Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' /pid=0xa4c /log
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' /pid=0x940 /log
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\reg.exe' /pid=0xa34 /log
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\nQQwgcoU.bat" "<Full path to virus>""
- C:\RCXFAD6.tmp
- <Current directory>\IKMY.ico
- <Current directory>\vAsg.exe
- C:\RCXF930.tmp
- <Current directory>\bEwM.ico
- <Current directory>\bsgU.exe
- C:\RCXFEA0.tmp
- <Current directory>\gsMw.ico
- <Current directory>\BAMa.exe
- C:\RCXFD19.tmp
- <Current directory>\aQAi.exe
- <Current directory>\qeAc.ico
- <Current directory>\oQsm.exe
- C:\RCXF18F.tmp
- <Current directory>\lsAA.ico
- <Current directory>\YkME.exe
- C:\RCXF7D8.tmp
- <Current directory>\vYQU.ico
- <Current directory>\kYQI.exe
- C:\RCXF519.tmp
- <Current directory>\sGoA.ico
- <Current directory>\mqUQ.ico
- <Current directory>\lIIC.exe
- C:\RCXBBE.tmp
- <Current directory>\gOAU.ico
- <Current directory>\hsAM.exe
- C:\RCXE4F.tmp
- <Current directory>\OqoI.ico
- <Current directory>\PwAc.exe
- C:\RCXCC8.tmp
- <Current directory>\vSwU.ico
- C:\RCX9E9.tmp
- C:\RCX297.tmp
- %TEMP%\LuwAoQsA.bat
- <Current directory>\BsEo.exe
- %TEMP%\OioEkAIo.bat
- <Current directory>\niQI.ico
- <Current directory>\jAYU.ico
- <Current directory>\bYEE.exe
- C:\RCX8B0.tmp
- <Current directory>\rkgw.ico
- <Current directory>\lsMc.exe
- <Current directory>\tkkM.exe
- C:\RCXE103.tmp
- <Current directory>\UyUk.ico
- <Current directory>\kIQg.exe
- C:\RCXDFCA.tmp
- <Current directory>\QMwQ.ico
- <Current directory>\vUcU.exe
- C:\RCXE299.tmp
- <Current directory>\bAwg.ico
- <Current directory>\GEAe.exe
- <Current directory>\MiIM.ico
- <Current directory>\Uwwc.ico
- <Current directory>\YEAU.exe
- C:\RCXDA89.tmp
- <Current directory>\gosU.ico
- <Current directory>\oEAq.exe
- <Current directory>\vAcg.exe
- C:\RCXDD78.tmp
- <Current directory>\pkkQ.ico
- <Auxiliary element>
- C:\RCXDBD2.tmp
- %TEMP%\nqUcgssU.bat
- <Current directory>\hYIM.ico
- C:\RCXEAA9.tmp
- <Current directory>\miEA.ico
- <Current directory>\Gcww.exe
- <Current directory>\ZQYc.exe
- C:\RCXF008.tmp
- <Current directory>\Wqsc.ico
- <Current directory>\zUEK.exe
- C:\RCXEE33.tmp
- %TEMP%\zmsEQocE.bat
- C:\RCXE54A.tmp
- <Current directory>\QYgg.ico
- <Current directory>\rMIW.exe
- C:\RCXE44F.tmp
- <Current directory>\BMQg.ico
- <Current directory>\OQIi.exe
- C:\RCXE8D4.tmp
- <Current directory>\Bckg.ico
- <Current directory>\dAQG.exe
- C:\RCXE70F.tmp
- <Current directory>\uUQE.exe
- C:\RCX2AC7.tmp
- <Current directory>\eWsA.ico
- <Current directory>\jowO.exe
- C:\RCX2828.tmp
- C:\RCX2C9C.tmp
- %TEMP%\XuAIEscg.bat
- <Current directory>\WMIi.exe
- <Current directory>\NkAk.ico
- %TEMP%\XKMsgQAE.bat
- <Current directory>\rsoQ.ico
- C:\RCX24AB.tmp
- <Current directory>\beIg.ico
- <Current directory>\WQYy.exe
- C:\RCX22F6.tmp
- <Current directory>\kwgM.ico
- <Current directory>\PIgg.exe
- C:\RCX275C.tmp
- <Current directory>\UAoE.ico
- <Current directory>\ScQC.exe
- C:\RCX2604.tmp
