FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.Siggen9.43153

Added to the Dr.Web virus database: 2020-04-29

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MarketAdvior' = '"%APPDATA%\MarketAdvior\python\pythonw.exe" "load.pyc" ml2'
Creates or modifies the following files
  • <SYSTEM32>\tasks\marketadvior
  • <SYSTEM32>\tasks\marketadvior2
Creates the following services
  • [<HKLM>\System\CurrentControlSet\Services\ProxyVan2] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\ProxyVan2] 'ImagePath' = '%ProgramFiles(x86)%\ProxyVan\Service\ProxyVan.exe'
  • [<HKLM>\System\CurrentControlSet\Services\ProxyVanUpdater] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\ProxyVanUpdater] 'ImagePath' = '%ProgramFiles(x86)%\ProxyVan\Updater\ProxyVanUpdater.exe'
Malicious functions
Creates and executes the following
  • '' (downloaded from the Internet)
Executes the following
  • '%WINDIR%\syswow64\taskkill.exe' /f /im "gamesdepartupdate.exe"
Modifies file system
Creates the following files
  • %TEMP%\marketadvior.exe
  • %ProgramFiles(x86)%\proxyvan\updater\is-r4rck.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-8esa0.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-j4g54.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-agmep.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-79vhi.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-hqlpv.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-ng34t.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-b2qfb.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-n2d69.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-ffe9t.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-fr9r3.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-29htv.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-hll10.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-59kb2.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-1jonu.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-dbotu.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-pu7s0.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-d5g2l.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-r69fl.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-188lg.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-8c66g.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-hfad2.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-odvfe.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-6jd6h.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-hjjl2.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-8updk.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-8t6lj.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-igll7.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-74a5d.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-mog5g.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-ljqci.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-nsicq.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-8l8ps.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-8f2se.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-qq6p8.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-js35i.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-9sjd2.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-ol1d1.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-sig8s.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-f20rm.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-2a1et.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-o0u56.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-u32sm.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-ood9v.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-73sqg.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-pn52s.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-5p75o.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-pl0rf.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-hrrdl.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ltk25.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-k4fnm.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-69f8e.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-m3etl.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-7mjjh.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-jkp0i.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-0qhmq.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-88san.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-rurdv.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-36p1l.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-a5u6r.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-acj84.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-0iprk.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-f0ng6.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-5n7so.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-u8arg.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-u5bjk.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-0r6jg.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-tngth.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-j0ufp.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-2gr5d.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-o75e7.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-cvsko.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-6lfia.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-l76h2.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-o99gm.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-gmtul.tmp
  • %ProgramFiles(x86)%\proxyvan\service\ru\is-7k883.tmp
  • %ProgramFiles(x86)%\proxyvan\service\ru\is-2d63k.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-npaka.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-6t4r2.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-qhkbe.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-9qslm.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-gibp6.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-a0smb.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-pulnk.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-a1lph.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-hps5p.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-npdol.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-764rt.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-i9c6j.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-e5rih.tmp
  • %TEMP%\is-21hdd.tmp\idp.dll
  • %ProgramFiles(x86)%\proxyvan\updater\is-1ngcf.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-jahb5.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-u1fa9.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-52f6i.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-utdkf.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-c67ig.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-cqf4c.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-8hpoc.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-eh528.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-6lhps.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-oq81k.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-gpeqr.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-l263b.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-425rf.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-l037b.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-ejl26.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-0fgf0.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-1trlk.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-58tep.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-gpa6l.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-ipvag.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-vq8gg.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-bkamp.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-l2tl5.tmp
  • %TEMP%\is-21hdd.tmp\_isetup\_setup64.tmp
  • %TEMP%\is-ocfv5.tmp\gamesdepart.000.5241.0.tmp
  • %TEMP%\is-2fco0.tmp\idp.dll
  • %TEMP%\is-2fco0.tmp\_isetup\_setup64.tmp
  • %TEMP%\is-mogso.tmp\gamesdepart.000.5241.0.tmp
  • %ProgramFiles(x86)%\proxyvan\unins000.dat
  • %ProgramFiles(x86)%\proxyvan\unins000.msg
  • %PROGRAMDATA%\microsoft\windows\start menu\programs\proxyvan\uninstall proxyvan.lnk
