用户服务中心

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

CN

RU CN EN ES FR IT JP KZ UZ BY ID
Close
服务
扫描仪
Dr.Web vxCube
试用
病毒知识库
知识库

技术

术语

教育培训

误区

新闻

Trojan.Siggen32.60615

Added to the Dr.Web virus database: 2026-06-25

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsDefender' = '<Full path to file>'
Malicious functions
Terminates or attempts to terminate
the following user processes:
  • firefox.exe
Modifies file system
Creates the following files
  • %TEMP%\_mei11642\81d243bd2c585b0f4821__mypyc.cp314-win_amd64.pyd
  • %TEMP%\_mei11642\crypto\cipher\_arc4.pyd
  • %TEMP%\_mei11642\crypto\cipher\_salsa20.pyd
  • %TEMP%\_mei11642\crypto\cipher\_chacha20.pyd
  • %TEMP%\_mei11642\crypto\cipher\_pkcs1_decode.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_aes.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_aesni.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_arc2.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_blowfish.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_cast.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_cbc.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_cfb.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_ctr.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_des.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_des3.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_ecb.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_eksblowfish.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_ocb.pyd
  • %TEMP%\_mei11642\crypto\cipher\_raw_ofb.pyd
  • %TEMP%\_mei11642\crypto\hash\_blake2b.pyd
  • %TEMP%\_mei11642\crypto\hash\_blake2s.pyd
  • %TEMP%\_mei11642\crypto\hash\_md2.pyd
  • %TEMP%\_mei11642\crypto\hash\_md4.pyd
  • %TEMP%\_mei11642\crypto\hash\_md5.pyd
  • %TEMP%\_mei11642\crypto\hash\_ripemd160.pyd
  • %TEMP%\_mei11642\crypto\hash\_sha1.pyd
  • %TEMP%\_mei11642\crypto\hash\_sha224.pyd
  • %TEMP%\_mei11642\crypto\hash\_sha256.pyd
  • %TEMP%\_mei11642\crypto\hash\_sha384.pyd
  • %TEMP%\_mei11642\crypto\hash\_sha512.pyd
  • %TEMP%\_mei11642\crypto\hash\_ghash_clmul.pyd
  • %TEMP%\_mei11642\crypto\hash\_ghash_portable.pyd
  • %TEMP%\_mei11642\crypto\hash\_keccak.pyd
  • %TEMP%\_mei11642\crypto\hash\_poly1305.pyd
  • %TEMP%\_mei11642\crypto\math\_modexp.pyd
  • %TEMP%\_mei11642\crypto\protocol\_scrypt.pyd
  • %TEMP%\_mei11642\crypto\publickey\_ec_ws.pyd
  • %TEMP%\_mei11642\crypto\publickey\_ed25519.pyd
  • %TEMP%\_mei11642\crypto\publickey\_ed448.pyd
  • %TEMP%\_mei11642\crypto\publickey\_x25519.pyd
  • %TEMP%\_mei11642\crypto\util\_cpuid_c.pyd
  • %TEMP%\_mei11642\crypto\util\_strxor.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\aes.py
  • %TEMP%\_mei11642\cryptodome\cipher\aes.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\arc2.py
  • %TEMP%\_mei11642\cryptodome\cipher\arc2.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\arc4.py
  • %TEMP%\_mei11642\cryptodome\cipher\arc4.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\blowfish.py
  • %TEMP%\_mei11642\cryptodome\cipher\blowfish.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\cast.py
  • %TEMP%\_mei11642\cryptodome\cipher\cast.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\chacha20.py
  • %TEMP%\_mei11642\cryptodome\cipher\chacha20.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\chacha20_poly1305.py
  • %TEMP%\_mei11642\cryptodome\cipher\chacha20_poly1305.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\des.py
  • %TEMP%\_mei11642\cryptodome\cipher\des.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\des3.py
  • %TEMP%\_mei11642\cryptodome\cipher\des3.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\pkcs1_oaep.py
  • %TEMP%\_mei11642\cryptodome\cipher\pkcs1_oaep.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\pkcs1_v1_5.py
  • %TEMP%\_mei11642\cryptodome\cipher\pkcs1_v1_5.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\salsa20.py