- C:\RCX3568.tmp
- <Current directory>\fIIE.ico
- <Current directory>\YQAi.exe
- C:\RCX3393.tmp
- <Current directory>\DwYQ.ico
- <Current directory>\BcQo.exe
- C:\RCX377C.tmp
- <Current directory>\sCcc.ico
- <Current directory>\fIUE.exe
- C:\RCX3643.tmp
- <Current directory>\hkMy.exe
- <Current directory>\Xawc.ico
- <Current directory>\IwIa.exe
- C:\RCX2DE5.tmp
- <Current directory>\JgAo.ico
- <Current directory>\xEgC.exe
- C:\RCX30A5.tmp
- <Current directory>\TeAc.ico
- <Current directory>\wYAI.exe
- C:\RCX2F9B.tmp
- <Current directory>\BMQo.ico
- <Current directory>\XMUk.ico
- <Current directory>\jcQw.exe
- C:\RCX14AA.tmp
- <Current directory>\kKgk.ico
- <Current directory>\xcks.exe
- C:\RCX1651.tmp
- <Current directory>\sEAo.ico
- <Current directory>\awsQ.exe
- C:\RCX1566.tmp
- <Current directory>\EWwY.ico
- C:\RCX13EE.tmp
- <Current directory>\pkwO.exe
- C:\RCX1208.tmp
- <Current directory>\AYcs.ico
- <Current directory>\LoEU.exe
- C:\RCX10DF.tmp
- <Current directory>\VCog.ico
- <Current directory>\mUkU.exe
- C:\RCX1313.tmp
- <Current directory>\JmIc.ico
- <Current directory>\EEoq.exe
- <Current directory>\WgAq.exe
- C:\RCX1F7A.tmp
- <Current directory>\toQk.ico
- <Current directory>\CMAs.exe
- C:\RCX1ECE.tmp
- <Current directory>\xAIw.ico
- <Current directory>\foIE.exe
- C:\RCX20D3.tmp
- <Current directory>\WWgs.ico
- <Current directory>\LkwU.exe
- <Current directory>\auck.ico
- <Current directory>\HWcs.ico
- <Current directory>\GEws.exe
- %TEMP%\yYAcUwsU.bat
- <Current directory>\bwAu.exe
- C:\RCX17D8.tmp
- <Current directory>\xgEW.exe
- C:\RCX1E21.tmp
- <Current directory>\zcYk.ico
- C:\RCX1A78.tmp
- %TEMP%\vikMYEYs.bat
- C:\RCXD960.tmp
- <Current directory>\YCAM.ico
- <Current directory>\ZEEy.exe
- C:\RCX7482.tmp
- <Current directory>\JacQ.ico
- <Current directory>\iEEA.exe
- C:\RCX7A0F.tmp
- <Current directory>\JiwE.ico
- <Current directory>\MoES.exe
- C:\RCX7712.tmp
- <Current directory>\HasA.ico
- C:\RCX71F1.tmp
- <Current directory>\Cocm.exe
- C:\RCX6939.tmp
- <Current directory>\psYA.ico
- <Current directory>\BUgc.exe
- C:\RCX64E4.tmp
- <Current directory>\cYQA.ico
- <Current directory>\bAoQ.exe
- C:\RCX6ED5.tmp
- <Current directory>\HcUo.ico
- <Current directory>\coEI.exe
- <Current directory>\AYog.exe
- C:\RCX9071.tmp
- <Current directory>\BGQg.ico
- <Current directory>\XEEu.exe
- C:\RCX8C3C.tmp
- <Current directory>\xCsY.ico
- <Current directory>\VQQu.exe
- C:\RCX93DC.tmp
- <Current directory>\gqMc.ico
- <Current directory>\mcIc.exe
- <Current directory>\KygI.ico
- C:\RCX7E16.tmp
- <Current directory>\UOcA.ico
- %TEMP%\nQQwgcoU.bat
- %TEMP%\amgUEIIk.bat
- <Current directory>\zIcc.exe
- <Current directory>\mIkK.exe
- C:\RCX8642.tmp
- <Current directory>\ikgM.ico
- <Current directory>\Ookk.exe
- C:\RCX82D8.tmp
- C:\RCX15D2.tmp
- <Current directory>\iAgA.ico
- <Current directory>\QUAY.exe
- %TEMP%\file.vbs
- <Current directory>\ywMU.ico
- <Current directory>\bwwa.exe
- C:\RCX37F4.tmp
- <Current directory>\oqQM.ico
- <Current directory>\Gggs.exe
- C:\RCX1E6A.tmp
