Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\reg.exe' 0x82c cscript.exe
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\xOMcUcEo.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=0x56c /log
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\reg.exe' /pid=0x238 /log
- '<SYSTEM32>\reg.exe' 0x238 <Virus name>.exe
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\IEUgIoYk.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\qSkgEsMY.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=0x56c /log
- '<SYSTEM32>\reg.exe' /pid=0xb08 /log
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\cscript.exe' /pid=0x954 /log
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\reg.exe' /pid=0xa7c /log
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' 0x4dc cscript.exe
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' /pid=0x7f4 /log
- '<SYSTEM32>\reg.exe' 0xa5c cscript.exe
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- C:\RCXAFC3.tmp
- <Current directory>\LQAA.ico
- <Current directory>\hIYe.exe
- C:\RCXADB0.tmp
- <Current directory>\EsEE.ico
- <Current directory>\EIku.exe
- C:\RCXB264.tmp
- <Current directory>\vEIQ.ico
- <Current directory>\jAcu.exe
- C:\RCXB12B.tmp
- <Current directory>\niEc.ico
- <Current directory>\NgQo.exe
- <Current directory>\AoEM.exe
- <Current directory>\bcYO.exe
- C:\RCXA757.tmp
- <Current directory>\UYgo.ico
- C:\RCXA524.tmp
- <Current directory>\zyww.ico
- %TEMP%\xOMcUcEo.bat
- <Current directory>\yooq.exe
- C:\RCXAB5E.tmp
- <Current directory>\geIA.ico
- <Current directory>\ooci.exe
- C:\RCXA9C8.tmp
- <Current directory>\gWMM.ico
- C:\RCXB38E.tmp
- <Current directory>\VUUO.exe
- C:\RCXBC1C.tmp
- %TEMP%\CesocIoE.bat
- <Current directory>\IUgg.exe
- C:\RCXBA85.tmp
- <Current directory>\XOsw.ico
- %TEMP%\IEUgIoYk.bat
- <Current directory>\ccwI.ico
- <Current directory>\cwYI.exe
- <Current directory>\lEMs.ico
- <Current directory>\BocK.exe
- C:\RCXBE4E.tmp
- <Current directory>\vyQA.ico
- <Current directory>\OOMk.ico
- <Current directory>\AMIU.exe
- C:\RCXB757.tmp
- <Current directory>\koAs.ico
- <Current directory>\UAEe.exe
- C:\RCXB563.tmp
- <Current directory>\tSUo.ico
- <Current directory>\pgoe.exe
- C:\RCXB9AA.tmp
- <Current directory>\qkoc.ico
- <Current directory>\vIAQ.exe
- C:\RCXB8CE.tmp
- <Current directory>\jYse.exe
- <Current directory>\fiYY.ico
- <Current directory>\boYA.exe
- C:\RCX91C8.tmp
- <Current directory>\HicE.ico
- <Current directory>\QsUY.exe
- C:\RCX90BD.tmp
- <Current directory>\tgAc.ico
- <Current directory>\eskY.exe
- C:\RCX93EC.tmp
- <Current directory>\uIsA.ico
- <Current directory>\Fogq.exe
- C:\RCX92F1.tmp
- C:\RCX8EE8.tmp
- <Current directory>\DsEy.exe
- C:\RCX896A.tmp
- %TEMP%\ikgskQsI.bat
- <Current directory>\lEwo.exe
- C:\RCX86BB.tmp
- <Current directory>\hCkc.ico
- %TEMP%\yykowkog.bat
- <Current directory>\hAUk.ico
- <Current directory>\uEkE.exe
- <Current directory>\bSkE.ico
- <Current directory>\dUUi.exe
- C:\RCX8C87.tmp
- <Current directory>\uEgI.ico
- C:\RCX9F95.tmp
- <Current directory>\NqEk.ico
- <Current directory>\PQkI.exe
- C:\RCX9D82.tmp
- <Current directory>\vswg.ico
- <Current directory>\MMEg.exe
- C:\RCXA38D.tmp
- %TEMP%\AgkocowI.bat
- <Current directory>\IQYs.ico
- C:\RCXA1A9.tmp
- <Current directory>\OGwY.ico
- <Current directory>\QMIc.exe
- <Current directory>\BgEM.exe
- <Current directory>\QscQ.exe
