Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\taskhost.exe'
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\uoMgcYwc.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' /pid=0xb7c /log
- '<SYSTEM32>\reg.exe' 0xa3c cscript.exe
- '<SYSTEM32>\reg.exe' 0x9f8 <Virus name>.exe
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\KIccoMoo.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=0x540 /log
- '<SYSTEM32>\reg.exe' /pid=0x960 /log
- '<SYSTEM32>\cscript.exe' 0x11c cscript.exe
- '<SYSTEM32>\cscript.exe' 0xa2c <Virus name>.exe
- '<SYSTEM32>\cscript.exe' /c ""%TEMP%\qiwAUcMA.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' 0x93c <Virus name>.exe
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\TSYIAQoU.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\cscript.exe' /pid=0x948 /log
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- <Current directory>\VIcS.exe
- C:\RCXCFC5.tmp
- <Current directory>\VOkM.ico
- <Current directory>\OMEs.exe
- C:\RCXCEAC.tmp
- <Current directory>\dgIk.ico
- <Current directory>\ossE.exe
- <Current directory>\NwUK.exe
- C:\RCXD257.tmp
- %TEMP%\AqMgQEso.bat
- C:\RCXD091.tmp
- %TEMP%\jeAcIQgA.bat
- <Current directory>\SQkM.ico
- <Current directory>\qeQg.ico
- C:\RCXC68D.tmp
- <Current directory>\kMIw.ico
- <Current directory>\VoIq.exe
- C:\RCXC554.tmp
- <Current directory>\eYIw.ico
- <Current directory>\oksW.exe
- C:\RCXC8BF.tmp
- <Current directory>\ikMQ.ico
- <Current directory>\UcIi.exe
- C:\RCXCCD7.tmp
- <Current directory>\KEYc.ico
- <Current directory>\ysoA.exe
- C:\RCXCB8E.tmp
- C:\RCXDC3C.tmp
- <Current directory>\OmMA.ico
- <Current directory>\fIAW.exe
- C:\RCXDB9F.tmp
- <Current directory>\fowg.ico
- <Current directory>\kYgs.exe
- C:\RCXDDA4.tmp
- <Current directory>\Owgc.ico
- <Current directory>\JgMY.exe
- C:\RCXDFF6.tmp
- <Current directory>\pmMg.ico
- <Current directory>\rwUw.exe
- C:\RCXDF1B.tmp
- <Current directory>\usYI.exe
- <Current directory>\twcQ.ico
- <Current directory>\iIce.exe
- C:\RCXD507.tmp
- <Current directory>\BgAc.ico
- <Current directory>\vMUO.exe
- C:\RCXD44B.tmp
- <Current directory>\QUsg.ico
- <Current directory>\Ekky.exe
- C:\RCXD96C.tmp
- <Current directory>\DsEQ.ico
- <Current directory>\bowA.exe
- C:\RCXD71A.tmp
- <Current directory>\yGEc.ico
- <Current directory>\nAEI.ico
- <Current directory>\IcYY.exe
- C:\RCXB226.tmp
- <Current directory>\OAQA.ico
- <Current directory>\EkgG.exe
- C:\RCXB0DE.tmp
- <Current directory>\AMws.ico
- <Current directory>\MEMm.exe
- C:\RCXB63E.tmp
- <Current directory>\lIcM.ico
- <Current directory>\BokO.exe
- C:\RCXB4D6.tmp
- <Current directory>\tasg.ico
- C:\RCXAFF3.tmp
- %TEMP%\gwwEcwYQ.bat
- <Current directory>\bSQU.ico
- <Current directory>\YQYk.exe
- <Current directory>\gQMY.ico
- <Current directory>\JIQS.exe
- C:\RCXA95B.tmp
- C:\RCXAAE2.tmp
- C:\RCXAEF8.tmp
- <Current directory>\tmQs.ico
- <Current directory>\ocMK.exe
- %TEMP%\RewEYIgA.bat
- <Current directory>\Xoco.ico
- <Current directory>\VwMA.exe
- C:\RCXBECC.tmp
- <Current directory>\OggM.ico
- <Current directory>\gMMY.exe
- <Current directory>\AiIQ.ico
- %TEMP%\KwUEsYgo.bat
- <Current directory>\mUAE.exe
- %TEMP%\uoMgcYwc.bat
- C:\RCXC38E.tmp
- <Current directory>\hgsk.ico
- <Current directory>\xwgO.exe
- C:\RCXC16B.tmp
- <Current directory>\IwEo.ico
- <Current directory>\VAUw.exe
- C:\RCXBD93.tmp
- <Current directory>\Aswk.exe
- C:\RCXB890.tmp
- <Current directory>\EIog.ico
- <Current directory>\GgQI.exe
- C:\RCXB748.tmp
- <Current directory>\kuok.ico
