Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aeEkEEcE.exe' = '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pUccUkoM.exe' = '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- <Auxiliary element>
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- '<SYSTEM32>\cscript.exe' /pid=2664
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\YKEAMcgE.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3824
- '<SYSTEM32>\reg.exe' /pid=308
- '<SYSTEM32>\reg.exe' /pid=2552
- '<SYSTEM32>\cscript.exe' /c ""%TEMP%\BkMUcMkQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=3800
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' /pid=3180
- '<SYSTEM32>\reg.exe' /pid=3028
- '<SYSTEM32>\reg.exe' /pid=2760
- '<SYSTEM32>\reg.exe' /pid=3880
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\MkcwMEko.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\yoUkkoAI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3160
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\FqIIoUEg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\iOwoUMMY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\fuIwYsEY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\sQwYkAIQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\naYYQosg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\uuYkkEMc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\sgYEIwcc.bat" "<Full path to virus>""
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\cscript.exe' /pid=356
- '<SYSTEM32>\reg.exe' /pid=3256
- '<SYSTEM32>\reg.exe' /pid=1176
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\wQccUIMg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\NwwkEAwk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\NcsQYMks.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\OmosAYgQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\miwkEckw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\kGUYEQUU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\MCEcIEUc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\iyMksooA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\IcgwMgEU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\bSIgcQYw.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\MQEokEAQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\gIwMcIEQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\WyEgMgYA.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' %TEMP%\file.vbs
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tGYcsoEQ.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\cscript.exe' /pid=1488
- '<SYSTEM32>\reg.exe' /pid=2544
- '<SYSTEM32>\reg.exe' /pid=3176
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\RqIEYcgE.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3184
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ryIosEEI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\QAYogwIw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\bCwwEcgA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ZWwUksMM.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\XOUwEMYk.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\LeMUQcMA.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' %TEMP%\file.vbs
- '<SYSTEM32>\reg.exe' /pid=256
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\reg.exe
- <Current directory>\aQga.exe
- C:\RCX57.tmp
- <Current directory>\ewMS.ico
- <Current directory>\NgUc.ico
- %TEMP%\NwwkEAwk.bat
- C:\RCX56.tmp
- %TEMP%\MEMwIIsM.bat
- C:\RCX59.tmp
- <Current directory>\FwAQ.ico
- <Current directory>\PcwO.exe
- <Current directory>\swka.exe
- <Current directory>\pIIK.exe
- C:\RCX58.tmp
- <Current directory>\sEwO.ico
- <Current directory>\zcYA.exe
- <Current directory>\hAEC.ico
- <Current directory>\kYoE.exe
- C:\RCX53.tmp
- C:\RCX52.tmp
- C:\RCX51.tmp
- <Current directory>\sQQM.ico
- <Current directory>\acwi.exe
- <Current directory>\SUgO.exe
- C:\RCX55.tmp
- <Current directory>\hAsg.ico
