Trojan.Crossrider.17908

Technical Information

To ensure autorun and distribution:

Creates or modifies the following files:

%WINDIR%\Tasks\globalUpdateUpdateTaskMachineUA.job
%WINDIR%\Tasks\globalUpdateUpdateTaskMachineCore.job
%WINDIR%\Tasks\bb64c212-90f5-4d7e-87f7-ee5b0ade62fe-4.job

Creates the following services:

[<HKLM>\SYSTEM\ControlSet001\Services\globalUpdate] 'Start' = '00000002'

Malicious functions:

Creates and executes the following:

'%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regsvc
'%PROGRAM_FILES%\Object Browser\Object Browser-codedownloader.exe' /WZscsBwa /dyqGeJy='Object Browser' /hhBQjVc=32850 /JGSkT='000046' /YTHbNkmX='0' /ciHdRpSZ='0' /rluRGxYUp=FC89DB910285496CBB76817902B29E86IE /WJOPj=6442f89589a669feb316e88dffd8a2a4 /WMSqXF=1_34_05_12 /iFUNYeEm=1.34.5.12 /CRFsAs=1408750692 /xqzkUn=http://st###.###entstatsservice.com /ZYlkDu=http://er####.##ientstatsservice.com /PxGcIm=http://js.#####tstatsservice.com /aZJRhuSIm=ie /mZOxglpw /rgtdh=installer /mxrJU='%TEMP%\Object BrowserInstaller_1408750692.log' /GqLQuN='file://%TEMP%\nsj6.tmp\extensionData'
'%PROGRAM_FILES%\Object Browser\bb64c212-90f5-4d7e-87f7-ee5b0ade62fe-4.exe' /amFDNXTmz /dyqGeJy='Object Browser' /eZMYoBF='%PROGRAM_FILES%\Object Browser\32850.xpi' /hhBQjVc=32850 /JGSkT='000046' /YTHbNkmX='0' /ciHdRpSZ='0' /rluRGxYUp=FC89DB910285496CBB76817902B29E86IE /WJOPj=6442f89589a669feb316e88dffd8a2a4 /WMSqXF=1_34_05_12 /iFUNYeEm=1.34.5.12 /CRFsAs=1408750692 /xqzkUn=http://st###.###entstatsservice.com /ZYlkDu=http://er####.##ientstatsservice.com /uymDivZza=300 /DPUmaDDE=9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com /cdQXKzy=0.94 /LkgeR=a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850 /bZxxYEH=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/32850.rdf /RPOkTQZmQ='Object Browser' /LZvLlByLh='Browser enhancer' /ZKcdlNo='Object Browser' /aZJRhuSIm=ie /JDAXzHtY='{"asw":[0, 0]}' /mZOxglpw /FizjPHPN /XTYdtoBoe /LWpHklfn='http://up####.##ientstatsservice.com/ff_agent_updates/{CAMP_ID}/update.json' /hUQSxv /rgtdh='installer' /mxrJU='%TEMP%\Object BrowserInstaller_1408750692.log'
'%TEMP%\nsw3.tmp\Ecixv.exe'
'%TEMP%\comh.243805\GoogleUpdate.exe' /silent /install "appguid={a411beaa-c1b6-41c1-96de-301c4c62f5ad}&appname=0226a064-ac30-42a2-b7ae-80b114ef2930&needsadmin=True&lang=en"

Executes the following:

'<SYSTEM32>\msiexec.exe' /V

Terminates or attempts to terminate

the following user processes:

opera.exe
firefox.exe
iexplore.exe

Modifies file system :

Creates the following files:

