Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aeEkEEcE.exe' = '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pUccUkoM.exe' = '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- hidden files
- file extensions
- User Account Control (UAC)
- '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\wOEAckoA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\xeUkQkcA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\OYwgAQMA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\dwIsUAQY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ZWEoUIEw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\zSYkogMw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\oyAsskwo.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tEkYAcUI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\MgwsYcgc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\SCwQAkkM.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\XYYoYYsk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\PoAIUgAo.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=4088
- '<SYSTEM32>\reg.exe' /pid=1728
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\jeYUcMYo.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=2456
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\wIkokUIA.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3160
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\kUUYIgws.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\IckIYkAk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\gQskYMwQ.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3480
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\IYMUwQgg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\mUssMEAo.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=5960
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\gGwEcsgk.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=4520
- '<SYSTEM32>\reg.exe' /pid=4592
- '<SYSTEM32>\reg.exe' /pid=4400
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\TGwwwQAI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=4460
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\jKUcgckw.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=4912
- '<SYSTEM32>\cscript.exe' /pid=4476
- '<SYSTEM32>\reg.exe' /pid=4868
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\YkssMYks.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=6100
- '<SYSTEM32>\reg.exe' /pid=6068
- '<SYSTEM32>\cscript.exe'
- '<SYSTEM32>\reg.exe' /pid=5944
- '<SYSTEM32>\reg.exe' /pid=6084
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\siQwUUYY.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=4100
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\pOIEEksQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=4116
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\DIEwMEwI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\PqIkMgkg.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=4144
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\pqEQkYkY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\GwwgUAEg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ZgUIkoYk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\qCwIEAok.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\YAgUcUwM.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\cEcEMMEg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\jcgkkMgA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\YCIUEAMI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\wEUYYoIw.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' %TEMP%\file.vbs
- '<SYSTEM32>\reg.exe' /pid=2700
- '<SYSTEM32>\cscript.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\EEcwQwMo.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\PkYcQEUg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\kYggIggg.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\XYMAUwIk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\KGMQAYkM.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\CGEooIUU.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' %TEMP%\file.vbs