- C:\RCX995A.tmp
- <Current directory>\YQMo.ico
- <Current directory>\NsIe.exe
- C:\RCX9544.tmp
- <Current directory>\boIs.ico
- <Current directory>\MwEy.exe
- C:\RCX9C59.tmp
- <Current directory>\DIcg.ico
- <Current directory>\kAsY.exe
- C:\RCX9B00.tmp
- <Current directory>\bCMM.ico
- C:\RCXC1C8.tmp
- C:\RCXE9A9.tmp
- <Current directory>\HMgo.ico
- <Current directory>\ZsYO.exe
- <Current directory>\Uwsk.ico
- <Current directory>\xQsS.exe
- %TEMP%\sgcAsUgc.bat
- C:\RCXECC7.tmp
- %TEMP%\qSkgEsMY.bat
- <Current directory>\ZCgY.ico
- C:\RCXEA65.tmp
- <Current directory>\MiQY.ico
- <Current directory>\AwUw.exe
- C:\RCXE8AF.tmp
- C:\RCXE496.tmp
- <Current directory>\WwEs.ico
- <Current directory>\sIQG.exe
- C:\RCXE300.tmp
- <Current directory>\tyEQ.ico
- <Current directory>\rMIG.exe
- C:\RCXE776.tmp
- <Current directory>\vmAY.ico
- <Current directory>\hoYM.exe
- C:\RCXE591.tmp
- <Current directory>\LSQk.ico
- <Current directory>\UUwg.exe
- <Current directory>\tEgE.exe
- <Current directory>\TWwE.ico
- <Current directory>\MYcw.exe
- C:\RCXF6CC.tmp
- <Current directory>\HAwQ.ico
- <Current directory>\EoUk.exe
- C:\RCXF516.tmp
- <Current directory>\zmYA.ico
- <Current directory>\NQYu.exe
- C:\RCXF98C.tmp
- <Current directory>\mQYI.ico
- <Current directory>\WQgo.exe
- C:\RCXF834.tmp
- C:\RCXF3ED.tmp
- C:\RCXEF87.tmp
- <Current directory>\zAsA.ico
- <Current directory>\Uccu.exe
- C:\RCXEE00.tmp
- <Current directory>\FAAs.ico
- <Current directory>\XMIq.exe
- C:\RCXF1CA.tmp
- <Current directory>\cOII.ico
- <Current directory>\wQoK.exe
- C:\RCXF0C0.tmp
- <Current directory>\OUEI.ico
- <Current directory>\YAYy.exe
- <Current directory>\LUUM.exe
- <Current directory>\LcYI.exe
- C:\RCXCC4A.tmp
- <Current directory>\WMsg.ico
- <Current directory>\loca.exe
- C:\RCXC9E8.tmp
- <Current directory>\ssEA.ico
- <Current directory>\VAMw.exe
- C:\RCXD003.tmp
- %TEMP%\pmkQsUYA.bat
- <Current directory>\aMoC.exe
- C:\RCXCD63.tmp
- <Current directory>\bkgo.ico
- <Current directory>\QysE.ico
- <Current directory>\Vwss.ico
- <Current directory>\IcoK.exe
- C:\RCXC505.tmp
- <Current directory>\bKoY.ico
- <Current directory>\sogq.exe
- C:\RCXC311.tmp
- <Current directory>\Tqso.ico
- <Current directory>\FwYM.exe
- C:\RCXC7F4.tmp
- <Current directory>\lukk.ico
- <Current directory>\KMUW.exe
- C:\RCXC61F.tmp
- <Current directory>\iIUg.ico
- <Current directory>\YYkA.exe
- C:\RCXDD81.tmp
- <Current directory>\Xkkk.ico
- <Current directory>\xAMI.exe
- C:\RCXDC29.tmp
- <Current directory>\qmkU.ico
- <Current directory>\XwcO.exe
- C:\RCXE0FC.tmp
- <Current directory>\pQsE.ico
- <Current directory>\kUMW.exe
- C:\RCXDF08.tmp
- <Current directory>\isMo.ico
- <Current directory>\ByYU.ico
- <Current directory>\YSwk.ico
- <Current directory>\vUww.exe
- C:\RCXD717.tmp
- <Current directory>\UEcG.exe
- C:\RCXD40A.tmp
- %TEMP%\IYwQsIkk.bat
- <Current directory>\OakI.ico
- <Current directory>\WgUG.exe
- C:\RCXDAF0.tmp
- <Current directory>\LyUk.ico
- <Current directory>\GEcs.exe
- C:\RCXD978.tmp
- <Current directory>\FkAi.exe
- C:\RCX2EA0.tmp
- <Current directory>\vUQM.ico
- <Current directory>\yoEg.exe
- C:\RCX2CBC.tmp
- <Current directory>\Bwow.ico
- <Current directory>\ZUwq.exe
- C:\RCX318F.tmp
- <Current directory>\YOYA.ico
- <Current directory>\iQsu.exe
- C:\RCX3037.tmp
- <Current directory>\gwwE.ico
- %TEMP%\TSAQYIwg.bat
- C:\RCX24DC.tmp
- <Current directory>\YqQs.ico
