FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Analyse von virenabhängigen Vorfällen
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Trojan.Crossrider.17623

Added to the Dr.Web virus database: 2014-05-20

Virus description added:

Technical Information

To ensure autorun and distribution
Creates or modifies the following files
  • %WINDIR%\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-6.job
  • <SYSTEM32>\tasks\temp_e245e9da-c0c3-4265-8369-4306280e87e9-2
  • %WINDIR%\tasks\temp_e245e9da-c0c3-4265-8369-4306280e87e9-2.job
  • <SYSTEM32>\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-2
  • %WINDIR%\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-2.job
  • <SYSTEM32>\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-1
  • %WINDIR%\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-1.job
  • <SYSTEM32>\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-4
  • %WINDIR%\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-4.job
  • <SYSTEM32>\tasks\temp_e245e9da-c0c3-4265-8369-4306280e87e9-7
  • <SYSTEM32>\tasks\globalupdateupdatetaskmachineua
  • %WINDIR%\tasks\temp_e245e9da-c0c3-4265-8369-4306280e87e9-7.job
  • <SYSTEM32>\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-7
  • %WINDIR%\tasks\globalupdateupdatetaskmachineua.job
  • <SYSTEM32>\tasks\globalupdateupdatetaskmachinecore
  • %WINDIR%\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-7.job
  • <SYSTEM32>\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-6
  • %WINDIR%\tasks\globalupdateupdatetaskmachinecore.job
  • %WINDIR%\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-5.job
  • <SYSTEM32>\tasks\e245e9da-c0c3-4265-8369-4306280e87e9-5
Sets the following service settings
  • [HKLM\System\CurrentControlSet\Services\globalUpdate] 'Start' = '00000002'
  • [HKLM\System\CurrentControlSet\Services\globalUpdate] 'ImagePath' = '%ProgramFiles(x86)%\globalUpdate\Update\GoogleUpdate.exe /svc'
  • [HKLM\System\CurrentControlSet\Services\globalUpdatem] 'ImagePath' = '%ProgramFiles(x86)%\globalUpdate\Update\GoogleUpdate.exe /medsvc'
Creates the following services
  • 'globalUpdate' %ProgramFiles(x86)%\globalUpdate\Update\GoogleUpdate.exe /svc
  • 'globalUpdatem' %ProgramFiles(x86)%\globalUpdate\Update\GoogleUpdate.exe /medsvc
Malicious functions
Terminates or attempts to terminate
the following user processes:
  • iexplore.exe
  • firefox.exe
Registers BHO
  • [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411551102}]
Modifies file system
Creates the following files
  • %TEMP%\nsm7159.tmp
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\install.rdf
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\64.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\246.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\22.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\177.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\14.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\104.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\182.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\1.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\21.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\72.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\4.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\91.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\16.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\93.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\123.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\211.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\28.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\183.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\manifest.xml
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins.json
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome.manifest
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\242.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\defaults\preferences\prefs.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\103.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\102.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\9a82de638a51d5ab8c4af3...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\ceb6318d015c8ff1ce2ab1...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\browser.xul
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\options.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\cacdd934cdb8cd00e0983000d05...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\search_dialog.xul
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\963f67110fec4801876991808b0...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\70a0a5410d28173137bdc082b3c...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\6d5b12ef3cc72e91277a29dc58d...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\ffcorefilesindex.txt
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\options.xul
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\background.html
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\dialog.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\11d0e8e53a505ca16958f5c60ff...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\usercode\background.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\usercode\extension.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\207.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\98.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\13.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\47.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\17.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\78.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\193.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\locale\en-us\translations.dtd
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button4.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\crossrider_statusbar.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\5a7f6b204e01f8bc0c2ab4c2e657f1ec...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\31a25c5c5411391a2a0e1a7a093a1a17...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\6c3f32a758469ea1c750b6dfe5336bae...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\7953adf94af0041d5e8f9e9f7002a68f...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\594461513849d394c6cdeda8e67c8d53...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\d40c522712ea1ce235490bc83e9c5dd2...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\installer.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\d2816caa7ae7dcb9faf8c00b2c086aa2...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\7891bbb9028e9db621989ff5276296c9...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\ec288bb23dc922fbb579cf2a7a2dad87...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\48fe0d6c4a80bfc9801bce5edaaa660f...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\26208989acb8df6389e98a190b82bbd3....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\164587e1d4d3d77140343d41736ef154....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\932c9b79b1921467761cb7a082c59cd9...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\81e805f790f692917056f01278f61ebc...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\655f18847fc179645af405c5031cc2ed...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\034771a7f0db6ec9918a120e6e7d01d1...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\5e01a47df8b0f94dd29e21a633ca61ea...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\2d33de75ba8feab50788061424f04a99...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\9a82de638a51d5ab8c4af324c88a3561...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\ceb6318d015c8ff1ce2ab1a8241ff80c...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\browser.xul
