用户服务中心

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
服务
扫描仪
Dr.Web vxCube
试用
计算机病毒事件调查
病毒知识库
知识库

技术

术语

教育培训

误区

新闻

Trojan.Encoder.37555

Added to the Dr.Web virus database: 2023-05-09

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [\REGISTRY\USER\S-1-5-21-1238866942-1249195528-555854008-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'BrowserUpdateCheck' = '%LOCALAPPDATA%\<File name>.exe'
Creates the following files on removable media
  • <Drive name for removable media>:\000814251_video_01.avi
  • <Drive name for removable media>:\samieee_obiee_presentation.pptx
  • <Drive name for removable media>:\roozenedowebinar.pptx
  • <Drive name for removable media>:\middaugh_keynote.pptx
  • <Drive name for removable media>:\stoc13_ml_quoc_le.pptx
  • <Drive name for removable media>:\notepad.exe
  • <Drive name for removable media>:\chromesetup.exe
  • <Drive name for removable media>:\tcm851ax32.exe
  • <Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc
  • <Drive name for removable media>:\lisp_success.doc
  • <Drive name for removable media>:\weeklysheet1215.doc
  • <Drive name for removable media>:\february_catalogue__2015.doc
  • <Drive name for removable media>:\ovp25012015.doc
  • <Drive name for removable media>:\508softwareandos.doc
  • <Drive name for removable media>:\indogerman2010.pptx
  • <Drive name for removable media>:\sdksampleprivdeveloper.cer
  • <Drive name for removable media>:\contoso.cer
  • <Drive name for removable media>:\sdkfailsafeemulator.cer
  • <Drive name for removable media>:\contosoroot.cer
  • <Drive name for removable media>:\contoso_1.cer
  • <Drive name for removable media>:\dialmap.bmp
  • <Drive name for removable media>:\dial.bmp
  • <Drive name for removable media>:\toolbar.bmp
  • <Drive name for removable media>:\dashborder_96.bmp
  • <Drive name for removable media>:\dashborder_192.bmp
  • <Drive name for removable media>:\archer.avi
  • <Drive name for removable media>:\split.avi
  • <Drive name for removable media>:\correct.avi
  • <Drive name for removable media>:\how_to_back_files.html
  • <Drive name for removable media>:\contosoroot_1.cer
  • <Drive name for removable media>:\hypothyroidism_slides.pptx
Malicious functions
Reads files which store third party applications passwords
  • %HOMEPATH%\desktop\000814251_video_01.avi
  • %HOMEPATH%\desktop\uep_form_786_bulletin_1726i602.doc
  • %HOMEPATH%\desktop\trivial-merge.htm
  • %HOMEPATH%\desktop\tree_view.html
  • %HOMEPATH%\desktop\tree_view.htm
  • %HOMEPATH%\desktop\thlps_keeper_mayer_1965.docx
  • %HOMEPATH%\desktop\ovp25012015.doc
  • %HOMEPATH%\desktop\nwfieldnotes1966.docx
  • %HOMEPATH%\desktop\lisp_success.doc
  • %HOMEPATH%\desktop\iisstart.html
  • %HOMEPATH%\desktop\file_p_00000000_1371597592.docx
  • %HOMEPATH%\desktop\dial.bmp
  • %HOMEPATH%\desktop\delete.avi
  • %HOMEPATH%\desktop\dashborder_120.bmp
  • %HOMEPATH%\desktop\contosoroot_1.cer
  • %HOMEPATH%\desktop\coffee.bmp
  • %HOMEPATH%\desktop\browse.htm
  • %HOMEPATH%\desktop\adhd_and_obesity.docx
  • %APPDATA%\thunderbird\profiles.ini
  • %APPDATA%\mozilla\firefox\profiles.ini
Modifies file system
Creates the following files
  • %LOCALAPPDATA%\<File name>.exe
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f17b756097ea7730cd30b737575e8e035771440d
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f051a454b8c8a0ade5399bf26a2e4769d2f2e26e
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ea96e609b604de6e32802827736e4e3fbf8968e1
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\db022c3d5e65699f640d8dea20ee25904d318c2e
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d54da76e598693fed6a7f29197ea9cfafc48c386
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d02765262ff82856f6b6d6bfe3a3c0adfde1f378
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a83086528d2c610b97ace39364df9611a9cd75c1
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a2917ec14a390ebf8c127f40bed1c8139e236dad
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9fad54a82fe60014d7bb27e2d093f77fcd0c58e7
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9bcb0efbbfb5cb5c4bae2f361169e07b5604f4d8
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\975e46e7351b1ee87766961010b1ce54a7e4c8f4
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8eea81d3add1db638dd9873efefe50f2c1801c76
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f84b6a34b56cec15c1942664ffab6b65e0d2588f
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f55a60e9f1f8dd35b32ea0a75c5d3cf3134eadee
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\814c06500f01028c31a455285e090f30795a42b9
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\7589846a4928998b49801c20a83de33e66e13f8f
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\74faa831a5ad1348de267780d4c0c2f10cbbec39
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\748a6d21cae584312dd1c1370afea70b0f7dda50
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\6bcfeb3762e112d2542e34a8f05f88a9e4e3fb85
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5dc222a516928643f8ed46f83a0a0e72c9bcc556
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5900ec362904c1176f9e26c94e22abd34b7ac911
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\555a30c7d621272ee74028365657a74c84f34f1a
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\54dc5dc926acfd0f0401949db5cbca5383cb6b77
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\4b90ddaeeeea60534fa3d5f56046728fba5f4989
