ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

BY

RU CN EN ES FR IT JP KZ UZ BY ID
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.Encoder.45097

Добавлен в вирусную базу Dr.Web: 2026-05-20

Описание добавлено:

Technical Information

To ensure autorun and distribution
Creates the following files on removable media
  • <Drive name for removable media>:\correct.avi
  • <Drive name for removable media>:\split.avi
  • <Drive name for removable media>:\dashborder_144.bmp
  • <Drive name for removable media>:\dial.bmp
  • <Drive name for removable media>:\dashborder_96.bmp
  • <Drive name for removable media>:\toolbar.bmp
  • <Drive name for removable media>:\dashborder_120.bmp
  • <Drive name for removable media>:\contosoroot_1.cer
  • <Drive name for removable media>:\testcertificate.cer
  • <Drive name for removable media>:\contosoroot.cer
  • <Drive name for removable media>:\contoso_1.cer
  • <Drive name for removable media>:\pmd.cer
  • <Drive name for removable media>:\sdksampleunprivdeveloper.cer
  • <Drive name for removable media>:\fi51.doc
  • <Drive name for removable media>:\508softwareandos.doc
  • <Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc
  • <Drive name for removable media>:\applicantform_en.doc
  • <Drive name for removable media>:\cveuropeo.doc
  • <Drive name for removable media>:\glidescope_review_rev_010.docx
  • <Drive name for removable media>:\hadac_newsletter_july_2010_final.docx
  • <Drive name for removable media>:\sdszfo.docx
  • <Drive name for removable media>:\adhd_and_obesity.docx
  • <Drive name for removable media>:\file_p_00000000_1371597592.docx
  • <Drive name for removable media>:\64bit_notes.htm
  • <Drive name for removable media>:\browse.htm
  • <Drive name for removable media>:\tree_view.htm
  • <Drive name for removable media>:\iisstart.htm
  • <Drive name for removable media>:\advice_process.htm
  • <Drive name for removable media>:\about.htm
  • <Drive name for removable media>:\adadsi.html
  • <Drive name for removable media>:\about.html
  • <Drive name for removable media>:\iisstart.html
  • <Drive name for removable media>:\tree_view.html
  • <Drive name for removable media>:\api-hashmap.html
  • <Drive name for removable media>:\trivial-merge.html
  • <Drive name for removable media>:\region-north-karelia.jpeg
  • <Drive name for removable media>:\2.jpeg
  • <Drive name for removable media>:\1189.jpeg
  • <Drive name for removable media>:\parnas_01.jpeg
  • <Drive name for removable media>:\pushkin.jpeg
  • <Drive name for removable media>:\13.jpg
  • <Drive name for removable media>:\210252809.jpg
  • <Drive name for removable media>:\1189.jpg
  • <Drive name for removable media>:\3.jpg
  • <Drive name for removable media>:\firefly1.mov
  • <Drive name for removable media>:\video.mp4
  • <Drive name for removable media>:\d0068197bb5a41fea16a220c45390606.mp4
  • <Drive name for removable media>:\51.mp4
  • <Drive name for removable media>:\clip_1080_5sec_10mbps_h264.mp4
  • <Drive name for removable media>:\clip_480_5sec_6mbps_h264.mp4
  • <Drive name for removable media>:\2015-02-patients-topic-work-related-asthma-jobs.pdf
  • <Drive name for removable media>:\bc01.pdf
  • <Drive name for removable media>:\2015-02-worms-nanoparticle-toxicity.pdf
  • <Drive name for removable media>:\spib_pima.pdf
  • <Drive name for removable media>:\ff_ot_user_guide.pdf
  • <Drive name for removable media>:\dualectls.pdf
  • <Drive name for removable media>:\lom602.pdf
  • <Drive name for removable media>:\server.pem
  • <Drive name for removable media>:\ck_ugo.pem
  • <Drive name for removable media>:\systisoft.pem
  • <Drive name for removable media>:\hhhlcert.pem
  • <Drive name for removable media>:\investmentbankca_ca8.pem
  • <Drive name for removable media>:\background.png
  • <Drive name for removable media>:\cleanlyrics.png
  • <Drive name for removable media>:\asm.png
  • <Drive name for removable media>:\metac.ppt
  • <Drive name for removable media>:\writingcompletesarnarrative_1103.ppt
  • <Drive name for removable media>:\accountsreceivable.ppt
  • <Drive name for removable media>:\sim_gametheory_to_finance.ppt
  • <Drive name for removable media>:\sacs_presentation_sacs_qep_improving_rt_education_final.ppt
  • <Drive name for removable media>:\mappingconcepthubberlin.ppt