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\987ed9be125435c76efd5bbbdd6df604...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\824bba1b7b9776e18f08ee5ddac40553....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\panelarrow-up.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\432b049f4031032ba6f797ef11efb9ab....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon128.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\71b973f65c91c0ce275ca6cca11c83b2....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon16.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button1.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button3.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon24.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\skin.css
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button5.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button2.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\update.css
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\popup.html
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon48.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\8ead277014d0ade3a183956e4ebfda83....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\2a31c96522c7a88885231b79544e4a71....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\9cebdc305e307cf934bc1ca369ebfd7f....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\950f912895c7a7733f60a62c7c57784f....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\14a253ccc8462065a294d56c2546f491....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\d3ff7a7f44940209a83c195dce349649....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\5163a2160a02e3c8ea2f7559b73309c4....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\13069d35a10b986310f97630ac75bfa8....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\f58358d474d35a6cb22cfc1a1e175ae3....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\ba6f99c0bd46ee18bb5855335952a206....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\d13e28bfc8f1cb9fe339758ffda509cf....
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\options.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\0ba9900c354590f639c5f2af729ce494...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\2d33de75ba8feab5078806...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\d40c522712ea1ce235490b...
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\4.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\39.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\38.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\37.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\36.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\35.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\3.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\28.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\246.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\242.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\104.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\22.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\21.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\207.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\2.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\193.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\183.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\182.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\177.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\17.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\14.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\13.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\211.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\123.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\40.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\94.js
  • %ProgramFiles(x86)%\123hd\123hd-bg.exe
  • %ProgramFiles(x86)%\123hd\background.html
  • %ProgramFiles(x86)%\123hd\123hd-bho64.dll
  • %ProgramFiles(x86)%\123hd\123hd-bho.dll
  • %ProgramFiles(x86)%\123hd\123hd.ico
  • %ProgramFiles(x86)%\123hd\123hd-buttonutil64.dll
  • %ProgramFiles(x86)%\123hd\123hd-buttonutil.dll
  • %ProgramFiles(x86)%\123hd\123hd-buttonutil64.exe
  • %ProgramFiles(x86)%\123hd\123hd-buttonutil.exe
  • %TEMP%\nsm8048.tmp\extensiondata\usercode\extension.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\42.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\41.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\93.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\91.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\78.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\72.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\64.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\47.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\46.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\45.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\44.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\43.js
  • %TEMP%\nsm8048.tmp\extensiondata\usercode\background.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\103.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\1.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\skin.css
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\594461513849d394c6cded...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\432b049f4031032ba6f797e...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\2a31c96522c7a88885231b7...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\824bba1b7b9776e18f08ee5...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\164587e1d4d3d77140343d4...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\26208989acb8df6389e98a1...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\48fe0d6c4a80bfc9801bce...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\31a25c5c5411391a2a0e1a...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\6c3f32a758469ea1c750b6...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\7953adf94af0041d5e8f9e...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\13069d35a10b986310f9763...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\ba6f99c0bd46ee18bb58553...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\f58358d474d35a6cb22cfc1...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\d2816caa7ae7dcb9faf8c0...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\7891bbb9028e9db621989f...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\ec288bb23dc922fbb579cf...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\5a7f6b204e01f8bc0c2ab4...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\0ba9900c354590f639c5f2...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\987ed9be125435c76efd5b...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\932c9b79b1921467761cb7...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\81e805f790f692917056f0...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\655f18847fc179645af405...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\installer.js
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\5163a2160a02e3c8ea2f755...
