Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- '<SYSTEM32>\conhost.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' 0xb5c <Virus name>.exe
- '<SYSTEM32>\conhost.exe' /c ""%TEMP%\ykssQkMQ.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=0xb5c /log
- '<SYSTEM32>\cscript.exe' /pid=0x654 /log
- '<SYSTEM32>\taskhost.exe'
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\riksQIkY.bat" "<Full path to virus>""
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\taskhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cscript.exe' <LS_APPDATA>\Temp/file.vbs
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\jkEcsIgQ.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' <LS_APPDATA>\Temp/file.vbs
- <Current directory>\scww.exe
- C:\RCXDAF8.tmp
- %TEMP%\FsgEEIQM.bat
- C:\RCXD952.tmp
- %TEMP%\hUUEwMwg.bat
- <Current directory>\VGsw.ico
- <Current directory>\jgMU.ico
- <Current directory>\fQQa.exe
- C:\RCXDF7C.tmp
- <Current directory>\dMEA.ico
- <Current directory>\Ookc.exe
- C:\RCXDD98.tmp
- <Current directory>\oMci.exe
- <Current directory>\PAYM.exe
- C:\RCXD308.tmp
- <Current directory>\ycQA.ico
- <Current directory>\uYYS.exe
- C:\RCXD22C.tmp
- <Current directory>\qMcU.ico
- <Current directory>\dQAs.exe
- C:\RCXD693.tmp
- <Current directory>\HWwA.ico
- <Current directory>\dEUw.exe
- C:\RCXD3F3.tmp
- <Current directory>\JQkc.ico
- <Current directory>\uoIY.ico
- C:\RCXEB16.tmp
- <Current directory>\lOgQ.ico
- %TEMP%\MeUsAsAA.bat
- C:\RCXE9CE.tmp
- <Current directory>\yUAE.ico
- <Current directory>\aQoC.exe
- <Current directory>\zwIS.exe
- C:\RCXF075.tmp
- %TEMP%\YewYossA.bat
- <Current directory>\XcMe.exe
- C:\RCXED68.tmp
- <Current directory>\QaUU.ico
- <Current directory>\QEEy.exe
- <Current directory>\CIgs.exe
- C:\RCXE365.tmp
- <Current directory>\duIs.ico
- <Current directory>\uUsI.exe
- C:\RCXE161.tmp
- <Current directory>\mKQM.ico
- <Current directory>\PkgE.exe
- C:\RCXE8A4.tmp
- <Current directory>\zuko.ico
- <Current directory>\UgAQ.exe
- C:\RCXE559.tmp
- <Current directory>\nggU.ico
- <Current directory>\mMgI.exe
- C:\RCXBDC7.tmp
- <Current directory>\HqEU.ico
- <Current directory>\hYMo.exe
- C:\RCXBCBD.tmp
- <Current directory>\jYUc.ico
- <Current directory>\qoUu.exe
- C:\RCXC113.tmp
- <Current directory>\pSgY.ico
- <Current directory>\TMEe.exe
- C:\RCXBF5E.tmp
- <Current directory>\UksU.ico
- <Current directory>\iQsU.ico
- <Current directory>\Ucsg.ico
- <Current directory>\iwYK.exe
- C:\RCXB7AB.tmp
- <Current directory>\yqEA.ico
- <Current directory>\Dosm.exe
- C:\RCXB5D6.tmp
- <Current directory>\RQco.ico
- <Current directory>\IcQq.exe
- C:\RCXBB17.tmp
- <Current directory>\oEME.ico
- <Current directory>\YoMA.exe
- C:\RCXB903.tmp
- %TEMP%\awEUswUY.bat
- <Current directory>\kEsm.exe
- C:\RCXCC7F.tmp
- <Current directory>\uywU.ico
- <Current directory>\KAUO.exe
- C:\RCXCAB9.tmp
- <Current directory>\fEIk.ico
- <Current directory>\BgMM.exe
- C:\RCXD170.tmp
- <Current directory>\JiUQ.ico
- <Current directory>\zkcS.exe
- C:\RCXCEB1.tmp
- <Current directory>\xwUo.ico
- <Current directory>\Quwg.ico
- <Current directory>\swEm.exe
- C:\RCXC4FC.tmp
- <Current directory>\FaQw.ico
- <Current directory>\Gowq.exe
- C:\RCXC356.tmp
- <Current directory>\skwQ.ico
- <Current directory>\jUwE.ico
- <Current directory>\YAUs.exe
- C:\RCXC858.tmp
