- C:\ProgramData\SDgswYXSvL
- C:\ProgramData\SDgswYXSvL\1b74a89596
- \Device\KsecDD
- C:\Windows\notepad.exe
- C:\ProgramData\SDgswYXSvL\readme.exe:Zone.Identifier
-
- C:\ProgramData\SDgswYXSvL\readme.exe
- C:\ProgramData
- C:\Windows\sysnative\WSHTCPIP.DLL
- C:\Windows\sysnative\wship6.dll
- C:\Windows\sysnative\wshqos.dll
- C:\ProgramData\SDgswYXSvL\cfgi
- C:\ProgramData\SDgswYXSvL\cfg
- C:\Windows\sysnative\tzres.dll
- Show More 8
- kernel32.dll.IsWow64Process
- ntdll.dll.RtlGetVersion
- shell32.dll.SHGetKnownFolderPath
- rasapi32.dll.RasConnectionNotificationW
- sechost.dll.NotifyServiceStatusChangeA
-
- cryptbase.dll.SystemFunction036
- ole32.dll.CoInitializeEx
- advapi32.dll.RegDeleteTreeA
- advapi32.dll.RegDeleteTreeW
- ole32.dll.CoUninitialize
- oleaut32.dll.#500
- kernel32.dll.AddVectoredExceptionHandler
- kernel32.dll.AssignProcessToJobObject
- kernel32.dll.CancelIo
- kernel32.dll.CloseHandle
- kernel32.dll.ConnectNamedPipe
- kernel32.dll.CopyFileW
- kernel32.dll.CreateDirectoryW
- kernel32.dll.CreateEventA
- kernel32.dll.CreateFileA
- kernel32.dll.CreateFileW
- kernel32.dll.CreateHardLinkW
- kernel32.dll.CreateIoCompletionPort
- kernel32.dll.CreateJobObjectW
- kernel32.dll.CreateNamedPipeA
- kernel32.dll.CreateNamedPipeW
- kernel32.dll.CreateProcessW
- kernel32.dll.CreateSemaphoreA
- kernel32.dll.CreateSemaphoreW
- kernel32.dll.CreateToolhelp32Snapshot
- kernel32.dll.DebugBreak
- kernel32.dll.DeleteCriticalSection
- kernel32.dll.DeviceIoControl
- kernel32.dll.DuplicateHandle
- kernel32.dll.EnterCriticalSection
- kernel32.dll.FileTimeToSystemTime
- kernel32.dll.FillConsoleOutputAttribute
- kernel32.dll.FillConsoleOutputCharacterW
- kernel32.dll.FlushFileBuffers
- kernel32.dll.FormatMessageA
- kernel32.dll.FreeConsole
- kernel32.dll.GetConsoleCursorInfo
- kernel32.dll.GetConsoleMode
- kernel32.dll.GetConsoleScreenBufferInfo
- kernel32.dll.GetConsoleTitleW
- kernel32.dll.GetConsoleWindow
- kernel32.dll.GetCurrentDirectoryW
- kernel32.dll.GetCurrentProcess
- kernel32.dll.GetCurrentProcessId
- kernel32.dll.GetCurrentThread
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.GetEnvironmentVariableW
- kernel32.dll.GetExitCodeProcess
- kernel32.dll.GetFileAttributesW
- kernel32.dll.GetFileInformationByHandle
- kernel32.dll.GetFileType
- kernel32.dll.GetHandleInformation
- kernel32.dll.GetLastError
- kernel32.dll.GetLongPathNameW
- kernel32.dll.GetModuleFileNameW
- kernel32.dll.GetModuleHandleA
- kernel32.dll.GetModuleHandleW
- kernel32.dll.GetNamedPipeHandleStateA
- kernel32.dll.GetNumberOfConsoleInputEvents
- kernel32.dll.GetProcAddress
- kernel32.dll.GetProcessAffinityMask
- kernel32.dll.GetProcessIoCounters
- kernel32.dll.GetProcessTimes
- kernel32.dll.GetQueuedCompletionStatus
