Trojan.Siggen21.18614

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'

Sets the following service settings

[HKLM\System\CurrentControlSet\Services\TNullFilter] 'Start' = '00000000'
[HKLM\System\CurrentControlSet\Services\TNullFilter] 'ImagePath' = 'system32\DRIVERS\TNullFilter.sys'
[HKLM\System\CurrentControlSet\Services\.Winhlpsvr] 'Start' = '00000002'
[HKLM\System\CurrentControlSet\Services\.Winhlpsvr] 'ImagePath' = '"%CommonProgramFiles(x86)%\System\winrdgv3.exe"'

Creates the following services

'TNullFilter' system32\DRIVERS\TNullFilter.sys
'.Winhlpsvr' "%CommonProgramFiles(x86)%\System\winrdgv3.exe"
'.Winhlpsvr' %CommonProgramFiles(x86)%\System\winrdgv3.exe

Malicious functions

Injects code into

the following system processes:

<SYSTEM32>\wininit.exe

Registers file system filter

[HKLM\System\CurrentControlSet\Services\TNullFilter] 'Group' = 'FSFilter Compression'

Modifies file system

Creates the following files

%TEMP%\agentinstall\installation.log
%ALLUSERSPROFILE%\ipgaszip20230815173002\file093.tmp.bak00119583
%ALLUSERSPROFILE%\ipgaszip20230815173002\file093.tmp.bak001195ca
%ALLUSERSPROFILE%\ipgaszip20230815173002\file092.tmp.bak0011967a
%ALLUSERSPROFILE%\ipgaszip20230815173002\file092.tmp.bak001196e5
%ALLUSERSPROFILE%\ipgaszip20230815173002\file091.tmp.bak0011972b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file091.tmp.bak0011974f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file086.tmp.bak001197b8
%ALLUSERSPROFILE%\ipgaszip20230815173002\file086.tmp.bak00119868
%ALLUSERSPROFILE%\ipgaszip20230815173002\file085.tmp.bak001198b1
%ALLUSERSPROFILE%\ipgaszip20230815173002\file085.tmp.bak001198d3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file084.tmp.bak001198f7
%ALLUSERSPROFILE%\ipgaszip20230815173002\file084.tmp.bak00119962
%ALLUSERSPROFILE%\ipgaszip20230815173002\file074.tmp.bak0011926d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file083.tmp.bak001199ca
%ALLUSERSPROFILE%\ipgaszip20230815173002\file081.tmp.bak00119a9f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file080.tmp.bak00119b09
%ALLUSERSPROFILE%\ipgaszip20230815173002\file079.tmp.bak00119b4f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file079.tmp.bak001190c6
%ALLUSERSPROFILE%\ipgaszip20230815173002\file078.tmp.bak001190c6
%ALLUSERSPROFILE%\ipgaszip20230815173002\file078.tmp.bak001190ea
%ALLUSERSPROFILE%\ipgaszip20230815173002\file077.tmp.bak0011910c
%ALLUSERSPROFILE%\ipgaszip20230815173002\file077.tmp.bak00119154
%ALLUSERSPROFILE%\ipgaszip20230815173002\file076.tmp.bak00119176
%ALLUSERSPROFILE%\ipgaszip20230815173002\file076.tmp.bak0011919b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file075.tmp.bak0011919b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file075.tmp.bak001191bd
%ALLUSERSPROFILE%\ipgaszip20230815173002\file082.tmp.bak00119a12
%ALLUSERSPROFILE%\ipgaszip20230815173002\file074.tmp.bak00119227
%ALLUSERSPROFILE%\ipgaszip20230815173002\file094.tmp.bak0011955f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file103.tmp.bak001192c1
%ALLUSERSPROFILE%\ipgaszip20230815173002\file110.tmp.bak001190ae
%ALLUSERSPROFILE%\ipgaszip20230815173002\file110.tmp.bak001190d0
%ALLUSERSPROFILE%\ipgaszip20230815173002\file109.tmp.bak00119117
%ALLUSERSPROFILE%\ipgaszip20230815173002\file109.tmp.bak0011915f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file108.tmp.bak001191a5
%ALLUSERSPROFILE%\ipgaszip20230815173002\file107.tmp.bak001191ec
%ALLUSERSPROFILE%\ipgaszip20230815173002\file107.tmp.bak00119232
%ALLUSERSPROFILE%\ipgaszip20230815173002\file106.tmp.bak00119232
%ALLUSERSPROFILE%\ipgaszip20230815173002\file106.tmp.bak00119256
%ALLUSERSPROFILE%\ipgaszip20230815173002\file105.tmp.bak00119256
%ALLUSERSPROFILE%\ipgaszip20230815173002\file105.tmp.bak0011929c
%ALLUSERSPROFILE%\ipgaszip20230815173002\file104.tmp.bak0011929c
%ALLUSERSPROFILE%\ipgaszip20230815173002\file095.tmp.bak001194d3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file094.tmp.bak00119519
%ALLUSERSPROFILE%\ipgaszip20230815173002\file102.tmp.bak001192c1
%ALLUSERSPROFILE%\ipgaszip20230815173002\file102.tmp.bak001192e3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file101.tmp.bak001192e3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file101.tmp.bak00119307
%ALLUSERSPROFILE%\ipgaszip20230815173002\file100.tmp.bak00119329
%ALLUSERSPROFILE%\ipgaszip20230815173002\file099.tmp.bak00119371
%ALLUSERSPROFILE%\ipgaszip20230815173002\file099.tmp.bak00119393
%ALLUSERSPROFILE%\ipgaszip20230815173002\file098.tmp.bak001193da
%ALLUSERSPROFILE%\ipgaszip20230815173002\file098.tmp.bak001193fe
%ALLUSERSPROFILE%\ipgaszip20230815173002\file097.tmp.bak00119422
%ALLUSERSPROFILE%\ipgaszip20230815173002\file097.tmp.bak00119444
%ALLUSERSPROFILE%\ipgaszip20230815173002\file096.tmp.bak0011948a
%ALLUSERSPROFILE%\ipgaszip20230815173002\file103.tmp.bak0011929c
%ALLUSERSPROFILE%\ipgaszip20230815173002\file111.tmp.bak00118ffe
%ALLUSERSPROFILE%\ipgaszip20230815173002\file111.tmp.bak00119066
%ALLUSERSPROFILE%\ipgaszip20230815173002\file072.tmp.bak001192fc
%ALLUSERSPROFILE%\ipgaszip20230815173002\file047.tmp.bak00118037
%ALLUSERSPROFILE%\ipgaszip20230815173002\file053.tmp.bak00117ddf
%ALLUSERSPROFILE%\ipgaszip20230815173002\file053.tmp.bak00117e01
%ALLUSERSPROFILE%\ipgaszip20230815173002\file052.tmp.bak00117e49
%ALLUSERSPROFILE%\ipgaszip20230815173002\file052.tmp.bak00117eb1
%ALLUSERSPROFILE%\ipgaszip20230815173002\file051.tmp.bak00117ed6
%ALLUSERSPROFILE%\ipgaszip20230815173002\file051.tmp.bak00117efa
%ALLUSERSPROFILE%\ipgaszip20230815173002\file050.tmp.bak00117f40
%ALLUSERSPROFILE%\ipgaszip20230815173002\file050.tmp.bak00117f62
%ALLUSERSPROFILE%\ipgaszip20230815173002\file049.tmp.bak00117fab
%ALLUSERSPROFILE%\ipgaszip20230815173002\file049.tmp.bak00117ff1
%ALLUSERSPROFILE%\ipgaszip20230815173002\file048.tmp.bak00118013
%ALLUSERSPROFILE%\ipgaszip20230815173002\file054.tmp.bak00117dba
%ALLUSERSPROFILE%\ipgaszip20230815173002\file055.tmp.bak00117d98
%ALLUSERSPROFILE%\ipgaszip20230815173002\file072.tmp.bak001192b6
%ALLUSERSPROFILE%\ipgaszip20230815173002\file046.tmp.bak0011807d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file045.tmp.bak001180a2
%ALLUSERSPROFILE%\ipgaszip20230815173002\file044.tmp.bak001180c3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file044.tmp.bak001180e8
%ALLUSERSPROFILE%\ipgaszip20230815173002\file043.tmp.bak0011810c
%ALLUSERSPROFILE%\ipgaszip20230815173002\file043.tmp.bak0011812e
%ALLUSERSPROFILE%\ipgaszip20230815173002\file042.tmp.bak0011812e
%ALLUSERSPROFILE%\ipgaszip20230815173002\file041.tmp.bak00118152
%ALLUSERSPROFILE%\ipgaszip20230815173002\file040.tmp.bak00118152
%ALLUSERSPROFILE%\ipgaszip20230815173002\file039.tmp.bak00118174
%ALLUSERSPROFILE%\ipgaszip20230815173002\file039.tmp.bak00118198
%ALLUSERSPROFILE%\ipgaszip20230815173002\file046.tmp.bak0011805b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file073.tmp.bak00119292
%ALLUSERSPROFILE%\ipgaszip20230815173002\file055.tmp.bak00117d50
%ALLUSERSPROFILE%\ipgaszip20230815173002\file063.tmp.bak00117194
%ALLUSERSPROFILE%\ipgaszip20230815173002\file065.tmp.bak00119742
%ALLUSERSPROFILE%\ipgaszip20230815173002\file071.tmp.bak00119367
%ALLUSERSPROFILE%\ipgaszip20230815173002\file070.tmp.bak001193cf
%ALLUSERSPROFILE%\ipgaszip20230815173002\file070.tmp.bak00119417
%ALLUSERSPROFILE%\ipgaszip20230815173002\file069.tmp.bak00119417
%ALLUSERSPROFILE%\ipgaszip20230815173002\file069.tmp.bak0011945d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file068.tmp.bak0011945d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file067.tmp.bak001194a4
%ALLUSERSPROFILE%\ipgaszip20230815173002\file067.tmp.bak00119554
%ALLUSERSPROFILE%\ipgaszip20230815173002\file066.tmp.bak0011959b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file066.tmp.bak001195e1
%ALLUSERSPROFILE%\ipgaszip20230815173002\file065.tmp.bak0011964b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file071.tmp.bak00119342
%ALLUSERSPROFILE%\ipgaszip20230815173002\file056.tmp.bak00117ce8
%ALLUSERSPROFILE%\ipgaszip20230815173002\file056.tmp.bak00117c13
%ALLUSERSPROFILE%\ipgaszip20230815173002\file062.tmp.bak00117457
%ALLUSERSPROFILE%\ipgaszip20230815173002\file061.tmp.bak00117507
%ALLUSERSPROFILE%\ipgaszip20230815173002\file061.tmp.bak00117550
%ALLUSERSPROFILE%\ipgaszip20230815173002\file060.tmp.bak00117596
%ALLUSERSPROFILE%\ipgaszip20230815173002\file060.tmp.bak001176f7
%ALLUSERSPROFILE%\ipgaszip20230815173002\file059.tmp.bak001177ee
%ALLUSERSPROFILE%\ipgaszip20230815173002\file059.tmp.bak0011790a
%ALLUSERSPROFILE%\ipgaszip20230815173002\file058.tmp.bak00117a01
%ALLUSERSPROFILE%\ipgaszip20230815173002\file058.tmp.bak00117b1c
%ALLUSERSPROFILE%\ipgaszip20230815173002\file057.tmp.bak00117b3e
%ALLUSERSPROFILE%\ipgaszip20230815173002\file057.tmp.bak00117b86
%ALLUSERSPROFILE%\ipgaszip20230815173002\file062.tmp.bak00117319
%ALLUSERSPROFILE%\ipgaszip20230815173002\file117.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file112.tmp.bak00118f93
%ALLUSERSPROFILE%\ipgaszip20230815173002\file166.tmp.bak0011a46a
%ALLUSERSPROFILE%\ipgaszip20230815173002\file136.tmp.bak0011a5cc
%ALLUSERSPROFILE%\ipgaszip20230815173002\file166.tmp.bak0011a48c
%ALLUSERSPROFILE%\ipgaszip20230815173002\file165.tmp.bak0011a48c
%ALLUSERSPROFILE%\ipgaszip20230815173002\file165.tmp.bak0011a4b1
%ALLUSERSPROFILE%\ipgaszip20230815173002\file164.tmp.bak0011a4d3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file163.tmp.bak0011a4d3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file162.tmp.bak0011a51b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file161.tmp.bak0011a51b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file160.tmp.bak0011a53d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file159.tmp.bak0011a561
%ALLUSERSPROFILE%\ipgaszip20230815173002\file159.tmp.bak0011a583
%ALLUSERSPROFILE%\ipgaszip20230815173002\file136.tmp.bak0011a5a8
%ALLUSERSPROFILE%\ipgaszip20230815173002\file168.tmp.bak0011a422
%ALLUSERSPROFILE%\ipgaszip20230815173002\file167.tmp.bak0011a446
%ALLUSERSPROFILE%\ipgaszip20230815173002\file150.tmp.bak0011820b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file156.tmp.bak0011a658
%ALLUSERSPROFILE%\ipgaszip20230815173002\file155.tmp.bak0011a69f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file155.tmp.bak0011a709
%ALLUSERSPROFILE%\ipgaszip20230815173002\file154.tmp.bak0011a72d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file153.tmp.bak0011a74f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file153.tmp.bak0011a774
%ALLUSERSPROFILE%\ipgaszip20230815173002\file152.tmp.bak00118086
%ALLUSERSPROFILE%\ipgaszip20230815173002\file152.tmp.bak001180aa
%ALLUSERSPROFILE%\ipgaszip20230815173002\file151.tmp.bak001180ce
%ALLUSERSPROFILE%\ipgaszip20230815173002\file151.tmp.bak001181e7
%ALLUSERSPROFILE%\ipgaszip20230815173002\file150.tmp.bak001181e7
%ALLUSERSPROFILE%\ipgaszip20230815173002\file157.tmp.bak0011a634
%ALLUSERSPROFILE%\ipgaszip20230815173002\file158.tmp.bak0011a612
%ALLUSERSPROFILE%\ipgaszip20230815173002\file170.tmp.bak0011a422
%ALLUSERSPROFILE%\ipgaszip20230815173002\file149.tmp.bak0011822f
%WINDIR%\syswow64\ifocmsdll.dll_2tmp
%WINDIR%\baktsdoc64.sys_2tmp
%WINDIR%\bakthv364.sys_2tmp
%WINDIR%\baktsdoc2.sys_2tmp
%WINDIR%\bakthv3.sys_2tmp
<SYSTEM32>\winrdlv3.exe
%CommonProgramFiles(x86)%\system\winwdgsvr.exe
%CommonProgramFiles(x86)%\system\winrdgv3.exe
%WINDIR%\temp\uddea5e.tmp
<DRIVERS>\sete5ad.tmp
%WINDIR%\temp\olde58d.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file169.tmp.bak0011a422
%WINDIR%\syswow64\bakenumiacc2.sys_2tmp
C:\tnullfitler\tnullfilter.inf
%ALLUSERSPROFILE%\ipgaszip20230815173002\file176.tmp.bak0011a1ee
%ALLUSERSPROFILE%\ipgaszip20230815173002\file176.tmp.bak0011a258
%ALLUSERSPROFILE%\ipgaszip20230815173002\file175.tmp.bak0011a258
%ALLUSERSPROFILE%\ipgaszip20230815173002\file175.tmp.bak0011a29f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file174.tmp.bak0011a2c1
%ALLUSERSPROFILE%\ipgaszip20230815173002\file174.tmp.bak0011a395
%ALLUSERSPROFILE%\ipgaszip20230815173002\file173.tmp.bak0011a395
%ALLUSERSPROFILE%\ipgaszip20230815173002\file173.tmp.bak0011a3ba
%ALLUSERSPROFILE%\ipgaszip20230815173002\file171.tmp.bak0011a3dc
%ALLUSERSPROFILE%\ipgaszip20230815173002\file172.tmp.bak0011a3dc
%ALLUSERSPROFILE%\ipgaszip20230815173002\file171.tmp.bak0011a400
C:\tnullfitler\tnullfilter.sys
%ALLUSERSPROFILE%\ipgaszip20230815173002\file129.tmp.bak0011a1ca
%ALLUSERSPROFILE%\ipgaszip20230815173002\file148.tmp.bak0011822f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file147.tmp.bak00118251
%ALLUSERSPROFILE%\ipgaszip20230815173002\file128.tmp.bak0011897f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file127.tmp.bak001189a3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file127.tmp.bak001189e9
%ALLUSERSPROFILE%\ipgaszip20230815173002\file126.tmp.bak00118a0e
%ALLUSERSPROFILE%\ipgaszip20230815173002\file125.tmp.bak00118a54
%ALLUSERSPROFILE%\ipgaszip20230815173002\file124.tmp.bak00118a78
%ALLUSERSPROFILE%\ipgaszip20230815173002\file123.tmp.bak00118a9a
%ALLUSERSPROFILE%\ipgaszip20230815173002\file122.tmp.bak00118ae0
%ALLUSERSPROFILE%\ipgaszip20230815173002\file121.tmp.bak00118ae0
%ALLUSERSPROFILE%\ipgaszip20230815173002\file120.tmp.bak00118b04
%ALLUSERSPROFILE%\ipgaszip20230815173002\file120.tmp.bak00118b4b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file129.tmp.bak00118939
%ALLUSERSPROFILE%\ipgaszip20230815173002\file119.tmp.bak00118b4b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file118.tmp.bak00118c20
%ALLUSERSPROFILE%\ipgaszip20230815173002\file118.tmp.bak00118cac
%ALLUSERSPROFILE%\ipgaszip20230815173002\file117.tmp.bak00118cd0
%ALLUSERSPROFILE%\ipgaszip20230815173002\file117.tmp.bak00118cf2
%ALLUSERSPROFILE%\ipgaszip20230815173002\file116.tmp.bak00118d17
%ALLUSERSPROFILE%\ipgaszip20230815173002\file116.tmp.bak00118d81
%ALLUSERSPROFILE%\ipgaszip20230815173002\file115.tmp.bak00118da3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file115.tmp.bak00118e32
%ALLUSERSPROFILE%\ipgaszip20230815173002\file114.tmp.bak00118e54
%ALLUSERSPROFILE%\ipgaszip20230815173002\file114.tmp.bak00118e78
%ALLUSERSPROFILE%\ipgaszip20230815173002\file113.tmp.bak00118ee3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file113.tmp.bak00118f29
%ALLUSERSPROFILE%\ipgaszip20230815173002\file119.tmp.bak00118b91
%ALLUSERSPROFILE%\ipgaszip20230815173002\file130.tmp.bak001188f2
%ALLUSERSPROFILE%\ipgaszip20230815173002\file130.tmp.bak001188ce
%ALLUSERSPROFILE%\ipgaszip20230815173002\file128.tmp.bak001189a3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file131.tmp.bak001188ac
%ALLUSERSPROFILE%\ipgaszip20230815173002\file146.tmp.bak00118276
%ALLUSERSPROFILE%\ipgaszip20230815173002\file138.tmp.bak0011857f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file145.tmp.bak00118298
%ALLUSERSPROFILE%\ipgaszip20230815173002\file145.tmp.bak00118302
%ALLUSERSPROFILE%\ipgaszip20230815173002\file144.tmp.bak0011836d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file144.tmp.bak001183b3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file143.tmp.bak0011841d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file142.tmp.bak00118442
%ALLUSERSPROFILE%\ipgaszip20230815173002\file142.tmp.bak00118464
%ALLUSERSPROFILE%\ipgaszip20230815173002\file141.tmp.bak001184aa
%ALLUSERSPROFILE%\ipgaszip20230815173002\file141.tmp.bak001184ce
%ALLUSERSPROFILE%\ipgaszip20230815173002\file140.tmp.bak00118514
%ALLUSERSPROFILE%\ipgaszip20230815173002\file139.tmp.bak00118539
%ALLUSERSPROFILE%\ipgaszip20230815173002\file139.tmp.bak0011855b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file137.tmp.bak001185a3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file146.tmp.bak00118251
%ALLUSERSPROFILE%\ipgaszip20230815173002\file137.tmp.bak001185c5
%ALLUSERSPROFILE%\ipgaszip20230815173002\file136.tmp.bak001185c5
