Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\reg.exe' /pid=0x594 /log
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\conhost.exe' -k swprv
- '<SYSTEM32>\vssvc.exe'
- '<SYSTEM32>\taskhost.exe'
- <Current directory>\fccE.ico
- <Current directory>\xEYy.exe
- C:\RCX80EA.tmp
- <Current directory>\qGQk.ico
- <Current directory>\usQW.exe
- C:\RCX8418.tmp
- <Current directory>\ReUk.ico
- <Current directory>\ZwQO.exe
- C:\RCX82B0.tmp
- <Current directory>\CowQ.ico
- C:\RCX7FA2.tmp
- <Current directory>\DkoY.exe
- C:\RCX7D30.tmp
- <Current directory>\UmQA.ico
- <Current directory>\wIIS.exe
- C:\RCX7BB8.tmp
- <Current directory>\EsUY.ico
- <Current directory>\Hggs.exe
- C:\RCX7EA7.tmp
- <Current directory>\NOgs.ico
- <Current directory>\wYMk.exe
- <Current directory>\akQI.exe
- <Current directory>\DmMw.ico
- <Current directory>\eAgI.exe
- %TEMP%\nmEsAAwI.bat
- <Current directory>\kAUu.exe
- C:\RCX8AE0.tmp
- C:\RCX8FF1.tmp
- <Current directory>\mSQk.ico
- <Current directory>\AskS.exe
- C:\RCX8C67.tmp
- <Current directory>\rIcY.ico
- <Current directory>\MCQU.ico
- C:\RCX862C.tmp
- <Current directory>\dMQk.ico
- <Current directory>\YwcI.exe
- C:\RCX84E3.tmp
- <Current directory>\JEEA.ico
- <Current directory>\mIES.exe
- C:\RCX891B.tmp
- <Current directory>\DeQE.ico
- <Current directory>\YooG.exe
- C:\RCX8717.tmp
- C:\RCX6C92.tmp
- <Current directory>\XEoA.ico
- <Current directory>\UQIO.exe
- <Current directory>\TUsE.exe
- C:\RCX6A11.tmp
- <Current directory>\dIsS.exe
- C:\RCX6F13.tmp
- <Current directory>\GCsk.ico
- <Current directory>\RkUq.exe
- C:\RCX6DEA.tmp
- %TEMP%\RCggQscw.bat
- <Current directory>\LAAI.ico
- <Current directory>\GkUg.exe
- C:\RCX65CA.tmp
- <Current directory>\SukA.ico
- <Current directory>\Pokq.exe
- C:\RCX683C.tmp
- <Current directory>\ZIoQ.ico
- <Current directory>\ysIg.exe
- C:\RCX66E4.tmp
- <Current directory>\UwEw.ico
- <Current directory>\KcAs.ico
- <Current directory>\xWMw.ico
- <Current directory>\jsQu.exe
- C:\RCX76E5.tmp
- <Current directory>\JyAw.ico
- <Current directory>\akkK.exe
- C:\RCX7AFC.tmp
- <Current directory>\wMco.ico
- <Current directory>\Bcsa.exe
- C:\RCX78E9.tmp
- <Current directory>\igIE.ico
- C:\RCX74D2.tmp
- <Current directory>\sAQQ.exe
- C:\RCX728E.tmp
- <Current directory>\uOAo.ico
- <Current directory>\NAYi.exe
- C:\RCX7136.tmp
- <Current directory>\iecw.ico
- <Current directory>\dYAa.exe
- C:\RCX7399.tmp
- <Current directory>\xiQg.ico
- <Current directory>\qwks.exe
- <Current directory>\ZIkk.ico
- <Current directory>\CUEI.exe
- C:\RCXB205.tmp
- <Current directory>\NWsw.ico
- <Current directory>\zMMi.exe
- C:\RCXB4F4.tmp
- <Current directory>\augA.ico
- <Current directory>\XwAu.exe
- C:\RCXB3DA.tmp
- <Current directory>\nQko.ico
- C:\RCXADD0.tmp
- C:\RCXA9C8.tmp
- <Current directory>\pCUI.ico
