Alias

Ransom:MSIL/Ryzerlo.A (Microsoft); GenericRXGT-RC!DB7A667FE198 (McAfee); HEUR:Trojan-Spy.MSIL.KeyLogger.gen (Kaspersky); Mal/Bladabi-S (Sophos)

 Plataforma:

Windows

 Riesgo general:
 Potencial de destrucción:
 Infección divulgada:
Bajo
Medio
High
Crítico

  • Tipo de malware
    Ransomware

  • Destructivo?
    No

  • Cifrado
     

  • In the Wild:

  Resumen y descripción


  Detalles técnicos

Tamaño del archivo 301,056 bytes
Tipo de archivo EXE
Residente en memoria
Fecha de recepción de las muestras iniciales 05 Nov 2019

Instalación

Crea las siguientes copias de sí mismo en el sistema afectado:

  • F:\NViDiaDisplay.Container.exe

Agrega los procesos siguientes:

  • %User Temp%\svchosts.exe

(Nota: %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000(32-bit), XP y Server 2003(32-bit) suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp y en el case de Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) y 10(64-bit) en C:\Users\{nombre de usuario}\AppData\Local\Temp).

)

Crea las carpetas siguientes:

  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1
  • %AppDataLocal%\Microsoft_Corporation
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj

Técnica de inicio automático

Agrega las siguientes entradas de registro para permitir su ejecución automática cada vez que se inicia el sistema:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
40f1abfeb160a5f5393e777877aaa6e4 = "{malware path and file name}.exe"

Rutina de infiltración

Infiltra los archivos siguientes:

  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.newcfg
  • %User Temp%\svchosts.exe
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\user.config
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.newcfg
  • F:\wlines.zip.lnk
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.tmp
  • F:\mail_client.exe.lnk
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.newcfg
  • %AppDataLocal%\GDIPFONTCACHEV1.DAT
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.tmp

(Nota: %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000(32-bit), XP y Server 2003(32-bit) suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp y en el case de Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) y 10(64-bit) en C:\Users\{nombre de usuario}\AppData\Local\Temp).

)

  Soluciones

Motor de exploración mínimo 9.850

Step 1

Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.

Step 2

Reiniciar en modo seguro

[ aprenda más ]

Step 3

Identificar y terminar los archivos detectados como Ransom_Ryzerlo.R002C0DI919

[ aprenda más ]
  1. Para los usuarios de Windows 98 y ME, puede que el Administrador de tareas de Windows no muestre todos los procesos en ejecución. En tal caso, utilice un visor de procesos de una tercera parte (preferiblemente, el Explorador de procesos) para terminar el archivo de malware/grayware/spyware. Puede descargar la herramienta en cuestión aquí.
  2. Si el archivo detectado aparece en el Administrador de tareas o en el Explorador de procesos, pero no puede eliminarlo, reinicie el equipo en modo seguro. Para ello, consulte este enlace para obtener todos los pasos necesarios.
  3. Si el archivo detectado no se muestra en el Administrador de tareas o el Explorador de procesos, prosiga con los pasos que se indican a continuación.

Step 4

Eliminar este valor del Registro

[ aprenda más ]

Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.

  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 40f1abfeb160a5f5393e777877aaa6e4 = "{malware path and file name}.exe"

Step 5

Buscar y eliminar estos archivos

[ aprenda más ]
Puede que algunos de los archivos del componente estén ocultos. Asegúrese de que tiene activada la casilla Buscar archivos y carpetas ocultos en la opción "Más opciones avanzadas" para que el resultado de la búsqueda incluya todos los archivos y carpetas ocultos.
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.newcfg
  • %User Temp%\svchosts.exe
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\user.config
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.newcfg
  • F:\wlines.zip.lnk
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.tmp
  • F:\mail_client.exe.lnk
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.newcfg
  • %AppDataLocal%\GDIPFONTCACHEV1.DAT
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.tmp

Step 6

Buscar y eliminar estas carpetas

[ aprenda más ]
Asegúrese de que tiene activada la casilla Buscar archivos y carpetas ocultos en la opción Más opciones avanzadas para que el resultado de la búsqueda incluya todas las carpetas ocultas.
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1
  • %AppDataLocal%\Microsoft_Corporation
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj

Step 7

Reinicie en modo normal y explore el equipo con su producto de Trend Micro para buscar los archivos identificados como Ransom_Ryzerlo.R002C0DI919 En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.

Step 8

Restore encrypted files from backup.


Rellene nuestra encuesta!