  • %TEMP%\_mei11642\cryptodome\cipher\salsa20.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_arc4.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_eksblowfish.py
  • %TEMP%\_mei11642\cryptodome\cipher\_eksblowfish.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_salsa20.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\__init__.py
  • %TEMP%\_mei11642\cryptodome\cipher\_chacha20.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_cbc.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_cbc.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_ccm.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_ccm.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_cfb.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_cfb.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_ctr.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_ctr.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_eax.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_eax.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_ecb.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_ecb.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_gcm.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_gcm.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_kw.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_kwp.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_ocb.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_ocb.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_ofb.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_ofb.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_openpgp.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_openpgp.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_siv.py
  • %TEMP%\_mei11642\cryptodome\cipher\_mode_siv.pyi
  • %TEMP%\_mei11642\cryptodome\cipher\_pkcs1_decode.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_pkcs1_oaep_decode.py
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_aes.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_aesni.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_arc2.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_blowfish.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_cast.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_cbc.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_cfb.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_ctr.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_des.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_des3.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_ecb.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_eksblowfish.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_ocb.pyd
  • %TEMP%\_mei11642\cryptodome\cipher\_raw_ofb.pyd
  • %TEMP%\_mei11642\cryptodome\hash\blake2b.py
  • %TEMP%\_mei11642\cryptodome\hash\blake2b.pyi
  • %TEMP%\_mei11642\cryptodome\hash\blake2s.py
  • %TEMP%\_mei11642\cryptodome\hash\blake2s.pyi
  • %TEMP%\_mei11642\cryptodome\hash\cmac.py
  • %TEMP%\_mei11642\cryptodome\hash\cmac.pyi
  • %TEMP%\_mei11642\cryptodome\hash\hmac.py
  • %TEMP%\_mei11642\cryptodome\hash\hmac.pyi
  • %TEMP%\_mei11642\cryptodome\hash\kmac128.py
  • %TEMP%\_mei11642\cryptodome\hash\kmac128.pyi
  • %TEMP%\_mei11642\cryptodome\hash\kmac256.py
  • %TEMP%\_mei11642\cryptodome\hash\kmac256.pyi
  • %TEMP%\_mei11642\cryptodome\hash\kangarootwelve.py
  • %TEMP%\_mei11642\cryptodome\hash\kangarootwelve.pyi
  • %TEMP%\_mei11642\cryptodome\hash\md2.py
  • %TEMP%\_mei11642\cryptodome\hash\md2.pyi
  • %TEMP%\_mei11642\cryptodome\hash\md4.py
  • %TEMP%\_mei11642\cryptodome\hash\md4.pyi
  • %TEMP%\_mei11642\cryptodome\hash\md5.py
  • %TEMP%\_mei11642\cryptodome\hash\md5.pyi
  • %TEMP%\_mei11642\cryptodome\hash\poly1305.py
  • %TEMP%\_mei11642\cryptodome\hash\poly1305.pyi
  • %TEMP%\_mei11642\cryptodome\hash\ripemd.py
  • %TEMP%\_mei11642\cryptodome\hash\ripemd.pyi
