Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- '%TEMP%\__cd75efb816b2cc__.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- <Current directory>\wako.ico
- <Current directory>\LMss.exe
- C:\RCXA6A3.tmp
- <Current directory>\cAkM.ico
- <Current directory>\RwUk.exe
- C:\RCXA404.tmp
- <Current directory>\RGUQ.ico
- <Current directory>\ksEE.exe
- C:\RCXA954.tmp
- <Current directory>\pwIc.ico
- <Current directory>\SAoA.exe
- C:\RCXA7EC.tmp
- C:\RCXA2F9.tmp
- C:\RCX9F7D.tmp
- <Current directory>\wIMM.ico
- <Current directory>\wMIi.exe
- C:\RCX9E15.tmp
- <Current directory>\Pesg.ico
- <Current directory>\Sscq.exe
- C:\RCXA192.tmp
- <Current directory>\oQkc.ico
- <Current directory>\wMUC.exe
- C:\RCXA0A7.tmp
- <Current directory>\QMAE.ico
- <Current directory>\PIIG.exe
- <Current directory>\FwQW.exe
- C:\RCXB1A3.tmp
- <Current directory>\Akgg.ico
- <Current directory>\Essa.exe
- C:\RCXB08A.tmp
- <Current directory>\DGso.ico
- <Current directory>\FkMM.exe
- C:\RCXB425.tmp
- <Current directory>\liwI.ico
- <Current directory>\DwYe.exe
- C:\RCXB2EC.tmp
- <Current directory>\WcgU.ico
- <Current directory>\LuoE.ico
- <Current directory>\eiYQ.ico
- <Current directory>\ycwI.exe
- C:\RCXABC6.tmp
- <Current directory>\mAkc.ico
- <Current directory>\wgwc.exe
- C:\RCXAA7D.tmp
- <Current directory>\HyIA.ico
- <Current directory>\kwQq.exe
- C:\RCXAF03.tmp
- <Current directory>\dSMA.ico
- <Current directory>\TIEa.exe
- C:\RCXAD9B.tmp
- <Current directory>\XkcI.exe
- C:\RCX8E32.tmp
- <Current directory>\xesI.ico
- <Current directory>\DoMQ.exe
- C:\RCX8C5D.tmp
- <Current directory>\yQYE.ico
- <Current directory>\YUcm.exe
- C:\RCX9121.tmp
- <Current directory>\sick.ico
- <Current directory>\wMgC.exe
- C:\RCX8F8B.tmp
- <Current directory>\VsQc.ico
- <Current directory>\LAkI.ico
- <Current directory>\gaYA.ico
- <Current directory>\ywMa.exe
- C:\RCX87B9.tmp
- <Current directory>\MGAE.ico
- <Current directory>\KAME.exe
- C:\RCX8661.tmp
- <Current directory>\QyMk.ico
- <Current directory>\Iwwo.exe
- C:\RCX8AE6.tmp
- <Current directory>\fMQw.ico
- <Current directory>\voQW.exe
- C:\RCX895F.tmp
- C:\RCX99CE.tmp
- <Current directory>\aGIg.ico
- <Current directory>\YYUa.exe
- C:\RCX9847.tmp
- <Current directory>\Sucs.ico
- <Current directory>\tAcA.exe
- C:\RCX9C50.tmp
- <Current directory>\zSMs.ico
- <Current directory>\ckAq.exe
- C:\RCX9B75.tmp
- <Current directory>\vykg.ico
- <Current directory>\aMIA.exe
- <Current directory>\WgUO.exe
- <Current directory>\BUQG.exe
- C:\RCX93D2.tmp
- <Current directory>\zgIw.ico
- <Current directory>\ukcW.exe
- C:\RCX9289.tmp
- <Current directory>\USwQ.ico
- <Current directory>\LUsY.exe
- C:\RCX96B1.tmp
- <Current directory>\EwgI.ico
- <Current directory>\BIQm.exe
- C:\RCX94EB.tmp
- <Current directory>\YcAo.ico
- <Current directory>\roIc.exe
- C:\RCXD40B.tmp
- <Current directory>\PYEw.ico
- <Current directory>\wUEa.exe
- C:\RCXD2B3.tmp
- <Current directory>\Gowg.ico
- <Current directory>\FQEy.exe
- C:\RCXD6DB.tmp
- <Current directory>\uMYE.ico
- <Current directory>\vMIm.exe
- C:\RCXD5E0.tmp
- <Current directory>\zIAw.ico
- <Current directory>\Bksi.exe
- <Current directory>\Qwse.exe
- <Current directory>\ZEca.exe
- C:\RCXCED9.tmp
- <Current directory>\yQYA.ico
- <Current directory>\NIkk.exe
