Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\wbem\wmiprvse.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' 0x4f8 cscript.exe
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\tcAggIMc.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\reg.exe' 0xa94 cscript.exe
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\TcIkcYgQ.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\cscript.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\PCokgAsw.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=0xb48 /log
- '<SYSTEM32>\cscript.exe'
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\keIcsEwM.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=0x48c /log
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\bgcksYMw.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\cscript.exe' 0xaac <Virus name>.exe
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\KaYcooIY.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\TcYAkgYY.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\yUQoUQwo.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' 0xb84 <Virus name>.exe
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\reg.exe' /pid=0x960 /log
- '<SYSTEM32>\cscript.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' /pid=0x7c4 /log
- '<SYSTEM32>\taskhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\cscript.exe' /pid=0xb84 /log
- '<SYSTEM32>\reg.exe' 0xb58 <Virus name>.exe
- '<SYSTEM32>\reg.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\BUcEcEME.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- <Current directory>\loAE.ico
- <Current directory>\Dsge.exe
- C:\RCXFF65.tmp
- <Current directory>\aYkg.ico
- <Current directory>\oIki.exe
- C:\RCXFDDE.tmp
- <Current directory>\gAoE.ico
- <Current directory>\OgEu.exe
- C:\RCX4F2.tmp
- <Current directory>\qiMg.ico
- <Current directory>\pUwm.exe
- C:\RCXDC.tmp
- C:\RCXF5B0.tmp
- <Current directory>\lEYA.ico
- %TEMP%\hGEUsIYk.bat
- C:\RCXF2E2.tmp
- <Current directory>\Makc.ico
- <Current directory>\FwAq.exe
- <Current directory>\ZEom.exe
- C:\RCXFA92.tmp
- %TEMP%\lSsckAgU.bat
- <Current directory>\CoIO.exe
- C:\RCXF7A5.tmp
- <Current directory>\PeYE.ico
- <Current directory>\HicQ.ico
- C:\RCXEF6.tmp
- <Current directory>\tgsc.ico
- <Current directory>\hQAy.exe
- %TEMP%\TcIkcYgQ.bat
- <Current directory>\TuYw.ico
- <Current directory>\GgoS.exe
- C:\RCX138A.tmp
- <Current directory>\PQAA.ico
- <Current directory>\cwUI.exe
- C:\RCX109C.tmp
- <Current directory>\vqwQ.ico
- <Current directory>\uoMG.exe
- <Current directory>\wIkI.exe
- C:\RCX707.tmp
- <Current directory>\Viwo.ico
- <Current directory>\ZMoo.exe
- C:\RCX5FD.tmp
- <Current directory>\uGMM.ico
- <Current directory>\vIAY.ico
- <Current directory>\NsoM.exe
- C:\RCXD5F.tmp
- <Current directory>\NUcC.exe
- %TEMP%\hswMAswY.bat
- C:\RCX978.tmp
- <Current directory>\OQcw.exe
- C:\RCXDF38.tmp
- <Current directory>\OIQw.ico
- %TEMP%\RgkUswcA.bat
- C:\RCXDDDF.tmp
- <Current directory>\WGMs.ico
- <Current directory>\asks.exe
- <Current directory>\ksAa.exe
- C:\RCXE217.tmp
- %TEMP%\leocwowU.bat
- <Current directory>\SskE.exe
- C:\RCXE0FD.tmp
- <Current directory>\AAUE.ico
- C:\RCXD7E3.tmp
- <Current directory>\ACQc.ico
- <Current directory>\yYYq.exe
