ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN EN ES FR IT JP KZ UZ BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.MulDrop38.33286

Added to the Dr.Web virus database: 2026-06-25

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'SystemCert' = '"%ALLUSERSPROFILE%\SystemCert\svchostcert.exe"'
Creates or modifies the following files
  • <SYSTEM32>\tasks\systemcertupdate
Modifies file system
Creates the following files
  • %TEMP%\_mei47562\pil\_avif.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pil\_imaging.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pil\_imagingcms.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pil\_imagingmath.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pil\_imagingtk.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pil\_webp.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\vcruntime140.dll
  • %TEMP%\_mei47562\vcruntime140_1.dll
  • %TEMP%\_mei47562\_asyncio.pyd
  • %TEMP%\_mei47562\_bz2.pyd
  • %TEMP%\_mei47562\_cffi_backend.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\_ctypes.pyd
  • %TEMP%\_mei47562\_decimal.pyd
  • %TEMP%\_mei47562\_elementtree.pyd
  • %TEMP%\_mei47562\_hashlib.pyd
  • %TEMP%\_mei47562\_lzma.pyd
  • %TEMP%\_mei47562\_multiprocessing.pyd
  • %TEMP%\_mei47562\_overlapped.pyd
  • %TEMP%\_mei47562\_queue.pyd
  • %TEMP%\_mei47562\_socket.pyd
  • %TEMP%\_mei47562\_sounddevice_data\portaudio-binaries\readme.md
  • %TEMP%\_mei47562\_sounddevice_data\portaudio-binaries\libportaudio64bit-asio.dll
  • %TEMP%\_mei47562\_sounddevice_data\portaudio-binaries\libportaudio64bit.dll
  • %TEMP%\_mei47562\_ssl.pyd
  • %TEMP%\_mei47562\_uuid.pyd
  • %TEMP%\_mei47562\aiohttp\_http_parser.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\aiohttp\_http_writer.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\aiohttp\_websocket\mask.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\aiohttp\_websocket\reader_c.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\api-ms-win-core-console-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-datetime-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-debug-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-errorhandling-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-fibers-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-fibers-l1-1-1.dll
  • %TEMP%\_mei47562\api-ms-win-core-file-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-file-l1-2-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-file-l2-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-handle-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-heap-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-interlocked-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-kernel32-legacy-l1-1-1.dll
  • %TEMP%\_mei47562\api-ms-win-core-libraryloader-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-localization-l1-2-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-memory-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-namedpipe-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-processenvironment-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-processthreads-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-processthreads-l1-1-1.dll
  • %TEMP%\_mei47562\api-ms-win-core-profile-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-rtlsupport-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-string-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-synch-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-synch-l1-2-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-sysinfo-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-sysinfo-l1-2-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-timezone-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-util-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-conio-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-convert-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-environment-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-filesystem-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-heap-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-locale-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-math-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-private-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-process-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-runtime-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-stdio-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-string-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-time-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-utility-l1-1-0.dll
  • %TEMP%\_mei47562\attrs-26.1.0.dist-info\installer
  • %TEMP%\_mei47562\attrs-26.1.0.dist-info\metadata
  • %TEMP%\_mei47562\attrs-26.1.0.dist-info\record
  • %TEMP%\_mei47562\attrs-26.1.0.dist-info\wheel
  • %TEMP%\_mei47562\attrs-26.1.0.dist-info\licenses\license
  • %TEMP%\_mei47562\base_library.zip
  • %TEMP%\_mei47562\frozenlist\_frozenlist.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\libcrypto-1_1.dll
  • %TEMP%\_mei47562\libffi-8.dll
  • %TEMP%\_mei47562\libssl-1_1.dll
  • %TEMP%\_mei47562\multidict\_multidict.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\delvewheel
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\installer
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\metadata
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\record
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\wheel
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\entry_points.txt
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\license.txt
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\include\numpy\libdivide\license.txt
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\src\common\pythoncapi-compat\copying
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\src\highway\license
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\src\multiarray\dragon4_license.txt
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\src\npysort\x86-simd-sort\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\src\umath\svml\license
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\fft\pocketfft\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\linalg\lapack_lite\license.txt
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\ma\license
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\distributions\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\mt19937\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\pcg64\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\philox\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\sfc64\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\splitmix64\license.md
  • %TEMP%\_mei47562\numpy.libs\libscipy_openblas64_-63c857e738469261263c764a36be9436.dll
  • %TEMP%\_mei47562\numpy.libs\msvcp140-a4c2229bdc2a2a630acdc095b4d86008.dll
