Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cscript.exe' 0x804 cscript.exe
- '<SYSTEM32>\reg.exe' /pid=0x670 /log
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\ragsYMUM.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=0x234 /log
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\EkogMMEI.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' /pid=0xe00 /log
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\FWMoEosA.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\JWswUQkc.bat" "<Full path to virus>""
- %TEMP%\ewcgwYwk.bat
- <Current directory>\jkwG.exe
- C:\RCX513E.tmp
- <Current directory>\dEEg.exe
- C:\RCX4FB7.tmp
- <Current directory>\Vkss.ico
- C:\RCX53FD.tmp
- <Current directory>\EugA.ico
- <Current directory>\VgwC.exe
- %TEMP%\ragsYMUM.bat
- <Current directory>\tGwI.ico
- <Current directory>\IMYc.exe
- <Current directory>\FUoE.ico
- <Current directory>\iuIE.ico
- <Current directory>\dosO.exe
- C:\RCX492E.tmp
- <Current directory>\HcYg.ico
- <Current directory>\rEQG.exe
- C:\RCX4518.tmp
- <Current directory>\CoUc.ico
- <Current directory>\AEgo.exe
- C:\RCX4DF1.tmp
- <Current directory>\WwMU.ico
- <Current directory>\hAYy.exe
- C:\RCX4AB5.tmp
- <Current directory>\NskE.ico
- <Current directory>\QEkY.exe
- C:\RCX5F1B.tmp
- <Current directory>\iAks.ico
- <Current directory>\oIsq.exe
- C:\RCX5DD2.tmp
- <Current directory>\QuAo.ico
- <Current directory>\wIMk.exe
- C:\RCX612F.tmp
- <Current directory>\RwgQ.ico
- <Current directory>\rcMY.exe
- C:\RCX6035.tmp
- C:\RCX5C5B.tmp
- C:\RCX570B.tmp
- <Current directory>\LYMI.ico
- <Current directory>\OgMm.exe
- C:\RCX55C2.tmp
- <Current directory>\Dcsk.ico
- <Current directory>\tgoU.exe
- C:\RCX5B22.tmp
- <Current directory>\DokI.ico
- <Current directory>\gUEG.exe
- C:\RCX58FF.tmp
- <Current directory>\lGUY.ico
- <Current directory>\twMk.exe
- <Current directory>\MQky.exe
- C:\RCX3277.tmp
- <Current directory>\dGQg.ico
- <Current directory>\ZEQw.exe
- C:\RCX313E.tmp
- <Current directory>\ROYs.ico
- <Current directory>\BMQO.exe
- C:\RCX35E3.tmp
- %TEMP%\USwgcQUk.bat
- <Current directory>\vAkc.exe
- C:\RCX343D.tmp
- <Current directory>\hyUQ.ico
- <Current directory>\AyUU.ico
- <Current directory>\jkUI.ico
- <Current directory>\hsEY.exe
- C:\RCX2CA9.tmp
- <Current directory>\cYoc.ico
- <Current directory>\FMkK.exe
- C:\RCX2B61.tmp
- <Current directory>\xEAU.ico
- <Current directory>\IAwy.exe
- C:\RCX2F98.tmp
- <Current directory>\NYkE.ico
- <Current directory>\lgAy.exe
- C:\RCX2E01.tmp
- <Current directory>\fioY.ico
- <Current directory>\AAIo.exe
- C:\RCX418C.tmp
- <Current directory>\maYk.ico
- <Current directory>\XcQa.exe
- C:\RCX4044.tmp
- <Current directory>\kkkk.ico
- <Current directory>\zIQG.exe
- C:\RCX43C0.tmp
- <Current directory>\hogA.ico
- <Current directory>\SIUC.exe
- C:\RCX4304.tmp
- C:\RCX3E8E.tmp
- %TEMP%\FWMoEosA.bat
- <Current directory>\lOcY.ico
- <Current directory>\xUUC.exe
- <Current directory>\siwY.ico
- <Current directory>\EYQQ.exe
- C:\RCX37D7.tmp
- C:\RCX3C2D.tmp
- <Current directory>\vQww.ico
- <Current directory>\SUcI.exe
- C:\RCX3A48.tmp
- <Current directory>\emkM.ico
- <Current directory>\mwkE.exe
- <Current directory>\NUsU.ico
- <Current directory>\MokI.exe