  • %TEMP%\nsm8048.tmp\extensiondata\plugins.json
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\5e01a47df8b0f94dd29e21...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\d13e28bfc8f1cb9fe339758...
  • %TEMP%\nsm8048.tmp\extensiondata\manifest.xml
  • %ProgramFiles(x86)%\123hd\123hd-codedownloader.exe
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button4.png
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\crossrider_statusbar.png
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon128.png
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\panelarrow-up.png
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon16.png
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button1.png
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button3.png
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon24.png
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\skin.css
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button5.png
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button2.png
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\update.css
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\popup.html
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon48.png
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\71b973f65c91c0ce275ca6c...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\8ead277014d0ade3a183956...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\9cebdc305e307cf934bc1ca...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\950f912895c7a7733f60a62...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\14a253ccc8462065a294d56...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\d3ff7a7f44940209a83c195...
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\034771a7f0db6ec9918a12...
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\cacdd934cdb8cd00e0983000d059dbdf.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\search_dialog.xul
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\963f67110fec4801876991808b0abb69.js
  • %ProgramFiles(x86)%\123hd\e245e9da-c0c3-4265-8369-4306280e87e9-4.exe
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\211.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\28.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\183.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\manifest.xml
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins.json
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome.manifest
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\defaults\preferences\prefs.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\locale\en-us\translations.dtd
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\install.rdf
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\16.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\93.js
  • %ProgramFiles(x86)%\globalupdate\update\1.3.25.0\goopdate.dll
  • %ProgramFiles(x86)%\globalupdate\update\1.3.25.0\googleupdateondemand.exe
  • %ProgramFiles(x86)%\globalupdate\update\1.3.25.0\googleupdatebroker.exe
  • %ProgramFiles(x86)%\globalupdate\update\1.3.25.0\npgoogleupdate4.dll
  • %ProgramFiles(x86)%\globalupdate\update\googleupdate.exe
  • %ProgramFiles(x86)%\globalupdate\update\1.3.25.0\psmachine.dll
  • %ProgramFiles(x86)%\globalupdate\update\1.3.25.0\psuser.dll
  • %ProgramFiles(x86)%\globalupdate\update\1.3.25.0\googleupdatehelper.msi
  • %ProgramFiles(x86)%\globalupdate\update\1.3.25.0\goopdateres_en.dll
  • %ProgramFiles(x86)%\globalupdate\update\1.3.25.0\googlecrashhandler.exe
  • %ALLUSERSPROFILE%\microsoft\crypto\rsa\s-1-5-18\d42cc0c3858a58db2db37658219e6400_d4602615-9d50-4880-be41-678935e93eaa
  • %ProgramFiles(x86)%\123hd\45502.xpi
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\242.js
  • %ProgramFiles(x86)%\globalupdate\update\1.3.25.0\googleupdate.exe
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\usercode\extension.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\207.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\98.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\13.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\47.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\17.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\78.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\102.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\103.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\91.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\usercode\background.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\193.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\246.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\22.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\177.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\14.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\104.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\182.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\1.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\21.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\4.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\72.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\64.js
  • %TEMP%\nsm8048.tmp\execdos.dll
  • %TEMP%\nsm8048.tmp\novaextensiondata\usercode\extension.js
  • %TEMP%\comh.464562\googleupdatehelper.msi
  • %TEMP%\comh.464562\googleupdate.exe
  • %TEMP%\comh.464562\googlecrashhandler.exe
  • %ProgramFiles(x86)%\123hd\uninstall.exe
  • %TEMP%\nsm8048.tmp\20755
  • %TEMP%\nsm8048.tmp\3414
  • %ProgramFiles(x86)%\123hd\utils.exe
  • %TEMP%\nsm8048.tmp\inetc.dll
  • %TEMP%\nsm8048.tmp\userinfo.dll
  • %TEMP%\comh.464562\googleupdateondemand.exe
  • %TEMP%\nsm8048.tmp\md5dll.dll
  • %TEMP%\nsm8048.tmp\installerutils2.dll
  • %TEMP%\nsm8048.tmp\installerutils.dll
  • %TEMP%\nsm8048.tmp\system.dll
  • %TEMP%\nsm8048.tmp\stdutils.dll
  • %TEMP%\nsh8028.tmp
  • %TEMP%\nsm715a.tmp\stdutils.dll
  • %TEMP%\nsm715a.tmp\iauqcv.exe
  • %TEMP%\nsm715a.tmp\wrapperutils.dll
  • %TEMP%\nsm715a.tmp\hzosylk.tmp
  • %TEMP%\nsm715a.tmp\system.dll
  • %TEMP%\nsm8048.tmp\nsisos.dll
  • %TEMP%\comh.464562\goopdate.dll
  • %TEMP%\comh.464562\goopdateres_en.dll
  • %TEMP%\comh.464562\googleupdatebroker.exe
  • %TEMP%\comh.464562\npgoogleupdate4.dll
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\93.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\14.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\91.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\78.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\4.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\251.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\250.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\249.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\246.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\242.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\211.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\193.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\123.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\usercode\background.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\102.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins.json
