Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' /pid=0x214 /log
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\IcEcAMYU.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' /pid=0x9ec /log
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\xWgcgIcY.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\iCEYUoUc.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cscript.exe'
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\DeAUEUMY.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\mMooQMsI.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\taskhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe'
- C:\RCX6BDE.tmp
- <Current directory>\DyoY.ico
- <Current directory>\Ewsc.exe
- %TEMP%\QOMQQEUE.bat
- <Current directory>\qqMo.ico
- <Current directory>\PwgC.exe
- C:\RCX6F59.tmp
- <Current directory>\Yggs.ico
- <Current directory>\vsYU.exe
- C:\RCX6E3F.tmp
- <Current directory>\zGQM.ico
- <Current directory>\FoUe.exe
- C:\RCX69AB.tmp
- <Current directory>\jcEU.ico
- <Current directory>\hkEA.exe
- C:\RCX6787.tmp
- <Current directory>\wqsQ.ico
- <Current directory>\hAQM.exe
- C:\RCX6390.tmp
- C:\RCX6863.tmp
- <Current directory>\mCUo.ico
- <Current directory>\eoUE.exe
- <Current directory>\uAsY.ico
- %TEMP%\tMsgsQok.bat
- <Current directory>\pgsm.exe
- C:\RCX7F95.tmp
- %TEMP%\DeAUEUMY.bat
- <Current directory>\RSEM.ico
- %TEMP%\yyocQAYQ.bat
- <Current directory>\OYkM.ico
- <Current directory>\koEo.exe
- <Current directory>\dgMS.exe
- C:\RCX8255.tmp
- <Current directory>\KEYk.ico
- <Current directory>\SUAo.exe
- C:\RCX80FC.tmp
- <Current directory>\wiMw.ico
- C:\RCX7AE2.tmp
- C:\RCX760F.tmp
- <Current directory>\musU.ico
- <Current directory>\cUcW.exe
- C:\RCX71BA.tmp
- <Current directory>\tgEg.ico
- <Current directory>\tUIC.exe
- C:\RCX7814.tmp
- <Current directory>\vags.ico
- <Current directory>\AEkO.exe
- C:\RCX76EA.tmp
- <Current directory>\VwQM.ico
- <Current directory>\EIsa.exe
- C:\RCX61FA.tmp
- <Current directory>\dAMk.ico
- <Current directory>\WQIy.exe
- C:\RCX4AD7.tmp
- <Current directory>\gmgw.ico
- <Current directory>\LMcW.exe
- C:\RCX49EC.tmp
- <Current directory>\jeMg.ico
- <Current directory>\TQYA.exe
- C:\RCX4DA7.tmp
- <Current directory>\tEEQ.ico
- <Current directory>\sEEC.exe
- C:\RCX4C10.tmp
- C:\RCX476C.tmp
- C:\RCX3EE1.tmp
- <Current directory>\huwU.ico
- <Current directory>\icou.exe
- <Current directory>\zyUs.ico
- <Current directory>\aEMc.exe
- %TEMP%\bcogoYIU.bat
- C:\RCX447E.tmp
- <Current directory>\xIIA.ico
- <Current directory>\oMMq.exe
- C:\RCX40E4.tmp
- <Current directory>\aYEM.ico
- <Current directory>\FAgK.exe
- C:\RCX5865.tmp
- <Current directory>\gUAg.ico
- <Current directory>\hgEA.exe
- C:\RCX56A0.tmp
- <Current directory>\cSsc.ico
- <Current directory>\MAwy.exe
- C:\RCX5BB2.tmp
- <Current directory>\vMYc.ico
- <Current directory>\akgi.exe
- C:\RCX5AA8.tmp
- <Current directory>\fYQw.ico
- <Current directory>\pEIi.exe
- <Current directory>\UIUU.exe
- %TEMP%\TakgEIIg.bat
- <Current directory>\ZAMM.ico
- <Current directory>\iMMq.exe
- <Current directory>\ZsIs.ico
- <Current directory>\XEAu.exe
- C:\RCX4EA1.tmp
- <Current directory>\ZwMW.exe
- C:\RCX54AC.tmp
- <Current directory>\IQMY.ico
- C:\RCX5141.tmp