  • <Drive name for removable media>:\file1.ppt
  • <Drive name for removable media>:\ksearch_esa_talk.ppt
  • <Drive name for removable media>:\proposaltemplates.ppt
  • <Drive name for removable media>:\hypothyroidism_slides.pptx
  • <Drive name for removable media>:\waterresourcesag.pptx
  • <Drive name for removable media>:\asaprojectcompetition.pptx
  • <Drive name for removable media>:\indogerman2010.pptx
  • <Drive name for removable media>:\samieee_obiee_presentation.pptx
  • <Drive name for removable media>:\20140114.rdf
  • <Drive name for removable media>:\schema.rdf
  • <Drive name for removable media>:\sioc.rdf
  • <Drive name for removable media>:\pandp.rtf
  • <Drive name for removable media>:\static_electricity_easy_and_quick_activities.rtf
  • <Drive name for removable media>:\military_callsigns_0311.rtf
  • <Drive name for removable media>:\waterlandhealthkano.rtf
  • <Drive name for removable media>:\babyboymaintoscenesbackground_pal.wmv
  • <Drive name for removable media>:\babyboymaintoscenesbackground.wmv
  • <Drive name for removable media>:\testwmv.wmv
  • <Drive name for removable media>:\fiche_inscription_2015.xls
  • <Drive name for removable media>:\price030215.xls
  • <Drive name for removable media>:\excel_example.xls
  • <Drive name for removable media>:\highly_cited_2001.xlsx
  • <Drive name for removable media>:\applicant.xlsx
  • <Drive name for removable media>:\suspendedcompanies.xlsx
  • <Drive name for removable media>:\cee_mmsprogram_summary_public.xlsx
  • <Drive name for removable media>:\al.xlsx
  • <Drive name for removable media>:\disclosuredetails.xlsx
  • <Drive name for removable media>:\productos.zip
  • <Drive name for removable media>:\subjectclassification.zip
  • <Drive name for removable media>:\price.zip
  • <Drive name for removable media>:\contractualdeadlines.zip
Malicious functions
Reads files which store third party applications passwords
  • %HOMEPATH%\desktop\about.html
  • %HOMEPATH%\desktop\64bit_notes.htm
  • %APPDATA%\mozilla\firefox\profiles.ini
  • %HOMEPATH%\desktop\applicantform_en.doc
  • %HOMEPATH%\desktop\browse.htm
  • %HOMEPATH%\desktop\browse.html
  • %HOMEPATH%\desktop\coffee.bmp
  • %HOMEPATH%\desktop\contosoroot_1.cer
  • %HOMEPATH%\desktop\correct.avi
  • %HOMEPATH%\desktop\dashborder_96.bmp
  • %HOMEPATH%\desktop\february_catalogue__2015.doc
  • %HOMEPATH%\desktop\fi51.doc
  • %HOMEPATH%\desktop\howto-index.html
  • %HOMEPATH%\desktop\iisstart.html
  • %HOMEPATH%\desktop\nwfieldnotes1966.docx
  • %HOMEPATH%\desktop\ovp25012015.doc
  • %HOMEPATH%\desktop\sdksampleunprivdeveloper.cer
  • %HOMEPATH%\desktop\testcertificate.cer
  • %HOMEPATH%\desktop\tree_view.html
  • %HOMEPATH%\desktop\trivial-merge.htm
  • %APPDATA%\opera software\opera stable\login data
  • %APPDATA%\thunderbird\profiles.ini
  • %LOCALAPPDATA%\google\chrome\user data\default\cookies
  • %LOCALAPPDATA%\google\chrome\user data\default\login data
  • %LOCALAPPDATA%\google\chrome\user data\default\web data
Modifies file system
Creates the following files
  • %HOMEPATH%\desktop\key.bin
  • %TEMP%\content\2080-2128-powershell.exe-17-00-42-310.dump
  • %TEMP%\content\2080-2128-powershell.exe-17-00-42-638.dump
  • %TEMP%\content\2080-2128-powershell.exe-17-00-42-757.dump
  • %TEMP%\content\2080-2128-powershell.exe-17-00-42-965.dump
  • %TEMP%\content\2080-2128-powershell.exe-17-00-44-254.dump
  • %TEMP%\content\4860-1984-powershell.exe-17-00-31-594.dump
  • %TEMP%\content\4860-1984-powershell.exe-17-00-31-969.dump
  • %TEMP%\content\4860-1984-powershell.exe-17-00-32-202.dump
  • %TEMP%\content\4860-1984-powershell.exe-17-00-32-438.dump
  • %TEMP%\content\4860-1984-powershell.exe-17-00-34-585.dump
  • %HOMEPATH%\desktop\readme_nblock.txt
  • %LOCALAPPDATA%\microsoft\clr_v4.0\usagelogs\<File name>.exe.log
Sets the 'hidden' attribute to the following files
  • %HOMEPATH%\desktop\key.bin
Moves the following files
  • from %APPDATA%\mozilla\firefox\installs.ini to %APPDATA%\mozilla\firefox\aw5zdgfsbhmuaw5p.88ffd
  • from %APPDATA%\mozilla\firefox\profiles.ini to %APPDATA%\mozilla\firefox\chjvzmlszxmuaw5p.88ffd