  • %TEMP%\nsm8048.tmp\novaextensiondata\manifest.xml
  • %ProgramFiles(x86)%\123hd\bgnova.html
  • %ProgramFiles(x86)%\123hd\123hd-nova.dll
  • %ProgramFiles(x86)%\123hd\123hd-nova.exe
  • %ProgramFiles(x86)%\123hd\123hd-novainstaller.exe
  • %TEMP%\comh.464562\psuser.dll
  • %TEMP%\comh.464562\psmachine.dll
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\11d0e8e53a505ca16958f5c60ffa6...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\options.xul
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\123.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\dialog.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\21.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\manifest.xml
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\4.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\242.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\91.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\16.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\93.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\123.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\211.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\28.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\183.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\104.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\1.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\182.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\defaults\preferences\prefs.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\locale\en-us\translations.dtd
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\install.rdf
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button4.png
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\crossrider_statusbar.png
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon128.png
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\panelarrow-up.png
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon16.png
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button1.png
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome.manifest
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\14.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\70a0a5410d28173137bdc082b3c78fe0.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button3.png
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\background.html
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\6d5b12ef3cc72e91277a29dc58dce64d.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\ffcorefilesindex.txt
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\background.html
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\dialog.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\options.xul
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\11d0e8e53a505ca16958f5c60ffa6962.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\usercode\background.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\usercode\extension.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\207.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\98.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\13.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\47.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\17.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\78.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\102.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\103.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\193.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\72.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\64.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\246.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\22.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins\177.js
  • %APPDATA%\mozilla\firefox\profiles\bcjnbgva.default\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\extensiondata\plugins.json
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\102.js
  • %ProgramFiles(x86)%\123hd\e245e9da-c0c3-4265-8369-4306280e87e9-2.exe
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button5.png
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\7891bbb9028e9db621989ff5...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\ec288bb23dc922fbb579cf2a...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\5a7f6b204e01f8bc0c2ab4c2...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\0ba9900c354590f639c5f2af...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\987ed9be125435c76efd5bbb...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\932c9b79b1921467761cb7a0...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\81e805f790f692917056f012...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\655f18847fc179645af405c5...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\034771a7f0db6ec9918a120e...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\installer.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\5e01a47df8b0f94dd29e21a6...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\9a82de638a51d5ab8c4af324...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\ceb6318d015c8ff1ce2ab1a8...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\browser.xul
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\options.js
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\cacdd934cdb8cd00e0983000d059d...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\search_dialog.xul
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\963f67110fec4801876991808b0ab...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\70a0a5410d28173137bdc082b3c78...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\6d5b12ef3cc72e91277a29dc58dce...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\ffcorefilesindex.txt
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\2d33de75ba8feab507880614...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\d40c522712ea1ce235490bc8...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\d2816caa7ae7dcb9faf8c00b...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\594461513849d394c6cdeda8...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\button2.png
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\13069d35a10b986310f97630a...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\update.css
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\popup.html
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon48.png