- <Current directory>\ZoAc.exe
- C:\RCXBC79.tmp
- <Current directory>\oKQM.ico
- <Current directory>\BggI.exe
- C:\RCXBAE2.tmp
- <Current directory>\QaYI.ico
- <Current directory>\QkIm.exe
- <Current directory>\YAgU.exe
- C:\RCX48E.tmp
- <Current directory>\RGAw.ico
- <Current directory>\zMwU.exe
- C:\RCX133.tmp
- <Current directory>\AQcQ.ico
- <Current directory>\SsMa.exe
- <Current directory>\mUsq.exe
- C:\RCX645.tmp
- <Current directory>\RywY.ico
- C:\RCX53A.tmp
- %TEMP%\xUIIAAUM.bat
- <Current directory>\EIok.ico
- <Current directory>\Eqoo.ico
- C:\RCXFBA3.tmp
- <Current directory>\wIMU.ico
- <Current directory>\MAog.exe
- C:\RCXF923.tmp
- <Current directory>\GqMQ.ico
- <Current directory>\qkoE.exe
- C:\RCXFC31.tmp
- <Current directory>\YEsQ.ico
- <Current directory>\GYQm.exe
- C:\RCXFF8D.tmp
- <Current directory>\CSUA.ico
- <Current directory>\Icwo.exe
- C:\RCXFE73.tmp
- C:\RCX1059.tmp
- <Current directory>\QKsE.ico
- <Current directory>\GUky.exe
- C:\RCXE93.tmp
- <Current directory>\feUE.ico
- <Current directory>\BsUw.exe
- C:\RCX1327.tmp
- <Current directory>\asMk.ico
- <Current directory>\ckks.exe
- C:\RCX1626.tmp
- <Current directory>\omYo.ico
- <Current directory>\Twgo.exe
- C:\RCX1431.tmp
- <Current directory>\rQsG.exe
- <Current directory>\PMQs.ico
- <Current directory>\ToUU.exe
- C:\RCXA0E.tmp
- <Current directory>\hAok.exe
- C:\RCX8A6.tmp
- %TEMP%\KIccoMoo.bat
- <Current directory>\TWwo.ico
- <Current directory>\cUsG.exe
- C:\RCXD79.tmp
- <Current directory>\IyAM.ico
- <Current directory>\GAkw.exe
- C:\RCXC21.tmp
- <Current directory>\fmEk.ico
- <Current directory>\bSAE.ico
- <Current directory>\VIIk.exe
- C:\RCXEA0A.tmp
- <Current directory>\Nqwc.ico
- <Current directory>\dYsu.exe
- C:\RCXE8D1.tmp
- <Current directory>\PGwA.ico
- <Current directory>\jsUa.exe
- C:\RCXEC5D.tmp
- <Current directory>\eOgY.ico
- <Current directory>\cQQO.exe
- C:\RCXEB53.tmp
- <Current directory>\SYQY.ico
- C:\RCXE76A.tmp
- C:\RCXE219.tmp
- <Current directory>\hKww.ico
- %TEMP%\qWMoAQIg.bat
- <Current directory>\SoYk.ico
- <Current directory>\XIAm.exe
- %TEMP%\QYQgIsgY.bat
- <Current directory>\REEE.exe
- C:\RCXE566.tmp
- <Current directory>\IUss.ico
- <Current directory>\fEEa.exe
- C:\RCXE381.tmp
- <Current directory>\LQso.ico
- <Current directory>\CMQc.exe
- C:\RCXF50A.tmp
- <Current directory>\KEgQ.ico
- <Current directory>\ZAEw.exe
- <Current directory>\sOUg.ico
- %TEMP%\CWQkowME.bat
- <Current directory>\LwAS.exe
- %TEMP%\qiwAUcMA.bat
- C:\RCXF6F0.tmp
- <Current directory>\ouYY.ico
- <Current directory>\RIAE.exe
- C:\RCXF605.tmp
- <Current directory>\dEAM.ico
- <Current directory>\MgQu.exe
- C:\RCXF2E7.tmp
- <Current directory>\OMgu.exe
- C:\RCXEE91.tmp
- <Current directory>\sQgI.ico
- <Current directory>\yYoG.exe
- C:\RCXEDB5.tmp
- <Current directory>\IOYc.ico
- <Current directory>\rccS.exe
- C:\RCXF1CE.tmp
- <Current directory>\xCYU.ico
- <Current directory>\GgUe.exe
- C:\RCXEF6C.tmp
- <Current directory>\cqAg.ico
- <Current directory>\ScAc.exe
- C:\RCXA63E.tmp
- <Current directory>\KwcQ.ico
- <Current directory>\AsIQ.exe
- C:\RCX4FC9.tmp
- <Current directory>\uaoQ.ico
- <Current directory>\gIQA.exe
- C:\RCX4E42.tmp
- <Current directory>\RKIw.ico
- <Current directory>\COgQ.ico
- <Current directory>\qYcs.exe
- C:\RCX517F.tmp
- <Current directory>\DEMk.exe
- %TEMP%\vuQgwUIY.bat
- C:\RCX50D3.tmp
- C:\RCX4BFF.tmp
- <Current directory>\WoEo.exe
- C:\RCX4680.tmp
- <Current directory>\bUYo.ico
- <Current directory>\Rwcm.exe