- C:\RCX8105.tmp
- %TEMP%\JeggsAYg.bat
- <Current directory>\yYsk.exe
- C:\RCX7FAD.tmp
- C:\RCX8328.tmp
- <Current directory>\ucUI.ico
- <Current directory>\qcEW.exe
- %TEMP%\RAwIIEAc.bat
- <Current directory>\RewU.ico
- <Current directory>\SIMK.exe
- <Current directory>\Tooc.ico
- <Current directory>\psAo.ico
- <Current directory>\acEw.exe
- C:\RCX7B27.tmp
- <Current directory>\cuoo.ico
- <Current directory>\Rocq.exe
- C:\RCX7A8A.tmp
- <Current directory>\FUUA.ico
- <Current directory>\oAMM.exe
- C:\RCX7D8A.tmp
- <Current directory>\OcEY.ico
- <Current directory>\gIsK.exe
- C:\RCX7C32.tmp
- <Current directory>\OScw.ico
- <Current directory>\hckE.exe
- C:\RCX901A.tmp
- <Current directory>\rUEU.ico
- <Current directory>\IcIE.exe
- C:\RCX8E64.tmp
- <Current directory>\jUkU.ico
- <Current directory>\iEgw.exe
- C:\RCX925D.tmp
- <Current directory>\DyYM.ico
- <Current directory>\XcYG.exe
- C:\RCX91A1.tmp
- C:\RCX8C8F.tmp
- C:\RCX8887.tmp
- <Current directory>\Pigg.ico
- <Current directory>\SYsi.exe
- C:\RCX8599.tmp
- <Current directory>\Dmww.ico
- <Current directory>\rEEe.exe
- C:\RCX8ACA.tmp
- <Current directory>\rUcg.ico
- <Current directory>\XsQK.exe
- C:\RCX89B0.tmp
- <Current directory>\sGUA.ico
- <Current directory>\MUsE.exe
- %TEMP%\dIkskIgs.bat
- <Current directory>\bwwC.exe
- C:\RCX69FC.tmp
- <Current directory>\KMck.exe
- C:\RCX6808.tmp
- <Current directory>\YSMI.ico
- C:\RCX6B44.tmp
- <Current directory>\iGQA.ico
- <Current directory>\eMIS.exe
- <Current directory>\vKkc.ico
- %TEMP%\EkogMMEI.bat
- <Current directory>\IUES.exe
- <Current directory>\BMYc.ico
- <Current directory>\lkQg.ico
- <Current directory>\rQkO.exe
- C:\RCX6344.tmp
- <Current directory>\pyQg.ico
- <Current directory>\DYoy.exe
- C:\RCX623A.tmp
- <Current directory>\vWcc.ico
- <Current directory>\JMoy.exe
- C:\RCX6642.tmp
- <Current directory>\bAME.ico
- <Current directory>\wUQW.exe
- C:\RCX64CB.tmp
- <Current directory>\YcIo.ico
- <Current directory>\SgEg.exe
- C:\RCX76EF.tmp
- <Current directory>\VkIw.ico
- <Current directory>\aoMk.exe
- C:\RCX7578.tmp
- <Current directory>\bycY.ico
- <Current directory>\lUIY.exe
- C:\RCX78F4.tmp
- <Current directory>\EEEo.ico
- <Current directory>\ukcK.exe
- C:\RCX77F9.tmp
- C:\RCX7345.tmp
- C:\RCX6E24.tmp
- <Current directory>\FEoc.ico
- <Current directory>\Cwkk.exe
- C:\RCX6CDB.tmp
- <Current directory>\swEo.ico
- <Current directory>\Xsky.exe
- C:\RCX71AE.tmp
- <Current directory>\RiMY.ico
- <Current directory>\Ksoe.exe
- C:\RCX6F7C.tmp
- <Current directory>\aSEE.ico
- <Current directory>\uYgA.exe
- <Current directory>\gMEE.exe
- C:\RCXDBC0.tmp
- <Current directory>\dokg.ico
- <Current directory>\JMQQ.exe
- C:\RCXD98D.tmp
- <Current directory>\bSYI.ico
- <Current directory>\eEYw.ico
- <Current directory>\LcQS.exe
- C:\RCXDE80.tmp
- <Current directory>\DwcK.exe
- C:\RCXDCEA.tmp
- %TEMP%\qQEkEwEM.bat
- <Current directory>\Eogs.ico
- <Current directory>\QOgU.ico
- <Current directory>\WwYK.exe
- C:\RCXD4D9.tmp
- <Current directory>\gwIQ.ico
- <Current directory>\kUkM.exe
- C:\RCXD362.tmp
- <Current directory>\MigQ.ico
- <Current directory>\tIMu.exe
- C:\RCXD72C.tmp
- <Current directory>\OgYo.ico
- <Current directory>\AMYs.exe
