Pour les utilisateurs

Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Contacter-nous !
Support 24/24 | Rules regarding submitting

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -

Nous téléphoner

0 825 300 230

Profil

Trojan.Crossrider.27329

Added to the Dr.Web virus database: 2014-08-01

Virus description added:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • %WINDIR%\Tasks\9e893048-71e0-493a-8706-f02bca8b7fff-1.job
  • %WINDIR%\Tasks\9e893048-71e0-493a-8706-f02bca8b7fff-4.job
  • %WINDIR%\Tasks\temp_9e893048-71e0-493a-8706-f02bca8b7fff-2.job
  • %WINDIR%\Tasks\9e893048-71e0-493a-8706-f02bca8b7fff-2.job
  • %WINDIR%\Tasks\9e893048-71e0-493a-8706-f02bca8b7fff-11.job
  • %WINDIR%\Tasks\9e893048-71e0-493a-8706-f02bca8b7fff-3.job
  • %WINDIR%\Tasks\globalUpdateUpdateTaskMachineUA.job
  • %WINDIR%\Tasks\globalUpdateUpdateTaskMachineCore.job
Creates the following services:
  • [<HKLM>\SYSTEM\ControlSet001\Services\globalUpdate] 'Start' = '00000002'
Malicious functions:
Creates and executes the following:
  • '%PROGRAM_FILES%\The weDownload Manager\9e893048-71e0-493a-8706-f02bca8b7fff-4.exe' /EbNKx /rhQlRk='The weDownload Manager' /dkebye='%PROGRAM_FILES%\The weDownload Manager\9e893048-71e0-493a-8706-f02bca8b7fff.xpi' /ikoRVOLO=49074 /AtjrkBPBr='000898' /ZMLUgUD='0' /viFJA='0' /GHvJq=4873A71512AD411F944B0BD1F8196400IE /GPrGceshE=0cc6fa10cc8038666683cc2625f0192d /dXdWmrV=1_34_07_01 /gcnBGN=1.34.7.1 /gcQfF=1412772002 /IDJrgDt=http://st###.#nfodatacloud.com /QcfMG=http://er####.#nfodatacloud.com /sWbCcJrs=300 /hJITuPi=b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com /SqKGri=0.95 /fjKNCTy=ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074 /qvdYbe=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/49074.rdf /FLMLAr='The weDownload Manager' /QTdjZ='Enhance your search results with direct download links and information for apps and games.' /vGOaxyx='weDownload' /CvrUCk=ie /ftFvcDUS='{"asw":[0, 0, 0]}' /MWoGon /XXYKU /YOEBFGcj /lnofFpy='http://up####.#nfodatacloud.com/ff_agent_updates/{CAMP_ID}/update.json' /kxbMb /mqdob='installer' /VsvnHvuuU='%TEMP%\The weDownload ManagerInstaller_1412772002.log'
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /svc
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszQjVBNTU4Qy01QTQwLTQ4RDktQTBBNS01NkREQjM2OEU0Qzl9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0UxMDlCNEI3LTEzNDktNDI3OC1CNEU2LUI4OEVERUE2MThEOX0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQ4OUFDNDlGLTFDQ0UtNDYxOC1CQzQyLUZDNTQyOEI4RjZEQ30iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMTA3Mjg5Njc2MCIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg==
  • '%PROGRAM_FILES%\The weDownload Manager\The weDownload Manager-codedownloader.exe' /SwfnNWx /rhQlRk='The weDownload Manager' /ikoRVOLO=49074 /AtjrkBPBr='000898' /ZMLUgUD='0' /viFJA='0' /GHvJq=4873A71512AD411F944B0BD1F8196400IE /GPrGceshE=0cc6fa10cc8038666683cc2625f0192d /dXdWmrV=1_34_07_01 /gcnBGN=1.34.7.1 /gcQfF=1412772002 /IDJrgDt=http://st###.#nfodatacloud.com /QcfMG=http://er####.#nfodatacloud.com /RreYhuUu=http://js.####datacloud.com /CvrUCk=ie /PIfvSqfz='The weDownload Manager' /xSSrsKE=http://js.####ntdemocloud.com /MWoGon /ftFvcDUS='{"asw":[0, 0, 0]}' /mqdob=installer /VsvnHvuuU='%TEMP%\The weDownload ManagerInstaller_1412772002.log' /gebIZaDF='file://%TEMP%\nsw3.tmp\extensionData'
  • '%PROGRAM_FILES%\The weDownload Manager\9e893048-71e0-493a-8706-f02bca8b7fff-2.exe' /tbXmhz /rhQlRk='The weDownload Manager' /ikoRVOLO=49074 /AtjrkBPBr='000898' /ZMLUgUD='0' /viFJA='0' /GHvJq=4873A71512AD411F944B0BD1F8196400IE /GPrGceshE=0cc6fa10cc8038666683cc2625f0192d /dXdWmrV=1_34_07_01 /gcQfF=1412772002 /IDJrgDt=http://st###.#nfodatacloud.com /QcfMG=http://er####.#nfodatacloud.com /MrYsID=11111111-1111-1111-1111-110411901174 /CvrUCk=ie /NzlOXq /MWoGon /lnofFpy='http://up####.#nfodatacloud.com/ie_enable_agent_updates/{CAMP_ID}/update.json' /mqdob='installer' /VsvnHvuuU='%TEMP%\The weDownload ManagerInstaller_1412772002.log'
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /handoff "appguid={489ac49f-1cce-4618-bc42-fc5428b8f6dc}&appname=9347f614-2085-426f-8022-1fbbcf46ddb5&needsadmin=True&lang=en" /installsource otherinstallcmd /sessionid "{3B5A558C-5A40-48D9-A0A5-56DDB368E4C9}" /silent
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regsvc
  • '%TEMP%\comh.412533\GoogleUpdate.exe' /silent /install "appguid={489ac49f-1cce-4618-bc42-fc5428b8f6dc}&appname=9347f614-2085-426f-8022-1fbbcf46ddb5&needsadmin=True&lang=en"