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\479a9c134706bbbd248f73fc995af3aa265cfc1c
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\42c578c60b0903411b144f4fe8f0ac15970ba12d
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8bef30daf9e2434eed4b7575bcd80c38a5a19d6a
  • %APPDATA%\telegram desktop\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ff9cb2bce37ded64cf411113359886d2315b4912
  • %ALLUSERSPROFILE%\package cache\{9d29fc96-9eee-4253-943f-96b3bbfdd0b6}v14.16.27024\packages\vcruntimeadditional_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\packages\vcruntimeminimum_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\packages\vcruntimeadditional_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\packages\vcruntimeminimum_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\packages\vcruntimeminimum_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{e699e009-1c3c-4e50-9b57-2b39f0954c7f}v14.29.30133\packages\vcruntimeadditional_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{ec9807de-b577-47b1-a024-0251805acf24}v14.29.30133\packages\vcruntimeminimum_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{f1b0fb3a-e0ea-47a6-9383-3650655403b0}v14.16.27024\packages\vcruntimeminimum_amd64\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{f65db027-aff3-4070-886a-0d87064aabb1}\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\packages\vcruntimeadditional_x86\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{fd9b6070-d13e-45dc-819b-41806bf45b6b}\how_to_back_files.html
  • %ALLUSERSPROFILE%\sun\java\java update\how_to_back_files.html
  • C:\users\default\how_to_back_files.html
  • C:\users\public\desktop\how_to_back_files.html
  • C:\users\public\documents\how_to_back_files.html
  • C:\users\public\downloads\how_to_back_files.html
  • C:\users\public\libraries\how_to_back_files.html
  • C:\users\public\music\sample music\how_to_back_files.html
  • C:\users\public\music\how_to_back_files.html
  • C:\users\public\pictures\sample pictures\how_to_back_files.html
  • C:\users\public\pictures\how_to_back_files.html
  • C:\users\public\recorded tv\sample media\how_to_back_files.html
  • C:\users\public\recorded tv\how_to_back_files.html
  • C:\users\public\videos\sample videos\how_to_back_files.html
  • C:\users\public\videos\how_to_back_files.html
  • C:\users\public\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\428ce5f79975b5b9386d888b4ccf43c454026772
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8221a41daafa532836d3e8eded1aac94d3955d16
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\406421ee1ea3752de381837216a1d0ef0c69fdc3
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\3abe6035282cf9d17dcb0d733614aca8c2c8cf59
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\2895d329d9cde4eec4507c923e0791bb67db775c
  • %HOMEPATH%\favorites\msn websites\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\how_to_back_files.html
  • %APPDATA%\thunderbird\how_to_back_files.html
  • %HOMEPATH%\contacts\how_to_back_files.html
  • %HOMEPATH%\desktop\how_to_back_files.html
  • %HOMEPATH%\documents\how_to_back_files.html
  • %HOMEPATH%\downloads\how_to_back_files.html
  • %HOMEPATH%\favorites\links\how_to_back_files.html
  • %HOMEPATH%\favorites\links for united states\how_to_back_files.html
  • %HOMEPATH%\favorites\microsoft websites\how_to_back_files.html
  • %HOMEPATH%\favorites\windows live\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\49zr3fqa.default\how_to_back_files.html
  • %HOMEPATH%\favorites\how_to_back_files.html
  • %HOMEPATH%\links\how_to_back_files.html
  • %HOMEPATH%\music\how_to_back_files.html
  • %HOMEPATH%\pictures\how_to_back_files.html
  • %HOMEPATH%\saved games\how_to_back_files.html
  • %HOMEPATH%\searches\how_to_back_files.html
  • %HOMEPATH%\videos\how_to_back_files.html
  • %HOMEPATH%\how_to_back_files.html
  • D:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\how_to_back_files.html
  • D:\how_to_back_files.html
  • C:\users\how_to_back_files.html
  • C:\users\public\09f104c96cb66f69613a15ad83c356ab4ff5859b702f50334d34f8e43dcb1dc1
  • %ALLUSERSPROFILE%\package cache\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\packages\vcruntimeadditional_amd64\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\doomed\how_to_back_files.html
  • %APPDATA%\thunderbird\crash reports\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\how_to_back_files.html
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\136a8bd8034c58767248fd9fc2ad68acdd18e0e8
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\03a3284413e76ab9ef6155914780932b53a25664
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\026a91c419276cf4863cd88d801b264a6313a475
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\offlinecache\how_to_back_files.html
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\startupcache\how_to_back_files.html
  • %TEMP%\opera installer\how_to_back_files.html
  • %TEMP%\how_to_back_files.html
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\cache2\entries\how_to_back_files.html
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\startupcache\how_to_back_files.html
  • %LOCALAPPDATA%\how_to_back_files.html
  • %LOCALAPPDATA%low\oracle\java\au\how_to_back_files.html
  • %LOCALAPPDATA%low\sun\java\deployment\how_to_back_files.html
