Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aeEkEEcE.exe' = '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pUccUkoM.exe' = '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- hidden files
- file extensions
- User Account Control (UAC)
- '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\zqAkYwkA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\gOMoEMYc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\WKosYYsA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ogswMswM.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\zEwcAUgA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\MsYAMMAE.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\uyMwQowA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\IYYAkAQI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\kCEgMcco.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\noYMMYoc.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=2588
- '<SYSTEM32>\cscript.exe' /pid=3444
- '<SYSTEM32>\reg.exe' /pid=884
- '<SYSTEM32>\cscript.exe' /pid=236
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\BYMoYcgU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\hcMUgIgw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\VeUcMgwE.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\XuwEQwYA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\oCkkYQAg.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3140
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\NqAUowko.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3284
- '<SYSTEM32>\cscript.exe' /pid=2756
- '<SYSTEM32>\reg.exe' /pid=1392
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\CiAwgUIU.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=2444
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\lugQoMcA.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3684
- '<SYSTEM32>\reg.exe' /pid=3280
- '<SYSTEM32>\reg.exe' /pid=2816
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\ZwkgoYEg.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\pEwooUkw.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=6104
- '<SYSTEM32>\reg.exe' /pid=6120
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\GucoAgsg.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\jeYsQkAs.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' /pid=3960
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\IqMwUgcw.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=6048
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\LyEEsAUU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ucAMYUQI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ocskcIkk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\uqoAwcAE.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\pEsQAIoQ.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' %TEMP%\file.vbs
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RcUkAwQA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\NaMoQsco.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\JikMoIAY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\JMwMoEEc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\oaAcgAQc.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\smYUoYsk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\SSMYAgkU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\huwUAUgw.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' %TEMP%\file.vbs
