ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

BY

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.Encoder.43569

Добавлен в вирусную базу Dr.Web: 2025-11-01

Описание добавлено:

Technical Information

To ensure autorun and distribution
Creates the following files on removable media
  • <Drive name for removable media>:\trivial-merge.htm
  • <Drive name for removable media>:\trivial-merge.html
  • <Drive name for removable media>:\dashborder_120.bmp
  • <Drive name for removable media>:\adhd_and_obesity.docx
  • <Drive name for removable media>:\contosoroot_1.cer
  • <Drive name for removable media>:\sdszfo.docx
  • <Drive name for removable media>:\file_p_00000000_1371597592.docx
  • <Drive name for removable media>:\tree_view.htm
  • <Drive name for removable media>:\archer.avi
  • <Drive name for removable media>:\browse.htm
  • <Drive name for removable media>:\holycrosschurchinstructions.docx
  • <Drive name for removable media>:\ituneshelpunavailable.htm
  • <Drive name for removable media>:\lisp_success.doc
  • <Drive name for removable media>:\4f0bf7ff71f28.jpg
  • <Drive name for removable media>:\d0068197bb5a41fea16a220c45390606.mp4
  • <Drive name for removable media>:\video_1.mp4
  • <Drive name for removable media>:\iisstart.htm
  • <Drive name for removable media>:\contoso.cer
  • <Drive name for removable media>:\2015-02-patients-topic-work-related-asthma-jobs.pdf
  • <Drive name for removable media>:\join.avi
  • <Drive name for removable media>:\dialmap.bmp
  • <Drive name for removable media>:\sdkfailsafeemulator.cer
  • <Drive name for removable media>:\000814251_video_01.avi
  • <Drive name for removable media>:\2.jpg
  • <Drive name for removable media>:\parnas_01.jpeg
  • <Drive name for removable media>:\howto-index.html
  • <Drive name for removable media>:\168.jpeg
  • <Drive name for removable media>:\210252809.jpg
  • <Drive name for removable media>:\region-north-karelia.jpeg
  • <Drive name for removable media>:\hanni_umami_chapter.doc
  • <Drive name for removable media>:\applicantform_en.doc
  • <Drive name for removable media>:\tree_view.html
  • <Drive name for removable media>:\etc6_m_1.mov
  • <Drive name for removable media>:\10thingscondoms.pdf
  • <Drive name for removable media>:\nwfieldnotes1966.docx
  • <Drive name for removable media>:\default.bmp
  • <Drive name for removable media>:\64bit_notes.htm
  • <Drive name for removable media>:\alert.html
  • <Drive name for removable media>:\dualectls.pdf
  • <Drive name for removable media>:\browse.html
  • <Drive name for removable media>:\fi51.doc
  • <Drive name for removable media>:\210252809.jpeg
  • <Drive name for removable media>:\advice_process.htm
  • <Drive name for removable media>:\ovp25012015.doc
  • <Drive name for removable media>:\pushkin.jpeg
  • <Drive name for removable media>:\ck_ugo.pem
  • <Drive name for removable media>:\irgeek.pem
  • <Drive name for removable media>:\breakpoint.png
  • <Drive name for removable media>:\investmentbankca_ca8.pem
  • <Drive name for removable media>:\dissolveanother.png
  • <Drive name for removable media>:\asm.png
  • <Drive name for removable media>:\cleanlyrics.png
  • <Drive name for removable media>:\myhrvoldhanssenbiharfamine.rtf
  • <Drive name for removable media>:\schema.rdf
  • <Drive name for removable media>:\13.jpeg
  • <Drive name for removable media>:\bg_search_box.png
  • <Drive name for removable media>:\sim_gametheory_to_finance.ppt
  • <Drive name for removable media>:\accountsreceivable.ppt
  • <Drive name for removable media>:\background.png
  • <Drive name for removable media>:\metac.ppt
  • <Drive name for removable media>:\block.png
  • <Drive name for removable media>:\calibre.png
  • <Drive name for removable media>:\digest.rdf
  • <Drive name for removable media>:\military_callsigns_0311.rtf
  • <Drive name for removable media>:\krsweden.rtf
  • <Drive name for removable media>:\sacs_presentation_sacs_qep_improving_rt_education_final.ppt
  • <Drive name for removable media>:\pubnet_855.rtf
  • <Drive name for removable media>:\phytoremediation.rtf
  • <Drive name for removable media>:\middaugh_keynote.pptx
  • <Drive name for removable media>:\productos.xls
  • <Drive name for removable media>:\static_electricity_easy_and_quick_activities.rtf
  • <Drive name for removable media>:\babyboymaintoscenesbackground.wmv
  • <Drive name for removable media>:\asaprojectcompetition.pptx
  • <Drive name for removable media>:\fiche_inscription_2015.zip
  • <Drive name for removable media>:\foaf.rdf
  • <Drive name for removable media>:\1189.jpg
  • <Drive name for removable media>:\trtf_matrix2012_oct.xlsx
  • <Drive name for removable media>:\ck.pem
  • <Drive name for removable media>:\guide_reorganization_mapping.xls
  • <Drive name for removable media>:\subjectclassification.zip
  • <Drive name for removable media>:\babyboymaintonotesbackground_pal.wmv
  • <Drive name for removable media>:\elvisimp.rdf
  • <Drive name for removable media>:\excel_example.zip
  • <Drive name for removable media>:\excel_example.xls
  • <Drive name for removable media>:\2.jpeg
  • <Drive name for removable media>:\gruenspecht_02172016.pptx
  • <Drive name for removable media>:\removedtitles_records.xls
  • <Drive name for removable media>:\testwmv.wmv
  • <Drive name for removable media>:\babyboymaintoscenesbackground_pal.wmv
