Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AcIcUcAM.exe' = '%ALLUSERSPROFILE%\vesswIQA\AcIcUcAM.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'jaQEcQMQ.exe' = '%HOMEPATH%\NIMMEwsg\jaQEcQMQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\FkYQcQph] 'Start' = '00000002'
- hidden files
- file extensions
- User Account Control (UAC)
- '%ALLUSERSPROFILE%\lwQggIEM\nwAEcgMA.exe'
- '%ALLUSERSPROFILE%\vesswIQA\AcIcUcAM.exe'
- '%HOMEPATH%\NIMMEwsg\jaQEcQMQ.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\XyYIQEcY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\GIwwoUYU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\JskocYoc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\bCEcQYoI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\xAIsAAAQ.bat" "<Full path to virus>""
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\rsMUYAAQ.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\uMwQAwQc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\DaAoIMoQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' %TEMP%\file.vbs
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\aiUUoMYY.bat" "<Full path to virus>""
- C:\RCX45.tmp
- <Current directory>\TgoM.ico
- <Current directory>\bQEi.exe
- C:\RCX44.tmp
- <Current directory>\FSgE.ico
- <Current directory>\vQIG.exe
- C:\RCX47.tmp
- <Current directory>\nkAg.ico
- <Current directory>\ewoO.exe
- C:\RCX46.tmp
- <Current directory>\ucYu.exe
- <Current directory>\DWcc.ico
- <Current directory>\UMwk.exe
- C:\RCX41.tmp
- <Current directory>\vKUU.ico
- <Current directory>\PwEe.exe
- C:\RCX43.tmp
- <Current directory>\dGMM.ico
- <Current directory>\UoQw.exe
- C:\RCX42.tmp
- <Current directory>\mAsU.ico
- <Current directory>\ZawQ.ico
- <Current directory>\LWgM.ico
- <Current directory>\GMAQ.exe
- C:\RCX4C.tmp
- <Current directory>\FEoE.ico
- <Current directory>\AQAm.exe
- C:\RCX4E.tmp
- <Current directory>\wwYU.ico
- <Current directory>\BQQW.exe
- C:\RCX4D.tmp
- <Current directory>\gicU.ico
- C:\RCX4B.tmp
- <Current directory>\MMgg.exe
- C:\RCX49.tmp
- <Current directory>\CEgU.ico
- <Current directory>\lcwW.exe
- C:\RCX48.tmp
- <Current directory>\YekE.ico
- <Current directory>\qAcc.exe
- C:\RCX4A.tmp
- <Current directory>\jeos.ico
- <Current directory>\lYgk.exe
- C:\RCX40.tmp
- <Current directory>\CsIY.ico
- <Current directory>\EIwA.exe
- C:\RCX36.tmp
- <Current directory>\tGsc.ico
- <Current directory>\YUsu.exe
- C:\RCX38.tmp
- <Current directory>\cCsY.ico
- <Current directory>\mYIC.exe
- C:\RCX37.tmp
- <Current directory>\KKUE.ico
- %TEMP%\xAIsAAAQ.bat
- C:\RCX33.tmp
- <Current directory>\RGEw.ico
- <Current directory>\xYAg.exe
- C:\RCX32.tmp
- <Current directory>\uaIw.ico
- <Current directory>\qsgs.exe
- C:\RCX35.tmp
- <Current directory>\sWco.ico
- <Current directory>\sIQa.exe
- C:\RCX34.tmp
- <Current directory>\sQkI.exe
