Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\reg.exe' 0xcb8 <Virus name>.exe
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' 0xa64 cscript.exe
- '<SYSTEM32>\cscript.exe' /c ""%TEMP%\RIgkgMUE.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' /pid=0x5d0 /log
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\cscript.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cscript.exe' /c ""%TEMP%\vkkkwMgE.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' 0x528 <Virus name>.exe
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\YGUAooUI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' 0x93c <Virus name>.exe
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' /pid=0x268 /log
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' 0xa84 <Virus name>.exe
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' /pid=0x680 /log
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\iWgMYgEA.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=0x944 /log
- C:\RCX1028.tmp
- <Current directory>\sKgU.ico
- <Current directory>\wIoO.exe
- C:\RCXE43.tmp
- <Current directory>\owsk.ico
- <Current directory>\cokG.exe
- C:\RCX1661.tmp
- <Current directory>\XMQs.ico
- <Current directory>\eggq.exe
- C:\RCX14DA.tmp
- <Current directory>\kkQA.ico
- <Current directory>\IAMe.exe
- <Current directory>\BIsQ.exe
- C:\RCX809.tmp
- <Current directory>\Asok.ico
- %TEMP%\YGUAooUI.bat
- <Current directory>\rIwg.ico
- %TEMP%\oEEcAcsY.bat
- <Current directory>\fogw.exe
- <Current directory>\Xsgs.exe
- C:\RCXCBC.tmp
- <Current directory>\OWwc.ico
- <Current directory>\gQoa.exe
- C:\RCXBB2.tmp
- <Current directory>\DIIs.ico
- <Current directory>\JcsU.exe
- C:\RCX20C3.tmp
- <Current directory>\JYQI.ico
- %TEMP%\VCkkwEgE.bat
- C:\RCX1F6B.tmp
- <Current directory>\MCwU.ico
- <Current directory>\qAsi.exe
- C:\RCX246D.tmp
- <Current directory>\bgMA.ico
- <Current directory>\kcoi.exe
- C:\RCX2315.tmp
- <Current directory>\OCsE.ico
- <Current directory>\AUki.exe
- C:\RCX196F.tmp
- <Current directory>\NQEA.ico
- <Current directory>\dcMM.exe
- C:\RCX179A.tmp
- <Current directory>\aywg.ico
- <Current directory>\aIUk.exe
- <Current directory>\zIUy.exe
- C:\RCX1CAC.tmp
- <Current directory>\migc.ico
- C:\RCX1B82.tmp
- <Current directory>\lAYY.ico
- %TEMP%\MGQQUEIA.bat
- <Current directory>\yuQI.ico
- <Current directory>\wAMw.exe
- C:\RCXEA12.tmp
- <Current directory>\OAoI.ico
- <Current directory>\oQoy.exe
- C:\RCXE531.tmp
- <Current directory>\VkUA.ico
- <Current directory>\sgkm.exe
- C:\RCXECB3.tmp
- <Current directory>\UWEk.ico
- <Current directory>\mkQk.exe
- C:\RCXEB8A.tmp
- %TEMP%\YKssooEc.bat
- <Current directory>\iIos.exe
- C:\RCXDC87.tmp
- %TEMP%\jOkAwYIg.bat
- <Current directory>\TwwE.exe
- C:\RCXDB5E.tmp
- <Current directory>\pgUQ.ico
- <Current directory>\AiQQ.ico
- <Current directory>\GsMs.exe
- C:\RCXE159.tmp
- <Current directory>\EwII.ico
- <Current directory>\noYI.exe
- C:\RCXDED9.tmp
- <Current directory>\owYA.ico
- <Current directory>\Jokw.exe
- C:\RCXFBB7.tmp
- <Current directory>\FSIc.ico
- <Current directory>\zYIG.exe
- C:\RCXFA30.tmp
- <Current directory>\BkAQ.ico
- <Current directory>\MgEg.exe
- C:\RCX672.tmp
- <Current directory>\puYM.ico
- <Current directory>\xEAM.exe
- C:\RCXFD2E.tmp
