Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\DkssYUIE.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=0xb10 /log
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' /pid=0xadc /log
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\VqsYkEoE.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' 0xa2c cscript.exe
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' /pid=0xa2c /log
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' /pid=0x9ac /log
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' 0x684 cscript.exe
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' /pid=0x7d0 /log
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- <Current directory>\sgoI.ico
- <Current directory>\aMYO.exe
- C:\RCXC9CA.tmp
- <Current directory>\FgYE.ico
- <Current directory>\RIYO.exe
- C:\RCXC8A0.tmp
- <Current directory>\zmgs.ico
- <Current directory>\fooS.exe
- C:\RCXCCA9.tmp
- <Current directory>\meYk.ico
- <Current directory>\oQwq.exe
- C:\RCXCB41.tmp
- C:\RCXC748.tmp
- C:\RCXC2C3.tmp
- <Current directory>\taEw.ico
- <Current directory>\JgMe.exe
- C:\RCXC14B.tmp
- <Current directory>\hmUA.ico
- <Current directory>\jccs.exe
- C:\RCXC65D.tmp
- <Current directory>\KWAo.ico
- <Current directory>\zcYM.exe
- C:\RCXC4D6.tmp
- <Current directory>\KksA.ico
- <Current directory>\eAEM.exe
- <Current directory>\HMks.ico
- <Current directory>\XoEE.ico
- <Current directory>\Kcki.exe
- C:\RCXD7E5.tmp
- <Current directory>\xOYE.ico
- <Current directory>\Zkcw.exe
- C:\RCXD507.tmp
- <Current directory>\QYMU.ico
- <Current directory>\skkC.exe
- C:\RCXDA76.tmp
- <Current directory>\rUsA.ico
- <Current directory>\DEQa.exe
- C:\RCXD8FF.tmp
- C:\RCXD3AF.tmp
- %TEMP%\zgAUQcMQ.bat
- <Current directory>\FUsW.exe
- C:\RCXCF3A.tmp
- <Current directory>\cAIY.exe
- C:\RCXCE11.tmp
- <Current directory>\IgEM.ico
- C:\RCXD1E9.tmp
- <Current directory>\cMoY.ico
- <Current directory>\MgQq.exe
- <Current directory>\jKsE.ico
- <Current directory>\rsMs.exe
- %TEMP%\DaEYcoww.bat
- <Current directory>\JMUy.exe
- <Current directory>\oAoA.exe
- C:\RCXB0EB.tmp
- <Current directory>\laYs.ico
- <Current directory>\IYsI.exe
- C:\RCXAFE1.tmp
- <Current directory>\UCAI.ico
- <Current directory>\KMUA.exe
- C:\RCXB3AB.tmp
- <Current directory>\wGoU.ico
- <Current directory>\xkEG.exe
- C:\RCXB1D6.tmp
- <Current directory>\mkwg.ico
- <Current directory>\FysU.ico
- <Current directory>\BYMi.exe
- C:\RCXAAB0.tmp
- %TEMP%\DkssYUIE.bat
- C:\RCXA717.tmp
- %TEMP%\QWcsEUQs.bat
- <Current directory>\agAU.ico
- <Current directory>\nQoU.ico
- <Current directory>\voom.exe
- C:\RCXAE6A.tmp
- <Current directory>\NAIY.ico
- <Current directory>\JsIA.exe
- C:\RCXACA4.tmp
- <Current directory>\woQQ.exe
- C:\RCXBBDC.tmp
- <Current directory>\fuIw.ico
- <Current directory>\zUgQ.exe
- <Current directory>\GyYM.ico
- %TEMP%\zwYIMkUA.bat
- <Current directory>\rMoO.exe
- <Current directory>\Bwsm.exe
- C:\RCXBFF3.tmp
- <Current directory>\xoIg.ico
- %TEMP%\tkoIYMEQ.bat
- C:\RCXBD44.tmp
- <Current directory>\RqEE.ico
- C:\RCXB98A.tmp
- C:\RCXB5C0.tmp
- <Current directory>\OOcE.ico
- <Current directory>\JQos.exe
- C:\RCXB504.tmp
- <Current directory>\WgUM.ico
- <Current directory>\Kook.exe
- C:\RCXB7D4.tmp
- <Current directory>\JEoo.ico
- <Current directory>\VIsO.exe
- C:\RCXB66C.tmp
- <Current directory>\HgEM.ico
