Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\wbem\wmiprvse.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cscript.exe' 0x9fc cscript.exe
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\IYAcoIQY.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cscript.exe' 0xb34 <Virus name>.exe
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\reg.exe' /pid=0x264 /log
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\AYUQQUUU.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' /pid=0xad4 /log
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\gcYYcsYI.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\yYwwUUkA.bat" "<Full path to virus>""
- C:\RCXDA00.tmp
- <Current directory>\bkwU.ico
- <Current directory>\rscY.exe
- C:\RCXD899.tmp
- <Current directory>\pYwU.ico
- <Current directory>\kQsY.exe
- C:\RCXDB97.tmp
- <Current directory>\GqYA.ico
- <Current directory>\TcYg.exe
- C:\RCXDFCD.tmp
- <Current directory>\daoA.ico
- <Current directory>\Fkou.exe
- C:\RCXDCEF.tmp
- C:\RCXD0AA.tmp
- <Current directory>\GwYQ.ico
- %TEMP%\DUgMcMUY.bat
- %TEMP%\MAAMUogM.bat
- <Current directory>\mOgY.ico
- <Current directory>\HMUy.exe
- <Current directory>\uQEI.exe
- C:\RCXD492.tmp
- <Current directory>\oaQU.ico
- <Current directory>\pYgq.exe
- C:\RCXD2DC.tmp
- <Current directory>\vqIY.ico
- <Current directory>\doAA.exe
- <Current directory>\yEMY.ico
- <Current directory>\mUIE.ico
- <Current directory>\xQAg.exe
- C:\RCXE7FE.tmp
- <Current directory>\AWkY.ico
- <Current directory>\tkks.exe
- C:\RCXE6C5.tmp
- <Current directory>\xosQ.ico
- <Current directory>\tUcu.exe
- C:\RCXEAAE.tmp
- <Current directory>\vKAE.ico
- <Current directory>\wgwW.exe
- C:\RCXE956.tmp
- <Current directory>\FuQI.ico
- %TEMP%\PQUwAsgs.bat
- <Current directory>\hAkK.exe
- C:\RCXE24F.tmp
- <Current directory>\egwO.exe
- C:\RCXE0D8.tmp
- <Current directory>\mCIs.ico
- %TEMP%\kakkAscU.bat
- <Current directory>\RMwI.ico
- <Current directory>\LsQM.exe
- C:\RCXE55D.tmp
- <Current directory>\iEMA.ico
- <Current directory>\gQQg.exe
- C:\RCXE3D6.tmp
- C:\RCXCE58.tmp
- <Current directory>\vgIg.ico
- <Current directory>\NccW.exe
- C:\RCXBA21.tmp
- <Current directory>\PyAU.ico
- <Current directory>\gUAC.exe
- C:\RCXB946.tmp
- <Current directory>\pyUs.ico
- <Current directory>\maAE.ico
- <Current directory>\bkMw.exe
- C:\RCXBD1F.tmp
- <Current directory>\Rowc.exe
- %TEMP%\XMggsYQc.bat
- C:\RCXBB2B.tmp
- C:\RCXAF53.tmp
- <Current directory>\DgUU.ico
- <Current directory>\lMwQ.exe
- C:\RCXAC07.tmp
- <Current directory>\qAYQ.ico
- <Current directory>\wcsk.exe
- C:\RCXB202.tmp
- <Current directory>\auos.ico
- <Current directory>\wMoK.exe
- C:\RCXB87A.tmp
- <Current directory>\NCUg.ico
- <Current directory>\eoUW.exe
- C:\RCXB3B8.tmp
- %TEMP%\mIMkAIYA.bat
- <Current directory>\xkQU.exe
- C:\RCXCA11.tmp
- <Current directory>\JyAY.ico
- <Current directory>\HUgm.exe
- C:\RCXC916.tmp
- <Current directory>\UqIo.ico
- <Current directory>\IUEC.exe
- C:\RCXCD0F.tmp
- <Current directory>\WmAk.ico
- <Current directory>\RYYC.exe
- C:\RCXCB4A.tmp
- <Current directory>\hwkM.ico
- <Current directory>\qYYE.exe
- <Current directory>\iQAo.ico
- <Current directory>\nsIS.exe
- C:\RCXC211.tmp
- <Current directory>\dMMA.ico
- <Current directory>\mgQg.exe
- C:\RCXBFCF.tmp
- <Current directory>\nsgg.ico
- <Current directory>\Kgcq.exe
- C:\RCXC83B.tmp
- <Current directory>\QAkE.ico
- <Current directory>\uwMQ.exe
- C:\RCXC57C.tmp