- %TEMP%\IecYoYUQ.bat
- <Current directory>\KcUq.exe
- C:\RCXC5E7.tmp
- <Current directory>\kIYY.ico
- <Current directory>\uMgY.ico
- %TEMP%\kOAkQcMQ.bat
- <Current directory>\nswW.exe
- <Current directory>\iYIQ.ico
- <Current directory>\hsUE.exe
- C:\RCX150B.tmp
- <Current directory>\jUIc.exe
- C:\RCX1AC8.tmp
- <Current directory>\owQo.ico
- C:\RCX175D.tmp
- %TEMP%\riksQIkY.bat
- <Current directory>\YsEw.ico
- C:\RCX1430.tmp
- C:\RCXF3D.tmp
- <Current directory>\EgIM.ico
- <Current directory>\FEQc.exe
- C:\RCXDC6.tmp
- <Current directory>\zYsw.ico
- <Current directory>\gYwk.exe
- C:\RCX1374.tmp
- <Current directory>\TAoA.ico
- <Current directory>\ooMI.exe
- C:\RCX11ED.tmp
- <Current directory>\xagY.ico
- <Current directory>\HoEe.exe
- <Current directory>\rUsc.exe
- <Current directory>\iSMQ.ico
- <Current directory>\ukso.exe
- C:\RCX254A.tmp
- <Current directory>\WiwY.ico
- <Current directory>\twkS.exe
- C:\RCX2402.tmp
- <Current directory>\KqEg.ico
- <Current directory>\oUoo.exe
- C:\RCX28D5.tmp
- <Current directory>\VWYQ.ico
- <Current directory>\ykUy.exe
- C:\RCX2635.tmp
- C:\RCX228A.tmp
- C:\RCX1E34.tmp
- <Current directory>\mecI.ico
- <Current directory>\PIss.exe
- C:\RCX1BD2.tmp
- <Current directory>\FqcA.ico
- <Current directory>\WIwE.exe
- C:\RCX2142.tmp
- <Current directory>\QKUs.ico
- <Current directory>\DUcE.exe
- C:\RCX1F6D.tmp
- <Current directory>\mOUM.ico
- <Current directory>\JYIE.exe
- C:\RCXFA0C.tmp
- <Current directory>\aEMM.ico
- <Current directory>\EMkS.exe
- C:\RCXF8D3.tmp
- <Current directory>\RWMQ.ico
- <Current directory>\HUQs.exe
- C:\RCXFC01.tmp
- <Current directory>\QIAE.ico
- <Current directory>\ucYE.exe
- C:\RCXFAF7.tmp
- <Current directory>\RqQw.ico
- <Current directory>\kYII.exe
- <Current directory>\lwQM.exe
- <Current directory>\VEsq.exe
- C:\RCXF3E1.tmp
- <Current directory>\dyQI.ico
- <Current directory>\sggO.exe
- C:\RCXF2F6.tmp
- <Current directory>\FmIg.ico
- <Current directory>\vUUU.exe
- C:\RCXF6B0.tmp
- <Current directory>\uAYE.ico
- <Current directory>\YMYE.exe
- C:\RCXF587.tmp
- <Current directory>\HecQ.ico
- C:\RCXFD3A.tmp
- C:\RCX931.tmp
- <Current directory>\nKMo.ico
- <Current directory>\lIkK.exe
- C:\RCX70E.tmp
- <Current directory>\zicw.ico
- <Current directory>\bcAQ.exe
- C:\RCXC10.tmp
- <Current directory>\ZmQQ.ico
- <Current directory>\lAky.exe
- C:\RCXAC8.tmp
- <Current directory>\hOkc.ico
- <Current directory>\dYAq.exe
- <Current directory>\UkkM.exe
- <Current directory>\fKEY.ico
- <Current directory>\QoEO.exe
- %TEMP%\vGMQUQwc.bat
- <Current directory>\Jews.ico
- <Current directory>\JUUc.exe
- C:\RCXE3.tmp
- C:\RCX430.tmp
- %TEMP%\UeMUsgoQ.bat
- <Current directory>\Uecs.ico
- C:\RCX24B.tmp
- <Current directory>\gAEw.ico
- <Current directory>\KAIW.exe
- C:\RCX56A9.tmp
- <Current directory>\LYQk.ico
- <Current directory>\UEoo.exe
- C:\RCX52A3.tmp
- <Current directory>\AmQI.ico
- <Current directory>\rUca.exe
- C:\RCX5979.tmp
- <Current directory>\Jksg.ico
- <Current directory>\iwUK.exe
- C:\RCX5802.tmp
- <Current directory>\JScA.ico
- <Current directory>\uIsA.exe
- <Current directory>\ukIy.exe
- <Current directory>\gYEY.exe
- C:\RCX4CD6.tmp
- <Current directory>\KEUM.ico
- <Current directory>\FEoy.exe
- C:\RCX4A46.tmp
- <Current directory>\zeIY.ico
- <Current directory>\pgkG.exe
- C:\RCX5013.tmp