- <Current directory>\foYY.exe
- <Current directory>\kiQI.ico
- <Current directory>\qysk.ico
- <Current directory>\UgsC.exe
- %TEMP%\smoAUgwg.bat
- <Current directory>\uwIs.ico
- <Current directory>\jQkw.exe
- C:\RCX3FC.tmp
- C:\RCX64F.tmp
- <Current directory>\ZMEw.ico
- <Current directory>\akUu.exe
- C:\RCX555.tmp
- <Current directory>\Vgcc.ico
- <Current directory>\UEcs.exe
- C:\RCX208.tmp
- C:\RCXFBED.tmp
- <Current directory>\SCYU.ico
- <Current directory>\CQAS.exe
- C:\RCXFA09.tmp
- <Current directory>\oUUM.ico
- <Current directory>\IAom.exe
- C:\RCX52.tmp
- <Current directory>\WGYU.ico
- <Current directory>\CkMU.exe
- C:\RCXFEAC.tmp
- <Current directory>\qGgE.ico
- <Current directory>\mwcS.exe
- C:\RCX7A7.tmp
- <Current directory>\GcsU.ico
- <Current directory>\YIQw.exe
- C:\RCX10B2.tmp
- <Current directory>\lSgo.ico
- <Current directory>\ycoa.exe
- C:\RCXF3B.tmp
- <Current directory>\JCIk.ico
- <Current directory>\nUEW.exe
- C:\RCX13EF.tmp
- <Current directory>\WSEw.ico
- <Current directory>\ysQk.exe
- C:\RCX1287.tmp
- C:\RCXE21.tmp
- C:\RCXA09.tmp
- <Current directory>\WWEc.ico
- <Current directory>\OMMm.exe
- %TEMP%\VqsYkEoE.bat
- <Current directory>\PEsY.ico
- <Current directory>\Hwws.exe
- C:\RCXD07.tmp
- <Current directory>\ASAU.ico
- <Current directory>\cocK.exe
- C:\RCXB71.tmp
- <Current directory>\aOkg.ico
- <Current directory>\iccQ.exe
- <Current directory>\vkUS.exe
- <Current directory>\AgsY.exe
- %TEMP%\nEUYgYAI.bat
- C:\RCXE5B3.tmp
- <Current directory>\QcMI.exe
- C:\RCXE4B8.tmp
- <Current directory>\gWww.ico
- <Current directory>\aUkg.ico
- <Current directory>\ewIg.exe
- C:\RCXE98C.tmp
- <Current directory>\OakY.ico
- <Current directory>\GswW.exe
- C:\RCXE797.tmp
- <Current directory>\IWcA.ico
- <Current directory>\skwc.exe
- C:\RCXDD08.tmp
- <Current directory>\liUo.ico
- <Current directory>\ckcc.exe
- C:\RCXDBCF.tmp
- <Current directory>\Igcg.ico
- <Current directory>\BMsE.exe
- C:\RCXDF7A.tmp
- %TEMP%\ZUckEoQg.bat
- <Current directory>\NIcM.exe
- C:\RCXDE21.tmp
- <Current directory>\lwYI.ico
- <Current directory>\yYIE.ico
- <Current directory>\LIsw.exe
- C:\RCXF3EE.tmp
- <Current directory>\UsAS.exe
- C:\RCXF209.tmp
- <Current directory>\zKsQ.ico
- %TEMP%\cIQUcIAo.bat
- <Current directory>\RYok.exe
- C:\RCXF73A.tmp
- <Current directory>\nWQU.ico
- %TEMP%\boIcQAcE.bat
- C:\RCXF601.tmp
- <Current directory>\fSUI.ico
- <Current directory>\LQcO.exe
- <Current directory>\RcMc.exe
- C:\RCXECC8.tmp
- <Current directory>\MugQ.ico
- <Current directory>\mMsk.exe
- C:\RCXEB41.tmp
- <Current directory>\YmgA.ico
- <Current directory>\jsQa.exe
- C:\RCXF024.tmp
- <Current directory>\POMg.ico
- <Current directory>\cMQo.exe
- C:\RCXEDF2.tmp
- <Current directory>\XQAw.ico
- <Current directory>\Ogwk.exe
- <Current directory>\BwMo.ico
- <Current directory>\gIYg.exe
- <Auxiliary element>
- <Current directory>\FuAY.ico
- <Current directory>\RYcS.exe
- C:\RCX4AB8.tmp
- C:\RCX4F1D.tmp
- <Current directory>\xaUg.ico
- <Current directory>\JcwU.exe
- C:\RCX4B84.tmp
- <Current directory>\joQg.ico
- <Current directory>\HUMY.exe
- C:\RCX49BD.tmp
- %TEMP%\ceQIUwAg.bat
- <Current directory>\UUgO.exe
- C:\RCX450A.tmp
- <Current directory>\AgEO.exe
- C:\RCX43F0.tmp
- <Current directory>\OaIk.ico
- <Current directory>\ewQU.ico
- %TEMP%\XQAUMosw.bat
- <Current directory>\icMA.exe
- <Current directory>\LOow.ico
