Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aeEkEEcE.exe' = '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pUccUkoM.exe' = '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- hidden files
- file extensions
- User Account Control (UAC)
- '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\VqoIokwg.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3812
- '<SYSTEM32>\reg.exe' /pid=2488
- '<SYSTEM32>\reg.exe' /pid=1428
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\reg.exe' /pid=2504
- '<SYSTEM32>\reg.exe' /pid=2416
- '<SYSTEM32>\cscript.exe' /pid=4380
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\yqEcAkwA.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=4616
- '<SYSTEM32>\reg.exe' /pid=3084
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ECQEoEUw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\GSUsMgMk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\nqoIEEEY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\JKAkwowI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\fUgQsckQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\rGQQAkMI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\FSAAgUEg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\jwsEMYoA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\dMQIUYcA.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=6024
- '<SYSTEM32>\cscript.exe' /pid=3992
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\pUIAgwAU.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=5980
- '<SYSTEM32>\reg.exe' /pid=5908
- '<SYSTEM32>\cscript.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\nuYsMcgo.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' /pid=6088
- '<SYSTEM32>\reg.exe' /pid=5896
- '<SYSTEM32>\reg.exe' /pid=5588
- '<SYSTEM32>\reg.exe' /pid=6000
- '<SYSTEM32>\reg.exe' /pid=5688
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\xuQIoMIM.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=4268
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\JGAgIMAE.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3052
- '<SYSTEM32>\cscript.exe' /pid=3900
- '<SYSTEM32>\reg.exe' /pid=5912
- '<SYSTEM32>\cscript.exe' /pid=3976
- '<SYSTEM32>\reg.exe' /pid=5168
- '<SYSTEM32>\reg.exe' /pid=5116
- '<SYSTEM32>\reg.exe' /pid=5032
- '<SYSTEM32>\reg.exe' /pid=4728
- '<SYSTEM32>\cscript.exe' /pid=1584
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\BiMEkIcg.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=5312
- '<SYSTEM32>\reg.exe' /pid=5324
- '<SYSTEM32>\reg.exe' /pid=5492
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ocEIQgws.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=5264
- '<SYSTEM32>\cscript.exe' /pid=5568
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\laUoYkQE.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\hMMMUYgc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\yuIkEcIY.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=4020
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\TagcUcoA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\MgwkwAsY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tSoMUAgQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\UoMYkYQw.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\swkggYQo.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\uioQAsQw.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3356
- '<SYSTEM32>\reg.exe' /pid=2808
- '<SYSTEM32>\reg.exe' /pid=216