- <Current directory>\FwAI.exe
- C:\RCX2384.tmp
- <Current directory>\Okso.ico
- <Current directory>\IMYU.exe
- <Current directory>\pQIQ.exe
- C:\RCX2B92.tmp
- <Current directory>\EsYQ.ico
- C:\RCX272E.tmp
- <Current directory>\fsgk.ico
- %TEMP%\xawosYcI.bat
- <Current directory>\RckQ.exe
- C:\RCX3D58.tmp
- <Current directory>\JQUk.ico
- <Current directory>\dgwy.exe
- C:\RCX3C4E.tmp
- <Current directory>\uKkI.ico
- <Current directory>\WEYc.exe
- C:\RCX42A7.tmp
- <Current directory>\cqoo.ico
- <Current directory>\sMsy.exe
- C:\RCX3E14.tmp
- <Current directory>\UMIo.ico
- <Current directory>\WIUG.exe
- <Current directory>\mcMU.exe
- C:\RCX375B.tmp
- <Auxiliary element>
- <Current directory>\uqIM.ico
- C:\RCX3548.tmp
- <Current directory>\Pwkk.ico
- <Current directory>\OQQS.exe
- <Current directory>\DkIE.exe
- C:\RCX3B34.tmp
- <Current directory>\jgwA.ico
- <Current directory>\YMss.exe
- C:\RCX38C3.tmp
- <Current directory>\nQoI.ico
- <Current directory>\RgIu.exe
- <Current directory>\PEAU.exe
- C:\RCXE15.tmp
- <Current directory>\cCUw.ico
- <Current directory>\AIQu.exe
- C:\RCXC40.tmp
- <Current directory>\BeYg.ico
- <Current directory>\cUkI.exe
- C:\RCX10E5.tmp
- <Current directory>\hkck.ico
- <Current directory>\Gwgy.exe
- C:\RCXFCB.tmp
- <Current directory>\jEws.ico
- <Current directory>\HSEs.ico
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- %TEMP%\RuokAgUU.bat
- <Current directory>\<Virus name>
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- <Current directory>\gKAE.ico
- <Current directory>\kIgo.exe
- C:\RCXA4C.tmp
- %TEMP%\ZEsEkgcU.bat
- C:\ProgramData\kaog.txt
- %TEMP%\file.vbs
- <Current directory>\tAAI.exe
- <Current directory>\aIks.exe
- C:\RCX1DA7.tmp
- <Current directory>\Ccww.ico
- <Current directory>\IkEe.exe
- C:\RCX1BF2.tmp
- <Current directory>\LKcA.ico
- <Current directory>\zIsY.exe
- C:\RCX21FD.tmp
- <Current directory>\HKEo.ico
- <Current directory>\zMMa.exe
- C:\RCX2057.tmp
- <Current directory>\sSME.ico
- <Current directory>\ZocQ.ico
- <Current directory>\aEwm.exe
- C:\RCX15E6.tmp
- %TEMP%\BKAoMQAE.bat
- C:\RCX144F.tmp
- <Current directory>\EKUU.ico
- %TEMP%\JMcwscsA.bat
- <Current directory>\sWkA.ico
- <Current directory>\RcUm.exe
- C:\RCX1A99.tmp
- <Current directory>\kyEY.ico
- <Current directory>\JgQc.exe
- C:\RCX18D4.tmp
- C:\RCX440F.tmp
- <Current directory>\zMgk.ico
- <Current directory>\sowI.exe
- C:\RCX76E8.tmp
- <Current directory>\iyUE.ico
- <Current directory>\oAEa.exe
- C:\RCX7457.tmp
- C:\RCX789D.tmp
- <Current directory>\CUks.ico
- <Current directory>\JgsO.exe
- %TEMP%\pwAMUoww.bat
- <Current directory>\qyQk.ico
- <Current directory>\NYIc.exe
- %TEMP%\qSowgsYE.bat
- <Current directory>\xOkk.ico
- <Current directory>\dUEw.exe
- C:\RCX6DA0.tmp
- <Current directory>\MUYI.ico
- <Current directory>\zMMI.exe
- C:\RCX6C29.tmp
- <Current directory>\sMMs.ico
- <Current directory>\HYYG.exe
- C:\RCX72FF.tmp
- <Current directory>\TEUc.ico
- <Current directory>\VscE.exe
- C:\RCX71A7.tmp
- C:\RCX79A8.tmp
- <Current directory>\gcMk.exe
- C:\RCX8293.tmp
- <Current directory>\agcY.ico
- <Current directory>\EIUQ.exe
- C:\RCX81B8.tmp
- <Current directory>\wyMU.ico
- <Current directory>\zUgQ.exe
- C:\RCX8582.tmp
- <Current directory>\gOoA.ico
- <Current directory>\GcYU.exe
- C:\RCX8439.tmp
- <Current directory>\aioA.ico
- <Current directory>\aysY.ico
