Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Trojan.Siggen11.34556

Added to the Dr.Web virus database: 2020-11-20

Virus description added:

Technical Information

Malicious functions
Executes the following
  • '%WINDIR%\syswow64\taskkill.exe' /PID 2352 /F
Modifies file system
Creates the following files
  • %TEMP%\7zipsfx.000\config2\certifi\cacert.pem
  • %APPDATA%\winshell\win32profile.pyd
  • %APPDATA%\winshell\chardet\codingstatemachine.pyc
  • %APPDATA%\winshell\chardet\charsetprober.pyc
  • %APPDATA%\winshell\chardet\charsetgroupprober.pyc
  • %APPDATA%\winshell\chardet\chardistribution.pyc
  • %APPDATA%\winshell\chardet\big5prober.pyc
  • %APPDATA%\winshell\chardet\big5freq.pyc
  • %APPDATA%\winshell\certifi\__init__.pyc
  • %APPDATA%\winshell\certifi\core.pyc
  • %APPDATA%\winshell\certifi\cacert.pem
  • %APPDATA%\winshell\application hosts tasks manager.br0
  • %APPDATA%\winshell\_win32sysloader.pyd
  • %APPDATA%\winshell\_ssl.pyd
  • %APPDATA%\winshell\_socket.pyd
  • %APPDATA%\winshell\_queue.pyd
  • %APPDATA%\winshell\_lzma.pyd
  • %APPDATA%\winshell\_hashlib.pyd
  • %APPDATA%\winshell\_elementtree.pyd
  • %APPDATA%\winshell\_dummy_thread.pyc
  • %APPDATA%\winshell\_ctypes.pyd
  • %APPDATA%\winshell\_bz2.pyd
  • %APPDATA%\winshell\wmi.pyc
  • %APPDATA%\winshell\winerror.pyc
  • %APPDATA%\winshell\windowslib.pyd
  • %APPDATA%\winshell\win32wnet.pyd
  • %APPDATA%\winshell\win32ts.pyd
  • %APPDATA%\winshell\win32traceutil.pyc
  • %APPDATA%\winshell\chardet\compat.pyc
  • %APPDATA%\winshell\win32trace.pyd
  • %APPDATA%\winshell\chardet\enums.pyc
  • %APPDATA%\winshell\chardet\escprober.pyc
  • %APPDATA%\winshell\chardet\langcyrillicmodel.pyc
  • %APPDATA%\winshell\chardet\utf8prober.pyc
  • %APPDATA%\winshell\chardet\universaldetector.pyc
  • %APPDATA%\winshell\chardet\sjisprober.pyc
  • %APPDATA%\winshell\chardet\sbcsgroupprober.pyc
  • %APPDATA%\winshell\chardet\sbcharsetprober.pyc
  • %APPDATA%\winshell\chardet\mbcssm.pyc
  • %APPDATA%\winshell\chardet\mbcsgroupprober.pyc
  • %APPDATA%\winshell\chardet\mbcharsetprober.pyc
  • %APPDATA%\winshell\chardet\latin1prober.pyc
  • %APPDATA%\winshell\chardet\langturkishmodel.pyc
  • %APPDATA%\winshell\chardet\langthaimodel.pyc
  • %APPDATA%\winshell\chardet\langhebrewmodel.pyc
  • %APPDATA%\winshell\chardet\langgreekmodel.pyc
  • %APPDATA%\winshell\chardet\langbulgarianmodel.pyc
  • %APPDATA%\winshell\pyimod02_archive
  • %APPDATA%\winshell\chardet\jpcntx.pyc
  • %APPDATA%\winshell\chardet\jisfreq.pyc
  • %APPDATA%\winshell\chardet\hebrewprober.pyc
  • %APPDATA%\winshell\chardet\gb2312prober.pyc
  • %APPDATA%\winshell\chardet\gb2312freq.pyc
  • %APPDATA%\winshell\chardet\euctwprober.pyc
  • %APPDATA%\winshell\chardet\euctwfreq.pyc
  • %APPDATA%\winshell\chardet\euckrprober.pyc
  • %APPDATA%\winshell\chardet\euckrfreq.pyc
  • %APPDATA%\winshell\chardet\eucjpprober.pyc
  • %APPDATA%\winshell\chardet\escsm.pyc
  • %APPDATA%\winshell\chardet\cp949prober.pyc
  • %APPDATA%\winshell\win32security.pyd
  • %APPDATA%\winshell\win32process.pyd
  • %APPDATA%\winshell\win32net.pyd
  • %APPDATA%\winshell\api-ms-win-crt-string-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-crt-process-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-crt-math-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-crt-locale-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-crt-heap-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-crt-filesystem-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-crt-environment-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-crt-convert-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-crt-conio-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-util-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-timezone-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-sysinfo-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-synch-l1-2-0.dll
  • %APPDATA%\winshell\api-ms-win-core-synch-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-string-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-rtlsupport-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-profile-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-processthreads-l1-1-1.dll
  • %APPDATA%\winshell\api-ms-win-core-processthreads-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-processenvironment-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-namedpipe-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-memory-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-localization-l1-2-0.dll
  • %APPDATA%\winshell\api-ms-win-core-libraryloader-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-interlocked-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-heap-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-handle-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-crt-runtime-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-crt-time-l1-1-0.dll
  • %APPDATA%\winshell\win32api.pyd
  • %APPDATA%\winshell\commctrl.pyc
  • %APPDATA%\winshell\win32con.pyc
  • %APPDATA%\winshell\api-ms-win-crt-utility-l1-1-0.dll
  • %APPDATA%\winshell\vcruntime140.dll
  • %APPDATA%\winshell\unicodedata.pyd
  • %APPDATA%\winshell\ucrtbase.dll
  • %APPDATA%\winshell\select.pyd