- <Current directory>\riEY.ico
- <Current directory>\aUwi.exe
- C:\RCX4E9B.tmp
- <Current directory>\ZoMg.ico
- C:\RCX5C09.tmp
- C:\RCX68F9.tmp
- <Current directory>\HoYI.ico
- <Current directory>\EYcC.exe
- C:\RCX6772.tmp
- <Current directory>\ZKIs.ico
- <Current directory>\rsYu.exe
- C:\RCX6EA6.tmp
- <Current directory>\AeAI.ico
- <Current directory>\ZgAQ.exe
- C:\RCX6D5E.tmp
- <Current directory>\NEYs.ico
- <Current directory>\tMwC.exe
- <Current directory>\hgYS.exe
- C:\RCX60AC.tmp
- <Current directory>\oyEk.ico
- <Current directory>\KEsw.exe
- <Current directory>\DEUo.ico
- %TEMP%\dcYUksEY.bat
- <Current directory>\mssG.exe
- <Current directory>\SQMC.exe
- C:\RCX65FB.tmp
- <Current directory>\qiQs.ico
- %TEMP%\jkEcsIgQ.bat
- C:\RCX637A.tmp
- <Current directory>\gCwo.ico
- %TEMP%\qkMEMAYc.bat
- <Current directory>\<Virus name>
- C:\RCX32B6.tmp
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- <Current directory>\zSsg.ico
- <Current directory>\yocw.exe
- C:\RCX3537.tmp
- %TEMP%\file.vbs
- <Current directory>\wAsc.ico
- %TEMP%\BOUgosYc.bat
- <Current directory>\YGMY.ico
- <Current directory>\WIkM.exe
- C:\RCX2FE7.tmp
- C:\ProgramData\kaog.txt
- <Current directory>\eMYc.ico
- <Current directory>\XcUa.exe
- %HOMEPATH%\CaIocokM\GocwIYEU
- C:\ProgramData\sIAowgok\rSYkcwMw
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- C:\RCX2EAE.tmp
- <Current directory>\RMck.ico
- <Current directory>\wIcE.exe
- C:\RCX2CD9.tmp
- <Current directory>\jUIM.ico
- <Current directory>\iIgk.exe
- <Current directory>\gkUG.exe
- <Current directory>\sAUw.ico
- <Current directory>\pcwU.exe
- C:\RCX4600.tmp
- <Current directory>\imEI.ico
- <Current directory>\ncwO.exe
- C:\RCX43BD.tmp
- C:\RCX4758.tmp
- <Current directory>\hgog.ico
- %TEMP%\qKMkYQsY.bat
- <Current directory>\VWcE.ico
- %TEMP%\ZCEwYwcc.bat
- <Current directory>\PYIC.exe
- C:\RCX41AA.tmp
- C:\RCX3C1B.tmp
- <Current directory>\lkIU.ico
- <Current directory>\icAK.exe
- C:\RCX37E6.tmp
- <Current directory>\GUUM.ico
- <Current directory>\BoYo.exe
- C:\RCX4013.tmp
- <Current directory>\rgUs.ico
- <Current directory>\IAky.exe
- C:\RCX3E4E.tmp
- <Current directory>\ksEU.ico
- <Current directory>\ZQsI.exe
- C:\RCX708B.tmp
- C:\RCX9E83.tmp
- <Current directory>\AiMI.ico
- <Current directory>\hIUG.exe
- C:\RCX9DD6.tmp
- <Current directory>\jKYg.ico
- <Current directory>\GEUS.exe
- C:\RCXA317.tmp
- <Current directory>\IwMS.exe
- C:\RCXA48E.tmp
- C:\RCXA0A6.tmp
- <Current directory>\uagM.ico
- <Current directory>\Fssm.exe
- <Current directory>\sMMe.exe
- C:\RCX9403.tmp
- %TEMP%\ykssQkMQ.bat
- <Current directory>\cmUA.ico
- %TEMP%\xSYgkwMI.bat
- <Current directory>\lqII.ico
- <Current directory>\mcIw.exe
- <Current directory>\eUwC.exe
- C:\RCX9CAD.tmp
- <Current directory>\TCQQ.ico
- <Current directory>\GUQe.exe
- C:\RCX98B6.tmp
- <Current directory>\OqoI.ico
- <Current directory>\XGEM.ico
- <Current directory>\KMEi.exe
- C:\RCXAE25.tmp
- %TEMP%\sIsYsAoc.bat
- C:\RCXACEC.tmp
- %TEMP%\ZskMIsAY.bat
- <Current directory>\zKAc.ico
- <Current directory>\kqog.ico
- <Current directory>\mMca.exe
- C:\RCXB44F.tmp
- <Current directory>\KUEQ.ico
- <Current directory>\tUcQ.exe
- C:\RCXB2E7.tmp
- <Current directory>\uUUM.exe
- <Current directory>\ckYm.exe
- C:\RCXA6E1.tmp
- <Current directory>\riIs.ico
- <Current directory>\HcIm.exe
