PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.Siggen21.28239

Added to the Dr.Web virus database: 2023-09-11

Virus description added:

Technical Information

To ensure autorun and distribution
Creates the following files on removable media
  • <Drive name for removable media>:\correct.avi
  • <Drive name for removable media>:\cveuropeo.doc
  • <Drive name for removable media>:\ovp25012015.doc
  • <Drive name for removable media>:\applicantform_en.doc
  • <Drive name for removable media>:\sdksampleprivdeveloper.cer
  • <Drive name for removable media>:\contoso.cer
  • <Drive name for removable media>:\sdkfailsafeemulator.cer
  • <Drive name for removable media>:\february_catalogue__2015.doc
  • <Drive name for removable media>:\contosoroot.cer
  • <Drive name for removable media>:\default.bmp
  • <Drive name for removable media>:\dashborder_120.bmp
  • <Drive name for removable media>:\coffee.bmp
  • <Drive name for removable media>:\tileimage.bmp
  • <Drive name for removable media>:\dashborder_192.bmp
  • <Drive name for removable media>:\dashborder_144.bmp
  • <Drive name for removable media>:\sdksampleunprivdeveloper.cer
  • <Drive name for removable media>:\weeklysheet1215.doc
Malicious functions
Terminates or attempts to terminate
the following user processes:
  • firefox.exe
  • iexplore.exe
Reads files which store third party applications passwords
  • %HOMEPATH%\desktop\508softwareandos.doc
  • %HOMEPATH%\desktop\weeklysheet1215.doc
  • %HOMEPATH%\desktop\tree_view.htm
  • %HOMEPATH%\desktop\tileimage.bmp
  • %HOMEPATH%\desktop\sdszfo.docx
  • %HOMEPATH%\desktop\ovp25012015.doc
  • %HOMEPATH%\desktop\lisp_success.doc
  • %HOMEPATH%\desktop\join.avi
  • %HOMEPATH%\desktop\issi2013_template_for_posters.docx
  • %HOMEPATH%\desktop\glidescope_review_rev_010.docx
  • %HOMEPATH%\desktop\fi51.doc
  • %HOMEPATH%\desktop\february_catalogue__2015.doc
  • %HOMEPATH%\desktop\dialmap.bmp
  • %HOMEPATH%\desktop\dial.bmp
  • %HOMEPATH%\desktop\delete.avi
  • %HOMEPATH%\desktop\dashborder_120.bmp
  • %HOMEPATH%\desktop\contoso_1.cer
  • %HOMEPATH%\desktop\contoso.cer
  • %HOMEPATH%\desktop\coffee.bmp
  • %HOMEPATH%\desktop\archer.avi
  • %HOMEPATH%\desktop\adhd_and_obesity.docx
  • %HOMEPATH%\desktop\64bit_notes.htm
  • %APPDATA%\thunderbird\profiles.ini
  • %APPDATA%\mozilla\firefox\profiles.ini
Modifies file system
Creates the following files
  • C:\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\27\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\26\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\25\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\24\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\23\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\22\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\21\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\20\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\2\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\19\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\18\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\29\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\28\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\17\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\14\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\13\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\12\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\11\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\10\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\1\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\0\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\oracle\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\oracle\java\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\oracle\java\au\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\mozilla\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\16\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\15\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\mozilla\temp-{9cda0b19-0440-4e70-9631-93e7041926aa}\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\mozilla\temp-{c524df81-3d66-47d3-a687-5ed5a39c6588}\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\31\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\53\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\52\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\51\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\50\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\5\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\49\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\48\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\47\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\46\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\45\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\30\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\55\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\3\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\44\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\40\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\4\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\39\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\38\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\37\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\36\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\35\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\34\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\33\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\32\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\43\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\42\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\41\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\security_state\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\mozilla\temp-{74a94761-d090-449f-b0e6-cb7d26a06c26}\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\cache2\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\cache2\doomed\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