- <Current directory>\PIUc.ico
- <Current directory>\bssS.ico
- <Current directory>\rAoy.exe
- C:\RCX54.tmp
- %TEMP%\jcoEIwkw.bat
- <Current directory>\rwYY.ico
- <Current directory>\zQsC.exe
- C:\RCX5F.tmp
- %TEMP%\fuIwYsEY.bat
- <Current directory>\IEAw.ico
- <Current directory>\vQsm.exe
- %TEMP%\iOwoUMMY.bat
- <Current directory>\gAoK.ico
- <Current directory>\sgUA.exe
- C:\RCX61.tmp
- C:\RCX60.tmp
- <Current directory>\ZssM.ico
- <Current directory>\qAAa.exe
- C:\RCX5E.tmp
- <Current directory>\qAMq.ico
- <Current directory>\EQsM.exe
- %TEMP%\EmYAYUgA.bat
- C:\RCX5B.tmp
- C:\RCX5A.tmp
- <Current directory>\uYQY.ico
- <Current directory>\QwoC.exe
- C:\RCX5D.tmp
- <Current directory>\LMca.ico
- <Current directory>\ugAC.exe
- <Current directory>\GssC.exe
- C:\RCX5C.tmp
- %TEMP%\wQccUIMg.bat
- <Current directory>\fIAG.ico
- <Current directory>\hkgc.ico
- <Current directory>\pMAQ.exe
- C:\RCX46.tmp
- C:\RCX45.tmp
- C:\RCX44.tmp
- <Current directory>\NYsU.ico
- <Current directory>\xkgG.exe
- <Current directory>\FgEA.exe
- C:\RCX48.tmp
- %TEMP%\BkMUcMkQ.bat
- <Current directory>\JUAq.ico
- <Current directory>\IMws.ico
- <Current directory>\NEIs.exe
- C:\RCX47.tmp
- <Current directory>\FcQQ.exe
- C:\RCX41.tmp
- %TEMP%\PQEIMcIk.bat
- <Current directory>\OkIs.ico
- <Current directory>\mYoC.exe
- <Current directory>\Twwa.exe
- C:\RCX40.tmp
- <Current directory>\bgcY.ico
- <Current directory>\uQgc.exe
- C:\RCX43.tmp
- <Current directory>\BsMm.ico
- <Current directory>\GEAm.ico
- <Current directory>\UYIG.exe
- C:\RCX42.tmp
- %TEMP%\YKEAMcgE.bat
- %TEMP%\NcsQYMks.bat
- %TEMP%\qGoQgMIs.bat
- <Current directory>\AYcM.ico
- C:\RCX4E.tmp
- C:\RCX4D.tmp
- <Current directory>\mAUO.ico
- <Current directory>\gEQU.exe
- C:\RCX50.tmp
- <Current directory>\EkIq.ico
- <Current directory>\Pgwk.exe
- <Current directory>\lscq.exe
- <Current directory>\TYcc.exe
- C:\RCX4F.tmp
- <Current directory>\bgca.ico
- <Current directory>\hwci.exe
- <Current directory>\OQsk.ico
- <Current directory>\TosK.exe
- C:\RCX4A.tmp
- C:\RCX49.tmp
- <Current directory>\AoAk.ico
- %TEMP%\AaUIkAQA.bat
- <Current directory>\XwsC.exe
- <Current directory>\rcAC.exe
- C:\RCX4C.tmp
- <Current directory>\PAAO.ico
- <Current directory>\FMEE.ico
- <Current directory>\doke.ico
- <Current directory>\nAwo.exe
- C:\RCX4B.tmp
- C:\RCX62.tmp
- <Current directory>\CAgA.exe
- C:\RCX7A.tmp
- <Current directory>\NUQm.ico
- <Current directory>\UYkw.ico
- <Current directory>\RMsU.ico
- <Current directory>\aQgy.exe
- C:\RCX79.tmp
- <Current directory>\Vogg.exe
- C:\RCX7C.tmp
- <Current directory>\MYcG.ico
- <Current directory>\UwkQ.ico
- <Current directory>\YkUy.exe
- C:\RCX7B.tmp
- %TEMP%\uuYkkEMc.bat
- C:\RCX78.tmp
- C:\RCX75.tmp
- <Current directory>\wUcg.ico
- <Current directory>\YgUw.exe
- <Current directory>\LUsW.exe
- <Current directory>\awkk.exe
- C:\RCX74.tmp
- <Current directory>\GosA.ico
- C:\RCX77.tmp
- <Current directory>\YUYc.ico
- <Current directory>\FowA.exe
- <Current directory>\zgYc.exe
- C:\RCX76.tmp
- %TEMP%\GQsAYkQE.bat
- <Current directory>\wIcA.ico
- <Current directory>\gwgs.ico
- <Current directory>\jwUq.exe
- C:\RCX83.tmp
- %TEMP%\naYYQosg.bat
- <Current directory>\EEgW.ico
- <Current directory>\oMco.exe
- C:\RCX82.tmp
- <Current directory>\zMES.ico
- <Current directory>\AUwe.exe
- C:\RCX85.tmp
- %TEMP%\EkAoEAkw.bat
- <Current directory>\MYcy.ico
- <Current directory>\MQYi.exe
- C:\RCX84.tmp
- C:\RCX81.tmp
- <Current directory>\VYYC.exe
- C:\RCX7E.tmp
- <Current directory>\XoES.ico
- <Current directory>\hgcy.ico
- <Current directory>\RwUU.exe
- C:\RCX7D.tmp
- %TEMP%\QawcAMoA.bat
- C:\RCX80.tmp
- <Current directory>\pAsC.ico
- <Current directory>\IEUo.exe
- <Current directory>\EAAO.exe
- <Current directory>\TcIu.exe
- C:\RCX7F.tmp
- <Current directory>\DQcC.ico
- <Current directory>\Hkou.ico
- <Current directory>\fcoi.exe
- C:\RCX69.tmp
- C:\RCX68.tmp
- C:\RCX67.tmp
