt to %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt.suffering
  • from %TEMP%\dd_vcredistmsi7a3c.txt to %TEMP%\dd_vcredistmsi7a3c.txt.suffering
  • from %TEMP%\dd_vcredistui7a3c.txt to %TEMP%\dd_vcredistui7a3c.txt.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165349.log to %TEMP%\dd_vcredist_amd64_20220928165349.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165349_0_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165349_0_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165349_1_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165349_1_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165628.log to %TEMP%\dd_vcredist_amd64_20220928165628.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165628_0_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165628_0_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165628_1_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165628_1_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165746.log to %TEMP%\dd_vcredist_amd64_20220928165746.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165746_000_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165746_000_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165746_001_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165746_001_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165956.log to %TEMP%\dd_vcredist_amd64_20220928165956.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165956_001_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165956_001_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165956_002_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165956_002_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170114.log to %TEMP%\dd_vcredist_amd64_20220928170114.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170250_001_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928170250_001_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\jusched.log to %TEMP%\jusched.log.suffering
  • from %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_164850616-msi_vc_red.msi.txt to %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_164850616-msi_vc_red.msi.txt.suffering
  • from %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_165235616-msi_vc_red.msi.txt to %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_165235616-msi_vc_red.msi.txt.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\814c06500f01028c31a455285e090f30795a42b9 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\814c06500f01028c31a455285e090f30795a42b9.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8221a41daafa532836d3e8eded1aac94d3955d16 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8221a41daafa532836d3e8eded1aac94d3955d16.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8bef30daf9e2434eed4b7575bcd80c38a5a19d6a to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8bef30daf9e2434eed4b7575bcd80c38a5a19d6a.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8eea81d3add1db638dd9873efefe50f2c1801c76 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8eea81d3add1db638dd9873efefe50f2c1801c76.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\975e46e7351b1ee87766961010b1ce54a7e4c8f4 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\975e46e7351b1ee87766961010b1ce54a7e4c8f4.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9bcb0efbbfb5cb5c4bae2f361169e07b5604f4d8 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9bcb0efbbfb5cb5c4bae2f361169e07b5604f4d8.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9fad54a82fe60014d7bb27e2d093f77fcd0c58e7 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9fad54a82fe60014d7bb27e2d093f77fcd0c58e7.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f84b6a34b56cec15c1942664ffab6b65e0d2588f to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f84b6a34b56cec15c1942664ffab6b65e0d2588f.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a2917ec14a390ebf8c127f40bed1c8139e236dad to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a2917ec14a390ebf8c127f40bed1c8139e236dad.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d02765262ff82856f6b6d6bfe3a3c0adfde1f378 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d02765262ff82856f6b6d6bfe3a3c0adfde1f378.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d54da76e598693fed6a7f29197ea9cfafc48c386 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d54da76e598693fed6a7f29197ea9cfafc48c386.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\db022c3d5e65699f640d8dea20ee25904d318c2e to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\db022c3d5e65699f640d8dea20ee25904d318c2e.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ea96e609b604de6e32802827736e4e3fbf8968e1 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ea96e609b604de6e32802827736e4e3fbf8968e1.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f051a454b8c8a0ade5399bf26a2e4769d2f2e26e to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f051a454b8c8a0ade5399bf26a2e4769d2f2e26e.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f17b756097ea7730cd30b737575e8e035771440d to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f17b756097ea7730cd30b737575e8e035771440d.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f55a60e9f1f8dd35b32ea0a75c5d3cf3134eadee to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f55a60e9f1f8dd35b32ea0a75c5d3cf3134eadee.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\74faa831a5ad1348de267780d4c0c2f10cbbec39 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\74faa831a5ad1348de267780d4c0c2f10cbbec39.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\7589846a4928998b49801c20a83de33e66e13f8f to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\7589846a4928998b49801c20a83de33e66e13f8f.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\748a6d21cae584312dd1c1370afea70b0f7dda50 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\748a6d21cae584312dd1c1370afea70b0f7dda50.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\6bcfeb3762e112d2542e34a8f05f88a9e4e3fb85 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\6bcfeb3762e112d2542e34a8f05f88a9e4e3fb85.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5dc222a516928643f8ed46f83a0a0e72c9bcc556 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5dc222a516928643f8ed46f83a0a0e72c9bcc556.suffering
