Pour les utilisateurs

Fermer

Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Recherche
Recherche

Contacter-nous !
Support 24/24 | Rules regarding submitting

Envoyer un message

Requête à l'aide du formulaire

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -
Créer une nouvelle requête

Nous téléphoner

0 825 300 230

Profil

FR

RU CN DE EN ES FR IT JP KZ UZ PL BY
Fermer
Services support
Scanners
Dr.Web vxCube
Démo
Bibliothèque virale
Base documentaire

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Actualités

Trojan.Encoder.37555

Added to the Dr.Web virus database: 2023-05-09

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [\REGISTRY\USER\S-1-5-21-1238866942-1249195528-555854008-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'BrowserUpdateCheck' = '%LOCALAPPDATA%\<File name>.exe'
Creates the following files on removable media
  • <Drive name for removable media>:\000814251_video_01.avi
  • <Drive name for removable media>:\samieee_obiee_presentation.pptx
  • <Drive name for removable media>:\roozenedowebinar.pptx
  • <Drive name for removable media>:\middaugh_keynote.pptx
  • <Drive name for removable media>:\stoc13_ml_quoc_le.pptx
  • <Drive name for removable media>:\notepad.exe
  • <Drive name for removable media>:\chromesetup.exe
  • <Drive name for removable media>:\tcm851ax32.exe
  • <Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc
  • <Drive name for removable media>:\lisp_success.doc
  • <Drive name for removable media>:\weeklysheet1215.doc
  • <Drive name for removable media>:\february_catalogue__2015.doc
  • <Drive name for removable media>:\ovp25012015.doc
  • <Drive name for removable media>:\508softwareandos.doc
  • <Drive name for removable media>:\indogerman2010.pptx
  • <Drive name for removable media>:\sdksampleprivdeveloper.cer
  • <Drive name for removable media>:\contoso.cer
  • <Drive name for removable media>:\sdkfailsafeemulator.cer
  • <Drive name for removable media>:\contosoroot.cer
  • <Drive name for removable media>:\contoso_1.cer
  • <Drive name for removable media>:\dialmap.bmp
  • <Drive name for removable media>:\dial.bmp
  • <Drive name for removable media>:\toolbar.bmp
  • <Drive name for removable media>:\dashborder_96.bmp
  • <Drive name for removable media>:\dashborder_192.bmp
  • <Drive name for removable media>:\archer.avi
  • <Drive name for removable media>:\split.avi
  • <Drive name for removable media>:\correct.avi
  • <Drive name for removable media>:\how_to_back_files.html
  • <Drive name for removable media>:\contosoroot_1.cer
  • <Drive name for removable media>:\hypothyroidism_slides.pptx
Malicious functions
Reads files which store third party applications passwords
  • %HOMEPATH%\desktop\000814251_video_01.avi
  • %HOMEPATH%\desktop\uep_form_786_bulletin_1726i602.doc
  • %HOMEPATH%\desktop\trivial-merge.htm
  • %HOMEPATH%\desktop\tree_view.html
  • %HOMEPATH%\desktop\tree_view.htm
  • %HOMEPATH%\desktop\thlps_keeper_mayer_1965.docx
  • %HOMEPATH%\desktop\ovp25012015.doc
  • %HOMEPATH%\desktop\nwfieldnotes1966.docx
  • %HOMEPATH%\desktop\lisp_success.doc
  • %HOMEPATH%\desktop\iisstart.html
  • %HOMEPATH%\desktop\file_p_00000000_1371597592.docx
  • %HOMEPATH%\desktop\dial.bmp
  • %HOMEPATH%\desktop\delete.avi
  • %HOMEPATH%\desktop\dashborder_120.bmp
  • %HOMEPATH%\desktop\contosoroot_1.cer
  • %HOMEPATH%\desktop\coffee.bmp
  • %HOMEPATH%\desktop\browse.htm
  • %HOMEPATH%\desktop\adhd_and_obesity.docx
  • %APPDATA%\thunderbird\profiles.ini
  • %APPDATA%\mozilla\firefox\profiles.ini
Modifies file system
Creates the following files
  • %LOCALAPPDATA%\<File name>.exe
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f17b756097ea7730cd30b737575e8e035771440d
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f051a454b8c8a0ade5399bf26a2e4769d2f2e26e
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ea96e609b604de6e32802827736e4e3fbf8968e1
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\db022c3d5e65699f640d8dea20ee25904d318c2e
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d54da76e598693fed6a7f29197ea9cfafc48c386
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d02765262ff82856f6b6d6bfe3a3c0adfde1f378
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a83086528d2c610b97ace39364df9611a9cd75c1
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a2917ec14a390ebf8c127f40bed1c8139e236dad
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9fad54a82fe60014d7bb27e2d093f77fcd0c58e7
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9bcb0efbbfb5cb5c4bae2f361169e07b5604f4d8
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\975e46e7351b1ee87766961010b1ce54a7e4c8f4
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8eea81d3add1db638dd9873efefe50f2c1801c76
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f84b6a34b56cec15c1942664ffab6b65e0d2588f
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f55a60e9f1f8dd35b32ea0a75c5d3cf3134eadee
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\814c06500f01028c31a455285e090f30795a42b9
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\7589846a4928998b49801c20a83de33e66e13f8f
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\74faa831a5ad1348de267780d4c0c2f10cbbec39
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\748a6d21cae584312dd1c1370afea70b0f7dda50
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\6bcfeb3762e112d2542e34a8f05f88a9e4e3fb85
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5dc222a516928643f8ed46f83a0a0e72c9bcc556
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5900ec362904c1176f9e26c94e22abd34b7ac911
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\555a30c7d621272ee74028365657a74c84f34f1a
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\54dc5dc926acfd0f0401949db5cbca5383cb6b77
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\4b90ddaeeeea60534fa3d5f56046728fba5f4989
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\479a9c134706bbbd248f73fc995af3aa265cfc1c
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\42c578c60b0903411b144f4fe8f0ac15970ba12d
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8bef30daf9e2434eed4b7575bcd80c38a5a19d6a
  • %APPDATA%\telegram desktop\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ff9cb2bce37ded64cf411113359886d2315b4912