  • %LOCALAPPDATA%low\sun\java\jre1.8.0_45_x64\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\crash reports\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\security_state\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\idb\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\how_to_back_files.html
  • %APPDATA%\mozilla\firefox\how_to_back_files.html
  • %ALLUSERSPROFILE%\package cache\{6cd9e9ed-906d-4196-8dc3-f987d2f6615f}v14.29.30133\packages\vcruntimeminimum_amd64\how_to_back_files.html
Moves the following files
  • from %APPDATA%\thunderbird\installs.ini to %APPDATA%\thunderbird\installs.ini.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165536.log to %TEMP%\dd_vcredist_x86_20220928165536.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165536_0_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928165536_0_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165536_1_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928165536_1_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165710.log to %TEMP%\dd_vcredist_x86_20220928165710.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165710_0_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928165710_0_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165710_1_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928165710_1_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165916.log to %TEMP%\dd_vcredist_x86_20220928165916.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165916_000_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928165916_000_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928165916_001_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928165916_001_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170143.log to %TEMP%\dd_vcredist_x86_20220928170143.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170143_001_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928170143_001_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170143_002_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928170143_002_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170221.log to %TEMP%\dd_vcredist_x86_20220928170221.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170335.log to %TEMP%\dd_vcredist_x86_20220928170335.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170335_001_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20220928170335_001_vcruntimeminimum_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170335_002_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20220928170335_002_vcruntimeadditional_x86.log.suffering
  • from %TEMP%\dd_vcredist_x86_20220928170410.log to %TEMP%\dd_vcredist_x86_20220928170410.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170328.log to %TEMP%\dd_vcredist_amd64_20220928170328.log.suffering
  • from %TEMP%\javadeployreg.log to %TEMP%\javadeployreg.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170250_002_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928170250_002_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170250.log to %TEMP%\dd_vcredist_amd64_20220928170250.log.suffering
  • from %TEMP%\chrome_installer.log to %TEMP%\chrome_installer.log.suffering
  • from %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt to %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt.suffering
  • from %TEMP%\dd_vcredistmsi7a3c.txt to %TEMP%\dd_vcredistmsi7a3c.txt.suffering
  • from %TEMP%\dd_vcredistui7a3c.txt to %TEMP%\dd_vcredistui7a3c.txt.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165349.log to %TEMP%\dd_vcredist_amd64_20220928165349.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165349_0_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165349_0_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165349_1_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165349_1_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165628.log to %TEMP%\dd_vcredist_amd64_20220928165628.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165628_0_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165628_0_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165628_1_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165628_1_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165746.log to %TEMP%\dd_vcredist_amd64_20220928165746.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165746_000_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165746_000_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165746_001_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165746_001_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165956.log to %TEMP%\dd_vcredist_amd64_20220928165956.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165956_001_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928165956_001_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928165956_002_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20220928165956_002_vcruntimeadditional_x64.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170114.log to %TEMP%\dd_vcredist_amd64_20220928170114.log.suffering
  • from %TEMP%\dd_vcredist_amd64_20220928170250_001_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20220928170250_001_vcruntimeminimum_x64.log.suffering
  • from %TEMP%\jusched.log to %TEMP%\jusched.log.suffering
  • from %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_164850616-msi_vc_red.msi.txt to %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_164850616-msi_vc_red.msi.txt.suffering