- <Current directory>\CgkQ.exe
- C:\RCX479A.tmp
- C:\RCX5102.tmp
- C:\RCX5A98.tmp
- <Current directory>\qYIs.ico
- <Current directory>\GoMc.exe
- %TEMP%\raUoUQcM.bat
- <Current directory>\DGwA.ico
- <Current directory>\MUos.exe
- C:\RCX5EED.tmp
- <Current directory>\LqIw.ico
- <Current directory>\PQYy.exe
- C:\RCX5C4E.tmp
- <Current directory>\iMAs.ico
- <Current directory>\SUAO.exe
- C:\RCX577B.tmp
- <Current directory>\kiMQ.ico
- <Current directory>\TMgi.exe
- C:\RCX5383.tmp
- <Current directory>\xCoY.ico
- <Current directory>\zYAg.exe
- C:\RCX51AE.tmp
- <Current directory>\NOgw.ico
- %TEMP%\dokAoMwg.bat
- <Current directory>\JMAs.exe
- <Current directory>\wEgw.ico
- <Current directory>\xoEU.exe
- C:\RCX5577.tmp
- <Current directory>\oGYw.ico
- C:\RCXD5A.tmp
- %TEMP%\file.vbs
- <Current directory>\jiwU.ico
- C:\RCX695.tmp
- <Current directory>\eWow.ico
- <Current directory>\pkwG.exe
- <Current directory>\zwUk.exe
- C:\RCX16CE.tmp
- <Current directory>\eGIs.ico
- <Current directory>\wIkM.exe
- C:\RCX11BE.tmp
- <Current directory>\Yyow.ico
- %TEMP%\VGIksMEI.bat
- C:\ProgramData\kaog.txt
- <Current directory>\HwoA.ico
- <Current directory>\dUQy.exe
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- <Current directory>\<Virus name>
- <Current directory>\lEUM.ico
- <Current directory>\QYEW.exe
- C:\RCX186.tmp
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- %TEMP%\jAMYQwEE.bat
- <Current directory>\TUkM.exe
- <Current directory>\tCIM.ico
- <Current directory>\bgog.exe
- C:\RCX3DE5.tmp
- <Current directory>\HeEY.ico
- <Current directory>\bMUk.exe
- C:\RCX3897.tmp
- <Current directory>\CcYE.ico
- <Current directory>\OsIg.exe
- C:\RCX42C7.tmp
- <Current directory>\VOMo.ico
- <Current directory>\qYos.exe
- C:\RCX4101.tmp
- C:\RCX3452.tmp
- C:\RCX26C7.tmp
- <Current directory>\nwwA.ico
- <Current directory>\WoEs.exe
- C:\RCX1C0D.tmp
- <Current directory>\lSIs.ico
- <Current directory>\tQoG.exe
- C:\RCX303B.tmp
- <Current directory>\hKcI.ico
- <Current directory>\ZUoE.exe
- C:\RCX2AFD.tmp
- <Current directory>\fqgw.ico
- <Current directory>\XQUa.exe
- C:\RCX6130.tmp
- <Current directory>\rIkU.ico
- <Current directory>\jEQC.exe
- C:\RCX9485.tmp
- %TEMP%\OOoAkMAE.bat
- <Current directory>\GUki.exe
- C:\RCX9272.tmp
- %TEMP%\fUsocEYE.bat
- <Current directory>\DyEw.ico
- <Current directory>\rEYO.exe
- <Current directory>\XIMs.ico
- <Current directory>\lEEK.exe
- C:\RCX9689.tmp
- <Current directory>\vWMA.ico
- <Current directory>\MyIc.ico
- <Current directory>\sIMm.exe
- C:\RCX8C66.tmp
- <Current directory>\BqkY.ico
- <Current directory>\pIoO.exe
- C:\RCX8959.tmp
- <Current directory>\EwQM.ico
- <Current directory>\IYMO.exe
- C:\RCX90BC.tmp
- <Current directory>\yMkM.ico
- <Current directory>\vcMK.exe
- C:\RCX8F16.tmp
- C:\RCX98EB.tmp
- <Current directory>\WkMA.exe
- C:\RCXA38B.tmp
- <Current directory>\eCkw.ico
- <Current directory>\SYgw.exe
- C:\RCXA178.tmp
- <Current directory>\uyMM.ico
- <Current directory>\kkky.exe
- C:\RCXA5FD.tmp
- <Current directory>\muIY.ico
- <Current directory>\iwss.exe
- C:\RCXA4D4.tmp
- <Current directory>\ukck.ico
- <Current directory>\hWoo.ico
- <Current directory>\Eisw.ico
- <Current directory>\MQMK.exe
- C:\RCX9BE9.tmp
- <Current directory>\yoYg.ico
- <Current directory>\uwok.exe
- C:\RCX9AB0.tmp
- <Current directory>\Cqwo.ico