  • %ALLUSERSPROFILE%\package cache\{9d29fc96-9eee-4253-943f-96b3bbfdd0b6}v14.16.27024\packages\vcruntimeadditional_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\packages\vcruntimeminimum_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\packages\vcruntimeadditional_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\packages\vcruntimeminimum_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\packages\vcruntimeminimum_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{e699e009-1c3c-4e50-9b57-2b39f0954c7f}v14.29.30133\packages\vcruntimeadditional_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{ec9807de-b577-47b1-a024-0251805acf24}v14.29.30133\packages\vcruntimeminimum_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{f1b0fb3a-e0ea-47a6-9383-3650655403b0}v14.16.27024\packages\vcruntimeminimum_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{f65db027-aff3-4070-886a-0d87064aabb1}\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\packages\vcruntimeadditional_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{fd9b6070-d13e-45dc-819b-41806bf45b6b}\how_to_back_files.html
  • %ALLUSERSPROFILE%\sun\java\java update\how_to_back_files.html
  • C:\users\default\how_to_back_files.html
  • C:\users\public\desktop\how_to_back_files.html
  • C:\users\public\documents\how_to_back_files.html
  • C:\users\public\downloads\how_to_back_files.html
  • C:\users\public\libraries\how_to_back_files.html
  • C:\users\public\music\sample music\how_to_back_files.html
  • C:\users\public\music\how_to_back_files.html
  • C:\users\public\pictures\sample pictures\how_to_back_files.html
  • C:\users\public\pictures\how_to_back_files.html
  • C:\users\public\recorded tv\sample media\how_to_back_files.html
  • C:\users\public\recorded tv\how_to_back_files.html
  • C:\users\public\videos\sample videos\how_to_back_files.html
  • C:\users\public\videos\how_to_back_files.html
  • C:\users\public\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\428ce5f79975b5b9386d888b4ccf43c454026772
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8221a41daafa532836d3e8eded1aac94d3955d16
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\406421ee1ea3752de381837216a1d0ef0c69fdc3
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\3abe6035282cf9d17dcb0d733614aca8c2c8cf59
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\2895d329d9cde4eec4507c923e0791bb67db775c
  • %HOMEPATH%\favorites\msn websites\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\how_to_back_files.html
  • %APPDATA%\thunderbird\how_to_back_files.html
  • %HOMEPATH%\contacts\how_to_back_files.html
  • %HOMEPATH%\desktop\how_to_back_files.html
  • %HOMEPATH%\documents\how_to_back_files.html
  • %HOMEPATH%\downloads\how_to_back_files.html
  • %HOMEPATH%\favorites\links\how_to_back_files.html
  • %HOMEPATH%\favorites\links for united states\how_to_back_files.html
  • %HOMEPATH%\favorites\microsoft websites\how_to_back_files.html
  • %HOMEPATH%\favorites\windows live\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\49zr3fqa.default\how_to_back_files.html
  • %HOMEPATH%\favorites\how_to_back_files.html
  • %HOMEPATH%\links\how_to_back_files.html
  • %HOMEPATH%\music\how_to_back_files.html
  • %HOMEPATH%\pictures\how_to_back_files.html
  • %HOMEPATH%\saved games\how_to_back_files.html
  • %HOMEPATH%\searches\how_to_back_files.html
  • %HOMEPATH%\videos\how_to_back_files.html
  • %HOMEPATH%\how_to_back_files.html
  • D:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\how_to_back_files.html
  • D:\how_to_back_files.html
  • C:\users\how_to_back_files.html
  • C:\users\public\09f104c96cb66f69613a15ad83c356ab4ff5859b702f50334d34f8e43dcb1dc1
  • %ALLUSERSPROFILE%\package cache\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\packages\vcruntimeadditional_amd64\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\doomed\how_to_back_files.html
  • %APPDATA%\thunderbird\crash reports\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\136a8bd8034c58767248fd9fc2ad68acdd18e0e8
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\03a3284413e76ab9ef6155914780932b53a25664
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\026a91c419276cf4863cd88d801b264a6313a475
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\offlinecache\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\startupcache\how_to_back_files.html
  • %TEMP%\opera installer\how_to_back_files.html
  • %TEMP%\how_to_back_files.html
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\cache2\entries\how_to_back_files.html
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\startupcache\how_to_back_files.html
  • %LOCALAPPDATA%\how_to_back_files.html
  • %LOCALAPPDATA%low\oracle\java\au\how_to_back_files.html
  • %LOCALAPPDATA%low\sun\java\deployment\how_to_back_files.html
  • %LOCALAPPDATA%low\sun\java\jre1.8.0_45_x64\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\crash reports\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\security_state\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\idb\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{6cd9e9ed-906d-4196-8dc3-f987d2f6615f}v14.29.30133\packages\vcruntimeminimum_amd64\how_to_back_files.html
Moves the following files
  • from %APPDATA%\thunderbird\installs.ini to %APPDATA%\thunderbird\installs.ini.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165536.log to %TEMP%\dd_vcredist_x86_20220928165536.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165536_0_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928165536_0_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165536_1_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928165536_1_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165710.log to %TEMP%\dd_vcredist_x86_20220928165710.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165710_0_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928165710_0_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165710_1_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928165710_1_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165916.log to %TEMP%\dd_vcredist_x86_20220928165916.