Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\reg.exe' 0xb84 cscript.exe
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\wbem\wmiprvse.exe' 0x764 <Virus name>.exe
- '<SYSTEM32>\wbem\wmiprvse.exe' /c ""%TEMP%\fgkIoAsE.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' 0xbac <Virus name>.exe
- '<SYSTEM32>\cscript.exe' /pid=0xbac /log
- '<SYSTEM32>\reg.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' /pid=0xbb0 /log
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\cscript.exe' 0xc0c <Virus name>.exe
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\OOYoIQYc.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- <Current directory>\KaUA.ico
- <Current directory>\CIwO.exe
- C:\RCXAC8C.tmp
- %TEMP%\uiAoIsos.bat
- C:\RCXAA0B.tmp
- %TEMP%\WQoIwIwo.bat
- <Current directory>\JOwI.ico
- <Current directory>\vwgS.exe
- C:\RCXAF8A.tmp
- <Current directory>\DWcE.ico
- <Current directory>\pckk.exe
- C:\RCXADF3.tmp
- <Current directory>\vgsg.ico
- <Current directory>\yYUM.exe
- C:\RCXA3C1.tmp
- <Current directory>\JYsI.ico
- <Current directory>\Hcsu.exe
- C:\RCXA279.tmp
- <Current directory>\ZScs.ico
- <Current directory>\uocK.exe
- C:\RCXA874.tmp
- <Current directory>\XCEQ.ico
- <Current directory>\mAsy.exe
- C:\RCXA76A.tmp
- <Current directory>\qSog.ico
- <Current directory>\NAwg.exe
- <Current directory>\ysAC.exe
- <Current directory>\FuYE.ico
- <Current directory>\ZokO.exe
- C:\RCXBB92.tmp
- <Current directory>\LuIE.ico
- <Current directory>\FUgm.exe
- C:\RCXB960.tmp
- <Current directory>\eigE.ico
- <Current directory>\ccEm.exe
- C:\RCXBE91.tmp
- <Current directory>\ISQI.ico
- <Current directory>\BMYC.exe
- C:\RCXBCEA.tmp
- <Current directory>\zMMw.ico
- C:\RCXB392.tmp
- <Current directory>\qmEU.ico
- <Current directory>\ywwW.exe
- C:\RCXB1DC.tmp
- <Current directory>\FeQk.ico
- <Current directory>\QAQe.exe
- C:\RCXB509.tmp
- <Current directory>\MKMQ.ico
- <Current directory>\AYMA.exe
- C:\RCXB807.tmp
- <Current directory>\VAsQ.ico
- <Current directory>\dQkg.exe
- C:\RCXB6EE.tmp
- <Current directory>\tQwk.ico
- <Current directory>\ksIw.exe
- C:\RCX8C8C.tmp
- <Current directory>\tMAU.ico
- <Current directory>\NsMA.exe
- C:\RCX8B63.tmp
- <Current directory>\oOQc.ico
- <Current directory>\cooU.exe
- C:\RCX8F0E.tmp
- <Current directory>\eAkY.ico
- <Current directory>\HoYC.exe
- C:\RCX8DB6.tmp
- <Current directory>\IaUk.ico
- <Current directory>\lIMg.exe
- <Current directory>\DCcg.ico
- <Current directory>\dYQk.exe
- C:\RCX86DD.tmp
- <Current directory>\KAsc.ico
- <Current directory>\hwoQ.exe
- C:\RCX8528.tmp
- <Current directory>\bagQ.ico
- <Current directory>\eoUC.exe
- C:\RCX89AD.tmp
- <Current directory>\pYkk.ico
- <Current directory>\QMYa.exe
- C:\RCX8845.tmp
- <Current directory>\Deco.ico
- C:\RCX9085.tmp
- C:\RCX9CE9.tmp
- <Current directory>\AQMQ.ico
- <Current directory>\fQAc.exe
- C:\RCX9AD6.tmp
- <Current directory>\KQAs.ico
- <Current directory>\tEka.exe
- C:\RCX9E41.tmp
- <Current directory>\saQg.ico
- <Current directory>\kocO.exe
- C:\RCXA075.tmp
- <Current directory>\vyYQ.ico
- <Current directory>\fYMk.exe
- C:\RCX9F5B.tmp
- C:\RCX9289.tmp
- <Current directory>\ZOcI.ico
- %TEMP%\MAAgUEEQ.bat
- <Current directory>\vkYw.ico
- %TEMP%\tEccEsEQ.bat
- <Current directory>\XYcY.exe
- <Current directory>\rEQc.exe
- C:\RCX96BF.tmp
- <Current directory>\dMsg.ico
- <Current directory>\xIsk.exe
- C:\RCX94FA.tmp
- <Current directory>\kIQs.ico