- kernel32.dll.GetShortPathNameW
- kernel32.dll.GetStartupInfoA
- kernel32.dll.GetStartupInfoW
- kernel32.dll.GetStdHandle
- kernel32.dll.GetSystemInfo
- kernel32.dll.GetSystemTimeAdjustment
- kernel32.dll.GetSystemTimeAsFileTime
- kernel32.dll.GetTempPathW
- kernel32.dll.GetThreadContext
- kernel32.dll.GetThreadPriority
- kernel32.dll.GetThreadTimes
- kernel32.dll.GetTickCount
- kernel32.dll.GetTickCount64
- kernel32.dll.GlobalMemoryStatusEx
- kernel32.dll.InitializeCriticalSection
- kernel32.dll.InitializeCriticalSectionAndSpinCount
- kernel32.dll.IsDBCSLeadByteEx
- kernel32.dll.IsDebuggerPresent
- kernel32.dll.LCMapStringW
- kernel32.dll.LeaveCriticalSection
- kernel32.dll.LoadLibraryA
- kernel32.dll.LocalAlloc
- kernel32.dll.LocalFree
- kernel32.dll.MoveFileExW
- kernel32.dll.MultiByteToWideChar
- kernel32.dll.OpenProcess
- kernel32.dll.OutputDebugStringA
- kernel32.dll.PeekNamedPipe
- kernel32.dll.PostQueuedCompletionStatus
- kernel32.dll.Process32First
- kernel32.dll.Process32Next
- kernel32.dll.QueryPerformanceCounter
- kernel32.dll.QueryPerformanceFrequency
- kernel32.dll.QueueUserWorkItem
- kernel32.dll.RaiseException
- kernel32.dll.ReadConsoleInputW
- kernel32.dll.ReadConsoleW
- kernel32.dll.ReadDirectoryChangesW
- kernel32.dll.ReadFile
- kernel32.dll.RegisterWaitForSingleObject
- kernel32.dll.ReleaseSemaphore
- kernel32.dll.RemoveDirectoryW
- kernel32.dll.RemoveVectoredExceptionHandler
- kernel32.dll.ResetEvent
- kernel32.dll.ResumeThread
- kernel32.dll.RtlAddFunctionTable
- kernel32.dll.RtlCaptureContext
- kernel32.dll.RtlLookupFunctionEntry
- kernel32.dll.RtlUnwindEx
- kernel32.dll.RtlVirtualUnwind
- kernel32.dll.SetConsoleCtrlHandler
- kernel32.dll.SetConsoleCursorInfo
- kernel32.dll.SetConsoleCursorPosition
- kernel32.dll.SetConsoleMode
- kernel32.dll.SetConsoleTextAttribute
- kernel32.dll.SetConsoleTitleW
- kernel32.dll.SetCurrentDirectoryW
- kernel32.dll.SetEnvironmentVariableW
- kernel32.dll.SetErrorMode
- kernel32.dll.SetEvent
- kernel32.dll.SetFilePointerEx
- kernel32.dll.SetFileTime
- kernel32.dll.SetHandleInformation
- kernel32.dll.SetInformationJobObject
- kernel32.dll.SetLastError
- kernel32.dll.SetNamedPipeHandleState
- kernel32.dll.SetPriorityClass
- kernel32.dll.SetProcessAffinityMask
- kernel32.dll.SetSystemTime
- kernel32.dll.SetThreadAffinityMask
- kernel32.dll.SetThreadContext
- kernel32.dll.SetThreadPriority
- kernel32.dll.SetUnhandledExceptionFilter
- kernel32.dll.Sleep
- kernel32.dll.SuspendThread
- kernel32.dll.SwitchToThread
- kernel32.dll.TerminateProcess
- kernel32.dll.TlsAlloc
- kernel32.dll.TlsFree
- kernel32.dll.TlsGetValue
- kernel32.dll.TlsSetValue
- kernel32.dll.TryEnterCriticalSection
- kernel32.dll.UnhandledExceptionFilter
