Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\ProgramData\sIAowgok\rSYkcwMw.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rSYkcwMw.exe' = 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GocwIYEU.exe' = '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\yoYkgMRX] 'Start' = '00000002'
- C:\ProgramData\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
- C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- hidden files
- file extensions
- User Account Control (UAC)
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe'
- 'C:\ProgramData\ZQIIosos\XiskIEYE.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '%HOMEPATH%\CaIocokM\GocwIYEU.exe'
- 'C:\ProgramData\sIAowgok\rSYkcwMw.exe'
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\reg.exe' 0xbc0 <Virus name>.exe
- '<SYSTEM32>\taskhost.exe'
- '<SYSTEM32>\conhost.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' /pid=0x58c /log
- '<SYSTEM32>\conhost.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\conhost.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\svchost.exe' -k swprv
- '<SYSTEM32>\vssvc.exe'
- C:\RCX47E0.tmp
- <Current directory>\BGEg.ico
- <Current directory>\ZEAQ.exe
- C:\RCX46B6.tmp
- <Current directory>\FUww.ico
- <Current directory>\yQYw.exe
- C:\RCX4B99.tmp
- <Current directory>\BycM.ico
- <Current directory>\QYQo.exe
- C:\RCX49F3.tmp
- <Current directory>\nwsM.exe
- <Current directory>\OMkg.ico
- <Current directory>\poQK.exe
- C:\RCX4250.tmp
- <Current directory>\jkMI.ico
- <Current directory>\vUUk.exe
- C:\RCX44F1.tmp
- <Current directory>\QYkc.ico
- <Current directory>\kUcs.exe
- C:\RCX4399.tmp
- <Current directory>\jCQA.ico
- C:\RCX532D.tmp
- <Current directory>\CcAU.ico
- <Current directory>\UIYq.exe
- C:\RCX5177.tmp
- <Current directory>\rAwQ.ico
- <Current directory>\FYgo.exe
- %TEMP%\hAEgcIQA.bat
- <Current directory>\XEww.ico
- <Current directory>\cEsQ.exe
- C:\RCX54F2.tmp
- <Current directory>\Esge.exe
- <Current directory>\pOIY.ico
- <Current directory>\Gksu.exe
- C:\RCX4D11.tmp
- <Current directory>\jIwQ.ico
- <Current directory>\zUEm.exe
- C:\RCX4FF0.tmp
- <Current directory>\cEUM.ico
- <Current directory>\vkAu.exe
- C:\RCX4E59.tmp
- <Current directory>\tQEk.ico
- C:\RCX3EA7.tmp
- C:\RCX293B.tmp
- <Current directory>\bIgs.ico
- <Current directory>\iIsW.exe
- C:\RCX26BA.tmp
- <Current directory>\GmYs.ico
- <Current directory>\iggc.exe
- C:\RCX2D52.tmp
- <Current directory>\EKUs.ico
- <Current directory>\Nkwu.exe
- C:\RCX2AC2.tmp
- <Current directory>\OwMK.exe
- <Current directory>\aGsY.ico
- <Current directory>\UkoG.exe
- C:\RCX2215.tmp
- <Current directory>\GIMI.ico
- <Current directory>\wkMu.exe
- C:\RCX2562.tmp
- <Current directory>\fwQg.ico
- <Current directory>\McgI.exe
- C:\RCX23BC.tmp
- <Current directory>\XOoY.ico
