Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aeEkEEcE.exe' = '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pUccUkoM.exe' = '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- hidden files
- file extensions
- User Account Control (UAC)
- '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\NQsEEAcU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\isksAswA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\FqwUcocE.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\fowcAwsk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\DEAwEQAg.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=5944
- '<SYSTEM32>\reg.exe' /pid=3968
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\lmIcAsYc.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=6020
- '<SYSTEM32>\reg.exe' /pid=3912
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\bgkAcoYA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\QykIMoUw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\KYgQMgUA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RqUEQMMM.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\FcgcAgsY.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3168
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\zYgUEUsQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\NmQkswUU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\yEYgkksI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\DWwsUgQQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\NIskMEIs.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\VGIkIwwM.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\nGosgkQs.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\hwcIUgMQ.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=4708
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\eEMokgAI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=2952
- '<SYSTEM32>\reg.exe' /pid=4328
- '<SYSTEM32>\reg.exe' /pid=4268
- '<SYSTEM32>\cscript.exe' /pid=4932
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\zoIMAcYg.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=4976
- '<SYSTEM32>\reg.exe' /pid=4520
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\bKIUckUA.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=4220
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\nCgUQYIQ.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=1720
- '<SYSTEM32>\cscript.exe' /c ""%TEMP%\XmUAsgEA.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=2572
- '<SYSTEM32>\reg.exe' /pid=3664
- '<SYSTEM32>\reg.exe' /pid=4060
- '<SYSTEM32>\cscript.exe' /pid=4144
- '<SYSTEM32>\reg.exe' /pid=2568
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\fqwooEAs.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3892
- '<SYSTEM32>\cscript.exe' /pid=3328
- '<SYSTEM32>\cscript.exe' /c ""%TEMP%\iSQEIgoQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\YcQkwAAQ.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\iccQAMQI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\yWwwQMsk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\hQEUQcYw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\XgAIQoYI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\EMQosIcc.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=404
- '<SYSTEM32>\reg.exe' /pid=2520
- '<SYSTEM32>\reg.exe' %TEMP%\file.vbs
- '<SYSTEM32>\reg.exe' /pid=2968
- '<SYSTEM32>\reg.exe' /pid=2788
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\vecIMYAk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\HmIcwEoM.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\siMwgcEU.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\cscript.exe' %TEMP%\file.vbs
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\suUsQMAM.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\mCoUkEIU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\XMYkksAc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\HwUkEgIs.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\biwEQYwU.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3572