  • from %TEMP%\ose00000.exe to %TEMP%\ose00000.exe.suffering
  • from %TEMP%\setupexe(20220928171621f0c).log to %TEMP%\setupexe(20220928171621f0c).log.suffering
  • from %TEMP%\tmpaddon to %TEMP%\tmpaddon.suffering
  • from %TEMP%\wmsetup.log to %TEMP%\wmsetup.log.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\026a91c419276cf4863cd88d801b264a6313a475 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\026a91c419276cf4863cd88d801b264a6313a475.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\03a3284413e76ab9ef6155914780932b53a25664 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\03a3284413e76ab9ef6155914780932b53a25664.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\136a8bd8034c58767248fd9fc2ad68acdd18e0e8 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\136a8bd8034c58767248fd9fc2ad68acdd18e0e8.suffering
  • from %TEMP%\adobesfx.log to %TEMP%\adobesfx.log.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\3abe6035282cf9d17dcb0d733614aca8c2c8cf59 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\3abe6035282cf9d17dcb0d733614aca8c2c8cf59.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\2895d329d9cde4eec4507c923e0791bb67db775c to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\2895d329d9cde4eec4507c923e0791bb67db775c.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\428ce5f79975b5b9386d888b4ccf43c454026772 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\428ce5f79975b5b9386d888b4ccf43c454026772.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\42c578c60b0903411b144f4fe8f0ac15970ba12d to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\42c578c60b0903411b144f4fe8f0ac15970ba12d.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\479a9c134706bbbd248f73fc995af3aa265cfc1c to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\479a9c134706bbbd248f73fc995af3aa265cfc1c.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\4b90ddaeeeea60534fa3d5f56046728fba5f4989 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\4b90ddaeeeea60534fa3d5f56046728fba5f4989.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\54dc5dc926acfd0f0401949db5cbca5383cb6b77 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\54dc5dc926acfd0f0401949db5cbca5383cb6b77.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\555a30c7d621272ee74028365657a74c84f34f1a to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\555a30c7d621272ee74028365657a74c84f34f1a.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5900ec362904c1176f9e26c94e22abd34b7ac911 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5900ec362904c1176f9e26c94e22abd34b7ac911.suffering
  • from %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20220928_165304913-msi_vc_red.msi.txt to %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20220928_165304913-msi_vc_red.msi.txt.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\406421ee1ea3752de381837216a1d0ef0c69fdc3 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\406421ee1ea3752de381837216a1d0ef0c69fdc3.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a83086528d2c610b97ace39364df9611a9cd75c1 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a83086528d2c610b97ace39364df9611a9cd75c1.suffering
  • from %APPDATA%\mozilla\firefox\crash reports\installtime20200708170202 to %APPDATA%\mozilla\firefox\crash reports\installtime20200708170202.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.lib to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.lib.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\sessioncheckpoints.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\sessioncheckpoints.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\times.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\times.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\webappsstore.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\webappsstore.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\xulstore.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\xulstore.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\a6077284-6dcc-4781-9fb7-7f9d7b5132bf to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\a6077284-6dcc-4781-9fb7-7f9d7b5132bf.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\d092fa80-6cc0-49cc-9da4-f67b3d6cdc55 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\d092fa80-6cc0-49cc-9da4-f67b3d6cdc55.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\e60182f3-3480-48d0-bc12-b3b897042a6b to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\e60182f3-3480-48d0-bc12-b3b897042a6b.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\session-state.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\session-state.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\state.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\state.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411763506.e60182f3-3480-48d0-bc12-b3b897042a6b.new-profile.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411763506.e60182f3-3480-48d0-bc12-b3b897042a6b.new-profile.jsonlz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764034.d092fa80-6cc0-49cc-9da4-f67b3d6cdc55.main.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764034.d092fa80-6cc0-49cc-9da4-f67b3d6cdc55.main.jsonlz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764036.a6077284-6dcc-4781-9fb7-7f9d7b5132bf.first-shutdown.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764036.a6077284-6dcc-4781-9fb7-7f9d7b5132bf.first-shutdown.jsonlz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\store.json.mozlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\store.json.mozlz4.suffering
  • from %APPDATA%\thunderbird\profiles\49zr3fqa.default\times.json to %APPDATA%\thunderbird\profiles\49zr3fqa.default\times.json.suffering
  • from %APPDATA%\thunderbird\crash reports\installtime20210406220621 to %APPDATA%\thunderbird\crash reports\installtime20210406220621.suffering
  • from %APPDATA%\telegram desktop\telegram.exe to %APPDATA%\telegram desktop\telegram.exe.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\search.json.mozlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\search.json.mozlz4.suffering