- <Current directory>\AsUw.ico
- <Current directory>\ysEc.exe
- C:\RCX10DB.tmp
- <Current directory>\wOwQ.ico
- <Current directory>\wEgc.exe
- C:\RCXFD1.tmp
- <Current directory>\piIE.ico
- <Current directory>\LoAS.exe
- C:\RCX1437.tmp
- <Current directory>\DKIY.ico
- <Current directory>\Koow.exe
- C:\RCX12FE.tmp
- <Current directory>\vMEw.ico
- <Current directory>\OYQK.exe
- <Current directory>\vIgk.ico
- <Current directory>\VgEa.exe
- C:\RCXACF.tmp
- <Current directory>\HmEU.ico
- <Current directory>\qcwK.exe
- C:\RCX87D.tmp
- <Current directory>\oYIg.ico
- <Current directory>\lkca.exe
- C:\RCXEB7.tmp
- <Current directory>\UuQE.ico
- <Current directory>\AUQW.exe
- C:\RCXD40.tmp
- <Current directory>\EYIw.ico
- C:\RCX1503.tmp
- C:\RCX1CD5.tmp
- <Current directory>\mIIQ.ico
- <Current directory>\xMQA.exe
- C:\RCX1B7D.tmp
- <Current directory>\vOYY.ico
- <Current directory>\gccQ.exe
- C:\RCX1E5C.tmp
- <Current directory>\mEcI.ico
- <Current directory>\ocgi.exe
- C:\RCX233E.tmp
- <Current directory>\bGoo.ico
- <Current directory>\CkIm.exe
- C:\RCX2159.tmp
- <Current directory>\VcMg.ico
- <Current directory>\uwoa.exe
- C:\RCX1756.tmp
- <Current directory>\lyII.ico
- <Current directory>\FAwU.exe
- C:\RCX167A.tmp
- %TEMP%\FGcoIswU.bat
- %TEMP%\DOMsoIos.bat
- <Current directory>\qSYA.ico
- <Current directory>\Acwk.exe
- <Current directory>\Mmoo.ico
- <Current directory>\ZMkY.exe
- C:\RCX18AE.tmp
- C:\RCX754.tmp
- <Current directory>\PgMc.exe
- C:\RCXF3D8.tmp
- %TEMP%\KwMwAUQk.bat
- C:\RCXF242.tmp
- %TEMP%\HCkAscwo.bat
- <Current directory>\NuQA.ico
- <Current directory>\ViEQ.ico
- <Current directory>\vIws.exe
- C:\RCXFA31.tmp
- <Current directory>\wYAw.ico
- <Current directory>\ugYa.exe
- C:\RCXF955.tmp
- <Current directory>\uaAM.ico
- <Current directory>\CkgK.exe
- C:\RCXED20.tmp
- <Current directory>\LkgI.ico
- <Current directory>\Eggo.exe
- C:\RCXEC26.tmp
- <Current directory>\iyUs.ico
- <Current directory>\xEsa.exe
- C:\RCXF04D.tmp
- <Current directory>\IQQA.ico
- <Current directory>\mcYi.exe
- C:\RCXEF05.tmp
- <Current directory>\lwAw.ico
- <Current directory>\eIIS.exe
- <Current directory>\TEYu.exe
- <Current directory>\lqkU.ico
- <Current directory>\PwEc.exe
- C:\RCX436.tmp
- <Current directory>\MQcg.ico
- <Current directory>\wkMC.exe
- C:\RCX232.tmp
- %TEMP%\EUowAYsI.bat
- %TEMP%\jwwUIAYE.bat
- <Current directory>\fesM.ico
- <Current directory>\wMQk.exe
- <Current directory>\eWQo.ico
- <Current directory>\sIgu.exe
- C:\RCX56F.tmp
- C:\RCXFD6D.tmp
- <Current directory>\SQIo.ico
- <Current directory>\wAUA.exe
- C:\RCXFBD7.tmp
- <Current directory>\jCkM.ico
- <Current directory>\YYIk.exe
- C:\RCXFE2A.tmp
- <Current directory>\Agks.ico
- <Current directory>\MAwU.exe
- C:\RCXCA.tmp
- <Current directory>\WWsQ.ico
- <Current directory>\mQQC.exe
- C:\RCXFF63.tmp
- %TEMP%\IYAcoIQY.bat
- C:\RCX3A45.tmp
- <Current directory>\tuYY.ico
- <Current directory>\sIcy.exe
- C:\RCX38BE.tmp
- <Current directory>\ZOkA.ico
- <Current directory>\qsAa.exe
- C:\RCX3B20.tmp
- <Current directory>\feYo.ico
- <Current directory>\BEIW.exe
- C:\RCX43BA.tmp
- <Current directory>\cwgg.ico
- <Current directory>\Hcww.exe
- C:\RCX3DDF.tmp
- <Current directory>\cYkA.exe
- C:\RCX3236.tmp
- <Current directory>\QOMM.ico
- C:\RCX3080.tmp
- %TEMP%\NoMooAsc.bat
- <Current directory>\SacA.ico
- <Current directory>\LMkq.exe
- C:\RCX3727.tmp
- <Current directory>\gYQc.ico
- <Current directory>\wMAs.exe
- C:\RCX35B0.tmp