  • from %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_165235616-msi_vc_red.msi.txt to %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_165235616-msi_vc_red.msi.txt.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\814c06500f01028c31a455285e090f30795a42b9 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\814c06500f01028c31a455285e090f30795a42b9.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8221a41daafa532836d3e8eded1aac94d3955d16 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8221a41daafa532836d3e8eded1aac94d3955d16.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8bef30daf9e2434eed4b7575bcd80c38a5a19d6a to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8bef30daf9e2434eed4b7575bcd80c38a5a19d6a.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8eea81d3add1db638dd9873efefe50f2c1801c76 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\8eea81d3add1db638dd9873efefe50f2c1801c76.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\975e46e7351b1ee87766961010b1ce54a7e4c8f4 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\975e46e7351b1ee87766961010b1ce54a7e4c8f4.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9bcb0efbbfb5cb5c4bae2f361169e07b5604f4d8 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9bcb0efbbfb5cb5c4bae2f361169e07b5604f4d8.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9fad54a82fe60014d7bb27e2d093f77fcd0c58e7 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\9fad54a82fe60014d7bb27e2d093f77fcd0c58e7.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f84b6a34b56cec15c1942664ffab6b65e0d2588f to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f84b6a34b56cec15c1942664ffab6b65e0d2588f.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a2917ec14a390ebf8c127f40bed1c8139e236dad to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a2917ec14a390ebf8c127f40bed1c8139e236dad.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d02765262ff82856f6b6d6bfe3a3c0adfde1f378 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d02765262ff82856f6b6d6bfe3a3c0adfde1f378.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d54da76e598693fed6a7f29197ea9cfafc48c386 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\d54da76e598693fed6a7f29197ea9cfafc48c386.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\db022c3d5e65699f640d8dea20ee25904d318c2e to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\db022c3d5e65699f640d8dea20ee25904d318c2e.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ea96e609b604de6e32802827736e4e3fbf8968e1 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ea96e609b604de6e32802827736e4e3fbf8968e1.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f051a454b8c8a0ade5399bf26a2e4769d2f2e26e to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f051a454b8c8a0ade5399bf26a2e4769d2f2e26e.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f17b756097ea7730cd30b737575e8e035771440d to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f17b756097ea7730cd30b737575e8e035771440d.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f55a60e9f1f8dd35b32ea0a75c5d3cf3134eadee to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\f55a60e9f1f8dd35b32ea0a75c5d3cf3134eadee.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\74faa831a5ad1348de267780d4c0c2f10cbbec39 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\74faa831a5ad1348de267780d4c0c2f10cbbec39.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\7589846a4928998b49801c20a83de33e66e13f8f to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\7589846a4928998b49801c20a83de33e66e13f8f.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\748a6d21cae584312dd1c1370afea70b0f7dda50 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\748a6d21cae584312dd1c1370afea70b0f7dda50.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\6bcfeb3762e112d2542e34a8f05f88a9e4e3fb85 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\6bcfeb3762e112d2542e34a8f05f88a9e4e3fb85.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5dc222a516928643f8ed46f83a0a0e72c9bcc556 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5dc222a516928643f8ed46f83a0a0e72c9bcc556.suffering
  • from %TEMP%\ose00000.exe to %TEMP%\ose00000.exe.suffering
  • from %TEMP%\setupexe(20220928171621f0c).log to %TEMP%\setupexe(20220928171621f0c).log.suffering
  • from %TEMP%\tmpaddon to %TEMP%\tmpaddon.suffering
  • from %TEMP%\wmsetup.log to %TEMP%\wmsetup.log.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\026a91c419276cf4863cd88d801b264a6313a475 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\026a91c419276cf4863cd88d801b264a6313a475.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\03a3284413e76ab9ef6155914780932b53a25664 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\03a3284413e76ab9ef6155914780932b53a25664.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\136a8bd8034c58767248fd9fc2ad68acdd18e0e8 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\136a8bd8034c58767248fd9fc2ad68acdd18e0e8.suffering
