Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\FqAIQgsE.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\UKwkgMoc.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\cscript.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\wbem\wmiprvse.exe' /pid=0xfc /log
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\iqQscgAk.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\cscript.exe' /pid=0x45c /log
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\FecsMEEI.bat" "<Full path to virus>""
- <Current directory>\jIQk.exe
- C:\RCX7F92.tmp
- <Current directory>\XGAQ.ico
- <Current directory>\pAEe.exe
- C:\RCX7EE5.tmp
- <Current directory>\DCkU.ico
- <Current directory>\mocc.exe
- C:\RCX80AD.tmp
- <Current directory>\RsAo.ico
- <Current directory>\dAso.exe
- C:\RCX802F.tmp
- <Current directory>\RGko.ico
- <Current directory>\KIki.exe
- %TEMP%\FqAIQgsE.bat
- <Current directory>\rEoC.exe
- C:\RCX77FF.tmp
- %TEMP%\vaEwIMEs.bat
- C:\RCX75CD.tmp
- <Current directory>\HScc.ico
- <Current directory>\UYMA.ico
- <Current directory>\wAsU.exe
- C:\RCX7C93.tmp
- <Current directory>\CAYk.ico
- <Current directory>\FwIw.exe
- C:\RCX7A32.tmp
- <Current directory>\EAYE.ico
- C:\RCX8253.tmp
- <Current directory>\LyUc.ico
- <Current directory>\rYYm.exe
- C:\RCX8C86.tmp
- <Current directory>\GwAe.exe
- %TEMP%\tIMkQAQs.bat
- C:\RCX8AFF.tmp
- <Current directory>\faQg.ico
- <Current directory>\mugU.ico
- <Current directory>\igoS.exe
- C:\RCX9252.tmp
- <Current directory>\NocO.exe
- %TEMP%\iqQscgAk.bat
- C:\RCX90EA.tmp
- <Current directory>\vSoE.ico
- <Current directory>\JccI.exe
- C:\RCX85FD.tmp
- <Current directory>\Kgwk.ico
- <Current directory>\GkkC.exe
- C:\RCX83E9.tmp
- <Current directory>\akkM.ico
- <Current directory>\acAw.exe
- C:\RCX8959.tmp
- <Current directory>\JaUU.ico
- <Current directory>\uAgQ.exe
- C:\RCX87B3.tmp
- <Current directory>\JcQU.ico
- <Current directory>\YGcU.ico
- %TEMP%\HAYocYYE.bat
- <Current directory>\XAEY.exe
- <Current directory>\HeUA.ico
- <Current directory>\GUYs.exe
- C:\RCX5F44.tmp
- C:\RCX604F.tmp
- C:\RCX62EE.tmp
- <Current directory>\vGYw.ico
- <Current directory>\bgcy.exe
- %TEMP%\JCYIIIAc.bat
- <Current directory>\xSEE.ico
- <Current directory>\xQAi.exe
- C:\RCX59F3.tmp
- <Current directory>\xywg.ico
- <Current directory>\jsoA.exe
- C:\RCX5744.tmp
- <Current directory>\aUkc.ico
- <Current directory>\VcYs.exe
- C:\RCX5B4B.tmp
- <Current directory>\uQMs.ico
- <Current directory>\hcEs.exe
- C:\RCX5DDD.tmp
- <Current directory>\AQkk.ico
- <Current directory>\TMcY.exe
- C:\RCX5C36.tmp
- C:\RCX6495.tmp
- <Current directory>\ywcA.exe
- C:\RCX70CB.tmp
- <Current directory>\iYcA.ico
- <Current directory>\zwMO.exe
- C:\RCX6F15.tmp
- <Current directory>\qeEw.ico
- <Current directory>\HMYW.exe
- C:\RCX7484.tmp
- <Current directory>\PisA.ico
- <Current directory>\JoAW.exe
- C:\RCX731C.tmp
- <Current directory>\NEQg.ico
- <Current directory>\KQgU.exe
- <Current directory>\Sekw.ico
- <Current directory>\vMYO.exe
- C:\RCX6A13.tmp
- <Current directory>\xCEI.ico
- <Current directory>\JEgQ.exe
- C:\RCX66E6.tmp
- <Current directory>\CMkc.ico
- <Current directory>\lQoe.exe
- C:\RCX6C65.tmp
- <Current directory>\kMwI.ico
- <Current directory>\KgYw.exe
- C:\RCX6B9A.tmp
- <Current directory>\Pisc.ico
- %TEMP%\gAssssgw.bat
- <Current directory>\fcEU.ico
- <Current directory>\MgwE.exe
- <Current directory>\BGwo.ico