- '<SYSTEM32>\reg.exe' /pid=3972
- '<SYSTEM32>\reg.exe' /pid=3568
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\mqIsgIkI.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' /pid=904
- '<SYSTEM32>\reg.exe' /pid=2524
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\kIYIoUwg.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' /pid=1672
- '<SYSTEM32>\reg.exe' /pid=292
- '<SYSTEM32>\reg.exe' /pid=3104
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\jGEMcAcc.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=2672
- '<SYSTEM32>\reg.exe' /pid=3136
- '<SYSTEM32>\reg.exe' /pid=2716
- '<SYSTEM32>\cscript.exe' /pid=3384
- '<SYSTEM32>\cscript.exe' /pid=3048
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\vEgwUsgk.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=3696
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\kokcQgsI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3592
- '<SYSTEM32>\reg.exe'
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\reg.exe
- <Current directory>\zAkO.exe
- C:\RCX4A.tmp
- <Current directory>\NUYC.ico
- <Current directory>\vwAY.ico
- <Current directory>\EAos.ico
- <Current directory>\yYoO.exe
- C:\RCX49.tmp
- <Current directory>\okYo.exe
- C:\RCX4C.tmp
- <Current directory>\Osom.ico
- <Current directory>\KYgW.ico
- <Current directory>\UAcc.exe
- C:\RCX4B.tmp
- %TEMP%\isksAswA.bat
- <Current directory>\LEIy.ico
- <Current directory>\OAIM.exe
- %TEMP%\AoIgMIkw.bat
- C:\RCX45.tmp
- %TEMP%\NQsEEAcU.bat
- <Current directory>\MYMe.ico
- <Current directory>\DcUC.exe
- <Current directory>\iEcM.ico
- <Current directory>\GsMc.exe
- C:\RCX48.tmp
- C:\RCX47.tmp
- C:\RCX46.tmp
- <Current directory>\AkMK.ico
- <Current directory>\Bggm.exe
- C:\RCX52.tmp
- <Current directory>\sQAI.ico
- <Current directory>\qsIs.exe
- <Current directory>\YIci.exe
- C:\RCX51.tmp
- %TEMP%\bgkAcoYA.bat
- <Current directory>\oQEG.ico
- C:\RCX54.tmp
- <Current directory>\yQoM.ico
- <Current directory>\lMke.exe
- <Current directory>\GksM.exe
- C:\RCX53.tmp
- %TEMP%\XUkAcIwA.bat
- <Current directory>\qogi.ico
- <Current directory>\SMQI.exe
- C:\RCX4E.tmp
- <Current directory>\vEcw.ico
- <Current directory>\NQcK.ico
- <Current directory>\YMYQ.exe
- %TEMP%\uCEgokUc.bat
- C:\RCX4D.tmp
- C:\RCX50.tmp
- <Current directory>\iMks.ico
- <Current directory>\RkEI.exe
- <Current directory>\vgII.exe
- <Current directory>\oQUa.exe
- C:\RCX4F.tmp
- <Current directory>\OMIa.ico
- %TEMP%\tKccswYA.bat
- <Current directory>\eQUg.ico
- <Current directory>\akcY.exe
- C:\RCX39.tmp
- C:\RCX38.tmp
- <Current directory>\NQQG.ico
- <Current directory>\AgUK.exe
- <Current directory>\lIoQ.ico
- <Current directory>\oscE.exe
- C:\RCX3C.tmp
- C:\RCX3B.tmp
- C:\RCX3A.tmp
- <Current directory>\swoG.ico
- <Current directory>\Fwke.exe
- C:\RCX35.tmp
- <Current directory>\NYkA.ico
- <Current directory>\LQAE.exe
- <Current directory>\DEIm.exe
- %TEMP%\QykIMoUw.bat
- <Current directory>\GwQw.ico
- %TEMP%\BqgswMUw.bat
- %TEMP%\fowcAwsk.bat
- <Current directory>\lcAi.ico
- <Current directory>\VMck.exe
- C:\RCX37.tmp
- C:\RCX36.tmp
- <Current directory>\NoEM.ico
- <Current directory>\BYgq.exe
- <Current directory>\Pwga.exe
- C:\RCX42.tmp
- %TEMP%\FqwUcocE.bat
- <Current directory>\poUe.ico
- <Current directory>\mgQO.ico
- <Current directory>\tYMo.exe
- C:\RCX41.tmp
- <Current directory>\ScIW.ico
- <Current directory>\pIcw.exe
- C:\RCX44.tmp
- C:\RCX43.tmp
- %TEMP%\OqsYYokw.bat
- <Current directory>\aIcO.ico
- <Current directory>\JgQc.exe
- %TEMP%\vkUoQgMg.bat
- <Current directory>\RwQm.ico
- <Current directory>\fsYw.exe
- C:\RCX3D.tmp
- <Current directory>\rock.ico
- <Current directory>\TMgk.exe
- %TEMP%\DEAwEQAg.bat
- <Current directory>\AccO.ico