%ALLUSERSPROFILE%\ipgaszip20230815173002\file136.tmp.bak0011860b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file135.tmp.bak0011860b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file135.tmp.bak0011862f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file134.tmp.bak00118654
%ALLUSERSPROFILE%\ipgaszip20230815173002\file133.tmp.bak0011869a
%ALLUSERSPROFILE%\ipgaszip20230815173002\file133.tmp.bak001186e0
%ALLUSERSPROFILE%\ipgaszip20230815173002\file132.tmp.bak00118726
%ALLUSERSPROFILE%\ipgaszip20230815173002\file132.tmp.bak001187d7
%ALLUSERSPROFILE%\ipgaszip20230815173002\file131.tmp.bak00118842
%ALLUSERSPROFILE%\ipgaszip20230815173002\file038.tmp.bak00118198
%ALLUSERSPROFILE%\ipgaszip20230815173002\file047.tmp.bak0011805b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file038.tmp.bak001181bd
%ALLUSERSPROFILE%\ipgaszip20230815173002\file037.tmp.bak001181df
%ALLUSERSPROFILE%\ipgaszip20230815173002\file036.tmp.bak00118203
%ALLUSERSPROFILE%\ipgaszip20230815173002\file072.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file083.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file082.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file081.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file080.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file079.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file078.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file077.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file076.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file075.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file074.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file073.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file056.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file085.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file058.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file069.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file068.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file067.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file066.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file065.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file064.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file063.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file062.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file061.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file060.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file059.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file070.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file071.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file086.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file101.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file102.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file113.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file112.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file111.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file110.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file109.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file108.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file107.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file106.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file105.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file104.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file103.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file114.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file087.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file088.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file099.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file098.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file097.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file096.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file095.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file094.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file093.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file092.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file091.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file090.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file089.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file100.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file057.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file055.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file115.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file022.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file021.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file020.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file019.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file018.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file017.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file016.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file015.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file014.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file013.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file012.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file024.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file011.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file009.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file008.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file007.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file006.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file005.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file004.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file003.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file002.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file001.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file000.tmp
%TEMP%\ipgaskernel20230815172959\akernel3.exe
%TEMP%\ipgaskernel20230815172959\setupdata.dat
%ALLUSERSPROFILE%\ipgaszip20230815173002\file010.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file025.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file023.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file026.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file054.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file041.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file053.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file052.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file051.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file050.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file049.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file048.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file047.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file046.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file045.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file044.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file043.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file042.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file040.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file027.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file039.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file038.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file037.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file036.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file035.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file034.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file033.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file032.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file031.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file030.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file029.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file028.tmp
<SYSTEM32>\winbrosqlite3_64.dll_2tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file112.tmp.bak00118f6f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file116.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file131.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file001.tmp.bak0011694e
%ALLUSERSPROFILE%\ipgaszip20230815173002\file017.tmp.bak001187cf
%ALLUSERSPROFILE%\ipgaszip20230815173002\file017.tmp.bak00118839
%ALLUSERSPROFILE%\ipgaszip20230815173002\file016.tmp.bak00118880
%ALLUSERSPROFILE%\ipgaszip20230815173002\file016.tmp.bak0011890c
%ALLUSERSPROFILE%\ipgaszip20230815173002\file015.tmp.bak00118930
%ALLUSERSPROFILE%\ipgaszip20230815173002\file015.tmp.bak00118955
%ALLUSERSPROFILE%\ipgaszip20230815173002\file014.tmp.bak0011899b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file013.tmp.bak001189bd
%ALLUSERSPROFILE%\ipgaszip20230815173002\file012.tmp.bak001189e1
%ALLUSERSPROFILE%\ipgaszip20230815173002\file012.tmp.bak00118a05
%ALLUSERSPROFILE%\ipgaszip20230815173002\file011.tmp.bak00118a05
%ALLUSERSPROFILE%\ipgaszip20230815173002\file018.tmp.bak00118789
%ALLUSERSPROFILE%\ipgaszip20230815173002\file010.tmp.bak00118a27
%ALLUSERSPROFILE%\ipgaszip20230815173002\file009.tmp.bak00118ad8
%ALLUSERSPROFILE%\ipgaszip20230815173002\file008.tmp.bak00118afc
%ALLUSERSPROFILE%\ipgaszip20230815173002\file008.tmp.bak00118b42
%ALLUSERSPROFILE%\ipgaszip20230815173002\file007.tmp.bak00118b67
%ALLUSERSPROFILE%\ipgaszip20230815173002\file007.tmp.bak00118bad
%ALLUSERSPROFILE%\ipgaszip20230815173002\file006.tmp.bak00118c39
%ALLUSERSPROFILE%\ipgaszip20230815173002\file006.tmp.bak00116620
%ALLUSERSPROFILE%\ipgaszip20230815173002\file005.tmp.bak001166d1
%ALLUSERSPROFILE%\ipgaszip20230815173002\file005.tmp.bak001167ec
%ALLUSERSPROFILE%\ipgaszip20230815173002\file004.tmp.bak00116811
%ALLUSERSPROFILE%\ipgaszip20230815173002\file003.tmp.bak00116857
%ALLUSERSPROFILE%\ipgaszip20230815173002\file002.tmp.bak0011689d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file009.tmp.bak00118a92
%ALLUSERSPROFILE%\ipgaszip20230815173002\file002.tmp.bak001168e3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file019.tmp.bak00118742
%ALLUSERSPROFILE%\ipgaszip20230815173002\file020.tmp.bak00118742
%ALLUSERSPROFILE%\ipgaszip20230815173002\file084.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file036.tmp.bak00118225
%ALLUSERSPROFILE%\ipgaszip20230815173002\file035.tmp.bak00118225
%ALLUSERSPROFILE%\ipgaszip20230815173002\file035.tmp.bak00118249
%ALLUSERSPROFILE%\ipgaszip20230815173002\file030.tmp.bak00118249
%ALLUSERSPROFILE%\ipgaszip20230815173002\file034.tmp.bak0011828f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file033.tmp.bak0011828f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file032.tmp.bak001182b4
%ALLUSERSPROFILE%\ipgaszip20230815173002\file031.tmp.bak001182d6
%ALLUSERSPROFILE%\ipgaszip20230815173002\file030.tmp.bak001182d6
%ALLUSERSPROFILE%\ipgaszip20230815173002\file029.tmp.bak0011831e
%ALLUSERSPROFILE%\ipgaszip20230815173002\file028.tmp.bak00118340
%ALLUSERSPROFILE%\ipgaszip20230815173002\file026.tmp.bak001183f1
%ALLUSERSPROFILE%\ipgaszip20230815173002\file027.tmp.bak00118340
%ALLUSERSPROFILE%\ipgaszip20230815173002\file026.tmp.bak00118386
%ALLUSERSPROFILE%\ipgaszip20230815173002\file025.tmp.bak0011845b
%ALLUSERSPROFILE%\ipgaszip20230815173002\file025.tmp.bak001184a2
%ALLUSERSPROFILE%\ipgaszip20230815173002\file024.tmp.bak0011850c
%ALLUSERSPROFILE%\ipgaszip20230815173002\file024.tmp.bak00118552
%ALLUSERSPROFILE%\ipgaszip20230815173002\file023.tmp.bak001185bd
%ALLUSERSPROFILE%\ipgaszip20230815173002\file023.tmp.bak00118627
%ALLUSERSPROFILE%\ipgaszip20230815173002\file022.tmp.bak0011866d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file022.tmp.bak001186b4
%ALLUSERSPROFILE%\ipgaszip20230815173002\file021.tmp.bak001186b4
%ALLUSERSPROFILE%\ipgaszip20230815173002\file021.tmp.bak001186fa
%ALLUSERSPROFILE%\ipgaszip20230815173002\file020.tmp.bak0011871e
%ALLUSERSPROFILE%\ipgaszip20230815173002\file019.tmp.bak00118764
%ALLUSERSPROFILE%\ipgaszip20230815173002\file001.tmp.bak00116907
%ALLUSERSPROFILE%\ipgaszip20230815173002\file000.tmp.bak00116972
%ALLUSERSPROFILE%\ipgaszip20230815173002\file000.tmp.bak00116994
%ALLUSERSPROFILE%\ipgaszip20230815173002\file132.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file143.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file142.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file141.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file140.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file139.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file138.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file137.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file136.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file135.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file134.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file133.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file144.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file145.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file146.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file129.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file128.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file127.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file126.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file125.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file124.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file123.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file122.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file121.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file120.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file119.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file130.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file147.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file175.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file149.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file176.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file162.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file174.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file173.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file172.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file171.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file170.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file169.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file168.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file167.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file166.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file165.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file164.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file163.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file161.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file148.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file160.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file159.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file158.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file157.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file156.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file155.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file154.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file153.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file152.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file151.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file150.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file118.tmp
<SYSTEM32>\funcextv64.dll_2tmp