- C:\RCXCD81.tmp
- <Current directory>\YaMM.ico
- <Current directory>\IYAa.exe
- C:\RCXD16A.tmp
- <Current directory>\NEoc.ico
- <Current directory>\zAQs.exe
- C:\RCXCFD4.tmp
- <Current directory>\DUoI.ico
- <Current directory>\uCYM.ico
- <Current directory>\TYoU.exe
- C:\RCXE064.tmp
- <Current directory>\qEAY.ico
- <Current directory>\cMMa.exe
- C:\RCXDF1B.tmp
- <Current directory>\QWEs.ico
- <Current directory>\yYgu.exe
- C:\RCXE3DF.tmp
- <Current directory>\YeoM.ico
- <Current directory>\skwQ.exe
- C:\RCXE248.tmp
- C:\RCXDD75.tmp
- C:\RCXD9CA.tmp
- <Current directory>\SGwI.ico
- <Current directory>\aUAe.exe
- C:\RCXD862.tmp
- <Current directory>\vssE.ico
- <Current directory>\dcEA.exe
- C:\RCXDC2C.tmp
- <Current directory>\EOQQ.ico
- <Current directory>\sAMq.exe
- C:\RCXDB22.tmp
- <Current directory>\hMAQ.ico
- <Current directory>\xMcO.exe
- <Current directory>\jiUI.ico
- <Current directory>\osgQ.exe
- C:\RCXBCC4.tmp
- <Current directory>\wUAA.ico
- <Current directory>\MMYI.exe
- C:\RCXBAFE.tmp
- <Current directory>\tSgo.ico
- <Current directory>\Jgke.exe
- C:\RCXBF64.tmp
- <Current directory>\CWME.ico
- <Current directory>\kIkO.exe
- C:\RCXBDFD.tmp
- C:\RCXB9E4.tmp
- C:\RCXB6F5.tmp
- <Current directory>\JkIY.ico
- <Current directory>\Cwow.exe
- C:\RCXB59C.tmp
- <Current directory>\hSws.ico
- <Current directory>\TQcg.exe
- C:\RCXB8EA.tmp
- <Current directory>\sQYQ.ico
- <Current directory>\GoQc.exe
- C:\RCXB7FF.tmp
- <Current directory>\tAUo.ico
- <Current directory>\Kgww.exe
- <Current directory>\VMoW.exe
- C:\RCXC802.tmp
- <Current directory>\NQcs.ico
- <Current directory>\VsAe.exe
- C:\RCXC65C.tmp
- <Current directory>\OMAc.ico
- <Current directory>\LQAm.exe
- C:\RCXCB10.tmp
- <Current directory>\ZCIs.ico
- <Current directory>\cAkC.exe
- C:\RCXC979.tmp
- <Current directory>\Wmgo.ico
- <Current directory>\MMoo.ico
- <Current directory>\EcMc.ico
- <Current directory>\tgkq.exe
- C:\RCXC224.tmp
- <Current directory>\dEUc.ico
- <Current directory>\hAQQ.exe
- C:\RCXC09D.tmp
- <Current directory>\oqgo.ico
- <Current directory>\moAi.exe
- C:\RCXC4E4.tmp
- <Current directory>\eUAQ.ico
- <Current directory>\nMIq.exe
- C:\RCXC3AB.tmp
- C:\RCX8537.tmp
- C:\RCX2F6C.tmp
- <Current directory>\BwoI.ico
- <Current directory>\nwQg.exe
- C:\RCX2D59.tmp
- <Current directory>\SAcc.ico
- <Current directory>\uIQo.exe
- C:\RCX3354.tmp
- <Current directory>\lEcQ.ico
- <Current directory>\tswc.exe
- C:\RCX3103.tmp
- <Current directory>\XAcE.ico
- <Current directory>\zEkm.exe
- <Current directory>\GwsW.exe
- <Current directory>\VQoc.exe
- C:\RCX25E6.tmp
- <Current directory>\wEkg.ico
- <Current directory>\ocAm.exe
- C:\RCX247F.tmp
- <Current directory>\JKsA.ico
- <Current directory>\Jwke.exe
- C:\RCX2A0D.tmp
- <Current directory>\HikY.ico
- <Current directory>\mAYQ.exe
- C:\RCX2838.tmp
- <Current directory>\GGkc.ico
- <Current directory>\iOIQ.ico
- <Current directory>\DIcK.exe
- C:\RCX3D69.tmp
- <Current directory>\NekA.ico
- <Current directory>\kUgU.exe
- C:\RCX3C11.tmp
- <Current directory>\fCIc.ico
- <Current directory>\hUsE.exe
- C:\RCX46FD.tmp
- <Current directory>\WkQk.ico
- <Current directory>\FQAg.exe
- C:\RCX3F5E.tmp
- C:\RCX3B07.tmp
- C:\RCX3605.tmp
- <Current directory>\QUwM.ico
- <Current directory>\BgEi.exe
