Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows.exe' = '\Microsoftwindows\Windows.exe'
- '%TEMP%\AX0rj257j.exe'
- '<SYSTEM32>\wscript.exe' A74A7F6vM.vbs
- %TEMP%\image_00002-N.exe.58.da4inka
- %TEMP%\image_00002-N.exe.57.da4inka
- %TEMP%\image_00002-N.exe.6.da4inka
- %TEMP%\image_00002-N.exe.59.da4inka
- %TEMP%\image_00002-N.exe.54.da4inka
- %TEMP%\image_00002-N.exe.53.da4inka
- %TEMP%\image_00002-N.exe.56.da4inka
- %TEMP%\image_00002-N.exe.55.da4inka
- %TEMP%\image_00002-N.exe.60.da4inka
- %TEMP%\image_00002-N.exe.66.da4inka
- %TEMP%\image_00002-N.exe.65.da4inka
- %TEMP%\image_00002-N.exe.68.da4inka
- %TEMP%\image_00002-N.exe.67.da4inka
- %TEMP%\image_00002-N.exe.62.da4inka
- %TEMP%\image_00002-N.exe.61.da4inka
- %TEMP%\image_00002-N.exe.64.da4inka
- %TEMP%\image_00002-N.exe.63.da4inka
- %TEMP%\image_00002-N.exe.52.da4inka
- %TEMP%\image_00002-N.exe.41.da4inka
- %TEMP%\image_00002-N.exe.40.da4inka
- %TEMP%\image_00002-N.exe.43.da4inka
- %TEMP%\image_00002-N.exe.42.da4inka
- %TEMP%\image_00002-N.exe.38.da4inka
- %TEMP%\image_00002-N.exe.37.da4inka
- %TEMP%\image_00002-N.exe.4.da4inka
- %TEMP%\image_00002-N.exe.39.da4inka
- %TEMP%\image_00002-N.exe.44.da4inka
- %TEMP%\image_00002-N.exe.5.da4inka
- %TEMP%\image_00002-N.exe.49.da4inka
- %TEMP%\image_00002-N.exe.51.da4inka
- %TEMP%\image_00002-N.exe.50.da4inka
- %TEMP%\image_00002-N.exe.46.da4inka
- %TEMP%\image_00002-N.exe.45.da4inka
- %TEMP%\image_00002-N.exe.48.da4inka
- %TEMP%\image_00002-N.exe.47.da4inka
- %TEMP%\image_00002-N.exe.9.da4inka
- %TEMP%\image_00002-N.exe.89.da4inka
- %TEMP%\image_00002-N.exe.91.da4inka
- %TEMP%\image_00002-N.exe.90.da4inka
- %TEMP%\image_00002-N.exe.86.da4inka
- %TEMP%\image_00002-N.exe.85.da4inka
- %TEMP%\image_00002-N.exe.88.da4inka
- %TEMP%\image_00002-N.exe.87.da4inka
- %TEMP%\image_00002-N.exe.92.da4inka
- %TEMP%\image_00002-N.exe.98.da4inka
- %TEMP%\image_00002-N.exe.97.da4inka
- C:\Microsoftwindows\Windows.exe
- %TEMP%\image_00002-N.exe.99.da4inka
- %TEMP%\image_00002-N.exe.94.da4inka
- %TEMP%\image_00002-N.exe.93.da4inka
- %TEMP%\image_00002-N.exe.96.da4inka
- %TEMP%\image_00002-N.exe.95.da4inka
- %TEMP%\image_00002-N.exe.84.da4inka
- %TEMP%\image_00002-N.exe.73.da4inka
- %TEMP%\image_00002-N.exe.72.da4inka
- %TEMP%\image_00002-N.exe.75.da4inka
- %TEMP%\image_00002-N.exe.74.da4inka
- %TEMP%\image_00002-N.exe.7.da4inka
- %TEMP%\image_00002-N.exe.69.da4inka
- %TEMP%\image_00002-N.exe.71.da4inka
- %TEMP%\image_00002-N.exe.70.da4inka
- %TEMP%\image_00002-N.exe.76.da4inka
- %TEMP%\image_00002-N.exe.81.da4inka
- %TEMP%\image_00002-N.exe.80.da4inka
- %TEMP%\image_00002-N.exe.83.da4inka
- %TEMP%\image_00002-N.exe.82.da4inka
- %TEMP%\image_00002-N.exe.78.da4inka
- %TEMP%\image_00002-N.exe.77.da4inka
- %TEMP%\image_00002-N.exe.8.da4inka
- %TEMP%\image_00002-N.exe.79.da4inka