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\71b973f65c91c0ce275ca6cca...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\8ead277014d0ade3a183956e4...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\9cebdc305e307cf934bc1ca36...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\950f912895c7a7733f60a62c7...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\14a253ccc8462065a294d56c2...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\d3ff7a7f44940209a83c195dc...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\5163a2160a02e3c8ea2f7559b...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\f58358d474d35a6cb22cfc1a1...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\7953adf94af0041d5e8f9e9f...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\ba6f99c0bd46ee18bb5855335...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\d13e28bfc8f1cb9fe339758ff...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\432b049f4031032ba6f797ef1...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\2a31c96522c7a88885231b795...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\824bba1b7b9776e18f08ee5dd...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\164587e1d4d3d77140343d417...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\api\26208989acb8df6389e98a190...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\48fe0d6c4a80bfc9801bce5e...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\31a25c5c5411391a2a0e1a7a...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\chrome\content\core\6c3f32a758469ea1c750b6df...
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions\f352b60b-b436-4166-be2b-3125bd708d30@31e9faf5-14b0-4d05-a200-484c00574d60.com\skin\icon24.png
  • %ProgramFiles(x86)%\123hd\e245e9da-c0c3-4265-8369-4306280e87e9-5.exe
Deletes the following files
  • %TEMP%\nsm8048.tmp\20755
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\14.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\123.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\102.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\manifest.xml
  • %TEMP%\nsm8048.tmp\md5dll.dll
  • %TEMP%\nsm8048.tmp\installerutils2.dll
  • %TEMP%\nsm8048.tmp\installerutils.dll
  • %TEMP%\nsm8048.tmp\inetc.dll
  • %TEMP%\nsm8048.tmp\extensiondata\usercode\extension.js
  • %TEMP%\nsm8048.tmp\extensiondata\usercode\background.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins.json
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\94.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\93.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\91.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\78.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\72.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\64.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\193.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\242.js
  • %TEMP%\nsm715a.tmp\system.dll
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\246.js
  • %TEMP%\nsm715a.tmp\stdutils.dll
  • %TEMP%\nsm715a.tmp\iauqcv.exe
  • %TEMP%\nsm715a.tmp\hzosylk.tmp
  • %TEMP%\nsm8048.tmp\userinfo.dll
  • %TEMP%\nsm8048.tmp\system.dll
  • %TEMP%\nsm8048.tmp\stdutils.dll
  • %TEMP%\nsm8048.tmp\nsisos.dll
  • %TEMP%\nsm8048.tmp\novaextensiondata\usercode\extension.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\usercode\background.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins.json
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\93.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\91.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\78.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\4.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\251.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\250.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\249.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\47.js
  • %TEMP%\nsm8048.tmp\novaextensiondata\plugins\211.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\46.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\193.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\182.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\177.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\17.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\14.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\13.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\123.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\104.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\103.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\102.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\1.js
  • %TEMP%\nsm8048.tmp\extensiondata\manifest.xml
  • %TEMP%\nsm8048.tmp\execdos.dll
  • %TEMP%\nsm8048.tmp\3414
  • <SYSTEM32>\tasks\temp_e245e9da-c0c3-4265-8369-4306280e87e9-2
  • %WINDIR%\tasks\temp_e245e9da-c0c3-4265-8369-4306280e87e9-2.job
  • <SYSTEM32>\tasks\temp_e245e9da-c0c3-4265-8369-4306280e87e9-7
  • %WINDIR%\tasks\temp_e245e9da-c0c3-4265-8369-4306280e87e9-7.job
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\183.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\2.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\44.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\207.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\43.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\42.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\41.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\40.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\4.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\39.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\38.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\37.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\36.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\35.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\3.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\28.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\246.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\242.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\22.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\211.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\21.js
  • %TEMP%\nsm8048.tmp\extensiondata\plugins\45.js
  • %TEMP%\nsm715a.tmp\wrapperutils.dll
Modifies the following files
  • %APPDATA%\mozilla\firefox\profiles\0j9e9tku.default-release\extensions.json
  • %APPDATA%\mozilla\firefox\profiles\yfwt7ezn.default-release-1\extensions.json
Substitutes the following files
  • %TEMP%\nsm8048.tmp\20755
Network activity
Connects to
  • 'up####.##ientstatsservice.com':80
  • 'er####.##ientstatsservice.com':80
  • 'st###.###entstatsservice.com':80
  • 'lo##.###entstatsservice.com':80
  • 'js.#####tstatsservice.com':80
TCP
HTTP GET requests
  • http://up####.##ientstatsservice.com/installer_updates/001352/update.json
  • http://er####.##ientstatsservice.com/installer-error.gif?ac######################################################################################################################################...