  • from %APPDATA%\mozilla\firefox\crash reports\installtime20210823123856 to %APPDATA%\mozilla\firefox\crash reports\sw5zdgfsbfrpbwuymdixmdgymzeymzg1ng.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\addons.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\ywrkb25zlmpzb24.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\addonstartup.json.lz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\ywrkb25tdgfydhvwlmpzb24ubho0.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\broadcast-listeners.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\ynjvywrjyxn0lwxpc3rlbmvycy5qc29u.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\compatibility.ini to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\y29tcgf0awjpbgl0es5pbmk.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\containers.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\y29udgfpbmvycy5qc29u.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\extension-preferences.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\zxh0zw5zaw9ulxbyzwzlcmvuy2vzlmpzb24.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\extensions.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\zxh0zw5zaw9ucy5qc29u.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\formhistory.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\zm9ybwhpc3rvcnkuc3fsaxrl.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\handlers.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\agfuzgxlcnmuannvbg.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\pkcs11.txt to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cgtjczexlnr4da.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\prefs.js to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\chjlznmuanm.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\search.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\c2vhcmnolmpzb24ubw96bho0.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessioncheckpoints.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\c2vzc2lvbknozwnrcg9pbnrzlmpzb24.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shield-preference-experiments.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\c2hpzwxklxbyzwzlcmvuy2utzxhwzxjpbwvudhmuannvbg.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sitesecurityservicestate.txt to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\u2l0zvnly3vyaxr5u2vydmljzvn0yxrllnr4da.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\times.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\dgltzxmuannvbg.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\user.js to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\dxnlci5qcw.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\xulstore.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\ehvsc3rvcmuuannvbg.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\bookmarkbackups\bookmarks-2026-03-30_11_kx2i12ignwmokjfhtrtlyq==.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\bookmarkbackups\ym9va21hcmtzltiwmjytmdmtmzbfmtffs3gyateysudov21va2pmafrydgx5ut09lmpzb25sejq.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\crashes\store.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\crashes\c3rvcmuuannvbi5tb3psejq.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\session-state.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\c2vzc2lvbi1zdgf0zs5qc29u.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\state.json to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\c3rhdguuannvbg.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186024.607ca866-e4d6-4cd9-8292-f41050b95703.new-profile.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\mtcymzqynze4njaync42mddjytg2ni1lngq2ltrjzdktodi5mi1mndewntbiotu3mdmubmv3lxbyb2zpbguuannvbmx6na.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186237.f25f5a62-89ef-4fa6-bcd1-17fb20e245e0.event.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\mtcymzqynze4njizny5mmjvmnwe2mi04owvmltrmytytymnkms0xn2zimjblmjq1ztauzxzlbnquannvbmx6na.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186300.bf64c134-4580-4cec-a821-b1c0a18188bf.main.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\mtcymzqynze4njmwmc5izjy0yzeznc00ntgwltrjzwmtytgyms1imwmwyte4mtg4ymyubwfpbi5qc29ubho0.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186304.df151785-6317-4a9b-a34f-33db9e13ed66.first-shutdown.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\mtcymzqynze4njmwnc5kzje1mtc4ns02mze3ltrhowitytm0zi0zm2riowuxm2vknjyuzmlyc3qtc2h1dgrvd24uannvbmx6na.88f...