- <Current directory>\lEsI.ico
- <Current directory>\kUIg.exe
- %TEMP%\oSEgsswI.bat
- <Current directory>\QYkg.ico
- <Current directory>\qsUM.exe
- C:\RCX5166.tmp
- <Current directory>\sekU.ico
- <Current directory>\fwsc.exe
- C:\RCX4FC0.tmp
- <Current directory>\FuIQ.ico
- <Current directory>\ncAA.exe
- C:\RCX5493.tmp
- <Current directory>\hwkw.ico
- <Current directory>\QQoA.exe
- C:\RCX5280.tmp
- <Current directory>\XaEg.ico
- %TEMP%\SiAowAIc.bat
- <Current directory>\TGEg.ico
- <Current directory>\wEkY.exe
- <Current directory>\rCso.ico
- <Current directory>\XUIC.exe
- C:\RCX4715.tmp
- C:\RCX48CB.tmp
- <Current directory>\bogs.ico
- <Current directory>\Gwok.exe
- C:\RCX4BAA.tmp
- <Current directory>\EwEQ.ico
- <Current directory>\pYAK.exe
- C:\RCX49B6.tmp
- <Current directory>\SkIA.exe
- C:\RCXFEF9.tmp
- <Current directory>\zCEg.ico
- %TEMP%\file.vbs
- <Current directory>\lyUQ.ico
- <Current directory>\zMgE.exe
- %TEMP%\lIYEEgco.bat
- <Current directory>\nkQO.exe
- C:\RCX9B4.tmp
- <Current directory>\bcIY.ico
- <Current directory>\YUoy.exe
- C:\RCX5DC.tmp
- <Current directory>\ciUw.ico
- <Current directory>\HwEC.exe
- C:\ProgramData\kaog.txt
- <Current directory>\CMMg.ico
- <Current directory>\ZgAa.exe
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- C:\RCXF749.tmp
- %TEMP%\vSowAEcY.bat
- <Current directory>\<Virus name>
- C:\RCXFC49.tmp
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- <Current directory>\OEsM.ico
- <Current directory>\asQe.exe
- C:\RCXDBB.tmp
- <Current directory>\ZYQo.exe
- C:\RCX2BAC.tmp
- <Current directory>\beAY.ico
- <Current directory>\fIMM.exe
- C:\RCX2890.tmp
- <Current directory>\AUAM.ico
- <Current directory>\ogYM.exe
- C:\RCX2E7C.tmp
- <Current directory>\aSEs.ico
- %TEMP%\FGQscsIg.bat
- C:\RCX2D05.tmp
- <Current directory>\zAgI.ico
- <Current directory>\zQAY.exe
- <Current directory>\sgMg.ico
- <Current directory>\mcQo.exe
- C:\RCX1AA8.tmp
- <Current directory>\DUUU.ico
- <Current directory>\PEMI.exe
- C:\RCX1682.tmp
- <Current directory>\Xcso.ico
- <Current directory>\IUoe.exe
- C:\RCX2600.tmp
- <Current directory>\rWIQ.ico
- <Current directory>\lUoi.exe
- C:\RCX1E61.tmp
- <Current directory>\qWcc.ico
- <Current directory>\towq.exe
- C:\RCX92F1.tmp
- <Current directory>\TwsA.ico
- <Current directory>\UYwK.exe
- C:\RCX909F.tmp
- <Current directory>\gywg.ico
- %TEMP%\gQwsgUwM.bat
- <Current directory>\DQwC.exe
- %TEMP%\eegYYMAU.bat
- C:\RCX9727.tmp
- <Current directory>\xwcI.exe
- C:\RCX9562.tmp
- <Current directory>\FysY.ico
- <Current directory>\aSMs.ico
- <Current directory>\Nswa.exe
- C:\RCX89B9.tmp
- C:\RCX7EDF.tmp
- %TEMP%\QWsQcMYw.bat
- %TEMP%\gcYYcsYI.bat
- <Current directory>\zcsg.ico
- <Current directory>\YoIq.exe
- C:\RCX8EF9.tmp
- <Current directory>\wmAc.ico
- <Current directory>\tkke.exe
- C:\RCX8B8E.tmp
- <Current directory>\HIkU.ico
- <Current directory>\vAos.ico
- C:\RCXA3CA.tmp
- <Current directory>\pOYQ.ico
- <Current directory>\xEcg.exe
- C:\RCXA2B1.tmp
- <Current directory>\XmwQ.ico
- <Current directory>\ucYs.exe
- %TEMP%\DaIEEgYA.bat
- C:\RCXAAEE.tmp
- <Current directory>\SyMk.ico
- <Current directory>\jEgU.exe
- C:\RCXA84E.tmp
- <Current directory>\CwQo.ico
- <Current directory>\GAUY.exe
- <Current directory>\tsUA.exe
- C:\RCX9C09.tmp
- <Current directory>\HAgY.ico
- <Current directory>\socy.exe
- C:\RCX9AB1.tmp
- <Current directory>\wYoo.ico
- <Current directory>\Wckq.exe
- C:\RCXA168.tmp