- <Current directory>\eagQ.ico
- %TEMP%\wEQcwYQU.bat
- <Current directory>\aUAa.exe
- C:\RCXAD03.tmp
- <Current directory>\tgsA.ico
- C:\RCXABDA.tmp
- <Current directory>\rucM.ico
- %TEMP%\xWgcgIcY.bat
- <Current directory>\Bkgy.exe
- C:\RCXB1C6.tmp
- <Current directory>\NqwE.ico
- <Current directory>\AgUc.exe
- C:\RCXB0DB.tmp
- <Current directory>\pgAw.ico
- <Current directory>\WcAM.exe
- C:\RCXA16B.tmp
- <Current directory>\puoU.ico
- <Current directory>\sMwO.exe
- C:\RCXA032.tmp
- <Current directory>\fIEs.ico
- <Current directory>\zcIg.exe
- <Current directory>\DkUG.exe
- C:\RCXA86F.tmp
- <Current directory>\IssY.ico
- C:\RCXA5EF.tmp
- <Current directory>\cMAA.ico
- %TEMP%\qAEcUgYE.bat
- <Current directory>\xWwQ.ico
- <Current directory>\pUMs.exe
- C:\RCXBE88.tmp
- <Current directory>\lEQY.exe
- C:\RCXBC75.tmp
- %TEMP%\iCEYUoUc.bat
- <Current directory>\KOoM.ico
- <Current directory>\XIwm.exe
- C:\RCXC1E4.tmp
- <Current directory>\XysU.ico
- <Current directory>\IQgG.exe
- C:\RCXC03E.tmp
- <Current directory>\GUAM.ico
- <Current directory>\TswE.exe
- C:\RCXB83E.tmp
- <Current directory>\DecA.ico
- <Current directory>\RAga.exe
- C:\RCXB32E.tmp
- <Current directory>\uikQ.ico
- %TEMP%\VWEoMscw.bat
- <Current directory>\gUIQ.exe
- C:\RCXBB3C.tmp
- <Current directory>\Fcgy.exe
- C:\RCXBA13.tmp
- <Current directory>\eEAo.ico
- <Current directory>\igAw.exe
- C:\RCX8E5C.tmp
- <Current directory>\Ckcc.ico
- <Current directory>\vAAw.exe
- C:\RCX892D.tmp
- <Current directory>\bios.ico
- <Current directory>\IcEu.exe
- C:\RCX915A.tmp
- %TEMP%\iCMIsQEk.bat
- <Current directory>\hWUk.ico
- C:\RCX9002.tmp
- <Current directory>\UgcM.ico
- <Current directory>\NgEy.exe
- <Current directory>\nMMC.exe
- <Current directory>\yYwc.exe
- C:\RCX865C.tmp
- <Current directory>\HGcs.ico
- <Current directory>\XEwY.exe
- C:\RCX836E.tmp
- <Current directory>\sYgI.ico
- <Current directory>\LEAy.exe
- C:\RCX8803.tmp
- <Current directory>\YYos.ico
- <Current directory>\FUUM.exe
- C:\RCX86F9.tmp
- <Current directory>\bMYY.ico
- <Current directory>\lEsO.exe
- C:\RCX9C97.tmp
- <Current directory>\Awck.ico
- <Current directory>\YoIg.exe
- C:\RCX9AB2.tmp
- <Current directory>\GYkA.ico
- <Current directory>\wcEA.exe
- C:\RCX9EBB.tmp
- <Current directory>\ZmQo.ico
- <Current directory>\WQkQ.exe
- C:\RCX9D43.tmp
- <Current directory>\HycI.ico
- <Current directory>\tYsY.ico
- <Current directory>\vcoY.ico
- <Current directory>\LcQw.exe
- C:\RCX95C0.tmp
- <Current directory>\PMUS.exe
- %TEMP%\pgQAkoQo.bat
- C:\RCX9419.tmp
- <Current directory>\FsQc.ico
- <Current directory>\WQEc.exe
- C:\RCX98FC.tmp
- <Current directory>\JqcE.ico
- <Current directory>\YYEi.exe
- C:\RCX96CA.tmp
- C:\RCX3B09.tmp
- <Current directory>\kqss.ico
- <Current directory>\UoIg.exe
- C:\RCXCD6E.tmp
- <Current directory>\xaYw.ico
- <Current directory>\tkcK.exe
- C:\RCXCC25.tmp
- <Current directory>\IEMU.ico
- <Current directory>\IkUa.exe
- C:\RCXD09B.tmp
- <Current directory>\dGYU.ico
- <Current directory>\IAso.exe
- C:\RCXCE97.tmp
- C:\RCXCA12.tmp
- <Current directory>\HIgY.exe
- C:\RCXC3AA.tmp
- <Current directory>\aisE.ico
- <Current directory>\EQMo.exe
- C:\RCXC2AF.tmp
- <Current directory>\PUIk.ico
- <Current directory>\QOcg.ico
- <Current directory>\zgAq.exe