  • http://st###.###entstatsservice.com/installer.gif?ac#############################################################################################################################################...
  • http://lo##.###entstatsservice.com/monetization.gif?ev###########################################################################################################################################...
  • http://st###.###entstatsservice.com/stats.gif?ac#################################################################################################################################################...
  • http://js.#####tstatsservice.com/plugin/apps/45502/manifest/1_34_05_12/nova/manifest.xml?ve#############
  • http://er####.##ientstatsservice.com/ff-agent-error.gif?ac#######################################################################################################################################...
  • http://js.#####tstatsservice.com/plugin/apps/45502/manifest/1_34_05_12/ie8/manifest.xml?ve#############
  • http://up####.##ientstatsservice.com/omaha/4AB762DF-AB49-43D6-92D2-0E90E10260AB/1/update.xml?ra##################################################################################################...
  • http://up####.##ientstatsservice.com/omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?ra#######
  • http://up####.##ientstatsservice.com/omaha/4AB762DF-AB49-43D6-92D2-0E90E10260AB/1/update.xml?ra#######
  • http://st###.###entstatsservice.com/apps.gif?ac##################################################################################################################################################...
  • http://lo##.###entstatsservice.com/monetization.gif?ra###########################################################################################################################################...
  • http://up####.##ientstatsservice.com/omaha/4AB762DF-AB49-43D6-92D2-0E90E10260AB/1/ping.xml?ra#######
  • http://up####.##ientstatsservice.com/omaha/4AB762DF-AB49-43D6-92D2-0E90E10260AB/1/ping.xml?ra########
UDP
  • DNS ASK up####.##ientstatsservice.com
  • DNS ASK er####.##ientstatsservice.com
  • DNS ASK st###.###entstatsservice.com
  • DNS ASK lo##.###entstatsservice.com
  • DNS ASK js.#####tstatsservice.com
Miscellaneous
Searches for the following windows
  • ClassName: 'MS_AutodialMonitor' WindowName: ''
  • ClassName: 'MS_WebCheckMonitor' WindowName: ''
Creates and executes the following
  • '%TEMP%\nsm715a.tmp\iauqcv.exe'
  • '%ProgramFiles(x86)%\123hd\e245e9da-c0c3-4265-8369-4306280e87e9-4.exe' /Mqgwm /OTDrBJeO='123HD' /MPMNyjzl='%ProgramFiles(x86)%\123HD\45502.xpi' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c...
  • '%ProgramFiles(x86)%\123hd\123hd-bg.exe' /executebg /xGDsvkK='%TEMP%\123HDInstaller_1710719723.log'
  • '%ProgramFiles(x86)%\123hd\123hd-codedownloader.exe' /rMiCRHej /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx=1_34_05_12...