- <Current directory>\SEsq.exe
- C:\RCX9F64.tmp
- <Current directory>\PSUY.ico
- <Current directory>\fkMc.exe
- C:\RCX9DED.tmp
- C:\RCX85EF.tmp
- %TEMP%\yOsEMkME.bat
- <Current directory>\EAUU.ico
- <Current directory>\QUkG.exe
- <Current directory>\wisc.ico
- <Current directory>\XsUY.exe
- C:\RCX6F0A.tmp
- C:\RCX71D9.tmp
- <Current directory>\Jsck.ico
- <Current directory>\NcoC.exe
- C:\RCX7072.tmp
- <Current directory>\RYMQ.ico
- <Current directory>\LQog.exe
- C:\RCX6A0A.tmp
- <Current directory>\bkow.ico
- <Current directory>\DAoo.exe
- C:\RCX6585.tmp
- <Current directory>\sGUw.ico
- <Current directory>\ekIs.exe
- C:\RCX6353.tmp
- <Current directory>\KIkg.ico
- %TEMP%\oyswooUc.bat
- <Current directory>\gsAe.exe
- <Current directory>\KIAE.ico
- <Current directory>\ukcs.exe
- C:\RCX6883.tmp
- C:\RCX73CE.tmp
- <Current directory>\iAwo.ico
- <Current directory>\FQow.exe
- C:\RCX80EE.tmp
- <Current directory>\FwEg.exe
- C:\RCX7E00.tmp
- %TEMP%\yQAEkMQY.bat
- %TEMP%\LakIgsUQ.bat
- <Current directory>\MEgA.ico
- <Current directory>\XUMA.exe
- <Current directory>\DSIM.ico
- <Current directory>\WogW.exe
- C:\RCX8301.tmp
- <Current directory>\aOwo.ico
- <Current directory>\pQow.ico
- <Current directory>\dokC.exe
- C:\RCX77E5.tmp
- <Current directory>\pcYQ.ico
- <Current directory>\lQYa.exe
- C:\RCX767D.tmp
- <Current directory>\eEAQ.ico
- <Current directory>\HUMe.exe
- C:\RCX7BFC.tmp
- <Current directory>\lQAo.ico
- <Current directory>\RwMO.exe
- C:\RCX78A1.tmp
- <Current directory>\sgoI.ico
- <Current directory>\aMYO.exe
- <Current directory>\FgYE.ico
- <Current directory>\RIYO.exe
- <Current directory>\zmgs.ico
- <Current directory>\fooS.exe
- <Current directory>\meYk.ico
- <Current directory>\oQwq.exe
- <Current directory>\taEw.ico
- <Current directory>\JgMe.exe
- <Current directory>\hmUA.ico
- <Current directory>\jccs.exe
- <Current directory>\KWAo.ico
- <Current directory>\zcYM.exe
- <Current directory>\KksA.ico
- <Current directory>\eAEM.exe
- <Current directory>\HMks.ico
- <Current directory>\XoEE.ico
- <Current directory>\Kcki.exe
- <Current directory>\xOYE.ico
- <Current directory>\Zkcw.exe
- <Current directory>\QYMU.ico
- <Current directory>\skkC.exe
- <Current directory>\rUsA.ico
- <Current directory>\DEQa.exe
- <Current directory>\FUsW.exe
- %TEMP%\zgAUQcMQ.bat
- <Current directory>\cAIY.exe
- <Current directory>\IgEM.ico
- <Current directory>\cMoY.ico
- <Current directory>\MgQq.exe
- <Current directory>\jKsE.ico
- <Current directory>\rsMs.exe
- <Current directory>\JMUy.exe
- <Current directory>\laYs.ico
- <Current directory>\xkEG.exe
- <Current directory>\UCAI.ico
- <Current directory>\oAoA.exe
- <Current directory>\wGoU.ico
- <Current directory>\woQQ.exe
- <Current directory>\mkwg.ico
- <Current directory>\KMUA.exe
- <Current directory>\NAIY.ico
- <Current directory>\JsIA.exe
- <Current directory>\agAU.ico
- <Current directory>\BYMi.exe
- <Current directory>\FysU.ico
- <Current directory>\IYsI.exe
- <Current directory>\nQoU.ico
- <Current directory>\voom.exe
- <Current directory>\WgUM.ico
- %TEMP%\zwYIMkUA.bat
- <Current directory>\fuIw.ico
- <Current directory>\GyYM.ico
- <Current directory>\rMoO.exe
- <Current directory>\Bwsm.exe
- <Current directory>\xoIg.ico
- <Current directory>\zUgQ.exe
- <Current directory>\RqEE.ico
- <Current directory>\JQos.exe