  • from %TEMP%\adobesfx.log to %TEMP%\adobesfx.log.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\3abe6035282cf9d17dcb0d733614aca8c2c8cf59 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\3abe6035282cf9d17dcb0d733614aca8c2c8cf59.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\2895d329d9cde4eec4507c923e0791bb67db775c to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\2895d329d9cde4eec4507c923e0791bb67db775c.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\428ce5f79975b5b9386d888b4ccf43c454026772 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\428ce5f79975b5b9386d888b4ccf43c454026772.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\42c578c60b0903411b144f4fe8f0ac15970ba12d to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\42c578c60b0903411b144f4fe8f0ac15970ba12d.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\479a9c134706bbbd248f73fc995af3aa265cfc1c to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\479a9c134706bbbd248f73fc995af3aa265cfc1c.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\4b90ddaeeeea60534fa3d5f56046728fba5f4989 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\4b90ddaeeeea60534fa3d5f56046728fba5f4989.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\54dc5dc926acfd0f0401949db5cbca5383cb6b77 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\54dc5dc926acfd0f0401949db5cbca5383cb6b77.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\555a30c7d621272ee74028365657a74c84f34f1a to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\555a30c7d621272ee74028365657a74c84f34f1a.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5900ec362904c1176f9e26c94e22abd34b7ac911 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\5900ec362904c1176f9e26c94e22abd34b7ac911.suffering
  • from %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20220928_165304913-msi_vc_red.msi.txt to %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20220928_165304913-msi_vc_red.msi.txt.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\406421ee1ea3752de381837216a1d0ef0c69fdc3 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\406421ee1ea3752de381837216a1d0ef0c69fdc3.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a83086528d2c610b97ace39364df9611a9cd75c1 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\a83086528d2c610b97ace39364df9611a9cd75c1.suffering
  • from %APPDATA%\mozilla\firefox\crash reports\installtime20200708170202 to %APPDATA%\mozilla\firefox\crash reports\installtime20200708170202.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.lib to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.lib.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\sessioncheckpoints.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\sessioncheckpoints.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\times.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\times.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\webappsstore.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\webappsstore.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\xulstore.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\xulstore.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\a6077284-6dcc-4781-9fb7-7f9d7b5132bf to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\a6077284-6dcc-4781-9fb7-7f9d7b5132bf.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\d092fa80-6cc0-49cc-9da4-f67b3d6cdc55 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\d092fa80-6cc0-49cc-9da4-f67b3d6cdc55.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\e60182f3-3480-48d0-bc12-b3b897042a6b to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\e60182f3-3480-48d0-bc12-b3b897042a6b.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\session-state.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\session-state.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\state.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\state.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411763506.e60182f3-3480-48d0-bc12-b3b897042a6b.new-profile.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411763506.e60182f3-3480-48d0-bc12-b3b897042a6b.new-profile.jsonlz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764034.d092fa80-6cc0-49cc-9da4-f67b3d6cdc55.main.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764034.d092fa80-6cc0-49cc-9da4-f67b3d6cdc55.main.jsonlz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764036.a6077284-6dcc-4781-9fb7-7f9d7b5132bf.first-shutdown.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764036.a6077284-6dcc-4781-9fb7-7f9d7b5132bf.first-shutdown.jsonlz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\store.json.mozlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\store.json.mozlz4.suffering
  • from %APPDATA%\thunderbird\profiles\49zr3fqa.default\times.json to %APPDATA%\thunderbird\profiles\49zr3fqa.default\times.json.suffering
  • from %APPDATA%\thunderbird\crash reports\installtime20210406220621 to %APPDATA%\thunderbird\crash reports\installtime20210406220621.suffering
  • from %APPDATA%\telegram desktop\telegram.exe to %APPDATA%\telegram desktop\telegram.exe.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\search.json.mozlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\search.json.mozlz4.suffering
  • from %APPDATA%\telegram desktop\unins000.exe to %APPDATA%\telegram desktop\unins000.exe.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\prefs.js to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\prefs.js.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\pkcs11.txt to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\pkcs11.txt.suffering