- C:\RCXD68F.tmp
- <Current directory>\YWMA.ico
- <Current directory>\XwwU.exe
- C:\RCXEE20.tmp
- <Current directory>\zKck.ico
- <Current directory>\awoi.exe
- C:\RCXEBDE.tmp
- <Current directory>\zmUs.ico
- <Current directory>\NIIc.exe
- C:\RCXF2B4.tmp
- <Current directory>\hsQo.ico
- <Current directory>\KQMA.exe
- C:\RCXF13C.tmp
- C:\RCXEB21.tmp
- C:\RCXE2B6.tmp
- <Current directory>\iCMI.ico
- <Current directory>\ecME.exe
- %TEMP%\XqUYgQIU.bat
- <Current directory>\RgEU.ico
- <Current directory>\BYMi.exe
- C:\RCXE872.tmp
- <Current directory>\zIMM.ico
- <Current directory>\jcMq.exe
- C:\RCXE584.tmp
- <Current directory>\tQEc.ico
- <Current directory>\gUYI.exe
- <Current directory>\PkoW.exe
- C:\RCXBE51.tmp
- <Current directory>\TiMQ.ico
- <Current directory>\GQEO.exe
- C:\RCXBBB1.tmp
- <Current directory>\CcwQ.ico
- <Current directory>\Mokg.exe
- C:\RCXC19D.tmp
- <Current directory>\PaQY.ico
- <Current directory>\rIgA.exe
- C:\RCXBFC8.tmp
- <Current directory>\Rakg.ico
- <Current directory>\bWcQ.ico
- C:\ProgramData\kaog.txt
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- %TEMP%\bUEgQUIw.bat
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- <Current directory>\WiMs.ico
- <Current directory>\agwQ.exe
- C:\RCXBA68.tmp
- <Current directory>\<Virus name>
- %TEMP%\iYMAUUcI.bat
- %TEMP%\file.vbs
- <Current directory>\pwYA.ico
- <Current directory>\IkIS.exe
- C:\RCXCDF2.tmp
- <Current directory>\fkwk.ico
- <Current directory>\Ncgg.exe
- C:\RCXCCAA.tmp
- <Current directory>\Tgoo.ico
- <Current directory>\UkIy.exe
- C:\RCXD277.tmp
- <Current directory>\aews.ico
- <Current directory>\tEoM.exe
- C:\RCXCECE.tmp
- C:\RCXCAC5.tmp
- <Current directory>\Ukcm.exe
- C:\RCXC5D4.tmp
- <Current directory>\peEg.ico
- <Current directory>\zMEA.exe
- C:\RCXC334.tmp
- <Current directory>\ckgs.ico
- <Current directory>\waQU.ico
- %TEMP%\WoIEMkgM.bat
- <Current directory>\QYYg.exe
- <Current directory>\oUwo.exe
- C:\RCXC7C8.tmp
- %TEMP%\eWsEsIwA.bat
- <Current directory>\rYUs.exe
- C:\RCX194C.tmp
- <Current directory>\EAAk.ico
- <Current directory>\wsAc.exe
- C:\RCX1803.tmp
- <Current directory>\BeQg.ico
- <Current directory>\dkgc.exe
- C:\RCX1AE4.tmp
- <Current directory>\WcwM.ico
- <Current directory>\Mccm.exe
- C:\RCX1A47.tmp
- <Current directory>\OGIk.ico
- <Current directory>\cgIE.ico
- <Current directory>\MwMk.exe
- C:\RCXFB7.tmp
- <Current directory>\ASAI.ico
- <Current directory>\gMou.exe
- C:\RCXE5F.tmp
- <Current directory>\GwEs.ico
- <Current directory>\cMMG.exe
- C:\RCX14C8.tmp
- <Auxiliary element>
- <Current directory>\bIcE.exe
- C:\RCX1350.tmp
- <Current directory>\GsIA.ico
- <Current directory>\lQMY.ico
- <Current directory>\YUoK.exe
- C:\RCX2546.tmp
- <Current directory>\PEUU.exe
- C:\RCX2296.tmp
- %TEMP%\cowAIsss.bat
- <Current directory>\niAU.ico
- <Current directory>\WQss.exe
- C:\RCX291E.tmp
- <Current directory>\FwgA.ico
- <Current directory>\oIQk.exe
- C:\RCX268E.tmp
- <Current directory>\DaoA.ico
- <Current directory>\dssS.exe
- C:\RCX1D27.tmp
- <Current directory>\rQQw.ico
- <Current directory>\fEQq.exe
- C:\RCX1BCF.tmp
- <Current directory>\UQQA.ico
- <Current directory>\hwoa.exe
- %TEMP%\RCEQsMIk.bat
- C:\RCX217C.tmp
- <Current directory>\iAAm.exe