- C:\RCXA5A8.tmp
- <Current directory>\awUM.ico
- <Current directory>\dUIm.exe
- C:\RCXAB75.tmp
- <Current directory>\Ekwc.ico
- <Current directory>\BcsK.exe
- C:\RCXA868.tmp
- <Current directory>\SYEg.ico
- <Current directory>\agsM.ico
- <Current directory>\vkYY.exe
- C:\RCX7CB1.tmp
- %TEMP%\yUAwMQEQ.bat
- <Current directory>\yYAA.exe
- C:\RCX7ABD.tmp
- C:\RCX7F22.tmp
- <Current directory>\RiEI.ico
- <Current directory>\IYwc.exe
- %TEMP%\AeEgEEYQ.bat
- <Current directory>\twgs.ico
- <Current directory>\kwgY.exe
- <Current directory>\sMcQ.ico
- <Current directory>\nKUM.ico
- <Current directory>\isUa.exe
- C:\RCX74B2.tmp
- <Current directory>\XkEM.ico
- <Current directory>\cQQC.exe
- C:\RCX7241.tmp
- <Current directory>\iUYo.ico
- <Current directory>\PoEo.exe
- C:\RCX78E8.tmp
- <Current directory>\YeAA.ico
- <Current directory>\FsUS.exe
- C:\RCX7639.tmp
- C:\RCX807A.tmp
- <Current directory>\wMAo.exe
- C:\RCX8DE8.tmp
- <Auxiliary element>
- <Current directory>\MgoK.exe
- C:\RCX89B3.tmp
- <Current directory>\nWgQ.ico
- <Current directory>\aIYA.ico
- <Current directory>\HAkq.exe
- C:\RCX922E.tmp
- <Current directory>\sIwQ.ico
- <Current directory>\JYAG.exe
- C:\RCX8FFC.tmp
- <Current directory>\YCwM.ico
- <Current directory>\uYUQ.ico
- <Current directory>\vIcG.exe
- C:\RCX83F6.tmp
- <Current directory>\PCAM.ico
- <Current directory>\cYAy.exe
- C:\RCX81E2.tmp
- <Current directory>\IgAY.ico
- <Current directory>\HoYK.exe
- C:\RCX87BF.tmp
- <Current directory>\bUks.ico
- <Current directory>\vwse.exe
- C:\RCX8628.tmp
- <Current directory>\scww.exe
- <Current directory>\dMEA.ico
- %TEMP%\hUUEwMwg.bat
- <Current directory>\VGsw.ico
- <Current directory>\fQQa.exe
- <Current directory>\uoIY.ico
- <Current directory>\Ookc.exe
- <Current directory>\jgMU.ico
- <Current directory>\ycQA.ico
- <Current directory>\dEUw.exe
- <Current directory>\qMcU.ico
- <Current directory>\PAYM.exe
- <Current directory>\HWwA.ico
- <Current directory>\oMci.exe
- <Current directory>\JQkc.ico
- <Current directory>\dQAs.exe
- <Current directory>\uUsI.exe
- %TEMP%\MeUsAsAA.bat
- <Current directory>\lOgQ.ico
- <Current directory>\yUAE.ico
- <Current directory>\aQoC.exe
- <Current directory>\QaUU.ico
- <Current directory>\zwIS.exe
- <Current directory>\XcMe.exe
- %TEMP%\FsgEEIQM.bat
- <Current directory>\duIs.ico
- <Current directory>\UgAQ.exe
- <Current directory>\mKQM.ico
- <Current directory>\CIgs.exe
- <Current directory>\zuko.ico
- <Current directory>\QEEy.exe
- <Current directory>\nggU.ico
- <Current directory>\PkgE.exe
- <Current directory>\HqEU.ico
- <Current directory>\TMEe.exe
- <Current directory>\jYUc.ico
- <Current directory>\mMgI.exe
- <Current directory>\pSgY.ico
- <Current directory>\Gowq.exe
- <Current directory>\UksU.ico
- <Current directory>\qoUu.exe
- <Current directory>\oEME.ico
- <Current directory>\YoMA.exe
- <Current directory>\Ucsg.ico
- <Current directory>\iwYK.exe
- <Current directory>\iQsU.ico
- <Current directory>\hYMo.exe
- <Current directory>\RQco.ico
- <Current directory>\IcQq.exe
- %TEMP%\awEUswUY.bat
- <Current directory>\uywU.ico
- <Current directory>\zkcS.exe
- <Current directory>\fEIk.ico
- <Current directory>\kEsm.exe
- <Current directory>\JiUQ.ico
- <Current directory>\uYYS.exe
- <Current directory>\xwUo.ico
- <Current directory>\BgMM.exe
- <Current directory>\FaQw.ico