- C:\RCXD5D0.tmp
- <Current directory>\EQcY.ico
- <Current directory>\AYEG.exe
- C:\RCXDBFB.tmp
- <Current directory>\nSAg.ico
- <Current directory>\Hcse.exe
- C:\RCXD9B8.tmp
- <Current directory>\JOsE.ico
- <Current directory>\ugYG.exe
- <Current directory>\foIY.ico
- <Current directory>\YAkU.exe
- C:\RCXEC1B.tmp
- <Current directory>\YosU.ico
- <Current directory>\NYkS.exe
- C:\RCXEA17.tmp
- <Current directory>\fKMk.ico
- <Current directory>\QMoY.exe
- C:\RCXF216.tmp
- <Current directory>\OkAA.ico
- <Current directory>\awgO.exe
- C:\RCXEDD1.tmp
- <Current directory>\pYgM.ico
- <Current directory>\VAMG.exe
- C:\RCXE69B.tmp
- <Current directory>\mEQs.ico
- <Current directory>\dMgw.exe
- C:\RCXE3AD.tmp
- <Current directory>\MgoM.ico
- <Current directory>\sAYk.exe
- C:\RCXE890.tmp
- <Current directory>\CSIY.ico
- <Current directory>\jwcs.exe
- C:\RCXE7B5.tmp
- <Current directory>\igsY.ico
- <Current directory>\LKMw.ico
- <Current directory>\Sgce.exe
- C:\RCX3D1F.tmp
- <Current directory>\QoAU.exe
- C:\RCX3ABE.tmp
- %TEMP%\VKUwYowg.bat
- <Current directory>\ESEk.ico
- <Current directory>\yEkE.exe
- C:\RCX401E.tmp
- <Current directory>\YUQQ.ico
- <Current directory>\QkEs.exe
- C:\RCX3E49.tmp
- C:\RCX359D.tmp
- <Current directory>\JWUo.ico
- <Current directory>\kYEI.exe
- C:\RCX33F6.tmp
- <Current directory>\RGMA.ico
- <Current directory>\uUAg.exe
- <Current directory>\AkIc.exe
- C:\RCX38AB.tmp
- <Current directory>\BAoY.ico
- C:\RCX3762.tmp
- <Current directory>\GmcY.ico
- %TEMP%\IQkYoIUg.bat
- <Current directory>\qqEo.ico
- %TEMP%\TcYAkgYY.bat
- %TEMP%\vYAogEgw.bat
- %TEMP%\keIcsEwM.bat
- %TEMP%\LAMUwAYU.bat
- %TEMP%\yUQoUQwo.bat
- %TEMP%\BKssMsMM.bat
- %TEMP%\bgcksYMw.bat
- %TEMP%\KIEUMgQY.bat
- %TEMP%\VcUIgUgs.bat
- %TEMP%\SUsMMkEE.bat
- %TEMP%\AiQIsIMg.bat
- %TEMP%\rkkQUosY.bat
- <Current directory>\OIIE.ico
- %TEMP%\KGgcogcA.bat
- %TEMP%\OCIUEAgs.bat
- <Current directory>\sIwU.exe
- C:\RCX41E3.tmp
- <Current directory>\RwUk.ico
- %TEMP%\tcAggIMc.bat
- %TEMP%\sqUEQQgM.bat
- %TEMP%\KaYcooIY.bat
- %TEMP%\NEMUoQck.bat
- %TEMP%\woIgUock.bat
- %TEMP%\YMMUEwog.bat
- <Current directory>\fMIU.exe
- C:\RCX1E97.tmp
- <Current directory>\pgME.ico
- <Current directory>\iEwg.exe
- C:\RCX1D6E.tmp
- <Current directory>\FsEU.ico
- <Current directory>\BwMC.exe
- C:\RCX2119.tmp
- %TEMP%\BWUswAIY.bat
- <Current directory>\OYUE.ico
- C:\RCX1FB1.tmp
- <Current directory>\SOgc.ico
- <Current directory>\PkQc.exe
- C:\RCX1734.tmp
- <Current directory>\gkcI.ico
- <Current directory>\KwYo.exe
- C:\RCX15CC.tmp
- <Current directory>\xEYQ.ico
- <Current directory>\LkEe.exe
- C:\RCX1B1C.tmp
- <Current directory>\sOIU.ico
- <Current directory>\mMQq.exe
- C:\RCX19A5.tmp
- <Current directory>\QeUE.ico
- <Current directory>\SYoW.exe
- <Current directory>\XUcS.exe
- <Current directory>\EMAk.exe
- C:\RCX2D9D.tmp
- <Current directory>\sagI.ico
- <Current directory>\CAAk.exe
- C:\RCX2A71.tmp
- <Current directory>\JGgI.ico
- <Current directory>\LYMk.exe
- C:\RCX3231.tmp
- <Current directory>\cOAg.ico
- <Current directory>\JsQC.exe
- C:\RCX30E8.tmp
- <Current directory>\RaUQ.ico
- C:\RCX24D3.tmp
- %TEMP%\PCokgAsw.bat
- <Current directory>\wqAE.ico
- C:\RCX231D.tmp
- <Current directory>\oyAY.ico
- <Current directory>\rEQO.exe