- <Current directory>\uUMk.exe
- C:\RCXB36F.tmp
- C:\RCXB5FF.tmp
- <Current directory>\VmMQ.ico
- <Current directory>\BcQG.exe
- C:\RCXB95B.tmp
- <Current directory>\tCQw.ico
- <Current directory>\fIgO.exe
- C:\RCXB7C5.tmp
- <Current directory>\WSgA.ico
- <Current directory>\qwAi.exe
- C:\RCXAEEA.tmp
- <Current directory>\HcMY.ico
- <Current directory>\Kkws.exe
- C:\RCXAD15.tmp
- <Current directory>\WGMc.ico
- <Current directory>\BMcc.exe
- C:\RCXB207.tmp
- %TEMP%\xGEMcYAc.bat
- <Current directory>\TUcc.exe
- C:\RCXB0A0.tmp
- <Current directory>\LkYE.ico
- <Current directory>\WGIU.ico
- C:\RCXC237.tmp
- <Current directory>\qsYg.ico
- <Current directory>\VQwQ.exe
- C:\RCXC0FE.tmp
- <Current directory>\xasE.ico
- <Current directory>\yYIK.exe
- C:\RCXC332.tmp
- <Current directory>\kUcI.ico
- <Current directory>\ZsQI.exe
- C:\RCXC6FB.tmp
- <Current directory>\amYk.ico
- <Current directory>\yAYy.exe
- C:\RCXC584.tmp
- <Current directory>\xkUS.exe
- C:\RCXBBFC.tmp
- <Current directory>\QeEY.ico
- <Current directory>\LUEc.exe
- C:\RCXBA46.tmp
- <Current directory>\tOww.ico
- <Current directory>\WcoC.exe
- C:\RCXBFA6.tmp
- <Current directory>\tiEw.ico
- <Current directory>\kgUW.exe
- C:\RCXBE00.tmp
- <Current directory>\qAUQ.ico
- <Current directory>\nMAC.exe
- <Current directory>\oMoO.exe
- C:\RCX9A63.tmp
- <Current directory>\eOkw.ico
- <Current directory>\hYEQ.exe
- C:\RCX98EC.tmp
- <Current directory>\YIoE.ico
- <Current directory>\Xgcm.exe
- C:\RCX9E8A.tmp
- <Current directory>\CwMs.ico
- <Current directory>\yAwm.exe
- C:\RCX9D8F.tmp
- <Current directory>\eEUA.ico
- <Current directory>\fAAu.exe
- <Current directory>\VgEY.ico
- <Current directory>\kYYw.exe
- C:\RCX94B4.tmp
- <Current directory>\woIY.ico
- <Current directory>\PMou.exe
- C:\RCX9408.tmp
- <Current directory>\DGEY.ico
- <Current directory>\PQYY.exe
- C:\RCX9801.tmp
- <Current directory>\PScY.ico
- <Current directory>\mAsU.exe
- C:\RCX9706.tmp
- <Current directory>\iKQA.ico
- %TEMP%\KcgUUAEE.bat
- C:\RCXA776.tmp
- <Current directory>\wMME.ico
- <Current directory>\kMAw.exe
- C:\RCXA60E.tmp
- <Current directory>\QgMc.ico
- <Current directory>\HkYu.exe
- C:\RCXA95A.tmp
- <Current directory>\iWQw.ico
- <Current directory>\sQwe.exe
- C:\RCXABCC.tmp
- <Current directory>\tAkk.ico
- <Current directory>\kQkE.exe
- C:\RCXAAA3.tmp
- C:\RCXA10C.tmp
- %TEMP%\qSYYwMgg.bat
- <Current directory>\wAwg.ico
- C:\RCX9FC3.tmp
- <Current directory>\VGQA.ico
- <Current directory>\CQAK.exe
- <Current directory>\CsMG.exe
- C:\RCXA40A.tmp
- <Current directory>\pmYI.ico
- <Current directory>\qAsk.exe
- C:\RCXA30F.tmp
- <Current directory>\ZmoQ.ico
- <Current directory>\pkEy.exe
- <Current directory>\xQkI.exe
- <Current directory>\TkkK.exe
- C:\RCXF817.tmp
- %TEMP%\CqUcIUsU.bat
- <Current directory>\kAcU.exe
- C:\RCXF6DE.tmp
- <Current directory>\CsAc.ico
- <Current directory>\OcoY.ico
- <Current directory>\QEQE.ico
- <Current directory>\BUIi.exe
- C:\RCXFDB4.tmp
- <Current directory>\rQUG.exe
- %TEMP%\jOcsoEIg.bat
- C:\RCXFA59.tmp
- <Current directory>\zOYw.ico
- <Current directory>\aQgA.exe
- C:\RCXF15F.tmp
- <Current directory>\aQgc.ico
- <Current directory>\ScgA.exe
- C:\RCXEFB9.tmp
- <Current directory>\fwkY.ico
- <Current directory>\SwUS.exe
- C:\RCXF603.tmp
- <Current directory>\qkwA.ico
- <Current directory>\YMsQ.exe
- C:\RCXF20C.tmp
- <Current directory>\SCkY.ico
- <Current directory>\dkIA.ico