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165916_000_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928165916_000_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165916_001_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928165916_001_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170143.log to %TEMP%\dd_vcredist_x86_20220928170143.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170143_001_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928170143_001_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170143_002_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928170143_002_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170221.log to %TEMP%\dd_vcredist_x86_20220928170221.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170335.log to %TEMP%\dd_vcredist_x86_20220928170335.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170335_001_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928170335_001_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170335_002_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928170335_002_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170410.log to %TEMP%\dd_vcredist_x86_20220928170410.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170328.log to %TEMP%\dd_vcredist_amd64_20220928170328.log.suffering
  • from %TEMP%\javadeployreg.log to %TEMP%\javadeployreg.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170250_002_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928170250_002_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170250.log to %TEMP%\dd_vcredist_amd64_20220928170250.log.suffering
  • from %TEMP%\chrome_installer.log to %TEMP%\chrome_installer.log.suffering
  • from %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt to %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt.suffering
  • from %TEMP%\dd_vcredistmsi7a3c.txt to %TEMP%\dd_vcredistmsi7a3c.txt.suffering
  • from %TEMP%\dd_vcredistui7a3c.txt to %TEMP%\dd_vcredistui7a3c.txt.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165349.log to %TEMP%\dd_vcredist_amd64_20220928165349.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165349_0_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165349_0_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165349_1_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165349_1_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165628.log to %TEMP%\dd_vcredist_amd64_20220928165628.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165628_0_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165628_0_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165628_1_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165628_1_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165746.log to %TEMP%\dd_vcredist_amd64_20220928165746.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165746_000_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165746_000_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165746_001_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165746_001_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165956.log to %TEMP%\dd_vcredist_amd64_20220928165956.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165956_001_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165956_001_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165956_002_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165956_002_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170114.log to %TEMP%\dd_vcredist_amd64_20220928170114.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170250_001_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928170250_001_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\jusched.log to %TEMP%\jusched.log.suffering
  • from %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_164850616-msi_vc_red.msi.txt to %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_164850616-msi_vc_red.msi.txt.suffering
  • from %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_165235616-msi_vc_red.msi.txt to %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_165235616-msi_vc_red.msi.txt.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\814c06500f01028c31a455285e090f30795a42b9 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\814c06500f01028c31a455285e090f30795a42b9.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8221a41daafa532836d3e8eded1aac94d3955d16 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8221a41daafa532836d3e8eded1aac94d3955d16.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8bef30daf9e2434eed4b7575bcd80c38a5a19d6a to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8bef30daf9e2434eed4b7575bcd80c38a5a19d6a.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8eea81d3add1db638dd9873efefe50f2c1801c76 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8eea81d3add1db638dd9873efefe50f2c1801c76.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\975e46e7351b1ee87766961010b1ce54a7e4c8f4 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\975e46e7351b1ee87766961010b1ce54a7e4c8f4.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9bcb0efbbfb5cb5c4bae2f361169e07b5604f4d8 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9bcb0efbbfb5cb5c4bae2f361169e07b5604f4d8.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9fad54a82fe60014d7bb27e2d093f77fcd0c58e7 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9fad54a82fe60014d7bb27e2d093f77fcd0c58e7.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f84b6a34b56cec15c1942664ffab6b65e0d2588f to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f84b6a34b56cec15c1942664ffab6b65e0d2588f.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a2917ec14a390ebf8c127f40bed1c8139e236dad to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a2917ec14a390ebf8c127f40bed1c8139e236dad.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d02765262ff82856f6b6d6bfe3a3c0adfde1f378 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d02765262ff82856f6b6d6bfe3a3c0adfde1f378.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d54da76e598693fed6a7f29197ea9cfafc48c386 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d54da76e598693fed6a7f29197ea9cfafc48c386.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\db022c3d5e65699f640d8dea20ee25904d318c2e to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\db022c3d5e65699f640d8dea20ee25904d318c2e.