\bcjnbgva.default\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\thumbnails\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\startupcache\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\safebrowsing\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\safebrowsing\google4\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\offlinecache\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\entries\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\offlinecache\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cache2\doomed\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\cache2\entries\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\widevinecdm\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\swiftshader\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\pnacl\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\pepperflash\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\evwhitelist\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\caps\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\42.0.2311.135\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\42.0.2311.135\visualelements\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\microsoft help\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\safebrowsing\google4\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\safebrowsing\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\startupcache\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\mozilla\temp-{10ec5a16-76a1-4966-833c-89c100352a7c}\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\thunderbird\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\startupcache\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\safebrowsing\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\safebrowsing\google4\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\cache2\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\cache2\entries\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\npsdfqy3.default-release\cache2\doomed\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\49zr3fqa.default\xedvyniu6.readme.txt
  • %TEMP%\xedvyniu6.readme.txt
  • %TEMP%\wpdnse\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\xedvyniu6.readme.txt
  • %TEMP%\opera installer\xedvyniu6.readme.txt
  • %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_10.0.30319\xedvyniu6.readme.txt
  • %TEMP%\microsoft .net framework 4 setup_4.0.30319\xedvyniu6.readme.txt
  • %TEMP%\low\xedvyniu6.readme.txt
  • %TEMP%\hsperfdata_user\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\programs\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\programs\common\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\thumbnails\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\56\xedvyniu6.readme.txt
  • %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_10.0.30319\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\54\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\57\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\58\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\59\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\events\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\49zr3fqa.default\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\pending pings\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\crash reports\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\crash reports\events\xedvyniu6.readme.txt
  • %APPDATA%\telegram desktop\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\minidumps\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\systemextensionsdev\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\temporary\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\3561288849sdhlie.files\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\2918063365piupsah.files\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\1657114595amcateirvtisty.files\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage\permanent\chrome\idb\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\xedvyniu6.readme.txt
  • %HOMEPATH%\xedvyniu6.readme.txt
  • %HOMEPATH%\videos\xedvyniu6.readme.txt
  • %HOMEPATH%\searches\xedvyniu6.readme.txt
  • %HOMEPATH%\saved games\xedvyniu6.readme.txt
  • %HOMEPATH%\pictures\xedvyniu6.readme.txt
  • %HOMEPATH%\music\xedvyniu6.readme.txt
  • %HOMEPATH%\links\xedvyniu6.readme.txt
  • %HOMEPATH%\favorites\xedvyniu6.readme.txt
  • %HOMEPATH%\favorites\windows live\xedvyniu6.readme.txt
  • %HOMEPATH%\favorites\msn websites\xedvyniu6.readme.txt
  • %HOMEPATH%\favorites\microsoft websites\xedvyniu6.readme.txt
  • %HOMEPATH%\favorites\links for united states\xedvyniu6.readme.txt
  • C:\users\xedvyniu6.readme.txt
  • %HOMEPATH%\favorites\links\xedvyniu6.readme.txt
  • %HOMEPATH%\documents\xedvyniu6.readme.txt
  • %HOMEPATH%\desktop\xedvyniu6.readme.txt
  • %HOMEPATH%\contacts\xedvyniu6.readme.txt
  • %HOMEPATH%\appdata\xedvyniu6.readme.txt
  • %APPDATA%\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage\temporary\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage\permanent\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage\permanent\chrome\xedvyniu6.readme.txt
  • %HOMEPATH%\downloads\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\42.0.2311.135\pepperflash\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\mozilla\temp-{6caf41d3-d3bc-4111-be0f-6767486b42d5}\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\sessionstore-backups\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gmp-widevinecdm\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\crash reports\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\crash reports\events\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\extensions\xedvyniu6.readme.txt
  • %APPDATA%\media center programs\xedvyniu6.readme.txt
  • %APPDATA%\identities\xedvyniu6.readme.txt
