マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Trojan.Encoder.38212

Added to the Dr.Web virus database: 2023-11-11

Virus description added:

Technical Information

To ensure autorun and distribution
Creates the following files on removable media
  • <Drive name for removable media>:\syrwnz0xs.readme.txt
Malicious functions
Terminates or attempts to terminate
the following user processes:
  • firefox.exe
  • iexplore.exe
Reads files which store third party applications passwords
  • %HOMEPATH%\desktop\adhd_and_obesity.docx
  • %HOMEPATH%\desktop\contosoroot.cer
  • %HOMEPATH%\desktop\contosoroot_1.cer
  • %HOMEPATH%\desktop\contoso_1.cer
  • %HOMEPATH%\desktop\february_catalogue__2015.doc
  • %HOMEPATH%\desktop\fi51.doc
  • %HOMEPATH%\desktop\file_p_00000000_1371597592.docx
  • %HOMEPATH%\desktop\hadac_newsletter_july_2010_final.docx
  • %HOMEPATH%\desktop\join.avi
  • %HOMEPATH%\desktop\nwfieldnotes1966.docx
  • %HOMEPATH%\desktop\pmd.cer
  • %HOMEPATH%\desktop\sdksampleunprivdeveloper.cer
  • %HOMEPATH%\desktop\split.avi
  • %HOMEPATH%\desktop\thlps_keeper_mayer_1965.docx
  • %APPDATA%\mozilla\firefox\profiles.ini
Searches for windows to
detect analytical utilities:
  • ClassName: 'OLLYDBG', WindowName: ''
Modifies file system
Creates the following files
  • C:\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\31\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\30\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\3\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\29\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\28\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\27\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\26\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\25\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\24\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\23\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\22\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\21\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\34\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\20\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\32\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\19\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\mozilla\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\au\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\0\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\1\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\10\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\44\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\11\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\13\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\14\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\15\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\16\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\17\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\18\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\12\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\2\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\33\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\35\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\36\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\63\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\62\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\61\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\60\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\6\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\59\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\58\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\57\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\56\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\55\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\54\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\53\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\52\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\8\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\51\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\38\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\39\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\37\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\50\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\5\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\49\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\48\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\47\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\9\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\46\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\43\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\mozilla\temp-{ae10742a-3ff1-4c8f-af75-b87a734cf0ed}\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\42\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\41\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\40\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\4\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\45\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\7\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\mozilla\temp-{a2803123-f610-4af1-88f1-a89d1c56a194}\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\updates\d78bf5dd33499ec2\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\62qb1mr2.default\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\thumbnails\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\startupcache\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\safebrowsing\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\safebrowsing\google4\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\offlinecache\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\cache2\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\cache2\entries\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\cache2\doomed\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\microsoft help\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\firefox\profiles\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\widevinecdm\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\43.0.2357.65\default_apps\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\43.0.2357.65\extensions\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\43.0.2357.65\installer\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\43.0.2357.65\locales\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\43.0.2357.65\pepperflash\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\programs\common\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\43.0.2357.65\visualelements\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\caps\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\evwhitelist\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\pepperflash\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\pnacl\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\swiftshader\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\user