- C:\RCXF906.tmp
- <Current directory>\uiUU.ico
- <Current directory>\IMMm.exe
- C:\RCXF03E.tmp
- <Current directory>\AIIk.ico
- <Current directory>\OIci.exe
- C:\RCXEEB7.tmp
- C:\RCXF712.tmp
- <Current directory>\pSIg.ico
- <Current directory>\WMIm.exe
- %TEMP%\fqAwQcsw.bat
- <Current directory>\PQoc.exe
- %TEMP%\dwIwUUwE.bat
- <Current directory>\sgck.exe
- <Current directory>\oMYW.exe
- C:\RCX5949.tmp
- <Current directory>\Fsgw.ico
- <Current directory>\TUsw.exe
- C:\RCX561C.tmp
- <Current directory>\IkUA.ico
- <Current directory>\howc.exe
- C:\RCX5E59.tmp
- <Current directory>\pkwk.ico
- <Current directory>\jEIW.exe
- C:\RCX5A91.tmp
- <Current directory>\oGcA.ico
- <Current directory>\EOgE.ico
- <Current directory>\joAw.ico
- <Current directory>\OcgK.exe
- C:\RCX50DC.tmp
- %TEMP%\JyAgwwgI.bat
- <Current directory>\lowC.exe
- C:\RCX4D42.tmp
- <Current directory>\VMkY.ico
- <Current directory>\Locm.exe
- C:\RCX54C4.tmp
- <Current directory>\Pisk.ico
- <Current directory>\ZwMc.exe
- C:\RCX539B.tmp
- <Current directory>\Vykg.ico
- <Current directory>\hgYU.exe
- C:\RCX6AFD.tmp
- <Current directory>\NMsE.ico
- <Current directory>\gcgU.exe
- C:\RCX6A21.tmp
- <Current directory>\jIwY.ico
- <Current directory>\NsMW.exe
- C:\RCX6DCC.tmp
- <Current directory>\BMQw.ico
- <Current directory>\jcIA.exe
- C:\RCX6C55.tmp
- C:\RCX680E.tmp
- %TEMP%\vkkkwMgE.bat
- <Current directory>\VSwI.ico
- <Current directory>\scUW.exe
- %TEMP%\kCMwMYoY.bat
- <Current directory>\jEAQ.exe
- C:\RCX5FC1.tmp
- C:\RCX6465.tmp
- <Current directory>\UUIY.ico
- <Current directory>\ZUEU.exe
- C:\RCX62ED.tmp
- <Current directory>\ggMM.ico
- <Current directory>\bscy.exe
- C:\RCX3065.tmp
- <Current directory>\gIwM.ico
- <Current directory>\Ckgi.exe
- <Current directory>\dGUM.ico
- <Current directory>\JcIY.exe
- %TEMP%\RGEIIEwY.bat
- <Current directory>\PUEa.exe
- C:\RCX3547.tmp
- <Current directory>\zacs.ico
- C:\RCX3259.tmp
- %TEMP%\OcAAoMUs.bat
- <Current directory>\WsMY.ico
- C:\RCX2CAC.tmp
- C:\RCX28C3.tmp
- <Current directory>\WGgc.ico
- <Current directory>\OcEG.exe
- C:\RCX275B.tmp
- <Current directory>\iYAM.ico
- <Current directory>\AsoE.exe
- C:\RCX2B83.tmp
- <Current directory>\PCkY.ico
- <Current directory>\bosE.exe
- C:\RCX2A59.tmp
- <Current directory>\VsAI.ico
- <Current directory>\qgsm.exe
- C:\RCX47B4.tmp
- <Current directory>\DEIo.ico
- <Current directory>\NkMw.exe
- C:\RCX4533.tmp
- <Current directory>\uSsg.ico
- <Current directory>\tIUg.exe
- <Current directory>\Rggo.exe
- C:\RCX4B1F.tmp
- <Current directory>\YQIc.ico
- C:\RCX48ED.tmp
- <Current directory>\aMcc.ico
- %TEMP%\lqYQwogc.bat
- <Current directory>\cwcc.exe
- <Current directory>\EUYc.exe
- C:\RCX3FB4.tmp
- <Current directory>\pYYA.ico
- <Current directory>\igAo.exe
- C:\RCX3CB7.tmp
- <Current directory>\BikI.ico
- <Current directory>\ZIsq.exe
- C:\RCX43AC.tmp
- <Current directory>\egQw.ico
- <Current directory>\pQYE.exe
- C:\RCX4189.tmp
- <Current directory>\LiUs.ico
- <Current directory>\pkAU.ico
- <Current directory>\CccG.exe
- C:\RCX6F19.tmp
- <Current directory>\pgAo.ico
- <Current directory>\qEkQ.exe
- C:\RCX6D82.tmp
- <Current directory>\Esos.ico
- <Current directory>\fkgY.exe
- C:\RCX740B.tmp
- <Current directory>\bOgc.ico
- <Current directory>\QEky.exe