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\GqcIUAoU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\yAEUMIUI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=4024
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ZEgMkwkk.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3448
- '<SYSTEM32>\reg.exe' /pid=3844
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\XwgAYsMM.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=888
- '<SYSTEM32>\reg.exe' /pid=1400
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' /pid=3756
- '<SYSTEM32>\reg.exe' /pid=3812
- '<SYSTEM32>\cscript.exe'
- '<SYSTEM32>\cscript.exe' /pid=2904
- '<SYSTEM32>\reg.exe' /pid=3012
- '<SYSTEM32>\reg.exe' /pid=3276
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\aGkUYIos.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3576
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\casoIMkI.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=3392
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\DusIowwo.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\mWMUsEQA.bat" "<Full path to virus>""
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\reg.exe
- C:\RCX31.tmp
- <Current directory>\AMkg.ico
- <Current directory>\qcEu.exe
- C:\RCX30.tmp
- <Current directory>\fMAo.ico
- <Current directory>\XwMO.exe
- C:\RCX33.tmp
- <Current directory>\fwMw.ico
- <Current directory>\aAMo.exe
- C:\RCX32.tmp
- %TEMP%\kCEgMcco.bat
- <Current directory>\GgMi.ico
- C:\RCX2E.tmp
- <Current directory>\BsoQ.ico
- <Current directory>\FkIM.exe
- <Current directory>\Wkwa.ico
- <Current directory>\AcUq.exe
- %TEMP%\TGscIUMs.bat
- <Current directory>\LYsU.exe
- C:\RCX2F.tmp
- <Current directory>\QsUG.exe
- C:\RCX37.tmp
- <Current directory>\gcMc.ico
- C:\RCX36.tmp
- %TEMP%\IYYAkAQI.bat
- %TEMP%\uyMwQowA.bat
- %TEMP%\rMgsAoYQ.bat
- %TEMP%\ieYMAIkA.bat
- %TEMP%\cUkYIksg.bat
- %TEMP%\MsYAMMAE.bat
- C:\RCX34.tmp
- %TEMP%\fKQcgkQo.bat
- <Current directory>\dgsA.exe
- <Current directory>\PAkq.ico
- %TEMP%\noYMMYoc.bat
- <Current directory>\kYgm.ico
- <Current directory>\dgAM.exe
- C:\RCX35.tmp
- <Current directory>\fIwe.ico
- <Current directory>\Tgoe.exe
- %TEMP%\juYwMkMo.bat
- C:\RCX26.tmp
- <Current directory>\QYMS.exe
- <Current directory>\uUcG.ico
- %TEMP%\WKosYYsA.bat
- <Current directory>\cYEA.ico
- <Current directory>\sQQk.exe
- C:\RCX27.tmp
- <Current directory>\bEoK.ico
- <Current directory>\jgwy.exe
- C:\RCX23.tmp
- <Current directory>\rcgK.ico
- <Current directory>\UgYe.exe
- C:\RCX22.tmp
- <Current directory>\LQIu.ico
- <Current directory>\oEoc.exe
- C:\RCX25.tmp
- <Current directory>\PwQs.ico
- <Current directory>\lEAY.exe
- C:\RCX24.tmp
- <Current directory>\ikkG.ico
- <Current directory>\EkgS.exe
- %TEMP%\gOMoEMYc.bat
- <Current directory>\WwgE.exe
- C:\RCX2B.tmp
- <Current directory>\bswG.exe
- C:\RCX2D.tmp
- <Current directory>\Kgse.ico
- C:\RCX2C.tmp
- %TEMP%\HyMUAsIE.bat
- <Current directory>\XMks.exe
- %TEMP%\QGMIgUcQ.bat
- <Current directory>\sAYK.ico