- <Current directory>\NuYE.ico
- <Current directory>\hgsG.exe
- C:\RCX7BCC.tmp
- <Current directory>\fMwg.ico
- <Current directory>\TIYa.exe
- C:\RCX7AE1.tmp
- <Current directory>\wqgU.ico
- <Current directory>\QUIC.exe
- C:\RCX7FA4.tmp
- <Current directory>\SkEo.ico
- <Current directory>\rQYC.exe
- C:\RCX7CC6.tmp
- C:\RCX6A35.tmp
- C:\RCX4E9F.tmp
- <Current directory>\dWsM.ico
- <Current directory>\wckq.exe
- C:\RCX4C6C.tmp
- <Current directory>\UYUc.ico
- <Current directory>\woUQ.exe
- C:\RCX547A.tmp
- <Current directory>\vqcU.ico
- <Current directory>\fIAa.exe
- C:\RCX5276.tmp
- <Current directory>\noUo.ico
- <Current directory>\cMUO.exe
- <Current directory>\aAws.exe
- C:\RCX45F3.tmp
- <Current directory>\KGQg.ico
- <Current directory>\ygsc.exe
- %TEMP%\LYgowAMo.bat
- <Current directory>\Jwog.ico
- <Current directory>\gQQC.exe
- <Current directory>\roAM.exe
- C:\RCX4BDF.tmp
- <Current directory>\UQcs.ico
- C:\RCX48A3.tmp
- %TEMP%\saMkQQUc.bat
- <Current directory>\HEkU.ico
- C:\RCX55D2.tmp
- C:\RCX614C.tmp
- <Current directory>\bEAA.ico
- <Current directory>\IUEU.exe
- %TEMP%\zYUYwIoc.bat
- <Current directory>\DIsk.ico
- <Current directory>\KYgW.exe
- C:\RCX67C4.tmp
- <Current directory>\MuAE.ico
- <Current directory>\bgsA.exe
- C:\RCX665C.tmp
- <Current directory>\KcEM.ico
- <Current directory>\EMMi.exe
- C:\RCX5F29.tmp
- <Current directory>\KYMs.ico
- <Current directory>\jkAu.exe
- C:\RCX57A8.tmp
- <Current directory>\cMAs.ico
- <Current directory>\KcIe.exe
- C:\RCX570B.tmp
- C:\RCX5C99.tmp
- <Current directory>\zGQY.ico
- <Current directory>\oosk.exe
- <Current directory>\RgMA.ico
- %TEMP%\quscUUIY.bat
- <Current directory>\pMsQ.exe
- <Current directory>\hIYe.exe
- <Current directory>\niEc.ico
- <Current directory>\EIku.exe
- <Current directory>\LQAA.ico
- <Current directory>\jAcu.exe
- <Current directory>\koAs.ico
- <Current directory>\NgQo.exe
- <Current directory>\vEIQ.ico
- <Current directory>\ooci.exe
- <Current directory>\gWMM.ico
- <Current directory>\bcYO.exe
- <Current directory>\UYgo.ico
- <Current directory>\AoEM.exe
- <Current directory>\EsEE.ico
- <Current directory>\yooq.exe
- <Current directory>\geIA.ico
- <Current directory>\UAEe.exe
- <Current directory>\VUUO.exe
- %TEMP%\CesocIoE.bat
- <Current directory>\IUgg.exe
- <Current directory>\XOsw.ico
- <Current directory>\ccwI.ico
- <Current directory>\cwYI.exe
- <Current directory>\lEMs.ico
- <Current directory>\BocK.exe
- %TEMP%\xOMcUcEo.bat
- <Current directory>\qkoc.ico
- <Current directory>\OOMk.ico
- <Current directory>\AMIU.exe
- <Current directory>\pgoe.exe
- <Current directory>\vyQA.ico
- <Current directory>\vIAQ.exe
- <Current directory>\tSUo.ico
- <Current directory>\zyww.ico
- <Current directory>\Fogq.exe
- <Current directory>\tgAc.ico
- <Current directory>\boYA.exe
- <Current directory>\uIsA.ico
- <Current directory>\NsIe.exe
- <Current directory>\boIs.ico
- <Current directory>\eskY.exe
- <Current directory>\uEgI.ico
- <Current directory>\dUUi.exe
- <Current directory>\hAUk.ico
- %TEMP%\ikgskQsI.bat
- <Current directory>\bSkE.ico
- <Current directory>\QsUY.exe
- <Current directory>\fiYY.ico
- <Current directory>\uEkE.exe
- <Current directory>\HicE.ico
- <Current directory>\QscQ.exe
- %TEMP%\yykowkog.bat
- <Current directory>\OGwY.ico
- <Current directory>\NqEk.ico
- <Current directory>\PQkI.exe
- <Current directory>\IQYs.ico
- <Current directory>\jYse.exe