- C:\RCX1E7F.tmp
- <Current directory>\CUsE.ico
- C:\RCXFC2B.tmp
- <Current directory>\BoUY.ico
- <Current directory>\zkEG.exe
- C:\RCXF9D9.tmp
- <Current directory>\dIQk.ico
- <Current directory>\GUom.exe
- C:\RCXFF87.tmp
- <Current directory>\meok.ico
- <Current directory>\Foky.exe
- C:\RCXFDD1.tmp
- <Current directory>\FusQ.ico
- <Current directory>\LYUg.exe
- <Current directory>\gEUq.exe
- C:\RCXF3BE.tmp
- <Current directory>\XWEU.ico
- %TEMP%\JWswUQkc.bat
- <Current directory>\HMkE.ico
- %TEMP%\xoEUQEYE.bat
- <Current directory>\wAkW.exe
- <Current directory>\bwMa.exe
- C:\RCXF7F4.tmp
- <Current directory>\RQcE.ico
- <Current directory>\nQgK.exe
- C:\RCXF5C2.tmp
- <Current directory>\CgsM.ico
- <Current directory>\zAEI.ico
- <Current directory>\CcYY.exe
- C:\RCX9AB.tmp
- <Current directory>\CMgk.ico
- <Current directory>\nQoy.exe
- C:\RCX7C7.tmp
- <Current directory>\hcsc.exe
- C:\RCXD06.tmp
- <Current directory>\WsYQ.ico
- %TEMP%\oAgQoUMY.bat
- %TEMP%\WMkAwAMs.bat
- <Current directory>\soUI.ico
- C:\RCX5E2.tmp
- C:\RCX19B.tmp
- <Current directory>\CIgs.ico
- <Current directory>\OEwS.exe
- C:\RCX11D.tmp
- <Current directory>\bAoc.ico
- <Current directory>\qoEq.exe
- C:\RCX45B.tmp
- <Current directory>\Qmcg.ico
- <Current directory>\HoIE.exe
- C:\RCX286.tmp
- <Current directory>\mwMM.ico
- <Current directory>\iwoU.exe
- <Current directory>\jkwG.exe
- <Current directory>\tGwI.ico
- %TEMP%\ewcgwYwk.bat
- <Current directory>\Vkss.ico
- <Current directory>\VgwC.exe
- <Current directory>\Dcsk.ico
- <Current directory>\IMYc.exe
- <Current directory>\EugA.ico
- <Current directory>\hAYy.exe
- <Current directory>\CoUc.ico
- <Current directory>\dosO.exe
- <Current directory>\WwMU.ico
- <Current directory>\FUoE.ico
- <Current directory>\dEEg.exe
- <Current directory>\AEgo.exe
- %TEMP%\FWMoEosA.bat
- <Current directory>\NskE.ico
- <Current directory>\QEkY.exe
- <Current directory>\oIsq.exe
- %TEMP%\ragsYMUM.bat
- <Current directory>\QuAo.ico
- <Current directory>\wIMk.exe
- <Current directory>\RwgQ.ico
- <Current directory>\rcMY.exe
- <Current directory>\OgMm.exe
- <Current directory>\lGUY.ico
- <Current directory>\tgoU.exe
- <Current directory>\LYMI.ico
- <Current directory>\gUEG.exe
- <Current directory>\iAks.ico
- <Current directory>\twMk.exe
- <Current directory>\DokI.ico
- <Current directory>\iuIE.ico
- <Current directory>\vAkc.exe
- <Current directory>\hyUQ.ico
- <Current directory>\MQky.exe
- <Current directory>\dGQg.ico
- <Current directory>\siwY.ico
- <Current directory>\EYQQ.exe
- <Current directory>\BMQO.exe
- %TEMP%\USwgcQUk.bat
- <Current directory>\lgAy.exe
- <Current directory>\xEAU.ico
- <Current directory>\hsEY.exe
- <Current directory>\NYkE.ico
- <Current directory>\ZEQw.exe
- <Current directory>\ROYs.ico
- <Current directory>\IAwy.exe
- <Current directory>\AyUU.ico
- <Current directory>\hogA.ico
- <Current directory>\SIUC.exe
- <Current directory>\fioY.ico
- <Current directory>\AAIo.exe
- <Current directory>\HcYg.ico
- <Current directory>\rEQG.exe
- <Current directory>\kkkk.ico
- <Current directory>\zIQG.exe
- <Current directory>\emkM.ico
- <Current directory>\mwkE.exe
- <Current directory>\lOcY.ico
- <Current directory>\xUUC.exe
