Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\cscript.exe' /pid=0xb14 /log
- '<SYSTEM32>\reg.exe' 0xa6c cscript.exe
- '<SYSTEM32>\taskhost.exe' /c ""%TEMP%\iYgssgoQ.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\sasMYggQ.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\isoAgYAg.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\xuYUogkU.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' 0x6b4 <Virus name>.exe
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' 0xb20 cscript.exe
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- C:\RCX11E2.tmp
- <Current directory>\aiYA.ico
- <Current directory>\soQE.exe
- C:\RCX1136.tmp
- <Current directory>\KUcY.ico
- <Current directory>\hEAK.exe
- C:\RCX129F.tmp
- C:\RCX13E7.tmp
- %TEMP%\pigckEwk.bat
- <Current directory>\vuQc.ico
- <Current directory>\quwU.ico
- %TEMP%\dyEAIMwk.bat
- <Current directory>\BcYW.exe
- <Current directory>\dQIK.exe
- C:\RCXB98.tmp
- <Current directory>\Xmsk.ico
- <Current directory>\yowA.exe
- C:\RCXA11.tmp
- <Current directory>\rAIA.ico
- <Current directory>\ZIIw.exe
- C:\RCX102C.tmp
- <Current directory>\XaUA.ico
- <Current directory>\cAge.exe
- C:\RCXCE0.tmp
- <Current directory>\ZuME.ico
- <Current directory>\YYoW.exe
- <Current directory>\eUQA.exe
- <Current directory>\DKYY.ico
- <Current directory>\lIga.exe
- C:\RCX21C4.tmp
- <Current directory>\EYcA.ico
- <Current directory>\MUEu.exe
- C:\RCX1FC0.tmp
- <Current directory>\esYw.ico
- <Current directory>\gcIm.exe
- C:\RCX2455.tmp
- <Current directory>\wkwA.ico
- <Current directory>\KYgq.exe
- C:\RCX231C.tmp
- <Current directory>\IaQM.ico
- C:\RCX1A30.tmp
- <Current directory>\lgsk.ico
- <Current directory>\vEAe.exe
- C:\RCX16A6.tmp
- <Current directory>\isww.ico
- <Current directory>\zcsu.exe
- C:\RCX1B69.tmp
- <Current directory>\hkoI.ico
- <Current directory>\fkok.exe
- C:\RCX1ED5.tmp
- <Current directory>\Oqso.ico
- <Current directory>\xscy.exe
- C:\RCX1DEA.tmp
- <Current directory>\YaAA.ico
- <Current directory>\acoi.exe
- C:\RCXEB2F.tmp
- <Current directory>\BYEI.ico
- <Current directory>\WAEK.exe
- C:\RCXEA15.tmp
- <Current directory>\umMc.ico
- <Current directory>\ZEYK.exe
- C:\RCXEF46.tmp
- <Current directory>\Lkso.ico
- <Current directory>\ggkM.exe
- C:\RCXEE6B.tmp
- <Current directory>\HSIY.ico
- <Current directory>\UIIe.exe
- <Current directory>\Mmwo.ico
- <Current directory>\qEsS.exe
- C:\RCXE477.tmp
- %TEMP%\iYgssgoQ.bat
- <Current directory>\asMs.exe
- C:\RCXDD84.tmp
- <Current directory>\rWYc.ico
- <Current directory>\SoUU.exe
- C:\RCXE89E.tmp
- <Current directory>\MMIw.ico
- <Current directory>\nIwc.exe
- C:\RCXE717.tmp
- <Current directory>\tewo.ico
- C:\RCXF5EC.tmp
- C:\RCXFF91.tmp
- <Current directory>\LeYU.ico
- <Current directory>\ksAu.exe
- C:\RCXFDBC.tmp
- <Current directory>\BecY.ico
- <Current directory>\aYIG.exe
- C:\RCXEA.tmp
- <Current directory>\aMwo.ico
- <Current directory>\jAQG.exe
- C:\RCX3F8.tmp
- <Current directory>\RiEQ.ico
- <Current directory>\qgQM.exe
- C:\RCX2ED.tmp
- %TEMP%\MQEAMoYw.bat
- <Current directory>\GsQg.ico
- <Current directory>\bMco.exe
- <Current directory>\OykA.ico
- <Current directory>\Dgos.exe
- C:\RCXF715.tmp
- C:\RCXF938.tmp
- C:\RCXFC26.tmp
- <Current directory>\cAso.ico
- <Current directory>\Nsgw.exe
- <Current directory>\nqwI.ico
- %TEMP%\fcYcQgYQ.bat
- <Current directory>\MEUO.exe
- <Current directory>\lQsO.exe
- C:\RCX4988.tmp
- <Current directory>\nKUc.ico