  • %TEMP%\_mei11642\cryptodome\hash\ripemd160.py
  • %TEMP%\_mei11642\cryptodome\hash\ripemd160.pyi
  • %TEMP%\_mei11642\cryptodome\hash\sha.py
  • %TEMP%\_mei11642\cryptodome\hash\sha.pyi
  • %TEMP%\_mei11642\cryptodome\hash\sha1.py
  • %TEMP%\_mei11642\cryptodome\hash\sha1.pyi
  • %TEMP%\_mei11642\cryptodome\hash\sha224.py
  • %TEMP%\_mei11642\cryptodome\hash\sha224.pyi
  • %TEMP%\_mei11642\cryptodome\hash\sha256.py
  • %TEMP%\_mei11642\cryptodome\hash\sha256.pyi
  • %TEMP%\_mei11642\cryptodome\hash\sha384.py
  • %TEMP%\_mei11642\cryptodome\hash\sha384.pyi
  • %TEMP%\_mei11642\cryptodome\hash\sha3_224.py
  • %TEMP%\_mei11642\cryptodome\hash\sha3_224.pyi
  • %TEMP%\_mei11642\cryptodome\hash\sha3_256.py
  • %TEMP%\_mei11642\cryptodome\hash\sha3_256.pyi
  • %TEMP%\_mei11642\cryptodome\hash\sha3_384.py
  • %TEMP%\_mei11642\cryptodome\hash\sha3_384.pyi
  • %TEMP%\_mei11642\cryptodome\hash\sha3_512.py
  • %TEMP%\_mei11642\cryptodome\hash\sha3_512.pyi
  • %TEMP%\_mei11642\cryptodome\hash\sha512.py
  • %TEMP%\_mei11642\cryptodome\hash\sha512.pyi
  • %TEMP%\_mei11642\cryptodome\hash\shake128.py
  • %TEMP%\_mei11642\cryptodome\hash\shake128.pyi
  • %TEMP%\_mei11642\cryptodome\hash\shake256.py
  • %TEMP%\_mei11642\cryptodome\hash\shake256.pyi
  • %TEMP%\_mei11642\cryptodome\hash\tuplehash128.py
  • %TEMP%\_mei11642\cryptodome\hash\tuplehash128.pyi
  • %TEMP%\_mei11642\cryptodome\hash\tuplehash256.py
  • %TEMP%\_mei11642\cryptodome\hash\tuplehash256.pyi
  • %TEMP%\_mei11642\cryptodome\hash\turboshake128.py
  • %TEMP%\_mei11642\cryptodome\hash\turboshake128.pyi
  • %TEMP%\_mei11642\cryptodome\hash\turboshake256.py
  • %TEMP%\_mei11642\cryptodome\hash\turboshake256.pyi
  • %TEMP%\_mei11642\cryptodome\hash\_blake2b.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_blake2s.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_md2.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_md4.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_md5.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_ripemd160.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_sha1.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_sha224.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_sha256.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_sha384.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_sha512.pyd
  • %TEMP%\_mei11642\cryptodome\hash\__init__.py
  • %TEMP%\_mei11642\cryptodome\hash\__init__.pyi
  • %TEMP%\_mei11642\cryptodome\hash\_ghash_clmul.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_ghash_portable.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_keccak.pyd
  • %TEMP%\_mei11642\cryptodome\hash\_poly1305.pyd
  • %TEMP%\_mei11642\cryptodome\hash\cshake128.py
  • %TEMP%\_mei11642\cryptodome\hash\cshake128.pyi
  • %TEMP%\_mei11642\cryptodome\hash\cshake256.py
  • %TEMP%\_mei11642\cryptodome\hash\cshake256.pyi
  • %TEMP%\_mei11642\cryptodome\hash\keccak.py
  • %TEMP%\_mei11642\cryptodome\hash\keccak.pyi
  • %TEMP%\_mei11642\cryptodome\io\pem.py
  • %TEMP%\_mei11642\cryptodome\io\pem.pyi
  • %TEMP%\_mei11642\cryptodome\io\pkcs8.py
  • %TEMP%\_mei11642\cryptodome\io\pkcs8.pyi
  • %TEMP%\_mei11642\cryptodome\io\_pbes.py
  • %TEMP%\_mei11642\cryptodome\io\_pbes.pyi
  • %TEMP%\_mei11642\cryptodome\io\__init__.py
  • %TEMP%\_mei11642\cryptodome\math\numbers.py
  • %TEMP%\_mei11642\cryptodome\math\numbers.pyi
  • %TEMP%\_mei11642\cryptodome\math\primality.py
  • %TEMP%\_mei11642\cryptodome\math\primality.pyi
  • %TEMP%\_mei11642\cryptodome\math\_integerbase.py
  • %TEMP%\_mei11642\cryptodome\math\_integerbase.pyi
  • %TEMP%\_mei11642\cryptodome\math\_integercustom.py
  • %TEMP%\_mei11642\cryptodome\math\_integercustom.pyi
  • %TEMP%\_mei11642\cryptodome\math\_integergmp.py
  • %TEMP%\_mei11642\cryptodome\math\_integergmp.pyi
  • %TEMP%\_mei11642\cryptodome\math\_integernative.py