- <Current directory>\QAYg.exe
- C:\RCXA795.tmp
- <Current directory>\ACAg.ico
- %TEMP%\TuYcsMMg.bat
- <Current directory>\jIgC.exe
- <Current directory>\VicM.ico
- <Current directory>\Iwce.exe
- C:\RCXABCC.tmp
- <Current directory>\tMAo.exe
- C:\RCXBEAA.tmp
- <Current directory>\eEok.ico
- <Current directory>\wcsK.exe
- C:\RCXBCB6.tmp
- <Current directory>\PokQ.ico
- <Current directory>\SQoK.exe
- C:\RCXC293.tmp
- <Current directory>\IIEk.ico
- <Current directory>\LcIq.exe
- C:\RCXC060.tmp
- <Current directory>\JsIy.exe
- <Current directory>\iwoI.ico
- <Current directory>\sYgm.exe
- C:\RCXB795.tmp
- C:\RCXB65C.tmp
- <Current directory>\sEYq.exe
- C:\RCXBA35.tmp
- <Current directory>\ZKsM.ico
- <Current directory>\vsoa.exe
- C:\RCXB8DD.tmp
- <Current directory>\AIIY.ico
- <Current directory>\Neow.ico
- <Current directory>\mgMi.exe
- C:\RCX98AD.tmp
- <Current directory>\LKYg.ico
- <Current directory>\sQAo.exe
- C:\RCX9B1F.tmp
- <Current directory>\YSoc.ico
- <Current directory>\OYwa.exe
- C:\RCX9A15.tmp
- <Current directory>\hSIs.ico
- C:\RCX963C.tmp
- <Current directory>\qAYa.exe
- C:\RCX936C.tmp
- <Current directory>\yMcM.ico
- <Current directory>\QIwm.exe
- C:\RCX91B6.tmp
- <Current directory>\CEYI.ico
- <Current directory>\lQgK.exe
- C:\RCX9512.tmp
- <Current directory>\zkMc.ico
- <Current directory>\YUsw.exe
- <Current directory>\Cwcc.exe
- <Current directory>\MQUu.exe
- C:\RCXA478.tmp
- <Current directory>\GYsc.ico
- <Current directory>\PoUo.exe
- C:\RCXA33F.tmp
- <Current directory>\MUgw.ico
- <Current directory>\fksw.exe
- C:\RCXA68B.tmp
- <Current directory>\lmkw.ico
- <Current directory>\iYAm.exe
- <Current directory>\vgQk.ico
- C:\RCX9F07.tmp
- <Current directory>\LeAY.ico
- <Current directory>\Bose.exe
- C:\RCX9D03.tmp
- <Current directory>\pYAw.ico
- <Current directory>\bccS.exe
- C:\RCXA189.tmp
- <Current directory>\COIs.ico
- <Current directory>\tQUS.exe
- C:\RCXA021.tmp
- C:\RCX63F5.tmp
- <Current directory>\NYUS.exe
- C:\RCX22F9.tmp
- <Current directory>\mQoQ.ico
- <Current directory>\BAkC.exe
- C:\RCX2172.tmp
- <Current directory>\jQwM.ico
- %TEMP%\NQwgAUgg.bat
- C:\RCX253C.tmp
- <Current directory>\Umww.ico
- <Current directory>\bsgQ.exe
- <Current directory>\NmQA.ico
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- <Current directory>\sesA.ico
- C:\RCX18A9.tmp
- <Current directory>\gwsI.ico
- <Current directory>\KwIy.exe
- <Current directory>\oAYA.exe
- C:\RCX1FDC.tmp
- <Current directory>\JQEg.ico
- <Current directory>\UIoK.exe
- C:\RCX1D6B.tmp
- <Current directory>\gEsa.exe
- <Current directory>\gcAq.exe
- C:\RCX3088.tmp
- <Current directory>\vAck.ico
- <Current directory>\ZwII.exe
- C:\RCX2EC2.tmp
- <Current directory>\rGAg.ico
- <Current directory>\YQAK.exe
- C:\RCX325D.tmp
- <Current directory>\HYsw.ico
