Trojan.Siggen14.50661

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'SDGuarder' = 'SDGuarder64.exe'

Creates or modifies the following files

%WINDIR%\win.ini

Sets the following service settings

[<HKLM>\System\CurrentControlSet\Services\.Winhlpsvr] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\.Winhlpsvr] 'ImagePath' = '"%CommonProgramFiles(x86)%\System\winrdgv3.exe"'
[<HKLM>\System\CurrentControlSet\Services\TVDisk] 'ImagePath' = 'System32\drivers\TVDisk.sys'
[<HKLM>\System\CurrentControlSet\Services\TFsfltdrv] 'ImagePath' = '<DRIVERS>\tfsfltdrv.sys'
[<HKLM>\System\CurrentControlSet\Services\IPNPF] 'ImagePath' = 'system32\drivers\IPNPF.sys'
[<HKLM>\System\CurrentControlSet\Services\TermService] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\TIjtdrv] 'Start' = '00000001'
[<HKLM>\System\CurrentControlSet\Services\TIjtdrv] 'ImagePath' = 'System32\Drivers\TIjtdrv64.sys'
[<HKLM>\System\CurrentControlSet\Services\THlpDrv] 'Start' = '00000001'
[<HKLM>\System\CurrentControlSet\Services\THlpDrv] 'ImagePath' = 'System32\Drivers\THlpDrv64.sys'
[<HKLM>\SYSTEM\CurrentControlSet\Services\IPNPF] 'Start' = '00000001'
[<HKLM>\System\CurrentControlSet\Services\TSafeDisk] 'ImagePath' = 'System32\drivers\TSDDrv64.sys'
[<HKLM>\System\CurrentControlSet\Services\TPacket7] 'Start' = '00000001'
[<HKLM>\System\CurrentControlSet\Services\TPacket7] 'ImagePath' = 'system32\DRIVERS\TPacket7.sys'

Creates the following services

'.Winhlpsvr' "%CommonProgramFiles(x86)%\System\winrdgv3.exe"
'.Winhlpsvr' %CommonProgramFiles(x86)%\System\winrdgv3.exe
'TVDisk' System32\drivers\TVDisk.sys
'TFsfltdrv' <DRIVERS>\tfsfltdrv.sys
'IPNPF' system32\drivers\IPNPF.sys
'TIjtdrv' System32\Drivers\TIjtdrv64.sys
'THlpDrv' System32\Drivers\THlpDrv64.sys
'TSafeDisk' System32\drivers\TSDDrv64.sys
'TPacket7' system32\DRIVERS\TPacket7.sys

Malicious functions

Injects code into

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\drvinst.exe

the following user processes:

iexplore.exe

Installs hooks to intercept notifications

on keystrokes:

Handler for all processes: %WINDIR%\SysWOW64\thooksv3.dll
Handler for all processes: <SYSTEM32>\thooksv364.dll

Modifies settings of Windows Internet Explorer

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '2500' = '00000003'