  • '%PROGRAM_FILES%\The weDownload Manager\9e893048-71e0-493a-8706-f02bca8b7fff-11.exe' /DAOSFkni=iaPDetOkdN0byjdj6BvJuaB85+NaQjtYZfvfARr1B9l5IgIs9+W+s14VWPQ+RozCA1ZN0JJbTTnEPCRb2PoNNtZlkvxKeYjTUqmpfdqhVZkyDyMv2x5owW/AM91ZSSLuYveYEi33/4OJE9Kowf49E9ajCemFn1NVNWNOG2+X0Wp8tKYQUqS4LGGXRtsZf7NLKE43G92hQ9BC2AosZ2u1e22ac1XzFzMK9WASU1jHVMwY+TIkOsb+l6MRzxon/CasUPNyDCKj07EHjTvkxIRwXcmotFER9P+982ejtTGQIvK6bivSJCcSRDOeSbDXS7/dzOSkkScYv9ZRKjI2w5dOhnJiDlyjcII8T4Q71b+7rL3ltK35TddFUhBSYfZYSQR5pqto5RE4MRnKDgMt/I7nL41izNoVrnlv2lWdggPygb2WKWG/ZwGQ0oJig7OEAZ3vl1RdhY2T2M/+TszOhHF7dC4pILmpcnU/r/M5cbquaT9NbBQgVzCFT5gzYBzcAE5BH7pObd4HWJNfzvEZNhvpAjZ5Lzqw5PEc796NojI+W1m8+XlLpBSu7FWWujARQNHoVFAT6Toi+RvoDI2i35rAvRyL/3uVfJ9+crb0EUqTb4jQykEr51bLqH2U7bK6dYocVD+gy8EQ2h/DhqzndZ9nd0dpllcCF7rLNuHizgYcbz5FBvzwEBqet1DsmxxIOIUK8rjtw2TEsUHJ8mhI8WixNxP0pILU1IlkC9l7WB4QKGjrUQdbc8xHrWssozhdybV5OM52TpQCtV+delCwCRQtCuNuUSyqtu2qx6R9V8WIexmwB3/CmQ3SbMcaRBcuHSdI9X6NpmnaPQQaS62EdqRZf6psPuC8s+YCcY09v3tbeQXrQrdMR2Hr00yfX4rU7+MlS2pJy10uy3264rWjq7qN0NgEzUmvyRgs6bnIu6D13V56RtKSB28ezkgh56VZGk+FnssOiPRAYe58FHUdBDw4L++gx/6cZFp5vurfJwvDzf+axIezpUXmJ9dWrj/sKsYmT2hXepepez5RpVkXngLZAwDmWVq+fE3apg3+QCPFhDdPjNW+xA4H1fW4WOD9KSqFzMjUixkRcKSKUqLhMqlHwM911XMTLth8uWYxsfff6com1oqFJUjzh4X3QbjhpaJ0J6GoDZ7EzLsPuoqJsKXrIwsO2Spg81BeewQj5oIzdZOQBoMeCihW/G75v9QD/aYDjd1RPH+xVdRsIkMO4O3dVXNPzS4juWPp926RPqIr7/5GzjOroT6Wpo37+BJpk0kcUa2BrxeplExaitM1PhrxgdYB2nUdoX+ZJOHk8JLEnvbNNe98exP8K+bkU7ucjsk+KlM0fui75BJo8BAyGdr7JcaqXT+BElRymUE2gtSj+KEgqndrBRVkTPGjPwn0bTWkqnJetmNjObnHOkoBXxZRWxE3OsHfKOQHfrPExvcHsTelu3/YKpc7mxtUercQW+Zji1/+qM+A7Mr8izRLk572LbfPHzpF7S3DUdnY4edSHAJuC/sJIS/FvGV5r/PEqdWnLwxisciRQy4WpJBuMNNxB5jiuEgRPwCkqvzqSZaaom9My5SJAVj1AECbnearulwg+MiffNK0/H4KcZvRtjm2TTC6sL8Wl0SnBrE8ki9pV1QQubn1N6Z+yLojOno/EH36jtY3X59zlst1o2+7cH6swCca6pANTxyjk013j0KE0EGDZkVUEYBcqvXO2x0RupUDcuiMPufNL3dQE+Znn1xxnuGs3tLYUh4169uyM5mDe61Z2niAOw/D7A7KuWtQZ06T6wmYMQyfb+Qkw2MK8bdUnb8ffA2MA5g57oaQET7qUkCC+kfGrncZvaXW/II/yh5PWPWhCbe5wKAevMEQF4sn7w==
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszQjVBNTU4Qy01QTQwLTQ4RDktQTBBNS01NkREQjM2OEU0Qzl9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezNCNDNDNEU4LTQzQTQtNDAxQy04NjY1LUFEM0FFQkFFNzYzNX0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yNS4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48L2FwcD48L3JlcXVlc3Q-
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regserver
Executes the following:
  • '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\The weDownload Manager\The weDownload Manager-bho.dll"
  • '<SYSTEM32>\msiexec.exe' /V
Terminates or attempts to terminate
the following user processes:
  • opera.exe
  • firefox.exe
  • iexplore.exe
Modifies file system :
Creates the following files:
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\popup.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\icon48.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\f1ce41e86a0d58da48cc39f1c3b3b192.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\update.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\skin.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\button5.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\button2.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\d72cf8244ee9f5aeeeda6014f1f6ab85.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\d02d7f4352d205108843d4e4212c200b.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\4079b592c43a592d6c32a4558673557e.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\387f51e9f3956b65e222a7bbdfc46578.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\04fc8cdf7c7a190d4e101a6112dd7ffd.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\514a15f9a22bd62a1258ed78610d3fe2.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\34325a7f16c8ae998bc1171bc382db24.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\014b5f41672d4f090f5adfc16d3a7f9e.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\icon24.png
  • %TEMP%\nsw3.tmp\extensionData\plugins\1.js
  • %TEMP%\nsw3.tmp\extensionData\plugins.json
  • %TEMP%\nsw3.tmp\extensionData\manifest.xml
  • %TEMP%\nsw3.tmp\extensionData\plugins\102.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\13.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\123.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\104.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\icon16.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\button1.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\button3.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\panelarrow-up.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\button4.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\crossrider_statusbar.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\icon128.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\2a0e9386f293c6a1d28b87ffbffb9630.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\6d842af35cf2e25454f1460b7be5dfae.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\1b607d2785f92332a46856dbbe2e95a3.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\650c7c74a065e52581c963780e470b22.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\e55ead55992a0c85b1ed4a9035e3ddac.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\7dd5f3e7d852d5bcbb5ca3fec8c9b611.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\f11c7d60152347f553aa02a74b5507cc.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\9eecf8147b767990e508974a0172c990.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\19b3659fe5e0f4660bf18a12c605d51c.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\37c6dfd076bc5478781c36d9c1c930a7.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\browser.