- C:\RCXB94.tmp
- C:\ProgramData\kaog.txt
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- <Current directory>\dqgA.ico
- <Current directory>\PYIY.exe
- %TEMP%\ZYskocMI.bat
- %TEMP%\JsUcUwAU.bat
- <Current directory>\<Virus name>
- <Current directory>\vOcQ.ico
- <Current directory>\JwAo.exe
- C:\RCX5B8E.tmp
- <Current directory>\QCII.ico
- <Current directory>\AskC.exe
- C:\RCX6199.tmp
- <Current directory>\hGYM.ico
- <Current directory>\Cska.exe
- C:\RCX5ECA.tmp
- <Current directory>\EKkQ.ico
- C:\RCX5334.tmp
- C:\RCX459B.tmp
- %TEMP%\XwkMwckY.bat
- <Current directory>\ZIoY.exe
- <Current directory>\EEUU.ico
- %TEMP%\bcEUoQUM.bat
- <Current directory>\GIMs.ico
- <Current directory>\fooK.exe
- C:\RCX4B76.tmp
- <Current directory>\nIwE.ico
- <Current directory>\GgQI.exe
- <Current directory>\mKkU.ico
- <Current directory>\DooU.exe
- C:\RCXC412.tmp
- %TEMP%\JaQMwIEo.bat
- <Current directory>\uAQO.exe
- C:\RCXC961.tmp
- <Current directory>\jkQY.ico
- <Current directory>\DcUG.exe
- C:\RCXC76D.tmp
- <Current directory>\uEIc.ico
- <Current directory>\mwAk.ico
- <Current directory>\RwEA.ico
- <Current directory>\bEEO.exe
- C:\RCXBED1.tmp
- <Current directory>\begc.ico
- <Current directory>\Qogs.exe
- C:\RCXC1DF.tmp
- %TEMP%\sIsgswYo.bat
- <Current directory>\VwUg.exe
- C:\RCXBFEB.tmp
- <Current directory>\aUEw.ico
- %TEMP%\LqQUUwcg.bat
- %TEMP%\xQkYoIIs.bat
- C:\RCXD2E8.tmp
- <Current directory>\xgoo.ico
- <Current directory>\KYgm.exe
- <Current directory>\miMw.ico
- <Current directory>\jMgs.exe
- C:\RCXD7C9.tmp
- <Current directory>\leMU.ico
- <Current directory>\uwsm.exe
- C:\RCXD0E4.tmp
- <Current directory>\pAAk.exe
- C:\RCXCD98.tmp
- <Current directory>\XegU.ico
- <Current directory>\hUQQ.exe
- C:\RCXCC11.tmp
- <Current directory>\haYg.ico
- <Current directory>\bYke.exe
- C:\RCXCEC1.tmp
- <Current directory>\BEgo.ico
- <Current directory>\ZYsi.exe
- <Current directory>\gIsS.exe
- C:\RCXA724.tmp
- <Current directory>\eMAg.ico
- <Current directory>\DcUi.exe
- C:\RCXA3A9.tmp
- C:\RCXABE5.tmp
- <Current directory>\iGYo.ico
- %TEMP%\uIMsUwMY.bat
- <Current directory>\iqUg.ico
- <Current directory>\EEAG.exe
- <Current directory>\IggM.ico
- C:\RCX99A8.tmp
- <Current directory>\lgYE.ico
- <Current directory>\kMsE.exe
- C:\RCX9785.tmp
- <Current directory>\roMk.ico
- <Current directory>\jQUe.exe
- C:\RCX9FA3.tmp
- <Current directory>\XqIQ.ico
- <Current directory>\oYog.exe
- C:\RCX9C77.tmp
- C:\RCXB8E5.tmp
- <Current directory>\riIc.ico
- <Current directory>\VEww.exe
- C:\RCXB5A9.tmp
- <Current directory>\HOUo.ico
- <Current directory>\AAIa.exe
- C:\RCXBCDD.tmp
- <Current directory>\jgwo.ico
- <Current directory>\csEO.exe
- C:\RCXBA9B.tmp
- <Current directory>\pksy.exe
- <Current directory>\GIgM.ico
- <Current directory>\eIIy.exe
- C:\RCXB098.tmp
- <Current directory>\uAIA.exe
- %TEMP%\xOgoYoUs.bat
- C:\RCXB442.tmp
- <Current directory>\Gswo.ico
- <Current directory>\IQcQ.exe
- C:\RCXB24D.tmp
- <Current directory>\MAss.ico
- <Current directory>\IKMY.ico
- <Current directory>\vAsg.exe