Deletes the following files

%WINDIR%\temp\olde58d.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file115.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file116.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file117.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file118.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file119.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file120.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file121.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file122.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file134.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file123.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file125.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file126.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file127.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file128.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file129.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file130.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file131.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file132.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file113.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file114.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file124.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file133.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file110.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file093.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file094.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file095.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file096.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file097.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file098.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file099.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file100.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file101.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file102.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file103.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file104.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file105.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file106.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file107.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file108.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file109.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file111.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file091.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file112.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file054.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file135.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file161.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file163.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file164.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file165.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file166.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file167.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file168.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file169.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file170.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file136.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file171.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file173.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file174.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file175.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file176.tmp
%TEMP%\ipgaskernel20230815172959\akernel3.exe
%TEMP%\ipgaskernel20230815172959\setupdata.dat
%WINDIR%\bakthv3t.sys
%ALLUSERSPROFILE%\ipgaszip20230815173002\file160.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file159.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file162.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file158.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file157.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file137.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file139.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file140.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file141.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file142.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file143.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file144.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file145.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file090.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file146.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file092.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file148.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file150.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file151.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file152.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file153.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file154.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file155.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file156.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file147.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file138.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file149.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file089.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file088.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file087.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file023.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file024.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file025.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file026.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file027.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file028.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file029.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file030.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file031.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file032.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file033.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file034.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file035.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file036.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file037.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file038.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file039.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file020.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file018.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file022.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file019.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file017.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file007.tmp
C:\tnullfitler\tnullfilter.inf
C:\tnullfitler\tnullfilter.sys
%ALLUSERSPROFILE%\ipgaszip20230815173002\file000.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file001.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file002.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file003.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file004.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file005.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file040.tmp
%WINDIR%\baktsdoc2t.sys
%ALLUSERSPROFILE%\ipgaszip20230815173002\file006.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file009.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file010.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file011.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file012.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file013.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file014.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file015.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file016.tmp
%WINDIR%\temp\uddea5e.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file008.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file172.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file041.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file045.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file070.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file071.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file072.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file073.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file074.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file075.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file076.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file021.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file077.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file079.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file080.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file081.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file082.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file083.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file084.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file085.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file086.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file067.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file078.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file069.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file068.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file066.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file065.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file046.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file047.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file048.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file049.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file050.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file051.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file052.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file042.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file053.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file043.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file055.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file057.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file058.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file059.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file060.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file061.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file062.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file063.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file044.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file064.tmp
%ALLUSERSPROFILE%\ipgaszip20230815173002\file056.tmp
%WINDIR%\baktsdoc64t.sys