- kernel32.dll.UnregisterWait
- kernel32.dll.UnregisterWaitEx
- kernel32.dll.VerSetConditionMask
- kernel32.dll.VerifyVersionInfoA
- kernel32.dll.VirtualAlloc
- kernel32.dll.VirtualFree
- kernel32.dll.VirtualProtect
- kernel32.dll.VirtualQuery
- kernel32.dll.WaitForMultipleObjects
- kernel32.dll.WaitForSingleObject
- kernel32.dll.WaitNamedPipeW
- kernel32.dll.WideCharToMultiByte
- kernel32.dll.WriteConsoleInputW
- kernel32.dll.WriteConsoleW
- kernel32.dll.WriteFile
- kernel32.dll.__C_specific_handler
- advapi32.dll.AdjustTokenPrivileges
- advapi32.dll.AllocateAndInitializeSid
- advapi32.dll.CryptAcquireContextA
- advapi32.dll.CryptGenRandom
- advapi32.dll.CryptReleaseContext
- advapi32.dll.FreeSid
- advapi32.dll.GetSecurityInfo
- advapi32.dll.GetTokenInformation
- advapi32.dll.GetUserNameW
- advapi32.dll.LookupPrivilegeValueW
- advapi32.dll.LsaAddAccountRights
- advapi32.dll.LsaClose
- advapi32.dll.LsaOpenPolicy
- advapi32.dll.OpenProcessToken
- advapi32.dll.RegCloseKey
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegQueryValueExW
- advapi32.dll.SetEntriesInAclA
- advapi32.dll.SetSecurityInfo
- iphlpapi.dll.ConvertInterfaceIndexToLuid
- iphlpapi.dll.ConvertInterfaceLuidToNameW
- iphlpapi.dll.GetAdaptersAddresses
- msvcrt.dll.___lc_codepage_func
- msvcrt.dll.___mb_cur_max_func
- msvcrt.dll.__argv
- msvcrt.dll.__doserrno
- msvcrt.dll.__getmainargs
- msvcrt.dll.__initenv
- msvcrt.dll.__iob_func
- msvcrt.dll.__lconv_init
- msvcrt.dll.__set_app_type
- msvcrt.dll.__setusermatherr
- msvcrt.dll._acmdln
- msvcrt.dll._amsg_exit
- msvcrt.dll._beginthreadex
- msvcrt.dll._cexit
- msvcrt.dll._close
- msvcrt.dll._endthreadex
- msvcrt.dll._errno
- msvcrt.dll._exit
- msvcrt.dll._fdopen
- msvcrt.dll._fmode
- msvcrt.dll._get_osfhandle
- msvcrt.dll._gmtime64
- msvcrt.dll._initterm
- msvcrt.dll._localtime64
- msvcrt.dll._lock
- msvcrt.dll._lseeki64
- msvcrt.dll._onexit
- msvcrt.dll._open_osfhandle
- msvcrt.dll._read
- msvcrt.dll._setjmp
- msvcrt.dll._snwprintf
- msvcrt.dll._strdup
- msvcrt.dll._stricmp
- msvcrt.dll._strnicmp
- msvcrt.dll._time64
- msvcrt.dll._ultoa
- msvcrt.dll._umask
- msvcrt.dll._unlock
- msvcrt.dll._vsnprintf
- msvcrt.dll._wchmod
- msvcrt.dll._wcsdup
- msvcrt.dll._wcsnicmp
- msvcrt.dll._wcsrev
- msvcrt.dll._wmkdir
- msvcrt.dll._write
- msvcrt.dll._wrmdir
- msvcrt.dll.abort
- msvcrt.dll.atoi
- msvcrt.dll.calloc
- msvcrt.dll.exit
- msvcrt.dll.fclose
- msvcrt.dll.fflush
- msvcrt.dll.fopen
- msvcrt.dll.fprintf
- msvcrt.dll.fputc
- msvcrt.dll.fputs
- msvcrt.dll.fread
- msvcrt.dll.free
- msvcrt.dll.fwprintf
- msvcrt.dll.fwrite
- msvcrt.dll.getenv
- msvcrt.dll.islower
- msvcrt.dll.isspace
- msvcrt.dll.isupper
- msvcrt.dll.localeconv
- msvcrt.dll.longjmp
- msvcrt.dll.malloc
- msvcrt.dll.memchr