- <Current directory>\sEIs.exe
- C:\RCX286D.tmp
- <Current directory>\FEcI.ico
- <Current directory>\VYIY.exe
- C:\RCX2782.tmp
- <Current directory>\dOcI.ico
- <Current directory>\JowI.exe
- C:\RCX7DE7.tmp
- <Current directory>\dgMA.ico
- <Current directory>\aUwK.exe
- C:\RCX7992.tmp
- <Current directory>\mUAQ.ico
- <Current directory>\akoK.exe
- C:\RCX8097.tmp
- <Current directory>\tywE.ico
- <Current directory>\iYIG.exe
- C:\RCX7F30.tmp
- <Current directory>\YogE.ico
- C:\RCX7194.tmp
- %TEMP%\aUggEYgc.bat
- <Current directory>\iwkU.ico
- <Current directory>\XGoA.ico
- %TEMP%\xAowEsYk.bat
- <Current directory>\DkAs.exe
- <Current directory>\JEgw.exe
- C:\RCX76D3.tmp
- <Current directory>\rCYM.ico
- <Current directory>\rgkU.exe
- C:\RCX7462.tmp
- <Current directory>\mgQs.ico
- <Current directory>\AAwY.exe
- <Current directory>\RIwY.ico
- <Current directory>\zMUC.exe
- <Auxiliary element>
- <Current directory>\qUYk.ico
- <Current directory>\JwMM.exe
- C:\RCX8EC0.tmp
- C:\RCX9306.tmp
- <Current directory>\yqQk.ico
- <Current directory>\WQsC.exe
- C:\RCX9075.tmp
- <Current directory>\sKsA.ico
- <Current directory>\rkcc.exe
- C:\RCX8895.tmp
- <Current directory>\LIkA.ico
- %TEMP%\JqUwEkQo.bat
- C:\RCX8598.tmp
- <Current directory>\likY.ico
- <Current directory>\ZkUG.exe
- <Current directory>\mgYo.exe
- %TEMP%\PEEgQAYU.bat
- C:\RCX8BE1.tmp
- <Current directory>\gswG.exe
- C:\RCX8A3B.tmp
- <Current directory>\ccEY.ico
- C:\RCX6EC5.tmp
- <Current directory>\NgII.ico
- <Current directory>\WQEa.exe
- C:\RCX537E.tmp
- <Current directory>\PuEs.ico
- <Current directory>\kMEE.exe
- C:\RCX5274.tmp
- <Current directory>\VswY.ico
- <Current directory>\koEi.exe
- %TEMP%\MwEswcAY.bat
- <Current directory>\ZqoU.ico
- <Current directory>\bYsm.exe
- C:\RCX59A6.tmp
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- C:\ProgramData\kaog.txt
- %TEMP%\YEkoQwUo.bat
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- <Current directory>\ICIA.ico
- <Current directory>\hckQ.exe
- C:\RCX5051.tmp
- <Current directory>\<Virus name>
- %TEMP%\hGIggsUk.bat
- %TEMP%\file.vbs
- C:\RCX5B0E.tmp
- C:\RCX67C0.tmp
- <Current directory>\kass.ico
- <Current directory>\AAsu.exe
- C:\RCX660A.tmp
- <Current directory>\rCIw.ico
- <Current directory>\hggE.exe
- C:\RCX6BF7.tmp
- <Current directory>\fUww.ico
- <Current directory>\ZYAm.exe
- C:\RCX6A8F.tmp
- <Current directory>\qKsY.ico
- <Current directory>\BggC.exe
- C:\RCX5DBE.tmp
- <Current directory>\bCYY.ico
- <Current directory>\xAwE.exe
- %TEMP%\SWwIkEMo.bat
- <Current directory>\WaoE.ico
- <Current directory>\zwsK.exe
- C:\RCX64A3.tmp
- <Current directory>\gUoY.ico
- <Current directory>\mQcU.exe
- C:\RCX6157.tmp
- <Current directory>\EaUM.ico
- <Current directory>\gYsi.exe
- <Current directory>\AoEg.ico
- <Current directory>\wsko.exe
- C:\RCXC590.tmp
- <Current directory>\HewQ.ico
- <Current directory>\WUgW.exe
- C:\RCXC12C.tmp
- <Current directory>\Coso.ico
- <Current directory>\wcgG.exe
- C:\RCXC7F3.tmp
- <Current directory>\uows.ico
- <Current directory>\nokK.exe
- C:\RCXC6F8.tmp
- <Current directory>\yqoQ.ico
- <Current directory>\fsUW.exe
- C:\RCXBAF2.tmp
- %TEMP%\BUcEcEME.bat
- <Current directory>\MEoK.exe
- C:\RCXB8CF.tmp
- <Current directory>\MMog.ico