- C:\RCX28.tmp
- %TEMP%\zqAkYwkA.bat
- C:\RCX2A.tmp
- <Current directory>\MQko.ico
- <Current directory>\LMQw.exe
- C:\RCX29.tmp
- <Current directory>\EYga.ico
- %TEMP%\NqAUowko.bat
- %TEMP%\ZwkgoYEg.bat
- <Current directory>\lIQK.ico
- C:\RCX44.tmp
- <Current directory>\HUoO.ico
- <Current directory>\XEIG.exe
- <Current directory>\issQ.exe
- %TEMP%\lugQoMcA.bat
- <Current directory>\roIW.ico
- <Current directory>\TQgU.exe
- C:\RCX45.tmp
- <Current directory>\BIgC.ico
- <Current directory>\pEEK.exe
- C:\RCX41.tmp
- <Current directory>\owsu.ico
- <Current directory>\UgAU.exe
- C:\RCX43.tmp
- %TEMP%\xkAIgoIE.bat
- <Current directory>\Pwsk.exe
- C:\RCX42.tmp
- <Current directory>\bUgg.ico
- C:\RCX4A.tmp
- <Current directory>\ewsu.ico
- <Current directory>\KMwI.exe
- C:\RCX49.tmp
- <Current directory>\kIAo.ico
- <Current directory>\xYUy.exe
- C:\RCX4C.tmp
- <Current directory>\jwcI.ico
- <Current directory>\Rggw.exe
- C:\RCX4B.tmp
- C:\RCX47.tmp
- <Current directory>\mUQq.ico
- <Current directory>\xIIs.exe
- C:\RCX46.tmp
- <Current directory>\IMMQ.ico
- <Current directory>\uUcY.ico
- <Current directory>\xQgm.exe
- %TEMP%\VoYkUYwA.bat
- <Current directory>\bMIo.exe
- C:\RCX48.tmp
- <Current directory>\bcYM.exe
- C:\RCX39.tmp
- %TEMP%\MssYUkgQ.bat
- C:\RCX38.tmp
- <Current directory>\IskS.ico
- <Current directory>\IgoG.ico
- <Current directory>\Ksgm.exe
- C:\RCX3A.tmp
- <Current directory>\Ucog.ico
- <Current directory>\bUAy.exe
- %TEMP%\jeYsQkAs.bat
- %TEMP%\gEsUYsUk.bat
- %TEMP%\FUkIIkUk.bat
- %TEMP%\QSgosMAE.bat
- %TEMP%\GucoAgsg.bat
- <Current directory>\wUEm.exe
- %TEMP%\pEwooUkw.bat
- <Current directory>\pwEM.ico
- %TEMP%\KwMoUMoQ.bat
- %TEMP%\iKEYUoos.bat
- <Current directory>\osMy.ico
- <Current directory>\jMwG.exe
- %TEMP%\CiAwgUIU.bat
- <Current directory>\Cokq.exe
- C:\RCX3E.tmp
- <Current directory>\esQe.exe
- C:\RCX40.tmp
- <Current directory>\wwMY.ico
- %TEMP%\DUYwogoE.bat
- C:\RCX3F.tmp
- <Current directory>\QEYu.exe
- %TEMP%\dcUgocIg.bat
- <Current directory>\looG.ico
- C:\RCX3B.tmp
- %TEMP%\IqMwUgcw.bat
- C:\RCX3D.tmp
- <Current directory>\ecAu.ico
- <Current directory>\ZAwk.exe
- C:\RCX3C.tmp
- <Current directory>\hsQG.ico
- <Current directory>\Vgwc.ico
- <Current directory>\tose.exe
- C:\RCX3.tmp
- <Current directory>\QEEi.ico
- <Current directory>\ZkkC.exe
- <Current directory>\ToYk.exe
- C:\RCX5.tmp
- <Current directory>\hsIO.ico
- C:\RCX4.tmp
- %TEMP%\ZEgMkwkk.bat
- <Current directory>\xAMq.exe
- C:\RCX1.tmp
- <Current directory>\LUwS.ico
- %TEMP%\casoIMkI.bat
- %TEMP%\XCcEsMko.bat
- <Current directory>\EQYq.exe
- C:\RCX2.tmp
- <Current directory>\QsoI.ico
- %TEMP%\XwgAYsMM.bat
- %TEMP%\rCosQkYs.bat
- <Current directory>\yQwg.ico
- <Current directory>\ucAO.exe
- C:\RCX9.tmp
- <Current directory>\OkYG.ico
- <Current directory>\GgUa.exe
- C:\RCXB.tmp
- <Current directory>\RAwE.ico
- <Current directory>\YoIu.exe
- C:\RCXA.tmp
- <Current directory>\kYss.ico
- C:\RCX6.tmp
- <Current directory>\lQkG.ico
- <Current directory>\qkcW.exe
- <Current directory>\HUou.ico
- %TEMP%\WcQcYYYA.bat
- <Current directory>\VUIw.exe
- C:\RCX8.tmp
- <Current directory>\Qcwg.ico
- <Current directory>\AYYk.exe
- C:\RCX7.tmp
- %TEMP%\byEAIcoY.bat