- <Current directory>\HgEM.ico
- <Current directory>\Kook.exe
- <Current directory>\OOcE.ico
- <Current directory>\VIsO.exe
- %TEMP%\DkssYUIE.bat
- <Current directory>\foYY.exe
- <Current directory>\JEoo.ico
- <Current directory>\kiQI.ico
- <Current directory>\jQkw.exe
- %TEMP%\boIcQAcE.bat
- <Current directory>\CkMU.exe
- <Current directory>\uwIs.ico
- %TEMP%\smoAUgwg.bat
- <Current directory>\Vgcc.ico
- <Current directory>\qysk.ico
- <Current directory>\UgsC.exe
- <Current directory>\IAom.exe
- <Current directory>\SCYU.ico
- <Current directory>\vkUS.exe
- <Current directory>\oUUM.ico
- <Current directory>\mwcS.exe
- <Current directory>\WGYU.ico
- <Current directory>\CQAS.exe
- <Current directory>\qGgE.ico
- <Current directory>\UEcs.exe
- <Current directory>\lSgo.ico
- <Current directory>\ycoa.exe
- <Current directory>\ASAU.ico
- <Current directory>\cocK.exe
- <Current directory>\WSEw.ico
- <Current directory>\ysQk.exe
- <Current directory>\GcsU.ico
- <Current directory>\YIQw.exe
- <Current directory>\PEsY.ico
- <Current directory>\Hwws.exe
- <Current directory>\ZMEw.ico
- <Current directory>\akUu.exe
- <Current directory>\aOkg.ico
- <Current directory>\iccQ.exe
- <Current directory>\WWEc.ico
- <Current directory>\OMMm.exe
- <Current directory>\nWQU.ico
- <Current directory>\QcMI.exe
- <Current directory>\gWww.ico
- %TEMP%\ZUckEoQg.bat
- <Current directory>\IWcA.ico
- <Current directory>\GswW.exe
- <Current directory>\aUkg.ico
- <Current directory>\AgsY.exe
- <Current directory>\OakY.ico
- <Current directory>\skwc.exe
- <Current directory>\liUo.ico
- <Current directory>\ckcc.exe
- <Current directory>\Igcg.ico
- <Current directory>\lwYI.ico
- <Current directory>\BMsE.exe
- <Current directory>\NIcM.exe
- %TEMP%\DaEYcoww.bat
- <Current directory>\ewIg.exe
- <Current directory>\zKsQ.ico
- <Current directory>\LIsw.exe
- <Current directory>\POMg.ico
- <Current directory>\LQcO.exe
- <Current directory>\fSUI.ico
- <Current directory>\RYok.exe
- %TEMP%\cIQUcIAo.bat
- <Current directory>\UsAS.exe
- <Current directory>\YmgA.ico
- <Current directory>\RcMc.exe
- <Current directory>\yYIE.ico
- <Current directory>\mMsk.exe
- <Current directory>\XQAw.ico
- <Current directory>\jsQa.exe
- <Current directory>\MugQ.ico
- <Current directory>\cMQo.exe
- <Current directory>\xaUg.ico
- <Current directory>\JcwU.exe
- <Current directory>\joQg.ico
- <Current directory>\HUMY.exe
- <Current directory>\kiMQ.ico
- <Current directory>\TMgi.exe
- <Current directory>\xCoY.ico
- <Current directory>\zYAg.exe
- <Current directory>\ewQU.ico
- <Current directory>\icMA.exe
- <Current directory>\LOow.ico
- <Current directory>\CgkQ.exe
- <Current directory>\BwMo.ico
- <Current directory>\gIYg.exe
- <Current directory>\FuAY.ico
- <Current directory>\RYcS.exe
- <Current directory>\wEgw.ico
- <Current directory>\LqIw.ico
- <Current directory>\PQYy.exe
- <Current directory>\iMAs.ico
- <Current directory>\SUAO.exe
- <Current directory>\bkow.ico
- <Current directory>\DAoo.exe
- <Current directory>\sGUw.ico
- <Current directory>\ekIs.exe
- <Current directory>\NOgw.ico
- <Current directory>\JMAs.exe
- <Current directory>\xoEU.exe
- %TEMP%\dokAoMwg.bat
- <Current directory>\qYIs.ico
- <Current directory>\GoMc.exe
- <Current directory>\DGwA.ico
- <Current directory>\MUos.exe
- %TEMP%\ceQIUwAg.bat
- <Current directory>\zwUk.exe