%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\icon24.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\skin.css
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\button5.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\icon16.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\button1.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\button3.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\button2.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\c0c3ddd31dea4f034d6263f009023041.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\3c542fa0ed907fa9f6d0505464e451a9.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\6e945d7a2a92ff48a1897d19ed72cee5.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\update.css
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\popup.html
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\icon48.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\panelarrow-up.png
%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psmachine.dll
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psuser.dll
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\button4.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\crossrider_statusbar.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\icon128.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll
%TEMP%\CabB.tmp
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\dd1a3bf6d3545ee7f897b1d71c037d67.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\3fddcadd983f2f9a36254bf705377a3a.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\5919a7544a9f740410e1675ff21a42bb.js
%APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\2bbc9035a572e1f6f0d5e9ae7b753557.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\9e708a0691f3579436bf98bdcf16fdec.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\17eb4d3c5412a2b32b961391cf109a59.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\58fe86c260276e0f2004e96ca6401b58.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\60037ed0cfef9d07d6a1ee2fe36a18d2.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\13e56b85b20773df5ddea136878150e1.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\a7bc4118c61f9f25ad63e25e231b28e4.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\af272831902b9ec88e6d5bceedfb68f2.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\dd72317bf1ce75825c4ee1a43a937f9d.js
%APPDATA%\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\82c285f6e78c0a71f282dddcb26d1467.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\5a280afe76ece7c89f9cb3c0fe0811ac.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\39107a678f1d547e5c15c8fd8a281fc8.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\0458071440582e4a40c9c33cd01a9460.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\08d1b5364b83c9ed708c1ed9d0bd276e.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\9aa549d6b188a61b70fb5d79d852476a.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\b75e82bd0e51e05e31ebe54df5cd54e6.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\8970087626683069eccfd32a9e6ef560.js
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\5fdb427f5dfc205cc25b93c394a4950c.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\d1d766587029a8cbe8ddb5283b323c38.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\bf01ae2be5195444c1f785c3d5644539.js
%TEMP%\Cab9.tmp
%PROGRAM_FILES%\Object Browser\Object Browser-codedownloader.exe
%TEMP%\nsj6.tmp\extensionData\plugins\42.js
%TEMP%\nsj6.tmp\extensionData\plugins\41.js
%TEMP%\nsj6.tmp\extensionData\plugins\40.js
%TEMP%\nsj6.tmp\extensionData\plugins\45.js
%TEMP%\nsj6.tmp\extensionData\plugins\44.js
%TEMP%\nsj6.tmp\extensionData\plugins\43.js
%TEMP%\nsj6.tmp\extensionData\plugins\4.js
%TEMP%\nsj6.tmp\extensionData\plugins\36.js
%TEMP%\nsj6.tmp\extensionData\plugins\35.js
%TEMP%\nsj6.tmp\extensionData\plugins\3.js
%TEMP%\nsj6.tmp\extensionData\plugins\39.js
%TEMP%\nsj6.tmp\extensionData\plugins\38.js
%TEMP%\nsj6.tmp\extensionData\plugins\37.js
%TEMP%\nsj6.tmp\extensionData\plugins\46.js
%TEMP%\nsj6.tmp\extensionData\userCode\background.js
%TEMP%\nsj6.tmp\extensionData\plugins\94.js
%TEMP%\nsj6.tmp\extensionData\plugins\93.js
%WINDIR%\Installer\MSID.tmp
%WINDIR%\Installer\35749.msi
%TEMP%\nsj6.tmp\extensionData\userCode\extension.js
%TEMP%\nsj6.tmp\extensionData\plugins\91.js
%TEMP%\nsj6.tmp\extensionData\plugins\7.js
%TEMP%\nsj6.tmp\extensionData\plugins\64.js
%TEMP%\nsj6.tmp\extensionData\plugins\47.js
%TEMP%\nsj6.tmp\extensionData\plugins\9.js
%TEMP%\nsj6.tmp\extensionData\plugins\78.js
%TEMP%\nsj6.tmp\extensionData\plugins\72.js
%TEMP%\nsj6.tmp\extensionData\plugins\177.js
%TEMP%\nsj6.tmp\extensionData\plugins\17.js
%TEMP%\nsj6.tmp\extensionData\plugins\14.js
%TEMP%\nsj6.tmp\extensionData\plugins\183.js
%TEMP%\nsj6.tmp\extensionData\plugins\182.js
%TEMP%\nsj6.tmp\extensionData\plugins\180.js
%TEMP%\nsj6.tmp\extensionData\plugins\13.js
%TEMP%\nsj6.tmp\extensionData\plugins\1.js
%TEMP%\nsj6.tmp\extensionData\plugins.json
%TEMP%\nsj6.tmp\extensionData\manifest.xml
%TEMP%\nsj6.tmp\extensionData\plugins\123.js
%TEMP%\nsj6.tmp\extensionData\plugins\104.js
%TEMP%\nsj6.tmp\extensionData\plugins\102.js
%TEMP%\nsj6.tmp\extensionData\plugins\184.js
%TEMP%\nsj6.tmp\extensionData\plugins\244.js
%TEMP%\nsj6.tmp\extensionData\plugins\242.js
%TEMP%\nsj6.tmp\extensionData\plugins\223.js
%TEMP%\nsj6.tmp\extensionData\plugins\28.js
%TEMP%\nsj6.tmp\extensionData\plugins\260.js
%TEMP%\nsj6.tmp\extensionData\plugins\246.js
%TEMP%\nsj6.tmp\extensionData\plugins\22.js
%TEMP%\nsj6.tmp\extensionData\plugins\207.js
%TEMP%\nsj6.tmp\extensionData\plugins\2.js
%TEMP%\nsj6.tmp\extensionData\plugins\191.js
%TEMP%\nsj6.tmp\extensionData\plugins\217.js
%TEMP%\nsj6.tmp\extensionData\plugins\211.js
%TEMP%\nsj6.tmp\extensionData\plugins\21.js
%APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
%TEMP%\nsj6.tmp\ExecDos.dll
%PROGRAM_FILES%\Object Browser\bb64c212-90f5-4d7e-87f7-ee5b0ade62fe-4.exe
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\locale\en-US\translations.dtd
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\install.rdf
%APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdate.dll
%TEMP%\comh.243805\psmachine.dll
%TEMP%\comh.243805\npGoogleUpdate4.dll
%TEMP%\comh.243805\goopdateres_en.dll
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe
%PROGRAM_FILES%\Object Browser\32850.xpi
%TEMP%\comh.243805\psuser.dll
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\defaults\preferences\prefs.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\211.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\28.js
%TEMP%\Cab7.tmp
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\93.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\244.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\123.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\180.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\manifest.xml
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins.json
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome.manifest
%APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
%APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\183.js
%TEMP%\nsj6.tmp\InstallerUtils.dll
%TEMP%\nsj6.tmp\System.dll
%TEMP%\nsj6.tmp\StdUtils.dll
%TEMP%\nsj6.tmp\md5dll.dll
%TEMP%\nsj6.tmp\nsisos.dll
%TEMP%\nsj6.tmp\InstallerUtils2.dll
%TEMP%\nsi5.tmp
%TEMP%\nsw3.tmp\Bmpdzenp.tmp
%TEMP%\nsw3.tmp\System.dll
%TEMP%\nsw2.tmp
%TEMP%\nsw3.tmp\StdUtils.dll
%TEMP%\nsw3.tmp\Ecixv.exe
%TEMP%\nsw3.tmp\WrapperUtils.dll
%TEMP%\nsj6.tmp\UserInfo.dll
%TEMP%\comh.243805\GoogleUpdateBroker.exe
%TEMP%\comh.243805\GoogleUpdate.exe
%TEMP%\comh.243805\GoogleCrashHandler.exe
%TEMP%\comh.243805\goopdate.dll
%TEMP%\comh.243805\GoogleUpdateOnDemand.exe
%TEMP%\comh.243805\GoogleUpdateHelper.msi
%PROGRAM_FILES%\Object Browser\Uninstall.exe
%TEMP%\nsj6.tmp\update.json
%TEMP%\nsj6.tmp\inetc.dll
%TEMP%\nsj6.tmp\203270
%TEMP%\nsj6.tmp\394018
%PROGRAM_FILES%\Object Browser\utils.exe
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\16.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\cf31754b6a7c88b77319cc86d20e70ab.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\ffCoreFilesIndex.txt
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\background.html
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\browser.xul
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\options.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\search_dialog.xul
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\dialog.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\userCode\extension.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\207.js
%APPDATA%\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\da67ee1fa08dadf6bbee3eb73aacffbe.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\options.xul
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\userCode\background.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\0b214706602fbb1efcc87607da7585e0.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\38f01b8de35efd0daf1c58151e715dd6.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\8d018f67928ebe62c94d788906c4b54f.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\8f9271c792581094c3fc8fe8de4ba7b0.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\dc2f2dfe5c20a99ea101de579033ea63.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\installer.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\006818d1eb4833aab53b69140253106d.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\1b759bce6454e9b7f551c2bad79a4931.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\bb4a56817e947a11d48bab43994381b4.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\8400bf37a6a132a76d0b63e23b6b1cfa.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\6fa076d2474b153ab681136179a1aed2.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\e76e510009ac309297d1899d47a6fa33.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\730ca65ba2927fcb4e85c5df86e77d23.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\5e2a1cd5f8cf5df1ef2136656fc99987.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\104.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\217.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\9.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\260.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\177.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\14.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\182.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\4.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\242.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\91.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\1.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\7.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\21.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\22.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\47.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\17.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\78.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\98.js
%APPDATA%\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\13.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\102.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\223.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\64.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\246.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\184.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\72.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\191.js

