Ransom_Ryzerlo.R002C0DI919

November 05, 2019

ALIASES:

Ransom:MSIL/Ryzerlo.A (Microsoft); GenericRXGT-RC!DB7A667FE198 (McAfee); HEUR:Trojan-Spy.MSIL.KeyLogger.gen (Kaspersky); Mal/Bladabi-S (Sophos)

PLATFORM:

Windows

OVERALL RISK RATING:

DAMAGE POTENTIAL:

REPORTED INFECTION:

Threat Type: Ransomware
Destructiveness: No
Encrypted:
In the wild: Yes

OVERVIEW

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

TECHNICAL DETAILS

File Size: 301,056 bytes

File Type: EXE

Memory Resident: Yes

Initial Samples Received Date: 05 Nov 2019

Arrival Details

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Ransomware drops the following copies of itself into the affected system:

F:\NViDiaDisplay.Container.exe

It adds the following processes:

%User Temp%\svchosts.exe

(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).)

It creates the following folders:

%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1
%AppDataLocal%\Microsoft_Corporation
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj

Autostart Technique

This Ransomware adds the following registry entries to enable its automatic execution at every system startup:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
40f1abfeb160a5f5393e777877aaa6e4 = "{malware path and file name}.exe"

Dropping Routine

This Ransomware drops the following files:

%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.newcfg
%User Temp%\svchosts.exe
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\user.config
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.newcfg
F:\wlines.zip.lnk
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.tmp
F:\mail_client.exe.lnk
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.newcfg
%AppDataLocal%\GDIPFONTCACHEV1.DAT
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.tmp

(Note: %AppDataLocal% is the Local Application Data folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Application Data on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).. %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).)

Other Details

This Ransomware connects to the following possibly malicious URL:

http://njratvirus.{BLOCKED}o.org

This report is generated via an automated analysis system.

SOLUTION

Minimum Scan Engine: 9.850

Step 1

Before doing any scans, Windows 7, Windows 8, Windows 8.1, and Windows 10 users must disable System Restore to allow full scanning of their computers.

Step 2

Restart in Safe Mode

[ Learn More ]

Step 3

Identify and terminate files detected as Ransom_Ryzerlo.R002C0DI919

[ Learn More ]

Windows Task Manager may not display all running processes. In this case, please use a third-party process viewer, preferably Process Explorer, to terminate the malware/grayware/spyware file. You may download the said tool here.
If the detected file is displayed in either Windows Task Manager or Process Explorer but you cannot delete it, restart your computer in safe mode. To do this, refer to this link for the complete steps.
If the detected file is not displayed in either Windows Task Manager or Process Explorer, continue doing the next steps.

Step 4

Delete this registry value

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 40f1abfeb160a5f5393e777877aaa6e4 = "{malware path and file name}.exe"

Step 5

Search and delete these components

[ Learn More ]

There may be some components that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.

%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.newcfg
%User Temp%\svchosts.exe
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\user.config
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.newcfg
F:\wlines.zip.lnk
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.tmp
F:\mail_client.exe.lnk
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.newcfg
%AppDataLocal%\GDIPFONTCACHEV1.DAT
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.tmp

To manually delete a malware/grayware file from an affected system:

•For Windows 7, Windows Server 2008 (R2), Windows 8, Windows 8.1, Windows 10, and Windows Server 2012 (R2):

Open a Windows Explorer window.
- For Windows 7 and Server 2008 (R2) users, click Start>Computer.
- For Windows 8, 8.1, 10, and Server 2012 (R2) users, right-click on the lower-left corner of the screen,then click File Explorer.
In the Search Computer/This PC input box, type:
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.newcfg
%User Temp%\svchosts.exe
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\user.config
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.newcfg
F:\wlines.zip.lnk
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.tmp
F:\mail_client.exe.lnk
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.newcfg
%AppDataLocal%\GDIPFONTCACHEV1.DAT
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.tmp
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.newcfg
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.tmp
Once located, select the file then press SHIFT+DELETE to delete it.
*Note: Read the following Microsoft page if these steps do not work on Windows 7 and Windows Server 2008 (R2).

Step 6

Search and delete these folders

[ Learn More ]

Please make sure you check the Search Hidden Files and Folders checkbox in the More advanced options option to include all hidden folders in the search result.

%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1
%AppDataLocal%\Microsoft_Corporation
%AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj

Step 7

Restart in normal mode and scan your computer with your Trend Micro product for files detected as Ransom_Ryzerlo.R002C0DI919. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

Step 8

Restore encrypted files from backup.

Did this description help? Tell us how we did.

Ransom_Ryzerlo.R002C0DI919

OVERVIEW

TECHNICAL DETAILS

SOLUTION

Resources

Support

About Trend

Country Headquarters