  • <Drive name for removable media>:\sioc.rdf
  • <Drive name for removable media>:\pandp.rtf
  • <Drive name for removable media>:\system volume information\wpsettings.dat
  • <Drive name for removable media>:\stoc13_ml_quoc_le.pptx
  • <Drive name for removable media>:\indogerman2010.pptx
  • <Drive name for removable media>:\1sm_price.zip
  • <Drive name for removable media>:\productos.zip
  • <Drive name for removable media>:\contractualdeadlines.zip
  • <Drive name for removable media>:\national_autism_preparation_programs.xlsx
  • <Drive name for removable media>:\passport_pal.wmv
  • <Drive name for removable media>:\removedtitles_records.zip
  • <Drive name for removable media>:\clip_1080_5sec_10mbps_h264.mp4
  • <Drive name for removable media>:\price.zip
  • <Drive name for removable media>:\ksearch_esa_talk.ppt
  • <Drive name for removable media>:\suspendedcompanies.xlsx
  • <Drive name for removable media>:\price030215.zip
  • <Drive name for removable media>:\fungalnameauthors.rtf
Malicious functions
Injects code into
the following system processes:
  • %WINDIR%\explorer.exe
the following user processes:
  • firefox.exe
Reads files which store third party applications passwords
  • %LOCALAPPDATA%\google\chrome\user data\default\cookies
  • %LOCALAPPDATA%\google\chrome\user data\default\login data
  • %LOCALAPPDATA%\google\chrome\user data\default\web data
  • %LOCALAPPDATA%\microsoft\edge\user data\default\login data
  • %LOCALAPPDATA%\microsoft\edge\user data\default\web data
  • %APPDATA%\mozilla\firefox\profiles.ini
  • %APPDATA%\opera software\opera stable\login data
  • %APPDATA%\thunderbird\profiles.ini
Modifies file system
Creates the following files
  • %TEMP%\windowscrashpadhandler.dll
  • %TEMP%\windowsmonitoring.dll
  • %HOMEPATH%\desktop\d95d883b-f91d-4ce5-a5c5-d08bb6a85dec.key.backup
  • %LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskaccessfiles_n8f'ro}vg@{g8gc8rf-7
  • %LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkksklync_corefiles_pwruq7^c^ap,f'm!t7ym
  • %LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskwordfiles_%qyb3i=kw_h[gnv'^a,_
  • %TEMP%\content\1064-3268-powershell.exe-23-22-27-749.dump
  • %TEMP%\content\1064-3268-powershell.exe-23-22-27-533.dump
  • %TEMP%\content\1064-3268-powershell.exe-23-22-27-834.dump
  • %TEMP%\content\1064-3268-powershell.exe-23-22-28-885.dump
  • %TEMP%\content\4272-3380-powershell.exe-23-22-20-800.dump
  • %TEMP%\content\4272-3380-powershell.exe-23-22-18-658.dump
  • %TEMP%\content\4272-3380-powershell.exe-23-22-19-310.dump
  • %TEMP%\content\1064-3268-powershell.exe-23-22-28-019.dump
  • %TEMP%\content\4272-3380-powershell.exe-23-22-19-415.dump
  • %TEMP%\content\4272-3380-powershell.exe-23-22-19-594.dump
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\prefs.js
Moves the following files
  • from %LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskaccessfiles_n8f'ro}vg@{g8gc8rf-7 to %LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskaccessfiles_n8f'ro}vg@{g8gc8rf-7.enc.lamialoader
  • from %LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkksklync_corefiles_pwruq7^c^ap,f'm!t7ym to %LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkksklync_corefiles_pwruq7^c^ap,f'm!t7ym.enc.lamialoader
  • from %LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskwordfiles_%qyb3i=kw_h[gnv'^a,_ to %LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskwordfiles_%qyb3i=kw_h[gnv'^a,_.enc.lamialoader
  • from %TEMP%\content\1064-3268-powershell.exe-23-22-27-533.dump to %TEMP%\content\1064-3268-powershell.exe-23-22-27-533.dump.enc.lamialoader
  • from %TEMP%\content\1064-3268-powershell.exe-23-22-27-749.dump to %TEMP%\content\1064-3268-powershell.exe-23-22-27-749.dump.enc.lamialoader
  • from %TEMP%\content\1064-3268-powershell.exe-23-22-27-834.dump to %TEMP%\content\1064-3268-powershell.exe-23-22-27-834.dump.enc.lamialoader
  • from %TEMP%\.ses to %TEMP%\.ses.enc.lamialoader
  • from %TEMP%\content\1064-3268-powershell.exe-23-22-28-885.dump to %TEMP%\content\1064-3268-powershell.exe-23-22-28-885.dump.enc.lamialoader
  • from %TEMP%\content\4272-3380-powershell.exe-23-22-18-658.dump to %TEMP%\content\4272-3380-powershell.exe-23-22-18-658.dump.enc.lamialoader
  • from %TEMP%\content\4272-3380-powershell.exe-23-22-19-310.dump to %TEMP%\content\4272-3380-powershell.exe-23-22-19-310.dump.enc.lamialoader
  • from %TEMP%\content\1064-3268-powershell.exe-23-22-28-019.dump to %TEMP%\content\1064-3268-powershell.exe-23-22-28-019.dump.enc.lamialoader
  • from %TEMP%\content\4272-3380-powershell.exe-23-22-20-800.dump to %TEMP%\content\4272-3380-powershell.exe-23-22-20-800.dump.enc.lamialoader
  • from %TEMP%\content\4272-3380-powershell.exe-23-22-19-415.dump to %TEMP%\content\4272-3380-powershell.exe-23-22-19-415.dump.enc.lamialoader
  • from %TEMP%\content\4272-3380-powershell.exe-23-22-19-594.dump to %TEMP%\content\4272-3380-powershell.exe-23-22-19-594.dump.enc.lamialoader