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\rcwkIUkg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\uCcAcEwU.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\cUQgUQYA.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3996
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\TYUocUIQ.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=2708
- '<SYSTEM32>\cscript.exe' /pid=4056
- '<SYSTEM32>\cscript.exe' /pid=2520
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Ockwgkww.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=1792
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\dmEswkAA.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3668
- '<SYSTEM32>\reg.exe' /pid=2788
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\fiscYwck.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' /pid=3024
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\VcgAgAkQ.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3048
- '<SYSTEM32>\cscript.exe' /pid=3364
- '<SYSTEM32>\reg.exe' /pid=3404
- '<SYSTEM32>\reg.exe' /pid=4040
- '<SYSTEM32>\reg.exe' /pid=2576
- '<SYSTEM32>\reg.exe' /pid=4028
- '<SYSTEM32>\reg.exe' /pid=3908
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\XiAcMAUI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\jksAEUgM.bat" "<Full path to virus>""
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\reg.exe
- %TEMP%\MKwccwYE.bat
- <Current directory>\okkE.ico
- <Current directory>\bEAQ.exe
- C:\RCX49.tmp
- %TEMP%\PoAIUgAo.bat
- <Current directory>\LscS.ico
- <Current directory>\tUMw.exe
- %TEMP%\oyAsskwo.bat
- <Current directory>\cIYu.ico
- <Current directory>\WQge.exe
- C:\RCX4B.tmp
- C:\RCX4A.tmp
- <Current directory>\YIgO.ico
- <Current directory>\zcAG.exe
- <Current directory>\AoAA.ico
- %TEMP%\iKccwMYE.bat
- <Current directory>\SEko.exe
- %TEMP%\XYYoYYsk.bat
- <Current directory>\UoAY.ico
- <Current directory>\CIIk.exe
- C:\RCX45.tmp
- <Current directory>\wUgm.ico
- <Current directory>\jQAS.exe
- C:\RCX48.tmp
- C:\RCX47.tmp
- C:\RCX46.tmp
- <Current directory>\eoQs.ico
- <Current directory>\MIQU.exe
- %TEMP%\UKAAkUMw.bat
- <Current directory>\uAsk.ico
- <Current directory>\qoMA.exe
- C:\RCX52.tmp
- C:\RCX51.tmp
- C:\RCX50.tmp
- <Current directory>\CwoY.ico
- <Current directory>\GAIy.exe
- %TEMP%\FiEwQsks.bat
- <Current directory>\xIog.ico
- <Current directory>\WsYg.exe
- C:\RCX53.tmp
- %TEMP%\MgwsYcgc.bat
- <Current directory>\tMQA.ico
- <Current directory>\XwIw.exe
- <Current directory>\qkMG.ico
- <Current directory>\ioAm.exe
- C:\RCX4E.tmp
- C:\RCX4D.tmp
- C:\RCX4C.tmp
- <Current directory>\AcUc.ico
- <Current directory>\cMoK.exe
- <Current directory>\bwke.ico
- <Current directory>\xYkS.exe
- %TEMP%\GqQAcYgU.bat
- %TEMP%\tEkYAcUI.bat
- <Current directory>\DkgA.ico
- <Current directory>\NwAW.exe
- C:\RCX4F.tmp
- <Current directory>\fEwG.exe
- C:\RCX39.tmp
- %TEMP%\OYwgAQMA.bat
- <Current directory>\pkIA.ico
- %TEMP%\xeUkQkcA.bat
- <Current directory>\VUoi.exe
- C:\RCX38.tmp
- <Current directory>\xowe.exe
- %TEMP%\gwEcUYso.bat
- C:\RCX3B.tmp
- <Current directory>\TUkw.ico
- <Current directory>\NgIW.ico
- <Current directory>\CskW.exe
- C:\RCX3A.tmp
- <Current directory>\LEYQ.exe
- C:\RCX35.tmp
- <Current directory>\lwcc.ico
- <Current directory>\YkIC.ico
- <Current directory>\wMEc.ico
- <Current directory>\qoco.exe
- C:\RCX34.tmp
- C:\RCX37.tmp
- %TEMP%\JwoUgMws.bat
- <Current directory>\uoIE.ico
- <Current directory>\HowW.exe
- <Current directory>\qMYK.exe
- C:\RCX36.tmp
- <Current directory>\QMoo.ico
- <Current directory>\oMIw.ico
- %TEMP%\mMIUUcog.bat
- <Current directory>\GEsS.ico
- <Current directory>\Gscu.exe
- C:\RCX41.tmp
- C:\RCX40.tmp
- <Current directory>\Swge.ico
- <Current directory>\gwkG.exe
- <Current directory>\BYca.ico
- <Current directory>\eYgG.exe
- C:\RCX44.tmp
- C:\RCX43.tmp
- C:\RCX42.tmp
