Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\gowMcMwY.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe'
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\pGMkUYIU.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\jIAEgMwM.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' /pid=0x8a0 /log
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\VIMQMcos.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\kUokgEko.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- <Current directory>\UkcM.ico
- <Current directory>\qQgs.exe
- %TEMP%\TUkwQwgc.bat
- <Current directory>\lMAk.ico
- <Current directory>\FAcK.exe
- C:\RCX492A.tmp
- C:\RCX4A72.tmp
- %TEMP%\gowMcMwY.bat
- <Current directory>\PeMk.ico
- <Current directory>\ioEq.exe
- <Current directory>\HwUo.ico
- <Current directory>\oYQi.exe
- C:\RCX4EA8.tmp
- C:\RCX47D2.tmp
- <Current directory>\RccU.exe
- C:\RCX43AA.tmp
- <Current directory>\dOow.ico
- <Current directory>\SUQO.exe
- C:\RCX4177.tmp
- <Current directory>\oucU.ico
- <Current directory>\pMAA.exe
- C:\RCX46F6.tmp
- <Current directory>\JQgQ.ico
- <Current directory>\QgYE.exe
- C:\RCX45DC.tmp
- <Current directory>\AIIs.ico
- <Current directory>\FgMC.exe
- <Current directory>\vsga.exe
- C:\RCX5CD2.tmp
- <Current directory>\EoIg.ico
- <Current directory>\NEUM.exe
- C:\RCX5AFD.tmp
- <Current directory>\BqYY.ico
- <Current directory>\KEgA.exe
- C:\RCX5F06.tmp
- <Current directory>\pKYc.ico
- <Current directory>\DsUc.exe
- C:\RCX5E0B.tmp
- <Current directory>\ukwc.ico
- <Current directory>\boEk.exe
- <Current directory>\DUQY.ico
- C:\RCX53E7.tmp
- <Current directory>\waEE.ico
- <Current directory>\YEkM.exe
- C:\RCX51C4.tmp
- <Current directory>\FQwg.ico
- <Current directory>\OQIA.exe
- C:\RCX5649.tmp
- <Current directory>\vWso.ico
- <Current directory>\qgsY.exe
- C:\RCX5A41.tmp
- <Current directory>\ymYU.ico
- <Current directory>\rooQ.exe
- C:\RCX58AA.tmp
- <Current directory>\yIcM.ico
- <Current directory>\pYcS.exe
- C:\RCX2F62.tmp
- <Current directory>\CsIY.ico
- <Current directory>\vogA.exe
- C:\RCX2E86.tmp
- <Current directory>\bwsU.ico
- <Current directory>\RgwI.exe
- C:\RCX30CA.tmp
- <Current directory>\XWYY.ico
- <Current directory>\BEIu.exe
- C:\RCX300E.tmp
- <Current directory>\fgwc.ico
- <Current directory>\ekcq.exe
- <Current directory>\PwoA.ico
- <Current directory>\sOEc.ico
- <Current directory>\OEMW.exe
- C:\RCX2917.tmp
- <Current directory>\fQkw.ico
- <Current directory>\DUws.exe
- C:\RCX2751.tmp
- <Current directory>\YwAs.ico
- <Current directory>\oGUk.ico
- <Current directory>\yQMU.exe
- C:\RCX2C82.tmp
- <Current directory>\nwwg.exe
- <Auxiliary element>
- C:\RCX2A21.tmp
- C:\RCX3ADE.tmp
- <Current directory>\KKAk.ico
- <Current directory>\MgoE.exe
- C:\RCX3967.tmp
- <Current directory>\bkME.ico
- <Current directory>\fYQc.exe
- C:\RCX3C46.tmp
- <Current directory>\umAg.ico
- <Current directory>\HwEY.exe
- C:\RCX402F.tmp
- <Current directory>\yEQs.ico
- <Current directory>\JEcW.exe
- C:\RCX3E2B.tmp
- <Current directory>\zQIq.exe
- C:\RCX32CF.tmp
- <Current directory>\kMcg.ico
- <Current directory>\Vcsi.exe
- C:\RCX31A6.tmp
- <Current directory>\eskw.ico
- <Current directory>\AEsS.exe
- %TEMP%\XqoIgQYE.bat
- C:\RCX38AB.tmp
- %TEMP%\ksAQkMUU.bat
- <Current directory>\cggY.ico
- C:\RCX3781.tmp
- <Current directory>\rkcY.ico
- <Current directory>\XsoK.exe
- <Current directory>\QwkG.exe
- C:\RCX84E6.tmp
- <Current directory>\Aiks.ico
- <Current directory>\WkYE.exe
- C:\RCX8284.tmp