  • %ProgramFiles(x86)%\proxyvan\updater\ru\is-g02sn.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-8iiao.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-68qk1.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-ghv6q.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-29t6f.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-el72l.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-t987h.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-2vsep.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-1o6ns.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-uenpu.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-aq9dj.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-gc926.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-1dh55.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-4854h.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-u0h72.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-bigf8.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-u685g.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-1au9k.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-1v5s9.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-oeob9.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-u95gh.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-dnqbk.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-jnu0g.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-3luaa.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-ush5n.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-gvup8.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-8l5n0.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-ohlmk.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-bfjqc.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-5abmp.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-4l874.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-hgbue.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-il1no.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-pinj0.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-cai3f.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-p8kn5.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-59rg0.tmp
  • %TEMP%\gamesdepart.000.5241.0.exe
  • %ProgramFiles(x86)%\proxyvan\updater\is-dhahs.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-0030e.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-je0bo.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-6hns2.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-0d65v.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-orh1j.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-bpunp.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-33hhf.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-7clkf.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-gqlt4.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-e4dc2.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-ro0d1.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-nmqdp.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-foq2p.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-0tbp7.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-50jqv.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-qtm15.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-3u4b8.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-i2jt4.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-6oubh.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\is-s3tsa.tmp
  • %ProgramFiles(x86)%\proxyvan\updater\ru\is-3p79n.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-tt7ar.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-dvgc1.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ibip3.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-nqhuc.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-dlsbg.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-4e07i.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-8d11k.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-cciq9.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-d0j5l.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-bf6oj.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-fm2o1.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-pkglp.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-nf99c.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-4ui8b.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-71e4j.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-etec3.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-0bn8r.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-hsvk1.tmp
  • %ProgramFiles(x86)%\proxyvan\is-d4qjh.tmp
  • %TEMP%\is-30lcf.tmp\_isetup\_iscrypt.dll
  • %TEMP%\is-30lcf.tmp\_isetup\_setup64.tmp
  • %TEMP%\tmp652f.tmp
  • %TEMP%\is-h2b25.tmp\tmp652f.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-j57bv.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-lh8ci.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-320g7.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ju6o3.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ckmm4.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-410ap.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-qq4gi.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-flfn6.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-4mm8u.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-0ff5i.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-pjd0u.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-6b4sd.tmp
  • %APPDATA%\marketadvior\python\winsound.pyd
  • %ProgramFiles(x86)%\proxyvan\service\is-ca23l.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-b9nrh.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ud1k5.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-roh4o.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ov0sa.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-654um.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-5o0gj.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-g80q7.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-pinqq.tmp
  • %TEMP%\installer_2.21.3.exe
  • %TEMP%\tmpbasyzb_s
  • %TEMP%\tmpnm3scjf1
  • %APPDATA%\marketadvior\python\_sqlite3.pyd
  • %APPDATA%\marketadvior\python\_socket.pyd
  • %APPDATA%\marketadvior\python\_queue.pyd
  • %APPDATA%\marketadvior\python\_overlapped.pyd
  • %APPDATA%\marketadvior\python\_multiprocessing.pyd
  • %APPDATA%\marketadvior\python\_msi.pyd
  • %APPDATA%\marketadvior\python\_lzma.pyd
  • %APPDATA%\marketadvior\python\_hashlib.pyd
  • %APPDATA%\marketadvior\python\_elementtree.pyd
  • %APPDATA%\marketadvior\python\_decimal.pyd
  • %APPDATA%\marketadvior\python\_ctypes.pyd
  • %APPDATA%\marketadvior\python\_bz2.pyd
  • %APPDATA%\marketadvior\python\_asyncio.pyd
  • %APPDATA%\marketadvior\python\license.txt
  • %APPDATA%\marketadvior\mcfckchjhehcdgoeihjjjbkcdpdfmloa.crx
  • %APPDATA%\marketadvior\load.pyc
  • %APPDATA%\marketadvior\load.bin
  • %TEMP%\nsub5e5.tmp
  • %APPDATA%\marketadvior\python\libcrypto-1_1.dll
  • %APPDATA%\marketadvior\python\libssl-1_1.dll
  • %APPDATA%\marketadvior\python\_ssl.pyd
  • %APPDATA%\marketadvior\python\pyexpat.pyd
  • %TEMP%\uwjn5lml
  • %APPDATA%\marketadvior\python\python.exe
  • %APPDATA%\marketadvior\uninstall.exe
  • %APPDATA%\marketadvior\pbsent.txt
  • %APPDATA%\marketadvior\uuid.txt
  • %APPDATA%\marketadvior\pb2url.txt
  • %APPDATA%\marketadvior\pburl.txt
  • %APPDATA%\marketadvior\pbid.txt
  • %APPDATA%\marketadvior\subid.txt
  • %APPDATA%\marketadvior\pi.txt
  • %ProgramFiles(x86)%\proxyvan\service\is-l689e.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-vgog3.tmp
  • %APPDATA%\marketadvior\python\vcruntime140.dll
  • %APPDATA%\marketadvior\python\unicodedata.pyd
  • %APPDATA%\marketadvior\python\sqlite3.dll
  • %APPDATA%\marketadvior\python\select.pyd
  • %APPDATA%\marketadvior\python\pythonw.exe
  • %APPDATA%\marketadvior\python\python37.zip
  • %APPDATA%\marketadvior\python\python37.dll
  • %APPDATA%\marketadvior\python\python37._pth
  • %APPDATA%\marketadvior\python\python3.dll
  • %TEMP%\nsoc0f2.tmp\nsexec.dll