- <Current directory>\NsEs.exe
- C:\RCX4784.tmp
- <Current directory>\WKAc.ico
- <Current directory>\rAoO.exe
- C:\RCX4C19.tmp
- <Current directory>\BCoI.ico
- <Current directory>\XIwI.exe
- C:\RCX4A54.tmp
- <Current directory>\dqcc.ico
- <Current directory>\jwEU.exe
- <Current directory>\KQQA.ico
- <Current directory>\DkkQ.exe
- C:\RCX434D.tmp
- <Current directory>\BkIi.exe
- C:\RCX4159.tmp
- %TEMP%\sasMYggQ.bat
- <Current directory>\yOgc.ico
- <Current directory>\pokA.exe
- C:\RCX462C.tmp
- <Current directory>\OWAw.ico
- <Current directory>\qUYM.exe
- C:\RCX4486.tmp
- <Current directory>\uWsc.ico
- C:\RCX4DFE.tmp
- <Current directory>\QoAg.exe
- %TEMP%\HosokMQc.bat
- C:\RCX568C.tmp
- <Current directory>\kUgM.exe
- C:\RCX54D6.tmp
- <Current directory>\xiwU.ico
- <Current directory>\XucM.ico
- <Current directory>\BgAs.ico
- <Current directory>\GcsI.exe
- C:\RCX599A.tmp
- <Current directory>\ygwk.exe
- C:\RCX5803.tmp
- %TEMP%\isoAgYAg.bat
- <Current directory>\WKIw.ico
- <Current directory>\yMks.exe
- C:\RCX509F.tmp
- <Current directory>\MqAI.ico
- <Current directory>\OYAu.exe
- C:\RCX4F37.tmp
- <Current directory>\BuoI.ico
- <Current directory>\Sogy.exe
- C:\RCX53AD.tmp
- <Current directory>\UoYo.ico
- <Current directory>\rQwK.exe
- C:\RCX5235.tmp
- <Current directory>\eKcI.ico
- <Current directory>\EysY.ico
- <Current directory>\zEwU.ico
- <Current directory>\MQkA.exe
- C:\RCX2FEF.tmp
- <Current directory>\QwEk.ico
- <Current directory>\tMgG.exe
- C:\RCX2DBC.tmp
- <Current directory>\FIgM.ico
- <Current directory>\BUsg.exe
- C:\RCX329F.tmp
- <Current directory>\fMoY.ico
- <Current directory>\aIkg.exe
- C:\RCX30F9.tmp
- <Current directory>\zkko.ico
- <Current directory>\EgIA.exe
- %TEMP%\IQgwQYsk.bat
- C:\RCX28BA.tmp
- <Current directory>\McoQ.exe
- C:\RCX2659.tmp
- <Current directory>\Qakw.ico
- <Current directory>\vGok.ico
- <Current directory>\nMAA.ico
- <Current directory>\nMIo.exe
- C:\RCX2ADE.tmp
- <Current directory>\dAkk.exe
- C:\RCX29D4.tmp
- %TEMP%\xuYUogkU.bat
- <Current directory>\jsIy.exe
- <Current directory>\HSMw.ico
- <Current directory>\aMIW.exe
- C:\RCX3AFF.tmp
- <Current directory>\guAI.ico
- <Current directory>\iwIy.exe
- C:\RCX3A34.tmp
- <Current directory>\iykw.ico
- <Current directory>\EQca.exe
- %TEMP%\NgUEMkco.bat
- C:\RCX3E6B.tmp
- <Current directory>\OQEO.exe
- C:\RCX3C0A.tmp
- <Current directory>\XmMs.ico
- C:\RCX359E.tmp
- <Current directory>\Rkwo.ico
- <Current directory>\sscY.exe
- C:\RCX3445.tmp
- <Current directory>\Smgc.ico
- <Current directory>\vUUu.exe
- C:\RCX3763.tmp
- <Current directory>\WEgg.ico
- <Current directory>\kkYg.exe
- C:\RCX3997.tmp
- <Current directory>\PEUA.ico
- <Current directory>\Lkoa.exe
- C:\RCX38AC.tmp
- <Current directory>\ZIYI.ico
- <Current directory>\GQsi.exe
- C:\RCX8374.tmp
- <Current directory>\Skkk.ico
- <Current directory>\bscg.exe
- C:\RCX820D.tmp
- <Current directory>\WOIo.ico
- <Current directory>\tgws.exe
- C:\RCX8606.tmp
- <Current directory>\XQUk.ico
- <Current directory>\jUsY.exe
- C:\RCX851B.tmp
- <Current directory>\CwAs.ico
- <Current directory>\ECAg.ico
- %TEMP%\scgQAEMg.bat
- <Current directory>\yMAo.exe
- %TEMP%\FYcwAEUk.bat
- <Current directory>\eYkK.exe
- C:\RCX7839.tmp
- C:\RCX7AD9.tmp
- <Current directory>\EaQI.ico
- <Current directory>\BsIo.exe
- C:\RCX7FCA.tmp
- <Current directory>\peco.ico
- <Current directory>\iUoe.exe
- C:\RCX7D2B.tmp
- <Current directory>\zAUA.exe