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\963f7b99f1b1212ef74ff9a8b4e4a471.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\30b1411a9eb67cc777f5eebd7cdaf54c.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\43a102542eca758e1e49c8298c56eed9.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\3fff07414e6b785c5c994d788bd563eb.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\installer.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\ddd729bdaaa98d45075dd6275de87e92.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\89c35a3cb3f7fc9012334b0e36d72750.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\5c74fc5f164fa7275e4eeca40bc852f8.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\87875fd65040178e74d002258538c1fb.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\0779714ddd4ed2972976d596b144ee0c.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\0e0fb2ea83c4e2b901a1876eec906593.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\22871f8fee4ba42e159ed6b9df6243e8.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\f2631f1c46b4caf1a64c09bc0cc11ae2.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\41ded25e8142187575f43b8c1cd73253.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\108e9831adfa09fc541b4c27937ac654.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\fdcc68b9ea0b1dd99ac62cfa4ecd4cf2.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\a7b9514d9cc40b967c3c89ee5359927d.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\0097d225569fe4aa255a4d15b2e63f4d.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\8aca71a02a32e487316c81d255f85499.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\833f895d7605aaa76485f87d529e577c.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\14.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\43.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\42.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\41.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\44.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\47.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\46.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\45.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\40.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\36.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\35.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\3.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\37.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\4.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\39.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\38.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\5.js
  • %PROGRAM_FILES%\The weDownload Manager\The weDownload Manager-bho.dll
  • %TEMP%\nsw3.tmp\extensionData\userCode\extension.js
  • %TEMP%\nsw3.tmp\extensionData\userCode\background.js
  • %PROGRAM_FILES%\The weDownload Manager\9e893048-71e0-493a-8706-f02bca8b7fff-2.exe
  • %PROGRAM_FILES%\The weDownload Manager\The weDownload Manager-codedownloader.exe
  • %PROGRAM_FILES%\The weDownload Manager\The weDownload Manager-bg.exe
  • %PROGRAM_FILES%\The weDownload Manager\background.html
  • %TEMP%\nsw3.tmp\extensionData\plugins\94.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\72.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\7.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\64.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\78.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\93.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\91.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\9.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\2.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\195.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\193.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\207.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\220.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\22.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\21.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\192.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\180.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\177.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\17.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\182.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\191.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\184.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\183.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\221.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\263.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\262.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\260.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\269.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\286.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\281.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\28.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\246.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\230.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\226.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\223.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\233.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\244.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\242.js