- C:\RCX34CC.tmp
- <Current directory>\tQIA.ico
- <Current directory>\HcgU.exe
- C:\RCX38E4.tmp
- <Current directory>\Jugg.ico
- <Current directory>\DoAq.exe
- C:\RCX373E.tmp
- <Current directory>\LKAk.ico
- <Current directory>\WQoS.exe
- <Current directory>\VkoU.ico
- <Current directory>\pQck.exe
- C:\RCXACC.tmp
- <Current directory>\BkYo.ico
- <Current directory>\JwYM.exe
- C:\RCX723.tmp
- <Current directory>\qwEw.ico
- <Current directory>\XEgE.exe
- C:\RCXE86.tmp
- <Current directory>\hWoM.ico
- <Current directory>\vEgC.exe
- C:\RCXBD6.tmp
- C:\RCX57D.tmp
- C:\ProgramData\kaog.txt
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- %TEMP%\KSwIYwoQ.bat
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- C:\RCX2AE.tmp
- <Current directory>\oikQ.ico
- <Current directory>\ZYks.exe
- %TEMP%\__cd75efb816b2cc__.exe
- <Current directory>\baog.ico
- <Current directory>\vUYG.exe
- <Current directory>\DAok.exe
- C:\RCX1E06.tmp
- <Current directory>\uUEU.ico
- <Current directory>\VgIy.exe
- C:\RCX1C9E.tmp
- <Current directory>\Jckw.ico
- <Current directory>\nowq.exe
- C:\RCX22F8.tmp
- <Current directory>\eeAw.ico
- <Current directory>\tsYg.exe
- C:\RCX200A.tmp
- <Current directory>\muEk.ico
- <Current directory>\Mgsk.ico
- <Current directory>\hUAA.ico
- <Current directory>\yEYs.exe
- C:\RCX1848.tmp
- <Current directory>\BCcI.ico
- <Current directory>\zMsc.exe
- C:\RCX16EF.tmp
- <Current directory>\XikQ.ico
- <Current directory>\FEgI.exe
- C:\RCX1BB3.tmp
- <Current directory>\paYs.ico
- <Current directory>\qgYG.exe
- C:\RCX1981.tmp
- <Current directory>\uCUA.ico
- <Current directory>\JIwY.exe
- C:\RCX716E.tmp
- <Current directory>\qUMw.ico
- <Current directory>\SwcK.exe
- C:\RCX6FC8.tmp
- <Current directory>\ZyEw.ico
- <Current directory>\ZMkg.exe
- C:\RCX7392.tmp
- <Current directory>\ZoUs.ico
- <Current directory>\UIkG.exe
- C:\RCX72C6.tmp
- <Current directory>\dCwE.ico
- <Current directory>\WygM.ico
- <Current directory>\askg.ico
- <Current directory>\AcME.exe
- C:\RCX6C4B.tmp
- <Current directory>\FOAc.ico
- <Current directory>\nQMA.exe
- C:\RCX66CE.tmp
- <Current directory>\WYcE.ico
- <Current directory>\mMIU.exe
- C:\RCX6EAE.tmp
- <Current directory>\wagU.ico
- <Current directory>\oIwu.exe
- C:\RCX6D94.tmp
- C:\RCX7DB5.tmp
- <Current directory>\Kugg.ico
- <Current directory>\AMAa.exe
- C:\RCX7BC1.tmp
- <Current directory>\DoEQ.ico
- <Current directory>\aMUG.exe
- C:\RCX8305.tmp
- <Current directory>\Fiwk.ico
- <Current directory>\qcck.exe
- C:\RCX819D.tmp
- <Current directory>\gcgs.ico
- <Current directory>\fMce.exe
- <Current directory>\CAsg.exe
- <Current directory>\YkgE.exe
- C:\RCX76AF.tmp
- <Current directory>\EkIQ.ico
- <Current directory>\qUcA.exe
- C:\RCX74FA.tmp
- <Current directory>\KCMY.ico
- <Current directory>\boYc.exe
- C:\RCX7A69.tmp
- <Current directory>\poww.ico
- <Current directory>\bYsy.exe
- C:\RCX7836.tmp
- <Current directory>\Xykc.ico
- C:\RCX5094.tmp
- <Current directory>\oUIQ.ico
- <Current directory>\OUws.exe
- C:\RCX4EAF.tmp
- <Current directory>\vIkw.ico
- <Current directory>\AUUq.exe
- C:\RCX5354.tmp
- <Current directory>\jkgc.ico
- <Current directory>\UsYo.exe
- C:\RCX522A.tmp
- <Current directory>\OEEQ.ico
- <Current directory>\vUEc.exe
- <Current directory>\NAUY.exe