- <Current directory>\jgYK.exe
- C:\RCX3E.tmp
- <Current directory>\QYkU.ico
- <Current directory>\EAok.exe
- C:\RCX3D.tmp
- <Current directory>\lqwo.ico
- <Current directory>\zUwa.exe
- C:\RCX3F.tmp
- <Current directory>\gQsk.ico
- <Current directory>\OcQi.exe
- <Current directory>\lmwU.ico
- C:\RCX3A.tmp
- <Current directory>\fMAM.ico
- <Current directory>\losk.exe
- C:\RCX39.tmp
- <Current directory>\ocUI.ico
- <Current directory>\HIIi.exe
- C:\RCX3C.tmp
- <Current directory>\baQY.ico
- <Current directory>\bkQy.exe
- C:\RCX3B.tmp
- C:\RCX62.tmp
- <Current directory>\qmoY.ico
- <Current directory>\wQMk.exe
- C:\RCX61.tmp
- <Current directory>\AOoA.ico
- <Current directory>\tQsM.exe
- C:\RCX64.tmp
- <Current directory>\xOgA.ico
- <Current directory>\LAIa.exe
- C:\RCX63.tmp
- <Current directory>\aMAi.exe
- <Current directory>\UQYk.ico
- <Current directory>\TsYW.exe
- C:\RCX5E.tmp
- <Current directory>\Imoc.ico
- <Current directory>\QgMi.exe
- C:\RCX60.tmp
- <Current directory>\wasw.ico
- <Current directory>\dkMc.exe
- C:\RCX5F.tmp
- <Current directory>\SSYQ.ico
- <Current directory>\Laok.ico
- <Current directory>\OoQU.ico
- <Current directory>\pwYG.exe
- C:\RCX69.tmp
- <Current directory>\EqgU.ico
- <Current directory>\hocs.exe
- C:\RCX6B.tmp
- <Current directory>\zikU.ico
- <Current directory>\fAIU.exe
- C:\RCX6A.tmp
- <Current directory>\koMo.ico
- C:\RCX68.tmp
- <Current directory>\HoYg.exe
- C:\RCX66.tmp
- <Current directory>\KiUc.ico
- <Current directory>\zcAC.exe
- C:\RCX65.tmp
- <Current directory>\nsgY.ico
- <Current directory>\wgwq.exe
- C:\RCX67.tmp
- <Current directory>\rOkA.ico
- <Current directory>\lccY.exe
- C:\RCX5D.tmp
- <Current directory>\wUIs.ico
- <Current directory>\uQkU.exe
- C:\RCX53.tmp
- <Current directory>\zkcE.ico
- <Current directory>\qUcm.exe
- C:\RCX55.tmp
- <Current directory>\xisc.ico
- <Current directory>\MYgu.exe
- C:\RCX54.tmp
- <Current directory>\qkUI.ico
- C:\RCX52.tmp
- <Current directory>\Xcsm.exe
- C:\RCX50.tmp
- <Current directory>\LYcs.ico
- <Current directory>\goQK.exe
- C:\RCX4F.tmp
- <Current directory>\egwQ.ico
- <Current directory>\JAkE.exe
- C:\RCX51.tmp
- <Current directory>\sWAg.ico
- <Current directory>\ycEq.exe
- <Current directory>\JcUu.exe
- <Current directory>\dkoM.exe
- C:\RCX5B.tmp
- <Current directory>\DWkw.ico
- <Current directory>\ZgQa.exe
- C:\RCX5A.tmp
- <Current directory>\GQEg.ico
- <Current directory>\mcYC.exe
- C:\RCX5C.tmp
- <Current directory>\vwsc.ico
- <Current directory>\NggO.exe
- <Current directory>\JYoo.ico
- C:\RCX57.tmp
- <Current directory>\mqgc.ico
- <Current directory>\Pcwu.exe
- C:\RCX56.tmp
- <Current directory>\Awoo.ico
- <Current directory>\AwoC.exe
- C:\RCX59.tmp
- <Current directory>\hscw.ico
- <Current directory>\TgAS.exe
- C:\RCX58.tmp
- C:\RCXB.tmp
- <Current directory>\ysAY.ico
- <Current directory>\JgIm.exe