  • %TEMP%\nsw3.tmp\extensionData\plugins\234.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\options.js
  • %TEMP%\Cab8.tmp
  • %PROGRAM_FILES%\The weDownload Manager\1293297481.mxaddon
  • %TEMP%\Cab6.tmp
  • %PROGRAM_FILES%\The weDownload Manager\d4585b68-afd9-4ac6-b7a2-b4ef85abd1d3.crx
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi
  • %PROGRAM_FILES%\The weDownload Manager\9e893048-71e0-493a-8706-f02bca8b7fff.crx
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB
  • %TEMP%\Cab4.tmp
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA
  • %PROGRAM_FILES%\The weDownload Manager\9e893048-71e0-493a-8706-f02bca8b7fff-3.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psuser.dll
  • C:\Config.Msi\38011.rbs
  • %PROGRAM_FILES%\The weDownload Manager\9e893048-71e0-493a-8706-f02bca8b7fff.xpi
  • %WINDIR%\Installer\MSIA.tmp
  • %TEMP%\MSI389d2.LOG
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\locale\en-US\translations.dtd
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\install.rdf
  • %PROGRAM_FILES%\The weDownload Manager\9e893048-71e0-493a-8706-f02bca8b7fff-4.exe
  • %WINDIR%\Installer\3800e.msi
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
  • %PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psmachine.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe
  • %TEMP%\nsw3.tmp\ExecDos.dll
  • %PROGRAM_FILES%\The weDownload Manager\9e893048-71e0-493a-8706-f02bca8b7fff-11.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe
  • %TEMP%\nsw3.tmp\update.json
  • %TEMP%\nsw3.tmp\inetc.dll
  • %PROGRAM_FILES%\The weDownload Manager\utils.exe
  • %PROGRAM_FILES%\The weDownload Manager\Uninstall.exe
  • %TEMP%\nsw3.tmp\196386
  • %TEMP%\nsw3.tmp\206907
  • %TEMP%\nsw3.tmp\UserInfo.dll
  • %TEMP%\nsw3.tmp\System.dll
  • %TEMP%\nsw3.tmp\StdUtils.dll
  • %TEMP%\nsr2.tmp
  • %TEMP%\nsw3.tmp\InstallerUtils.dll
  • %TEMP%\nsw3.tmp\md5dll.dll
  • %TEMP%\nsw3.tmp\nsisos.dll
  • %TEMP%\nsw3.tmp\InstallerUtils2.dll
  • %TEMP%\comh.412533\GoogleCrashHandler.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdate.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe
  • %TEMP%\comh.412533\psuser.dll
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
  • %PROGRAM_FILES%\The weDownload Manager\a1cd7c3c-1178-486f-b40a-e3bedb0f0659.crx
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %TEMP%\comh.412533\psmachine.dll
  • %TEMP%\comh.412533\GoogleUpdateHelper.msi
  • %TEMP%\comh.412533\GoogleUpdateBroker.exe
  • %TEMP%\comh.412533\GoogleUpdate.exe
  • %TEMP%\comh.412533\GoogleUpdateOnDemand.exe
  • %TEMP%\comh.412533\npGoogleUpdate4.dll
  • %TEMP%\comh.412533\goopdateres_en.dll
  • %TEMP%\comh.412533\goopdate.dll
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\defaults\preferences\prefs.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\72.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\191.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\223.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\184.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\78.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\102.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\193.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\64.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\260.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\263.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\233.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\22.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\220.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\262.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\246.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\17.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\background.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\dialog.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\a40f17669ddd075193237ba9dcdef8ba.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\4ef2a28dad618e27c0796b57c79aa353.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\1757fe413716938a3e6d8f5db95dffd5.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\search_dialog.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\ffCoreFilesIndex.txt
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\options.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\98.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\13.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\47.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\207.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\1fbc6400b767c7e336f6faff9e2c1ae3.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\userCode\background.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\userCode\extension.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\244.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\123.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\192.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\286.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\93.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\230.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\221.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\226.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\manifest.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins.json