  • %ProgramFiles(x86)%\proxyvan\service\is-fa0n7.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ip10q.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ikj9l.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-335fk.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-hm481.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-bgvd5.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-odqkl.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-r6i6p.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-fq362.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-3uf3p.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-0r3gv.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-omdel.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-nnk48.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-7h6n7.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ohp32.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-0tl4f.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-6creq.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-atomn.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-osn15.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-566pg.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-mggm0.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-kj85i.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-lt9iv.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-kb95h.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-le0rr.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-p2ro5.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-8kj4u.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-7iodq.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-bi2ek.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-9usv8.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-500eq.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-8efqp.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-n6gd1.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-eoi8a.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-aaju1.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-8ojls.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-kkcjn.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-dtsg9.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-liu9q.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-vnevp.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-7i22d.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-93ufd.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-664te.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-na4oa.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-nouvu.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ob41t.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-n60e3.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-fc2qv.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-g7ted.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-l0asn.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-iiri3.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-nel01.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-3gst2.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-p2gku.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-lht15.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-hh3e1.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-pg6es.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-n4389.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ah5c1.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-cbb4q.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-ubi5k.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-g2gj1.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-4l2hv.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-frdaj.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-r752j.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-cmhle.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-cgb68.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-hpkoh.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-im1jk.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-9m82v.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-1kd7c.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-c4oa5.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-si87a.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-jqefb.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-jjr27.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-2vlu2.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-k1bc9.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-lqnlv.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-li1qi.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-jaqqn.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-am2qj.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-i7nle.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-4k5r0.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-t6cel.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-9sgad.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-g4ood.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-4vjve.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-8el83.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-4a14s.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-bbq0m.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-9h4eg.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-6arpa.tmp
  • %ProgramFiles(x86)%\proxyvan\service\is-gik27.tmp
  • %TEMP%\is-21hdd.tmp\gamesdepart.zip
Deletes the following files
  • %TEMP%\nsoc0f2.tmp\nsexec.dll
  • %TEMP%\uwjn5lml
  • %TEMP%\tmpnm3scjf1
  • %TEMP%\tmpbasyzb_s
  • %TEMP%\is-30lcf.tmp\_isetup\_iscrypt.dll
  • %TEMP%\is-30lcf.tmp\_isetup\_setup64.tmp
  • %TEMP%\is-h2b25.tmp\tmp652f.tmp
  • %TEMP%\is-2fco0.tmp\idp.dll
  • %TEMP%\is-2fco0.tmp\_isetup\_setup64.tmp
  • %TEMP%\is-mogso.tmp\gamesdepart.000.5241.0.tmp
Moves the following files
  • from %TEMP%\tmp652f.tmp to %TEMP%\tmp652f.exe
  • from %ProgramFiles(x86)%\proxyvan\updater\is-ol1d1.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.componentmodel.annotations.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-sig8s.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.collections.specialized.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-f20rm.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.collections.nongeneric.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-2a1et.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.collections.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-o0u56.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.collections.concurrent.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-u32sm.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.buffers.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-odvfe.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.appcontext.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-hfad2.tmp to %ProgramFiles(x86)%\proxyvan\updater\serilog.sinks.rollingfile.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-r4rck.tmp to %ProgramFiles(x86)%\proxyvan\updater\serilog.sinks.file.pdb
  • from %ProgramFiles(x86)%\proxyvan\updater\is-8esa0.tmp to %ProgramFiles(x86)%\proxyvan\updater\serilog.sinks.file.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-j4g54.tmp to %ProgramFiles(x86)%\proxyvan\updater\serilog.sinks.console.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-agmep.tmp to %ProgramFiles(x86)%\proxyvan\updater\serilog.extensions.logging.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-79vhi.tmp to %ProgramFiles(x86)%\proxyvan\updater\serilog.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-hqlpv.tmp to %ProgramFiles(x86)%\proxyvan\updater\proxyvanupdater.pdb
  • from %ProgramFiles(x86)%\proxyvan\updater\is-ng34t.tmp to %ProgramFiles(x86)%\proxyvan\updater\proxyvanupdater.exe.config
  • from %ProgramFiles(x86)%\proxyvan\updater\is-n2d69.tmp to %ProgramFiles(x86)%\proxyvan\updater\proxyvan.common.pdb
  • from %ProgramFiles(x86)%\proxyvan\updater\is-b2qfb.tmp to %ProgramFiles(x86)%\proxyvan\updater\proxyvanupdater.exe