- <Current directory>\fUEm.ico
- <Current directory>\IIoM.exe
- C:\RCX6A.tmp
- <Current directory>\ScQc.ico
- <Current directory>\JIQG.exe
- %TEMP%\WUMEkYMs.bat
- <Current directory>\LEAO.ico
- %TEMP%\FqIIoUEg.bat
- <Current directory>\zMkQ.exe
- <Current directory>\JwUy.exe
- %TEMP%\XSYEAcIQ.bat
- <Current directory>\AksO.exe
- C:\RCX64.tmp
- <Current directory>\qwgQ.ico
- <Current directory>\iwUk.ico
- <Current directory>\OoIs.exe
- C:\RCX63.tmp
- <Current directory>\eEAm.exe
- C:\RCX66.tmp
- <Current directory>\GEkY.ico
- <Current directory>\ngEs.ico
- <Current directory>\HUgs.ico
- <Current directory>\GUUO.exe
- C:\RCX65.tmp
- <Current directory>\CUku.exe
- C:\RCX71.tmp
- <Current directory>\XcwK.ico
- <Current directory>\QYUg.ico
- <Current directory>\usAA.ico
- <Current directory>\QQEI.exe
- C:\RCX70.tmp
- C:\RCX73.tmp
- <Current directory>\dkgc.ico
- %TEMP%\sgYEIwcc.bat
- <Current directory>\XEwa.exe
- <Current directory>\Ascc.exe
- C:\RCX72.tmp
- <Current directory>\BgsU.ico
- C:\RCX6F.tmp
- %TEMP%\sQwYkAIQ.bat
- <Current directory>\ywAA.ico
- <Current directory>\yAYm.exe
- C:\RCX6C.tmp
- C:\RCX6B.tmp
- <Current directory>\PEEY.ico
- <Current directory>\XcQC.exe
- <Current directory>\XkIG.ico
- %TEMP%\qOsMgYkw.bat
- <Current directory>\pIIu.exe
- C:\RCX6E.tmp
- C:\RCX6D.tmp
- <Current directory>\nYsI.ico
- <Current directory>\hgkK.exe
- <Current directory>\kYsY.ico
- <Current directory>\XwEi.exe
- C:\RCX15.tmp
- %TEMP%\MCEcIEUc.bat
- <Current directory>\agUm.ico
- <Current directory>\ysYq.ico
- <Current directory>\lYQU.exe
- C:\RCX14.tmp
- <Current directory>\DEIe.exe
- %TEMP%\tScEssEw.bat
- C:\RCX17.tmp
- <Current directory>\rwcG.ico
- <Current directory>\gscM.ico
- <Current directory>\QMMA.exe
- C:\RCX16.tmp
- %TEMP%\EUsIEQIY.bat
- <Current directory>\NgUW.ico
- <Current directory>\mUMg.exe
- C:\RCX11.tmp
- C:\RCX10.tmp
- C:\RCXF.tmp
- <Current directory>\RkQC.ico
- <Current directory>\bQMU.exe
- <Current directory>\wYsw.ico
- <Current directory>\Agcy.exe
- C:\RCX13.tmp
- C:\RCX12.tmp
- %TEMP%\OmosAYgQ.bat
- <Current directory>\RgYg.ico
- <Current directory>\ZUMw.exe
- <Current directory>\lEAI.ico
- <Current directory>\DAUc.exe
- %TEMP%\sYQAckIQ.bat
- C:\RCX1C.tmp
- C:\RCX1B.tmp
- <Current directory>\Fwsg.ico
- <Current directory>\PUoo.exe
- %TEMP%\iyMksooA.bat
- <Current directory>\EEAm.ico
- <Current directory>\GUoW.exe
- C:\RCX1E.tmp
- C:\RCX1D.tmp
- <Current directory>\dEse.ico
- <Current directory>\WMoS.exe
- <Current directory>\dccI.exe
- <Current directory>\WEAU.exe
- C:\RCX19.tmp
- %TEMP%\bSIgcQYw.bat
- <Current directory>\jgUM.ico
- <Current directory>\gIgC.ico
- <Current directory>\oskU.exe
- C:\RCX18.tmp
- %TEMP%\IcgwMgEU.bat
- %TEMP%\IgMsggYI.bat
- <Current directory>\eYMO.ico
- C:\RCX1A.tmp
- %TEMP%\pYckEUwI.bat
- <Current directory>\lYgA.ico
- <Current directory>\AsYO.exe
- C:\RCX3.tmp
- <Current directory>\hocE.ico
- <Current directory>\xIMy.exe
- <Current directory>\foIu.exe
- <Current directory>\UYUq.exe
- C:\RCX2.tmp
- <Current directory>\OQkw.ico
- %TEMP%\USwMUosI.bat
- <Current directory>\xMYS.ico
- <Current directory>\cEoY.exe
- C:\RCX5.tmp
- C:\RCX4.tmp
- <Current directory>\Gwke.ico
- <Current directory>\JYcc.exe
- <Current directory>\FQEU.ico
- %TEMP%\EYwAQQoU.bat
- %TEMP%\file.vbs
- %TEMP%\WyEgMgYA.bat
- %TEMP%\MQEokEAQ.bat
- %TEMP%\IgIYsswg.bat
- <Current directory>\<Virus name>
- %TEMP%\kGUYEQUU.bat
- <Current directory>\voMm.exe
- C:\RCX1.tmp
- <Current directory>\dcUO.ico
- %TEMP%\hsccsEoA.bat
- %TEMP%\sakcQoUE.bat
- %TEMP%\gIwMcIEQ.bat
- <Current directory>\EIoU.exe
- C:\RCXC.tmp
- <Current directory>\REgu.ico
- <Current directory>\IcUY.ico
- <Current directory>\GoAy.exe
- C:\RCXB.tmp
- %TEMP%\cqkcUQkM.bat
- C:\RCXE.tmp
- <Current directory>\WQUo.ico
- <Current directory>\UwkE.exe
- <Current directory>\KgIk.exe
- <Current directory>\YYse.exe
- C:\RCXD.tmp
- <Current directory>\yccu.ico