  • from %TEMP%\wallpaper.bmp to %TEMP%\wallpaper.bmp.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\gb.xsl to %APPDATA%\microsoft\bibliography\style\gb.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\gosttitle.xsl to %APPDATA%\microsoft\bibliography\style\gosttitle.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\internet explorer\quick launch\window switcher.lnk to %APPDATA%\microsoft\internet explorer\quick launch\window switcher.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\apasixtheditionofficeonline.xsl to %APPDATA%\microsoft\bibliography\style\apasixtheditionofficeonline.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\ieee2006officeonline.xsl to %APPDATA%\microsoft\bibliography\style\ieee2006officeonline.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\chicago.xsl to %APPDATA%\microsoft\bibliography\style\chicago.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\harvardanglia2008officeonline.xsl to %APPDATA%\microsoft\bibliography\style\harvardanglia2008officeonline.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\file explorer.lnk to %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\file explorer.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\crypto\keys\de7cf8a7901d2ad13e5c67c29e5d1662_8cf7b530-613e-439b-a8c5-ccfc0e745400 to %APPDATA%\microsoft\crypto\keys\de7cf8a7901d2ad13e5c67c29e5d1662_8cf7b530-613e-439b-a8c5-ccfc0e745400.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\mlaseventheditionofficeonline.xsl to %APPDATA%\microsoft\bibliography\style\mlaseventheditionofficeonline.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\turabian.xsl to %APPDATA%\microsoft\bibliography\style\turabian.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\crypto\rsa\s-1-5-21-4226853953-3309226944-3078887307-1000\f58155b4b1d5a524ca0261c3ee99fb50_8cf7b530-613e-439b-a8c5-ccfc0e745400 to %APPDATA%\microsoft\crypto\rsa\s-1-5-21-4226853953-3309226944-3078887307-1000\f58155b4b1d5a524ca0261c3ee99fb50_8cf7b530-613e-439b-a8c5-ccfc0e745400.enc.lamialoader
  • from %APPDATA%\microsoft\network\connections\pbk\_hiddenpbk\rasphone.pbk to %APPDATA%\microsoft\network\connections\pbk\_hiddenpbk\rasphone.pbk.enc.lamialoader
  • from %APPDATA%\microsoft\systemcertificates\my\appcontainerusercertread to %APPDATA%\microsoft\systemcertificates\my\appcontainerusercertread.enc.lamialoader
  • from %APPDATA%\microsoft\protect\s-1-5-21-4226853953-3309226944-3078887307-1000\preferred to %APPDATA%\microsoft\protect\s-1-5-21-4226853953-3309226944-3078887307-1000\preferred.enc.lamialoader
  • from %APPDATA%\microsoft\office\mso1033.acl to %APPDATA%\microsoft\office\mso1033.acl.enc.lamialoader
  • from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\microsoft edge.lnk to %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\microsoft edge.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\internet explorer\quick launch\shows desktop.lnk to %APPDATA%\microsoft\internet explorer\quick launch\shows desktop.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\gostname.xsl to %APPDATA%\microsoft\bibliography\style\gostname.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\sist02.xsl to %APPDATA%\microsoft\bibliography\style\sist02.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\protect\credhist to %APPDATA%\microsoft\protect\credhist.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\iso690.xsl to %APPDATA%\microsoft\bibliography\style\iso690.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\uproof\custom.dic to %APPDATA%\microsoft\uproof\custom.dic.enc.lamialoader
  • from %APPDATA%\microsoft\bibliography\style\iso690nmerical.xsl to %APPDATA%\microsoft\bibliography\style\iso690nmerical.xsl.enc.lamialoader
  • from %APPDATA%\microsoft\templates\normal.dotm to %APPDATA%\microsoft\templates\normal.dotm.enc.lamialoader
  • from %APPDATA%\microsoft\office\recent\templates.lnk to %APPDATA%\microsoft\office\recent\templates.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\protect\s-1-5-21-4226853953-3309226944-3078887307-1000\38ccf745-2ede-4301-8248-5a19e1f1901a to %APPDATA%\microsoft\protect\s-1-5-21-4226853953-3309226944-3078887307-1000\38ccf745-2ede-4301-8248-5a19e1f1901a.enc.lamialoader
  • from %APPDATA%\microsoft\windows\sendto\compressed (zipped) folder.zfsendtotarget to %APPDATA%\microsoft\windows\sendto\compressed (zipped) folder.zfsendtotarget.enc.lamialoader
  • from %APPDATA%\microsoft\windows\sendto\bluetooth file transfer.lnk to %APPDATA%\microsoft\windows\sendto\bluetooth file transfer.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\recent\automaticdestinations\f8f05350c84c9d76.automaticdestinations-ms to %APPDATA%\microsoft\windows\recent\automaticdestinations\f8f05350c84c9d76.automaticdestinations-ms.enc.lamialoader
  • from %APPDATA%\microsoft\windows\libraries\music.library-ms to %APPDATA%\microsoft\windows\libraries\music.library-ms.enc.lamialoader
  • from %APPDATA%\microsoft\protect\s-1-5-21-4226853953-3309226944-3078887307-1000\e799a09c-58e9-42fd-8b47-7fc6abbe3a1a to %APPDATA%\microsoft\protect\s-1-5-21-4226853953-3309226944-3078887307-1000\e799a09c-58e9-42fd-8b47-7fc6abbe3a1a.enc.lamialoader
  • from %APPDATA%\microsoft\windows\recent\automaticdestinations\5f7b5f1e01b83767.automaticdestinations-ms to %APPDATA%\microsoft\windows\recent\automaticdestinations\5f7b5f1e01b83767.automaticdestinations-ms.enc.lamialoader
  • from %APPDATA%\microsoft\windows\sendto\documents.mydocs to %APPDATA%\microsoft\windows\sendto\documents.mydocs.enc.lamialoader
  • from %APPDATA%\microsoft\windows\libraries\pictures.library-ms to %APPDATA%\microsoft\windows\libraries\pictures.library-ms.enc.lamialoader
  • from %APPDATA%\microsoft\windows\sendto\mail recipient.mapimail to %APPDATA%\microsoft\windows\sendto\mail recipient.mapimail.enc.lamialoader