- <Current directory>\eGIs.ico
- <Current directory>\wIkM.exe
- <Current directory>\Yyow.ico
- <Current directory>\tQoG.exe
- <Current directory>\nwwA.ico
- <Current directory>\TUkM.exe
- <Current directory>\lSIs.ico
- %TEMP%\jAMYQwEE.bat
- <Current directory>\lEUM.ico
- <Current directory>\HwoA.ico
- <Current directory>\dUQy.exe
- <Current directory>\pkwG.exe
- <Current directory>\jiwU.ico
- <Current directory>\QYEW.exe
- <Current directory>\eWow.ico
- <Current directory>\WoEs.exe
- <Current directory>\CcYE.ico
- <Current directory>\OsIg.exe
- <Current directory>\VOMo.ico
- <Current directory>\qYos.exe
- <Current directory>\OaIk.ico
- <Current directory>\UUgO.exe
- <Current directory>\oGYw.ico
- <Current directory>\AgEO.exe
- <Current directory>\hKcI.ico
- <Current directory>\ZUoE.exe
- <Current directory>\fqgw.ico
- <Current directory>\XQUa.exe
- <Current directory>\tCIM.ico
- <Current directory>\bgog.exe
- <Current directory>\HeEY.ico
- <Current directory>\bMUk.exe
- <Current directory>\KIAE.ico
- <Current directory>\lEEK.exe
- <Current directory>\DyEw.ico
- <Current directory>\jEQC.exe
- <Current directory>\XIMs.ico
- <Current directory>\uwok.exe
- <Current directory>\Eisw.ico
- <Current directory>\rEYO.exe
- <Current directory>\yoYg.ico
- <Current directory>\IYMO.exe
- <Current directory>\vWMA.ico
- <Current directory>\vcMK.exe
- <Current directory>\EwQM.ico
- %TEMP%\LakIgsUQ.bat
- <Current directory>\rIkU.ico
- <Current directory>\GUki.exe
- %TEMP%\OOoAkMAE.bat
- <Current directory>\MQMK.exe
- <Current directory>\ukck.ico
- <Current directory>\kkky.exe
- <Current directory>\eCkw.ico
- <Current directory>\iwss.exe
- <Current directory>\Ogwk.exe
- %TEMP%\QWcsEUQs.bat
- %TEMP%\fUsocEYE.bat
- <Current directory>\muIY.ico
- <Current directory>\Cqwo.ico
- <Current directory>\SEsq.exe
- <Current directory>\PSUY.ico
- <Current directory>\fkMc.exe
- <Current directory>\uyMM.ico
- <Current directory>\WkMA.exe
- <Current directory>\hWoo.ico
- <Current directory>\SYgw.exe
- <Current directory>\yMkM.ico
- <Current directory>\Jsck.ico
- <Current directory>\NcoC.exe
- <Current directory>\RYMQ.ico
- <Current directory>\LQog.exe
- <Current directory>\pQow.ico
- <Current directory>\dokC.exe
- <Current directory>\pcYQ.ico
- <Current directory>\lQYa.exe
- <Current directory>\gsAe.exe
- %TEMP%\oyswooUc.bat
- <Current directory>\ukcs.exe
- <Current directory>\KIkg.ico
- <Current directory>\EAUU.ico
- <Current directory>\QUkG.exe
- <Current directory>\wisc.ico
- <Current directory>\XsUY.exe
- <Current directory>\lQAo.ico
- <Current directory>\MEgA.ico
- <Current directory>\XUMA.exe
- <Current directory>\DSIM.ico
- <Current directory>\WogW.exe
- <Current directory>\MyIc.ico
- <Current directory>\sIMm.exe
- <Current directory>\BqkY.ico
- <Current directory>\pIoO.exe
- <Current directory>\HUMe.exe
- <Current directory>\aOwo.ico
- <Current directory>\RwMO.exe
- <Current directory>\eEAQ.ico
- <Current directory>\iAwo.ico
- <Current directory>\FQow.exe
- <Current directory>\FwEg.exe
- %TEMP%\yQAEkMQY.bat
- from C:\RCXC9CA.tmp to <Current directory>\aMYO.exe
- from C:\RCXCB41.tmp to <Current directory>\oQwq.exe
- from C:\RCXCCA9.tmp to <Current directory>\fooS.exe
- from C:\RCXC8A0.tmp to <Current directory>\RIYO.exe
- from C:\RCXC4D6.tmp to <Current directory>\JgMe.exe
- from C:\RCXC65D.tmp to <Current directory>\eAEM.exe