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\glean\db\data.safe.bin to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\glean\db\zgf0ys5zywzllmjpbg.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\607ca866-e4d6-4cd9-8292-f41050b95703 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\nja3y2e4njytztrkni00y2q5ltgyotitzjqxmduwyjk1nzaz.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\bf64c134-4580-4cec-a821-b1c0a18188bf to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\ymy2ngmxmzqtndu4mc00y2vjlwe4mjetyjfjmgexode4ogjm.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\df151785-6317-4a9b-a34f-33db9e13ed66 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\zgyxnte3odutnjmxny00ytlilwezngytmznkyjllmtnlzdy2.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\f25f5a62-89ef-4fa6-bcd1-17fb20e245e0 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\zji1zjvhnjitodllzi00zme2lwjjzdetmtdmyjiwzti0nwuw.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\previous.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\chjldmlvdxmuannvbmx6na.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\recovery.baklz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\cmvjb3zlcnkuymfrbho0.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\recovery.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\cmvjb3zlcnkuannvbmx6na.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\upgrade.jsonlz4-20210823123856 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\dxbncmfkzs5qc29ubho0ltiwmjewodizmtizodu2.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\1e01f83333bad4f4 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\mwuwmwy4mzmzm2jhzdrmna.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\1e06f8ad978f3db5 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\mwuwnmy4ywq5nzhmm2rinq.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\4984dbbec049ae1a to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\ndk4ngriymvjmdq5ywuxyq.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\5802f695ed438e48 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\ntgwmmy2otvlzdqzogu0oa.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\5d3fadd6bef54fea to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\nwqzzmfkzdzizwy1ngzlyq.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\618402d7d4853303 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\nje4ndayzddkndg1mzmwmw.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\628a1d0072cbecd7 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\nji4ytfkmda3mmnizwnknw.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\67e7e0482fcb91 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\njdln2uwndgyzmniote.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\88c347015146120f to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\odhjmzq3mde1mtq2mtiwzg.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\9803623ba1f8b478 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\otgwmzyym2jhmwy4yjq3oa.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\ac17e80ffc3c70cd to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\ywmxn2u4mgzmyznjnzbjza.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\ad7b8894f3e04020 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\ywq3yjg4otrmm2uwndayma.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\be1d01d9681d14d5 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\ymuxzdaxzdk2odfkmtrknq.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\c9728106a3f7dd63 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\yzk3mjgxmdzhm2y3zgq2mw.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\d6fc52c303255c71 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\zdzmyzuyyzmwmzi1nwm3mq.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\da4c9310e207ac to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\zge0yzkzmtblmja3ywm.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\f0293cbb63bd1108 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\zjayotnjymi2m2jkmtewoa.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\startup_shaders to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\c3rhcnr1cf9zagfkzxjz.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\default\moz-extension+++dbda0cde-7d0a-4e53-a3f9-27dc54886ff6^usercontextid=4294967295\.metadata-v2 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\default\moz-extension+++dbda0cde-7d0a-4e53-a3f9-27dc54886ff6^usercontextid=4294967295\lm1ldgfkyxrhlxyy.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\default\moz-extension+++dbda0cde-7d0a-4e53-a3f9-27dc54886ff6^usercontextid=4294967295\idb\3647222921wleabceoxlt-eengsairo.sql... to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\default\moz-extension+++dbda0cde-7d0a-4e53-a3f9-27dc54886ff6^usercontextid=4294967295\idb\mzy0nziymjkymxdszwfiy0vvegx0lwvlbmd...