  • %TEMP%\_mei47562\numpy\_core\_multiarray_tests.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\_core\_multiarray_umath.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\fft\_pocketfft_umath.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\linalg\_umath_linalg.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_bounded_integers.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_common.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_generator.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_mt19937.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_pcg64.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_philox.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_sfc64.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\bit_generator.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\mtrand.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\propcache\_helpers_c.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pyarmor_runtime_000000\pyarmor_runtime.pyd
  • %TEMP%\_mei47562\pyexpat.pyd
  • %TEMP%\_mei47562\python311.dll
  • %TEMP%\_mei47562\scipy.libs\libscipy_openblas-64eda39e79589aedb16f58e5547eb599.dll
  • %TEMP%\_mei47562\scipy\_cyutility.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\_lib\_ccallback_c.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\_lib\_fpumode.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\_lib\_uarray\_uarray.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\_lib\messagestream.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\fft\_pocketfft\pypocketfft.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\integrate\_dop.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\integrate\_odepack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\integrate\_quadpack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\integrate\_vode.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_dfitpack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_dierckx.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_fitpack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_interpnd.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_ppoly.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_rbfinterp_pythran.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_rgi_cython.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\io\_fast_matrix_market\_fmm_core.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\io\matlab\_mio5_utils.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\io\matlab\_mio_utils.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\io\matlab\_streams.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_batched_linalg.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_cythonized_array_utils.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_decomp_interpolative.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_decomp_lu_cython.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_decomp_update.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_fblas.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_flapack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_linalg_pythran.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_matfuncs_expm.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_matfuncs_schur_sqrtm.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_matfuncs_sqrtm_triu.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_solve_toeplitz.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\cython_blas.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\cython_lapack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\ndimage\_nd_image.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\ndimage\_ni_label.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\ndimage\_rank_filter_1d.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_bglu_dense.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_direct.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_group_columns.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_highspy\_core.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_highspy\_highs_options.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_lbfgsb.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_lsap.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_lsq\givens_elimination.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_minpack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_moduletnc.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_pava_pybind.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_slsqplib.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_trlib\_trlib.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_zeros.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\_csparsetools.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\_sparsetools.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_flow.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_matching.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_min_spanning_tree.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_reordering.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_shortest_path.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_tools.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_traversal.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\linalg\_dsolve\_superlu.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\linalg\_eigen\arpack\_arpacklib.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\linalg\_propack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_ckdtree.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_distance_pybind.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_distance_wrap.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_hausdorff.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_qhull.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_voronoi.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\transform\_rigid_transform_cy.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\transform\_rotation_cy.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_comb.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_ellip_harm_2.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_gufuncs.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_specfun.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_special_ufuncs.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_ufuncs.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_ufuncs_cxx.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\cython_special.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_ansari_swilk_statistics.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_biasedurn.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_levy_stable\levyst.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_qmc_cy.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_qmvnt_cy.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_rcont\rcont.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_sobol.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_stats.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_stats_pythran.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\select.pyd
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\installer
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\license
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\metadata
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\record
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\wheel
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\entry_points.txt
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\top_level.txt
  • %TEMP%\_mei47562\ucrtbase.dll
  • %TEMP%\_mei47562\unicodedata.pyd
  • %TEMP%\_mei47562\yarl\_quoting_c.cp311-win_amd64.pyd
  • %ALLUSERSPROFILE%\systemcert\svchostcert.exe
  • %TEMP%\hszjc4zj