- <Current directory>\SSck.ico
- <Current directory>\REgG.exe
- <Current directory>\MYoi.exe
- C:\RCX8787.tmp
- %TEMP%\fAcQEAsE.bat
- C:\RCX85E0.tmp
- %TEMP%\AMYgsAAw.bat
- <Current directory>\JEIg.ico
- <Current directory>\QGYw.ico
- C:\RCX7D33.tmp
- <Current directory>\IwYA.ico
- <Current directory>\foEY.exe
- C:\RCX7B4F.tmp
- <Current directory>\kYEo.ico
- <Current directory>\uUgM.exe
- C:\RCX7EAB.tmp
- <Current directory>\vGMU.ico
- <Current directory>\DgoW.exe
- C:\RCX815B.tmp
- <Current directory>\ByEQ.ico
- <Current directory>\kEIC.exe
- C:\RCX8060.tmp
- C:\RCX917B.tmp
- <Current directory>\dOQA.ico
- <Current directory>\OsES.exe
- C:\RCX8F58.tmp
- <Current directory>\SwEo.ico
- <Current directory>\Sgkm.exe
- C:\RCX92A5.tmp
- <Current directory>\nEkY.ico
- <Current directory>\Fcoe.exe
- C:\RCX9546.tmp
- <Current directory>\DeEE.ico
- <Current directory>\pgcA.exe
- C:\RCX942C.tmp
- <Current directory>\LowM.exe
- <Current directory>\kmQM.ico
- <Current directory>\JcIW.exe
- C:\RCX8A75.tmp
- <Current directory>\KCEU.ico
- <Current directory>\KckK.exe
- C:\RCX898A.tmp
- <Current directory>\NSQg.ico
- <Current directory>\fcYw.exe
- C:\RCX8E10.tmp
- <Current directory>\OIMo.ico
- <Current directory>\AEkw.exe
- C:\RCX8CE6.tmp
- <Current directory>\NAAo.ico
- <Current directory>\oQgE.exe
- C:\RCX69A6.tmp
- <Current directory>\sSog.ico
- <Current directory>\xIgW.exe
- C:\RCX686D.tmp
- <Current directory>\Nsgw.ico
- <Current directory>\tMMk.exe
- C:\RCX6C08.tmp
- <Current directory>\YakE.ico
- <Current directory>\qYIQ.exe
- C:\RCX6F16.tmp
- <Current directory>\RsIA.ico
- <Current directory>\xkAi.exe
- C:\RCX6DDD.tmp
- <Current directory>\jEIG.exe
- C:\RCX6197.tmp
- %TEMP%\nQgYMcgI.bat
- <Current directory>\RSkY.ico
- C:\RCX6010.tmp
- <Current directory>\mEUw.ico
- <Current directory>\AkQE.exe
- <Current directory>\Qskg.exe
- <Current directory>\WAcG.exe
- C:\RCX66A8.tmp
- <Current directory>\aSIk.ico
- %TEMP%\jIAEgMwM.bat
- C:\RCX6427.tmp
- <Current directory>\wMIY.ico
- <Current directory>\UcUU.exe
- C:\RCX764C.tmp
- %TEMP%\pGMkUYIU.bat
- <Current directory>\wgwC.exe
- C:\RCX7533.tmp
- <Current directory>\BiUw.ico
- <Current directory>\mOcc.ico
- <Current directory>\GYAA.exe
- C:\RCX79E7.tmp
- <Current directory>\RUwI.ico
- <Current directory>\kwIk.exe
- C:\RCX78AE.tmp
- <Current directory>\moIA.ico
- %TEMP%\dGosQwco.bat
- <Current directory>\oKUw.ico
- <Current directory>\Bosa.exe
- C:\RCX70DC.tmp
- <Current directory>\xQsI.ico
- <Current directory>\WAky.exe
- C:\RCX7001.tmp
- <Current directory>\LuAA.ico
- <Current directory>\QAES.exe
- C:\RCX7448.tmp
- <Current directory>\FwYE.ico
- <Current directory>\Fooi.exe
- C:\RCX71E6.tmp
- <Current directory>\MSws.ico
- C:\RCX2676.tmp
- <Current directory>\iggC.exe
- C:\RCXD4C0.tmp
- <Current directory>\aEIo.ico
- <Current directory>\sQYm.exe
- C:\RCXD2FB.tmp
- <Current directory>\UeQs.ico
- <Current directory>\eswU.exe
- C:\RCXD935.tmp
- <Current directory>\hWgw.ico
- %TEMP%\wsoooUoQ.bat
- C:\RCXD7CD.tmp
- <Current directory>\Sycg.ico
- <Current directory>\IcIE.exe
- <Current directory>\iwww.ico
- C:\RCXCC91.tmp
- <Current directory>\eEYw.ico
- <Current directory>\oIgc.exe
- C:\RCXC9D2.tmp
- <Current directory>\xqkM.ico
- <Current directory>\eYYo.exe
- C:\RCXCE66.tmp
- <Current directory>\tIkU.ico
- <Current directory>\IEkK.exe
- C:\RCXD1D1.tmp
- <Current directory>\tOUU.ico
- <Current directory>\rMsI.exe
- C:\RCXCF7F.tmp
- C:\RCXE50D.tmp
- <Current directory>\XkoM.ico
- <Current directory>\iAks.exe