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\.metadata-v2 to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\lm1ldgfkyxrhlxyy.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\mtq1mtmxodg2og50b3vyb21sywxub2ryes0tzxbjci5zcwxpdgu.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\1657114595amcateirvtisty.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\mty1nzexndu5nufty2f0zwlydnrpu3r5lnnxbgl0zq.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\mjgymzmxodc3n250b3vyb21sywxub2ryes0tbmfvzc5zcwxpdgu.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\mjkxoda2mzm2nxbpdxbzywguc3fsaxrl.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\mzu2mti4odg0oxnkagxpzs5zcwxpdgu.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite to %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\mzg3mdexmjcynhjzzwdtbm9pdhrldc1lcy5zcwxpdgu.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\times.json to %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\dgltzxmuannvbg.88ffd
  • from %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\user.js to %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\dxnlci5qcw.88ffd
  • from %APPDATA%\opera software\opera stable\91bb.tmp to %APPDATA%\opera software\opera stable\otfcqi50bxa.88ffd
  • from %APPDATA%\opera software\opera stable\bookmarks to %APPDATA%\opera software\opera stable\qm9va21hcmtz.88ffd
  • from %APPDATA%\opera software\opera stable\current session to %APPDATA%\opera software\opera stable\q3vycmvudcbtzxnzaw9u.88ffd
  • from %APPDATA%\opera software\opera stable\default_partner_content.json to %APPDATA%\opera software\opera stable\zgvmyxvsdf9wyxj0bmvyx2nvbnrlbnquannvbg.88ffd
  • from %APPDATA%\opera software\opera stable\favicons to %APPDATA%\opera software\opera stable\rmf2awnvbnm.88ffd
  • from %APPDATA%\opera software\opera stable\history to %APPDATA%\opera software\opera stable\sglzdg9yeq.88ffd
  • from %APPDATA%\opera software\opera stable\history-journal to %APPDATA%\opera software\opera stable\sglzdg9yes1qb3vybmfs.88ffd
  • from %APPDATA%\opera software\opera stable\local state to %APPDATA%\opera software\opera stable\tg9jywwgu3rhdgu.88ffd
  • from %APPDATA%\opera software\opera stable\login data to %APPDATA%\opera software\opera stable\tg9naw4grgf0yq.88ffd
  • from %APPDATA%\opera software\opera stable\network persistent state to %APPDATA%\opera software\opera stable\tmv0d29yaybqzxjzaxn0zw50ifn0yxrl.88ffd
  • from %APPDATA%\opera software\opera stable\opera_autoupdate.log to %APPDATA%\opera software\opera stable\b3blcmffyxv0b3vwzgf0zs5sb2c.88ffd
  • from %APPDATA%\opera software\opera stable\preferences to %APPDATA%\opera software\opera stable\uhjlzmvyzw5jzxm.88ffd
  • from %APPDATA%\opera software\opera stable\ssdfp1252.0.1802400714 to %APPDATA%\opera software\opera stable\c3nkznaxmjuyljaumtgwmjqwmdcxna.88ffd
  • from %APPDATA%\opera software\opera stable\ssdfp1252.6.1555693585 to %APPDATA%\opera software\opera stable\c3nkznaxmjuyljyumtu1nty5mzu4nq.88ffd
  • from %APPDATA%\opera software\opera stable\transportsecurity to %APPDATA%\opera software\opera stable\vhjhbnnwb3j0u2vjdxjpdhk.88ffd
  • from %APPDATA%\opera software\opera stable\update_prefs.json to %APPDATA%\opera software\opera stable\dxbkyxrlx3byzwzzlmpzb24.88ffd
  • from %APPDATA%\opera software\opera stable\visited links to %APPDATA%\opera software\opera stable\vmlzaxrlzcbmaw5rcw.88ffd
  • from %APPDATA%\opera software\opera stable\web data to %APPDATA%\opera software\opera stable\v2viierhdge.88ffd
  • from %APPDATA%\opera software\opera stable\dictionaries\dictionaries.xml to %APPDATA%\opera software\opera stable\dictionaries\zgljdglvbmfyawvzlnhtba.88ffd
  • from %APPDATA%\opera software\opera stable\extension state\000003.log to %APPDATA%\opera software\opera stable\extension state\mdawmdazlmxvzw.88ffd
  • from %APPDATA%\opera software\opera stable\extension state\current to %APPDATA%\opera software\opera stable\extension state\q1vsukvova.88ffd
  • from %APPDATA%\opera software\opera stable\extension state\log to %APPDATA%\opera software\opera stable\extension state\te9h.88ffd
  • from %APPDATA%\opera software\opera stable\extension state\manifest-000001 to %APPDATA%\opera software\opera stable\extension state\tufosuzfu1qtmdawmdax.88ffd
  • from %APPDATA%\opera software\opera stable\local storage\chrome_startpage_0.localstorage to %APPDATA%\opera software\opera stable\local storage\y2hyb21lx3n0yxj0cgfnzv8wlmxvy2fsc3rvcmfnzq.88ffd
