Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\reg.exe' /pid=0x648 /log
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' /pid=0x70c /log
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\TiUocIEM.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\QwQEYkkk.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\wbem\wmiprvse.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\BawoYoYo.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' /pid=0xc14 /log
- '<SYSTEM32>\reg.exe' 0xa54 cscript.exe
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\reg.exe' /pid=0xb94 /log
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- C:\RCXD73C.tmp
- <Current directory>\KssA.ico
- %TEMP%\SqQwkQss.bat
- <Current directory>\FSUU.ico
- %TEMP%\KwgAAoMk.bat
- <Current directory>\sMES.exe
- <Current directory>\Bgoo.exe
- C:\RCXDB73.tmp
- <Current directory>\MYwQ.ico
- <Current directory>\ooUA.exe
- C:\RCXD8C3.tmp
- <Current directory>\zGQg.ico
- C:\RCXD4CB.tmp
- C:\RCXCF5C.tmp
- <Current directory>\XOco.ico
- <Current directory>\iskW.exe
- C:\RCXCD87.tmp
- <Current directory>\WosI.ico
- <Current directory>\kYYG.exe
- C:\RCXD3D1.tmp
- <Current directory>\MEgc.ico
- <Current directory>\VYQC.exe
- C:\RCXD1FC.tmp
- <Current directory>\HmII.ico
- <Current directory>\qQcA.exe
- C:\RCXE652.tmp
- <Current directory>\HmMI.ico
- <Current directory>\TYMW.exe
- C:\RCXE538.tmp
- <Current directory>\ryEc.ico
- <Current directory>\qEYI.exe
- C:\RCXE931.tmp
- <Current directory>\LekE.ico
- <Current directory>\MQwS.exe
- C:\RCXE7B9.tmp
- <Current directory>\xSEA.ico
- <Current directory>\wQkc.exe
- <Current directory>\nkkk.exe
- <Current directory>\kskI.exe
- C:\RCXDEEE.tmp
- <Current directory>\UmUA.ico
- <Current directory>\PAoQ.exe
- C:\RCXDD19.tmp
- <Current directory>\kEYI.ico
- <Current directory>\IoEM.exe
- C:\RCXE363.tmp
- <Current directory>\kaww.ico
- <Current directory>\QoUI.exe
- C:\RCXE1FB.tmp
- <Current directory>\sIYg.ico
- <Current directory>\EMwo.ico
- <Current directory>\EUwA.exe
- C:\RCXBE12.tmp
- <Current directory>\skkQ.ico
- <Current directory>\KEEy.exe
- C:\RCXBA3A.tmp
- <Current directory>\dqUA.ico
- <Current directory>\JUQk.exe
- C:\RCXC026.tmp
- <Current directory>\WmUU.ico
- <Current directory>\FsQm.exe
- C:\RCXBEED.tmp
- C:\RCXB808.tmp
- %TEMP%\TiUocIEM.bat
- <Current directory>\TegA.ico
- <Current directory>\nwcK.exe
- <Current directory>\lEEY.ico
- <Current directory>\VgEK.exe
- C:\RCXB057.tmp
- C:\RCXB671.tmp
- <Current directory>\wIoU.ico
- <Current directory>\MsUu.exe
- C:\RCXB4EA.tmp
- <Current directory>\LmAo.ico
- <Current directory>\DEcO.exe
- C:\RCXC8B3.tmp
- <Current directory>\bAkw.ico
- <Current directory>\wAoG.exe
- C:\RCXC662.tmp
- <Current directory>\OYkA.ico
- <Current directory>\NgQo.exe
- C:\RCXCC5D.tmp
- <Current directory>\BUws.ico
- <Current directory>\Ocka.exe
- C:\RCXCA2B.tmp
- <Current directory>\SGIM.ico
- <Current directory>\xooA.exe
- <Current directory>\PQkO.exe
- <Current directory>\Ncoo.ico
- <Current directory>\ZUQY.exe
- C:\RCXC298.tmp
- <Current directory>\sOwU.ico
- <Current directory>\CMAu.exe
- C:\RCXC0D3.tmp
- C:\RCXC45E.tmp
- %TEMP%\jeEQkwcA.bat
- <Current directory>\BeoY.ico