- C:\RCXE403.tmp
- <Current directory>\roAI.ico
- <Current directory>\Vkck.exe
- C:\RCXE656.tmp
- <Current directory>\mqco.ico
- <Current directory>\pEcg.exe
- C:\RCXEA10.tmp
- <Current directory>\kggw.ico
- <Current directory>\skIW.exe
- C:\RCXE915.tmp
- <Current directory>\sUIU.exe
- <Current directory>\qwsM.ico
- <Current directory>\tQUq.exe
- C:\RCXDD0E.tmp
- <Current directory>\hkMo.exe
- C:\RCXDA8D.tmp
- %TEMP%\GQswgcMA.bat
- <Current directory>\qOYk.ico
- <Current directory>\AYcM.exe
- C:\RCXE29B.tmp
- <Current directory>\xYUg.ico
- <Current directory>\XskI.exe
- C:\RCXDF40.tmp
- <Current directory>\tqUQ.ico
- <Current directory>\AckE.exe
- C:\RCXAF82.tmp
- <Current directory>\vMQU.ico
- <Current directory>\RYQw.exe
- C:\RCXAC85.tmp
- <Current directory>\GSwk.ico
- <Current directory>\uAIY.exe
- C:\RCXB473.tmp
- <Current directory>\koAY.ico
- <Current directory>\hUkA.exe
- C:\RCXB752.tmp
- <Current directory>\DwYk.ico
- <Current directory>\zIQk.exe
- C:\RCXB5EA.tmp
- <Current directory>\BUIU.exe
- C:\ProgramData\kaog.txt
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- <Current directory>\pQIs.ico
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- %TEMP%\OSkgYoIE.bat
- C:\RCXA9C6.tmp
- %TEMP%\file.vbs
- <Current directory>\ocYo.ico
- <Current directory>\<Virus name>
- %TEMP%\HiMYskcw.bat
- <Current directory>\tIYg.exe
- <Current directory>\BEok.exe
- C:\RCXC397.tmp
- %TEMP%\cmkMkUAk.bat
- %TEMP%\MOUEAcQs.bat
- C:\RCXC174.tmp
- <Current directory>\mAwE.ico
- <Current directory>\asQc.ico
- <Current directory>\XcIy.exe
- C:\RCXC86A.tmp
- <Current directory>\kyEQ.ico
- <Current directory>\pMMa.exe
- C:\RCXC6C4.tmp
- <Current directory>\MgYk.ico
- <Current directory>\dQgc.exe
- <Current directory>\ycsg.ico
- <Current directory>\SEwy.exe
- C:\RCXBC63.tmp
- <Current directory>\vYwk.ico
- <Current directory>\QoAO.exe
- C:\RCXBBA6.tmp
- <Current directory>\pCYc.ico
- <Current directory>\yoMO.exe
- C:\RCXC00D.tmp
- <Current directory>\JSkw.ico
- <Current directory>\NEkw.exe
- C:\RCXBDCA.tmp
- <Current directory>\rWsA.ico
- <Current directory>\fcUU.exe
- C:\RCX12AD.tmp
- %TEMP%\AWsoYIYc.bat
- %TEMP%\JcoUsUUQ.bat
- C:\RCXFAF.tmp
- <Current directory>\mEUE.ico
- <Current directory>\SQIA.ico
- <Current directory>\ekwe.exe
- C:\RCX15AB.tmp
- <Current directory>\hwEc.ico
- <Current directory>\QQUo.exe
- C:\RCX1443.tmp
- <Current directory>\ZeIQ.ico
- <Current directory>\LwAK.exe
- <Current directory>\umwk.ico
- <Current directory>\Agcq.exe
- C:\RCXB1A.tmp
- <Current directory>\ZeAU.ico
- <Current directory>\CoEG.exe
- C:\RCXA9C.tmp
- <Current directory>\dsgc.ico
- <Current directory>\mocw.exe
- C:\RCXDCB.tmp
- <Current directory>\Eikk.ico
- <Current directory>\McsO.exe
- C:\RCXC05.tmp
- <Current directory>\Gsow.ico
- <Current directory>\XeYk.ico
- %TEMP%\YgkcccME.bat
- <Current directory>\lQkA.exe
- <Current directory>\Yygg.ico
- <Current directory>\xUIg.exe
- C:\RCX21E1.tmp
- C:\RCX24A0.tmp
- %TEMP%\VIMQMcos.bat
- <Current directory>\XIsM.ico
- <Current directory>\rksk.exe
- <Current directory>\YeUI.ico
- <Current directory>\okcA.exe
- C:\RCX256C.tmp
- C:\RCX1F51.tmp
- <Current directory>\IUEs.exe
- C:\RCX1BA6.tmp
- <Current directory>\qSkE.ico
- <Current directory>\RsAO.exe
- C:\RCX1A7C.tmp
- <Current directory>\MyAg.ico
- <Current directory>\YcAS.exe
- C:\RCX1D3D.tmp
- <Current directory>\DugM.ico
- <Current directory>\PIMk.exe
- C:\RCX1C81.tmp
- <Current directory>\dCkM.ico
- <Current directory>\Rkwu.exe
- C:\RCX9F0.tmp