- <Current directory>\JQIS.exe
- C:\RCX4921.tmp
- <Current directory>\YgsU.ico
- <Current directory>\HEMY.exe
- C:\RCX4807.tmp
- <Current directory>\tSsc.ico
- <Current directory>\PcMU.exe
- C:\RCX4CF9.tmp
- <Current directory>\WYIs.ico
- <Current directory>\rEwi.exe
- C:\RCX4AF6.tmp
- <Current directory>\AKgE.ico
- <Current directory>\diQY.ico
- <Current directory>\EsYk.exe
- C:\RCX60F2.tmp
- <Current directory>\deok.ico
- <Current directory>\EgAW.exe
- C:\RCX5ECF.tmp
- <Current directory>\wwgk.ico
- <Current directory>\lQMk.exe
- C:\RCX649C.tmp
- <Current directory>\tAwY.ico
- <Current directory>\SAEe.exe
- C:\RCX6334.tmp
- C:\RCX5CEA.tmp
- C:\RCX573C.tmp
- <Current directory>\bUMU.ico
- <Current directory>\SMUe.exe
- C:\RCX547D.tmp
- <Current directory>\SaYE.ico
- <Current directory>\TcUC.exe
- C:\RCX5B73.tmp
- <Current directory>\coAY.ico
- <Current directory>\LwEo.exe
- C:\RCX598E.tmp
- <Current directory>\MYsw.ico
- <Current directory>\CAsK.exe
- <Current directory>\wako.ico
- <Current directory>\LMss.exe
- <Current directory>\cAkM.ico
- <Current directory>\RwUk.exe
- <Current directory>\RGUQ.ico
- <Current directory>\ksEE.exe
- <Current directory>\pwIc.ico
- <Current directory>\SAoA.exe
- <Current directory>\wIMM.ico
- <Current directory>\wMIi.exe
- <Current directory>\Pesg.ico
- <Current directory>\Sscq.exe
- <Current directory>\oQkc.ico
- <Current directory>\wMUC.exe
- <Current directory>\QMAE.ico
- <Current directory>\PIIG.exe
- <Current directory>\DGso.ico
- <Current directory>\FwQW.exe
- <Current directory>\LuoE.ico
- <Current directory>\Essa.exe
- <Current directory>\WcgU.ico
- <Current directory>\FkMM.exe
- <Current directory>\Akgg.ico
- <Current directory>\DwYe.exe
- <Current directory>\eiYQ.ico
- <Current directory>\ycwI.exe
- <Current directory>\mAkc.ico
- <Current directory>\wgwc.exe
- <Current directory>\HyIA.ico
- <Current directory>\kwQq.exe
- <Current directory>\dSMA.ico
- <Current directory>\TIEa.exe
- <Current directory>\ckAq.exe
- <Current directory>\XkcI.exe
- <Current directory>\xesI.ico
- <Current directory>\DoMQ.exe
- <Current directory>\yQYE.ico
- <Current directory>\YUcm.exe
- <Current directory>\sick.ico
- <Current directory>\wMgC.exe
- <Current directory>\VsQc.ico
- <Current directory>\ywMa.exe
- <Current directory>\fMQw.ico
- <Current directory>\KAME.exe
- <Current directory>\gaYA.ico
- <Current directory>\Iwwo.exe
- <Current directory>\LAkI.ico
- <Current directory>\voQW.exe
- <Current directory>\QyMk.ico
- <Current directory>\tAcA.exe
- <Current directory>\aGIg.ico
- <Current directory>\WgUO.exe
- <Current directory>\Sucs.ico
- <Current directory>\aMIA.exe
- <Current directory>\zSMs.ico
- <Current directory>\YYUa.exe
- <Current directory>\vykg.ico
- <Current directory>\BUQG.exe
- <Current directory>\zgIw.ico
- <Current directory>\ukcW.exe
- <Current directory>\USwQ.ico
- <Current directory>\LUsY.exe
- <Current directory>\EwgI.ico
- <Current directory>\BIQm.exe
- <Current directory>\YcAo.ico
- <Current directory>\liwI.ico
- <Current directory>\Gowg.ico
- <Current directory>\FQEy.exe
- <Current directory>\NEoc.ico
- <Current directory>\Qwse.exe
- <Current directory>\zIAw.ico
- <Current directory>\Bksi.exe
- <Current directory>\PYEw.ico
- <Current directory>\wUEa.exe