data\swreporter\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\mozilla\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\programs\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\45\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\startupcache\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache2\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache2\entries\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache2\doomed\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\f\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\e\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\d\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\c\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\b\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\a\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\9\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\8\syrwnz0xs.readme.txt
  • %TEMP%\hsperfdata_user\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\1\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\0\syrwnz0xs.readme.txt
  • %TEMP%\low\syrwnz0xs.readme.txt
  • %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_10.0.30319\syrwnz0xs.readme.txt
  • %TEMP%\opera installer\syrwnz0xs.readme.txt
  • %TEMP%\wpdnse\syrwnz0xs.readme.txt
  • %TEMP%\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\updates\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\3\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\4\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\5\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\6\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\7\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\thunderbird\profiles\ieju75yx.default\cache\2\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\host\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\muffin\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\6.0\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\1657114595amcateirvtisty.files\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sessionstore-backups\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\saved-telemetry-pings\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\minidumps\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\gmp-widevinecdm\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\gmp-widevinecdm\4.10.1440.18\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\extensions\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\archived\2023-09\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\archived\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\syrwnz0xs.readme.txt
  • %APPDATA%\identities\{a63d0773-347a-4043-8706-e47f04446a1c}\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\syrwnz0xs.readme.txt
  • %APPDATA%\identities\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\extensions\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\crash reports\events\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\crash reports\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\pending pings\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\bookmarkbackups\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\crashes\events\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\crashes\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\62qb1mr2.default\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\syrwnz0xs.readme.txt
  • <Current directory>\syrwnz0xs.readme.txt
  • %HOMEPATH%\syrwnz0xs.readme.txt
  • %HOMEPATH%\videos\syrwnz0xs.readme.txt
  • %HOMEPATH%\searches\syrwnz0xs.readme.txt
  • %HOMEPATH%\saved games\syrwnz0xs.readme.txt
  • %HOMEPATH%\pictures\syrwnz0xs.readme.txt
  • %HOMEPATH%\music\syrwnz0xs.readme.txt
  • %HOMEPATH%\links\syrwnz0xs.readme.txt
  • %HOMEPATH%\favorites\syrwnz0xs.readme.txt
  • %HOMEPATH%\favorites\windows live\syrwnz0xs.readme.txt
  • %HOMEPATH%\favorites\msn websites\syrwnz0xs.readme.txt
  • %HOMEPATH%\favorites\microsoft websites\syrwnz0xs.readme.txt
  • %HOMEPATH%\favorites\links for united states\syrwnz0xs.readme.txt
  • %HOMEPATH%\favorites\links\syrwnz0xs.readme.txt
  • %HOMEPATH%\downloads\syrwnz0xs.readme.txt
  • C:\users\syrwnz0xs.readme.txt
  • %HOMEPATH%\documents\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\systemextensionsdev\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\syrwnz0xs.readme.txt
  • %APPDATA%\thunderbird\profiles\ieju75yx.default\syrwnz0xs.readme.txt
  • %HOMEPATH%\desktop\syrwnz0xs.readme.txt
  • %HOMEPATH%\contacts\syrwnz0xs.readme.txt
  • %HOMEPATH%\appdata\syrwnz0xs.readme.txt
  • %APPDATA%\syrwnz0xs.readme.txt
  • %APPDATA%\media center programs\syrwnz0xs.readme.txt
  • %APPDATA%\thunderbird\syrwnz0xs.readme.txt
  • %APPDATA%\thunderbird\profiles\ieju75yx.default\minidumps\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\jre1.7.0_11\syrwnz0xs.readme.txt
  • %APPDATA%\thunderbird\profiles\ieju75yx.default\crashes\syrwnz0xs.readme.txt
  • %APPDATA%\thunderbird\crash reports\syrwnz0xs.readme.txt
  • %APPDATA%\telegram desktop\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\syrwnz0xs.readme.txt
  • %APPDATA%\thunderbird\profiles\syrwnz0xs.readme.txt
  • %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\34\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\32\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\31\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\30\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\3\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\29\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\28\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\27\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\26\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\25\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\24\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\23\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\22\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\21\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\20\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\2\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\cache\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\13\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\12\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\security\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\0\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\1\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\10\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\11\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\33\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\35\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\15\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\16\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\17\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\18\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\19\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\14\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%\google\chrome\application\43.0.2357.65\syrwnz0xs.readme.txt