- <Current directory>\KcUq.exe
- <Current directory>\skwQ.ico
- <Current directory>\swEm.exe
- <Current directory>\Quwg.ico
- <Current directory>\KAUO.exe
- <Current directory>\jUwE.ico
- <Current directory>\YAUs.exe
- <Current directory>\kIYY.ico
- <Current directory>\hsUE.exe
- %TEMP%\UeMUsgoQ.bat
- <Current directory>\ooMI.exe
- <Current directory>\iYIQ.ico
- <Current directory>\nswW.exe
- <Current directory>\YsEw.ico
- %TEMP%\kOAkQcMQ.bat
- <Current directory>\uMgY.ico
- <Current directory>\gYwk.exe
- <Current directory>\EgIM.ico
- <Current directory>\lAky.exe
- <Current directory>\zYsw.ico
- <Current directory>\HoEe.exe
- <Current directory>\TAoA.ico
- <Current directory>\FEQc.exe
- <Current directory>\xagY.ico
- <Current directory>\jUIc.exe
- <Current directory>\WiwY.ico
- <Current directory>\twkS.exe
- <Current directory>\QKUs.ico
- <Current directory>\DUcE.exe
- <Current directory>\VWYQ.ico
- <Current directory>\ykUy.exe
- <Current directory>\iSMQ.ico
- <Current directory>\ukso.exe
- <Current directory>\FqcA.ico
- <Current directory>\WIwE.exe
- <Current directory>\owQo.ico
- <Current directory>\rUsc.exe
- <Current directory>\mOUM.ico
- <Current directory>\JYIE.exe
- <Current directory>\mecI.ico
- <Current directory>\PIss.exe
- <Current directory>\HUQs.exe
- <Current directory>\aEMM.ico
- <Current directory>\lwQM.exe
- <Current directory>\RWMQ.ico
- <Current directory>\kYII.exe
- <Current directory>\QIAE.ico
- <Current directory>\EMkS.exe
- <Current directory>\RqQw.ico
- <Current directory>\VEsq.exe
- <Current directory>\dyQI.ico
- <Current directory>\sggO.exe
- <Current directory>\FmIg.ico
- <Current directory>\vUUU.exe
- <Current directory>\uAYE.ico
- <Current directory>\YMYE.exe
- <Current directory>\HecQ.ico
- <Current directory>\ucYE.exe
- <Current directory>\bcAQ.exe
- <Current directory>\nKMo.ico
- <Current directory>\UkkM.exe
- <Current directory>\zicw.ico
- <Current directory>\dYAq.exe
- <Current directory>\ZmQQ.ico
- <Current directory>\lIkK.exe
- <Current directory>\hOkc.ico
- <Current directory>\fKEY.ico
- <Current directory>\QoEO.exe
- <Current directory>\Jews.ico
- <Current directory>\JUUc.exe
- <Current directory>\KAIW.exe
- <Current directory>\Uecs.ico
- %TEMP%\vGMQUQwc.bat
- <Current directory>\gAEw.ico
- <Current directory>\uIsA.exe
- <Current directory>\Jksg.ico
- <Current directory>\UEoo.exe
- <Current directory>\JScA.ico
- <Current directory>\DEUo.ico
- <Current directory>\mssG.exe
- <Current directory>\iwUK.exe
- %TEMP%\dcYUksEY.bat
- <Current directory>\pgkG.exe
- <Current directory>\riEY.ico
- <Current directory>\aUwi.exe
- <Current directory>\ZoMg.ico
- <Current directory>\rUca.exe
- <Current directory>\LYQk.ico
- <Current directory>\ukIy.exe
- <Current directory>\AmQI.ico
- <Current directory>\oyEk.ico
- <Current directory>\tMwC.exe
- <Current directory>\AeAI.ico
- <Current directory>\EYcC.exe
- <Current directory>\NEYs.ico
- <Current directory>\cQQC.exe
- <Current directory>\nKUM.ico
- <Current directory>\ZgAQ.exe
- <Current directory>\XkEM.ico
- <Current directory>\SQMC.exe
- <Current directory>\qiQs.ico
- <Current directory>\KEsw.exe
- <Current directory>\gCwo.ico
- <Current directory>\rsYu.exe
- <Current directory>\HoYI.ico
- <Current directory>\hgYS.exe
- <Current directory>\ZKIs.ico
- <Current directory>\WIkM.exe