  • from %APPDATA%\microsoft\windows\libraries\videos.library-ms to %APPDATA%\microsoft\windows\libraries\videos.library-ms.enc.lamialoader
  • from %APPDATA%\Microsoft\Templates\~$Normal.dotm to %APPDATA%\microsoft\templates\~$normal.dotm.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\system tools\run.lnk to %APPDATA%\microsoft\windows\start menu\programs\system tools\run.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\recent\automaticdestinations\6824f4a902c78fbd.automaticdestinations-ms to %APPDATA%\microsoft\windows\recent\automaticdestinations\6824f4a902c78fbd.automaticdestinations-ms.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\telegram desktop\telegram.lnk to %APPDATA%\microsoft\windows\start menu\programs\telegram desktop\telegram.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\onedrive.lnk to %APPDATA%\microsoft\windows\start menu\programs\onedrive.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\system tools\file explorer.lnk to %APPDATA%\microsoft\windows\start menu\programs\system tools\file explorer.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\system tools\administrative tools.lnk to %APPDATA%\microsoft\windows\start menu\programs\system tools\administrative tools.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\sendto\desktop (create shortcut).desklink to %APPDATA%\microsoft\windows\sendto\desktop (create shortcut).desklink.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\accessibility\on-screen keyboard.lnk to %APPDATA%\microsoft\windows\start menu\programs\accessibility\on-screen keyboard.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\system tools\command prompt.lnk to %APPDATA%\microsoft\windows\start menu\programs\system tools\command prompt.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\winrar\winrar help.lnk to %APPDATA%\microsoft\windows\start menu\programs\winrar\winrar help.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\windows powershell\windows powershell.lnk to %APPDATA%\microsoft\windows\start menu\programs\windows powershell\windows powershell.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\system tools\computer.lnk to %APPDATA%\microsoft\windows\start menu\programs\system tools\computer.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\libraries\cameraroll.library-ms to %APPDATA%\microsoft\windows\libraries\cameraroll.library-ms.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\windows powershell\windows powershell (x86).lnk to %APPDATA%\microsoft\windows\start menu\programs\windows powershell\windows powershell (x86).lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\system tools\control panel.lnk to %APPDATA%\microsoft\windows\start menu\programs\system tools\control panel.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\libraries\documents.library-ms to %APPDATA%\microsoft\windows\libraries\documents.library-ms.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\accessibility\narrator.lnk to %APPDATA%\microsoft\windows\start menu\programs\accessibility\narrator.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\telegram desktop\uninstall telegram.lnk to %APPDATA%\microsoft\windows\start menu\programs\telegram desktop\uninstall telegram.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\winrar\winrar.lnk to %APPDATA%\microsoft\windows\start menu\programs\winrar\winrar.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\accessories\internet explorer.lnk to %APPDATA%\microsoft\windows\start menu\programs\accessories\internet explorer.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\accessibility\magnify.lnk to %APPDATA%\microsoft\windows\start menu\programs\accessibility\magnify.lnk.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\crash reports\installtime20210823123856 to %APPDATA%\mozilla\firefox\crash reports\installtime20210823123856.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\winrar\console rar manual.lnk to %APPDATA%\microsoft\windows\start menu\programs\winrar\console rar manual.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\google chrome\google chrome.lnk to %APPDATA%\microsoft\windows\start menu\programs\google chrome\google chrome.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\windows\themes\cachedfiles\cachedimage_1152_864_pos2.jpg to %APPDATA%\microsoft\windows\themes\cachedfiles\cachedimage_1152_864_pos2.jpg.enc.lamialoader
  • from %APPDATA%\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms to %APPDATA%\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\broadcast-listeners.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\broadcast-listeners.json.enc.lamialoader
  • from %APPDATA%\microsoft\windows\sendto\fax recipient.lnk to %APPDATA%\microsoft\windows\sendto\fax recipient.lnk.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\compatibility.ini to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\compatibility.ini.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\addons.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\addons.json.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\addonstartup.json.lz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\addonstartup.json.lz4.enc.lamialoader
  • from %APPDATA%\microsoft\windows\start menu\programs\winrar\what is new in the latest version.lnk to %APPDATA%\microsoft\windows\start menu\programs\winrar\what is new in the latest version.lnk.enc.lamialoader