- C:\RCXA.tmp
- <Current directory>\hskE.ico
- <Current directory>\ZMoc.exe
- C:\RCXD.tmp
- <Current directory>\YsMs.ico
- <Current directory>\WYIc.exe
- C:\RCXC.tmp
- <Current directory>\QgkC.exe
- %TEMP%\HkQosIwY.bat
- %TEMP%\MCgEQAAk.bat
- C:\RCX8.tmp
- <Current directory>\VgYs.ico
- <Current directory>\gEMe.exe
- %TEMP%\oOksIYMw.bat
- <Current directory>\lCgQ.ico
- C:\RCX9.tmp
- <Current directory>\SoUI.ico
- <Current directory>\oUgu.exe
- <Current directory>\aYYA.ico
- <Current directory>\fSEM.ico
- <Current directory>\xwIO.exe
- C:\RCX12.tmp
- <Current directory>\WYMo.ico
- <Current directory>\Ocsm.exe
- C:\RCX14.tmp
- <Current directory>\PKMA.ico
- <Current directory>\vooY.exe
- C:\RCX13.tmp
- <Current directory>\xSoI.ico
- C:\RCX11.tmp
- <Current directory>\WIES.exe
- C:\RCXF.tmp
- <Current directory>\oMMg.ico
- <Current directory>\VIQM.exe
- C:\RCXE.tmp
- <Current directory>\vcQs.ico
- <Current directory>\gUgQ.exe
- C:\RCX10.tmp
- <Current directory>\Muso.ico
- <Current directory>\RQoc.exe
- %TEMP%\rsMUYAAQ.bat
- <Current directory>\MYQA.exe
- C:\RCX2.tmp
- %TEMP%\aiUUoMYY.bat
- <Current directory>\WsoQ.ico
- %TEMP%\file.vbs
- %TEMP%\fcAIQIow.bat
- <Current directory>\LUAi.exe
- <Current directory>\LIwQ.ico
- %TEMP%\LgEEoIww.bat
- %TEMP%\DaAoIMoQ.bat
- %TEMP%\YGsYcEYI.bat
- <Current directory>\<Virus name>
- %TEMP%\lEoUgMAU.bat
- %TEMP%\jEccMggs.bat
- %ALLUSERSPROFILE%\lwQggIEM\nwAEcgMA.exe
- <Current directory>\YEkU.exe
- C:\RCX1.tmp
- <Current directory>\Wgwc.ico
- %ALLUSERSPROFILE%\casg.txt
- %TEMP%\uMwQAwQc.bat
- C:\RCX3.tmp
- <Current directory>\hAso.exe
- %TEMP%\YqIEgQME.bat
- <Current directory>\eQcc.ico
- C:\RCX5.tmp
- %TEMP%\bCEcQYoI.bat
- %TEMP%\sesIYMoc.bat
- C:\RCX7.tmp
- <Current directory>\aMkU.exe
- C:\RCX6.tmp
- <Current directory>\zsUQ.ico
- <Current directory>\KoUE.exe
- <Current directory>\eIAE.ico
- <Current directory>\JowK.exe
- %TEMP%\GIwwoUYU.bat
- %TEMP%\JskocYoc.bat
- %TEMP%\uEEccUcA.bat
- %TEMP%\XyYIQEcY.bat
- %TEMP%\psococcY.bat
- <Current directory>\Occg.ico
- %TEMP%\jUoMYsUE.bat
- C:\RCX4.tmp
- <Current directory>\vOsc.ico
- <Current directory>\mEYS.exe
- C:\RCX28.tmp
- <Current directory>\heQo.ico
- <Current directory>\OsME.exe
- C:\RCX2A.tmp
- <Current directory>\XCok.ico
- <Current directory>\osYA.exe
- C:\RCX29.tmp
- <Current directory>\dosg.ico
- C:\RCX27.tmp
- <Current directory>\RsoS.exe
- C:\RCX25.tmp
- <Current directory>\MCAg.ico
- <Current directory>\cYsw.exe
- C:\RCX24.tmp
- <Current directory>\bMkQ.ico
- <Current directory>\oQsc.exe
- C:\RCX26.tmp
- <Current directory>\OsYk.ico
- <Current directory>\yoMM.exe
- <Current directory>\JEUQ.exe
- <Current directory>\GkMq.exe
- C:\RCX30.tmp
- <Current directory>\EqYg.ico
- <Current directory>\MQcg.exe
- C:\RCX2F.tmp
- <Current directory>\cwEA.ico
- <Current directory>\mgMI.exe