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome.manifest
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\183.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\268.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\28.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\180.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\16.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\182.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\195.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\1.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\9.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\177.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\14.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\104.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\5.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\281.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\242.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\91.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\4.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\7.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\234.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\21.js
Deletes the following files:
  • %WINDIR%\Installer\3800e.msi
  • C:\Config.Msi\38011.rbs
  • %WINDIR%\Installer\38010.ipi
  • %WINDIR%\Tasks\temp_9e893048-71e0-493a-8706-f02bca8b7fff-2.job
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
  • %TEMP%\Cab4.tmp
  • %TEMP%\nsw3.tmp\196386
  • %TEMP%\Cab6.tmp
  • %WINDIR%\Installer\MSIA.tmp
  • %TEMP%\Cab8.tmp
Network activity:
Connects to:
  • 'ts####.ws.symantec.com':80
  • 'cr#.#hawte.com':80
  • 'localhost':1045
  • 'localhost':1050
  • 'localhost':1047
  • 'er####.#nfodatacloud.com':80
  • 'up####.#nfodatacloud.com':80
  • 'st###.#nfodatacloud.com':80
  • 'www.download.windowsupdate.com':80
  • 'lo##.##fodatacloud.com':80
TCP:
HTTP GET requests:
  • up####.#nfodatacloud.com/omaha/489AC49F-1CCE-4618-BC42-FC5428B8F6DC/1/update.xml?ra########################################################################################################################################################################################
  • up####.#nfodatacloud.com/omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?ra########
  • ts####.ws.symantec.com/tss-ca-g2.crl
  • up####.#nfodatacloud.com/omaha/489AC49F-1CCE-4618-BC42-FC5428B8F6DC/1/update.xml?ra########
  • up####.#nfodatacloud.com/omaha/489AC49F-1CCE-4618-BC42-FC5428B8F6DC/1/ping.xml?ra#####
  • up####.#nfodatacloud.com/omaha/489AC49F-1CCE-4618-BC42-FC5428B8F6DC/1/ping.xml?ra########
  • lo##.##fodatacloud.com/monetization.gif?ra######################################################################################################################################################################
  • st###.#nfodatacloud.com/installer.gif?ac#####################################################################################################################################################################################################################################################################################################################################################################################################################################
  • er####.#nfodatacloud.com/installer-error.gif?ac########################################################################################################################################################################################################################################################################################################################################################################################################
  • up####.#nfodatacloud.com/installer_updates/000898/update.json
  • lo##.##fodatacloud.com/monetization.gif?ev#######################################################################################################################################################################################################################################################################
  • cr#.#hawte.com/ThawteTimestampingCA.crl
  • www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
UDP:
  • DNS ASK www.download.windowsupdate.com
  • DNS ASK cr#.#hawte.com
  • DNS ASK ts####.ws.symantec.com
  • DNS ASK lo##.##fodatacloud.com
  • DNS ASK up####.#nfodatacloud.com
  • DNS ASK er####.#nfodatacloud.com
  • DNS ASK st###.#nfodatacloud.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Recommandations pour le traitement

