ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.Siggen32.27048

Added to the Dr.Web virus database: 2026-02-27

Virus description added:

Technical Information

To ensure autorun and distribution
Creates or modifies the following files
  • %APPDATA%\microsoft\windows\start menu\programs\startup\    ‍.scr
Malicious functions
To complicate detection of its presence in the operating system,
adds antivirus exclusion:
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -Enabl...
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %HOMEPATH%\AppData"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %HOMEPATH%\Local"
Terminates or attempts to terminate
the following user processes:
  • firefox.exe
Reads files which store third party applications passwords
  • %LOCALAPPDATA%\google\chrome\user data\default\login data
  • %LOCALAPPDATA%\google\chrome\user data\default\web data
  • %LOCALAPPDATA%\microsoft\edge\user data\default\login data
  • %LOCALAPPDATA%\microsoft\edge\user data\default\web data
  • %APPDATA%\opera software\opera stable\login data
  • %HOMEPATH%\desktop\508softwareandos.doc
  • %HOMEPATH%\desktop\adhd_and_obesity.docx
Modifies file system
Creates the following files
  • %TEMP%\_mei33402\cryptodome\cipher\_arc4.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_salsa20.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_chacha20.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_pkcs1_decode.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_aes.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_aesni.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_arc2.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_blowfish.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_cast.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_cbc.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_cfb.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_ctr.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_des.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_des3.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_ecb.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_eksblowfish.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_ocb.pyd
  • %TEMP%\_mei33402\cryptodome\cipher\_raw_ofb.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_blake2b.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_blake2s.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_md2.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_md4.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_md5.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_ripemd160.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_sha1.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_sha224.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_sha256.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_sha384.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_sha512.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_ghash_clmul.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_ghash_portable.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_keccak.pyd
  • %TEMP%\_mei33402\cryptodome\hash\_poly1305.pyd
  • %TEMP%\_mei33402\cryptodome\math\_modexp.pyd
  • %TEMP%\_mei33402\cryptodome\protocol\_scrypt.pyd
  • %TEMP%\_mei33402\cryptodome\publickey\_curve25519.pyd
  • %TEMP%\_mei33402\cryptodome\publickey\_curve448.pyd
  • %TEMP%\_mei33402\cryptodome\publickey\_ec_ws.pyd
  • %TEMP%\_mei33402\cryptodome\publickey\_ed25519.pyd
  • %TEMP%\_mei33402\cryptodome\publickey\_ed448.pyd
  • %TEMP%\_mei33402\cryptodome\util\_cpuid_c.pyd
  • %TEMP%\_mei33402\cryptodome\util\_strxor.pyd
  • %TEMP%\_mei33402\pil\_imaging.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\pil\_imagingcms.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\pil\_imagingmath.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\pil\_imagingtk.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\pil\_webp.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\vcruntime140.dll
  • %TEMP%\_mei33402\vcruntime140_1.dll
  • %TEMP%\_mei33402\_asyncio.pyd
  • %TEMP%\_mei33402\_bz2.pyd
  • %TEMP%\_mei33402\_cffi_backend.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\_ctypes.pyd
  • %TEMP%\_mei33402\_decimal.pyd
  • %TEMP%\_mei33402\_elementtree.pyd
  • %TEMP%\_mei33402\_hashlib.pyd
  • %TEMP%\_mei33402\_lzma.pyd
  • %TEMP%\_mei33402\_multiprocessing.pyd
  • %TEMP%\_mei33402\_overlapped.pyd
  • %TEMP%\_mei33402\_queue.pyd
  • %TEMP%\_mei33402\_socket.pyd
  • %TEMP%\_mei33402\_sqlite3.pyd
  • %TEMP%\_mei33402\_ssl.pyd
  • %TEMP%\_mei33402\_uuid.pyd
  • %TEMP%\_mei33402\_wmi.pyd
  • %TEMP%\_mei33402\base_library.zip
  • %TEMP%\_mei33402\certifi\cacert.pem
  • %TEMP%\_mei33402\charset_normalizer\md.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\charset_normalizer\md__mypyc.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\cryptography-43.0.3.dist-info\installer
  • %TEMP%\_mei33402\cryptography-43.0.3.dist-info\metadata
  • %TEMP%\_mei33402\cryptography-43.0.3.dist-info\record
  • %TEMP%\_mei33402\cryptography-43.0.3.dist-info\wheel
  • %TEMP%\_mei33402\cryptography-43.0.3.dist-info\license_files\license
  • %TEMP%\_mei33402\cryptography-43.0.3.dist-info\license_files\license.apache
  • %TEMP%\_mei33402\cryptography-43.0.3.dist-info\license_files\license.bsd
  • %TEMP%\_mei33402\cryptography\hazmat\bindings\_rust.pyd
  • %TEMP%\_mei33402\cv2\__init__.py
  • %TEMP%\_mei33402\cv2\config-3.py
  • %TEMP%\_mei33402\cv2\config.py
  • %TEMP%\_mei33402\cv2\cv2.pyd
  • %TEMP%\_mei33402\cv2\data\__init__.py
  • %TEMP%\_mei33402\cv2\gapi\__init__.py
  • %TEMP%\_mei33402\cv2\load_config_py3.py
  • %TEMP%\_mei33402\cv2\mat_wrapper\__init__.py
  • %TEMP%\_mei33402\cv2\misc\__init__.py
  • %TEMP%\_mei33402\cv2\misc\version.py
  • %TEMP%\_mei33402\cv2\opencv_videoio_ffmpeg4100_64.dll
  • %TEMP%\_mei33402\cv2\typing\__init__.py
  • %TEMP%\_mei33402\cv2\utils\__init__.py
  • %TEMP%\_mei33402\cv2\version.py
  • %TEMP%\_mei33402\libcrypto-3.dll
  • %TEMP%\_mei33402\libffi-8.dll
  • %TEMP%\_mei33402\libssl-3.dll
  • %TEMP%\_mei33402\luna.aes
  • %TEMP%\_mei33402\lz4-4.3.3.dist-info\installer
  • %TEMP%\_mei33402\lz4-4.3.3.dist-info\license
  • %TEMP%\_mei33402\lz4-4.3.3.dist-info\metadata
  • %TEMP%\_mei33402\lz4-4.3.3.dist-info\record
  • %TEMP%\_mei33402\lz4-4.3.3.dist-info\wheel
  • %TEMP%\_mei33402\lz4-4.3.3.dist-info\top_level.txt
  • %TEMP%\_mei33402\lz4\_version.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\lz4\block\_block.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy.libs\libscipy_openblas64_-c16e4918366c6bc1f1cd71e28ca36fc0.dll
  • %TEMP%\_mei33402\numpy.libs\msvcp140-23ebcc0b37c8e3d074511f362feac48b.dll
  • %TEMP%\_mei33402\numpy\_core\_multiarray_tests.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\_core\_multiarray_umath.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\fft\_pocketfft_umath.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\random\_bounded_integers.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\random\_common.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\random\_generator.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\random\_mt19937.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\random\_pcg64.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\random\_philox.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\random\_sfc64.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\random\bit_generator.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\numpy\random\mtrand.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\psutil\_psutil_windows.pyd
  • %TEMP%\_mei33402\pycountry-24.6.1.dist-info\installer
  • %TEMP%\_mei33402\pycountry-24.6.1.dist-info\license.txt
  • %TEMP%\_mei33402\pycountry-24.6.1.dist-info\metadata
  • %TEMP%\_mei33402\pycountry-24.6.1.dist-info\record
  • %TEMP%\_mei33402\pycountry-24.6.1.dist-info\wheel
  • %TEMP%\_mei33402\pycountry\copyright.txt
  • %TEMP%\_mei33402\pycountry\databases\iso15924.json
  • %TEMP%\_mei33402\pycountry\databases\iso3166-1.json
  • %TEMP%\_mei33402\pycountry\databases\iso3166-2.json
  • %TEMP%\_mei33402\pycountry\databases\iso3166-3.json
  • %TEMP%\_mei33402\pycountry\databases\iso4217.json
  • %TEMP%\_mei33402\pycountry\databases\iso639-3.json
  • %TEMP%\_mei33402\pycountry\databases\iso639-5.json