- <Current directory>\iGEc.ico
- <Current directory>\uMMC.exe
- C:\RCX9F55.tmp
- <Current directory>\nQQA.ico
- <Current directory>\kkEG.exe
- <Current directory>\CwUK.exe
- <Current directory>\UOMI.ico
- <Current directory>\qcIo.exe
- C:\RCX61D3.tmp
- %TEMP%\AYUQQUUU.bat
- <Current directory>\EsIQ.exe
- C:\RCX5DDC.tmp
- <Current directory>\ZSgE.ico
- <Current directory>\YYEQ.exe
- C:\RCX658C.tmp
- <Current directory>\ZYUM.ico
- <Current directory>\kgIG.exe
- C:\RCX6398.tmp
- <Current directory>\bEEw.ico
- <Current directory>\NQkA.exe
- C:\RCX5966.tmp
- <Current directory>\aqQs.ico
- <Current directory>\gcgS.exe
- C:\RCX5669.tmp
- <Current directory>\OiIg.ico
- <Current directory>\dsou.exe
- <Current directory>\OIAO.exe
- C:\RCX5C36.tmp
- <Current directory>\VSsg.ico
- C:\RCX5B5A.tmp
- <Current directory>\JOcE.ico
- %TEMP%\QSkAIgcs.bat
- <Current directory>\vkMi.exe
- <Current directory>\TCgQ.ico
- <Current directory>\UMgU.exe
- C:\RCX7867.tmp
- <Current directory>\fEgw.ico
- <Current directory>\LAca.exe
- C:\RCX76E0.tmp
- <Current directory>\kaMQ.ico
- <Current directory>\uggq.exe
- C:\RCX7BA4.tmp
- <Current directory>\OsEU.ico
- <Current directory>\wYcy.exe
- C:\RCX7961.tmp
- <Current directory>\lCoA.ico
- C:\RCX6AAD.tmp
- <Current directory>\Pwcg.ico
- <Current directory>\oAcK.exe
- C:\RCX6974.tmp
- <Current directory>\ngEM.ico
- <Current directory>\RoQG.exe
- C:\RCX6C15.tmp
- %TEMP%\xYIgsEQE.bat
- %TEMP%\yYwwUUkA.bat
- <Auxiliary element>
- <Current directory>\yOIM.ico
- <Current directory>\kUgO.exe
- C:\RCX6D2E.tmp
- <Current directory>\bkwU.ico
- <Current directory>\rscY.exe
- <Current directory>\pYwU.ico
- <Current directory>\kQsY.exe
- <Current directory>\GqYA.ico
- <Current directory>\TcYg.exe
- <Current directory>\daoA.ico
- <Current directory>\Fkou.exe
- <Current directory>\pYgq.exe
- <Current directory>\HMUy.exe
- <Current directory>\GwYQ.ico
- %TEMP%\MAAMUogM.bat
- <Current directory>\mOgY.ico
- <Current directory>\doAA.exe
- <Current directory>\oaQU.ico
- <Current directory>\uQEI.exe
- <Current directory>\vqIY.ico
- <Current directory>\yEMY.ico
- <Current directory>\xQAg.exe
- <Current directory>\xosQ.ico
- <Current directory>\tkks.exe
- <Current directory>\mUIE.ico
- <Current directory>\tUcu.exe
- <Current directory>\vKAE.ico
- <Current directory>\wgwW.exe
- <Current directory>\FuQI.ico
- <Current directory>\AWkY.ico
- <Current directory>\mCIs.ico
- <Current directory>\hAkK.exe
- <Current directory>\egwO.exe
- %TEMP%\PQUwAsgs.bat
- <Current directory>\RMwI.ico
- <Current directory>\LsQM.exe
- <Current directory>\iEMA.ico
- <Current directory>\gQQg.exe
- <Current directory>\pyUs.ico
- <Current directory>\Rowc.exe
- <Current directory>\vgIg.ico
- <Current directory>\NccW.exe
- <Current directory>\bkMw.exe
- <Current directory>\dMMA.ico
- %TEMP%\XMggsYQc.bat
- <Current directory>\maAE.ico
- <Current directory>\gUAC.exe
- <Current directory>\lMwQ.exe
- <Current directory>\NCUg.ico
- <Current directory>\wcsk.exe
- <Current directory>\DgUU.ico
- <Current directory>\wMoK.exe
- <Current directory>\PyAU.ico
- <Current directory>\eoUW.exe
- <Current directory>\auos.ico
- <Current directory>\mgQg.exe
- <Current directory>\JyAY.ico
- <Current directory>\IUEC.exe
- <Current directory>\UqIo.ico
- <Current directory>\xkQU.exe
- <Current directory>\WmAk.ico
- <Current directory>\RYYC.exe
- <Current directory>\hwkM.ico
- <Current directory>\qYYE.exe
- <Current directory>\HUgm.exe