- <Current directory>\CAwc.exe
- C:\RCX40.tmp
- C:\RCX3F.tmp
- C:\RCX3E.tmp
- <Current directory>\QoEG.ico
- <Current directory>\UMQs.exe
- C:\RCX55.tmp
- <Current directory>\ssYI.exe
- C:\RCX6B.tmp
- <Current directory>\hAEo.ico
- <Current directory>\powS.ico
- <Current directory>\rMMc.ico
- <Current directory>\AEYw.exe
- C:\RCX6A.tmp
- <Current directory>\xMoS.exe
- %TEMP%\nSIkAUcc.bat
- C:\RCX6D.tmp
- <Current directory>\OcgU.ico
- <Current directory>\eUQW.exe
- %TEMP%\hwcIUgMQ.bat
- C:\RCX6C.tmp
- <Current directory>\bsUq.exe
- C:\RCX67.tmp
- %TEMP%\eEMokgAI.bat
- <Current directory>\wosE.ico
- <Current directory>\TAAu.ico
- <Current directory>\zcQE.exe
- C:\RCX66.tmp
- <Current directory>\xIQi.ico
- <Current directory>\uEUA.exe
- C:\RCX69.tmp
- %TEMP%\YcswYQgU.bat
- <Current directory>\LgcI.ico
- <Current directory>\kYQw.exe
- C:\RCX68.tmp
- <Current directory>\Ewse.exe
- C:\RCX73.tmp
- %TEMP%\zoIMAcYg.bat
- <Current directory>\OwkK.ico
- <Current directory>\hAIS.ico
- <Current directory>\gUEy.exe
- C:\RCX72.tmp
- <Current directory>\gQoM.ico
- <Current directory>\pAIQ.exe
- C:\RCX75.tmp
- %TEMP%\NCMoIoQk.bat
- <Current directory>\fgwm.ico
- <Current directory>\AcYY.exe
- C:\RCX74.tmp
- <Current directory>\QQUc.exe
- C:\RCX6F.tmp
- %TEMP%\bKIUckUA.bat
- <Current directory>\noQi.ico
- <Current directory>\DwAU.ico
- <Current directory>\asEy.exe
- C:\RCX6E.tmp
- <Current directory>\WcIG.ico
- <Current directory>\vgQe.exe
- C:\RCX71.tmp
- C:\RCX70.tmp
- %TEMP%\LoowkMYA.bat
- <Current directory>\UEII.ico
- <Current directory>\okYA.exe
- <Current directory>\jAkg.ico
- <Current directory>\zwsM.exe
- C:\RCX5B.tmp
- %TEMP%\XmUAsgEA.bat
- <Current directory>\lwAS.ico
- <Current directory>\DoES.exe
- C:\RCX5A.tmp
- <Current directory>\cUAo.ico
- <Current directory>\UgMS.exe
- C:\RCX5D.tmp
- C:\RCX5C.tmp
- %TEMP%\yqMggMck.bat
- <Current directory>\YkcQ.ico
- <Current directory>\rQAw.exe
- <Current directory>\NwkW.exe
- C:\RCX57.tmp
- <Current directory>\pIoU.ico
- <Current directory>\bkYO.ico
- <Current directory>\AwEc.ico
- <Current directory>\PMcc.exe
- C:\RCX56.tmp
- <Current directory>\aAQs.ico
- <Current directory>\fQYI.exe
- C:\RCX59.tmp
- %TEMP%\lcAQccoU.bat
- <Current directory>\qooo.exe
- C:\RCX58.tmp
- %TEMP%\lmIcAsYc.bat
- <Current directory>\KoIS.ico
- <Current directory>\twAO.exe
- C:\RCX63.tmp
- C:\RCX62.tmp
- <Current directory>\Eogg.ico
- <Current directory>\hUUu.exe
- %TEMP%\fqwooEAs.bat
- <Current directory>\ZooI.ico
- <Current directory>\EIkS.exe
- C:\RCX65.tmp
- C:\RCX64.tmp
- <Current directory>\xcUI.ico
- %TEMP%\wyUgQEEw.bat
- <Current directory>\aUIU.exe
- <Current directory>\jMYK.ico
- <Current directory>\OMYE.exe
- %TEMP%\PoMEowIs.bat
- C:\RCX5E.tmp
- <Current directory>\woIk.ico
- <Current directory>\cYcG.exe
- %TEMP%\nCgUQYIQ.bat
- <Current directory>\ksYc.ico
- <Current directory>\XoIo.exe
- C:\RCX61.tmp
- C:\RCX60.tmp
- C:\RCX5F.tmp
- <Current directory>\cMsC.ico
- <Current directory>\HIsC.exe
- C:\RCX34.tmp
- C:\RCX9.tmp
- <Current directory>\yksw.ico
- <Current directory>\vQsK.exe
- <Current directory>\pMki.exe
- C:\RCX8.tmp
- %TEMP%\GOocEAwo.bat
- <Current directory>\XcMG.ico
- C:\RCXB.tmp
- <Current directory>\LkUI.ico
- %TEMP%\TKUIQIUE.bat
- <Current directory>\SocO.exe
- C:\RCXA.tmp
- %TEMP%\iSQEIgoQ.bat
- <Current directory>\fIoS.ico
- %TEMP%\yYQMkgEc.bat
- <Current directory>\isUU.ico
- <Current directory>\egMG.exe
- %TEMP%\JQoUAMIw.bat
- <Current directory>\PMYE.ico
- <Current directory>\pwAO.exe
- C:\RCX5.tmp
- <Current directory>\BAMG.ico
- <Current directory>\rYkS.exe
- %TEMP%\kIYIoUwg.bat
- C:\RCX7.tmp
- C:\RCX6.tmp
- <Current directory>\YUcS.ico
- <Current directory>\dEgA.exe
- C:\RCX11.tmp
- %TEMP%\FcgcAgsY.bat
- <Current directory>\iEkE.ico
- <Current directory>\WwwS.exe
- <Current directory>\fUsg.exe
- C:\RCX10.tmp
- <Current directory>\dgIS.ico
- <Current directory>\NAAE.exe