- <Current directory>\bEwM.ico
- <Current directory>\bsgU.exe
- <Current directory>\gsMw.ico
- <Current directory>\BAMa.exe
- <Current directory>\aQAi.exe
- <Current directory>\oQsm.exe
- <Current directory>\qeAc.ico
- <Current directory>\YkME.exe
- <Current directory>\vYQU.ico
- <Current directory>\kYQI.exe
- <Current directory>\sGoA.ico
- <Current directory>\mqUQ.ico
- <Current directory>\hsAM.exe
- <Current directory>\gOAU.ico
- <Current directory>\PwAc.exe
- <Current directory>\vSwU.ico
- <Current directory>\lIIC.exe
- <Current directory>\bYEE.exe
- <Current directory>\BsEo.exe
- <Current directory>\niQI.ico
- %TEMP%\OioEkAIo.bat
- <Current directory>\jAYU.ico
- <Current directory>\lsMc.exe
- <Current directory>\rkgw.ico
- <Current directory>\lsAA.ico
- <Current directory>\bAwg.ico
- <Current directory>\tkkM.exe
- <Current directory>\UyUk.ico
- <Current directory>\vUcU.exe
- <Current directory>\QMwQ.ico
- <Current directory>\GEAe.exe
- <Current directory>\kIQg.exe
- <Current directory>\YEAU.exe
- <Current directory>\Uwwc.ico
- <Current directory>\oEAq.exe
- <Current directory>\MiIM.ico
- <Current directory>\vAcg.exe
- <Current directory>\pkkQ.ico
- <Current directory>\hYIM.ico
- <Current directory>\Gcww.exe
- <Current directory>\miEA.ico
- <Current directory>\ZQYc.exe
- <Current directory>\Wqsc.ico
- <Current directory>\zUEK.exe
- %TEMP%\zmsEQocE.bat
- <Current directory>\QYgg.ico
- <Current directory>\rMIW.exe
- <Current directory>\BMQg.ico
- <Current directory>\OQIi.exe
- <Current directory>\Bckg.ico
- <Current directory>\dAQG.exe
- <Current directory>\OqoI.ico
- <Current directory>\eWsA.ico
- <Current directory>\jowO.exe
- <Current directory>\rsoQ.ico
- <Current directory>\NkAk.ico
- %TEMP%\XKMsgQAE.bat
- <Current directory>\uUQE.exe
- <Current directory>\PIgg.exe
- <Current directory>\WQYy.exe
- <Current directory>\kwgM.ico
- <Current directory>\foIE.exe
- <Current directory>\UAoE.ico
- <Current directory>\ScQC.exe
- <Current directory>\beIg.ico
- <Current directory>\DwYQ.ico
- <Current directory>\hkMy.exe
- <Current directory>\TeAc.ico
- <Current directory>\fIUE.exe
- <Current directory>\fIIE.ico
- <Current directory>\YQAi.exe
- <Current directory>\wYAI.exe
- <Current directory>\xEgC.exe
- <Current directory>\JgAo.ico
- <Current directory>\WMIi.exe
- <Current directory>\BMQo.ico
- <Current directory>\IwIa.exe
- <Current directory>\Xawc.ico
- <Current directory>\xAIw.ico
- <Current directory>\XMUk.ico
- <Current directory>\xcks.exe
- <Current directory>\kKgk.ico
- <Current directory>\awsQ.exe
- <Current directory>\EWwY.ico
- <Current directory>\jcQw.exe
- <Current directory>\mUkU.exe
- <Current directory>\pkwO.exe
- <Current directory>\AYcs.ico
- <Current directory>\LoEU.exe
- <Current directory>\VCog.ico
- <Current directory>\EEoq.exe
- <Current directory>\JmIc.ico
- <Current directory>\toQk.ico
- <Current directory>\CMAs.exe
- <Current directory>\auck.ico
- <Current directory>\LkwU.exe
- <Current directory>\WWgs.ico
- <Current directory>\WgAq.exe
- <Current directory>\xgEW.exe