- C:\RCX42A9.tmp
- <Current directory>\TmEk.ico
- <Current directory>\pwgs.exe
- C:\RCX4A88.tmp
- <Current directory>\LiEY.ico
- <Current directory>\zYUk.exe
- C:\RCX4855.tmp
- <Current directory>\ocoo.ico
- <Current directory>\pgkA.exe
- <Current directory>\Gygw.ico
- <Current directory>\JUAi.exe
- C:\RCX6045.tmp
- <Current directory>\WqYE.ico
- <Current directory>\JcIe.exe
- C:\RCX5F4A.tmp
- <Current directory>\WIgM.ico
- <Current directory>\JcoW.exe
- C:\RCX61DC.tmp
- <Current directory>\wSIE.ico
- <Current directory>\MogM.exe
- C:\RCX60F1.tmp
- <Current directory>\EaAQ.ico
- C:\RCX59CD.tmp
- C:\RCX5393.tmp
- <Current directory>\lIok.ico
- <Current directory>\aEQm.exe
- %TEMP%\moEEMUkM.bat
- <Current directory>\CgIE.ico
- <Current directory>\lkAE.exe
- C:\RCX571D.tmp
- <Auxiliary element>
- <Current directory>\fAYU.ico
- <Current directory>\uEEE.exe
- <Current directory>\baIE.ico
- <Current directory>\BEkm.exe
- C:\RCX5865.tmp
- C:\RCX2453.tmp
- <Current directory>\CSUg.ico
- <Current directory>\GIsq.exe
- C:\RCX1E69.tmp
- <Current directory>\MIYo.ico
- <Current directory>\cIko.exe
- C:\RCX283B.tmp
- <Current directory>\IqMQ.ico
- <Current directory>\tIAC.exe
- C:\RCX2F1F.tmp
- <Current directory>\pUIw.ico
- <Current directory>\iUsU.exe
- C:\RCX2CBE.tmp
- <Current directory>\zUsu.exe
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- %TEMP%\HIMIkkEU.bat
- <Current directory>\<Virus name>
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- C:\ProgramData\kaog.txt
- <Current directory>\wsUA.exe
- C:\RCX161E.tmp
- <Current directory>\XYwo.ico
- %TEMP%\HeMYYsAo.bat
- %TEMP%\file.vbs
- <Current directory>\Iess.ico
- %TEMP%\CSUAsscI.bat
- <Current directory>\YEMe.exe
- C:\RCX3D87.tmp
- <Current directory>\MUQY.exe
- C:\RCX3BD1.tmp
- <Current directory>\LqQI.ico
- <Current directory>\AccY.ico
- <Current directory>\wQcs.exe
- C:\RCX40F3.tmp
- <Current directory>\SkEc.ico
- <Current directory>\SsII.exe
- C:\RCX3FBA.tmp
- <Current directory>\XYcs.ico
- %TEMP%\mMYMAYsQ.bat
- <Current directory>\biII.ico
- <Current directory>\xIky.exe
- C:\RCX370E.tmp
- <Current directory>\RAcg.ico
- <Current directory>\YkwE.exe
- C:\RCX3642.tmp
- <Current directory>\fyYQ.ico
- <Current directory>\kcog.exe
- C:\RCX3970.tmp
- <Current directory>\wekM.ico
- <Current directory>\aAAS.exe
- C:\RCX37AB.tmp
- <Current directory>\MOow.ico
- <Current directory>\csMw.ico
- <Current directory>\eMcQ.exe
- C:\RCX936E.tmp
- <Current directory>\leww.ico
- <Current directory>\PwkO.exe
- C:\RCX9207.tmp
- <Current directory>\piQc.ico
- <Current directory>\LAwQ.exe
- C:\RCX9709.tmp
- %TEMP%\ioMUcMQA.bat
- <Current directory>\IIIS.exe
- C:\RCX95A1.tmp
- <Current directory>\KmsE.ico
- C:\RCX913B.tmp
- <Current directory>\OoIK.exe
- C:\RCX8EA9.tmp
- <Current directory>\Awco.ico
- <Current directory>\MkQq.exe
- C:\RCX889F.tmp
- <Current directory>\dIsU.ico
- <Current directory>\lkwK.exe
- C:\RCX905F.tmp
- <Current directory>\oiEY.ico
- <Current directory>\jkkG.exe
- C:\RCX8F55.tmp
- <Current directory>\raQQ.ico
- <Current directory>\sgsy.exe
- <Current directory>\mgMq.exe
- C:\RCXA19A.tmp
- <Current directory>\QGMs.ico
- <Current directory>\HgwS.exe
- C:\RCXA032.tmp
- <Current directory>\beUs.ico
- <Current directory>\KIQa.exe
- C:\RCXA4B7.tmp
- <Current directory>\qkMA.ico
- <Current directory>\dEsE.exe
- C:\RCXA330.tmp
- <Current directory>\vcso.ico
- <Current directory>\hQEO.exe
- <Current directory>\PkoA.ico
- <Current directory>\Oicc.ico
- <Current directory>\Iwss.exe