- <Current directory>\BkMe.ico
- <Current directory>\AcEm.ico
- <Current directory>\jYMi.exe
- C:\RCX8.tmp
- C:\RCX7.tmp
- C:\RCX6.tmp
- <Current directory>\sQEM.ico
- <Current directory>\jwAe.exe
- <Current directory>\LAEg.ico
- <Current directory>\fgEc.exe
- C:\RCXA.tmp
- C:\RCX9.tmp
- %TEMP%\miwkEckw.bat
- <Current directory>\GkgC.ico
- <Current directory>\gQUa.exe
- C:\RCX1F.tmp
- <Current directory>\jYwg.ico
- %TEMP%\RqIEYcgE.bat
- <Current directory>\qIgM.exe
- C:\RCX34.tmp
- %TEMP%\ryIosEEI.bat
- <Current directory>\sgwE.ico
- <Current directory>\Boka.exe
- C:\RCX36.tmp
- <Current directory>\ssok.ico
- <Current directory>\oYYg.exe
- <Current directory>\VYkU.exe
- C:\RCX35.tmp
- %TEMP%\AugUAUQs.bat
- <Current directory>\yocs.ico
- C:\RCX33.tmp
- C:\RCX30.tmp
- <Current directory>\VAwU.ico
- <Current directory>\Xoko.exe
- <Current directory>\kcco.exe
- <Current directory>\bwMw.exe
- C:\RCX2F.tmp
- <Current directory>\akoU.ico
- %TEMP%\MUUcgQMs.bat
- <Current directory>\YUgG.ico
- <Current directory>\YYIw.exe
- C:\RCX32.tmp
- C:\RCX31.tmp
- <Current directory>\oQkm.ico
- <Current directory>\Ecwg.exe
- <Current directory>\OMoA.exe
- C:\RCX3D.tmp
- %TEMP%\MkcwMEko.bat
- <Current directory>\Tcwi.ico
- <Current directory>\OMAc.ico
- <Current directory>\zgMY.exe
- C:\RCX3C.tmp
- <Current directory>\FcwG.ico
- <Current directory>\tUAQ.exe
- C:\RCX3F.tmp
- C:\RCX3E.tmp
- %TEMP%\DoUUgQoo.bat
- <Current directory>\rocC.ico
- <Current directory>\xAci.exe
- C:\RCX3B.tmp
- <Current directory>\XYAA.ico
- <Current directory>\lgwG.exe
- C:\RCX39.tmp
- C:\RCX38.tmp
- C:\RCX37.tmp
- <Current directory>\mIcO.ico
- <Current directory>\TcQg.exe
- <Current directory>\PoMK.ico
- %TEMP%\yoUkkoAI.bat
- <Current directory>\UcEe.exe
- C:\RCX3A.tmp
- <Current directory>\yUEE.ico
- <Current directory>\VsQM.exe
- %TEMP%\uAsIUEIo.bat
- %TEMP%\zWcgksos.bat
- <Current directory>\uIoW.ico
- <Current directory>\hEAO.exe
- C:\RCX24.tmp
- C:\RCX23.tmp
- <Current directory>\iIke.ico
- <Current directory>\bwIg.exe
- %TEMP%\bCwwEcgA.bat
- <Current directory>\KEck.ico
- <Current directory>\skYI.exe
- C:\RCX26.tmp
- C:\RCX25.tmp
- <Current directory>\gUsY.ico
- <Current directory>\BcAE.exe
- <Current directory>\gYYo.exe
- C:\RCX20.tmp
- %TEMP%\VysUYogs.bat
- %TEMP%\ZWwUksMM.bat
- <Current directory>\BsUy.exe
- %TEMP%\tGYcsoEQ.bat
- %TEMP%\oUgEIQso.bat
- <Current directory>\uUEY.ico
- <Current directory>\LkgA.exe
- C:\RCX22.tmp
- <Current directory>\oYsG.ico
- <Current directory>\tIUY.ico
- <Current directory>\yEIy.ico
- <Current directory>\Ogsw.exe
- C:\RCX21.tmp
- C:\RCX2C.tmp
- <Current directory>\Zowk.ico
- <Current directory>\cQEO.exe
- <Current directory>\EQIs.exe
- %TEMP%\XOUwEMYk.bat
- %TEMP%\mAoIUcEY.bat
- <Current directory>\mgcK.ico
- %TEMP%\LeMUQcMA.bat
- %TEMP%\BuIwgMcs.bat
- <Current directory>\esMA.ico
- C:\RCX2E.tmp
- C:\RCX2D.tmp
- <Current directory>\ZoUA.ico
- <Current directory>\Rckk.exe
- C:\RCX2B.tmp
- C:\RCX28.tmp
- %TEMP%\jSMskQgg.bat
- <Current directory>\WIUw.ico
- %TEMP%\QAYogwIw.bat
- C:\RCX27.tmp
- <Current directory>\hgIQ.ico
- <Current directory>\PwwM.exe
- C:\RCX2A.tmp
- <Current directory>\PAUs.ico
- <Current directory>\eEgS.exe
- <Current directory>\RIUI.exe
- <Current directory>\MEYu.exe
- C:\RCX29.tmp
- <Current directory>\XMMg.ico
- %ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe
- %HOMEPATH%\fCkYUMIQ\pUccUkoM.exe
- <Current directory>\aQga.exe
- <Current directory>\NgUc.ico
- <Current directory>\zcYA.exe
- <Current directory>\hAsg.ico
- <Current directory>\pIIK.exe
- <Current directory>\sEwO.ico
- %TEMP%\MEMwIIsM.bat
- <Current directory>\ewMS.ico
- <Current directory>\swka.exe
- <Current directory>\sQQM.ico
- <Current directory>\kYoE.exe
- <Current directory>\EkIq.ico
- <Current directory>\acwi.exe
- <Current directory>\hAEC.ico
- <Current directory>\SUgO.exe
- <Current directory>\PIUc.ico
- <Current directory>\rAoy.exe
- <Current directory>\bssS.ico