  • %APPDATA%\identities\{d59a8b31-5854-4768-ba01-cd66beadf546}\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\jre1.8.0_45_x64\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\events\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\pending pings\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\muffin\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\host\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\9\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\8\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\7\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\63\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\62\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\61\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\60\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\6\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\security\xedvyniu6.readme.txt
  • %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extensions\xedvyniu6.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gmp-widevinecdm\4.10.1582.2\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\crashes\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\crashes\events\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\bookmarkbackups\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\minidumps\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\temporary\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\1657114595amcateirvtisty.files\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\minidumps\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\xedvyniu6.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\xedvyniu6.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\42.0.2311.135\locales\xedvyniu6.readme.txt
Moves the following files
  • from %APPDATA%\thunderbird\installs.ini to %APPDATA%\thunderbird\ptjlllq.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\iqou85q.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\recovery.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore-backups\e1etwyj.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\bef7f9cf-b0b1-42d8-a037-8d586d4d1e42 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\qom04wh.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\dc5a4164-f290-4a08-a5ec-0fe7810acbc6 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\tmdawu7.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\f9af9616-8535-4ace-8050-4454f33ad475 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\4yqqchk.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\fbcd22a2-e53a-4131-9ef1-1935f505d9ca to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\saved-telemetry-pings\iiem9br.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\session-state.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\htlmn7r.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\state.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\typ1amb.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759331.f9af9616-8535-4ace-8050-4454f33ad475.new-profile.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\jzp1fll.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759476.fbcd22a2-e53a-4131-9ef1-1935f505d9ca.event.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\ji6atn0.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759547.bef7f9cf-b0b1-42d8-a037-8d586d4d1e42.main.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\fea5vs5.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\store.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\crashes\usevsmy.xedvyniu6
  • from %TEMP%\dd_vcredistmsi7a3c.txt to %TEMP%\unknthh.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\bookmarks-2022-09-28_11_3a7quggif+d7xxwa176j2q==.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\bookmarkbackups\7hubp7l.xedvyniu6
  • from %APPDATA%\mozilla\firefox\crash reports\installtime20200708170202 to %APPDATA%\mozilla\firefox\crash reports\xggdece.xedvyniu6
  • from %TEMP%\adobearm.log to %TEMP%\ovpvrj4.xedvyniu6
  • from %TEMP%\adobesfx.log to %TEMP%\5pgjrx3.xedvyniu6
  • from %TEMP%\armui.ini to %TEMP%\qwrmhph.xedvyniu6
  • from %TEMP%\aspnetsetup_00000.log to %TEMP%\fnzbvr2.xedvyniu6
  • from %TEMP%\aspnetsetup_00001.log to %TEMP%\ncrpdsj.xedvyniu6
  • from %TEMP%\chrome_installer.log to %TEMP%\ssrfhtu.xedvyniu6
  • from %TEMP%\dd_dotnetfx40_full_x86_x64_decompression_log.txt to %TEMP%\b4wahgt.xedvyniu6
  • from %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt to %TEMP%\le1lmle.xedvyniu6
  • from %TEMP%\dd_setuputility.txt to %TEMP%\bv7pk49.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\fqzsc2r.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\1664411759551.dc5a4164-f290-4a08-a5ec-0fe7810acbc6.first-shutdown.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\datareporting\archived\2022-09\jidbrpm.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\medthud.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\permissions.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\zh2rakd.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cert9.db to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\anrlfrb.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\compatibility.ini to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\zcvyft4.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\containers.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\5unr0pv.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\content-prefs.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\yuri68o.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\cookies.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\kvczebf.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extension-preferences.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\obxmzvw.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\gjde1zc.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\favicons.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\s3kf1qt.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\formhistory.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\thmal0d.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\handlers.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\jffbuvv.