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ea96e609b604de6e32802827736e4e3fbf8968e1 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ea96e609b604de6e32802827736e4e3fbf8968e1.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f051a454b8c8a0ade5399bf26a2e4769d2f2e26e to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f051a454b8c8a0ade5399bf26a2e4769d2f2e26e.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f17b756097ea7730cd30b737575e8e035771440d to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f17b756097ea7730cd30b737575e8e035771440d.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f55a60e9f1f8dd35b32ea0a75c5d3cf3134eadee to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f55a60e9f1f8dd35b32ea0a75c5d3cf3134eadee.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\74faa831a5ad1348de267780d4c0c2f10cbbec39 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\74faa831a5ad1348de267780d4c0c2f10cbbec39.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\7589846a4928998b49801c20a83de33e66e13f8f to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\7589846a4928998b49801c20a83de33e66e13f8f.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\748a6d21cae584312dd1c1370afea70b0f7dda50 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\748a6d21cae584312dd1c1370afea70b0f7dda50.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\6bcfeb3762e112d2542e34a8f05f88a9e4e3fb85 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\6bcfeb3762e112d2542e34a8f05f88a9e4e3fb85.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5dc222a516928643f8ed46f83a0a0e72c9bcc556 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5dc222a516928643f8ed46f83a0a0e72c9bcc556.suffering
  • from %TEMP%\ose00000.exe to %TEMP%\ose00000.exe.suffering
  • from %TEMP%\setupexe(20220928171621f0c).log to %TEMP%\setupexe(20220928171621f0c).log.suffering
  • from %TEMP%\tmpaddon to %TEMP%\tmpaddon.suffering
  • from %TEMP%\wmsetup.log to %TEMP%\wmsetup.log.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\026a91c419276cf4863cd88d801b264a6313a475 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\026a91c419276cf4863cd88d801b264a6313a475.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\03a3284413e76ab9ef6155914780932b53a25664 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\03a3284413e76ab9ef6155914780932b53a25664.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\136a8bd8034c58767248fd9fc2ad68acdd18e0e8 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\136a8bd8034c58767248fd9fc2ad68acdd18e0e8.suffering
  • from %TEMP%\adobesfx.log to %TEMP%\adobesfx.log.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\3abe6035282cf9d17dcb0d733614aca8c2c8cf59 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\3abe6035282cf9d17dcb0d733614aca8c2c8cf59.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\2895d329d9cde4eec4507c923e0791bb67db775c to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\2895d329d9cde4eec4507c923e0791bb67db775c.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\428ce5f79975b5b9386d888b4ccf43c454026772 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\428ce5f79975b5b9386d888b4ccf43c454026772.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\42c578c60b0903411b144f4fe8f0ac15970ba12d to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\42c578c60b0903411b144f4fe8f0ac15970ba12d.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\479a9c134706bbbd248f73fc995af3aa265cfc1c to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\479a9c134706bbbd248f73fc995af3aa265cfc1c.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\4b90ddaeeeea60534fa3d5f56046728fba5f4989 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\4b90ddaeeeea60534fa3d5f56046728fba5f4989.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\54dc5dc926acfd0f0401949db5cbca5383cb6b77 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\54dc5dc926acfd0f0401949db5cbca5383cb6b77.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\555a30c7d621272ee74028365657a74c84f34f1a to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\555a30c7d621272ee74028365657a74c84f34f1a.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5900ec362904c1176f9e26c94e22abd34b7ac911 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5900ec362904c1176f9e26c94e22abd34b7ac911.suffering
  • from %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20220928_165304913-msi_vc_red.msi.txt to %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20220928_165304913-msi_vc_red.msi.txt.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\406421ee1ea3752de381837216a1d0ef0c69fdc3 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\406421ee1ea3752de381837216a1d0ef0c69fdc3.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a83086528d2c610b97ace39364df9611a9cd75c1 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a83086528d2c610b97ace39364df9611a9cd75c1.suffering
  • from %APPDATA%\mozilla\firefox\crash reports\installtime20200708170202 to %APPDATA%\mozilla\firefox\crash reports\installtime20200708170202.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.lib to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.lib.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\sessioncheckpoints.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\sessioncheckpoints.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\times.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\times.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\webappsstore.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\webappsstore.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\xulstore.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\xulstore.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\a6077284-6dcc-4781-9fb7-7f9d7b5132bf to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\a6077284-6dcc-4781-9fb7-7f9d7b5132bf.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\d092fa80-6cc0-49cc-9da4-f67b3d6cdc55 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\d092fa80-6cc0-49cc-9da4-f67b3d6cdc55.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\e60182f3-3480-48d0-bc12-b3b897042a6b to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\e60182f3-3480-48d0-bc12-b3b897042a6b.