- %TEMP%\TYokwEEs.bat
- <Current directory>\gMME.ico
- <Current directory>\xkYW.exe
- C:\RCX9871.tmp
- C:\RCX9A46.tmp
- <Current directory>\IeQg.ico
- <Current directory>\dUgG.exe
- C:\RCX9DB1.tmp
- <Current directory>\Rqow.ico
- <Current directory>\zEQU.exe
- C:\RCX9B9E.tmp
- <Current directory>\GYMy.exe
- C:\RCX6F69.tmp
- <Current directory>\sWIg.ico
- <Current directory>\rEcg.exe
- C:\RCX6CCA.tmp
- <Current directory>\ueUg.ico
- <Current directory>\OEwm.exe
- C:\RCX71FB.tmp
- <Current directory>\YEEY.ico
- <Current directory>\fIIu.exe
- C:\RCX717D.tmp
- <Current directory>\neoM.ico
- <Current directory>\zMIM.exe
- <Current directory>\iIcg.ico
- <Current directory>\hUIw.ico
- <Current directory>\wsEG.exe
- C:\RCX63C2.tmp
- <Current directory>\nAcs.exe
- C:\RCX6298.tmp
- %TEMP%\vMokEYAI.bat
- %TEMP%\bGIQMEYY.bat
- <Current directory>\GqUA.ico
- <Current directory>\oksY.exe
- C:\RCX6A87.tmp
- <Current directory>\sKMg.ico
- <Current directory>\isoM.exe
- C:\RCX672C.tmp
- C:\RCX81C9.tmp
- <Current directory>\Ygkw.ico
- <Current directory>\mwIU.exe
- C:\RCX7F96.tmp
- <Current directory>\SUkM.ico
- <Current directory>\EAMO.exe
- C:\RCX83EC.tmp
- C:\RCX867C.tmp
- %TEMP%\nCgokgkA.bat
- <Current directory>\Bugo.ico
- %TEMP%\gYEkgkQc.bat
- <Current directory>\BoMM.ico
- <Current directory>\Iwka.exe
- <Current directory>\QEwU.exe
- <Current directory>\sUkE.exe
- C:\RCX7602.tmp
- %TEMP%\TSYIAQoU.bat
- C:\RCX73B0.tmp
- %TEMP%\IkYAAAEQ.bat
- <Current directory>\Vaoo.ico
- <Current directory>\pQsM.ico
- <Current directory>\zYME.exe
- C:\RCX7D35.tmp
- <Current directory>\RsIs.ico
- <Current directory>\JwUi.exe
- C:\RCX7789.tmp
- <Current directory>\eAIk.ico
- <Current directory>\VIcS.exe
- <Current directory>\VOkM.ico
- %TEMP%\uoMgcYwc.bat
- <Current directory>\dgIk.ico
- <Current directory>\SQkM.ico
- <Current directory>\NwUK.exe
- <Current directory>\ossE.exe
- %TEMP%\jeAcIQgA.bat
- <Current directory>\OMEs.exe
- <Current directory>\VoIq.exe
- <Current directory>\KEYc.ico
- <Current directory>\oksW.exe
- <Current directory>\kMIw.ico
- <Current directory>\UcIi.exe
- <Current directory>\qeQg.ico
- <Current directory>\ysoA.exe
- <Current directory>\ikMQ.ico
- <Current directory>\BgAc.ico
- <Current directory>\OmMA.ico
- <Current directory>\fIAW.exe
- <Current directory>\fowg.ico
- <Current directory>\kYgs.exe
- <Current directory>\Owgc.ico
- <Current directory>\JgMY.exe
- <Current directory>\pmMg.ico
- <Current directory>\rwUw.exe
- <Current directory>\usYI.exe
- <Current directory>\iIce.exe
- <Current directory>\QUsg.ico
- <Current directory>\vMUO.exe
- <Current directory>\twcQ.ico
- <Current directory>\Ekky.exe
- <Current directory>\DsEQ.ico
- <Current directory>\bowA.exe
- <Current directory>\yGEc.ico
- <Current directory>\AMws.ico
- <Current directory>\BokO.exe
- <Current directory>\nAEI.ico
- <Current directory>\IcYY.exe
- <Current directory>\lIcM.ico
- <Current directory>\GgQI.exe
- <Current directory>\tasg.ico
- <Current directory>\MEMm.exe
- <Current directory>\EkgG.exe
- <Current directory>\YQYk.exe
- <Current directory>\Xoco.ico
- %TEMP%\gwwEcwYQ.bat
- <Current directory>\bSQU.ico
- <Current directory>\ocMK.exe
- <Current directory>\OAQA.ico
- <Current directory>\VwMA.exe
- <Current directory>\tmQs.ico
- <Current directory>\kuok.ico
- <Current directory>\gMMY.exe
- <Current directory>\IwEo.ico
- %TEMP%\KwUEsYgo.bat
- <Current directory>\OggM.ico
- <Current directory>\xwgO.exe
- <Current directory>\eYIw.ico
- <Current directory>\VAUw.exe