- <Current directory>\wAsc.ico
- %TEMP%\qkMEMAYc.bat
- <Current directory>\YGMY.ico
- <Current directory>\BoYo.exe
- <Current directory>\lkIU.ico
- <Current directory>\gkUG.exe
- <Current directory>\GUUM.ico
- <Current directory>\jUIM.ico
- <Current directory>\iIgk.exe
- <Current directory>\eMYc.ico
- <Current directory>\XcUa.exe
- <Current directory>\zSsg.ico
- <Current directory>\yocw.exe
- <Current directory>\RMck.ico
- <Current directory>\wIcE.exe
- <Current directory>\icAK.exe
- <Current directory>\PYIC.exe
- <Current directory>\hgog.ico
- %TEMP%\ZCEwYwcc.bat
- <Current directory>\VWcE.ico
- <Current directory>\gYEY.exe
- <Current directory>\KEUM.ico
- <Current directory>\FEoy.exe
- <Current directory>\zeIY.ico
- <Current directory>\rgUs.ico
- <Current directory>\IAky.exe
- <Current directory>\ksEU.ico
- <Current directory>\ZQsI.exe
- <Current directory>\sAUw.ico
- <Current directory>\pcwU.exe
- <Current directory>\imEI.ico
- <Current directory>\ncwO.exe
- <Current directory>\isUa.exe
- <Current directory>\uagM.ico
- <Current directory>\Fssm.exe
- <Current directory>\AiMI.ico
- <Current directory>\hIUG.exe
- <Current directory>\HcIm.exe
- <Current directory>\awUM.ico
- <Current directory>\IwMS.exe
- <Current directory>\XGEM.ico
- <Current directory>\OqoI.ico
- <Current directory>\eUwC.exe
- <Current directory>\cmUA.ico
- <Current directory>\GUQe.exe
- <Current directory>\jKYg.ico
- <Current directory>\GEUS.exe
- <Current directory>\TCQQ.ico
- <Current directory>\sMMe.exe
- <Current directory>\ckYm.exe
- <Current directory>\KUEQ.ico
- <Current directory>\tUcQ.exe
- <Current directory>\zKAc.ico
- <Current directory>\KMEi.exe
- <Current directory>\yqEA.ico
- <Current directory>\Dosm.exe
- <Current directory>\kqog.ico
- <Current directory>\mMca.exe
- <Current directory>\SYEg.ico
- <Current directory>\dUIm.exe
- <Current directory>\riIs.ico
- <Current directory>\BcsK.exe
- <Current directory>\uUUM.exe
- %TEMP%\ZskMIsAY.bat
- %TEMP%\ykssQkMQ.bat
- <Current directory>\Ekwc.ico
- <Current directory>\twgs.ico
- <Current directory>\kwgY.exe
- <Current directory>\agsM.ico
- <Current directory>\vkYY.exe
- <Current directory>\PCAM.ico
- <Current directory>\cYAy.exe
- <Current directory>\RiEI.ico
- <Current directory>\IYwc.exe
- %TEMP%\jkEcsIgQ.bat
- <Current directory>\iUYo.ico
- <Current directory>\YeAA.ico
- <Current directory>\FsUS.exe
- <Current directory>\yYAA.exe
- %TEMP%\yUAwMQEQ.bat
- <Current directory>\PoEo.exe
- <Current directory>\sMcQ.ico
- <Current directory>\uYUQ.ico
- <Current directory>\JYAG.exe
- <Current directory>\aIYA.ico
- <Current directory>\wMAo.exe
- <Current directory>\sIwQ.ico
- <Current directory>\lqII.ico
- <Current directory>\mcIw.exe
- <Current directory>\HAkq.exe
- %TEMP%\xSYgkwMI.bat
- <Current directory>\vwse.exe
- <Current directory>\IgAY.ico
- <Current directory>\vIcG.exe
- <Current directory>\bUks.ico
- <Current directory>\MgoK.exe
- <Current directory>\nWgQ.ico
- <Current directory>\HoYK.exe
- <Current directory>\YCwM.ico
- from C:\RCXDAF8.tmp to <Current directory>\scww.exe
- from C:\RCXDD98.tmp to <Current directory>\Ookc.exe
- from C:\RCXDF7C.tmp to <Current directory>\fQQa.exe
- from C:\RCXD952.tmp to <Current directory>\oMci.exe
- from C:\RCXD308.tmp to <Current directory>\PAYM.exe