- C:\RCX13.tmp
- <Current directory>\uIoI.ico
- <Current directory>\fgYe.ico
- <Current directory>\osQw.exe
- %TEMP%\XAAoQcwE.bat
- C:\RCX12.tmp
- C:\RCXD.tmp
- <Current directory>\cosk.ico
- <Current directory>\gcII.exe
- <Current directory>\nUoe.exe
- <Current directory>\tUsO.exe
- C:\RCXC.tmp
- <Current directory>\TgkK.ico
- C:\RCXF.tmp
- %TEMP%\siQQwgIE.bat
- <Current directory>\LQQy.ico
- <Current directory>\oUUi.exe
- C:\RCXE.tmp
- %TEMP%\zYgUEUsQ.bat
- <Current directory>\MAYQ.ico
- %TEMP%\vecIMYAk.bat
- %TEMP%\oOQQUkMg.bat
- %TEMP%\MCswIEYI.bat
- %TEMP%\EwkIkosM.bat
- %TEMP%\suUsQMAM.bat
- %TEMP%\FCQocYgY.bat
- %TEMP%\mCoUkEIU.bat
- %TEMP%\yWwwQMsk.bat
- %TEMP%\YcQkwAAQ.bat
- %TEMP%\HeYwQwkg.bat
- %TEMP%\uwUYgYYY.bat
- %TEMP%\XgAIQoYI.bat
- %TEMP%\hQEUQcYw.bat
- %TEMP%\yIQAIQEM.bat
- %TEMP%\TuYsgQwk.bat
- %TEMP%\siMwgcEU.bat
- %TEMP%\file.vbs
- %TEMP%\HmIcwEoM.bat
- %TEMP%\awEwAgAU.bat
- <Current directory>\<Virus name>
- %TEMP%\ksEoUEcM.bat
- %TEMP%\XMYkksAc.bat
- %TEMP%\ZWssYQwE.bat
- %TEMP%\biwEQYwU.bat
- %TEMP%\riEYskgE.bat
- %TEMP%\HwUkEgIs.bat
- %TEMP%\FcEUoUwc.bat
- <Current directory>\wAEi.ico
- <Current directory>\xEAu.exe
- %TEMP%\ayscQoAU.bat
- %TEMP%\iIUEYskg.bat
- <Current directory>\igsc.ico
- <Current directory>\KsEu.exe
- C:\RCX1.tmp
- <Current directory>\ucAQ.ico
- <Current directory>\JIkY.exe
- C:\RCX4.tmp
- C:\RCX3.tmp
- C:\RCX2.tmp
- <Current directory>\HwoO.ico
- <Current directory>\xcIu.exe
- %TEMP%\yAIogsUM.bat
- %TEMP%\deYYooUo.bat
- %TEMP%\jGEMcAcc.bat
- %TEMP%\EMQosIcc.bat
- %TEMP%\iccQAMQI.bat
- %TEMP%\ImQMUQUk.bat
- %TEMP%\JYkAsYYA.bat
- %TEMP%\ZCcEkEsA.bat
- %TEMP%\mqIsgIkI.bat
- %TEMP%\ToEEkIgg.bat
- %TEMP%\kokcQgsI.bat
- %TEMP%\UoQQwcUI.bat
- %TEMP%\FasUkQkQ.bat
- %TEMP%\vEgwUsgk.bat
- <Current directory>\OUkE.exe
- <Current directory>\iAku.exe
- C:\RCX29.tmp
- <Current directory>\ZYIw.ico
- <Current directory>\mgMO.ico
- <Current directory>\TQQg.ico
- <Current directory>\goQC.exe
- C:\RCX28.tmp
- <Current directory>\vEky.ico
- <Current directory>\lggU.exe
- C:\RCX2B.tmp
- %TEMP%\CkEssQwc.bat
- <Current directory>\zYEK.exe
- C:\RCX2A.tmp
- %TEMP%\yEYgkksI.bat
- <Current directory>\Vokc.ico
- <Current directory>\zIQM.exe
- C:\RCX25.tmp
- %TEMP%\NIskMEIs.bat
- <Current directory>\WMoA.ico
- <Current directory>\hQoY.exe
- C:\RCX24.tmp
- <Current directory>\cQAI.ico
- <Current directory>\GMsA.exe
- C:\RCX27.tmp
- C:\RCX26.tmp
- %TEMP%\QYgQIsQE.bat
- <Current directory>\dAYW.ico
- <Current directory>\XYwA.exe
- <Current directory>\wUsu.exe
- C:\RCX31.tmp
- <Current directory>\hcUA.ico
- <Current directory>\dEkc.ico
- <Current directory>\oAgC.exe
- %TEMP%\HOgkkMEc.bat
- C:\RCX30.tmp
- C:\RCX33.tmp
- <Current directory>\TcQo.ico
- <Current directory>\IMkC.exe
- <Current directory>\PUAq.exe
- <Current directory>\akAO.exe
- C:\RCX32.tmp
- <Current directory>\wYks.ico
- <Current directory>\GcUE.exe
- C:\RCX2D.tmp
- <Current directory>\rUEO.ico
- <Current directory>\PQEQ.ico
- <Current directory>\sEsC.ico
- <Current directory>\xQge.exe
- C:\RCX2C.tmp
- C:\RCX2F.tmp
- %TEMP%\DWwsUgQQ.bat
- <Current directory>\MoEu.ico
- <Current directory>\lkIW.exe
- <Current directory>\aQgw.exe
- C:\RCX2E.tmp
- <Current directory>\xUUC.ico
- <Current directory>\Csse.ico
- <Current directory>\pYAW.exe
- C:\RCX1A.tmp
- C:\RCX19.tmp
- %TEMP%\LqIoUUgs.bat
- <Current directory>\vIQk.ico
- <Current directory>\vAUq.exe
- <Current directory>\zYQO.ico
- %TEMP%\mSwgAgQk.bat
- <Current directory>\pgsg.exe
- C:\RCX1B.tmp
- <Current directory>\JIcI.ico
- <Current directory>\IIUw.exe
- %TEMP%\RqUEQMMM.bat
- <Current directory>\iQAy.ico
- <Current directory>\zcsA.exe
- C:\RCX16.tmp
- C:\RCX15.tmp
- C:\RCX14.tmp
- <Current directory>\XQAK.ico
- <Current directory>\BMwa.exe
- <Current directory>\BIQE.exe
- %TEMP%\KYgQMgUA.bat
- C:\RCX18.tmp
- <Current directory>\MswM.ico
- <Current directory>\aUEQ.ico