- <Current directory>\hgsk.ico
- <Current directory>\mUAE.exe
- <Current directory>\ZoAc.exe
- <Current directory>\QaYI.ico
- <Current directory>\Aswk.exe
- <Current directory>\EIog.ico
- <Current directory>\BggI.exe
- <Current directory>\AiIQ.ico
- <Current directory>\QkIm.exe
- <Current directory>\oKQM.ico
- <Current directory>\AQcQ.ico
- <Current directory>\YAgU.exe
- <Current directory>\Eqoo.ico
- <Current directory>\zMwU.exe
- <Current directory>\SsMa.exe
- %TEMP%\xUIIAAUM.bat
- %TEMP%\qiwAUcMA.bat
- <Current directory>\RGAw.ico
- <Current directory>\GYQm.exe
- <Current directory>\qkoE.exe
- <Current directory>\wIMU.ico
- <Current directory>\RIAE.exe
- <Current directory>\GqMQ.ico
- <Current directory>\Icwo.exe
- <Current directory>\YEsQ.ico
- <Current directory>\MAog.exe
- <Current directory>\CSUA.ico
- <Current directory>\EIok.ico
- <Current directory>\feUE.ico
- <Current directory>\BsUw.exe
- <Current directory>\IyAM.ico
- <Current directory>\rQsG.exe
- <Current directory>\omYo.ico
- <Current directory>\Twgo.exe
- <Current directory>\QKsE.ico
- <Current directory>\GUky.exe
- <Current directory>\cUsG.exe
- <Current directory>\hAok.exe
- <Current directory>\PMQs.ico
- <Current directory>\mUsq.exe
- <Current directory>\RywY.ico
- <Current directory>\GAkw.exe
- <Current directory>\fmEk.ico
- <Current directory>\ToUU.exe
- <Current directory>\TWwo.ico
- <Current directory>\bSAE.ico
- <Current directory>\VIIk.exe
- <Current directory>\Nqwc.ico
- <Current directory>\dYsu.exe
- <Current directory>\SYQY.ico
- <Current directory>\jsUa.exe
- <Current directory>\PGwA.ico
- <Current directory>\cQQO.exe
- <Current directory>\fEEa.exe
- %TEMP%\QYQgIsgY.bat
- <Current directory>\hKww.ico
- <Current directory>\SoYk.ico
- <Current directory>\XIAm.exe
- <Current directory>\CMQc.exe
- <Current directory>\IUss.ico
- <Current directory>\REEE.exe
- <Current directory>\LQso.ico
- <Current directory>\eOgY.ico
- <Current directory>\LwAS.exe
- <Current directory>\KEgQ.ico
- %TEMP%\CWQkowME.bat
- <Current directory>\sOUg.ico
- <Current directory>\MgQu.exe
- <Current directory>\ouYY.ico
- <Current directory>\ZAEw.exe
- <Current directory>\dEAM.ico
- <Current directory>\GgUe.exe
- <Current directory>\OMgu.exe
- <Current directory>\sQgI.ico
- <Current directory>\yYoG.exe
- <Current directory>\IOYc.ico
- <Current directory>\ScAc.exe
- <Current directory>\xCYU.ico
- <Current directory>\rccS.exe
- <Current directory>\cqAg.ico
- %TEMP%\vuQgwUIY.bat
- <Current directory>\COgQ.ico
- <Current directory>\RKIw.ico
- <Current directory>\DEMk.exe
- <Current directory>\lkAE.exe
- <Current directory>\lIok.ico
- <Current directory>\qYcs.exe
- <Current directory>\CgIE.ico
- <Current directory>\AsIQ.exe
- <Current directory>\pgkA.exe
- <Current directory>\LiEY.ico
- <Current directory>\pwgs.exe
- <Current directory>\ocoo.ico
- <Current directory>\gIQA.exe
- <Current directory>\KwcQ.ico
- <Current directory>\zYUk.exe
- <Current directory>\uaoQ.ico
- <Current directory>\aEQm.exe
- <Current directory>\JcoW.exe
- <Current directory>\wSIE.ico
- <Current directory>\MogM.exe
- <Current directory>\EaAQ.ico
- <Current directory>\hUIw.ico
- <Current directory>\wsEG.exe
- <Current directory>\nAcs.exe
- %TEMP%\vMokEYAI.bat
- <Current directory>\WIgM.ico
- <Current directory>\fAYU.ico
- <Current directory>\uEEE.exe
- <Current directory>\baIE.ico
- <Current directory>\BEkm.exe
- <Current directory>\Gygw.ico
- <Current directory>\JUAi.exe
- <Current directory>\WqYE.ico