Modifies file system

Creates the following files

%TEMP%\agentinstall\installation.log
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_de
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_el
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_en
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_es
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_fi
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_fr
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_he
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_hu
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_cs
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_da
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_it
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_nl
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_no
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_pl
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_pt
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_ptbr
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_ru
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_sv
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_tr
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_ja
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_ko
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_ar
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_fr
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_it
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_ja
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_ko
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_ru
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_sv
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_es
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_en
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_es
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_fr
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_it
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_ja
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_ko
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_ru
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_sv
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_de
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_zhcn
D:\55debf9a5af2d81da66970396ef1\wuauserv.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_en
D:\55debf9a5af2d81da66970396ef1\wucltui.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_ru
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_sv
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_de
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_en
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_es
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_ko
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_fr
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_ko
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_ru
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_sv
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_de
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_it
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_ja
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_ja
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_it
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_fr
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_en
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_es
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_fr
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_it
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_ja
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_ko
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_ru
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_sv
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_de
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wups.dll
D:\55debf9a5af2d81da66970396ef1\wups2.dll
D:\55debf9a5af2d81da66970396ef1\wusetup.exe
D:\55debf9a5af2d81da66970396ef1\wusetup.inf
D:\55debf9a5af2d81da66970396ef1\wuweb.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_de
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_en
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_es
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_en
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_zhtw
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_de
%ALLUSERSPROFILE%\ipgaszip20210801161146\file163.tmp.bak001195eb
%ALLUSERSPROFILE%\ipgaszip20210801161146\file151.tmp.bak001198ae
%ALLUSERSPROFILE%\ipgaszip20210801161146\file151.tmp.bak0011988a
%ALLUSERSPROFILE%\ipgaszip20210801161146\file152.tmp.bak00119866
%ALLUSERSPROFILE%\ipgaszip20210801161146\file152.tmp.bak00119820
%ALLUSERSPROFILE%\ipgaszip20210801161146\file153.tmp.bak001197fe
%ALLUSERSPROFILE%\ipgaszip20210801161146\file153.tmp.bak001197d9
%ALLUSERSPROFILE%\ipgaszip20210801161146\file154.tmp.bak001197b5
%ALLUSERSPROFILE%\ipgaszip20210801161146\file154.tmp.bak00119793
%ALLUSERSPROFILE%\ipgaszip20210801161146\file150.tmp.bak001198f5
%ALLUSERSPROFILE%\ipgaszip20210801161146\file150.tmp.bak001198d0
%ALLUSERSPROFILE%\ipgaszip20210801161146\file155.tmp.bak0011976f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file157.tmp.bak00119729
%ALLUSERSPROFILE%\ipgaszip20210801161146\file158.tmp.bak001196be
%ALLUSERSPROFILE%\ipgaszip20210801161146\file158.tmp.bak0011969c
%ALLUSERSPROFILE%\ipgaszip20210801161146\file159.tmp.bak0011969c
%ALLUSERSPROFILE%\ipgaszip20210801161146\file159.tmp.bak00119678
%ALLUSERSPROFILE%\ipgaszip20210801161146\file160.tmp.bak00119678
%ALLUSERSPROFILE%\ipgaszip20210801161146\file160.tmp.bak00119654
%ALLUSERSPROFILE%\ipgaszip20210801161146\file161.tmp.bak00119632
%ALLUSERSPROFILE%\ipgaszip20210801161146\file156.tmp.bak0011976f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file157.tmp.bak0011974d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file149.tmp.bak0011995f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file149.tmp.bak001199c7
%ALLUSERSPROFILE%\ipgaszip20210801161146\file148.tmp.bak001199eb
%ALLUSERSPROFILE%\ipgaszip20210801161146\file136.tmp.bak00119d3b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file137.tmp.bak00119d3b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file138.tmp.bak00119d19
%ALLUSERSPROFILE%\ipgaszip20210801161146\file138.tmp.bak00119cf5
%ALLUSERSPROFILE%\ipgaszip20210801161146\file139.tmp.bak00119cd3
%ALLUSERSPROFILE%\ipgaszip20210801161146\file139.tmp.bak00119c68
%ALLUSERSPROFILE%\ipgaszip20210801161146\file140.tmp.bak00119c44
%ALLUSERSPROFILE%\ipgaszip20210801161146\file140.tmp.bak00119c22
%ALLUSERSPROFILE%\ipgaszip20210801161146\file141.tmp.bak00119bfe
%ALLUSERSPROFILE%\ipgaszip20210801161146\file136.tmp.bak00119d5f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file141.tmp.bak00119bd9
%ALLUSERSPROFILE%\ipgaszip20210801161146\file143.tmp.bak00119b71
%ALLUSERSPROFILE%\ipgaszip20210801161146\file144.tmp.bak00119b4d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file145.tmp.bak00119b29
%ALLUSERSPROFILE%\ipgaszip20210801161146\file145.tmp.bak00119ae2
%ALLUSERSPROFILE%\ipgaszip20210801161146\file146.tmp.bak00119a9c
%ALLUSERSPROFILE%\ipgaszip20210801161146\file146.tmp.bak00119a78
%ALLUSERSPROFILE%\ipgaszip20210801161146\file147.tmp.bak00119a56
%ALLUSERSPROFILE%\ipgaszip20210801161146\file147.tmp.bak00119a32
%ALLUSERSPROFILE%\ipgaszip20210801161146\file148.tmp.bak00119a10
%ALLUSERSPROFILE%\ipgaszip20210801161146\file142.tmp.bak00119bb7
%ALLUSERSPROFILE%\ipgaszip20210801161146\file162.tmp.bak0011960d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file163.tmp.bak001195c7
D:\55debf9a5af2d81da66970396ef1\wuauclt.exe
%ALLUSERSPROFILE%\ipgaszip20210801161146\file164.tmp.bak001195a3
%WINDIR%\syswow64\bakenumiacc2.sys_2tmp
D:\55debf9a5af2d81da66970396ef1\wuclient-selfupdate-activex.cab
D:\55debf9a5af2d81da66970396ef1\wuclient-selfupdate-aux-toplevel.cab
D:\55debf9a5af2d81da66970396ef1\wuclient-selfupdate-core-toplevel.cab
D:\55debf9a5af2d81da66970396ef1\cdm.dll
D:\55debf9a5af2d81da66970396ef1\wsus3setup.cat
D:\55debf9a5af2d81da66970396ef1\wuapi.dll
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_de
%WINDIR%\syswow64\winhadnt.dll_2tmp
%WINDIR%\syswow64\ifocmsdll.dll_2tmp
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_en
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_it
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_ja
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_ko
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_ru
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_sv
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_es
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_fr
%WINDIR%\baktsdoc64.sys_2tmp
%WINDIR%\bakhafnt64.sys_2tmp
%WINDIR%\bakthv364.sys_2tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file165.tmp.bak0011955d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file166.tmp.bak0011953b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file166.tmp.bak00119516
%ALLUSERSPROFILE%\ipgaszip20210801161146\file144.tmp.bak001194f2
%ALLUSERSPROFILE%\ipgaszip20210801161146\file144.tmp.bak001194d0
%ALLUSERSPROFILE%\ipgaszip20210801161146\file167.tmp.bak001194ac
%ALLUSERSPROFILE%\ipgaszip20210801161146\file167.tmp.bak0011948a
%ALLUSERSPROFILE%\ipgaszip20210801161146\file168.tmp.bak00119466
%ALLUSERSPROFILE%\ipgaszip20210801161146\file168.tmp.bak00119441
%ALLUSERSPROFILE%\ipgaszip20210801161146\file164.tmp.bak00119581
%ALLUSERSPROFILE%\ipgaszip20210801161146\file137.tmp.bak00119420
%CommonProgramFiles(x86)%\system\winwdgsvr.exe
%WINDIR%\syswow64\winwdgv3.dll
%WINDIR%\bakrund.sys
%WINDIR%\syswow64\winrdlv3.exe
<SYSTEM32>\winwdgv364.dll
%WINDIR%\bakthv3.sys_2tmp
%WINDIR%\bakhafnt.sys_2tmp
%WINDIR%\bakimhc3.sys_2tmp
%WINDIR%\baktsdoc2.sys_2tmp
%CommonProgramFiles(x86)%\system\winrdgv3.exe
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl
D:\55debf9a5af2d81da66970396ef1\ja\wuau.adm
%WINDIR%\temp\old9cdb.tmp
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_it
%WINDIR%\syswow64\ocular\tsafedoc\tsduserandugrounp.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdurgencywarr2.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdusbkeylog.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdoc2.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdusbkeyusedlog.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdoc.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsareq\tsdchangerightuseridnew.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdocbakguid.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdui.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdosm.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdurgencywarr.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdofflinewarr3.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdbaksdlog\tsdbakwait2.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdbaksdlog\tsdbakgo2.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsareq\tsddecryptuseridnew.dat
%WINDIR%\syswow64\ocular\oeaviewer.e32
%WINDIR%\syswow64\ocular\msolapplyinfo.dat
%WINDIR%\syswow64\ocular\msodhash3.dat
%WINDIR%\temp\udda9d.tmp
%WINDIR%\syswow64\ocular\tsafedoc\tsareq\tsdchangerightuseridend.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdexceptionfile.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdusbkeyclasslib.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdoso.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsareq\tsdoutgouseridend.dat
%WINDIR%\temp\uddf343.tmp
%WINDIR%\temp\uddf344.tmp
%WINDIR%\temp\uddf355.tmp
%WINDIR%\syswow64\ocular\tsafedoc\tsdbaksdlog\tsdscanbakwait.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsareq\tsddecryptuseridend.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdsoftware.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdbaksdlog\tsdscanbakgo.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsusercfg\tsdsysofps2.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdlogonlog.dat
<DRIVERS>\tfsfltdrv.sys_tmp
%WINDIR%\syswow64\ocular\tsafedoc\tsareq\tsdonlinepoldelayuseridnew.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsareq\tsdonlinepoldelayuseridend.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdurgencywarr3.dat
%WINDIR%\syswow64\ocular\tsafedoc\encryptdisk\encryptdiskinfo.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdbaksdlog\tsdbakwait.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdbaksdlog\tsdbakgo.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsareq\tsdoutgouseridnew.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdarea.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdusbkeylib.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsbakdoc2.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdofflinewarr2.dat
%WINDIR%\temp\uddabd.tmp
%WINDIR%\syswow64\ocular\msornet_cur.dat
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_fr
%WINDIR%\syswow64\ocular\temp\mdnltdsse_system_2021_08_01_16_12_38_usbidtesest.log
%ALLUSERSPROFILE%\ocularlog\oadbg_sdagent64_2021_8_1_16_12_45_s_1_p_1844.txt
%WINDIR%\syswow64\ocular\tsafedoc\tsdlogonsetting\tsdlogonsetting_2d7db504-0a25-9018-4207-69625d251673.dat
%WINDIR%\syswow64\ocular\tsafedoc\tsdlogonsetting\smart_tsdlogonsetting_2d7db504-0a25-9018-4207-69625d251673
%WINDIR%\syswow64\ocular\temp\mdnltdsse_system_2021_08_01_16_12_49_usbidtesest.log
C:\tpacket7\tpacket7.sys
C:\tpacket7\tpacket7.inf
C:\tpacket7\tpacket7.cat
%WINDIR%\syswow64\ocular\msolurl2_temp2.dat
%WINDIR%\syswow64\ocular\agenttask\agenttasklog.dat
%ALLUSERSPROFILE%\ocularlog\oadbg_agentu64_2021_8_1_16_12_44_s_1_p_1844.txt
%WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\set5c14.tmp
<DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\set6f26.tmp
<DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\set7002.tmp
<DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\set70ce.tmp
%WINDIR%\inf\oem2.inf
<DRIVERSTORE>\filerepository\tpacket7.inf_amd64_neutral_352b33c3c8c502e9\tpacket7.pnf
<DRIVERSTORE>\infcache.0
<SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\oem2.cat
%WINDIR%\inf\oem2.pnf
%WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\set5cd0.tmp
%WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\set5d8c.tmp
%ALLUSERSPROFILE%\ocularlog\oadbg_agentu_2021_8_1_16_12_30_s_1_p_2372.txt
%ALLUSERSPROFILE%\ocularlog\oadbg_agent_2021_8_1_16_12_20_s_0_p_2932.txt
%WINDIR%\temp\udd2e74.tmp
%WINDIR%\syswow64\ocular\tsafedoc\tsusercfg\tsdusercfg_1.dat
%WINDIR%\syswow64\ocular\temp\mdnltdsse_system_2021_08_01_16_12_40_usbidtesest.log
%WINDIR%\syswow64\onacagent.exe
%WINDIR%\syswow64\ocular\msorapp2.dat
%WINDIR%\syswow64\ocular\msorurl2.dat
%WINDIR%\syswow64\ocular\msornet2.dat
%WINDIR%\syswow64\ocular\msoldoc3.dat
%WINDIR%\syswow64\ocular\msolsmb2.dat
%WINDIR%\syswow64\ocular\msolurl2.dat
%WINDIR%\syswow64\ocular\temp\mdnltdsse_system_2021_08_01_16_12_39_usbidtesest.log
%WINDIR%\syswow64\ocular\msolprn3_v1.dat
%WINDIR%\syswow64\ocular\msolpoly2.dat
%WINDIR%\syswow64\ocular\msolims2.dat
%WINDIR%\syswow64\ocular\msolimc2.dat
%WINDIR%\syswow64\ocular\msappinfo2.dat
%WINDIR%\syswow64\ocular\msoludisk2.dat
%WINDIR%\syswow64\ocular\msolwevtl.dat
%WINDIR%\syswow64\ocular\msolagt2.dat
%WINDIR%\syswow64\ocular\msassets_chg.dat
%WINDIR%\syswow64\ocular\msassets_chgex.dat
%WINDIR%\syswow64\ocular\msolapp2.dat
%WINDIR%\syswow64\ocular\msudiskinfo_send2.dat
%ALLUSERSPROFILE%\ipgaszip20210801161146\file135.tmp.bak00119da5
%WINDIR%\syswow64\ocular\temp\mdnltdsse_system_2021_08_01_16_12_27_usbidtesest.log
D:\55debf9a5af2d81da66970396ef1\ja\eula.rtf
D:\55debf9a5af2d81da66970396ef1\en\wuau.adm
D:\55debf9a5af2d81da66970396ef1\en\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\es\eula.rtf
D:\55debf9a5af2d81da66970396ef1\es\wuau.adm
D:\55debf9a5af2d81da66970396ef1\es\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\fi\eula.rtf
D:\55debf9a5af2d81da66970396ef1\fi\wuau.adm
D:\55debf9a5af2d81da66970396ef1\fi\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\el\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\en\eula.rtf
D:\55debf9a5af2d81da66970396ef1\fr\eula.rtf
D:\55debf9a5af2d81da66970396ef1\he\eula.rtf
D:\55debf9a5af2d81da66970396ef1\he\wuau.adm
D:\55debf9a5af2d81da66970396ef1\he\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\hu\eula.rtf
D:\55debf9a5af2d81da66970396ef1\hu\wuau.adm
D:\55debf9a5af2d81da66970396ef1\hu\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\it\eula.rtf
D:\55debf9a5af2d81da66970396ef1\it\wuau.adm
D:\55debf9a5af2d81da66970396ef1\fr\wuau.adm
D:\55debf9a5af2d81da66970396ef1\fr\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\el\wuau.adm
D:\55debf9a5af2d81da66970396ef1\el\eula.rtf
D:\55debf9a5af2d81da66970396ef1\de\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_ko
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_ru
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_sv
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wow64\wups.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wups2.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wuweb.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_ja
D:\55debf9a5af2d81da66970396ef1\ar\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ar\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\cs\eula.rtf
D:\55debf9a5af2d81da66970396ef1\cs\wuau.adm
D:\55debf9a5af2d81da66970396ef1\cs\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\da\eula.rtf
D:\55debf9a5af2d81da66970396ef1\da\wuau.adm
D:\55debf9a5af2d81da66970396ef1\da\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\de\eula.rtf
D:\55debf9a5af2d81da66970396ef1\de\wuau.adm
D:\55debf9a5af2d81da66970396ef1\ar\wuau.adm
D:\55debf9a5af2d81da66970396ef1\it\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_es
%WINDIR%\syswow64\ocular\msolurl2_temp.dat
D:\55debf9a5af2d81da66970396ef1\ja\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\tr\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\zhcn\eula.rtf
D:\55debf9a5af2d81da66970396ef1\zhcn\wuau.adm
D:\55debf9a5af2d81da66970396ef1\zhcn\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\zhtw\eula.rtf
D:\55debf9a5af2d81da66970396ef1\zhtw\wuau.adm
D:\55debf9a5af2d81da66970396ef1\zhtw\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\$shtdwn$.req
D:\55debf9a5af2d81da66970396ef1\tr\eula.rtf
D:\55debf9a5af2d81da66970396ef1\tr\wuau.adm
<SYSTEM32>\winrdlv3.exe_2tmp
%WINDIR%\syswow64\ippacket.dll
<DRIVERS>\ipnpf.sys
%WINDIR%\syswow64\ipwpacket.dll
%WINDIR%\syswow64\winoacnac.dll
%WINDIR%\syswow64\winoacsgw.dll
%WINDIR%\syswow64\ocular\oagent.ini
%WINDIR%\syswow64\ocular\mswinpatch_install.dat
%WINDIR%\syswow64\ocular\msolbase2.dat
<SYSTEM32>\winbrosqlite3_64.dll_2tmp
%WINDIR%\syswow64\ippcap.dll
D:\55debf9a5af2d81da66970396ef1\sv\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\sv\wuau.adm
D:\55debf9a5af2d81da66970396ef1\sv\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ko\wuau.adm
D:\55debf9a5af2d81da66970396ef1\ko\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\nl\eula.rtf
D:\55debf9a5af2d81da66970396ef1\nl\wuau.adm
D:\55debf9a5af2d81da66970396ef1\nl\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\no\eula.rtf
D:\55debf9a5af2d81da66970396ef1\no\wuau.adm
D:\55debf9a5af2d81da66970396ef1\no\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\pl\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ko\eula.rtf
D:\55debf9a5af2d81da66970396ef1\pl\wuau.adm
D:\55debf9a5af2d81da66970396ef1\pt\eula.rtf
D:\55debf9a5af2d81da66970396ef1\pt\wuau.adm
D:\55debf9a5af2d81da66970396ef1\pt\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\ptbr\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ptbr\wuau.adm
D:\55debf9a5af2d81da66970396ef1\ptbr\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\ru\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ru\wuau.adm
D:\55debf9a5af2d81da66970396ef1\ru\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\pl\wusetup.exe.mui
%WINDIR%\syswow64\ocular\temp\mdnltdsse_system_2021_08_01_16_12_25_usbidtesest.log
%WINDIR%\syswow64\ocular\msudiskinfo.dat
%ALLUSERSPROFILE%\ipgaszip20210801161146\file134.tmp.bak00119dca
%ALLUSERSPROFILE%\ipgaszip20210801161146\file105.tmp.bak0011947f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file122.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file123.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file124.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file125.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file126.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file127.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file128.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file129.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file120.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file121.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file130.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file133.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file134.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file135.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file136.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file137.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file138.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file139.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file140.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file131.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file132.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file119.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file118.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file117.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file097.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file098.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file099.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file100.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file101.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file102.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file103.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file104.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file105.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file096.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file106.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file108.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file109.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file110.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file111.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file112.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file113.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file114.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file115.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file116.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file107.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file141.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file143.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file013.tmp.bak00117999