- C:\RCX6FB6.tmp
- <Current directory>\ooEQ.ico
- <Current directory>\UGoA.ico
- <Current directory>\FuIY.ico
- <Current directory>\sMke.exe
- C:\RCX6813.tmp
- <Current directory>\AiMk.ico
- <Current directory>\aosc.exe
- C:\RCX665D.tmp
- <Current directory>\MCQY.ico
- <Current directory>\qgES.exe
- C:\RCX6C88.tmp
- <Current directory>\MQMQ.ico
- <Current directory>\DAMO.exe
- C:\RCX6A65.tmp
- <Current directory>\iicI.ico
- <Current directory>\KMUy.exe
- C:\RCX7E1F.tmp
- <Current directory>\OIQU.ico
- <Current directory>\Swwu.exe
- C:\RCX7BDC.tmp
- C:\RCX80AF.tmp
- <Current directory>\RQos.ico
- <Current directory>\xgMq.exe
- <Auxiliary element>
- <Current directory>\qsUc.ico
- <Current directory>\SMgY.exe
- %TEMP%\FskMYMEQ.bat
- <Current directory>\GEEO.exe
- C:\RCX769C.tmp
- <Current directory>\jQwE.ico
- <Current directory>\JYsE.exe
- C:\RCX7582.tmp
- <Current directory>\VGoM.ico
- <Current directory>\IkUo.ico
- <Current directory>\fgsQ.exe
- C:\RCX7A27.tmp
- <Current directory>\BMci.exe
- %TEMP%\OUIoYoYA.bat
- C:\RCX7871.tmp
- <Current directory>\VgAO.exe
- C:\RCX5265.tmp
- <Current directory>\tWsc.ico
- <Current directory>\XIgu.exe
- C:\RCX4F68.tmp
- <Current directory>\aogc.ico
- <Current directory>\vkUE.exe
- C:\RCX55C1.tmp
- <Current directory>\SGYA.ico
- <Current directory>\ZIcg.exe
- C:\RCX5350.tmp
- <Current directory>\uGAY.ico
- <Current directory>\xSAU.ico
- C:\ProgramData\kaog.txt
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- %TEMP%\hUgcQUAE.bat
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- <Current directory>\cWUo.ico
- <Current directory>\bIMk.exe
- C:\RCX4A67.tmp
- <Current directory>\<Virus name>
- %TEMP%\cyMwQMkw.bat
- %TEMP%\file.vbs
- <Current directory>\Dscc.ico
- <Current directory>\dwcs.exe
- C:\RCX6207.tmp
- <Current directory>\PYQS.exe
- C:\RCX5F86.tmp
- %TEMP%\OcIcscIc.bat
- <Current directory>\vsMg.ico
- <Current directory>\EAQs.exe
- C:\RCX64D6.tmp
- <Current directory>\XQkU.ico
- <Current directory>\fcQi.exe
- C:\RCX635F.tmp
- <Current directory>\aqAw.ico
- <Current directory>\hMMA.exe
- C:\RCX5CD5.tmp
- <Current directory>\PKoo.ico
- <Current directory>\qUEg.exe
- C:\RCX5813.tmp
- <Current directory>\vckw.ico
- <Current directory>\OEMy.exe
- C:\RCX5DFF.tmp
- %TEMP%\TAMkEAgA.bat
- <Current directory>\QcQi.exe
- C:\RCX5D62.tmp
- <Current directory>\Ykwo.ico
- C:\RCX8725.tmp
- <Current directory>\wAgc.ico
- <Current directory>\mIIg.exe
- C:\RCXC209.tmp
- <Current directory>\WYgY.ico
- <Current directory>\YkoU.exe
- C:\RCXC0B0.tmp
- <Current directory>\BuEY.ico
- <Current directory>\jAoE.exe
- C:\RCXC3FE.tmp
- <Current directory>\DoEU.ico
- <Current directory>\ZowE.exe
- C:\RCXC322.tmp
- C:\RCXBBB0.tmp
- <Current directory>\lOkM.ico
- <Current directory>\PsIo.exe
- C:\RCXB420.tmp
- <Current directory>\jUMy.exe
- C:\RCXACBF.tmp
- %TEMP%\vAskEEog.bat
- %TEMP%\nSEwIIAQ.bat
- <Current directory>\NMQw.ico
- <Current directory>\JcsQ.exe
- <Current directory>\KQsg.ico
- <Current directory>\JsIi.exe
- C:\RCXB7F8.tmp
- <Current directory>\IuYc.ico
- <Current directory>\LAAi.exe
- C:\RCXD34F.tmp
- <Current directory>\hEwQ.ico
- <Current directory>\QYQs.exe
- C:\RCXCFC6.tmp
- <Current directory>\emEU.ico
- <Current directory>\vokw.exe
- C:\RCXD9D7.tmp
- <Current directory>\NmcI.ico