- C:\RCXB70.tmp
- <Current directory>\TUcU.ico
- <Current directory>\uMQY.exe
- C:\RCXA57.tmp
- <Current directory>\CeUM.ico
- <Current directory>\qQQq.exe
- C:\RCXF0A.tmp
- <Current directory>\RigA.ico
- %TEMP%\XSIwAIkw.bat
- <Current directory>\Dcoq.exe
- <Current directory>\Omgo.ico
- <Current directory>\GMwi.exe
- C:\RCX11B9.tmp
- <Current directory>\ykcM.exe
- C:\RCX6CB.tmp
- <Current directory>\vukg.ico
- <Current directory>\hwMC.exe
- C:\RCX16D.tmp
- <Current directory>\UaUY.ico
- <Current directory>\yoci.exe
- C:\RCX95C.tmp
- <Current directory>\cuEw.ico
- <Current directory>\rwkk.exe
- C:\RCX890.tmp
- <Current directory>\PAgo.ico
- <Current directory>\iAEi.exe
- <Current directory>\foka.exe
- C:\RCXD5C7.tmp
- <Current directory>\pCcQ.ico
- C:\RCXD3F2.tmp
- %TEMP%\file.vbs
- <Current directory>\Tuww.ico
- <Current directory>\AkwS.exe
- C:\RCXDAA9.tmp
- <Current directory>\SiMs.ico
- <Current directory>\GAAu.exe
- C:\RCXD809.tmp
- <Current directory>\yoUs.ico
- <Current directory>\ZAsK.exe
- C:\ProgramData\kaog.txt
- <Current directory>\oYIo.ico
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- <Current directory>\qoQA.exe
- %TEMP%\XIYIwkMY.bat
- <Current directory>\Ogko.ico
- <Current directory>\oIIU.exe
- %TEMP%\YOwIMMEk.bat
- <Current directory>\<Virus name>
- C:\RCXCFFB.tmp
- C:\RCXDC4F.tmp
- <Current directory>\puIs.ico
- <Current directory>\YEsm.exe
- C:\RCXE7F9.tmp
- <Current directory>\RkQe.exe
- %TEMP%\QKcQIIUo.bat
- C:\RCXE6A1.tmp
- %TEMP%\UUowcEIg.bat
- <Current directory>\qCAU.ico
- <Current directory>\RMsO.exe
- C:\RCXED48.tmp
- <Current directory>\FCcw.ico
- <Current directory>\kgkI.exe
- C:\RCXEB92.tmp
- <Current directory>\VOwE.ico
- <Current directory>\eMgY.exe
- C:\RCXE0F3.tmp
- <Current directory>\QIgI.ico
- <Current directory>\ZoYQ.exe
- C:\RCXDEC0.tmp
- <Current directory>\BqEY.ico
- <Current directory>\GsMM.exe
- C:\RCXE49D.tmp
- <Current directory>\noEE.ico
- <Current directory>\WAUo.exe
- C:\RCXE354.tmp
- <Current directory>\CsIQ.ico
- <Current directory>\pAUQ.ico
- <Current directory>\TQUm.exe
- C:\RCX458D.tmp
- <Current directory>\kGso.ico
- <Current directory>\Mwss.exe
- C:\RCX435A.tmp
- <Current directory>\xkAM.ico
- <Current directory>\ucYc.exe
- C:\RCX4791.tmp
- <Current directory>\wAwQ.ico
- <Current directory>\mIki.exe
- C:\RCX46F4.tmp
- <Current directory>\Eigc.ico
- %TEMP%\xEccYwkU.bat
- <Current directory>\iysI.ico
- <Current directory>\ZkUi.exe
- <Current directory>\PIco.exe
- C:\RCX3B6A.tmp
- %TEMP%\nocEIMME.bat
- C:\RCX3F51.tmp
- <Current directory>\MOcg.ico
- <Current directory>\CoMi.exe
- C:\RCX4202.tmp
- <Current directory>\dCEY.ico
- <Current directory>\pQIo.exe
- C:\RCX40AA.tmp
- <Current directory>\ToQY.exe
- <Current directory>\XsMI.ico
- <Current directory>\kcQQ.exe
- C:\RCX5222.tmp
- <Current directory>\BOwU.ico
- <Current directory>\iAIo.exe
- C:\RCX50DA.tmp
- <Current directory>\wKYc.ico
- <Current directory>\ZcMW.exe
- C:\RCX54E2.tmp
- <Current directory>\GUcc.ico
- <Current directory>\vkQQ.exe
- C:\RCX53E8.tmp
- <Current directory>\hsog.ico
- <Auxiliary element>
- C:\RCX4919.tmp
- <Current directory>\Jewc.ico
- C:\RCX487C.tmp
- <Current directory>\AKwg.ico
- <Current directory>\msAA.exe
- <Current directory>\QIgY.exe
- <Current directory>\nQwe.exe
- C:\RCX4D6F.tmp
- %TEMP%\UKwkgMoc.bat
- C:\RCX4ACF.tmp
- %TEMP%\cyoIYAQE.bat
- <Current directory>\lUgY.ico