- <Current directory>\maYk.ico
- <Current directory>\XcQa.exe
- <Current directory>\vQww.ico
- <Current directory>\SUcI.exe
- <Current directory>\yYsk.exe
- %TEMP%\JeggsAYg.bat
- <Current directory>\oAMM.exe
- <Current directory>\Tooc.ico
- <Current directory>\RewU.ico
- <Current directory>\SIMK.exe
- <Current directory>\NUsU.ico
- <Current directory>\MokI.exe
- <Current directory>\psAo.ico
- <Current directory>\acEw.exe
- <Current directory>\cuoo.ico
- <Current directory>\Rocq.exe
- <Current directory>\gIsK.exe
- <Current directory>\FUUA.ico
- %TEMP%\EkogMMEI.bat
- <Current directory>\OcEY.ico
- <Current directory>\rUEU.ico
- <Current directory>\IcIE.exe
- <Current directory>\rUcg.ico
- <Current directory>\XsQK.exe
- <Current directory>\DyYM.ico
- <Current directory>\XcYG.exe
- <Current directory>\OScw.ico
- <Current directory>\hckE.exe
- <Current directory>\Dmww.ico
- <Current directory>\rEEe.exe
- <Current directory>\ucUI.ico
- <Current directory>\qcEW.exe
- <Current directory>\sGUA.ico
- <Current directory>\MUsE.exe
- <Current directory>\Pigg.ico
- <Current directory>\SYsi.exe
- <Current directory>\lUIY.exe
- %TEMP%\dIkskIgs.bat
- <Current directory>\YSMI.ico
- <Current directory>\BMYc.ico
- <Current directory>\KMck.exe
- <Current directory>\IUES.exe
- <Current directory>\iGQA.ico
- <Current directory>\bwwC.exe
- <Current directory>\vKkc.ico
- <Current directory>\lkQg.ico
- <Current directory>\rQkO.exe
- <Current directory>\pyQg.ico
- <Current directory>\DYoy.exe
- <Current directory>\vWcc.ico
- <Current directory>\JMoy.exe
- <Current directory>\bAME.ico
- <Current directory>\wUQW.exe
- <Current directory>\aoMk.exe
- <Current directory>\YcIo.ico
- <Current directory>\Ksoe.exe
- <Current directory>\VkIw.ico
- <Current directory>\ukcK.exe
- <Current directory>\bycY.ico
- <Current directory>\SgEg.exe
- <Current directory>\EEEo.ico
- <Current directory>\Xsky.exe
- <Current directory>\FEoc.ico
- <Current directory>\eMIS.exe
- <Current directory>\swEo.ico
- <Current directory>\uYgA.exe
- <Current directory>\RiMY.ico
- <Current directory>\Cwkk.exe
- <Current directory>\aSEE.ico
- <Current directory>\eEYw.ico
- <Current directory>\LcQS.exe
- <Current directory>\DwcK.exe
- %TEMP%\qQEkEwEM.bat
- <Current directory>\iCMI.ico
- <Current directory>\ecME.exe
- <Current directory>\RgEU.ico
- <Current directory>\BYMi.exe
- <Current directory>\tIMu.exe
- <Current directory>\Eogs.ico
- <Current directory>\AMYs.exe
- <Current directory>\MigQ.ico
- <Current directory>\gMEE.exe
- <Current directory>\dokg.ico
- <Current directory>\JMQQ.exe
- <Current directory>\bSYI.ico
- <Current directory>\zmUs.ico
- <Current directory>\NIIc.exe
- <Current directory>\hsQo.ico
- <Current directory>\KQMA.exe
- %TEMP%\xoEUQEYE.bat
- <Current directory>\XWEU.ico
- <Current directory>\HMkE.ico
- <Current directory>\wAkW.exe
- <Current directory>\zIMM.ico
- <Current directory>\jcMq.exe
- <Current directory>\tQEc.ico
- <Current directory>\gUYI.exe
- <Current directory>\YWMA.ico
- <Current directory>\XwwU.exe
- <Current directory>\zKck.ico
- <Current directory>\awoi.exe
- <Current directory>\OgYo.ico
- <Current directory>\Mokg.exe
- <Current directory>\PaQY.ico
- <Current directory>\rIgA.exe