- <Current directory>\rugU.ico
- <Current directory>\yAgA.exe
- C:\RCXF617.tmp
- <Current directory>\FYMs.ico
- <Current directory>\coQI.exe
- C:\RCXF4BF.tmp
- <Current directory>\tuAA.ico
- <Current directory>\DcAQ.exe
- C:\RCXF963.tmp
- <Current directory>\qukI.ico
- <Current directory>\jMgK.exe
- C:\RCXF7FB.tmp
- <Current directory>\WIMY.ico
- C:\RCXF26D.tmp
- <Current directory>\SYwE.ico
- %TEMP%\EEsQokcs.bat
- <Current directory>\DAMM.exe
- <Current directory>\JYEk.ico
- <Current directory>\SgMU.exe
- C:\RCXEBD5.tmp
- C:\RCXEDF8.tmp
- C:\RCXF088.tmp
- <Current directory>\hMsc.ico
- <Current directory>\EUYo.exe
- %TEMP%\cmgwAsEw.bat
- <Current directory>\iuAA.ico
- <Current directory>\fAMa.exe
- <Current directory>\gMcO.exe
- C:\RCX50D.tmp
- <Current directory>\rKUw.ico
- <Current directory>\QIUK.exe
- C:\RCX2DA.tmp
- <Current directory>\EoUU.ico
- <Current directory>\SkYs.exe
- C:\RCX7EC.tmp
- <Current directory>\tWYc.ico
- <Current directory>\VwwA.exe
- C:\RCX694.tmp
- <Current directory>\VYgI.ico
- <Current directory>\rkgS.exe
- <Current directory>\MocY.ico
- <Current directory>\CscU.exe
- C:\RCXFC71.tmp
- %TEMP%\WQcIMwMw.bat
- <Current directory>\AEgy.exe
- C:\RCXFAEA.tmp
- <Current directory>\LaIw.ico
- <Current directory>\eIkg.ico
- <Current directory>\pmIM.ico
- <Current directory>\pQwE.exe
- C:\RCXA8.tmp
- <Current directory>\PwAE.exe
- C:\RCXFEA4.tmp
- %TEMP%\kUokgEko.bat
- %TEMP%\TUkwQwgc.bat
- <Current directory>\HwUo.ico
- <Current directory>\UkcM.ico
- <Current directory>\qQgs.exe
- <Current directory>\ioEq.exe
- <Current directory>\FQwg.ico
- <Current directory>\oYQi.exe
- <Current directory>\PeMk.ico
- <Current directory>\FAcK.exe
- <Current directory>\pMAA.exe
- <Current directory>\AIIs.ico
- <Current directory>\RccU.exe
- <Current directory>\dOow.ico
- <Current directory>\QgYE.exe
- <Current directory>\lMAk.ico
- <Current directory>\FgMC.exe
- <Current directory>\JQgQ.ico
- <Current directory>\OQIA.exe
- <Current directory>\EoIg.ico
- <Current directory>\KEgA.exe
- <Current directory>\vsga.exe
- %TEMP%\gowMcMwY.bat
- <Current directory>\pKYc.ico
- <Current directory>\DsUc.exe
- <Current directory>\ukwc.ico
- <Current directory>\boEk.exe
- <Current directory>\BqYY.ico
- <Current directory>\ymYU.ico
- <Current directory>\rooQ.exe
- <Current directory>\waEE.ico
- <Current directory>\YEkM.exe
- <Current directory>\DUQY.ico
- <Current directory>\NEUM.exe
- <Current directory>\vWso.ico
- <Current directory>\qgsY.exe
- <Current directory>\oucU.ico
- <Current directory>\fgwc.ico
- <Current directory>\ekcq.exe
- <Current directory>\CsIY.ico
- <Current directory>\RgwI.exe
- <Current directory>\eskw.ico
- <Current directory>\AEsS.exe
- <Current directory>\XWYY.ico
- <Current directory>\BEIu.exe
- <Current directory>\pYcS.exe
- <Current directory>\nwwg.exe
- <Current directory>\oGUk.ico
- <Current directory>\OEMW.exe
- <Current directory>\YwAs.ico
- <Current directory>\vogA.exe
- <Current directory>\bwsU.ico
- <Current directory>\yQMU.exe
- <Current directory>\PwoA.ico
- <Current directory>\kMcg.ico
- <Current directory>\yEQs.ico
- <Current directory>\JEcW.exe
- <Current directory>\KKAk.ico
- <Current directory>\MgoE.exe
- <Current directory>\yIcM.ico
- <Current directory>\SUQO.exe
- <Current directory>\umAg.ico
- <Current directory>\HwEY.exe
- <Current directory>\fYQc.exe
- %TEMP%\XqoIgQYE.bat
- <Current directory>\rkcY.ico
- <Current directory>\Vcsi.exe
- %TEMP%\VIMQMcos.bat
- <Current directory>\zQIq.exe