%ALLUSERSPROFILE%\ipgaszip20210801161146\file144.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file001.tmp.bak0011803a
%ALLUSERSPROFILE%\ipgaszip20210801161146\file001.tmp.bak00117ff3
%ALLUSERSPROFILE%\ipgaszip20210801161146\file002.tmp.bak00117fab
%ALLUSERSPROFILE%\ipgaszip20210801161146\file002.tmp.bak00117f65
%ALLUSERSPROFILE%\ipgaszip20210801161146\file003.tmp.bak00117f43
%ALLUSERSPROFILE%\ipgaszip20210801161146\file004.tmp.bak00117efa
%ALLUSERSPROFILE%\ipgaszip20210801161146\file005.tmp.bak00117eb4
%ALLUSERSPROFILE%\ipgaszip20210801161146\file005.tmp.bak00117dbd
%ALLUSERSPROFILE%\ipgaszip20210801161146\file000.tmp.bak001159b6
%ALLUSERSPROFILE%\ipgaszip20210801161146\file000.tmp.bak0011594c
%ALLUSERSPROFILE%\ipgaszip20210801161146\file006.tmp.bak00117c80
%ALLUSERSPROFILE%\ipgaszip20210801161146\file007.tmp.bak00117b40
%ALLUSERSPROFILE%\ipgaszip20210801161146\file008.tmp.bak00117b1e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file009.tmp.bak00117afa
%ALLUSERSPROFILE%\ipgaszip20210801161146\file009.tmp.bak00117ad6
%ALLUSERSPROFILE%\ipgaszip20210801161146\file010.tmp.bak00117a49
%ALLUSERSPROFILE%\ipgaszip20210801161146\file010.tmp.bak00117a25
%ALLUSERSPROFILE%\ipgaszip20210801161146\file011.tmp.bak001179df
%ALLUSERSPROFILE%\ipgaszip20210801161146\file012.tmp.bak001179bd
%ALLUSERSPROFILE%\ipgaszip20210801161146\file006.tmp.bak00117bf1
%ALLUSERSPROFILE%\ipgaszip20210801161146\file007.tmp.bak00117b65
%ALLUSERSPROFILE%\ipgaszip20210801161146\file168.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file167.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file166.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file146.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file147.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file148.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file149.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file150.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file151.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file152.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file153.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file154.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file145.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file155.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file157.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file158.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file159.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file160.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file161.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file162.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file163.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file164.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file165.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file156.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file095.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file142.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file094.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file044.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file024.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file025.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file026.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file027.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file028.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file029.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file030.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file031.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file022.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file023.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file032.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file035.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file036.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file037.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file038.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file039.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file040.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file041.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file042.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file033.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file034.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file021.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file020.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file019.tmp
%TEMP%\ipgaskernel20210801161133\akernel3.exe
%ALLUSERSPROFILE%\ipgaszip20210801161146\file000.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file001.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file002.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file003.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file004.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file005.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file006.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file007.tmp
%TEMP%\ipgaskernel20210801161133\setupdata.dat
%ALLUSERSPROFILE%\ipgaszip20210801161146\file008.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file010.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file011.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file012.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file013.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file014.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file015.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file016.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file017.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file018.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file009.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file043.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file045.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file092.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file046.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file073.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file074.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file075.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file076.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file077.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file078.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file079.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file080.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file071.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file072.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file081.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file084.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file085.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file086.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file087.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file088.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file089.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file090.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file091.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file082.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file083.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file070.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file069.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file068.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file048.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file049.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file050.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file051.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file052.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file053.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file054.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file055.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file056.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file047.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file057.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file059.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file060.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file061.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file062.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file063.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file064.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file065.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file066.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file067.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file058.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file093.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file047.tmp.bak00116f3e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file132.tmp.bak00119e10
%ALLUSERSPROFILE%\ipgaszip20210801161146\file015.tmp.bak0011790c
%ALLUSERSPROFILE%\ipgaszip20210801161146\file089.tmp.bak0011805b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file090.tmp.bak0011805b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file091.tmp.bak00117f62
%ALLUSERSPROFILE%\ipgaszip20210801161146\file092.tmp.bak00117e01
%ALLUSERSPROFILE%\ipgaszip20210801161146\file092.tmp.bak00117d98
%ALLUSERSPROFILE%\ipgaszip20210801161146\file097.tmp.bak00117d50
%ALLUSERSPROFILE%\ipgaszip20210801161146\file098.tmp.bak00117d2e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file098.tmp.bak00117d0a
%ALLUSERSPROFILE%\ipgaszip20210801161146\file088.tmp.bak001180a2
%ALLUSERSPROFILE%\ipgaszip20210801161146\file089.tmp.bak0011807d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file099.tmp.bak00117cc3
%ALLUSERSPROFILE%\ipgaszip20210801161146\file100.tmp.bak00117bee
%ALLUSERSPROFILE%\ipgaszip20210801161146\file101.tmp.bak00117ba8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file101.tmp.bak00117ab1
%ALLUSERSPROFILE%\ipgaszip20210801161146\file102.tmp.bak00117a25
%ALLUSERSPROFILE%\ipgaszip20210801161146\file102.tmp.bak00117a01
%ALLUSERSPROFILE%\ipgaszip20210801161146\file103.tmp.bak0011950e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file103.tmp.bak001194ea
%ALLUSERSPROFILE%\ipgaszip20210801161146\file104.tmp.bak001194ea
%ALLUSERSPROFILE%\ipgaszip20210801161146\file099.tmp.bak00117c7d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file100.tmp.bak00117c37
%ALLUSERSPROFILE%\ipgaszip20210801161146\file087.tmp.bak001180c3
%ALLUSERSPROFILE%\ipgaszip20210801161146\file086.tmp.bak0011810c
%ALLUSERSPROFILE%\ipgaszip20210801161146\file085.tmp.bak0011812e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file075.tmp.bak001185e1
%ALLUSERSPROFILE%\ipgaszip20210801161146\file075.tmp.bak001185bd
%ALLUSERSPROFILE%\ipgaszip20210801161146\file076.tmp.bak00118577
%ALLUSERSPROFILE%\ipgaszip20210801161146\file076.tmp.bak00118552
%ALLUSERSPROFILE%\ipgaszip20210801161146\file077.tmp.bak00118530
%ALLUSERSPROFILE%\ipgaszip20210801161146\file077.tmp.bak0011850c
%ALLUSERSPROFILE%\ipgaszip20210801161146\file078.tmp.bak001184e8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file078.tmp.bak001184a2
%ALLUSERSPROFILE%\ipgaszip20210801161146\file079.tmp.bak0011845b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file074.tmp.bak00118627
%ALLUSERSPROFILE%\ipgaszip20210801161146\file079.tmp.bak001183cf
%ALLUSERSPROFILE%\ipgaszip20210801161146\file080.tmp.bak00118386
%ALLUSERSPROFILE%\ipgaszip20210801161146\file081.tmp.bak00118364
%ALLUSERSPROFILE%\ipgaszip20210801161146\file081.tmp.bak0011831e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file082.tmp.bak001182d6
%ALLUSERSPROFILE%\ipgaszip20210801161146\file082.tmp.bak001182b4
%ALLUSERSPROFILE%\ipgaszip20210801161146\file083.tmp.bak0011828f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file083.tmp.bak00118225
%ALLUSERSPROFILE%\ipgaszip20210801161146\file084.tmp.bak001181df
%ALLUSERSPROFILE%\ipgaszip20210801161146\file084.tmp.bak00118174
%ALLUSERSPROFILE%\ipgaszip20210801161146\file080.tmp.bak001183ab
%ALLUSERSPROFILE%\ipgaszip20210801161146\file104.tmp.bak001194c8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file105.tmp.bak0011945d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file014.tmp.bak0011792e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file106.tmp.bak00119439
%ALLUSERSPROFILE%\ipgaszip20210801161146\file120.tmp.bak00119919
%ALLUSERSPROFILE%\ipgaszip20210801161146\file121.tmp.bak001198d3
%ALLUSERSPROFILE%\ipgaszip20210801161146\file121.tmp.bak00119868
%ALLUSERSPROFILE%\ipgaszip20210801161146\file122.tmp.bak00119800
%ALLUSERSPROFILE%\ipgaszip20210801161146\file122.tmp.bak001197dc
%ALLUSERSPROFILE%\ipgaszip20210801161146\file123.tmp.bak00119796
%ALLUSERSPROFILE%\ipgaszip20210801161146\file123.tmp.bak00118f93
%ALLUSERSPROFILE%\ipgaszip20210801161146\file124.tmp.bak00118f29
%ALLUSERSPROFILE%\ipgaszip20210801161146\file119.tmp.bak001199ca
%ALLUSERSPROFILE%\ipgaszip20210801161146\file120.tmp.bak00119962
%ALLUSERSPROFILE%\ipgaszip20210801161146\file124.tmp.bak00118ee3
%ALLUSERSPROFILE%\ipgaszip20210801161146\file126.tmp.bak0011a561
%ALLUSERSPROFILE%\ipgaszip20210801161146\file127.tmp.bak0011a046
%ALLUSERSPROFILE%\ipgaszip20210801161146\file127.tmp.bak00119f4d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file128.tmp.bak00119f4d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file128.tmp.bak00119f2b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file129.tmp.bak00119e34
%ALLUSERSPROFILE%\ipgaszip20210801161146\file130.tmp.bak00119e34
%ALLUSERSPROFILE%\ipgaszip20210801161146\file131.tmp.bak00119e10
%ALLUSERSPROFILE%\ipgaszip20210801161146\file125.tmp.bak0011874b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file126.tmp.bak00118726
%ALLUSERSPROFILE%\ipgaszip20210801161146\file119.tmp.bak00119a9f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file118.tmp.bak00119ae5
%ALLUSERSPROFILE%\ipgaszip20210801161146\file118.tmp.bak00119b4f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file107.tmp.bak001193f3
%ALLUSERSPROFILE%\ipgaszip20210801161146\file107.tmp.bak001193ad
%ALLUSERSPROFILE%\ipgaszip20210801161146\file108.tmp.bak00119389
%ALLUSERSPROFILE%\ipgaszip20210801161146\file108.tmp.bak00119367
%ALLUSERSPROFILE%\ipgaszip20210801161146\file109.tmp.bak00119367
%ALLUSERSPROFILE%\ipgaszip20210801161146\file109.tmp.bak00119342
%ALLUSERSPROFILE%\ipgaszip20210801161146\file110.tmp.bak0011931e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file110.tmp.bak001192fc
%ALLUSERSPROFILE%\ipgaszip20210801161146\file111.tmp.bak001192fc
%ALLUSERSPROFILE%\ipgaszip20210801161146\file106.tmp.bak00119417
%ALLUSERSPROFILE%\ipgaszip20210801161146\file111.tmp.bak001192d8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file113.tmp.bak001192b6
%ALLUSERSPROFILE%\ipgaszip20210801161146\file113.tmp.bak00119292
%ALLUSERSPROFILE%\ipgaszip20210801161146\file114.tmp.bak0011924b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file115.tmp.bak00119227
%ALLUSERSPROFILE%\ipgaszip20210801161146\file115.tmp.bak001191e1
%ALLUSERSPROFILE%\ipgaszip20210801161146\file116.tmp.bak001191bd
%ALLUSERSPROFILE%\ipgaszip20210801161146\file116.tmp.bak00119176
%ALLUSERSPROFILE%\ipgaszip20210801161146\file117.tmp.bak00119130
%ALLUSERSPROFILE%\ipgaszip20210801161146\file117.tmp.bak001190c6
%ALLUSERSPROFILE%\ipgaszip20210801161146\file112.tmp.bak001192b6
%ALLUSERSPROFILE%\ipgaszip20210801161146\file074.tmp.bak0011866d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file133.tmp.bak00119dec
%ALLUSERSPROFILE%\ipgaszip20210801161146\file073.tmp.bak00118692
%ALLUSERSPROFILE%\ipgaszip20210801161146\file046.tmp.bak00116fa8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file030.tmp.bak00117247
%ALLUSERSPROFILE%\ipgaszip20210801161146\file031.tmp.bak00117201
%ALLUSERSPROFILE%\ipgaszip20210801161146\file032.tmp.bak001171dd
%ALLUSERSPROFILE%\ipgaszip20210801161146\file033.tmp.bak001171dd
%ALLUSERSPROFILE%\ipgaszip20210801161146\file034.tmp.bak001171bb
%ALLUSERSPROFILE%\ipgaszip20210801161146\file035.tmp.bak001171bb
%ALLUSERSPROFILE%\ipgaszip20210801161146\file036.tmp.bak00117196
%ALLUSERSPROFILE%\ipgaszip20210801161146\file037.tmp.bak00117174
%ALLUSERSPROFILE%\ipgaszip20210801161146\file029.tmp.bak001172d6
%ALLUSERSPROFILE%\ipgaszip20210801161146\file030.tmp.bak0011728d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file038.tmp.bak00117150
%ALLUSERSPROFILE%\ipgaszip20210801161146\file039.tmp.bak001170e6
%ALLUSERSPROFILE%\ipgaszip20210801161146\file040.tmp.bak0011709f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file041.tmp.bak0011707b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file041.tmp.bak00117059
%ALLUSERSPROFILE%\ipgaszip20210801161146\file042.tmp.bak00117035
%ALLUSERSPROFILE%\ipgaszip20210801161146\file043.tmp.bak00117013
%ALLUSERSPROFILE%\ipgaszip20210801161146\file043.tmp.bak00116fef
%ALLUSERSPROFILE%\ipgaszip20210801161146\file044.tmp.bak00116fca
%ALLUSERSPROFILE%\ipgaszip20210801161146\file034.tmp.bak0011710a
%ALLUSERSPROFILE%\ipgaszip20210801161146\file039.tmp.bak0011710a
%ALLUSERSPROFILE%\ipgaszip20210801161146\file029.tmp.bak001172f8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file028.tmp.bak00117362
%ALLUSERSPROFILE%\ipgaszip20210801161146\file028.tmp.bak001173a8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file017.tmp.bak001177f1
%ALLUSERSPROFILE%\ipgaszip20210801161146\file018.tmp.bak001177cd
%ALLUSERSPROFILE%\ipgaszip20210801161146\file018.tmp.bak00117786
%ALLUSERSPROFILE%\ipgaszip20210801161146\file019.tmp.bak00117740
%ALLUSERSPROFILE%\ipgaszip20210801161146\file019.tmp.bak001176fa
%ALLUSERSPROFILE%\ipgaszip20210801161146\file020.tmp.bak001176b2
%ALLUSERSPROFILE%\ipgaszip20210801161146\file020.tmp.bak00117649
%ALLUSERSPROFILE%\ipgaszip20210801161146\file021.tmp.bak00117601
%ALLUSERSPROFILE%\ipgaszip20210801161146\file021.tmp.bak001175df
%ALLUSERSPROFILE%\ipgaszip20210801161146\file016.tmp.bak001178c4
%ALLUSERSPROFILE%\ipgaszip20210801161146\file022.tmp.bak00117599
%ALLUSERSPROFILE%\ipgaszip20210801161146\file023.tmp.bak00117550
%ALLUSERSPROFILE%\ipgaszip20210801161146\file024.tmp.bak0011752e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file024.tmp.bak001174e8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file025.tmp.bak001174e8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file025.tmp.bak001174c4
%ALLUSERSPROFILE%\ipgaszip20210801161146\file026.tmp.bak0011749f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file026.tmp.bak0011747d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file027.tmp.bak00117413
%ALLUSERSPROFILE%\ipgaszip20210801161146\file027.tmp.bak001173cd
%ALLUSERSPROFILE%\ipgaszip20210801161146\file022.tmp.bak00117574
%ALLUSERSPROFILE%\ipgaszip20210801161146\file045.tmp.bak00116fca
%ALLUSERSPROFILE%\ipgaszip20210801161146\file014.tmp.bak00117952
%ALLUSERSPROFILE%\ipgaszip20210801161146\file072.tmp.bak00118742
%ALLUSERSPROFILE%\ipgaszip20210801161146\file047.tmp.bak00116f1a
%ALLUSERSPROFILE%\ipgaszip20210801161146\file061.tmp.bak0011689d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file062.tmp.bak00116857
%ALLUSERSPROFILE%\ipgaszip20210801161146\file062.tmp.bak001167ca
%ALLUSERSPROFILE%\ipgaszip20210801161146\file063.tmp.bak00116760
%ALLUSERSPROFILE%\ipgaszip20210801161146\file063.tmp.bak001166af
%ALLUSERSPROFILE%\ipgaszip20210801161146\file064.tmp.bak001165b8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file064.tmp.bak0011654e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file065.tmp.bak00118bf3
%ALLUSERSPROFILE%\ipgaszip20210801161146\file060.tmp.bak00116994
%ALLUSERSPROFILE%\ipgaszip20210801161146\file061.tmp.bak001168c1
%ALLUSERSPROFILE%\ipgaszip20210801161146\file065.tmp.bak00118bad
%ALLUSERSPROFILE%\ipgaszip20210801161146\file067.tmp.bak0011899b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file069.tmp.bak001188a4
%ALLUSERSPROFILE%\ipgaszip20210801161146\file069.tmp.bak0011885b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file070.tmp.bak00118839
%ALLUSERSPROFILE%\ipgaszip20210801161146\file070.tmp.bak001187f3
%ALLUSERSPROFILE%\ipgaszip20210801161146\file071.tmp.bak001187ab
%ALLUSERSPROFILE%\ipgaszip20210801161146\file071.tmp.bak00118789
%ALLUSERSPROFILE%\ipgaszip20210801161146\file072.tmp.bak00118789
%ALLUSERSPROFILE%\ipgaszip20210801161146\file066.tmp.bak00118b67
%ALLUSERSPROFILE%\ipgaszip20210801161146\file066.tmp.bak00118a92
%ALLUSERSPROFILE%\ipgaszip20210801161146\file060.tmp.bak00116a8d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file059.tmp.bak00116af5
%ALLUSERSPROFILE%\ipgaszip20210801161146\file059.tmp.bak00116b3e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file048.tmp.bak00116ed3
%ALLUSERSPROFILE%\ipgaszip20210801161146\file049.tmp.bak00116eb1
%ALLUSERSPROFILE%\ipgaszip20210801161146\file049.tmp.bak00116e8d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file050.tmp.bak00116e69
%ALLUSERSPROFILE%\ipgaszip20210801161146\file050.tmp.bak00116e23
%ALLUSERSPROFILE%\ipgaszip20210801161146\file051.tmp.bak00116e01
%ALLUSERSPROFILE%\ipgaszip20210801161146\file052.tmp.bak00116ddc
%ALLUSERSPROFILE%\ipgaszip20210801161146\file052.tmp.bak00116db8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file053.tmp.bak00116d96
%ALLUSERSPROFILE%\ipgaszip20210801161146\file048.tmp.bak00116ef8
%ALLUSERSPROFILE%\ipgaszip20210801161146\file053.tmp.bak00116d72
%ALLUSERSPROFILE%\ipgaszip20210801161146\file054.tmp.bak00116d08
%ALLUSERSPROFILE%\ipgaszip20210801161146\file055.tmp.bak00116cc1
%ALLUSERSPROFILE%\ipgaszip20210801161146\file055.tmp.bak00116c9f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file056.tmp.bak00116c9f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file056.tmp.bak00116c35
%ALLUSERSPROFILE%\ipgaszip20210801161146\file057.tmp.bak00116bca
%ALLUSERSPROFILE%\ipgaszip20210801161146\file057.tmp.bak00116ba6
%ALLUSERSPROFILE%\ipgaszip20210801161146\file058.tmp.bak00116b84
%ALLUSERSPROFILE%\ipgaszip20210801161146\file058.tmp.bak00116b60
%ALLUSERSPROFILE%\ipgaszip20210801161146\file054.tmp.bak00116d2c
%ALLUSERSPROFILE%\ipgaszip20210801161146\file073.tmp.bak001186d8
<DRIVERS>\set9cea.tmp