- <Current directory>\BYom.ico
- <Current directory>\agsC.exe
- C:\RCX3D.tmp
- %TEMP%\SCwQAkkM.bat
- <Current directory>\Vwck.ico
- <Current directory>\FsgM.exe
- <Current directory>\wsIC.exe
- C:\RCX3C.tmp
- <Current directory>\ooQw.ico
- C:\RCX3F.tmp
- <Current directory>\WAkc.ico
- <Current directory>\zMsS.exe
- <Current directory>\RooM.exe
- <Current directory>\FkUo.exe
- C:\RCX3E.tmp
- <Current directory>\rsYq.ico
- C:\RCX54.tmp
- <Current directory>\sIMk.exe
- C:\RCX6A.tmp
- <Current directory>\cssy.ico
- <Current directory>\NAYC.ico
- <Current directory>\iMoS.exe
- C:\RCX69.tmp
- %TEMP%\gGwEcsgk.bat
- <Current directory>\cokE.exe
- C:\RCX6C.tmp
- <Current directory>\NAMA.ico
- <Current directory>\Ycoa.ico
- <Current directory>\rIgC.exe
- C:\RCX6B.tmp
- %TEMP%\NkMMsUsQ.bat
- %TEMP%\TGwwwQAI.bat
- C:\RCX66.tmp
- <Current directory>\CAES.ico
- <Current directory>\zIgW.exe
- <Current directory>\osYu.exe
- C:\RCX65.tmp
- <Current directory>\XwwK.ico
- <Current directory>\EMQO.exe
- C:\RCX68.tmp
- <Current directory>\FoMi.ico
- <Current directory>\UwAk.ico
- <Current directory>\vwwc.exe
- C:\RCX67.tmp
- %TEMP%\ScUMUMEU.bat
- <Current directory>\rIom.exe
- %TEMP%\jKUcgckw.bat
- <Current directory>\XEwu.ico
- <Current directory>\HgUK.exe
- C:\RCX72.tmp
- C:\RCX71.tmp
- <Current directory>\zcAE.ico
- <Current directory>\DUUE.exe
- C:\RCX74.tmp
- <Current directory>\zgEi.ico
- <Current directory>\rocE.exe
- <Current directory>\uYIA.exe
- C:\RCX73.tmp
- <Current directory>\IAcA.ico
- %TEMP%\kyQgIQAc.bat
- <Current directory>\UsEK.ico
- <Current directory>\PYEM.exe
- C:\RCX6F.tmp
- C:\RCX6E.tmp
- C:\RCX6D.tmp
- <Current directory>\UUIK.ico
- <Current directory>\wYsM.exe
- %TEMP%\AucscowY.bat
- <Current directory>\rAAg.ico
- <Current directory>\MMcK.exe
- C:\RCX70.tmp
- <Current directory>\rwco.ico
- %TEMP%\YkssMYks.bat
- <Current directory>\qYQe.exe
- <Current directory>\eUYE.exe
- C:\RCX5A.tmp
- <Current directory>\SEoG.ico
- <Current directory>\XwMA.ico
- <Current directory>\vkIs.ico
- <Current directory>\BsMu.exe
- C:\RCX59.tmp
- %TEMP%\PyQAowEw.bat
- <Current directory>\OMQK.exe
- C:\RCX5C.tmp
- <Current directory>\bYky.ico
- <Current directory>\FcYw.exe
- C:\RCX5B.tmp
- %TEMP%\DIEwMEwI.bat
- <Current directory>\FAQm.ico
- <Current directory>\OEMq.exe
- C:\RCX56.tmp
- %TEMP%\siQwUUYY.bat
- <Current directory>\NMUu.ico
- <Current directory>\BYQa.exe
- C:\RCX55.tmp
- <Current directory>\fMwo.ico
- <Current directory>\hgIK.exe
- C:\RCX58.tmp
- %TEMP%\oAkcokUA.bat
- <Current directory>\QoYK.ico
- <Current directory>\sYYU.exe
- C:\RCX57.tmp
- <Current directory>\McUw.ico
- C:\RCX62.tmp
- %TEMP%\pOIEEksQ.bat
- <Current directory>\AsUW.ico
- <Current directory>\kEgG.exe
- <Current directory>\CAQS.exe
- C:\RCX61.tmp
- <Current directory>\GMwc.ico
- <Current directory>\dEse.exe
- C:\RCX64.tmp
- <Current directory>\fgoM.ico
- <Current directory>\skcK.ico
- <Current directory>\rwMm.exe
- C:\RCX63.tmp
- %TEMP%\xOYUsYMY.bat
- C:\RCX5E.tmp
- %TEMP%\PqIkMgkg.bat
- <Current directory>\OEIm.ico
- <Current directory>\MYsK.exe
- <Current directory>\MgEu.exe
- C:\RCX5D.tmp
- <Current directory>\NMYK.ico
- C:\RCX60.tmp
- %TEMP%\weYwIQsg.bat
- <Current directory>\kQcO.ico
- <Current directory>\OMMs.exe
- <Current directory>\YMYe.exe
- C:\RCX5F.tmp
- <Current directory>\jgos.ico
- <Current directory>\KIIQ.ico
- <Current directory>\wgUK.exe
- C:\RCXA.tmp
- C:\RCX9.tmp
- C:\RCX8.tmp
- <Current directory>\YkIa.ico
- <Current directory>\HkYs.exe
- %TEMP%\ZEoUYMUs.bat
- <Current directory>\WssQ.ico
- <Current directory>\zgQm.exe
- %TEMP%\fiscYwck.bat
- <Current directory>\jcIs.ico
- <Current directory>\xMMw.exe
- C:\RCXB.tmp
- C:\RCX5.tmp
- %TEMP%\DMwsMEYw.bat
- <Current directory>\CIUm.ico
- <Current directory>\TcEO.exe
- <Current directory>\KoMe.exe
- C:\RCX4.tmp
- <Current directory>\JwwE.ico
- C:\RCX7.tmp
- <Current directory>\DcUQ.ico
- <Current directory>\Jkwg.exe
- <Current directory>\hwYk.exe