- <Current directory>\gYAq.exe
- <Current directory>\gkcY.ico
- C:\RCX2A2D.tmp
- <Current directory>\bAAY.ico
- <Current directory>\lsYK.exe
- C:\RCX277E.tmp
- <Current directory>\FoIQ.ico
- <Current directory>\Gock.exe
- C:\RCX2D3B.tmp
- <Current directory>\fgYc.ico
- <Current directory>\LcYC.exe
- C:\RCX2BD4.tmp
- <Current directory>\dGgM.ico
- <Current directory>\wIQo.exe
- C:\RCXB589.tmp
- <Current directory>\HCsE.ico
- <Current directory>\JgcY.exe
- C:\RCXBE23.tmp
- <Current directory>\rYYI.ico
- <Current directory>\ogMe.exe
- C:\RCXB9A0.tmp
- <Current directory>\wgAs.ico
- C:\RCXAEB5.tmp
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- %HOMEPATH%\CaIocokM\GocwIYEUIRTH
- C:\ProgramData\sIAowgok\rSYkcwMw
- <Current directory>\<Virus name>GQVI
- %HOMEPATH%\CaIocokM\GocwIYEU
- <Current directory>\nmUc.ico
- <Current directory>\FAQY.exe
- C:\ProgramData\ZQIIosos\XiskIEYEDMGQ
- C:\ProgramData\sIAowgok\rSYkcwMwANEC
- C:\ProgramData\kaog.txt
- <Current directory>\cMca.exe
- C:\RCXDF9C.tmp
- <Current directory>\jisA.ico
- <Current directory>\UUYk.exe
- C:\RCXD677.tmp
- <Current directory>\uIwU.ico
- <Current directory>\wwMu.exe
- C:\RCXF7A1.tmp
- <Current directory>\MkcY.ico
- <Current directory>\YsUI.exe
- C:\RCXF12A.tmp
- <Current directory>\tgQI.exe
- C:\RCXC556.tmp
- %TEMP%\KWkssEEA.bat
- <Current directory>\wYkc.exe
- C:\RCXC18E.tmp
- <Current directory>\hOIA.ico
- C:\RCXCEE8.tmp
- <Current directory>\xMUQ.ico
- <Current directory>\TYQI.exe
- <Current directory>\<Virus name>
- <Current directory>\zEUs.ico
- <Current directory>\rYUg.ico
- <Current directory>\HMIy.exe
- C:\RCX52BC.tmp
- <Current directory>\CKYo.ico
- <Current directory>\zIos.exe
- C:\RCX57EC.tmp
- <Current directory>\LMEA.ico
- <Current directory>\UIMa.exe
- C:\RCX56A3.tmp
- <Current directory>\kKYs.ico
- C:\RCX5144.tmp
- <Current directory>\AQAk.exe
- C:\RCX4F4F.tmp
- <Current directory>\gqYU.ico
- <Current directory>\lYUG.exe
- C:\RCX4E64.tmp
- <Current directory>\MEYg.ico
- <Current directory>\GsMc.exe
- C:\RCX5059.tmp
- <Current directory>\pcEA.ico
- <Current directory>\lcQe.exe
- <Current directory>\SwIE.exe
- <Current directory>\xosK.exe
- C:\RCX622F.tmp
- <Current directory>\NGcI.ico
- <Current directory>\JYoa.exe
- C:\RCX60F6.tmp
- <Current directory>\DmEE.ico
- <Current directory>\RcYU.exe
- C:\RCX62EB.tmp
- <Current directory>\GSkk.ico
- <Current directory>\dEQS.exe
- <Current directory>\OWEU.ico
- C:\RCX5C61.tmp
- <Current directory>\OAYA.ico
- <Current directory>\KsgA.exe
- C:\RCX59A2.tmp
- <Current directory>\ucAo.ico
- <Current directory>\DYoG.exe
- C:\RCX5F5F.tmp
- <Current directory>\POww.ico
- <Current directory>\ycMI.exe
- C:\RCX5D6B.tmp
- <Current directory>\uewE.ico
- <Current directory>\WYMa.exe
- C:\RCX3EC1.tmp
- <Current directory>\UcMU.ico
- <Current directory>\FMEG.exe