- %TEMP%\SSMYAgkU.bat
- %TEMP%\smYUoYsk.bat
- %TEMP%\huwUAUgw.bat
- %TEMP%\suEoEocY.bat
- %TEMP%\pEsQAIoQ.bat
- %TEMP%\EAEgcIgQ.bat
- %TEMP%\ikAQsIAw.bat
- %TEMP%\BKEwksgs.bat
- %TEMP%\uqoAwcAE.bat
- %TEMP%\JMwMoEEc.bat
- %TEMP%\OWQccIwY.bat
- <Current directory>\<Virus name>
- %TEMP%\aiYsIEgY.bat
- %TEMP%\GqcIUAoU.bat
- %TEMP%\xkssgMoc.bat
- %TEMP%\FYYEIEYE.bat
- %TEMP%\oaAcgAQc.bat
- %TEMP%\file.vbs
- %TEMP%\geQooccI.bat
- %TEMP%\aGkUYIos.bat
- %TEMP%\yAEUMIUI.bat
- %TEMP%\RcUkAwQA.bat
- %TEMP%\woAUwsQY.bat
- %TEMP%\mWMUsEQA.bat
- %TEMP%\qesYgQkU.bat
- %TEMP%\DusIowwo.bat
- %TEMP%\xckQowoI.bat
- %TEMP%\IgYgEMcE.bat
- %TEMP%\OQAoosAM.bat
- %TEMP%\MWwYMYUw.bat
- %TEMP%\ocskcIkk.bat
- %TEMP%\mcoUEkIE.bat
- %TEMP%\LyEEsAUU.bat
- %TEMP%\JikMoIAY.bat
- %TEMP%\wQswkEYw.bat
- %TEMP%\XWQkgUIM.bat
- %TEMP%\ucAMYUQI.bat
- %TEMP%\NaMoQsco.bat
- <Current directory>\FYQy.exe
- C:\RCX1B.tmp
- %TEMP%\VeUcMgwE.bat
- <Current directory>\QgAm.exe
- %TEMP%\mcskMYoU.bat
- <Current directory>\tEci.ico
- %TEMP%\oUUwscwY.bat
- <Current directory>\eAkm.ico
- C:\RCX1C.tmp
- <Current directory>\YkAq.ico
- <Current directory>\fcIk.exe
- C:\RCX19.tmp
- %TEMP%\XuwEQwYA.bat
- <Current directory>\ZkAQ.exe
- C:\RCX18.tmp
- <Current directory>\sokm.ico
- <Current directory>\Kwci.exe
- C:\RCX1A.tmp
- <Current directory>\xIwg.ico
- %TEMP%\VgwskQcA.bat
- %TEMP%\hcMUgIgw.bat
- %TEMP%\zEwcAUgA.bat
- <Current directory>\eEcm.ico
- C:\RCX20.tmp
- <Current directory>\uMcG.ico
- <Current directory>\zoUy.exe
- <Current directory>\WcgK.ico
- <Current directory>\TMgg.exe
- %TEMP%\vAYMwAUc.bat
- <Current directory>\Iowk.exe
- C:\RCX21.tmp
- <Current directory>\TgAY.exe
- C:\RCX1E.tmp
- <Current directory>\nUcU.ico
- <Current directory>\IMkM.exe
- C:\RCX1D.tmp
- %TEMP%\ogswMswM.bat
- %TEMP%\TWUIwQcs.bat
- C:\RCX1F.tmp
- <Current directory>\NogG.ico
- <Current directory>\LwkQ.exe
- <Current directory>\Iwsk.exe
- C:\RCX10.tmp
- <Current directory>\Jwcw.ico
- <Current directory>\Fkca.exe
- C:\RCXF.tmp
- <Current directory>\wUMG.ico
- <Current directory>\zUEq.exe
- C:\RCX11.tmp
- <Current directory>\ocYm.ico
- <Current directory>\iwou.exe
- <Current directory>\NMUI.ico
- <Current directory>\bIgq.exe
- %TEMP%\LgkAMUkw.bat
- %TEMP%\BYMoYcgU.bat
- C:\RCXC.tmp
- C:\RCXE.tmp
- <Current directory>\fMQm.ico
- <Current directory>\uwgs.exe
- C:\RCXD.tmp
- <Current directory>\cYIG.ico
- <Current directory>\coUQ.exe
- C:\RCX16.tmp
- <Current directory>\dYQo.ico
- %TEMP%\EWsAQIAQ.bat
- C:\RCX15.tmp
- <Current directory>\bIAq.ico
- <Current directory>\Isog.exe
- C:\RCX17.tmp
- <Current directory>\zcYO.ico
- <Current directory>\Oowy.exe
- C:\RCX13.tmp
- <Current directory>\cQIs.ico
- <Current directory>\HIoi.exe
- C:\RCX12.tmp
- <Current directory>\UYEQ.ico
- <Current directory>\kIMU.ico
- <Current directory>\eokI.exe
- C:\RCX14.tmp
- %TEMP%\oCkkYQAg.bat
- <Current directory>\XQsU.exe
- %ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe
- %HOMEPATH%\fCkYUMIQ\pUccUkoM.exe
- <Current directory>\aAMo.exe
- <Current directory>\fMAo.ico
- %TEMP%\TGscIUMs.bat
- <Current directory>\fwMw.ico
- <Current directory>\XwMO.exe
- <Current directory>\AMkg.ico
- <Current directory>\GgMi.ico
- <Current directory>\LYsU.exe