- <Current directory>\Pcky.exe
- C:\RCXBFD4.tmp
- <Current directory>\Wsck.ico
- <Current directory>\KUMm.exe
- C:\RCXBD25.tmp
- <Current directory>\MEUk.ico
- C:\RCXD15A.tmp
- <Current directory>\FQoE.ico
- <Current directory>\FMgs.exe
- %TEMP%\aqwYUIUk.bat
- <Current directory>\xmoo.ico
- <Current directory>\Hggo.exe
- C:\RCXD478.tmp
- <Current directory>\OqAs.ico
- <Current directory>\JoUE.exe
- C:\RCXD37D.tmp
- <Current directory>\cKEM.ico
- <Current directory>\nsEQ.exe
- <Current directory>\McQI.exe
- %TEMP%\EcMoIYAQ.bat
- C:\RCXCAD2.tmp
- <Current directory>\OQEO.exe
- C:\RCXC91C.tmp
- <Current directory>\bssg.ico
- <Current directory>\qWoU.ico
- <Current directory>\xIIA.exe
- C:\RCXCE5D.tmp
- <Current directory>\mawg.ico
- <Current directory>\fAgo.exe
- C:\RCXCC78.tmp
- <Current directory>\dAYw.ico
- <Current directory>\iAUo.ico
- <Current directory>\tEYi.exe
- C:\RCXA1EA.tmp
- <Current directory>\XwYs.exe
- C:\RCX9F5A.tmp
- %TEMP%\xUwsocEc.bat
- <Current directory>\SAIY.ico
- <Current directory>\ucYu.exe
- C:\RCXA601.tmp
- <Current directory>\PEIY.ico
- <Current directory>\lMkk.exe
- C:\RCXA47A.tmp
- C:\RCX9A77.tmp
- <Current directory>\vkMo.ico
- <Current directory>\LcwS.exe
- C:\RCX95C5.tmp
- <Current directory>\YGsE.ico
- <Current directory>\UwUq.exe
- %TEMP%\fIkAscwA.bat
- C:\RCX9D37.tmp
- <Current directory>\WOAg.ico
- C:\RCX9B62.tmp
- <Current directory>\aQww.ico
- <Current directory>\IwAm.exe
- <Current directory>\cwQA.ico
- <Current directory>\YUsi.exe
- C:\RCXB16C.tmp
- <Current directory>\oEow.ico
- <Current directory>\BoIs.exe
- C:\RCXAD85.tmp
- <Current directory>\qmYU.ico
- <Current directory>\gIoY.exe
- %TEMP%\YksMUYcM.bat
- C:\RCXB352.tmp
- <Current directory>\fAAu.exe
- C:\RCXB248.tmp
- <Current directory>\qqAA.ico
- <Current directory>\sQok.exe
- C:\RCXA98C.tmp
- <Current directory>\tWEI.ico
- <Current directory>\QAws.exe
- C:\RCXA8C0.tmp
- <Current directory>\zIQU.ico
- <Current directory>\xIws.exe
- C:\RCXABA0.tmp
- <Current directory>\ecUg.ico
- <Current directory>\UoYc.exe
- C:\RCXAA77.tmp
- <Current directory>\hOEU.ico
- <Current directory>\HicQ.ico
- <Current directory>\ZMoo.exe
- <Current directory>\gAoE.ico
- <Current directory>\OgEu.exe
- <Current directory>\Viwo.ico
- <Current directory>\NUcC.exe
- <Current directory>\uGMM.ico
- <Current directory>\wIkI.exe
- <Current directory>\aYkg.ico
- <Current directory>\oIki.exe
- <Current directory>\PeYE.ico
- <Current directory>\ZEom.exe
- <Current directory>\qiMg.ico
- <Current directory>\pUwm.exe
- <Current directory>\loAE.ico
- <Current directory>\Dsge.exe
- <Current directory>\PQAA.ico
- <Current directory>\cwUI.exe
- <Current directory>\vqwQ.ico
- <Current directory>\uoMG.exe
- <Current directory>\gkcI.ico
- <Current directory>\KwYo.exe
- <Current directory>\xEYQ.ico
- <Current directory>\LkEe.exe
- <Current directory>\NsoM.exe
- <Current directory>\TuYw.ico
- %TEMP%\hswMAswY.bat
- <Current directory>\vIAY.ico
- <Current directory>\hQAy.exe
- %TEMP%\lSsckAgU.bat
- <Current directory>\GgoS.exe
- <Current directory>\tgsc.ico
- <Current directory>\CoIO.exe
- <Current directory>\foIY.ico
- <Current directory>\dMgw.exe
- <Current directory>\AAUE.ico
- <Current directory>\ksAa.exe
- <Current directory>\mEQs.ico