Sets the 'hidden' attribute to the following files

<SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\oem2.cat

Deletes the following files

%WINDIR%\bakhafntt.sys
%ALLUSERSPROFILE%\ipgaszip20210801161146\file061.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file060.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file059.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file058.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file057.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file056.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file055.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file054.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file053.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file063.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file062.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file050.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file049.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file048.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file047.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file046.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file045.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file044.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file043.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file042.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file052.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file015.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file064.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file086.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file085.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file084.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file083.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file082.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file081.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file080.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file079.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file078.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file077.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file076.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file075.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file074.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file073.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file072.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file071.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file070.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file069.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file068.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file067.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file066.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file041.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file051.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file040.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file039.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file038.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file002.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file011.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file010.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file009.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file008.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file007.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file006.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file005.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file004.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file003.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file001.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file013.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file000.tmp
D:\55debf9a5af2d81da66970396ef1\wuclient-selfupdate-activex.cab
D:\55debf9a5af2d81da66970396ef1\wuclient-selfupdate-aux-toplevel.cab
D:\55debf9a5af2d81da66970396ef1\wuclient-selfupdate-core-toplevel.cab
D:\55debf9a5af2d81da66970396ef1\cdm.dll
D:\55debf9a5af2d81da66970396ef1\wsus3setup.cat
D:\55debf9a5af2d81da66970396ef1\wuapi.dll
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_de
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_en
%ALLUSERSPROFILE%\ipgaszip20210801161146\file087.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file065.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file014.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file017.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file012.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file037.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file036.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file035.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file034.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file033.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file032.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file031.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file030.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file029.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file028.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file027.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file026.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file025.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file024.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file023.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file022.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file021.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file020.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file019.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file018.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file016.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file088.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file089.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file090.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file161.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file160.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file159.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file158.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file157.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file156.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file155.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file154.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file153.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file152.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file151.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file150.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file149.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file148.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file147.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file146.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file145.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file144.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file143.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file142.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file141.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file162.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file164.tmp
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_es
%ALLUSERSPROFILE%\ipgaszip20210801161146\file165.tmp
C:\tpacket7\tpacket7.cat
%WINDIR%\temp\old9cdb.tmp
%WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\tpacket7.sys
%WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\tpacket7.inf
%WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\tpacket7.cat
<DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\tpacket7.sys
<DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\tpacket7.inf
<DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\tpacket7.cat
<SYSTEM32>\outlookctrlx64.dll
%WINDIR%\temp\udd2e74.tmp
%WINDIR%\temp\uddabd.tmp
%WINDIR%\temp\udda9d.tmp
%WINDIR%\syswow64\outlookctrlx.dll
%WINDIR%\temp\uddf343.tmp
%WINDIR%\temp\uddf344.tmp
%WINDIR%\temp\uddf355.tmp
%TEMP%\ipgaskernel20210801161133\setupdata.dat
%TEMP%\ipgaskernel20210801161133\akernel3.exe
%ALLUSERSPROFILE%\ipgaszip20210801161146\file168.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file167.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file166.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file140.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file114.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file139.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file113.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file111.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file110.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file109.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file108.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file107.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file106.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file105.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file104.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file103.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file102.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file101.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file100.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file099.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file098.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file097.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file096.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file095.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file094.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file093.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file092.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file091.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file112.tmp
C:\tpacket7\tpacket7.inf
%ALLUSERSPROFILE%\ipgaszip20210801161146\file137.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file115.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file136.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file135.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file134.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file133.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file132.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file131.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file130.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file129.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file128.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file127.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file126.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file125.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file124.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file123.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file122.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file121.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file120.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file119.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file118.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file117.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file116.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file138.tmp
%ALLUSERSPROFILE%\ipgaszip20210801161146\file163.tmp
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_fr
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_es
D:\55debf9a5af2d81da66970396ef1\da\wuau.adm
D:\55debf9a5af2d81da66970396ef1\da\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\de\eula.rtf
D:\55debf9a5af2d81da66970396ef1\de\wuau.adm
D:\55debf9a5af2d81da66970396ef1\de\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\el\eula.rtf
D:\55debf9a5af2d81da66970396ef1\el\wuau.adm
D:\55debf9a5af2d81da66970396ef1\el\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\en\eula.rtf
D:\55debf9a5af2d81da66970396ef1\cs\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\da\eula.rtf
D:\55debf9a5af2d81da66970396ef1\es\eula.rtf
D:\55debf9a5af2d81da66970396ef1\es\wuau.adm
D:\55debf9a5af2d81da66970396ef1\es\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\fi\eula.rtf
D:\55debf9a5af2d81da66970396ef1\fi\wuau.adm
D:\55debf9a5af2d81da66970396ef1\fi\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\fr\eula.rtf
D:\55debf9a5af2d81da66970396ef1\fr\wuau.adm
D:\55debf9a5af2d81da66970396ef1\fr\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\en\wuau.adm
D:\55debf9a5af2d81da66970396ef1\pt\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\cs\wuau.adm
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_de
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_en
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_es
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_fr
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_it
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_ja
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_ko
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_ru
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_sv
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wow64\wuaueng.dll.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wow64\wups.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wups2.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wuweb.dll
D:\55debf9a5af2d81da66970396ef1\ar\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ar\wuau.adm
D:\55debf9a5af2d81da66970396ef1\ar\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\he\eula.rtf
D:\55debf9a5af2d81da66970396ef1\en\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\he\wuau.adm
D:\55debf9a5af2d81da66970396ef1\he\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\hu\eula.rtf
D:\55debf9a5af2d81da66970396ef1\zhcn\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ru\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ru\wuau.adm
D:\55debf9a5af2d81da66970396ef1\ru\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\sv\eula.rtf
D:\55debf9a5af2d81da66970396ef1\sv\wuau.adm
D:\55debf9a5af2d81da66970396ef1\sv\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\tr\eula.rtf
D:\55debf9a5af2d81da66970396ef1\tr\wuau.adm
D:\55debf9a5af2d81da66970396ef1\tr\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\zhcn\wuau.adm
D:\55debf9a5af2d81da66970396ef1\ptbr\wuau.adm
D:\55debf9a5af2d81da66970396ef1\zhcn\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\zhtw\eula.rtf
D:\55debf9a5af2d81da66970396ef1\zhtw\wuau.adm
D:\55debf9a5af2d81da66970396ef1\zhtw\wusetup.exe.mui
%WINDIR%\baktsdoc64t.sys
%WINDIR%\bakhafnt64t.sys
%WINDIR%\bakthv364t.sys
%WINDIR%\baktsdoc2t.sys
%WINDIR%\bakimhc3t.sys
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_sv
D:\55debf9a5af2d81da66970396ef1\cs\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ptbr\eula.rtf
D:\55debf9a5af2d81da66970396ef1\pt\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ptbr\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\hu\wuau.adm
D:\55debf9a5af2d81da66970396ef1\hu\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\it\eula.rtf
D:\55debf9a5af2d81da66970396ef1\it\wuau.adm
D:\55debf9a5af2d81da66970396ef1\it\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\ja\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ja\wuau.adm
D:\55debf9a5af2d81da66970396ef1\ja\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\ko\eula.rtf
D:\55debf9a5af2d81da66970396ef1\ko\wuau.adm
D:\55debf9a5af2d81da66970396ef1\ko\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\nl\eula.rtf
D:\55debf9a5af2d81da66970396ef1\nl\wuau.adm
D:\55debf9a5af2d81da66970396ef1\nl\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\no\eula.rtf
D:\55debf9a5af2d81da66970396ef1\no\wuau.adm
D:\55debf9a5af2d81da66970396ef1\no\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\pl\eula.rtf
D:\55debf9a5af2d81da66970396ef1\pl\wuau.adm
D:\55debf9a5af2d81da66970396ef1\pl\wusetup.exe.mui
D:\55debf9a5af2d81da66970396ef1\pt\wuau.adm
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_ru
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_ko
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_it
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_ja
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_ko
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_ru
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_sv
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_ar
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_cs
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_da
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_de
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_el
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_en
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_es
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_fi
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_fr
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_he
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_hu
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_it
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_ja
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_fr
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_en
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_it
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll.mui_de
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_ko
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_ru
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_sv
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wuauclt.exe
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_de
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_en
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_es
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_fr
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_it
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_ja
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_ko
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_ru
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_sv
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wuaucpl.cpl.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wuaueng.dll
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_ko
D:\55debf9a5af2d81da66970396ef1\wups2.dll
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_nl
D:\55debf9a5af2d81da66970396ef1\wusetup.exe
D:\55debf9a5af2d81da66970396ef1\wuweb.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_de
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_en
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_es
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_fr
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_it
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_ja
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_ko
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_ru
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_sv
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wow64\wuapi.dll.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_de
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_en
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_es
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_fr
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_it
D:\55debf9a5af2d81da66970396ef1\wow64\wuaucpl.cpl.mui_ja
D:\55debf9a5af2d81da66970396ef1\wusetup.inf
D:\55debf9a5af2d81da66970396ef1\wuapi.dll.mui_ja
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_pl
D:\55debf9a5af2d81da66970396ef1\wups.dll
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_pt
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_ptbr
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_ru
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_sv
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_tr
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_zhcn
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_zhtw
D:\55debf9a5af2d81da66970396ef1\wuauserv.dll
D:\55debf9a5af2d81da66970396ef1\wucltui.dll
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_de
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_en
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_es
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_fr
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_it
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_ja
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_ko
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_ptbr
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_ru
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_sv
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_zhcn
D:\55debf9a5af2d81da66970396ef1\wucltui.dll.mui_zhtw
D:\55debf9a5af2d81da66970396ef1\wuauhelp.chm_no
C:\tpacket7\tpacket7.sys