  • from %APPDATA%\opera software\opera stable\themes_backup\landscape_photo.zip to %APPDATA%\opera software\opera stable\themes_backup\bgfuzhnjyxblx3bob3rvlnppca.88ffd
  • from %APPDATA%\thunderbird\installs.ini to %APPDATA%\thunderbird\aw5zdgfsbhmuaw5p.88ffd
  • from %APPDATA%\thunderbird\profiles.ini to %APPDATA%\thunderbird\chjvzmlszxmuaw5p.88ffd
  • from %APPDATA%\thunderbird\crash reports\installtime20210406220621 to %APPDATA%\thunderbird\crash reports\sw5zdgfsbfrpbwuymdixmdqwnjiymdyymq.88ffd
  • from %APPDATA%\thunderbird\profiles\b376zl1q.default\times.json to %APPDATA%\thunderbird\profiles\b376zl1q.default\dgltzxmuannvbg.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\abook.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\ywjvb2suc3fsaxrl.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\addons.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\ywrkb25zlmpzb24.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\addonstartup.json.lz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\ywrkb25tdgfydhvwlmpzb24ubho0.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\blist.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\ymxpc3quc3fsaxrl.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\cert9.db to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\y2vyddkuzgi.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\compatibility.ini to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\y29tcgf0awjpbgl0es5pbmk.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\cookies.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\y29va2llcy5zcwxpdgu.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\directorytree.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\zglyzwn0b3j5vhjlzs5qc29u.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\enigmail.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\zw5pz21hawwuc3fsaxrl.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\extension-preferences.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\zxh0zw5zaw9ulxbyzwzlcmvuy2vzlmpzb24.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\extensions.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\zxh0zw5zaw9ucy5qc29u.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\favicons.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\zmf2awnvbnmuc3fsaxrl.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\formhistory.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\zm9ybwhpc3rvcnkuc3fsaxrl.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\global-messages-db.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\z2xvymfslw1lc3nhz2vzlwrilnnxbgl0zq.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\history.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\aglzdg9yes5zcwxpdgu.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\key4.db to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\a2v5nc5kyg.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\openpgp.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\b3blbnbncc5zcwxpdgu.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\permissions.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\cgvybwlzc2lvbnmuc3fsaxrl.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\pkcs11.txt to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\cgtjczexlnr4da.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\places.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\cgxhy2vzlnnxbgl0zq.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\prefs.js to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\chjlznmuanm.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\search.json.mozlz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\c2vhcmnolmpzb24ubw96bho0.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\sessioncheckpoints.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\c2vzc2lvbknozwnrcg9pbnrzlmpzb24.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\c3rvcmfnzs5zcwxpdgu.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\times.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\dgltzxmuannvbg.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\webappsstore.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\d2viyxbwc3n0b3jllnnxbgl0zq.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\xulstore.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\ehvsc3rvcmuuannvbg.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\crashes\store.json.mozlz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\crashes\c3rvcmuuannvbi5tb3psejq.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\session-state.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\c2vzc2lvbi1zdgf0zs5qc29u.