- <Current directory>\PcwO.exe
- <Current directory>\IEAw.ico
- <Current directory>\zQsC.exe
- <Current directory>\LMca.ico
- <Current directory>\vQsm.exe
- %TEMP%\jcoEIwkw.bat
- <Current directory>\ZssM.ico
- <Current directory>\sgUA.exe
- <Current directory>\rwYY.ico
- <Current directory>\qAAa.exe
- <Current directory>\uYQY.ico
- <Current directory>\EQsM.exe
- <Current directory>\FwAQ.ico
- <Current directory>\QwoC.exe
- <Current directory>\qAMq.ico
- <Current directory>\fIAG.ico
- <Current directory>\ugAC.exe
- %TEMP%\EmYAYUgA.bat
- <Current directory>\GssC.exe
- <Current directory>\Pgwk.exe
- <Current directory>\NYsU.ico
- <Current directory>\pMAQ.exe
- <Current directory>\BsMm.ico
- <Current directory>\xkgG.exe
- <Current directory>\hkgc.ico
- <Current directory>\FgEA.exe
- <Current directory>\JUAq.ico
- <Current directory>\NEIs.exe
- <Current directory>\IMws.ico
- <Current directory>\UYIG.exe
- <Current directory>\OkIs.ico
- <Current directory>\mYoC.exe
- <Current directory>\bgcY.ico
- <Current directory>\uQgc.exe
- %TEMP%\PQEIMcIk.bat
- <Current directory>\FcQQ.exe
- %TEMP%\RqIEYcgE.bat
- <Current directory>\GEAm.ico
- <Current directory>\XwsC.exe
- <Current directory>\mAUO.ico
- <Current directory>\TYcc.exe
- <Current directory>\PAAO.ico
- <Current directory>\gEQU.exe
- <Current directory>\AYcM.ico
- %TEMP%\BkMUcMkQ.bat
- %TEMP%\qGoQgMIs.bat
- <Current directory>\lscq.exe
- <Current directory>\bgca.ico
- <Current directory>\OQsk.ico
- <Current directory>\nAwo.exe
- <Current directory>\AoAk.ico
- <Current directory>\TosK.exe
- <Current directory>\doke.ico
- <Current directory>\FMEE.ico
- <Current directory>\hwci.exe
- %TEMP%\AaUIkAQA.bat
- <Current directory>\rcAC.exe
- <Current directory>\gAoK.ico
- <Current directory>\RMsU.ico
- <Current directory>\CAgA.exe
- %TEMP%\GQsAYkQE.bat
- <Current directory>\aQgy.exe
- <Current directory>\UYkw.ico
- <Current directory>\Vogg.exe
- <Current directory>\UwkQ.ico
- <Current directory>\YkUy.exe
- <Current directory>\NUQm.ico
- <Current directory>\GosA.ico
- <Current directory>\YgUw.exe
- <Current directory>\dkgc.ico
- <Current directory>\LUsW.exe
- <Current directory>\wUcg.ico
- <Current directory>\FowA.exe
- <Current directory>\YUYc.ico
- <Current directory>\zgYc.exe
- <Current directory>\wIcA.ico
- <Current directory>\RwUU.exe
- <Current directory>\EEgW.ico
- <Current directory>\jwUq.exe
- <Current directory>\pAsC.ico
- <Current directory>\oMco.exe
- <Current directory>\gwgs.ico
- <Current directory>\AUwe.exe
- <Current directory>\zMES.ico
- <Current directory>\MQYi.exe
- <Current directory>\MYcy.ico
- <Current directory>\hgcy.ico
- <Current directory>\TcIu.exe
- <Current directory>\MYcG.ico
- <Current directory>\VYYC.exe
- <Current directory>\XoES.ico
- <Current directory>\DQcC.ico
- <Current directory>\IEUo.exe
- <Current directory>\EAAO.exe
- %TEMP%\QawcAMoA.bat
- <Current directory>\awkk.exe
- <Current directory>\IIoM.exe
- <Current directory>\fUEm.ico
- <Current directory>\JwUy.exe
- <Current directory>\GEkY.ico
- <Current directory>\fcoi.exe
- <Current directory>\LEAO.ico
- %TEMP%\WUMEkYMs.bat
- <Current directory>\Hkou.ico
- <Current directory>\zMkQ.exe
- <Current directory>\AksO.exe
- <Current directory>\qwgQ.ico
- <Current directory>\OoIs.exe
- <Current directory>\iwUk.ico
- <Current directory>\GUUO.exe
- <Current directory>\ngEs.ico
- %TEMP%\XSYEAcIQ.bat
- <Current directory>\HUgs.ico
- <Current directory>\eEAm.exe
- <Current directory>\JIQG.exe
- <Current directory>\usAA.ico
- <Current directory>\CUku.exe
- <Current directory>\QQEI.exe
- %TEMP%\qOsMgYkw.bat
- <Current directory>\QYUg.ico
- <Current directory>\XEwa.exe
- <Current directory>\BgsU.ico
- <Current directory>\Ascc.exe
- <Current directory>\XcwK.ico
- <Current directory>\PEEY.ico
- <Current directory>\yAYm.exe
- <Current directory>\ScQc.ico
- <Current directory>\XcQC.exe
- <Current directory>\ywAA.ico