- <Current directory>\vgMG.exe
- <Current directory>\KswS.exe
- C:\RCXE357.tmp
- <Current directory>\fUIA.ico
- <Current directory>\LQgG.exe
- C:\RCXE134.tmp
- <Current directory>\zwQo.ico
- <Current directory>\boQu.exe
- C:\RCXE6F1.tmp
- <Current directory>\DKEY.ico
- <Current directory>\HQUA.exe
- C:\RCXE4CE.tmp
- <Current directory>\oiMU.ico
- <Current directory>\RsMq.exe
- <Current directory>\XkAk.ico
- <Current directory>\mwEK.exe
- C:\RCXDC8F.tmp
- <Current directory>\KAYU.ico
- <Current directory>\yQcw.exe
- C:\RCXDAD9.tmp
- <Current directory>\Dwcc.ico
- <Current directory>\GIsM.exe
- C:\RCXDFBD.tmp
- <Current directory>\hkgA.ico
- <Current directory>\tUgI.exe
- C:\RCXDDA9.tmp
- <Current directory>\nwwE.ico
- C:\RCXE914.tmp
- C:\RCXF21E.tmp
- <Current directory>\DMwc.ico
- <Current directory>\mcwe.exe
- C:\RCXF124.tmp
- <Current directory>\Aosk.ico
- <Current directory>\CgMC.exe
- C:\RCXF3F3.tmp
- <Current directory>\dosc.ico
- <Current directory>\YAIq.exe
- C:\RCXF868.tmp
- <Current directory>\BAws.ico
- <Current directory>\Qkwu.exe
- C:\RCXF635.tmp
- <Current directory>\NQMY.ico
- %TEMP%\XuYokscQ.bat
- <Current directory>\msYq.exe
- <Current directory>\oKoc.ico
- <Current directory>\CIsg.exe
- C:\RCXEA8C.tmp
- C:\RCXEC61.tmp
- C:\RCXEF3F.tmp
- <Current directory>\AosQ.ico
- <Current directory>\jkMM.exe
- %TEMP%\fgkIoAsE.bat
- <Current directory>\wUcU.ico
- <Current directory>\sIsC.exe
- C:\RCXD8C6.tmp
- <Current directory>\hckI.ico
- <Current directory>\IYEs.exe
- C:\RCXC895.tmp
- <Current directory>\MSkc.ico
- <Current directory>\YUsk.exe
- C:\RCXC598.tmp
- <Current directory>\BqIk.ico
- <Current directory>\Vgki.exe
- C:\RCXCB55.tmp
- <Current directory>\TmwA.ico
- <Current directory>\NMca.exe
- C:\RCXCA4B.tmp
- <Current directory>\IqUs.ico
- <Current directory>\xOMI.ico
- <Current directory>\XQMU.exe
- %TEMP%\TgoocEAY.bat
- %TEMP%\OoYEEkMs.bat
- <Current directory>\pAgk.exe
- C:\RCXBFD9.tmp
- C:\RCXC151.tmp
- <Current directory>\RsAU.ico
- <Current directory>\tAcW.exe
- C:\RCXC420.tmp
- <Current directory>\ZAMM.ico
- <Current directory>\GcMK.exe
- C:\RCXC2E7.tmp
- <Current directory>\rkQO.exe
- <Current directory>\PWco.ico
- <Current directory>\wcwu.exe
- C:\RCXD490.tmp
- <Current directory>\giMQ.ico
- <Current directory>\ooEa.exe
- C:\RCXD28C.tmp
- <Current directory>\cqwI.ico
- <Current directory>\Fsow.ico
- <Current directory>\ugMq.exe
- %TEMP%\wkwAgMsM.bat
- %TEMP%\KcYQgYUE.bat
- <Current directory>\MssS.exe
- C:\RCXD626.tmp
- C:\RCXCDA8.tmp
- <Current directory>\GYQI.ico
- <Current directory>\qAcu.exe
- C:\RCXCBF2.tmp
- <Current directory>\fIIc.ico
- <Current directory>\wkYE.exe
- C:\RCXCEF0.tmp
- <Current directory>\sIsM.ico
- <Current directory>\EAkG.exe
- C:\RCXD1DF.tmp
- <Current directory>\awEA.ico
- <Current directory>\Asks.exe
- C:\RCXD133.tmp
- C:\RCX2C6F.tmp
- <Current directory>\uiEU.ico
- <Current directory>\kUQG.exe
- C:\RCX2AD8.tmp
- <Current directory>\fUEc.ico
- <Current directory>\KQUS.exe
- C:\RCX316F.tmp
- <Current directory>\eass.ico
- <Current directory>\qsIw.exe
- C:\RCX344E.tmp
- <Current directory>\YkcU.ico
- <Current directory>\jgwu.exe
- C:\RCX32E6.tmp
- <Current directory>\kaQg.ico
- %TEMP%\PsIcgMcc.bat
- <Current directory>\lIMU.exe
- <Current directory>\UeIA.ico
- <Current directory>\RAsq.exe
- C:\RCX22D9.tmp
- C:\RCX248F.tmp
- %TEMP%\eEUkoYAo.bat
- <Current directory>\wwIc.ico
- <Current directory>\zQce.exe
- <Current directory>\RUgQ.ico