- C:\RCX927A.tmp
- <Current directory>\TWEs.ico
- %TEMP%\doEkocQw.bat
- <Current directory>\tSgc.ico
- %TEMP%\WGAgMMQs.bat
- <Current directory>\AUsm.exe
- <Current directory>\WYYi.exe
- C:\RCX9682.tmp
- <Current directory>\BcAY.ico
- <Current directory>\ukgu.exe
- C:\RCX943F.tmp
- <Current directory>\SIQo.ico
- <Current directory>\zsIi.exe
- C:\RCX8981.tmp
- <Current directory>\usoY.ico
- <Current directory>\PgQK.exe
- C:\RCX87EA.tmp
- <Current directory>\OAMo.ico
- <Current directory>\wAsA.exe
- C:\RCX8B46.tmp
- <Current directory>\dkgY.ico
- <Current directory>\IEYq.exe
- C:\RCX9009.tmp
- <Current directory>\ecsY.ico
- <Current directory>\QEQi.exe
- C:\RCX8E44.tmp
- <Current directory>\owcc.ico
- <Current directory>\HQgE.exe
- C:\RCX5091.tmp
- <Current directory>\nukE.ico
- <Current directory>\joYi.exe
- C:\RCX4F87.tmp
- <Current directory>\gwcE.ico
- <Current directory>\uosQ.exe
- C:\RCX5747.tmp
- <Current directory>\ZWcM.ico
- <Current directory>\KkIQ.exe
- C:\RCX52D3.tmp
- <Current directory>\oskA.ico
- <Current directory>\LgQg.exe
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- %TEMP%\ZmQEcwoY.bat
- <Current directory>\<Virus name>
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- C:\ProgramData\kaog.txt
- <Current directory>\sgoO.exe
- C:\RCX4BCE.tmp
- <Current directory>\escg.ico
- %TEMP%\fGwEoYQc.bat
- %TEMP%\file.vbs
- <Current directory>\pGso.ico
- C:\RCX59F6.tmp
- C:\RCX6D0E.tmp
- <Current directory>\gasA.ico
- <Current directory>\VswQ.exe
- C:\RCX6AFB.tmp
- <Current directory>\sYEg.ico
- <Current directory>\Wgcs.exe
- C:\RCX6EC4.tmp
- <Current directory>\rkAY.ico
- <Current directory>\nsII.exe
- C:\RCX7126.tmp
- <Current directory>\gAQE.ico
- <Current directory>\qcAO.exe
- C:\RCX702C.tmp
- <Current directory>\ooMi.exe
- C:\RCX64EF.tmp
- <Current directory>\IaEI.ico
- %TEMP%\EkAYAEYQ.bat
- %TEMP%\cigwwgIs.bat
- <Current directory>\ZQMc.ico
- <Current directory>\WksQ.exe
- C:\RCX69B2.tmp
- <Current directory>\jkgI.ico
- <Current directory>\qggy.exe
- C:\RCX678F.tmp
- <Current directory>\ZSUg.ico
- <Current directory>\AIcQ.exe
- C:\RCXC3B1.tmp
- <Current directory>\kMoA.ico
- <Current directory>\Pgce.exe
- <Current directory>\Zugg.ico
- %TEMP%\FygsEskI.bat
- <Current directory>\TIAu.exe
- C:\RCXC538.tmp
- C:\RCXC7D8.tmp
- <Current directory>\PWos.ico
- <Current directory>\JEQY.exe
- <Current directory>\QyUo.ico
- <Current directory>\iYEm.exe
- %TEMP%\wYEAgUoA.bat
- C:\RCXBF69.tmp
- <Current directory>\tacQ.ico
- <Current directory>\YQMQ.exe
- C:\RCXBCC9.tmp
- <Current directory>\yWsI.ico
- <Current directory>\koMa.exe
- C:\RCXC13E.tmp
- <Current directory>\AkUw.ico
- <Current directory>\ZUkg.exe
- C:\RCXC2F5.tmp
- <Current directory>\mYoA.ico
- <Current directory>\zggA.exe
- C:\RCXC1FA.tmp
- C:\RCXCDA3.tmp
- <Current directory>\Dwkk.exe
- C:\RCXD881.tmp
- <Current directory>\eUMI.ico
- <Current directory>\iows.exe
- C:\RCXD6DB.tmp
- <Current directory>\MEAY.ico
- %TEMP%\csYoUwIE.bat
- <Current directory>\lEAi.exe
- C:\RCXDC0C.tmp
- <Current directory>\aYgs.ico
- <Current directory>\LkYM.exe
- C:\RCXDB31.tmp
- <Current directory>\EGko.ico
- <Current directory>\XUAs.ico
- <Current directory>\kIUS.exe
- C:\RCXD1AA.tmp
- <Current directory>\UEoY.ico
- <Current directory>\XswU.exe
- C:\RCXCEEB.tmp
- <Current directory>\iIcs.ico
- <Current directory>\FEkA.exe
- C:\RCXD499.tmp
- <Current directory>\toIk.ico
- <Current directory>\QgEo.exe
- C:\RCXD331.tmp