- <Current directory>\YsIQ.ico
- %TEMP%\tWMsEgUI.bat
- <Current directory>\rssu.exe
- <Current directory>\AwMY.exe
- C:\RCXEB1.tmp
- <Current directory>\LeYY.ico
- <Current directory>\GgUw.exe
- C:\RCXD59.tmp
- <Current directory>\Bqcg.ico
- <Current directory>\qwMA.ico
- <Current directory>\MUUs.exe
- %TEMP%\QwQEYkkk.bat
- <Current directory>\PYIO.exe
- %TEMP%\YMMwIwAg.bat
- C:\RCX1048.tmp
- <Current directory>\FmMU.ico
- <Current directory>\tGMA.ico
- <Current directory>\LoMC.exe
- C:\RCX7DA.tmp
- <Current directory>\jcMw.ico
- <Current directory>\FYIE.exe
- C:\RCX691.tmp
- <Current directory>\lysE.ico
- <Current directory>\BAMK.exe
- C:\RCXBB3.tmp
- <Current directory>\BOss.ico
- <Current directory>\FcYk.exe
- C:\RCX9AF.tmp
- <Current directory>\awwU.ico
- <Current directory>\nsYo.exe
- C:\RCX1BA4.tmp
- <Current directory>\UokM.ico
- <Current directory>\jkEM.exe
- C:\RCX19DF.tmp
- <Current directory>\ceso.ico
- <Current directory>\oEoU.exe
- C:\RCX1F20.tmp
- <Current directory>\rUEs.ico
- <Current directory>\oQsK.exe
- C:\RCX1D4B.tmp
- C:\RCX18A6.tmp
- C:\RCX13E2.tmp
- <Current directory>\hqoA.ico
- <Current directory>\pMEk.exe
- C:\RCX123C.tmp
- <Current directory>\wAYE.ico
- <Current directory>\XgMS.exe
- C:\RCX16E1.tmp
- <Current directory>\uSwY.ico
- <Current directory>\iIww.exe
- C:\RCX14EC.tmp
- <Current directory>\zMIU.ico
- <Current directory>\TcEM.exe
- <Current directory>\IQco.exe
- C:\RCXF410.tmp
- <Current directory>\UeUc.ico
- <Current directory>\mosc.exe
- C:\RCXF23B.tmp
- <Current directory>\daUs.ico
- <Current directory>\FQoo.exe
- C:\RCXF6DF.tmp
- <Current directory>\FOgA.ico
- <Current directory>\MYoE.exe
- C:\RCXF539.tmp
- <Current directory>\EMYQ.ico
- <Current directory>\fwQE.ico
- <Current directory>\gAQe.exe
- C:\RCXEC9C.tmp
- %TEMP%\BawoYoYo.bat
- C:\RCXEB35.tmp
- <Current directory>\zqIM.ico
- %TEMP%\vEIgIokU.bat
- <Current directory>\jawA.ico
- <Current directory>\UgUo.exe
- C:\RCXF0B4.tmp
- <Current directory>\uaUg.ico
- <Current directory>\tggM.exe
- C:\RCXEEBF.tmp
- <Current directory>\jcsI.ico
- <Current directory>\UQYO.exe
- C:\RCX1CE.tmp
- %TEMP%\kucgIMcc.bat
- <Current directory>\cEIK.exe
- C:\RCXFFCA.tmp
- <Current directory>\xycA.ico
- <Current directory>\jkci.exe
- C:\RCX4DC.tmp
- <Current directory>\JuAE.ico
- <Current directory>\hEkm.exe
- C:\RCX2C8.tmp
- <Current directory>\AWkY.ico
- <Current directory>\WgUm.exe
- C:\RCXF99F.tmp
- <Current directory>\lEAs.ico
- <Current directory>\PwIO.exe
- C:\RCXF818.tmp
- <Current directory>\HEkY.ico
- <Current directory>\RQYA.exe
- %TEMP%\mQQokMwU.bat
- C:\RCXFD49.tmp
- <Current directory>\eEoi.exe
- C:\RCXFB55.tmp
- <Current directory>\umgA.ico
- C:\RCX5928.tmp
- <Current directory>\BAgA.ico
- <Current directory>\QcIw.exe
- C:\RCX56B7.tmp
- <Current directory>\HIsI.ico
- <Current directory>\AkgG.exe
- C:\RCX5D30.tmp
- <Current directory>\wAAE.ico
- <Current directory>\LUQc.exe
- C:\RCX5B7A.tmp
- <Current directory>\Ckkk.ico
- <Current directory>\Focs.exe
- <Current directory>\rYcQ.exe
- C:\RCX502F.tmp
- %TEMP%\dqcUQQwg.bat
- <Current directory>\zkoM.ico
- <Current directory>\AOUo.ico
- %TEMP%\aAsYAwUY.bat
- <Current directory>\CIMw.exe
- <Current directory>\XQQG.exe