- <Current directory>\bkME.ico
- <Current directory>\XsoK.exe
- <Current directory>\cggY.ico
- <Current directory>\SSck.ico
- <Current directory>\QwkG.exe
- <Current directory>\QGYw.ico
- <Current directory>\WkYE.exe
- <Current directory>\REgG.exe
- %TEMP%\AMYgsAAw.bat
- %TEMP%\pGMkUYIU.bat
- <Current directory>\Aiks.ico
- <Current directory>\DgoW.exe
- <Current directory>\uUgM.exe
- <Current directory>\IwYA.ico
- <Current directory>\oQgE.exe
- <Current directory>\kYEo.ico
- <Current directory>\kEIC.exe
- <Current directory>\vGMU.ico
- <Current directory>\foEY.exe
- <Current directory>\ByEQ.ico
- <Current directory>\JEIg.ico
- <Current directory>\SwEo.ico
- <Current directory>\Sgkm.exe
- <Current directory>\OIMo.ico
- <Current directory>\LowM.exe
- <Current directory>\DeEE.ico
- <Current directory>\pgcA.exe
- <Current directory>\dOQA.ico
- <Current directory>\OsES.exe
- <Current directory>\fcYw.exe
- <Current directory>\KckK.exe
- <Current directory>\kmQM.ico
- <Current directory>\MYoi.exe
- <Current directory>\KCEU.ico
- <Current directory>\AEkw.exe
- <Current directory>\NAAo.ico
- <Current directory>\JcIW.exe
- <Current directory>\NSQg.ico
- <Current directory>\RUwI.ico
- <Current directory>\sSog.ico
- <Current directory>\xIgW.exe
- <Current directory>\Nsgw.ico
- <Current directory>\tMMk.exe
- <Current directory>\YakE.ico
- <Current directory>\qYIQ.exe
- <Current directory>\RsIA.ico
- <Current directory>\xkAi.exe
- <Current directory>\jEIG.exe
- %TEMP%\nQgYMcgI.bat
- <Current directory>\RSkY.ico
- <Current directory>\mEUw.ico
- <Current directory>\AkQE.exe
- <Current directory>\WAcG.exe
- <Current directory>\aSIk.ico
- <Current directory>\Qskg.exe
- <Current directory>\wMIY.ico
- %TEMP%\jIAEgMwM.bat
- <Current directory>\BiUw.ico
- <Current directory>\UcUU.exe
- <Current directory>\wgwC.exe
- %TEMP%\dGosQwco.bat
- <Current directory>\moIA.ico
- <Current directory>\GYAA.exe
- <Current directory>\mOcc.ico
- <Current directory>\kwIk.exe
- <Current directory>\FwYE.ico
- <Current directory>\oKUw.ico
- <Current directory>\Bosa.exe
- <Current directory>\xQsI.ico
- <Current directory>\WAky.exe
- <Current directory>\MSws.ico
- <Current directory>\QAES.exe
- <Current directory>\LuAA.ico
- <Current directory>\Fooi.exe
- <Current directory>\sOEc.ico
- <Current directory>\IcIE.exe
- %TEMP%\wsoooUoQ.bat
- <Current directory>\eswU.exe
- <Current directory>\Sycg.ico
- <Current directory>\qwsM.ico
- <Current directory>\tQUq.exe
- <Current directory>\hWgw.ico
- <Current directory>\hkMo.exe
- <Current directory>\aEIo.ico
- <Current directory>\tIkU.ico
- <Current directory>\IEkK.exe
- <Current directory>\tOUU.ico
- <Current directory>\rMsI.exe
- <Current directory>\UeQs.ico
- <Current directory>\iggC.exe
- <Current directory>\iwww.ico
- <Current directory>\sQYm.exe
- <Current directory>\qOYk.ico
- <Current directory>\mqco.ico
- <Current directory>\pEcg.exe
- <Current directory>\kggw.ico
- <Current directory>\skIW.exe
- %TEMP%\EEsQokcs.bat
- <Current directory>\SYwE.ico
- <Current directory>\JYEk.ico
- <Current directory>\SgMU.exe
- <Current directory>\iAks.exe
- <Current directory>\AYcM.exe
- <Current directory>\xYUg.ico
- <Current directory>\XskI.exe
- <Current directory>\tqUQ.ico
- <Current directory>\Vkck.exe
- <Current directory>\XkoM.ico
- <Current directory>\sUIU.exe
- <Current directory>\roAI.ico
- <Current directory>\oIgc.exe
- <Current directory>\koAY.ico
- <Current directory>\hUkA.exe
- <Current directory>\DwYk.ico
- <Current directory>\zIQk.exe