- <Current directory>\JcIe.exe
- <Current directory>\IqMQ.ico
- <Current directory>\tIAC.exe
- <Current directory>\pUIw.ico
- <Current directory>\iUsU.exe
- <Current directory>\biII.ico
- <Current directory>\xIky.exe
- <Current directory>\RAcg.ico
- <Current directory>\YkwE.exe
- <Current directory>\GIsq.exe
- <Current directory>\wsUA.exe
- <Current directory>\XYwo.ico
- %TEMP%\HIMIkkEU.bat
- <Current directory>\Iess.ico
- <Current directory>\cIko.exe
- <Current directory>\CSUg.ico
- <Current directory>\zUsu.exe
- <Current directory>\MIYo.ico
- <Current directory>\fyYQ.ico
- <Current directory>\wQcs.exe
- <Current directory>\SkEc.ico
- <Current directory>\SsII.exe
- <Current directory>\XYcs.ico
- <Current directory>\WoEo.exe
- <Current directory>\bUYo.ico
- <Current directory>\Rwcm.exe
- <Current directory>\TmEk.ico
- <Current directory>\AccY.ico
- <Current directory>\kcog.exe
- <Current directory>\wekM.ico
- <Current directory>\aAAS.exe
- <Current directory>\MOow.ico
- <Current directory>\LqQI.ico
- <Current directory>\YEMe.exe
- <Current directory>\MUQY.exe
- %TEMP%\mMYMAYsQ.bat
- <Current directory>\IIIS.exe
- <Current directory>\KmsE.ico
- <Current directory>\eMcQ.exe
- <Current directory>\piQc.ico
- <Current directory>\gMME.ico
- <Current directory>\xkYW.exe
- <Current directory>\LAwQ.exe
- %TEMP%\ioMUcMQA.bat
- <Current directory>\csMw.ico
- <Current directory>\raQQ.ico
- <Current directory>\sgsy.exe
- <Current directory>\Awco.ico
- <Current directory>\lkwK.exe
- <Current directory>\leww.ico
- <Current directory>\PwkO.exe
- <Current directory>\oiEY.ico
- <Current directory>\jkkG.exe
- <Current directory>\Oicc.ico
- <Current directory>\vcso.ico
- <Current directory>\hQEO.exe
- <Current directory>\QGMs.ico
- <Current directory>\KIQa.exe
- <Current directory>\gQMY.ico
- <Current directory>\JIQS.exe
- <Current directory>\qkMA.ico
- <Current directory>\dEsE.exe
- <Current directory>\mgMq.exe
- <Current directory>\zEQU.exe
- <Current directory>\IeQg.ico
- <Current directory>\Iwss.exe
- <Current directory>\Rqow.ico
- <Current directory>\HgwS.exe
- <Current directory>\beUs.ico
- <Current directory>\dUgG.exe
- <Current directory>\PkoA.ico
- <Current directory>\zMIM.exe
- <Current directory>\YEEY.ico
- <Current directory>\OEwm.exe
- <Current directory>\neoM.ico
- <Current directory>\Vaoo.ico
- <Current directory>\sUkE.exe
- <Current directory>\fIIu.exe
- %TEMP%\IkYAAAEQ.bat
- <Current directory>\sWIg.ico
- <Current directory>\GqUA.ico
- <Current directory>\oksY.exe
- <Current directory>\sKMg.ico
- <Current directory>\isoM.exe
- <Current directory>\ueUg.ico
- <Current directory>\GYMy.exe
- <Current directory>\iIcg.ico
- <Current directory>\rEcg.exe
- <Current directory>\pQsM.ico
- <Current directory>\BoMM.ico
- <Current directory>\Iwka.exe
- %TEMP%\TSYIAQoU.bat
- %TEMP%\gYEkgkQc.bat
- <Current directory>\dIsU.ico
- <Current directory>\OoIK.exe
- <Current directory>\Bugo.ico
- <Current directory>\MkQq.exe
- <Current directory>\mwIU.exe
- <Current directory>\zYME.exe
- <Current directory>\RsIs.ico
- <Current directory>\JwUi.exe
- <Current directory>\eAIk.ico
- <Current directory>\EAMO.exe
- <Current directory>\Ygkw.ico
- <Current directory>\QEwU.exe
- <Current directory>\SUkM.ico
- from C:\RCXD091.tmp to <Current directory>\ossE.exe
- from C:\RCXCFC5.tmp to <Current directory>\VIcS.exe
- from C:\RCXD44B.tmp to <Current directory>\vMUO.exe
- from C:\RCXD257.tmp to <Current directory>\NwUK.exe
- from C:\RCXCB8E.tmp to <Current directory>\ysoA.exe