- <Current directory>\pIIu.exe
- <Current directory>\XkIG.ico
- <Current directory>\hgkK.exe
- <Current directory>\nYsI.ico
- <Current directory>\QMMA.exe
- <Current directory>\gscM.ico
- <Current directory>\XwEi.exe
- <Current directory>\agUm.ico
- <Current directory>\DEIe.exe
- <Current directory>\oskU.exe
- <Current directory>\gIgC.ico
- <Current directory>\rwcG.ico
- %TEMP%\tScEssEw.bat
- <Current directory>\ZUMw.exe
- <Current directory>\RgYg.ico
- <Current directory>\mUMg.exe
- <Current directory>\NgUW.ico
- <Current directory>\Agcy.exe
- <Current directory>\lYQU.exe
- <Current directory>\ysYq.ico
- <Current directory>\wYsw.ico
- %TEMP%\EUsIEQIY.bat
- <Current directory>\WEAU.exe
- %TEMP%\sYQAckIQ.bat
- <Current directory>\WMoS.exe
- <Current directory>\DAUc.exe
- <Current directory>\lEAI.ico
- <Current directory>\dEse.ico
- %TEMP%\oUgEIQso.bat
- <Current directory>\BsUy.exe
- <Current directory>\GUoW.exe
- <Current directory>\EEAm.ico
- <Current directory>\AsYO.exe
- <Current directory>\lYgA.ico
- <Current directory>\jgUM.ico
- %TEMP%\pYckEUwI.bat
- <Current directory>\dccI.exe
- <Current directory>\PUoo.exe
- <Current directory>\Fwsg.ico
- %TEMP%\IgMsggYI.bat
- <Current directory>\eYMO.ico
- <Current directory>\RkQC.ico
- <Current directory>\hocE.ico
- <Current directory>\JYcc.exe
- <Current directory>\OQkw.ico
- <Current directory>\xIMy.exe
- <Current directory>\Gwke.ico
- %TEMP%\USwMUosI.bat
- <Current directory>\jwAe.exe
- <Current directory>\cEoY.exe
- <Current directory>\xMYS.ico
- %TEMP%\hsccsEoA.bat
- %TEMP%\sakcQoUE.bat
- %TEMP%\IgIYsswg.bat
- %TEMP%\EYwAQQoU.bat
- <Current directory>\voMm.exe
- <Current directory>\FQEU.ico
- <Current directory>\foIu.exe
- <Current directory>\dcUO.ico
- <Current directory>\UYUq.exe
- <Current directory>\sQEM.ico
- <Current directory>\REgu.ico
- %TEMP%\cqkcUQkM.bat
- <Current directory>\IcUY.ico
- <Current directory>\YYse.exe
- <Current directory>\KgIk.exe
- <Current directory>\WQUo.ico
- <Current directory>\bQMU.exe
- <Current directory>\yccu.ico
- <Current directory>\UwkE.exe
- <Current directory>\gQUa.exe
- <Current directory>\GkgC.ico
- <Current directory>\jYMi.exe
- <Current directory>\AcEm.ico
- <Current directory>\fgEc.exe
- <Current directory>\BkMe.ico
- <Current directory>\EIoU.exe
- <Current directory>\LAEg.ico
- <Current directory>\GoAy.exe
- <Current directory>\uUEY.ico
- <Current directory>\VYkU.exe
- <Current directory>\yocs.ico
- %TEMP%\XOUwEMYk.bat
- <Current directory>\jYwg.ico
- <Current directory>\oYYg.exe
- <Current directory>\TcQg.exe
- <Current directory>\mIcO.ico
- <Current directory>\ssok.ico
- %TEMP%\AugUAUQs.bat
- <Current directory>\oQkm.ico
- %TEMP%\MUUcgQMs.bat
- <Current directory>\VAwU.ico
- <Current directory>\Ecwg.exe
- <Current directory>\YYIw.exe
- <Current directory>\sgwE.ico
- <Current directory>\qIgM.exe
- <Current directory>\YUgG.ico
- <Current directory>\Boka.exe
- <Current directory>\lgwG.exe
- <Current directory>\xAci.exe
- <Current directory>\rocC.ico
- <Current directory>\OMoA.exe
- <Current directory>\Tcwi.ico
- <Current directory>\tUAQ.exe
- <Current directory>\Twwa.exe
- <Current directory>\kYsY.ico
- <Current directory>\FcwG.ico
- %TEMP%\DoUUgQoo.bat
- <Current directory>\yUEE.ico
- %TEMP%\LeMUQcMA.bat
- <Current directory>\XYAA.ico
- <Current directory>\VsQM.exe
- <Current directory>\UcEe.exe
- <Current directory>\zgMY.exe
- <Current directory>\OMAc.ico
- %TEMP%\uAsIUEIo.bat
- <Current directory>\PoMK.ico
- <Current directory>\Xoko.exe
- %TEMP%\zWcgksos.bat
- <Current directory>\BcAE.exe
- <Current directory>\hEAO.exe
- <Current directory>\uIoW.ico
- <Current directory>\gUsY.ico
- <Current directory>\PwwM.exe
- <Current directory>\hgIQ.ico
- <Current directory>\skYI.exe
- <Current directory>\KEck.ico
- %TEMP%\VysUYogs.bat
- <Current directory>\LkgA.exe
- <Current directory>\Ogsw.exe
- <Current directory>\yEIy.ico
- <Current directory>\tIUY.ico