  • from %APPDATA%\Microsoft\Word\~WRA0003.wbk to %APPDATA%\microsoft\word\~wra0003.wbk.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\crashes\store.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\crashes\store.json.mozlz4.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\state.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\state.json.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\containers.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\containers.json.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\session-state.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\session-state.json.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\bookmarkbackups\bookmarks-2025-10-27_11_kx2i12ignwmokjfhtrtlyq==.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\bookmarkbackups\bookmarks-2025-10-27_11_kx2i12ignwmokjfhtrtlyq==.jsonlz4.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186237.f25f5a62-89ef-4fa6-bcd1-17fb20e245e0.event.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186237.f25f5a62-89ef-4fa6-bcd1-17fb20e245e0.event.jsonlz4.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sitesecurityservicestate.txt to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sitesecurityservicestate.txt.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\glean\db\data.safe.bin to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\glean\db\data.safe.bin.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\pkcs11.txt to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\pkcs11.txt.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\recovery.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\recovery.jsonlz4.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\handlers.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\handlers.json.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\bf64c134-4580-4cec-a821-b1c0a18188bf to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\bf64c134-4580-4cec-a821-b1c0a18188bf.enc.lamialoader
  • from %APPDATA%\microsoft\windows\themes\transcodedwallpaper to %APPDATA%\microsoft\windows\themes\transcodedwallpaper.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\installs.ini to %APPDATA%\mozilla\firefox\installs.ini.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\extension-preferences.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\extension-preferences.json.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186304.df151785-6317-4a9b-a34f-33db9e13ed66.first-shutdown.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186304.df151785-6317-4a9b-a34f-33db9e13ed66.first-shutdown.jsonlz4.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\extensions.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\extensions.json.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\times.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\times.json.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\607ca866-e4d6-4cd9-8292-f41050b95703 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\607ca866-e4d6-4cd9-8292-f41050b95703.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessioncheckpoints.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessioncheckpoints.json.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\formhistory.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\formhistory.sqlite.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\f25f5a62-89ef-4fa6-bcd1-17fb20e245e0 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\f25f5a62-89ef-4fa6-bcd1-17fb20e245e0.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\df151785-6317-4a9b-a34f-33db9e13ed66 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\df151785-6317-4a9b-a34f-33db9e13ed66.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\times.json to %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\times.json.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shield-preference-experiments.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shield-preference-experiments.json.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186300.bf64c134-4580-4cec-a821-b1c0a18188bf.main.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186300.bf64c134-4580-4cec-a821-b1c0a18188bf.main.jsonlz4.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186024.607ca866-e4d6-4cd9-8292-f41050b95703.new-profile.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186024.607ca866-e4d6-4cd9-8292-f41050b95703.new-profile.jsonlz4.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\upgrade.jsonlz4-20210823123856 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\upgrade.jsonlz4-20210823123856.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\search.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\search.json.mozlz4.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\recovery.baklz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\recovery.baklz4.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\default\moz-extension+++dbda0cde-7d0a-4e53-a3f9-27dc54886ff6^usercontextid=4294967295\idb\3647222921wleabceoxlt-eengsairo.sql... to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\default\moz-extension+++dbda0cde-7d0a-4e53-a3f9-27dc54886ff6^usercontextid=4294967295\idb\3647222921wleabceoxlt-eengsairo.sql...