- %TEMP%\wMMAwoYc.bat
- <Current directory>\aQog.exe
- C:\RCXC59E.tmp
- %TEMP%\hMYsIskQ.bat
- <Current directory>\hEYg.ico
- <Current directory>\ZEsE.exe
- C:\RCXDFDD.tmp
- <Current directory>\uYQM.ico
- <Current directory>\TUoA.exe
- C:\RCXDE47.tmp
- C:\RCXE107.tmp
- <Current directory>\cCAY.ico
- <Current directory>\tMwS.exe
- %TEMP%\PSoQUcgI.bat
- <Current directory>\wgMs.ico
- <Current directory>\nogo.exe
- %TEMP%\bswcAIwo.bat
- <Current directory>\ZUUw.ico
- <Current directory>\GQEc.exe
- C:\RCXD6D4.tmp
- <Current directory>\BIoY.ico
- <Current directory>\poEa.exe
- C:\RCXD58C.tmp
- <Current directory>\Oycs.ico
- <Current directory>\zQsE.exe
- C:\RCXD946.tmp
- <Current directory>\bkEk.ico
- <Current directory>\PEEG.exe
- C:\RCXD7A0.tmp
- <Current directory>\kckg.ico
- <Current directory>\pwEc.exe
- C:\RCXAC47.tmp
- <Current directory>\NaIg.ico
- <Current directory>\TwAg.exe
- C:\RCXAB6C.tmp
- <Current directory>\IGUA.ico
- <Current directory>\iEEA.exe
- C:\RCXB03F.tmp
- <Current directory>\jGoc.ico
- <Current directory>\jMgs.exe
- C:\RCXAD9F.tmp
- <Current directory>\EikY.ico
- <Current directory>\DgEU.ico
- C:\ProgramData\kaog.txt
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- %TEMP%\wMgQwcss.bat
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- <Current directory>\VUsu.exe
- %TEMP%\file.vbs
- C:\RCXAA33.tmp
- <Current directory>\<Virus name>
- %TEMP%\CaUggQMI.bat
- <Current directory>\DcoE.ico
- <Current directory>\CSUs.ico
- <Current directory>\EMks.exe
- C:\RCXBD02.tmp
- <Current directory>\MyMg.ico
- <Current directory>\xIQa.exe
- C:\RCXBBE8.tmp
- <Current directory>\uwsk.ico
- <Current directory>\gEIk.exe
- C:\RCXC02F.tmp
- <Current directory>\hGgo.ico
- <Current directory>\UgIM.exe
- C:\RCXBE1B.tmp
- C:\RCXB9F4.tmp
- <Current directory>\cQQi.exe
- C:\RCXB6C6.tmp
- <Current directory>\nmwY.ico
- <Current directory>\YUEO.exe
- C:\RCXB31D.tmp
- <Current directory>\MaMg.ico
- %TEMP%\zuEkckAY.bat
- <Current directory>\AOQA.ico
- <Current directory>\VQkG.exe
- %TEMP%\HEMkMIoA.bat
- <Current directory>\fMsu.exe
- C:\RCXB80F.tmp
- %TEMP%\IcEcAMYU.bat
- <Current directory>\nqcw.ico
- <Current directory>\WIgw.exe
- <Current directory>\rsoY.ico
- <Current directory>\QkUA.exe
- C:\RCX2675.tmp
- C:\RCX29D1.tmp
- <Current directory>\XCQg.ico
- <Current directory>\uoUU.exe
- C:\RCX28F5.tmp
- <Current directory>\QoIc.ico
- <Current directory>\GcwS.exe
- %TEMP%\tggIMEgQ.bat
- <Current directory>\KQQA.ico
- <Current directory>\bEUe.exe
- C:\RCX1F22.tmp
- <Current directory>\TwgE.ico
- <Current directory>\kEEY.exe
- C:\RCX1DC9.tmp
- <Current directory>\DMwA.ico
- <Current directory>\tsAA.exe
- C:\RCX2348.tmp
- <Current directory>\GuwA.ico
- <Current directory>\coQs.exe
- C:\RCX1FED.tmp
- <Current directory>\aaUo.ico
- <Current directory>\XwQu.exe
- C:\RCX3701.tmp
- <Current directory>\BMcQ.ico
- <Current directory>\JwMs.exe
- C:\RCX33D5.tmp
- %TEMP%\DiYckIII.bat
- <Current directory>\pCsE.ico
- <Current directory>\sAow.exe
- <Current directory>\wAUQ.ico
- <Current directory>\kwow.exe
- C:\RCX39A1.tmp
- C:\RCX322F.tmp
- C:\RCX2D5B.tmp
- <Current directory>\BYQg.ico
- <Current directory>\toUI.exe
- C:\RCX2BA6.tmp
- <Current directory>\GwEw.ico
- <Current directory>\nAog.exe