  • C:\kms\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\38\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\8\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\7\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\63\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\62\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\61\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\60\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\6\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\59\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\58\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\57\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\56\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\55\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\54\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\53\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\9\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\52\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\39\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\51\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\50\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\5\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\49\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\48\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\47\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\36\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\46\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\37\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\43\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\42\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\41\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\40\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\4\syrwnz0xs.readme.txt
  • %LOCALAPPDATA%low\sun\java\deployment\systemcache\6.0\44\syrwnz0xs.readme.txt
  • D:\syrwnz0xs.readme.txt
Moves the following files
  • from %APPDATA%\thunderbird\profiles.ini to %APPDATA%\thunderbird\profiles.ini.syrwnz0xs
  • from %TEMP%\aucheck_parser.txt to %TEMP%\aucheck_parser.txt.syrwnz0xs
  • from %TEMP%\adobesfx.log to %TEMP%\adobesfx.log.syrwnz0xs
  • from %TEMP%\adobearm.log to %TEMP%\adobearm.log.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\crash reports\installtime20190813150448 to %APPDATA%\mozilla\firefox\crash reports\installtime20190813150448.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\bookmarkbackups\bookmarks-2023-10-17_11_1jincnrptzkpdehqvheskw==.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\bookmarkbackups\bookmarks-2023-10-17_11_1jincnrptzkpdehqvheskw==.jsonlz4.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\crashes\store.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\crashes\store.json.mozlz4.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\archived\2023-09\1694569385508.5539a8cb-d998-4669-9fc0-9d00fcdeea81.first-shutdown.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\archived\2023-09\1694569385508.5539a8cb-d998-4669-9fc0-9d00fcdeea81.first-shutdown.jsonlz4.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\archived\2023-09\1694569385506.6f9821bc-f8ff-4e80-8646-c64ea972dd97.main.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\archived\2023-09\1694569385506.6f9821bc-f8ff-4e80-8646-c64ea972dd97.main.jsonlz4.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\archived\2023-09\1694569385486.61c55e70-5b50-43a6-9eda-99cd5359746a.event.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\archived\2023-09\1694569385486.61c55e70-5b50-43a6-9eda-99cd5359746a.event.jsonlz4.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\archived\2023-09\1694569385462.6191109f-859c-4072-813f-23f1cfc3587d.new-profile.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\archived\2023-09\1694569385462.6191109f-859c-4072-813f-23f1cfc3587d.new-profile.jsonlz4.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\state.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\state.json.syrwnz0xs
  • from %TEMP%\chrome_installer.log to %TEMP%\chrome_installer.log.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\session-state.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\datareporting\session-state.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\gmp-widevinecdm\4.10.1440.18\widevinecdm.dll.lib to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\gmp-widevinecdm\4.10.1440.18\widevinecdm.dll.lib.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\gmp-widevinecdm\4.10.1440.18\manifest.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\gmp-widevinecdm\4.10.1440.18\manifest.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\gmp-widevinecdm\4.10.1440.18\license.txt to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\gmp-widevinecdm\4.10.1440.18\license.txt.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\saved-telemetry-pings\6f9821bc-f8ff-4e80-8646-c64ea972dd97 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\saved-telemetry-pings\6f9821bc-f8ff-4e80-8646-c64ea972dd97.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\saved-telemetry-pings\61c55e70-5b50-43a6-9eda-99cd5359746a to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\saved-telemetry-pings\61c55e70-5b50-43a6-9eda-99cd5359746a.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\saved-telemetry-pings\6191109f-859c-4072-813f-23f1cfc3587d to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\saved-telemetry-pings\6191109f-859c-4072-813f-23f1cfc3587d.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\saved-telemetry-pings\5539a8cb-d998-4669-9fc0-9d00fcdeea81 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\saved-telemetry-pings\5539a8cb-d998-4669-9fc0-9d00fcdeea81.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sessionstore-backups\upgrade.jsonlz4-20190813150448 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sessionstore-backups\upgrade.jsonlz4-20190813150448.