  • from %APPDATA%\thunderbird\profiles.ini to %APPDATA%\thunderbird\profiles.ini.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\abook.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\abook.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addons.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addons.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addonstartup.json.lz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addonstartup.json.lz4.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\blist.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\blist.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\compatibility.ini to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\compatibility.ini.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\cookies.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\cookies.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\directorytree.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\directorytree.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\enigmail.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\enigmail.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extension-preferences.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extension-preferences.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extensions.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extensions.json.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\favicons.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\favicons.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\formhistory.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\formhistory.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\global-messages-db.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\global-messages-db.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\history.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\history.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\openpgp.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\openpgp.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\permissions.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\permissions.sqlite.suffering
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\places.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\places.sqlite.suffering
  • from %APPDATA%\telegram desktop\updater.exe to %APPDATA%\telegram desktop\updater.exe.suffering
  • from %APPDATA%\mozilla\firefox\installs.ini to %APPDATA%\mozilla\firefox\installs.ini.suffering
  • from %APPDATA%\mozilla\firefox\profiles.ini to %APPDATA%\mozilla\firefox\profiles.ini.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\security_state\data.safe.bin to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\security_state\data.safe.bin.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\bef7f9cf-b0b1-42d8-a037-8d586d4d1e42 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\bef7f9cf-b0b1-42d8-a037-8d586d4d1e42.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\dc5a4164-f290-4a08-a5ec-0fe7810acbc6 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\dc5a4164-f290-4a08-a5ec-0fe7810acbc6.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\f9af9616-8535-4ace-8050-4454f33ad475 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\f9af9616-8535-4ace-8050-4454f33ad475.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\fbcd22a2-e53a-4131-9ef1-1935f505d9ca to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\fbcd22a2-e53a-4131-9ef1-1935f505d9ca.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\license.txt to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\license.txt.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\manifest.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\manifest.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\store.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\store.json.mozlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.sig to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.sig.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\session-state.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\session-state.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\state.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\state.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759331.f9af9616-8535-4ace-8050-4454f33ad475.new-profile.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759331.f9af9616-8535-4ace-8050-4454f33ad475.new-profile.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759476.fbcd22a2-e53a-4131-9ef1-1935f505d9ca.event.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759476.fbcd22a2-e53a-4131-9ef1-1935f505d9ca.event.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759547.bef7f9cf-b0b1-42d8-a037-8d586d4d1e42.main.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759547.bef7f9cf-b0b1-42d8-a037-8d586d4d1e42.main.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759551.dc5a4164-f290-4a08-a5ec-0fe7810acbc6.first-shutdown.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759551.dc5a4164-f290-4a08-a5ec-0fe7810acbc6.first-shutdown.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\recovery.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\recovery.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\upgrade.jsonlz4-20200708170202 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\upgrade.jsonlz4-20200708170202.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\previous.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\previous.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\idb\3647222921wleabceoxlt-eengsairo.sql... to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\idb\3647222921wleabceoxlt-eengsairo.sql...