  • from %ProgramFiles(x86)%\proxyvan\updater\is-9sjd2.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.componentmodel.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-js35i.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.componentmodel.eventbasedasync.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-1ngcf.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.globalization.calendars.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-e4dc2.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.dynamic.runtime.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-68qk1.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.drawing.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-6t4r2.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.diagnostics.tracing.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-6jd6h.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.diagnostics.tracesource.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-hjjl2.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.diagnostics.tools.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-8updk.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.diagnostics.textwritertracelistener.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-igll7.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.diagnostics.process.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-fr9r3.tmp to %ProgramFiles(x86)%\proxyvan\updater\proxyvan.common.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-74a5d.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.diagnostics.fileversioninfo.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-mog5g.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.diagnostics.debug.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-ljqci.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.diagnostics.contracts.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-nsicq.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.data.common.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-npaka.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.console.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-8l8ps.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.componentmodel.typeconverter.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-qq6p8.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.componentmodel.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-ffe9t.tmp to %ProgramFiles(x86)%\proxyvan\updater\proxyvan.common.dll.config
  • from %ProgramFiles(x86)%\proxyvan\updater\is-29htv.tmp to %ProgramFiles(x86)%\proxyvan\updater\protobuf-net.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-hgbue.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.globalization.extensions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-gmtul.tmp to %ProgramFiles(x86)%\proxyvan\updater\commandline.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-i9c6j.tmp to %ProgramFiles(x86)%\proxyvan\service\system.xml.xpath.xdocument.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-8f2se.tmp to %ProgramFiles(x86)%\proxyvan\service\system.xml.xpath.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-qhkbe.tmp to %ProgramFiles(x86)%\proxyvan\service\system.xml.xmlserializer.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-9qslm.tmp to %ProgramFiles(x86)%\proxyvan\service\system.xml.xmldocument.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-gibp6.tmp to %ProgramFiles(x86)%\proxyvan\service\system.xml.xdocument.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-a0smb.tmp to %ProgramFiles(x86)%\proxyvan\service\system.xml.readerwriter.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-pulnk.tmp to %ProgramFiles(x86)%\proxyvan\service\system.valuetuple.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-a1lph.tmp to %ProgramFiles(x86)%\proxyvan\service\system.valuetuple.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-hps5p.tmp to %ProgramFiles(x86)%\proxyvan\service\system.threading.timer.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-npdol.tmp to %ProgramFiles(x86)%\proxyvan\service\system.threading.threadpool.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-764rt.tmp to %ProgramFiles(x86)%\proxyvan\service\system.threading.thread.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-2gr5d.tmp to %ProgramFiles(x86)%\proxyvan\service\system.threading.tasks.parallel.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-tngth.tmp to %ProgramFiles(x86)%\proxyvan\service\system.threading.tasks.extensions.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-u5bjk.tmp to %ProgramFiles(x86)%\proxyvan\service\system.threading.tasks.extensions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-o99gm.tmp to %ProgramFiles(x86)%\proxyvan\updater\danilovsoft.vrpc.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-l76h2.tmp to %ProgramFiles(x86)%\proxyvan\updater\danilovsoft.websocket.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-hll10.tmp to %ProgramFiles(x86)%\proxyvan\updater\netstandard.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-188lg.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.logging.configuration.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-8c66g.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.logging.console.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-59kb2.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.win32.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-1jonu.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.io.recyclablememorystream.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-dbotu.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-pu7s0.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.options.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-d5g2l.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.options.configurationextensions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-r69fl.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.logging.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-8t6lj.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.diagnostics.stacktrace.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-il1no.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.globalization.dll
  • from %ProgramFiles(x86)%\proxyvan\service\ru\is-2d63k.tmp to %ProgramFiles(x86)%\proxyvan\service\ru\danilovsoft.vrpc.resources.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-73sqg.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.dependencyinjection.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-pn52s.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.dependencyinjection.abstractions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-j0ufp.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.configuration.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-o75e7.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.configuration.binder.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-cvsko.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.configuration.abstractions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-6lfia.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.bcl.asyncinterfaces.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-ood9v.tmp to %ProgramFiles(x86)%\proxyvan\updater\microsoft.extensions.logging.abstractions.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-fq362.tmp to %ProgramFiles(x86)%\proxyvan\service\system.net.nameresolution.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-4l874.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.io.compression.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-6lhps.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.text.encoding.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-oq81k.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.security.securestring.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-gpeqr.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.security.principal.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-l263b.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.security.cryptography.x509certificates.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-425rf.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.security.cryptography.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-l037b.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.security.cryptography.encoding.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-ejl26.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.security.cryptography.csp.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-0fgf0.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.security.cryptography.algorithms.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-1trlk.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.security.claims.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-58tep.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.serialization.xml.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-gpa6l.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.serialization.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-vq8gg.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.serialization.json.