- from C:\RCXD3F3.tmp to <Current directory>\dEUw.exe
- from C:\RCXD693.tmp to <Current directory>\dQAs.exe
- from C:\RCXE161.tmp to <Current directory>\uUsI.exe
- from C:\RCXEB16.tmp to <Current directory>\aQoC.exe
- from C:\RCXED68.tmp to <Current directory>\XcMe.exe
- from C:\RCXF075.tmp to <Current directory>\zwIS.exe
- from C:\RCXE9CE.tmp to <Current directory>\QEEy.exe
- from C:\RCXE365.tmp to <Current directory>\CIgs.exe
- from C:\RCXE559.tmp to <Current directory>\UgAQ.exe
- from C:\RCXE8A4.tmp to <Current directory>\PkgE.exe
- from C:\RCXD22C.tmp to <Current directory>\uYYS.exe
- from C:\RCXBDC7.tmp to <Current directory>\mMgI.exe
- from C:\RCXBF5E.tmp to <Current directory>\TMEe.exe
- from C:\RCXC113.tmp to <Current directory>\qoUu.exe
- from C:\RCXBCBD.tmp to <Current directory>\hYMo.exe
- from C:\RCXB7AB.tmp to <Current directory>\iwYK.exe
- from C:\RCXB903.tmp to <Current directory>\YoMA.exe
- from C:\RCXBB17.tmp to <Current directory>\IcQq.exe
- from C:\RCXC356.tmp to <Current directory>\Gowq.exe
- from C:\RCXCC7F.tmp to <Current directory>\kEsm.exe
- from C:\RCXCEB1.tmp to <Current directory>\zkcS.exe
- from C:\RCXD170.tmp to <Current directory>\BgMM.exe
- from C:\RCXCAB9.tmp to <Current directory>\KAUO.exe
- from C:\RCXC4FC.tmp to <Current directory>\swEm.exe
- from C:\RCXC5E7.tmp to <Current directory>\KcUq.exe
- from C:\RCXC858.tmp to <Current directory>\YAUs.exe
- from C:\RCXF2F6.tmp to <Current directory>\sggO.exe
- from C:\RCX150B.tmp to <Current directory>\hsUE.exe
- from C:\RCX175D.tmp to <Current directory>\nswW.exe
- from C:\RCX1AC8.tmp to <Current directory>\jUIc.exe
- from C:\RCX1430.tmp to <Current directory>\ooMI.exe
- from C:\RCXF3D.tmp to <Current directory>\gYwk.exe
- from C:\RCX11ED.tmp to <Current directory>\FEQc.exe
- from C:\RCX1374.tmp to <Current directory>\HoEe.exe
- from C:\RCX1BD2.tmp to <Current directory>\rUsc.exe
- from C:\RCX2402.tmp to <Current directory>\twkS.exe
- from C:\RCX254A.tmp to <Current directory>\ukso.exe
- from C:\RCX2635.tmp to <Current directory>\ykUy.exe
- from C:\RCX228A.tmp to <Current directory>\DUcE.exe
- from C:\RCX1E34.tmp to <Current directory>\WIwE.exe
- from C:\RCX1F6D.tmp to <Current directory>\PIss.exe
- from C:\RCX2142.tmp to <Current directory>\JYIE.exe
- from C:\RCXDC6.tmp to <Current directory>\lAky.exe
- from C:\RCXFA0C.tmp to <Current directory>\HUQs.exe
- from C:\RCXFAF7.tmp to <Current directory>\EMkS.exe
- from C:\RCXFC01.tmp to <Current directory>\kYII.exe
- from C:\RCXF8D3.tmp to <Current directory>\lwQM.exe
- from C:\RCXF3E1.tmp to <Current directory>\VEsq.exe
- from C:\RCXF587.tmp to <Current directory>\YMYE.exe
- from C:\RCXF6B0.tmp to <Current directory>\vUUU.exe
- from C:\RCXFD3A.tmp to <Current directory>\ucYE.exe
- from C:\RCX931.tmp to <Current directory>\bcAQ.exe
- from C:\RCXAC8.tmp to <Current directory>\lIkK.exe
- from C:\RCXC10.tmp to <Current directory>\dYAq.exe
- from C:\RCX70E.tmp to <Current directory>\UkkM.exe
- from C:\RCXE3.tmp to <Current directory>\JUUc.exe
- from C:\RCX24B.tmp to <Current directory>\QoEO.exe
- from C:\RCX430.tmp to <Current directory>\KAIW.exe
- from C:\RCX5979.tmp to <Current directory>\uIsA.exe
- from C:\RCX5C09.tmp to <Current directory>\iwUK.exe
- from C:\RCX60AC.tmp to <Current directory>\mssG.exe
- from C:\RCX5802.tmp to <Current directory>\UEoo.exe