  • %APPDATA%\winshell\pywintypes37.dll
  • %APPDATA%\winshell\pywintypes.pyc
  • %APPDATA%\winshell\pythoncom37.dll
  • %APPDATA%\winshell\pythoncom.pyc
  • %APPDATA%\winshell\python37.dll
  • %APPDATA%\winshell\pyi_rth_win32comgenpy
  • %APPDATA%\winshell\pyi_rth_win32api
  • %APPDATA%\winshell\api-ms-win-core-file-l2-1-0.dll
  • %APPDATA%\winshell\pyi_rth_certifi
  • %APPDATA%\winshell\pyimod03_importers
  • %APPDATA%\winshell\pyimod01_os_path
  • %APPDATA%\winshell\pyexpat.pyd
  • %APPDATA%\winshell\netbios.pyc
  • %APPDATA%\winshell\application hosts tasks manager.exe
  • %APPDATA%\winshell\motakh.br0
  • %APPDATA%\winshell\libssl-1_1.dll
  • %APPDATA%\winshell\libcrypto-1_1.dll
  • %APPDATA%\winshell\ipaddress.pyc
  • %APPDATA%\winshell\imp.pyc
  • %APPDATA%\winshell\hmac.pyc
  • %APPDATA%\winshell\dummy_threading.pyc
  • %APPDATA%\winshell\csv.pyc
  • %APPDATA%\winshell\chardet\version.pyc
  • %APPDATA%\winshell\api-ms-win-crt-stdio-l1-1-0.dll
  • %APPDATA%\winshell\chardet\__init__.pyc
  • %APPDATA%\winshell\psutil\__init__.pyc
  • %APPDATA%\winshell\win32com\client\gencache.pyc
  • %APPDATA%\winshell\win32com\client\dynamic.pyc
  • %APPDATA%\winshell\win32com\client\clsidtoclass.pyc
  • %APPDATA%\winshell\win32com\client\build.pyc
  • %APPDATA%\winshell\win32com\__init__.pyc
  • %APPDATA%\winshell\win32com\util.pyc
  • %APPDATA%\winshell\win32com\universal.pyc
  • %APPDATA%\winshell\urllib3\util\__init__.pyc
  • %APPDATA%\winshell\urllib3\util\wait.pyc
  • %APPDATA%\winshell\urllib3\util\url.pyc
  • %APPDATA%\winshell\urllib3\util\timeout.pyc
  • %APPDATA%\winshell\urllib3\util\ssl_.pyc
  • %APPDATA%\winshell\urllib3\util\retry.pyc
  • %APPDATA%\winshell\urllib3\util\response.pyc
  • %APPDATA%\winshell\urllib3\util\request.pyc
  • %APPDATA%\winshell\urllib3\util\queue.pyc
  • %APPDATA%\winshell\urllib3\util\connection.pyc
  • %APPDATA%\winshell\urllib3\packages\ssl_match_hostname\__init__.pyc
  • %APPDATA%\winshell\urllib3\packages\ssl_match_hostname\_implementation.pyc
  • %APPDATA%\winshell\urllib3\packages\backports\__init__.pyc
  • %APPDATA%\winshell\urllib3\packages\backports\makefile.pyc
  • %APPDATA%\winshell\urllib3\packages\__init__.pyc
  • %APPDATA%\winshell\urllib3\packages\six.pyc
  • %APPDATA%\winshell\urllib3\contrib\__init__.pyc
  • %APPDATA%\winshell\urllib3\contrib\_appengine_environ.pyc
  • %APPDATA%\winshell\urllib3\contrib\socks.pyc
  • %APPDATA%\winshell\urllib3\contrib\pyopenssl.pyc
  • %APPDATA%\winshell\urllib3\_collections.pyc
  • %APPDATA%\winshell\urllib3\__init__.pyc
  • %APPDATA%\winshell\win32com\client\genpy.pyc
  • %APPDATA%\winshell\win32com\client\makepy.pyc
  • %APPDATA%\winshell\appdata\uuid
  • %APPDATA%\winshell\appdata\installedtime
  • nul
  • %APPDATA%\winshell\windows shell graphic security.br0
  • %APPDATA%\winshell\windows shell graphic security.exe
  • %APPDATA%\winshell\application hosts tasks manager.run
  • %APPDATA%\winshell\decryptit\__pycache__\__init__.cpython-37.pyc.48080896
  • %TEMP%\tmp7s5e7usk.bat
  • %TEMP%\c3_k_77x
  • %APPDATA%\winshell\xml\etree\__init__.pyc
  • %APPDATA%\winshell\xml\etree\elementtree.pyc
  • %APPDATA%\winshell\xml\etree\elementpath.pyc
  • %APPDATA%\winshell\xml\etree\elementinclude.pyc
  • %APPDATA%\winshell\winaccess\__init__.pyc
  • %APPDATA%\winshell\urllib3\request.pyc
  • %APPDATA%\winshell\winaccess\winstructures.pyc
  • %APPDATA%\winshell\winaccess\utils.pyc
  • %APPDATA%\winshell\winaccess\uac.pyc
  • %APPDATA%\winshell\winaccess\persist.pyc
  • %APPDATA%\winshell\winaccess\elevate.pyc
  • %APPDATA%\winshell\win32com\server\__init__.pyc
  • %APPDATA%\winshell\win32com\server\util.pyc
  • %APPDATA%\winshell\win32com\server\policy.pyc
  • %APPDATA%\winshell\win32com\server\exception.pyc
  • %APPDATA%\winshell\win32com\server\dispatcher.pyc
  • %APPDATA%\winshell\win32com\client\__init__.pyc
  • %APPDATA%\winshell\win32com\client\util.pyc
  • %APPDATA%\winshell\win32com\client\selecttlb.pyc
  • %APPDATA%\winshell\urllib3\response.pyc
  • %APPDATA%\winshell\urllib3\poolmanager.pyc
  • %TEMP%\7zipsfx.000\config2\win32ts.pyd
  • %APPDATA%\winshell\pywin\__init__.pyc
  • %APPDATA%\winshell\psutil\_psutil_windows.cp37-win32.pyd
  • %APPDATA%\winshell\psutil\_pssunos.pyc
  • %APPDATA%\winshell\psutil\_psposix.pyc
  • %APPDATA%\winshell\psutil\_psosx.pyc
  • %APPDATA%\winshell\psutil\_pslinux.pyc
  • %APPDATA%\winshell\psutil\_psbsd.pyc
  • %APPDATA%\winshell\psutil\_psaix.pyc
  • %APPDATA%\winshell\psutil\_compat.pyc
  • %APPDATA%\winshell\psutil\_common.pyc
  • %APPDATA%\winshell\importlib\resources.pyc
  • %APPDATA%\winshell\idna\__init__.pyc
  • %APPDATA%\winshell\idna\uts46data.pyc
  • %APPDATA%\winshell\idna\package_data.pyc
  • %APPDATA%\winshell\idna\intranges.pyc
  • %APPDATA%\winshell\idna\idnadata.pyc
  • %APPDATA%\winshell\idna\core.pyc
  • %APPDATA%\winshell\http\cookies.pyc
  • %APPDATA%\winshell\distutils\text_file.pyc
  • %APPDATA%\winshell\distutils\sysconfig.pyc
  • %APPDATA%\winshell\distutils\errors.pyc
  • %APPDATA%\winshell\decryptit\__pycache__\__init__.cpython-37.pyc
  • %APPDATA%\winshell\decryptit\__init__.py
  • %APPDATA%\winshell\decryptit\_pytransform.dll
  • %APPDATA%\winshell\decryptit\pytransform.key
  • %APPDATA%\winshell\decryptit\license.lic