- <Current directory>\gEQs.exe
- C:\RCX17.tmp
- <Current directory>\VYUe.exe
- C:\RCX21.tmp
- %TEMP%\nGosgkQs.bat
- <Current directory>\AcYK.ico
- C:\RCX20.tmp
- %TEMP%\VGIkIwwM.bat
- %TEMP%\NEMsIowY.bat
- <Current directory>\RkoW.ico
- <Current directory>\ZcUy.exe
- C:\RCX23.tmp
- %TEMP%\aWEgYwoY.bat
- <Current directory>\mokQ.ico
- <Current directory>\dUIk.exe
- C:\RCX22.tmp
- <Current directory>\bgQE.ico
- <Current directory>\qIws.exe
- C:\RCX1E.tmp
- C:\RCX1D.tmp
- C:\RCX1C.tmp
- <Current directory>\XUEo.ico
- <Current directory>\ZAAe.exe
- %TEMP%\GIgEAUEE.bat
- <Current directory>\fscy.ico
- <Current directory>\dQEi.exe
- %TEMP%\NmQkswUU.bat
- <Current directory>\XAEe.ico
- <Current directory>\SgAc.exe
- C:\RCX1F.tmp
- %ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe
- %HOMEPATH%\fCkYUMIQ\pUccUkoM.exe
- <Current directory>\UAcc.exe
- <Current directory>\NUYC.ico
- <Current directory>\zAkO.exe
- <Current directory>\vwAY.ico
- <Current directory>\YMYQ.exe
- <Current directory>\Osom.ico
- <Current directory>\okYo.exe
- <Current directory>\KYgW.ico
- <Current directory>\EAos.ico
- <Current directory>\Bggm.exe
- <Current directory>\AkMK.ico
- <Current directory>\OAIM.exe
- <Current directory>\LEIy.ico
- <Current directory>\iEcM.ico
- <Current directory>\yYoO.exe
- <Current directory>\GsMc.exe
- %TEMP%\AoIgMIkw.bat
- %TEMP%\uCEgokUc.bat
- <Current directory>\sQAI.ico
- <Current directory>\GksM.exe
- <Current directory>\oQEG.ico
- <Current directory>\qsIs.exe
- <Current directory>\yQoM.ico
- %TEMP%\XUkAcIwA.bat
- <Current directory>\qogi.ico
- <Current directory>\lMke.exe
- <Current directory>\YIci.exe
- <Current directory>\oQUa.exe
- <Current directory>\vEcw.ico
- <Current directory>\SMQI.exe
- <Current directory>\NQcK.ico
- <Current directory>\RkEI.exe
- <Current directory>\iMks.ico
- <Current directory>\vgII.exe
- <Current directory>\OMIa.ico
- <Current directory>\MYMe.ico
- %TEMP%\tKccswYA.bat
- <Current directory>\Fwke.exe
- <Current directory>\akcY.exe
- <Current directory>\eQUg.ico
- <Current directory>\lIoQ.ico
- <Current directory>\TMgk.exe
- <Current directory>\swoG.ico
- <Current directory>\oscE.exe
- <Current directory>\NQQG.ico
- <Current directory>\NYkA.ico
- <Current directory>\BYgq.exe
- %TEMP%\BqgswMUw.bat
- <Current directory>\LQAE.exe
- <Current directory>\lcAi.ico
- <Current directory>\AgUK.exe
- <Current directory>\NoEM.ico
- <Current directory>\VMck.exe
- <Current directory>\rock.ico
- <Current directory>\JgQc.exe
- <Current directory>\aIcO.ico
- <Current directory>\Pwga.exe
- <Current directory>\poUe.ico
- <Current directory>\ScIW.ico
- <Current directory>\DcUC.exe
- %TEMP%\OqsYYokw.bat
- <Current directory>\pIcw.exe
- <Current directory>\mgQO.ico
- <Current directory>\UMQs.exe
- <Current directory>\QoEG.ico
- <Current directory>\fsYw.exe
- <Current directory>\RwQm.ico
- <Current directory>\AccO.ico
- <Current directory>\tYMo.exe
- %TEMP%\vkUoQgMg.bat
- <Current directory>\CAwc.exe
- <Current directory>\PMcc.exe
- <Current directory>\AEYw.exe
- <Current directory>\rMMc.ico
- <Current directory>\xIQi.ico
- %TEMP%\YcswYQgU.bat
- <Current directory>\eUQW.exe
- <Current directory>\hAEo.ico
- <Current directory>\ssYI.exe
- <Current directory>\powS.ico
- <Current directory>\uEUA.exe
- <Current directory>\zcQE.exe
- <Current directory>\TAAu.ico
- <Current directory>\ZooI.ico
- %TEMP%\wyUgQEEw.bat
- <Current directory>\kYQw.exe
- <Current directory>\LgcI.ico
- <Current directory>\bsUq.exe
- <Current directory>\wosE.ico
- <Current directory>\xMoS.exe
- <Current directory>\gUEy.exe
- <Current directory>\hAIS.ico
- <Current directory>\WcIG.ico
- %TEMP%\LoowkMYA.bat
- <Current directory>\AcYY.exe
- <Current directory>\fgwm.ico
- <Current directory>\Ewse.exe
- <Current directory>\OwkK.ico
- <Current directory>\vgQe.exe
- <Current directory>\asEy.exe
- <Current directory>\DwAU.ico