- C:\RCX31.tmp
- <Current directory>\nGEo.ico
- <Current directory>\lYow.exe
- <Current directory>\fosQ.ico
- C:\RCX2C.tmp
- <Current directory>\omwM.ico
- <Current directory>\fMck.exe
- C:\RCX2B.tmp
- <Current directory>\aegM.ico
- <Current directory>\KgAm.exe
- C:\RCX2E.tmp
- <Current directory>\oOgU.ico
- <Current directory>\TsMG.exe
- C:\RCX2D.tmp
- <Current directory>\owIo.ico
- <Current directory>\iYoW.exe
- C:\RCX1A.tmp
- C:\RCX19.tmp
- <Current directory>\LsgY.ico
- <Current directory>\nwIq.exe
- <Current directory>\SaAo.ico
- <Current directory>\VUME.exe
- C:\RCX1B.tmp
- <Current directory>\Bsgs.ico
- <Current directory>\gUYY.exe
- C:\RCX18.tmp
- <Current directory>\jQQY.exe
- C:\RCX16.tmp
- <Current directory>\OSoQ.ico
- <Current directory>\CEAa.exe
- C:\RCX15.tmp
- <Current directory>\ZWco.ico
- <Current directory>\EYMU.exe
- C:\RCX17.tmp
- <Current directory>\HIwE.ico
- <Current directory>\bUIM.exe
- C:\RCX1C.tmp
- C:\RCX21.tmp
- <Current directory>\Gegw.ico
- <Current directory>\UsYM.exe
- C:\RCX20.tmp
- <Current directory>\cOkA.ico
- <Current directory>\PokI.exe
- C:\RCX23.tmp
- <Current directory>\rIQc.ico
- <Current directory>\Dksy.exe
- C:\RCX22.tmp
- <Current directory>\eQAI.exe
- <Current directory>\oGAg.ico
- <Current directory>\qQwe.exe
- C:\RCX1D.tmp
- <Current directory>\uOss.ico
- <Current directory>\FIoO.exe
- C:\RCX1F.tmp
- <Current directory>\XoYE.ico
- <Current directory>\eAkU.exe
- C:\RCX1E.tmp
- <Current directory>\UAoI.ico
- %ALLUSERSPROFILE%\lwQggIEM\nwAEcgMA.exe
- %ALLUSERSPROFILE%\vesswIQA\AcIcUcAM.exe
- %HOMEPATH%\NIMMEwsg\jaQEcQMQ.exe
- <Current directory>\TgoM.ico
- <Current directory>\ewoO.exe
- <Current directory>\FSgE.ico
- <Current directory>\vQIG.exe
- <Current directory>\ZawQ.ico
- <Current directory>\lcwW.exe
- <Current directory>\nkAg.ico
- <Current directory>\UoQw.exe
- <Current directory>\DWcc.ico
- <Current directory>\UMwk.exe
- <Current directory>\mAsU.ico
- <Current directory>\bQEi.exe
- <Current directory>\dGMM.ico
- <Current directory>\ucYu.exe
- <Current directory>\LWgM.ico
- <Current directory>\GMAQ.exe
- <Current directory>\FEoE.ico
- <Current directory>\BQQW.exe
- <Current directory>\wwYU.ico
- <Current directory>\goQK.exe
- <Current directory>\gicU.ico
- <Current directory>\lYgk.exe
- <Current directory>\CEgU.ico
- <Current directory>\MMgg.exe
- <Current directory>\jeos.ico
- <Current directory>\AQAm.exe
- <Current directory>\YekE.ico
- <Current directory>\qAcc.exe
- <Current directory>\KKUE.ico
- <Current directory>\mYIC.exe
- <Current directory>\CsIY.ico
- <Current directory>\sQkI.exe
- <Current directory>\ocUI.ico
- <Current directory>\losk.exe
- <Current directory>\cCsY.ico
- <Current directory>\qsgs.exe
- <Current directory>\RGEw.ico
- <Current directory>\sIQa.exe
- <Current directory>\sWco.ico
- <Current directory>\EIwA.exe