  • %TEMP%\_mei33402\pycountry\locales\ab\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ab\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\ace\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ach\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\af\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\af\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\af\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ak\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\am\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\am\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\am\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\an\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ar\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\ar\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ar\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ar\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\ar\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\as\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\as\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ast\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\ast\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ast\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\ast\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ast\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\ast\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ast\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\ay\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\az\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\az\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\az\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\az\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ba\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\bar\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\be\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\be\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\be\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\be\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\be\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\be\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\be\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\bg\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\bg\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\bg\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\bg\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\bg\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\bi\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\bn\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\bn\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\bn\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\bn\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\bn\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\bn_bd\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\bn_bd\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\bn_bd\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\bn_in\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\bn_in\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\br\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\br\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\br\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\br\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\br\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\bs\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\bs\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\bs\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\bs\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\byn\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\byn\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\byn\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ca\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\ca\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ca\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\ca\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ca\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\ca\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ce\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ch\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\chr\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ckb\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\crh\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\crh\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\crh\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\crh\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\cs\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\cs\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\cs\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\cs\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\cs\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\cs\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\cs\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\csb\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\cv\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\cv\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\cy\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\cy\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\cy\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\cy\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\cy\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\cy\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\cy\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\da\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\da\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\da\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\da\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\da\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\da\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\da\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\de\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\de\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\de\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\de\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\de\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\de\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\de\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\dv\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\dz\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\dz\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ee\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\el\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\el\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\el\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\el\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\el\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\el\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\el\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\en\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\eo\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\eo\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\eo\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\eo\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\eo\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\eo\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\eo\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\es\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\es\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\es\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\es\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\es\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\es\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\et\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\et\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\et\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\et\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\et\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\et\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\et\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\eu\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\eu\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\eu\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\eu\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\eu\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\eu\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\fa\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\fa\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\fa\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\fa\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\fa\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ff\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\fi\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\fi\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\fi\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\fi\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\fi\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\fi\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\fil\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\fil\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\fil\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\fo\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\fo\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\fr\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\fr\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