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-ipvag.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.serialization.formatters.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-1dh55.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.numerics.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-4854h.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.interopservices.runtimeinformation.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-eh528.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.text.encoding.extensions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-8hpoc.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.text.encodings.web.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-cqf4c.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.text.json.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-c67ig.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.text.regularexpressions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-8iiao.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.xml.xpath.xdocument.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-ghv6q.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.xml.xpath.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-29t6f.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.xml.xmlserializer.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-el72l.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.xml.xmldocument.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-t987h.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.xml.xdocument.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-2vsep.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.xml.readerwriter.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-1o6ns.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.valuetuple.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-u0h72.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.interopservices.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-u8arg.tmp to %ProgramFiles(x86)%\proxyvan\service\system.threading.tasks.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-gc926.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.threading.thread.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-l2tl5.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.threading.tasks.parallel.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-bkamp.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.threading.tasks.extensions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-jahb5.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.threading.tasks.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-u1fa9.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.threading.overlapped.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-52f6i.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.threading.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-utdkf.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.threading.channels.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-aq9dj.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.threading.threadpool.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-0030e.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.handles.dll
  • from %ProgramFiles(x86)%\proxyvan\service\ru\is-7k883.tmp to %ProgramFiles(x86)%\proxyvan\service\ru\danilovsoft.websocket.resources.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-6hns2.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-ro0d1.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.reflection.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-bigf8.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.memory.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-u685g.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.linq.queryable.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-1au9k.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.linq.parallel.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-1v5s9.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.linq.expressions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-oeob9.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.linq.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-u95gh.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.io.unmanagedmemorystream.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-dnqbk.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.io.pipes.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-jnu0g.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.io.memorymappedfiles.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-3luaa.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.io.isolatedstorage.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-ush5n.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.io.filesystem.watcher.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-gvup8.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.io.filesystem.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-8l5n0.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.io.filesystem.driveinfo.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-ohlmk.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.io.filesystem.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-bfjqc.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.io.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-pinj0.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.net.nameresolution.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-cai3f.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.net.networkinformation.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-59rg0.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.net.ping.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-dhahs.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.net.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-0d65v.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.compilerservices.visualc.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-orh1j.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.compilerservices.unsafe.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-bpunp.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.resources.writer.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-33hhf.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.resources.resourcemanager.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-7clkf.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.resources.reader.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-s3tsa.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.reflection.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-e5rih.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.reflection.extensions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-je0bo.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.runtime.extensions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-5abmp.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.io.compression.zipfile.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-foq2p.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.numerics.vectors.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-0tbp7.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.net.websockets.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-50jqv.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.net.websockets.client.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-qtm15.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.net.webheadercollection.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-3u4b8.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.net.sockets.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-i2jt4.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.net.security.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-6oubh.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.net.requests.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-nmqdp.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.objectmodel.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-p8kn5.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.net.http.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-0r6jg.tmp to %ProgramFiles(x86)%\proxyvan\service\system.threading.overlapped.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-5p75o.tmp to %ProgramFiles(x86)%\proxyvan\service\system.threading.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-pl0rf.tmp to %ProgramFiles(x86)%\proxyvan\service\system.threading.channels.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-lht15.tmp to %ProgramFiles(x86)%\proxyvan\service\serilog.sinks.rollingfile.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-n4389.tmp to %ProgramFiles(x86)%\proxyvan\service\serilog.sinks.file.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-ah5c1.tmp to %ProgramFiles(x86)%\proxyvan\service\serilog.sinks.console.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-cbb4q.tmp to %ProgramFiles(x86)%\proxyvan\service\serilog.sinks.console.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-ubi5k.tmp to %ProgramFiles(x86)%\proxyvan\service\serilog.extensions.logging.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-g2gj1.tmp to %ProgramFiles(x86)%\proxyvan\service\serilog.extensions.logging.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-4l2hv.tmp to %ProgramFiles(x86)%\proxyvan\service\serilog.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-frdaj.tmp to %ProgramFiles(x86)%\proxyvan\service\proxyvan.pdb