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\user.js to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\user.js.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\1657114595amcateirvtisty.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\1657114595amcateirvtisty.sqlite.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\default\moz-extension+++dbda0cde-7d0a-4e53-a3f9-27dc54886ff6^usercontextid=4294967295\.metadata-v2 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\default\moz-extension+++dbda0cde-7d0a-4e53-a3f9-27dc54886ff6^usercontextid=4294967295\.metadata-v2.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\dictionaries\dictionaries.xml to %APPDATA%\opera software\opera stable\dictionaries\dictionaries.xml.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\extension state\log to %APPDATA%\opera software\opera stable\extension state\log.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\user.js to %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\user.js.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\local storage\chrome_startpage_0.localstorage-journal to %APPDATA%\opera software\opera stable\local storage\chrome_startpage_0.localstorage-journal.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\favicons-journal to %APPDATA%\opera software\opera stable\favicons-journal.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\extension state\current to %APPDATA%\opera software\opera stable\extension state\current.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\91bb.tmp to %APPDATA%\opera software\opera stable\91bb.tmp.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\bookmarks to %APPDATA%\opera software\opera stable\bookmarks.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\xulstore.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\xulstore.json.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\extension state\manifest-000001 to %APPDATA%\opera software\opera stable\extension state\manifest-000001.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\prefs.js to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\prefs.js.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\jump list icons\b42b.tmp to %APPDATA%\opera software\opera stable\jump list icons\b42b.tmp.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles.ini to %APPDATA%\mozilla\firefox\profiles.ini.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\history to %APPDATA%\opera software\opera stable\history.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\extension state\lock to %APPDATA%\opera software\opera stable\extension state\lock.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\jump list icons\b43f.tmp to %APPDATA%\opera software\opera stable\jump list icons\b43f.tmp.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\local state to %APPDATA%\opera software\opera stable\local state.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\favicons to %APPDATA%\opera software\opera stable\favicons.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\history-journal to %APPDATA%\opera software\opera stable\history-journal.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\jump list icons\b43e.tmp to %APPDATA%\opera software\opera stable\jump list icons\b43e.tmp.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\jump list icons\b42d.tmp to %APPDATA%\opera software\opera stable\jump list icons\b42d.tmp.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\jump list icons\b42c.tmp to %APPDATA%\opera software\opera stable\jump list icons\b42c.tmp.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\local storage\chrome_startpage_0.localstorage to %APPDATA%\opera software\opera stable\local storage\chrome_startpage_0.localstorage.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\jump list icons\b440.tmp to %APPDATA%\opera software\opera stable\jump list icons\b440.tmp.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\network persistent state to %APPDATA%\opera software\opera stable\network persistent state.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\ssdfp1252.6.1555693585 to %APPDATA%\opera software\opera stable\ssdfp1252.6.1555693585.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\login data to %APPDATA%\opera software\opera stable\login data.enc.lamialoader
  • from %APPDATA%\thunderbird\installs.ini to %APPDATA%\thunderbird\installs.ini.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\login data-journal to %APPDATA%\opera software\opera stable\login data-journal.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\transportsecurity to %APPDATA%\opera software\opera stable\transportsecurity.enc.lamialoader
  • from %APPDATA%\telegram desktop\unins000.dat to %APPDATA%\telegram desktop\unins000.dat.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\preferences to %APPDATA%\opera software\opera stable\preferences.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\visited links to %APPDATA%\opera software\opera stable\visited links.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\crashes\store.json.mozlz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\crashes\store.json.mozlz4.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\themes_backup\landscape_photo.zip to %APPDATA%\opera software\opera stable\themes_backup\landscape_photo.zip.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\addonstartup.json.lz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\addonstartup.json.lz4.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\web data-journal to %APPDATA%\opera software\opera stable\web data-journal.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\ssdfp1252.0.1802400714 to %APPDATA%\opera software\opera stable\ssdfp1252.0.1802400714.