Moves the following files

from %ALLUSERSPROFILE%\ipgaszip20230815173002\file000.tmp.bak00116994 to %CommonProgramFiles(x86)%\system\file000.tmp.bak00116994
from <SYSTEM32>\file118.tmp.bak00118cac to <SYSTEM32>\outlookctrlx64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file118.tmp.bak00118c20 to %WINDIR%\file118.tmp.bak00118c20
from %WINDIR%\file118.tmp.bak00118c20 to %WINDIR%\bakolctrlx64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file119.tmp.bak00118b91 to <SYSTEM32>\file119.tmp.bak00118b91
from <SYSTEM32>\file119.tmp.bak00118b91 to <SYSTEM32>\sdiskcontext64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file119.tmp.bak00118b4b to %WINDIR%\file119.tmp.bak00118b4b
from <DRIVERS>\file117.tmp.bak00118cf2 to <DRIVERS>\tsddrv64.sys
from %WINDIR%\file119.tmp.bak00118b4b to %WINDIR%\baksdiskctx64.sys
from <SYSTEM32>\file120.tmp.bak00118b4b to <SYSTEM32>\tfloattip64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file120.tmp.bak00118b04 to %WINDIR%\file120.tmp.bak00118b04
from %WINDIR%\file120.tmp.bak00118b04 to %WINDIR%\baktftip64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file121.tmp.bak00118ae0 to %WINDIR%\file121.tmp.bak00118ae0
from %WINDIR%\file121.tmp.bak00118ae0 to %WINDIR%\bakoacnac.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file122.tmp.bak00118ae0 to %WINDIR%\file122.tmp.bak00118ae0
from %WINDIR%\file117.tmp.bak00118cd0 to %WINDIR%\baksddrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file118.tmp.bak00118cac to <SYSTEM32>\file118.tmp.bak00118cac
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file117.tmp.bak00118cd0 to %WINDIR%\file117.tmp.bak00118cd0
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file117.tmp.bak00118cf2 to <DRIVERS>\file117.tmp.bak00118cf2
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file123.tmp.bak00118a9a to %WINDIR%\file123.tmp.bak00118a9a
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file113.tmp.bak00118ee3 to %WINDIR%\file113.tmp.bak00118ee3
from %WINDIR%\file113.tmp.bak00118ee3 to %WINDIR%\baksdfa64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file114.tmp.bak00118e78 to <SYSTEM32>\file114.tmp.bak00118e78
from <SYSTEM32>\file114.tmp.bak00118e78 to <SYSTEM32>\tmailhook64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file114.tmp.bak00118e54 to %WINDIR%\file114.tmp.bak00118e54
from %WINDIR%\file122.tmp.bak00118ae0 to %WINDIR%\baknacagent.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file113.tmp.bak00118f29 to <SYSTEM32>\file113.tmp.bak00118f29
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file120.tmp.bak00118b4b to <SYSTEM32>\file120.tmp.bak00118b4b
from %WINDIR%\file114.tmp.bak00118e54 to %WINDIR%\baktmhk64.sys
from %WINDIR%\file115.tmp.bak00118da3 to %WINDIR%\baksdvwr64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file116.tmp.bak00118d81 to <SYSTEM32>\file116.tmp.bak00118d81
from <SYSTEM32>\file116.tmp.bak00118d81 to <SYSTEM32>\pathcvrt64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file116.tmp.bak00118d17 to %WINDIR%\file116.tmp.bak00118d17
from %WINDIR%\file116.tmp.bak00118d17 to %WINDIR%\bakpathcvrt64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file115.tmp.bak00118e32 to <SYSTEM32>\file115.tmp.bak00118e32
from <SYSTEM32>\file115.tmp.bak00118e32 to <SYSTEM32>\sdviewer64.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file115.tmp.bak00118da3 to %WINDIR%\file115.tmp.bak00118da3
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file135.tmp.bak0011860b to %WINDIR%\file135.tmp.bak0011860b
from %WINDIR%\file123.tmp.bak00118a9a to %WINDIR%\bakoacsgw.sys
from <SYSTEM32>\file131.tmp.bak001188ac to <SYSTEM32>\winbrohca64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file131.tmp.bak00118842 to %WINDIR%\file131.tmp.bak00118842
from %WINDIR%\file131.tmp.bak00118842 to %WINDIR%\bakbrohca64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file132.tmp.bak001187d7 to %WINDIR%\syswow64\file132.tmp.bak001187d7
from %WINDIR%\syswow64\file132.tmp.bak001187d7 to %WINDIR%\syswow64\winbrosqlite3.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file132.tmp.bak00118726 to %WINDIR%\file132.tmp.bak00118726
from %WINDIR%\file132.tmp.bak00118726 to %WINDIR%\bakbrosqlite3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file131.tmp.bak001188ac to <SYSTEM32>\file131.tmp.bak001188ac
from %WINDIR%\file112.tmp.bak00118f6f to %WINDIR%\baksda64.sys
from %WINDIR%\file130.tmp.bak001188ce to %WINDIR%\bakbrohca.sys
from %WINDIR%\file133.tmp.bak0011869a to %WINDIR%\bakbrosqlite3_64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file134.tmp.bak00118654 to %WINDIR%\syswow64\file134.tmp.bak00118654
from %WINDIR%\syswow64\file134.tmp.bak00118654 to %WINDIR%\syswow64\cpuidsdk.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file134.tmp.bak00118654 to %WINDIR%\file134.tmp.bak00118654
from %WINDIR%\file134.tmp.bak00118654 to %WINDIR%\bakcpuid.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file135.tmp.bak0011862f to %WINDIR%\syswow64\file135.tmp.bak0011862f
from <SYSTEM32>\file133.tmp.bak001186e0 to <SYSTEM32>\winbrosqlite3_64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file133.tmp.bak001186e0 to <SYSTEM32>\file133.tmp.bak001186e0
from <SYSTEM32>\file113.tmp.bak00118f29 to <SYSTEM32>\sdfattr64.dll
from %WINDIR%\syswow64\file130.tmp.bak001188f2 to %WINDIR%\syswow64\winbrohca.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file128.tmp.bak001189a3 to %WINDIR%\syswow64\file128.tmp.bak001189a3
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file125.tmp.bak00118a54 to %WINDIR%\file125.tmp.bak00118a54
from %WINDIR%\file125.tmp.bak00118a54 to %WINDIR%\bakoatool.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file126.tmp.bak00118a0e to %WINDIR%\file126.tmp.bak00118a0e
from %WINDIR%\file126.tmp.bak00118a0e to %WINDIR%\bakoatool64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file127.tmp.bak001189e9 to %WINDIR%\syswow64\file127.tmp.bak001189e9
from %WINDIR%\syswow64\file127.tmp.bak001189e9 to %WINDIR%\syswow64\winoatmm.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file130.tmp.bak001188ce to %WINDIR%\file130.tmp.bak001188ce
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file124.tmp.bak00118a78 to %WINDIR%\file124.tmp.bak00118a78
from %WINDIR%\file124.tmp.bak00118a78 to %WINDIR%\baksgwagent.sys
from %WINDIR%\syswow64\file128.tmp.bak001189a3 to %WINDIR%\syswow64\winoatmm2.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file128.tmp.bak0011897f to %WINDIR%\file128.tmp.bak0011897f
from %WINDIR%\file128.tmp.bak0011897f to %WINDIR%\bakoatmm2.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file129.tmp.bak00118939 to %WINDIR%\file129.tmp.bak00118939
from %WINDIR%\file129.tmp.bak00118939 to %WINDIR%\linstsvr.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file130.tmp.bak001188f2 to %WINDIR%\syswow64\file130.tmp.bak001188f2
from %WINDIR%\file127.tmp.bak001189a3 to %WINDIR%\bakoatmm.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file127.tmp.bak001189a3 to %WINDIR%\file127.tmp.bak001189a3
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file133.tmp.bak0011869a to %WINDIR%\file133.tmp.bak0011869a
from %WINDIR%\syswow64\file135.tmp.bak0011862f to %WINDIR%\syswow64\wlfunc.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file112.tmp.bak00118f93 to <SYSTEM32>\file112.tmp.bak00118f93
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file098.tmp.bak001193da to %WINDIR%\file098.tmp.bak001193da
from %WINDIR%\file098.tmp.bak001193da to %WINDIR%\bakssb2p64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file099.tmp.bak00119393 to <SYSTEM32>\file099.tmp.bak00119393
from <SYSTEM32>\file099.tmp.bak00119393 to <SYSTEM32>\trmenushl64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file099.tmp.bak00119371 to %WINDIR%\file099.tmp.bak00119371
from %WINDIR%\file101.tmp.bak001192e3 to %WINDIR%\baktpktv64.sys
from %WINDIR%\file099.tmp.bak00119371 to %WINDIR%\bakmenusl64.sys
from <DRIVERS>\file100.tmp.bak00119329 to <DRIVERS>\tvdisk.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file100.tmp.bak00119329 to %WINDIR%\file100.tmp.bak00119329
from %WINDIR%\file100.tmp.bak00119329 to %WINDIR%\baktvd64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file101.tmp.bak00119307 to <DRIVERS>\file101.tmp.bak00119307
from <DRIVERS>\file101.tmp.bak00119307 to <DRIVERS>\tpacketv.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file097.tmp.bak00119422 to %WINDIR%\file097.tmp.bak00119422
from <SYSTEM32>\file097.tmp.bak00119444 to <SYSTEM32>\orcshk364.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file100.tmp.bak00119329 to <DRIVERS>\file100.tmp.bak00119329
from <SYSTEM32>\file098.tmp.bak001193fe to <SYSTEM32>\snapb2p64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file098.tmp.bak001193fe to <SYSTEM32>\file098.tmp.bak001193fe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file097.tmp.bak00119444 to <SYSTEM32>\file097.tmp.bak00119444
from %WINDIR%\file096.tmp.bak0011948a to %WINDIR%\bakthv364t.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file093.tmp.bak00119583 to %WINDIR%\file093.tmp.bak00119583
from %WINDIR%\file093.tmp.bak00119583 to %WINDIR%\bakdtfrm64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file094.tmp.bak0011955f to <SYSTEM32>\file094.tmp.bak0011955f
from <SYSTEM32>\file094.tmp.bak0011955f to <SYSTEM32>\ifocmsdll64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file101.tmp.bak001192e3 to %WINDIR%\file101.tmp.bak001192e3
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file094.tmp.bak00119519 to %WINDIR%\file094.tmp.bak00119519
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file095.tmp.bak001194d3 to <SYSTEM32>\file095.tmp.bak001194d3
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file102.tmp.bak001192e3 to <DRIVERS>\file102.tmp.bak001192e3
from <SYSTEM32>\file095.tmp.bak001194d3 to <SYSTEM32>\winencyx64.dll
from %WINDIR%\file095.tmp.bak001194d3 to %WINDIR%\bakencyx64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file096.tmp.bak0011948a to <SYSTEM32>\file096.tmp.bak0011948a
from <SYSTEM32>\file096.tmp.bak0011948a to <SYSTEM32>\thooksv364.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file096.tmp.bak0011948a to %WINDIR%\file096.tmp.bak0011948a
from %WINDIR%\file094.tmp.bak00119519 to %WINDIR%\bakifocms64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file093.tmp.bak001195ca to <SYSTEM32>\file093.tmp.bak001195ca
from %WINDIR%\file092.tmp.bak0011967a to %WINDIR%\bakoauv364.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file095.tmp.bak001194d3 to %WINDIR%\file095.tmp.bak001194d3
from <DRIVERS>\file102.tmp.bak001192e3 to <DRIVERS>\tpacket7.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file108.tmp.bak001191a5 to <SYSTEM32>\file108.tmp.bak001191a5
from %WINDIR%\file102.tmp.bak001192c1 to %WINDIR%\baktpkt764.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file108.tmp.bak001191a5 to %WINDIR%\file108.tmp.bak001191a5
from %WINDIR%\file108.tmp.bak001191a5 to %WINDIR%\bakwdgv364.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file109.tmp.bak0011915f to <SYSTEM32>\file109.tmp.bak0011915f
from <SYSTEM32>\file109.tmp.bak0011915f to <SYSTEM32>\sdcontext64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file109.tmp.bak00119117 to %WINDIR%\file109.tmp.bak00119117
from %WINDIR%\file107.tmp.bak001191ec to %WINDIR%\bakola64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file107.tmp.bak001191ec to %WINDIR%\file107.tmp.bak001191ec
from <SYSTEM32>\file108.tmp.bak001191a5 to <SYSTEM32>\winwdgv364.dll
from %WINDIR%\file109.tmp.bak00119117 to %WINDIR%\baksdctx64.sys
from %WINDIR%\file110.tmp.bak001190ae to %WINDIR%\baksdfi64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file111.tmp.bak00119066 to <SYSTEM32>\file111.tmp.bak00119066
from <SYSTEM32>\file111.tmp.bak00119066 to <SYSTEM32>\tsafedoc64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file111.tmp.bak00118ffe to %WINDIR%\file111.tmp.bak00118ffe
from %WINDIR%\file111.tmp.bak00118ffe to %WINDIR%\baktsdoc64t.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file110.tmp.bak001190d0 to <SYSTEM32>\file110.tmp.bak001190d0
from <SYSTEM32>\file110.tmp.bak001190d0 to <SYSTEM32>\sdfileicon64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file110.tmp.bak001190ae to %WINDIR%\file110.tmp.bak001190ae
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file112.tmp.bak00118f6f to %WINDIR%\file112.tmp.bak00118f6f
from <SYSTEM32>\file112.tmp.bak00118f93 to <SYSTEM32>\sdagent64.dll
from %WINDIR%\file097.tmp.bak00119422 to %WINDIR%\bakorch364.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file103.tmp.bak001192c1 to <DRIVERS>\file103.tmp.bak001192c1
from <DRIVERS>\file103.tmp.bak001192c1 to <DRIVERS>\ipnpf.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file103.tmp.bak0011929c to %WINDIR%\file103.tmp.bak0011929c
from %WINDIR%\file103.tmp.bak0011929c to %WINDIR%\toa32pd564.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file104.tmp.bak0011929c to %WINDIR%\file104.tmp.bak0011929c
from <SYSTEM32>\file107.tmp.bak00119232 to <SYSTEM32>\outlka23.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file102.tmp.bak001192c1 to %WINDIR%\file102.tmp.bak001192c1
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file107.tmp.bak00119232 to <SYSTEM32>\file107.tmp.bak00119232
from %WINDIR%\file104.tmp.bak0011929c to %WINDIR%\baktfsdrv64.sys
from %WINDIR%\file105.tmp.bak00119256 to %WINDIR%\bakusrmd64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file106.tmp.bak00119256 to <SYSTEM32>\file106.tmp.bak00119256
from <SYSTEM32>\file106.tmp.bak00119256 to <SYSTEM32>\winrdlv364.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file106.tmp.bak00119232 to %WINDIR%\file106.tmp.bak00119232
from %WINDIR%\file106.tmp.bak00119232 to %WINDIR%\bakrdlv364.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file105.tmp.bak0011929c to <SYSTEM32>\file105.tmp.bak0011929c
from <SYSTEM32>\file105.tmp.bak0011929c to <SYSTEM32>\winusrmd64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file105.tmp.bak00119256 to %WINDIR%\file105.tmp.bak00119256
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file057.tmp.bak00117b3e to %WINDIR%\file057.tmp.bak00117b3e
from %WINDIR%\file135.tmp.bak0011860b to %WINDIR%\bakwlfc.sys
from %WINDIR%\file161.tmp.bak0011a51b to %WINDIR%\baktsdedrvxp.sys
from %WINDIR%\file162.tmp.bak0011a51b to %WINDIR%\baktsdedrvxp64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file163.tmp.bak0011a4d3 to %WINDIR%\file163.tmp.bak0011a4d3
from %WINDIR%\file163.tmp.bak0011a4d3 to %WINDIR%\baktsdedrv2k3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file164.tmp.bak0011a4d3 to %WINDIR%\file164.tmp.bak0011a4d3