- <Current directory>\JEIs.exe
- C:\RCX26F1.tmp
- <Current directory>\dMow.ico
- <Current directory>\suUk.ico
- <Current directory>\Fwog.exe
- C:\RCX4046.tmp
- <Current directory>\JUYQ.exe
- %TEMP%\pcIgMgck.bat
- C:\RCX3D77.tmp
- <Current directory>\HKoo.ico
- <Current directory>\YcMa.exe
- C:\RCX4576.tmp
- <Current directory>\bGUk.ico
- <Current directory>\xMwk.exe
- C:\RCX4269.tmp
- <Current directory>\MaUk.ico
- <Current directory>\RQAS.exe
- C:\RCX36FE.tmp
- <Current directory>\jeUc.ico
- <Current directory>\mskm.exe
- C:\RCX35D5.tmp
- <Current directory>\QyYE.ico
- <Current directory>\TQkk.exe
- %TEMP%\PagMMoIo.bat
- C:\RCX3B06.tmp
- <Current directory>\qygk.ico
- C:\RCX397F.tmp
- <Current directory>\eocI.ico
- <Current directory>\zYAY.exe
- C:\RCX20B6.tmp
- <Current directory>\XIEq.exe
- C:\RCXFF47.tmp
- <Current directory>\jmks.ico
- <Current directory>\tsUm.exe
- C:\RCXFE8A.tmp
- <Current directory>\kIYw.ico
- <Current directory>\jQsq.exe
- C:\RCX7F0.tmp
- %TEMP%\VKQwEIsE.bat
- <Current directory>\Busw.ico
- C:\RCX1A8.tmp
- <Current directory>\QoIc.ico
- <Current directory>\tgsA.exe
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- %TEMP%\fUAAEEEA.bat
- <Current directory>\<Virus name>
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- C:\ProgramData\kaog.txt
- <Current directory>\tscM.exe
- C:\RCXFD51.tmp
- <Current directory>\HCgQ.ico
- %TEMP%\SmYAUUQg.bat
- %TEMP%\file.vbs
- <Current directory>\wusQ.ico
- <Current directory>\aksK.exe
- <Current directory>\XAEa.exe
- C:\RCX19A2.tmp
- <Current directory>\Hygk.ico
- C:\RCX17DC.tmp
- <Current directory>\LuMg.ico
- <Auxiliary element>
- <Current directory>\QoEY.exe
- C:\RCX1CCF.tmp
- <Current directory>\gCkQ.ico
- <Current directory>\xskY.exe
- C:\RCX1C13.tmp
- <Current directory>\sQIo.ico
- <Current directory>\esEY.exe
- <Current directory>\MAYC.exe
- C:\RCX10B8.tmp
- <Current directory>\eUoM.ico
- C:\RCXBB8.tmp
- %TEMP%\JeAIgUsI.bat
- <Current directory>\kKQw.ico
- <Current directory>\BIQU.exe
- C:\RCX16A3.tmp
- <Current directory>\bSgU.ico
- <Current directory>\wwwY.exe
- C:\RCX1432.tmp
- <Current directory>\HEos.ico
- <Current directory>\UIUY.exe
- <Current directory>\NsAO.exe
- C:\RCX6F89.tmp
- <Current directory>\bCgI.ico
- <Current directory>\XgwK.exe
- C:\RCX6E7F.tmp
- <Current directory>\sswI.ico
- <Current directory>\UcMm.exe
- C:\RCX73B0.tmp
- <Current directory>\newY.ico
- <Current directory>\rQkm.exe
- C:\RCX7248.tmp
- <Current directory>\kCsI.ico
- <Current directory>\rkAq.exe
- <Current directory>\VMEs.exe
- C:\RCX69AC.tmp
- %TEMP%\ZCowMgMY.bat
- C:\RCX6557.tmp
- %TEMP%\rikoUMsI.bat
- <Current directory>\wqkY.ico
- <Current directory>\sQUY.ico
- <Current directory>\gAkO.exe
- C:\RCX6D75.tmp
- <Current directory>\pEss.ico
- <Current directory>\VkYe.exe
- C:\RCX6CB9.tmp
- <Current directory>\NAAA.ico
- C:\RCX74CA.tmp
- <Current directory>\vmEI.ico
- <Current directory>\IAQu.exe
- C:\RCX7DE4.tmp
- <Current directory>\Gckk.exe
- %TEMP%\SqkkUoQY.bat
- C:\RCX7C5D.tmp
- %TEMP%\wmYIcQwo.bat
- <Current directory>\KOEY.ico
- <Current directory>\nEkY.exe
- C:\RCX8324.tmp
- <Current directory>\BoAQ.ico
- <Current directory>\QwMq.exe
- C:\RCX821A.tmp
- <Current directory>\lCgs.ico
- <Current directory>\DMQc.exe
- C:\RCX774B.tmp
- <Current directory>\ICQs.ico
- <Current directory>\bAAQ.exe
- C:\RCX75B5.tmp
- <Current directory>\ZwQc.ico
- <Current directory>\NMQc.exe
- C:\RCX7AC7.tmp
- <Current directory>\ugww.ico