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\session-state.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\session-state.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\state.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\state.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411763506.e60182f3-3480-48d0-bc12-b3b897042a6b.new-profile.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411763506.e60182f3-3480-48d0-bc12-b3b897042a6b.new-profile.jsonlz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764034.d092fa80-6cc0-49cc-9da4-f67b3d6cdc55.main.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764034.d092fa80-6cc0-49cc-9da4-f67b3d6cdc55.main.jsonlz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764036.a6077284-6dcc-4781-9fb7-7f9d7b5132bf.first-shutdown.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764036.a6077284-6dcc-4781-9fb7-7f9d7b5132bf.first-shutdown.jsonlz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\store.json.mozlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\store.json.mozlz4.suffering
  • from %APPDATA%\thunderbird\profiles\49zr3fqa.default\times.json to %APPDATA%\thunderbird\profiles\49zr3fqa.default\times.json.suffering
  • from %APPDATA%\thunderbird\crash reports\installtime20210406220621 to %APPDATA%\thunderbird\crash reports\installtime20210406220621.suffering
  • from %APPDATA%\telegram desktop\telegram.exe to %APPDATA%\telegram desktop\telegram.exe.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\search.json.mozlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\search.json.mozlz4.suffering
  • from %APPDATA%\telegram desktop\unins000.exe to %APPDATA%\telegram desktop\unins000.exe.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\prefs.js to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\prefs.js.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\pkcs11.txt to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\pkcs11.txt.suffering
  • from %APPDATA%\thunderbird\profiles.ini to %APPDATA%\thunderbird\profiles.ini.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\abook.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\abook.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addons.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addons.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addonstartup.json.lz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addonstartup.json.lz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\blist.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\blist.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\compatibility.ini to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\compatibility.ini.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\cookies.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\cookies.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\directorytree.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\directorytree.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\enigmail.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\enigmail.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extension-preferences.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extension-preferences.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extensions.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extensions.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\favicons.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\favicons.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\formhistory.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\formhistory.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\global-messages-db.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\global-messages-db.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\history.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\history.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\openpgp.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\openpgp.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\permissions.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\permissions.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\places.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\places.sqlite.suffering
  • from %APPDATA%\telegram desktop\updater.exe to %APPDATA%\telegram desktop\updater.exe.suffering
  • from %APPDATA%\mozilla\firefox\installs.ini to %APPDATA%\mozilla\firefox\installs.ini.suffering
  • from %APPDATA%\mozilla\firefox\profiles.ini to %APPDATA%\mozilla\firefox\profiles.ini.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\security_state\data.safe.bin to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\security_state\data.safe.bin.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\bef7f9cf-b0b1-42d8-a037-8d586d4d1e42 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\bef7f9cf-b0b1-42d8-a037-8d586d4d1e42.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\dc5a4164-f290-4a08-a5ec-0fe7810acbc6 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\dc5a4164-f290-4a08-a5ec-0fe7810acbc6.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\f9af9616-8535-4ace-8050-4454f33ad475 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\f9af9616-8535-4ace-8050-4454f33ad475.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\fbcd22a2-e53a-4131-9ef1-1935f505d9ca to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\fbcd22a2-e53a-4131-9ef1-1935f505d9ca.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\license.txt to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\license.txt.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\manifest.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\manifest.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\store.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\store.json.mozlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.sig to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.sig.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\session-state.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\session-state.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\state.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\state.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759331.f9af9616-8535-4ace-8050-4454f33ad475.new-profile.