- C:\RCX4142.tmp
- <Current directory>\aoUE.ico
- <Current directory>\DsEW.exe
- C:\RCX4067.tmp
- <Current directory>\eekk.ico
- <Auxiliary element>
- C:\RCX36D2.tmp
- <Current directory>\IyEs.ico
- <Current directory>\YcIO.exe
- C:\RCX34FD.tmp
- <Current directory>\kkQU.ico
- <Current directory>\cUgm.exe
- C:\RCX3B18.tmp
- <Current directory>\ocAc.ico
- <Current directory>\MUEo.exe
- C:\RCX38B6.tmp
- <Current directory>\YwsG.exe
- <Current directory>\KYwO.exe
- C:\RCX4982.tmp
- <Current directory>\Wkgw.ico
- <Current directory>\gssm.exe
- C:\RCX47AD.tmp
- C:\RCX4C80.tmp
- <Current directory>\IIww.ico
- <Current directory>\nQIQ.exe
- %TEMP%\nIAwcwIk.bat
- <Current directory>\sEks.ico
- <Current directory>\MeYs.ico
- C:\RCX4421.tmp
- <Current directory>\jGUI.ico
- <Current directory>\AwgW.exe
- C:\RCX428B.tmp
- <Current directory>\kaQQ.ico
- <Current directory>\wMsY.exe
- C:\RCX4693.tmp
- <Current directory>\piYg.ico
- <Current directory>\TcMg.exe
- C:\RCX456A.tmp
- <Current directory>\usQW.exe
- <Current directory>\qGQk.ico
- <Current directory>\Hggs.exe
- <Current directory>\fccE.ico
- <Current directory>\ZwQO.exe
- <Current directory>\CowQ.ico
- <Current directory>\xEYy.exe
- <Current directory>\UmQA.ico
- <Current directory>\wIIS.exe
- <Current directory>\wMco.ico
- <Current directory>\DkoY.exe
- <Current directory>\EsUY.ico
- <Current directory>\wYMk.exe
- <Current directory>\NOgs.ico
- <Current directory>\kAUu.exe
- <Current directory>\MCQU.ico
- <Current directory>\mIES.exe
- %TEMP%\nmEsAAwI.bat
- <Current directory>\rIcY.ico
- <Current directory>\eAgI.exe
- <Current directory>\DmMw.ico
- <Current directory>\JEEA.ico
- <Current directory>\akQI.exe
- <Current directory>\ReUk.ico
- <Current directory>\YwcI.exe
- <Current directory>\DeQE.ico
- <Current directory>\YooG.exe
- <Current directory>\dMQk.ico
- <Current directory>\UQIO.exe
- <Current directory>\TUsE.exe
- <Current directory>\ZIoQ.ico
- <Current directory>\XEoA.ico
- <Current directory>\dIsS.exe
- <Current directory>\GCsk.ico
- <Current directory>\RkUq.exe
- <Current directory>\LAAI.ico
- <Current directory>\Pokq.exe
- <Current directory>\SukA.ico
- <Current directory>\GkUg.exe
- %TEMP%\RCggQscw.bat
- <Current directory>\ysIg.exe
- <Current directory>\UwEw.ico
- <Current directory>\akkK.exe
- <Current directory>\JyAw.ico
- <Current directory>\dYAa.exe
- <Current directory>\xWMw.ico
- <Current directory>\Bcsa.exe
- <Current directory>\igIE.ico
- <Current directory>\jsQu.exe
- <Current directory>\uOAo.ico
- <Current directory>\NAYi.exe
- <Current directory>\KcAs.ico
- <Current directory>\sAQQ.exe
- <Current directory>\iecw.ico
- <Current directory>\qwks.exe
- <Current directory>\xiQg.ico
- <Current directory>\AskS.exe
- <Current directory>\NWsw.ico
- %TEMP%\TuYcsMMg.bat