- C:\RCX5408.tmp
- <Current directory>\ckcE.ico
- <Current directory>\vEgG.exe
- C:\RCX5204.tmp
- <Current directory>\ZkMQ.ico
- <Current directory>\kssU.exe
- C:\RCX6A7F.tmp
- <Current directory>\WqoQ.ico
- <Current directory>\noIw.exe
- C:\RCX681D.tmp
- <Current directory>\KkkQ.ico
- <Current directory>\aEAC.exe
- C:\RCX6E09.tmp
- <Auxiliary element>
- <Current directory>\KosW.exe
- C:\RCX6C82.tmp
- <Current directory>\XWUo.ico
- %TEMP%\koIQsMYA.bat
- C:\RCX60E9.tmp
- <Current directory>\wqcs.ico
- <Current directory>\UsMw.exe
- C:\RCX5FEF.tmp
- <Current directory>\vMIA.ico
- <Current directory>\RAwI.exe
- <Current directory>\EEkw.exe
- C:\RCX6667.tmp
- <Current directory>\zqAI.ico
- C:\RCX6242.tmp
- <Current directory>\bUwg.ico
- %TEMP%\UAMAMMYI.bat
- <Current directory>\Socw.exe
- C:\RCX2962.tmp
- <Current directory>\fAUg.ico
- <Current directory>\RMsY.exe
- C:\RCX1D9E.tmp
- <Current directory>\IuQg.ico
- <Current directory>\rswK.exe
- %TEMP%\HaEwcAgQ.bat
- C:\RCX390D.tmp
- <Current directory>\ZcQy.exe
- C:\RCX37E4.tmp
- <Current directory>\mowo.ico
- <Current directory>\WkEg.ico
- C:\ProgramData\kaog.txt
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- %TEMP%\OoowoAAE.bat
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- <Current directory>\IowE.exe
- C:\RCX140C.tmp
- %TEMP%\file.vbs
- <Current directory>\<Virus name>
- %TEMP%\vukMcYEQ.bat
- <Current directory>\RKEw.ico
- <Current directory>\bQog.ico
- <Current directory>\XMgk.exe
- C:\RCX4B5B.tmp
- <Current directory>\VeYU.ico
- <Current directory>\OUEy.exe
- C:\RCX4A22.tmp
- <Current directory>\eAMk.ico
- <Current directory>\CwgY.exe
- C:\RCX4DDD.tmp
- <Current directory>\oEoo.ico
- <Current directory>\nwAG.exe
- C:\RCX4C37.tmp
- C:\RCX47FF.tmp
- C:\RCX3D62.tmp
- <Current directory>\IKwQ.ico
- <Current directory>\uAIM.exe
- %TEMP%\jUsoQoQc.bat
- <Current directory>\DkoQ.ico
- <Current directory>\PgIa.exe
- C:\RCX4512.tmp
- <Current directory>\EaAs.ico
- <Current directory>\wQAO.exe
- C:\RCX4224.tmp
- <Current directory>\YUkc.ico
- <Current directory>\dsQQ.exe
- %TEMP%\ACYkkYIs.bat
- C:\RCX9BC3.tmp
- <Current directory>\HIIw.ico
- C:\RCX9877.tmp
- <Current directory>\Uigk.ico
- <Current directory>\oMEo.exe
- <Current directory>\PkcI.ico
- <Current directory>\tAou.exe
- C:\RCX9FF9.tmp
- %TEMP%\JiwAIsoU.bat
- <Current directory>\yIYW.exe
- C:\RCX9E82.tmp
- <Current directory>\OwcK.exe
- <Current directory>\fwYE.exe
- C:\RCX9098.tmp
- <Current directory>\KQIk.ico
- <Current directory>\EEMm.exe
- C:\RCX8F01.tmp
- <Current directory>\YOkg.ico
- <Current directory>\kEsQ.exe
- C:\RCX9683.tmp
- <Current directory>\FEUw.ico
- <Current directory>\xIMu.exe
- C:\RCX93F3.tmp
- <Current directory>\FCgM.ico
- <Current directory>\vswG.exe
- C:\RCXA9BF.tmp
- <Current directory>\Cowg.ico
- <Current directory>\fgwm.exe
- C:\RCXA809.tmp
- <Current directory>\lsok.ico
- <Current directory>\VIEo.exe
- C:\RCXAE53.tmp
- %TEMP%\pCccgUAw.bat
- <Current directory>\dYkq.exe
- C:\RCXABD3.tmp
- <Current directory>\NAEI.ico
- <Current directory>\lcUQ.ico
- <Current directory>\LIUU.ico
- <Current directory>\hEQW.exe
- C:\RCXA3D2.tmp
- <Current directory>\EOMg.ico
- <Current directory>\DUsa.exe