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\key4.db to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\ggwt0pg.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\pkcs11.txt to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\af4q8v5.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\4fqiizj.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\places.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\p51kcrl.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\prefs.js to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\dfulx1m.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\search.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\tddvtwt.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessioncheckpoints.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\zrqcmhz.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\sessionstore.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\ivushit.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\shield-preference-experiments.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\klqbzev.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\twupc3o.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\times.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\3imxnbs.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\user.js to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\jwgqel1.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\webappsstore.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\qg5nktn.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\.metadata-v2 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\vjnjrk1.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\1657114595amcateirvtisty.sqlite to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\storage\permanent\chrome\idb\myadca1.xedvyniu6
  • from %TEMP%\dd_vcredistui7a3c.txt to %TEMP%\dalzd9l.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165349.log to %TEMP%\acsulev.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165349_0_vcruntimeminimum_x64.log to %TEMP%\xhdpvde.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928170335_002_vcruntimeadditional_x86.log to %TEMP%\ytx7hgh.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928170410.log to %TEMP%\tr0zdjb.xedvyniu6
  • from %TEMP%\dd_wcf_ca_smci_20230531_225943_157.txt to %TEMP%\nb9miio.xedvyniu6
  • from %TEMP%\dd_wcf_ca_smci_20230531_225945_094.txt to %TEMP%\zp8nsaw.xedvyniu6
  • from %TEMP%\javadeployreg.log to %TEMP%\dhmrgki.xedvyniu6
  • from %TEMP%\jawshtml.html to %TEMP%\q1o6zaf.xedvyniu6
  • from %TEMP%\jusched.log to %TEMP%\jselxhr.xedvyniu6
  • from %TEMP%\microsoft .net framework 4 setup_20230531_155457219-msi_netfx_core_x64.msi.txt to %TEMP%\vgoocut.xedvyniu6
  • from %TEMP%\microsoft .net framework 4 setup_20230531_155457219-msi_netfx_extended_x64.msi.txt to %TEMP%\whfvpfg.xedvyniu6
  • from %TEMP%\microsoft .net framework 4 setup_20230531_155457219.html to %TEMP%\vans84s.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928170335.log to %TEMP%\12rvp2n.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928170335_001_vcruntimeminimum_x86.log to %TEMP%\b8eqnmq.xedvyniu6
  • from %TEMP%\microsoft .net framework 4.8 setup_20220928_170905091.html to %TEMP%\zsdrein.xedvyniu6
  • from %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_164850616.html to %TEMP%\urbbe1k.xedvyniu6
  • from %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_165235616-msi_vc_red.msi.txt to %TEMP%\9rqau06.xedvyniu6
  • from %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_165235616.html to %TEMP%\niyp1q8.xedvyniu6
  • from %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20220928_165304913-msi_vc_red.msi.txt to %TEMP%\p9iq2i0.xedvyniu6
  • from %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20220928_165304913.html to %TEMP%\vp1ayg9.xedvyniu6
  • from %TEMP%\rgi5839.tmp to %TEMP%\xp76lxv.xedvyniu6
  • from %TEMP%\rgi5839.tmp-tmp to %TEMP%\fqramob.xedvyniu6
  • from %TEMP%\setupexe(20220928171621f0c).log to %TEMP%\lr5cxcl.xedvyniu6
  • from %TEMP%\tmpaddon to %TEMP%\p0krx0z.xedvyniu6
  • from %TEMP%\user.bmp to %TEMP%\jppqrcc.xedvyniu6
  • from %TEMP%\microsoft .net framework 4.8 setup_20230531_160116688.html to %TEMP%\kvngqaw.xedvyniu6
  • from %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_20220928_164850616-msi_vc_red.msi.txt to %TEMP%\9p9hprc.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928170221.log to %TEMP%\wct1qnt.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928170143_002_vcruntimeadditional_x86.log to %TEMP%\t0oju6m.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928170143_001_vcruntimeminimum_x86.log to %TEMP%\i8gchuo.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165628.log to %TEMP%\5blwyko.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165628_0_vcruntimeminimum_x64.log to %TEMP%\zziaxca.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165628_1_vcruntimeadditional_x64.log to %TEMP%\hgxw6eo.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165746.log to %TEMP%\taaoc7e.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165746_000_vcruntimeminimum_x64.log to %TEMP%\e4fbt44.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165746_001_vcruntimeadditional_x64.log to %TEMP%\vfeq9ay.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165956.log to %TEMP%\wefibxe.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165956_001_vcruntimeminimum_x64.log to %TEMP%\jxumbuh.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165956_002_vcruntimeadditional_x64.log to %TEMP%\4eemkjn.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928170114.log to %TEMP%\jeinfdx.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928170250.log to %TEMP%\n6bx2yk.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928165349_1_vcruntimeadditional_x64.log to %TEMP%\ivrcjlt.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928170250_001_vcruntimeminimum_x64.log to %TEMP%\mspxpxb.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928170328.log to %TEMP%\gqmvdkv.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928165536.log to %TEMP%\dtq0miy.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928165536_0_vcruntimeminimum_x86.log to %TEMP%\t6jatpo.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928165536_1_vcruntimeadditional_x86.log to %TEMP%\6ji8bxx.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928165710.log to %TEMP%\vbzf0no.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928165710_0_vcruntimeminimum_x86.log to %TEMP%\ji40yih.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928165710_1_vcruntimeadditional_x86.log to %TEMP%\qaydjin.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928165916.log to %TEMP%\r1if80g.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928165916_000_vcruntimeminimum_x86.log to %TEMP%\l1vc1r4.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928165916_001_vcruntimeadditional_x86.log to %TEMP%\wkps5yr.xedvyniu6