- <Current directory>\RAMY.exe
- C:\RCX39A6.tmp
- <Current directory>\liMU.ico
- <Current directory>\qwoi.exe
- C:\RCX37D1.tmp
- <Current directory>\GOAk.ico
- <Current directory>\tUcS.exe
- C:\RCX3C07.tmp
- <Current directory>\CkMM.ico
- <Current directory>\Dsou.exe
- <Current directory>\xacY.ico
- C:\RCX3001.tmp
- <Current directory>\BKwo.ico
- <Current directory>\kkAK.exe
- <Current directory>\DUkE.ico
- %TEMP%\BkooYMMU.bat
- <Current directory>\Eskq.exe
- C:\RCX359E.tmp
- <Current directory>\TqcU.ico
- <Current directory>\sIwO.exe
- C:\RCX333D.tmp
- C:\RCX5744.tmp
- <Current directory>\ESIU.ico
- <Current directory>\kAcC.exe
- C:\RCX7B5B.tmp
- <Current directory>\MkcI.ico
- <Current directory>\Mgog.exe
- C:\RCX7E78.tmp
- %TEMP%\mkooogkA.bat
- <Current directory>\VUAY.exe
- C:\RCX7CD2.tmp
- <Current directory>\iEgY.ico
- C:\RCX7918.tmp
- <Current directory>\msgU.exe
- C:\RCX760A.tmp
- <Current directory>\Uwok.ico
- <Current directory>\cYkw.exe
- C:\RCX7455.tmp
- <Current directory>\TqEw.ico
- <Current directory>\Yske.exe
- C:\RCX77A1.tmp
- <Current directory>\BeYM.ico
- <Current directory>\HkkC.exe
- C:\RCX8927.tmp
- <Current directory>\SIYk.ico
- <Current directory>\tQom.exe
- C:\RCX87B0.tmp
- <Current directory>\EWgA.ico
- <Current directory>\VAMu.exe
- C:\RCX8D1F.tmp
- <Current directory>\vsEY.ico
- <Current directory>\YwcY.exe
- C:\RCX8AAE.tmp
- <Current directory>\WIUo.exe
- <Current directory>\eGUE.ico
- <Current directory>\PQAo.exe
- C:\RCX82BD.tmp
- <Current directory>\AwYI.ico
- <Current directory>\aQkM.exe
- C:\RCX8619.tmp
- <Current directory>\YyAk.ico
- <Current directory>\fcEO.exe
- C:\RCX84B1.tmp
- <Current directory>\uEMk.ico
- <Current directory>\IKAM.ico
- C:\RCX62FC.tmp
- <Current directory>\MAAs.ico
- <Current directory>\wgga.exe
- C:\RCX608B.tmp
- <Current directory>\bMAA.ico
- <Current directory>\CAkm.exe
- C:\RCX65BC.tmp
- <Current directory>\jEMY.ico
- <Current directory>\BogG.exe
- C:\RCX6445.tmp
- <Current directory>\cAoW.exe
- <Current directory>\WOgc.ico
- <Current directory>\VQoa.exe
- C:\RCX5B89.tmp
- <Current directory>\ryIM.ico
- <Current directory>\EYoc.exe
- C:\RCX5F91.tmp
- <Current directory>\bCEo.ico
- <Current directory>\ZUMO.exe
- C:\RCX5DBC.tmp
- <Current directory>\tgMg.ico
- C:\RCX6FDF.tmp
- <Current directory>\BIUo.ico
- <Current directory>\DgAi.exe
- C:\RCX6DAC.tmp
- <Current directory>\eUEw.ico
- <Current directory>\aIUU.exe
- C:\RCX7280.tmp
- <Current directory>\cuwY.ico
- <Current directory>\qkYE.exe
- C:\RCX7108.tmp
- <Current directory>\XcIC.exe
- <Current directory>\SUAg.ico
- <Current directory>\Wgwy.exe
- C:\RCX6734.tmp
- <Current directory>\fmYE.ico
- <Current directory>\xgQA.exe
- C:\RCX6BD7.tmp
- <Current directory>\lgMo.ico
- <Current directory>\EIEs.exe
- C:\RCX69C4.tmp
- <Current directory>\tsYI.ico