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sessionstore-backups\recovery.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sessionstore-backups\recovery.jsonlz4.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sessionstore-backups\recovery.baklz4 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sessionstore-backups\recovery.baklz4.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sessionstore-backups\previous.jsonlz4 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sessionstore-backups\previous.jsonlz4.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\gmp-widevinecdm\4.10.1440.18\widevinecdm.dll.sig to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\gmp-widevinecdm\4.10.1440.18\widevinecdm.dll.sig.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183110_002_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20230912183110_002_vcruntimeadditional_x86.log.syrwnz0xs
  • from %TEMP%\tmpaddon to %TEMP%\tmpaddon.syrwnz0xs
  • from %TEMP%\dd_vcredistui4afe.txt to %TEMP%\dd_vcredistui4afe.txt.syrwnz0xs
  • from %TEMP%\setupexe(20230912183908d5c).log to %TEMP%\setupexe(20230912183908d5c).log.syrwnz0xs
  • from %TEMP%\rdab90.tmp to %TEMP%\rdab90.tmp.syrwnz0xs
  • from %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20230912_182944492-msi_vc_red.msi.txt to %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_20230912_182944492-msi_vc_red.msi.txt.syrwnz0xs
  • from %TEMP%\jusched.log to %TEMP%\jusched.log.syrwnz0xs
  • from %TEMP%\java_install_reg.log to %TEMP%\java_install_reg.log.syrwnz0xs
  • from %TEMP%\java_install.log to %TEMP%\java_install.log.syrwnz0xs
  • from %TEMP%\jaureg.log to %TEMP%\jaureg.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183221.log to %TEMP%\dd_vcredist_x86_20230912183221.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183202_002_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20230912183202_002_vcruntimeadditional_x86.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183202_001_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20230912183202_001_vcruntimeminimum_x86.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183202.log to %TEMP%\dd_vcredist_x86_20230912183202.log.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183146.log to %TEMP%\dd_vcredist_x86_20230912183146.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183110_001_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20230912183110_001_vcruntimeminimum_x86.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183110.log to %TEMP%\dd_vcredist_x86_20230912183110.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183031_001_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20230912183031_001_vcruntimeadditional_x86.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183031_000_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20230912183031_000_vcruntimeminimum_x86.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183031.log to %TEMP%\dd_vcredist_x86_20230912183031.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183013_1_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20230912183013_1_vcruntimeadditional_x86.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183013_0_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20230912183013_0_vcruntimeminimum_x86.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912183013.log to %TEMP%\dd_vcredist_x86_20230912183013.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912182953_1_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20230912182953_1_vcruntimeadditional_x86.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912182953_0_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20230912182953_0_vcruntimeminimum_x86.log.syrwnz0xs
  • from %TEMP%\dd_vcredist_x86_20230912182953.log to %TEMP%\dd_vcredist_x86_20230912182953.log.syrwnz0xs
  • from %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt to %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt.syrwnz0xs
  • from %TEMP%\dd_vcredistmsi4afe.txt to %TEMP%\dd_vcredistmsi4afe.txt.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\content-prefs.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\content-prefs.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\broadcast-listeners.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\broadcast-listeners.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\addonstartup.json.lz4 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\addonstartup.json.lz4.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\addons.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\addons.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\62qb1mr2.default\user.js to %APPDATA%\mozilla\firefox\profiles\62qb1mr2.default\user.js.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\62qb1mr2.default\times.json to %APPDATA%\mozilla\firefox\profiles\62qb1mr2.default\times.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles.ini to %APPDATA%\mozilla\firefox\profiles.ini.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\installs.ini to %APPDATA%\mozilla\firefox\installs.ini.syrwnz0xs
  • from %APPDATA%\thunderbird\crash reports\installtime20150507114201 to %APPDATA%\thunderbird\crash reports\installtime20150507114201.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\crashes\store.json.mozlz4 to %APPDATA%\thunderbird\profiles\ieju75yx.default\crashes\store.json.mozlz4.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\times.json to %APPDATA%\thunderbird\profiles\ieju75yx.default\times.json.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\sessioncheckpoints.json to %APPDATA%\thunderbird\profiles\ieju75yx.default\sessioncheckpoints.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\compatibility.ini to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\compatibility.ini.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\prefs.js to %APPDATA%\thunderbird\profiles\ieju75yx.default\prefs.js.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\permissions.sqlite to %APPDATA%\thunderbird\profiles\ieju75yx.default\permissions.sqlite.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\history.mab to %APPDATA%\thunderbird\profiles\ieju75yx.default\history.mab.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\global-messages-db.sqlite to %APPDATA%\thunderbird\profiles\ieju75yx.default\global-messages-db.sqlite.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\formhistory.sqlite to %APPDATA%\thunderbird\profiles\ieju75yx.default\formhistory.sqlite.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\extensions.json to %APPDATA%\thunderbird\profiles\ieju75yx.default\extensions.json.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\extensions.ini to %APPDATA%\thunderbird\profiles\ieju75yx.default\extensions.ini.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\cookies.sqlite to %APPDATA%\thunderbird\profiles\ieju75yx.default\cookies.sqlite.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\compatibility.ini to %APPDATA%\thunderbird\profiles\ieju75yx.default\compatibility.ini.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\blist.sqlite to %APPDATA%\thunderbird\profiles\ieju75yx.default\blist.sqlite.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\addons.json to %APPDATA%\thunderbird\profiles\ieju75yx.default\addons.json.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\abook.mab to %APPDATA%\thunderbird\profiles\ieju75yx.default\abook.mab.syrwnz0xs