- from C:\RCXC8BF.tmp to <Current directory>\VoIq.exe
- from C:\RCXCEAC.tmp to <Current directory>\OMEs.exe
- from C:\RCXCCD7.tmp to <Current directory>\UcIi.exe
- from C:\RCXDDA4.tmp to <Current directory>\fIAW.exe
- from C:\RCXDC3C.tmp to <Current directory>\kYgs.exe
- from C:\RCXDFF6.tmp to <Current directory>\JgMY.exe
- from C:\RCXDF1B.tmp to <Current directory>\rwUw.exe
- from C:\RCXD71A.tmp to <Current directory>\bowA.exe
- from C:\RCXD507.tmp to <Current directory>\iIce.exe
- from C:\RCXDB9F.tmp to <Current directory>\usYI.exe
- from C:\RCXD96C.tmp to <Current directory>\Ekky.exe
- from C:\RCXC68D.tmp to <Current directory>\oksW.exe
- from C:\RCXB4D6.tmp to <Current directory>\BokO.exe
- from C:\RCXB226.tmp to <Current directory>\IcYY.exe
- from C:\RCXB748.tmp to <Current directory>\GgQI.exe
- from C:\RCXB63E.tmp to <Current directory>\MEMm.exe
- from C:\RCXAEF8.tmp to <Current directory>\VwMA.exe
- from C:\RCXAAE2.tmp to <Current directory>\YQYk.exe
- from C:\RCXB0DE.tmp to <Current directory>\EkgG.exe
- from C:\RCXAFF3.tmp to <Current directory>\ocMK.exe
- from C:\RCXC16B.tmp to <Current directory>\gMMY.exe
- from C:\RCXBECC.tmp to <Current directory>\mUAE.exe
- from C:\RCXC554.tmp to <Current directory>\xwgO.exe
- from C:\RCXC38E.tmp to <Current directory>\VAUw.exe
- from C:\RCXBAE2.tmp to <Current directory>\ZoAc.exe
- from C:\RCXB890.tmp to <Current directory>\Aswk.exe
- from C:\RCXBD93.tmp to <Current directory>\BggI.exe
- from C:\RCXBC79.tmp to <Current directory>\QkIm.exe
- from C:\RCX48E.tmp to <Current directory>\YAgU.exe
- from C:\RCX133.tmp to <Current directory>\zMwU.exe
- from C:\RCX645.tmp to <Current directory>\mUsq.exe
- from C:\RCX53A.tmp to <Current directory>\SsMa.exe
- from C:\RCXFC31.tmp to <Current directory>\MAog.exe
- from C:\RCXFBA3.tmp to <Current directory>\qkoE.exe
- from C:\RCXFF8D.tmp to <Current directory>\GYQm.exe
- from C:\RCXFE73.tmp to <Current directory>\Icwo.exe
- from C:\RCX1059.tmp to <Current directory>\BsUw.exe
- from C:\RCXE93.tmp to <Current directory>\rQsG.exe
- from C:\RCX1431.tmp to <Current directory>\Twgo.exe
- from C:\RCX1327.tmp to <Current directory>\GUky.exe
- from C:\RCXA0E.tmp to <Current directory>\ToUU.exe
- from C:\RCX8A6.tmp to <Current directory>\hAok.exe
- from C:\RCXD79.tmp to <Current directory>\cUsG.exe
- from C:\RCXC21.tmp to <Current directory>\GAkw.exe
- from C:\RCXF923.tmp to <Current directory>\RIAE.exe
- from C:\RCXEA0A.tmp to <Current directory>\VIIk.exe
- from C:\RCXE8D1.tmp to <Current directory>\dYsu.exe
- from C:\RCXEC5D.tmp to <Current directory>\jsUa.exe
- from C:\RCXEB53.tmp to <Current directory>\cQQO.exe
- from C:\RCXE381.tmp to <Current directory>\REEE.exe
- from C:\RCXE219.tmp to <Current directory>\XIAm.exe
- from C:\RCXE76A.tmp to <Current directory>\fEEa.exe
- from C:\RCXE566.tmp to <Current directory>\CMQc.exe
- from C:\RCXF50A.tmp to <Current directory>\LwAS.exe
- from C:\RCXF2E7.tmp to <Current directory>\GgUe.exe
- from C:\RCXF6F0.tmp to <Current directory>\MgQu.exe
- from C:\RCXF605.tmp to <Current directory>\ZAEw.exe
- from C:\RCXEE91.tmp to <Current directory>\OMgu.exe
- from C:\RCXEDB5.tmp to <Current directory>\yYoG.exe
- from C:\RCXF1CE.tmp to <Current directory>\ScAc.exe
- from C:\RCXEF6C.tmp to <Current directory>\rccS.exe
- from C:\RCX517F.tmp to <Current directory>\qYcs.exe
- from C:\RCX50D3.tmp to <Current directory>\DEMk.exe
- from C:\RCX571D.tmp to <Current directory>\aEQm.exe
- from C:\RCX5393.tmp to <Current directory>\lkAE.exe