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\update_prefs.json to %APPDATA%\opera software\opera stable\update_prefs.json.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\web data to %APPDATA%\opera software\opera stable\web data.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\jump list icons\b42e.tmp to %APPDATA%\opera software\opera stable\jump list icons\b42e.tmp.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\addons.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\addons.json.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\state.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\state.json.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\cookies.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\cookies.sqlite.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\b376zl1q.default\times.json to %APPDATA%\thunderbird\profiles\b376zl1q.default\times.json.enc.lamialoader
  • from %APPDATA%\thunderbird\crash reports\installtime20210406220621 to %APPDATA%\thunderbird\crash reports\installtime20210406220621.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\session-state.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\session-state.json.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\history.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\history.sqlite.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\openpgp.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\openpgp.sqlite.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\parent.lock to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\parent.lock.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186027.740f65ac-6c92-4860-a433-5c4acb1df428.new-profile.jsonlz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186027.740f65ac-6c92-4860-a433-5c4acb1df428.new-profile.jsonlz4.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\alternateservices.txt to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\alternateservices.txt.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\previous.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\previous.jsonlz4.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186364.ea3bd3ee-1392-479f-ab3c-37fb050509c4.main.jsonlz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186364.ea3bd3ee-1392-479f-ab3c-37fb050509c4.main.jsonlz4.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\sitesecurityservicestate.txt to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\sitesecurityservicestate.txt.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\compatibility.ini to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\compatibility.ini.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\extensions.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\extensions.json.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\extension-preferences.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\extension-preferences.json.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\global-messages-db.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\global-messages-db.sqlite.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\mailviews.dat to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\mailviews.dat.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\current session to %APPDATA%\opera software\opera stable\current session.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\formhistory.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\formhistory.sqlite.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\740f65ac-6c92-4860-a433-5c4acb1df428 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\740f65ac-6c92-4860-a433-5c4acb1df428.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage\permanent\chrome\.metadata-v2 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage\permanent\chrome\.metadata-v2.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\directorytree.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\directorytree.json.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\pkcs11.txt to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\pkcs11.txt.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\abook.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\abook.sqlite.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\.metadata-v2 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\.metadata-v2.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\securitypreloadstate.txt to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\securitypreloadstate.txt.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\ea3bd3ee-1392-479f-ab3c-37fb050509c4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\ea3bd3ee-1392-479f-ab3c-37fb050509c4.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186367.5fb935d8-7cd4-40ee-aeeb-ffd7037d7c83.first-shutdown.jsonlz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186367.5fb935d8-7cd4-40ee-aeeb-ffd7037d7c83.first-shutdown.jsonlz4.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\permissions.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\permissions.sqlite.enc.lamialoader