  • from %APPDATA%\thunderbird\profiles\ieju75yx.default\places.sqlite to %APPDATA%\thunderbird\profiles\ieju75yx.default\places.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\places.sqlite-wal to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\places.sqlite-wal.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\1657114595amcateirvtisty.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\1657114595amcateirvtisty.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\cookies.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\cookies.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\.metadata-v2 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\.metadata-v2.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\xulstore.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\xulstore.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\webappsstore.sqlite-shm to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\webappsstore.sqlite-shm.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\webappsstore.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\webappsstore.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\user.js to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\user.js.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\times.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\times.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sitesecurityservicestate.txt to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sitesecurityservicestate.txt.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sessioncheckpoints.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\sessioncheckpoints.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\search.json.mozlz4 to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\search.json.mozlz4.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\prefs.js to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\prefs.js.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\places.sqlite-shm to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\places.sqlite-shm.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\places.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\places.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\pkcs11.txt to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\pkcs11.txt.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\permissions.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\permissions.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\handlers.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\handlers.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\formhistory.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\formhistory.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\favicons.sqlite-shm to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\favicons.sqlite-shm.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\favicons.sqlite to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\favicons.sqlite.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\extensions.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\extensions.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\extension-preferences.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\extension-preferences.json.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\cookies.sqlite-shm to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\cookies.sqlite-shm.syrwnz0xs
  • from %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\containers.json to %APPDATA%\mozilla\firefox\profiles\4aee41yi.default-release\containers.json.syrwnz0xs
  • from %TEMP%\wmsetup.log to %TEMP%\wmsetup.log.syrwnz0xs
Modifies the following files
  • C:\$recycle.bin\s-1-5-21-1864035604-3554178654-4081431624-1000\desktop.ini
  • %HOMEPATH%\desktop\february_catalogue__2015.doc.syrwnz0xs
  • %HOMEPATH%\desktop\hadac_newsletter_july_2010_final.docx.syrwnz0xs
  • %HOMEPATH%\desktop\file_p_00000000_1371597592.docx.syrwnz0xs
  • %HOMEPATH%\desktop\fi51.doc.syrwnz0xs
  • %HOMEPATH%\desktop\contoso_1.cer.syrwnz0xs
  • %HOMEPATH%\desktop\contosoroot_1.cer.syrwnz0xs
  • %HOMEPATH%\desktop\contosoroot.cer.syrwnz0xs
  • %HOMEPATH%\desktop\adhd_and_obesity.docx.syrwnz0xs
  • %HOMEPATH%\favorites\links\web slice gallery.url.syrwnz0xs
  • %HOMEPATH%\favorites\links for united states\usa.gov.url.syrwnz0xs
  • %HOMEPATH%\favorites\links for united states\gobiernousa.gov.url.syrwnz0xs
  • %HOMEPATH%\favorites\microsoft websites\microsoft store.url.syrwnz0xs
  • %HOMEPATH%\favorites\microsoft websites\microsoft at work.url.syrwnz0xs
  • %HOMEPATH%\favorites\microsoft websites\microsoft at home.url.syrwnz0xs
  • %HOMEPATH%\favorites\microsoft websites\ie site on microsoft.com.url.syrwnz0xs
  • %HOMEPATH%\favorites\microsoft websites\ie add-on site.url.syrwnz0xs
  • %HOMEPATH%\favorites\msn websites\msnbc news.url.syrwnz0xs
  • %HOMEPATH%\favorites\msn websites\msn.url.syrwnz0xs
  • %HOMEPATH%\favorites\msn websites\msn sports.url.syrwnz0xs
  • %HOMEPATH%\favorites\msn websites\msn money.url.syrwnz0xs
  • %HOMEPATH%\favorites\msn websites\msn entertainment.url.syrwnz0xs
  • %HOMEPATH%\favorites\msn websites\msn autos.url.syrwnz0xs
  • %HOMEPATH%\favorites\windows live\windows live spaces.url.syrwnz0xs
  • %HOMEPATH%\favorites\windows live\windows live mail.url.syrwnz0xs
  • %HOMEPATH%\favorites\windows live\windows live gallery.url.syrwnz0xs
  • %HOMEPATH%\favorites\windows live\get windows live.url.syrwnz0xs
  • D:\$recycle.bin\s-1-5-21-1864035604-3554178654-4081431624-1000\desktop.ini
  • %HOMEPATH%\desktop\nwfieldnotes1966.docx.syrwnz0xs
  • %HOMEPATH%\desktop\join.avi.syrwnz0xs
Modifies multiple files.
Changes user data files extensions (Trojan.Encoder).

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android