- <Current directory>\nsgg.ico
- <Current directory>\uwMQ.exe
- <Current directory>\iQAo.ico
- <Current directory>\nsIS.exe
- %TEMP%\IYAcoIQY.bat
- <Current directory>\QAkE.ico
- <Current directory>\AsUw.ico
- <Current directory>\Kgcq.exe
- <Current directory>\piIE.ico
- <Current directory>\ysEc.exe
- <Current directory>\UuQE.ico
- <Current directory>\wEgc.exe
- %TEMP%\jwwUIAYE.bat
- <Current directory>\vMEw.ico
- <Current directory>\wOwQ.ico
- <Current directory>\LoAS.exe
- <Current directory>\lkca.exe
- <Current directory>\qcwK.exe
- <Current directory>\vIgk.ico
- <Current directory>\wMQk.exe
- <Current directory>\HmEU.ico
- <Current directory>\AUQW.exe
- <Current directory>\EYIw.ico
- <Current directory>\VgEa.exe
- <Current directory>\oYIg.ico
- <Current directory>\OYQK.exe
- <Current directory>\vOYY.ico
- <Current directory>\gccQ.exe
- <Current directory>\qSYA.ico
- <Current directory>\Acwk.exe
- <Current directory>\bGoo.ico
- <Current directory>\CkIm.exe
- <Current directory>\mIIQ.ico
- <Current directory>\xMQA.exe
- <Current directory>\ZMkY.exe
- <Current directory>\lyII.ico
- <Current directory>\FAwU.exe
- <Current directory>\DKIY.ico
- <Current directory>\Koow.exe
- %TEMP%\FGcoIswU.bat
- <Current directory>\Mmoo.ico
- <Current directory>\VcMg.ico
- <Current directory>\uwoa.exe
- <Current directory>\PgMc.exe
- <Current directory>\ViEQ.ico
- %TEMP%\HCkAscwo.bat
- <Current directory>\NuQA.ico
- <Current directory>\vIws.exe
- <Current directory>\wYAw.ico
- <Current directory>\ugYa.exe
- <Current directory>\uaAM.ico
- <Current directory>\mcYi.exe
- <Current directory>\CkgK.exe
- <Current directory>\LkgI.ico
- <Current directory>\Eggo.exe
- <Current directory>\iyUs.ico
- <Current directory>\eIIS.exe
- <Current directory>\IQQA.ico
- <Current directory>\xEsa.exe
- <Current directory>\lwAw.ico
- <Current directory>\TEYu.exe
- <Current directory>\PwEc.exe
- %TEMP%\KwMwAUQk.bat
- <Current directory>\wkMC.exe
- <Current directory>\lqkU.ico
- <Current directory>\sIgu.exe
- <Current directory>\fesM.ico
- %TEMP%\EUowAYsI.bat
- <Current directory>\eWQo.ico
- <Current directory>\MQcg.ico
- <Current directory>\SQIo.ico
- <Current directory>\wAUA.exe
- <Current directory>\jCkM.ico
- <Current directory>\YYIk.exe
- <Current directory>\Agks.ico
- <Current directory>\MAwU.exe
- <Current directory>\WWsQ.ico
- <Current directory>\mQQC.exe
- <Current directory>\feYo.ico
- <Current directory>\BEIW.exe
- <Current directory>\cwgg.ico
- <Current directory>\Hcww.exe
- <Current directory>\XUIC.exe
- <Current directory>\TGEg.ico
- %TEMP%\oSEgsswI.bat
- <Current directory>\rCso.ico
- <Current directory>\sIcy.exe
- <Current directory>\kUIg.exe
- <Current directory>\gYQc.ico
- <Current directory>\LMkq.exe
- <Current directory>\lEsI.ico
- <Current directory>\qsAa.exe
- <Current directory>\tuYY.ico
- <Current directory>\wMAs.exe
- <Current directory>\ZOkA.ico
- <Current directory>\wEkY.exe
- <Current directory>\ncAA.exe
- <Current directory>\hwkw.ico
- <Current directory>\QQoA.exe
- <Current directory>\XaEg.ico
- <Current directory>\NQkA.exe
- <Current directory>\aqQs.ico
- <Current directory>\gcgS.exe
- <Current directory>\OiIg.ico
- <Current directory>\FuIQ.ico
- <Current directory>\bogs.ico
- <Current directory>\Gwok.exe
- <Current directory>\EwEQ.ico
- <Current directory>\pYAK.exe
- <Current directory>\QYkg.ico
- <Current directory>\qsUM.exe
- <Current directory>\sekU.ico
- <Current directory>\fwsc.exe