- <Current directory>\OcgU.ico
- %TEMP%\nSIkAUcc.bat
- <Current directory>\okYA.exe
- <Current directory>\UEII.ico
- <Current directory>\QQUc.exe
- <Current directory>\noQi.ico
- <Current directory>\EIkS.exe
- <Current directory>\zwsM.exe
- <Current directory>\jAkg.ico
- <Current directory>\DoES.exe
- <Current directory>\lwAS.ico
- %TEMP%\yqMggMck.bat
- <Current directory>\UgMS.exe
- <Current directory>\rQAw.exe
- <Current directory>\YkcQ.ico
- %TEMP%\bgkAcoYA.bat
- <Current directory>\bkYO.ico
- <Current directory>\qooo.exe
- <Current directory>\AwEc.ico
- <Current directory>\NwkW.exe
- %TEMP%\lcAQccoU.bat
- <Current directory>\aAQs.ico
- <Current directory>\pIoU.ico
- <Current directory>\fQYI.exe
- <Current directory>\cUAo.ico
- <Current directory>\Eogg.ico
- %TEMP%\nCgUQYIQ.bat
- <Current directory>\ksYc.ico
- <Current directory>\hUUu.exe
- <Current directory>\aUIU.exe
- <Current directory>\xcUI.ico
- <Current directory>\twAO.exe
- <Current directory>\KoIS.ico
- %TEMP%\XmUAsgEA.bat
- <Current directory>\OMYE.exe
- <Current directory>\jMYK.ico
- <Current directory>\cYcG.exe
- <Current directory>\woIk.ico
- <Current directory>\cMsC.ico
- <Current directory>\XoIo.exe
- %TEMP%\PoMEowIs.bat
- <Current directory>\HIsC.exe
- <Current directory>\GwQw.ico
- <Current directory>\tUsO.exe
- <Current directory>\LkUI.ico
- <Current directory>\SocO.exe
- <Current directory>\fIoS.ico
- %TEMP%\JQoUAMIw.bat
- <Current directory>\TgkK.ico
- %TEMP%\TKUIQIUE.bat
- <Current directory>\nUoe.exe
- <Current directory>\yksw.ico
- <Current directory>\rYkS.exe
- <Current directory>\BAMG.ico
- %TEMP%\iIUEYskg.bat
- <Current directory>\YUcS.ico
- <Current directory>\XcMG.ico
- <Current directory>\vQsK.exe
- <Current directory>\pMki.exe
- %TEMP%\GOocEAwo.bat
- <Current directory>\gcII.exe
- <Current directory>\fgYe.ico
- <Current directory>\OUkE.exe
- <Current directory>\iEkE.ico
- <Current directory>\NAAE.exe
- <Current directory>\BMwa.exe
- <Current directory>\XQAK.ico
- <Current directory>\uIoI.ico
- %TEMP%\XAAoQcwE.bat
- <Current directory>\osQw.exe
- <Current directory>\MAYQ.ico
- %TEMP%\siQQwgIE.bat
- <Current directory>\cosk.ico
- <Current directory>\oUUi.exe
- <Current directory>\WwwS.exe
- <Current directory>\dgIS.ico
- <Current directory>\fUsg.exe
- <Current directory>\LQQy.ico
- <Current directory>\dEgA.exe
- %TEMP%\uwUYgYYY.bat
- %TEMP%\HeYwQwkg.bat
- %TEMP%\MCswIEYI.bat
- %TEMP%\yIQAIQEM.bat
- %TEMP%\deYYooUo.bat
- %TEMP%\yAIogsUM.bat
- %TEMP%\ImQMUQUk.bat
- %TEMP%\JYkAsYYA.bat
- %TEMP%\oOQQUkMg.bat
- %TEMP%\riEYskgE.bat
- %TEMP%\FcEUoUwc.bat
- %TEMP%\awEwAgAU.bat
- %TEMP%\TuYsgQwk.bat
- %TEMP%\FCQocYgY.bat
- %TEMP%\EwkIkosM.bat
- %TEMP%\ksEoUEcM.bat
- %TEMP%\ZWssYQwE.bat
- %TEMP%\UoQQwcUI.bat
- <Current directory>\ucAQ.ico
- <Current directory>\pwAO.exe
- %TEMP%\ayscQoAU.bat
- <Current directory>\JIkY.exe
- <Current directory>\isUU.ico
- %TEMP%\yYQMkgEc.bat
- <Current directory>\PMYE.ico
- <Current directory>\egMG.exe
- <Current directory>\HwoO.ico
- %TEMP%\ToEEkIgg.bat
- <Current directory>\KsEu.exe
- %TEMP%\FasUkQkQ.bat
- %TEMP%\ZCcEkEsA.bat
- <Current directory>\wAEi.ico
- <Current directory>\xcIu.exe
- <Current directory>\igsc.ico
- <Current directory>\xEAu.exe
- <Current directory>\zcsA.exe
- <Current directory>\ZYIw.ico
- <Current directory>\lggU.exe
- <Current directory>\mgMO.ico
- <Current directory>\zYEK.exe
- <Current directory>\xQge.exe
- <Current directory>\sEsC.ico
- <Current directory>\vEky.ico
- %TEMP%\CkEssQwc.bat
- <Current directory>\iAku.exe
- <Current directory>\dAYW.ico
- <Current directory>\GMsA.exe
- <Current directory>\Vokc.ico
- <Current directory>\XYwA.exe
- <Current directory>\goQC.exe
- <Current directory>\TQQg.ico
- <Current directory>\cQAI.ico
- %TEMP%\QYgQIsQE.bat
- <Current directory>\GcUE.exe
- <Current directory>\hcUA.ico
- <Current directory>\PUAq.exe
- %TEMP%\HOgkkMEc.bat