  • from %TEMP%\dd_vcredist_x86_20220928170143.log to %TEMP%\0px0vno.xedvyniu6
  • from %TEMP%\dd_vcredist_amd64_20220928170250_002_vcruntimeadditional_x64.log to %TEMP%\v9muiar.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\broadcast-listeners.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\g4bwleb.xedvyniu6
  • from %TEMP%\wallpaper.bmp to %TEMP%\s2xoqgh.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addonstartup.json.lz4 to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\nkpaqni.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\user.js to %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\rwe7leb.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\xulstore.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\0ftx3dt.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage\permanent\chrome\.metadata-v2 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage\permanent\chrome\x9wmvoh.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage\permanent\chrome\idb\g6g425m.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\a6077284-6dcc-4781-9fb7-7f9d7b5132bf to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\rb0gcms.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\d092fa80-6cc0-49cc-9da4-f67b3d6cdc55 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\ifhc88l.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\e60182f3-3480-48d0-bc12-b3b897042a6b to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\saved-telemetry-pings\sjfoxpc.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\session-state.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\mtzjren.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\state.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\6rrioxe.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411763506.e60182f3-3480-48d0-bc12-b3b897042a6b.new-profile.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\a8ypczg.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764034.d092fa80-6cc0-49cc-9da4-f67b3d6cdc55.main.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\eaezdkm.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\1664411764036.a6077284-6dcc-4781-9fb7-7f9d7b5132bf.first-shutdown.jsonlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\datareporting\archived\2022-09\etm90jk.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\49zr3fqa.default\times.json to %APPDATA%\thunderbird\profiles\49zr3fqa.default\yikbzcc.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\cookies.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\ayrw66x.xedvyniu6
  • from %APPDATA%\thunderbird\crash reports\installtime20210406220621 to %APPDATA%\thunderbird\crash reports\jok6tvb.xedvyniu6
  • from %APPDATA%\telegram desktop\unins000.dat to %APPDATA%\telegram desktop\2llktor.xedvyniu6
  • from %APPDATA%\mozilla\firefox\installs.ini to %APPDATA%\mozilla\firefox\3qmwno7.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles.ini to %APPDATA%\mozilla\firefox\nbxvjct.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\addons.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\caour7s.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\addonstartup.json.lz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\pgokxxf.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\broadcast-listeners.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\rftquxq.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\cert9.db to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\xgth7ew.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\compatibility.ini to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gvptqu0.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\containers.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\2agegoj.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\content-prefs.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\ey2foy8.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\webappsstore.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\26gqtbs.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\store.json.mozlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\crashes\cbhy55t.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\times.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\oifvnnv.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extensions.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\35u5nsj.xedvyniu6