- <Current directory>\tGsc.ico
- <Current directory>\YUsu.exe
- <Current directory>\gQsk.ico
- <Current directory>\OcQi.exe
- <Current directory>\QYkU.ico
- <Current directory>\zUwa.exe
- <Current directory>\vKUU.ico
- <Current directory>\PwEe.exe
- <Current directory>\lqwo.ico
- <Current directory>\HIIi.exe
- <Current directory>\fMAM.ico
- <Current directory>\bkQy.exe
- <Current directory>\baQY.ico
- <Current directory>\jgYK.exe
- <Current directory>\lmwU.ico
- <Current directory>\EAok.exe
- <Current directory>\AOoA.ico
- <Current directory>\wQMk.exe
- <Current directory>\wasw.ico
- <Current directory>\LAIa.exe
- <Current directory>\xOgA.ico
- <Current directory>\tQsM.exe
- <Current directory>\qmoY.ico
- <Current directory>\TsYW.exe
- <Current directory>\Imoc.ico
- <Current directory>\QgMi.exe
- <Current directory>\UQYk.ico
- <Current directory>\aMAi.exe
- <Current directory>\SSYQ.ico
- <Current directory>\dkMc.exe
- <Current directory>\EqgU.ico
- <Current directory>\hocs.exe
- <Current directory>\nsgY.ico
- <Current directory>\pwYG.exe
- <Current directory>\koMo.ico
- <Current directory>\fAIU.exe
- <Current directory>\OoQU.ico
- <Current directory>\HoYg.exe
- <Current directory>\Laok.ico
- <Current directory>\zcAC.exe
- <Current directory>\KiUc.ico
- <Current directory>\wgwq.exe
- <Current directory>\rOkA.ico
- <Current directory>\lccY.exe
- <Current directory>\wUIs.ico
- <Current directory>\uQkU.exe
- <Current directory>\zkcE.ico
- <Current directory>\MYgu.exe
- <Current directory>\xisc.ico
- <Current directory>\JcUu.exe
- <Current directory>\qkUI.ico
- <Current directory>\ycEq.exe
- <Current directory>\LYcs.ico
- <Current directory>\Xcsm.exe
- <Current directory>\sWAg.ico
- <Current directory>\qUcm.exe
- <Current directory>\egwQ.ico
- <Current directory>\JAkE.exe
- <Current directory>\DWkw.ico
- <Current directory>\dkoM.exe
- <Current directory>\JYoo.ico
- <Current directory>\NggO.exe
- <Current directory>\GQEg.ico
- <Current directory>\mcYC.exe
- <Current directory>\vwsc.ico
- <Current directory>\TgAS.exe
- <Current directory>\Awoo.ico
- <Current directory>\Pcwu.exe
- <Current directory>\mqgc.ico
- <Current directory>\ZgQa.exe
- <Current directory>\hscw.ico
- <Current directory>\AwoC.exe
- <Current directory>\uaIw.ico
- <Current directory>\VIQM.exe
- <Current directory>\YsMs.ico
- <Current directory>\ZMoc.exe
- <Current directory>\aYYA.ico
- <Current directory>\RQoc.exe
- <Current directory>\oMMg.ico
- <Current directory>\WIES.exe
- <Current directory>\lCgQ.ico
- <Current directory>\QgkC.exe
- <Current directory>\SoUI.ico
- <Current directory>\JgIm.exe
- <Current directory>\ysAY.ico
- <Current directory>\WYIc.exe
- <Current directory>\hskE.ico
- <Current directory>\CEAa.exe
- <Current directory>\xSoI.ico
- <Current directory>\vooY.exe
- <Current directory>\PKMA.ico
- <Current directory>\bUIM.exe