- %TEMP%\yYAcUwsU.bat
- <Current directory>\bwAu.exe
- <Current directory>\sEAo.ico
- <Current directory>\zcYk.ico
- <Current directory>\GEws.exe
- <Current directory>\HWcs.ico
- <Current directory>\gosU.ico
- %TEMP%\amgUEIIk.bat
- <Current directory>\MoES.exe
- <Current directory>\HasA.ico
- <Current directory>\UOcA.ico
- <Current directory>\zIcc.exe
- <Current directory>\JiwE.ico
- <Current directory>\ZEEy.exe
- <Current directory>\bAoQ.exe
- <Current directory>\cYQA.ico
- <Current directory>\coEI.exe
- <Current directory>\YCAM.ico
- <Current directory>\iEEA.exe
- <Current directory>\JacQ.ico
- <Current directory>\xCsY.ico
- <Current directory>\mcIc.exe
- <Current directory>\gqMc.ico
- <Current directory>\kMsE.exe
- <Current directory>\roMk.ico
- <Current directory>\VQQu.exe
- <Current directory>\AYog.exe
- <Current directory>\mIkK.exe
- <Current directory>\ikgM.ico
- <Current directory>\Ookk.exe
- <Current directory>\BGQg.ico
- <Current directory>\XEEu.exe
- <Current directory>\KygI.ico
- <Current directory>\HcUo.ico
- %TEMP%\bcEUoQUM.bat
- <Current directory>\bwwa.exe
- <Current directory>\oqQM.ico
- <Current directory>\nIwE.ico
- <Current directory>\ZIoY.exe
- <Current directory>\EEUU.ico
- <Current directory>\Gggs.exe
- <Current directory>\PYIY.exe
- <Current directory>\dqgA.ico
- %TEMP%\JsUcUwAU.bat
- <Current directory>\iAgA.ico
- <Current directory>\QUAY.exe
- <Current directory>\ywMU.ico
- <Current directory>\hGYM.ico
- <Current directory>\Cska.exe
- <Current directory>\EKkQ.ico
- <Current directory>\Cocm.exe
- <Current directory>\psYA.ico
- <Current directory>\BUgc.exe
- <Current directory>\JwAo.exe
- <Current directory>\fooK.exe
- <Current directory>\GIMs.ico
- <Current directory>\GgQI.exe
- <Current directory>\vOcQ.ico
- <Current directory>\AskC.exe
- <Current directory>\QCII.ico
- <Current directory>\lgYE.ico
- <Current directory>\uEIc.ico
- <Current directory>\DooU.exe
- <Current directory>\mKkU.ico
- <Current directory>\hUQQ.exe
- <Current directory>\jkQY.ico
- <Current directory>\DcUG.exe
- <Current directory>\uAQO.exe
- <Current directory>\aUEw.ico
- <Current directory>\bEEO.exe
- <Current directory>\RwEA.ico
- <Current directory>\mwAk.ico
- %TEMP%\sIsgswYo.bat
- <Current directory>\VwUg.exe
- <Current directory>\leMU.ico
- %TEMP%\LqQUUwcg.bat
- <Current directory>\KYgm.exe
- <Current directory>\jMgs.exe
- <Current directory>\miMw.ico
- <Current directory>\uwsm.exe
- <Current directory>\xgoo.ico
- <Current directory>\BEgo.ico
- <Current directory>\pAAk.exe
- <Current directory>\XegU.ico
- <Current directory>\bYke.exe
- <Current directory>\haYg.ico
- <Current directory>\ZYsi.exe
- <Current directory>\Qogs.exe
- <Current directory>\EEAG.exe
- <Current directory>\iqUg.ico
- <Current directory>\gIsS.exe
- <Current directory>\uAIA.exe
- <Current directory>\iGYo.ico
- %TEMP%\uIMsUwMY.bat
- <Current directory>\eMAg.ico
- <Current directory>\jQUe.exe
- <Current directory>\XqIQ.ico
- <Current directory>\oYog.exe
- <Current directory>\DcUi.exe
- <Current directory>\IggM.ico
