Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aeEkEEcE.exe' = '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\FkYQcQph] 'Start' = '00000002'
- '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- '%ALLUSERSPROFILE%\lwQggIEM\nwAEcgMA.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- C:\RCX15.tmp
- <Current directory>\fqkw.ico
- <Current directory>\osAi.exe
- C:\RCX14.tmp
- <Current directory>\DoUo.ico
- <Current directory>\fcQC.exe
- C:\RCX17.tmp
- <Current directory>\jQMQ.ico
- <Current directory>\xsgg.exe
- C:\RCX16.tmp
- <Current directory>\rkQU.ico
- <Current directory>\dcgy.exe
- C:\RCX11.tmp
- <Current directory>\awoo.ico
- <Current directory>\yYoc.exe
- C:\RCX10.tmp
- <Current directory>\OWcE.ico
- <Current directory>\pcEE.exe
- C:\RCX13.tmp
- <Current directory>\dgwk.ico
- <Current directory>\hswU.exe
- C:\RCX12.tmp
- <Current directory>\CUIc.ico
- <Current directory>\WwMM.exe
- C:\RCX18.tmp
- <Current directory>\MSUI.ico
- <Current directory>\NwQQ.exe
- C:\RCX1E.tmp
- <Current directory>\tYMY.ico
- <Current directory>\mAwA.exe
- C:\RCX1D.tmp
- <Current directory>\pcgM.ico
- <Current directory>\NIYQ.exe
- C:\RCX20.tmp
- <Current directory>\pKMY.ico
- <Current directory>\dgsU.exe
- C:\RCX1F.tmp
- <Current directory>\FeAU.ico
- <Current directory>\AMIY.exe
- C:\RCX1A.tmp
- <Current directory>\zsUU.ico
- <Current directory>\CsIS.exe
- C:\RCX19.tmp
- <Current directory>\AaUE.ico
- <Current directory>\qoYq.exe
- C:\RCX1C.tmp
- <Current directory>\egYs.ico
- <Current directory>\PUYs.exe
- C:\RCX1B.tmp
- <Current directory>\PwYQ.exe
- <Current directory>\SokU.ico
- <Current directory>\Rwcw.exe
- C:\RCX5.tmp
- <Current directory>\vwYg.ico
- <Current directory>\DMEo.exe
- C:\RCX4.tmp
- <Current directory>\RmIE.ico
- <Current directory>\SoUu.exe
- C:\RCX7.tmp
- <Current directory>\EQEM.ico
- <Current directory>\FcIS.exe
- C:\RCX6.tmp
- <Current directory>\hgsq.exe
- C:\RCX1.tmp
- %ALLUSERSPROFILE%\casg.txt
- %ALLUSERSPROFILE%\lwQggIEM\nwAEcgMA.exe
- <Current directory>\QwII.ico
- <Current directory>\ryEc.ico
- <Current directory>\WkAc.exe
- C:\RCX3.tmp
- <Current directory>\pSMA.ico
- <Current directory>\vgUs.exe
- C:\RCX2.tmp
- <Current directory>\wyAY.ico
- <Current directory>\aIcE.exe
- C:\RCXD.tmp
- <Current directory>\WCkI.ico
- <Current directory>\pcse.exe
- C:\RCXC.tmp
- <Current directory>\zMwo.ico
- <Current directory>\gUok.exe
- C:\RCXF.tmp
- <Current directory>\pEAg.ico
- <Current directory>\gQgS.exe
- C:\RCXE.tmp
- <Current directory>\XUwg.ico
- <Current directory>\lAos.exe
- C:\RCX9.tmp
- <Current directory>\kYgc.ico
- <Current directory>\TsYe.exe
- C:\RCX8.tmp
- <Current directory>\EyAY.ico
- <Current directory>\bEws.exe
- C:\RCXB.tmp
- <Current directory>\qCEs.ico
- <Current directory>\FcYy.exe
- C:\RCXA.tmp
- <Current directory>\pIQs.ico
- %ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe
- %ALLUSERSPROFILE%\lwQggIEM\nwAEcgMA.exe
- <Current directory>\DoUo.ico
- <Current directory>\fcQC.exe
- <Current directory>\dgwk.ico
- <Current directory>\osAi.exe
- <Current directory>\rkQU.ico
- <Current directory>\dcgy.exe
- <Current directory>\fqkw.ico
- <Current directory>\hswU.exe
- <Current directory>\OWcE.ico
- <Current directory>\pcEE.exe
- <Current directory>\pEAg.ico
- <Current directory>\yYoc.exe
- <Current directory>\CUIc.ico