- C:\RCX3089.tmp
- <Current directory>\AOIc.ico
- <Current directory>\Eogk.exe
- C:\RCX2E85.tmp
- <Current directory>\yQYE.ico
- <Current directory>\BYAK.exe
- C:\RCX1AFB.tmp
- <Current directory>\eIwE.exe
- C:\RCXF077.tmp
- <Current directory>\VCEE.ico
- C:\RCXEF2F.tmp
- <Current directory>\PggU.ico
- %TEMP%\LKUQYMQk.bat
- <Current directory>\JaIE.ico
- <Current directory>\JIgE.exe
- C:\RCXF98E.tmp
- <Current directory>\eQMW.exe
- %TEMP%\mMooQMsI.bat
- C:\RCXF3A4.tmp
- <Current directory>\QEIg.exe
- C:\RCXE359.tmp
- <Current directory>\aGoQ.ico
- <Current directory>\vQAg.exe
- C:\RCXE211.tmp
- <Current directory>\ymgo.ico
- <Current directory>\TwMm.exe
- <Current directory>\lcQe.exe
- C:\RCXEBD4.tmp
- <Current directory>\PKco.ico
- C:\RCXE54E.tmp
- <Auxiliary element>
- <Current directory>\pWcA.ico
- %TEMP%\zSsMAUws.bat
- <Current directory>\kAgY.ico
- <Current directory>\NkMY.exe
- <Current directory>\iCEw.ico
- <Current directory>\xQcA.exe
- C:\RCXDBE.tmp
- C:\RCX1455.tmp
- <Current directory>\gmwA.ico
- <Current directory>\UMAe.exe
- C:\RCX1271.tmp
- <Current directory>\hKcA.ico
- <Current directory>\jIQy.exe
- %TEMP%\WSosoUck.bat
- <Current directory>\ccoY.ico
- <Current directory>\BYsC.exe
- C:\RCX256.tmp
- <Current directory>\mewk.ico
- <Current directory>\rIYQ.exe
- C:\RCXB0.tmp
- <Current directory>\CCco.ico
- <Current directory>\IoIE.exe
- C:\RCX841.tmp
- <Current directory>\HmIk.ico
- <Current directory>\dwMw.exe
- C:\RCX38F.tmp
- <Current directory>\Ewsc.exe
- <Current directory>\zGQM.ico
- <Current directory>\PwgC.exe
- <Current directory>\DyoY.ico
- <Current directory>\vsYU.exe
- <Current directory>\tgEg.ico
- <Current directory>\FoUe.exe
- <Current directory>\Yggs.ico
- <Current directory>\uAsY.ico
- <Current directory>\pgsm.exe
- <Current directory>\jcEU.ico
- <Current directory>\hkEA.exe
- <Current directory>\eoUE.exe
- <Current directory>\qqMo.ico
- %TEMP%\tMsgsQok.bat
- <Current directory>\mCUo.ico
- <Current directory>\koEo.exe
- <Current directory>\RSEM.ico
- %TEMP%\yyocQAYQ.bat
- <Current directory>\OYkM.ico
- <Current directory>\dgMS.exe
- <Current directory>\KEYk.ico
- <Current directory>\SUAo.exe
- <Current directory>\wiMw.ico
- <Current directory>\cUcW.exe
- <Current directory>\VwQM.ico
- <Current directory>\tUIC.exe
- <Current directory>\musU.ico
- <Current directory>\AEkO.exe
- %TEMP%\QOMQQEUE.bat
- <Current directory>\EIsa.exe
- <Current directory>\vags.ico
- <Current directory>\hAQM.exe
- <Current directory>\tEEQ.ico
- <Current directory>\sEEC.exe
- <Current directory>\dAMk.ico
- <Current directory>\WQIy.exe
- <Current directory>\ZsIs.ico
- <Current directory>\XEAu.exe
- <Current directory>\jeMg.ico
- <Current directory>\TQYA.exe
- <Current directory>\FAgK.exe
- %TEMP%\IcEcAMYU.bat
- <Current directory>\icou.exe
- <Current directory>\aYEM.ico
- <Current directory>\gmgw.ico
- <Current directory>\LMcW.exe
- <Current directory>\xIIA.ico
- <Current directory>\oMMq.exe
- <Current directory>\hgEA.exe
- <Current directory>\fYQw.ico
- <Current directory>\MAwy.exe
- <Current directory>\gUAg.ico
- <Current directory>\akgi.exe
- <Current directory>\wqsQ.ico
- <Current directory>\pEIi.exe
- <Current directory>\vMYc.ico
- <Current directory>\iMMq.exe