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\XaAsgQoI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\lcAMEgYU.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' %TEMP%\file.vbs
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\jSUYogYo.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\dQoYAgUk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\cYUkkAII.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\bccIMUUg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\LKwMsIUI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\msYoQcgE.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\eWgAIgQc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\HAgoEEsE.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=3120
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\OcQQgAsA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\coYAcQoc.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3208
- '<SYSTEM32>\reg.exe' /pid=3088
- '<SYSTEM32>\cscript.exe' /pid=3084
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\rksgUcEw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\CukkAooQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\UmokgoUg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\hWIoMIww.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\oUIgwIcU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\LGYsYUEg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\lewkMkMM.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3736
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\fiUosYME.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\WMcsskoI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3268
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\nmgowQgM.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\IiockcAY.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' %TEMP%\file.vbs
- '<SYSTEM32>\reg.exe' /pid=3276
- '<SYSTEM32>\reg.exe' /pid=1576
- '<SYSTEM32>\cscript.exe' /c ""%TEMP%\MSkwscAY.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=2432
- '<SYSTEM32>\reg.exe' /pid=264
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\reg.exe
- C:\RCX38.tmp
- <Current directory>\CAoq.ico
- <Current directory>\eQAS.exe
- <Current directory>\mcoi.ico
- <Current directory>\IAMA.exe
- %TEMP%\nuYsMcgo.bat
- %TEMP%\qQsMQcks.bat
- C:\RCX3A.tmp
- <Current directory>\UMMq.ico
- C:\RCX39.tmp
- <Current directory>\RQUW.ico
- <Current directory>\bUco.exe
- C:\RCX37.tmp
- <Current directory>\Jwss.ico
- <Current directory>\ZMAy.exe
- C:\RCX35.tmp
- <Current directory>\QgMy.exe
- C:\RCX34.tmp
- %TEMP%\yqEcAkwA.bat
- C:\RCX36.tmp
- <Current directory>\lYYY.ico
- <Current directory>\FYUE.exe
- <Current directory>\sMUc.ico
- %TEMP%\soEQQkcI.bat
- <Current directory>\DUcy.exe
- <Current directory>\rgQu.ico
- <Current directory>\nEIC.exe
- C:\RCX40.tmp
- <Current directory>\Ogku.ico
- <Current directory>\pssM.exe
- C:\RCX3F.tmp
- <Current directory>\lkEA.ico
- <Current directory>\IwIw.exe
- C:\RCX42.tmp
- <Current directory>\ZMcC.ico
- <Current directory>\JAwm.exe
- C:\RCX41.tmp
- %TEMP%\KOYkcoUU.bat
- <Current directory>\wIIW.exe
- C:\RCX3C.tmp
- %TEMP%\BiMEkIcg.bat
- <Current directory>\NAEA.exe
- C:\RCX3B.tmp
- <Current directory>\Dswa.ico
- <Current directory>\nAkk.ico
- <Current directory>\rgoC.exe
- C:\RCX3E.tmp
- <Current directory>\voce.ico
- <Current directory>\jEMg.exe
- C:\RCX3D.tmp
- <Current directory>\egAA.exe
- C:\RCX2A.tmp
- <Current directory>\pAAK.ico
- %TEMP%\ECQEoEUw.bat
- %TEMP%\CGcwwIUk.bat
- <Current directory>\isEu.ico
- %TEMP%\GSUsMgMk.bat