  • %TEMP%\_mei11642\cryptodome\math\_integernative.pyi
  • %TEMP%\_mei11642\cryptodome\math\_modexp.pyd
  • %TEMP%\_mei11642\cryptodome\protocol\dh.py
  • %TEMP%\_mei11642\cryptodome\protocol\dh.pyi
  • %TEMP%\_mei11642\cryptodome\protocol\hpke.py
  • %TEMP%\_mei11642\cryptodome\protocol\kdf.py
  • %TEMP%\_mei11642\cryptodome\protocol\kdf.pyi
  • %TEMP%\_mei11642\cryptodome\protocol\secretsharing.py
  • %TEMP%\_mei11642\cryptodome\protocol\secretsharing.pyi
  • %TEMP%\_mei11642\cryptodome\protocol\__init__.py
  • %TEMP%\_mei11642\cryptodome\protocol\__init__.pyi
  • %TEMP%\_mei11642\cryptodome\protocol\_scrypt.pyd
  • %TEMP%\_mei11642\cryptodome\publickey\dsa.py
  • %TEMP%\_mei11642\cryptodome\publickey\dsa.pyi
  • %TEMP%\_mei11642\cryptodome\publickey\ecc.py
  • %TEMP%\_mei11642\cryptodome\publickey\ecc.pyi
  • %TEMP%\_mei11642\cryptodome\publickey\elgamal.py
  • %TEMP%\_mei11642\cryptodome\publickey\elgamal.pyi
  • %TEMP%\_mei11642\cryptodome\publickey\rsa.py
  • %TEMP%\_mei11642\cryptodome\publickey\rsa.pyi
  • %TEMP%\_mei11642\cryptodome\publickey\__init__.py
  • %TEMP%\_mei11642\cryptodome\publickey\_curve.py
  • %TEMP%\_mei11642\cryptodome\publickey\_curve25519.pyd
  • %TEMP%\_mei11642\cryptodome\publickey\_curve448.pyd
  • %TEMP%\_mei11642\cryptodome\publickey\_ec_ws.pyd
  • %TEMP%\_mei11642\cryptodome\publickey\_ed25519.pyd
  • %TEMP%\_mei11642\cryptodome\publickey\_ed448.pyd
  • %TEMP%\_mei11642\cryptodome\publickey\_edwards.py
  • %TEMP%\_mei11642\cryptodome\publickey\_montgomery.py
  • %TEMP%\_mei11642\cryptodome\publickey\_nist_ecc.py
  • %TEMP%\_mei11642\cryptodome\publickey\_openssh.py
  • %TEMP%\_mei11642\cryptodome\publickey\_openssh.pyi
  • %TEMP%\_mei11642\cryptodome\publickey\_point.py
  • %TEMP%\_mei11642\cryptodome\publickey\_point.pyi
  • %TEMP%\_mei11642\cryptodome\random\__init__.py
  • %TEMP%\_mei11642\cryptodome\random\__init__.pyi
  • %TEMP%\_mei11642\cryptodome\random\random.py
  • %TEMP%\_mei11642\cryptodome\random\random.pyi
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\__init__.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\common.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_aes.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_arc2.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_arc4.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_blowfish.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_cast.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_cbc.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_ccm.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_cfb.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_ctr.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_chacha20.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_chacha20_poly1305.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_des.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_des3.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_eax.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_gcm.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_kw.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_ocb.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_ofb.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_openpgp.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_siv.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_salsa20.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_pkcs1_15.py