- C:\RCX22C0.tmp
- <Current directory>\DYsM.ico
- <Current directory>\uMsM.exe
- C:\RCX21A6.tmp
- <Current directory>\OKQI.ico
- <Current directory>\NIMm.exe
- C:\RCX2447.tmp
- <Current directory>\mYwk.ico
- <Current directory>\CEEI.exe
- C:\RCX289C.tmp
- <Current directory>\SyEw.ico
- <Current directory>\JMAA.exe
- C:\RCX26E6.tmp
- <Current directory>\LMEw.exe
- C:\RCX1506.tmp
- <Current directory>\faYo.ico
- C:\RCX1331.tmp
- %TEMP%\FecsMEEI.bat
- <Current directory>\nYoo.ico
- <Current directory>\lsQW.exe
- C:\RCX1C77.tmp
- <Current directory>\kWEM.ico
- <Current directory>\swkw.exe
- C:\RCX17A5.tmp
- <Current directory>\vAwM.ico
- <Current directory>\QYou.exe
- <Current directory>\SIEQ.ico
- <Current directory>\hWAY.ico
- <Current directory>\AIcM.exe
- C:\RCX3668.tmp
- <Current directory>\JgwI.ico
- <Current directory>\UEUm.exe
- C:\RCX3435.tmp
- <Current directory>\BCMo.ico
- <Current directory>\UQYw.exe
- C:\RCX39E3.tmp
- <Current directory>\ZQgs.ico
- <Current directory>\HYwW.exe
- C:\RCX387B.tmp
- <Current directory>\qIsI.ico
- %TEMP%\xCgEEEAw.bat
- <Current directory>\YoEA.ico
- <Current directory>\dska.exe
- %TEMP%\IOIwswYI.bat
- <Current directory>\GEII.exe
- C:\RCX2A62.tmp
- C:\RCX2D40.tmp
- <Current directory>\Isww.ico
- <Current directory>\ugMg.exe
- C:\RCX3147.tmp
- <Current directory>\IYAI.ico
- <Current directory>\wQgG.exe
- C:\RCX2F15.tmp
- <Current directory>\mocc.exe
- %TEMP%\FqAIQgsE.bat
- <Current directory>\jIQk.exe
- <Current directory>\XGAQ.ico
- <Current directory>\RsAo.ico
- <Current directory>\dAso.exe
- <Current directory>\RGko.ico
- <Current directory>\KIki.exe
- <Current directory>\DCkU.ico
- <Current directory>\UYMA.ico
- <Current directory>\FwIw.exe
- <Current directory>\HScc.ico
- <Current directory>\rEoC.exe
- <Current directory>\CAYk.ico
- <Current directory>\pAEe.exe
- <Current directory>\EAYE.ico
- <Current directory>\wAsU.exe
- <Current directory>\LyUc.ico
- <Current directory>\rYYm.exe
- <Current directory>\GwAe.exe
- %TEMP%\tIMkQAQs.bat
- <Current directory>\mugU.ico
- <Current directory>\igoS.exe
- <Current directory>\faQg.ico
- <Current directory>\NocO.exe
- <Current directory>\JaUU.ico
- <Current directory>\vSoE.ico
- <Current directory>\JccI.exe
- <Current directory>\Kgwk.ico
- <Current directory>\GkkC.exe
- <Current directory>\JcQU.ico
- <Current directory>\acAw.exe
- <Current directory>\akkM.ico
- <Current directory>\uAgQ.exe
- %TEMP%\vaEwIMEs.bat
- <Current directory>\xSEE.ico
- <Current directory>\xQAi.exe
- <Current directory>\XAEY.exe
- %TEMP%\HAYocYYE.bat
- <Current directory>\bgcy.exe
- <Current directory>\xCEI.ico
- %TEMP%\UKwkgMoc.bat
- <Current directory>\vGYw.ico
- <Current directory>\YGcU.ico
- <Current directory>\AQkk.ico
- <Current directory>\TMcY.exe
- <Current directory>\xywg.ico
- <Current directory>\jsoA.exe
- <Current directory>\HeUA.ico
- <Current directory>\GUYs.exe
- <Current directory>\uQMs.ico
- <Current directory>\hcEs.exe
- <Current directory>\iYcA.ico
- <Current directory>\HMYW.exe
- <Current directory>\qeEw.ico
- <Current directory>\ywcA.exe
- <Current directory>\PisA.ico
- <Current directory>\JoAW.exe
- <Current directory>\NEQg.ico
- <Current directory>\KQgU.exe
- <Current directory>\zwMO.exe
- <Current directory>\vMYO.exe
- <Current directory>\CMkc.ico
- <Current directory>\JEgQ.exe
- <Current directory>\Sekw.ico
- <Current directory>\lQoe.exe