- <Current directory>\EAYc.exe
- C:\RCX2C.tmp
- <Current directory>\mUAO.exe
- C:\RCX2B.tmp
- <Current directory>\oEIw.ico
- C:\RCX29.tmp
- C:\RCX26.tmp
- <Current directory>\cwUs.ico
- <Current directory>\fAcu.exe
- %TEMP%\UOYokoEA.bat
- <Current directory>\CsAu.ico
- <Current directory>\OosK.exe
- C:\RCX28.tmp
- <Current directory>\UMgQ.ico
- <Current directory>\kEww.exe
- C:\RCX27.tmp
- <Current directory>\sogU.ico
- <Current directory>\mEEc.exe
- <Current directory>\eUsM.ico
- <Current directory>\Qwwm.exe
- %TEMP%\MagkYAMY.bat
- <Current directory>\NoYS.ico
- <Current directory>\oEcm.exe
- C:\RCX31.tmp
- <Current directory>\xYgk.exe
- C:\RCX33.tmp
- <Current directory>\fIMg.ico
- C:\RCX32.tmp
- %TEMP%\BoooMgIs.bat
- <Current directory>\IgYW.ico
- C:\RCX30.tmp
- C:\RCX2D.tmp
- <Current directory>\VYwQ.ico
- <Current directory>\wwgk.exe
- <Current directory>\zEco.ico
- <Current directory>\IkcQ.exe
- %TEMP%\iKwMMgYE.bat
- C:\RCX2F.tmp
- <Current directory>\vcMK.ico
- <Current directory>\Dcow.exe
- C:\RCX2E.tmp
- <Current directory>\Zcwk.ico
- <Current directory>\SUQQ.exe
- <Current directory>\qIMm.ico
- <Current directory>\SIcC.exe
- C:\RCX56.tmp
- <Current directory>\HcQU.ico
- <Current directory>\EUIq.exe
- C:\RCX55.tmp
- C:\RCX57.tmp
- <Current directory>\ncwO.ico
- <Current directory>\uYQQ.exe
- %TEMP%\xkQsMMos.bat
- <Current directory>\joUg.ico
- <Current directory>\UIUg.exe
- %TEMP%\xuQIoMIM.bat
- <Current directory>\gswM.exe
- C:\RCX52.tmp
- %TEMP%\SeQUQAQM.bat
- C:\RCX51.tmp
- %TEMP%\MmAEUosU.bat
- <Current directory>\csES.ico
- <Current directory>\mswc.ico
- <Current directory>\RIAs.exe
- C:\RCX54.tmp
- <Current directory>\NAQs.ico
- <Current directory>\NwgI.exe
- C:\RCX53.tmp
- <Current directory>\iwEq.exe
- %TEMP%\vCEIcAMI.bat
- C:\RCX5D.tmp
- <Current directory>\LsAQ.exe
- C:\RCX5C.tmp
- <Current directory>\cMsS.ico
- <Current directory>\rgkM.ico
- <Current directory>\cgEu.exe
- C:\RCX5F.tmp
- <Current directory>\ywUu.ico
- <Current directory>\QEQG.exe
- C:\RCX5E.tmp
- <Current directory>\dIQU.ico
- C:\RCX59.tmp
- %TEMP%\JGAgIMAE.bat
- <Current directory>\OwwA.ico
- C:\RCX58.tmp
- <Current directory>\Agsa.ico
- <Current directory>\usge.exe
- <Current directory>\MkwS.ico
- <Current directory>\uUcO.exe
- C:\RCX5B.tmp
- <Current directory>\sQcs.exe
- C:\RCX5A.tmp
- %TEMP%\FcEcsgYE.bat
- C:\RCX47.tmp
- <Current directory>\pMIk.ico
- <Current directory>\jkIa.exe
- C:\RCX46.tmp
- <Current directory>\cMQu.ico
- <Current directory>\Aowm.exe
- C:\RCX49.tmp
- <Current directory>\EIYU.ico
- <Current directory>\IIsC.exe
- C:\RCX48.tmp
- <Current directory>\DYwe.ico
- <Current directory>\uIoK.exe
- <Current directory>\MYoI.exe
- %TEMP%\CkMkAgUA.bat
- <Current directory>\lMoe.ico
- <Current directory>\PgEa.exe
- <Current directory>\sgcK.ico
- <Current directory>\hMsY.exe
- C:\RCX43.tmp
- C:\RCX45.tmp
- %TEMP%\nMEsUUYU.bat
- <Current directory>\qscK.ico
- C:\RCX44.tmp
- <Current directory>\bMIO.ico
- <Current directory>\uYcA.exe
- %TEMP%\fGgMYkkk.bat
- <Current directory>\DoEi.ico
- <Current directory>\RowG.exe
- <Current directory>\MMUY.ico
- <Current directory>\Fgow.exe
- C:\RCX4E.tmp
- C:\RCX50.tmp
- <Current directory>\JIYQ.ico
- <Current directory>\lgsw.exe
- C:\RCX4F.tmp
- <Current directory>\nkAE.ico
- <Current directory>\jwYu.exe
- %TEMP%\ocEIQgws.bat
- %TEMP%\yqoAkwQc.bat
- <Current directory>\KEYA.exe
- C:\RCX4B.tmp
- C:\RCX4A.tmp
- %TEMP%\laUoYkQE.bat
- <Current directory>\oAQA.ico
- <Current directory>\fcEC.ico
- <Current directory>\AsEa.exe