  • %APPDATA%\winshell\curses\__init__.pyc
  • %APPDATA%\winshell\pywin\dialogs\list.pyc
  • %APPDATA%\winshell\pywin\dialogs\status.pyc
  • %APPDATA%\winshell\urllib3\filepost.pyc
  • %APPDATA%\winshell\requests\hooks.pyc
  • %APPDATA%\winshell\requests\models.pyc
  • %APPDATA%\winshell\urllib3\fields.pyc
  • %APPDATA%\winshell\urllib3\exceptions.pyc
  • %APPDATA%\winshell\urllib3\connectionpool.pyc
  • %APPDATA%\winshell\urllib3\connection.pyc
  • %APPDATA%\winshell\requests\__version__.pyc
  • %APPDATA%\winshell\requests\__init__.pyc
  • %APPDATA%\winshell\requests\_internal_utils.pyc
  • %APPDATA%\winshell\requests\utils.pyc
  • %APPDATA%\winshell\requests\structures.pyc
  • %APPDATA%\winshell\requests\status_codes.pyc
  • %APPDATA%\winshell\requests\sessions.pyc
  • %APPDATA%\winshell\requests\packages.pyc
  • %APPDATA%\winshell\curses\has_key.pyc
  • %APPDATA%\winshell\ctypes\wintypes.pyc
  • %APPDATA%\winshell\psutil\_pswindows.pyc
  • %APPDATA%\winshell\requests\cookies.pyc
  • %APPDATA%\winshell\requests\compat.pyc
  • %APPDATA%\winshell\requests\certs.pyc
  • %APPDATA%\winshell\requests\auth.pyc
  • %APPDATA%\winshell\requests\api.pyc
  • %APPDATA%\winshell\requests\adapters.pyc
  • %APPDATA%\winshell\pywin\mfc\__init__.pyc
  • %APPDATA%\winshell\pywin\mfc\window.pyc
  • %APPDATA%\winshell\pywin\mfc\thread.pyc
  • %APPDATA%\winshell\pywin\mfc\object.pyc
  • %APPDATA%\winshell\pywin\mfc\dialog.pyc
  • %APPDATA%\winshell\pywin\dialogs\__init__.pyc
  • %APPDATA%\winshell\requests\exceptions.pyc
  • %APPDATA%\winshell\api-ms-win-core-file-l1-2-0.dll
  • %APPDATA%\winshell\api-ms-win-core-file-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-errorhandling-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\importlib\resources.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\mfc\dialog.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\dialogs\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\dialogs\status.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\dialogs\list.pyc
  • %TEMP%\7zipsfx.000\config2\pythoncom.pyc
  • %TEMP%\7zipsfx.000\config2\pyi_rth_win32comgenpy
  • %TEMP%\7zipsfx.000\config2\pyi_rth_win32api
  • %TEMP%\7zipsfx.000\config2\pyi_rth_certifi
  • %TEMP%\7zipsfx.000\config2\pyimod03_importers
  • %TEMP%\7zipsfx.000\config2\pyimod02_archive
  • %TEMP%\7zipsfx.000\config2\pyimod01_os_path
  • %TEMP%\7zipsfx.000\config2\pyexpat.pyd
  • %TEMP%\7zipsfx.000\config2\psutil\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_pswindows.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_psutil_windows.cp37-win32.pyd
  • %TEMP%\7zipsfx.000\config2\psutil\_pssunos.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_psposix.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_psosx.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_pslinux.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_psbsd.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_psaix.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_compat.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_common.pyc
  • %TEMP%\7zipsfx.000\config2\netbios.pyc
  • %TEMP%\7zipsfx.000\config2\motakh.br0
  • %TEMP%\7zipsfx.000\config2\ipaddress.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\mfc\window.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\mfc\thread.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\imp.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\contrib\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\contrib\_appengine_environ.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\contrib\socks.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\contrib\pyopenssl.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\connectionpool.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\connection.pyc
  • %TEMP%\7zipsfx.000\config2\unicodedata.pyd
  • %TEMP%\7zipsfx.000\config2\select.pyd
  • %TEMP%\7zipsfx.000\config2\requests\__version__.pyc
  • %TEMP%\7zipsfx.000\config2\requests\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\requests\_internal_utils.pyc
  • %TEMP%\7zipsfx.000\config2\requests\utils.pyc
  • %TEMP%\7zipsfx.000\config2\requests\structures.pyc
  • %TEMP%\7zipsfx.000\config2\requests\sessions.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\filepost.pyc
  • %TEMP%\7zipsfx.000\config2\requests\packages.pyc
  • %TEMP%\7zipsfx.000\config2\requests\models.pyc
  • %TEMP%\7zipsfx.000\config2\requests\hooks.pyc
  • %TEMP%\7zipsfx.000\config2\requests\exceptions.pyc
  • %TEMP%\7zipsfx.000\config2\requests\cookies.pyc
  • %TEMP%\7zipsfx.000\config2\requests\compat.pyc
  • %TEMP%\7zipsfx.000\config2\requests\certs.pyc
  • %TEMP%\7zipsfx.000\config2\requests\auth.pyc
  • %TEMP%\7zipsfx.000\config2\requests\api.pyc
  • %TEMP%\7zipsfx.000\config2\requests\adapters.pyc
  • %TEMP%\7zipsfx.000\config2\pywintypes.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\mfc\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\exceptions.pyc