- C:\RCXA190.tmp
- <Current directory>\ceUQ.ico
- <Current directory>\AkwS.exe
- C:\RCXA673.tmp
- <Current directory>\cakk.ico
- <Current directory>\wQYC.exe
- C:\RCXA5A7.tmp
- C:\RCX78A9.tmp
- <Current directory>\giUE.ico
- <Current directory>\QMwK.exe
- %TEMP%\xYwIUsIs.bat
- <Current directory>\xSUw.ico
- <Current directory>\qIwe.exe
- C:\RCX7DF8.tmp
- <Current directory>\BMYk.ico
- <Current directory>\CcoA.exe
- C:\RCX7A8D.tmp
- <Current directory>\kcEk.ico
- <Current directory>\bsss.exe
- C:\RCX7657.tmp
- <Current directory>\fyMg.ico
- <Current directory>\bgQA.exe
- C:\RCX72DC.tmp
- <Current directory>\dkso.ico
- <Current directory>\rUUq.exe
- C:\RCX71D2.tmp
- <Current directory>\YigU.ico
- %TEMP%\pMkssIMc.bat
- <Current directory>\hEgS.exe
- <Current directory>\iQYs.ico
- <Current directory>\kcQK.exe
- C:\RCX7434.tmp
- <Current directory>\eIww.ico
- %TEMP%\AecMEAEA.bat
- <Current directory>\ncso.exe
- <Current directory>\lMAM.ico
- <Current directory>\vYwe.exe
- C:\RCX884A.tmp
- C:\RCX8A7E.tmp
- %TEMP%\WiocYgEE.bat
- <Current directory>\PeIU.ico
- C:\RCX89A3.tmp
- <Current directory>\zMoM.ico
- <Current directory>\jksu.exe
- C:\RCX8444.tmp
- C:\RCX8089.tmp
- <Current directory>\uwMw.ico
- <Current directory>\xkgQ.exe
- C:\RCX7F41.tmp
- <Current directory>\iacs.ico
- <Current directory>\wgkW.exe
- C:\RCX82EC.tmp
- <Current directory>\DKIY.ico
- <Current directory>\vooq.exe
- C:\RCX8155.tmp
- <Current directory>\okgc.ico
- <Current directory>\DgQC.exe
- %TEMP%\KwgAAoMk.bat
- <Current directory>\KssA.ico
- <Current directory>\FSUU.ico
- <Current directory>\sMES.exe
- <Current directory>\Bgoo.exe
- <Current directory>\MYwQ.ico
- <Current directory>\ooUA.exe
- <Current directory>\zGQg.ico
- <Current directory>\XOco.ico
- <Current directory>\iskW.exe
- <Current directory>\WosI.ico
- <Current directory>\kYYG.exe
- <Current directory>\MEgc.ico
- <Current directory>\VYQC.exe
- <Current directory>\HmII.ico
- <Current directory>\qQcA.exe
- <Current directory>\qEYI.exe
- <Current directory>\HmMI.ico
- <Current directory>\nkkk.exe
- <Current directory>\ryEc.ico
- <Current directory>\wQkc.exe
- <Current directory>\LekE.ico
- <Current directory>\TYMW.exe
- <Current directory>\xSEA.ico
- <Current directory>\kskI.exe
- <Current directory>\UmUA.ico
- <Current directory>\PAoQ.exe
- <Current directory>\kEYI.ico
- <Current directory>\IoEM.exe
- <Current directory>\kaww.ico
- <Current directory>\QoUI.exe
- <Current directory>\sIYg.ico
- <Current directory>\WmUU.ico
- <Current directory>\FsQm.exe
- <Current directory>\EMwo.ico
- <Current directory>\EUwA.exe
- <Current directory>\sOwU.ico
- <Current directory>\CMAu.exe
- <Current directory>\dqUA.ico
- <Current directory>\JUQk.exe
- <Current directory>\LmAo.ico
- <Current directory>\DEcO.exe
- <Current directory>\TegA.ico
- <Current directory>\nwcK.exe
- <Current directory>\skkQ.ico
- <Current directory>\KEEy.exe
- <Current directory>\wIoU.ico
- <Current directory>\MsUu.exe
- <Current directory>\bAkw.ico
- <Current directory>\wAoG.exe
- <Current directory>\OYkA.ico
- <Current directory>\NgQo.exe
- <Current directory>\BUws.ico
- <Current directory>\Ocka.exe
- <Current directory>\SGIM.ico
- <Current directory>\xooA.exe