- <Current directory>\wcIm.exe
- C:\RCX6.tmp
- <Current directory>\YQMI.ico
- C:\RCXC.tmp
- <Current directory>\mAAE.exe
- C:\RCX12.tmp
- %TEMP%\pqEQkYkY.bat
- <Current directory>\JkYc.ico
- <Current directory>\poAW.ico
- <Current directory>\UwIe.exe
- C:\RCX11.tmp
- <Current directory>\kQMk.ico
- <Current directory>\SMAQ.exe
- C:\RCX14.tmp
- %TEMP%\MKMMYwwg.bat
- <Current directory>\ucsa.ico
- <Current directory>\jEkG.exe
- C:\RCX13.tmp
- <Current directory>\JcEY.exe
- C:\RCXE.tmp
- %TEMP%\dmEswkAA.bat
- <Current directory>\IEYU.ico
- <Current directory>\IcMu.ico
- <Current directory>\xgEu.exe
- C:\RCXD.tmp
- %TEMP%\UqMIYkkk.bat
- <Current directory>\mIwm.exe
- C:\RCX10.tmp
- <Current directory>\togW.ico
- <Current directory>\ocog.ico
- <Current directory>\ccwW.exe
- C:\RCXF.tmp
- %TEMP%\CGEooIUU.bat
- %TEMP%\GOogcgYY.bat
- %TEMP%\YAgUcUwM.bat
- %TEMP%\fowksgoA.bat
- %TEMP%\xcMUocUQ.bat
- %TEMP%\XYMAUwIk.bat
- %TEMP%\KGMQAYkM.bat
- %TEMP%\jcgkkMgA.bat
- %TEMP%\GwwgUAEg.bat
- %TEMP%\eKsEskAk.bat
- %TEMP%\aEEAYMsc.bat
- %TEMP%\BUcMcscI.bat
- %TEMP%\cEcEMMEg.bat
- %TEMP%\OQwUAUgQ.bat
- %TEMP%\leYUEssY.bat
- %TEMP%\PkYcQEUg.bat
- %TEMP%\ZEwsQYcs.bat
- %TEMP%\EEcwQwMo.bat
- %TEMP%\rmAgEgos.bat
- <Current directory>\<Virus name>
- %TEMP%\eGEEUAkI.bat
- %TEMP%\uCcAcEwU.bat
- %TEMP%\gGAkockw.bat
- %TEMP%\rcwkIUkg.bat
- %TEMP%\file.vbs
- %TEMP%\kYggIggg.bat
- %TEMP%\rIgoUcQY.bat
- %TEMP%\ZgUIkoYk.bat
- %TEMP%\LqMMwYIU.bat
- C:\RCX1.tmp
- <Current directory>\LgUK.ico
- <Current directory>\uEge.exe
- %TEMP%\AeggUIII.bat
- %TEMP%\Ockwgkww.bat
- <Current directory>\yocI.ico
- <Current directory>\YEIO.exe
- C:\RCX3.tmp
- <Current directory>\VcIU.ico
- %TEMP%\TYUocUIQ.bat
- <Current directory>\hwgs.exe
- C:\RCX2.tmp
- <Current directory>\Tcok.ico
- %TEMP%\DskcUkEs.bat
- %TEMP%\EIEYoMUM.bat
- %TEMP%\wEUYYoIw.bat
- %TEMP%\YCIUEAMI.bat
- %TEMP%\QyYQwIgw.bat
- %TEMP%\qCwIEAok.bat
- %TEMP%\GwsQoAAc.bat
- %TEMP%\XiAcMAUI.bat
- %TEMP%\OGIAIYoE.bat
- %TEMP%\jksAEUgM.bat
- %TEMP%\PwMcYYII.bat
- %TEMP%\cUQgUQYA.bat
- %TEMP%\VAkQQIEU.bat
- %TEMP%\VcgAgAkQ.bat
- <Current directory>\VUsu.ico
- <Current directory>\fIUW.ico
- <Current directory>\KQIa.exe
- C:\RCX29.tmp
- C:\RCX28.tmp
- C:\RCX27.tmp
- <Current directory>\zosw.ico
- <Current directory>\zssM.exe
- <Current directory>\oYQO.exe
- %TEMP%\FgcMowwM.bat
- C:\RCX2B.tmp
- <Current directory>\bgYi.ico
- <Current directory>\QEoE.ico
- <Current directory>\rcsm.exe
- C:\RCX2A.tmp
- C:\RCX24.tmp
- <Current directory>\nEkE.ico
- <Current directory>\qkQU.exe
- %TEMP%\dwIsUAQY.bat
- C:\RCX23.tmp
- <Current directory>\HIgs.ico
- <Current directory>\AMEo.exe
- %TEMP%\GyUcAUgI.bat
- <Current directory>\eUke.ico
- <Current directory>\BsAW.exe
- C:\RCX26.tmp
- C:\RCX25.tmp
- <Current directory>\QEMy.ico
- <Current directory>\yYIe.exe
- %TEMP%\ZWEoUIEw.bat
- %TEMP%\wOEAckoA.bat
- <Current directory>\KEIu.exe
- C:\RCX31.tmp
- <Current directory>\Zwsm.ico
- <Current directory>\xYMc.ico
- <Current directory>\fMAM.exe
- C:\RCX30.tmp
- <Current directory>\sYwI.ico
- <Current directory>\igkA.exe
- C:\RCX33.tmp
- C:\RCX32.tmp
- <Current directory>\oosI.ico
- %TEMP%\LQIkoEEc.bat
- <Current directory>\oQQy.exe
- <Current directory>\UcEK.exe
- C:\RCX2D.tmp
- %TEMP%\zSYkogMw.bat
- <Current directory>\FkEG.ico
- <Current directory>\OUgG.ico
- <Current directory>\TcEW.exe
- C:\RCX2C.tmp
- <Current directory>\jQwY.ico
- <Current directory>\OYsk.exe
- C:\RCX2F.tmp
- %TEMP%\VUokYYQc.bat
- <Current directory>\zAMe.ico
- <Current directory>\yYAu.exe
- C:\RCX2E.tmp
- <Current directory>\OEMo.ico
- <Current directory>\AMoY.exe
- C:\RCX1A.tmp
- %TEMP%\BMEYkcos.bat
- <Current directory>\lscW.exe
- C:\RCX19.tmp
- %TEMP%\jeYUcMYo.bat
- C:\RCX1B.tmp
- %TEMP%\mUssMEAo.bat
- <Current directory>\gYcc.ico
- <Current directory>\lgAc.exe
- %TEMP%\IYMUwQgg.bat
- %TEMP%\uysoMAIk.bat
- <Current directory>\uosG.ico
- <Current directory>\Dkok.exe
- C:\RCX16.tmp
- <Current directory>\bMUC.ico
- <Current directory>\iUgE.ico