- <Current directory>\bwIg.exe
- <Current directory>\iIke.ico
- <Current directory>\gYYo.exe
- <Current directory>\oYsG.ico
- %TEMP%\jSMskQgg.bat
- <Current directory>\Rckk.exe
- <Current directory>\ZoUA.ico
- <Current directory>\cQEO.exe
- <Current directory>\Zowk.ico
- <Current directory>\bwMw.exe
- <Current directory>\kcco.exe
- <Current directory>\akoU.ico
- <Current directory>\esMA.ico
- %TEMP%\BuIwgMcs.bat
- <Current directory>\RIUI.exe
- <Current directory>\XMMg.ico
- <Current directory>\MEYu.exe
- <Current directory>\WIUw.ico
- <Current directory>\eEgS.exe
- <Current directory>\EQIs.exe
- <Current directory>\mgcK.ico
- <Current directory>\PAUs.ico
- %TEMP%\mAoIUcEY.bat
- from C:\RCX5A.tmp to <Current directory>\PcwO.exe
- from C:\RCX59.tmp to <Current directory>\swka.exe
- from C:\RCX5C.tmp to <Current directory>\EQsM.exe
- from C:\RCX5B.tmp to <Current directory>\QwoC.exe
- from C:\RCX56.tmp to <Current directory>\zcYA.exe
- from C:\RCX55.tmp to <Current directory>\SUgO.exe
- from C:\RCX58.tmp to <Current directory>\pIIK.exe
- from C:\RCX57.tmp to <Current directory>\aQga.exe
- from C:\RCX62.tmp to <Current directory>\sgUA.exe
- from C:\RCX61.tmp to <Current directory>\qAAa.exe
- from C:\RCX64.tmp to <Current directory>\AksO.exe
- from C:\RCX63.tmp to <Current directory>\OoIs.exe
- from C:\RCX5E.tmp to <Current directory>\ugAC.exe
- from C:\RCX5D.tmp to <Current directory>\GssC.exe
- from C:\RCX60.tmp to <Current directory>\zQsC.exe
- from C:\RCX5F.tmp to <Current directory>\vQsm.exe
- from C:\RCX54.tmp to <Current directory>\rAoy.exe
- from C:\RCX49.tmp to <Current directory>\XwsC.exe
- from C:\RCX48.tmp to <Current directory>\FgEA.exe
- from C:\RCX4B.tmp to <Current directory>\nAwo.exe
- from C:\RCX4A.tmp to <Current directory>\TosK.exe
- from C:\RCX45.tmp to <Current directory>\xkgG.exe
- from C:\RCX44.tmp to <Current directory>\FcQQ.exe
- from C:\RCX47.tmp to <Current directory>\NEIs.exe
- from C:\RCX46.tmp to <Current directory>\pMAQ.exe
- from C:\RCX51.tmp to <Current directory>\Pgwk.exe
- from C:\RCX50.tmp to <Current directory>\lscq.exe
- from C:\RCX53.tmp to <Current directory>\kYoE.exe
- from C:\RCX52.tmp to <Current directory>\acwi.exe
- from C:\RCX4D.tmp to <Current directory>\hwci.exe
- from C:\RCX4C.tmp to <Current directory>\rcAC.exe
- from C:\RCX4F.tmp to <Current directory>\TYcc.exe
- from C:\RCX4E.tmp to <Current directory>\gEQU.exe
- from C:\RCX7B.tmp to <Current directory>\YkUy.exe
- from C:\RCX7A.tmp to <Current directory>\CAgA.exe
- from C:\RCX7D.tmp to <Current directory>\RwUU.exe
- from C:\RCX7C.tmp to <Current directory>\Vogg.exe
- from C:\RCX77.tmp to <Current directory>\zgYc.exe
- from C:\RCX76.tmp to <Current directory>\YgUw.exe
- from C:\RCX79.tmp to <Current directory>\aQgy.exe
- from C:\RCX78.tmp to <Current directory>\FowA.exe
- from C:\RCX83.tmp to <Current directory>\jwUq.exe
- from C:\RCX82.tmp to <Current directory>\oMco.exe
- from C:\RCX85.tmp to <Current directory>\AUwe.exe
- from C:\RCX84.tmp to <Current directory>\MQYi.exe
- from C:\RCX7F.tmp to <Current directory>\TcIu.exe
- from C:\RCX7E.tmp to <Current directory>\VYYC.exe
- from C:\RCX81.tmp to <Current directory>\IEUo.exe
- from C:\RCX80.tmp to <Current directory>\EAAO.exe
- from C:\RCX75.tmp to <Current directory>\LUsW.exe
- from C:\RCX6A.tmp to <Current directory>\zMkQ.exe
- from C:\RCX69.tmp to <Current directory>\fcoi.exe
- from C:\RCX6C.tmp to <Current directory>\XcQC.exe
- from C:\RCX6B.tmp to <Current directory>\JIQG.exe
- from C:\RCX66.tmp to <Current directory>\eEAm.exe
- from C:\RCX65.tmp to <Current directory>\GUUO.exe
- from C:\RCX68.tmp to <Current directory>\IIoM.exe
- from C:\RCX67.tmp to <Current directory>\JwUy.exe
- from C:\RCX72.tmp to <Current directory>\Ascc.exe
- from C:\RCX71.tmp to <Current directory>\CUku.exe
- from C:\RCX74.tmp to <Current directory>\awkk.exe
- from C:\RCX73.tmp to <Current directory>\XEwa.exe