- <Current directory>\YsIQ.ico
- <Current directory>\rssu.exe
- <Current directory>\Ncoo.ico
- <Current directory>\ZUQY.exe
- <Current directory>\BeoY.ico
- <Current directory>\PQkO.exe
- %TEMP%\tWMsEgUI.bat
- %TEMP%\TiUocIEM.bat
- <Current directory>\MQwS.exe
- <Current directory>\GgUw.exe
- <Current directory>\Bqcg.ico
- <Current directory>\BAMK.exe
- <Current directory>\FmMU.ico
- <Current directory>\PYIO.exe
- %TEMP%\YMMwIwAg.bat
- <Current directory>\AwMY.exe
- <Current directory>\LeYY.ico
- <Current directory>\FYIE.exe
- <Current directory>\tGMA.ico
- <Current directory>\jkci.exe
- <Current directory>\jcMw.ico
- <Current directory>\FcYk.exe
- <Current directory>\lysE.ico
- <Current directory>\LoMC.exe
- <Current directory>\BOss.ico
- <Current directory>\UokM.ico
- <Current directory>\jkEM.exe
- <Current directory>\uSwY.ico
- <Current directory>\iIww.exe
- <Current directory>\rUEs.ico
- <Current directory>\oQsK.exe
- <Current directory>\awwU.ico
- <Current directory>\nsYo.exe
- <Current directory>\wAYE.ico
- <Current directory>\XgMS.exe
- <Current directory>\qwMA.ico
- <Current directory>\MUUs.exe
- <Current directory>\zMIU.ico
- <Current directory>\TcEM.exe
- <Current directory>\hqoA.ico
- <Current directory>\pMEk.exe
- <Current directory>\IQco.exe
- <Current directory>\UeUc.ico
- <Current directory>\mosc.exe
- <Current directory>\daUs.ico
- <Current directory>\FQoo.exe
- <Current directory>\FOgA.ico
- <Current directory>\MYoE.exe
- <Current directory>\EMYQ.ico
- <Current directory>\gAQe.exe
- <Current directory>\uaUg.ico
- %TEMP%\vEIgIokU.bat
- <Current directory>\zqIM.ico
- <Current directory>\UgUo.exe
- <Current directory>\fwQE.ico
- <Current directory>\tggM.exe
- <Current directory>\jawA.ico
- <Current directory>\cEIK.exe
- <Current directory>\jcsI.ico
- %TEMP%\mQQokMwU.bat
- <Current directory>\AWkY.ico
- <Current directory>\hEkm.exe
- <Current directory>\xycA.ico
- <Current directory>\UQYO.exe
- <Current directory>\JuAE.ico
- <Current directory>\WgUm.exe
- <Current directory>\lEAs.ico
- <Current directory>\PwIO.exe
- <Current directory>\HEkY.ico
- <Current directory>\umgA.ico
- <Current directory>\RQYA.exe
- <Current directory>\eEoi.exe
- %TEMP%\BawoYoYo.bat
- <Current directory>\Focs.exe
- <Current directory>\wAAE.ico
- <Current directory>\QcIw.exe
- <Current directory>\Ckkk.ico
- <Current directory>\RAwI.exe
- <Current directory>\wqcs.ico
- <Current directory>\LUQc.exe
- <Current directory>\vMIA.ico
- <Current directory>\XQQG.exe
- <Current directory>\ckcE.ico
- <Current directory>\vEgG.exe
- <Current directory>\ZkMQ.ico
- <Current directory>\AkgG.exe
- <Current directory>\BAgA.ico
- <Current directory>\rYcQ.exe
- <Current directory>\HIsI.ico
- <Current directory>\XWUo.ico
- <Current directory>\aEAC.exe
- <Current directory>\WqoQ.ico
- <Current directory>\KosW.exe
- <Current directory>\fyMg.ico
- <Current directory>\bgQA.exe
- <Current directory>\dkso.ico
- <Current directory>\rUUq.exe
- <Current directory>\EEkw.exe
- %TEMP%\UAMAMMYI.bat
- <Current directory>\UsMw.exe
- <Current directory>\bUwg.ico
- <Current directory>\KkkQ.ico
- <Current directory>\kssU.exe
- <Current directory>\zqAI.ico
- <Current directory>\noIw.exe