- <Current directory>\Rakg.ico
- <Current directory>\Ukcm.exe
- <Current directory>\peEg.ico
- <Current directory>\zMEA.exe
- <Current directory>\ckgs.ico
- <Current directory>\agwQ.exe
- <Current directory>\bWcQ.ico
- %TEMP%\bUEgQUIw.bat
- <Current directory>\WiMs.ico
- <Current directory>\PkoW.exe
- <Current directory>\TiMQ.ico
- <Current directory>\GQEO.exe
- <Current directory>\CcwQ.ico
- <Current directory>\Tgoo.ico
- <Current directory>\UkIy.exe
- <Current directory>\aews.ico
- <Current directory>\tEoM.exe
- <Current directory>\QOgU.ico
- <Current directory>\WwYK.exe
- <Current directory>\gwIQ.ico
- <Current directory>\kUkM.exe
- <Current directory>\waQU.ico
- <Current directory>\QYYg.exe
- <Current directory>\oUwo.exe
- %TEMP%\eWsEsIwA.bat
- <Current directory>\pwYA.ico
- <Current directory>\IkIS.exe
- <Current directory>\fkwk.ico
- <Current directory>\Ncgg.exe
- <Current directory>\OGIk.ico
- <Current directory>\dkgc.exe
- <Current directory>\EAAk.ico
- <Current directory>\Mccm.exe
- <Current directory>\UQQA.ico
- <Current directory>\dssS.exe
- <Current directory>\WcwM.ico
- <Current directory>\fEQq.exe
- <Current directory>\GsIA.ico
- <Current directory>\cMMG.exe
- <Current directory>\ASAI.ico
- <Current directory>\bIcE.exe
- <Current directory>\BeQg.ico
- <Current directory>\rYUs.exe
- <Current directory>\cgIE.ico
- <Current directory>\wsAc.exe
- <Current directory>\oIQk.exe
- <Current directory>\niAU.ico
- <Current directory>\YUoK.exe
- <Current directory>\FwgA.ico
- <Current directory>\FMkK.exe
- <Current directory>\jkUI.ico
- <Current directory>\WQss.exe
- <Current directory>\cYoc.ico
- <Current directory>\CUsE.ico
- <Current directory>\hwoa.exe
- <Current directory>\rQQw.ico
- <Current directory>\iAAm.exe
- <Current directory>\PEUU.exe
- <Current directory>\lQMY.ico
- %TEMP%\RCEQsMIk.bat
- <Current directory>\DaoA.ico
- <Current directory>\MwMk.exe
- <Current directory>\LYUg.exe
- <Current directory>\meok.ico
- <Current directory>\zkEG.exe
- <Current directory>\FusQ.ico
- <Current directory>\qoEq.exe
- <Current directory>\CIgs.ico
- <Current directory>\Foky.exe
- <Current directory>\bAoc.ico
- <Current directory>\bwMa.exe
- <Current directory>\RQcE.ico
- <Current directory>\nQgK.exe
- <Current directory>\CgsM.ico
- <Current directory>\GUom.exe
- <Current directory>\BoUY.ico
- <Current directory>\gEUq.exe
- <Current directory>\dIQk.ico
- %TEMP%\oAgQoUMY.bat
- <Current directory>\soUI.ico
- <Current directory>\zAEI.ico
- <Current directory>\CcYY.exe
- <Current directory>\gMou.exe
- <Current directory>\GwEs.ico
- <Current directory>\hcsc.exe
- <Current directory>\WsYQ.ico
- <Current directory>\mwMM.ico
- <Current directory>\iwoU.exe
- <Current directory>\OEwS.exe
- %TEMP%\JWswUQkc.bat
- <Current directory>\CMgk.ico
- <Current directory>\nQoy.exe
- <Current directory>\Qmcg.ico
- <Current directory>\HoIE.exe
- from C:\RCX513E.tmp to <Current directory>\jkwG.exe
- from C:\RCX53FD.tmp to <Current directory>\IMYc.exe
- from C:\RCX55C2.tmp to <Current directory>\VgwC.exe
- from C:\RCX4FB7.tmp to <Current directory>\dEEg.exe
- from C:\RCX492E.tmp to <Current directory>\dosO.exe
- from C:\RCX4AB5.tmp to <Current directory>\hAYy.exe