  • %TEMP%\tmppsecna1z.xml
Deletes following files that it created itself
  • %TEMP%\hszjc4zj
  • %TEMP%\tmppsecna1z.xml
  • %TEMP%\_mei47562\aiohttp\_http_parser.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\aiohttp\_http_writer.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\aiohttp\_websocket\mask.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\aiohttp\_websocket\reader_c.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\api-ms-win-core-console-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-datetime-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-debug-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-errorhandling-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-fibers-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-fibers-l1-1-1.dll
  • %TEMP%\_mei47562\api-ms-win-core-file-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-file-l1-2-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-file-l2-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-handle-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-heap-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-interlocked-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-kernel32-legacy-l1-1-1.dll
  • %TEMP%\_mei47562\api-ms-win-core-libraryloader-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-localization-l1-2-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-memory-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-namedpipe-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-processenvironment-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-processthreads-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-processthreads-l1-1-1.dll
  • %TEMP%\_mei47562\api-ms-win-core-profile-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-rtlsupport-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-string-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-synch-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-synch-l1-2-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-sysinfo-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-sysinfo-l1-2-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-timezone-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-core-util-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-conio-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-convert-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-environment-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-filesystem-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-heap-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-locale-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-math-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-private-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-process-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-runtime-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-stdio-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-string-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-time-l1-1-0.dll
  • %TEMP%\_mei47562\api-ms-win-crt-utility-l1-1-0.dll
  • %TEMP%\_mei47562\attrs-26.1.0.dist-info\installer
  • %TEMP%\_mei47562\attrs-26.1.0.dist-info\licenses\license
  • %TEMP%\_mei47562\attrs-26.1.0.dist-info\metadata
  • %TEMP%\_mei47562\attrs-26.1.0.dist-info\record
  • %TEMP%\_mei47562\attrs-26.1.0.dist-info\wheel
  • %TEMP%\_mei47562\base_library.zip
  • %TEMP%\_mei47562\frozenlist\_frozenlist.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\libcrypto-1_1.dll
  • %TEMP%\_mei47562\libffi-8.dll
  • %TEMP%\_mei47562\libssl-1_1.dll
  • %TEMP%\_mei47562\multidict\_multidict.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\fft\_pocketfft_umath.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\linalg\_umath_linalg.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\bit_generator.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\mtrand.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_bounded_integers.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_common.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_generator.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_mt19937.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_pcg64.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_philox.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\random\_sfc64.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\_core\_multiarray_tests.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy\_core\_multiarray_umath.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\delvewheel
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\entry_points.txt
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\installer
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\license.txt
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\fft\pocketfft\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\linalg\lapack_lite\license.txt
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\ma\license
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\distributions\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\mt19937\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\pcg64\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\philox\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\sfc64\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\random\src\splitmix64\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\include\numpy\libdivide\license.txt
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\src\common\pythoncapi-compat\copying
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\src\highway\license
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\src\multiarray\dragon4_license.txt
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\src\npysort\x86-simd-sort\license.md
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\licenses\numpy\_core\src\umath\svml\license
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\metadata
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\record
  • %TEMP%\_mei47562\numpy-2.4.4.dist-info\wheel
  • %TEMP%\_mei47562\numpy.libs\libscipy_openblas64_-63c857e738469261263c764a36be9436.dll
  • %TEMP%\_mei47562\numpy.libs\msvcp140-a4c2229bdc2a2a630acdc095b4d86008.dll
  • %TEMP%\_mei47562\pil\_avif.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pil\_imaging.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pil\_imagingcms.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pil\_imagingmath.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pil\_imagingtk.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pil\_webp.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\propcache\_helpers_c.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\pyarmor_runtime_000000\pyarmor_runtime.pyd
  • %TEMP%\_mei47562\pyexpat.pyd
  • %TEMP%\_mei47562\python311.dll