Moves the following files

from %ALLUSERSPROFILE%\ipgaszip20210801161146\file000.tmp.bak001159b6 to %CommonProgramFiles(x86)%\system\file000.tmp.bak001159b6
from %WINDIR%\file118.tmp.bak00119ae5 to %WINDIR%\baksdfi64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file119.tmp.bak00119a9f to <SYSTEM32>\file119.tmp.bak00119a9f
from <SYSTEM32>\file119.tmp.bak00119a9f to <SYSTEM32>\tsafedoc64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file119.tmp.bak001199ca to %WINDIR%\file119.tmp.bak001199ca
from %WINDIR%\file119.tmp.bak001199ca to %WINDIR%\baktsdoc64t.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file120.tmp.bak00119962 to <SYSTEM32>\file120.tmp.bak00119962
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file115.tmp.bak001191e1 to %WINDIR%\file115.tmp.bak001191e1
from <SYSTEM32>\file120.tmp.bak00119962 to <SYSTEM32>\sdagent64.dll
from %WINDIR%\file120.tmp.bak00119919 to %WINDIR%\baksda64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file121.tmp.bak001198d3 to <SYSTEM32>\file121.tmp.bak001198d3
from <SYSTEM32>\file121.tmp.bak001198d3 to <SYSTEM32>\sdfattr64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file121.tmp.bak00119868 to %WINDIR%\file121.tmp.bak00119868
from %WINDIR%\file121.tmp.bak00119868 to %WINDIR%\baksdfa64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file122.tmp.bak00119800 to <SYSTEM32>\file122.tmp.bak00119800
from <SYSTEM32>\file118.tmp.bak00119b4f to <SYSTEM32>\sdfileicon64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file118.tmp.bak00119ae5 to %WINDIR%\file118.tmp.bak00119ae5
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file118.tmp.bak00119b4f to <SYSTEM32>\file118.tmp.bak00119b4f
from %WINDIR%\file117.tmp.bak001190c6 to %WINDIR%\baksdctx64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file117.tmp.bak001190c6 to %WINDIR%\file117.tmp.bak001190c6
from %WINDIR%\file113.tmp.bak00119292 to %WINDIR%\bakusrmd64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file114.tmp.bak0011924b to <SYSTEM32>\file114.tmp.bak0011924b
from <SYSTEM32>\file114.tmp.bak0011924b to <SYSTEM32>\winrdlv364.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file114.tmp.bak0011924b to %WINDIR%\file114.tmp.bak0011924b
from %WINDIR%\file114.tmp.bak0011924b to %WINDIR%\bakrdlv364.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file115.tmp.bak00119227 to <SYSTEM32>\file115.tmp.bak00119227
from <SYSTEM32>\file122.tmp.bak00119800 to <SYSTEM32>\tmailhook64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file120.tmp.bak00119919 to %WINDIR%\file120.tmp.bak00119919
from <SYSTEM32>\file115.tmp.bak00119227 to <SYSTEM32>\outlka23.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file116.tmp.bak001191bd to <SYSTEM32>\file116.tmp.bak001191bd
from <SYSTEM32>\file116.tmp.bak001191bd to <SYSTEM32>\winwdgv364.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file116.tmp.bak00119176 to %WINDIR%\file116.tmp.bak00119176
from %WINDIR%\file116.tmp.bak00119176 to %WINDIR%\bakwdgv364.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file117.tmp.bak00119130 to <SYSTEM32>\file117.tmp.bak00119130
from <SYSTEM32>\file117.tmp.bak00119130 to <SYSTEM32>\sdcontext64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file113.tmp.bak00119292 to %WINDIR%\file113.tmp.bak00119292
from %WINDIR%\file115.tmp.bak001191e1 to %WINDIR%\bakola64.sys
from <DRIVERS>\file125.tmp.bak0011874b to <DRIVERS>\tsddrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file135.tmp.bak00119da5 to %WINDIR%\syswow64\file135.tmp.bak00119da5
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file123.tmp.bak00119796 to <SYSTEM32>\file123.tmp.bak00119796
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file128.tmp.bak00119f2b to %WINDIR%\file128.tmp.bak00119f2b
from %WINDIR%\file128.tmp.bak00119f2b to %WINDIR%\baktftip64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file129.tmp.bak00119e34 to %WINDIR%\file129.tmp.bak00119e34
from %WINDIR%\file129.tmp.bak00119e34 to %WINDIR%\bakoacnac.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file130.tmp.bak00119e34 to %WINDIR%\file130.tmp.bak00119e34
from %WINDIR%\file130.tmp.bak00119e34 to %WINDIR%\baknacagent.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file122.tmp.bak001197dc to %WINDIR%\file122.tmp.bak001197dc
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file131.tmp.bak00119e10 to %WINDIR%\file131.tmp.bak00119e10
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file132.tmp.bak00119e10 to %WINDIR%\file132.tmp.bak00119e10
from %WINDIR%\file132.tmp.bak00119e10 to %WINDIR%\baksgwagent.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file133.tmp.bak00119dec to %WINDIR%\file133.tmp.bak00119dec
from %WINDIR%\file133.tmp.bak00119dec to %WINDIR%\bakoatool.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file134.tmp.bak00119dca to %WINDIR%\file134.tmp.bak00119dca
from %WINDIR%\file134.tmp.bak00119dca to %WINDIR%\bakoatool64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file128.tmp.bak00119f4d to <SYSTEM32>\file128.tmp.bak00119f4d
from <SYSTEM32>\file128.tmp.bak00119f4d to <SYSTEM32>\tfloattip64.dll
from %WINDIR%\file127.tmp.bak00119f4d to %WINDIR%\baksdiskctx64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file127.tmp.bak00119f4d to %WINDIR%\file127.tmp.bak00119f4d
from <SYSTEM32>\file127.tmp.bak0011a046 to <SYSTEM32>\sdiskcontext64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file123.tmp.bak00118f93 to %WINDIR%\file123.tmp.bak00118f93
from %WINDIR%\file123.tmp.bak00118f93 to %WINDIR%\baksdvwr64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file124.tmp.bak00118f29 to <SYSTEM32>\file124.tmp.bak00118f29
from <SYSTEM32>\file124.tmp.bak00118f29 to <SYSTEM32>\pathcvrt64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file124.tmp.bak00118ee3 to %WINDIR%\file124.tmp.bak00118ee3
from %WINDIR%\file124.tmp.bak00118ee3 to %WINDIR%\bakpathcvrt64.sys
from %WINDIR%\file122.tmp.bak001197dc to %WINDIR%\baktmhk64.sys
from <SYSTEM32>\file113.tmp.bak001192b6 to <SYSTEM32>\winusrmd64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file125.tmp.bak0011874b to <DRIVERS>\file125.tmp.bak0011874b
from %WINDIR%\file125.tmp.bak0011874b to %WINDIR%\baksddrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file126.tmp.bak00118726 to <SYSTEM32>\file126.tmp.bak00118726
from <SYSTEM32>\file126.tmp.bak00118726 to <SYSTEM32>\outlookctrlx64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file126.tmp.bak0011a561 to %WINDIR%\file126.tmp.bak0011a561
from %WINDIR%\file126.tmp.bak0011a561 to %WINDIR%\bakolctrlx64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file127.tmp.bak0011a046 to <SYSTEM32>\file127.tmp.bak0011a046
from <SYSTEM32>\file123.tmp.bak00119796 to <SYSTEM32>\sdviewer64.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file125.tmp.bak0011874b to %WINDIR%\file125.tmp.bak0011874b
from %WINDIR%\file131.tmp.bak00119e10 to %WINDIR%\bakoacsgw.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file113.tmp.bak001192b6 to <SYSTEM32>\file113.tmp.bak001192b6
from <DRIVERS>\file110.tmp.bak0011931e to <DRIVERS>\tpacket7.sys
from %WINDIR%\file098.tmp.bak00117d0a to %WINDIR%\bakoauv364.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file099.tmp.bak00117cc3 to <SYSTEM32>\file099.tmp.bak00117cc3
from <SYSTEM32>\file099.tmp.bak00117cc3 to <SYSTEM32>\dtframe64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file099.tmp.bak00117c7d to %WINDIR%\file099.tmp.bak00117c7d
from %WINDIR%\file099.tmp.bak00117c7d to %WINDIR%\bakdtfrm64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file100.tmp.bak00117c37 to <SYSTEM32>\file100.tmp.bak00117c37
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file091.tmp.bak00117f62 to %WINDIR%\syswow64\file091.tmp.bak00117f62
from <SYSTEM32>\file100.tmp.bak00117c37 to <SYSTEM32>\winhafnt64.dll
from %WINDIR%\file100.tmp.bak00117bee to %WINDIR%\bakhafnt64t.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file101.tmp.bak00117ba8 to <SYSTEM32>\file101.tmp.bak00117ba8
from <SYSTEM32>\file101.tmp.bak00117ba8 to <SYSTEM32>\winhadnt64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file101.tmp.bak00117ab1 to %WINDIR%\file101.tmp.bak00117ab1
from %WINDIR%\file101.tmp.bak00117ab1 to %WINDIR%\bakhadnt64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file102.tmp.bak00117a25 to <SYSTEM32>\file102.tmp.bak00117a25
from <SYSTEM32>\file098.tmp.bak00117d2e to <SYSTEM32>\winoauv364.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file098.tmp.bak00117d0a to %WINDIR%\file098.tmp.bak00117d0a
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file098.tmp.bak00117d2e to <SYSTEM32>\file098.tmp.bak00117d2e
from %WINDIR%\file097.tmp.bak00117d50 to %WINDIR%\bakrdlv3.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file097.tmp.bak00117d50 to %WINDIR%\file097.tmp.bak00117d50
from %WINDIR%\file088.tmp.bak001180a2 to %WINDIR%\bak32msl.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file089.tmp.bak0011807d to %WINDIR%\syswow64\file089.tmp.bak0011807d
from %WINDIR%\syswow64\file089.tmp.bak0011807d to %WINDIR%\syswow64\funcextv.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file089.tmp.bak0011805b to %WINDIR%\file089.tmp.bak0011805b
from %WINDIR%\file089.tmp.bak0011805b to %WINDIR%\bakfextv.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file090.tmp.bak0011805b to %WINDIR%\syswow64\file090.tmp.bak0011805b
from <SYSTEM32>\file102.tmp.bak00117a25 to <SYSTEM32>\ifocmsdll64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file100.tmp.bak00117bee to %WINDIR%\file100.tmp.bak00117bee
from %WINDIR%\syswow64\file090.tmp.bak0011805b to %WINDIR%\syswow64\windowsupdateagent20-x86.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file092.tmp.bak00117e01 to %WINDIR%\file092.tmp.bak00117e01
from %WINDIR%\file092.tmp.bak00117e01 to %WINDIR%\agt3tool.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file092.tmp.bak00117d98 to %CommonProgramFiles(x86)%\system\file092.tmp.bak00117d98
from %CommonProgramFiles(x86)%\system\file092.tmp.bak00117d98 to %CommonProgramFiles(x86)%\system\agt3tool.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file097.tmp.bak00117d50 to %WINDIR%\syswow64\file097.tmp.bak00117d50
from %WINDIR%\syswow64\file097.tmp.bak00117d50 to %WINDIR%\syswow64\winrdlv3.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file088.tmp.bak001180a2 to %WINDIR%\file088.tmp.bak001180a2
from %WINDIR%\syswow64\file091.tmp.bak00117f62 to %WINDIR%\syswow64\windowsupdateagent30-x64.exe
from <SYSTEM32>\file105.tmp.bak0011947f to <SYSTEM32>\orcshk364.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file112.tmp.bak001192b6 to %WINDIR%\file112.tmp.bak001192b6
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file103.tmp.bak0011950e to <SYSTEM32>\file103.tmp.bak0011950e
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file108.tmp.bak00119367 to %WINDIR%\file108.tmp.bak00119367
from %WINDIR%\file108.tmp.bak00119367 to %WINDIR%\baktvd64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file109.tmp.bak00119367 to <DRIVERS>\file109.tmp.bak00119367
from <DRIVERS>\file109.tmp.bak00119367 to <DRIVERS>\tpacketv.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file109.tmp.bak00119342 to %WINDIR%\file109.tmp.bak00119342
from %WINDIR%\file109.tmp.bak00119342 to %WINDIR%\baktpktv64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file102.tmp.bak00117a01 to %WINDIR%\file102.tmp.bak00117a01
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file110.tmp.bak0011931e to <DRIVERS>\file110.tmp.bak0011931e
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file110.tmp.bak001192fc to %WINDIR%\file110.tmp.bak001192fc
from %WINDIR%\file110.tmp.bak001192fc to %WINDIR%\baktpkt764.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file111.tmp.bak001192fc to <DRIVERS>\file111.tmp.bak001192fc
from <DRIVERS>\file111.tmp.bak001192fc to <DRIVERS>\ipnpf.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file111.tmp.bak001192d8 to %WINDIR%\file111.tmp.bak001192d8
from %WINDIR%\file111.tmp.bak001192d8 to %WINDIR%\toa32pd564.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file108.tmp.bak00119389 to <DRIVERS>\file108.tmp.bak00119389
from <DRIVERS>\file108.tmp.bak00119389 to <DRIVERS>\tvdisk.sys
from %WINDIR%\file107.tmp.bak001193ad to %WINDIR%\bakmenusl64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file107.tmp.bak001193ad to %WINDIR%\file107.tmp.bak001193ad
from <SYSTEM32>\file107.tmp.bak001193f3 to <SYSTEM32>\trmenushl64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file103.tmp.bak001194ea to %WINDIR%\file103.tmp.bak001194ea
from %WINDIR%\file103.tmp.bak001194ea to %WINDIR%\bakencyx64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file104.tmp.bak001194ea to <SYSTEM32>\file104.tmp.bak001194ea
from <SYSTEM32>\file104.tmp.bak001194ea to <SYSTEM32>\thooksv364.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file104.tmp.bak001194c8 to %WINDIR%\file104.tmp.bak001194c8
from %WINDIR%\file104.tmp.bak001194c8 to %WINDIR%\bakthv364t.sys
from %WINDIR%\file102.tmp.bak00117a01 to %WINDIR%\bakifocms64.sys
from %WINDIR%\file112.tmp.bak001192b6 to %WINDIR%\baktfsdrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file105.tmp.bak0011947f to <SYSTEM32>\file105.tmp.bak0011947f
from %WINDIR%\file105.tmp.bak0011945d to %WINDIR%\bakorch364.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file106.tmp.bak00119439 to <SYSTEM32>\file106.tmp.bak00119439
from <SYSTEM32>\file106.tmp.bak00119439 to <SYSTEM32>\snapb2p64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file106.tmp.bak00119417 to %WINDIR%\file106.tmp.bak00119417
from %WINDIR%\file106.tmp.bak00119417 to %WINDIR%\bakssb2p64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file107.tmp.bak001193f3 to <SYSTEM32>\file107.tmp.bak001193f3
from <SYSTEM32>\file103.tmp.bak0011950e to <SYSTEM32>\winencyx64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file105.tmp.bak0011945d to %WINDIR%\file105.tmp.bak0011945d
from %WINDIR%\syswow64\file135.tmp.bak00119da5 to %WINDIR%\syswow64\winoatmm.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file135.tmp.bak00119da5 to %WINDIR%\file135.tmp.bak00119da5
from %WINDIR%\file135.tmp.bak00119da5 to %WINDIR%\bakoatmm.sys
from %WINDIR%\file162.tmp.bak0011960d to %WINDIR%\bakenumprocessmodule.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file163.tmp.bak001195eb to %WINDIR%\syswow64\file163.tmp.bak001195eb
from %WINDIR%\syswow64\file163.tmp.bak001195eb to %WINDIR%\syswow64\oagenttray.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file163.tmp.bak001195c7 to %WINDIR%\file163.tmp.bak001195c7
from %WINDIR%\file163.tmp.bak001195c7 to %WINDIR%\bakoagenttray.sys
from %WINDIR%\syswow64\file159.tmp.bak0011969c to %WINDIR%\syswow64\tijtdrvd32.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file164.tmp.bak001195a3 to %WINDIR%\syswow64\drivers\file164.tmp.bak001195a3
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file164.tmp.bak00119581 to %WINDIR%\file164.tmp.bak00119581
from %WINDIR%\file164.tmp.bak00119581 to %WINDIR%\bakthlpdrv32.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file165.tmp.bak0011955d to <DRIVERS>\file165.tmp.bak0011955d
from <DRIVERS>\file165.tmp.bak0011955d to <DRIVERS>\thlpdrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file165.tmp.bak0011955d to %WINDIR%\file165.tmp.bak0011955d
from %WINDIR%\file165.tmp.bak0011955d to %WINDIR%\bakthlpdrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file162.tmp.bak0011960d to %WINDIR%\syswow64\file162.tmp.bak0011960d
from %WINDIR%\syswow64\drivers\file164.tmp.bak001195a3 to %WINDIR%\syswow64\drivers\thlpdrv32.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file162.tmp.bak0011960d to %WINDIR%\file162.tmp.bak0011960d
from %WINDIR%\syswow64\file162.tmp.bak0011960d to %WINDIR%\syswow64\enumprocessmodule.exe
from %WINDIR%\file161.tmp.bak00119632 to %WINDIR%\bakwfirewallv.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file161.tmp.bak00119632 to %WINDIR%\file161.tmp.bak00119632
from %WINDIR%\file157.tmp.bak00119729 to %WINDIR%\baktijtdrv32.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file158.tmp.bak001196be to <DRIVERS>\file158.tmp.bak001196be
from <DRIVERS>\file158.tmp.bak001196be to <DRIVERS>\tijtdrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file158.tmp.bak0011969c to %WINDIR%\file158.tmp.bak0011969c
from %WINDIR%\file158.tmp.bak0011969c to %WINDIR%\baktijtdrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file166.tmp.bak0011953b to %WINDIR%\syswow64\file166.tmp.bak0011953b
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file159.tmp.bak0011969c to %WINDIR%\syswow64\file159.tmp.bak0011969c
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file157.tmp.bak0011974d to %WINDIR%\syswow64\drivers\file157.tmp.bak0011974d
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file159.tmp.bak00119678 to %WINDIR%\file159.tmp.bak00119678
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file160.tmp.bak00119678 to <SYSTEM32>\file160.tmp.bak00119678
from <SYSTEM32>\file160.tmp.bak00119678 to <SYSTEM32>\tijtdrvd64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file160.tmp.bak00119654 to %WINDIR%\file160.tmp.bak00119654
from %WINDIR%\file160.tmp.bak00119654 to %WINDIR%\baktijtdrvd64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file161.tmp.bak00119632 to %WINDIR%\syswow64\file161.tmp.bak00119632
from %WINDIR%\syswow64\drivers\file157.tmp.bak0011974d to %WINDIR%\syswow64\drivers\tijtdrv32.sys
from %WINDIR%\syswow64\file161.tmp.bak00119632 to %WINDIR%\syswow64\wfirewallv.dll
from %WINDIR%\file159.tmp.bak00119678 to %WINDIR%\baktijtdrvd32.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file157.tmp.bak00119729 to %WINDIR%\file157.tmp.bak00119729
from %WINDIR%\syswow64\file166.tmp.bak0011953b to %WINDIR%\syswow64\thlpdrvd32.dll
from %WINDIR%\syswow64\file144.tmp.bak001194f2 to %WINDIR%\syswow64\sdencryptionapi.dll
from %WINDIR%\syswow64\ifocmsdll.dll_2tmp to %WINDIR%\syswow64\ifocmsdll.dll
from %WINDIR%\syswow64\bakenumiacc2.sys_2tmp to %WINDIR%\syswow64\bakenumiacc2.sys
from <SYSTEM32>\winrdlv3.exe_2tmp to <SYSTEM32>\winrdlv3.exe
from <SYSTEM32>\winbrosqlite3_64.dll_2tmp to <SYSTEM32>\winbrosqlite3_64.dll
from <DRIVERS>\tfsfltdrv.sys_tmp to <DRIVERS>\tfsfltdrv.sys
from %WINDIR%\syswow64\ocular\msolbase2.dat to %WINDIR%\syswow64\ocular\msolbase2_up.dat
from %WINDIR%\bakthv364.sys_2tmp to %WINDIR%\bakthv364.sys
from %WINDIR%\syswow64\ocular\msudiskinfo_send2.dat to %WINDIR%\syswow64\ocular\msudiskinfo_send2_up.dat
from %WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\set5cd0.tmp to %WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\tpacket7.inf
from %WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\set5d8c.tmp to %WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\tpacket7.sys
from <DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\set6f26.tmp to <DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\tpacket7.cat
from <DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\set7002.tmp to <DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\tpacket7.inf
from <DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\set70ce.tmp to <DRIVERSTORE>\temp\{64550732-0ea8-1a20-64d1-e341de909210}\tpacket7.sys
from %WINDIR%\syswow64\ocular\msappinfo2.dat to %WINDIR%\syswow64\ocular\msappinfo2_up.dat
from %WINDIR%\baktsdoc64.sys_2tmp to %WINDIR%\baktsdoc64.sys