- <Current directory>\QMIc.exe
- %TEMP%\AgkocowI.bat
- <Current directory>\bCMM.ico
- <Current directory>\MwEy.exe
- <Current directory>\YQMo.ico
- <Current directory>\kAsY.exe
- <Current directory>\vswg.ico
- <Current directory>\MMEg.exe
- <Current directory>\DIcg.ico
- <Current directory>\BgEM.exe
- <Current directory>\Uwsk.ico
- <Current directory>\xQsS.exe
- <Current directory>\vmAY.ico
- <Current directory>\hoYM.exe
- <Current directory>\ZsYO.exe
- <Current directory>\MiQY.ico
- %TEMP%\sgcAsUgc.bat
- <Current directory>\HMgo.ico
- <Current directory>\tyEQ.ico
- <Current directory>\rMIG.exe
- <Current directory>\pQsE.ico
- <Current directory>\LUUM.exe
- <Current directory>\LSQk.ico
- <Current directory>\UUwg.exe
- <Current directory>\WwEs.ico
- <Current directory>\sIQG.exe
- <Current directory>\AwUw.exe
- <Current directory>\HAwQ.ico
- <Current directory>\EoUk.exe
- <Current directory>\cOII.ico
- <Current directory>\wQoK.exe
- <Current directory>\mQYI.ico
- <Current directory>\WQgo.exe
- <Current directory>\TWwE.ico
- <Current directory>\MYcw.exe
- <Current directory>\FAAs.ico
- <Current directory>\XMIq.exe
- <Current directory>\ZCgY.ico
- <Current directory>\tEgE.exe
- <Current directory>\OUEI.ico
- <Current directory>\YAYy.exe
- <Current directory>\zAsA.ico
- <Current directory>\Uccu.exe
- <Current directory>\XwcO.exe
- <Current directory>\ssEA.ico
- <Current directory>\LcYI.exe
- <Current directory>\QysE.ico
- <Current directory>\loca.exe
- <Current directory>\bkgo.ico
- <Current directory>\VAMw.exe
- <Current directory>\WMsg.ico
- <Current directory>\aMoC.exe
- <Current directory>\Vwss.ico
- <Current directory>\IcoK.exe
- <Current directory>\bKoY.ico
- <Current directory>\sogq.exe
- <Current directory>\Tqso.ico
- <Current directory>\FwYM.exe
- <Current directory>\lukk.ico
- <Current directory>\KMUW.exe
- %TEMP%\pmkQsUYA.bat
- %TEMP%\IEUgIoYk.bat
- <Current directory>\qmkU.ico
- <Current directory>\ByYU.ico
- <Current directory>\xAMI.exe
- <Current directory>\kUMW.exe
- <Current directory>\isMo.ico
- <Current directory>\YYkA.exe
- <Current directory>\Xkkk.ico
- <Current directory>\YSwk.ico
- <Current directory>\vUww.exe
- <Current directory>\iIUg.ico
- <Current directory>\UEcG.exe
- <Current directory>\OakI.ico
- <Current directory>\WgUG.exe
- <Current directory>\LyUk.ico
- <Current directory>\GEcs.exe
- <Current directory>\ZUwq.exe
- <Current directory>\YOYA.ico
- <Current directory>\iQsu.exe
- <Current directory>\gwwE.ico
- <Current directory>\OQQS.exe
- <Current directory>\uqIM.ico
- <Current directory>\RckQ.exe
- <Current directory>\Pwkk.ico
- %TEMP%\xawosYcI.bat
- <Current directory>\EsYQ.ico
- <Current directory>\fsgk.ico
- <Current directory>\pQIQ.exe
- <Current directory>\FkAi.exe
- <Current directory>\vUQM.ico
- <Current directory>\yoEg.exe
- <Current directory>\Bwow.ico
- <Current directory>\YMss.exe
- <Current directory>\cqoo.ico
- <Current directory>\sMsy.exe
- <Current directory>\UMIo.ico
- <Current directory>\WIUG.exe
- <Current directory>\gQQC.exe
- <Current directory>\KGQg.ico
- %TEMP%\LYgowAMo.bat
- <Current directory>\Jwog.ico
- <Current directory>\jgwA.ico
- <Current directory>\mcMU.exe
- <Current directory>\nQoI.ico
- <Current directory>\DkIE.exe
- <Current directory>\JQUk.ico
- <Current directory>\dgwy.exe
- <Current directory>\uKkI.ico
- <Current directory>\WEYc.exe