  • %TEMP%\_mei47562\scipy\fft\_pocketfft\pypocketfft.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\integrate\_dop.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\integrate\_odepack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\integrate\_quadpack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\integrate\_vode.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_dfitpack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_dierckx.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_fitpack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_interpnd.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_ppoly.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_rbfinterp_pythran.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\interpolate\_rgi_cython.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\io\matlab\_mio5_utils.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\io\matlab\_mio_utils.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\io\matlab\_streams.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\io\_fast_matrix_market\_fmm_core.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\cython_blas.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\cython_lapack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_batched_linalg.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_cythonized_array_utils.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_decomp_interpolative.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_decomp_lu_cython.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_decomp_update.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_fblas.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_flapack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_linalg_pythran.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_matfuncs_expm.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_matfuncs_schur_sqrtm.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_matfuncs_sqrtm_triu.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\linalg\_solve_toeplitz.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\ndimage\_nd_image.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\ndimage\_ni_label.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\ndimage\_rank_filter_1d.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_bglu_dense.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_direct.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_group_columns.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_highspy\_core.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_highspy\_highs_options.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_lbfgsb.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_lsap.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_lsq\givens_elimination.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_minpack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_moduletnc.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_pava_pybind.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_slsqplib.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_trlib\_trlib.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\optimize\_zeros.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_flow.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_matching.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_min_spanning_tree.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_reordering.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_shortest_path.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_tools.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\csgraph\_traversal.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\linalg\_dsolve\_superlu.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\linalg\_eigen\arpack\_arpacklib.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\linalg\_propack.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\_csparsetools.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\sparse\_sparsetools.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\transform\_rigid_transform_cy.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\transform\_rotation_cy.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_ckdtree.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_distance_pybind.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_distance_wrap.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_hausdorff.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_qhull.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\spatial\_voronoi.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\cython_special.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_comb.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_ellip_harm_2.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_gufuncs.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_specfun.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_special_ufuncs.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_ufuncs.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\special\_ufuncs_cxx.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_ansari_swilk_statistics.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_biasedurn.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_levy_stable\levyst.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_qmc_cy.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_qmvnt_cy.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_rcont\rcont.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_sobol.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_stats.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\stats\_stats_pythran.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\_cyutility.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\_lib\messagestream.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\_lib\_ccallback_c.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\_lib\_fpumode.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy\_lib\_uarray\_uarray.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\scipy.libs\libscipy_openblas-64eda39e79589aedb16f58e5547eb599.dll
  • %TEMP%\_mei47562\select.pyd
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\entry_points.txt
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\installer
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\license
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\metadata
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\record
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\top_level.txt
  • %TEMP%\_mei47562\setuptools-65.5.0.dist-info\wheel
  • %TEMP%\_mei47562\ucrtbase.dll
  • %TEMP%\_mei47562\unicodedata.pyd
  • %TEMP%\_mei47562\vcruntime140.dll
  • %TEMP%\_mei47562\vcruntime140_1.dll
  • %TEMP%\_mei47562\yarl\_quoting_c.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\_asyncio.pyd
  • %TEMP%\_mei47562\_bz2.pyd
  • %TEMP%\_mei47562\_cffi_backend.cp311-win_amd64.pyd
  • %TEMP%\_mei47562\_ctypes.pyd
  • %TEMP%\_mei47562\_decimal.pyd
  • %TEMP%\_mei47562\_elementtree.pyd
  • %TEMP%\_mei47562\_hashlib.pyd
  • %TEMP%\_mei47562\_lzma.pyd
  • %TEMP%\_mei47562\_multiprocessing.pyd
  • %TEMP%\_mei47562\_overlapped.pyd
  • %TEMP%\_mei47562\_queue.pyd
  • %TEMP%\_mei47562\_socket.pyd
  • %TEMP%\_mei47562\_sounddevice_data\portaudio-binaries\libportaudio64bit-asio.dll
  • %TEMP%\_mei47562\_sounddevice_data\portaudio-binaries\libportaudio64bit.dll
  • %TEMP%\_mei47562\_sounddevice_data\portaudio-binaries\readme.md
  • %TEMP%\_mei47562\_ssl.pyd
  • %TEMP%\_mei47562\_uuid.pyd
Miscellaneous
Restarts the analyzed sample
Executes the following
  • '<SYSTEM32>\cmd.exe' /c "ver"
  • '<SYSTEM32>\schtasks.exe' /create /tn SystemCertUpdate /xml %TEMP%\tmppsecna1z.xml /f
  • '<SYSTEM32>\cmd.exe' /c "ver"' (with hidden window)

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play