- <Current directory>\gMIe.exe
- C:\RCXD69B.tmp
- C:\RCXCE1F.tmp
- %TEMP%\mWAwkIwA.bat
- <Current directory>\BCwY.ico
- <Current directory>\VYYC.exe
- <Current directory>\rcUc.ico
- <Current directory>\JMge.exe
- C:\RCXC5B4.tmp
- C:\RCXCB8F.tmp
- <Current directory>\GwEg.ico
- <Current directory>\WMEk.exe
- C:\RCXCA08.tmp
- <Current directory>\UaEE.ico
- %TEMP%\RIgkgMUE.bat
- C:\RCX909C.tmp
- <Current directory>\EYcM.ico
- <Current directory>\WkAE.exe
- %TEMP%\NWMwkQAg.bat
- <Current directory>\hkEg.ico
- <Current directory>\KYMO.exe
- C:\RCX956F.tmp
- <Current directory>\eiAU.ico
- <Current directory>\iMoe.exe
- C:\RCX934C.tmp
- <Current directory>\bGEs.ico
- <Current directory>\IwQW.exe
- C:\RCX8DAF.tmp
- <Current directory>\eMUo.ico
- <Current directory>\UYkk.exe
- C:\RCX88EC.tmp
- <Current directory>\KEwI.ico
- <Current directory>\LsUm.exe
- C:\RCX8810.tmp
- C:\RCX8C76.tmp
- <Current directory>\msUI.ico
- <Current directory>\YwwO.exe
- <Current directory>\jYAQ.ico
- %TEMP%\jEMkcUsk.bat
- <Current directory>\OcIC.exe
- <Current directory>\XYAM.exe
- C:\RCXA31B.tmp
- <Current directory>\TQgw.ico
- <Current directory>\PwEq.exe
- C:\RCXA0F8.tmp
- <Current directory>\iqAw.ico
- <Current directory>\mMIk.exe
- C:\RCXA723.tmp
- <Current directory>\MOgY.ico
- <Current directory>\cYom.exe
- C:\RCXA454.tmp
- <Current directory>\BKQQ.ico
- <Current directory>\RekM.ico
- C:\RCX9AAE.tmp
- <Current directory>\oCoI.ico
- <Current directory>\Dccy.exe
- C:\RCX9918.tmp
- <Current directory>\rKsQ.ico
- <Current directory>\xAwI.exe
- <Current directory>\cAou.exe
- C:\RCX9E0A.tmp
- %TEMP%\iWgMYgEA.bat
- C:\RCX9C64.tmp
- %TEMP%\bIkAoccs.bat
- <Current directory>\lkMM.ico
- <Current directory>\sKgU.ico
- <Current directory>\wIoO.exe
- <Current directory>\owsk.ico
- <Current directory>\cokG.exe
- <Current directory>\XMQs.ico
- <Current directory>\eggq.exe
- <Current directory>\kkQA.ico
- <Current directory>\IAMe.exe
- <Current directory>\Asok.ico
- <Current directory>\gQoa.exe
- <Current directory>\rIwg.ico
- <Current directory>\fogw.exe
- <Current directory>\OWwc.ico
- <Current directory>\BIsQ.exe
- <Current directory>\DIIs.ico
- <Current directory>\Xsgs.exe
- <Current directory>\MCwU.ico
- <Current directory>\JcsU.exe
- <Current directory>\migc.ico
- <Current directory>\AUki.exe
- <Current directory>\OCsE.ico
- <Current directory>\qAsi.exe
- <Current directory>\JYQI.ico
- <Current directory>\kcoi.exe
- <Current directory>\NQEA.ico
- <Current directory>\dcMM.exe
- <Current directory>\aywg.ico
- <Current directory>\aIUk.exe
- <Current directory>\zIUy.exe
- %TEMP%\YGUAooUI.bat
- %TEMP%\MGQQUEIA.bat
- <Current directory>\lAYY.ico
- %TEMP%\oEEcAcsY.bat
- <Current directory>\wAMw.exe
- <Current directory>\UWEk.ico
- <Current directory>\oQoy.exe
- <Current directory>\yuQI.ico
- <Current directory>\sgkm.exe
- <Current directory>\AIIk.ico
- <Current directory>\mkQk.exe
- <Current directory>\VkUA.ico
- %TEMP%\jOkAwYIg.bat
- <Current directory>\EwII.ico
- <Current directory>\pgUQ.ico
- <Current directory>\iIos.exe
- <Current directory>\GsMs.exe
- <Current directory>\OAoI.ico
- <Current directory>\noYI.exe
- <Current directory>\AiQQ.ico
- <Current directory>\owYA.ico
- <Current directory>\Jokw.exe
- <Current directory>\zYIG.exe