- <Current directory>\VcQM.exe
- C:\RCX797E.tmp
- <Current directory>\ngQU.ico
- <Current directory>\XYUA.exe
- C:\RCX4D1A.tmp
- <Current directory>\Ogco.ico
- <Current directory>\ZoUQ.exe
- C:\RCX4BF0.tmp
- <Current directory>\vSws.ico
- <Current directory>\BgME.exe
- C:\RCX5055.tmp
- <Current directory>\OiEs.ico
- <Current directory>\DQwq.exe
- %TEMP%\SKQkIUMs.bat
- <Current directory>\Uicg.ico
- <Current directory>\eYsK.exe
- C:\RCX51DC.tmp
- <Current directory>\mYMS.exe
- C:\RCX48D2.tmp
- <Current directory>\xsMY.ico
- <Current directory>\yUQK.exe
- C:\RCX47C7.tmp
- <Current directory>\dIwE.ico
- <Current directory>\qwQo.exe
- C:\RCX4B44.tmp
- <Current directory>\OOEk.ico
- <Current directory>\RIwM.exe
- C:\RCX4A87.tmp
- <Current directory>\PWcY.ico
- <Current directory>\rscO.exe
- C:\RCX53F0.tmp
- <Current directory>\DoEE.ico
- <Current directory>\SckU.exe
- C:\RCX60F1.tmp
- <Current directory>\Lqkg.ico
- <Current directory>\jEMW.exe
- C:\RCX5E8F.tmp
- <Current directory>\eEMI.ico
- <Current directory>\MYEc.exe
- C:\RCX62E6.tmp
- <Current directory>\YIco.ico
- <Current directory>\PcgW.exe
- C:\RCX61DC.tmp
- <Current directory>\rQIM.ico
- %TEMP%\OOYoIQYc.bat
- <Current directory>\YoIU.ico
- <Current directory>\IQMM.exe
- <Current directory>\cCQY.ico
- <Current directory>\OMUi.exe
- C:\RCX55B5.tmp
- C:\RCX5807.tmp
- <Current directory>\UmkA.ico
- <Current directory>\BYwq.exe
- C:\RCX5C9B.tmp
- <Current directory>\RccE.ico
- <Current directory>\wAQI.exe
- C:\RCX5AB6.tmp
- <Current directory>\JOwI.ico
- <Current directory>\pckk.exe
- <Current directory>\KaUA.ico
- <Current directory>\CIwO.exe
- <Current directory>\DWcE.ico
- <Current directory>\ysAC.exe
- <Current directory>\vgsg.ico
- <Current directory>\vwgS.exe
- %TEMP%\uiAoIsos.bat
- <Current directory>\JYsI.ico
- <Current directory>\uocK.exe
- <Current directory>\ZScs.ico
- <Current directory>\yYUM.exe
- <Current directory>\XCEQ.ico
- <Current directory>\mAsy.exe
- <Current directory>\qSog.ico
- <Current directory>\NAwg.exe
- <Current directory>\ZokO.exe
- <Current directory>\eigE.ico
- <Current directory>\FUgm.exe
- <Current directory>\FuYE.ico
- <Current directory>\ccEm.exe
- <Current directory>\ISQI.ico
- <Current directory>\BMYC.exe
- <Current directory>\zMMw.ico
- <Current directory>\LuIE.ico
- <Current directory>\qmEU.ico
- <Current directory>\ywwW.exe
- <Current directory>\FeQk.ico
- <Current directory>\QAQe.exe
- <Current directory>\MKMQ.ico
- <Current directory>\AYMA.exe
- <Current directory>\VAsQ.ico
- <Current directory>\dQkg.exe
- <Current directory>\Hcsu.exe
- <Current directory>\cooU.exe
- <Current directory>\IaUk.ico
- <Current directory>\ksIw.exe
- <Current directory>\tMAU.ico
- <Current directory>\HoYC.exe
- %TEMP%\tEccEsEQ.bat
- <Current directory>\lIMg.exe
- <Current directory>\eAkY.ico
- <Current directory>\oOQc.ico
- <Current directory>\bagQ.ico
- <Current directory>\QMYa.exe
- <Current directory>\DCcg.ico
- <Current directory>\dYQk.exe
- <Current directory>\pYkk.ico
- <Current directory>\NsMA.exe
- <Current directory>\Deco.ico
- <Current directory>\eoUC.exe
- <Current directory>\fQAc.exe
- <Current directory>\vyYQ.ico
- <Current directory>\tEka.exe
- <Current directory>\AQMQ.ico
- <Current directory>\kocO.exe
- <Current directory>\tQwk.ico
- <Current directory>\fYMk.exe
- <Current directory>\saQg.ico
- <Current directory>\KQAs.ico
- <Current directory>\ZOcI.ico
- <Current directory>\rEQc.exe