- <Current directory>\OSoQ.ico
- <Current directory>\jQQY.exe
- <Current directory>\vcQs.ico
- <Current directory>\gUgQ.exe
- <Current directory>\Muso.ico
- <Current directory>\Ocsm.exe
- <Current directory>\fSEM.ico
- <Current directory>\xwIO.exe
- <Current directory>\WYMo.ico
- %TEMP%\uEEccUcA.bat
- %TEMP%\fcAIQIow.bat
- <Current directory>\WsoQ.ico
- <Current directory>\LUAi.exe
- <Current directory>\JowK.exe
- %TEMP%\jUoMYsUE.bat
- <Current directory>\LIwQ.ico
- <Current directory>\YEkU.exe
- %TEMP%\lEoUgMAU.bat
- %TEMP%\jEccMggs.bat
- <Current directory>\Wgwc.ico
- <Current directory>\MYQA.exe
- %TEMP%\LgEEoIww.bat
- %TEMP%\YGsYcEYI.bat
- <Current directory>\zsUQ.ico
- <Current directory>\aMkU.exe
- %TEMP%\sesIYMoc.bat
- <Current directory>\gEMe.exe
- <Current directory>\oUgu.exe
- <Current directory>\VgYs.ico
- %TEMP%\HkQosIwY.bat
- <Current directory>\KoUE.exe
- %TEMP%\psococcY.bat
- <Current directory>\eIAE.ico
- <Current directory>\Occg.ico
- <Current directory>\eQcc.ico
- <Current directory>\hAso.exe
- %TEMP%\YqIEgQME.bat
- <Current directory>\osYA.exe
- <Current directory>\vOsc.ico
- <Current directory>\mEYS.exe
- <Current directory>\dosg.ico
- <Current directory>\fMck.exe
- <Current directory>\XCok.ico
- <Current directory>\JEUQ.exe
- <Current directory>\OsYk.ico
- <Current directory>\yoMM.exe
- <Current directory>\MCAg.ico
- <Current directory>\oQsc.exe
- <Current directory>\heQo.ico
- <Current directory>\OsME.exe
- <Current directory>\bMkQ.ico
- <Current directory>\lYow.exe
- <Current directory>\EqYg.ico
- <Current directory>\GkMq.exe
- <Current directory>\nGEo.ico
- <Current directory>\xYAg.exe
- <Current directory>\cwEA.ico
- <Current directory>\mgMI.exe
- <Current directory>\omwM.ico
- <Current directory>\TsMG.exe
- <Current directory>\aegM.ico
- <Current directory>\KgAm.exe
- <Current directory>\fosQ.ico
- <Current directory>\MQcg.exe
- <Current directory>\oOgU.ico
- <Current directory>\SaAo.ico
- <Current directory>\VUME.exe
- <Current directory>\Bsgs.ico
- <Current directory>\FIoO.exe
- <Current directory>\oGAg.ico
- <Current directory>\qQwe.exe
- <Current directory>\uOss.ico
- <Current directory>\ZWco.ico
- <Current directory>\EYMU.exe
- <Current directory>\HIwE.ico
- <Current directory>\nwIq.exe
- <Current directory>\gUYY.exe
- <Current directory>\iYoW.exe
- <Current directory>\LsgY.ico
- <Current directory>\PokI.exe
- <Current directory>\Gegw.ico
- <Current directory>\Dksy.exe
- <Current directory>\rIQc.ico
- <Current directory>\RsoS.exe
- <Current directory>\owIo.ico
- <Current directory>\cYsw.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- <Current directory>\UAoI.ico
- <Current directory>\eAkU.exe
- <Current directory>\eQAI.exe
- <Current directory>\cOkA.ico
- <Current directory>\UsYM.exe
- <Current directory>\XoYE.ico
- from C:\RCX47.tmp to <Current directory>\vQIG.exe