- from C:\RCX4DF1.tmp to <Current directory>\AEgo.exe
- from C:\RCX570B.tmp to <Current directory>\tgoU.exe
- from C:\RCX5F1B.tmp to <Current directory>\QEkY.exe
- from C:\RCX6035.tmp to <Current directory>\rcMY.exe
- from C:\RCX612F.tmp to <Current directory>\wIMk.exe
- from C:\RCX5DD2.tmp to <Current directory>\oIsq.exe
- from C:\RCX58FF.tmp to <Current directory>\OgMm.exe
- from C:\RCX5B22.tmp to <Current directory>\twMk.exe
- from C:\RCX5C5B.tmp to <Current directory>\gUEG.exe
- from C:\RCX343D.tmp to <Current directory>\vAkc.exe
- from C:\RCX35E3.tmp to <Current directory>\BMQO.exe
- from C:\RCX37D7.tmp to <Current directory>\EYQQ.exe
- from C:\RCX3277.tmp to <Current directory>\MQky.exe
- from C:\RCX2E01.tmp to <Current directory>\lgAy.exe
- from C:\RCX2F98.tmp to <Current directory>\IAwy.exe
- from C:\RCX313E.tmp to <Current directory>\ZEQw.exe
- from C:\RCX3A48.tmp to <Current directory>\xUUC.exe
- from C:\RCX4304.tmp to <Current directory>\SIUC.exe
- from C:\RCX43C0.tmp to <Current directory>\zIQG.exe
- from C:\RCX4518.tmp to <Current directory>\rEQG.exe
- from C:\RCX418C.tmp to <Current directory>\AAIo.exe
- from C:\RCX3C2D.tmp to <Current directory>\mwkE.exe
- from C:\RCX3E8E.tmp to <Current directory>\SUcI.exe
- from C:\RCX4044.tmp to <Current directory>\XcQa.exe
- from C:\RCX623A.tmp to <Current directory>\DYoy.exe
- from C:\RCX7FAD.tmp to <Current directory>\yYsk.exe
- from C:\RCX8105.tmp to <Current directory>\MokI.exe
- from C:\RCX8328.tmp to <Current directory>\SIMK.exe
- from C:\RCX7D8A.tmp to <Current directory>\oAMM.exe
- from C:\RCX7A8A.tmp to <Current directory>\Rocq.exe
- from C:\RCX7B27.tmp to <Current directory>\acEw.exe
- from C:\RCX7C32.tmp to <Current directory>\gIsK.exe
- from C:\RCX8599.tmp to <Current directory>\qcEW.exe
- from C:\RCX8E64.tmp to <Current directory>\IcIE.exe
- from C:\RCX901A.tmp to <Current directory>\hckE.exe
- from C:\RCX91A1.tmp to <Current directory>\XcYG.exe
- from C:\RCX8C8F.tmp to <Current directory>\XsQK.exe
- from C:\RCX8887.tmp to <Current directory>\rEEe.exe
- from C:\RCX89B0.tmp to <Current directory>\SYsi.exe
- from C:\RCX8ACA.tmp to <Current directory>\MUsE.exe
- from C:\RCX69FC.tmp to <Current directory>\bwwC.exe
- from C:\RCX6B44.tmp to <Current directory>\IUES.exe
- from C:\RCX6CDB.tmp to <Current directory>\eMIS.exe
- from C:\RCX6808.tmp to <Current directory>\KMck.exe
- from C:\RCX6344.tmp to <Current directory>\rQkO.exe
- from C:\RCX64CB.tmp to <Current directory>\wUQW.exe
- from C:\RCX6642.tmp to <Current directory>\JMoy.exe
- from C:\RCX6E24.tmp to <Current directory>\Xsky.exe
- from C:\RCX76EF.tmp to <Current directory>\SgEg.exe
- from C:\RCX77F9.tmp to <Current directory>\ukcK.exe
- from C:\RCX78F4.tmp to <Current directory>\lUIY.exe
- from C:\RCX7578.tmp to <Current directory>\aoMk.exe
- from C:\RCX6F7C.tmp to <Current directory>\Cwkk.exe
- from C:\RCX71AE.tmp to <Current directory>\uYgA.exe
- from C:\RCX7345.tmp to <Current directory>\Ksoe.exe
- from C:\RCX2CA9.tmp to <Current directory>\hsEY.exe
- from C:\RCXDCEA.tmp to <Current directory>\DwcK.exe
- from C:\RCXDE80.tmp to <Current directory>\LcQS.exe
- from C:\RCXE2B6.tmp to <Current directory>\BYMi.exe
- from C:\RCXDBC0.tmp to <Current directory>\gMEE.exe