  • from %APPDATA%\thunderbird\profiles.ini to %APPDATA%\thunderbird\6aj4wpr.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\abook.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\ezkiwf6.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addons.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\hl1nl8o.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\addonstartup.json.lz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\km20sfm.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\blist.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\sffdgmv.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\cert9.db to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\nqa0nsh.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\compatibility.ini to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\jnpmr6q.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\cookies.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\y9tblqd.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\directorytree.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\jtkyra9.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\enigmail.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\apti25z.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\extension-preferences.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\nn8mxxw.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\favicons.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\ltijsab.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\sessioncheckpoints.json to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\z0npgih.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\formhistory.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\eii4nr9.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\global-messages-db.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\qiiw7n3.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\history.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\fdz28co.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\key4.db to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\4gpup7h.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\mailviews.dat to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\x9kdo9z.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\openpgp.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\rn39des.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\permissions.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\9op05kk.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\pkcs11.txt to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\xklsgxf.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\places.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\bakqdkw.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\prefs.js to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\evskxhs.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\search.json.mozlz4 to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\wxgtq4u.xedvyniu6
  • from %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\storage.sqlite to %APPDATA%\thunderbird\profiles\npsdfqy3.default-release\oiediif.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\cookies.sqlite-shm to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\998p8vq.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extension-preferences.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\enocn3g.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\5bzkyr6.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\sessionstore-backups\recovery.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\sessionstore-backups\lvp1vj1.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\sessionstore-backups\upgrade.jsonlz4-20200708170202 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\sessionstore-backups\hsjdt0v.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\0186ea91-e835-4919-9366-c7e15b92110b to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\erk7ipe.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\0bfb99e9-0e75-47d0-b739-94e23d793342 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\9dv5yvf.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\1f6a84f6-29b5-43da-aa85-b8cf32dd80d0 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\ovyr1jo.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\a847dc89-db3d-4896-9bef-b610ec76e43d to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\ydvkgmo.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\d9d62ad7-4327-4aa9-97e7-aeb5486c45ee to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\enbogs8.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\ee43e28f-610b-4229-a7d7-171f6ed032bd to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\saved-telemetry-pings\pcvs2ez.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gmp-widevinecdm\4.10.1582.2\license.txt to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gmp-widevinecdm\4.10.1582.2\pumd5ok.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gmp-widevinecdm\4.10.1582.2\manifest.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gmp-widevinecdm\4.10.1582.2\opawzvu.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\gbva4ag.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\sessionstore-backups\previous.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\sessionstore-backups\otmlaar.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.lib to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gmp-widevinecdm\4.10.1582.2\hqgrfpt.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\state.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\a3l7fkn.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\1685574160101.d9d62ad7-4327-4aa9-97e7-aeb5486c45ee.new-profile.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\he29mki.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\1685574160111.ee43e28f-610b-4229-a7d7-171f6ed032bd.health.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\sxjbpg5.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\1685574160174.0bfb99e9-0e75-47d0-b739-94e23d793342.event.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\hn08utg.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\1685574160236.a847dc89-db3d-4896-9bef-b610ec76e43d.health.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\0ni96ns.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\1685574160262.1f6a84f6-29b5-43da-aa85-b8cf32dd80d0.main.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\gjhtvym.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\1685574160264.0186ea91-e835-4919-9366-c7e15b92110b.first-shutdown.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\archived\2023-05\ve2yyv6.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\crashes\store.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\crashes\xmzqgdh.