  • from %APPDATA%\opera software\opera stable\default_partner_content.json to %APPDATA%\opera software\opera stable\default_partner_content.json.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\enigmail.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\enigmail.sqlite.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\search.json.mozlz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\search.json.mozlz4.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\5fb935d8-7cd4-40ee-aeeb-ffd7037d7c83 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\5fb935d8-7cd4-40ee-aeeb-ffd7037d7c83.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\blist.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\blist.sqlite.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles.ini to %APPDATA%\thunderbird\profiles.ini.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\sessioncheckpoints.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\sessioncheckpoints.json.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\favicons.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\favicons.sqlite.enc.lamialoader
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\times.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\times.json.enc.lamialoader
  • from %APPDATA%\microsoft\internet explorer\quick launch\google chrome.lnk to %APPDATA%\microsoft\internet explorer\quick launch\google chrome.lnk.enc.lamialoader
  • from %APPDATA%\microsoft\office\recent\index.dat to %APPDATA%\microsoft\office\recent\index.dat.enc.lamialoader
  • from %APPDATA%\microsoft\internet explorer\quick launch\microsoft edge.lnk to %APPDATA%\microsoft\internet explorer\quick launch\microsoft edge.lnk.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\xulstore.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\xulstore.json.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\webappsstore.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\webappsstore.sqlite.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\prefs.js to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\prefs.js.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage.sqlite.enc.lamialoader
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\places.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\places.sqlite.enc.lamialoader
Modifies the following files
  • %ALLUSERSPROFILE%\microsoft\mf\pending.grl
  • %ALLUSERSPROFILE%\microsoft\user account pictures\user.dat
  • %ALLUSERSPROFILE%\microsoft\windows\wer\temp\006f7425-81b4-40b3-b69a-6ece9590628b
  • %ALLUSERSPROFILE%\microsoft\windows\wer\temp\00808dc6-ac02-4127-a40f-aa10cc77a37e
  • %ALLUSERSPROFILE%\microsoft\windows\wer\temp\7fd02e87-9c8b-486c-b396-90659d1f21fd
  • %ALLUSERSPROFILE%\microsoft\windows\wer\reportqueue\apphang_microsoft.window_e872541cf1f6e63a723e32bdb8fbcb53a75b48_b55b5c1a_04a64cfb-1de7-4019-8161-289237ed8a3d\report.wer
  • %ALLUSERSPROFILE%\mozilla\updatelock-308046b0af4a39cb
  • %ALLUSERSPROFILE%\mozilla\updates\308046b0af4a39cb\update-config.json
  • %ALLUSERSPROFILE%\mozilla\profile_count_308046b0af4a39cb.json
  • %ALLUSERSPROFILE%\mozilla\updates\d78bf5dd33499ec2\update-config.json
  • %ALLUSERSPROFILE%\mozilla\uninstall_ping_308046b0af4a39cb_2e7ebf48-2503-4ffa-a4d1-c79a82df0a6b.json
  • %LOCALAPPDATA%\connecteddevicesplatform\cdpglobalsettings.cdp
  • C:\users\public\libraries\recordedtv.library-ms
  • %LOCALAPPDATA%\comms\unistoredb\store.jfm
  • %LOCALAPPDATA%\google\chrome\application\47.0.2526.106\47.0.2526.106.manifest
  • %LOCALAPPDATA%\connecteddevicesplatform\l.user.cdpresource
  • %HOMEPATH%\.oracle_jre_usage\90737d32e3aba6b.timestamp
  • %LOCALAPPDATA%\comms\unistoredb\ussres00002.jrs
  • %LOCALAPPDATA%\comms\unistoredb\store.vol
  • %LOCALAPPDATA%\connecteddevicesplatform\connected devices platform certificates.sst
  • %LOCALAPPDATA%\connecteddevicesplatform\l.user\activitiescache.db-shm
  • %LOCALAPPDATA%\comms\unistoredb\usstmp.jtx
  • %LOCALAPPDATA%\connecteddevicesplatform\l.user\activitiescache.db-wal
  • %LOCALAPPDATA%\google\chrome\application\47.0.2526.106\default_apps\youtube.crx
  • %LOCALAPPDATA%\google\chrome\application\47.0.2526.106\default_apps\external_extensions.json
  • %LOCALAPPDATA%\comms\unistoredb\uss.jcp
  • %LOCALAPPDATA%\google\chrome\application\47.0.2526.106\extensions\external_extensions.json
  • %LOCALAPPDATA%\google\chrome\application\47.0.2526.106\default_apps\search.crx
  • %LOCALAPPDATA%\google\chrome\application\47.0.2526.106\default_apps\gmail.crx
Modifies multiple files.
Substitutes the following files
  • %ALLUSERSPROFILE%\Microsoft\User Account Pictures\user.dat
  • %LOCALAPPDATA%\Google\Chrome\Application\47.0.2526.106\Locales\zh-CN.pak
  • %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_PT\messages.json
  • %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pl\messages.json
  • %LOCALAPPDATA%\Google\Chrome\User Data\Default\History-journal
  • %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\uk\messages.json
  • %LOCALAPPDATA%\Microsoft\Media Player\Sync Playlists\en-US\00018047\11_All_Pictures.wpl
  • %LOCALAPPDATA%\Microsoft\Windows\History\Low\History.IE5\container.dat
  • %LOCALAPPDATA%\Microsoft\Windows\<INETFILES>\Content.Word\~WRS{0AFF12CB-9561-4537-9CC9-8FD12D76FA4B}.tmp
  • %LOCALAPPDATA%\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat
  • %LOCALAPPDATA%\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\DFGT9A84\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_15[1].txt
  • %LOCALAPPDATA%\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8ABD94FB-E7D6-84A6-A997-C918EDDE0AE5}
  • %LOCALAPPDATA%\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome_75P34JT5MTMXB4UORLDK27PJ4U
  • %APPDATA%\Mozilla\Firefox\Profiles\dnyauhh1.default-release\sessionstore-backups\recovery.baklz4
  • %APPDATA%\Thunderbird\Profiles\gbmwccb6.default-release\extension-preferences.json
  • %APPDATA%\Microsoft\Windows\Themes\CachedFiles\CachedImage_1152_864_POS2.jpg
Modifies user data files (Trojan.Encoder).
Network activity
Connects to
  • 'cl###flare.com':443
  • 'pt#.#iscord.com':443
TCP
Other
  • 'cl###flare.com':443
  • 'pt#.#iscord.com':443
UDP
  • DNS ASK cl###flare.com
  • DNS ASK pt#.#iscord.com

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play