- <Current directory>\KQcU.ico
- <Current directory>\pIky.exe
- C:\RCX9F00.tmp
- <Current directory>\FAMQ.ico
- <Current directory>\hcoU.exe
- <Auxiliary element>
- <Current directory>\JyEg.ico
- <Current directory>\WkkI.exe
- C:\RCXA1BF.tmp
- <Current directory>\OGQg.ico
- <Current directory>\xgUi.exe
- C:\RCXA48F.tmp
- <Current directory>\pkgQ.ico
- <Current directory>\pwoy.exe
- C:\RCXA356.tmp
- C:\RCX99AF.tmp
- <Current directory>\nCwQ.ico
- <Current directory>\gAkA.exe
- C:\RCX972E.tmp
- <Current directory>\vUYM.ico
- <Current directory>\osos.exe
- C:\RCX9BC2.tmp
- <Current directory>\CUUQ.ico
- <Current directory>\YUUY.exe
- C:\RCX9E34.tmp
- <Current directory>\nAEU.ico
- <Current directory>\AUMO.exe
- C:\RCX9CDC.tmp
- <Current directory>\cikY.ico
- <Current directory>\qkoo.ico
- <Current directory>\pgcw.exe
- C:\RCXB019.tmp
- <Current directory>\BiYI.ico
- <Current directory>\sEEM.exe
- C:\RCXAE44.tmp
- <Current directory>\Qykw.ico
- <Current directory>\UgkO.exe
- C:\RCXB96E.tmp
- <Current directory>\xmsg.ico
- <Current directory>\Zgom.exe
- C:\RCXB123.tmp
- <Current directory>\GcQM.ico
- <Current directory>\YsUw.exe
- C:\RCXA78D.tmp
- <Current directory>\IuAg.ico
- <Current directory>\JcMQ.exe
- C:\RCXA55B.tmp
- <Current directory>\hEUc.ico
- <Current directory>\Uosc.exe
- C:\RCXAB76.tmp
- %TEMP%\HgUUQIoQ.bat
- %TEMP%\gGgwMYwU.bat
- C:\RCXA905.tmp
- <Current directory>\uqoo.ico
- <Current directory>\tAMQ.exe
- %TEMP%\dyEAIMwk.bat
- <Current directory>\quwU.ico
- <Current directory>\aiYA.ico
- <Current directory>\soQE.exe
- <Current directory>\eUQA.exe
- <Current directory>\isww.ico
- <Current directory>\BcYW.exe
- <Current directory>\vuQc.ico
- <Current directory>\hEAK.exe
- <Current directory>\ZIIw.exe
- <Current directory>\ZuME.ico
- <Current directory>\dQIK.exe
- <Current directory>\Xmsk.ico
- <Current directory>\cAge.exe
- <Current directory>\KUcY.ico
- <Current directory>\YYoW.exe
- <Current directory>\XaUA.ico
- <Current directory>\esYw.ico
- <Current directory>\KYgq.exe
- <Current directory>\DKYY.ico
- <Current directory>\lIga.exe
- <Current directory>\wkwA.ico
- <Current directory>\McoQ.exe
- <Current directory>\IaQM.ico
- <Current directory>\gcIm.exe
- <Current directory>\MUEu.exe
- <Current directory>\vEAe.exe
- <Current directory>\Oqso.ico
- <Current directory>\zcsu.exe
- <Current directory>\lgsk.ico
- <Current directory>\fkok.exe
- <Current directory>\EYcA.ico
- <Current directory>\xscy.exe
- <Current directory>\hkoI.ico
- <Current directory>\rAIA.ico
- <Current directory>\UIIe.exe
- <Current directory>\Lkso.ico
- <Current directory>\ZEYK.exe
- <Current directory>\HSIY.ico
- <Current directory>\Dgos.exe
- %TEMP%\iYgssgoQ.bat
- <Current directory>\ggkM.exe
- <Current directory>\OykA.ico
- <Current directory>\BYEI.ico
- <Current directory>\tewo.ico
- <Current directory>\SoUU.exe
- <Current directory>\rWYc.ico
- <Current directory>\nIwc.exe
- <Current directory>\umMc.ico
- <Current directory>\acoi.exe
- <Current directory>\MMIw.ico
- <Current directory>\WAEK.exe
- <Current directory>\RiEQ.ico
- <Current directory>\qgQM.exe
- <Current directory>\LeYU.ico
- <Current directory>\ksAu.exe
- <Current directory>\YaAA.ico
- <Current directory>\yowA.exe
- <Current directory>\aMwo.ico
- <Current directory>\jAQG.exe
- <Current directory>\aYIG.exe
- <Current directory>\bMco.exe
- <Current directory>\nqwI.ico
- %TEMP%\MQEAMoYw.bat
- <Current directory>\GsQg.ico