- <Current directory>\jwcs.exe
- <Current directory>\MgoM.ico
- <Current directory>\VAMG.exe
- <Current directory>\Hcse.exe
- <Current directory>\WGMs.ico
- <Current directory>\ugYG.exe
- <Current directory>\nSAg.ico
- <Current directory>\SskE.exe
- %TEMP%\RgkUswcA.bat
- <Current directory>\asks.exe
- <Current directory>\OIQw.ico
- <Current directory>\OkAA.ico
- <Current directory>\OQcw.exe
- <Current directory>\pYgM.ico
- <Current directory>\QMoY.exe
- %TEMP%\hGEUsIYk.bat
- <Current directory>\lEYA.ico
- <Current directory>\Makc.ico
- <Current directory>\FwAq.exe
- <Current directory>\CSIY.ico
- <Current directory>\NYkS.exe
- <Current directory>\igsY.ico
- <Current directory>\sAYk.exe
- <Current directory>\YosU.ico
- <Current directory>\awgO.exe
- <Current directory>\fKMk.ico
- <Current directory>\YAkU.exe
- <Current directory>\QeUE.ico
- <Current directory>\ESEk.ico
- <Current directory>\yEkE.exe
- <Current directory>\YUQQ.ico
- <Current directory>\QkEs.exe
- <Current directory>\RwUk.ico
- %TEMP%\KGgcogcA.bat
- <Current directory>\qqEo.ico
- <Current directory>\sIwU.exe
- %TEMP%\PCokgAsw.bat
- %TEMP%\IQkYoIUg.bat
- <Current directory>\GmcY.ico
- <Current directory>\AkIc.exe
- <Current directory>\LKMw.ico
- <Current directory>\Sgce.exe
- <Current directory>\BAoY.ico
- <Current directory>\QoAU.exe
- %TEMP%\keIcsEwM.bat
- %TEMP%\SUsMMkEE.bat
- %TEMP%\TcYAkgYY.bat
- %TEMP%\vYAogEgw.bat
- %TEMP%\bgcksYMw.bat
- %TEMP%\KIEUMgQY.bat
- %TEMP%\AiQIsIMg.bat
- %TEMP%\rkkQUosY.bat
- %TEMP%\tcAggIMc.bat
- %TEMP%\sqUEQQgM.bat
- %TEMP%\NEMUoQck.bat
- %TEMP%\YMMUEwog.bat
- %TEMP%\yUQoUQwo.bat
- %TEMP%\BKssMsMM.bat
- %TEMP%\KaYcooIY.bat
- %TEMP%\LAMUwAYU.bat
- <Current directory>\kYEI.exe
- %TEMP%\BWUswAIY.bat
- <Current directory>\OYUE.ico
- <Current directory>\SOgc.ico
- <Current directory>\PkQc.exe
- <Current directory>\rEQO.exe
- <Current directory>\wqAE.ico
- <Current directory>\XUcS.exe
- <Current directory>\oyAY.ico
- <Current directory>\mMQq.exe
- <Current directory>\FsEU.ico
- <Current directory>\SYoW.exe
- <Current directory>\sOIU.ico
- <Current directory>\pgME.ico
- <Current directory>\iEwg.exe
- <Current directory>\BwMC.exe
- %TEMP%\TcIkcYgQ.bat
- <Current directory>\LYMk.exe
- <Current directory>\cOAg.ico
- <Current directory>\JsQC.exe
- <Current directory>\RaUQ.ico
- <Current directory>\uUAg.exe
- <Current directory>\JWUo.ico
- <Current directory>\fMIU.exe
- <Current directory>\RGMA.ico
- <Current directory>\sEIs.exe
- <Current directory>\FEcI.ico
- <Current directory>\VYIY.exe
- <Current directory>\dOcI.ico
- <Current directory>\EMAk.exe
- <Current directory>\sagI.ico
- <Current directory>\CAAk.exe
- <Current directory>\JGgI.ico
- <Current directory>\tywE.ico
- <Current directory>\AAwY.exe
- <Current directory>\YogE.ico
- <Current directory>\akoK.exe
- <Current directory>\LIkA.ico
- <Current directory>\gswG.exe
- <Current directory>\likY.ico
- <Current directory>\ZkUG.exe
- <Current directory>\rCYM.ico
- <Current directory>\aUwK.exe
- <Current directory>\mgQs.ico
- <Current directory>\JEgw.exe
- <Current directory>\dgMA.ico
- <Current directory>\iYIG.exe
- <Current directory>\mUAQ.ico
- <Current directory>\JowI.exe
- <Current directory>\WQsC.exe
- <Current directory>\YGsE.ico