- from C:\RCX6E.tmp to <Current directory>\hgkK.exe
- from C:\RCX6D.tmp to <Current directory>\yAYm.exe
- from C:\RCX70.tmp to <Current directory>\QQEI.exe
- from C:\RCX6F.tmp to <Current directory>\pIIu.exe
- from C:\RCX43.tmp to <Current directory>\uQgc.exe
- from C:\RCX17.tmp to <Current directory>\DEIe.exe
- from C:\RCX16.tmp to <Current directory>\QMMA.exe
- from C:\RCX19.tmp to <Current directory>\WEAU.exe
- from C:\RCX18.tmp to <Current directory>\oskU.exe
- from C:\RCX13.tmp to <Current directory>\Agcy.exe
- from C:\RCX12.tmp to <Current directory>\ZUMw.exe
- from C:\RCX15.tmp to <Current directory>\XwEi.exe
- from C:\RCX14.tmp to <Current directory>\lYQU.exe
- from C:\RCX1F.tmp to <Current directory>\GUoW.exe
- from C:\RCX1E.tmp to <Current directory>\WMoS.exe
- from C:\RCX21.tmp to <Current directory>\Ogsw.exe
- from C:\RCX20.tmp to <Current directory>\BsUy.exe
- from C:\RCX1B.tmp to <Current directory>\dccI.exe
- from C:\RCX1A.tmp to <Current directory>\AsYO.exe
- from C:\RCX1D.tmp to <Current directory>\DAUc.exe
- from C:\RCX1C.tmp to <Current directory>\PUoo.exe
- from C:\RCX11.tmp to <Current directory>\mUMg.exe
- from C:\RCX6.tmp to <Current directory>\cEoY.exe
- from C:\RCX5.tmp to <Current directory>\JYcc.exe
- from C:\RCX8.tmp to <Current directory>\jYMi.exe
- from C:\RCX7.tmp to <Current directory>\jwAe.exe
- from C:\RCX2.tmp to <Current directory>\UYUq.exe
- from C:\RCX1.tmp to <Current directory>\voMm.exe
- from C:\RCX4.tmp to <Current directory>\xIMy.exe
- from C:\RCX3.tmp to <Current directory>\foIu.exe
- from C:\RCXE.tmp to <Current directory>\KgIk.exe
- from C:\RCXD.tmp to <Current directory>\YYse.exe
- from C:\RCX10.tmp to <Current directory>\bQMU.exe
- from C:\RCXF.tmp to <Current directory>\UwkE.exe
- from C:\RCXA.tmp to <Current directory>\fgEc.exe
- from C:\RCX9.tmp to <Current directory>\gQUa.exe
- from C:\RCXC.tmp to <Current directory>\EIoU.exe
- from C:\RCXB.tmp to <Current directory>\GoAy.exe
- from C:\RCX38.tmp to <Current directory>\TcQg.exe
- from C:\RCX37.tmp to <Current directory>\oYYg.exe
- from C:\RCX3A.tmp to <Current directory>\VsQM.exe
- from C:\RCX39.tmp to <Current directory>\lgwG.exe
- from C:\RCX34.tmp to <Current directory>\Boka.exe
- from C:\RCX33.tmp to <Current directory>\YYIw.exe
- from C:\RCX36.tmp to <Current directory>\VYkU.exe
- from C:\RCX35.tmp to <Current directory>\qIgM.exe
- from C:\RCX40.tmp to <Current directory>\Twwa.exe
- from C:\RCX3F.tmp to <Current directory>\tUAQ.exe
- from C:\RCX42.tmp to <Current directory>\UYIG.exe
- from C:\RCX41.tmp to <Current directory>\mYoC.exe
- from C:\RCX3C.tmp to <Current directory>\zgMY.exe
- from C:\RCX3B.tmp to <Current directory>\UcEe.exe
- from C:\RCX3E.tmp to <Current directory>\xAci.exe
- from C:\RCX3D.tmp to <Current directory>\OMoA.exe
- from C:\RCX32.tmp to <Current directory>\Ecwg.exe
- from C:\RCX27.tmp to <Current directory>\skYI.exe
- from C:\RCX26.tmp to <Current directory>\BcAE.exe
- from C:\RCX29.tmp to <Current directory>\MEYu.exe
- from C:\RCX28.tmp to <Current directory>\PwwM.exe
- from C:\RCX23.tmp to <Current directory>\gYYo.exe
- from C:\RCX22.tmp to <Current directory>\LkgA.exe
- from C:\RCX25.tmp to <Current directory>\hEAO.exe
- from C:\RCX24.tmp to <Current directory>\bwIg.exe
- from C:\RCX2F.tmp to <Current directory>\bwMw.exe
- from C:\RCX2E.tmp to <Current directory>\Rckk.exe
- from C:\RCX31.tmp to <Current directory>\Xoko.exe
- from C:\RCX30.tmp to <Current directory>\kcco.exe
- from C:\RCX2B.tmp to <Current directory>\eEgS.exe
- from C:\RCX2A.tmp to <Current directory>\RIUI.exe
- from C:\RCX2D.tmp to <Current directory>\cQEO.exe
- from C:\RCX2C.tmp to <Current directory>\EQIs.exe
- '20#.#19.204.12':666
- '19#.#86.45.170':666
- '74.##5.232.51':80
- '20#.#7.164.69':666
- '20#.#7.164.69':9999
- '20#.#19.204.12':9999
- '19#.#86.45.170':9999
- 74.##5.232.51/
- DNS ASK google.com
- ClassName: 'Indicator' WindowName: ''