- <Current directory>\ycsg.ico
- <Current directory>\SEwy.exe
- <Current directory>\vYwk.ico
- <Current directory>\QoAO.exe
- <Current directory>\RYQw.exe
- <Current directory>\tIYg.exe
- <Current directory>\ocYo.ico
- %TEMP%\OSkgYoIE.bat
- <Current directory>\pQIs.ico
- <Current directory>\uAIY.exe
- <Current directory>\vMQU.ico
- <Current directory>\BUIU.exe
- <Current directory>\GSwk.ico
- <Current directory>\pCYc.ico
- <Current directory>\XcIy.exe
- <Current directory>\kyEQ.ico
- <Current directory>\pMMa.exe
- <Current directory>\MgYk.ico
- <Current directory>\eYYo.exe
- <Current directory>\eEYw.ico
- <Current directory>\AckE.exe
- <Current directory>\xqkM.ico
- <Current directory>\asQc.ico
- <Current directory>\yoMO.exe
- <Current directory>\JSkw.ico
- <Current directory>\NEkw.exe
- <Current directory>\rWsA.ico
- <Current directory>\mAwE.ico
- <Current directory>\BEok.exe
- <Current directory>\dQgc.exe
- %TEMP%\MOUEAcQs.bat
- <Current directory>\QQUo.exe
- <Current directory>\ZeIQ.ico
- <Current directory>\fcUU.exe
- <Current directory>\SQIA.ico
- <Current directory>\RsAO.exe
- <Current directory>\MyAg.ico
- <Current directory>\ekwe.exe
- <Current directory>\hwEc.ico
- <Current directory>\mEUE.ico
- <Current directory>\McsO.exe
- <Current directory>\Gsow.ico
- <Current directory>\Agcq.exe
- <Current directory>\dsgc.ico
- <Current directory>\LwAK.exe
- %TEMP%\JcoUsUUQ.bat
- <Current directory>\mocw.exe
- <Current directory>\Eikk.ico
- <Current directory>\IUEs.exe
- <Current directory>\YeUI.ico
- <Current directory>\okcA.exe
- <Current directory>\lQkA.exe
- %TEMP%\YgkcccME.bat
- <Current directory>\fQkw.ico
- <Current directory>\DUws.exe
- <Current directory>\XIsM.ico
- <Current directory>\rksk.exe
- <Current directory>\XeYk.ico
- <Current directory>\dCkM.ico
- <Current directory>\Rkwu.exe
- <Current directory>\qSkE.ico
- <Current directory>\YcAS.exe
- <Current directory>\Yygg.ico
- <Current directory>\xUIg.exe
- <Current directory>\DugM.ico
- <Current directory>\PIMk.exe
- <Current directory>\umwk.ico
- <Current directory>\WIMY.ico
- <Current directory>\DcAQ.exe
- <Current directory>\tuAA.ico
- <Current directory>\jMgK.exe
- <Current directory>\LaIw.ico
- <Current directory>\CscU.exe
- <Current directory>\qukI.ico
- <Current directory>\AEgy.exe
- <Current directory>\yAgA.exe
- <Current directory>\fAMa.exe
- <Current directory>\hMsc.ico
- <Current directory>\DAMM.exe
- <Current directory>\iuAA.ico
- <Current directory>\coQI.exe
- <Current directory>\rugU.ico
- <Current directory>\EUYo.exe
- <Current directory>\FYMs.ico
- %TEMP%\WQcIMwMw.bat
- <Current directory>\rkgS.exe
- %TEMP%\kUokgEko.bat
- <Current directory>\SkYs.exe
- <Current directory>\VYgI.ico
- <Current directory>\ZeAU.ico
- <Current directory>\CoEG.exe
- <Current directory>\tWYc.ico
- <Current directory>\VwwA.exe
- <Current directory>\rKUw.ico
- <Current directory>\pmIM.ico
- <Current directory>\pQwE.exe
- <Current directory>\eIkg.ico
- <Current directory>\PwAE.exe
- <Current directory>\EoUU.ico
- <Current directory>\gMcO.exe
- <Current directory>\MocY.ico
- <Current directory>\QIUK.exe
- from C:\RCX4A72.tmp to <Current directory>\qQgs.exe
- from C:\RCX492A.tmp to <Current directory>\FAcK.exe
- from C:\RCX51C4.tmp to <Current directory>\ioEq.exe
- from C:\RCX4EA8.tmp to <Current directory>\oYQi.exe
- from C:\RCX45DC.tmp to <Current directory>\pMAA.exe
- from C:\RCX43AA.tmp to <Current directory>\RccU.exe
- from C:\RCX47D2.tmp to <Current directory>\QgYE.exe