- %TEMP%\nQQwgcoU.bat
- <Current directory>\csEO.exe
- <Current directory>\riIc.ico
- <Current directory>\VEww.exe
- <Current directory>\begc.ico
- <Current directory>\AAIa.exe
- <Current directory>\jgwo.ico
- <Current directory>\HOUo.ico
- <Current directory>\MAss.ico
- <Current directory>\eIIy.exe
- <Current directory>\GIgM.ico
- <Current directory>\pksy.exe
- <Current directory>\Gswo.ico
- <Current directory>\IQcQ.exe
- from C:\RCXFAD6.tmp to <Current directory>\vAsg.exe
- from C:\RCXFD19.tmp to <Current directory>\BAMa.exe
- from C:\RCXFEA0.tmp to <Current directory>\bsgU.exe
- from C:\RCXF519.tmp to <Current directory>\oQsm.exe
- from C:\RCXF7D8.tmp to <Current directory>\kYQI.exe
- from C:\RCXF930.tmp to <Current directory>\aQAi.exe
- from C:\RCXBBE.tmp to <Current directory>\hsAM.exe
- from C:\RCXCC8.tmp to <Current directory>\lIIC.exe
- from C:\RCXE4F.tmp to <Current directory>\PwAc.exe
- from C:\RCX297.tmp to <Current directory>\BsEo.exe
- from C:\RCX8B0.tmp to <Current directory>\lsMc.exe
- from C:\RCX9E9.tmp to <Current directory>\bYEE.exe
- from C:\RCXF18F.tmp to <Current directory>\YkME.exe
- from C:\RCXE103.tmp to <Current directory>\tkkM.exe
- from C:\RCXE299.tmp to <Current directory>\GEAe.exe
- from C:\RCXE44F.tmp to <Current directory>\vUcU.exe
- from C:\RCXDBD2.tmp to <Current directory>\YEAU.exe
- from C:\RCXDD78.tmp to <Current directory>\vAcg.exe
- from C:\RCXDFCA.tmp to <Current directory>\kIQg.exe
- from C:\RCXEAA9.tmp to <Current directory>\Gcww.exe
- from C:\RCXEE33.tmp to <Current directory>\zUEK.exe
- from C:\RCXF008.tmp to <Current directory>\ZQYc.exe
- from C:\RCXE54A.tmp to <Current directory>\rMIW.exe
- from C:\RCXE70F.tmp to <Current directory>\dAQG.exe
- from C:\RCXE8D4.tmp to <Current directory>\OQIi.exe
- from C:\RCX10DF.tmp to <Current directory>\LoEU.exe
- from C:\RCX2828.tmp to <Current directory>\jowO.exe
- from C:\RCX2AC7.tmp to <Current directory>\uUQE.exe
- from C:\RCX2C9C.tmp to <Current directory>\WMIi.exe
- from C:\RCX24AB.tmp to <Current directory>\WQYy.exe
- from C:\RCX2604.tmp to <Current directory>\ScQC.exe
- from C:\RCX275C.tmp to <Current directory>\PIgg.exe
- from C:\RCX3393.tmp to <Current directory>\hkMy.exe
- from C:\RCX3568.tmp to <Current directory>\YQAi.exe
- from C:\RCX3643.tmp to <Current directory>\fIUE.exe
- from C:\RCX2DE5.tmp to <Current directory>\xEgC.exe
- from C:\RCX2F9B.tmp to <Current directory>\IwIa.exe
- from C:\RCX30A5.tmp to <Current directory>\wYAI.exe
- from C:\RCX22F6.tmp to <Current directory>\foIE.exe
- from C:\RCX14AA.tmp to <Current directory>\xcks.exe
- from C:\RCX1566.tmp to <Current directory>\jcQw.exe
- from C:\RCX1651.tmp to <Current directory>\awsQ.exe
- from C:\RCX1208.tmp to <Current directory>\pkwO.exe
- from C:\RCX1313.tmp to <Current directory>\EEoq.exe
- from C:\RCX13EE.tmp to <Current directory>\mUkU.exe
- from C:\RCX1ECE.tmp to <Current directory>\CMAs.exe
- from C:\RCX1F7A.tmp to <Current directory>\WgAq.exe
- from C:\RCX20D3.tmp to <Current directory>\LkwU.exe