- <Current directory>\YaMM.ico
- <Current directory>\ZEca.exe
- <Current directory>\ZCIs.ico
- <Current directory>\NIkk.exe
- <Current directory>\DUoI.ico
- <Current directory>\IYAa.exe
- <Current directory>\yQYA.ico
- <Current directory>\zAQs.exe
- <Current directory>\qEAY.ico
- <Current directory>\cMMa.exe
- <Current directory>\EOQQ.ico
- <Current directory>\sAMq.exe
- <Current directory>\YeoM.ico
- <Current directory>\skwQ.exe
- <Current directory>\uCYM.ico
- <Current directory>\TYoU.exe
- <Current directory>\vssE.ico
- <Current directory>\dcEA.exe
- <Current directory>\uMYE.ico
- <Current directory>\vMIm.exe
- <Current directory>\hMAQ.ico
- <Current directory>\xMcO.exe
- <Current directory>\SGwI.ico
- <Current directory>\aUAe.exe
- <Current directory>\LQAm.exe
- <Current directory>\MMYI.exe
- <Current directory>\jiUI.ico
- <Current directory>\GoQc.exe
- <Current directory>\wUAA.ico
- <Current directory>\kIkO.exe
- <Current directory>\tSgo.ico
- <Current directory>\osgQ.exe
- <Current directory>\CWME.ico
- <Current directory>\TQcg.exe
- <Current directory>\JkIY.ico
- <Current directory>\roIc.exe
- <Current directory>\hSws.ico
- <Current directory>\Kgww.exe
- <Current directory>\sQYQ.ico
- <Current directory>\Cwow.exe
- <Current directory>\tAUo.ico
- <Current directory>\VsAe.exe
- <Current directory>\OMAc.ico
- <Current directory>\moAi.exe
- <Current directory>\MMoo.ico
- <Current directory>\cAkC.exe
- <Current directory>\Wmgo.ico
- <Current directory>\VMoW.exe
- <Current directory>\NQcs.ico
- <Current directory>\hAQQ.exe
- <Current directory>\EcMc.ico
- <Current directory>\Jgke.exe
- <Current directory>\dEUc.ico
- <Current directory>\nMIq.exe
- <Current directory>\oqgo.ico
- <Current directory>\tgkq.exe
- <Current directory>\eUAQ.ico
- <Current directory>\MGAE.ico
- <Current directory>\XAcE.ico
- <Current directory>\zEkm.exe
- <Current directory>\BwoI.ico
- <Current directory>\nwQg.exe
- <Current directory>\tQIA.ico
- <Current directory>\HcgU.exe
- <Current directory>\lEcQ.ico
- <Current directory>\tswc.exe
- <Current directory>\GGkc.ico
- <Current directory>\Jwke.exe
- <Current directory>\wEkg.ico
- <Current directory>\mAYQ.exe
- <Current directory>\SAcc.ico
- <Current directory>\uIQo.exe
- <Current directory>\HikY.ico
- <Current directory>\GwsW.exe
- <Current directory>\WkQk.ico
- <Current directory>\FQAg.exe
- <Current directory>\iOIQ.ico
- <Current directory>\DIcK.exe
- <Current directory>\uCUA.ico
- <Current directory>\HEMY.exe
- <Current directory>\fCIc.ico
- <Current directory>\hUsE.exe
- <Current directory>\LKAk.ico
- <Current directory>\WQoS.exe
- <Current directory>\QUwM.ico
- <Current directory>\BgEi.exe
- <Current directory>\NekA.ico
- <Current directory>\kUgU.exe
- <Current directory>\Jugg.ico
- <Current directory>\DoAq.exe
- <Current directory>\VQoc.exe
- <Current directory>\vEgC.exe
- <Current directory>\qwEw.ico
- <Current directory>\pQck.exe
- <Current directory>\hWoM.ico
- <Current directory>\zMsc.exe
- <Current directory>\hUAA.ico
- <Current directory>\XEgE.exe
- <Current directory>\BCcI.ico
- <Current directory>\vUYG.exe
- <Current directory>\oikQ.ico
- %TEMP%\KSwIYwoQ.bat
- <Current directory>\baog.ico
- <Current directory>\JwYM.exe
- <Current directory>\VkoU.ico
- <Current directory>\ZYks.exe