  1. Si le système d'exploitation peut être démarré (en mode normal ou en mode sans échec), téléchargez Dr.Web Security Space et lancez un scan complet de votre ordinateur et de tous les supports amovibles que vous utilisez. En savoir plus sur Dr.Web Security Space.
  2. Si le démarrage du système d'exploitation est impossible, veuillez modifier les paramètres du BIOS de votre ordinateur pour démarrer votre ordinateur via CD/DVD ou clé USB. Téléchargez l'image du disque de secours de restauration du système Dr.Web® LiveDisk ou l'utilitaire pour enregistrer Dr.Web® LiveDisk sur une clé USB, puis préparez la clé USB appropriée. Démarrez l'ordinateur à l'aide de cette clé et lancez le scan complet et le traitement des menaces détectées.

Veuillez lancer le scan complet du système à l'aide de Dr.Web Antivirus pour Mac OS.

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

  1. Si votre appareil mobile fonctionne correctement, veuillez télécharger et installer sur votre appareil mobile Dr.Web pour Android. Lancez un scan complet et suivez les recommandations sur la neutralisation des menaces détectées.
  2. Si l'appareil mobile est bloqué par le Trojan de la famille Android.Locker (un message sur la violation grave de la loi ou la demande d'une rançon est affiché sur l'écran de l'appareil mobile), procédez comme suit:
    • démarrez votre Smartphone ou votre tablette en mode sans échec (si vous ne savez pas comment faire, consultez la documentation de l'appareil mobile ou contactez le fabricant) ;
    • puis téléchargez et installez sur votre appareil mobile Dr.Web pour Android et lancez un scan complet puis suivez les recommandations sur la neutralisation des menaces détectées ;
    • Débranchez votre appareil et rebranchez-le.

En savoir plus sur Dr.Web pour Android

Editeur russe des solutions antivirus Dr.Web
Expérience dans le développement depuis 1992
Les internautes dans plus de 200 pays utilisent Dr.Web
L'antivirus est fourni en tant que service depuis 2007
Support 24/24

Dr.Web © Doctor Web
2003 — 2022

Doctor Web est un éditeur russe de solutions de cybersécurité axées sur la détection de menaces et les technologies de prévention et de réponse aux cyberattaques.