- <Current directory>\eagQ.ico
- %TEMP%\TakgEIIg.bat
- <Current directory>\ZAMM.ico
- <Current directory>\UIUU.exe
- <Current directory>\cSsc.ico
- <Current directory>\ZwMW.exe
- <Current directory>\IQMY.ico
- <Current directory>\XEwY.exe
- <Current directory>\rucM.ico
- <Current directory>\aUAa.exe
- <Current directory>\IssY.ico
- <Current directory>\WcAM.exe
- <Current directory>\pgAw.ico
- <Current directory>\Bkgy.exe
- <Current directory>\tgsA.ico
- <Current directory>\AgUc.exe
- <Current directory>\zcIg.exe
- <Current directory>\puoU.ico
- <Current directory>\igAw.exe
- <Current directory>\fIEs.ico
- <Current directory>\cMAA.ico
- <Current directory>\DkUG.exe
- <Current directory>\sMwO.exe
- %TEMP%\qAEcUgYE.bat
- <Current directory>\GUAM.ico
- <Current directory>\lEQY.exe
- <Current directory>\eEAo.ico
- <Current directory>\gUIQ.exe
- <Current directory>\XysU.ico
- <Current directory>\IQgG.exe
- <Current directory>\xWwQ.ico
- <Current directory>\pUMs.exe
- <Current directory>\uikQ.ico
- <Current directory>\TswE.exe
- <Current directory>\NqwE.ico
- <Current directory>\RAga.exe
- %TEMP%\xWgcgIcY.bat
- %TEMP%\VWEoMscw.bat
- <Current directory>\DecA.ico
- <Current directory>\Fcgy.exe
- <Current directory>\ZmQo.ico
- <Current directory>\Ckcc.ico
- <Current directory>\vAAw.exe
- <Current directory>\bios.ico
- <Current directory>\IcEu.exe
- <Current directory>\NgEy.exe
- %TEMP%\iCMIsQEk.bat
- %TEMP%\DeAUEUMY.bat
- <Current directory>\UgcM.ico
- <Current directory>\HGcs.ico
- <Current directory>\FUUM.exe
- <Current directory>\sYgI.ico
- <Current directory>\yYwc.exe
- <Current directory>\YYos.ico
- <Current directory>\nMMC.exe
- <Current directory>\bMYY.ico
- <Current directory>\LEAy.exe
- <Current directory>\GYkA.ico
- <Current directory>\lEsO.exe
- <Current directory>\tYsY.ico
- <Current directory>\YoIg.exe
- <Current directory>\HycI.ico
- <Current directory>\wcEA.exe
- <Current directory>\Awck.ico
- <Current directory>\WQkQ.exe
- <Current directory>\vcoY.ico
- <Current directory>\LcQw.exe
- <Current directory>\hWUk.ico
- <Current directory>\PMUS.exe
- <Current directory>\FsQc.ico
- <Current directory>\WQEc.exe
- <Current directory>\JqcE.ico
- <Current directory>\YYEi.exe
- <Current directory>\huwU.ico
- <Current directory>\IEMU.ico
- <Current directory>\IkUa.exe
- <Current directory>\dGYU.ico
- <Current directory>\IAso.exe
- <Current directory>\ZUUw.ico
- <Current directory>\GQEc.exe
- <Current directory>\BIoY.ico
- <Current directory>\poEa.exe
- <Current directory>\QOcg.ico
- <Current directory>\zgAq.exe
- <Current directory>\aQog.exe
- %TEMP%\hMYsIskQ.bat
- <Current directory>\kqss.ico
- <Current directory>\UoIg.exe
- <Current directory>\xaYw.ico
- <Current directory>\tkcK.exe
- <Current directory>\nogo.exe
- <Current directory>\cCAY.ico
- <Current directory>\ZEsE.exe
- <Current directory>\wgMs.ico
- <Current directory>\TwMm.exe
- <Current directory>\aGoQ.ico
- <Current directory>\tMwS.exe
- <Current directory>\ymgo.ico
- <Current directory>\Oycs.ico
- <Current directory>\zQsE.exe
- <Current directory>\bkEk.ico
- <Current directory>\PEEG.exe
- <Current directory>\TUoA.exe
- <Current directory>\hEYg.ico
- %TEMP%\bswcAIwo.bat
- <Current directory>\uYQM.ico
- <Current directory>\aisE.ico