- <Current directory>\igoq.exe
- C:\RCX15.tmp
- %TEMP%\wIkokUIA.bat
- <Current directory>\coIy.exe
- C:\RCX18.tmp
- <Current directory>\NQIQ.ico
- <Current directory>\KAEa.ico
- <Current directory>\lsQw.exe
- C:\RCX17.tmp
- %TEMP%\agAoEwMo.bat
- <Current directory>\wEQa.exe
- %TEMP%\gQskYMwQ.bat
- <Current directory>\tgwy.ico
- <Current directory>\mgwo.exe
- %TEMP%\VwUsQwgo.bat
- <Current directory>\HMMy.exe
- %TEMP%\IckIYkAk.bat
- C:\RCX20.tmp
- C:\RCX22.tmp
- <Current directory>\OYkA.ico
- <Current directory>\AwIC.exe
- <Current directory>\kIwg.exe
- C:\RCX21.tmp
- %TEMP%\dQIEIAQw.bat
- <Current directory>\ewAc.ico
- C:\RCX1D.tmp
- <Current directory>\YQYw.ico
- %TEMP%\kUUYIgws.bat
- <Current directory>\CAkI.exe
- C:\RCX1C.tmp
- %TEMP%\VCAwEEYc.bat
- <Current directory>\YEIO.ico
- C:\RCX1F.tmp
- %TEMP%\VgYQogks.bat
- <Current directory>\PUMq.ico
- <Current directory>\dYYC.exe
- <Current directory>\DgsY.exe
- C:\RCX1E.tmp
- <Current directory>\JkIe.ico
- %ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe
- %HOMEPATH%\fCkYUMIQ\pUccUkoM.exe
- <Current directory>\WQge.exe
- <Current directory>\cIYu.ico
- <Current directory>\zcAG.exe
- <Current directory>\YIgO.ico
- <Current directory>\cMoK.exe
- <Current directory>\ioAm.exe
- <Current directory>\qkMG.ico
- <Current directory>\AcUc.ico
- %TEMP%\UKAAkUMw.bat
- <Current directory>\jQAS.exe
- <Current directory>\wUgm.ico
- <Current directory>\MIQU.exe
- <Current directory>\eoQs.ico
- <Current directory>\tUMw.exe
- %TEMP%\MKwccwYE.bat
- <Current directory>\okkE.ico
- <Current directory>\LscS.ico
- <Current directory>\bEAQ.exe
- <Current directory>\WsYg.exe
- %TEMP%\FiEwQsks.bat
- <Current directory>\XwIw.exe
- <Current directory>\tMQA.ico
- <Current directory>\xIog.ico
- <Current directory>\OEMq.exe
- <Current directory>\FAQm.ico
- <Current directory>\BYQa.exe
- <Current directory>\NMUu.ico
- <Current directory>\xYkS.exe
- <Current directory>\bwke.ico
- <Current directory>\NwAW.exe
- <Current directory>\DkgA.ico
- %TEMP%\GqQAcYgU.bat
- <Current directory>\qoMA.exe
- <Current directory>\uAsk.ico
- <Current directory>\GAIy.exe
- <Current directory>\CwoY.ico
- %TEMP%\iKccwMYE.bat
- <Current directory>\TUkw.ico
- %TEMP%\gwEcUYso.bat
- <Current directory>\NgIW.ico
- <Current directory>\xowe.exe
- <Current directory>\wsIC.exe
- <Current directory>\ooQw.ico
- <Current directory>\FkUo.exe
- <Current directory>\oMIw.ico
- <Current directory>\FsgM.exe
- <Current directory>\QMoo.ico
- <Current directory>\VUoi.exe
- <Current directory>\lwcc.ico
- <Current directory>\HowW.exe
- <Current directory>\uoIE.ico
- <Current directory>\pkIA.ico
- <Current directory>\CskW.exe
- %TEMP%\JwoUgMws.bat
- <Current directory>\fEwG.exe
- <Current directory>\BYom.ico
- <Current directory>\eYgG.exe
- %TEMP%\mMIUUcog.bat
- <Current directory>\agsC.exe
- <Current directory>\BYca.ico
- <Current directory>\SEko.exe
- <Current directory>\AoAA.ico
- <Current directory>\CIIk.exe
- <Current directory>\UoAY.ico
- <Current directory>\rsYq.ico
- <Current directory>\zMsS.exe
- <Current directory>\Vwck.ico
- <Current directory>\RooM.exe
- <Current directory>\WAkc.ico
- <Current directory>\Gscu.exe
- <Current directory>\GEsS.ico
- <Current directory>\gwkG.exe
- <Current directory>\Swge.ico
- <Current directory>\sIMk.exe
- <Current directory>\NAYC.ico
- <Current directory>\iMoS.exe
- <Current directory>\FoMi.ico
- <Current directory>\rIgC.exe
- <Current directory>\Ycoa.ico
- <Current directory>\rIom.exe
- <Current directory>\cssy.ico
- <Current directory>\cokE.exe
- <Current directory>\XwwK.ico
- <Current directory>\vwwc.exe
- <Current directory>\fgoM.ico
- <Current directory>\zIgW.exe
- <Current directory>\CAES.ico
- <Current directory>\UwAk.ico
- %TEMP%\pOIEEksQ.bat
- %TEMP%\ScUMUMEU.bat
- <Current directory>\EMQO.exe
- <Current directory>\DUUE.exe
- <Current directory>\zcAE.ico
- <Current directory>\MMcK.exe
- <Current directory>\rAAg.ico
- <Current directory>\HgUK.exe