- from C:\RCX48.tmp to <Current directory>\lcwW.exe
- from C:\RCX49.tmp to <Current directory>\MMgg.exe
- from C:\RCX44.tmp to <Current directory>\ucYu.exe
- from C:\RCX45.tmp to <Current directory>\bQEi.exe
- from C:\RCX46.tmp to <Current directory>\ewoO.exe
- from C:\RCX4A.tmp to <Current directory>\lYgk.exe
- from C:\RCX4E.tmp to <Current directory>\BQQW.exe
- from C:\RCX4F.tmp to <Current directory>\goQK.exe
- from C:\RCX50.tmp to <Current directory>\Xcsm.exe
- from C:\RCX4B.tmp to <Current directory>\qAcc.exe
- from C:\RCX4C.tmp to <Current directory>\AQAm.exe
- from C:\RCX4D.tmp to <Current directory>\GMAQ.exe
- from C:\RCX3A.tmp to <Current directory>\losk.exe
- from C:\RCX3B.tmp to <Current directory>\bkQy.exe
- from C:\RCX3C.tmp to <Current directory>\HIIi.exe
- from C:\RCX37.tmp to <Current directory>\EIwA.exe
- from C:\RCX38.tmp to <Current directory>\mYIC.exe
- from C:\RCX39.tmp to <Current directory>\sQkI.exe
- from C:\RCX3D.tmp to <Current directory>\EAok.exe
- from C:\RCX41.tmp to <Current directory>\PwEe.exe
- from C:\RCX42.tmp to <Current directory>\UMwk.exe
- from C:\RCX43.tmp to <Current directory>\UoQw.exe
- from C:\RCX3E.tmp to <Current directory>\jgYK.exe
- from C:\RCX3F.tmp to <Current directory>\OcQi.exe
- from C:\RCX40.tmp to <Current directory>\zUwa.exe
- from C:\RCX51.tmp to <Current directory>\ycEq.exe
- from C:\RCX62.tmp to <Current directory>\wQMk.exe
- from C:\RCX63.tmp to <Current directory>\LAIa.exe
- from C:\RCX64.tmp to <Current directory>\tQsM.exe
- from C:\RCX5F.tmp to <Current directory>\TsYW.exe
- from C:\RCX60.tmp to <Current directory>\dkMc.exe
- from C:\RCX61.tmp to <Current directory>\aMAi.exe
- from C:\RCX65.tmp to <Current directory>\zcAC.exe
- from C:\RCX69.tmp to <Current directory>\hocs.exe
- from C:\RCX6A.tmp to <Current directory>\pwYG.exe
- from C:\RCX6B.tmp to <Current directory>\fAIU.exe
- from C:\RCX66.tmp to <Current directory>\HoYg.exe
- from C:\RCX67.tmp to <Current directory>\lccY.exe
- from C:\RCX68.tmp to <Current directory>\wgwq.exe
- from C:\RCX55.tmp to <Current directory>\MYgu.exe
- from C:\RCX56.tmp to <Current directory>\JcUu.exe
- from C:\RCX57.tmp to <Current directory>\Pcwu.exe
- from C:\RCX52.tmp to <Current directory>\JAkE.exe
- from C:\RCX53.tmp to <Current directory>\qUcm.exe
- from C:\RCX54.tmp to <Current directory>\uQkU.exe
- from C:\RCX58.tmp to <Current directory>\TgAS.exe
- from C:\RCX5C.tmp to <Current directory>\NggO.exe
- from C:\RCX5D.tmp to <Current directory>\mcYC.exe
- from C:\RCX5E.tmp to <Current directory>\QgMi.exe
- from C:\RCX59.tmp to <Current directory>\AwoC.exe
- from C:\RCX5A.tmp to <Current directory>\ZgQa.exe
- from C:\RCX5B.tmp to <Current directory>\dkoM.exe
- from C:\RCX36.tmp to <Current directory>\YUsu.exe
- from C:\RCX11.tmp to <Current directory>\gUgQ.exe