- <Current directory>\kMwI.ico
- <Current directory>\KgYw.exe
- <Current directory>\Pisc.ico
- <Current directory>\uUMk.exe
- <Current directory>\fcEU.ico
- %TEMP%\xGEMcYAc.bat
- <Current directory>\BGwo.ico
- <Current directory>\fIgO.exe
- <Current directory>\VmMQ.ico
- <Current directory>\MgwE.exe
- <Current directory>\tCQw.ico
- <Current directory>\BMcc.exe
- <Current directory>\Kkws.exe
- <Current directory>\WSgA.ico
- <Current directory>\sQwe.exe
- <Current directory>\HcMY.ico
- <Current directory>\TUcc.exe
- <Current directory>\LkYE.ico
- <Current directory>\qwAi.exe
- <Current directory>\WGMc.ico
- <Current directory>\xasE.ico
- <Current directory>\yYIK.exe
- <Current directory>\tiEw.ico
- <Current directory>\kgUW.exe
- <Current directory>\amYk.ico
- <Current directory>\yAYy.exe
- <Current directory>\qsYg.ico
- <Current directory>\VQwQ.exe
- <Current directory>\nMAC.exe
- <Current directory>\LUEc.exe
- <Current directory>\tOww.ico
- <Current directory>\BcQG.exe
- <Current directory>\WGIU.ico
- <Current directory>\WcoC.exe
- <Current directory>\qAUQ.ico
- <Current directory>\xkUS.exe
- <Current directory>\QeEY.ico
- <Current directory>\iWQw.ico
- <Current directory>\oMoO.exe
- %TEMP%\iqQscgAk.bat
- <Current directory>\hYEQ.exe
- <Current directory>\YIoE.ico
- <Current directory>\eEUA.ico
- <Current directory>\fAAu.exe
- <Current directory>\eOkw.ico
- <Current directory>\Xgcm.exe
- <Current directory>\PScY.ico
- <Current directory>\VgEY.ico
- <Current directory>\kYYw.exe
- <Current directory>\woIY.ico
- <Current directory>\PMou.exe
- <Current directory>\iKQA.ico
- <Current directory>\PQYY.exe
- <Current directory>\DGEY.ico
- <Current directory>\mAsU.exe
- <Current directory>\QgMc.ico
- <Current directory>\HkYu.exe
- <Current directory>\pmYI.ico
- <Current directory>\qAsk.exe
- <Current directory>\tAkk.ico
- <Current directory>\kQkE.exe
- <Current directory>\wMME.ico
- <Current directory>\kMAw.exe
- <Current directory>\pkEy.exe
- %TEMP%\KcgUUAEE.bat
- <Current directory>\VGQA.ico
- <Current directory>\CwMs.ico
- <Current directory>\yAwm.exe
- <Current directory>\CsMG.exe
- <Current directory>\ZmoQ.ico
- <Current directory>\CQAK.exe
- <Current directory>\wAwg.ico
- <Current directory>\BUIi.exe
- <Current directory>\dkIA.ico
- <Current directory>\rQUG.exe
- <Current directory>\QEQE.ico
- <Current directory>\ykcM.exe
- <Current directory>\vukg.ico
- <Current directory>\hwMC.exe
- <Current directory>\UaUY.ico
- <Current directory>\OcoY.ico
- <Current directory>\SwUS.exe
- <Current directory>\qkwA.ico
- <Current directory>\YMsQ.exe
- <Current directory>\SCkY.ico
- <Current directory>\TkkK.exe
- %TEMP%\CqUcIUsU.bat
- <Current directory>\kAcU.exe
- <Current directory>\CsAc.ico
- %TEMP%\XSIwAIkw.bat
- <Current directory>\RigA.ico
- <Current directory>\Omgo.ico
- <Current directory>\GMwi.exe
- <Current directory>\LMEw.exe
- <Current directory>\faYo.ico
- <Current directory>\Dcoq.exe
- <Current directory>\nYoo.ico
- <Current directory>\uMQY.exe
- <Current directory>\iAEi.exe
- <Current directory>\cuEw.ico
- <Current directory>\yoci.exe
- <Current directory>\PAgo.ico
- <Current directory>\qQQq.exe
- <Current directory>\TUcU.ico
- <Current directory>\rwkk.exe
- <Current directory>\CeUM.ico
- <Current directory>\fwkY.ico
- <Current directory>\SiMs.ico
- <Current directory>\GAAu.exe
- <Current directory>\yoUs.ico
- <Current directory>\ZAsK.exe