  • from %ProgramFiles(x86)%\proxyvan\service\is-r752j.tmp to %ProgramFiles(x86)%\proxyvan\service\proxyvan.exe.config
  • from %ProgramFiles(x86)%\proxyvan\service\is-cmhle.tmp to %ProgramFiles(x86)%\proxyvan\service\proxyvan.exe
  • from %ProgramFiles(x86)%\proxyvan\service\is-cgb68.tmp to %ProgramFiles(x86)%\proxyvan\service\proxyvan.common.pdb
  • from %ProgramFiles(x86)%\proxyvan\service\is-ikj9l.tmp to %ProgramFiles(x86)%\proxyvan\service\proxyvan.common.dll.config
  • from %ProgramFiles(x86)%\proxyvan\service\is-4k5r0.tmp to %ProgramFiles(x86)%\proxyvan\service\proxyvan.common.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-kkcjn.tmp to %ProgramFiles(x86)%\proxyvan\service\proxy.common.pdb
  • from %ProgramFiles(x86)%\proxyvan\service\is-vgog3.tmp to %ProgramFiles(x86)%\proxyvan\service\proxy.common.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-p2gku.tmp to %ProgramFiles(x86)%\proxyvan\service\serilog.sinks.rollingfile.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-3gst2.tmp to %ProgramFiles(x86)%\proxyvan\service\serilog.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-9sgad.tmp to %ProgramFiles(x86)%\proxyvan\service\system.diagnostics.debug.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-si87a.tmp to %ProgramFiles(x86)%\proxyvan\service\system.componentmodel.annotations.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-6arpa.tmp to %ProgramFiles(x86)%\proxyvan\service\system.componentmodel.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-g4ood.tmp to %ProgramFiles(x86)%\proxyvan\service\system.diagnostics.contracts.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-4vjve.tmp to %ProgramFiles(x86)%\proxyvan\service\system.data.common.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-8el83.tmp to %ProgramFiles(x86)%\proxyvan\service\system.console.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-4a14s.tmp to %ProgramFiles(x86)%\proxyvan\service\system.componentmodel.typeconverter.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-bbq0m.tmp to %ProgramFiles(x86)%\proxyvan\service\system.componentmodel.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-9h4eg.tmp to %ProgramFiles(x86)%\proxyvan\service\system.componentmodel.eventbasedasync.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-hh3e1.tmp to %ProgramFiles(x86)%\proxyvan\service\serilog.sinks.file.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-320g7.tmp to %ProgramFiles(x86)%\proxyvan\service\protobuf-net.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-b9nrh.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.logging.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-im1jk.tmp to %ProgramFiles(x86)%\proxyvan\service\system.collections.nongeneric.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-hpkoh.tmp to %ProgramFiles(x86)%\proxyvan\service\system.collections.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-9m82v.tmp to %ProgramFiles(x86)%\proxyvan\service\system.collections.concurrent.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-l0asn.tmp to %ProgramFiles(x86)%\proxyvan\service\system.buffers.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-iiri3.tmp to %ProgramFiles(x86)%\proxyvan\service\system.buffers.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-nel01.tmp to %ProgramFiles(x86)%\proxyvan\service\system.appcontext.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-1kd7c.tmp to %ProgramFiles(x86)%\proxyvan\service\system.collections.specialized.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\ru\is-3p79n.tmp to %ProgramFiles(x86)%\proxyvan\updater\ru\danilovsoft.vrpc.resources.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-t6cel.tmp to %ProgramFiles(x86)%\proxyvan\service\system.diagnostics.fileversioninfo.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-410ap.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.win32.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-4e07i.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.configuration.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-8d11k.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.configuration.binder.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-cciq9.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.configuration.binder.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-d0j5l.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.configuration.abstractions.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-bf6oj.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.configuration.abstractions.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-fm2o1.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.bcl.asyncinterfaces.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-pkglp.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.bcl.asyncinterfaces.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-nf99c.tmp to %ProgramFiles(x86)%\proxyvan\service\danilovsoft.websocket.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-4ui8b.tmp to %ProgramFiles(x86)%\proxyvan\service\danilovsoft.websocket.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-71e4j.tmp to %ProgramFiles(x86)%\proxyvan\service\danilovsoft.vrpc.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-etec3.tmp to %ProgramFiles(x86)%\proxyvan\service\danilovsoft.vrpc.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-0bn8r.tmp to %ProgramFiles(x86)%\proxyvan\service\commandline.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-hsvk1.tmp to %ProgramFiles(x86)%\proxyvan\service\commandline.dll
  • from %ProgramFiles(x86)%\proxyvan\is-d4qjh.tmp to %ProgramFiles(x86)%\proxyvan\unins000.exe
  • from %ProgramFiles(x86)%\proxyvan\service\is-nqhuc.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.dependencyinjection.abstractions.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-ibip3.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.dependencyinjection.abstractions.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-dlsbg.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.configuration.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-j57bv.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.dependencyinjection.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-qq4gi.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.io.recyclablememorystream.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-lh8ci.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.dependencyinjection.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-flfn6.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.io.recyclablememorystream.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-4mm8u.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.primitives.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-0ff5i.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-pjd0u.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.options.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-l689e.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.options.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-6b4sd.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.options.configurationextensions.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-ju6o3.tmp to %ProgramFiles(x86)%\proxyvan\service\protobuf-net.