- from C:\RCXC748.tmp to <Current directory>\zcYM.exe
- from C:\RCXCE11.tmp to <Current directory>\cAIY.exe
- from C:\RCXD7E5.tmp to <Current directory>\Kcki.exe
- from C:\RCXD8FF.tmp to <Current directory>\DEQa.exe
- from C:\RCXDA76.tmp to <Current directory>\skkC.exe
- from C:\RCXD507.tmp to <Current directory>\Zkcw.exe
- from C:\RCXCF3A.tmp to <Current directory>\FUsW.exe
- from C:\RCXD1E9.tmp to <Current directory>\rsMs.exe
- from C:\RCXD3AF.tmp to <Current directory>\MgQq.exe
- from C:\RCXC2C3.tmp to <Current directory>\jccs.exe
- from C:\RCXB1D6.tmp to <Current directory>\xkEG.exe
- from C:\RCXB3AB.tmp to <Current directory>\KMUA.exe
- from C:\RCXB504.tmp to <Current directory>\woQQ.exe
- from C:\RCXB0EB.tmp to <Current directory>\oAoA.exe
- from C:\RCXACA4.tmp to <Current directory>\JsIA.exe
- from C:\RCXAE6A.tmp to <Current directory>\voom.exe
- from C:\RCXAFE1.tmp to <Current directory>\IYsI.exe
- from C:\RCXB5C0.tmp to <Current directory>\Kook.exe
- from C:\RCXBD44.tmp to <Current directory>\zUgQ.exe
- from C:\RCXBFF3.tmp to <Current directory>\Bwsm.exe
- from C:\RCXC14B.tmp to <Current directory>\JMUy.exe
- from C:\RCXBBDC.tmp to <Current directory>\rMoO.exe
- from C:\RCXB66C.tmp to <Current directory>\JQos.exe
- from C:\RCXB7D4.tmp to <Current directory>\foYY.exe
- from C:\RCXB98A.tmp to <Current directory>\VIsO.exe
- from C:\RCXDBCF.tmp to <Current directory>\ckcc.exe
- from C:\RCX3FC.tmp to <Current directory>\jQkw.exe
- from C:\RCX555.tmp to <Current directory>\UgsC.exe
- from C:\RCX64F.tmp to <Current directory>\UEcs.exe
- from C:\RCX208.tmp to <Current directory>\CkMU.exe
- from C:\RCXFBED.tmp to <Current directory>\IAom.exe
- from C:\RCXFEAC.tmp to <Current directory>\CQAS.exe
- from C:\RCX52.tmp to <Current directory>\mwcS.exe
- from C:\RCX7A7.tmp to <Current directory>\akUu.exe
- from C:\RCXF3B.tmp to <Current directory>\ycoa.exe
- from C:\RCX10B2.tmp to <Current directory>\YIQw.exe
- from C:\RCX1287.tmp to <Current directory>\ysQk.exe
- from C:\RCXE21.tmp to <Current directory>\cocK.exe
- from C:\RCXA09.tmp to <Current directory>\Hwws.exe
- from C:\RCXB71.tmp to <Current directory>\OMMm.exe
- from C:\RCXD07.tmp to <Current directory>\iccQ.exe
- from C:\RCXFA09.tmp to <Current directory>\vkUS.exe
- from C:\RCXE5B3.tmp to <Current directory>\AgsY.exe
- from C:\RCXE797.tmp to <Current directory>\GswW.exe
- from C:\RCXE98C.tmp to <Current directory>\ewIg.exe
- from C:\RCXE4B8.tmp to <Current directory>\QcMI.exe
- from C:\RCXDD08.tmp to <Current directory>\skwc.exe
- from C:\RCXDE21.tmp to <Current directory>\NIcM.exe
- from C:\RCXDF7A.tmp to <Current directory>\BMsE.exe
- from C:\RCXEB41.tmp to <Current directory>\mMsk.exe
- from C:\RCXF3EE.tmp to <Current directory>\LIsw.exe
- from C:\RCXF601.tmp to <Current directory>\UsAS.exe
- from C:\RCXF73A.tmp to <Current directory>\RYok.exe
- from C:\RCXF209.tmp to <Current directory>\LQcO.exe
- from C:\RCXECC8.tmp to <Current directory>\RcMc.exe
- from C:\RCXEDF2.tmp to <Current directory>\cMQo.exe
- from C:\RCXF024.tmp to <Current directory>\jsQa.exe
- from C:\RCXAAB0.tmp to <Current directory>\BYMi.exe
- from C:\RCX4F1D.tmp to <Current directory>\HUMY.exe
- from C:\RCX5102.tmp to <Current directory>\JcwU.exe
- from C:\RCX51AE.tmp to <Current directory>\zYAg.exe
- from C:\RCX4B84.tmp to <Current directory>\gIYg.exe