- <Current directory>\VOwE.ico
- <Current directory>\eMgY.exe
- <Current directory>\QIgI.ico
- <Current directory>\ZoYQ.exe
- <Current directory>\AkwS.exe
- <Current directory>\qoQA.exe
- <Current directory>\Ogko.ico
- %TEMP%\YOwIMMEk.bat
- <Current directory>\oYIo.ico
- <Current directory>\foka.exe
- <Current directory>\pCcQ.ico
- <Current directory>\oIIU.exe
- <Current directory>\Tuww.ico
- <Current directory>\qCAU.ico
- <Current directory>\RMsO.exe
- <Current directory>\FCcw.ico
- <Current directory>\kgkI.exe
- <Current directory>\zOYw.ico
- <Current directory>\aQgA.exe
- <Current directory>\aQgc.ico
- <Current directory>\ScgA.exe
- <Current directory>\YEsm.exe
- <Current directory>\CsIQ.ico
- <Current directory>\GsMM.exe
- <Current directory>\BqEY.ico
- <Current directory>\WAUo.exe
- %TEMP%\QKcQIIUo.bat
- <Current directory>\puIs.ico
- <Current directory>\noEE.ico
- <Current directory>\RkQe.exe
- <Current directory>\Eigc.ico
- <Current directory>\ucYc.exe
- <Current directory>\xkAM.ico
- <Current directory>\mIki.exe
- <Current directory>\AKwg.ico
- <Current directory>\msAA.exe
- <Current directory>\wAwQ.ico
- <Current directory>\ToQY.exe
- <Current directory>\TQUm.exe
- <Current directory>\pQIo.exe
- <Current directory>\MOcg.ico
- <Current directory>\ZkUi.exe
- <Current directory>\dCEY.ico
- <Current directory>\Mwss.exe
- <Current directory>\pAUQ.ico
- <Current directory>\CoMi.exe
- <Current directory>\kGso.ico
- <Current directory>\hsog.ico
- <Current directory>\ZcMW.exe
- <Current directory>\wKYc.ico
- <Current directory>\vkQQ.exe
- <Current directory>\aUkc.ico
- <Current directory>\VcYs.exe
- <Current directory>\GUcc.ico
- <Current directory>\xQkI.exe
- <Current directory>\kcQQ.exe
- %TEMP%\cyoIYAQE.bat
- <Current directory>\lUgY.ico
- <Current directory>\Jewc.ico
- <Current directory>\QIgY.exe
- <Current directory>\iAIo.exe
- <Current directory>\XsMI.ico
- <Current directory>\nQwe.exe
- <Current directory>\BOwU.ico
- <Current directory>\iysI.ico
- <Current directory>\mYwk.ico
- <Current directory>\CEEI.exe
- <Current directory>\SyEw.ico
- <Current directory>\JMAA.exe
- <Current directory>\SIEQ.ico
- <Current directory>\GEII.exe
- %TEMP%\FecsMEEI.bat
- %TEMP%\IOIwswYI.bat
- <Current directory>\uMsM.exe
- <Current directory>\QYou.exe
- <Current directory>\kWEM.ico
- <Current directory>\lsQW.exe
- <Current directory>\vAwM.ico
- <Current directory>\NIMm.exe
- <Current directory>\DYsM.ico
- <Current directory>\swkw.exe
- <Current directory>\OKQI.ico
- <Current directory>\HYwW.exe
- <Current directory>\qIsI.ico
- <Current directory>\AIcM.exe
- <Current directory>\BCMo.ico
- <Current directory>\PIco.exe
- %TEMP%\nocEIMME.bat
- <Current directory>\UQYw.exe
- <Current directory>\ZQgs.ico
- <Current directory>\hWAY.ico
- <Current directory>\IYAI.ico
- <Current directory>\wQgG.exe
- <Current directory>\YoEA.ico
- <Current directory>\dska.exe
- <Current directory>\JgwI.ico
- <Current directory>\UEUm.exe
- <Current directory>\Isww.ico
- <Current directory>\ugMg.exe
- from C:\RCX802F.tmp to <Current directory>\mocc.exe
- from C:\RCX7F92.tmp to <Current directory>\jIQk.exe
- from C:\RCX8253.tmp to <Current directory>\dAso.exe
- from C:\RCX80AD.tmp to <Current directory>\KIki.exe
- from C:\RCX7A32.tmp to <Current directory>\FwIw.exe
- from C:\RCX77FF.tmp to <Current directory>\rEoC.exe
- from C:\RCX7EE5.tmp to <Current directory>\pAEe.exe