from %WINDIR%\syswow64\winhadnt.dll_2tmp to %WINDIR%\syswow64\winhadnt.dll
from %WINDIR%\bakhafnt64.sys_2tmp to %WINDIR%\bakhafnt64.sys
from %WINDIR%\baktsdoc2.sys_2tmp to %WINDIR%\baktsdoc2.sys
from %WINDIR%\syswow64\ocular\msoludisk2.dat to %WINDIR%\syswow64\ocular\msoludisk2_up.dat
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file144.tmp.bak001194d0 to %WINDIR%\file144.tmp.bak001194d0
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file167.tmp.bak001194ac to %WINDIR%\syswow64\file167.tmp.bak001194ac
from %WINDIR%\syswow64\file167.tmp.bak001194ac to %WINDIR%\syswow64\softwareidentify.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file167.tmp.bak0011948a to %WINDIR%\file167.tmp.bak0011948a
from %WINDIR%\file167.tmp.bak0011948a to %WINDIR%\baksoftidentify.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file166.tmp.bak00119516 to %WINDIR%\file166.tmp.bak00119516
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file144.tmp.bak001194f2 to %WINDIR%\syswow64\file144.tmp.bak001194f2
from %WINDIR%\file166.tmp.bak00119516 to %WINDIR%\bakthlpdrvd32.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file168.tmp.bak00119466 to <SYSTEM32>\file168.tmp.bak00119466
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file137.tmp.bak00119420 to %WINDIR%\file137.tmp.bak00119420
from %WINDIR%\file137.tmp.bak00119420 to %WINDIR%\linstsvr.exe
from %WINDIR%\bakthv3.sys_2tmp to %WINDIR%\bakthv3.sys
from %WINDIR%\bakhafnt.sys_2tmp to %WINDIR%\bakhafnt.sys
from %WINDIR%\bakimhc3.sys_2tmp to %WINDIR%\bakimhc3.sys
from <SYSTEM32>\file168.tmp.bak00119466 to <SYSTEM32>\softwareidentify64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file168.tmp.bak00119441 to %WINDIR%\file168.tmp.bak00119441
from %WINDIR%\file168.tmp.bak00119441 to %WINDIR%\baksoftidentify64.sys
from %WINDIR%\file156.tmp.bak0011976f to %WINDIR%\baksas64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file156.tmp.bak0011976f to %WINDIR%\file156.tmp.bak0011976f
from %WINDIR%\file155.tmp.bak0011976f to %WINDIR%\baksas.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file142.tmp.bak00119bb7 to %WINDIR%\syswow64\file142.tmp.bak00119bb7
from %WINDIR%\syswow64\file142.tmp.bak00119bb7 to %WINDIR%\syswow64\cpuidsdk.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file142.tmp.bak00119bb7 to %WINDIR%\file142.tmp.bak00119bb7
from %WINDIR%\file142.tmp.bak00119bb7 to %WINDIR%\bakcpuid.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file143.tmp.bak00119b71 to %WINDIR%\syswow64\file143.tmp.bak00119b71
from %WINDIR%\syswow64\file143.tmp.bak00119b71 to %WINDIR%\syswow64\wlfunc.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file145.tmp.bak00119ae2 to %WINDIR%\file145.tmp.bak00119ae2
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file143.tmp.bak00119b71 to %WINDIR%\file143.tmp.bak00119b71
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file144.tmp.bak00119b4d to %WINDIR%\syswow64\file144.tmp.bak00119b4d
from %WINDIR%\syswow64\file144.tmp.bak00119b4d to %WINDIR%\syswow64\sdencryptionapi.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file144.tmp.bak00119b4d to %WINDIR%\file144.tmp.bak00119b4d
from %WINDIR%\file144.tmp.bak00119b4d to %WINDIR%\baksdeapi.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file145.tmp.bak00119b29 to <SYSTEM32>\file145.tmp.bak00119b29
from <SYSTEM32>\file141.tmp.bak00119bfe to <SYSTEM32>\winbrosqlite3_64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file141.tmp.bak00119bfe to <SYSTEM32>\file141.tmp.bak00119bfe
from %WINDIR%\file141.tmp.bak00119bd9 to %WINDIR%\bakbrosqlite3_64.sys
from %WINDIR%\file140.tmp.bak00119c22 to %WINDIR%\bakbrosqlite3.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file140.tmp.bak00119c22 to %WINDIR%\file140.tmp.bak00119c22
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file136.tmp.bak00119d5f to %WINDIR%\syswow64\file136.tmp.bak00119d5f
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file136.tmp.bak00119d3b to %WINDIR%\file136.tmp.bak00119d3b
from %WINDIR%\file136.tmp.bak00119d3b to %WINDIR%\bakoatmm2.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file137.tmp.bak00119d3b to %WINDIR%\file137.tmp.bak00119d3b
from %WINDIR%\file137.tmp.bak00119d3b to %WINDIR%\linstsvr.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file138.tmp.bak00119d19 to %WINDIR%\syswow64\file138.tmp.bak00119d19
from <SYSTEM32>\file145.tmp.bak00119b29 to <SYSTEM32>\sdencryptionapi64.dll
from %WINDIR%\syswow64\file138.tmp.bak00119d19 to %WINDIR%\syswow64\winbrohca.dll
from %WINDIR%\file143.tmp.bak00119b71 to %WINDIR%\bakwlfc.sys
from %WINDIR%\file138.tmp.bak00119cf5 to %WINDIR%\bakbrohca.sys
from <SYSTEM32>\file139.tmp.bak00119cd3 to <SYSTEM32>\winbrohca64.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file139.tmp.bak00119c68 to %WINDIR%\file139.tmp.bak00119c68
from %WINDIR%\file139.tmp.bak00119c68 to %WINDIR%\bakbrohca64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file140.tmp.bak00119c44 to %WINDIR%\syswow64\file140.tmp.bak00119c44
from %WINDIR%\syswow64\file140.tmp.bak00119c44 to %WINDIR%\syswow64\winbrosqlite3.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file138.tmp.bak00119cf5 to %WINDIR%\file138.tmp.bak00119cf5
from %WINDIR%\syswow64\file136.tmp.bak00119d5f to %WINDIR%\syswow64\winoatmm2.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file139.tmp.bak00119cd3 to <SYSTEM32>\file139.tmp.bak00119cd3
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file141.tmp.bak00119bd9 to %WINDIR%\file141.tmp.bak00119bd9
from %WINDIR%\file145.tmp.bak00119ae2 to %WINDIR%\baksdeapi64.sys
from %WINDIR%\syswow64\file151.tmp.bak001198ae to %WINDIR%\syswow64\performancetool.exe
from %WINDIR%\file151.tmp.bak0011988a to %WINDIR%\bakperformancetool.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file152.tmp.bak00119866 to %WINDIR%\syswow64\file152.tmp.bak00119866
from %WINDIR%\syswow64\file152.tmp.bak00119866 to %WINDIR%\syswow64\iteudllvmgr.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file152.tmp.bak00119820 to %WINDIR%\file152.tmp.bak00119820
from %WINDIR%\file152.tmp.bak00119820 to %WINDIR%\bakiteumgr.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file151.tmp.bak001198ae to %WINDIR%\syswow64\file151.tmp.bak001198ae
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file146.tmp.bak00119a9c to %WINDIR%\syswow64\file146.tmp.bak00119a9c
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file151.tmp.bak0011988a to %WINDIR%\file151.tmp.bak0011988a
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file153.tmp.bak001197fe to %WINDIR%\syswow64\file153.tmp.bak001197fe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file154.tmp.bak001197b5 to %WINDIR%\syswow64\file154.tmp.bak001197b5
from %WINDIR%\syswow64\file154.tmp.bak001197b5 to %WINDIR%\syswow64\ipgflashsdk.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file154.tmp.bak00119793 to %WINDIR%\file154.tmp.bak00119793
from %WINDIR%\file154.tmp.bak00119793 to %WINDIR%\bakipgflashsdk.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file155.tmp.bak0011976f to %WINDIR%\file155.tmp.bak0011976f
from %WINDIR%\syswow64\file153.tmp.bak001197fe to %WINDIR%\syswow64\ipgudll.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file153.tmp.bak001197d9 to %WINDIR%\file153.tmp.bak001197d9
from %WINDIR%\file153.tmp.bak001197d9 to %WINDIR%\bakipgudll.sys
from %WINDIR%\syswow64\file148.tmp.bak00119a10 to %WINDIR%\syswow64\sdguarder.exe
from %WINDIR%\file087.tmp.bak001180c3 to %WINDIR%\bak32msc.sys
from %WINDIR%\syswow64\file150.tmp.bak001198f5 to %WINDIR%\syswow64\udiskiddll.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file146.tmp.bak00119a78 to %WINDIR%\file146.tmp.bak00119a78
from %WINDIR%\file146.tmp.bak00119a78 to %WINDIR%\bakosdexp.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file147.tmp.bak00119a56 to %WINDIR%\syswow64\file147.tmp.bak00119a56
from %WINDIR%\syswow64\file147.tmp.bak00119a56 to %WINDIR%\syswow64\osdexviewer.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file147.tmp.bak00119a32 to %WINDIR%\file147.tmp.bak00119a32
from %WINDIR%\file147.tmp.bak00119a32 to %WINDIR%\bakosdexv.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file150.tmp.bak001198d0 to %WINDIR%\file150.tmp.bak001198d0
from %WINDIR%\file150.tmp.bak001198d0 to %WINDIR%\bakudidhlp.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file148.tmp.bak00119a10 to %WINDIR%\syswow64\file148.tmp.bak00119a10
from %WINDIR%\file148.tmp.bak001199eb to %WINDIR%\baksdgr.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file149.tmp.bak001199c7 to <SYSTEM32>\file149.tmp.bak001199c7
from <SYSTEM32>\file149.tmp.bak001199c7 to <SYSTEM32>\sdguarder64.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file149.tmp.bak0011995f to %WINDIR%\file149.tmp.bak0011995f
from %WINDIR%\file149.tmp.bak0011995f to %WINDIR%\baksdgr64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file150.tmp.bak001198f5 to %WINDIR%\syswow64\file150.tmp.bak001198f5
from %WINDIR%\syswow64\file146.tmp.bak00119a9c to %WINDIR%\syswow64\osdexpacket.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file148.tmp.bak001199eb to %WINDIR%\file148.tmp.bak001199eb
from %WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\set5c14.tmp to %WINDIR%\temp\{4bf60cda-5f5f-4f4a-37a3-e764dd7cf675}\tpacket7.cat
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file087.tmp.bak001180c3 to %WINDIR%\file087.tmp.bak001180c3
from %WINDIR%\file083.tmp.bak00118225 to %WINDIR%\baksdtransfm.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file026.tmp.bak0011747d to %WINDIR%\file026.tmp.bak0011747d
from %WINDIR%\file026.tmp.bak0011747d to %WINDIR%\bakncap3.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file027.tmp.bak00117413 to %WINDIR%\syswow64\file027.tmp.bak00117413
from %WINDIR%\syswow64\file027.tmp.bak00117413 to %WINDIR%\syswow64\outlka2k.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file027.tmp.bak001173cd to %WINDIR%\file027.tmp.bak001173cd
from %WINDIR%\file027.tmp.bak001173cd to %WINDIR%\bakola2k.sys
from %WINDIR%\syswow64\file023.tmp.bak00117550 to %WINDIR%\syswow64\snapdos.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file028.tmp.bak001173a8 to %WINDIR%\syswow64\file028.tmp.bak001173a8
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file028.tmp.bak00117362 to %WINDIR%\file028.tmp.bak00117362
from %WINDIR%\file028.tmp.bak00117362 to %WINDIR%\bakola23.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file029.tmp.bak001172f8 to %WINDIR%\syswow64\file029.tmp.bak001172f8
from %WINDIR%\syswow64\file029.tmp.bak001172f8 to %WINDIR%\syswow64\notesoa.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file029.tmp.bak001172d6 to %WINDIR%\file029.tmp.bak001172d6
from %WINDIR%\file029.tmp.bak001172d6 to %WINDIR%\baknotes.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file026.tmp.bak0011749f to %WINDIR%\syswow64\file026.tmp.bak0011749f
from %WINDIR%\syswow64\file026.tmp.bak0011749f to %WINDIR%\syswow64\winncap3.dll
from %WINDIR%\file025.tmp.bak001174c4 to %WINDIR%\bakssb2p.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file025.tmp.bak001174c4 to %WINDIR%\file025.tmp.bak001174c4
from %WINDIR%\syswow64\file025.tmp.bak001174e8 to %WINDIR%\syswow64\snapb2p.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file021.tmp.bak001175df to %WINDIR%\file021.tmp.bak001175df
from %WINDIR%\file021.tmp.bak001175df to %WINDIR%\bakimhca.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file022.tmp.bak00117599 to %WINDIR%\syswow64\file022.tmp.bak00117599
from %WINDIR%\syswow64\file022.tmp.bak00117599 to %WINDIR%\syswow64\enumiacc2.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file022.tmp.bak00117574 to %WINDIR%\file022.tmp.bak00117574
from %WINDIR%\file022.tmp.bak00117574 to %WINDIR%\bakenumiacc2.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file030.tmp.bak0011728d to %WINDIR%\syswow64\file030.tmp.bak0011728d
from %WINDIR%\syswow64\file028.tmp.bak001173a8 to %WINDIR%\syswow64\outlka23.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file023.tmp.bak00117550 to %WINDIR%\syswow64\file023.tmp.bak00117550
from %WINDIR%\file023.tmp.bak00117550 to %WINDIR%\bakssdos.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file024.tmp.bak0011752e to %WINDIR%\syswow64\file024.tmp.bak0011752e
from %WINDIR%\syswow64\file024.tmp.bak0011752e to %WINDIR%\syswow64\ipddraw.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file024.tmp.bak001174e8 to %WINDIR%\file024.tmp.bak001174e8
from %WINDIR%\file024.tmp.bak001174e8 to %WINDIR%\bakddraw.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file025.tmp.bak001174e8 to %WINDIR%\syswow64\file025.tmp.bak001174e8
from %WINDIR%\syswow64\file021.tmp.bak00117601 to %WINDIR%\syswow64\winimhca.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file023.tmp.bak00117550 to %WINDIR%\file023.tmp.bak00117550
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file035.tmp.bak001171bb to %WINDIR%\file035.tmp.bak001171bb
from %WINDIR%\syswow64\drivers\file043.tmp.bak00117013 to %WINDIR%\syswow64\drivers\tpacket7.sys
from %WINDIR%\file030.tmp.bak00117247 to %WINDIR%\bakncap3x.sys
from %WINDIR%\file039.tmp.bak001170e6 to %WINDIR%\baktpktd.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file040.tmp.bak0011709f to %WINDIR%\syswow64\drivers\file040.tmp.bak0011709f
from %WINDIR%\syswow64\drivers\file040.tmp.bak0011709f to %WINDIR%\syswow64\drivers\tpacket.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file040.tmp.bak0011709f to %WINDIR%\file040.tmp.bak0011709f
from %WINDIR%\file040.tmp.bak0011709f to %WINDIR%\baktpktn.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file041.tmp.bak0011707b to %WINDIR%\syswow64\file041.tmp.bak0011707b
from %WINDIR%\syswow64\file030.tmp.bak0011728d to %WINDIR%\syswow64\winncap3x.dll
from %WINDIR%\syswow64\file041.tmp.bak0011707b to %WINDIR%\syswow64\tpacket.vxd
from %WINDIR%\file041.tmp.bak00117059 to %WINDIR%\baktpkt9.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file042.tmp.bak00117035 to %WINDIR%\syswow64\drivers\file042.tmp.bak00117035
from %WINDIR%\syswow64\drivers\file042.tmp.bak00117035 to %WINDIR%\syswow64\drivers\tpacketv.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file042.tmp.bak00117035 to %WINDIR%\file042.tmp.bak00117035
from %WINDIR%\file042.tmp.bak00117035 to %WINDIR%\baktpktv.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file043.tmp.bak00117013 to %WINDIR%\syswow64\drivers\file043.tmp.bak00117013
from %WINDIR%\syswow64\file039.tmp.bak0011710a to %WINDIR%\syswow64\tpacketd.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file039.tmp.bak001170e6 to %WINDIR%\file039.tmp.bak001170e6
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file039.tmp.bak0011710a to %WINDIR%\syswow64\file039.tmp.bak0011710a
from %WINDIR%\syswow64\drivers\file034.tmp.bak0011710a to %WINDIR%\syswow64\drivers\ipnpf.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file034.tmp.bak0011710a to %WINDIR%\syswow64\drivers\file034.tmp.bak0011710a
from %WINDIR%\file031.tmp.bak00117201 to %WINDIR%\toa32p9x.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file032.tmp.bak001171dd to %WINDIR%\file032.tmp.bak001171dd
from %WINDIR%\file032.tmp.bak001171dd to %WINDIR%\toa32pcp.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file033.tmp.bak001171dd to %WINDIR%\file033.tmp.bak001171dd
from %WINDIR%\file033.tmp.bak001171dd to %WINDIR%\toa32pd4.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file034.tmp.bak001171bb to %WINDIR%\file034.tmp.bak001171bb
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file030.tmp.bak00117247 to %WINDIR%\file030.tmp.bak00117247
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file021.tmp.bak00117601 to %WINDIR%\syswow64\file021.tmp.bak00117601
from %WINDIR%\file034.tmp.bak001171bb to %WINDIR%\toa32pd5.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file036.tmp.bak00117196 to %WINDIR%\file036.tmp.bak00117196
from %WINDIR%\file036.tmp.bak00117196 to %WINDIR%\toa32pnt.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file037.tmp.bak00117174 to %WINDIR%\file037.tmp.bak00117174
from %WINDIR%\file037.tmp.bak00117174 to %WINDIR%\toa32wp5.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file038.tmp.bak00117150 to %WINDIR%\file038.tmp.bak00117150
from %WINDIR%\file038.tmp.bak00117150 to %WINDIR%\toa32pcpx.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file031.tmp.bak00117201 to %WINDIR%\file031.tmp.bak00117201
from %WINDIR%\file035.tmp.bak001171bb to %WINDIR%\toa32pd9.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file041.tmp.bak00117059 to %WINDIR%\file041.tmp.bak00117059
from %WINDIR%\file020.tmp.bak00117649 to %WINDIR%\bakimhcd.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file018.tmp.bak00117786 to %WINDIR%\file018.tmp.bak00117786
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file005.tmp.bak00117dbd to %WINDIR%\file005.tmp.bak00117dbd
from %WINDIR%\file005.tmp.bak00117dbd to %WINDIR%\bakoav3.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file006.tmp.bak00117c80 to %WINDIR%\syswow64\file006.tmp.bak00117c80
from %WINDIR%\syswow64\file006.tmp.bak00117c80 to %WINDIR%\syswow64\winoauv3.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file006.tmp.bak00117bf1 to %WINDIR%\file006.tmp.bak00117bf1
from %WINDIR%\file006.tmp.bak00117bf1 to %WINDIR%\bakoauv3.sys
from %WINDIR%\syswow64\file002.tmp.bak00117fab to %WINDIR%\syswow64\winwdgv3.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file007.tmp.bak00117b65 to %WINDIR%\syswow64\file007.tmp.bak00117b65
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file007.tmp.bak00117b40 to %WINDIR%\file007.tmp.bak00117b40
from %WINDIR%\file007.tmp.bak00117b40 to %WINDIR%\bakoauve3.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file008.tmp.bak00117b1e to %WINDIR%\syswow64\file008.tmp.bak00117b1e
from %WINDIR%\syswow64\file008.tmp.bak00117b1e to %WINDIR%\syswow64\thooksv3.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file008.tmp.bak00117b1e to %WINDIR%\file008.tmp.bak00117b1e
from %WINDIR%\file008.tmp.bak00117b1e to %WINDIR%\bakthv3t.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file005.tmp.bak00117eb4 to %WINDIR%\syswow64\file005.tmp.bak00117eb4
from %WINDIR%\syswow64\file005.tmp.bak00117eb4 to %WINDIR%\syswow64\winoav3.dll
from %WINDIR%\file004.tmp.bak00117efa to %WINDIR%\bakwdgsvr.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file004.tmp.bak00117efa to %WINDIR%\file004.tmp.bak00117efa
from %CommonProgramFiles(x86)%\system\file004.tmp.bak00117efa to %CommonProgramFiles(x86)%\system\winwdgsvr.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file000.tmp.bak0011594c to %WINDIR%\file000.tmp.bak0011594c
from %WINDIR%\file000.tmp.bak0011594c to %WINDIR%\bakstec3.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file001.tmp.bak0011803a to %CommonProgramFiles(x86)%\system\file001.tmp.bak0011803a
from %CommonProgramFiles(x86)%\system\file001.tmp.bak0011803a to %CommonProgramFiles(x86)%\system\winrdgv3.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file001.tmp.bak00117ff3 to %WINDIR%\file001.tmp.bak00117ff3
from %WINDIR%\file001.tmp.bak00117ff3 to %WINDIR%\bakrdgv3.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file009.tmp.bak00117afa to <SYSTEM32>\file009.tmp.bak00117afa
from %WINDIR%\syswow64\file007.tmp.bak00117b65 to %WINDIR%\syswow64\winoauve3.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file002.tmp.bak00117fab to %WINDIR%\syswow64\file002.tmp.bak00117fab