- <Current directory>\rkcc.exe
- <Current directory>\yqQk.ico
- <Current directory>\LcwS.exe
- <Current directory>\aQww.ico
- <Current directory>\UwUq.exe
- <Current directory>\vkMo.ico
- <Current directory>\mgYo.exe
- <Current directory>\qUYk.ico
- %TEMP%\JqUwEkQo.bat
- <Current directory>\ccEY.ico
- <Current directory>\zMUC.exe
- <Current directory>\sKsA.ico
- <Current directory>\JwMM.exe
- <Current directory>\RIwY.ico
- <Current directory>\rgkU.exe
- <Current directory>\VswY.ico
- <Current directory>\koEi.exe
- <Current directory>\bYsm.exe
- %TEMP%\MwEswcAY.bat
- <Current directory>\bCYY.ico
- <Current directory>\xAwE.exe
- <Current directory>\WaoE.ico
- <Current directory>\zwsK.exe
- <Current directory>\hckQ.exe
- <Current directory>\PuEs.ico
- %TEMP%\YEkoQwUo.bat
- <Current directory>\ICIA.ico
- <Current directory>\WQEa.exe
- <Current directory>\ZqoU.ico
- <Current directory>\kMEE.exe
- <Current directory>\NgII.ico
- <Current directory>\fUww.ico
- <Current directory>\ZYAm.exe
- <Current directory>\qKsY.ico
- <Current directory>\BggC.exe
- <Current directory>\DkAs.exe
- <Current directory>\iwkU.ico
- %TEMP%\xAowEsYk.bat
- <Current directory>\XGoA.ico
- <Current directory>\gUoY.ico
- <Current directory>\mQcU.exe
- <Current directory>\EaUM.ico
- <Current directory>\gYsi.exe
- <Current directory>\kass.ico
- <Current directory>\AAsu.exe
- <Current directory>\rCIw.ico
- <Current directory>\hggE.exe
- <Current directory>\IwAm.exe
- <Current directory>\OQEO.exe
- %TEMP%\BUcEcEME.bat
- <Current directory>\wcgG.exe
- <Current directory>\MEUk.ico
- %TEMP%\EcMoIYAQ.bat
- <Current directory>\mawg.ico
- <Current directory>\bssg.ico
- <Current directory>\McQI.exe
- <Current directory>\WUgW.exe
- <Current directory>\AoEg.ico
- <Current directory>\Pcky.exe
- <Current directory>\HewQ.ico
- <Current directory>\nokK.exe
- <Current directory>\Coso.ico
- <Current directory>\wsko.exe
- <Current directory>\uows.ico
- <Current directory>\JoUE.exe
- <Current directory>\EQcY.ico
- <Current directory>\nsEQ.exe
- <Current directory>\OqAs.ico
- <Current directory>\yYYq.exe
- <Current directory>\JOsE.ico
- <Current directory>\AYEG.exe
- <Current directory>\ACQc.ico
- <Current directory>\xIIA.exe
- <Current directory>\xmoo.ico
- <Current directory>\fAgo.exe
- <Current directory>\qWoU.ico
- <Current directory>\FMgs.exe
- <Current directory>\cKEM.ico
- <Current directory>\Hggo.exe
- <Current directory>\FQoE.ico
- <Current directory>\MMog.ico
- <Current directory>\QAws.exe
- <Current directory>\zIQU.ico
- <Current directory>\ucYu.exe
- <Current directory>\cwQA.ico
- <Current directory>\UoYc.exe
- <Current directory>\hOEU.ico
- <Current directory>\sQok.exe
- <Current directory>\tWEI.ico
- <Current directory>\XwYs.exe
- <Current directory>\iAUo.ico
- %TEMP%\fIkAscwA.bat
- <Current directory>\WOAg.ico
- <Current directory>\lMkk.exe
- <Current directory>\SAIY.ico
- <Current directory>\tEYi.exe
- <Current directory>\PEIY.ico
- <Current directory>\dAYw.ico
- <Current directory>\MEoK.exe
- <Current directory>\gIoY.exe
- %TEMP%\YksMUYcM.bat
- <Current directory>\Wsck.ico
- <Current directory>\KUMm.exe
- <Current directory>\yqoQ.ico
- <Current directory>\fsUW.exe
- <Current directory>\BoIs.exe
- <Current directory>\qmYU.ico