- <Current directory>\rswK.exe
- %TEMP%\HaEwcAgQ.bat
- <Current directory>\ZcQy.exe
- <Current directory>\mowo.ico
- <Current directory>\IKwQ.ico
- <Current directory>\uAIM.exe
- <Current directory>\DkoQ.ico
- <Current directory>\PgIa.exe
- <Current directory>\IowE.exe
- <Current directory>\WkEg.ico
- %TEMP%\OoowoAAE.bat
- <Current directory>\RKEw.ico
- <Current directory>\Socw.exe
- <Current directory>\fAUg.ico
- <Current directory>\RMsY.exe
- <Current directory>\IuQg.ico
- <Current directory>\eAMk.ico
- <Current directory>\CwgY.exe
- <Current directory>\oEoo.ico
- <Current directory>\nwAG.exe
- %TEMP%\aAsYAwUY.bat
- <Current directory>\zkoM.ico
- <Current directory>\AOUo.ico
- <Current directory>\CIMw.exe
- <Current directory>\EaAs.ico
- <Current directory>\wQAO.exe
- <Current directory>\YUkc.ico
- <Current directory>\dsQQ.exe
- <Current directory>\bQog.ico
- <Current directory>\XMgk.exe
- <Current directory>\VeYU.ico
- <Current directory>\OUEy.exe
- <Current directory>\iQYs.ico
- <Current directory>\yIYW.exe
- <Current directory>\PkcI.ico
- %TEMP%\ACYkkYIs.bat
- <Current directory>\HIIw.ico
- <Current directory>\DUsa.exe
- <Current directory>\LIUU.ico
- <Current directory>\tAou.exe
- <Current directory>\EOMg.ico
- <Current directory>\FCgM.ico
- <Current directory>\kEsQ.exe
- <Current directory>\KQIk.ico
- <Current directory>\xIMu.exe
- <Current directory>\Uigk.ico
- <Current directory>\oMEo.exe
- <Current directory>\FEUw.ico
- <Current directory>\OwcK.exe
- <Current directory>\dYkq.exe
- <Current directory>\NAEI.ico
- <Current directory>\vswG.exe
- <Current directory>\Cowg.ico
- <Current directory>\lEEY.ico
- <Current directory>\VgEK.exe
- <Current directory>\VIEo.exe
- %TEMP%\pCccgUAw.bat
- <Current directory>\wQYC.exe
- <Current directory>\ceUQ.ico
- <Current directory>\hEQW.exe
- <Current directory>\cakk.ico
- <Current directory>\fgwm.exe
- <Current directory>\lsok.ico
- <Current directory>\AkwS.exe
- <Current directory>\lcUQ.ico
- <Current directory>\BMYk.ico
- <Current directory>\CcoA.exe
- <Current directory>\kcEk.ico
- <Current directory>\bsss.exe
- <Current directory>\uwMw.ico
- <Current directory>\xkgQ.exe
- <Current directory>\iacs.ico
- <Current directory>\wgkW.exe
- <Current directory>\YigU.ico
- <Current directory>\hEgS.exe
- <Current directory>\kcQK.exe
- %TEMP%\pMkssIMc.bat
- <Current directory>\giUE.ico
- <Current directory>\QMwK.exe
- <Current directory>\xSUw.ico
- <Current directory>\qIwe.exe
- <Current directory>\zMoM.ico
- <Current directory>\jksu.exe
- <Current directory>\ncso.exe
- %TEMP%\AecMEAEA.bat
- <Current directory>\YOkg.ico
- <Current directory>\fwYE.exe
- <Current directory>\PeIU.ico
- <Current directory>\EEMm.exe
- %TEMP%\xYwIUsIs.bat
- <Current directory>\DKIY.ico
- <Current directory>\okgc.ico
- <Current directory>\DgQC.exe
- <Current directory>\vYwe.exe
- <Current directory>\eIww.ico
- <Current directory>\vooq.exe
- <Current directory>\lMAM.ico
- from C:\RCXD8C3.tmp to <Current directory>\ooUA.exe
- from C:\RCXDB73.tmp to <Current directory>\Bgoo.exe
- from C:\RCXDD19.tmp to <Current directory>\PAoQ.exe
- from C:\RCXD73C.tmp to <Current directory>\sMES.exe
- from C:\RCXD1FC.tmp to <Current directory>\iskW.exe