- <Current directory>\FwAI.exe
- <Current directory>\cUkI.exe
- <Current directory>\hkck.ico
- <Current directory>\Gwgy.exe
- <Current directory>\jEws.ico
- <Current directory>\EKUU.ico
- <Current directory>\aEwm.exe
- <Current directory>\tAAI.exe
- %TEMP%\JMcwscsA.bat
- <Current directory>\kIgo.exe
- <Current directory>\HSEs.ico
- %TEMP%\RuokAgUU.bat
- <Current directory>\gKAE.ico
- <Current directory>\PEAU.exe
- <Current directory>\cCUw.ico
- <Current directory>\AIQu.exe
- <Current directory>\BeYg.ico
- <Current directory>\kyEY.ico
- <Current directory>\zIsY.exe
- <Current directory>\HKEo.ico
- <Current directory>\zMMa.exe
- <Current directory>\sSME.ico
- <Current directory>\IMYU.exe
- <Current directory>\YqQs.ico
- <Current directory>\RgIu.exe
- <Current directory>\Okso.ico
- <Current directory>\RcUm.exe
- <Current directory>\ZocQ.ico
- <Current directory>\JgQc.exe
- <Current directory>\sWkA.ico
- <Current directory>\aIks.exe
- <Current directory>\Ccww.ico
- <Current directory>\IkEe.exe
- <Current directory>\LKcA.ico
- <Current directory>\NYIc.exe
- <Current directory>\CUks.ico
- <Current directory>\sowI.exe
- <Current directory>\qyQk.ico
- <Current directory>\TIYa.exe
- <Current directory>\NuYE.ico
- <Current directory>\JgsO.exe
- <Current directory>\fMwg.ico
- <Current directory>\sMMs.ico
- <Current directory>\HYYG.exe
- <Current directory>\TEUc.ico
- <Current directory>\VscE.exe
- <Current directory>\oAEa.exe
- <Current directory>\zMgk.ico
- %TEMP%\qSowgsYE.bat
- <Current directory>\iyUE.ico
- <Current directory>\hgsG.exe
- <Current directory>\aioA.ico
- <Current directory>\zUgQ.exe
- <Current directory>\agcY.ico
- <Current directory>\GcYU.exe
- <Current directory>\hCkc.ico
- <Current directory>\DsEy.exe
- <Current directory>\gOoA.ico
- <Current directory>\lEwo.exe
- <Current directory>\wqgU.ico
- <Current directory>\QUIC.exe
- <Current directory>\SkEo.ico
- <Current directory>\rQYC.exe
- <Current directory>\wyMU.ico
- <Current directory>\gcMk.exe
- <Current directory>\aysY.ico
- <Current directory>\EIUQ.exe
- <Current directory>\dUEw.exe
- <Current directory>\cMUO.exe
- <Current directory>\vqcU.ico
- <Current directory>\wckq.exe
- <Current directory>\noUo.ico
- <Current directory>\KcIe.exe
- <Current directory>\KYMs.ico
- <Current directory>\fIAa.exe
- <Current directory>\cMAs.ico
- <Current directory>\roAM.exe
- <Current directory>\UQcs.ico
- <Current directory>\ygsc.exe
- <Current directory>\HEkU.ico
- <Current directory>\woUQ.exe
- <Current directory>\dWsM.ico
- <Current directory>\aAws.exe
- <Current directory>\UYUc.ico
- <Current directory>\jkAu.exe
- <Current directory>\EMMi.exe
- <Current directory>\MuAE.ico
- <Current directory>\IUEU.exe
- <Current directory>\KcEM.ico
- <Current directory>\zMMI.exe
- <Current directory>\xOkk.ico
- <Current directory>\bgsA.exe
- <Current directory>\MUYI.ico
- %TEMP%\quscUUIY.bat
- <Current directory>\zGQY.ico
- <Current directory>\RgMA.ico
- <Current directory>\pMsQ.exe
- <Current directory>\KYgW.exe
- <Current directory>\bEAA.ico
- <Current directory>\oosk.exe
- <Current directory>\DIsk.ico
- from C:\RCXB12B.tmp to <Current directory>\hIYe.exe
- from C:\RCXB264.tmp to <Current directory>\NgQo.exe
- from C:\RCXB38E.tmp to <Current directory>\jAcu.exe
- from C:\RCXAFC3.tmp to <Current directory>\EIku.exe
- from C:\RCXA9C8.tmp to <Current directory>\ooci.exe