- C:\RCX4D.tmp
- <Current directory>\HEAC.ico
- <Current directory>\FIEe.exe
- C:\RCX4C.tmp
- <Current directory>\gUQg.ico
- <Current directory>\fgAA.exe
- C:\RCX2.tmp
- <Current directory>\NQsa.exe
- C:\RCX1.tmp
- %TEMP%\CukkAooQ.bat
- C:\RCX3.tmp
- <Current directory>\zYYq.ico
- <Current directory>\IYwA.exe
- <Current directory>\HcIM.ico
- <Current directory>\KAUw.exe
- %TEMP%\REYQUMcU.bat
- <Current directory>\VgAS.ico
- %TEMP%\QaoEQMIo.bat
- %TEMP%\rksgUcEw.bat
- %TEMP%\UqUsMMYc.bat
- %TEMP%\OcQQgAsA.bat
- %TEMP%\WIoEgIUs.bat
- %TEMP%\coYAcQoc.bat
- %TEMP%\dMIIUoMs.bat
- %TEMP%\lewkMkMM.bat
- %TEMP%\vmEQEYcs.bat
- %TEMP%\oUIgwIcU.bat
- %TEMP%\cQMEcIAI.bat
- %TEMP%\LGYsYUEg.bat
- <Current directory>\uYcs.exe
- C:\RCX9.tmp
- %TEMP%\hWIoMIww.bat
- <Current directory>\EYYQ.exe
- C:\RCX8.tmp
- <Current directory>\gkME.ico
- <Current directory>\uEwY.ico
- <Current directory>\XYIs.exe
- C:\RCXB.tmp
- <Current directory>\pgwQ.ico
- <Current directory>\DQMw.exe
- C:\RCXA.tmp
- <Current directory>\ikEw.ico
- C:\RCX5.tmp
- %TEMP%\UmokgoUg.bat
- <Current directory>\uUUk.ico
- C:\RCX4.tmp
- <Current directory>\Rksy.ico
- <Current directory>\XIwa.exe
- <Current directory>\pUkA.ico
- <Current directory>\SEYc.exe
- C:\RCX7.tmp
- %TEMP%\FggUkUUQ.bat
- <Current directory>\JUkS.exe
- C:\RCX6.tmp
- %TEMP%\dQoYAgUk.bat
- %TEMP%\pGgswoQc.bat
- %TEMP%\cYUkkAII.bat
- %TEMP%\rOgsEwEQ.bat
- %TEMP%\eWgAIgQc.bat
- %TEMP%\DmUYEMAQ.bat
- %TEMP%\bccIMUUg.bat
- %TEMP%\JOgYAMIc.bat
- %TEMP%\tuEcAowE.bat
- %TEMP%\tiUsEYgA.bat
- %TEMP%\iGUsQIIo.bat
- %TEMP%\MgwkwAsY.bat
- %TEMP%\msYoQcgE.bat
- %TEMP%\XaAsgQoI.bat
- %TEMP%\ziwEwkMo.bat
- %TEMP%\lcAMEgYU.bat
- %TEMP%\buQYooEI.bat
- <Current directory>\<Virus name>
- %TEMP%\AUwgQEMY.bat
- %TEMP%\LKwMsIUI.bat
- %TEMP%\nUAUUwQw.bat
- %TEMP%\file.vbs
- %TEMP%\vsoYoIwM.bat
- %TEMP%\jSUYogYo.bat
- %TEMP%\hKkUEEQs.bat
- %TEMP%\fiUosYME.bat
- %TEMP%\gcssUwko.bat
- %TEMP%\WMcsskoI.bat
- %TEMP%\AYIwcAkg.bat
- %TEMP%\nmgowQgM.bat
- %TEMP%\uKMgQsQA.bat
- %TEMP%\iwEQsEIM.bat
- %TEMP%\qEoIEQIM.bat
- %TEMP%\AoooEYoo.bat
- %TEMP%\IiockcAY.bat
- %TEMP%\MSkwscAY.bat
- %TEMP%\RQIIgsgc.bat
- %TEMP%\yuIkEcIY.bat
- %TEMP%\xywUEEYs.bat
- %TEMP%\oQQoAksQ.bat
- %TEMP%\UoMYkYQw.bat
- %TEMP%\tSoMUAgQ.bat
- %TEMP%\xMsAkoos.bat
- %TEMP%\QUgMQYso.bat
- %TEMP%\HAgoEEsE.bat
- %TEMP%\uioQAsQw.bat
- %TEMP%\TagcUcoA.bat
- %TEMP%\swkggYQo.bat
- %TEMP%\GiMQAEwU.bat
- C:\RCX1D.tmp
- %TEMP%\fUgQsckQ.bat
- <Current directory>\hose.ico
- C:\RCX1C.tmp
- <Current directory>\TQEw.ico
- <Current directory>\xcsO.exe
- <Current directory>\TMQg.ico
- <Current directory>\CwYa.exe
- C:\RCX1F.tmp
- <Current directory>\zcYO.exe
- C:\RCX1E.tmp
- %TEMP%\CGIYAgcQ.bat
- <Current directory>\VskS.exe
- C:\RCX1A.tmp
- %TEMP%\nqoIEEEY.bat
- %TEMP%\WMEooQoc.bat
- %TEMP%\uEcIMkco.bat
- <Current directory>\TYce.ico
- <Current directory>\hcEQ.exe
- %TEMP%\JKAkwowI.bat
- %TEMP%\kooYkUAQ.bat
- <Current directory>\FkgM.ico
- <Current directory>\Skso.ico
- <Current directory>\WYEc.exe
- C:\RCX1B.tmp
- <Current directory>\oIIM.exe
- C:\RCX23.tmp
- <Current directory>\ZMgE.ico
- C:\RCX22.tmp
- %TEMP%\RcYYIYYU.bat
- <Current directory>\CMAg.ico
- <Current directory>\jMUs.exe
- %TEMP%\dcogcYYE.bat
- C:\RCX25.tmp
- <Current directory>\CYsM.exe
- C:\RCX24.tmp
- <Current directory>\dIUU.ico
- %TEMP%\VqoIokwg.bat
- <Current directory>\Cowe.exe
- C:\RCX20.tmp
- %TEMP%\pUIAgwAU.bat
- %TEMP%\dMQIUYcA.bat
- %TEMP%\IescgQAU.bat
- <Current directory>\ZAwk.ico
- C:\RCX21.tmp
- <Current directory>\UMIS.ico