  • %TEMP%\7zipsfx.000\config2\idna\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\idna\uts46data.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langhebrewmodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langcyrillicmodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langbulgarianmodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\jpcntx.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\jisfreq.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\hebrewprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\gb2312prober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\gb2312freq.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\euctwprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\euctwfreq.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\euckrprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\euckrfreq.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\eucjpprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\escsm.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\escprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\enums.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\cp949prober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\compat.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\codingstatemachine.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\charsetprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\charsetgroupprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\chardistribution.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\big5prober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\big5freq.pyc
  • %TEMP%\7zipsfx.000\config2\certifi\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\certifi\core.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langthaimodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langturkishmodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\latin1prober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langgreekmodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\mbcharsetprober.pyc
  • %TEMP%\7zipsfx.000\config2\idna\intranges.pyc
  • %TEMP%\7zipsfx.000\config2\idna\package_data.pyc
  • %TEMP%\7zipsfx.000\config2\idna\idnadata.pyc
  • %TEMP%\7zipsfx.000\config2\idna\core.pyc
  • %TEMP%\7zipsfx.000\config2\http\cookies.pyc
  • %TEMP%\7zipsfx.000\config2\hmac.pyc
  • %TEMP%\7zipsfx.000\config2\dummy_threading.pyc
  • %TEMP%\7zipsfx.000\config2\distutils\text_file.pyc
  • %TEMP%\7zipsfx.000\config2\distutils\sysconfig.pyc
  • %TEMP%\7zipsfx.000\config2\distutils\errors.pyc
  • %TEMP%\7zipsfx.000\config2\decryptit\__pycache__\__init__.cpython-37.pyc
  • %TEMP%\7zipsfx.000\config2\decryptit\__init__.py
  • %TEMP%\7zipsfx.000\config2\decryptit\pytransform.key
  • %TEMP%\7zipsfx.000\config2\urllib3\fields.pyc
  • %TEMP%\7zipsfx.000\config2\requests\status_codes.pyc
  • %TEMP%\7zipsfx.000\config2\decryptit\license.lic
  • %TEMP%\7zipsfx.000\config2\ctypes\wintypes.pyc
  • %TEMP%\7zipsfx.000\config2\csv.pyc
  • %TEMP%\7zipsfx.000\config2\commctrl.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\version.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\utf8prober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\universaldetector.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\sjisprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\sbcsgroupprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\sbcharsetprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\mbcssm.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\mbcsgroupprober.pyc
  • %TEMP%\7zipsfx.000\config2\curses\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\curses\has_key.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\mfc\object.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\backports\makefile.pyc
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-string-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-synch-l1-2-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-rtlsupport-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-profile-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-processthreads-l1-1-1.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-processthreads-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-processenvironment-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-namedpipe-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-memory-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-localization-l1-2-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-libraryloader-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-interlocked-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-heap-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-handle-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-file-l2-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-file-l1-2-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-file-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-errorhandling-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-debug-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-datetime-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-console-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\_win32sysloader.pyd
  • %TEMP%\7zipsfx.000\config2\_ssl.pyd
  • %TEMP%\7zipsfx.000\config2\_socket.pyd
  • %TEMP%\7zipsfx.000\config2\_queue.pyd
  • %TEMP%\7zipsfx.000\config2\_lzma.pyd
  • %TEMP%\7zipsfx.000\config2\_hashlib.pyd
  • %TEMP%\7zipsfx.000\config2\_elementtree.pyd