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759331.f9af9616-8535-4ace-8050-4454f33ad475.new-profile.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759476.fbcd22a2-e53a-4131-9ef1-1935f505d9ca.event.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759476.fbcd22a2-e53a-4131-9ef1-1935f505d9ca.event.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759547.bef7f9cf-b0b1-42d8-a037-8d586d4d1e42.main.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759547.bef7f9cf-b0b1-42d8-a037-8d586d4d1e42.main.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759551.dc5a4164-f290-4a08-a5ec-0fe7810acbc6.first-shutdown.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759551.dc5a4164-f290-4a08-a5ec-0fe7810acbc6.first-shutdown.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\recovery.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\recovery.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\upgrade.jsonlz4-20200708170202 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\upgrade.jsonlz4-20200708170202.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\previous.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\previous.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\idb\3647222921wleabceoxlt-eengsairo.sql... to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\idb\3647222921wleabceoxlt-eengsairo.sql...
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\.metadata-v2 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\.metadata-v2.suffering
  • from %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\user.js to %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\user.js.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addons.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addons.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addonstartup.json.lz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addonstartup.json.lz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\broadcast-listeners.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\broadcast-listeners.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\compatibility.ini to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\compatibility.ini.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\containers.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\containers.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extension-preferences.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extension-preferences.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\bookmarks-2023-04-28_11_3a7quggif+d7xxwa176j2q==.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\bookmarks-2023-04-28_11_3a7quggif+d7xxwa176j2q==.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\handlers.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\handlers.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\prefs.js to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\prefs.js.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\search.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\search.json.mozlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessioncheckpoints.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessioncheckpoints.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\shield-preference-experiments.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\shield-preference-experiments.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sitesecurityservicestate.txt to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sitesecurityservicestate.txt.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\times.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\times.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\user.js to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\user.js.suffering
  • from %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\times.json to %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\times.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\pkcs11.txt to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\pkcs11.txt.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ff9cb2bce37ded64cf411113359886d2315b4912 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ff9cb2bce37ded64cf411113359886d2315b4912.suffering
Modifies the following files
  • D:\install.log
  • <Drive name for removable media>:\contoso.cer
  • %HOMEPATH%\favorites\desktop.ini
  • <Drive name for removable media>:\sdkfailsafeemulator.cer
  • %HOMEPATH%\links\recentplaces.lnk
  • <Drive name for removable media>:\contosoroot.cer
  • %HOMEPATH%\links\downloads.lnk
  • <Drive name for removable media>:\contoso_1.cer
  • %HOMEPATH%\links\desktop.lnk
  • <Drive name for removable media>:\dialmap.bmp
  • %HOMEPATH%\links\desktop.ini
  • <Drive name for removable media>:\dial.bmp
  • %HOMEPATH%\music\desktop.ini
  • <Drive name for removable media>:\toolbar.bmp
  • %HOMEPATH%\pictures\desktop.ini
  • <Drive name for removable media>:\dashborder_96.bmp
  • %HOMEPATH%\saved games\desktop.ini
  • <Drive name for removable media>:\dashborder_192.bmp
  • %HOMEPATH%\searches\indexed locations.search-ms
  • %HOMEPATH%\searches\everywhere.search-ms
  • <Drive name for removable media>:\archer.avi
  • %HOMEPATH%\searches\desktop.ini
  • <Drive name for removable media>:\split.avi
  • %HOMEPATH%\videos\desktop.ini
  • <Drive name for removable media>:\correct.avi
  • D:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\desktop.ini
  • <Drive name for removable media>:\000814251_video_01.avi
  • C:\users\desktop.ini
  • %HOMEPATH%\favorites\windows live\get windows live.url
  • %HOMEPATH%\favorites\windows live\windows live gallery.url
Modifies multiple files.
Substitutes the following files
  • %ALLUSERSPROFILE%\Microsoft\Search\Data\Applications\Windows\MSS.log
  • %ALLUSERSPROFILE%\microsoft\search\data\applications\windows\msstmp.log
Modifies user data files (Trojan.Encoder).
Changes user data files extensions (Trojan.Encoder).
Network activity
TCP
Other
  • '35.##1.9.150':443
Miscellaneous
Executes the following
  • '<SYSTEM32>\searchprotocolhost.exe' Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "%...
  • '<SYSTEM32>\searchfilterhost.exe' 0 508 512 520 65536 516