from %WINDIR%\file164.tmp.bak0011a4d3 to %WINDIR%\baktsdedrv2k364.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file165.tmp.bak0011a4b1 to %WINDIR%\file165.tmp.bak0011a4b1
from <SYSTEM32>\file160.tmp.bak0011a53d to <SYSTEM32>\softwareidentify64.dll
from %WINDIR%\file165.tmp.bak0011a4b1 to %WINDIR%\baktsdedrv7.sys
from %WINDIR%\syswow64\drivers\file165.tmp.bak0011a48c to %WINDIR%\syswow64\drivers\tsdencrypt.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file166.tmp.bak0011a48c to %WINDIR%\file166.tmp.bak0011a48c
from %WINDIR%\file166.tmp.bak0011a48c to %WINDIR%\baktsdedrv764.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file166.tmp.bak0011a46a to <DRIVERS>\file166.tmp.bak0011a46a
from <DRIVERS>\file166.tmp.bak0011a46a to <DRIVERS>\tsdencrypt.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file161.tmp.bak0011a51b to %WINDIR%\file161.tmp.bak0011a51b
from %WINDIR%\file160.tmp.bak0011a53d to %WINDIR%\baksoftidentify64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file162.tmp.bak0011a51b to %WINDIR%\file162.tmp.bak0011a51b
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file160.tmp.bak0011a53d to %WINDIR%\file160.tmp.bak0011a53d
from <DRIVERS>\file157.tmp.bak0011a634 to <DRIVERS>\thlpdrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file168.tmp.bak0011a422 to %WINDIR%\file168.tmp.bak0011a422
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file158.tmp.bak0011a612 to %WINDIR%\syswow64\file158.tmp.bak0011a612
from %WINDIR%\syswow64\file158.tmp.bak0011a612 to %WINDIR%\syswow64\thlpdrvd32.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file158.tmp.bak0011a612 to %WINDIR%\file158.tmp.bak0011a612
from %WINDIR%\file158.tmp.bak0011a612 to %WINDIR%\bakthlpdrvd32.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file167.tmp.bak0011a446 to %WINDIR%\file167.tmp.bak0011a446
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file136.tmp.bak0011a5cc to %WINDIR%\syswow64\file136.tmp.bak0011a5cc
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file157.tmp.bak0011a634 to %WINDIR%\file157.tmp.bak0011a634
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file165.tmp.bak0011a48c to %WINDIR%\syswow64\drivers\file165.tmp.bak0011a48c
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file136.tmp.bak0011a5a8 to %WINDIR%\file136.tmp.bak0011a5a8
from %WINDIR%\syswow64\file159.tmp.bak0011a583 to %WINDIR%\syswow64\softwareidentify.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file159.tmp.bak0011a561 to %WINDIR%\file159.tmp.bak0011a561
from %WINDIR%\file159.tmp.bak0011a561 to %WINDIR%\baksoftidentify.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file160.tmp.bak0011a53d to <SYSTEM32>\file160.tmp.bak0011a53d
from %WINDIR%\syswow64\file136.tmp.bak0011a5cc to %WINDIR%\syswow64\sdencryptionapi.dll
from %WINDIR%\file167.tmp.bak0011a446 to %WINDIR%\baktsdedrv8.sys
from %WINDIR%\file136.tmp.bak0011a5a8 to %WINDIR%\baksdeapi.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file159.tmp.bak0011a583 to %WINDIR%\syswow64\file159.tmp.bak0011a583
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file136.tmp.bak0011860b to %WINDIR%\syswow64\file136.tmp.bak0011860b
from %WINDIR%\file168.tmp.bak0011a422 to %WINDIR%\baktsdedrv864.sys
from %WINDIR%\syswow64\file175.tmp.bak0011a29f to %WINDIR%\syswow64\winncap332.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file175.tmp.bak0011a258 to %WINDIR%\file175.tmp.bak0011a258
from %WINDIR%\file175.tmp.bak0011a258 to %WINDIR%\bakncap332.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file176.tmp.bak0011a258 to <SYSTEM32>\file176.tmp.bak0011a258
from <SYSTEM32>\file176.tmp.bak0011a258 to <SYSTEM32>\winncap364.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file176.tmp.bak0011a1ee to %WINDIR%\file176.tmp.bak0011a1ee
from %WINDIR%\file174.tmp.bak0011a2c1 to %WINDIR%\bakdtsfrm64.sys
from %WINDIR%\file176.tmp.bak0011a1ee to %WINDIR%\bakncap364.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file174.tmp.bak0011a2c1 to %WINDIR%\file174.tmp.bak0011a2c1
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file174.tmp.bak0011a395 to <SYSTEM32>\file174.tmp.bak0011a395
from %WINDIR%\baktsdoc2.sys_2tmp to %WINDIR%\baktsdoc2.sys
from %WINDIR%\bakthv364.sys_2tmp to %WINDIR%\bakthv364.sys
from %WINDIR%\baktsdoc64.sys_2tmp to %WINDIR%\baktsdoc64.sys
from %WINDIR%\syswow64\ifocmsdll.dll_2tmp to %WINDIR%\syswow64\ifocmsdll.dll
from %WINDIR%\syswow64\bakenumiacc2.sys_2tmp to %WINDIR%\syswow64\bakenumiacc2.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file129.tmp.bak0011a1ca to %WINDIR%\file129.tmp.bak0011a1ca
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file157.tmp.bak0011a634 to <DRIVERS>\file157.tmp.bak0011a634
from %WINDIR%\file129.tmp.bak0011a1ca to %WINDIR%\linstsvr.exe
from %WINDIR%\file157.tmp.bak0011a634 to %WINDIR%\bakthlpdrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file169.tmp.bak0011a422 to %WINDIR%\file169.tmp.bak0011a422
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file172.tmp.bak0011a3dc to <DRIVERS>\file172.tmp.bak0011a3dc
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file170.tmp.bak0011a422 to %WINDIR%\file170.tmp.bak0011a422
from %WINDIR%\file170.tmp.bak0011a422 to %WINDIR%\baktsdedrv2k864.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file171.tmp.bak0011a400 to %WINDIR%\file171.tmp.bak0011a400
from %WINDIR%\file171.tmp.bak0011a400 to %WINDIR%\baktnf.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file172.tmp.bak0011a3dc to %WINDIR%\file172.tmp.bak0011a3dc
from <SYSTEM32>\file174.tmp.bak0011a395 to <SYSTEM32>\dtsframe64.dll
from %WINDIR%\file172.tmp.bak0011a3dc to %WINDIR%\baktnf64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file175.tmp.bak0011a29f to %WINDIR%\syswow64\file175.tmp.bak0011a29f
from %WINDIR%\file169.tmp.bak0011a422 to %WINDIR%\baktsdedrv2k8.sys
from <DRIVERS>\file172.tmp.bak0011a3dc to <DRIVERS>\tnullfilter.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file173.tmp.bak0011a3ba to %WINDIR%\syswow64\file173.tmp.bak0011a3ba
from %WINDIR%\syswow64\file173.tmp.bak0011a3ba to %WINDIR%\syswow64\dtsframe32.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file173.tmp.bak0011a395 to %WINDIR%\file173.tmp.bak0011a395
from %WINDIR%\file173.tmp.bak0011a395 to %WINDIR%\bakdtsfrm32.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file171.tmp.bak0011a3dc to %WINDIR%\syswow64\drivers\file171.tmp.bak0011a3dc
from %WINDIR%\file156.tmp.bak0011a658 to %WINDIR%\bakthlpdrv32.sys
from %WINDIR%\syswow64\drivers\file171.tmp.bak0011a3dc to %WINDIR%\syswow64\drivers\tnullfilter.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file156.tmp.bak0011a658 to %WINDIR%\file156.tmp.bak0011a658
from %WINDIR%\syswow64\drivers\file156.tmp.bak0011a658 to %WINDIR%\syswow64\drivers\thlpdrv32.sys
from <SYSTEM32>\file141.tmp.bak001184ce to <SYSTEM32>\sdguarder64.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file142.tmp.bak00118464 to %WINDIR%\syswow64\file142.tmp.bak00118464
from %WINDIR%\syswow64\file142.tmp.bak00118464 to %WINDIR%\syswow64\udiskiddll.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file142.tmp.bak00118442 to %WINDIR%\file142.tmp.bak00118442
from %WINDIR%\file142.tmp.bak00118442 to %WINDIR%\bakudidhlp.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file141.tmp.bak001184ce to <SYSTEM32>\file141.tmp.bak001184ce
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file143.tmp.bak0011841d to %WINDIR%\syswow64\file143.tmp.bak0011841d
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file092.tmp.bak0011967a to %WINDIR%\file092.tmp.bak0011967a
from %WINDIR%\file141.tmp.bak001184aa to %WINDIR%\baksdgr64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file143.tmp.bak0011841d to %WINDIR%\file143.tmp.bak0011841d
from %WINDIR%\syswow64\file144.tmp.bak001183b3 to %WINDIR%\syswow64\iteudllvmgr.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file144.tmp.bak0011836d to %WINDIR%\file144.tmp.bak0011836d
from %WINDIR%\file144.tmp.bak0011836d to %WINDIR%\bakiteumgr.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file145.tmp.bak00118302 to %WINDIR%\syswow64\file145.tmp.bak00118302
from %WINDIR%\syswow64\file143.tmp.bak0011841d to %WINDIR%\syswow64\performancetool.exe
from %WINDIR%\syswow64\file145.tmp.bak00118302 to %WINDIR%\syswow64\ipgudll.dll
from %WINDIR%\file143.tmp.bak0011841d to %WINDIR%\bakperformancetool.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file144.tmp.bak001183b3 to %WINDIR%\syswow64\file144.tmp.bak001183b3
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file145.tmp.bak00118298 to %WINDIR%\file145.tmp.bak00118298
from %WINDIR%\file140.tmp.bak00118514 to %WINDIR%\baksdgr.sys
from %WINDIR%\syswow64\file136.tmp.bak0011860b to %WINDIR%\syswow64\sdencryptionapi.dll
from %WINDIR%\file136.tmp.bak001185c5 to %WINDIR%\baksdeapi.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file137.tmp.bak001185c5 to <SYSTEM32>\file137.tmp.bak001185c5
from <SYSTEM32>\file137.tmp.bak001185c5 to <SYSTEM32>\sdencryptionapi64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file137.tmp.bak001185a3 to %WINDIR%\file137.tmp.bak001185a3
from %WINDIR%\file137.tmp.bak001185a3 to %WINDIR%\baksdeapi64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file140.tmp.bak00118514 to %WINDIR%\file140.tmp.bak00118514
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file138.tmp.bak0011857f to %WINDIR%\syswow64\file138.tmp.bak0011857f
from %WINDIR%\syswow64\file140.tmp.bak00118514 to %WINDIR%\syswow64\sdguarder.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file138.tmp.bak0011857f to %WINDIR%\file138.tmp.bak0011857f
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file139.tmp.bak0011855b to %WINDIR%\syswow64\file139.tmp.bak0011855b
from %WINDIR%\syswow64\file139.tmp.bak0011855b to %WINDIR%\syswow64\osdexviewer.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file139.tmp.bak00118539 to %WINDIR%\file139.tmp.bak00118539
from %WINDIR%\file139.tmp.bak00118539 to %WINDIR%\bakosdexv.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file140.tmp.bak00118514 to %WINDIR%\syswow64\file140.tmp.bak00118514
from %WINDIR%\syswow64\file138.tmp.bak0011857f to %WINDIR%\syswow64\osdexpacket.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file136.tmp.bak001185c5 to %WINDIR%\file136.tmp.bak001185c5
from %WINDIR%\file138.tmp.bak0011857f to %WINDIR%\bakosdexp.sys
from <SYSTEM32>\file093.tmp.bak001195ca to <SYSTEM32>\dtframe64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file146.tmp.bak00118276 to %WINDIR%\syswow64\file146.tmp.bak00118276
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file146.tmp.bak00118251 to %WINDIR%\file146.tmp.bak00118251
from %WINDIR%\file152.tmp.bak00118086 to %WINDIR%\baktijtdrvd64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file153.tmp.bak0011a774 to %WINDIR%\syswow64\file153.tmp.bak0011a774
from %WINDIR%\syswow64\file153.tmp.bak0011a774 to %WINDIR%\syswow64\wfirewallv.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file153.tmp.bak0011a74f to %WINDIR%\file153.tmp.bak0011a74f
from %WINDIR%\file153.tmp.bak0011a74f to %WINDIR%\bakwfirewallv.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file152.tmp.bak001180aa to <SYSTEM32>\file152.tmp.bak001180aa
from %WINDIR%\file151.tmp.bak001180ce to %WINDIR%\baktijtdrvd32.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file152.tmp.bak00118086 to %WINDIR%\file152.tmp.bak00118086
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file154.tmp.bak0011a72d to %WINDIR%\syswow64\file154.tmp.bak0011a72d
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file155.tmp.bak0011a709 to %WINDIR%\syswow64\file155.tmp.bak0011a709
from %WINDIR%\syswow64\file155.tmp.bak0011a709 to %WINDIR%\syswow64\oagenttray.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file155.tmp.bak0011a69f to %WINDIR%\file155.tmp.bak0011a69f
from %WINDIR%\file155.tmp.bak0011a69f to %WINDIR%\bakoagenttray.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file156.tmp.bak0011a658 to %WINDIR%\syswow64\drivers\file156.tmp.bak0011a658
from %WINDIR%\syswow64\file154.tmp.bak0011a72d to %WINDIR%\syswow64\enumprocessmodule.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file154.tmp.bak0011a72d to %WINDIR%\file154.tmp.bak0011a72d
from %WINDIR%\file154.tmp.bak0011a72d to %WINDIR%\bakenumprocessmodule.sys
from <SYSTEM32>\file152.tmp.bak001180aa to <SYSTEM32>\tijtdrvd64.dll
from %WINDIR%\file145.tmp.bak00118298 to %WINDIR%\bakipgudll.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file141.tmp.bak001184aa to %WINDIR%\file141.tmp.bak001184aa
from %WINDIR%\file146.tmp.bak00118251 to %WINDIR%\bakipgflashsdk.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file147.tmp.bak00118251 to %WINDIR%\file147.tmp.bak00118251
from %WINDIR%\file147.tmp.bak00118251 to %WINDIR%\baksas.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file148.tmp.bak0011822f to %WINDIR%\file148.tmp.bak0011822f
from %WINDIR%\file148.tmp.bak0011822f to %WINDIR%\baksas64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file151.tmp.bak001180ce to %WINDIR%\file151.tmp.bak001180ce
from %WINDIR%\syswow64\file146.tmp.bak00118276 to %WINDIR%\syswow64\ipgflashsdk.dll
from %WINDIR%\syswow64\file151.tmp.bak001181e7 to %WINDIR%\syswow64\tijtdrvd32.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file149.tmp.bak0011822f to %WINDIR%\syswow64\drivers\file149.tmp.bak0011822f
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file150.tmp.bak0011820b to <DRIVERS>\file150.tmp.bak0011820b
from <DRIVERS>\file150.tmp.bak0011820b to <DRIVERS>\tijtdrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file150.tmp.bak001181e7 to %WINDIR%\file150.tmp.bak001181e7
from %WINDIR%\file150.tmp.bak001181e7 to %WINDIR%\baktijtdrv64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file151.tmp.bak001181e7 to %WINDIR%\syswow64\file151.tmp.bak001181e7
from %WINDIR%\syswow64\drivers\file149.tmp.bak0011822f to %WINDIR%\syswow64\drivers\tijtdrv32.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file149.tmp.bak0011822f to %WINDIR%\file149.tmp.bak0011822f
from %WINDIR%\file149.tmp.bak0011822f to %WINDIR%\baktijtdrv32.sys
from <SYSTEM32>\file092.tmp.bak001196e5 to <SYSTEM32>\winoauv364.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file092.tmp.bak001196e5 to <SYSTEM32>\file092.tmp.bak001196e5
from %WINDIR%\file091.tmp.bak0011972b to %WINDIR%\bakrdlv3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file026.tmp.bak00118386 to %WINDIR%\file026.tmp.bak00118386
from %WINDIR%\file026.tmp.bak00118386 to %WINDIR%\bakncap3x.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file027.tmp.bak00118340 to %WINDIR%\file027.tmp.bak00118340