- <Current directory>\xIws.exe
- <Current directory>\ecUg.ico
- <Current directory>\fAAu.exe
- <Current directory>\qqAA.ico
- <Current directory>\YUsi.exe
- <Current directory>\oEow.ico
- from C:\RCXF5B0.tmp to <Current directory>\FwAq.exe
- from C:\RCXF7A5.tmp to <Current directory>\CoIO.exe
- from C:\RCXFA92.tmp to <Current directory>\ZEom.exe
- from C:\RCXF2E2.tmp to <Current directory>\OQcw.exe
- from C:\RCXEC1B.tmp to <Current directory>\YAkU.exe
- from C:\RCXEDD1.tmp to <Current directory>\awgO.exe
- from C:\RCXF216.tmp to <Current directory>\QMoY.exe
- from C:\RCX5FD.tmp to <Current directory>\ZMoo.exe
- from C:\RCX707.tmp to <Current directory>\wIkI.exe
- from C:\RCX978.tmp to <Current directory>\NUcC.exe
- from C:\RCX4F2.tmp to <Current directory>\OgEu.exe
- from C:\RCXFDDE.tmp to <Current directory>\oIki.exe
- from C:\RCXFF65.tmp to <Current directory>\Dsge.exe
- from C:\RCXDC.tmp to <Current directory>\pUwm.exe
- from C:\RCXDBFB.tmp to <Current directory>\ugYG.exe
- from C:\RCXDDDF.tmp to <Current directory>\Hcse.exe
- from C:\RCXDF38.tmp to <Current directory>\asks.exe
- from C:\RCXD9B8.tmp to <Current directory>\yYYq.exe
- from C:\RCXD478.tmp to <Current directory>\nsEQ.exe
- from C:\RCXD5D0.tmp to <Current directory>\JoUE.exe
- from C:\RCXD7E3.tmp to <Current directory>\AYEG.exe
- from C:\RCXE7B5.tmp to <Current directory>\jwcs.exe
- from C:\RCXE890.tmp to <Current directory>\sAYk.exe
- from C:\RCXEA17.tmp to <Current directory>\NYkS.exe
- from C:\RCXE69B.tmp to <Current directory>\VAMG.exe
- from C:\RCXE0FD.tmp to <Current directory>\SskE.exe
- from C:\RCXE217.tmp to <Current directory>\ksAa.exe
- from C:\RCXE3AD.tmp to <Current directory>\dMgw.exe
- from C:\RCXD5F.tmp to <Current directory>\NsoM.exe
- from C:\RCX3231.tmp to <Current directory>\LYMk.exe
- from C:\RCX33F6.tmp to <Current directory>\fMIU.exe
- from C:\RCX359D.tmp to <Current directory>\uUAg.exe
- from C:\RCX30E8.tmp to <Current directory>\JsQC.exe
- from C:\RCX286D.tmp to <Current directory>\sEIs.exe
- from C:\RCX2A71.tmp to <Current directory>\CAAk.exe
- from C:\RCX2D9D.tmp to <Current directory>\EMAk.exe
- from C:\RCX3E49.tmp to <Current directory>\QkEs.exe
- from C:\RCX401E.tmp to <Current directory>\yEkE.exe
- from C:\RCX41E3.tmp to <Current directory>\sIwU.exe
- from C:\RCX3D1F.tmp to <Current directory>\Sgce.exe
- from C:\RCX3762.tmp to <Current directory>\kYEI.exe
- from C:\RCX38AB.tmp to <Current directory>\AkIc.exe
- from C:\RCX3ABE.tmp to <Current directory>\QoAU.exe
- from C:\RCX1734.tmp to <Current directory>\LkEe.exe
- from C:\RCX19A5.tmp to <Current directory>\KwYo.exe
- from C:\RCX1B1C.tmp to <Current directory>\SYoW.exe
- from C:\RCX15CC.tmp to <Current directory>\cwUI.exe
- from C:\RCXEF6.tmp to <Current directory>\GgoS.exe
- from C:\RCX109C.tmp to <Current directory>\hQAy.exe
- from C:\RCX138A.tmp to <Current directory>\uoMG.exe
- from C:\RCX231D.tmp to <Current directory>\XUcS.exe
- from C:\RCX24D3.tmp to <Current directory>\rEQO.exe
- from C:\RCX2782.tmp to <Current directory>\VYIY.exe
- from C:\RCX2119.tmp to <Current directory>\PkQc.exe
- from C:\RCX1D6E.tmp to <Current directory>\mMQq.exe
- from C:\RCX1E97.tmp to <Current directory>\BwMC.exe
- from C:\RCX1FB1.tmp to <Current directory>\iEwg.exe