- msvcrt.dll.memcmp
- msvcrt.dll.memcpy
- msvcrt.dll.memmove
- msvcrt.dll.memset
- msvcrt.dll.printf
- msvcrt.dll.qsort
- msvcrt.dll.raise
- msvcrt.dll.rand
- msvcrt.dll.realloc
- msvcrt.dll.signal
- msvcrt.dll.sprintf
- msvcrt.dll.srand
- msvcrt.dll.strchr
- msvcrt.dll.strcmp
- msvcrt.dll.strcpy
- msvcrt.dll.strerror
- msvcrt.dll.strlen
- msvcrt.dll.strncmp
- msvcrt.dll.strncpy
- msvcrt.dll.strrchr
- msvcrt.dll.strstr
- msvcrt.dll.strtol
- msvcrt.dll.strtoul
- msvcrt.dll.vfprintf
- msvcrt.dll.wcschr
- msvcrt.dll.wcscpy
- msvcrt.dll.wcslen
- msvcrt.dll.wcsncmp
- msvcrt.dll.wcsncpy
- msvcrt.dll.wcspbrk
- msvcrt.dll.wcsrchr
- msvcrt.dll.wcstombs
- psapi.dll.GetProcessMemoryInfo
- user32.dll.DispatchMessageA
- user32.dll.GetMessageA
- user32.dll.MapVirtualKeyW
- user32.dll.MessageBoxW
- user32.dll.ShowWindow
- user32.dll.TranslateMessage
- userenv.dll.GetUserProfileDirectoryW
- ws2_32.dll.FreeAddrInfoW
- ws2_32.dll.GetAddrInfoW
- ws2_32.dll.WSACleanup
- ws2_32.dll.WSADuplicateSocketW
- ws2_32.dll.WSAGetLastError
- ws2_32.dll.WSAIoctl
- ws2_32.dll.WSAPoll
- ws2_32.dll.WSARecv
- ws2_32.dll.WSARecvFrom
- ws2_32.dll.WSASend
- ws2_32.dll.WSASendTo
- ws2_32.dll.WSASetLastError
- ws2_32.dll.WSASocketW
- ws2_32.dll.WSAStartup
- ws2_32.dll.__WSAFDIsSet
- ws2_32.dll.accept
- ws2_32.dll.bind
- ws2_32.dll.closesocket
- ws2_32.dll.connect
- ws2_32.dll.gethostname
- ws2_32.dll.getpeername
- ws2_32.dll.getsockname
- ws2_32.dll.getsockopt
- ws2_32.dll.htonl
- ws2_32.dll.htons
- ws2_32.dll.ioctlsocket
- ws2_32.dll.listen
- ws2_32.dll.ntohs
- ws2_32.dll.recv
- ws2_32.dll.select
- ws2_32.dll.send
- ws2_32.dll.setsockopt
- ws2_32.dll.shutdown
- ws2_32.dll.socket
- ntdll.dll.RtlNtStatusToDosError
- ntdll.dll.NtDeviceIoControlFile
- ntdll.dll.NtQueryInformationFile
- ntdll.dll.NtSetInformationFile
- ntdll.dll.NtQueryVolumeInformationFile
- ntdll.dll.NtQueryDirectoryFile
- ntdll.dll.NtQuerySystemInformation
- kernel32.dll.GetQueuedCompletionStatusEx
- kernel32.dll.SetFileCompletionNotificationModes
- kernel32.dll.CreateSymbolicLinkW
- kernel32.dll.CancelIoEx
- kernel32.dll.InitializeConditionVariable
- kernel32.dll.SleepConditionVariableCS
- kernel32.dll.SleepConditionVariableSRW
- kernel32.dll.WakeAllConditionVariable
- kernel32.dll.WakeConditionVariable
- kernel32.dll.CancelSynchronousIo
- kernel32.dll.GetFinalPathNameByHandleW
- user32.dll.SetWinEventHook
- msvcrt.dll._localtime64_s
- Show More 347
- "C:\Windows\notepad.exe" -c "C:\ProgramData\SDgswYXSvL\cfgi"
- "C:\Windows\notepad.exe" -c "C:\ProgramData\SDgswYXSvL\cfg"
- \Device\KsecDD
- C:\Windows\sysnative\wship6.dll
- C:\Windows\sysnative\wshqos.dll
- C:\ProgramData\SDgswYXSvL\cfgi
- C:\ProgramData\SDgswYXSvL\cfg
- 1b74a89596c952bf8c2f
- IESQMMUTEX_0_208