- <Current directory>\bcIY.ico
- <Current directory>\YUoy.exe
- <Current directory>\ciUw.ico
- <Current directory>\HwEC.exe
- <Current directory>\sgMg.ico
- <Current directory>\mcQo.exe
- <Current directory>\DUUU.ico
- <Current directory>\PEMI.exe
- <Current directory>\nkQO.exe
- <Current directory>\OEsM.ico
- <Current directory>\asQe.exe
- <Current directory>\CMMg.ico
- <Current directory>\ZgAa.exe
- <Current directory>\zMgE.exe
- <Current directory>\zCEg.ico
- %TEMP%\vSowAEcY.bat
- <Current directory>\lyUQ.ico
- <Current directory>\Xcso.ico
- %TEMP%\FGQscsIg.bat
- <Current directory>\aSEs.ico
- <Current directory>\zAgI.ico
- <Current directory>\zQAY.exe
- <Current directory>\cYkA.exe
- <Current directory>\QOMM.ico
- <Current directory>\SkIA.exe
- <Current directory>\SacA.ico
- <Current directory>\ogYM.exe
- <Current directory>\IUoe.exe
- <Current directory>\rWIQ.ico
- <Current directory>\lUoi.exe
- <Current directory>\qWcc.ico
- <Current directory>\ZYQo.exe
- <Current directory>\beAY.ico
- <Current directory>\fIMM.exe
- <Current directory>\AUAM.ico
- %TEMP%\gQwsgUwM.bat
- <Current directory>\FysY.ico
- <Current directory>\TwsA.ico
- <Current directory>\xwcI.exe
- <Current directory>\socy.exe
- <Current directory>\wYoo.ico
- <Current directory>\DQwC.exe
- <Current directory>\vAos.ico
- <Current directory>\towq.exe
- <Current directory>\tkke.exe
- <Current directory>\HIkU.ico
- <Current directory>\Nswa.exe
- <Current directory>\zcsg.ico
- <Current directory>\UYwK.exe
- <Current directory>\gywg.ico
- <Current directory>\YoIq.exe
- <Current directory>\wmAc.ico
- <Current directory>\tsUA.exe
- %TEMP%\DaIEEgYA.bat
- <Current directory>\CwQo.ico
- <Current directory>\pOYQ.ico
- <Current directory>\xEcg.exe
- <Current directory>\jEgU.exe
- <Current directory>\qAYQ.ico
- <Current directory>\GAUY.exe
- <Current directory>\SyMk.ico
- <Current directory>\ucYs.exe
- <Current directory>\Wckq.exe
- <Current directory>\nQQA.ico
- %TEMP%\gcYYcsYI.bat
- <Current directory>\HAgY.ico
- <Current directory>\uMMC.exe
- <Current directory>\XmwQ.ico
- <Current directory>\kkEG.exe
- <Current directory>\iGEc.ico
- <Current directory>\YYEQ.exe
- <Current directory>\ZYUM.ico
- <Current directory>\kgIG.exe
- <Current directory>\bEEw.ico
- <Current directory>\RoQG.exe
- <Current directory>\Pwcg.ico
- <Current directory>\vkMi.exe
- <Current directory>\ngEM.ico
- <Current directory>\ZSgE.ico
- <Current directory>\JOcE.ico
- <Current directory>\OIAO.exe
- <Current directory>\dsou.exe
- %TEMP%\QSkAIgcs.bat
- <Current directory>\UOMI.ico
- <Current directory>\qcIo.exe
- <Current directory>\VSsg.ico
- <Current directory>\EsIQ.exe
- <Current directory>\oAcK.exe
- <Current directory>\lCoA.ico
- <Current directory>\uggq.exe
- <Current directory>\wYcy.exe
- %TEMP%\yYwwUUkA.bat
- %TEMP%\QWsQcMYw.bat
- <Current directory>\aSMs.ico
- <Current directory>\OsEU.ico
- <Current directory>\CwUK.exe
- <Current directory>\kaMQ.ico
- %TEMP%\AYUQQUUU.bat
- %TEMP%\xYIgsEQE.bat
- <Current directory>\yOIM.ico
- <Current directory>\kUgO.exe
- <Current directory>\TCgQ.ico
- <Current directory>\UMgU.exe
- <Current directory>\fEgw.ico
- <Current directory>\LAca.exe
- from C:\RCXDB97.tmp to <Current directory>\rscY.exe
- from C:\RCXDA00.tmp to <Current directory>\kQsY.exe
- from C:\RCXDFCD.tmp to <Current directory>\TcYg.exe
- from C:\RCXDCEF.tmp to <Current directory>\Fkou.exe
- from C:\RCXD2DC.tmp to <Current directory>\uQEI.exe