Recommandations pour le traitement

  1. Si le système d'exploitation peut être démarré (en mode normal ou en mode sans échec), téléchargez Dr.Web Security Space et lancez un scan complet de votre ordinateur et de tous les supports amovibles que vous utilisez. En savoir plus sur Dr.Web Security Space.
  2. Si le démarrage du système d'exploitation est impossible, veuillez modifier les paramètres du BIOS de votre ordinateur pour démarrer votre ordinateur via CD/DVD ou clé USB. Téléchargez l'image du disque de secours de restauration du système Dr.Web® LiveDisk ou l'utilitaire pour enregistrer Dr.Web® LiveDisk sur une clé USB, puis préparez la clé USB appropriée. Démarrez l'ordinateur à l'aide de cette clé et lancez le scan complet et le traitement des menaces détectées.
Version démo gratuite

 

Télécharger Dr.Web

Par le numéro de série

Veuillez lancer le scan complet du système à l'aide de Dr.Web Antivirus pour Mac OS.

Version démo gratuite

 

Télécharger Dr.Web sur le site

Par le numéro de série

Télécharger Dr.Web sur l'Apple Store

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

Version démo gratuite

 

Télécharger Dr.Web

Par le numéro de série

  1. Si votre appareil mobile fonctionne correctement, veuillez télécharger et installer sur votre appareil mobile Dr.Web pour Android. Lancez un scan complet et suivez les recommandations sur la neutralisation des menaces détectées.
  2. Si l'appareil mobile est bloqué par le Trojan de la famille Android.Locker (un message sur la violation grave de la loi ou la demande d'une rançon est affiché sur l'écran de l'appareil mobile), procédez comme suit:
    • démarrez votre Smartphone ou votre tablette en mode sans échec (si vous ne savez pas comment faire, consultez la documentation de l'appareil mobile ou contactez le fabricant) ;
    • puis téléchargez et installez sur votre appareil mobile Dr.Web pour Android et lancez un scan complet puis suivez les recommandations sur la neutralisation des menaces détectées ;
    • Débranchez votre appareil et rebranchez-le.

En savoir plus sur Dr.Web pour Android

Free trial

14 days

Download now
Get it on Google Play