- %TEMP%\YKssooEc.bat
- <Current directory>\BkAQ.ico
- <Current directory>\MgEg.exe
- <Current directory>\puYM.ico
- <Current directory>\xEAM.exe
- <Current directory>\IMMm.exe
- %TEMP%\fqAwQcsw.bat
- <Current directory>\OIci.exe
- <Current directory>\uiUU.ico
- <Current directory>\WMIm.exe
- <Current directory>\FSIc.ico
- <Current directory>\PQoc.exe
- <Current directory>\pSIg.ico
- <Current directory>\TUsw.exe
- <Current directory>\IkUA.ico
- <Current directory>\Locm.exe
- <Current directory>\EOgE.ico
- <Current directory>\jEIW.exe
- <Current directory>\oGcA.ico
- <Current directory>\oMYW.exe
- <Current directory>\Fsgw.ico
- <Current directory>\lowC.exe
- <Current directory>\joAw.ico
- <Current directory>\Rggo.exe
- <Current directory>\YQIc.ico
- <Current directory>\ZwMc.exe
- <Current directory>\VMkY.ico
- <Current directory>\OcgK.exe
- <Current directory>\Pisk.ico
- <Current directory>\NMsE.ico
- <Current directory>\gcgU.exe
- <Current directory>\UUIY.ico
- <Current directory>\ZUEU.exe
- <Current directory>\BMQw.ico
- <Current directory>\jcIA.exe
- <Current directory>\Vykg.ico
- <Current directory>\hgYU.exe
- <Current directory>\pkwk.ico
- <Current directory>\jEAQ.exe
- <Current directory>\howc.exe
- %TEMP%\kCMwMYoY.bat
- <Current directory>\ggMM.ico
- <Current directory>\bscy.exe
- <Current directory>\VSwI.ico
- <Current directory>\scUW.exe
- <Current directory>\aMcc.ico
- <Current directory>\dGUM.ico
- <Current directory>\JcIY.exe
- <Current directory>\PCkY.ico
- <Current directory>\bosE.exe
- <Current directory>\Ckgi.exe
- <Current directory>\WsMY.ico
- %TEMP%\RGEIIEwY.bat
- <Current directory>\gIwM.ico
- <Current directory>\iYAM.ico
- <Current directory>\AsoE.exe
- <Current directory>\bgMA.ico
- <Current directory>\sgck.exe
- <Current directory>\VsAI.ico
- <Current directory>\qgsm.exe
- <Current directory>\WGgc.ico
- <Current directory>\OcEG.exe
- <Current directory>\cwcc.exe
- <Current directory>\uSsg.ico
- <Current directory>\ZIsq.exe
- <Current directory>\egQw.ico
- <Current directory>\NkMw.exe
- %TEMP%\lqYQwogc.bat
- <Current directory>\tIUg.exe
- <Current directory>\DEIo.ico
- <Current directory>\igAo.exe
- <Current directory>\BikI.ico
- <Current directory>\PUEa.exe
- <Current directory>\zacs.ico
- <Current directory>\pQYE.exe
- <Current directory>\LiUs.ico
- <Current directory>\EUYc.exe
- <Current directory>\pYYA.ico
- <Current directory>\fkgY.exe
- <Current directory>\bOgc.ico
- <Current directory>\QEky.exe
- <Current directory>\ooEQ.ico
- <Current directory>\GEEO.exe
- <Current directory>\jQwE.ico
- <Current directory>\JYsE.exe
- <Current directory>\VGoM.ico
- <Current directory>\qgES.exe
- <Current directory>\UGoA.ico
- <Current directory>\DAMO.exe
- <Current directory>\MCQY.ico
- <Current directory>\CccG.exe
- <Current directory>\pgAo.ico
- <Current directory>\qEkQ.exe
- <Current directory>\Esos.ico
- <Current directory>\RQos.ico
- <Current directory>\xgMq.exe
- <Current directory>\qsUc.ico
- <Current directory>\SMgY.exe
- <Current directory>\eMUo.ico
- <Current directory>\UYkk.exe
- <Current directory>\KEwI.ico
- <Current directory>\LsUm.exe
- <Current directory>\IkUo.ico
- <Current directory>\fgsQ.exe
- <Current directory>\BMci.exe
- %TEMP%\OUIoYoYA.bat
- <Current directory>\iicI.ico