- from C:\RCX7C93.tmp to <Current directory>\wAsU.exe
- from C:\RCX8C86.tmp to <Current directory>\rYYm.exe
- from C:\RCX8AFF.tmp to <Current directory>\GwAe.exe
- from C:\RCX9252.tmp to <Current directory>\igoS.exe
- from C:\RCX90EA.tmp to <Current directory>\NocO.exe
- from C:\RCX85FD.tmp to <Current directory>\JccI.exe
- from C:\RCX83E9.tmp to <Current directory>\GkkC.exe
- from C:\RCX8959.tmp to <Current directory>\acAw.exe
- from C:\RCX87B3.tmp to <Current directory>\uAgQ.exe
- from C:\RCX62EE.tmp to <Current directory>\xQAi.exe
- from C:\RCX604F.tmp to <Current directory>\XAEY.exe
- from C:\RCX66E6.tmp to <Current directory>\JEgQ.exe
- from C:\RCX6495.tmp to <Current directory>\bgcy.exe
- from C:\RCX5C36.tmp to <Current directory>\TMcY.exe
- from C:\RCX5B4B.tmp to <Current directory>\jsoA.exe
- from C:\RCX5F44.tmp to <Current directory>\GUYs.exe
- from C:\RCX5DDD.tmp to <Current directory>\hcEs.exe
- from C:\RCX731C.tmp to <Current directory>\HMYW.exe
- from C:\RCX70CB.tmp to <Current directory>\ywcA.exe
- from C:\RCX75CD.tmp to <Current directory>\JoAW.exe
- from C:\RCX7484.tmp to <Current directory>\KQgU.exe
- from C:\RCX6B9A.tmp to <Current directory>\KgYw.exe
- from C:\RCX6A13.tmp to <Current directory>\vMYO.exe
- from C:\RCX6F15.tmp to <Current directory>\zwMO.exe
- from C:\RCX6C65.tmp to <Current directory>\lQoe.exe
- from C:\RCX9408.tmp to <Current directory>\PMou.exe
- from C:\RCXB5FF.tmp to <Current directory>\MgwE.exe
- from C:\RCXB36F.tmp to <Current directory>\uUMk.exe
- from C:\RCXB95B.tmp to <Current directory>\BcQG.exe
- from C:\RCXB7C5.tmp to <Current directory>\fIgO.exe
- from C:\RCXAEEA.tmp to <Current directory>\qwAi.exe
- from C:\RCXAD15.tmp to <Current directory>\Kkws.exe
- from C:\RCXB207.tmp to <Current directory>\BMcc.exe
- from C:\RCXB0A0.tmp to <Current directory>\TUcc.exe
- from C:\RCXC237.tmp to <Current directory>\yYIK.exe
- from C:\RCXC0FE.tmp to <Current directory>\kgUW.exe
- from C:\RCXC584.tmp to <Current directory>\yAYy.exe
- from C:\RCXC332.tmp to <Current directory>\VQwQ.exe
- from C:\RCXBBFC.tmp to <Current directory>\xkUS.exe
- from C:\RCXBA46.tmp to <Current directory>\LUEc.exe
- from C:\RCXBFA6.tmp to <Current directory>\nMAC.exe
- from C:\RCXBE00.tmp to <Current directory>\WcoC.exe
- from C:\RCX9D8F.tmp to <Current directory>\Xgcm.exe
- from C:\RCX9A63.tmp to <Current directory>\oMoO.exe
- from C:\RCX9FC3.tmp to <Current directory>\yAwm.exe
- from C:\RCX9E8A.tmp to <Current directory>\fAAu.exe
- from C:\RCX9706.tmp to <Current directory>\mAsU.exe
- from C:\RCX94B4.tmp to <Current directory>\kYYw.exe
- from C:\RCX98EC.tmp to <Current directory>\hYEQ.exe
- from C:\RCX9801.tmp to <Current directory>\PQYY.exe
- from C:\RCXA95A.tmp to <Current directory>\kMAw.exe
- from C:\RCXA776.tmp to <Current directory>\HkYu.exe
- from C:\RCXABCC.tmp to <Current directory>\sQwe.exe
- from C:\RCXAAA3.tmp to <Current directory>\kQkE.exe
- from C:\RCXA30F.tmp to <Current directory>\CsMG.exe
- from C:\RCXA10C.tmp to <Current directory>\CQAK.exe
- from C:\RCXA60E.tmp to <Current directory>\qAsk.exe
- from C:\RCXA40A.tmp to <Current directory>\pkEy.exe
- from C:\RCXFDB4.tmp to <Current directory>\BUIi.exe
- from C:\RCXFA59.tmp to <Current directory>\rQUG.exe
- from C:\RCX6CB.tmp to <Current directory>\ykcM.exe
- from C:\RCX16D.tmp to <Current directory>\hwMC.exe
- from C:\RCXF603.tmp to <Current directory>\SwUS.exe