- from C:\RCX46F6.tmp to <Current directory>\FgMC.exe
- from C:\RCX5CD2.tmp to <Current directory>\vsga.exe
- from C:\RCX5AFD.tmp to <Current directory>\NEUM.exe
- from C:\RCX5F06.tmp to <Current directory>\boEk.exe
- from C:\RCX5E0B.tmp to <Current directory>\KEgA.exe
- from C:\RCX5649.tmp to <Current directory>\YEkM.exe
- from C:\RCX53E7.tmp to <Current directory>\OQIA.exe
- from C:\RCX5A41.tmp to <Current directory>\qgsY.exe
- from C:\RCX58AA.tmp to <Current directory>\rooQ.exe
- from C:\RCX4177.tmp to <Current directory>\SUQO.exe
- from C:\RCX300E.tmp to <Current directory>\RgwI.exe
- from C:\RCX2F62.tmp to <Current directory>\pYcS.exe
- from C:\RCX31A6.tmp to <Current directory>\BEIu.exe
- from C:\RCX30CA.tmp to <Current directory>\ekcq.exe
- from C:\RCX2A21.tmp to <Current directory>\nwwg.exe
- from C:\RCX2917.tmp to <Current directory>\OEMW.exe
- from C:\RCX2E86.tmp to <Current directory>\vogA.exe
- from C:\RCX2C82.tmp to <Current directory>\yQMU.exe
- from C:\RCX3C46.tmp to <Current directory>\MgoE.exe
- from C:\RCX3ADE.tmp to <Current directory>\fYQc.exe
- from C:\RCX402F.tmp to <Current directory>\HwEY.exe
- from C:\RCX3E2B.tmp to <Current directory>\JEcW.exe
- from C:\RCX3781.tmp to <Current directory>\Vcsi.exe
- from C:\RCX32CF.tmp to <Current directory>\AEsS.exe
- from C:\RCX3967.tmp to <Current directory>\zQIq.exe
- from C:\RCX38AB.tmp to <Current directory>\XsoK.exe
- from C:\RCX6010.tmp to <Current directory>\DsUc.exe
- from C:\RCX84E6.tmp to <Current directory>\QwkG.exe
- from C:\RCX8284.tmp to <Current directory>\WkYE.exe
- from C:\RCX8787.tmp to <Current directory>\MYoi.exe
- from C:\RCX85E0.tmp to <Current directory>\REgG.exe
- from C:\RCX7EAB.tmp to <Current directory>\foEY.exe
- from C:\RCX7D33.tmp to <Current directory>\uUgM.exe
- from C:\RCX815B.tmp to <Current directory>\DgoW.exe
- from C:\RCX8060.tmp to <Current directory>\kEIC.exe
- from C:\RCX917B.tmp to <Current directory>\Sgkm.exe
- from C:\RCX8F58.tmp to <Current directory>\LowM.exe
- from C:\RCX942C.tmp to <Current directory>\pgcA.exe
- from C:\RCX92A5.tmp to <Current directory>\OsES.exe
- from C:\RCX8A75.tmp to <Current directory>\JcIW.exe
- from C:\RCX898A.tmp to <Current directory>\KckK.exe
- from C:\RCX8E10.tmp to <Current directory>\fcYw.exe
- from C:\RCX8CE6.tmp to <Current directory>\AEkw.exe
- from C:\RCX7B4F.tmp to <Current directory>\oQgE.exe
- from C:\RCX6C08.tmp to <Current directory>\xIgW.exe
- from C:\RCX69A6.tmp to <Current directory>\tMMk.exe
- from C:\RCX6F16.tmp to <Current directory>\qYIQ.exe
- from C:\RCX6DDD.tmp to <Current directory>\xkAi.exe
- from C:\RCX6427.tmp to <Current directory>\Qskg.exe
- from C:\RCX6197.tmp to <Current directory>\AkQE.exe
- from C:\RCX686D.tmp to <Current directory>\jEIG.exe
- from C:\RCX66A8.tmp to <Current directory>\WAcG.exe
- from C:\RCX764C.tmp to <Current directory>\UcUU.exe
- from C:\RCX7533.tmp to <Current directory>\wgwC.exe
- from C:\RCX79E7.tmp to <Current directory>\GYAA.exe
- from C:\RCX78AE.tmp to <Current directory>\kwIk.exe
- from C:\RCX70DC.tmp to <Current directory>\Bosa.exe
- from C:\RCX7001.tmp to <Current directory>\WAky.exe
- from C:\RCX7448.tmp to <Current directory>\QAES.exe
- from C:\RCX71E6.tmp to <Current directory>\Fooi.exe
- from C:\RCXD935.tmp to <Current directory>\IcIE.exe
- from C:\RCXD7CD.tmp to <Current directory>\eswU.exe
- from C:\RCXDD0E.tmp to <Current directory>\tQUq.exe
- from C:\RCXDA8D.tmp to <Current directory>\hkMo.exe