- from C:\RCX17D8.tmp to <Current directory>\bwAu.exe
- from C:\RCX1A78.tmp to <Current directory>\GEws.exe
- from C:\RCX1E21.tmp to <Current directory>\xgEW.exe
- from C:\RCX7A0F.tmp to <Current directory>\MoES.exe
- from C:\RCX7E16.tmp to <Current directory>\zIcc.exe
- from C:\RCX82D8.tmp to <Current directory>\Ookk.exe
- from C:\RCX71F1.tmp to <Current directory>\bAoQ.exe
- from C:\RCX7482.tmp to <Current directory>\iEEA.exe
- from C:\RCX7712.tmp to <Current directory>\ZEEy.exe
- from C:\RCX93DC.tmp to <Current directory>\mcIc.exe
- from C:\RCX9785.tmp to <Current directory>\VQQu.exe
- from C:\RCX99A8.tmp to <Current directory>\kMsE.exe
- from C:\RCX8642.tmp to <Current directory>\mIkK.exe
- from C:\RCX8C3C.tmp to <Current directory>\XEEu.exe
- from C:\RCX9071.tmp to <Current directory>\AYog.exe
- from C:\RCX6ED5.tmp to <Current directory>\coEI.exe
- from C:\RCX37F4.tmp to <Current directory>\bwwa.exe
- from C:\RCX459B.tmp to <Current directory>\ZIoY.exe
- from C:\RCX4B76.tmp to <Current directory>\GgQI.exe
- from C:\RCXB94.tmp to <Current directory>\PYIY.exe
- from C:\RCX15D2.tmp to <Current directory>\QUAY.exe
- from C:\RCX1E6A.tmp to <Current directory>\Gggs.exe
- from C:\RCX6199.tmp to <Current directory>\Cska.exe
- from C:\RCX64E4.tmp to <Current directory>\BUgc.exe
- from C:\RCX6939.tmp to <Current directory>\Cocm.exe
- from C:\RCX5334.tmp to <Current directory>\fooK.exe
- from C:\RCX5B8E.tmp to <Current directory>\AskC.exe
- from C:\RCX5ECA.tmp to <Current directory>\JwAo.exe
- from C:\RCX9C77.tmp to <Current directory>\oYog.exe
- from C:\RCXC961.tmp to <Current directory>\DcUG.exe
- from C:\RCXCC11.tmp to <Current directory>\hUQQ.exe
- from C:\RCXCD98.tmp to <Current directory>\pAAk.exe
- from C:\RCXC1DF.tmp to <Current directory>\VwUg.exe
- from C:\RCXC412.tmp to <Current directory>\uAQO.exe
- from C:\RCXC76D.tmp to <Current directory>\DooU.exe
- from C:\RCXD7C9.tmp to <Current directory>\uwsm.exe
- from C:\RCXD960.tmp to <Current directory>\jMgs.exe
- from C:\RCXDA89.tmp to <Current directory>\oEAq.exe
- from C:\RCXCEC1.tmp to <Current directory>\ZYsi.exe
- from C:\RCXD0E4.tmp to <Current directory>\bYke.exe
- from C:\RCXD2E8.tmp to <Current directory>\KYgm.exe
- from C:\RCXBFEB.tmp to <Current directory>\bEEO.exe
- from C:\RCXABE5.tmp to <Current directory>\EEAG.exe
- from C:\RCXB098.tmp to <Current directory>\uAIA.exe
- from C:\RCXB24D.tmp to <Current directory>\eIIy.exe
- from C:\RCX9FA3.tmp to <Current directory>\jQUe.exe
- from C:\RCXA3A9.tmp to <Current directory>\DcUi.exe
- from C:\RCXA724.tmp to <Current directory>\gIsS.exe
- from C:\RCXBA9B.tmp to <Current directory>\csEO.exe
- from C:\RCXBCDD.tmp to <Current directory>\AAIa.exe
- from C:\RCXBED1.tmp to <Current directory>\Qogs.exe
- from C:\RCXB442.tmp to <Current directory>\IQcQ.exe
- from C:\RCXB5A9.tmp to <Current directory>\pksy.exe
- from C:\RCXB8E5.tmp to <Current directory>\VEww.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'rSYkcwMw.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'GocwIYEU.exe'