\fr\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\fr\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\fr\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\fr\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\fr\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\frp\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\fur\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\fur\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\fur\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\fur\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\fy\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ga\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ga\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\ga\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ga\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\ga\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\gez\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\gez\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\gez\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\gl\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\gl\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\gl\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\gl\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\gl\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\gn\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\gu\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\gu\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\gu\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\gv\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ha\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\haw\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\haw\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\he\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\he\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\he\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\he\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\he\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\hi\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\hi\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\hi\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\hi\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\hr\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\hr\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\hr\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\hr\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\hr\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\hr\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\hr\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\ht\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\hu\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\hu\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\hu\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\hu\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\hu\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\hu\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\hu\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\hy\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\hy\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ia\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\ia\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ia\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\id\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\id\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\id\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\id\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\id\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\id\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\id\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\io\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\is\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\is\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\is\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\is\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\is\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\is\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\is\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\it\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\it\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\it\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\it\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\it\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\it\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\it\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\iu\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ja\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\ja\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ja\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\ja\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ja\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\ja\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\jam\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ka\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\ka\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ka\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\ka\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ka\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\ka\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ka\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\kab\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\kab\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\kab\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\kab\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\kab\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\kab\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\ki\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\kk\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\kk\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\kl\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\km\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\km\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\km\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\km\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\kmr\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\kmr\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\kmr\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\kn\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\kn\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\kn\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ko\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\ko\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ko\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\ko\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ko\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\ko\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\kok\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\kv\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\kw\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ky\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ky\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\lo\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\lt\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\lt\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\lt\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\lt\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\lt\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\lt\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\lt\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\lv\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\lv\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\lv\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\lv\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\lv\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\lv\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\mai\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\mhr\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\mi\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\mi\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\mi\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\mk\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\mk\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\mk\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ml\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\ml\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ml\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\mn\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\mn\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\mn\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\mn\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\mr\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