- <Current directory>\vkYw.ico
- <Current directory>\XYcY.exe
- <Current directory>\dMsg.ico
- <Current directory>\xIsk.exe
- <Current directory>\kIQs.ico
- <Current directory>\vgMG.exe
- <Current directory>\KswS.exe
- <Current directory>\fUIA.ico
- <Current directory>\LQgG.exe
- <Current directory>\zwQo.ico
- <Current directory>\RsMq.exe
- <Current directory>\DKEY.ico
- <Current directory>\boQu.exe
- <Current directory>\oiMU.ico
- <Current directory>\hkgA.ico
- <Current directory>\XkAk.ico
- <Current directory>\mwEK.exe
- <Current directory>\KAYU.ico
- <Current directory>\yQcw.exe
- <Current directory>\nwwE.ico
- <Current directory>\GIsM.exe
- <Current directory>\Dwcc.ico
- <Current directory>\tUgI.exe
- <Current directory>\Aosk.ico
- <Current directory>\CgMC.exe
- <Current directory>\AosQ.ico
- <Current directory>\jkMM.exe
- <Current directory>\BAws.ico
- <Current directory>\Qkwu.exe
- <Current directory>\DMwc.ico
- <Current directory>\mcwe.exe
- <Current directory>\sIsC.exe
- <Current directory>\oKoc.ico
- <Current directory>\CIsg.exe
- <Current directory>\HQUA.exe
- %TEMP%\wkwAgMsM.bat
- <Current directory>\msYq.exe
- <Current directory>\wUcU.ico
- %TEMP%\XuYokscQ.bat
- <Current directory>\NQMY.ico
- <Current directory>\ugMq.exe
- <Current directory>\IYEs.exe
- <Current directory>\BqIk.ico
- <Current directory>\YUsk.exe
- <Current directory>\hckI.ico
- <Current directory>\Vgki.exe
- <Current directory>\TmwA.ico
- <Current directory>\NMca.exe
- <Current directory>\IqUs.ico
- <Current directory>\MSkc.ico
- <Current directory>\xOMI.ico
- <Current directory>\XQMU.exe
- <Current directory>\pAgk.exe
- %TEMP%\OoYEEkMs.bat
- <Current directory>\RsAU.ico
- <Current directory>\tAcW.exe
- <Current directory>\ZAMM.ico
- <Current directory>\GcMK.exe
- <Current directory>\PWco.ico
- <Current directory>\wcwu.exe
- <Current directory>\giMQ.ico
- <Current directory>\ooEa.exe
- %TEMP%\KcYQgYUE.bat
- <Current directory>\Fsow.ico
- <Current directory>\cqwI.ico
- <Current directory>\MssS.exe
- <Current directory>\EAkG.exe
- <Current directory>\wkYE.exe
- <Current directory>\GYQI.ico
- <Current directory>\rkQO.exe
- <Current directory>\fIIc.ico
- <Current directory>\Asks.exe
- <Current directory>\sIsM.ico
- <Current directory>\qAcu.exe
- <Current directory>\awEA.ico
- <Current directory>\hwoQ.exe
- <Current directory>\qsIw.exe
- <Current directory>\dMow.ico
- <Current directory>\jgwu.exe
- <Current directory>\eass.ico
- <Current directory>\RQAS.exe
- <Current directory>\jeUc.ico
- <Current directory>\mskm.exe
- <Current directory>\QyYE.ico
- <Current directory>\YkcU.ico
- <Current directory>\wwIc.ico
- <Current directory>\zQce.exe
- <Current directory>\RUgQ.ico
- <Current directory>\JEIs.exe
- <Current directory>\uiEU.ico
- <Current directory>\kUQG.exe
- <Current directory>\fUEc.ico
- <Current directory>\KQUS.exe
- <Current directory>\MaUk.ico
- <Current directory>\YcMa.exe
- <Current directory>\HKoo.ico
- <Current directory>\xMwk.exe
- <Current directory>\dIwE.ico
- <Current directory>\mYMS.exe
- <Current directory>\bGUk.ico
- <Current directory>\yUQK.exe
- <Current directory>\Fwog.exe
- <Current directory>\zYAY.exe
- %TEMP%\eEUkoYAo.bat
- <Current directory>\TQkk.exe
- <Current directory>\eocI.ico
- <Current directory>\JUYQ.exe
- <Current directory>\suUk.ico
- %TEMP%\PagMMoIo.bat
- <Current directory>\qygk.ico
- %TEMP%\PsIcgMcc.bat
- %TEMP%\VKQwEIsE.bat
- <Current directory>\Busw.ico