- <Current directory>\BsoQ.ico
- <Current directory>\qcEu.exe
- <Current directory>\Wkwa.ico
- <Current directory>\AcUq.exe
- %TEMP%\ieYMAIkA.bat
- %TEMP%\cUkYIksg.bat
- <Current directory>\kYgm.ico
- %TEMP%\FUkIIkUk.bat
- %TEMP%\QSgosMAE.bat
- %TEMP%\rMgsAoYQ.bat
- %TEMP%\fKQcgkQo.bat
- <Current directory>\PAkq.ico
- <Current directory>\dgsA.exe
- <Current directory>\dgAM.exe
- <Current directory>\fIwe.ico
- <Current directory>\Tgoe.exe
- <Current directory>\FkIM.exe
- <Current directory>\jgwy.exe
- %TEMP%\juYwMkMo.bat
- <Current directory>\uUcG.ico
- <Current directory>\cYEA.ico
- <Current directory>\sQQk.exe
- <Current directory>\bEoK.ico
- <Current directory>\rcgK.ico
- <Current directory>\lEAY.exe
- <Current directory>\LQIu.ico
- <Current directory>\QYMS.exe
- <Current directory>\PwQs.ico
- <Current directory>\oEoc.exe
- <Current directory>\ikkG.ico
- <Current directory>\EkgS.exe
- <Current directory>\MQko.ico
- %TEMP%\HyMUAsIE.bat
- <Current directory>\Kgse.ico
- <Current directory>\bswG.exe
- %TEMP%\QGMIgUcQ.bat
- <Current directory>\sAYK.ico
- <Current directory>\XMks.exe
- <Current directory>\WwgE.exe
- <Current directory>\EYga.ico
- <Current directory>\LMQw.exe
- %TEMP%\gEsUYsUk.bat
- <Current directory>\TQgU.exe
- %TEMP%\xkAIgoIE.bat
- <Current directory>\HUoO.ico
- <Current directory>\roIW.ico
- <Current directory>\issQ.exe
- <Current directory>\lIQK.ico
- <Current directory>\BIgC.ico
- <Current directory>\pEEK.exe
- <Current directory>\owsu.ico
- <Current directory>\XEIG.exe
- <Current directory>\bUgg.ico
- <Current directory>\Pwsk.exe
- <Current directory>\kIAo.ico
- <Current directory>\KMwI.exe
- %TEMP%\VoYkUYwA.bat
- <Current directory>\xYUy.exe
- <Current directory>\ewsu.ico
- <Current directory>\Rggw.exe
- <Current directory>\bMIo.exe
- <Current directory>\IMMQ.ico
- <Current directory>\xIIs.exe
- <Current directory>\uUcY.ico
- <Current directory>\xQgm.exe
- <Current directory>\mUQq.ico
- <Current directory>\UgAU.exe
- <Current directory>\Ksgm.exe
- <Current directory>\Ucog.ico
- <Current directory>\bUAy.exe
- <Current directory>\looG.ico
- <Current directory>\QEYu.exe
- <Current directory>\IgoG.ico
- <Current directory>\pwEM.ico
- <Current directory>\wUEm.exe
- %TEMP%\iKEYUoos.bat
- %TEMP%\MssYUkgQ.bat
- <Current directory>\IskS.ico
- <Current directory>\bcYM.exe
- <Current directory>\esQe.exe
- <Current directory>\osMy.ico
- <Current directory>\jMwG.exe
- %TEMP%\pEwooUkw.bat
- %TEMP%\DUYwogoE.bat
- <Current directory>\wwMY.ico
- <Current directory>\hsQG.ico
- <Current directory>\ZAwk.exe
- %TEMP%\dcUgocIg.bat
- <Current directory>\ecAu.ico
- <Current directory>\Cokq.exe
- %TEMP%\KwMoUMoQ.bat
- <Current directory>\AYYk.exe
- <Current directory>\HUou.ico
- <Current directory>\qkcW.exe
- %TEMP%\WcQcYYYA.bat
- <Current directory>\VUIw.exe
- <Current directory>\lQkG.ico
- <Current directory>\tose.exe
- <Current directory>\QEEi.ico
- <Current directory>\ZkkC.exe
- <Current directory>\hsIO.ico
- <Current directory>\ToYk.exe
- <Current directory>\Vgwc.ico
- <Current directory>\RAwE.ico
- <Current directory>\FYQy.exe
- <Current directory>\kYss.ico
- <Current directory>\uwgs.exe
- <Current directory>\NMUI.ico