- <Current directory>\ZIkQ.exe
- %TEMP%\uSoMYsos.bat
- <Current directory>\yYoe.ico
- <Current directory>\LEcY.exe
- %TEMP%\hMMMUYgc.bat
- %TEMP%\WQYgYMIk.bat
- <Current directory>\iAsw.ico
- <Current directory>\nkgs.ico
- <Current directory>\NUYK.exe
- C:\RCX10.tmp
- <Current directory>\UoMO.exe
- C:\RCX12.tmp
- %TEMP%\rGQQAkMI.bat
- <Current directory>\KoAm.exe
- C:\RCX11.tmp
- <Current directory>\okwe.ico
- C:\RCXF.tmp
- C:\RCXC.tmp
- <Current directory>\lQku.ico
- <Current directory>\ikAw.exe
- %TEMP%\jmYsEoYc.bat
- <Current directory>\Cssa.ico
- <Current directory>\ocgK.exe
- C:\RCXE.tmp
- <Current directory>\mwss.ico
- <Current directory>\Dcwy.exe
- C:\RCXD.tmp
- <Current directory>\xUIe.ico
- <Current directory>\BYYO.exe
- C:\RCX17.tmp
- %TEMP%\kiwskkwA.bat
- <Current directory>\awYO.ico
- C:\RCX16.tmp
- <Current directory>\dosc.ico
- <Current directory>\GQYa.exe
- <Current directory>\yMUA.exe
- C:\RCX19.tmp
- %TEMP%\jwsEMYoA.bat
- <Current directory>\DEUM.exe
- C:\RCX18.tmp
- <Current directory>\Wwow.ico
- %TEMP%\FSAAgUEg.bat
- %TEMP%\SkIsMoYo.bat
- <Current directory>\vQgu.ico
- <Current directory>\oAUK.exe
- <Current directory>\XskM.ico
- <Current directory>\Xwky.exe
- C:\RCX13.tmp
- C:\RCX15.tmp
- <Current directory>\Dowe.ico
- <Current directory>\Hcgs.exe
- C:\RCX14.tmp
- <Current directory>\tIUW.ico
- <Current directory>\UEQk.exe
- %ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe
- %HOMEPATH%\fCkYUMIQ\pUccUkoM.exe
- <Current directory>\NAEA.exe
- <Current directory>\UMMq.ico
- <Current directory>\RQUW.ico
- %TEMP%\qQsMQcks.bat
- <Current directory>\Dswa.ico
- <Current directory>\jEMg.exe
- %TEMP%\MagkYAMY.bat
- <Current directory>\wIIW.exe
- <Current directory>\lYYY.ico
- <Current directory>\IAMA.exe
- %TEMP%\soEQQkcI.bat
- <Current directory>\FYUE.exe
- <Current directory>\CAoq.ico
- <Current directory>\bUco.exe
- <Current directory>\mcoi.ico
- <Current directory>\eQAS.exe
- <Current directory>\ZMcC.ico
- <Current directory>\IwIw.exe
- <Current directory>\rgQu.ico
- <Current directory>\JAwm.exe
- <Current directory>\sgcK.ico
- <Current directory>\PgEa.exe
- <Current directory>\lkEA.ico
- <Current directory>\hMsY.exe
- <Current directory>\rgoC.exe
- <Current directory>\nAkk.ico
- <Current directory>\voce.ico
- %TEMP%\nuYsMcgo.bat
- %TEMP%\KOYkcoUU.bat
- <Current directory>\nEIC.exe
- <Current directory>\pssM.exe
- <Current directory>\Ogku.ico
- <Current directory>\sMUc.ico
- <Current directory>\oEIw.ico
- <Current directory>\IkcQ.exe
- %TEMP%\dcogcYYE.bat
- <Current directory>\EAYc.exe
- <Current directory>\VYwQ.ico
- %TEMP%\iKwMMgYE.bat
- <Current directory>\zEco.ico
- <Current directory>\wwgk.exe
- <Current directory>\UMgQ.ico
- <Current directory>\egAA.exe
- <Current directory>\sogU.ico
- <Current directory>\kEww.exe
- <Current directory>\mUAO.exe
- <Current directory>\pAAK.ico
- <Current directory>\isEu.ico
- %TEMP%\CGcwwIUk.bat
- <Current directory>\IgYW.ico
- <Current directory>\QgMy.exe
- <Current directory>\xYgk.exe
- %TEMP%\BoooMgIs.bat
- <Current directory>\Jwss.ico
- <Current directory>\DUcy.exe
- <Current directory>\fIMg.ico
- <Current directory>\ZMAy.exe
- <Current directory>\Dcow.exe
- <Current directory>\vcMK.ico
- <Current directory>\SUQQ.exe
- <Current directory>\Zcwk.ico
- <Current directory>\Qwwm.exe
- <Current directory>\eUsM.ico
- <Current directory>\oEcm.exe
- <Current directory>\NoYS.ico
- <Current directory>\qIMm.ico
- <Current directory>\UIUg.exe
- <Current directory>\HcQU.ico
- <Current directory>\SIcC.exe