  • %TEMP%\_mei11642\cryptodome\selftest\cipher\test_pkcs1_oaep.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\__init__.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\common.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_blake2.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_cmac.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_hmac.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_kmac.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_kangarootwelve.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_md2.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_md4.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_md5.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_poly1305.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_ripemd160.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_sha1.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_sha224.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_sha256.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_sha384.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_sha3_224.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_sha3_256.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_sha3_384.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_sha3_512.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_sha512.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_shake.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_tuplehash.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_turboshake.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_cshake.py
  • %TEMP%\_mei11642\cryptodome\selftest\hash\test_keccak.py
  • %TEMP%\_mei11642\cryptodome\selftest\io\__init__.py
  • %TEMP%\_mei11642\cryptodome\selftest\io\test_pbes.py
  • %TEMP%\_mei11642\cryptodome\selftest\io\test_pkcs8.py
  • %TEMP%\_mei11642\cryptodome\selftest\math\__init__.py
  • %TEMP%\_mei11642\cryptodome\selftest\math\test_numbers.py
  • %TEMP%\_mei11642\cryptodome\selftest\math\test_primality.py
  • %TEMP%\_mei11642\cryptodome\selftest\math\test_modexp.py
  • %TEMP%\_mei11642\cryptodome\selftest\math\test_modmult.py
  • %TEMP%\_mei11642\cryptodome\selftest\protocol\__init__.py
  • %TEMP%\_mei11642\cryptodome\selftest\protocol\test_hpke.py
  • %TEMP%\_mei11642\cryptodome\selftest\protocol\test_kdf.py
  • %TEMP%\_mei11642\cryptodome\selftest\protocol\test_secretsharing.py
  • %TEMP%\_mei11642\cryptodome\selftest\protocol\test_ecdh.py
  • %TEMP%\_mei11642\cryptodome\selftest\protocol\test_rfc1751.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\__init__.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_dsa.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_ecc_curve25519.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_ecc_curve448.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_ecc_ed25519.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_ecc_ed448.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_ecc_nist.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_elgamal.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_rsa.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_import_curve25519.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_import_curve448.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_import_dsa.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_import_ecc.py
  • %TEMP%\_mei11642\cryptodome\selftest\publickey\test_import_rsa.py
  • %TEMP%\_mei11642\cryptodome\selftest\random\__init__.py
  • %TEMP%\_mei11642\cryptodome\selftest\random\test_random.py
  • %TEMP%\_mei11642\cryptodome\selftest\signature\__init__.py
  • %TEMP%\_mei11642\cryptodome\selftest\signature\test_dss.py
  • %TEMP%\_mei11642\cryptodome\selftest\signature\test_eddsa.py
  • %TEMP%\_mei11642\cryptodome\selftest\signature\test_pkcs1_15.py
  • %TEMP%\_mei11642\cryptodome\selftest\signature\test_pss.py
  • %TEMP%\_mei11642\cryptodome\selftest\util\__init__.py
  • %TEMP%\_mei11642\cryptodome\selftest\util\test_counter.py
  • %TEMP%\_mei11642\cryptodome\selftest\util\test_padding.py
  • %TEMP%\_mei11642\cryptodome\selftest\util\test_asn1.py
  • %TEMP%\_mei11642\cryptodome\selftest\util\test_number.py
  • %TEMP%\_mei11642\cryptodome\selftest\util\test_rfc1751.py
  • %TEMP%\_mei11642\cryptodome\selftest\util\test_strxor.py
  • %TEMP%\_mei11642\cryptodome\selftest\__init__.py