\mr\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\mr\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ms\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ms\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ms\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\mt\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\mt\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\mt\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\my\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\na\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\nah\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\nb_no\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\nb_no\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\nb_no\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\nb_no\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\nb_no\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\nb_no\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\nb_no\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\ne\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ne\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\nl\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\nl\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\nl\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\nl\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\nl\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\nl\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\nl\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\nn\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\nn\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\nn\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\nn\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\nn\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\nso\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\nso\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\nso\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\nso\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\nv\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\oc\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\oc\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\oc\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\oc\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\oc\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\oc\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\oc\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\or\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\or\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\or\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\pa\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\pa\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\pa\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\pa_pk\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\pa_pk\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\pa_pk\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\pap\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\pi\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\pl\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\pl\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\pl\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\pl\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\pl\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\pl\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\pl\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\ps\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ps\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ps\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\pt\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\pt\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\pt\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\pt\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\pt\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\pt_br\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\pt_br\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\pt_br\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\pt_br\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\pt_br\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\pt_br\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\pt_br\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\ro\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\ro\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ro\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\ro\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ro\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\ro\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ro\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\ro_md\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ru\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\ru\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ru\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\ru\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ru\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\ru\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ru\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\rw\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\rw\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\rw\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\rw\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sc\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\sc\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\sc\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\sc\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sc\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\sc\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sc\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\sd\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\si\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\si\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\si\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sk\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\sk\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\sk\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\sk\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sk\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\sk\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sl\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\sl\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\sl\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\sl\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sl\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\sl\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\so\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\so\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\so\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\so\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\so\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\so\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\son\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\sq\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\sq\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\sq\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\sq\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sq\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\sq\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sq\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\sr@latin\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\sr@latin\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\sr@latin\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\sr@latin\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sr@latin\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\sr@latin\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sr@latin\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\sr\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\sr\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\sr\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\sr\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sr\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\sr\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sr\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\sv\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\sv\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\sv\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\sv\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sv\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\sv\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\sv\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\sw\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\sw\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ta\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\ta\