  • from %APPDATA%\telegram desktop\unins000.exe to %APPDATA%\telegram desktop\unins000.exe.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\prefs.js to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\prefs.js.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\pkcs11.txt to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\pkcs11.txt.suffering
  • from %APPDATA%\thunderbird\profiles.ini to %APPDATA%\thunderbird\profiles.ini.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\abook.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\abook.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addons.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addons.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addonstartup.json.lz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addonstartup.json.lz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\blist.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\blist.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\compatibility.ini to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\compatibility.ini.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\cookies.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\cookies.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\directorytree.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\directorytree.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\enigmail.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\enigmail.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extension-preferences.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extension-preferences.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extensions.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extensions.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\favicons.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\favicons.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\formhistory.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\formhistory.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\global-messages-db.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\global-messages-db.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\history.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\history.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\openpgp.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\openpgp.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\permissions.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\permissions.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\places.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\places.sqlite.suffering
  • from %APPDATA%\telegram desktop\updater.exe to %APPDATA%\telegram desktop\updater.exe.suffering
  • from %APPDATA%\mozilla\firefox\installs.ini to %APPDATA%\mozilla\firefox\installs.ini.suffering
  • from %APPDATA%\mozilla\firefox\profiles.ini to %APPDATA%\mozilla\firefox\profiles.ini.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\security_state\data.safe.bin to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\security_state\data.safe.bin.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\bef7f9cf-b0b1-42d8-a037-8d586d4d1e42 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\bef7f9cf-b0b1-42d8-a037-8d586d4d1e42.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\dc5a4164-f290-4a08-a5ec-0fe7810acbc6 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\dc5a4164-f290-4a08-a5ec-0fe7810acbc6.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\f9af9616-8535-4ace-8050-4454f33ad475 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\f9af9616-8535-4ace-8050-4454f33ad475.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\fbcd22a2-e53a-4131-9ef1-1935f505d9ca to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\fbcd22a2-e53a-4131-9ef1-1935f505d9ca.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\license.txt to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\license.txt.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\manifest.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\manifest.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\store.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\store.json.mozlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.sig to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.sig.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\session-state.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\session-state.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\state.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\state.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759331.f9af9616-8535-4ace-8050-4454f33ad475.new-profile.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759331.f9af9616-8535-4ace-8050-4454f33ad475.new-profile.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759476.fbcd22a2-e53a-4131-9ef1-1935f505d9ca.event.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759476.fbcd22a2-e53a-4131-9ef1-1935f505d9ca.event.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759547.bef7f9cf-b0b1-42d8-a037-8d586d4d1e42.main.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759547.bef7f9cf-b0b1-42d8-a037-8d586d4d1e42.main.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759551.dc5a4164-f290-4a08-a5ec-0fe7810acbc6.first-shutdown.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759551.dc5a4164-f290-4a08-a5ec-0fe7810acbc6.first-shutdown.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\recovery.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\recovery.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\upgrade.jsonlz4-20200708170202 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\upgrade.jsonlz4-20200708170202.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\previous.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\previous.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\idb\3647222921wleabceoxlt-eengsairo.sql... to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\idb\3647222921wleabceoxlt-eengsairo.sql...