from %WINDIR%\file002.tmp.bak00117f65 to %WINDIR%\bakwdgv3.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file003.tmp.bak00117f43 to %WINDIR%\syswow64\file003.tmp.bak00117f43
from %WINDIR%\syswow64\file003.tmp.bak00117f43 to %WINDIR%\syswow64\msowcnv3.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file003.tmp.bak00117f43 to %WINDIR%\file003.tmp.bak00117f43
from %WINDIR%\file003.tmp.bak00117f43 to %WINDIR%\bakowv3.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file004.tmp.bak00117efa to %CommonProgramFiles(x86)%\system\file004.tmp.bak00117efa
from %CommonProgramFiles(x86)%\system\file000.tmp.bak001159b6 to %CommonProgramFiles(x86)%\system\systecv3.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file002.tmp.bak00117f65 to %WINDIR%\file002.tmp.bak00117f65
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file012.tmp.bak001179bd to %WINDIR%\syswow64\file012.tmp.bak001179bd
from %WINDIR%\syswow64\file020.tmp.bak001176b2 to %WINDIR%\syswow64\winimhcd.dll
from %WINDIR%\file009.tmp.bak00117ad6 to %WINDIR%\bakoauve364.sys
from %WINDIR%\file015.tmp.bak0011790c to %WINDIR%\bakhad9u.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file016.tmp.bak001178c4 to %WINDIR%\file016.tmp.bak001178c4
from %WINDIR%\file016.tmp.bak001178c4 to %WINDIR%\bakhadntv.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file017.tmp.bak001177f1 to %WINDIR%\file017.tmp.bak001177f1
from %WINDIR%\file017.tmp.bak001177f1 to %WINDIR%\bakifocms.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file018.tmp.bak001177cd to %WINDIR%\syswow64\file018.tmp.bak001177cd
from <SYSTEM32>\file009.tmp.bak00117afa to <SYSTEM32>\winoauve364.dll
from %WINDIR%\syswow64\file018.tmp.bak001177cd to %WINDIR%\syswow64\winimhs3.dll
from %WINDIR%\file018.tmp.bak00117786 to %WINDIR%\bakimhs3.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file019.tmp.bak00117740 to %WINDIR%\syswow64\file019.tmp.bak00117740
from %WINDIR%\syswow64\file019.tmp.bak00117740 to %WINDIR%\syswow64\winimhc3.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file019.tmp.bak001176fa to %WINDIR%\file019.tmp.bak001176fa
from %WINDIR%\file019.tmp.bak001176fa to %WINDIR%\bakimhc3t.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file020.tmp.bak001176b2 to %WINDIR%\syswow64\file020.tmp.bak001176b2
from %WINDIR%\syswow64\file015.tmp.bak0011790c to %WINDIR%\syswow64\winhad9u.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file015.tmp.bak0011790c to %WINDIR%\file015.tmp.bak0011790c
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file015.tmp.bak0011790c to %WINDIR%\syswow64\file015.tmp.bak0011790c
from %WINDIR%\file014.tmp.bak0011792e to %WINDIR%\bakhad9k.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file014.tmp.bak0011792e to %WINDIR%\file014.tmp.bak0011792e
from %WINDIR%\syswow64\file010.tmp.bak00117a49 to %WINDIR%\syswow64\winhafnt.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file010.tmp.bak00117a25 to %WINDIR%\file010.tmp.bak00117a25
from %WINDIR%\file010.tmp.bak00117a25 to %WINDIR%\bakhafntt.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file011.tmp.bak001179df to %WINDIR%\syswow64\file011.tmp.bak001179df
from %WINDIR%\syswow64\file011.tmp.bak001179df to %WINDIR%\syswow64\winhaf9k.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file011.tmp.bak001179df to %WINDIR%\file011.tmp.bak001179df
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file009.tmp.bak00117ad6 to %WINDIR%\file009.tmp.bak00117ad6
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file020.tmp.bak00117649 to %WINDIR%\file020.tmp.bak00117649
from %WINDIR%\file011.tmp.bak001179df to %WINDIR%\bakhaf9k.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file012.tmp.bak001179bd to %WINDIR%\file012.tmp.bak001179bd
from %WINDIR%\file012.tmp.bak001179bd to %WINDIR%\bakhaf9u.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file013.tmp.bak00117999 to %WINDIR%\file013.tmp.bak00117999
from %WINDIR%\file013.tmp.bak00117999 to %WINDIR%\bakhadnt.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file014.tmp.bak00117952 to %WINDIR%\syswow64\file014.tmp.bak00117952
from %WINDIR%\syswow64\file014.tmp.bak00117952 to %WINDIR%\syswow64\winhad9k.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file010.tmp.bak00117a49 to %WINDIR%\syswow64\file010.tmp.bak00117a49
from %WINDIR%\syswow64\file012.tmp.bak001179bd to %WINDIR%\syswow64\winhaf9u.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file043.tmp.bak00116fef to %WINDIR%\file043.tmp.bak00116fef
from %WINDIR%\file043.tmp.bak00116fef to %WINDIR%\baktpkt7.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file044.tmp.bak00116fca to %WINDIR%\file044.tmp.bak00116fca
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file072.tmp.bak00118742 to %WINDIR%\file072.tmp.bak00118742
from %WINDIR%\file072.tmp.bak00118742 to %WINDIR%\baksdvwr.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file073.tmp.bak001186d8 to %WINDIR%\syswow64\file073.tmp.bak001186d8
from %WINDIR%\syswow64\file073.tmp.bak001186d8 to %WINDIR%\syswow64\tappaccess.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file073.tmp.bak00118692 to %WINDIR%\file073.tmp.bak00118692
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file069.tmp.bak001188a4 to %WINDIR%\syswow64\file069.tmp.bak001188a4
from %WINDIR%\file073.tmp.bak00118692 to %WINDIR%\baktaacs.sys
from %WINDIR%\syswow64\file074.tmp.bak0011866d to %WINDIR%\syswow64\tsdfmt32.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file074.tmp.bak00118627 to %WINDIR%\file074.tmp.bak00118627
from %WINDIR%\file074.tmp.bak00118627 to %WINDIR%\baksdfmt.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file075.tmp.bak001185e1 to %WINDIR%\syswow64\file075.tmp.bak001185e1
from %WINDIR%\syswow64\file075.tmp.bak001185e1 to %WINDIR%\syswow64\tsdmnt32.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file075.tmp.bak001185bd to %WINDIR%\file075.tmp.bak001185bd
from %WINDIR%\file071.tmp.bak00118789 to %WINDIR%\baktmhk.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file074.tmp.bak0011866d to %WINDIR%\syswow64\file074.tmp.bak0011866d
from %WINDIR%\syswow64\file072.tmp.bak00118789 to %WINDIR%\syswow64\sdviewer.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file072.tmp.bak00118789 to %WINDIR%\syswow64\file072.tmp.bak00118789
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file071.tmp.bak00118789 to %WINDIR%\file071.tmp.bak00118789
from %WINDIR%\syswow64\file071.tmp.bak001187ab to %WINDIR%\syswow64\tmailhook.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file066.tmp.bak00118b67 to %WINDIR%\syswow64\file066.tmp.bak00118b67
from %WINDIR%\syswow64\file066.tmp.bak00118b67 to %WINDIR%\syswow64\sdconsole.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file066.tmp.bak00118a92 to %WINDIR%\file066.tmp.bak00118a92
from %WINDIR%\file066.tmp.bak00118a92 to %WINDIR%\baksdcsl.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file067.tmp.bak0011899b to %WINDIR%\file067.tmp.bak0011899b
from %WINDIR%\file075.tmp.bak001185bd to %WINDIR%\baksdmnt.sys
from %WINDIR%\file067.tmp.bak0011899b to %WINDIR%\baksdoeav.sys
from %WINDIR%\syswow64\file065.tmp.bak00118bf3 to %WINDIR%\syswow64\sdfattr.dll
from %WINDIR%\syswow64\file069.tmp.bak001188a4 to %WINDIR%\syswow64\dtframe32.dll
from %WINDIR%\file069.tmp.bak0011885b to %WINDIR%\bakdtfrm32.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file070.tmp.bak00118839 to %WINDIR%\syswow64\file070.tmp.bak00118839
from %WINDIR%\syswow64\file070.tmp.bak00118839 to %WINDIR%\syswow64\tmailgateway.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file070.tmp.bak001187f3 to %WINDIR%\file070.tmp.bak001187f3
from %WINDIR%\file070.tmp.bak001187f3 to %WINDIR%\baktmgw.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file065.tmp.bak00118bad to %WINDIR%\file065.tmp.bak00118bad
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file071.tmp.bak001187ab to %WINDIR%\syswow64\file071.tmp.bak001187ab
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file069.tmp.bak0011885b to %WINDIR%\file069.tmp.bak0011885b
from %WINDIR%\file065.tmp.bak00118bad to %WINDIR%\baksdfa.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file076.tmp.bak00118577 to %WINDIR%\syswow64\file076.tmp.bak00118577
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file077.tmp.bak00118530 to %WINDIR%\syswow64\drivers\file077.tmp.bak00118530
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file082.tmp.bak001182d6 to %WINDIR%\syswow64\file082.tmp.bak001182d6
from %WINDIR%\syswow64\file082.tmp.bak001182d6 to %WINDIR%\syswow64\sd7zarchive.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file082.tmp.bak001182b4 to %WINDIR%\file082.tmp.bak001182b4
from %WINDIR%\file082.tmp.bak001182b4 to %WINDIR%\baksd7zarv.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file083.tmp.bak0011828f to %WINDIR%\syswow64\file083.tmp.bak0011828f
from %WINDIR%\syswow64\file083.tmp.bak0011828f to %WINDIR%\syswow64\sdtransformer.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file081.tmp.bak00118364 to %WINDIR%\syswow64\file081.tmp.bak00118364
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file083.tmp.bak00118225 to %WINDIR%\file083.tmp.bak00118225
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file084.tmp.bak001181df to %WINDIR%\syswow64\file084.tmp.bak001181df
from %WINDIR%\syswow64\file084.tmp.bak001181df to %WINDIR%\syswow64\sdtranshelper.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file084.tmp.bak00118174 to %WINDIR%\file084.tmp.bak00118174
from %WINDIR%\file084.tmp.bak00118174 to %WINDIR%\baksdtranshlp.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file085.tmp.bak0011812e to %WINDIR%\file085.tmp.bak0011812e
from %WINDIR%\file085.tmp.bak0011812e to %WINDIR%\pwddict.ini
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file081.tmp.bak0011831e to %WINDIR%\file081.tmp.bak0011831e
from %WINDIR%\file081.tmp.bak0011831e to %WINDIR%\baksd7z.sys
from %WINDIR%\syswow64\file081.tmp.bak00118364 to %WINDIR%\syswow64\sd7z.dll
from %WINDIR%\file080.tmp.bak00118386 to %WINDIR%\baktftip.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file086.tmp.bak0011810c to %WINDIR%\file086.tmp.bak0011810c
from %WINDIR%\syswow64\drivers\file077.tmp.bak00118530 to %WINDIR%\syswow64\drivers\tsddrv32.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file077.tmp.bak0011850c to %WINDIR%\file077.tmp.bak0011850c
from %WINDIR%\file077.tmp.bak0011850c to %WINDIR%\baksddrv32.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file078.tmp.bak001184e8 to %WINDIR%\syswow64\file078.tmp.bak001184e8
from %WINDIR%\syswow64\file078.tmp.bak001184e8 to %WINDIR%\syswow64\outlookctrlx.dll
from %WINDIR%\syswow64\file076.tmp.bak00118577 to %WINDIR%\syswow64\pathcvrt32.dll
from %WINDIR%\file076.tmp.bak00118552 to %WINDIR%\bakpathcvrt32.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file076.tmp.bak00118552 to %WINDIR%\file076.tmp.bak00118552
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file078.tmp.bak001184a2 to %WINDIR%\file078.tmp.bak001184a2
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file079.tmp.bak001183cf to %WINDIR%\file079.tmp.bak001183cf
from %WINDIR%\file079.tmp.bak001183cf to %WINDIR%\baksdiskctx2.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file080.tmp.bak001183ab to %WINDIR%\syswow64\file080.tmp.bak001183ab
from %WINDIR%\syswow64\file080.tmp.bak001183ab to %WINDIR%\syswow64\tfloattip.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file080.tmp.bak00118386 to %WINDIR%\file080.tmp.bak00118386
from %WINDIR%\file078.tmp.bak001184a2 to %WINDIR%\bakolctrlx.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file079.tmp.bak0011845b to %WINDIR%\syswow64\file079.tmp.bak0011845b
from %WINDIR%\syswow64\file079.tmp.bak0011845b to %WINDIR%\syswow64\sdiskcontext2.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file065.tmp.bak00118bf3 to %WINDIR%\syswow64\file065.tmp.bak00118bf3
from %WINDIR%\file064.tmp.bak0011654e to %WINDIR%\baksda.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file064.tmp.bak0011654e to %WINDIR%\file064.tmp.bak0011654e
from %WINDIR%\syswow64\drivers\file051.tmp.bak00116e01 to %WINDIR%\syswow64\drivers\tfsfltdrv.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file051.tmp.bak00116e01 to %WINDIR%\file051.tmp.bak00116e01
from %WINDIR%\file051.tmp.bak00116e01 to %WINDIR%\baktfsdrv.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file052.tmp.bak00116ddc to %WINDIR%\syswow64\file052.tmp.bak00116ddc
from %WINDIR%\syswow64\file052.tmp.bak00116ddc to %WINDIR%\syswow64\winencyx.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file052.tmp.bak00116db8 to %WINDIR%\file052.tmp.bak00116db8
from %WINDIR%\file054.tmp.bak00116d08 to %WINDIR%\bakmount.sys
from %WINDIR%\file052.tmp.bak00116db8 to %WINDIR%\bakencyx.sys
from %WINDIR%\syswow64\file053.tmp.bak00116d96 to %WINDIR%\syswow64\trmenushl.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file053.tmp.bak00116d72 to %WINDIR%\file053.tmp.bak00116d72
from %WINDIR%\file053.tmp.bak00116d72 to %WINDIR%\bakmenusl.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file054.tmp.bak00116d2c to %WINDIR%\syswow64\file054.tmp.bak00116d2c
from %WINDIR%\syswow64\file054.tmp.bak00116d2c to %WINDIR%\syswow64\tvdmount.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file050.tmp.bak00116e23 to %WINDIR%\file050.tmp.bak00116e23
from %WINDIR%\syswow64\file050.tmp.bak00116e69 to %WINDIR%\syswow64\orcshk3.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file051.tmp.bak00116e01 to %WINDIR%\syswow64\drivers\file051.tmp.bak00116e01
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file050.tmp.bak00116e69 to %WINDIR%\syswow64\file050.tmp.bak00116e69
from %WINDIR%\file049.tmp.bak00116e8d to %WINDIR%\bakorcs3.sys
from %WINDIR%\file044.tmp.bak00116fca to %WINDIR%\baktpkt7cat.sys
from %WINDIR%\file045.tmp.bak00116fca to %WINDIR%\baktpktvcat.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file046.tmp.bak00116fa8 to %WINDIR%\file046.tmp.bak00116fa8
from %WINDIR%\file046.tmp.bak00116fa8 to %WINDIR%\baktpktvmcat.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file047.tmp.bak00116f3e to %WINDIR%\syswow64\file047.tmp.bak00116f3e
from %WINDIR%\syswow64\file047.tmp.bak00116f3e to %WINDIR%\syswow64\tsafenet.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file054.tmp.bak00116d08 to %WINDIR%\file054.tmp.bak00116d08
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file047.tmp.bak00116f1a to %WINDIR%\file047.tmp.bak00116f1a
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file053.tmp.bak00116d96 to %WINDIR%\syswow64\file053.tmp.bak00116d96
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file048.tmp.bak00116ef8 to %WINDIR%\syswow64\file048.tmp.bak00116ef8
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file048.tmp.bak00116ed3 to %WINDIR%\file048.tmp.bak00116ed3
from %WINDIR%\file048.tmp.bak00116ed3 to %WINDIR%\baktsnetx.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file049.tmp.bak00116eb1 to %WINDIR%\syswow64\file049.tmp.bak00116eb1
from %WINDIR%\syswow64\file049.tmp.bak00116eb1 to %WINDIR%\syswow64\orcs3dll.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file049.tmp.bak00116e8d to %WINDIR%\file049.tmp.bak00116e8d
from %WINDIR%\file047.tmp.bak00116f1a to %WINDIR%\baktsnet.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file045.tmp.bak00116fca to %WINDIR%\file045.tmp.bak00116fca
from %WINDIR%\syswow64\file048.tmp.bak00116ef8 to %WINDIR%\syswow64\tsafenetx.dll
from %WINDIR%\file050.tmp.bak00116e23 to %WINDIR%\bakorch3.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file055.tmp.bak00116cc1 to %WINDIR%\syswow64\drivers\file055.tmp.bak00116cc1
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file060.tmp.bak00116994 to %WINDIR%\file060.tmp.bak00116994
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file061.tmp.bak001168c1 to %WINDIR%\syswow64\file061.tmp.bak001168c1
from %WINDIR%\syswow64\file061.tmp.bak001168c1 to %WINDIR%\syswow64\sdfileicon2.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file061.tmp.bak0011689d to %WINDIR%\file061.tmp.bak0011689d
from %WINDIR%\file061.tmp.bak0011689d to %WINDIR%\baksdfi2.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file062.tmp.bak00116857 to %WINDIR%\syswow64\file062.tmp.bak00116857
from %WINDIR%\syswow64\file060.tmp.bak00116a8d to %WINDIR%\syswow64\sdhelper2.exe
from %WINDIR%\syswow64\drivers\file055.tmp.bak00116cc1 to %WINDIR%\syswow64\drivers\tvdisk.sys
from %WINDIR%\file060.tmp.bak00116994 to %WINDIR%\baksdhlp2.sys
from %WINDIR%\syswow64\file062.tmp.bak00116857 to %WINDIR%\syswow64\tsafedoc2.dll
from %WINDIR%\syswow64\file063.tmp.bak00116760 to %WINDIR%\syswow64\sdcenter.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file063.tmp.bak001166af to %WINDIR%\file063.tmp.bak001166af
from %WINDIR%\file063.tmp.bak001166af to %WINDIR%\baksdc.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file064.tmp.bak001165b8 to %WINDIR%\syswow64\file064.tmp.bak001165b8
from %WINDIR%\syswow64\file064.tmp.bak001165b8 to %WINDIR%\syswow64\sdagent.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file062.tmp.bak001167ca to %WINDIR%\file062.tmp.bak001167ca
from %WINDIR%\file062.tmp.bak001167ca to %WINDIR%\baktsdoc2t.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file063.tmp.bak00116760 to %WINDIR%\syswow64\file063.tmp.bak00116760
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file057.tmp.bak00116ba6 to %WINDIR%\file057.tmp.bak00116ba6
from %WINDIR%\file086.tmp.bak0011810c to %WINDIR%\bak32msm.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file059.tmp.bak00116af5 to %WINDIR%\file059.tmp.bak00116af5
from %WINDIR%\file055.tmp.bak00116c9f to %WINDIR%\baktvd.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file056.tmp.bak00116c9f to %CommonProgramFiles(x86)%\system\file056.tmp.bak00116c9f
from %CommonProgramFiles(x86)%\system\file056.tmp.bak00116c9f to %CommonProgramFiles(x86)%\system\windevctrl64.exe
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file056.tmp.bak00116c35 to %WINDIR%\file056.tmp.bak00116c35
from %WINDIR%\file056.tmp.bak00116c35 to %WINDIR%\bakdevctrl64.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file057.tmp.bak00116bca to %WINDIR%\syswow64\file057.tmp.bak00116bca
from %WINDIR%\file059.tmp.bak00116af5 to %WINDIR%\baksdctx2.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file060.tmp.bak00116a8d to %WINDIR%\syswow64\file060.tmp.bak00116a8d
from %WINDIR%\syswow64\file057.tmp.bak00116bca to %WINDIR%\syswow64\tsafetszc.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file058.tmp.bak00116b84 to %WINDIR%\syswow64\file058.tmp.bak00116b84
from %WINDIR%\syswow64\file058.tmp.bak00116b84 to %WINDIR%\syswow64\winusrmd.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file058.tmp.bak00116b60 to %WINDIR%\file058.tmp.bak00116b60
from %WINDIR%\file058.tmp.bak00116b60 to %WINDIR%\bakusrmd.sys
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file059.tmp.bak00116b3e to %WINDIR%\syswow64\file059.tmp.bak00116b3e
from %WINDIR%\syswow64\file059.tmp.bak00116b3e to %WINDIR%\syswow64\sdcontext2.dll
from %ALLUSERSPROFILE%\ipgaszip20210801161146\file055.tmp.bak00116c9f to %WINDIR%\file055.tmp.bak00116c9f
from %WINDIR%\file057.tmp.bak00116ba6 to %WINDIR%\baktstszc.sys
from <DRIVERS>\set9cea.tmp to <DRIVERS>\tpacket7.sys