- <Current directory>\IAcA.ico
- %TEMP%\kyQgIQAc.bat
- <Current directory>\XEwu.ico
- <Current directory>\uYIA.exe
- <Current directory>\wYsM.exe
- <Current directory>\UUIK.ico
- <Current directory>\NAMA.ico
- %TEMP%\NkMMsUsQ.bat
- <Current directory>\PYEM.exe
- <Current directory>\rwco.ico
- %TEMP%\AucscowY.bat
- <Current directory>\UsEK.ico
- <Current directory>\qYQe.exe
- <Current directory>\osYu.exe
- <Current directory>\SEoG.ico
- <Current directory>\OMQK.exe
- <Current directory>\XwMA.ico
- <Current directory>\FcYw.exe
- <Current directory>\bYky.ico
- <Current directory>\MgEu.exe
- <Current directory>\McUw.ico
- %TEMP%\siQwUUYY.bat
- %TEMP%\PyQAowEw.bat
- <Current directory>\hgIK.exe
- <Current directory>\fMwo.ico
- <Current directory>\sYYU.exe
- <Current directory>\QoYK.ico
- %TEMP%\MgwsYcgc.bat
- <Current directory>\vkIs.ico
- <Current directory>\eUYE.exe
- %TEMP%\oAkcokUA.bat
- <Current directory>\BsMu.exe
- <Current directory>\rwMm.exe
- <Current directory>\AsUW.ico
- <Current directory>\kEgG.exe
- <Current directory>\GMwc.ico
- %TEMP%\DIEwMEwI.bat
- %TEMP%\xOYUsYMY.bat
- %TEMP%\PqIkMgkg.bat
- <Current directory>\dEse.exe
- <Current directory>\skcK.ico
- <Current directory>\YMYe.exe
- <Current directory>\OEIm.ico
- <Current directory>\MYsK.exe
- <Current directory>\NMYK.ico
- <Current directory>\OMMs.exe
- <Current directory>\CAQS.exe
- <Current directory>\kQcO.ico
- <Current directory>\jgos.ico
- %TEMP%\weYwIQsg.bat
- %TEMP%\ZEoUYMUs.bat
- <Current directory>\xgEu.exe
- <Current directory>\zgQm.exe
- <Current directory>\WssQ.ico
- <Current directory>\IcMu.ico
- <Current directory>\ccwW.exe
- <Current directory>\ocog.ico
- <Current directory>\JcEY.exe
- <Current directory>\IEYU.ico
- <Current directory>\DcUQ.ico
- <Current directory>\HkYs.exe
- <Current directory>\YQMI.ico
- <Current directory>\Jkwg.exe
- <Current directory>\YkIa.ico
- <Current directory>\xMMw.exe
- <Current directory>\jcIs.ico
- <Current directory>\wgUK.exe
- <Current directory>\KIIQ.ico
- <Current directory>\kQMk.ico
- <Current directory>\igoq.exe
- <Current directory>\SMAQ.exe
- %TEMP%\MKMMYwwg.bat
- <Current directory>\VUsu.ico
- <Current directory>\lsQw.exe
- <Current directory>\bMUC.ico
- <Current directory>\Dkok.exe
- <Current directory>\iUgE.ico
- %TEMP%\UqMIYkkk.bat
- <Current directory>\UwIe.exe
- <Current directory>\mIwm.exe
- <Current directory>\togW.ico
- <Current directory>\poAW.ico
- <Current directory>\jEkG.exe
- <Current directory>\ucsa.ico
- <Current directory>\mAAE.exe
- <Current directory>\JkYc.ico
- <Current directory>\hwYk.exe
- %TEMP%\aEEAYMsc.bat
- %TEMP%\eKsEskAk.bat
- %TEMP%\BUcMcscI.bat
- %TEMP%\OQwUAUgQ.bat
- %TEMP%\QyYQwIgw.bat
- %TEMP%\EIEYoMUM.bat
- %TEMP%\VAkQQIEU.bat
- %TEMP%\GwsQoAAc.bat
- %TEMP%\DskcUkEs.bat
- %TEMP%\ZEwsQYcs.bat
- %TEMP%\rIgoUcQY.bat
- %TEMP%\rmAgEgos.bat
- %TEMP%\leYUEssY.bat
- %TEMP%\eGEEUAkI.bat
- %TEMP%\fowksgoA.bat
- %TEMP%\GOogcgYY.bat
- %TEMP%\gGAkockw.bat
- %TEMP%\xcMUocUQ.bat
- <Current directory>\KoMe.exe
- <Current directory>\VcIU.ico
- <Current directory>\YEIO.exe
- <Current directory>\Tcok.ico
- <Current directory>\TcEO.exe
- <Current directory>\CIUm.ico
- %TEMP%\DMwsMEYw.bat
- <Current directory>\JwwE.ico
- <Current directory>\wcIm.exe
- %TEMP%\OGIAIYoE.bat
- %TEMP%\AeggUIII.bat
- %TEMP%\cUQgUQYA.bat
- %TEMP%\PwMcYYII.bat
- <Current directory>\uEge.exe
- <Current directory>\hwgs.exe
- <Current directory>\LgUK.ico
- <Current directory>\yocI.ico
- %TEMP%\LqMMwYIU.bat
- <Current directory>\bgYi.ico
- %TEMP%\FgcMowwM.bat
- <Current directory>\QEoE.ico
- <Current directory>\oYQO.exe
- <Current directory>\TcEW.exe
- <Current directory>\FkEG.ico
- <Current directory>\yYAu.exe
- <Current directory>\OUgG.ico
- <Current directory>\UcEK.exe
- <Current directory>\eUke.ico
- <Current directory>\zssM.exe
- <Current directory>\QEMy.ico
- <Current directory>\BsAW.exe
- <Current directory>\zosw.ico
- <Current directory>\fIUW.ico
- <Current directory>\rcsm.exe