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-sysinfo-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-timezone-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-debug-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-utility-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\decryptit\_pytransform.dll
  • %APPDATA%\winshell\api-ms-win-core-datetime-l1-1-0.dll
  • %APPDATA%\winshell\api-ms-win-core-console-l1-1-0.dll
  • %TEMP%\gen_py\3.7\dicts.dat
  • %TEMP%\gen_py\3.7\__init__.py
  • %TEMP%\7zipsfx.000\config2\vcruntime140.dll
  • %TEMP%\7zipsfx.000\config2\ucrtbase.dll
  • %TEMP%\7zipsfx.000\config2\pywintypes37.dll
  • %TEMP%\7zipsfx.000\config2\pythoncom37.dll
  • %TEMP%\7zipsfx.000\config2\python37.dll
  • %TEMP%\7zipsfx.000\config2\motakh.exe
  • %TEMP%\7zipsfx.000\config2\libssl-1_1.dll
  • %TEMP%\7zipsfx.000\config2\libcrypto-1_1.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-synch-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\_dummy_thread.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\backports\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-string-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-stdio-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-runtime-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-process-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-math-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-locale-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-heap-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-filesystem-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-environment-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-convert-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-conio-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-util-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-time-l1-1-0.dll
  • %APPDATA%\winshell\xml\etree\celementtree.pyc
  • %APPDATA%\winshell\appdata\threads
  • %TEMP%\7zipsfx.000\config2\xml\etree\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\makepy.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\genpy.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\gencache.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\dynamic.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\clsidtoclass.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\build.pyc
  • %TEMP%\7zipsfx.000\config2\win32api.pyd
  • %TEMP%\7zipsfx.000\config2\urllib3\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\_collections.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\wait.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\url.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\timeout.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\ssl_.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\retry.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\response.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\request.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\queue.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\connection.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\response.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\request.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\poolmanager.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\ssl_match_hostname\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\ssl_match_hostname\_implementation.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\six.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\util.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\selecttlb.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\server\dispatcher.pyc
  • %TEMP%\7zipsfx.000\config2\xml\etree\elementtree.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\server\exception.pyc
  • %TEMP%\7zipsfx.000\config2\xml\etree\elementpath.pyc
  • %TEMP%\7zipsfx.000\config2\xml\etree\elementinclude.pyc
  • %TEMP%\7zipsfx.000\config2\xml\etree\celementtree.pyc
  • %TEMP%\7zipsfx.000\config2\wmi.pyc
  • %TEMP%\7zipsfx.000\config2\winerror.pyc
  • %TEMP%\7zipsfx.000\config2\windowslib.pyd
  • %TEMP%\7zipsfx.000\config2\winaccess\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\winaccess\winstructures.pyc
  • %TEMP%\7zipsfx.000\config2\winaccess\utils.pyc
  • %TEMP%\7zipsfx.000\config2\winaccess\uac.pyc
  • %TEMP%\7zipsfx.000\config2\winaccess\persist.pyc
  • %TEMP%\7zipsfx.000\config2\winaccess\elevate.pyc
  • %TEMP%\7zipsfx.000\config2\_ctypes.pyd
  • %TEMP%\7zipsfx.000\config2\_bz2.pyd
  • %TEMP%\7zipsfx.000\config2\win32traceutil.pyc
  • %TEMP%\7zipsfx.000\config2\win32trace.pyd
  • %TEMP%\7zipsfx.000\config2\win32security.pyd
  • %TEMP%\7zipsfx.000\config2\win32profile.pyd
  • %TEMP%\7zipsfx.000\config2\win32process.pyd
  • %TEMP%\7zipsfx.000\config2\win32net.pyd
  • %TEMP%\7zipsfx.000\config2\win32con.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\util.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\universal.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\server\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\server\util.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\server\policy.pyc
  • %TEMP%\7zipsfx.000\config2\win32wnet.pyd
  • %APPDATA%\winshell\lerror