  • %TEMP%\_mei11642\cryptodome\selftest\__main__.py
  • %TEMP%\_mei11642\cryptodome\selftest\loader.py
  • %TEMP%\_mei11642\cryptodome\selftest\st_common.py
  • %TEMP%\_mei11642\cryptodome\signature\dss.py
  • %TEMP%\_mei11642\cryptodome\signature\dss.pyi
  • %TEMP%\_mei11642\cryptodome\signature\pkcs1_pss.py
  • %TEMP%\_mei11642\cryptodome\signature\pkcs1_pss.pyi
  • %TEMP%\_mei11642\cryptodome\signature\pkcs1_v1_5.py
  • %TEMP%\_mei11642\cryptodome\signature\pkcs1_v1_5.pyi
  • %TEMP%\_mei11642\cryptodome\signature\__init__.py
  • %TEMP%\_mei11642\cryptodome\signature\eddsa.py
  • %TEMP%\_mei11642\cryptodome\signature\eddsa.pyi
  • %TEMP%\_mei11642\cryptodome\signature\pkcs1_15.py
  • %TEMP%\_mei11642\cryptodome\signature\pkcs1_15.pyi
  • %TEMP%\_mei11642\cryptodome\signature\pss.py
  • %TEMP%\_mei11642\cryptodome\signature\pss.pyi
  • %TEMP%\_mei11642\cryptodome\util\counter.py
  • %TEMP%\_mei11642\cryptodome\util\counter.pyi
  • %TEMP%\_mei11642\cryptodome\util\padding.py
  • %TEMP%\_mei11642\cryptodome\util\padding.pyi
  • %TEMP%\_mei11642\cryptodome\util\rfc1751.py
  • %TEMP%\_mei11642\cryptodome\util\rfc1751.pyi
  • %TEMP%\_mei11642\cryptodome\util\__init__.py
  • %TEMP%\_mei11642\cryptodome\util\_cpu_features.py
  • %TEMP%\_mei11642\cryptodome\util\_cpu_features.pyi
  • %TEMP%\_mei11642\cryptodome\util\_cpuid_c.pyd
  • %TEMP%\_mei11642\cryptodome\util\_file_system.py
  • %TEMP%\_mei11642\cryptodome\util\_file_system.pyi
  • %TEMP%\_mei11642\cryptodome\util\_raw_api.py
  • %TEMP%\_mei11642\cryptodome\util\_raw_api.pyi
  • %TEMP%\_mei11642\cryptodome\util\_strxor.pyd
  • %TEMP%\_mei11642\cryptodome\util\asn1.py
  • %TEMP%\_mei11642\cryptodome\util\asn1.pyi
  • %TEMP%\_mei11642\cryptodome\util\number.py
  • %TEMP%\_mei11642\cryptodome\util\number.pyi
  • %TEMP%\_mei11642\cryptodome\util\py3compat.py
  • %TEMP%\_mei11642\cryptodome\util\py3compat.pyi
  • %TEMP%\_mei11642\cryptodome\util\strxor.py
  • %TEMP%\_mei11642\cryptodome\util\strxor.pyi
  • %TEMP%\_mei11642\cryptodome\__init__.py
  • %TEMP%\_mei11642\cryptodome\__init__.pyi
  • %TEMP%\_mei11642\pythonwin\mfc140u.dll
  • %TEMP%\_mei11642\pythonwin\win32ui.pyd
  • %TEMP%\_mei11642\vcruntime140.dll
  • %TEMP%\_mei11642\vcruntime140_1.dll
  • %TEMP%\_mei11642\_asyncio.pyd
  • %TEMP%\_mei11642\_brotli.cp314-win_amd64.pyd
  • %TEMP%\_mei11642\_bz2.pyd
  • %TEMP%\_mei11642\_cffi_backend.cp314-win_amd64.pyd
  • %TEMP%\_mei11642\_ctypes.pyd
  • %TEMP%\_mei11642\_decimal.pyd
  • %TEMP%\_mei11642\_elementtree.pyd
  • %TEMP%\_mei11642\_hashlib.pyd
  • %TEMP%\_mei11642\_lzma.pyd
  • %TEMP%\_mei11642\_multiprocessing.pyd
  • %TEMP%\_mei11642\_overlapped.pyd
  • %TEMP%\_mei11642\_queue.pyd
  • %TEMP%\_mei11642\_socket.pyd
  • %TEMP%\_mei11642\_sqlite3.pyd
  • %TEMP%\_mei11642\_ssl.pyd
  • %TEMP%\_mei11642\_wmi.pyd
  • %TEMP%\_mei11642\_zstd.pyd
  • %TEMP%\_mei11642\api-ms-win-core-console-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-datetime-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-debug-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-errorhandling-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-fibers-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-file-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-file-l1-2-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-file-l2-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-handle-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-heap-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-interlocked-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-libraryloader-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-localization-l1-2-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-memory-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-namedpipe-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-processenvironment-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-processthreads-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-processthreads-l1-1-1.dll