- from C:\RCXD0AA.tmp to <Current directory>\HMUy.exe
- from C:\RCXD899.tmp to <Current directory>\pYgq.exe
- from C:\RCXD492.tmp to <Current directory>\doAA.exe
- from C:\RCXE7FE.tmp to <Current directory>\xQAg.exe
- from C:\RCXE6C5.tmp to <Current directory>\tkks.exe
- from C:\RCXEAAE.tmp to <Current directory>\tUcu.exe
- from C:\RCXE956.tmp to <Current directory>\wgwW.exe
- from C:\RCXE24F.tmp to <Current directory>\hAkK.exe
- from C:\RCXE0D8.tmp to <Current directory>\egwO.exe
- from C:\RCXE55D.tmp to <Current directory>\LsQM.exe
- from C:\RCXE3D6.tmp to <Current directory>\gQQg.exe
- from C:\RCXBB2B.tmp to <Current directory>\Rowc.exe
- from C:\RCXBA21.tmp to <Current directory>\NccW.exe
- from C:\RCXBFCF.tmp to <Current directory>\mgQg.exe
- from C:\RCXBD1F.tmp to <Current directory>\bkMw.exe
- from C:\RCXB3B8.tmp to <Current directory>\eoUW.exe
- from C:\RCXB202.tmp to <Current directory>\lMwQ.exe
- from C:\RCXB946.tmp to <Current directory>\gUAC.exe
- from C:\RCXB87A.tmp to <Current directory>\wMoK.exe
- from C:\RCXCB4A.tmp to <Current directory>\IUEC.exe
- from C:\RCXCA11.tmp to <Current directory>\xkQU.exe
- from C:\RCXCE58.tmp to <Current directory>\RYYC.exe
- from C:\RCXCD0F.tmp to <Current directory>\qYYE.exe
- from C:\RCXC57C.tmp to <Current directory>\uwMQ.exe
- from C:\RCXC211.tmp to <Current directory>\nsIS.exe
- from C:\RCXC916.tmp to <Current directory>\HUgm.exe
- from C:\RCXC83B.tmp to <Current directory>\Kgcq.exe
- from C:\RCXEC26.tmp to <Current directory>\Eggo.exe
- from C:\RCX10DB.tmp to <Current directory>\ysEc.exe
- from C:\RCXFD1.tmp to <Current directory>\wEgc.exe
- from C:\RCX1437.tmp to <Current directory>\OYQK.exe
- from C:\RCX12FE.tmp to <Current directory>\LoAS.exe
- from C:\RCXACF.tmp to <Current directory>\VgEa.exe
- from C:\RCX87D.tmp to <Current directory>\qcwK.exe
- from C:\RCXEB7.tmp to <Current directory>\lkca.exe
- from C:\RCXD40.tmp to <Current directory>\AUQW.exe
- from C:\RCX1CD5.tmp to <Current directory>\gccQ.exe
- from C:\RCX1B7D.tmp to <Current directory>\Acwk.exe
- from C:\RCX2159.tmp to <Current directory>\CkIm.exe
- from C:\RCX1E5C.tmp to <Current directory>\xMQA.exe
- from C:\RCX167A.tmp to <Current directory>\FAwU.exe
- from C:\RCX1503.tmp to <Current directory>\Koow.exe
- from C:\RCX18AE.tmp to <Current directory>\ZMkY.exe
- from C:\RCX1756.tmp to <Current directory>\uwoa.exe
- from C:\RCXF955.tmp to <Current directory>\ugYa.exe
- from C:\RCXF3D8.tmp to <Current directory>\PgMc.exe
- from C:\RCXFBD7.tmp to <Current directory>\TEYu.exe
- from C:\RCXFA31.tmp to <Current directory>\vIws.exe
- from C:\RCXEF05.tmp to <Current directory>\xEsa.exe
- from C:\RCXED20.tmp to <Current directory>\CkgK.exe
- from C:\RCXF242.tmp to <Current directory>\mcYi.exe
- from C:\RCXF04D.tmp to <Current directory>\eIIS.exe
- from C:\RCX436.tmp to <Current directory>\PwEc.exe
- from C:\RCX232.tmp to <Current directory>\wkMC.exe
- from C:\RCX754.tmp to <Current directory>\wMQk.exe
- from C:\RCX56F.tmp to <Current directory>\sIgu.exe
- from C:\RCXFE2A.tmp to <Current directory>\wAUA.exe
- from C:\RCXFD6D.tmp to <Current directory>\YYIk.exe
- from C:\RCXCA.tmp to <Current directory>\MAwU.exe
- from C:\RCXFF63.tmp to <Current directory>\mQQC.exe
- from C:\RCX3DDF.tmp to <Current directory>\Hcww.exe
- from C:\RCX3B20.tmp to <Current directory>\sIcy.exe
- from C:\RCX4715.tmp to <Current directory>\XUIC.exe
- from C:\RCX43BA.tmp to <Current directory>\BEIW.exe