Deletes the following files
  • %TEMP%\c3_k_77x
  • %TEMP%\7zipsfx.000\config2\requests\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\requests\__version__.pyc
  • %TEMP%\7zipsfx.000\config2\select.pyd
  • %TEMP%\7zipsfx.000\config2\ucrtbase.dll
  • %TEMP%\7zipsfx.000\config2\unicodedata.pyd
  • %TEMP%\7zipsfx.000\config2\urllib3\connection.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\connectionpool.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\contrib\pyopenssl.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\contrib\socks.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\contrib\_appengine_environ.pyc
  • %TEMP%\7zipsfx.000\config2\requests\structures.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\contrib\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\requests\_internal_utils.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\fields.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\backports\makefile.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\backports\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\six.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\ssl_match_hostname\_implementation.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\ssl_match_hostname\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\packages\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\poolmanager.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\request.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\response.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\connection.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\exceptions.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\queue.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\filepost.pyc
  • %TEMP%\7zipsfx.000\config2\requests\utils.pyc
  • %TEMP%\7zipsfx.000\config2\requests\status_codes.pyc
  • %TEMP%\7zipsfx.000\config2\requests\sessions.pyc
  • %TEMP%\7zipsfx.000\config2\pyi_rth_win32api
  • %TEMP%\7zipsfx.000\config2\pyi_rth_win32comgenpy
  • %TEMP%\7zipsfx.000\config2\python37.dll
  • %TEMP%\7zipsfx.000\config2\pythoncom.pyc
  • %TEMP%\7zipsfx.000\config2\pythoncom37.dll
  • %TEMP%\7zipsfx.000\config2\pywin\dialogs\list.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\dialogs\status.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\dialogs\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\mfc\dialog.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\mfc\object.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\mfc\thread.pyc
  • %TEMP%\7zipsfx.000\config2\pyimod03_importers
  • %TEMP%\7zipsfx.000\config2\pywin\mfc\window.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\pywintypes.pyc
  • %TEMP%\7zipsfx.000\config2\pywintypes37.dll
  • %TEMP%\7zipsfx.000\config2\requests\adapters.pyc
  • %TEMP%\7zipsfx.000\config2\requests\api.pyc
  • %TEMP%\7zipsfx.000\config2\requests\auth.pyc
  • %TEMP%\7zipsfx.000\config2\requests\certs.pyc
  • %TEMP%\7zipsfx.000\config2\requests\compat.pyc
  • %TEMP%\7zipsfx.000\config2\requests\cookies.pyc
  • %TEMP%\7zipsfx.000\config2\requests\exceptions.pyc
  • %TEMP%\7zipsfx.000\config2\requests\hooks.pyc
  • %TEMP%\7zipsfx.000\config2\requests\models.pyc
  • %TEMP%\7zipsfx.000\config2\pywin\mfc\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\requests\packages.pyc
  • %TEMP%\7zipsfx.000\config2\pyimod02_archive
  • %TEMP%\7zipsfx.000\config2\pyi_rth_certifi
  • %TEMP%\7zipsfx.000\config2\urllib3\util\request.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\timeout.pyc
  • %TEMP%\7zipsfx.000\config2\win32traceutil.pyc
  • %TEMP%\7zipsfx.000\config2\win32ts.pyd
  • %TEMP%\7zipsfx.000\config2\win32wnet.pyd
  • %TEMP%\7zipsfx.000\config2\winaccess\elevate.pyc
  • %TEMP%\7zipsfx.000\config2\winaccess\persist.pyc
  • %TEMP%\7zipsfx.000\config2\winaccess\uac.pyc
  • %TEMP%\7zipsfx.000\config2\winaccess\utils.pyc
  • %TEMP%\7zipsfx.000\config2\winaccess\winstructures.pyc
  • %TEMP%\7zipsfx.000\config2\winaccess\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\windowslib.pyd
  • %TEMP%\7zipsfx.000\config2\winerror.pyc
  • %TEMP%\7zipsfx.000\config2\win32security.pyd
  • %TEMP%\7zipsfx.000\config2\win32trace.pyd
  • %TEMP%\7zipsfx.000\config2\wmi.pyc
  • %TEMP%\7zipsfx.000\config2\xml\etree\elementpath.pyc
  • %TEMP%\7zipsfx.000\config2\xml\etree\elementtree.pyc
  • %TEMP%\7zipsfx.000\config2\xml\etree\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\_bz2.pyd
  • %TEMP%\7zipsfx.000\config2\_ctypes.pyd
  • %TEMP%\7zipsfx.000\config2\_dummy_thread.pyc
  • %TEMP%\7zipsfx.000\config2\_elementtree.pyd
  • %TEMP%\7zipsfx.000\config2\_hashlib.pyd
  • %TEMP%\7zipsfx.000\config2\_lzma.pyd
  • %TEMP%\7zipsfx.000\config2\_queue.pyd
  • %TEMP%\7zipsfx.000\config2\_socket.pyd
  • %TEMP%\7zipsfx.000\config2\xml\etree\celementtree.pyc
  • %TEMP%\7zipsfx.000\config2\xml\etree\elementinclude.pyc
  • %TEMP%\7zipsfx.000\config2\win32profile.pyd
  • %TEMP%\7zipsfx.000\config2\win32net.pyd
  • %TEMP%\7zipsfx.000\config2\distutils\errors.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\url.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\wait.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\_collections.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\vcruntime140.dll