  • %TEMP%\_mei11642\api-ms-win-core-profile-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-rtlsupport-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-string-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-synch-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-synch-l1-2-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-sysinfo-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-timezone-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-core-util-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-conio-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-convert-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-environment-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-filesystem-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-heap-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-locale-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-math-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-multibyte-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-process-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-runtime-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-stdio-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-string-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-time-l1-1-0.dll
  • %TEMP%\_mei11642\api-ms-win-crt-utility-l1-1-0.dll
  • %TEMP%\_mei11642\base_library.zip
  • %TEMP%\_mei11642\certifi\cacert.pem
  • %TEMP%\_mei11642\charset_normalizer\cd.cp314-win_amd64.pyd
  • %TEMP%\_mei11642\charset_normalizer\md.cp314-win_amd64.pyd
  • %TEMP%\_mei11642\libcrypto-3.dll
  • %TEMP%\_mei11642\libffi-8.dll
  • %TEMP%\_mei11642\libssl-3.dll
  • %TEMP%\_mei11642\lz4-4.4.5.dist-info\installer
  • %TEMP%\_mei11642\lz4-4.4.5.dist-info\metadata
  • %TEMP%\_mei11642\lz4-4.4.5.dist-info\record
  • %TEMP%\_mei11642\lz4-4.4.5.dist-info\wheel
  • %TEMP%\_mei11642\lz4-4.4.5.dist-info\licenses\license
  • %TEMP%\_mei11642\lz4-4.4.5.dist-info\top_level.txt
  • %TEMP%\_mei11642\lz4\_version.cp314-win_amd64.pyd
  • %TEMP%\_mei11642\lz4\block\_block.cp314-win_amd64.pyd
  • %TEMP%\_mei11642\mss-10.2.0.dist-info\installer
  • %TEMP%\_mei11642\mss-10.2.0.dist-info\metadata
  • %TEMP%\_mei11642\mss-10.2.0.dist-info\record
  • %TEMP%\_mei11642\mss-10.2.0.dist-info\wheel
  • %TEMP%\_mei11642\mss-10.2.0.dist-info\entry_points.txt
  • %TEMP%\_mei11642\mss-10.2.0.dist-info\licenses\license.txt
  • %TEMP%\_mei11642\mss\__init__.py
  • %TEMP%\_mei11642\mss\__main__.py
  • %TEMP%\_mei11642\mss\base.py
  • %TEMP%\_mei11642\mss\darwin.py
  • %TEMP%\_mei11642\mss\exception.py
  • %TEMP%\_mei11642\mss\factory.py
  • %TEMP%\_mei11642\mss\linux\__init__.py
  • %TEMP%\_mei11642\mss\linux\base.py
  • %TEMP%\_mei11642\mss\linux\xcb.py
  • %TEMP%\_mei11642\mss\linux\xcbgen.py
  • %TEMP%\_mei11642\mss\linux\xcbhelpers.py
  • %TEMP%\_mei11642\mss\linux\xgetimage.py
  • %TEMP%\_mei11642\mss\linux\xlib.py
  • %TEMP%\_mei11642\mss\linux\xshmgetimage.py
  • %TEMP%\_mei11642\mss\models.py
  • %TEMP%\_mei11642\mss\screenshot.py
  • %TEMP%\_mei11642\mss\tools.py
  • %TEMP%\_mei11642\mss\windows\__init__.py
  • %TEMP%\_mei11642\mss\windows\gdi.py
  • %TEMP%\_mei11642\psutil-7.2.2.dist-info\installer
  • %TEMP%\_mei11642\psutil-7.2.2.dist-info\license
  • %TEMP%\_mei11642\psutil-7.2.2.dist-info\metadata
  • %TEMP%\_mei11642\psutil-7.2.2.dist-info\record
  • %TEMP%\_mei11642\psutil-7.2.2.dist-info\wheel
  • %TEMP%\_mei11642\psutil-7.2.2.dist-info\top_level.txt
  • %TEMP%\_mei11642\psutil\__init__.py
  • %TEMP%\_mei11642\psutil\_common.py
  • %TEMP%\_mei11642\psutil\_ntuples.py
  • %TEMP%\_mei11642\psutil\_psaix.py
  • %TEMP%\_mei11642\psutil\_psbsd.py
  • %TEMP%\_mei11642\psutil\_pslinux.py
  • %TEMP%\_mei11642\psutil\_psosx.py
  • %TEMP%\_mei11642\psutil\_psposix.py