- <Current directory>\akAO.exe
- <Current directory>\TcQo.ico
- <Current directory>\DEIm.exe
- <Current directory>\wYks.ico
- <Current directory>\IMkC.exe
- <Current directory>\dEkc.ico
- <Current directory>\rUEO.ico
- <Current directory>\lkIW.exe
- <Current directory>\PQEQ.ico
- <Current directory>\aQgw.exe
- <Current directory>\MoEu.ico
- <Current directory>\wUsu.exe
- <Current directory>\xUUC.ico
- <Current directory>\oAgC.exe
- <Current directory>\zIQM.exe
- <Current directory>\IIUw.exe
- <Current directory>\JIcI.ico
- <Current directory>\pYAW.exe
- <Current directory>\Csse.ico
- %TEMP%\mSwgAgQk.bat
- <Current directory>\ZAAe.exe
- <Current directory>\pgsg.exe
- <Current directory>\zYQO.ico
- %TEMP%\LqIoUUgs.bat
- <Current directory>\gEQs.exe
- <Current directory>\aUEQ.ico
- <Current directory>\iQAy.ico
- %TEMP%\iSQEIgoQ.bat
- <Current directory>\vAUq.exe
- <Current directory>\vIQk.ico
- <Current directory>\BIQE.exe
- <Current directory>\MswM.ico
- <Current directory>\XUEo.ico
- <Current directory>\mokQ.ico
- %TEMP%\aWEgYwoY.bat
- <Current directory>\AcYK.ico
- <Current directory>\dUIk.exe
- <Current directory>\hQoY.exe
- <Current directory>\WMoA.ico
- <Current directory>\ZcUy.exe
- <Current directory>\RkoW.ico
- <Current directory>\VYUe.exe
- <Current directory>\SgAc.exe
- <Current directory>\XAEe.ico
- <Current directory>\qIws.exe
- <Current directory>\bgQE.ico
- %TEMP%\NEMsIowY.bat
- <Current directory>\fscy.ico
- %TEMP%\GIgEAUEE.bat
- <Current directory>\dQEi.exe
- from C:\RCX4E.tmp to <Current directory>\SMQI.exe
- from C:\RCX4F.tmp to <Current directory>\oQUa.exe
- from C:\RCX50.tmp to <Current directory>\vgII.exe
- from C:\RCX4D.tmp to <Current directory>\YMYQ.exe
- from C:\RCX4A.tmp to <Current directory>\zAkO.exe
- from C:\RCX4B.tmp to <Current directory>\UAcc.exe
- from C:\RCX4C.tmp to <Current directory>\okYo.exe
- from C:\RCX55.tmp to <Current directory>\lMke.exe
- from C:\RCX56.tmp to <Current directory>\PMcc.exe
- from C:\RCX57.tmp to <Current directory>\NwkW.exe
- from C:\RCX54.tmp to <Current directory>\GksM.exe
- from C:\RCX51.tmp to <Current directory>\RkEI.exe
- from C:\RCX52.tmp to <Current directory>\YIci.exe
- from C:\RCX53.tmp to <Current directory>\qsIs.exe
- from C:\RCX49.tmp to <Current directory>\yYoO.exe
- from C:\RCX3F.tmp to <Current directory>\UMQs.exe
- from C:\RCX40.tmp to <Current directory>\CAwc.exe
- from C:\RCX41.tmp to <Current directory>\tYMo.exe
- from C:\RCX3E.tmp to <Current directory>\fsYw.exe
- from C:\RCX3B.tmp to <Current directory>\Fwke.exe
- from C:\RCX3C.tmp to <Current directory>\oscE.exe
- from C:\RCX3D.tmp to <Current directory>\TMgk.exe
- from C:\RCX46.tmp to <Current directory>\OAIM.exe
- from C:\RCX47.tmp to <Current directory>\Bggm.exe
- from C:\RCX48.tmp to <Current directory>\GsMc.exe
- from C:\RCX45.tmp to <Current directory>\DcUC.exe
- from C:\RCX42.tmp to <Current directory>\Pwga.exe
- from C:\RCX43.tmp to <Current directory>\JgQc.exe
- from C:\RCX44.tmp to <Current directory>\pIcw.exe
- from C:\RCX6B.tmp to <Current directory>\ssYI.exe
- from C:\RCX6C.tmp to <Current directory>\eUQW.exe
- from C:\RCX6D.tmp to <Current directory>\xMoS.exe
- from C:\RCX6A.tmp to <Current directory>\AEYw.exe
- from C:\RCX67.tmp to <Current directory>\bsUq.exe
- from C:\RCX68.tmp to <Current directory>\kYQw.exe
- from C:\RCX69.tmp to <Current directory>\uEUA.exe
- from C:\RCX72.tmp to <Current directory>\gUEy.exe
- from C:\RCX73.tmp to <Current directory>\Ewse.exe
- from C:\RCX74.tmp to <Current directory>\AcYY.exe
- from C:\RCX71.tmp to <Current directory>\vgQe.exe
- from C:\RCX6E.tmp to <Current directory>\asEy.exe
- from C:\RCX6F.tmp to <Current directory>\QQUc.exe
- from C:\RCX70.tmp to <Current directory>\okYA.exe
- from C:\RCX66.tmp to <Current directory>\zcQE.exe
- from C:\RCX5C.tmp to <Current directory>\rQAw.exe
- from C:\RCX5D.tmp to <Current directory>\UgMS.exe