- <Current directory>\jIgC.exe
- <Current directory>\zMMi.exe
- <Current directory>\nQko.ico
- <Current directory>\CUEI.exe
- <Current directory>\ZIkk.ico
- <Current directory>\ACAg.ico
- <Current directory>\fksw.exe
- <Current directory>\MUgw.ico
- <Current directory>\QAYg.exe
- <Current directory>\VicM.ico
- <Current directory>\Iwce.exe
- <Current directory>\pCUI.ico
- <Current directory>\JsIy.exe
- <Current directory>\ZKsM.ico
- <Current directory>\vsoa.exe
- <Current directory>\PokQ.ico
- <Current directory>\LcIq.exe
- <Current directory>\eEok.ico
- <Current directory>\wcsK.exe
- <Current directory>\tMAo.exe
- <Current directory>\augA.ico
- <Current directory>\XwAu.exe
- <Current directory>\sEYq.exe
- <Current directory>\AIIY.ico
- <Current directory>\sYgm.exe
- <Current directory>\iwoI.ico
- <Current directory>\sQAo.exe
- <Current directory>\LKYg.ico
- <Current directory>\lQgK.exe
- <Current directory>\Neow.ico
- <Current directory>\OYwa.exe
- <Current directory>\hSIs.ico
- <Current directory>\mgMi.exe
- <Current directory>\yMcM.ico
- <Current directory>\QIwm.exe
- <Current directory>\mSQk.ico
- <Current directory>\qAYa.exe
- <Current directory>\CEYI.ico
- <Current directory>\YUsw.exe
- <Current directory>\zkMc.ico
- <Current directory>\PoUo.exe
- <Current directory>\vgQk.ico
- <Current directory>\bccS.exe
- <Current directory>\GYsc.ico
- <Current directory>\iYAm.exe
- <Current directory>\lmkw.ico
- <Current directory>\MQUu.exe
- <Current directory>\pYAw.ico
- <Current directory>\Cwcc.exe
- <Current directory>\YSoc.ico
- <Current directory>\Bose.exe
- <Current directory>\COIs.ico
- <Current directory>\tQUS.exe
- <Current directory>\LeAY.ico
- <Current directory>\Umww.ico
- <Current directory>\NYUS.exe
- <Current directory>\mQoQ.ico
- <Current directory>\bsgQ.exe
- <Current directory>\gEsa.exe
- <Current directory>\jQwM.ico
- %TEMP%\NQwgAUgg.bat
- <Current directory>\UIoK.exe
- <Current directory>\sesA.ico
- <Current directory>\KwIy.exe
- <Current directory>\JQEg.ico
- <Current directory>\BAkC.exe
- <Current directory>\NmQA.ico
- <Current directory>\oAYA.exe
- <Current directory>\gcAq.exe
- <Current directory>\vAck.ico
- <Current directory>\ZwII.exe
- <Current directory>\HYsw.ico
- <Current directory>\YQAK.exe
- <Current directory>\rGAg.ico
- <Current directory>\gYAq.exe
- <Current directory>\bAAY.ico
- <Current directory>\lsYK.exe
- <Current directory>\FoIQ.ico
- <Current directory>\LcYC.exe
- <Current directory>\gkcY.ico
- <Current directory>\Gock.exe
- <Current directory>\fgYc.ico
- <Current directory>\wIQo.exe
- <Current directory>\dGgM.ico
- <Current directory>\JgcY.exe
- <Current directory>\wgAs.ico
- <Current directory>\cMca.exe
- <Current directory>\rYYI.ico
- <Current directory>\ogMe.exe
- C:\ProgramData\sIAowgok\rSYkcwMwANEC