- from C:\RCX5013.tmp to <Current directory>\pgkG.exe
- from C:\RCX52A3.tmp to <Current directory>\ukIy.exe
- from C:\RCX56A9.tmp to <Current directory>\rUca.exe
- from C:\RCX637A.tmp to <Current directory>\KEsw.exe
- from C:\RCX6EA6.tmp to <Current directory>\tMwC.exe
- from C:\RCX708B.tmp to <Current directory>\ZgAQ.exe
- from C:\RCX7241.tmp to <Current directory>\cQQC.exe
- from C:\RCX6D5E.tmp to <Current directory>\EYcC.exe
- from C:\RCX65FB.tmp to <Current directory>\SQMC.exe
- from C:\RCX6772.tmp to <Current directory>\hgYS.exe
- from C:\RCX68F9.tmp to <Current directory>\rsYu.exe
- from C:\RCX4E9B.tmp to <Current directory>\aUwi.exe
- from C:\RCX3537.tmp to <Current directory>\WIkM.exe
- from C:\RCX37E6.tmp to <Current directory>\gkUG.exe
- from C:\RCX3C1B.tmp to <Current directory>\BoYo.exe
- from C:\RCX32B6.tmp to <Current directory>\yocw.exe
- from C:\RCX2CD9.tmp to <Current directory>\XcUa.exe
- from C:\RCX2EAE.tmp to <Current directory>\iIgk.exe
- from C:\RCX2FE7.tmp to <Current directory>\wIcE.exe
- from C:\RCX3E4E.tmp to <Current directory>\icAK.exe
- from C:\RCX4758.tmp to <Current directory>\PYIC.exe
- from C:\RCX4A46.tmp to <Current directory>\FEoy.exe
- from C:\RCX4CD6.tmp to <Current directory>\gYEY.exe
- from C:\RCX4600.tmp to <Current directory>\pcwU.exe
- from C:\RCX4013.tmp to <Current directory>\ZQsI.exe
- from C:\RCX41AA.tmp to <Current directory>\IAky.exe
- from C:\RCX43BD.tmp to <Current directory>\ncwO.exe
- from C:\RCX74B2.tmp to <Current directory>\isUa.exe
- from C:\RCXA317.tmp to <Current directory>\Fssm.exe
- from C:\RCXA48E.tmp to <Current directory>\IwMS.exe
- from C:\RCXA5A8.tmp to <Current directory>\HcIm.exe
- from C:\RCXA0A6.tmp to <Current directory>\hIUG.exe
- from C:\RCX9CAD.tmp to <Current directory>\eUwC.exe
- from C:\RCX9DD6.tmp to <Current directory>\sMMe.exe
- from C:\RCX9E83.tmp to <Current directory>\GEUS.exe
- from C:\RCXA6E1.tmp to <Current directory>\ckYm.exe
- from C:\RCXB2E7.tmp to <Current directory>\tUcQ.exe
- from C:\RCXB44F.tmp to <Current directory>\mMca.exe
- from C:\RCXB5D6.tmp to <Current directory>\Dosm.exe
- from C:\RCXAE25.tmp to <Current directory>\KMEi.exe
- from C:\RCXA868.tmp to <Current directory>\BcsK.exe
- from C:\RCXAB75.tmp to <Current directory>\dUIm.exe
- from C:\RCXACEC.tmp to <Current directory>\uUUM.exe
- from C:\RCX98B6.tmp to <Current directory>\GUQe.exe
- from C:\RCX7F22.tmp to <Current directory>\kwgY.exe
- from C:\RCX807A.tmp to <Current directory>\IYwc.exe
- from C:\RCX81E2.tmp to <Current directory>\cYAy.exe
- from C:\RCX7CB1.tmp to <Current directory>\vkYY.exe
- from C:\RCX7639.tmp to <Current directory>\FsUS.exe
- from C:\RCX78E8.tmp to <Current directory>\PoEo.exe
- from C:\RCX7ABD.tmp to <Current directory>\yYAA.exe
- from C:\RCX83F6.tmp to <Current directory>\vIcG.exe
- from C:\RCX8FFC.tmp to <Current directory>\JYAG.exe
- from C:\RCX922E.tmp to <Current directory>\HAkq.exe
- from C:\RCX9403.tmp to <Current directory>\mcIw.exe
- from C:\RCX8DE8.tmp to <Current directory>\wMAo.exe
- from C:\RCX8628.tmp to <Current directory>\vwse.exe
- from C:\RCX87BF.tmp to <Current directory>\HoYK.exe
- from C:\RCX89B3.tmp to <Current directory>\MgoK.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'rSYkcwMw.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'GocwIYEU.exe'