- <Current directory>\QoIc.ico
- <Current directory>\tgsA.exe
- <Current directory>\MAYC.exe
- <Current directory>\eUoM.ico
- <Current directory>\aksK.exe
- <Current directory>\kKQw.ico
- <Current directory>\jQsq.exe
- <Current directory>\tscM.exe
- <Current directory>\HCgQ.ico
- %TEMP%\fUAAEEEA.bat
- <Current directory>\wusQ.ico
- <Current directory>\XIEq.exe
- <Current directory>\jmks.ico
- <Current directory>\tsUm.exe
- <Current directory>\kIYw.ico
- <Current directory>\gCkQ.ico
- <Current directory>\xskY.exe
- <Current directory>\sQIo.ico
- <Current directory>\esEY.exe
- <Current directory>\kaQg.ico
- <Current directory>\lIMU.exe
- <Current directory>\UeIA.ico
- <Current directory>\RAsq.exe
- <Current directory>\QoEY.exe
- <Current directory>\UIUY.exe
- <Current directory>\bSgU.ico
- <Current directory>\BIQU.exe
- <Current directory>\HEos.ico
- <Current directory>\XAEa.exe
- <Current directory>\Hygk.ico
- <Current directory>\wwwY.exe
- <Current directory>\LuMg.ico
- <Current directory>\UcMm.exe
- <Current directory>\kCsI.ico
- <Current directory>\NsAO.exe
- <Current directory>\bCgI.ico
- <Current directory>\rQkm.exe
- <Current directory>\ICQs.ico
- <Current directory>\rkAq.exe
- <Current directory>\newY.ico
- <Current directory>\sswI.ico
- <Current directory>\sQUY.ico
- <Current directory>\VkYe.exe
- <Current directory>\wqkY.ico
- <Current directory>\VMEs.exe
- <Current directory>\pEss.ico
- <Current directory>\XgwK.exe
- <Current directory>\NAAA.ico
- <Current directory>\gAkO.exe
- <Current directory>\IAQu.exe
- <Current directory>\BoAQ.ico
- %TEMP%\SqkkUoQY.bat
- <Current directory>\vmEI.ico
- <Current directory>\nEkY.exe
- <Current directory>\KAsc.ico
- <Current directory>\QwMq.exe
- <Current directory>\KOEY.ico
- <Current directory>\Gckk.exe
- <Current directory>\DMQc.exe
- <Current directory>\ZwQc.ico
- <Current directory>\bAAQ.exe
- <Current directory>\lCgs.ico
- <Current directory>\NMQc.exe
- <Current directory>\ugww.ico
- <Current directory>\VcQM.exe
- <Current directory>\ngQU.ico
- %TEMP%\rikoUMsI.bat
- <Current directory>\eYsK.exe
- <Current directory>\OiEs.ico
- <Current directory>\ZoUQ.exe
- <Current directory>\Uicg.ico
- <Current directory>\cCQY.ico
- <Current directory>\OMUi.exe
- <Current directory>\DQwq.exe
- %TEMP%\SKQkIUMs.bat
- <Current directory>\Ogco.ico
- <Current directory>\PWcY.ico
- <Current directory>\rscO.exe
- <Current directory>\xsMY.ico
- <Current directory>\qwQo.exe
- <Current directory>\vSws.ico
- <Current directory>\BgME.exe
- <Current directory>\OOEk.ico
- <Current directory>\RIwM.exe
- <Current directory>\PcgW.exe
- %TEMP%\OOYoIQYc.bat
- <Current directory>\SckU.exe
- <Current directory>\eEMI.ico
- <Current directory>\YIco.ico
- <Current directory>\XYUA.exe
- <Current directory>\rQIM.ico
- <Current directory>\MYEc.exe
- <Current directory>\DoEE.ico
- <Current directory>\RccE.ico
- <Current directory>\wAQI.exe
- <Current directory>\YoIU.ico
- <Current directory>\IQMM.exe
- <Current directory>\Lqkg.ico
- <Current directory>\jEMW.exe
- <Current directory>\UmkA.ico
- <Current directory>\BYwq.exe
- from C:\RCXADF3.tmp to <Current directory>\pckk.exe
- from C:\RCXAC8C.tmp to <Current directory>\CIwO.exe
- from C:\RCXB1DC.tmp to <Current directory>\ysAC.exe
- from C:\RCXAF8A.tmp to <Current directory>\vwgS.exe
- from C:\RCXA76A.tmp to <Current directory>\uocK.exe
- from C:\RCXA3C1.tmp to <Current directory>\yYUM.exe
- from C:\RCXAA0B.tmp to <Current directory>\mAsy.exe