- <Current directory>\iEEA.exe
- <Current directory>\jGoc.ico
- <Current directory>\jMgs.exe
- <Current directory>\EikY.ico
- <Current directory>\cQQi.exe
- <Current directory>\nmwY.ico
- <Current directory>\YUEO.exe
- <Current directory>\MaMg.ico
- <Current directory>\VUsu.exe
- <Current directory>\DgEU.ico
- %TEMP%\wMgQwcss.bat
- <Current directory>\DcoE.ico
- <Current directory>\pwEc.exe
- <Current directory>\NaIg.ico
- <Current directory>\TwAg.exe
- <Current directory>\IGUA.ico
- <Current directory>\uwsk.ico
- <Current directory>\gEIk.exe
- <Current directory>\hGgo.ico
- <Current directory>\UgIM.exe
- <Current directory>\PUIk.ico
- <Current directory>\HIgY.exe
- <Current directory>\kckg.ico
- <Current directory>\EQMo.exe
- <Current directory>\AOQA.ico
- <Current directory>\VQkG.exe
- <Current directory>\fMsu.exe
- %TEMP%\HEMkMIoA.bat
- <Current directory>\CSUs.ico
- <Current directory>\EMks.exe
- <Current directory>\MyMg.ico
- <Current directory>\xIQa.exe
- <Current directory>\vQAg.exe
- <Current directory>\GcwS.exe
- <Current directory>\XCQg.ico
- <Current directory>\WIgw.exe
- <Current directory>\QoIc.ico
- <Current directory>\nAog.exe
- <Current directory>\BYQg.ico
- <Current directory>\uoUU.exe
- <Current directory>\GwEw.ico
- <Current directory>\DMwA.ico
- <Current directory>\tsAA.exe
- <Current directory>\coQs.exe
- %TEMP%\mMooQMsI.bat
- <Current directory>\QkUA.exe
- <Current directory>\nqcw.ico
- %TEMP%\tggIMEgQ.bat
- <Current directory>\rsoY.ico
- <Current directory>\kwow.exe
- %TEMP%\DiYckIII.bat
- <Current directory>\XwQu.exe
- <Current directory>\wAUQ.ico
- <Current directory>\zyUs.ico
- <Current directory>\aEMc.exe
- <Current directory>\pCsE.ico
- <Current directory>\sAow.exe
- <Current directory>\BYAK.exe
- <Current directory>\AOIc.ico
- <Current directory>\toUI.exe
- <Current directory>\yQYE.ico
- <Current directory>\JwMs.exe
- <Current directory>\aaUo.ico
- <Current directory>\Eogk.exe
- <Current directory>\BMcQ.ico
- <Current directory>\GuwA.ico
- <Current directory>\JIgE.exe
- <Current directory>\mewk.ico
- <Current directory>\eQMW.exe
- <Current directory>\JaIE.ico
- <Current directory>\BYsC.exe
- <Current directory>\HmIk.ico
- <Current directory>\rIYQ.exe
- <Current directory>\ccoY.ico
- <Current directory>\PKco.ico
- <Current directory>\QEIg.exe
- <Current directory>\pWcA.ico
- <Current directory>\lcQe.exe
- <Current directory>\eIwE.exe
- <Current directory>\VCEE.ico
- %TEMP%\LKUQYMQk.bat
- <Current directory>\PggU.ico
- <Current directory>\gmwA.ico
- <Current directory>\UMAe.exe
- <Current directory>\hKcA.ico
- <Current directory>\jIQy.exe
- <Current directory>\KQQA.ico
- <Current directory>\bEUe.exe
- <Current directory>\TwgE.ico
- <Current directory>\kEEY.exe
- <Current directory>\IoIE.exe
- %TEMP%\WSosoUck.bat
- <Current directory>\dwMw.exe
- <Current directory>\CCco.ico
- <Current directory>\kAgY.ico
- <Current directory>\NkMY.exe
- <Current directory>\iCEw.ico
- <Current directory>\xQcA.exe
- from C:\RCX6BDE.tmp to <Current directory>\PwgC.exe
- from C:\RCX6E3F.tmp to <Current directory>\Ewsc.exe
- from C:\RCX6F59.tmp to <Current directory>\FoUe.exe
- from C:\RCX69AB.tmp to <Current directory>\eoUE.exe