  • %TEMP%\7zipsfx.000\config2\win32api.pyd
  • %TEMP%\7zipsfx.000\config2\win32com\client\build.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\clsidtoclass.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\dynamic.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\gencache.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\genpy.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\makepy.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\selecttlb.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\util.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\client\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\server\dispatcher.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\server\exception.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\server\policy.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\server\util.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\server\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\universal.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\util.pyc
  • %TEMP%\7zipsfx.000\config2\win32com\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\win32con.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\response.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\ssl_.pyc
  • %TEMP%\7zipsfx.000\config2\urllib3\util\retry.pyc
  • %TEMP%\7zipsfx.000\config2\pyimod01_os_path
  • %TEMP%\7zipsfx.000\config2\pyexpat.pyd
  • %TEMP%\7zipsfx.000\config2\psutil\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-runtime-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-stdio-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-string-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-time-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-utility-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\certifi\cacert.pem
  • %TEMP%\7zipsfx.000\config2\certifi\core.pyc
  • %TEMP%\7zipsfx.000\config2\certifi\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\big5freq.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\big5prober.pyc
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-locale-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\chardet\chardistribution.pyc
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-process-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\chardet\charsetprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\compat.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\cp949prober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\enums.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\escprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\escsm.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\eucjpprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\euckrfreq.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\euckrprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\euctwfreq.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\euctwprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\charsetgroupprober.pyc
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-heap-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\chardet\codingstatemachine.pyc
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-filesystem-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-environment-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-console-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-debug-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-errorhandling-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-file-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-file-l1-2-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-file-l2-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-handle-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-heap-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-interlocked-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-libraryloader-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-localization-l1-2-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-memory-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-namedpipe-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-datetime-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-processenvironment-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-processthreads-l1-1-1.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-profile-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-rtlsupport-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-string-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-synch-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-synch-l1-2-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-sysinfo-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-timezone-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-util-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-conio-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-convert-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\chardet\gb2312freq.pyc
  • %TEMP%\7zipsfx.000\config2\api-ms-win-core-processthreads-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\chardet\gb2312prober.pyc