- <Current directory>\Nsgw.exe
- <Current directory>\BecY.ico
- <Current directory>\MEUO.exe
- <Current directory>\cAso.ico
- <Current directory>\Qakw.ico
- <Current directory>\lQsO.exe
- <Current directory>\nKUc.ico
- <Current directory>\NsEs.exe
- <Current directory>\WKAc.ico
- <Current directory>\jwEU.exe
- <Current directory>\BCoI.ico
- <Current directory>\rAoO.exe
- <Current directory>\dqcc.ico
- <Current directory>\OWAw.ico
- <Current directory>\KQQA.ico
- <Current directory>\DkkQ.exe
- <Current directory>\EysY.ico
- <Current directory>\BkIi.exe
- <Current directory>\uWsc.ico
- <Current directory>\pokA.exe
- <Current directory>\yOgc.ico
- <Current directory>\qUYM.exe
- <Current directory>\kUgM.exe
- <Current directory>\xiwU.ico
- %TEMP%\sasMYggQ.bat
- <Current directory>\UoYo.ico
- <Current directory>\XucM.ico
- <Current directory>\ygwk.exe
- <Current directory>\QoAg.exe
- %TEMP%\HosokMQc.bat
- <Current directory>\Sogy.exe
- <Current directory>\OYAu.exe
- <Current directory>\WKIw.ico
- <Current directory>\XIwI.exe
- <Current directory>\MqAI.ico
- <Current directory>\rQwK.exe
- <Current directory>\eKcI.ico
- <Current directory>\yMks.exe
- <Current directory>\BuoI.ico
- %TEMP%\NgUEMkco.bat
- <Current directory>\FIgM.ico
- <Current directory>\aIkg.exe
- <Current directory>\zEwU.ico
- <Current directory>\MQkA.exe
- <Current directory>\fMoY.ico
- <Current directory>\jsIy.exe
- <Current directory>\zkko.ico
- <Current directory>\BUsg.exe
- <Current directory>\tMgG.exe
- %TEMP%\IQgwQYsk.bat
- <Current directory>\vGok.ico
- <Current directory>\EgIA.exe
- %TEMP%\pigckEwk.bat
- <Current directory>\nMIo.exe
- <Current directory>\QwEk.ico
- <Current directory>\dAkk.exe
- <Current directory>\nMAA.ico
- <Current directory>\aMIW.exe
- %TEMP%\xuYUogkU.bat
- <Current directory>\iwIy.exe
- <Current directory>\HSMw.ico
- <Current directory>\XmMs.ico
- <Current directory>\EQca.exe
- <Current directory>\iykw.ico
- <Current directory>\OQEO.exe
- <Current directory>\guAI.ico
- <Current directory>\Rkwo.ico
- <Current directory>\sscY.exe
- <Current directory>\Smgc.ico
- <Current directory>\vUUu.exe
- <Current directory>\WEgg.ico
- <Current directory>\kkYg.exe
- <Current directory>\PEUA.ico
- <Current directory>\Lkoa.exe
- <Current directory>\tgws.exe
- <Current directory>\XQUk.ico
- <Current directory>\jUsY.exe
- <Current directory>\CwAs.ico
- <Current directory>\wAsA.exe
- <Current directory>\usoY.ico
- <Current directory>\zAUA.exe
- <Current directory>\OAMo.ico
- <Current directory>\WOIo.ico
- <Current directory>\EaQI.ico
- <Current directory>\BsIo.exe
- <Current directory>\peco.ico
- <Current directory>\iUoe.exe
- <Current directory>\ZIYI.ico
- <Current directory>\GQsi.exe
- <Current directory>\Skkk.ico
- <Current directory>\bscg.exe
- <Current directory>\zsIi.exe
- <Current directory>\BcAY.ico
- <Current directory>\WYYi.exe
- <Current directory>\SIQo.ico
- <Current directory>\osos.exe
- <Current directory>\nCwQ.ico
- <Current directory>\ukgu.exe
- <Current directory>\vUYM.ico
- <Current directory>\TWEs.ico
- <Current directory>\QEQi.exe
- <Current directory>\dkgY.ico
- <Current directory>\PgQK.exe
- <Current directory>\ecsY.ico
- <Current directory>\AUsm.exe
- %TEMP%\WGAgMMQs.bat
- <Current directory>\IEYq.exe
- <Current directory>\tSgc.ico
- <Current directory>\yMAo.exe
- <Current directory>\ZWcM.ico
- <Current directory>\KkIQ.exe
- <Current directory>\oskA.ico
- <Current directory>\LgQg.exe