- <Current directory>\KMUy.exe
- <Current directory>\OIQU.ico
- <Current directory>\Swwu.exe
- <Current directory>\MQMQ.ico
- <Current directory>\vkUE.exe
- <Current directory>\SGYA.ico
- <Current directory>\ZIcg.exe
- <Current directory>\uGAY.ico
- <Current directory>\hMMA.exe
- <Current directory>\PKoo.ico
- <Current directory>\qUEg.exe
- <Current directory>\vckw.ico
- <Current directory>\bIMk.exe
- <Current directory>\xSAU.ico
- %TEMP%\hUgcQUAE.bat
- <Current directory>\cWUo.ico
- <Current directory>\VgAO.exe
- <Current directory>\tWsc.ico
- <Current directory>\XIgu.exe
- <Current directory>\aogc.ico
- <Current directory>\vsMg.ico
- <Current directory>\EAQs.exe
- <Current directory>\XQkU.ico
- <Current directory>\fcQi.exe
- <Current directory>\FuIY.ico
- <Current directory>\sMke.exe
- <Current directory>\AiMk.ico
- <Current directory>\aosc.exe
- <Current directory>\OEMy.exe
- %TEMP%\TAMkEAgA.bat
- <Current directory>\QcQi.exe
- <Current directory>\Ykwo.ico
- <Current directory>\Dscc.ico
- <Current directory>\dwcs.exe
- <Current directory>\aqAw.ico
- <Current directory>\PYQS.exe
- <Current directory>\ZowE.exe
- <Current directory>\BuEY.ico
- <Current directory>\mIIg.exe
- <Current directory>\DoEU.ico
- <Current directory>\JMge.exe
- %TEMP%\mWAwkIwA.bat
- <Current directory>\jAoE.exe
- <Current directory>\rcUc.ico
- <Current directory>\JsIi.exe
- <Current directory>\NMQw.ico
- %TEMP%\iWgMYgEA.bat
- <Current directory>\KQsg.ico
- <Current directory>\YkoU.exe
- <Current directory>\wAgc.ico
- <Current directory>\JcsQ.exe
- <Current directory>\WYgY.ico
- <Current directory>\gMIe.exe
- <Current directory>\emEU.ico
- <Current directory>\LAAi.exe
- <Current directory>\NmcI.ico
- <Current directory>\pkAU.ico
- <Current directory>\TwwE.exe
- <Current directory>\vokw.exe
- %TEMP%\RIgkgMUE.bat
- <Current directory>\UaEE.ico
- <Current directory>\GwEg.ico
- <Current directory>\BCwY.ico
- <Current directory>\VYYC.exe
- <Current directory>\QYQs.exe
- <Current directory>\IuYc.ico
- <Current directory>\WMEk.exe
- <Current directory>\hEwQ.ico
- %TEMP%\vAskEEog.bat
- <Current directory>\IwQW.exe
- <Current directory>\eiAU.ico
- <Current directory>\WkAE.exe
- <Current directory>\bGEs.ico
- <Current directory>\xAwI.exe
- <Current directory>\oCoI.ico
- <Current directory>\iMoe.exe
- <Current directory>\rKsQ.ico
- %TEMP%\jEMkcUsk.bat
- <Current directory>\msUI.ico
- <Current directory>\jYAQ.ico
- <Current directory>\OcIC.exe
- <Current directory>\KYMO.exe
- <Current directory>\EYcM.ico
- <Current directory>\YwwO.exe
- <Current directory>\hkEg.ico
- <Current directory>\BKQQ.ico
- <Current directory>\mMIk.exe
- <Current directory>\TQgw.ico
- <Current directory>\cYom.exe
- <Current directory>\lOkM.ico
- <Current directory>\PsIo.exe
- <Current directory>\MOgY.ico
- <Current directory>\jUMy.exe
- <Current directory>\lkMM.ico
- <Current directory>\cAou.exe
- <Current directory>\Dccy.exe
- %TEMP%\bIkAoccs.bat
- <Current directory>\iqAw.ico
- <Current directory>\XYAM.exe
- <Current directory>\RekM.ico
- <Current directory>\PwEq.exe
- from C:\RCX1028.tmp to <Current directory>\cokG.exe
- from C:\RCX14DA.tmp to <Current directory>\wIoO.exe
- from C:\RCX1661.tmp to <Current directory>\IAMe.exe
- from C:\RCXE43.tmp to <Current directory>\BIsQ.exe