- from C:\RCX12.tmp to <Current directory>\Ocsm.exe
- from C:\RCX13.tmp to <Current directory>\xwIO.exe
- from C:\RCXE.tmp to <Current directory>\VIQM.exe
- from C:\RCXF.tmp to <Current directory>\WIES.exe
- from C:\RCX10.tmp to <Current directory>\RQoc.exe
- from C:\RCX14.tmp to <Current directory>\vooY.exe
- from C:\RCX18.tmp to <Current directory>\EYMU.exe
- from C:\RCX19.tmp to <Current directory>\nwIq.exe
- from C:\RCX1A.tmp to <Current directory>\iYoW.exe
- from C:\RCX15.tmp to <Current directory>\CEAa.exe
- from C:\RCX16.tmp to <Current directory>\jQQY.exe
- from C:\RCX17.tmp to <Current directory>\bUIM.exe
- from C:\RCX4.tmp to <Current directory>\JowK.exe
- from C:\RCX5.tmp to <Current directory>\KoUE.exe
- from C:\RCX6.tmp to <Current directory>\hAso.exe
- from C:\RCX1.tmp to <Current directory>\YEkU.exe
- from C:\RCX2.tmp to <Current directory>\MYQA.exe
- from C:\RCX3.tmp to <Current directory>\LUAi.exe
- from C:\RCX7.tmp to <Current directory>\aMkU.exe
- from C:\RCXB.tmp to <Current directory>\JgIm.exe
- from C:\RCXC.tmp to <Current directory>\WYIc.exe
- from C:\RCXD.tmp to <Current directory>\ZMoc.exe
- from C:\RCX8.tmp to <Current directory>\gEMe.exe
- from C:\RCX9.tmp to <Current directory>\oUgu.exe
- from C:\RCXA.tmp to <Current directory>\QgkC.exe
- from C:\RCX1B.tmp to <Current directory>\gUYY.exe
- from C:\RCX2C.tmp to <Current directory>\fMck.exe
- from C:\RCX2D.tmp to <Current directory>\TsMG.exe
- from C:\RCX2E.tmp to <Current directory>\KgAm.exe
- from C:\RCX29.tmp to <Current directory>\mEYS.exe
- from C:\RCX2A.tmp to <Current directory>\osYA.exe
- from C:\RCX2B.tmp to <Current directory>\JEUQ.exe
- from C:\RCX2F.tmp to <Current directory>\MQcg.exe
- from C:\RCX33.tmp to <Current directory>\xYAg.exe
- from C:\RCX34.tmp to <Current directory>\sIQa.exe
- from C:\RCX35.tmp to <Current directory>\qsgs.exe
- from C:\RCX30.tmp to <Current directory>\GkMq.exe
- from C:\RCX31.tmp to <Current directory>\lYow.exe
- from C:\RCX32.tmp to <Current directory>\mgMI.exe
- from C:\RCX1F.tmp to <Current directory>\eAkU.exe
- from C:\RCX20.tmp to <Current directory>\eQAI.exe
- from C:\RCX21.tmp to <Current directory>\UsYM.exe
- from C:\RCX1C.tmp to <Current directory>\VUME.exe
- from C:\RCX1D.tmp to <Current directory>\FIoO.exe
- from C:\RCX1E.tmp to <Current directory>\qQwe.exe
- from C:\RCX22.tmp to <Current directory>\Dksy.exe
- from C:\RCX26.tmp to <Current directory>\yoMM.exe
- from C:\RCX27.tmp to <Current directory>\oQsc.exe
- from C:\RCX28.tmp to <Current directory>\OsME.exe
- from C:\RCX23.tmp to <Current directory>\PokI.exe
- from C:\RCX24.tmp to <Current directory>\cYsw.exe
- from C:\RCX25.tmp to <Current directory>\RsoS.exe
- '74.##5.232.51':80
- 74.##5.232.51/
- DNS ASK google.com
- ClassName: '' WindowName: 'jaQEcQMQ.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'AcIcUcAM.exe'