- %HOMEPATH%\CaIocokM\GocwIYEUIRTH
- <Current directory>\<Virus name>GQVI
- C:\ProgramData\ZQIIosos\XiskIEYEDMGQ
- <Current directory>\HCsE.ico
- <Current directory>\FAQY.exe
- <Current directory>\nmUc.ico
- <Current directory>\jisA.ico
- <Current directory>\UUYk.exe
- <Current directory>\uIwU.ico
- <Current directory>\YsUI.exe
- <Current directory>\gwsI.ico
- <Current directory>\wwMu.exe
- <Current directory>\MkcY.ico
- %TEMP%\KWkssEEA.bat
- <Current directory>\wYkc.exe
- <Current directory>\hOIA.ico
- <Current directory>\zEUs.ico
- <Current directory>\tgQI.exe
- <Current directory>\xMUQ.ico
- <Current directory>\TYQI.exe
- <Current directory>\kkQU.ico
- <Current directory>\HMIy.exe
- <Current directory>\rYUg.ico
- <Current directory>\zIos.exe
- <Current directory>\kKYs.ico
- <Current directory>\SwIE.exe
- <Current directory>\LMEA.ico
- <Current directory>\UIMa.exe
- <Current directory>\pcEA.ico
- <Current directory>\AQAk.exe
- <Current directory>\gqYU.ico
- <Current directory>\lcQe.exe
- <Current directory>\CKYo.ico
- <Current directory>\GsMc.exe
- <Current directory>\MEYg.ico
- <Current directory>\xosK.exe
- <Current directory>\NGcI.ico
- <Current directory>\JYoa.exe
- <Current directory>\GSkk.ico
- <Current directory>\RcYU.exe
- <Current directory>\DmEE.ico
- <Current directory>\dEQS.exe
- <Current directory>\OAYA.ico
- <Current directory>\KsgA.exe
- <Current directory>\ucAo.ico
- <Current directory>\ycMI.exe
- <Current directory>\OWEU.ico
- <Current directory>\DYoG.exe
- <Current directory>\POww.ico
- <Current directory>\eekk.ico
- <Current directory>\WYMa.exe
- <Current directory>\uewE.ico
- <Current directory>\DsEW.exe
- <Current directory>\kaQQ.ico
- <Current directory>\YwsG.exe
- <Current directory>\aoUE.ico
- <Current directory>\MUEo.exe
- <Current directory>\IyEs.ico
- <Current directory>\YcIO.exe
- <Current directory>\ocAc.ico
- <Current directory>\FMEG.exe
- <Current directory>\UcMU.ico
- <Current directory>\cUgm.exe
- %TEMP%\nIAwcwIk.bat
- <Current directory>\KYwO.exe
- <Current directory>\Wkgw.ico
- <Current directory>\sEks.ico
- <Current directory>\lYUG.exe
- <Current directory>\IIww.ico
- <Current directory>\nQIQ.exe
- <Current directory>\TcMg.exe
- <Current directory>\jGUI.ico
- <Current directory>\AwgW.exe
- <Current directory>\piYg.ico
- <Current directory>\gssm.exe
- <Current directory>\MeYs.ico
- <Current directory>\wMsY.exe
- from C:\RCX82B0.tmp to <Current directory>\xEYy.exe
- from C:\RCX8418.tmp to <Current directory>\ZwQO.exe
- from C:\RCX84E3.tmp to <Current directory>\akQI.exe
- from C:\RCX7EA7.tmp to <Current directory>\wYMk.exe
- from C:\RCX7FA2.tmp to <Current directory>\Hggs.exe
- from C:\RCX80EA.tmp to <Current directory>\usQW.exe
- from C:\RCX862C.tmp to <Current directory>\YwcI.exe
- from C:\RCX8C67.tmp to <Current directory>\eAgI.exe