- %TEMP%\GyUcAUgI.bat
- <Current directory>\KQIa.exe
- <Current directory>\sYwI.ico
- <Current directory>\qoco.exe
- <Current directory>\oosI.ico
- <Current directory>\igkA.exe
- <Current directory>\wMEc.ico
- <Current directory>\YkIC.ico
- <Current directory>\qMYK.exe
- %TEMP%\LQIkoEEc.bat
- <Current directory>\LEYQ.exe
- <Current directory>\jQwY.ico
- %TEMP%\VUokYYQc.bat
- <Current directory>\zAMe.ico
- <Current directory>\OYsk.exe
- <Current directory>\fMAM.exe
- <Current directory>\Zwsm.ico
- <Current directory>\oQQy.exe
- <Current directory>\xYMc.ico
- <Current directory>\KEIu.exe
- <Current directory>\yYIe.exe
- <Current directory>\uosG.ico
- <Current directory>\wEQa.exe
- %TEMP%\uysoMAIk.bat
- <Current directory>\lgAc.exe
- <Current directory>\gYcc.ico
- <Current directory>\YEIO.ico
- <Current directory>\DgsY.exe
- %TEMP%\VCAwEEYc.bat
- <Current directory>\CAkI.exe
- <Current directory>\KAEa.ico
- <Current directory>\lscW.exe
- %TEMP%\agAoEwMo.bat
- <Current directory>\coIy.exe
- <Current directory>\NQIQ.ico
- <Current directory>\AMoY.exe
- <Current directory>\OEMo.ico
- %TEMP%\BMEYkcos.bat
- %TEMP%\wIkokUIA.bat
- %TEMP%\dQIEIAQw.bat
- <Current directory>\AwIC.exe
- <Current directory>\kIwg.exe
- <Current directory>\ewAc.ico
- <Current directory>\OYkA.ico
- <Current directory>\qkQU.exe
- <Current directory>\nEkE.ico
- <Current directory>\AMEo.exe
- <Current directory>\HIgs.ico
- <Current directory>\JkIe.ico
- %TEMP%\VgYQogks.bat
- <Current directory>\YQYw.ico
- <Current directory>\dYYC.exe
- %TEMP%\VwUsQwgo.bat
- <Current directory>\mgwo.exe
- <Current directory>\tgwy.ico
- <Current directory>\HMMy.exe
- <Current directory>\PUMq.ico
- from C:\RCX4E.tmp to <Current directory>\ioAm.exe
- from C:\RCX4F.tmp to <Current directory>\NwAW.exe
- from C:\RCX50.tmp to <Current directory>\xYkS.exe
- from C:\RCX4D.tmp to <Current directory>\cMoK.exe
- from C:\RCX4A.tmp to <Current directory>\bEAQ.exe
- from C:\RCX4B.tmp to <Current directory>\zcAG.exe
- from C:\RCX4C.tmp to <Current directory>\WQge.exe
- from C:\RCX55.tmp to <Current directory>\BYQa.exe
- from C:\RCX56.tmp to <Current directory>\OEMq.exe
- from C:\RCX57.tmp to <Current directory>\sYYU.exe
- from C:\RCX54.tmp to <Current directory>\WsYg.exe
- from C:\RCX51.tmp to <Current directory>\GAIy.exe
- from C:\RCX52.tmp to <Current directory>\qoMA.exe
- from C:\RCX53.tmp to <Current directory>\XwIw.exe
- from C:\RCX49.tmp to <Current directory>\tUMw.exe
- from C:\RCX3F.tmp to <Current directory>\RooM.exe
- from C:\RCX40.tmp to <Current directory>\zMsS.exe
- from C:\RCX41.tmp to <Current directory>\gwkG.exe
- from C:\RCX3E.tmp to <Current directory>\FkUo.exe
- from C:\RCX3B.tmp to <Current directory>\xowe.exe
- from C:\RCX3C.tmp to <Current directory>\wsIC.exe
- from C:\RCX3D.tmp to <Current directory>\FsgM.exe
- from C:\RCX46.tmp to <Current directory>\SEko.exe
- from C:\RCX47.tmp to <Current directory>\MIQU.exe
- from C:\RCX48.tmp to <Current directory>\jQAS.exe
- from C:\RCX45.tmp to <Current directory>\CIIk.exe
- from C:\RCX42.tmp to <Current directory>\Gscu.exe
- from C:\RCX43.tmp to <Current directory>\agsC.exe
- from C:\RCX44.tmp to <Current directory>\eYgG.exe
- from C:\RCX6B.tmp to <Current directory>\rIgC.exe
- from C:\RCX6C.tmp to <Current directory>\cokE.exe
- from C:\RCX6D.tmp to <Current directory>\rIom.exe
- from C:\RCX6A.tmp to <Current directory>\sIMk.exe
- from C:\RCX67.tmp to <Current directory>\vwwc.exe
- from C:\RCX68.tmp to <Current directory>\EMQO.exe
- from C:\RCX69.tmp to <Current directory>\iMoS.exe
- from C:\RCX72.tmp to <Current directory>\DUUE.exe
- from C:\RCX73.tmp to <Current directory>\HgUK.exe
- from C:\RCX74.tmp to <Current directory>\uYIA.exe
- from C:\RCX71.tmp to <Current directory>\MMcK.exe
- from C:\RCX6E.tmp to <Current directory>\wYsM.exe
- from C:\RCX6F.tmp to <Current directory>\PYEM.exe
- from C:\RCX70.tmp to <Current directory>\qYQe.exe
- from C:\RCX66.tmp to <Current directory>\zIgW.exe