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\state.json to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\c3rhdguuannvbg.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186027.740f65ac-6c92-4860-a433-5c4acb1df428.new-profile.jsonlz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\mtcymzqynze4njayny43ndbmnjvhyy02yzkyltq4njatytqzmy01yzrhy2ixzgy0mjgubmv3lxbyb2zpbguuannvbmx6na.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186364.ea3bd3ee-1392-479f-ab3c-37fb050509c4.main.jsonlz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\mtcymzqynze4njm2nc5lytnizdnlzs0xmzkyltq3owytywizyy0zn2zimduwnta5yzqubwfpbi5qc29ubho0.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186367.5fb935d8-7cd4-40ee-aeeb-ffd7037d7c83.first-shutdown.jsonlz4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\mtcymzqynze4njm2ny41zmi5mzvkoc03y2q0ltqwzwutywvlyi1mzmq3mdm3zddjodmuzmlyc3qtc2h1dgrvd24uannvbmx6na.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\5fb935d8-7cd4-40ee-aeeb-ffd7037d7c83 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\nwziotm1zdgtn2nknc00mgvllwflzwitzmzknzazn2q3yzgz.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\740f65ac-6c92-4860-a433-5c4acb1df428 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\nzqwzjy1ywmtnmm5mi00odywlwe0mzmtnwm0ywnimwrmndi4.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\ea3bd3ee-1392-479f-ab3c-37fb050509c4 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\zwezymqzzwutmtm5mi00nzlmlwfim2mtmzdmyja1mduwowm0.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage\permanent\chrome\.metadata-v2 to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage\permanent\chrome\lm1ldgfkyxrhlxyy.88ffd
  • from %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite to %APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage\permanent\chrome\idb\mzg3mdexmjcynhjzzwdtbm9pdhrldc1lcy5zcwxpdgu.88ffd
  • from %TEMP%\.ses to %TEMP%\lnnlcw.88ffd
  • from %TEMP%\msedge_installer.log to %TEMP%\bxnlzgdlx2luc3rhbgxlci5sb2c.88ffd
  • from %TEMP%\wallpaper.bmp to %TEMP%\d2fsbhbhcgvylmjtca.88ffd
  • from %TEMP%\content\1452-3348-powershell.exe-16-41-53-964.dump to %TEMP%\content\mtq1mi0zmzq4lvbvd2vyu2hlbgwuzxhllte2ltqxltuzltk2nc5kdw1w.88ffd
  • from %TEMP%\content\1452-3348-powershell.exe-16-41-54-229.dump to %TEMP%\content\mtq1mi0zmzq4lvbvd2vyu2hlbgwuzxhllte2ltqxltu0ltiyos5kdw1w.88ffd
  • from %TEMP%\content\1452-3348-powershell.exe-16-41-54-354.dump to %TEMP%\content\mtq1mi0zmzq4lvbvd2vyu2hlbgwuzxhllte2ltqxltu0ltm1nc5kdw1w.88ffd
  • from %TEMP%\content\1452-3348-powershell.exe-16-41-54-542.dump to %TEMP%\content\mtq1mi0zmzq4lvbvd2vyu2hlbgwuzxhllte2ltqxltu0ltu0mi5kdw1w.88ffd
  • from %TEMP%\content\1452-3348-powershell.exe-16-41-55-245.dump to %TEMP%\content\mtq1mi0zmzq4lvbvd2vyu2hlbgwuzxhllte2ltqxltu1lti0ns5kdw1w.88ffd
  • from %TEMP%\content\1528-2080-powershell.exe-16-41-31-027.dump to %TEMP%\content\mtuyoc0ymdgwlvbvd2vyu2hlbgwuzxhllte2ltqxltmxltayny5kdw1w.88ffd
  • from %TEMP%\content\1528-2080-powershell.exe-16-41-31-261.dump to %TEMP%\content\mtuyoc0ymdgwlvbvd2vyu2hlbgwuzxhllte2ltqxltmxlti2ms5kdw1w.88ffd
  • from %TEMP%\content\1528-2080-powershell.exe-16-41-31-370.dump to %TEMP%\content\mtuyoc0ymdgwlvbvd2vyu2hlbgwuzxhllte2ltqxltmxltm3mc5kdw1w.88ffd
  • from %TEMP%\content\1528-2080-powershell.exe-16-41-31-542.dump to %TEMP%\content\mtuyoc0ymdgwlvbvd2vyu2hlbgwuzxhllte2ltqxltmxltu0mi5kdw1w.88ffd
  • from %TEMP%\content\1528-2080-powershell.exe-16-41-32-089.dump to %TEMP%\content\mtuyoc0ymdgwlvbvd2vyu2hlbgwuzxhllte2ltqxltmylta4os5kdw1w.88ffd
  • from %TEMP%\content\2080-2128-powershell.exe-17-00-42-310.dump to %TEMP%\content\mja4mc0ymti4lvbvd2vyu2hlbgwuzxhllte3ltawltqyltmxmc5kdw1w.88ffd
  • from %TEMP%\content\2080-2128-powershell.exe-17-00-42-638.dump to %TEMP%\content\mja4mc0ymti4lvbvd2vyu2hlbgwuzxhllte3ltawltqyltyzoc5kdw1w.88ffd
  • from %TEMP%\content\2080-2128-powershell.exe-17-00-42-757.dump to %TEMP%\content\mja4mc0ymti4lvbvd2vyu2hlbgwuzxhllte3ltawltqyltc1ny5kdw1w.88ffd
  • from %TEMP%\content\2080-2128-powershell.exe-17-00-42-965.dump to %TEMP%\content\mja4mc0ymti4lvbvd2vyu2hlbgwuzxhllte3ltawltqyltk2ns5kdw1w.88ffd
  • from %TEMP%\content\2080-2128-powershell.exe-17-00-44-254.dump to %TEMP%\content\mja4mc0ymti4lvbvd2vyu2hlbgwuzxhllte3ltawltq0lti1nc5kdw1w.88ffd
  • from %TEMP%\content\2944-3352-powershell.exe-16-41-57-761.dump to %TEMP%\content\mjk0nc0zmzuylxbvd2vyc2hlbgwuzxhllte2ltqxltu3ltc2ms5kdw1w.88ffd
  • from %TEMP%\content\2944-3352-powershell.exe-16-41-57-902.dump to %TEMP%\content\mjk0nc0zmzuylxbvd2vyc2hlbgwuzxhllte2ltqxltu3ltkwmi5kdw1w.88ffd
  • from %TEMP%\content\3836-3776-cscript.exe-16-42-46-245.dump to %TEMP%\content\mzgzni0znzc2lwnzy3jpchquzxhllte2ltqyltq2lti0ns5kdw1w.88ffd