- from C:\RCX6390.tmp to <Current directory>\hAQM.exe
- from C:\RCX6787.tmp to <Current directory>\hkEA.exe
- from C:\RCX6863.tmp to <Current directory>\pgsm.exe
- from C:\RCX71BA.tmp to <Current directory>\vsYU.exe
- from C:\RCX7F95.tmp to <Current directory>\koEo.exe
- from C:\RCX80FC.tmp to <Current directory>\SUAo.exe
- from C:\RCX8255.tmp to <Current directory>\dgMS.exe
- from C:\RCX7AE2.tmp to <Current directory>\AEkO.exe
- from C:\RCX760F.tmp to <Current directory>\tUIC.exe
- from C:\RCX76EA.tmp to <Current directory>\cUcW.exe
- from C:\RCX7814.tmp to <Current directory>\EIsa.exe
- from C:\RCX4AD7.tmp to <Current directory>\WQIy.exe
- from C:\RCX4C10.tmp to <Current directory>\sEEC.exe
- from C:\RCX4DA7.tmp to <Current directory>\TQYA.exe
- from C:\RCX49EC.tmp to <Current directory>\LMcW.exe
- from C:\RCX40E4.tmp to <Current directory>\icou.exe
- from C:\RCX447E.tmp to <Current directory>\FAgK.exe
- from C:\RCX476C.tmp to <Current directory>\oMMq.exe
- from C:\RCX4EA1.tmp to <Current directory>\XEAu.exe
- from C:\RCX5AA8.tmp to <Current directory>\hgEA.exe
- from C:\RCX5BB2.tmp to <Current directory>\pEIi.exe
- from C:\RCX61FA.tmp to <Current directory>\akgi.exe
- from C:\RCX5865.tmp to <Current directory>\MAwy.exe
- from C:\RCX5141.tmp to <Current directory>\iMMq.exe
- from C:\RCX54AC.tmp to <Current directory>\ZwMW.exe
- from C:\RCX56A0.tmp to <Current directory>\UIUU.exe
- from C:\RCX836E.tmp to <Current directory>\XEwY.exe
- from C:\RCXABDA.tmp to <Current directory>\WcAM.exe
- from C:\RCXAD03.tmp to <Current directory>\aUAa.exe
- from C:\RCXB0DB.tmp to <Current directory>\AgUc.exe
- from C:\RCXA86F.tmp to <Current directory>\DkUG.exe
- from C:\RCXA032.tmp to <Current directory>\igAw.exe
- from C:\RCXA16B.tmp to <Current directory>\zcIg.exe
- from C:\RCXA5EF.tmp to <Current directory>\sMwO.exe
- from C:\RCXB1C6.tmp to <Current directory>\Bkgy.exe
- from C:\RCXBC75.tmp to <Current directory>\lEQY.exe
- from C:\RCXBE88.tmp to <Current directory>\pUMs.exe
- from C:\RCXC03E.tmp to <Current directory>\IQgG.exe
- from C:\RCXBB3C.tmp to <Current directory>\gUIQ.exe
- from C:\RCXB32E.tmp to <Current directory>\RAga.exe
- from C:\RCXB83E.tmp to <Current directory>\TswE.exe
- from C:\RCXBA13.tmp to <Current directory>\Fcgy.exe
- from C:\RCX8E5C.tmp to <Current directory>\IcEu.exe
- from C:\RCX9002.tmp to <Current directory>\vAAw.exe
- from C:\RCX915A.tmp to <Current directory>\NgEy.exe
- from C:\RCX892D.tmp to <Current directory>\nMMC.exe
- from C:\RCX865C.tmp to <Current directory>\yYwc.exe
- from C:\RCX86F9.tmp to <Current directory>\FUUM.exe
- from C:\RCX8803.tmp to <Current directory>\LEAy.exe
- from C:\RCX9419.tmp to <Current directory>\PMUS.exe
- from C:\RCX9C97.tmp to <Current directory>\lEsO.exe
- from C:\RCX9D43.tmp to <Current directory>\WQkQ.exe
- from C:\RCX9EBB.tmp to <Current directory>\wcEA.exe
- from C:\RCX9AB2.tmp to <Current directory>\YoIg.exe
- from C:\RCX95C0.tmp to <Current directory>\LcQw.exe
- from C:\RCX96CA.tmp to <Current directory>\YYEi.exe
- from C:\RCX98FC.tmp to <Current directory>\WQEc.exe
- from C:\RCXCE97.tmp to <Current directory>\IAso.exe
- from C:\RCXD09B.tmp to <Current directory>\IkUa.exe
- from C:\RCXD58C.tmp to <Current directory>\poEa.exe