- from C:\RCX8FF1.tmp to <Current directory>\AskS.exe
- from C:\RCX91B6.tmp to <Current directory>\QIwm.exe
- from C:\RCX8717.tmp to <Current directory>\YooG.exe
- from C:\RCX891B.tmp to <Current directory>\mIES.exe
- from C:\RCX8AE0.tmp to <Current directory>\kAUu.exe
- from C:\RCX7D30.tmp to <Current directory>\DkoY.exe
- from C:\RCX6DEA.tmp to <Current directory>\RkUq.exe
- from C:\RCX6F13.tmp to <Current directory>\dIsS.exe
- from C:\RCX7136.tmp to <Current directory>\NAYi.exe
- from C:\RCX683C.tmp to <Current directory>\ysIg.exe
- from C:\RCX6A11.tmp to <Current directory>\TUsE.exe
- from C:\RCX6C92.tmp to <Current directory>\UQIO.exe
- from C:\RCX728E.tmp to <Current directory>\sAQQ.exe
- from C:\RCX78E9.tmp to <Current directory>\jsQu.exe
- from C:\RCX7AFC.tmp to <Current directory>\Bcsa.exe
- from C:\RCX7BB8.tmp to <Current directory>\wIIS.exe
- from C:\RCX7399.tmp to <Current directory>\qwks.exe
- from C:\RCX74D2.tmp to <Current directory>\dYAa.exe
- from C:\RCX76E5.tmp to <Current directory>\akkK.exe
- from C:\RCXB205.tmp to <Current directory>\zMMi.exe
- from C:\RCXB3DA.tmp to <Current directory>\CUEI.exe
- from C:\RCXB4F4.tmp to <Current directory>\XwAu.exe
- from C:\RCXA9C8.tmp to <Current directory>\QAYg.exe
- from C:\RCXABCC.tmp to <Current directory>\Iwce.exe
- from C:\RCXADD0.tmp to <Current directory>\jIgC.exe
- from C:\RCXB65C.tmp to <Current directory>\tMAo.exe
- from C:\RCXBCB6.tmp to <Current directory>\JsIy.exe
- from C:\RCXBEAA.tmp to <Current directory>\wcsK.exe
- from C:\RCXC060.tmp to <Current directory>\LcIq.exe
- from C:\RCXB795.tmp to <Current directory>\sEYq.exe
- from C:\RCXB8DD.tmp to <Current directory>\sYgm.exe
- from C:\RCXBA35.tmp to <Current directory>\vsoa.exe
- from C:\RCXA795.tmp to <Current directory>\fksw.exe
- from C:\RCX98AD.tmp to <Current directory>\sQAo.exe
- from C:\RCX9A15.tmp to <Current directory>\mgMi.exe
- from C:\RCX9B1F.tmp to <Current directory>\OYwa.exe
- from C:\RCX936C.tmp to <Current directory>\qAYa.exe
- from C:\RCX9512.tmp to <Current directory>\YUsw.exe
- from C:\RCX963C.tmp to <Current directory>\lQgK.exe
- from C:\RCX9D03.tmp to <Current directory>\Cwcc.exe
- from C:\RCXA33F.tmp to <Current directory>\PoUo.exe
- from C:\RCXA478.tmp to <Current directory>\MQUu.exe
- from C:\RCXA68B.tmp to <Current directory>\iYAm.exe
- from C:\RCX9F07.tmp to <Current directory>\Bose.exe
- from C:\RCXA021.tmp to <Current directory>\tQUS.exe
- from C:\RCXA189.tmp to <Current directory>\bccS.exe
- from C:\RCX66E4.tmp to <Current directory>\GkUg.exe
- from C:\RCX277E.tmp to <Current directory>\gEsa.exe
- from C:\RCX2A2D.tmp to <Current directory>\lsYK.exe
- from C:\RCX2BD4.tmp to <Current directory>\LcYC.exe
- from C:\RCX2172.tmp to <Current directory>\BAkC.exe
- from C:\RCX22F9.tmp to <Current directory>\NYUS.exe