  • '%ProgramFiles(x86)%\globalupdate\update\googleupdate.exe' /svc
  • '%ProgramFiles(x86)%\globalupdate\update\googleupdate.exe' /handoff "appguid={4ab762df-ab49-43d6-92d2-0e90e10260ab}&appname=63dca2cb-b939-440c-9847-c5fa2f388118&needsadmin=True&lang=en" /installsource otherinstallcmd /sessionid "{3432829D-1546-4DF9-BCA...
  • '%ProgramFiles(x86)%\123hd\e245e9da-c0c3-4265-8369-4306280e87e9-2.exe' /LRWiRR /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx=1_34_05_12 /...
  • '%ProgramFiles(x86)%\123hd\123hd-codedownloader.exe' /LlhaGyRW /FtbMqDBxZ /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx...
  • '%ProgramFiles(x86)%\globalupdate\update\googleupdate.exe' /regserver
  • '%ProgramFiles(x86)%\globalupdate\update\googleupdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszNDMyODI5RC0xNTQ2LTRERjktQkNBOC1FMTMwQzA0OTN...
  • '%ProgramFiles(x86)%\123hd\123hd-nova.exe' /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx=1_34_05_12 /eQsHsX=1...
  • '%ProgramFiles(x86)%\123hd\123hd-novainstaller.exe' /LlhaGyRW /FtbMqDBxZ /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx...
  • '%ProgramFiles(x86)%\123hd\123hd-novainstaller.exe' /rMiCRHej /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx=1_34_05_12...
  • '%TEMP%\comh.464562\googleupdate.exe' /silent /install "appguid={4ab762df-ab49-43d6-92d2-0e90e10260ab}&appname=63dca2cb-b939-440c-9847-c5fa2f388118&needsadmin=True&lang=en"
  • '%ProgramFiles(x86)%\globalupdate\update\googleupdate.exe' /regsvc
  • '%ProgramFiles(x86)%\123hd\123hd-nova.exe' /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx=1_34_05_12 /eQsHsX=1...' (with hidden window)
  • '%ProgramFiles(x86)%\123hd\e245e9da-c0c3-4265-8369-4306280e87e9-4.exe' /Mqgwm /OTDrBJeO='123HD' /MPMNyjzl='%ProgramFiles(x86)%\123HD\45502.xpi' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c...' (with hidden window)
  • '%ProgramFiles(x86)%\123hd\123hd-novainstaller.exe' /rMiCRHej /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx=1_34_05_12...' (with hidden window)
  • '%ProgramFiles(x86)%\123hd\123hd-novainstaller.exe' /LlhaGyRW /FtbMqDBxZ /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx...' (with hidden window)
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%ProgramFiles(x86)%\123HD\123HD-bho64.dll"' (with hidden window)
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%ProgramFiles(x86)%\123HD\123HD-bho.dll"' (with hidden window)
  • '%ProgramFiles(x86)%\123hd\123hd-bg.exe' /executebg /xGDsvkK='%TEMP%\123HDInstaller_1710719723.log'' (with hidden window)
  • '%ProgramFiles(x86)%\123hd\123hd-codedownloader.exe' /rMiCRHej /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx=1_34_05_12...' (with hidden window)
  • '%ProgramFiles(x86)%\123hd\123hd-codedownloader.exe' /LlhaGyRW /FtbMqDBxZ /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx...' (with hidden window)
  • '%ProgramFiles(x86)%\123hd\e245e9da-c0c3-4265-8369-4306280e87e9-2.exe' /LRWiRR /OTDrBJeO='123HD' /FiNnKVw=45502 /hiGfn='001352' /GBYJEqn='0' /DlhsjeRKG='0' /Cpqhya=94817DF2DA2142939341C609F161B410IE /nMtcQaJf=b226c46c74cd4db3a125c4b58914bbef /XPEVjTXx=1_34_05_12 /...' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%ProgramFiles(x86)%\123HD\123HD-bho.dll"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%ProgramFiles(x86)%\123HD\123HD-bho64.dll"
  • '<SYSTEM32>\regsvr32.exe' /s "%ProgramFiles(x86)%\123HD\123HD-bho64.dll"

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play