- from C:\RCXAB5E.tmp to <Current directory>\yooq.exe
- from C:\RCXADB0.tmp to <Current directory>\AoEM.exe
- from C:\RCXB563.tmp to <Current directory>\UAEe.exe
- from C:\RCXBC1C.tmp to <Current directory>\VUUO.exe
- from C:\RCXBE4E.tmp to <Current directory>\BocK.exe
- from C:\RCXC1C8.tmp to <Current directory>\cwYI.exe
- from C:\RCXBA85.tmp to <Current directory>\IUgg.exe
- from C:\RCXB757.tmp to <Current directory>\AMIU.exe
- from C:\RCXB8CE.tmp to <Current directory>\vIAQ.exe
- from C:\RCXB9AA.tmp to <Current directory>\pgoe.exe
- from C:\RCXA757.tmp to <Current directory>\bcYO.exe
- from C:\RCX92F1.tmp to <Current directory>\Fogq.exe
- from C:\RCX93EC.tmp to <Current directory>\eskY.exe
- from C:\RCX9544.tmp to <Current directory>\NsIe.exe
- from C:\RCX91C8.tmp to <Current directory>\boYA.exe
- from C:\RCX8C87.tmp to <Current directory>\dUUi.exe
- from C:\RCX8EE8.tmp to <Current directory>\uEkE.exe
- from C:\RCX90BD.tmp to <Current directory>\QsUY.exe
- from C:\RCX995A.tmp to <Current directory>\QscQ.exe
- from C:\RCXA1A9.tmp to <Current directory>\PQkI.exe
- from C:\RCXA38D.tmp to <Current directory>\QMIc.exe
- from C:\RCXA524.tmp to <Current directory>\jYse.exe
- from C:\RCX9F95.tmp to <Current directory>\MMEg.exe
- from C:\RCX9B00.tmp to <Current directory>\kAsY.exe
- from C:\RCX9C59.tmp to <Current directory>\MwEy.exe
- from C:\RCX9D82.tmp to <Current directory>\BgEM.exe
- from C:\RCXC311.tmp to <Current directory>\sogq.exe
- from C:\RCXE9A9.tmp to <Current directory>\xQsS.exe
- from C:\RCXEA65.tmp to <Current directory>\ZsYO.exe
- from C:\RCXECC7.tmp to <Current directory>\AwUw.exe
- from C:\RCXE8AF.tmp to <Current directory>\hoYM.exe
- from C:\RCXE496.tmp to <Current directory>\rMIG.exe
- from C:\RCXE591.tmp to <Current directory>\sIQG.exe
- from C:\RCXE776.tmp to <Current directory>\UUwg.exe
- from C:\RCXEE00.tmp to <Current directory>\tEgE.exe
- from C:\RCXF516.tmp to <Current directory>\EoUk.exe
- from C:\RCXF6CC.tmp to <Current directory>\MYcw.exe
- from C:\RCXF834.tmp to <Current directory>\WQgo.exe
- from C:\RCXF3ED.tmp to <Current directory>\wQoK.exe
- from C:\RCXEF87.tmp to <Current directory>\XMIq.exe
- from C:\RCXF0C0.tmp to <Current directory>\Uccu.exe
- from C:\RCXF1CA.tmp to <Current directory>\YAYy.exe
- from C:\RCXE300.tmp to <Current directory>\LUUM.exe
- from C:\RCXCC4A.tmp to <Current directory>\LcYI.exe
- from C:\RCXCD63.tmp to <Current directory>\aMoC.exe
- from C:\RCXD003.tmp to <Current directory>\VAMw.exe
- from C:\RCXC9E8.tmp to <Current directory>\loca.exe
- from C:\RCXC505.tmp to <Current directory>\IcoK.exe
- from C:\RCXC61F.tmp to <Current directory>\KMUW.exe
- from C:\RCXC7F4.tmp to <Current directory>\FwYM.exe
- from C:\RCXD40A.tmp to <Current directory>\UEcG.exe
- from C:\RCXDD81.tmp to <Current directory>\YYkA.exe
- from C:\RCXDF08.tmp to <Current directory>\kUMW.exe
- from C:\RCXE0FC.tmp to <Current directory>\XwcO.exe
- from C:\RCXDC29.tmp to <Current directory>\xAMI.exe
- from C:\RCXD717.tmp to <Current directory>\vUww.exe
- from C:\RCXD978.tmp to <Current directory>\GEcs.exe
- from C:\RCXDAF0.tmp to <Current directory>\WgUG.exe
- from C:\RCX896A.tmp to <Current directory>\DsEy.exe
- from C:\RCX318F.tmp to <Current directory>\ZUwq.exe
- from C:\RCX3548.tmp to <Current directory>\RckQ.exe
- from C:\RCX375B.tmp to <Current directory>\OQQS.exe