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\.metadata-v2 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\default\moz-extension+++db487e04-ae57-4773-9556-37dac4cedf3c^usercontextid=4294967295\.metadata-v2.suffering
  • from %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\user.js to %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\user.js.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addons.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addons.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addonstartup.json.lz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addonstartup.json.lz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\broadcast-listeners.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\broadcast-listeners.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\compatibility.ini to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\compatibility.ini.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\containers.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\containers.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extension-preferences.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extension-preferences.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\bookmarks-2023-04-28_11_3a7quggif+d7xxwa176j2q==.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\bookmarks-2023-04-28_11_3a7quggif+d7xxwa176j2q==.jsonlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\handlers.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\handlers.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\prefs.js to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\prefs.js.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\search.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\search.json.mozlz4.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessioncheckpoints.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessioncheckpoints.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\shield-preference-experiments.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\shield-preference-experiments.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sitesecurityservicestate.txt to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sitesecurityservicestate.txt.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\times.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\times.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\user.js to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\user.js.suffering
  • from %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\times.json to %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\times.json.suffering
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\pkcs11.txt to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\pkcs11.txt.suffering
  • from %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ff9cb2bce37ded64cf411113359886d2315b4912 to %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\ff9cb2bce37ded64cf411113359886d2315b4912.suffering
Modifies the following files
  • D:\install.log
  • <Drive name for removable media>:\contoso.cer
  • %HOMEPATH%\favorites\desktop.ini
  • <Drive name for removable media>:\sdkfailsafeemulator.cer
  • %HOMEPATH%\links\recentplaces.lnk
  • <Drive name for removable media>:\contosoroot.cer
  • %HOMEPATH%\links\downloads.lnk
  • <Drive name for removable media>:\contoso_1.cer
  • %HOMEPATH%\links\desktop.lnk
  • <Drive name for removable media>:\dialmap.bmp
  • %HOMEPATH%\links\desktop.ini
  • <Drive name for removable media>:\dial.bmp
  • %HOMEPATH%\music\desktop.ini
  • <Drive name for removable media>:\toolbar.bmp
  • %HOMEPATH%\pictures\desktop.ini
  • <Drive name for removable media>:\dashborder_96.bmp
  • %HOMEPATH%\saved games\desktop.ini
  • <Drive name for removable media>:\dashborder_192.bmp
  • %HOMEPATH%\searches\indexed locations.search-ms
  • %HOMEPATH%\searches\everywhere.search-ms
  • <Drive name for removable media>:\archer.avi
  • %HOMEPATH%\searches\desktop.ini
  • <Drive name for removable media>:\split.avi
  • %HOMEPATH%\videos\desktop.ini
  • <Drive name for removable media>:\correct.avi
  • D:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\desktop.ini
  • <Drive name for removable media>:\000814251_video_01.avi
  • C:\users\desktop.ini
  • %HOMEPATH%\favorites\windows live\get windows live.url
  • %HOMEPATH%\favorites\windows live\windows live gallery.url
Modifies multiple files.
Substitutes the following files
  • %ALLUSERSPROFILE%\Microsoft\Search\Data\Applications\Windows\MSS.log
  • %ALLUSERSPROFILE%\microsoft\search\data\applications\windows\msstmp.log
Modifies user data files (Trojan.Encoder).
Changes user data files extensions (Trojan.Encoder).
Network activity
TCP
Other
  • '35.##1.9.150':443
Miscellaneous
Executes the following
  • '<SYSTEM32>\searchprotocolhost.exe' Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "%...
  • '<SYSTEM32>\searchfilterhost.exe' 0 508 512 520 65536 516

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play
Wechat