- from C:\RCX4BFF.tmp to <Current directory>\zYUk.exe
- from C:\RCX4A88.tmp to <Current directory>\pgkA.exe
- from C:\RCX4FC9.tmp to <Current directory>\AsIQ.exe
- from C:\RCX4E42.tmp to <Current directory>\gIQA.exe
- from C:\RCX61DC.tmp to <Current directory>\JcoW.exe
- from C:\RCX60F1.tmp to <Current directory>\MogM.exe
- from C:\RCX63C2.tmp to <Current directory>\wsEG.exe
- from C:\RCX6298.tmp to <Current directory>\nAcs.exe
- from C:\RCX59CD.tmp to <Current directory>\uEEE.exe
- from C:\RCX5865.tmp to <Current directory>\BEkm.exe
- from C:\RCX6045.tmp to <Current directory>\JUAi.exe
- from C:\RCX5F4A.tmp to <Current directory>\JcIe.exe
- from C:\RCX4855.tmp to <Current directory>\pwgs.exe
- from C:\RCX2F1F.tmp to <Current directory>\tIAC.exe
- from C:\RCX2CBE.tmp to <Current directory>\iUsU.exe
- from C:\RCX370E.tmp to <Current directory>\xIky.exe
- from C:\RCX3642.tmp to <Current directory>\YkwE.exe
- from C:\RCX1E69.tmp to <Current directory>\zUsu.exe
- from C:\RCX161E.tmp to <Current directory>\wsUA.exe
- from C:\RCX283B.tmp to <Current directory>\GIsq.exe
- from C:\RCX2453.tmp to <Current directory>\cIko.exe
- from C:\RCX40F3.tmp to <Current directory>\wQcs.exe
- from C:\RCX3FBA.tmp to <Current directory>\SsII.exe
- from C:\RCX4680.tmp to <Current directory>\WoEo.exe
- from C:\RCX42A9.tmp to <Current directory>\Rwcm.exe
- from C:\RCX3970.tmp to <Current directory>\kcog.exe
- from C:\RCX37AB.tmp to <Current directory>\aAAS.exe
- from C:\RCX3D87.tmp to <Current directory>\YEMe.exe
- from C:\RCX3BD1.tmp to <Current directory>\MUQY.exe
- from C:\RCX9709.tmp to <Current directory>\LAwQ.exe
- from C:\RCX95A1.tmp to <Current directory>\IIIS.exe
- from C:\RCX9A46.tmp to <Current directory>\Iwss.exe
- from C:\RCX9871.tmp to <Current directory>\xkYW.exe
- from C:\RCX913B.tmp to <Current directory>\jkkG.exe
- from C:\RCX905F.tmp to <Current directory>\sgsy.exe
- from C:\RCX936E.tmp to <Current directory>\eMcQ.exe
- from C:\RCX9207.tmp to <Current directory>\PwkO.exe
- from C:\RCXA4B7.tmp to <Current directory>\hQEO.exe
- from C:\RCXA330.tmp to <Current directory>\KIQa.exe
- from C:\RCXA95B.tmp to <Current directory>\JIQS.exe
- from C:\RCXA63E.tmp to <Current directory>\dEsE.exe
- from C:\RCX9DB1.tmp to <Current directory>\dUgG.exe
- from C:\RCX9B9E.tmp to <Current directory>\zEQU.exe
- from C:\RCXA19A.tmp to <Current directory>\mgMq.exe
- from C:\RCXA032.tmp to <Current directory>\HgwS.exe
- from C:\RCX8F55.tmp to <Current directory>\lkwK.exe
- from C:\RCX71FB.tmp to <Current directory>\zMIM.exe
- from C:\RCX717D.tmp to <Current directory>\OEwm.exe
- from C:\RCX7602.tmp to <Current directory>\sUkE.exe
- from C:\RCX73B0.tmp to <Current directory>\fIIu.exe
- from C:\RCX6A87.tmp to <Current directory>\oksY.exe
- from C:\RCX672C.tmp to <Current directory>\isoM.exe
- from C:\RCX6F69.tmp to <Current directory>\GYMy.exe
- from C:\RCX6CCA.tmp to <Current directory>\rEcg.exe
- from C:\RCX867C.tmp to <Current directory>\Iwka.exe
- from C:\RCX83EC.tmp to <Current directory>\mwIU.exe
- from C:\RCX8EA9.tmp to <Current directory>\OoIK.exe
- from C:\RCX889F.tmp to <Current directory>\MkQq.exe
- from C:\RCX7D35.tmp to <Current directory>\zYME.exe
- from C:\RCX7789.tmp to <Current directory>\JwUi.exe
- from C:\RCX81C9.tmp to <Current directory>\EAMO.exe
- from C:\RCX7F96.tmp to <Current directory>\QEwU.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'GocwIYEU.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'rSYkcwMw.exe'