- from C:\RCX7F30.tmp to <Current directory>\iYIG.exe
- from C:\RCX8097.tmp to <Current directory>\akoK.exe
- from C:\RCX8598.tmp to <Current directory>\AAwY.exe
- from C:\RCX7DE7.tmp to <Current directory>\JowI.exe
- from C:\RCX7462.tmp to <Current directory>\rgkU.exe
- from C:\RCX76D3.tmp to <Current directory>\JEgw.exe
- from C:\RCX7992.tmp to <Current directory>\aUwK.exe
- from C:\RCX9075.tmp to <Current directory>\zMUC.exe
- from C:\RCX9306.tmp to <Current directory>\rkcc.exe
- from C:\RCX95C5.tmp to <Current directory>\WQsC.exe
- from C:\RCX8EC0.tmp to <Current directory>\JwMM.exe
- from C:\RCX8895.tmp to <Current directory>\ZkUG.exe
- from C:\RCX8A3B.tmp to <Current directory>\gswG.exe
- from C:\RCX8BE1.tmp to <Current directory>\mgYo.exe
- from C:\RCX5B0E.tmp to <Current directory>\koEi.exe
- from C:\RCX5DBE.tmp to <Current directory>\zwsK.exe
- from C:\RCX6157.tmp to <Current directory>\xAwE.exe
- from C:\RCX59A6.tmp to <Current directory>\bYsm.exe
- from C:\RCX5051.tmp to <Current directory>\hckQ.exe
- from C:\RCX5274.tmp to <Current directory>\kMEE.exe
- from C:\RCX537E.tmp to <Current directory>\WQEa.exe
- from C:\RCX6BF7.tmp to <Current directory>\BggC.exe
- from C:\RCX6EC5.tmp to <Current directory>\ZYAm.exe
- from C:\RCX7194.tmp to <Current directory>\DkAs.exe
- from C:\RCX6A8F.tmp to <Current directory>\AAsu.exe
- from C:\RCX64A3.tmp to <Current directory>\gYsi.exe
- from C:\RCX660A.tmp to <Current directory>\mQcU.exe
- from C:\RCX67C0.tmp to <Current directory>\hggE.exe
- from C:\RCX9A77.tmp to <Current directory>\UwUq.exe
- from C:\RCXC12C.tmp to <Current directory>\WUgW.exe
- from C:\RCXC590.tmp to <Current directory>\wsko.exe
- from C:\RCXC6F8.tmp to <Current directory>\nokK.exe
- from C:\RCXBFD4.tmp to <Current directory>\Pcky.exe
- from C:\RCXB8CF.tmp to <Current directory>\MEoK.exe
- from C:\RCXBAF2.tmp to <Current directory>\fsUW.exe
- from C:\RCXBD25.tmp to <Current directory>\KUMm.exe
- from C:\RCXCE5D.tmp to <Current directory>\xIIA.exe
- from C:\RCXD15A.tmp to <Current directory>\Hggo.exe
- from C:\RCXD37D.tmp to <Current directory>\FMgs.exe
- from C:\RCXCC78.tmp to <Current directory>\fAgo.exe
- from C:\RCXC7F3.tmp to <Current directory>\wcgG.exe
- from C:\RCXC91C.tmp to <Current directory>\OQEO.exe
- from C:\RCXCAD2.tmp to <Current directory>\McQI.exe
- from C:\RCXA47A.tmp to <Current directory>\lMkk.exe
- from C:\RCXA601.tmp to <Current directory>\ucYu.exe
- from C:\RCXA8C0.tmp to <Current directory>\QAws.exe
- from C:\RCXA1EA.tmp to <Current directory>\tEYi.exe
- from C:\RCX9B62.tmp to <Current directory>\LcwS.exe
- from C:\RCX9D37.tmp to <Current directory>\IwAm.exe
- from C:\RCX9F5A.tmp to <Current directory>\XwYs.exe
- from C:\RCXB16C.tmp to <Current directory>\YUsi.exe
- from C:\RCXB248.tmp to <Current directory>\fAAu.exe
- from C:\RCXB352.tmp to <Current directory>\gIoY.exe
- from C:\RCXAD85.tmp to <Current directory>\BoIs.exe
- from C:\RCXA98C.tmp to <Current directory>\sQok.exe
- from C:\RCXAA77.tmp to <Current directory>\UoYc.exe
- from C:\RCXABA0.tmp to <Current directory>\xIws.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'rSYkcwMw.exe'
- ClassName: '' WindowName: 'GocwIYEU.exe'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''