- <Current directory>\ooMi.exe
- <Current directory>\IaEI.ico
- %TEMP%\EkAYAEYQ.bat
- <Current directory>\ZQMc.ico
- <Current directory>\uosQ.exe
- <Current directory>\sgoO.exe
- <Current directory>\escg.ico
- %TEMP%\ZmQEcwoY.bat
- <Current directory>\pGso.ico
- <Current directory>\HQgE.exe
- <Current directory>\nukE.ico
- <Current directory>\joYi.exe
- <Current directory>\gwcE.ico
- <Current directory>\rkAY.ico
- <Current directory>\nsII.exe
- <Current directory>\gAQE.ico
- <Current directory>\qcAO.exe
- <Current directory>\eYkK.exe
- <Current directory>\ECAg.ico
- %TEMP%\FYcwAEUk.bat
- <Current directory>\owcc.ico
- <Current directory>\VswQ.exe
- <Current directory>\AIcQ.exe
- <Current directory>\jkgI.ico
- <Current directory>\WksQ.exe
- <Current directory>\ZSUg.ico
- <Current directory>\Wgcs.exe
- <Current directory>\gasA.ico
- <Current directory>\qggy.exe
- <Current directory>\sYEg.ico
- <Current directory>\gAkA.exe
- <Current directory>\PWos.ico
- <Current directory>\JEQY.exe
- <Current directory>\QyUo.ico
- <Current directory>\iYEm.exe
- <Current directory>\XUAs.ico
- <Current directory>\kIUS.exe
- <Current directory>\UEoY.ico
- <Current directory>\XswU.exe
- <Current directory>\Pgce.exe
- <Current directory>\AkUw.ico
- <Current directory>\ZUkg.exe
- <Current directory>\mYoA.ico
- <Current directory>\zggA.exe
- %TEMP%\FygsEskI.bat
- <Current directory>\kMoA.ico
- <Current directory>\Zugg.ico
- <Current directory>\TIAu.exe
- <Current directory>\EGko.ico
- <Current directory>\lEAi.exe
- <Current directory>\LkYM.exe
- %TEMP%\csYoUwIE.bat
- <Current directory>\Mmwo.ico
- <Current directory>\qEsS.exe
- <Current directory>\aYgs.ico
- <Current directory>\asMs.exe
- <Current directory>\eUMI.ico
- <Current directory>\KQcU.ico
- <Current directory>\FEkA.exe
- <Current directory>\iIcs.ico
- <Current directory>\QgEo.exe
- <Current directory>\MEAY.ico
- <Current directory>\Dwkk.exe
- <Current directory>\toIk.ico
- <Current directory>\iows.exe
- <Current directory>\YQMQ.exe
- <Current directory>\xgUi.exe
- <Current directory>\cikY.ico
- <Current directory>\pwoy.exe
- <Current directory>\OGQg.ico
- <Current directory>\YsUw.exe
- <Current directory>\IuAg.ico
- <Current directory>\JcMQ.exe
- <Current directory>\hEUc.ico
- <Current directory>\pkgQ.ico
- <Current directory>\CUUQ.ico
- <Current directory>\YUUY.exe
- <Current directory>\nAEU.ico
- <Current directory>\AUMO.exe
- <Current directory>\FAMQ.ico
- <Current directory>\hcoU.exe
- <Current directory>\JyEg.ico
- <Current directory>\WkkI.exe
- <Current directory>\UgkO.exe
- <Current directory>\xmsg.ico
- <Current directory>\Zgom.exe
- <Current directory>\GcQM.ico
- <Current directory>\koMa.exe
- <Current directory>\tacQ.ico
- <Current directory>\pIky.exe
- <Current directory>\yWsI.ico
- <Current directory>\Qykw.ico
- <Current directory>\tAMQ.exe
- %TEMP%\HgUUQIoQ.bat
- <Current directory>\Uosc.exe
- <Current directory>\uqoo.ico
- <Current directory>\qkoo.ico
- <Current directory>\pgcw.exe
- <Current directory>\BiYI.ico
- <Current directory>\sEEM.exe
- from C:\RCX129F.tmp to <Current directory>\soQE.exe
- from C:\RCX11E2.tmp to <Current directory>\hEAK.exe
- from C:\RCX16A6.tmp to <Current directory>\eUQA.exe
- from C:\RCX13E7.tmp to <Current directory>\BcYW.exe
- from C:\RCXCE0.tmp to <Current directory>\ZIIw.exe
- from C:\RCXB98.tmp to <Current directory>\dQIK.exe
- from C:\RCX1136.tmp to <Current directory>\cAge.exe