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\bookmarkbackups\bookmarks-2023-08-28_11_wowu13vthwkcthdlkwm-la==.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\bookmarkbackups\lm9zdjl.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\times.json to %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\oeqgc6e.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gmp-widevinecdm\4.10.1582.2\widevinecdm.dll.sig to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gmp-widevinecdm\4.10.1582.2\ad62x90.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\session-state.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\datareporting\gbniuqg.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\3561288849sdhlie.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\nnkwfp2.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\2918063365piupsah.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\sxcdqhh.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\e8f6jco.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\favicons.sqlite-shm to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\klu2yah.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\formhistory.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\bdwmoli.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\handlers.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\on13vyb.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\key4.db to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\sk2x3hp.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\permissions.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\iungxzq.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\pkcs11.txt to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\7vv99ej.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\places.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\tofezfd.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\places.sqlite-shm to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\nboifbw.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\places.sqlite-wal to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\ehb3ffv.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\pluginreg.dat to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\6rfgkzx.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\prefs.js to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\ixcpipy.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\favicons.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\j9vhx6p.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\search.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\svcswqk.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\shield-preference-experiments.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\715rhjj.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\sitesecurityservicestate.txt to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\hmq9j9k.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\9wcdrve.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\times.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\ddadvea.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\user.js to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\3lmfjo9.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\webappsstore.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\gwbwihe.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\webappsstore.sqlite-shm to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\9xfbqxb.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\xulstore.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\99urkdn.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\.metadata-v2 to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\fzxoyda.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\cks1vrt.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\1657114595amcateirvtisty.sqlite to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\storage\permanent\chrome\idb\vwns5wv.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\sessioncheckpoints.json to %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\yvzr3al.xedvyniu6
  • from %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\addons.json to %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\rfupafm.xedvyniu6
  • from %TEMP%\wmsetup.log to %TEMP%\pmluwzq.xedvyniu6
Modifies the following files
  • C:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\desktop.ini
  • %HOMEPATH%\desktop\mooieca.xedvyniu6
  • %HOMEPATH%\desktop\8p3kddc.xedvyniu6
  • %HOMEPATH%\desktop\tebrazn.xedvyniu6
  • %HOMEPATH%\desktop\rxxupw5.xedvyniu6
  • %HOMEPATH%\desktop\slozrwf.xedvyniu6
  • %HOMEPATH%\desktop\6lnka5g.xedvyniu6
  • %HOMEPATH%\desktop\oa4686f.xedvyniu6
  • %HOMEPATH%\desktop\2ba6jdz.xedvyniu6
  • %HOMEPATH%\favorites\links\ewu8lrg.xedvyniu6
  • %HOMEPATH%\favorites\links for united states\mfnk89c.xedvyniu6
  • %HOMEPATH%\favorites\links for united states\tukjnjn.xedvyniu6
  • %HOMEPATH%\favorites\microsoft websites\uzcigqj.xedvyniu6
  • %HOMEPATH%\favorites\microsoft websites\1kquw7r.xedvyniu6
  • %HOMEPATH%\favorites\microsoft websites\8ncjq96.xedvyniu6
  • %HOMEPATH%\favorites\microsoft websites\oqxlstq.xedvyniu6
  • %HOMEPATH%\favorites\microsoft websites\wkjdane.xedvyniu6
  • %HOMEPATH%\favorites\msn websites\trshlh5.xedvyniu6
  • %HOMEPATH%\favorites\msn websites\geetfel.xedvyniu6
  • %HOMEPATH%\favorites\msn websites\x8sztqf.xedvyniu6
  • %HOMEPATH%\favorites\msn websites\s2dk3ij.xedvyniu6
  • %HOMEPATH%\favorites\msn websites\ccimoup.xedvyniu6
  • %HOMEPATH%\favorites\msn websites\ngumwlm.xedvyniu6
  • %HOMEPATH%\favorites\windows live\7mscx2w.xedvyniu6
  • %HOMEPATH%\favorites\windows live\tp5uesb.xedvyniu6
  • %HOMEPATH%\favorites\windows live\z5zwbk0.xedvyniu6
  • %HOMEPATH%\favorites\windows live\33dyffe.xedvyniu6
  • D:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\desktop.ini
  • %HOMEPATH%\desktop\1pnqjiu.xedvyniu6
  • %HOMEPATH%\desktop\ulhdkgb.xedvyniu6
Modifies multiple files.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play