- from C:\RCX809.tmp to <Current directory>\fogw.exe
- from C:\RCXBB2.tmp to <Current directory>\gQoa.exe
- from C:\RCXCBC.tmp to <Current directory>\Xsgs.exe
- from C:\RCX179A.tmp to <Current directory>\eggq.exe
- from C:\RCX20C3.tmp to <Current directory>\JcsU.exe
- from C:\RCX2315.tmp to <Current directory>\kcoi.exe
- from C:\RCX246D.tmp to <Current directory>\qAsi.exe
- from C:\RCX1F6B.tmp to <Current directory>\AUki.exe
- from C:\RCX196F.tmp to <Current directory>\aIUk.exe
- from C:\RCX1B82.tmp to <Current directory>\dcMM.exe
- from C:\RCX1CAC.tmp to <Current directory>\zIUy.exe
- from C:\RCXEA12.tmp to <Current directory>\wAMw.exe
- from C:\RCXEB8A.tmp to <Current directory>\mkQk.exe
- from C:\RCXECB3.tmp to <Current directory>\sgkm.exe
- from C:\RCXE531.tmp to <Current directory>\oQoy.exe
- from C:\RCXDC87.tmp to <Current directory>\iIos.exe
- from C:\RCXDED9.tmp to <Current directory>\noYI.exe
- from C:\RCXE159.tmp to <Current directory>\GsMs.exe
- from C:\RCXEEB7.tmp to <Current directory>\OIci.exe
- from C:\RCXFBB7.tmp to <Current directory>\Jokw.exe
- from C:\RCXFD2E.tmp to <Current directory>\xEAM.exe
- from C:\RCX672.tmp to <Current directory>\MgEg.exe
- from C:\RCXFA30.tmp to <Current directory>\zYIG.exe
- from C:\RCXF03E.tmp to <Current directory>\IMMm.exe
- from C:\RCXF712.tmp to <Current directory>\PQoc.exe
- from C:\RCXF906.tmp to <Current directory>\WMIm.exe
- from C:\RCX275B.tmp to <Current directory>\sgck.exe
- from C:\RCX561C.tmp to <Current directory>\TUsw.exe
- from C:\RCX5949.tmp to <Current directory>\oMYW.exe
- from C:\RCX5A91.tmp to <Current directory>\jEIW.exe
- from C:\RCX54C4.tmp to <Current directory>\Locm.exe
- from C:\RCX4D42.tmp to <Current directory>\lowC.exe
- from C:\RCX50DC.tmp to <Current directory>\OcgK.exe
- from C:\RCX539B.tmp to <Current directory>\ZwMc.exe
- from C:\RCX5E59.tmp to <Current directory>\howc.exe
- from C:\RCX6A21.tmp to <Current directory>\gcgU.exe
- from C:\RCX6AFD.tmp to <Current directory>\hgYU.exe
- from C:\RCX6C55.tmp to <Current directory>\jcIA.exe
- from C:\RCX680E.tmp to <Current directory>\ZUEU.exe
- from C:\RCX5FC1.tmp to <Current directory>\jEAQ.exe
- from C:\RCX62ED.tmp to <Current directory>\scUW.exe
- from C:\RCX6465.tmp to <Current directory>\bscy.exe
- from C:\RCX3065.tmp to <Current directory>\JcIY.exe
- from C:\RCX3259.tmp to <Current directory>\Ckgi.exe
- from C:\RCX3547.tmp to <Current directory>\PUEa.exe
- from C:\RCX2CAC.tmp to <Current directory>\bosE.exe
- from C:\RCX28C3.tmp to <Current directory>\AsoE.exe
- from C:\RCX2A59.tmp to <Current directory>\OcEG.exe
- from C:\RCX2B83.tmp to <Current directory>\qgsm.exe
- from C:\RCX3CB7.tmp to <Current directory>\igAo.exe
- from C:\RCX47B4.tmp to <Current directory>\tIUg.exe
- from C:\RCX48ED.tmp to <Current directory>\NkMw.exe
- from C:\RCX4B1F.tmp to <Current directory>\Rggo.exe
- from C:\RCX4533.tmp to <Current directory>\cwcc.exe
- from C:\RCX3FB4.tmp to <Current directory>\EUYc.exe
- from C:\RCX4189.tmp to <Current directory>\pQYE.exe
- from C:\RCX43AC.tmp to <Current directory>\ZIsq.exe
- from C:\RCX6FB6.tmp to <Current directory>\QEky.exe
- from C:\RCX740B.tmp to <Current directory>\fkgY.exe
- from C:\RCX7582.tmp to <Current directory>\JYsE.exe