- from C:\RCX102C.tmp to <Current directory>\YYoW.exe
- from C:\RCX21C4.tmp to <Current directory>\lIga.exe
- from C:\RCX1FC0.tmp to <Current directory>\MUEu.exe
- from C:\RCX2455.tmp to <Current directory>\gcIm.exe
- from C:\RCX231C.tmp to <Current directory>\KYgq.exe
- from C:\RCX1B69.tmp to <Current directory>\vEAe.exe
- from C:\RCX1A30.tmp to <Current directory>\zcsu.exe
- from C:\RCX1ED5.tmp to <Current directory>\fkok.exe
- from C:\RCX1DEA.tmp to <Current directory>\xscy.exe
- from C:\RCXEF46.tmp to <Current directory>\UIIe.exe
- from C:\RCXEE6B.tmp to <Current directory>\ZEYK.exe
- from C:\RCXF715.tmp to <Current directory>\Dgos.exe
- from C:\RCXF5EC.tmp to <Current directory>\ggkM.exe
- from C:\RCXE89E.tmp to <Current directory>\SoUU.exe
- from C:\RCXE717.tmp to <Current directory>\nIwc.exe
- from C:\RCXEB2F.tmp to <Current directory>\acoi.exe
- from C:\RCXEA15.tmp to <Current directory>\WAEK.exe
- from C:\RCX2ED.tmp to <Current directory>\qgQM.exe
- from C:\RCXEA.tmp to <Current directory>\ksAu.exe
- from C:\RCXA11.tmp to <Current directory>\yowA.exe
- from C:\RCX3F8.tmp to <Current directory>\jAQG.exe
- from C:\RCXFC26.tmp to <Current directory>\MEUO.exe
- from C:\RCXF938.tmp to <Current directory>\bMco.exe
- from C:\RCXFF91.tmp to <Current directory>\aYIG.exe
- from C:\RCXFDBC.tmp to <Current directory>\Nsgw.exe
- from C:\RCX2659.tmp to <Current directory>\McoQ.exe
- from C:\RCX4988.tmp to <Current directory>\lQsO.exe
- from C:\RCX4784.tmp to <Current directory>\NsEs.exe
- from C:\RCX4C19.tmp to <Current directory>\jwEU.exe
- from C:\RCX4A54.tmp to <Current directory>\rAoO.exe
- from C:\RCX434D.tmp to <Current directory>\DkkQ.exe
- from C:\RCX4159.tmp to <Current directory>\BkIi.exe
- from C:\RCX462C.tmp to <Current directory>\pokA.exe
- from C:\RCX4486.tmp to <Current directory>\qUYM.exe
- from C:\RCX54D6.tmp to <Current directory>\kUgM.exe
- from C:\RCX53AD.tmp to <Current directory>\Sogy.exe
- from C:\RCX5803.tmp to <Current directory>\ygwk.exe
- from C:\RCX568C.tmp to <Current directory>\QoAg.exe
- from C:\RCX4F37.tmp to <Current directory>\OYAu.exe
- from C:\RCX4DFE.tmp to <Current directory>\XIwI.exe
- from C:\RCX5235.tmp to <Current directory>\rQwK.exe
- from C:\RCX509F.tmp to <Current directory>\yMks.exe
- from C:\RCX30F9.tmp to <Current directory>\aIkg.exe
- from C:\RCX2FEF.tmp to <Current directory>\MQkA.exe
- from C:\RCX3445.tmp to <Current directory>\jsIy.exe
- from C:\RCX329F.tmp to <Current directory>\BUsg.exe
- from C:\RCX29D4.tmp to <Current directory>\dAkk.exe
- from C:\RCX28BA.tmp to <Current directory>\EgIA.exe
- from C:\RCX2DBC.tmp to <Current directory>\tMgG.exe
- from C:\RCX2ADE.tmp to <Current directory>\nMIo.exe
- from C:\RCX3AFF.tmp to <Current directory>\aMIW.exe
- from C:\RCX3A34.tmp to <Current directory>\iwIy.exe
- from C:\RCX3E6B.tmp to <Current directory>\EQca.exe
- from C:\RCX3C0A.tmp to <Current directory>\OQEO.exe
- from C:\RCX3763.tmp to <Current directory>\sscY.exe
- from C:\RCX359E.tmp to <Current directory>\vUUu.exe
- from C:\RCX3997.tmp to <Current directory>\kkYg.exe
- from C:\RCX38AC.tmp to <Current directory>\Lkoa.exe
- from C:\RCXE477.tmp to <Current directory>\qEsS.exe
- from C:\RCX8606.tmp to <Current directory>\tgws.exe
- from C:\RCX851B.tmp to <Current directory>\jUsY.exe
- from C:\RCX8981.tmp to <Current directory>\wAsA.exe
- from C:\RCX87EA.tmp to <Current directory>\zAUA.exe