- <Current directory>\BkYo.ico
- <Current directory>\tsYg.exe
- <Current directory>\muEk.ico
- <Current directory>\DAok.exe
- <Current directory>\uUEU.ico
- <Current directory>\ocAm.exe
- <Current directory>\JKsA.ico
- <Current directory>\nowq.exe
- <Current directory>\eeAw.ico
- <Current directory>\qgYG.exe
- <Current directory>\XikQ.ico
- <Current directory>\yEYs.exe
- <Current directory>\paYs.ico
- <Current directory>\VgIy.exe
- <Current directory>\Jckw.ico
- <Current directory>\FEgI.exe
- <Current directory>\Mgsk.ico
- <Current directory>\tSsc.ico
- <Current directory>\qUMw.ico
- <Current directory>\UIkG.exe
- <Current directory>\ZyEw.ico
- <Current directory>\JIwY.exe
- <Current directory>\ZoUs.ico
- <Current directory>\qUcA.exe
- <Current directory>\dCwE.ico
- <Current directory>\ZMkg.exe
- <Current directory>\wagU.ico
- <Current directory>\oIwu.exe
- <Current directory>\askg.ico
- <Current directory>\AcME.exe
- <Current directory>\WygM.ico
- <Current directory>\SwcK.exe
- <Current directory>\WYcE.ico
- <Current directory>\mMIU.exe
- <Current directory>\Kugg.ico
- <Current directory>\AMAa.exe
- <Current directory>\DoEQ.ico
- <Current directory>\aMUG.exe
- <Current directory>\Fiwk.ico
- <Current directory>\qcck.exe
- <Current directory>\gcgs.ico
- <Current directory>\fMce.exe
- <Current directory>\EkIQ.ico
- <Current directory>\bYsy.exe
- <Current directory>\KCMY.ico
- <Current directory>\YkgE.exe
- <Current directory>\poww.ico
- <Current directory>\CAsg.exe
- <Current directory>\Xykc.ico
- <Current directory>\boYc.exe
- <Current directory>\nQMA.exe
- <Current directory>\OUws.exe
- <Current directory>\OEEQ.ico
- <Current directory>\AUUq.exe
- <Current directory>\oUIQ.ico
- <Current directory>\UsYo.exe
- <Current directory>\SaYE.ico
- <Current directory>\vUEc.exe
- <Current directory>\jkgc.ico
- <Current directory>\rEwi.exe
- <Current directory>\AKgE.ico
- <Current directory>\JQIS.exe
- <Current directory>\YgsU.ico
- <Current directory>\NAUY.exe
- <Current directory>\vIkw.ico
- <Current directory>\PcMU.exe
- <Current directory>\WYIs.ico
- <Current directory>\EsYk.exe
- <Current directory>\tAwY.ico
- <Current directory>\EgAW.exe
- <Current directory>\diQY.ico
- <Current directory>\lQMk.exe
- <Current directory>\FOAc.ico
- <Current directory>\SAEe.exe
- <Current directory>\wwgk.ico
- <Current directory>\SMUe.exe
- <Current directory>\MYsw.ico
- <Current directory>\TcUC.exe
- <Current directory>\bUMU.ico
- <Current directory>\LwEo.exe
- <Current directory>\deok.ico
- <Current directory>\CAsK.exe
- <Current directory>\coAY.ico
- from C:\RCXA6A3.tmp to <Current directory>\LMss.exe
- from C:\RCXA404.tmp to <Current directory>\RwUk.exe
- from C:\RCXA954.tmp to <Current directory>\ksEE.exe
- from C:\RCXA7EC.tmp to <Current directory>\SAoA.exe
- from C:\RCXA0A7.tmp to <Current directory>\wMIi.exe
- from C:\RCX9F7D.tmp to <Current directory>\Sscq.exe
- from C:\RCXA2F9.tmp to <Current directory>\wMUC.exe
- from C:\RCXA192.tmp to <Current directory>\PIIG.exe
- from C:\RCXB1A3.tmp to <Current directory>\FwQW.exe
- from C:\RCXB08A.tmp to <Current directory>\Essa.exe
- from C:\RCXB425.tmp to <Current directory>\FkMM.exe
- from C:\RCXB2EC.tmp to <Current directory>\DwYe.exe