- from C:\RCXD3D1.tmp to <Current directory>\qQcA.exe
- from C:\RCXD4CB.tmp to <Current directory>\VYQC.exe
- from C:\RCXDEEE.tmp to <Current directory>\kskI.exe
- from C:\RCXE7B9.tmp to <Current directory>\TYMW.exe
- from C:\RCXE931.tmp to <Current directory>\wQkc.exe
- from C:\RCXEB35.tmp to <Current directory>\MQwS.exe
- from C:\RCXE652.tmp to <Current directory>\qEYI.exe
- from C:\RCXE1FB.tmp to <Current directory>\QoUI.exe
- from C:\RCXE363.tmp to <Current directory>\IoEM.exe
- from C:\RCXE538.tmp to <Current directory>\nkkk.exe
- from C:\RCXBEED.tmp to <Current directory>\FsQm.exe
- from C:\RCXC026.tmp to <Current directory>\JUQk.exe
- from C:\RCXC0D3.tmp to <Current directory>\CMAu.exe
- from C:\RCXBE12.tmp to <Current directory>\EUwA.exe
- from C:\RCXB671.tmp to <Current directory>\DEcO.exe
- from C:\RCXB808.tmp to <Current directory>\MsUu.exe
- from C:\RCXBA3A.tmp to <Current directory>\KEEy.exe
- from C:\RCXC298.tmp to <Current directory>\ZUQY.exe
- from C:\RCXCC5D.tmp to <Current directory>\xooA.exe
- from C:\RCXCD87.tmp to <Current directory>\Ocka.exe
- from C:\RCXCF5C.tmp to <Current directory>\kYYG.exe
- from C:\RCXCA2B.tmp to <Current directory>\wAoG.exe
- from C:\RCXC45E.tmp to <Current directory>\rssu.exe
- from C:\RCXC662.tmp to <Current directory>\PQkO.exe
- from C:\RCXC8B3.tmp to <Current directory>\NgQo.exe
- from C:\RCXD59.tmp to <Current directory>\GgUw.exe
- from C:\RCXEB1.tmp to <Current directory>\AwMY.exe
- from C:\RCX1048.tmp to <Current directory>\PYIO.exe
- from C:\RCXBB3.tmp to <Current directory>\BAMK.exe
- from C:\RCX691.tmp to <Current directory>\FYIE.exe
- from C:\RCX7DA.tmp to <Current directory>\LoMC.exe
- from C:\RCX9AF.tmp to <Current directory>\FcYk.exe
- from C:\RCX123C.tmp to <Current directory>\MUUs.exe
- from C:\RCX19DF.tmp to <Current directory>\jkEM.exe
- from C:\RCX1BA4.tmp to <Current directory>\nsYo.exe
- from C:\RCX1D4B.tmp to <Current directory>\oQsK.exe
- from C:\RCX18A6.tmp to <Current directory>\iIww.exe
- from C:\RCX13E2.tmp to <Current directory>\XgMS.exe
- from C:\RCX14EC.tmp to <Current directory>\pMEk.exe
- from C:\RCX16E1.tmp to <Current directory>\TcEM.exe
- from C:\RCXF410.tmp to <Current directory>\IQco.exe
- from C:\RCXF539.tmp to <Current directory>\MYoE.exe
- from C:\RCXF6DF.tmp to <Current directory>\FQoo.exe
- from C:\RCXF23B.tmp to <Current directory>\mosc.exe
- from C:\RCXEC9C.tmp to <Current directory>\gAQe.exe
- from C:\RCXEEBF.tmp to <Current directory>\tggM.exe
- from C:\RCXF0B4.tmp to <Current directory>\UgUo.exe
- from C:\RCXF818.tmp to <Current directory>\PwIO.exe
- from C:\RCX1CE.tmp to <Current directory>\UQYO.exe
- from C:\RCX2C8.tmp to <Current directory>\hEkm.exe
- from C:\RCX4DC.tmp to <Current directory>\jkci.exe
- from C:\RCXFFCA.tmp to <Current directory>\cEIK.exe
- from C:\RCXF99F.tmp to <Current directory>\WgUm.exe
- from C:\RCXFB55.tmp to <Current directory>\eEoi.exe
- from C:\RCXFD49.tmp to <Current directory>\RQYA.exe
- from C:\RCXB4EA.tmp to <Current directory>\nwcK.exe
- from C:\RCX5D30.tmp to <Current directory>\Focs.exe
- from C:\RCX5FEF.tmp to <Current directory>\LUQc.exe
- from C:\RCX60E9.tmp to <Current directory>\RAwI.exe