- %TEMP%\xkQsMMos.bat
- <Current directory>\uYQQ.exe
- <Current directory>\joUg.ico
- %TEMP%\MmAEUosU.bat
- <Current directory>\NwgI.exe
- <Current directory>\NAQs.ico
- <Current directory>\gswM.exe
- <Current directory>\csES.ico
- <Current directory>\mswc.ico
- <Current directory>\EUIq.exe
- %TEMP%\SeQUQAQM.bat
- <Current directory>\RIAs.exe
- <Current directory>\iwEq.exe
- <Current directory>\cMsS.ico
- <Current directory>\LsAQ.exe
- <Current directory>\dIQU.ico
- <Current directory>\cgEu.exe
- <Current directory>\rgkM.ico
- <Current directory>\QEQG.exe
- <Current directory>\ywUu.ico
- <Current directory>\Agsa.ico
- <Current directory>\sQcs.exe
- <Current directory>\ncwO.ico
- <Current directory>\usge.exe
- <Current directory>\MkwS.ico
- %TEMP%\FcEcsgYE.bat
- <Current directory>\OwwA.ico
- <Current directory>\uUcO.exe
- <Current directory>\JIYQ.ico
- <Current directory>\pMIk.ico
- <Current directory>\uIoK.exe
- %TEMP%\nMEsUUYU.bat
- <Current directory>\jkIa.exe
- <Current directory>\EIYU.ico
- <Current directory>\KEYA.exe
- <Current directory>\DYwe.ico
- <Current directory>\IIsC.exe
- <Current directory>\bMIO.ico
- <Current directory>\MYoI.exe
- <Current directory>\lMoe.ico
- <Current directory>\uYcA.exe
- <Current directory>\cMQu.ico
- %TEMP%\BiMEkIcg.bat
- <Current directory>\qscK.ico
- <Current directory>\Aowm.exe
- <Current directory>\DoEi.ico
- %TEMP%\fGgMYkkk.bat
- <Current directory>\MMUY.ico
- <Current directory>\RowG.exe
- %TEMP%\laUoYkQE.bat
- <Current directory>\lgsw.exe
- <Current directory>\jwYu.exe
- <Current directory>\nkAE.ico
- %TEMP%\CkMkAgUA.bat
- <Current directory>\FIEe.exe
- <Current directory>\oAQA.ico
- %TEMP%\yqoAkwQc.bat
- <Current directory>\fcEC.ico
- <Current directory>\Fgow.exe
- <Current directory>\HEAC.ico
- <Current directory>\AsEa.exe
- <Current directory>\IYwA.exe
- <Current directory>\zYYq.ico
- <Current directory>\HcIM.ico
- %TEMP%\REYQUMcU.bat
- <Current directory>\JUkS.exe
- <Current directory>\uUUk.ico
- <Current directory>\XIwa.exe
- <Current directory>\Rksy.ico
- %TEMP%\vmEQEYcs.bat
- <Current directory>\NQsa.exe
- %TEMP%\cQMEcIAI.bat
- %TEMP%\dMIIUoMs.bat
- <Current directory>\gUQg.ico
- <Current directory>\KAUw.exe
- <Current directory>\VgAS.ico
- <Current directory>\fgAA.exe
- <Current directory>\uEwY.ico
- <Current directory>\ocgK.exe
- <Current directory>\pgwQ.ico
- <Current directory>\XYIs.exe
- <Current directory>\ikAw.exe
- <Current directory>\lQku.ico
- <Current directory>\Cssa.ico
- %TEMP%\jmYsEoYc.bat
- %TEMP%\FggUkUUQ.bat
- <Current directory>\EYYQ.exe
- <Current directory>\SEYc.exe
- <Current directory>\pUkA.ico
- <Current directory>\gkME.ico
- <Current directory>\DQMw.exe
- <Current directory>\ikEw.ico
- <Current directory>\uYcs.exe
- %TEMP%\UqUsMMYc.bat
- %TEMP%\JOgYAMIc.bat
- %TEMP%\tuEcAowE.bat
- %TEMP%\tiUsEYgA.bat
- %TEMP%\iGUsQIIo.bat
- %TEMP%\oQQoAksQ.bat
- %TEMP%\GiMQAEwU.bat
- %TEMP%\xMsAkoos.bat
- %TEMP%\xywUEEYs.bat
- %TEMP%\vsoYoIwM.bat
- %TEMP%\AUwgQEMY.bat
- %TEMP%\buQYooEI.bat
- %TEMP%\ziwEwkMo.bat
- %TEMP%\DmUYEMAQ.bat
- %TEMP%\pGgswoQc.bat
- %TEMP%\nUAUUwQw.bat
- %TEMP%\rOgsEwEQ.bat
- %TEMP%\qEoIEQIM.bat
- %TEMP%\MSkwscAY.bat
- %TEMP%\AoooEYoo.bat
- %TEMP%\uKMgQsQA.bat
- %TEMP%\WIoEgIUs.bat
- %TEMP%\QaoEQMIo.bat
- %TEMP%\iwEQsEIM.bat
- %TEMP%\IiockcAY.bat
- %TEMP%\RQIIgsgc.bat
- %TEMP%\uioQAsQw.bat
- %TEMP%\swkggYQo.bat
- %TEMP%\QUgMQYso.bat
- %TEMP%\gcssUwko.bat
- %TEMP%\nmgowQgM.bat
- %TEMP%\AYIwcAkg.bat
- %TEMP%\hKkUEEQs.bat
- %TEMP%\IescgQAU.bat
- <Current directory>\Cowe.exe