- <Current directory>\bIgq.exe
- <Current directory>\OkYG.ico
- <Current directory>\GgUa.exe
- <Current directory>\Qcwg.ico
- <Current directory>\YoIu.exe
- <Current directory>\yQwg.ico
- <Current directory>\ucAO.exe
- %TEMP%\rCosQkYs.bat
- %TEMP%\EAEgcIgQ.bat
- %TEMP%\ikAQsIAw.bat
- %TEMP%\BKEwksgs.bat
- %TEMP%\MWwYMYUw.bat
- %TEMP%\OQAoosAM.bat
- %TEMP%\mcoUEkIE.bat
- %TEMP%\FYYEIEYE.bat
- %TEMP%\OWQccIwY.bat
- %TEMP%\aiYsIEgY.bat
- %TEMP%\byEAIcoY.bat
- %TEMP%\suEoEocY.bat
- %TEMP%\xkssgMoc.bat
- <Current directory>\xAMq.exe
- %TEMP%\XCcEsMko.bat
- %TEMP%\qesYgQkU.bat
- <Current directory>\QsoI.ico
- <Current directory>\EQYq.exe
- <Current directory>\LUwS.ico
- %TEMP%\woAUwsQY.bat
- %TEMP%\wQswkEYw.bat
- %TEMP%\XWQkgUIM.bat
- %TEMP%\IgYgEMcE.bat
- %TEMP%\xckQowoI.bat
- %TEMP%\geQooccI.bat
- <Current directory>\cYIG.ico
- <Current directory>\IMkM.exe
- <Current directory>\YkAq.ico
- <Current directory>\fcIk.exe
- <Current directory>\TgAY.exe
- %TEMP%\oUUwscwY.bat
- <Current directory>\eAkm.ico
- <Current directory>\xIwg.ico
- <Current directory>\Kwci.exe
- %TEMP%\VgwskQcA.bat
- <Current directory>\tEci.ico
- <Current directory>\QgAm.exe
- %TEMP%\mcskMYoU.bat
- <Current directory>\TMgg.exe
- <Current directory>\eEcm.ico
- <Current directory>\Iowk.exe
- <Current directory>\UgYe.exe
- %TEMP%\vAYMwAUc.bat
- <Current directory>\WcgK.ico
- <Current directory>\NogG.ico
- <Current directory>\LwkQ.exe
- <Current directory>\nUcU.ico
- <Current directory>\uMcG.ico
- <Current directory>\zoUy.exe
- %TEMP%\TWUIwQcs.bat
- <Current directory>\sokm.ico
- <Current directory>\wUMG.ico
- <Current directory>\zUEq.exe
- <Current directory>\ocYm.ico
- <Current directory>\XQsU.exe
- <Current directory>\UYEQ.ico
- <Current directory>\HIoi.exe
- %TEMP%\LgkAMUkw.bat
- <Current directory>\fMQm.ico
- <Current directory>\Fkca.exe
- <Current directory>\iwou.exe
- <Current directory>\Jwcw.ico
- <Current directory>\Iwsk.exe
- %TEMP%\BYMoYcgU.bat
- <Current directory>\zcYO.ico
- <Current directory>\Oowy.exe
- <Current directory>\ZkAQ.exe
- <Current directory>\bIAq.ico
- <Current directory>\Isog.exe
- <Current directory>\kIMU.ico
- <Current directory>\eokI.exe
- <Current directory>\cQIs.ico
- %TEMP%\EWsAQIAQ.bat
- <Current directory>\dYQo.ico
- <Current directory>\coUQ.exe
- from C:\RCX32.tmp to <Current directory>\aAMo.exe
- from C:\RCX33.tmp to <Current directory>\XwMO.exe
- from C:\RCX30.tmp to <Current directory>\AcUq.exe
- from C:\RCX31.tmp to <Current directory>\qcEu.exe
- from C:\RCX34.tmp to <Current directory>\dgsA.exe
- from C:\RCX38.tmp to <Current directory>\wUEm.exe
- from C:\RCX39.tmp to <Current directory>\bcYM.exe
- from C:\RCX35.tmp to <Current directory>\Tgoe.exe
- from C:\RCX36.tmp to <Current directory>\dgAM.exe
- from C:\RCX29.tmp to <Current directory>\XMks.exe
- from C:\RCX2A.tmp to <Current directory>\LMQw.exe
- from C:\RCX27.tmp to <Current directory>\jgwy.exe
- from C:\RCX28.tmp to <Current directory>\sQQk.exe
- from C:\RCX2B.tmp to <Current directory>\WwgE.exe
- from C:\RCX2E.tmp to <Current directory>\FkIM.exe
- from C:\RCX2F.tmp to <Current directory>\LYsU.exe
- from C:\RCX2C.tmp to <Current directory>\EkgS.exe
- from C:\RCX2D.tmp to <Current directory>\bswG.exe