from %WINDIR%\file027.tmp.bak00118340 to %WINDIR%\toa32p9x.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file028.tmp.bak00118340 to %WINDIR%\file028.tmp.bak00118340
from %WINDIR%\file032.tmp.bak001182b4 to %WINDIR%\toa32pnt.sys
from %WINDIR%\file028.tmp.bak00118340 to %WINDIR%\toa32pcp.sys
from %WINDIR%\file029.tmp.bak0011831e to %WINDIR%\toa32pd4.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file030.tmp.bak001182d6 to %WINDIR%\file030.tmp.bak001182d6
from %WINDIR%\file030.tmp.bak001182d6 to %WINDIR%\toa32pd5.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file031.tmp.bak001182d6 to %WINDIR%\file031.tmp.bak001182d6
from %WINDIR%\file031.tmp.bak001182d6 to %WINDIR%\toa32pd9.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file025.tmp.bak0011845b to %WINDIR%\file025.tmp.bak0011845b
from %WINDIR%\syswow64\file025.tmp.bak001184a2 to %WINDIR%\syswow64\notesoa.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file029.tmp.bak0011831e to %WINDIR%\file029.tmp.bak0011831e
from %WINDIR%\syswow64\file026.tmp.bak001183f1 to %WINDIR%\syswow64\winncap3x.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file026.tmp.bak001183f1 to %WINDIR%\syswow64\file026.tmp.bak001183f1
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file025.tmp.bak001184a2 to %WINDIR%\syswow64\file025.tmp.bak001184a2
from %WINDIR%\file024.tmp.bak0011850c to %WINDIR%\bakola23.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file021.tmp.bak001186b4 to %WINDIR%\file021.tmp.bak001186b4
from %WINDIR%\file021.tmp.bak001186b4 to %WINDIR%\bakssb2p.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file022.tmp.bak001186b4 to %WINDIR%\syswow64\file022.tmp.bak001186b4
from %WINDIR%\syswow64\file022.tmp.bak001186b4 to %WINDIR%\syswow64\winncap3.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file032.tmp.bak001182b4 to %WINDIR%\file032.tmp.bak001182b4
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file022.tmp.bak0011866d to %WINDIR%\file022.tmp.bak0011866d
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file023.tmp.bak00118627 to %WINDIR%\syswow64\file023.tmp.bak00118627
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file033.tmp.bak0011828f to %WINDIR%\file033.tmp.bak0011828f
from %WINDIR%\syswow64\file023.tmp.bak00118627 to %WINDIR%\syswow64\outlka2k.dll
from %WINDIR%\file023.tmp.bak001185bd to %WINDIR%\bakola2k.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file024.tmp.bak00118552 to %WINDIR%\syswow64\file024.tmp.bak00118552
from %WINDIR%\syswow64\file024.tmp.bak00118552 to %WINDIR%\syswow64\outlka23.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file024.tmp.bak0011850c to %WINDIR%\file024.tmp.bak0011850c
from %WINDIR%\file022.tmp.bak0011866d to %WINDIR%\bakncap3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file021.tmp.bak001186fa to %WINDIR%\syswow64\file021.tmp.bak001186fa
from %WINDIR%\file020.tmp.bak0011871e to %WINDIR%\bakddraw.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file023.tmp.bak001185bd to %WINDIR%\file023.tmp.bak001185bd
from %WINDIR%\file033.tmp.bak0011828f to %WINDIR%\toa32wp5.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file039.tmp.bak00118198 to %WINDIR%\syswow64\drivers\file039.tmp.bak00118198
from %WINDIR%\file034.tmp.bak0011828f to %WINDIR%\toa32pcpx.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file039.tmp.bak00118174 to %WINDIR%\file039.tmp.bak00118174
from %WINDIR%\file039.tmp.bak00118174 to %WINDIR%\baktpkt7.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file040.tmp.bak00118152 to %WINDIR%\file040.tmp.bak00118152
from %WINDIR%\file040.tmp.bak00118152 to %WINDIR%\baktpkt7cat.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file041.tmp.bak00118152 to %WINDIR%\file041.tmp.bak00118152
from %WINDIR%\file038.tmp.bak00118198 to %WINDIR%\baktpktv.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file038.tmp.bak00118198 to %WINDIR%\file038.tmp.bak00118198
from %WINDIR%\syswow64\drivers\file039.tmp.bak00118198 to %WINDIR%\syswow64\drivers\tpacket7.sys
from %WINDIR%\file041.tmp.bak00118152 to %WINDIR%\baktpktvcat.sys
from %WINDIR%\syswow64\file043.tmp.bak0011812e to %WINDIR%\syswow64\tsafenet.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file043.tmp.bak0011810c to %WINDIR%\file043.tmp.bak0011810c
from %WINDIR%\file043.tmp.bak0011810c to %WINDIR%\baktsnet.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file044.tmp.bak001180e8 to %WINDIR%\syswow64\file044.tmp.bak001180e8
from %WINDIR%\syswow64\file044.tmp.bak001180e8 to %WINDIR%\syswow64\tsafenetx.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file042.tmp.bak0011812e to %WINDIR%\file042.tmp.bak0011812e
from %WINDIR%\file042.tmp.bak0011812e to %WINDIR%\baktpktvmcat.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file043.tmp.bak0011812e to %WINDIR%\syswow64\file043.tmp.bak0011812e
from %WINDIR%\syswow64\file021.tmp.bak001186fa to %WINDIR%\syswow64\snapb2p.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file020.tmp.bak0011871e to %WINDIR%\file020.tmp.bak0011871e
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file020.tmp.bak00118742 to %WINDIR%\syswow64\file020.tmp.bak00118742
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file030.tmp.bak00118249 to %WINDIR%\syswow64\drivers\file030.tmp.bak00118249
from %WINDIR%\syswow64\drivers\file030.tmp.bak00118249 to %WINDIR%\syswow64\drivers\ipnpf.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file035.tmp.bak00118249 to %WINDIR%\syswow64\file035.tmp.bak00118249
from %WINDIR%\syswow64\file035.tmp.bak00118249 to %WINDIR%\syswow64\tpacketd.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file035.tmp.bak00118225 to %WINDIR%\file035.tmp.bak00118225
from %WINDIR%\syswow64\drivers\file038.tmp.bak001181bd to %WINDIR%\syswow64\drivers\tpacketv.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file034.tmp.bak0011828f to %WINDIR%\file034.tmp.bak0011828f
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file038.tmp.bak001181bd to %WINDIR%\syswow64\drivers\file038.tmp.bak001181bd
from %WINDIR%\file035.tmp.bak00118225 to %WINDIR%\baktpktd.sys
from %WINDIR%\file036.tmp.bak00118203 to %WINDIR%\baktpktn.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file037.tmp.bak001181df to %WINDIR%\syswow64\file037.tmp.bak001181df
from %WINDIR%\syswow64\file037.tmp.bak001181df to %WINDIR%\syswow64\tpacket.vxd
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file037.tmp.bak001181df to %WINDIR%\file037.tmp.bak001181df
from %WINDIR%\file037.tmp.bak001181df to %WINDIR%\baktpkt9.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file036.tmp.bak00118225 to %WINDIR%\syswow64\drivers\file036.tmp.bak00118225
from %WINDIR%\syswow64\drivers\file036.tmp.bak00118225 to %WINDIR%\syswow64\drivers\tpacket.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file036.tmp.bak00118203 to %WINDIR%\file036.tmp.bak00118203
from %WINDIR%\syswow64\file020.tmp.bak00118742 to %WINDIR%\syswow64\ipddraw.dll
from %WINDIR%\file019.tmp.bak00118742 to %WINDIR%\bakssdos.sys
from %WINDIR%\syswow64\file012.tmp.bak00118a05 to %WINDIR%\syswow64\winhad9k.dll
from %WINDIR%\file005.tmp.bak001166d1 to %WINDIR%\bakoav3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file006.tmp.bak00116620 to %WINDIR%\syswow64\file006.tmp.bak00116620
from %WINDIR%\syswow64\file006.tmp.bak00116620 to %WINDIR%\syswow64\winoauv3.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file006.tmp.bak00118c39 to %WINDIR%\file006.tmp.bak00118c39
from %WINDIR%\file006.tmp.bak00118c39 to %WINDIR%\bakoauv3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file005.tmp.bak001167ec to %WINDIR%\syswow64\file005.tmp.bak001167ec
from %WINDIR%\syswow64\file002.tmp.bak001168e3 to %WINDIR%\syswow64\winwdgv3.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file005.tmp.bak001166d1 to %WINDIR%\file005.tmp.bak001166d1
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file007.tmp.bak00118bad to %WINDIR%\syswow64\file007.tmp.bak00118bad
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file008.tmp.bak00118b42 to %WINDIR%\syswow64\file008.tmp.bak00118b42
from %WINDIR%\syswow64\file008.tmp.bak00118b42 to %WINDIR%\syswow64\thooksv3.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file008.tmp.bak00118afc to %WINDIR%\file008.tmp.bak00118afc
from %WINDIR%\file008.tmp.bak00118afc to %WINDIR%\bakthv3t.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file009.tmp.bak00118ad8 to <SYSTEM32>\file009.tmp.bak00118ad8
from %WINDIR%\syswow64\file007.tmp.bak00118bad to %WINDIR%\syswow64\winoauve3.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file007.tmp.bak00118b67 to %WINDIR%\file007.tmp.bak00118b67
from %WINDIR%\file007.tmp.bak00118b67 to %WINDIR%\bakoauve3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file044.tmp.bak001180c3 to %WINDIR%\file044.tmp.bak001180c3
from <SYSTEM32>\file009.tmp.bak00118ad8 to <SYSTEM32>\winoauve364.dll
from %CommonProgramFiles(x86)%\system\file004.tmp.bak00116811 to %CommonProgramFiles(x86)%\system\winwdgsvr.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file000.tmp.bak00116972 to %WINDIR%\file000.tmp.bak00116972
from %WINDIR%\file000.tmp.bak00116972 to %WINDIR%\bakstec3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file001.tmp.bak0011694e to %CommonProgramFiles(x86)%\system\file001.tmp.bak0011694e
from %CommonProgramFiles(x86)%\system\file001.tmp.bak0011694e to %CommonProgramFiles(x86)%\system\winrdgv3.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file001.tmp.bak00116907 to %WINDIR%\file001.tmp.bak00116907
from %WINDIR%\file001.tmp.bak00116907 to %WINDIR%\bakrdgv3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file004.tmp.bak00116811 to %WINDIR%\file004.tmp.bak00116811
from %WINDIR%\file004.tmp.bak00116811 to %WINDIR%\bakwdgsvr.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file002.tmp.bak001168e3 to %WINDIR%\syswow64\file002.tmp.bak001168e3
from %WINDIR%\file002.tmp.bak0011689d to %WINDIR%\bakwdgv3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file003.tmp.bak00116857 to %WINDIR%\syswow64\file003.tmp.bak00116857
from %WINDIR%\syswow64\file003.tmp.bak00116857 to %WINDIR%\syswow64\msowcnv3.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file003.tmp.bak00116857 to %WINDIR%\file003.tmp.bak00116857
from %WINDIR%\file003.tmp.bak00116857 to %WINDIR%\bakowv3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file004.tmp.bak00116811 to %CommonProgramFiles(x86)%\system\file004.tmp.bak00116811
from %CommonProgramFiles(x86)%\system\file000.tmp.bak00116994 to %CommonProgramFiles(x86)%\system\systecv3.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file002.tmp.bak0011689d to %WINDIR%\file002.tmp.bak0011689d
from <SYSTEM32>\winbrosqlite3_64.dll_2tmp to <SYSTEM32>\winbrosqlite3_64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file009.tmp.bak00118a92 to %WINDIR%\file009.tmp.bak00118a92
from %WINDIR%\syswow64\file010.tmp.bak00118a27 to %WINDIR%\syswow64\winhaf9k.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file016.tmp.bak0011890c to %WINDIR%\syswow64\file016.tmp.bak0011890c
from %WINDIR%\syswow64\file016.tmp.bak0011890c to %WINDIR%\syswow64\winimhcd.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file016.tmp.bak00118880 to %WINDIR%\file016.tmp.bak00118880
from %WINDIR%\file016.tmp.bak00118880 to %WINDIR%\bakimhcd.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file017.tmp.bak00118839 to %WINDIR%\syswow64\file017.tmp.bak00118839
from %WINDIR%\syswow64\file017.tmp.bak00118839 to %WINDIR%\syswow64\winimhca.dll
from %WINDIR%\file009.tmp.bak00118a92 to %WINDIR%\bakoauve364.sys
from %WINDIR%\file015.tmp.bak00118930 to %WINDIR%\bakimhs3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file015.tmp.bak00118930 to %WINDIR%\file015.tmp.bak00118930
from %WINDIR%\syswow64\file018.tmp.bak00118789 to %WINDIR%\syswow64\enumiacc2.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file018.tmp.bak00118789 to %WINDIR%\file018.tmp.bak00118789
from %WINDIR%\file018.tmp.bak00118789 to %WINDIR%\bakenumiacc2.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file019.tmp.bak00118764 to %WINDIR%\syswow64\file019.tmp.bak00118764
from %WINDIR%\syswow64\file019.tmp.bak00118764 to %WINDIR%\syswow64\snapdos.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file019.tmp.bak00118742 to %WINDIR%\file019.tmp.bak00118742
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file017.tmp.bak001187cf to %WINDIR%\file017.tmp.bak001187cf
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file018.tmp.bak00118789 to %WINDIR%\syswow64\file018.tmp.bak00118789
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file010.tmp.bak00118a27 to %WINDIR%\syswow64\file010.tmp.bak00118a27
from %WINDIR%\file017.tmp.bak001187cf to %WINDIR%\bakimhca.sys
from %WINDIR%\syswow64\file005.tmp.bak001167ec to %WINDIR%\syswow64\winoav3.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file010.tmp.bak00118a27 to %WINDIR%\file010.tmp.bak00118a27
from %WINDIR%\file010.tmp.bak00118a27 to %WINDIR%\bakhaf9k.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file011.tmp.bak00118a05 to %WINDIR%\syswow64\file011.tmp.bak00118a05
from %WINDIR%\syswow64\file011.tmp.bak00118a05 to %WINDIR%\syswow64\winhaf9u.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file011.tmp.bak00118a05 to %WINDIR%\file011.tmp.bak00118a05
from %WINDIR%\file011.tmp.bak00118a05 to %WINDIR%\bakhaf9u.sys
from %WINDIR%\file014.tmp.bak0011899b to %WINDIR%\bakifocms.sys
from %WINDIR%\syswow64\file015.tmp.bak00118955 to %WINDIR%\syswow64\winimhs3.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file015.tmp.bak00118955 to %WINDIR%\syswow64\file015.tmp.bak00118955
from %WINDIR%\file012.tmp.bak001189e1 to %WINDIR%\bakhad9k.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file013.tmp.bak001189bd to %WINDIR%\syswow64\file013.tmp.bak001189bd
from %WINDIR%\syswow64\file013.tmp.bak001189bd to %WINDIR%\syswow64\winhad9u.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file013.tmp.bak001189bd to %WINDIR%\file013.tmp.bak001189bd
from %WINDIR%\file013.tmp.bak001189bd to %WINDIR%\bakhad9u.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file014.tmp.bak0011899b to %WINDIR%\file014.tmp.bak0011899b
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file012.tmp.bak00118a05 to %WINDIR%\syswow64\file012.tmp.bak00118a05
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file012.tmp.bak001189e1 to %WINDIR%\file012.tmp.bak001189e1
from %WINDIR%\bakthv3.sys_2tmp to %WINDIR%\bakthv3.sys
from %WINDIR%\file044.tmp.bak001180c3 to %WINDIR%\baktsnetx.sys
from %WINDIR%\file045.tmp.bak001180a2 to %WINDIR%\bakorcs3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file072.tmp.bak001192b6 to %WINDIR%\file072.tmp.bak001192b6