- from C:\RCX7FCA.tmp to <Current directory>\BsIo.exe
- from C:\RCX7D2B.tmp to <Current directory>\iUoe.exe
- from C:\RCX8374.tmp to <Current directory>\GQsi.exe
- from C:\RCX820D.tmp to <Current directory>\bscg.exe
- from C:\RCX9682.tmp to <Current directory>\zsIi.exe
- from C:\RCX943F.tmp to <Current directory>\WYYi.exe
- from C:\RCX99AF.tmp to <Current directory>\osos.exe
- from C:\RCX972E.tmp to <Current directory>\ukgu.exe
- from C:\RCX8E44.tmp to <Current directory>\QEQi.exe
- from C:\RCX8B46.tmp to <Current directory>\PgQK.exe
- from C:\RCX927A.tmp to <Current directory>\AUsm.exe
- from C:\RCX9009.tmp to <Current directory>\IEYq.exe
- from C:\RCX59F6.tmp to <Current directory>\KkIQ.exe
- from C:\RCX5747.tmp to <Current directory>\LgQg.exe
- from C:\RCX678F.tmp to <Current directory>\WksQ.exe
- from C:\RCX64EF.tmp to <Current directory>\ooMi.exe
- from C:\RCX4F87.tmp to <Current directory>\joYi.exe
- from C:\RCX4BCE.tmp to <Current directory>\sgoO.exe
- from C:\RCX52D3.tmp to <Current directory>\uosQ.exe
- from C:\RCX5091.tmp to <Current directory>\HQgE.exe
- from C:\RCX7126.tmp to <Current directory>\nsII.exe
- from C:\RCX702C.tmp to <Current directory>\qcAO.exe
- from C:\RCX7AD9.tmp to <Current directory>\yMAo.exe
- from C:\RCX7839.tmp to <Current directory>\eYkK.exe
- from C:\RCX6AFB.tmp to <Current directory>\qggy.exe
- from C:\RCX69B2.tmp to <Current directory>\AIcQ.exe
- from C:\RCX6EC4.tmp to <Current directory>\VswQ.exe
- from C:\RCX6D0E.tmp to <Current directory>\Wgcs.exe
- from C:\RCX9BC2.tmp to <Current directory>\gAkA.exe
- from C:\RCXC7D8.tmp to <Current directory>\iYEm.exe
- from C:\RCXC538.tmp to <Current directory>\Pgce.exe
- from C:\RCXCEEB.tmp to <Current directory>\XswU.exe
- from C:\RCXCDA3.tmp to <Current directory>\JEQY.exe
- from C:\RCXC1FA.tmp to <Current directory>\zggA.exe
- from C:\RCXC13E.tmp to <Current directory>\YQMQ.exe
- from C:\RCXC3B1.tmp to <Current directory>\TIAu.exe
- from C:\RCXC2F5.tmp to <Current directory>\ZUkg.exe
- from C:\RCXDB31.tmp to <Current directory>\LkYM.exe
- from C:\RCXD881.tmp to <Current directory>\Dwkk.exe
- from C:\RCXDD84.tmp to <Current directory>\asMs.exe
- from C:\RCXDC0C.tmp to <Current directory>\lEAi.exe
- from C:\RCXD331.tmp to <Current directory>\QgEo.exe
- from C:\RCXD1AA.tmp to <Current directory>\kIUS.exe
- from C:\RCXD6DB.tmp to <Current directory>\iows.exe
- from C:\RCXD499.tmp to <Current directory>\FEkA.exe
- from C:\RCXA48F.tmp to <Current directory>\xgUi.exe
- from C:\RCXA356.tmp to <Current directory>\pwoy.exe
- from C:\RCXA78D.tmp to <Current directory>\YsUw.exe
- from C:\RCXA55B.tmp to <Current directory>\JcMQ.exe
- from C:\RCX9E34.tmp to <Current directory>\YUUY.exe
- from C:\RCX9CDC.tmp to <Current directory>\AUMO.exe
- from C:\RCXA1BF.tmp to <Current directory>\hcoU.exe
- from C:\RCX9F00.tmp to <Current directory>\WkkI.exe
- from C:\RCXB96E.tmp to <Current directory>\UgkO.exe
- from C:\RCXB123.tmp to <Current directory>\Zgom.exe
- from C:\RCXBF69.tmp to <Current directory>\koMa.exe
- from C:\RCXBCC9.tmp to <Current directory>\pIky.exe
- from C:\RCXAB76.tmp to <Current directory>\tAMQ.exe
- from C:\RCXA905.tmp to <Current directory>\Uosc.exe
- from C:\RCXB019.tmp to <Current directory>\pgcw.exe
- from C:\RCXAE44.tmp to <Current directory>\sEEM.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'GocwIYEU.exe'
- ClassName: '' WindowName: 'rSYkcwMw.exe'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''