- from C:\RCX3A.tmp to <Current directory>\bUAy.exe
- from C:\RCX46.tmp to <Current directory>\issQ.exe
- from C:\RCX47.tmp to <Current directory>\xIIs.exe
- from C:\RCX44.tmp to <Current directory>\XEIG.exe
- from C:\RCX45.tmp to <Current directory>\TQgU.exe
- from C:\RCX48.tmp to <Current directory>\bMIo.exe
- from C:\RCX4B.tmp to <Current directory>\Rggw.exe
- from C:\RCX4C.tmp to <Current directory>\xYUy.exe
- from C:\RCX49.tmp to <Current directory>\xQgm.exe
- from C:\RCX4A.tmp to <Current directory>\KMwI.exe
- from C:\RCX3D.tmp to <Current directory>\ZAwk.exe
- from C:\RCX3E.tmp to <Current directory>\Cokq.exe
- from C:\RCX3B.tmp to <Current directory>\Ksgm.exe
- from C:\RCX3C.tmp to <Current directory>\QEYu.exe
- from C:\RCX3F.tmp to <Current directory>\jMwG.exe
- from C:\RCX42.tmp to <Current directory>\pEEK.exe
- from C:\RCX43.tmp to <Current directory>\Pwsk.exe
- from C:\RCX40.tmp to <Current directory>\esQe.exe
- from C:\RCX41.tmp to <Current directory>\UgAU.exe
- from C:\RCX26.tmp to <Current directory>\QYMS.exe
- from C:\RCXC.tmp to <Current directory>\FYQy.exe
- from C:\RCXD.tmp to <Current directory>\bIgq.exe
- from C:\RCXA.tmp to <Current directory>\ucAO.exe
- from C:\RCXB.tmp to <Current directory>\YoIu.exe
- from C:\RCXE.tmp to <Current directory>\uwgs.exe
- from C:\RCX11.tmp to <Current directory>\iwou.exe
- from C:\RCX12.tmp to <Current directory>\zUEq.exe
- from C:\RCXF.tmp to <Current directory>\Fkca.exe
- from C:\RCX10.tmp to <Current directory>\Iwsk.exe
- from C:\RCX3.tmp to <Current directory>\ZkkC.exe
- from C:\RCX4.tmp to <Current directory>\tose.exe
- from C:\RCX1.tmp to <Current directory>\xAMq.exe
- from C:\RCX2.tmp to <Current directory>\EQYq.exe
- from C:\RCX5.tmp to <Current directory>\ToYk.exe
- from C:\RCX8.tmp to <Current directory>\VUIw.exe
- from C:\RCX9.tmp to <Current directory>\GgUa.exe
- from C:\RCX6.tmp to <Current directory>\qkcW.exe
- from C:\RCX7.tmp to <Current directory>\AYYk.exe
- from C:\RCX13.tmp to <Current directory>\HIoi.exe
- from C:\RCX1F.tmp to <Current directory>\LwkQ.exe
- from C:\RCX20.tmp to <Current directory>\zoUy.exe
- from C:\RCX1D.tmp to <Current directory>\IMkM.exe
- from C:\RCX1E.tmp to <Current directory>\TgAY.exe
- from C:\RCX21.tmp to <Current directory>\Iowk.exe
- from C:\RCX24.tmp to <Current directory>\lEAY.exe
- from C:\RCX25.tmp to <Current directory>\oEoc.exe
- from C:\RCX22.tmp to <Current directory>\TMgg.exe
- from C:\RCX23.tmp to <Current directory>\UgYe.exe
- from C:\RCX16.tmp to <Current directory>\coUQ.exe
- from C:\RCX17.tmp to <Current directory>\Oowy.exe
- from C:\RCX14.tmp to <Current directory>\XQsU.exe
- from C:\RCX15.tmp to <Current directory>\eokI.exe
- from C:\RCX18.tmp to <Current directory>\Isog.exe
- from C:\RCX1B.tmp to <Current directory>\QgAm.exe
- from C:\RCX1C.tmp to <Current directory>\fcIk.exe
- from C:\RCX19.tmp to <Current directory>\ZkAQ.exe
- from C:\RCX1A.tmp to <Current directory>\Kwci.exe
- '20#.#19.204.12':666
- '19#.#86.45.170':666
- '74.##5.232.51':80
- '20#.#7.164.69':666
- '20#.#7.164.69':9999
- '20#.#19.204.12':9999
- '19#.#86.45.170':9999
- 74.##5.232.51/
- DNS ASK google.com
- ClassName: 'Indicator' WindowName: ''