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ta\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\ta\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ta\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\ta\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ta\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\te\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\te\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tg\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\th\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\th\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\th\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\th\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\th\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\th\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ti\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ti\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ti\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tig\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\tig\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tig\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tk\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\tk\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tl\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\tl\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tr\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\tr\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\tr\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\tr\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tr\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\tr\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tr\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\tt@iqtelif\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\tt@iqtelif\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tt@iqtelif\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tt\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\tt\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tt\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\tzm\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\tzm\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\tzm\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\ug\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ug\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\uk\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\uk\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\uk\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\uk\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\uk\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\uk\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\uk\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\ur\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\uz\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ve\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\ve\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\ve\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\ve\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\vi\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\vi\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\vi\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\vi\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\vi\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\vi\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\wa\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\wa\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\wa\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\wa\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\wal\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\wal\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\wo\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\wo\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\xh\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\xh\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\xh\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\yo\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_cn\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_cn\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_cn\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_cn\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_cn\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_cn\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_hk\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_hk\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_hk\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_hk\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_hans\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_hant\lc_messages\iso639-5.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_tw\lc_messages\iso15924.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_tw\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_tw\lc_messages\iso3166-2.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_tw\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_tw\lc_messages\iso4217.mo
  • %TEMP%\_mei33402\pycountry\locales\zh_tw\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pycountry\locales\zu\lc_messages\iso3166-1.mo
  • %TEMP%\_mei33402\pycountry\locales\zu\lc_messages\iso3166-3.mo
  • %TEMP%\_mei33402\pycountry\locales\zu\lc_messages\iso639-3.mo
  • %TEMP%\_mei33402\pyexpat.pyd
  • %TEMP%\_mei33402\python3.dll
  • %TEMP%\_mei33402\python312.dll
  • %TEMP%\_mei33402\pywin32_system32\pywintypes312.dll
  • %TEMP%\_mei33402\select.pyd
  • %TEMP%\_mei33402\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\installer
  • %TEMP%\_mei33402\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\license
  • %TEMP%\_mei33402\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\metadata
  • %TEMP%\_mei33402\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\record
  • %TEMP%\_mei33402\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\wheel
  • %TEMP%\_mei33402\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt
  • %TEMP%\_mei33402\setuptools\_vendor\jaraco\text\lorem ipsum.txt
  • %TEMP%\_mei33402\setuptools\_vendor\wheel-0.43.0.dist-info\installer
  • %TEMP%\_mei33402\setuptools\_vendor\wheel-0.43.0.dist-info\license.txt
  • %TEMP%\_mei33402\setuptools\_vendor\wheel-0.43.0.dist-info\metadata
  • %TEMP%\_mei33402\setuptools\_vendor\wheel-0.43.0.dist-info\record
  • %TEMP%\_mei33402\setuptools\_vendor\wheel-0.43.0.dist-info\wheel
  • %TEMP%\_mei33402\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt
  • %TEMP%\_mei33402\sqlite3.dll
  • %TEMP%\_mei33402\unicodedata.pyd
  • %TEMP%\_mei33402\win32\win32crypt.pyd
  • %TEMP%\_mei33402\win32\win32pdh.pyd
  • %TEMP%\_mei33402\zstandard\_cffi.cp312-win_amd64.pyd
  • %TEMP%\_mei33402\zstandard\backend_c.cp312-win_amd64.pyd
  • %TEMP%\dd_setup.txt
  • %TEMP%\nchpxq2eti\browser\history.txt
  • %TEMP%\nchpxq2eti\browser\cc's.txt
  • %TEMP%\nchpxq2eti\common files\508softwareandos.doc
  • %TEMP%\nchpxq2eti\common files\adhd_and_obesity.docx
  • %TEMP%\nchpxq2eti\clipboard\clipboard.txt
  • %TEMP%\nchpxq2eti\wifi\no wifi networks found.txt
Sets the 'hidden' attribute to the following files
  • %APPDATA%\microsoft\windows\start menu\programs\startup\    ‍.scr
Network activity
Connects to
  • 'gs##tic.com':443
  • 'ra#.####ubusercontent.com':443
TCP
Other
  • 'gs##tic.com':443
  • 'ra#.####ubusercontent.com':443
UDP
  • DNS ASK gs##tic.com
  • DNS ASK lu###odsfd.in
  • DNS ASK ra#.####ubusercontent.com
Miscellaneous
Restarts the analyzed sample
Executes the following
  • '<SYSTEM32>\cmd.exe' /c "wmic csproduct get uuid"
  • '<SYSTEM32>\wbem\wmic.exe' csproduct get uuid
  • '<SYSTEM32>\cmd.exe' /c "wmic path win32_VideoController get name"
  • '<SYSTEM32>\wbem\wmic.exe' path win32_VideoController get name
  • '<SYSTEM32>\cmd.exe' /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAcc...
  • '<SYSTEM32>\cmd.exe' /c attrib +h +s "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\    ‍.scr"
  • '<SYSTEM32>\netsh.exe' wlan show profiles
  • '<SYSTEM32>\attrib.exe' +h +s "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\    ‍.scr"
  • '<SYSTEM32>\cmd.exe' /c "ver"
  • '<SYSTEM32>\cmd.exe' /c "powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\AppData" & powershell.exe -inputformat none -outputformat none -N...
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "Set-MpPreference -ExclusionExtension '.exe','.py'"
  • '<SYSTEM32>\cmd.exe' /c "wmic csproduct get uuid"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "wmic path win32_VideoController get name"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAcc...' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "ver"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\AppData" & powershell.exe -inputformat none -outputformat none -N...' (with hidden window)

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play