- <Current directory>\WwMM.exe
- <Current directory>\awoo.ico
- <Current directory>\xsgg.exe
- <Current directory>\tYMY.ico
- <Current directory>\mAwA.exe
- <Current directory>\AaUE.ico
- <Current directory>\NwQQ.exe
- <Current directory>\pKMY.ico
- <Current directory>\dgsU.exe
- <Current directory>\MSUI.ico
- <Current directory>\qoYq.exe
- <Current directory>\zsUU.ico
- <Current directory>\CsIS.exe
- <Current directory>\jQMQ.ico
- <Current directory>\AMIY.exe
- <Current directory>\egYs.ico
- <Current directory>\PUYs.exe
- <Current directory>\FeAU.ico
- <Current directory>\FcIS.exe
- <Current directory>\SokU.ico
- <Current directory>\Rwcw.exe
- <Current directory>\EQEM.ico
- <Current directory>\TsYe.exe
- <Current directory>\RmIE.ico
- <Current directory>\SoUu.exe
- <Current directory>\vwYg.ico
- <Current directory>\vgUs.exe
- <Current directory>\QwII.ico
- <Current directory>\hgsq.exe
- <Current directory>\pSMA.ico
- <Current directory>\DMEo.exe
- <Current directory>\ryEc.ico
- <Current directory>\WkAc.exe
- <Current directory>\wyAY.ico
- <Current directory>\gQgS.exe
- <Current directory>\zMwo.ico
- <Current directory>\aIcE.exe
- <Current directory>\WCkI.ico
- <Current directory>\PwYQ.exe
- <Current directory>\XUwg.ico
- <Current directory>\gUok.exe
- <Current directory>\qCEs.ico
- <Current directory>\FcYy.exe
- <Current directory>\EyAY.ico
- <Current directory>\lAos.exe
- <Current directory>\kYgc.ico
- <Current directory>\pcse.exe
- <Current directory>\pIQs.ico
- <Current directory>\bEws.exe
- from C:\RCX15.tmp to <Current directory>\fcQC.exe
- from C:\RCX16.tmp to <Current directory>\osAi.exe
- from C:\RCX17.tmp to <Current directory>\dcgy.exe
- from C:\RCX14.tmp to <Current directory>\hswU.exe
- from C:\RCX11.tmp to <Current directory>\pcEE.exe
- from C:\RCX12.tmp to <Current directory>\yYoc.exe
- from C:\RCX13.tmp to <Current directory>\WwMM.exe
- from C:\RCX18.tmp to <Current directory>\xsgg.exe
- from C:\RCX1D.tmp to <Current directory>\mAwA.exe
- from C:\RCX1E.tmp to <Current directory>\NwQQ.exe
- from C:\RCX1F.tmp to <Current directory>\dgsU.exe
- from C:\RCX1C.tmp to <Current directory>\qoYq.exe
- from C:\RCX19.tmp to <Current directory>\CsIS.exe
- from C:\RCX1A.tmp to <Current directory>\AMIY.exe
- from C:\RCX1B.tmp to <Current directory>\PUYs.exe
- from C:\RCX10.tmp to <Current directory>\PwYQ.exe
- from C:\RCX5.tmp to <Current directory>\Rwcw.exe
- from C:\RCX6.tmp to <Current directory>\FcIS.exe
- from C:\RCX7.tmp to <Current directory>\SoUu.exe
- from C:\RCX4.tmp to <Current directory>\DMEo.exe
- from C:\RCX1.tmp to <Current directory>\hgsq.exe
- from C:\RCX2.tmp to <Current directory>\vgUs.exe
- from C:\RCX3.tmp to <Current directory>\WkAc.exe
- from C:\RCX8.tmp to <Current directory>\TsYe.exe
- from C:\RCXD.tmp to <Current directory>\aIcE.exe
- from C:\RCXE.tmp to <Current directory>\gQgS.exe
- from C:\RCXF.tmp to <Current directory>\gUok.exe
- from C:\RCXC.tmp to <Current directory>\pcse.exe
- from C:\RCX9.tmp to <Current directory>\lAos.exe
- from C:\RCXA.tmp to <Current directory>\FcYy.exe
- from C:\RCXB.tmp to <Current directory>\bEws.exe
- '19#.#86.45.170':9999
- '74.##5.232.51':80
- '20#.#7.164.69':9999
- '20#.#19.204.12':9999
- 74.##5.232.51/
- DNS ASK google.com
- ClassName: '' WindowName: 'aeEkEEcE.exe'
- ClassName: '' WindowName: 'pUccUkoM.exe'