  • from %TEMP%\content\3836-3776-cscript.exe-16-42-46-261.dump to %TEMP%\content\mzgzni0znzc2lwnzy3jpchquzxhllte2ltqyltq2lti2ms5kdw1w.88ffd
  • from %TEMP%\content\3836-3776-cscript.exe-16-42-47-589.dump to %TEMP%\content\mzgzni0znzc2lwnzy3jpchquzxhllte2ltqyltq3ltu4os5kdw1w.88ffd
  • from %TEMP%\content\4860-1984-powershell.exe-17-00-31-594.dump to %TEMP%\content\ndg2mc0xotg0lvbvd2vyu2hlbgwuzxhllte3ltawltmxltu5nc5kdw1w.88ffd
  • from %TEMP%\content\4860-1984-powershell.exe-17-00-31-969.dump to %TEMP%\content\ndg2mc0xotg0lvbvd2vyu2hlbgwuzxhllte3ltawltmxltk2os5kdw1w.88ffd
  • from %TEMP%\content\4860-1984-powershell.exe-17-00-32-202.dump to %TEMP%\content\ndg2mc0xotg0lvbvd2vyu2hlbgwuzxhllte3ltawltmyltiwmi5kdw1w.88ffd
  • from %TEMP%\content\4860-1984-powershell.exe-17-00-32-438.dump to %TEMP%\content\ndg2mc0xotg0lvbvd2vyu2hlbgwuzxhllte3ltawltmyltqzoc5kdw1w.88ffd
  • from %TEMP%\content\4860-1984-powershell.exe-17-00-34-585.dump to %TEMP%\content\ndg2mc0xotg0lvbvd2vyu2hlbgwuzxhllte3ltawltm0ltu4ns5kdw1w.88ffd
  • from %TEMP%\content\4876-5248-powershell.exe-16-49-19-130.dump to %TEMP%\content\ndg3ni01mjq4lxbvd2vyc2hlbgwuzxhllte2ltq5lte5ltezmc5kdw1w.88ffd
  • from %TEMP%\content\4876-5248-powershell.exe-16-49-19-385.dump to %TEMP%\content\ndg3ni01mjq4lxbvd2vyc2hlbgwuzxhllte2ltq5lte5ltm4ns5kdw1w.88ffd
  • from %TEMP%\content\4876-5248-powershell.exe-16-49-19-447.dump to %TEMP%\content\ndg3ni01mjq4lxbvd2vyc2hlbgwuzxhllte2ltq5lte5ltq0ny5kdw1w.88ffd
  • from %TEMP%\content\4876-5248-powershell.exe-16-49-19-601.dump to %TEMP%\content\ndg3ni01mjq4lxbvd2vyc2hlbgwuzxhllte2ltq5lte5ltywms5kdw1w.88ffd
  • from %TEMP%\content\4876-5248-powershell.exe-16-49-19-780.dump to %TEMP%\content\ndg3ni01mjq4lxbvd2vyc2hlbgwuzxhllte2ltq5lte5ltc4mc5kdw1w.88ffd
  • from %TEMP%\content\4876-5248-powershell.exe-16-49-20-289.dump to %TEMP%\content\ndg3ni01mjq4lxbvd2vyc2hlbgwuzxhllte2ltq5ltiwlti4os5kdw1w.88ffd
  • from %TEMP%\content\4876-5248-powershell.exe-16-49-20-653.dump to %TEMP%\content\ndg3ni01mjq4lxbvd2vyc2hlbgwuzxhllte2ltq5ltiwlty1my5kdw1w.88ffd
  • from %TEMP%\content\5828-5988-powershell.exe-16-49-15-569.dump to %TEMP%\content\ntgyoc01otg4lvbvd2vyu2hlbgwuzxhllte2ltq5lte1ltu2os5kdw1w.88ffd
  • from %TEMP%\content\5828-5988-powershell.exe-16-49-15-933.dump to %TEMP%\content\ntgyoc01otg4lvbvd2vyu2hlbgwuzxhllte2ltq5lte1ltkzmy5kdw1w.88ffd
  • from %TEMP%\content\5828-5988-powershell.exe-16-49-16-072.dump to %TEMP%\content\ntgyoc01otg4lvbvd2vyu2hlbgwuzxhllte2ltq5lte2lta3mi5kdw1w.88ffd
  • from %TEMP%\content\5828-5988-powershell.exe-16-49-16-257.dump to %TEMP%\content\ntgyoc01otg4lvbvd2vyu2hlbgwuzxhllte2ltq5lte2lti1ny5kdw1w.88ffd
  • from %TEMP%\content\5828-5988-powershell.exe-16-49-17-061.dump to %TEMP%\content\ntgyoc01otg4lvbvd2vyu2hlbgwuzxhllte2ltq5lte3lta2ms5kdw1w.88ffd
Modifies the following files
  • %HOMEPATH%\desktop\64bit_notes.htm
  • %HOMEPATH%\downloads\desktop.ini
  • %HOMEPATH%\documents\desktop.ini
  • %APPDATA%\mozilla\firefox\installs.ini
  • %LOCALAPPDATA%\comms\unistore\data\aggregatecache.uca
  • D:\$recycle.bin\s-1-5-21-4226853953-3309226944-3078887307-1000\desktop.ini
  • %HOMEPATH%\desktop\about.html
  • %APPDATA%\mozilla\firefox\profiles.ini
  • <Drive name for removable media>:\correct.avi
  • %LOCALAPPDATA%\comms\unistoredb\store.jfm
  • <Drive name for removable media>:\split.avi
  • %APPDATA%\mozilla\firefox\crash reports\installtime20210823123856
  • %HOMEPATH%\desktop\applicantform_en.doc
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\addons.json
  • %LOCALAPPDATA%\comms\unistoredb\store.vol
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\addonstartup.json.lz4
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\broadcast-listeners.json
  • %LOCALAPPDATA%\comms\unistoredb\uss.jcp
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\compatibility.ini
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\containers.json
  • %LOCALAPPDATA%\comms\unistoredb\uss.jtx
  • %HOMEPATH%\desktop\desktop.ini
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\extension-preferences.json
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\extensions.json
  • %LOCALAPPDATA%\comms\unistoredb\ussres00001.jrs
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\formhistory.sqlite
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\handlers.json
  • %LOCALAPPDATA%\comms\unistoredb\ussres00002.jrs
  • %HOMEPATH%\desktop\google chrome.lnk
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\pkcs11.txt
Modifies multiple files.
Modifies user data files (Trojan.Encoder).

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play