Deletes the following files:

%TEMP%\CabB.tmp
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
%TEMP%\Cab9.tmp
%TEMP%\nsj6.tmp\203270
%TEMP%\Cab7.tmp

Network activity:

Connects to:

'www.download.windowsupdate.com':80
'cr#.#hawte.com':80
'ts####.ws.symantec.com':80
'lo##.###entstatsservice.com':80
'up####.##ientstatsservice.com':80
'er####.##ientstatsservice.com':80
'st###.###entstatsservice.com':80

TCP:

HTTP GET requests:

www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
ts####.ws.symantec.com/tss-ca-g2.crl
cr#.#hawte.com/ThawteTimestampingCA.crl
er####.##ientstatsservice.com/installer-error.gif?ac##################################################################################################################################################################################################################################################################################################################################################################
up####.##ientstatsservice.com/installer_updates/000046/update.json
lo##.###entstatsservice.com/monetization.gif?ev########################################################################################################################################################################################################################################################################################################################################################
st###.###entstatsservice.com/installer.gif?ac########################################################################################################################################################################################################################################################################################################################################################################################

UDP:

DNS ASK www.download.windowsupdate.com
DNS ASK cr#.#hawte.com
DNS ASK ts####.ws.symantec.com
DNS ASK lo##.###entstatsservice.com
DNS ASK up####.##ientstatsservice.com
DNS ASK er####.##ientstatsservice.com
DNS ASK st###.###entstatsservice.com

Miscellaneous:

Searches for the following windows:

ClassName: 'Shell_TrayWnd' WindowName: ''

技术

术语

教育培训

误区

Technical Information

Curing recommendations

Free trial