- from C:\RCX6F19.tmp to <Current directory>\CccG.exe
- from C:\RCX6A65.tmp to <Current directory>\DAMO.exe
- from C:\RCX6C88.tmp to <Current directory>\qgES.exe
- from C:\RCX6D82.tmp to <Current directory>\qEkQ.exe
- from C:\RCX769C.tmp to <Current directory>\GEEO.exe
- from C:\RCX80AF.tmp to <Current directory>\SMgY.exe
- from C:\RCX8725.tmp to <Current directory>\xgMq.exe
- from C:\RCX8810.tmp to <Current directory>\LsUm.exe
- from C:\RCX7E1F.tmp to <Current directory>\KMUy.exe
- from C:\RCX7871.tmp to <Current directory>\BMci.exe
- from C:\RCX7A27.tmp to <Current directory>\fgsQ.exe
- from C:\RCX7BDC.tmp to <Current directory>\Swwu.exe
- from C:\RCX55C1.tmp to <Current directory>\vkUE.exe
- from C:\RCX5813.tmp to <Current directory>\qUEg.exe
- from C:\RCX5CD5.tmp to <Current directory>\hMMA.exe
- from C:\RCX5350.tmp to <Current directory>\ZIcg.exe
- from C:\RCX4A67.tmp to <Current directory>\bIMk.exe
- from C:\RCX4F68.tmp to <Current directory>\XIgu.exe
- from C:\RCX5265.tmp to <Current directory>\VgAO.exe
- from C:\RCX5D62.tmp to <Current directory>\QcQi.exe
- from C:\RCX64D6.tmp to <Current directory>\EAQs.exe
- from C:\RCX665D.tmp to <Current directory>\aosc.exe
- from C:\RCX6813.tmp to <Current directory>\sMke.exe
- from C:\RCX635F.tmp to <Current directory>\fcQi.exe
- from C:\RCX5DFF.tmp to <Current directory>\OEMy.exe
- from C:\RCX5F86.tmp to <Current directory>\PYQS.exe
- from C:\RCX6207.tmp to <Current directory>\dwcs.exe
- from C:\RCX88EC.tmp to <Current directory>\UYkk.exe
- from C:\RCXC322.tmp to <Current directory>\ZowE.exe
- from C:\RCXC3FE.tmp to <Current directory>\jAoE.exe
- from C:\RCXC5B4.tmp to <Current directory>\JMge.exe
- from C:\RCXC209.tmp to <Current directory>\mIIg.exe
- from C:\RCXB7F8.tmp to <Current directory>\JsIi.exe
- from C:\RCXBBB0.tmp to <Current directory>\JcsQ.exe
- from C:\RCXC0B0.tmp to <Current directory>\YkoU.exe
- from C:\RCXCA08.tmp to <Current directory>\VYYC.exe
- from C:\RCXD69B.tmp to <Current directory>\gMIe.exe
- from C:\RCXD9D7.tmp to <Current directory>\vokw.exe
- from C:\RCXDB5E.tmp to <Current directory>\TwwE.exe
- from C:\RCXD34F.tmp to <Current directory>\LAAi.exe
- from C:\RCXCB8F.tmp to <Current directory>\VgAO.exe
- from C:\RCXCE1F.tmp to <Current directory>\WMEk.exe
- from C:\RCXCFC6.tmp to <Current directory>\QYQs.exe
- from C:\RCX956F.tmp to <Current directory>\IwQW.exe
- from C:\RCX9918.tmp to <Current directory>\iMoe.exe
- from C:\RCX9AAE.tmp to <Current directory>\xAwI.exe
- from C:\RCX934C.tmp to <Current directory>\WkAE.exe
- from C:\RCX8C76.tmp to <Current directory>\OcIC.exe
- from C:\RCX8DAF.tmp to <Current directory>\YwwO.exe
- from C:\RCX909C.tmp to <Current directory>\KYMO.exe
- from C:\RCX9C64.tmp to <Current directory>\Dccy.exe
- from C:\RCXA723.tmp to <Current directory>\mMIk.exe
- from C:\RCXACBF.tmp to <Current directory>\jUMy.exe
- from C:\RCXB420.tmp to <Current directory>\PsIo.exe
- from C:\RCXA454.tmp to <Current directory>\cYom.exe
- from C:\RCX9E0A.tmp to <Current directory>\cAou.exe
- from C:\RCXA0F8.tmp to <Current directory>\PwEq.exe
- from C:\RCXA31B.tmp to <Current directory>\XYAM.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'GocwIYEU.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'rSYkcwMw.exe'