- from C:\RCXF20C.tmp to <Current directory>\YMsQ.exe
- from C:\RCXF817.tmp to <Current directory>\TkkK.exe
- from C:\RCXF6DE.tmp to <Current directory>\kAcU.exe
- from C:\RCX11B9.tmp to <Current directory>\GMwi.exe
- from C:\RCXF0A.tmp to <Current directory>\uMQY.exe
- from C:\RCX1506.tmp to <Current directory>\LMEw.exe
- from C:\RCX1331.tmp to <Current directory>\Dcoq.exe
- from C:\RCX95C.tmp to <Current directory>\iAEi.exe
- from C:\RCX890.tmp to <Current directory>\yoci.exe
- from C:\RCXB70.tmp to <Current directory>\qQQq.exe
- from C:\RCXA57.tmp to <Current directory>\rwkk.exe
- from C:\RCXDC4F.tmp to <Current directory>\GAAu.exe
- from C:\RCXDAA9.tmp to <Current directory>\ZAsK.exe
- from C:\RCXE0F3.tmp to <Current directory>\eMgY.exe
- from C:\RCXDEC0.tmp to <Current directory>\ZoYQ.exe
- from C:\RCXD3F2.tmp to <Current directory>\oIIU.exe
- from C:\RCXCFFB.tmp to <Current directory>\qoQA.exe
- from C:\RCXD809.tmp to <Current directory>\AkwS.exe
- from C:\RCXD5C7.tmp to <Current directory>\foka.exe
- from C:\RCXED48.tmp to <Current directory>\RMsO.exe
- from C:\RCXEB92.tmp to <Current directory>\kgkI.exe
- from C:\RCXF15F.tmp to <Current directory>\aQgA.exe
- from C:\RCXEFB9.tmp to <Current directory>\ScgA.exe
- from C:\RCXE49D.tmp to <Current directory>\GsMM.exe
- from C:\RCXE354.tmp to <Current directory>\WAUo.exe
- from C:\RCXE7F9.tmp to <Current directory>\YEsm.exe
- from C:\RCXE6A1.tmp to <Current directory>\RkQe.exe
- from C:\RCX17A5.tmp to <Current directory>\lsQW.exe
- from C:\RCX4791.tmp to <Current directory>\ucYc.exe
- from C:\RCX46F4.tmp to <Current directory>\mIki.exe
- from C:\RCX4919.tmp to <Current directory>\msAA.exe
- from C:\RCX487C.tmp to <Current directory>\ToQY.exe
- from C:\RCX4202.tmp to <Current directory>\CoMi.exe
- from C:\RCX40AA.tmp to <Current directory>\pQIo.exe
- from C:\RCX458D.tmp to <Current directory>\TQUm.exe
- from C:\RCX435A.tmp to <Current directory>\Mwss.exe
- from C:\RCX54E2.tmp to <Current directory>\ZcMW.exe
- from C:\RCX53E8.tmp to <Current directory>\vkQQ.exe
- from C:\RCX59F3.tmp to <Current directory>\VcYs.exe
- from C:\RCX5744.tmp to <Current directory>\xQkI.exe
- from C:\RCX4D6F.tmp to <Current directory>\nQwe.exe
- from C:\RCX4ACF.tmp to <Current directory>\QIgY.exe
- from C:\RCX5222.tmp to <Current directory>\kcQQ.exe
- from C:\RCX50DA.tmp to <Current directory>\iAIo.exe
- from C:\RCX289C.tmp to <Current directory>\CEEI.exe
- from C:\RCX26E6.tmp to <Current directory>\JMAA.exe
- from C:\RCX2D40.tmp to <Current directory>\dska.exe
- from C:\RCX2A62.tmp to <Current directory>\GEII.exe
- from C:\RCX21A6.tmp to <Current directory>\swkw.exe
- from C:\RCX1C77.tmp to <Current directory>\QYou.exe
- from C:\RCX2447.tmp to <Current directory>\uMsM.exe
- from C:\RCX22C0.tmp to <Current directory>\NIMm.exe
- from C:\RCX39E3.tmp to <Current directory>\UQYw.exe
- from C:\RCX387B.tmp to <Current directory>\HYwW.exe
- from C:\RCX3F51.tmp to <Current directory>\ZkUi.exe
- from C:\RCX3B6A.tmp to <Current directory>\PIco.exe
- from C:\RCX3147.tmp to <Current directory>\ugMg.exe
- from C:\RCX2F15.tmp to <Current directory>\wQgG.exe
- from C:\RCX3668.tmp to <Current directory>\AIcM.exe
- from C:\RCX3435.tmp to <Current directory>\UEUm.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'GocwIYEU.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'rSYkcwMw.exe'