Modifies the following files

Substitutes the following files

%ALLUSERSPROFILE%\ipgaszip20210801161146\file003.tmp.bak00117f43
%WINDIR%\syswow64\ocular\msudiskinfo_send2.dat
%WINDIR%\syswow64\ocular\msolbase2.dat
%WINDIR%\syswow64\outlookctrlx.dll
%WINDIR%\baksdeapi.sys
%ALLUSERSPROFILE%\ipgaszip20210801161146\file165.tmp.bak0011955d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file162.tmp.bak0011960d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file161.tmp.bak00119632
%ALLUSERSPROFILE%\ipgaszip20210801161146\file144.tmp.bak00119b4d
%ALLUSERSPROFILE%\ipgaszip20210801161146\file143.tmp.bak00119b71
%ALLUSERSPROFILE%\ipgaszip20210801161146\file142.tmp.bak00119bb7
%ALLUSERSPROFILE%\ipgaszip20210801161146\file135.tmp.bak00119da5
%ALLUSERSPROFILE%\ipgaszip20210801161146\file125.tmp.bak0011874b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file114.tmp.bak0011924b
%ALLUSERSPROFILE%\ipgaszip20210801161146\file097.tmp.bak00117d50
%ALLUSERSPROFILE%\ipgaszip20210801161146\file051.tmp.bak00116e01
%ALLUSERSPROFILE%\ipgaszip20210801161146\file042.tmp.bak00117035
%ALLUSERSPROFILE%\ipgaszip20210801161146\file040.tmp.bak0011709f
%ALLUSERSPROFILE%\ipgaszip20210801161146\file023.tmp.bak00117550
%ALLUSERSPROFILE%\ipgaszip20210801161146\file015.tmp.bak0011790c
%ALLUSERSPROFILE%\ipgaszip20210801161146\file012.tmp.bak001179bd
%ALLUSERSPROFILE%\ipgaszip20210801161146\file011.tmp.bak001179df
%ALLUSERSPROFILE%\ipgaszip20210801161146\file008.tmp.bak00117b1e
%ALLUSERSPROFILE%\ipgaszip20210801161146\file004.tmp.bak00117efa
<SYSTEM32>\outlookctrlx64.dll
<DRIVERSTORE>\INFCACHE.1

Network activity

Connects to

'17#.#9.193.155':8237

UDP

'<LOCALNET>.44.255':8235

Miscellaneous

Searches for the following windows

ClassName: 'SearchableWebView' WindowName: ''
ClassName: '' WindowName: ''
ClassName: 'CtrlNotifySink' WindowName: ''
ClassName: 'Button' WindowName: ''

Creates and executes the following

'%TEMP%\ipgaskernel20210801161133\akernel3.exe'
'%CommonProgramFiles(x86)%\system\systecv3.exe'
'%CommonProgramFiles(x86)%\system\winrdgv3.exe'
'%WINDIR%\syswow64\windowsupdateagent30-x64.exe' /quiet /norestart
'%WINDIR%\syswow64\winrdlv3.exe' winwdgv3.dll,RunMonitor32
'D:\55debf9a5af2d81da66970396ef1\wusetup.exe' /quiet /norestart
'%WINDIR%\syswow64\winrdlv3.exe' winoav3.dll,RunAgent32
'%WINDIR%\syswow64\winrdlv3.exe' ITEuDllvMgr.dll,RunService
'%WINDIR%\syswow64\winrdlv3.exe' winoauv3.dll,RunAgentU32
'%WINDIR%\syswow64\winrdlv3.exe' sdcenter.dll,RunSDCenter32
'<SYSTEM32>\winrdlv3.exe' winoauv364.dll,RunAgentU64
'%WINDIR%\syswow64\onacagent.exe'

Executes the following

'<SYSTEM32>\regsvr32.exe' /s trmenushl64.dll
'<SYSTEM32>\rundll32.exe' <SYSTEM32>\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{343a916a-b8fe-5f80-a339-171f4f654343} Global\{1c781f12-eda0-2ba2-feb8-805f22ec2675} <DRIVERSTORE>\Temp\{64550732-0ea8-1a20-64d1-e341...

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Technical Information

Curing recommendations

Free trial