- from C:\RCX253C.tmp to <Current directory>\bsgQ.exe
- from C:\RCX2D3B.tmp to <Current directory>\Gock.exe
- from C:\RCX34FD.tmp to <Current directory>\YQAK.exe
- from C:\RCX36D2.tmp to <Current directory>\YcIO.exe
- from C:\RCX38B6.tmp to <Current directory>\MUEo.exe
- from C:\RCX2EC2.tmp to <Current directory>\ZwII.exe
- from C:\RCX3088.tmp to <Current directory>\gcAq.exe
- from C:\RCX325D.tmp to <Current directory>\gYAq.exe
- from C:\RCX1FDC.tmp to <Current directory>\oAYA.exe
- from C:\RCXBE23.tmp to <Current directory>\ogMe.exe
- from C:\RCXC18E.tmp to <Current directory>\cMca.exe
- from C:\RCXC556.tmp to <Current directory>\wYkc.exe
- from C:\RCXAEB5.tmp to <Current directory>\FAQY.exe
- from C:\RCXB589.tmp to <Current directory>\JgcY.exe
- from C:\RCXB9A0.tmp to <Current directory>\wIQo.exe
- from C:\RCXCEE8.tmp to <Current directory>\TYQI.exe
- from C:\RCXF7A1.tmp to <Current directory>\wwMu.exe
- from C:\RCX18A9.tmp to <Current directory>\KwIy.exe
- from C:\RCX1D6B.tmp to <Current directory>\UIoK.exe
- from C:\RCXD677.tmp to <Current directory>\tgQI.exe
- from C:\RCXDF9C.tmp to <Current directory>\UUYk.exe
- from C:\RCXF12A.tmp to <Current directory>\YsUI.exe
- from C:\RCX57EC.tmp to <Current directory>\UIMa.exe
- from C:\RCX59A2.tmp to <Current directory>\SwIE.exe
- from C:\RCX5C61.tmp to <Current directory>\KsgA.exe
- from C:\RCX5144.tmp to <Current directory>\GsMc.exe
- from C:\RCX52BC.tmp to <Current directory>\zIos.exe
- from C:\RCX56A3.tmp to <Current directory>\HMIy.exe
- from C:\RCX5D6B.tmp to <Current directory>\ycMI.exe
- from C:\RCX62EB.tmp to <Current directory>\dEQS.exe
- from C:\RCX63F5.tmp to <Current directory>\RcYU.exe
- from C:\RCX65CA.tmp to <Current directory>\Pokq.exe
- from C:\RCX5F5F.tmp to <Current directory>\DYoG.exe
- from C:\RCX60F6.tmp to <Current directory>\JYoa.exe
- from C:\RCX622F.tmp to <Current directory>\xosK.exe
- from C:\RCX5059.tmp to <Current directory>\lcQe.exe
- from C:\RCX4142.tmp to <Current directory>\DsEW.exe
- from C:\RCX428B.tmp to <Current directory>\YwsG.exe
- from C:\RCX4421.tmp to <Current directory>\AwgW.exe
- from C:\RCX3B18.tmp to <Current directory>\cUgm.exe
- from C:\RCX3EC1.tmp to <Current directory>\FMEG.exe
- from C:\RCX4067.tmp to <Current directory>\WYMa.exe
- from C:\RCX456A.tmp to <Current directory>\TcMg.exe
- from C:\RCX4C80.tmp to <Current directory>\nQIQ.exe
- from C:\RCX4E64.tmp to <Current directory>\lYUG.exe
- from C:\RCX4F4F.tmp to <Current directory>\AQAk.exe
- from C:\RCX4693.tmp to <Current directory>\wMsY.exe
- from C:\RCX47AD.tmp to <Current directory>\gssm.exe
- from C:\RCX4982.tmp to <Current directory>\KYwO.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'GocwIYEU.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'rSYkcwMw.exe'