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-ckmm4.tmp to %ProgramFiles(x86)%\proxyvan\service\netstandard.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-ud1k5.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.logging.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-roh4o.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.logging.console.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-ov0sa.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.logging.console.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-654um.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.logging.configuration.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-5o0gj.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.logging.configuration.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-g80q7.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.logging.abstractions.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-pinqq.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.logging.abstractions.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-ca23l.tmp to %ProgramFiles(x86)%\proxyvan\service\microsoft.extensions.options.configurationextensions.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\is-uenpu.tmp to %ProgramFiles(x86)%\proxyvan\updater\system.threading.timer.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-fa0n7.tmp to %ProgramFiles(x86)%\proxyvan\service\system.diagnostics.process.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-jaqqn.tmp to %ProgramFiles(x86)%\proxyvan\service\system.diagnostics.tools.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-ip10q.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.serialization.formatters.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-8kj4u.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.numerics.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-7iodq.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.interopservices.runtimeinformation.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-bi2ek.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.interopservices.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-9usv8.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.handles.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-500eq.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.extensions.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-8efqp.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-n6gd1.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.compilerservices.visualc.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-eoi8a.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.compilerservices.unsafe.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-aaju1.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.compilerservices.unsafe.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-dvgc1.tmp to %ProgramFiles(x86)%\proxyvan\service\system.resources.writer.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-8ojls.tmp to %ProgramFiles(x86)%\proxyvan\service\system.resources.resourcemanager.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-dtsg9.tmp to %ProgramFiles(x86)%\proxyvan\service\system.resources.reader.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-liu9q.tmp to %ProgramFiles(x86)%\proxyvan\service\system.reflection.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-vnevp.tmp to %ProgramFiles(x86)%\proxyvan\service\system.reflection.extensions.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-i7nle.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.serialization.json.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-tt7ar.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.serialization.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-gqlt4.tmp to %ProgramFiles(x86)%\proxyvan\service\system.runtime.serialization.xml.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-5n7so.tmp to %ProgramFiles(x86)%\proxyvan\service\system.security.claims.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-93ufd.tmp to %ProgramFiles(x86)%\proxyvan\service\system.objectmodel.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-hrrdl.tmp to %ProgramFiles(x86)%\proxyvan\service\system.threading.channels.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-ltk25.tmp to %ProgramFiles(x86)%\proxyvan\service\system.text.regularexpressions.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-k4fnm.tmp to %ProgramFiles(x86)%\proxyvan\service\system.text.json.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-69f8e.tmp to %ProgramFiles(x86)%\proxyvan\service\system.text.json.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-m3etl.tmp to %ProgramFiles(x86)%\proxyvan\service\system.text.encodings.web.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-7mjjh.tmp to %ProgramFiles(x86)%\proxyvan\service\system.text.encodings.web.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-7i22d.tmp to %ProgramFiles(x86)%\proxyvan\service\system.reflection.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-jkp0i.tmp to %ProgramFiles(x86)%\proxyvan\service\system.text.encoding.extensions.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-gik27.tmp to %ProgramFiles(x86)%\proxyvan\service\system.diagnostics.stacktrace.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-rurdv.tmp to %ProgramFiles(x86)%\proxyvan\service\system.security.principal.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-36p1l.tmp to %ProgramFiles(x86)%\proxyvan\service\system.security.cryptography.x509certificates.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-a5u6r.tmp to %ProgramFiles(x86)%\proxyvan\service\system.security.cryptography.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-acj84.tmp to %ProgramFiles(x86)%\proxyvan\service\system.security.cryptography.encoding.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-0iprk.tmp to %ProgramFiles(x86)%\proxyvan\service\system.security.cryptography.csp.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-f0ng6.tmp to %ProgramFiles(x86)%\proxyvan\service\system.security.cryptography.algorithms.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-0qhmq.tmp to %ProgramFiles(x86)%\proxyvan\service\system.text.encoding.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-am2qj.tmp to %ProgramFiles(x86)%\proxyvan\service\system.diagnostics.textwritertracelistener.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-88san.tmp to %ProgramFiles(x86)%\proxyvan\service\system.security.securestring.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-pg6es.tmp to %ProgramFiles(x86)%\proxyvan\service\serilog.sinks.file.pdb
  • from %ProgramFiles(x86)%\proxyvan\service\is-566pg.tmp to %ProgramFiles(x86)%\proxyvan\service\system.io.isolatedstorage.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-mggm0.tmp to %ProgramFiles(x86)%\proxyvan\service\system.io.filesystem.watcher.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-kj85i.tmp to %ProgramFiles(x86)%\proxyvan\service\system.io.filesystem.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-kb95h.tmp to %ProgramFiles(x86)%\proxyvan\service\system.io.filesystem.driveinfo.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-lt9iv.tmp to %ProgramFiles(x86)%\proxyvan\service\system.io.filesystem.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-n60e3.tmp to %ProgramFiles(x86)%\proxyvan\service\system.io.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-fc2qv.tmp to %ProgramFiles(x86)%\proxyvan\service\system.io.compression.zipfile.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-g7ted.tmp to %ProgramFiles(x86)%\proxyvan\service\system.io.compression.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-c4oa5.tmp to %ProgramFiles(x86)%\proxyvan\service\system.globalization.extensions.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-jqefb.tmp to %ProgramFiles(x86)%\proxyvan\service\system.globalization.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-jjr27.tmp to %ProgramFiles(x86)%\proxyvan\service\system.globalization.calendars.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-2vlu2.tmp to %ProgramFiles(x86)%\proxyvan\service\system.dynamic.runtime.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-k1bc9.tmp to %ProgramFiles(x86)%\proxyvan\service\system.drawing.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-lqnlv.tmp to %ProgramFiles(x86)%\proxyvan\service\system.diagnostics.tracing.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-li1qi.tmp to %ProgramFiles(x86)%\proxyvan\service\system.diagnostics.tracesource.