- from C:\RCXA874.tmp to <Current directory>\NAwg.exe
- from C:\RCXBB92.tmp to <Current directory>\ZokO.exe
- from C:\RCXB960.tmp to <Current directory>\FUgm.exe
- from C:\RCXBE91.tmp to <Current directory>\ccEm.exe
- from C:\RCXBCEA.tmp to <Current directory>\BMYC.exe
- from C:\RCXB509.tmp to <Current directory>\ywwW.exe
- from C:\RCXB392.tmp to <Current directory>\QAQe.exe
- from C:\RCXB807.tmp to <Current directory>\AYMA.exe
- from C:\RCXB6EE.tmp to <Current directory>\dQkg.exe
- from C:\RCX8F0E.tmp to <Current directory>\lIMg.exe
- from C:\RCX8DB6.tmp to <Current directory>\cooU.exe
- from C:\RCX9289.tmp to <Current directory>\XYcY.exe
- from C:\RCX9085.tmp to <Current directory>\HoYC.exe
- from C:\RCX89AD.tmp to <Current directory>\eoUC.exe
- from C:\RCX8845.tmp to <Current directory>\QMYa.exe
- from C:\RCX8C8C.tmp to <Current directory>\ksIw.exe
- from C:\RCX8B63.tmp to <Current directory>\NsMA.exe
- from C:\RCX9F5B.tmp to <Current directory>\fYMk.exe
- from C:\RCX9E41.tmp to <Current directory>\fQAc.exe
- from C:\RCXA279.tmp to <Current directory>\Hcsu.exe
- from C:\RCXA075.tmp to <Current directory>\kocO.exe
- from C:\RCX96BF.tmp to <Current directory>\vgMG.exe
- from C:\RCX94FA.tmp to <Current directory>\rEQc.exe
- from C:\RCX9CE9.tmp to <Current directory>\tEka.exe
- from C:\RCX9AD6.tmp to <Current directory>\xIsk.exe
- from C:\RCXBFD9.tmp to <Current directory>\pAgk.exe
- from C:\RCXE357.tmp to <Current directory>\KswS.exe
- from C:\RCXE134.tmp to <Current directory>\LQgG.exe
- from C:\RCXE6F1.tmp to <Current directory>\RsMq.exe
- from C:\RCXE4CE.tmp to <Current directory>\boQu.exe
- from C:\RCXDC8F.tmp to <Current directory>\mwEK.exe
- from C:\RCXDAD9.tmp to <Current directory>\yQcw.exe
- from C:\RCXDFBD.tmp to <Current directory>\GIsM.exe
- from C:\RCXDDA9.tmp to <Current directory>\tUgI.exe
- from C:\RCXF21E.tmp to <Current directory>\CgMC.exe
- from C:\RCXF124.tmp to <Current directory>\jkMM.exe
- from C:\RCXF635.tmp to <Current directory>\Qkwu.exe
- from C:\RCXF3F3.tmp to <Current directory>\mcwe.exe
- from C:\RCXEA8C.tmp to <Current directory>\CIsg.exe
- from C:\RCXE914.tmp to <Current directory>\HQUA.exe
- from C:\RCXEF3F.tmp to <Current directory>\sIsC.exe
- from C:\RCXEC61.tmp to <Current directory>\msYq.exe
- from C:\RCXCA4B.tmp to <Current directory>\NMca.exe
- from C:\RCXC895.tmp to <Current directory>\IYEs.exe
- from C:\RCXCBF2.tmp to <Current directory>\rkQO.exe
- from C:\RCXCB55.tmp to <Current directory>\Vgki.exe
- from C:\RCXC2E7.tmp to <Current directory>\GcMK.exe
- from C:\RCXC151.tmp to <Current directory>\XQMU.exe
- from C:\RCXC598.tmp to <Current directory>\YUsk.exe
- from C:\RCXC420.tmp to <Current directory>\tAcW.exe
- from C:\RCXD490.tmp to <Current directory>\wcwu.exe
- from C:\RCXD28C.tmp to <Current directory>\ooEa.exe
- from C:\RCXD8C6.tmp to <Current directory>\ugMq.exe
- from C:\RCXD626.tmp to <Current directory>\MssS.exe
- from C:\RCXCEF0.tmp to <Current directory>\qAcu.exe
- from C:\RCXCDA8.tmp to <Current directory>\wkYE.exe
- from C:\RCXD1DF.tmp to <Current directory>\EAkG.exe
- from C:\RCXD133.tmp to <Current directory>\Asks.exe
- from C:\RCX86DD.tmp to <Current directory>\dYQk.exe
- from C:\RCX344E.tmp to <Current directory>\qsIw.exe
- from C:\RCX32E6.tmp to <Current directory>\jgwu.exe
- from C:\RCX36FE.tmp to <Current directory>\RQAS.exe
- from C:\RCX35D5.tmp to <Current directory>\mskm.exe