- from C:\RCXD1D1.tmp to <Current directory>\IEkK.exe
- from C:\RCXCF7F.tmp to <Current directory>\rMsI.exe
- from C:\RCXD4C0.tmp to <Current directory>\iggC.exe
- from C:\RCXD2FB.tmp to <Current directory>\sQYm.exe
- from C:\RCXE915.tmp to <Current directory>\skIW.exe
- from C:\RCXE656.tmp to <Current directory>\iAks.exe
- from C:\RCXEBD5.tmp to <Current directory>\SgMU.exe
- from C:\RCXEA10.tmp to <Current directory>\pEcg.exe
- from C:\RCXE29B.tmp to <Current directory>\AYcM.exe
- from C:\RCXDF40.tmp to <Current directory>\XskI.exe
- from C:\RCXE50D.tmp to <Current directory>\Vkck.exe
- from C:\RCXE403.tmp to <Current directory>\sUIU.exe
- from C:\RCXCE66.tmp to <Current directory>\oIgc.exe
- from C:\RCXB752.tmp to <Current directory>\hUkA.exe
- from C:\RCXB5EA.tmp to <Current directory>\zIQk.exe
- from C:\RCXBC63.tmp to <Current directory>\SEwy.exe
- from C:\RCXBBA6.tmp to <Current directory>\QoAO.exe
- from C:\RCXAC85.tmp to <Current directory>\BUIU.exe
- from C:\RCXA9C6.tmp to <Current directory>\tIYg.exe
- from C:\RCXB473.tmp to <Current directory>\RYQw.exe
- from C:\RCXAF82.tmp to <Current directory>\uAIY.exe
- from C:\RCXC86A.tmp to <Current directory>\XcIy.exe
- from C:\RCXC6C4.tmp to <Current directory>\pMMa.exe
- from C:\RCXCC91.tmp to <Current directory>\eYYo.exe
- from C:\RCXC9D2.tmp to <Current directory>\AckE.exe
- from C:\RCXC00D.tmp to <Current directory>\yoMO.exe
- from C:\RCXBDCA.tmp to <Current directory>\NEkw.exe
- from C:\RCXC397.tmp to <Current directory>\BEok.exe
- from C:\RCXC174.tmp to <Current directory>\dQgc.exe
- from C:\RCXEDF8.tmp to <Current directory>\DAMM.exe
- from C:\RCX15AB.tmp to <Current directory>\ekwe.exe
- from C:\RCX1443.tmp to <Current directory>\QQUo.exe
- from C:\RCX1BA6.tmp to <Current directory>\IUEs.exe
- from C:\RCX1A7C.tmp to <Current directory>\RsAO.exe
- from C:\RCXDCB.tmp to <Current directory>\mocw.exe
- from C:\RCXC05.tmp to <Current directory>\McsO.exe
- from C:\RCX12AD.tmp to <Current directory>\fcUU.exe
- from C:\RCXFAF.tmp to <Current directory>\LwAK.exe
- from C:\RCX256C.tmp to <Current directory>\okcA.exe
- from C:\RCX24A0.tmp to <Current directory>\lQkA.exe
- from C:\RCX2751.tmp to <Current directory>\DUws.exe
- from C:\RCX2676.tmp to <Current directory>\rksk.exe
- from C:\RCX1D3D.tmp to <Current directory>\Rkwu.exe
- from C:\RCX1C81.tmp to <Current directory>\YcAS.exe
- from C:\RCX21E1.tmp to <Current directory>\xUIg.exe
- from C:\RCX1F51.tmp to <Current directory>\PIMk.exe
- from C:\RCXB1A.tmp to <Current directory>\Agcq.exe
- from C:\RCXF963.tmp to <Current directory>\DcAQ.exe
- from C:\RCXF7FB.tmp to <Current directory>\jMgK.exe
- from C:\RCXFC71.tmp to <Current directory>\CscU.exe
- from C:\RCXFAEA.tmp to <Current directory>\AEgy.exe
- from C:\RCXF26D.tmp to <Current directory>\EUYo.exe
- from C:\RCXF088.tmp to <Current directory>\fAMa.exe
- from C:\RCXF617.tmp to <Current directory>\yAgA.exe
- from C:\RCXF4BF.tmp to <Current directory>\coQI.exe
- from C:\RCX7EC.tmp to <Current directory>\rkgS.exe
- from C:\RCX694.tmp to <Current directory>\SkYs.exe
- from C:\RCXA9C.tmp to <Current directory>\CoEG.exe
- from C:\RCX9F0.tmp to <Current directory>\VwwA.exe
- from C:\RCXA8.tmp to <Current directory>\pQwE.exe
- from C:\RCXFEA4.tmp to <Current directory>\PwAE.exe
- from C:\RCX50D.tmp to <Current directory>\gMcO.exe
- from C:\RCX2DA.tmp to <Current directory>\QIUK.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'rSYkcwMw.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'GocwIYEU.exe'