- <Current directory>\CwYa.exe
- <Current directory>\TMQg.ico
- <Current directory>\LEcY.exe
- <Current directory>\yYoe.ico
- %TEMP%\uSoMYsos.bat
- <Current directory>\ZAwk.ico
- <Current directory>\FkgM.ico
- <Current directory>\xcsO.exe
- <Current directory>\VskS.exe
- %TEMP%\kooYkUAQ.bat
- <Current directory>\hose.ico
- %TEMP%\CGIYAgcQ.bat
- <Current directory>\TQEw.ico
- <Current directory>\zcYO.exe
- <Current directory>\CsAu.ico
- %TEMP%\UOYokoEA.bat
- <Current directory>\dIUU.ico
- <Current directory>\OosK.exe
- <Current directory>\mEEc.exe
- %TEMP%\VqoIokwg.bat
- <Current directory>\fAcu.exe
- <Current directory>\cwUs.ico
- <Current directory>\oIIM.exe
- <Current directory>\CMAg.ico
- <Current directory>\ZIkQ.exe
- <Current directory>\UMIS.ico
- <Current directory>\ZMgE.ico
- <Current directory>\jMUs.exe
- %TEMP%\RcYYIYYU.bat
- <Current directory>\CYsM.exe
- <Current directory>\Skso.ico
- <Current directory>\okwe.ico
- <Current directory>\Xwky.exe
- <Current directory>\iAsw.ico
- <Current directory>\UoMO.exe
- <Current directory>\vQgu.ico
- %TEMP%\SkIsMoYo.bat
- <Current directory>\XskM.ico
- <Current directory>\oAUK.exe
- <Current directory>\Dcwy.exe
- <Current directory>\mwss.ico
- <Current directory>\BYYO.exe
- <Current directory>\xUIe.ico
- <Current directory>\KoAm.exe
- %TEMP%\WQYgYMIk.bat
- <Current directory>\NUYK.exe
- <Current directory>\nkgs.ico
- <Current directory>\Wwow.ico
- %TEMP%\uEcIMkco.bat
- <Current directory>\awYO.ico
- <Current directory>\yMUA.exe
- %TEMP%\WMEooQoc.bat
- <Current directory>\WYEc.exe
- <Current directory>\hcEQ.exe
- <Current directory>\TYce.ico
- <Current directory>\Hcgs.exe
- <Current directory>\Dowe.ico
- <Current directory>\UEQk.exe
- <Current directory>\tIUW.ico
- %TEMP%\kiwskkwA.bat
- <Current directory>\DEUM.exe
- <Current directory>\GQYa.exe
- <Current directory>\dosc.ico
- from C:\RCX40.tmp to <Current directory>\nEIC.exe
- from C:\RCX41.tmp to <Current directory>\JAwm.exe
- from C:\RCX3F.tmp to <Current directory>\pssM.exe
- from C:\RCX3D.tmp to <Current directory>\jEMg.exe
- from C:\RCX3E.tmp to <Current directory>\rgoC.exe
- from C:\RCX42.tmp to <Current directory>\IwIw.exe
- from C:\RCX46.tmp to <Current directory>\MYoI.exe
- from C:\RCX47.tmp to <Current directory>\Aowm.exe
- from C:\RCX45.tmp to <Current directory>\uYcA.exe
- from C:\RCX43.tmp to <Current directory>\hMsY.exe
- from C:\RCX44.tmp to <Current directory>\PgEa.exe
- from C:\RCX3C.tmp to <Current directory>\wIIW.exe
- from C:\RCX34.tmp to <Current directory>\QgMy.exe
- from C:\RCX35.tmp to <Current directory>\ZMAy.exe
- from C:\RCX33.tmp to <Current directory>\xYgk.exe
- from C:\RCX31.tmp to <Current directory>\oEcm.exe
- from C:\RCX32.tmp to <Current directory>\Qwwm.exe
- from C:\RCX36.tmp to <Current directory>\DUcy.exe
- from C:\RCX3A.tmp to <Current directory>\bUco.exe
- from C:\RCX3B.tmp to <Current directory>\NAEA.exe
- from C:\RCX39.tmp to <Current directory>\eQAS.exe
- from C:\RCX37.tmp to <Current directory>\FYUE.exe
- from C:\RCX38.tmp to <Current directory>\IAMA.exe
- from C:\RCX48.tmp to <Current directory>\jkIa.exe
- from C:\RCX58.tmp to <Current directory>\uYQQ.exe
- from C:\RCX59.tmp to <Current directory>\usge.exe
- from C:\RCX57.tmp to <Current directory>\UIUg.exe
- from C:\RCX55.tmp to <Current directory>\EUIq.exe
- from C:\RCX56.tmp to <Current directory>\SIcC.exe
- from C:\RCX5A.tmp to <Current directory>\sQcs.exe
- from C:\RCX5E.tmp to <Current directory>\QEQG.exe
- from C:\RCX5F.tmp to <Current directory>\cgEu.exe