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\.metadata-v2 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\.metadata-v2.suffering
  • from %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\user.js to %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\user.js.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addons.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addons.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addonstartup.json.lz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addonstartup.json.lz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\broadcast-listeners.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\broadcast-listeners.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\compatibility.ini to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\compatibility.ini.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\containers.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\containers.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extension-preferences.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extension-preferences.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\bookmarks-2023-04-28_11_3a7quggif+d7xxwa176j2q==.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\bookmarks-2023-04-28_11_3a7quggif+d7xxwa176j2q==.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\handlers.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\handlers.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\prefs.js to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\prefs.js.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\search.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\search.json.mozlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessioncheckpoints.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessioncheckpoints.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\shield-preference-experiments.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\shield-preference-experiments.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sitesecurityservicestate.txt to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sitesecurityservicestate.txt.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\times.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\times.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\user.js to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\user.js.suffering
  • from %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\times.json to %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\times.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\pkcs11.txt to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\pkcs11.txt.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ff9cb2bce37ded64cf411113359886d2315b4912 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ff9cb2bce37ded64cf411113359886d2315b4912.suffering
Modifies the following files
  • D:\install.log
  • <Drive name for removable media>:\contoso.cer
  • %HOMEPATH%\favorites\desktop.ini
  • <Drive name for removable media>:\sdkfailsafeemulator.cer
  • %HOMEPATH%\links\recentplaces.lnk
  • <Drive name for removable media>:\contosoroot.cer
  • %HOMEPATH%\links\downloads.lnk
  • <Drive name for removable media>:\contoso_1.cer
  • %HOMEPATH%\links\desktop.lnk
  • <Drive name for removable media>:\dialmap.bmp
  • %HOMEPATH%\links\desktop.ini
  • <Drive name for removable media>:\dial.bmp
  • %HOMEPATH%\music\desktop.ini
  • <Drive name for removable media>:\toolbar.bmp
  • %HOMEPATH%\pictures\desktop.ini
  • <Drive name for removable media>:\dashborder_96.bmp
  • %HOMEPATH%\saved games\desktop.ini
  • <Drive name for removable media>:\dashborder_192.bmp
  • %HOMEPATH%\searches\indexed locations.search-ms
  • %HOMEPATH%\searches\everywhere.search-ms
  • <Drive name for removable media>:\archer.avi
  • %HOMEPATH%\searches\desktop.ini
  • <Drive name for removable media>:\split.avi
  • %HOMEPATH%\videos\desktop.ini
  • <Drive name for removable media>:\correct.avi
  • D:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\desktop.ini
  • <Drive name for removable media>:\000814251_video_01.avi
  • C:\users\desktop.ini
  • %HOMEPATH%\favorites\windows live\get windows live.url
  • %HOMEPATH%\favorites\windows live\windows live gallery.url
Modifies multiple files.
Substitutes the following files
  • %ALLUSERSPROFILE%\Microsoft\Search\Data\Applications\Windows\MSS.log
  • %ALLUSERSPROFILE%\microsoft\search\data\applications\windows\msstmp.log
Modifies user data files (Trojan.Encoder).
Changes user data files extensions (Trojan.Encoder).
Network activity
TCP
Other
  • '35.##1.9.150':443
Miscellaneous
Executes the following
  • '<SYSTEM32>\searchprotocolhost.exe' Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "%...
  • '<SYSTEM32>\searchfilterhost.exe' 0 508 512 520 65536 516

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play