- from C:\RCXABC6.tmp to <Current directory>\ycwI.exe
- from C:\RCXAA7D.tmp to <Current directory>\wgwc.exe
- from C:\RCXAF03.tmp to <Current directory>\kwQq.exe
- from C:\RCXAD9B.tmp to <Current directory>\TIEa.exe
- from C:\RCX8F8B.tmp to <Current directory>\wMgC.exe
- from C:\RCX8E32.tmp to <Current directory>\XkcI.exe
- from C:\RCX9289.tmp to <Current directory>\ukcW.exe
- from C:\RCX9121.tmp to <Current directory>\YUcm.exe
- from C:\RCX895F.tmp to <Current directory>\voQW.exe
- from C:\RCX87B9.tmp to <Current directory>\ywMa.exe
- from C:\RCX8C5D.tmp to <Current directory>\DoMQ.exe
- from C:\RCX8AE6.tmp to <Current directory>\Iwwo.exe
- from C:\RCX9B75.tmp to <Current directory>\YYUa.exe
- from C:\RCX99CE.tmp to <Current directory>\tAcA.exe
- from C:\RCX9E15.tmp to <Current directory>\ckAq.exe
- from C:\RCX9C50.tmp to <Current directory>\aMIA.exe
- from C:\RCX94EB.tmp to <Current directory>\BIQm.exe
- from C:\RCX93D2.tmp to <Current directory>\BUQG.exe
- from C:\RCX9847.tmp to <Current directory>\WgUO.exe
- from C:\RCX96B1.tmp to <Current directory>\LUsY.exe
- from C:\RCXB59C.tmp to <Current directory>\roIc.exe
- from C:\RCXD40B.tmp to <Current directory>\FQEy.exe
- from C:\RCXD2B3.tmp to <Current directory>\Qwse.exe
- from C:\RCXD6DB.tmp to <Current directory>\Bksi.exe
- from C:\RCXD5E0.tmp to <Current directory>\wUEa.exe
- from C:\RCXCED9.tmp to <Current directory>\ZEca.exe
- from C:\RCXCD81.tmp to <Current directory>\NIkk.exe
- from C:\RCXD16A.tmp to <Current directory>\IYAa.exe
- from C:\RCXCFD4.tmp to <Current directory>\zAQs.exe
- from C:\RCXDF1B.tmp to <Current directory>\cMMa.exe
- from C:\RCXDD75.tmp to <Current directory>\sAMq.exe
- from C:\RCXE248.tmp to <Current directory>\skwQ.exe
- from C:\RCXE064.tmp to <Current directory>\TYoU.exe
- from C:\RCXD9CA.tmp to <Current directory>\dcEA.exe
- from C:\RCXD862.tmp to <Current directory>\vMIm.exe
- from C:\RCXDC2C.tmp to <Current directory>\xMcO.exe
- from C:\RCXDB22.tmp to <Current directory>\aUAe.exe
- from C:\RCXBCC4.tmp to <Current directory>\osgQ.exe
- from C:\RCXBAFE.tmp to <Current directory>\MMYI.exe
- from C:\RCXBF64.tmp to <Current directory>\Jgke.exe
- from C:\RCXBDFD.tmp to <Current directory>\kIkO.exe
- from C:\RCXB7FF.tmp to <Current directory>\Cwow.exe
- from C:\RCXB6F5.tmp to <Current directory>\TQcg.exe
- from C:\RCXB9E4.tmp to <Current directory>\GoQc.exe
- from C:\RCXB8EA.tmp to <Current directory>\Kgww.exe
- from C:\RCXC802.tmp to <Current directory>\VMoW.exe
- from C:\RCXC65C.tmp to <Current directory>\VsAe.exe
- from C:\RCXCB10.tmp to <Current directory>\LQAm.exe
- from C:\RCXC979.tmp to <Current directory>\cAkC.exe
- from C:\RCXC224.tmp to <Current directory>\tgkq.exe
- from C:\RCXC09D.tmp to <Current directory>\hAQQ.exe
- from C:\RCXC4E4.tmp to <Current directory>\moAi.exe
- from C:\RCXC3AB.tmp to <Current directory>\nMIq.exe
- from C:\RCX8661.tmp to <Current directory>\KAME.exe
- from C:\RCX3354.tmp to <Current directory>\zEkm.exe
- from C:\RCX3103.tmp to <Current directory>\nwQg.exe
- from C:\RCX3605.tmp to <Current directory>\HcgU.exe
- from C:\RCX34CC.tmp to <Current directory>\tswc.exe
- from C:\RCX2A0D.tmp to <Current directory>\Jwke.exe
- from C:\RCX2838.tmp to <Current directory>\mAYQ.exe
- from C:\RCX2F6C.tmp to <Current directory>\uIQo.exe