- from C:\RCX5D.tmp to <Current directory>\iwEq.exe
- from C:\RCX5B.tmp to <Current directory>\uUcO.exe
- from C:\RCX5C.tmp to <Current directory>\LsAQ.exe
- from C:\RCX54.tmp to <Current directory>\RIAs.exe
- from C:\RCX4C.tmp to <Current directory>\FIEe.exe
- from C:\RCX4D.tmp to <Current directory>\AsEa.exe
- from C:\RCX4B.tmp to <Current directory>\KEYA.exe
- from C:\RCX49.tmp to <Current directory>\uIoK.exe
- from C:\RCX4A.tmp to <Current directory>\IIsC.exe
- from C:\RCX4E.tmp to <Current directory>\Fgow.exe
- from C:\RCX52.tmp to <Current directory>\gswM.exe
- from C:\RCX53.tmp to <Current directory>\NwgI.exe
- from C:\RCX51.tmp to <Current directory>\lgsw.exe
- from C:\RCX4F.tmp to <Current directory>\RowG.exe
- from C:\RCX50.tmp to <Current directory>\jwYu.exe
- from C:\RCX30.tmp to <Current directory>\Dcow.exe
- from C:\RCX10.tmp to <Current directory>\NUYK.exe
- from C:\RCX11.tmp to <Current directory>\KoAm.exe
- from C:\RCXF.tmp to <Current directory>\Dcwy.exe
- from C:\RCXD.tmp to <Current directory>\ikAw.exe
- from C:\RCXE.tmp to <Current directory>\BYYO.exe
- from C:\RCX12.tmp to <Current directory>\UoMO.exe
- from C:\RCX16.tmp to <Current directory>\Hcgs.exe
- from C:\RCX17.tmp to <Current directory>\GQYa.exe
- from C:\RCX15.tmp to <Current directory>\UEQk.exe
- from C:\RCX13.tmp to <Current directory>\Xwky.exe
- from C:\RCX14.tmp to <Current directory>\oAUK.exe
- from C:\RCXC.tmp to <Current directory>\ocgK.exe
- from C:\RCX4.tmp to <Current directory>\IYwA.exe
- from C:\RCX5.tmp to <Current directory>\XIwa.exe
- from C:\RCX3.tmp to <Current directory>\KAUw.exe
- from C:\RCX1.tmp to <Current directory>\NQsa.exe
- from C:\RCX2.tmp to <Current directory>\fgAA.exe
- from C:\RCX6.tmp to <Current directory>\JUkS.exe
- from C:\RCXA.tmp to <Current directory>\DQMw.exe
- from C:\RCXB.tmp to <Current directory>\XYIs.exe
- from C:\RCX9.tmp to <Current directory>\uYcs.exe
- from C:\RCX7.tmp to <Current directory>\SEYc.exe
- from C:\RCX8.tmp to <Current directory>\EYYQ.exe
- from C:\RCX18.tmp to <Current directory>\DEUM.exe
- from C:\RCX28.tmp to <Current directory>\mEEc.exe
- from C:\RCX29.tmp to <Current directory>\kEww.exe
- from C:\RCX27.tmp to <Current directory>\fAcu.exe
- from C:\RCX25.tmp to <Current directory>\jMUs.exe
- from C:\RCX26.tmp to <Current directory>\OosK.exe
- from C:\RCX2A.tmp to <Current directory>\egAA.exe
- from C:\RCX2E.tmp to <Current directory>\wwgk.exe
- from C:\RCX2F.tmp to <Current directory>\SUQQ.exe
- from C:\RCX2D.tmp to <Current directory>\IkcQ.exe
- from C:\RCX2B.tmp to <Current directory>\mUAO.exe
- from C:\RCX2C.tmp to <Current directory>\EAYc.exe
- from C:\RCX24.tmp to <Current directory>\CYsM.exe
- from C:\RCX1C.tmp to <Current directory>\VskS.exe
- from C:\RCX1D.tmp to <Current directory>\xcsO.exe
- from C:\RCX1B.tmp to <Current directory>\WYEc.exe
- from C:\RCX19.tmp to <Current directory>\yMUA.exe
- from C:\RCX1A.tmp to <Current directory>\hcEQ.exe
- from C:\RCX1E.tmp to <Current directory>\zcYO.exe
- from C:\RCX22.tmp to <Current directory>\ZIkQ.exe
- from C:\RCX23.tmp to <Current directory>\oIIM.exe
- from C:\RCX21.tmp to <Current directory>\LEcY.exe
- from C:\RCX1F.tmp to <Current directory>\CwYa.exe
- from C:\RCX20.tmp to <Current directory>\Cowe.exe
- '20#.#19.204.12':666
- '19#.#86.45.170':666
- '74.##5.232.51':80
- '20#.#7.164.69':666
- '20#.#7.164.69':9999
- '20#.#19.204.12':9999
- '19#.#86.45.170':9999
- 74.##5.232.51/
- DNS ASK google.com
- ClassName: 'Indicator' WindowName: ''