  • %TEMP%\_mei11642\psutil\_pssunos.py
  • %TEMP%\_mei11642\psutil\_psutil_windows.pyd
  • %TEMP%\_mei11642\psutil\_pswindows.py
  • %TEMP%\_mei11642\pycryptodomex-3.23.0.dist-info\authors.rst
  • %TEMP%\_mei11642\pycryptodomex-3.23.0.dist-info\installer
  • %TEMP%\_mei11642\pycryptodomex-3.23.0.dist-info\license.rst
  • %TEMP%\_mei11642\pycryptodomex-3.23.0.dist-info\metadata
  • %TEMP%\_mei11642\pycryptodomex-3.23.0.dist-info\record
  • %TEMP%\_mei11642\pycryptodomex-3.23.0.dist-info\wheel
  • %TEMP%\_mei11642\pycryptodomex-3.23.0.dist-info\top_level.txt
  • %TEMP%\_mei11642\pyexpat.pyd
  • %TEMP%\_mei11642\pymem-1.14.0.dist-info\authors
  • %TEMP%\_mei11642\pymem-1.14.0.dist-info\installer
  • %TEMP%\_mei11642\pymem-1.14.0.dist-info\license
  • %TEMP%\_mei11642\pymem-1.14.0.dist-info\metadata
  • %TEMP%\_mei11642\pymem-1.14.0.dist-info\record
  • %TEMP%\_mei11642\pymem-1.14.0.dist-info\wheel
  • %TEMP%\_mei11642\pymem\__init__.py
  • %TEMP%\_mei11642\pymem\exception.py
  • %TEMP%\_mei11642\pymem\memory.py
  • %TEMP%\_mei11642\pymem\pattern.py
  • %TEMP%\_mei11642\pymem\process.py
  • %TEMP%\_mei11642\pymem\ptypes.py
  • %TEMP%\_mei11642\pymem\ressources\__init__.py
  • %TEMP%\_mei11642\pymem\ressources\advapi32.py
  • %TEMP%\_mei11642\pymem\ressources\kernel32.py
  • %TEMP%\_mei11642\pymem\ressources\ntdll.py
  • %TEMP%\_mei11642\pymem\ressources\psapi.py
  • %TEMP%\_mei11642\pymem\ressources\structure.py
  • %TEMP%\_mei11642\pymem\thread.py
  • %TEMP%\_mei11642\python3.dll
  • %TEMP%\_mei11642\python314.dll
  • %TEMP%\_mei11642\pywin32_system32\pythoncom314.dll
  • %TEMP%\_mei11642\pywin32_system32\pywintypes314.dll
  • %TEMP%\_mei11642\regex\_regex.cp314-win_amd64.pyd
  • %TEMP%\_mei11642\select.pyd
  • %TEMP%\_mei11642\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\installer
  • %TEMP%\_mei11642\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\metadata
  • %TEMP%\_mei11642\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\record
  • %TEMP%\_mei11642\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\wheel
  • %TEMP%\_mei11642\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\licenses\license
  • %TEMP%\_mei11642\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\top_level.txt
  • %TEMP%\_mei11642\setuptools\_vendor\jaraco\text\lorem ipsum.txt
  • %TEMP%\_mei11642\sqlite3.dll
  • %TEMP%\_mei11642\ucrtbase.dll
  • %TEMP%\_mei11642\unicodedata.pyd
  • %TEMP%\_mei11642\win32\_win32sysloader.pyd
  • %TEMP%\_mei11642\win32\win32api.pyd
  • %TEMP%\_mei11642\win32\win32crypt.pyd
  • %TEMP%\_mei11642\win32\win32event.pyd
  • %TEMP%\_mei11642\win32\win32trace.pyd
  • %TEMP%\gen_py\3.14\__init__.py
  • %TEMP%\gen_py\3.14\dicts.dat
  • %TEMP%\g85gzf8h
  • %TEMP%\tmpwp4ca078
  • %TEMP%\tmpz6b60cd5.sqlite
  • %TEMP%\tmpz6b60cd5.sqlite-shm
  • %TEMP%\tmp80xn0m0j\cookie_xzwzcnu.zip
  • %TEMP%\snap_58556.png
  • %TEMP%\games.zip
Deletes following files that it created itself
  • %TEMP%\g85gzf8h
  • %TEMP%\tmpwp4ca078
  • %TEMP%\tmpz6b60cd5.sqlite-shm
  • %TEMP%\tmpz6b60cd5.sqlite
Network activity
Connects to
  • 'ap#.#pify.org':443
  • 'di##ord.com':443
  • 'ap#.##legram.org':443
TCP
Other
  • 'ap#.#pify.org':443
  • 'di##ord.com':443
UDP
  • DNS ASK ap#.#pify.org
  • DNS ASK di##ord.com
  • DNS ASK ap#.##legram.org
Miscellaneous
Restarts the analyzed sample
Executes the following
  • '<SYSTEM32>\cmd.exe' /c "ver"
  • '<SYSTEM32>\cmd.exe' /c "wmic cpu get name"
  • '<SYSTEM32>\wbem\wmic.exe' cpu get name
  • '<SYSTEM32>\cmd.exe' /c "wmic path win32_VideoController get name"
  • '<SYSTEM32>\wbem\wmic.exe' path win32_VideoController get name
  • '<SYSTEM32>\cmd.exe' /c "ver"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "wmic cpu get name"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c "wmic path win32_VideoController get name"' (with hidden window)

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play
Wechat