- from C:\RCX3037.tmp to <Current directory>\iQsu.exe
- from C:\RCX2B92.tmp to <Current directory>\pQIQ.exe
- from C:\RCX2CBC.tmp to <Current directory>\yoEg.exe
- from C:\RCX2EA0.tmp to <Current directory>\FkAi.exe
- from C:\RCX38C3.tmp to <Current directory>\YMss.exe
- from C:\RCX42A7.tmp to <Current directory>\WIUG.exe
- from C:\RCX440F.tmp to <Current directory>\sMsy.exe
- from C:\RCX45F3.tmp to <Current directory>\gQQC.exe
- from C:\RCX3E14.tmp to <Current directory>\dgwy.exe
- from C:\RCX3B34.tmp to <Current directory>\DkIE.exe
- from C:\RCX3C4E.tmp to <Current directory>\mcMU.exe
- from C:\RCX3D58.tmp to <Current directory>\WEYc.exe
- from C:\RCX272E.tmp to <Current directory>\FwAI.exe
- from C:\RCX10E5.tmp to <Current directory>\cUkI.exe
- from C:\RCX144F.tmp to <Current directory>\tAAI.exe
- from C:\RCX15E6.tmp to <Current directory>\aEwm.exe
- from C:\RCXFCB.tmp to <Current directory>\Gwgy.exe
- from C:\RCXA4C.tmp to <Current directory>\kIgo.exe
- from C:\RCXC40.tmp to <Current directory>\AIQu.exe
- from C:\RCXE15.tmp to <Current directory>\PEAU.exe
- from C:\RCX18D4.tmp to <Current directory>\JgQc.exe
- from C:\RCX21FD.tmp to <Current directory>\zIsY.exe
- from C:\RCX2384.tmp to <Current directory>\RgIu.exe
- from C:\RCX24DC.tmp to <Current directory>\IMYU.exe
- from C:\RCX2057.tmp to <Current directory>\zMMa.exe
- from C:\RCX1A99.tmp to <Current directory>\RcUm.exe
- from C:\RCX1BF2.tmp to <Current directory>\IkEe.exe
- from C:\RCX1DA7.tmp to <Current directory>\aIks.exe
- from C:\RCX48A3.tmp to <Current directory>\ygsc.exe
- from C:\RCX789D.tmp to <Current directory>\NYIc.exe
- from C:\RCX79A8.tmp to <Current directory>\JgsO.exe
- from C:\RCX7AE1.tmp to <Current directory>\TIYa.exe
- from C:\RCX76E8.tmp to <Current directory>\sowI.exe
- from C:\RCX71A7.tmp to <Current directory>\VscE.exe
- from C:\RCX72FF.tmp to <Current directory>\HYYG.exe
- from C:\RCX7457.tmp to <Current directory>\oAEa.exe
- from C:\RCX7BCC.tmp to <Current directory>\hgsG.exe
- from C:\RCX8439.tmp to <Current directory>\GcYU.exe
- from C:\RCX8582.tmp to <Current directory>\zUgQ.exe
- from C:\RCX86BB.tmp to <Current directory>\lEwo.exe
- from C:\RCX8293.tmp to <Current directory>\gcMk.exe
- from C:\RCX7CC6.tmp to <Current directory>\rQYC.exe
- from C:\RCX7FA4.tmp to <Current directory>\QUIC.exe
- from C:\RCX81B8.tmp to <Current directory>\EIUQ.exe
- from C:\RCX6DA0.tmp to <Current directory>\dUEw.exe
- from C:\RCX547A.tmp to <Current directory>\cMUO.exe
- from C:\RCX55D2.tmp to <Current directory>\fIAa.exe
- from C:\RCX570B.tmp to <Current directory>\KcIe.exe
- from C:\RCX5276.tmp to <Current directory>\wckq.exe
- from C:\RCX4BDF.tmp to <Current directory>\roAM.exe
- from C:\RCX4C6C.tmp to <Current directory>\aAws.exe
- from C:\RCX4E9F.tmp to <Current directory>\woUQ.exe
- from C:\RCX57A8.tmp to <Current directory>\jkAu.exe
- from C:\RCX67C4.tmp to <Current directory>\EMMi.exe
- from C:\RCX6A35.tmp to <Current directory>\bgsA.exe
- from C:\RCX6C29.tmp to <Current directory>\zMMI.exe
- from C:\RCX665C.tmp to <Current directory>\IUEU.exe
- from C:\RCX5C99.tmp to <Current directory>\pMsQ.exe
- from C:\RCX5F29.tmp to <Current directory>\oosk.exe
- from C:\RCX614C.tmp to <Current directory>\KYgW.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'GocwIYEU.exe'
- ClassName: '' WindowName: 'rSYkcwMw.exe'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''