- from C:\RCX5E.tmp to <Current directory>\cYcG.exe
- from C:\RCX5B.tmp to <Current directory>\zwsM.exe
- from C:\RCX58.tmp to <Current directory>\qooo.exe
- from C:\RCX59.tmp to <Current directory>\fQYI.exe
- from C:\RCX5A.tmp to <Current directory>\DoES.exe
- from C:\RCX63.tmp to <Current directory>\twAO.exe
- from C:\RCX64.tmp to <Current directory>\aUIU.exe
- from C:\RCX65.tmp to <Current directory>\EIkS.exe
- from C:\RCX62.tmp to <Current directory>\hUUu.exe
- from C:\RCX5F.tmp to <Current directory>\OMYE.exe
- from C:\RCX60.tmp to <Current directory>\HIsC.exe
- from C:\RCX61.tmp to <Current directory>\XoIo.exe
- from C:\RCX14.tmp to <Current directory>\OUkE.exe
- from C:\RCX15.tmp to <Current directory>\BMwa.exe
- from C:\RCX16.tmp to <Current directory>\zcsA.exe
- from C:\RCX13.tmp to <Current directory>\NAAE.exe
- from C:\RCX10.tmp to <Current directory>\fUsg.exe
- from C:\RCX11.tmp to <Current directory>\WwwS.exe
- from C:\RCX12.tmp to <Current directory>\osQw.exe
- from C:\RCX1B.tmp to <Current directory>\IIUw.exe
- from C:\RCX1C.tmp to <Current directory>\pgsg.exe
- from C:\RCX1D.tmp to <Current directory>\ZAAe.exe
- from C:\RCX1A.tmp to <Current directory>\pYAW.exe
- from C:\RCX17.tmp to <Current directory>\gEQs.exe
- from C:\RCX18.tmp to <Current directory>\BIQE.exe
- from C:\RCX19.tmp to <Current directory>\vAUq.exe
- from C:\RCXF.tmp to <Current directory>\oUUi.exe
- from C:\RCX5.tmp to <Current directory>\pwAO.exe
- from C:\RCX6.tmp to <Current directory>\egMG.exe
- from C:\RCX7.tmp to <Current directory>\dEgA.exe
- from C:\RCX4.tmp to <Current directory>\JIkY.exe
- from C:\RCX1.tmp to <Current directory>\KsEu.exe
- from C:\RCX2.tmp to <Current directory>\xEAu.exe
- from C:\RCX3.tmp to <Current directory>\xcIu.exe
- from C:\RCXC.tmp to <Current directory>\tUsO.exe
- from C:\RCXD.tmp to <Current directory>\nUoe.exe
- from C:\RCXE.tmp to <Current directory>\gcII.exe
- from C:\RCXB.tmp to <Current directory>\SocO.exe
- from C:\RCX8.tmp to <Current directory>\rYkS.exe
- from C:\RCX9.tmp to <Current directory>\pMki.exe
- from C:\RCXA.tmp to <Current directory>\vQsK.exe
- from C:\RCX31.tmp to <Current directory>\wUsu.exe
- from C:\RCX32.tmp to <Current directory>\akAO.exe
- from C:\RCX33.tmp to <Current directory>\PUAq.exe
- from C:\RCX30.tmp to <Current directory>\oAgC.exe
- from C:\RCX2D.tmp to <Current directory>\GcUE.exe
- from C:\RCX2E.tmp to <Current directory>\aQgw.exe
- from C:\RCX2F.tmp to <Current directory>\lkIW.exe
- from C:\RCX38.tmp to <Current directory>\VMck.exe
- from C:\RCX39.tmp to <Current directory>\AgUK.exe
- from C:\RCX3A.tmp to <Current directory>\akcY.exe
- from C:\RCX37.tmp to <Current directory>\BYgq.exe
- from C:\RCX34.tmp to <Current directory>\IMkC.exe
- from C:\RCX35.tmp to <Current directory>\DEIm.exe
- from C:\RCX36.tmp to <Current directory>\LQAE.exe
- from C:\RCX2C.tmp to <Current directory>\xQge.exe
- from C:\RCX22.tmp to <Current directory>\dUIk.exe
- from C:\RCX23.tmp to <Current directory>\ZcUy.exe
- from C:\RCX24.tmp to <Current directory>\hQoY.exe
- from C:\RCX21.tmp to <Current directory>\VYUe.exe
- from C:\RCX1E.tmp to <Current directory>\qIws.exe
- from C:\RCX1F.tmp to <Current directory>\SgAc.exe
- from C:\RCX20.tmp to <Current directory>\dQEi.exe
- from C:\RCX29.tmp to <Current directory>\iAku.exe
- from C:\RCX2A.tmp to <Current directory>\zYEK.exe
- from C:\RCX2B.tmp to <Current directory>\lggU.exe
- from C:\RCX28.tmp to <Current directory>\goQC.exe
- from C:\RCX25.tmp to <Current directory>\zIQM.exe
- from C:\RCX26.tmp to <Current directory>\XYwA.exe
- from C:\RCX27.tmp to <Current directory>\GMsA.exe
- '20#.#19.204.12':666
- '19#.#86.45.170':666
- '74.##5.232.51':80
- '20#.#7.164.69':666
- '20#.#7.164.69':9999
- '20#.#19.204.12':9999
- '19#.#86.45.170':9999
- 74.##5.232.51/
- DNS ASK google.com
- ClassName: 'Indicator' WindowName: ''