from %WINDIR%\file072.tmp.bak001192b6 to %WINDIR%\bakpathcvrt32.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file073.tmp.bak00119292 to %WINDIR%\syswow64\drivers\file073.tmp.bak00119292
from %WINDIR%\syswow64\drivers\file073.tmp.bak00119292 to %WINDIR%\syswow64\drivers\tsddrv32.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file073.tmp.bak00119292 to %WINDIR%\file073.tmp.bak00119292
from %WINDIR%\syswow64\file071.tmp.bak00119367 to %WINDIR%\syswow64\tsdmnt32.dll
from %WINDIR%\file073.tmp.bak00119292 to %WINDIR%\baksddrv32.sys
from %WINDIR%\syswow64\file074.tmp.bak0011926d to %WINDIR%\syswow64\outlookctrlx.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file074.tmp.bak00119227 to %WINDIR%\file074.tmp.bak00119227
from %WINDIR%\file074.tmp.bak00119227 to %WINDIR%\bakolctrlx.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file075.tmp.bak001191bd to %WINDIR%\syswow64\file075.tmp.bak001191bd
from %WINDIR%\syswow64\file075.tmp.bak001191bd to %WINDIR%\syswow64\sdiskcontext2.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file075.tmp.bak0011919b to %WINDIR%\file075.tmp.bak0011919b
from %WINDIR%\file071.tmp.bak00119342 to %WINDIR%\baksdmnt.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file074.tmp.bak0011926d to %WINDIR%\syswow64\file074.tmp.bak0011926d
from %WINDIR%\syswow64\file072.tmp.bak001192fc to %WINDIR%\syswow64\pathcvrt32.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file072.tmp.bak001192fc to %WINDIR%\syswow64\file072.tmp.bak001192fc
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file071.tmp.bak00119342 to %WINDIR%\file071.tmp.bak00119342
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file071.tmp.bak00119367 to %WINDIR%\syswow64\file071.tmp.bak00119367
from %WINDIR%\file067.tmp.bak001194a4 to %WINDIR%\baktmhk.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file068.tmp.bak0011945d to %WINDIR%\syswow64\file068.tmp.bak0011945d
from %WINDIR%\syswow64\file068.tmp.bak0011945d to %WINDIR%\syswow64\sdviewer.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file068.tmp.bak0011945d to %WINDIR%\file068.tmp.bak0011945d
from %WINDIR%\file075.tmp.bak0011919b to %WINDIR%\baksdiskctx2.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file067.tmp.bak00119554 to %WINDIR%\syswow64\file067.tmp.bak00119554
from %WINDIR%\file068.tmp.bak0011945d to %WINDIR%\baksdvwr.sys
from %WINDIR%\file025.tmp.bak0011845b to %WINDIR%\baknotes.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file069.tmp.bak00119417 to %WINDIR%\file069.tmp.bak00119417
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file070.tmp.bak00119417 to %WINDIR%\syswow64\file070.tmp.bak00119417
from %WINDIR%\syswow64\file070.tmp.bak00119417 to %WINDIR%\syswow64\tsdfmt32.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file070.tmp.bak001193cf to %WINDIR%\file070.tmp.bak001193cf
from %WINDIR%\file070.tmp.bak001193cf to %WINDIR%\baksdfmt.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file069.tmp.bak0011945d to %WINDIR%\syswow64\file069.tmp.bak0011945d
from %WINDIR%\syswow64\file069.tmp.bak0011945d to %WINDIR%\syswow64\tappaccess.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file076.tmp.bak0011919b to %WINDIR%\syswow64\file076.tmp.bak0011919b
from %WINDIR%\file069.tmp.bak00119417 to %WINDIR%\baktaacs.sys
from %WINDIR%\syswow64\file076.tmp.bak0011919b to %WINDIR%\syswow64\tfloattip.dll
from %WINDIR%\file083.tmp.bak001199ca to %WINDIR%\bak32msl.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file077.tmp.bak00119154 to %WINDIR%\syswow64\file077.tmp.bak00119154
from %WINDIR%\syswow64\file084.tmp.bak00119962 to %WINDIR%\syswow64\funcextv.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file084.tmp.bak001198f7 to %WINDIR%\file084.tmp.bak001198f7
from %WINDIR%\file084.tmp.bak001198f7 to %WINDIR%\bakfextv.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file085.tmp.bak001198d3 to %WINDIR%\syswow64\file085.tmp.bak001198d3
from %WINDIR%\syswow64\file085.tmp.bak001198d3 to %WINDIR%\syswow64\funcextv64.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file083.tmp.bak001199ca to %WINDIR%\file083.tmp.bak001199ca
from %WINDIR%\file082.tmp.bak00119a12 to %WINDIR%\bak32msc.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file084.tmp.bak00119962 to %WINDIR%\syswow64\file084.tmp.bak00119962
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file085.tmp.bak001198b1 to %WINDIR%\file085.tmp.bak001198b1
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file086.tmp.bak001197b8 to %CommonProgramFiles(x86)%\system\file086.tmp.bak001197b8
from %CommonProgramFiles(x86)%\system\file086.tmp.bak001197b8 to %CommonProgramFiles(x86)%\system\agt3tool.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file091.tmp.bak0011974f to %WINDIR%\syswow64\file091.tmp.bak0011974f
from %WINDIR%\syswow64\file091.tmp.bak0011974f to %WINDIR%\syswow64\winrdlv3.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file091.tmp.bak0011972b to %WINDIR%\file091.tmp.bak0011972b
from %WINDIR%\file085.tmp.bak001198b1 to %WINDIR%\bakfextv64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file086.tmp.bak00119868 to %WINDIR%\file086.tmp.bak00119868
from %WINDIR%\file086.tmp.bak00119868 to %WINDIR%\agt3tool.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file067.tmp.bak001194a4 to %WINDIR%\file067.tmp.bak001194a4
from %WINDIR%\file066.tmp.bak0011959b to %WINDIR%\baktmgw.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file076.tmp.bak00119176 to %WINDIR%\file076.tmp.bak00119176
from %WINDIR%\syswow64\file077.tmp.bak00119154 to %WINDIR%\syswow64\sd7z.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file077.tmp.bak0011910c to %WINDIR%\file077.tmp.bak0011910c
from %WINDIR%\file077.tmp.bak0011910c to %WINDIR%\baksd7z.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file078.tmp.bak001190ea to %WINDIR%\syswow64\file078.tmp.bak001190ea
from %WINDIR%\syswow64\file078.tmp.bak001190ea to %WINDIR%\syswow64\sd7zarchive.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file082.tmp.bak00119a12 to %WINDIR%\file082.tmp.bak00119a12
from %WINDIR%\file076.tmp.bak00119176 to %WINDIR%\baktftip.sys
from %WINDIR%\file081.tmp.bak00119a9f to %WINDIR%\bak32msm.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file078.tmp.bak001190c6 to %WINDIR%\file078.tmp.bak001190c6
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file079.tmp.bak00119b4f to %WINDIR%\file079.tmp.bak00119b4f
from %WINDIR%\file079.tmp.bak00119b4f to %WINDIR%\baksdlaunch.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file080.tmp.bak00119b09 to %WINDIR%\file080.tmp.bak00119b09
from %WINDIR%\file080.tmp.bak00119b09 to %WINDIR%\pwddict.ini
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file081.tmp.bak00119a9f to %WINDIR%\file081.tmp.bak00119a9f
from %WINDIR%\file078.tmp.bak001190c6 to %WINDIR%\baksd7zarv.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file079.tmp.bak001190c6 to %WINDIR%\syswow64\file079.tmp.bak001190c6
from %WINDIR%\syswow64\file079.tmp.bak001190c6 to %WINDIR%\syswow64\sdlaunch.dll
from %WINDIR%\syswow64\file067.tmp.bak00119554 to %WINDIR%\syswow64\tmailhook.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file066.tmp.bak0011959b to %WINDIR%\file066.tmp.bak0011959b
from %WINDIR%\syswow64\file066.tmp.bak001195e1 to %WINDIR%\syswow64\tmailgateway.dll
from %WINDIR%\syswow64\drivers\file051.tmp.bak00117efa to %WINDIR%\syswow64\drivers\tvdisk.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file051.tmp.bak00117ed6 to %WINDIR%\file051.tmp.bak00117ed6
from %WINDIR%\file051.tmp.bak00117ed6 to %WINDIR%\baktvd.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file052.tmp.bak00117eb1 to %CommonProgramFiles(x86)%\system\file052.tmp.bak00117eb1
from %WINDIR%\syswow64\file050.tmp.bak00117f62 to %WINDIR%\syswow64\tvdmount.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file047.tmp.bak00118037 to %WINDIR%\file047.tmp.bak00118037
from %CommonProgramFiles(x86)%\system\file052.tmp.bak00117eb1 to %CommonProgramFiles(x86)%\system\windevctrl64.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file051.tmp.bak00117efa to %WINDIR%\syswow64\drivers\file051.tmp.bak00117efa
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file053.tmp.bak00117e01 to %WINDIR%\syswow64\file053.tmp.bak00117e01
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file053.tmp.bak00117ddf to %WINDIR%\file053.tmp.bak00117ddf
from %WINDIR%\file053.tmp.bak00117ddf to %WINDIR%\baktstszc.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file054.tmp.bak00117dba to %WINDIR%\syswow64\file054.tmp.bak00117dba
from %WINDIR%\syswow64\file054.tmp.bak00117dba to %WINDIR%\syswow64\winusrmd.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file052.tmp.bak00117e49 to %WINDIR%\file052.tmp.bak00117e49
from %WINDIR%\file052.tmp.bak00117e49 to %WINDIR%\bakdevctrl64.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file045.tmp.bak001180a2 to %WINDIR%\syswow64\file045.tmp.bak001180a2
from %WINDIR%\syswow64\file053.tmp.bak00117e01 to %WINDIR%\syswow64\tsafetszc.dll
from %WINDIR%\file054.tmp.bak00117dba to %WINDIR%\bakusrmd.sys
from %WINDIR%\file050.tmp.bak00117f40 to %WINDIR%\bakmount.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file050.tmp.bak00117f62 to %WINDIR%\syswow64\file050.tmp.bak00117f62
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file046.tmp.bak0011807d to %WINDIR%\syswow64\file046.tmp.bak0011807d
from %WINDIR%\syswow64\file046.tmp.bak0011807d to %WINDIR%\syswow64\orcshk3.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file046.tmp.bak0011805b to %WINDIR%\file046.tmp.bak0011805b
from %WINDIR%\file046.tmp.bak0011805b to %WINDIR%\bakorch3.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file047.tmp.bak0011805b to %WINDIR%\syswow64\drivers\file047.tmp.bak0011805b
from %WINDIR%\file049.tmp.bak00117fab to %WINDIR%\bakmenusl.sys
from %WINDIR%\syswow64\drivers\file047.tmp.bak0011805b to %WINDIR%\syswow64\drivers\tfsfltdrv.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file054.tmp.bak00117dba to %WINDIR%\file054.tmp.bak00117dba
from %WINDIR%\file047.tmp.bak00118037 to %WINDIR%\baktfsdrv.sys
from %WINDIR%\syswow64\file048.tmp.bak00118013 to %WINDIR%\syswow64\winencyx.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file048.tmp.bak00118013 to %WINDIR%\file048.tmp.bak00118013
from %WINDIR%\file048.tmp.bak00118013 to %WINDIR%\bakencyx.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file049.tmp.bak00117ff1 to %WINDIR%\syswow64\file049.tmp.bak00117ff1
from %WINDIR%\syswow64\file049.tmp.bak00117ff1 to %WINDIR%\syswow64\trmenushl.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file045.tmp.bak001180a2 to %WINDIR%\file045.tmp.bak001180a2
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file049.tmp.bak00117fab to %WINDIR%\file049.tmp.bak00117fab
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file048.tmp.bak00118013 to %WINDIR%\syswow64\file048.tmp.bak00118013
from %WINDIR%\syswow64\file045.tmp.bak001180a2 to %WINDIR%\syswow64\orcs3dll.dll
from %WINDIR%\syswow64\file055.tmp.bak00117d98 to %WINDIR%\syswow64\sdcontext2.dll
from %WINDIR%\file055.tmp.bak00117d50 to %WINDIR%\baksdctx2.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file061.tmp.bak00117550 to %WINDIR%\syswow64\file061.tmp.bak00117550
from %WINDIR%\syswow64\file061.tmp.bak00117550 to %WINDIR%\syswow64\sdfattr.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file061.tmp.bak00117507 to %WINDIR%\file061.tmp.bak00117507
from %WINDIR%\file061.tmp.bak00117507 to %WINDIR%\baksdfa.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file062.tmp.bak00117457 to %WINDIR%\syswow64\file062.tmp.bak00117457
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file055.tmp.bak00117d98 to %WINDIR%\syswow64\file055.tmp.bak00117d98
from %WINDIR%\syswow64\file060.tmp.bak001176f7 to %WINDIR%\syswow64\sdagent.dll
from %WINDIR%\file060.tmp.bak00117596 to %WINDIR%\baksda.sys
from %WINDIR%\file062.tmp.bak00117319 to %WINDIR%\baksdcsl.sys
from %WINDIR%\file063.tmp.bak00117194 to %WINDIR%\baksdoeav.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file065.tmp.bak00119742 to %WINDIR%\syswow64\file065.tmp.bak00119742
from %WINDIR%\syswow64\file065.tmp.bak00119742 to %WINDIR%\syswow64\dtframe32.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file065.tmp.bak0011964b to %WINDIR%\file065.tmp.bak0011964b
from %WINDIR%\file065.tmp.bak0011964b to %WINDIR%\bakdtfrm32.sys
from %WINDIR%\syswow64\file062.tmp.bak00117457 to %WINDIR%\syswow64\sdconsole.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file066.tmp.bak001195e1 to %WINDIR%\syswow64\file066.tmp.bak001195e1
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file063.tmp.bak00117194 to %WINDIR%\file063.tmp.bak00117194
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file055.tmp.bak00117d50 to %WINDIR%\file055.tmp.bak00117d50
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file060.tmp.bak00117596 to %WINDIR%\file060.tmp.bak00117596
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file060.tmp.bak001176f7 to %WINDIR%\syswow64\file060.tmp.bak001176f7
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file056.tmp.bak00117ce8 to %WINDIR%\syswow64\file056.tmp.bak00117ce8
from %WINDIR%\syswow64\file056.tmp.bak00117ce8 to %WINDIR%\syswow64\sdhelper2.exe
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file056.tmp.bak00117c13 to %WINDIR%\file056.tmp.bak00117c13
from %WINDIR%\file056.tmp.bak00117c13 to %WINDIR%\baksdhlp2.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file057.tmp.bak00117b86 to %WINDIR%\syswow64\file057.tmp.bak00117b86
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file059.tmp.bak001177ee to %WINDIR%\file059.tmp.bak001177ee
from %WINDIR%\file059.tmp.bak001177ee to %WINDIR%\baksdc.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file062.tmp.bak00117319 to %WINDIR%\file062.tmp.bak00117319
from %WINDIR%\file057.tmp.bak00117b3e to %WINDIR%\baksdfi2.sys
from %WINDIR%\syswow64\file058.tmp.bak00117b1c to %WINDIR%\syswow64\tsafedoc2.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file058.tmp.bak00117a01 to %WINDIR%\file058.tmp.bak00117a01
from %WINDIR%\file058.tmp.bak00117a01 to %WINDIR%\baktsdoc2t.sys
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file059.tmp.bak0011790a to %WINDIR%\syswow64\file059.tmp.bak0011790a
from %WINDIR%\syswow64\file059.tmp.bak0011790a to %WINDIR%\syswow64\sdcenter.dll
from %WINDIR%\syswow64\file057.tmp.bak00117b86 to %WINDIR%\syswow64\sdfileicon2.dll
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file050.tmp.bak00117f40 to %WINDIR%\file050.tmp.bak00117f40
from %ALLUSERSPROFILE%\ipgaszip20230815173002\file058.tmp.bak00117b1c to %WINDIR%\syswow64\file058.tmp.bak00117b1c
from <SYSTEM32>\funcextv64.dll_2tmp to <SYSTEM32>\funcextv64.dll