- from C:\RCX2AD8.tmp to <Current directory>\zQce.exe
- from C:\RCX26F1.tmp to <Current directory>\JEIs.exe
- from C:\RCX316F.tmp to <Current directory>\kUQG.exe
- from C:\RCX2C6F.tmp to <Current directory>\KQUS.exe
- from C:\RCX4576.tmp to <Current directory>\YcMa.exe
- from C:\RCX4269.tmp to <Current directory>\xMwk.exe
- from C:\RCX48D2.tmp to <Current directory>\mYMS.exe
- from C:\RCX47C7.tmp to <Current directory>\yUQK.exe
- from C:\RCX3B06.tmp to <Current directory>\zYAY.exe
- from C:\RCX397F.tmp to <Current directory>\TQkk.exe
- from C:\RCX4046.tmp to <Current directory>\Fwog.exe
- from C:\RCX3D77.tmp to <Current directory>\JUYQ.exe
- from C:\RCXBB8.tmp to <Current directory>\aksK.exe
- from C:\RCX7F0.tmp to <Current directory>\tgsA.exe
- from C:\RCX1432.tmp to <Current directory>\BIQU.exe
- from C:\RCX10B8.tmp to <Current directory>\MAYC.exe
- from C:\RCXFE8A.tmp to <Current directory>\tsUm.exe
- from C:\RCXFD51.tmp to <Current directory>\tscM.exe
- from C:\RCX1A8.tmp to <Current directory>\jQsq.exe
- from C:\RCXFF47.tmp to <Current directory>\XIEq.exe
- from C:\RCX20B6.tmp to <Current directory>\xskY.exe
- from C:\RCX1CCF.tmp to <Current directory>\esEY.exe
- from C:\RCX248F.tmp to <Current directory>\lIMU.exe
- from C:\RCX22D9.tmp to <Current directory>\RAsq.exe
- from C:\RCX17DC.tmp to <Current directory>\wwwY.exe
- from C:\RCX16A3.tmp to <Current directory>\UIUY.exe
- from C:\RCX1C13.tmp to <Current directory>\QoEY.exe
- from C:\RCX19A2.tmp to <Current directory>\XAEa.exe
- from C:\RCX4A87.tmp to <Current directory>\qwQo.exe
- from C:\RCX73B0.tmp to <Current directory>\rkAq.exe
- from C:\RCX7248.tmp to <Current directory>\UcMm.exe
- from C:\RCX75B5.tmp to <Current directory>\bAAQ.exe
- from C:\RCX74CA.tmp to <Current directory>\rQkm.exe
- from C:\RCX6D75.tmp to <Current directory>\gAkO.exe
- from C:\RCX6CB9.tmp to <Current directory>\VkYe.exe
- from C:\RCX6F89.tmp to <Current directory>\NsAO.exe
- from C:\RCX6E7F.tmp to <Current directory>\XgwK.exe
- from C:\RCX821A.tmp to <Current directory>\QwMq.exe
- from C:\RCX7DE4.tmp to <Current directory>\IAQu.exe
- from C:\RCX8528.tmp to <Current directory>\hwoQ.exe
- from C:\RCX8324.tmp to <Current directory>\nEkY.exe
- from C:\RCX797E.tmp to <Current directory>\VcQM.exe
- from C:\RCX774B.tmp to <Current directory>\DMQc.exe
- from C:\RCX7C5D.tmp to <Current directory>\Gckk.exe
- from C:\RCX7AC7.tmp to <Current directory>\NMQc.exe
- from C:\RCX53F0.tmp to <Current directory>\DQwq.exe
- from C:\RCX51DC.tmp to <Current directory>\eYsK.exe
- from C:\RCX5807.tmp to <Current directory>\IQMM.exe
- from C:\RCX55B5.tmp to <Current directory>\OMUi.exe
- from C:\RCX4BF0.tmp to <Current directory>\RIwM.exe
- from C:\RCX4B44.tmp to <Current directory>\rscO.exe
- from C:\RCX5055.tmp to <Current directory>\ZoUQ.exe
- from C:\RCX4D1A.tmp to <Current directory>\BgME.exe
- from C:\RCX62E6.tmp to <Current directory>\MYEc.exe
- from C:\RCX61DC.tmp to <Current directory>\PcgW.exe
- from C:\RCX69AC.tmp to <Current directory>\VMEs.exe
- from C:\RCX6557.tmp to <Current directory>\XYUA.exe
- from C:\RCX5C9B.tmp to <Current directory>\BYwq.exe
- from C:\RCX5AB6.tmp to <Current directory>\wAQI.exe
- from C:\RCX60F1.tmp to <Current directory>\SckU.exe
- from C:\RCX5E8F.tmp to <Current directory>\jEMW.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'GocwIYEU.exe'
- ClassName: '' WindowName: 'rSYkcwMw.exe'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''