- from C:\RCX479A.tmp to <Current directory>\CgkQ.exe
- from C:\RCX49BD.tmp to <Current directory>\icMA.exe
- from C:\RCX4AB8.tmp to <Current directory>\RYcS.exe
- from C:\RCX5383.tmp to <Current directory>\TMgi.exe
- from C:\RCX5EED.tmp to <Current directory>\SUAO.exe
- from C:\RCX6130.tmp to <Current directory>\PQYy.exe
- from C:\RCX6353.tmp to <Current directory>\ekIs.exe
- from C:\RCX5C4E.tmp to <Current directory>\GoMc.exe
- from C:\RCX5577.tmp to <Current directory>\xoEU.exe
- from C:\RCX577B.tmp to <Current directory>\JMAs.exe
- from C:\RCX5A98.tmp to <Current directory>\MUos.exe
- from C:\RCX450A.tmp to <Current directory>\UUgO.exe
- from C:\RCX16CE.tmp to <Current directory>\zwUk.exe
- from C:\RCX1C0D.tmp to <Current directory>\TUkM.exe
- from C:\RCX26C7.tmp to <Current directory>\tQoG.exe
- from C:\RCX11BE.tmp to <Current directory>\wIkM.exe
- from C:\RCX186.tmp to <Current directory>\dUQy.exe
- from C:\RCX695.tmp to <Current directory>\QYEW.exe
- from C:\RCXD5A.tmp to <Current directory>\pkwG.exe
- from C:\RCX2AFD.tmp to <Current directory>\WoEs.exe
- from C:\RCX4101.tmp to <Current directory>\qYos.exe
- from C:\RCX42C7.tmp to <Current directory>\OsIg.exe
- from C:\RCX43F0.tmp to <Current directory>\AgEO.exe
- from C:\RCX3DE5.tmp to <Current directory>\bgog.exe
- from C:\RCX303B.tmp to <Current directory>\XQUa.exe
- from C:\RCX3452.tmp to <Current directory>\ZUoE.exe
- from C:\RCX3897.tmp to <Current directory>\bMUk.exe
- from C:\RCX6585.tmp to <Current directory>\DAoo.exe
- from C:\RCX9689.tmp to <Current directory>\lEEK.exe
- from C:\RCX98EB.tmp to <Current directory>\rEYO.exe
- from C:\RCX9AB0.tmp to <Current directory>\uwok.exe
- from C:\RCX9485.tmp to <Current directory>\jEQC.exe
- from C:\RCX8F16.tmp to <Current directory>\vcMK.exe
- from C:\RCX90BC.tmp to <Current directory>\IYMO.exe
- from C:\RCX9272.tmp to <Current directory>\GUki.exe
- from C:\RCX9BE9.tmp to <Current directory>\MQMK.exe
- from C:\RCXA4D4.tmp to <Current directory>\iwss.exe
- from C:\RCXA5FD.tmp to <Current directory>\kkky.exe
- from C:\RCXA717.tmp to <Current directory>\Ogwk.exe
- from C:\RCXA38B.tmp to <Current directory>\WkMA.exe
- from C:\RCX9DED.tmp to <Current directory>\fkMc.exe
- from C:\RCX9F64.tmp to <Current directory>\SEsq.exe
- from C:\RCXA178.tmp to <Current directory>\SYgw.exe
- from C:\RCX8C66.tmp to <Current directory>\sIMm.exe
- from C:\RCX71D9.tmp to <Current directory>\LQog.exe
- from C:\RCX73CE.tmp to <Current directory>\NcoC.exe
- from C:\RCX767D.tmp to <Current directory>\lQYa.exe
- from C:\RCX7072.tmp to <Current directory>\QUkG.exe
- from C:\RCX6883.tmp to <Current directory>\ukcs.exe
- from C:\RCX6A0A.tmp to <Current directory>\gsAe.exe
- from C:\RCX6F0A.tmp to <Current directory>\XsUY.exe
- from C:\RCX77E5.tmp to <Current directory>\dokC.exe
- from C:\RCX8301.tmp to <Current directory>\WogW.exe
- from C:\RCX85EF.tmp to <Current directory>\XUMA.exe
- from C:\RCX8959.tmp to <Current directory>\pIoO.exe
- from C:\RCX80EE.tmp to <Current directory>\FQow.exe
- from C:\RCX78A1.tmp to <Current directory>\RwMO.exe
- from C:\RCX7BFC.tmp to <Current directory>\HUMe.exe
- from C:\RCX7E00.tmp to <Current directory>\FwEg.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'GocwIYEU.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'rSYkcwMw.exe'