- from C:\RCX3727.tmp to <Current directory>\kUIg.exe
- from C:\RCX35B0.tmp to <Current directory>\LMkq.exe
- from C:\RCX3A45.tmp to <Current directory>\qsAa.exe
- from C:\RCX38BE.tmp to <Current directory>\wMAs.exe
- from C:\RCX5280.tmp to <Current directory>\QQoA.exe
- from C:\RCX5166.tmp to <Current directory>\qsUM.exe
- from C:\RCX5669.tmp to <Current directory>\gcgS.exe
- from C:\RCX5493.tmp to <Current directory>\ncAA.exe
- from C:\RCX49B6.tmp to <Current directory>\pYAK.exe
- from C:\RCX48CB.tmp to <Current directory>\wEkY.exe
- from C:\RCX4FC0.tmp to <Current directory>\fwsc.exe
- from C:\RCX4BAA.tmp to <Current directory>\Gwok.exe
- from C:\RCXDBB.tmp to <Current directory>\YUoy.exe
- from C:\RCX9B4.tmp to <Current directory>\HwEC.exe
- from C:\RCX1AA8.tmp to <Current directory>\mcQo.exe
- from C:\RCX1682.tmp to <Current directory>\PEMI.exe
- from C:\RCXFC49.tmp to <Current directory>\asQe.exe
- from C:\RCXF749.tmp to <Current directory>\ZgAa.exe
- from C:\RCX5DC.tmp to <Current directory>\nkQO.exe
- from C:\RCXFEF9.tmp to <Current directory>\zMgE.exe
- from C:\RCX2E7C.tmp to <Current directory>\zQAY.exe
- from C:\RCX2D05.tmp to <Current directory>\ogYM.exe
- from C:\RCX3236.tmp to <Current directory>\cYkA.exe
- from C:\RCX3080.tmp to <Current directory>\SkIA.exe
- from C:\RCX2600.tmp to <Current directory>\IUoe.exe
- from C:\RCX1E61.tmp to <Current directory>\lUoi.exe
- from C:\RCX2BAC.tmp to <Current directory>\ZYQo.exe
- from C:\RCX2890.tmp to <Current directory>\fIMM.exe
- from C:\RCX5966.tmp to <Current directory>\NQkA.exe
- from C:\RCX9727.tmp to <Current directory>\DQwC.exe
- from C:\RCX9562.tmp to <Current directory>\xwcI.exe
- from C:\RCX9C09.tmp to <Current directory>\tsUA.exe
- from C:\RCX9AB1.tmp to <Current directory>\socy.exe
- from C:\RCX8EF9.tmp to <Current directory>\YoIq.exe
- from C:\RCX8B8E.tmp to <Current directory>\tkke.exe
- from C:\RCX92F1.tmp to <Current directory>\towq.exe
- from C:\RCX909F.tmp to <Current directory>\UYwK.exe
- from C:\RCXAAEE.tmp to <Current directory>\GAUY.exe
- from C:\RCXA84E.tmp to <Current directory>\xEcg.exe
- from C:\RCXAF53.tmp to <Current directory>\wcsk.exe
- from C:\RCXAC07.tmp to <Current directory>\jEgU.exe
- from C:\RCXA168.tmp to <Current directory>\kkEG.exe
- from C:\RCX9F55.tmp to <Current directory>\Wckq.exe
- from C:\RCXA3CA.tmp to <Current directory>\ucYs.exe
- from C:\RCXA2B1.tmp to <Current directory>\uMMC.exe
- from C:\RCX658C.tmp to <Current directory>\YYEQ.exe
- from C:\RCX6398.tmp to <Current directory>\kgIG.exe
- from C:\RCX6AAD.tmp to <Current directory>\RoQG.exe
- from C:\RCX6974.tmp to <Current directory>\vkMi.exe
- from C:\RCX5C36.tmp to <Current directory>\OIAO.exe
- from C:\RCX5B5A.tmp to <Current directory>\dsou.exe
- from C:\RCX61D3.tmp to <Current directory>\qcIo.exe
- from C:\RCX5DDC.tmp to <Current directory>\EsIQ.exe
- from C:\RCX7BA4.tmp to <Current directory>\uggq.exe
- from C:\RCX7961.tmp to <Current directory>\wYcy.exe
- from C:\RCX89B9.tmp to <Current directory>\Nswa.exe
- from C:\RCX7EDF.tmp to <Current directory>\CwUK.exe
- from C:\RCX6D2E.tmp to <Current directory>\kUgO.exe
- from C:\RCX6C15.tmp to <Current directory>\oAcK.exe
- from C:\RCX7867.tmp to <Current directory>\UMgU.exe
- from C:\RCX76E0.tmp to <Current directory>\LAca.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'GocwIYEU.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'rSYkcwMw.exe'