- from C:\RCX5C.tmp to <Current directory>\OMQK.exe
- from C:\RCX5D.tmp to <Current directory>\MgEu.exe
- from C:\RCX5E.tmp to <Current directory>\MYsK.exe
- from C:\RCX5B.tmp to <Current directory>\FcYw.exe
- from C:\RCX58.tmp to <Current directory>\hgIK.exe
- from C:\RCX59.tmp to <Current directory>\BsMu.exe
- from C:\RCX5A.tmp to <Current directory>\eUYE.exe
- from C:\RCX63.tmp to <Current directory>\rwMm.exe
- from C:\RCX64.tmp to <Current directory>\dEse.exe
- from C:\RCX65.tmp to <Current directory>\osYu.exe
- from C:\RCX62.tmp to <Current directory>\kEgG.exe
- from C:\RCX5F.tmp to <Current directory>\YMYe.exe
- from C:\RCX60.tmp to <Current directory>\OMMs.exe
- from C:\RCX61.tmp to <Current directory>\CAQS.exe
- from C:\RCX14.tmp to <Current directory>\SMAQ.exe
- from C:\RCX15.tmp to <Current directory>\igoq.exe
- from C:\RCX16.tmp to <Current directory>\Dkok.exe
- from C:\RCX13.tmp to <Current directory>\jEkG.exe
- from C:\RCX10.tmp to <Current directory>\mIwm.exe
- from C:\RCX11.tmp to <Current directory>\UwIe.exe
- from C:\RCX12.tmp to <Current directory>\mAAE.exe
- from C:\RCX1B.tmp to <Current directory>\lgAc.exe
- from C:\RCX1C.tmp to <Current directory>\wEQa.exe
- from C:\RCX1D.tmp to <Current directory>\CAkI.exe
- from C:\RCX1A.tmp to <Current directory>\AMoY.exe
- from C:\RCX17.tmp to <Current directory>\lsQw.exe
- from C:\RCX18.tmp to <Current directory>\coIy.exe
- from C:\RCX19.tmp to <Current directory>\lscW.exe
- from C:\RCXF.tmp to <Current directory>\ccwW.exe
- from C:\RCX5.tmp to <Current directory>\TcEO.exe
- from C:\RCX6.tmp to <Current directory>\wcIm.exe
- from C:\RCX7.tmp to <Current directory>\hwYk.exe
- from C:\RCX4.tmp to <Current directory>\KoMe.exe
- from C:\RCX1.tmp to <Current directory>\uEge.exe
- from C:\RCX2.tmp to <Current directory>\hwgs.exe
- from C:\RCX3.tmp to <Current directory>\YEIO.exe
- from C:\RCXC.tmp to <Current directory>\zgQm.exe
- from C:\RCXD.tmp to <Current directory>\xgEu.exe
- from C:\RCXE.tmp to <Current directory>\JcEY.exe
- from C:\RCXB.tmp to <Current directory>\xMMw.exe
- from C:\RCX8.tmp to <Current directory>\Jkwg.exe
- from C:\RCX9.tmp to <Current directory>\HkYs.exe
- from C:\RCXA.tmp to <Current directory>\wgUK.exe
- from C:\RCX31.tmp to <Current directory>\KEIu.exe
- from C:\RCX32.tmp to <Current directory>\oQQy.exe
- from C:\RCX33.tmp to <Current directory>\igkA.exe
- from C:\RCX30.tmp to <Current directory>\fMAM.exe
- from C:\RCX2D.tmp to <Current directory>\UcEK.exe
- from C:\RCX2E.tmp to <Current directory>\yYAu.exe
- from C:\RCX2F.tmp to <Current directory>\OYsk.exe
- from C:\RCX38.tmp to <Current directory>\VUoi.exe
- from C:\RCX39.tmp to <Current directory>\fEwG.exe
- from C:\RCX3A.tmp to <Current directory>\CskW.exe
- from C:\RCX37.tmp to <Current directory>\HowW.exe
- from C:\RCX34.tmp to <Current directory>\qoco.exe
- from C:\RCX35.tmp to <Current directory>\LEYQ.exe
- from C:\RCX36.tmp to <Current directory>\qMYK.exe
- from C:\RCX2C.tmp to <Current directory>\TcEW.exe
- from C:\RCX22.tmp to <Current directory>\kIwg.exe
- from C:\RCX23.tmp to <Current directory>\AwIC.exe
- from C:\RCX24.tmp to <Current directory>\AMEo.exe
- from C:\RCX21.tmp to <Current directory>\mgwo.exe
- from C:\RCX1E.tmp to <Current directory>\DgsY.exe
- from C:\RCX1F.tmp to <Current directory>\dYYC.exe
- from C:\RCX20.tmp to <Current directory>\HMMy.exe
- from C:\RCX29.tmp to <Current directory>\KQIa.exe
- from C:\RCX2A.tmp to <Current directory>\rcsm.exe
- from C:\RCX2B.tmp to <Current directory>\oYQO.exe
- from C:\RCX28.tmp to <Current directory>\zssM.exe
- from C:\RCX25.tmp to <Current directory>\qkQU.exe
- from C:\RCX26.tmp to <Current directory>\yYIe.exe
- from C:\RCX27.tmp to <Current directory>\BsAW.exe
- '20#.#19.204.12':666
- '19#.#86.45.170':666
- '74.##5.232.51':80
- '20#.#7.164.69':666
- '20#.#7.164.69':9999
- '20#.#19.204.12':9999
- '19#.#86.45.170':9999
- 74.##5.232.51/
- DNS ASK google.com
- ClassName: 'Indicator' WindowName: ''