- %TEMP%\image_00002-N.exe.36.da4inka
- %TEMP%\image_00002-N.exe.117.da4inka
- %TEMP%\image_00002-N.exe.116.da4inka
- %TEMP%\image_00002-N.exe.119.da4inka
- %TEMP%\image_00002-N.exe.118.da4inka
- %TEMP%\image_00002-N.exe.113.da4inka
- %TEMP%\image_00002-N.exe.112.da4inka
- %TEMP%\image_00002-N.exe.115.da4inka
- %TEMP%\image_00002-N.exe.114.da4inka
- %TEMP%\image_00002-N.exe.12.da4inka
- %TEMP%\image_00002-N.exe.125.da4inka
- %TEMP%\image_00002-N.exe.124.da4inka
- %TEMP%\image_00002-N.exe.127.da4inka
- %TEMP%\image_00002-N.exe.126.da4inka
- %TEMP%\image_00002-N.exe.121.da4inka
- %TEMP%\image_00002-N.exe.120.da4inka
- %TEMP%\image_00002-N.exe.123.da4inka
- %TEMP%\image_00002-N.exe.122.da4inka
- %TEMP%\image_00002-N.exe.111.da4inka
- %TEMP%\image_00002-N.exe.100.da4inka
- %TEMP%\image_00002-N.exe.10.da4inka
- %TEMP%\image_00002-N.exe.102.da4inka
- %TEMP%\image_00002-N.exe.101.da4inka
- %TEMP%\A2F10cmaI.bat
- %TEMP%\9no6yAuS.bat
- %TEMP%\image_00002-N.exe.1.da4inka
- %TEMP%\A74A7F6vM.vbs
- %TEMP%\image_00002-N.exe.103.da4inka
- %TEMP%\image_00002-N.exe.109.da4inka
- %TEMP%\image_00002-N.exe.108.da4inka
- %TEMP%\image_00002-N.exe.110.da4inka
- %TEMP%\image_00002-N.exe.11.da4inka
- %TEMP%\image_00002-N.exe.105.da4inka
- %TEMP%\image_00002-N.exe.104.da4inka
- %TEMP%\image_00002-N.exe.107.da4inka
- %TEMP%\image_00002-N.exe.106.da4inka
- %TEMP%\image_00002-N.exe.25.da4inka
- %TEMP%\image_00002-N.exe.24.da4inka
- %TEMP%\image_00002-N.exe.27.da4inka
- %TEMP%\image_00002-N.exe.26.da4inka
- %TEMP%\image_00002-N.exe.21.da4inka
- %TEMP%\image_00002-N.exe.20.da4inka
- %TEMP%\image_00002-N.exe.23.da4inka
- %TEMP%\image_00002-N.exe.22.da4inka
- %TEMP%\image_00002-N.exe.28.da4inka
- %TEMP%\image_00002-N.exe.33.da4inka
- %TEMP%\image_00002-N.exe.32.da4inka
- %TEMP%\image_00002-N.exe.35.da4inka
- %TEMP%\image_00002-N.exe.34.da4inka
- %TEMP%\image_00002-N.exe.3.da4inka
- %TEMP%\image_00002-N.exe.29.da4inka
- %TEMP%\image_00002-N.exe.31.da4inka
- %TEMP%\image_00002-N.exe.30.da4inka
- %TEMP%\image_00002-N.exe.2.da4inka
- %TEMP%\image_00002-N.exe.132.da4inka
- %TEMP%\image_00002-N.exe.131.da4inka
- %TEMP%\image_00002-N.exe.134.da4inka
- %TEMP%\image_00002-N.exe.133.da4inka
- %TEMP%\image_00002-N.exe.129.da4inka
- %TEMP%\image_00002-N.exe.128.da4inka
- %TEMP%\image_00002-N.exe.130.da4inka
- %TEMP%\image_00002-N.exe.13.da4inka
- %TEMP%\image_00002-N.exe.135.da4inka
- %TEMP%\image_00002-N.exe.17.da4inka
- %TEMP%\image_00002-N.exe.16.da4inka
- %TEMP%\image_00002-N.exe.19.da4inka
- %TEMP%\image_00002-N.exe.18.da4inka
- %TEMP%\image_00002-N.exe.137.da4inka
- %TEMP%\image_00002-N.exe.136.da4inka
- %TEMP%\image_00002-N.exe.15.da4inka
- %TEMP%\image_00002-N.exe.14.da4inka
- from %TEMP%\image_00002-N.exe.1.da4inka to %TEMP%\AX0rj257j.exe
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''