Modifies the following files

%LOCALAPPDATA%\microsoft\windows\explorer\explorerstartuplog_runonce.etl

Substitutes the following files

%ALLUSERSPROFILE%\ipgaszip20230815173002\file003.tmp.bak00116857
%ALLUSERSPROFILE%\ipgaszip20230815173002\file160.tmp.bak0011a53d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file158.tmp.bak0011a612
%ALLUSERSPROFILE%\ipgaszip20230815173002\file157.tmp.bak0011a634
%ALLUSERSPROFILE%\ipgaszip20230815173002\file156.tmp.bak0011a658
%ALLUSERSPROFILE%\ipgaszip20230815173002\file154.tmp.bak0011a72d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file149.tmp.bak0011822f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file143.tmp.bak0011841d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file140.tmp.bak00118514
%ALLUSERSPROFILE%\ipgaszip20230815173002\file138.tmp.bak0011857f
%ALLUSERSPROFILE%\ipgaszip20230815173002\file134.tmp.bak00118654
%ALLUSERSPROFILE%\ipgaszip20230815173002\file108.tmp.bak001191a5
%ALLUSERSPROFILE%\ipgaszip20230815173002\file100.tmp.bak00119329
%ALLUSERSPROFILE%\ipgaszip20230815173002\file096.tmp.bak0011948a
%ALLUSERSPROFILE%\ipgaszip20230815173002\file095.tmp.bak001194d3
%ALLUSERSPROFILE%\ipgaszip20230815173002\file073.tmp.bak00119292
%ALLUSERSPROFILE%\ipgaszip20230815173002\file068.tmp.bak0011945d
%ALLUSERSPROFILE%\ipgaszip20230815173002\file054.tmp.bak00117dba
%ALLUSERSPROFILE%\ipgaszip20230815173002\file048.tmp.bak00118013
%ALLUSERSPROFILE%\ipgaszip20230815173002\file045.tmp.bak001180a2
%ALLUSERSPROFILE%\ipgaszip20230815173002\file037.tmp.bak001181df
%ALLUSERSPROFILE%\ipgaszip20230815173002\file018.tmp.bak00118789
%ALLUSERSPROFILE%\ipgaszip20230815173002\file013.tmp.bak001189bd
%ALLUSERSPROFILE%\ipgaszip20230815173002\file011.tmp.bak00118a05
%ALLUSERSPROFILE%\ipgaszip20230815173002\file010.tmp.bak00118a27
%ALLUSERSPROFILE%\ipgaszip20230815173002\file004.tmp.bak00116811
%ALLUSERSPROFILE%\ipgaszip20230815173002\file172.tmp.bak0011a3dc
<DRIVERS>\tnullfilter.sys

Miscellaneous

Searches for the following windows

ClassName: '' WindowName: ''
ClassName: 'CtrlNotifySink' WindowName: ''
ClassName: 'Button' WindowName: ''

Creates and executes the following

'%TEMP%\ipgaskernel20230815172959\akernel3.exe'
'%CommonProgramFiles(x86)%\system\systecv3.exe'
'%CommonProgramFiles(x86)%\system\winrdgv3.exe'
'<SYSTEM32>\winrdlv3.exe' winwdgv364.dll,StartBackMonitor
'%WINDIR%\syswow64\winrdlv3.exe' winwdgv3.dll,RunMonitor32
'%WINDIR%\syswow64\winrdlv3.exe' winoav3.dll,RunAgent32
'%WINDIR%\syswow64\winrdlv3.exe' SDLaunch.dll,RunSDLaunch32

Executes the following

'<SYSTEM32>\rundll32.exe' setupapi,InstallHinfSection DefaultInstall 132 C:\TNullFitler\TNullFilter.inf
'<SYSTEM32>\runonce.exe' -r
'<SYSTEM32>\grpconv.exe' -o
'<SYSTEM32>\regsvr32.exe' /s sdfileicon64.dll

技术

术语

教育培训

误区

Technical Information

Curing recommendations

Free trial