  • %TEMP%\7zipsfx.000\config2\api-ms-win-crt-math-l1-1-0.dll
  • %TEMP%\7zipsfx.000\config2\chardet\hebrewprober.pyc
  • %TEMP%\7zipsfx.000\config2\dummy_threading.pyc
  • %TEMP%\7zipsfx.000\config2\http\cookies.pyc
  • %TEMP%\7zipsfx.000\config2\idna\core.pyc
  • %TEMP%\7zipsfx.000\config2\idna\idnadata.pyc
  • %TEMP%\7zipsfx.000\config2\idna\intranges.pyc
  • %TEMP%\7zipsfx.000\config2\idna\package_data.pyc
  • %TEMP%\7zipsfx.000\config2\idna\uts46data.pyc
  • %TEMP%\7zipsfx.000\config2\idna\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\imp.pyc
  • %TEMP%\7zipsfx.000\config2\importlib\resources.pyc
  • %TEMP%\7zipsfx.000\config2\ipaddress.pyc
  • %TEMP%\7zipsfx.000\config2\libcrypto-1_1.dll
  • %TEMP%\7zipsfx.000\config2\libssl-1_1.dll
  • %TEMP%\7zipsfx.000\config2\motakh.br0
  • %TEMP%\7zipsfx.000\config2\motakh.exe
  • %TEMP%\7zipsfx.000\config2\netbios.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_common.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_compat.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_psaix.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_psbsd.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_pslinux.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_psosx.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_psposix.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_pssunos.pyc
  • %TEMP%\7zipsfx.000\config2\psutil\_psutil_windows.cp37-win32.pyd
  • %TEMP%\7zipsfx.000\config2\psutil\_pswindows.pyc
  • %TEMP%\7zipsfx.000\config2\distutils\text_file.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\jisfreq.pyc
  • %TEMP%\7zipsfx.000\config2\hmac.pyc
  • %TEMP%\7zipsfx.000\config2\win32process.pyd
  • %TEMP%\7zipsfx.000\config2\_ssl.pyd
  • %TEMP%\7zipsfx.000\config2\decryptit\__pycache__\__init__.cpython-37.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langbulgarianmodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langcyrillicmodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langgreekmodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langhebrewmodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langthaimodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\langturkishmodel.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\latin1prober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\mbcharsetprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\mbcsgroupprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\mbcssm.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\sbcharsetprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\sbcsgroupprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\jpcntx.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\sjisprober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\utf8prober.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\version.pyc
  • %TEMP%\7zipsfx.000\config2\chardet\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\commctrl.pyc
  • %TEMP%\7zipsfx.000\config2\csv.pyc
  • %TEMP%\7zipsfx.000\config2\ctypes\wintypes.pyc
  • %TEMP%\7zipsfx.000\config2\curses\has_key.pyc
  • %TEMP%\7zipsfx.000\config2\curses\__init__.pyc
  • %TEMP%\7zipsfx.000\config2\decryptit\license.lic
  • %TEMP%\7zipsfx.000\config2\decryptit\pytransform.key
  • %TEMP%\7zipsfx.000\config2\decryptit\_pytransform.dll
  • %TEMP%\7zipsfx.000\config2\decryptit\__init__.py
  • %TEMP%\7zipsfx.000\config2\chardet\universaldetector.pyc
  • %TEMP%\7zipsfx.000\config2\distutils\sysconfig.pyc
  • %TEMP%\7zipsfx.000\config2\_win32sysloader.pyd
Moves the following files
  • from %APPDATA%\winshell\application hosts tasks manager.exe to %APPDATA%\winshell\application hosts tasks manager.exe
  • from %APPDATA%\winshell\decryptit\__pycache__\__init__.cpython-37.pyc.48080896 to %APPDATA%\winshell\decryptit\__pycache__\__init__.cpython-37.pyc
  • from %APPDATA%\winshell\windows shell graphic security.exe to %APPDATA%\winshell\windows shell graphic security.exe
Network activity
TCP
  • 'gi##ub.com':443
  • 'ra#.####ubusercontent.com':443
UDP
  • DNS ASK gi##ub.com
  • DNS ASK ra#.####ubusercontent.com
Miscellaneous
Searches for the following windows
  • ClassName: '' WindowName: ''
Creates and executes the following
  • '%TEMP%\7zipsfx.000\config2\motakh.exe'
  • '%APPDATA%\winshell\application hosts tasks manager.exe'
  • '%APPDATA%\winshell\windows shell graphic security.exe'
  • '%WINDIR%\syswow64\cmd.exe' /c "start "" "%APPDATA%\WinShell\Application Hosts Tasks Manager.exe""' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\tmp7s5e7usk.bat"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c "start "" "%APPDATA%\WinShell\Windows Shell Graphic Security.exe""' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c "wmic cpu get name"' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' /c "start "" "%APPDATA%\WinShell\Application Hosts Tasks Manager.exe""
  • '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\tmp7s5e7usk.bat"
  • '%WINDIR%\syswow64\cmd.exe' /c "start "" "%APPDATA%\WinShell\Windows Shell Graphic Security.exe""
  • '%WINDIR%\syswow64\cmd.exe' /c "wmic cpu get name"
  • '%WINDIR%\syswow64\wbem\wmic.exe' cpu get name

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2020

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124