- from C:\RCXD68F.tmp to <Current directory>\AMYs.exe
- from C:\RCXD72C.tmp to <Current directory>\tIMu.exe
- from C:\RCXD98D.tmp to <Current directory>\JMQQ.exe
- from C:\RCXE584.tmp to <Current directory>\ecME.exe
- from C:\RCXF13C.tmp to <Current directory>\KQMA.exe
- from C:\RCXF2B4.tmp to <Current directory>\NIIc.exe
- from C:\RCXF3BE.tmp to <Current directory>\wAkW.exe
- from C:\RCXEE20.tmp to <Current directory>\XwwU.exe
- from C:\RCXE872.tmp to <Current directory>\gUYI.exe
- from C:\RCXEB21.tmp to <Current directory>\jcMq.exe
- from C:\RCXEBDE.tmp to <Current directory>\awoi.exe
- from C:\RCXC19D.tmp to <Current directory>\Mokg.exe
- from C:\RCXC334.tmp to <Current directory>\zMEA.exe
- from C:\RCXC5D4.tmp to <Current directory>\Ukcm.exe
- from C:\RCXBFC8.tmp to <Current directory>\rIgA.exe
- from C:\RCXBA68.tmp to <Current directory>\agwQ.exe
- from C:\RCXBBB1.tmp to <Current directory>\GQEO.exe
- from C:\RCXBE51.tmp to <Current directory>\PkoW.exe
- from C:\RCXC7C8.tmp to <Current directory>\oUwo.exe
- from C:\RCXD277.tmp to <Current directory>\UkIy.exe
- from C:\RCXD362.tmp to <Current directory>\kUkM.exe
- from C:\RCXD4D9.tmp to <Current directory>\WwYK.exe
- from C:\RCXCECE.tmp to <Current directory>\tEoM.exe
- from C:\RCXCAC5.tmp to <Current directory>\QYYg.exe
- from C:\RCXCCAA.tmp to <Current directory>\Ncgg.exe
- from C:\RCXCDF2.tmp to <Current directory>\IkIS.exe
- from C:\RCXF5C2.tmp to <Current directory>\nQgK.exe
- from C:\RCX1A47.tmp to <Current directory>\Mccm.exe
- from C:\RCX1AE4.tmp to <Current directory>\dkgc.exe
- from C:\RCX1BCF.tmp to <Current directory>\fEQq.exe
- from C:\RCX194C.tmp to <Current directory>\rYUs.exe
- from C:\RCX1350.tmp to <Current directory>\bIcE.exe
- from C:\RCX14C8.tmp to <Current directory>\cMMG.exe
- from C:\RCX1803.tmp to <Current directory>\wsAc.exe
- from C:\RCX1D27.tmp to <Current directory>\dssS.exe
- from C:\RCX268E.tmp to <Current directory>\oIQk.exe
- from C:\RCX291E.tmp to <Current directory>\WQss.exe
- from C:\RCX2B61.tmp to <Current directory>\FMkK.exe
- from C:\RCX2546.tmp to <Current directory>\YUoK.exe
- from C:\RCX1E7F.tmp to <Current directory>\iAAm.exe
- from C:\RCX217C.tmp to <Current directory>\hwoa.exe
- from C:\RCX2296.tmp to <Current directory>\PEUU.exe
- from C:\RCXFF87.tmp to <Current directory>\LYUg.exe
- from C:\RCX11D.tmp to <Current directory>\Foky.exe
- from C:\RCX19B.tmp to <Current directory>\qoEq.exe
- from C:\RCXFDD1.tmp to <Current directory>\zkEG.exe
- from C:\RCXF7F4.tmp to <Current directory>\bwMa.exe
- from C:\RCXF9D9.tmp to <Current directory>\gEUq.exe
- from C:\RCXFC2B.tmp to <Current directory>\GUom.exe
- from C:\RCX286.tmp to <Current directory>\OEwS.exe
- from C:\RCXD06.tmp to <Current directory>\hcsc.exe
- from C:\RCXE5F.tmp to <Current directory>\gMou.exe
- from C:\RCXFB7.tmp to <Current directory>\MwMk.exe
- from C:\RCX9AB.tmp to <Current directory>\CcYY.exe
- from C:\RCX45B.tmp to <Current directory>\iwoU.exe
- from C:\RCX5E2.tmp to <Current directory>\HoIE.exe
- from C:\RCX7C7.tmp to <Current directory>\nQoy.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'GocwIYEU.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'rSYkcwMw.exe'