- from C:\RCX2D59.tmp to <Current directory>\GwsW.exe
- from C:\RCX3F5E.tmp to <Current directory>\FQAg.exe
- from C:\RCX3D69.tmp to <Current directory>\DIcK.exe
- from C:\RCX4807.tmp to <Current directory>\HEMY.exe
- from C:\RCX46FD.tmp to <Current directory>\hUsE.exe
- from C:\RCX38E4.tmp to <Current directory>\WQoS.exe
- from C:\RCX373E.tmp to <Current directory>\BgEi.exe
- from C:\RCX3C11.tmp to <Current directory>\kUgU.exe
- from C:\RCX3B07.tmp to <Current directory>\DoAq.exe
- from C:\RCXE86.tmp to <Current directory>\XEgE.exe
- from C:\RCXBD6.tmp to <Current directory>\vEgC.exe
- from C:\RCX1848.tmp to <Current directory>\yEYs.exe
- from C:\RCX16EF.tmp to <Current directory>\zMsc.exe
- from C:\RCX57D.tmp to <Current directory>\ZYks.exe
- from C:\RCX2AE.tmp to <Current directory>\vUYG.exe
- from C:\RCXACC.tmp to <Current directory>\pQck.exe
- from C:\RCX723.tmp to <Current directory>\JwYM.exe
- from C:\RCX22F8.tmp to <Current directory>\nowq.exe
- from C:\RCX200A.tmp to <Current directory>\tsYg.exe
- from C:\RCX25E6.tmp to <Current directory>\VQoc.exe
- from C:\RCX247F.tmp to <Current directory>\ocAm.exe
- from C:\RCX1BB3.tmp to <Current directory>\FEgI.exe
- from C:\RCX1981.tmp to <Current directory>\qgYG.exe
- from C:\RCX1E06.tmp to <Current directory>\DAok.exe
- from C:\RCX1C9E.tmp to <Current directory>\VgIy.exe
- from C:\RCX4921.tmp to <Current directory>\JQIS.exe
- from C:\RCX72C6.tmp to <Current directory>\UIkG.exe
- from C:\RCX716E.tmp to <Current directory>\JIwY.exe
- from C:\RCX74FA.tmp to <Current directory>\qUcA.exe
- from C:\RCX7392.tmp to <Current directory>\ZMkg.exe
- from C:\RCX6D94.tmp to <Current directory>\oIwu.exe
- from C:\RCX6C4B.tmp to <Current directory>\AcME.exe
- from C:\RCX6FC8.tmp to <Current directory>\SwcK.exe
- from C:\RCX6EAE.tmp to <Current directory>\mMIU.exe
- from C:\RCX819D.tmp to <Current directory>\AMAa.exe
- from C:\RCX7DB5.tmp to <Current directory>\aMUG.exe
- from C:\RCX8537.tmp to <Current directory>\qcck.exe
- from C:\RCX8305.tmp to <Current directory>\fMce.exe
- from C:\RCX7836.tmp to <Current directory>\bYsy.exe
- from C:\RCX76AF.tmp to <Current directory>\YkgE.exe
- from C:\RCX7BC1.tmp to <Current directory>\CAsg.exe
- from C:\RCX7A69.tmp to <Current directory>\boYc.exe
- from C:\RCX5354.tmp to <Current directory>\vUEc.exe
- from C:\RCX522A.tmp to <Current directory>\OUws.exe
- from C:\RCX573C.tmp to <Current directory>\TcUC.exe
- from C:\RCX547D.tmp to <Current directory>\UsYo.exe
- from C:\RCX4CF9.tmp to <Current directory>\PcMU.exe
- from C:\RCX4AF6.tmp to <Current directory>\rEwi.exe
- from C:\RCX5094.tmp to <Current directory>\AUUq.exe
- from C:\RCX4EAF.tmp to <Current directory>\NAUY.exe
- from C:\RCX6334.tmp to <Current directory>\SAEe.exe
- from C:\RCX60F2.tmp to <Current directory>\EsYk.exe
- from C:\RCX66CE.tmp to <Current directory>\nQMA.exe
- from C:\RCX649C.tmp to <Current directory>\lQMk.exe
- from C:\RCX5B73.tmp to <Current directory>\CAsK.exe
- from C:\RCX598E.tmp to <Current directory>\SMUe.exe
- from C:\RCX5ECF.tmp to <Current directory>\EgAW.exe
- from C:\RCX5CEA.tmp to <Current directory>\LwEo.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'rSYkcwMw.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'GocwIYEU.exe'