- from C:\RCXCD6E.tmp to <Current directory>\UoIg.exe
- from C:\RCXC59E.tmp to <Current directory>\aQog.exe
- from C:\RCXCA12.tmp to <Current directory>\zgAq.exe
- from C:\RCXCC25.tmp to <Current directory>\tkcK.exe
- from C:\RCXD6D4.tmp to <Current directory>\GQEc.exe
- from C:\RCXE107.tmp to <Current directory>\nogo.exe
- from C:\RCXE211.tmp to <Current directory>\tMwS.exe
- from C:\RCXE359.tmp to <Current directory>\TwMm.exe
- from C:\RCXDFDD.tmp to <Current directory>\ZEsE.exe
- from C:\RCXD7A0.tmp to <Current directory>\PEEG.exe
- from C:\RCXD946.tmp to <Current directory>\zQsE.exe
- from C:\RCXDE47.tmp to <Current directory>\TUoA.exe
- from C:\RCXB03F.tmp to <Current directory>\iEEA.exe
- from C:\RCXB31D.tmp to <Current directory>\YUEO.exe
- from C:\RCXB6C6.tmp to <Current directory>\cQQi.exe
- from C:\RCXAD9F.tmp to <Current directory>\jMgs.exe
- from C:\RCXAA33.tmp to <Current directory>\VUsu.exe
- from C:\RCXAB6C.tmp to <Current directory>\TwAg.exe
- from C:\RCXAC47.tmp to <Current directory>\pwEc.exe
- from C:\RCXB80F.tmp to <Current directory>\fMsu.exe
- from C:\RCXC02F.tmp to <Current directory>\gEIk.exe
- from C:\RCXC2AF.tmp to <Current directory>\EQMo.exe
- from C:\RCXC3AA.tmp to <Current directory>\HIgY.exe
- from C:\RCXBE1B.tmp to <Current directory>\UgIM.exe
- from C:\RCXB9F4.tmp to <Current directory>\VQkG.exe
- from C:\RCXBBE8.tmp to <Current directory>\xIQa.exe
- from C:\RCXBD02.tmp to <Current directory>\EMks.exe
- from C:\RCXE54E.tmp to <Current directory>\vQAg.exe
- from C:\RCX29D1.tmp to <Current directory>\GcwS.exe
- from C:\RCX2BA6.tmp to <Current directory>\uoUU.exe
- from C:\RCX2D5B.tmp to <Current directory>\nAog.exe
- from C:\RCX28F5.tmp to <Current directory>\WIgw.exe
- from C:\RCX1FED.tmp to <Current directory>\coQs.exe
- from C:\RCX2348.tmp to <Current directory>\tsAA.exe
- from C:\RCX2675.tmp to <Current directory>\QkUA.exe
- from C:\RCX2E85.tmp to <Current directory>\toUI.exe
- from C:\RCX39A1.tmp to <Current directory>\kwow.exe
- from C:\RCX3B09.tmp to <Current directory>\sAow.exe
- from C:\RCX3EE1.tmp to <Current directory>\aEMc.exe
- from C:\RCX3701.tmp to <Current directory>\XwQu.exe
- from C:\RCX3089.tmp to <Current directory>\BYAK.exe
- from C:\RCX322F.tmp to <Current directory>\Eogk.exe
- from C:\RCX33D5.tmp to <Current directory>\JwMs.exe
- from C:\RCXF98E.tmp to <Current directory>\JIgE.exe
- from C:\RCXB0.tmp to <Current directory>\rIYQ.exe
- from C:\RCX256.tmp to <Current directory>\BYsC.exe
- from C:\RCXF3A4.tmp to <Current directory>\eQMW.exe
- from C:\RCXEBD4.tmp to <Current directory>\lcQe.exe
- from C:\RCXEF2F.tmp to <Current directory>\QEIg.exe
- from C:\RCXF077.tmp to <Current directory>\eIwE.exe
- from C:\RCX38F.tmp to <Current directory>\dwMw.exe
- from C:\RCX1AFB.tmp to <Current directory>\UMAe.exe
- from C:\RCX1DC9.tmp to <Current directory>\kEEY.exe
- from C:\RCX1F22.tmp to <Current directory>\bEUe.exe
- from C:\RCX1455.tmp to <Current directory>\jIQy.exe
- from C:\RCX841.tmp to <Current directory>\IoIE.exe
- from C:\RCXDBE.tmp to <Current directory>\xQcA.exe
- from C:\RCX1271.tmp to <Current directory>\NkMY.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'rSYkcwMw.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'GocwIYEU.exe'