- from C:\RCX5B7A.tmp to <Current directory>\QcIw.exe
- from C:\RCX5408.tmp to <Current directory>\XQQG.exe
- from C:\RCX56B7.tmp to <Current directory>\rYcQ.exe
- from C:\RCX5928.tmp to <Current directory>\AkgG.exe
- from C:\RCX6242.tmp to <Current directory>\UsMw.exe
- from C:\RCX6E09.tmp to <Current directory>\aEAC.exe
- from C:\RCX71D2.tmp to <Current directory>\rUUq.exe
- from C:\RCX72DC.tmp to <Current directory>\bgQA.exe
- from C:\RCX6C82.tmp to <Current directory>\KosW.exe
- from C:\RCX6667.tmp to <Current directory>\EEkw.exe
- from C:\RCX681D.tmp to <Current directory>\noIw.exe
- from C:\RCX6A7F.tmp to <Current directory>\kssU.exe
- from C:\RCX390D.tmp to <Current directory>\rswK.exe
- from C:\RCX3D62.tmp to <Current directory>\PgIa.exe
- from C:\RCX4224.tmp to <Current directory>\uAIM.exe
- from C:\RCX37E4.tmp to <Current directory>\ZcQy.exe
- from C:\RCX140C.tmp to <Current directory>\IowE.exe
- from C:\RCX1D9E.tmp to <Current directory>\RMsY.exe
- from C:\RCX2962.tmp to <Current directory>\Socw.exe
- from C:\RCX4512.tmp to <Current directory>\dsQQ.exe
- from C:\RCX4DDD.tmp to <Current directory>\CwgY.exe
- from C:\RCX502F.tmp to <Current directory>\CIMw.exe
- from C:\RCX5204.tmp to <Current directory>\vEgG.exe
- from C:\RCX4C37.tmp to <Current directory>\nwAG.exe
- from C:\RCX47FF.tmp to <Current directory>\wQAO.exe
- from C:\RCX4A22.tmp to <Current directory>\OUEy.exe
- from C:\RCX4B5B.tmp to <Current directory>\XMgk.exe
- from C:\RCX9E82.tmp to <Current directory>\yIYW.exe
- from C:\RCX9FF9.tmp to <Current directory>\tAou.exe
- from C:\RCXA190.tmp to <Current directory>\DUsa.exe
- from C:\RCX9BC3.tmp to <Current directory>\oMEo.exe
- from C:\RCX93F3.tmp to <Current directory>\xIMu.exe
- from C:\RCX9683.tmp to <Current directory>\kEsQ.exe
- from C:\RCX9877.tmp to <Current directory>\OwcK.exe
- from C:\RCXA3D2.tmp to <Current directory>\hEQW.exe
- from C:\RCXABD3.tmp to <Current directory>\dYkq.exe
- from C:\RCXAE53.tmp to <Current directory>\VIEo.exe
- from C:\RCXB057.tmp to <Current directory>\VgEK.exe
- from C:\RCXA9BF.tmp to <Current directory>\vswG.exe
- from C:\RCXA5A7.tmp to <Current directory>\wQYC.exe
- from C:\RCXA673.tmp to <Current directory>\AkwS.exe
- from C:\RCXA809.tmp to <Current directory>\fgwm.exe
- from C:\RCX7DF8.tmp to <Current directory>\bsss.exe
- from C:\RCX7F41.tmp to <Current directory>\CcoA.exe
- from C:\RCX8089.tmp to <Current directory>\wgkW.exe
- from C:\RCX7A8D.tmp to <Current directory>\QMwK.exe
- from C:\RCX7434.tmp to <Current directory>\kcQK.exe
- from C:\RCX7657.tmp to <Current directory>\hEgS.exe
- from C:\RCX78A9.tmp to <Current directory>\qIwe.exe
- from C:\RCX8155.tmp to <Current directory>\xkgQ.exe
- from C:\RCX8A7E.tmp to <Current directory>\jksu.exe
- from C:\RCX8F01.tmp to <Current directory>\EEMm.exe
- from C:\RCX9098.tmp to <Current directory>\fwYE.exe
- from C:\RCX89A3.tmp to <Current directory>\ncso.exe
- from C:\RCX82EC.tmp to <Current directory>\DgQC.exe
- from C:\RCX8444.tmp to <Current directory>\vooq.exe
- from C:\RCX884A.tmp to <Current directory>\vYwe.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'rSYkcwMw.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'GocwIYEU.exe'