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-osn15.tmp to %ProgramFiles(x86)%\proxyvan\service\system.io.memorymappedfiles.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-atomn.tmp to %ProgramFiles(x86)%\proxyvan\service\system.io.pipes.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-6creq.tmp to %ProgramFiles(x86)%\proxyvan\service\system.io.unmanagedmemorystream.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-0tl4f.tmp to %ProgramFiles(x86)%\proxyvan\service\system.linq.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-na4oa.tmp to %ProgramFiles(x86)%\proxyvan\service\system.numerics.vectors.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-ob41t.tmp to %ProgramFiles(x86)%\proxyvan\service\system.net.websockets.client.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-p2ro5.tmp to %ProgramFiles(x86)%\proxyvan\service\system.net.webheadercollection.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-le0rr.tmp to %ProgramFiles(x86)%\proxyvan\service\system.net.sockets.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-335fk.tmp to %ProgramFiles(x86)%\proxyvan\service\system.net.security.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-hm481.tmp to %ProgramFiles(x86)%\proxyvan\service\system.net.requests.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-bgvd5.tmp to %ProgramFiles(x86)%\proxyvan\service\system.net.primitives.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-664te.tmp to %ProgramFiles(x86)%\proxyvan\service\system.numerics.vectors.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-odqkl.tmp to %ProgramFiles(x86)%\proxyvan\service\system.net.ping.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-nouvu.tmp to %ProgramFiles(x86)%\proxyvan\service\system.net.websockets.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-3uf3p.tmp to %ProgramFiles(x86)%\proxyvan\service\system.net.http.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-0r3gv.tmp to %ProgramFiles(x86)%\proxyvan\service\system.memory.xml
  • from %ProgramFiles(x86)%\proxyvan\service\is-omdel.tmp to %ProgramFiles(x86)%\proxyvan\service\system.memory.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-nnk48.tmp to %ProgramFiles(x86)%\proxyvan\service\system.linq.queryable.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-7h6n7.tmp to %ProgramFiles(x86)%\proxyvan\service\system.linq.parallel.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-ohp32.tmp to %ProgramFiles(x86)%\proxyvan\service\system.linq.expressions.dll
  • from %ProgramFiles(x86)%\proxyvan\service\is-r6i6p.tmp to %ProgramFiles(x86)%\proxyvan\service\system.net.networkinformation.dll
  • from %ProgramFiles(x86)%\proxyvan\updater\ru\is-g02sn.tmp to %ProgramFiles(x86)%\proxyvan\updater\ru\danilovsoft.websocket.resources.dll
Network activity
TCP
HTTP GET requests
  • http://do###nht6.ml/click.php?cn#######################
  • http://ya###etn1k.ru/files/MarketAdvior.exe
  • http://www.go#####analytics.com/collect?v=#######################################################################################################################################################...
  • http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
  • http://on#####game-group.ru/download.php?ad######
  • http://do###nht6.ml/click.php?cn#######################################
  • http://ga###depart.com/client/get_build.php
  • 'jj###.adsbtrk.com':443
  • 'pr##yvan.io':443
    • UDP
    • DNS ASK do###nht6.ml
    • DNS ASK ya###etn1k.ru
    • DNS ASK jj###.adsbtrk.com
    • DNS ASK go#####analytics.com
    • DNS ASK pr##yvan.io
    • DNS ASK microsoft.com
    • DNS ASK on#####game-group.ru
    • DNS ASK ga###depart.com
    Miscellaneous
    Searches for the following windows
    • ClassName: '' WindowName: ''
    Creates and executes the following
    • '%TEMP%\marketadvior.exe' /S /pb=https://jjmyn.adsbtrk.com/c/f9706f7de562eb2b?SUBID={SUBID}&PUBID={PUBID}&HID={HID}&GEO={GEO}&TS={TS} /pb2=https://jjmyn.adsbtrk.com/c/63ac61070427831d?SUBID={SUBID}&PUBID={PUBID}&HID={HI...
    • '%TEMP%\installer_2.21.3.exe'
    • '%ProgramFiles(x86)%\proxyvan\updater\proxyvanupdater.exe'
    • '%ProgramFiles(x86)%\proxyvan\service\proxyvan.exe'
    • '%TEMP%\is-mogso.tmp\gamesdepart.000.5241.0.tmp' /SL5="$10260,1011219,721408,%TEMP%\Gamesdepart.000.5241.0.exe" /S /adv 5241 /subadv 435
    • '%TEMP%\gamesdepart.000.5241.0.exe' /VERYSILENT /adv=5241 /subadv=435
    • '%TEMP%\tmp652f.exe' /PASSWORD=cYIrud1plNek /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /UTM=
    • '%APPDATA%\marketadvior\python\python.exe' load.pyc --act=inst ml2
    • '%TEMP%\gamesdepart.000.5241.0.exe' /S /adv 5241 /subadv 435
    • '%APPDATA%\marketadvior\python\python.exe' load.pyc manage2
    • '%APPDATA%\marketadvior\python\python.exe' load.pyc launchall2
    • '%APPDATA%\marketadvior\python\python.exe' load.pyc --subid="{SES}" --pbid="Pao" --pb="https://jjmyn.adsbtrk.com/c/f9706f7de562eb2b?SUBID={SUBID}&PUBID={PUBID}&HID={HID}&GEO={GEO}&TS={TS}" --pb2="https://jjmyn.adsbtrk.com/c/63ac61070427...
    • '%APPDATA%\marketadvior\python\python.exe' load.pyc "akgdkknilkblpjcgpjmbjgpamneokmag;djgdgdcfmdkficbifbnaacknblbkhhoc;fdjdjkkjoiomafnihnobkinnfjnnlhdg;mocgkongaoagjoicmbimkiopebgfkich" checkinstalled
    • '%APPDATA%\marketadvior\python\python.exe' load.py app
    • '%TEMP%\is-ocfv5.tmp\gamesdepart.000.5241.0.tmp' /SL5="$20262,1011219,721408,%TEMP%\Gamesdepart.000.5241.0.exe" /VERYSILENT /adv=5241 /subadv=435
    • '%TEMP%\is-h2b25.tmp\tmp652f.tmp' /SL5="$120228,1996124,721408,%TEMP%\tmp652F.exe" /PASSWORD=cYIrud1plNek /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /UTM=
    • '%WINDIR%\syswow64\sc.exe' start ProxyVan2' (with hidden window)
    • '%APPDATA%\marketadvior\python\python.exe' load.pyc "akgdkknilkblpjcgpjmbjgpamneokmag;djgdgdcfmdkficbifbnaacknblbkhhoc;fdjdjkkjoiomafnihnobkinnfjnnlhdg;mocgkongaoagjoicmbimkiopebgfkich" checkinstalled' (with hidden window)
    • '%WINDIR%\syswow64\sc.exe' create ProxyVan2 obj= "LocalSystem" start= auto binPath= "%ProgramFiles(x86)%\ProxyVan\Service\ProxyVan.exe"' (with hidden window)
    • '%APPDATA%\marketadvior\python\python.exe' load.pyc --subid="{SES}" --pbid="Pao" --pb="https://jjmyn.adsbtrk.com/c/f9706f7de562eb2b?SUBID={SUBID}&PUBID={PUBID}&HID={HID}&GEO={GEO}&TS={TS}" --pb2="https://jjmyn.adsbtrk.com/c/63ac61070427...' (with hidden window)
    • '%WINDIR%\syswow64\sc.exe' create ProxyVanUpdater obj= "LocalSystem" start= auto binPath= "%ProgramFiles(x86)%\ProxyVan\Updater\ProxyVanUpdater.exe"' (with hidden window)
    • '%WINDIR%\syswow64\taskkill.exe' /f /im "gamesdepartupdate.exe"' (with hidden window)
    • '%WINDIR%\syswow64\sc.exe' start ProxyVanUpdater' (with hidden window)
    Executes the following
    • '%WINDIR%\syswow64\cmd.exe' /c schtasks /create /f /tn "MarketAdvior" /xml "%TEMP%\tmpnm3scjf1"
    • '%WINDIR%\syswow64\schtasks.exe' /create /f /tn "MarketAdvior" /xml "%TEMP%\tmpnm3scjf1"
    • '%WINDIR%\syswow64\cmd.exe' /c schtasks /create /f /tn "MarketAdvior2" /xml "%TEMP%\tmpbasyzb_s"
    • '%WINDIR%\syswow64\schtasks.exe' /create /f /tn "MarketAdvior2" /xml "%TEMP%\tmpbasyzb_s"
    • '%WINDIR%\syswow64\sc.exe' create ProxyVan2 obj= "LocalSystem" start= auto binPath= "%ProgramFiles(x86)%\ProxyVan\Service\ProxyVan.exe"
    • '%WINDIR%\syswow64\sc.exe' create ProxyVanUpdater obj= "LocalSystem" start= auto binPath= "%ProgramFiles(x86)%\ProxyVan\Updater\ProxyVanUpdater.exe"
    • '%WINDIR%\syswow64\sc.exe' start ProxyVan2
    • '%WINDIR%\syswow64\sc.exe' start ProxyVanUpdater

    Curing recommendations

    1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
    2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
    Free trial

     

    Download Dr.Web

    Download by serial number

    Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

    Free trial

     

    Download Dr.Web

    Download by serial number

    Download on App Store

    After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

    Free trial

     

    Download Dr.Web

    Download by serial number

    1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
    2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
      • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
      • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
      • Switch off your device and turn it on as normal.

    Find out more about Dr.Web for Android

    Free trial

    14 days

    Download now
    Get it on Google Play