- <Current directory>\tmEo.ico
- <Current directory>\akYE.exe
- C:\RCXCDF6.tmp
- <Current directory>\uEIY.ico
- <Current directory>\vIwq.exe
- C:\RCXD133.tmp
- <Current directory>\NEEY.ico
- <Current directory>\NcIu.exe
- C:\RCXCF7D.tmp
- <Current directory>\DAEc.ico
- C:\RCXC9E0.tmp
- <Current directory>\lkgG.exe
- C:\RCXC627.tmp
- <Current directory>\Dgos.ico
- <Current directory>\HkkW.exe
- C:\RCXC4BF.tmp
- <Current directory>\hYYk.ico
- <Current directory>\acgo.exe
- C:\RCXC76F.tmp
- <Current directory>\gcwI.ico
- <Current directory>\iQMc.exe
- C:\RCXE60F.tmp
- <Current directory>\JGok.ico
- <Current directory>\vAYw.exe
- C:\RCXE266.tmp
- <Current directory>\tWIs.ico
- <Current directory>\sYQm.exe
- C:\RCXEA65.tmp
- <Current directory>\oWws.ico
- <Current directory>\UAUQ.exe
- C:\RCXE880.tmp
- <Current directory>\yUQG.exe
- <Current directory>\fUUc.exe
- C:\RCXD72E.tmp
- <Current directory>\gGUk.ico
- <Current directory>\eQUW.exe
- C:\RCXD327.tmp
- %TEMP%\WAAswUEc.bat
- <Current directory>\NcIw.ico
- C:\RCXDA5A.tmp
- <Current directory>\rCQk.ico
- <Current directory>\ycoa.exe
- <Current directory>\ZoAc.ico
- <Current directory>\JEEg.exe
- C:\RCX9685.tmp
- <Current directory>\NEQY.ico
- %TEMP%\LeMssQAU.bat
- <Current directory>\<Virus name>
- <Current directory>\qQkE.ico
- <Current directory>\Hskc.exe
- C:\RCX9C11.tmp
- <Current directory>\nAgw.ico
- <Current directory>\KoAC.exe
- C:\RCX8C95.tmp
- C:\ProgramData\ZQIIosos\XiskIEYE.exe
- %HOMEPATH%\CaIocokM\GocwIYEUIRTH
- C:\ProgramData\sIAowgok\rSYkcwMw
- <Current directory>\<Virus name>GQVI
- %HOMEPATH%\CaIocokM\GocwIYEU
- <Current directory>\EyoY.ico
- <Current directory>\BcEW.exe
- C:\ProgramData\kaog.txt
- C:\ProgramData\sIAowgok\rSYkcwMwANEC
- C:\ProgramData\ZQIIosos\XiskIEYEDMGQ
- C:\RCXBF11.tmp
- <Current directory>\pawc.ico
- <Current directory>\FYgc.exe
- %TEMP%\xkEQEgwA.bat
- <Current directory>\TkUk.ico
- <Current directory>\xgcg.exe
- C:\RCXC309.tmp
- <Current directory>\DokI.ico
- <Current directory>\HcgW.exe
- C:\RCXC23D.tmp
- C:\RCXBC42.tmp
- C:\RCXACE5.tmp
- <Current directory>\JAMs.ico
- <Current directory>\yIsQ.exe
- C:\RCXA7D5.tmp
- <Current directory>\BYww.ico
- <Current directory>\lEEI.ico
- <Current directory>\aMEc.exe
- <SYSTEM32>\config\systemprofile\CaIocokM\GocwIYEU
- <Current directory>\ZMcY.exe
- C:\RCXB3F8.tmp
- <Current directory>\Vqwo.ico
- C:\RCXC98.tmp
- <Current directory>\xUQE.ico
- <Current directory>\vsUq.exe
- C:\RCXAB3.tmp
- <Current directory>\pgwA.ico
- <Current directory>\FEUK.exe
- C:\RCX114B.tmp
- <Current directory>\Nooc.ico
- <Current directory>\zssU.exe
- C:\RCXE6D.tmp
- <Current directory>\EEIi.exe
- <Current directory>\fkkK.exe
- C:\RCX5E1.tmp
- <Current directory>\eQgM.ico
- <Current directory>\XUUI.exe
- C:\RCX479.tmp
- <Current directory>\LwcY.ico
- %TEMP%\TmoooUMU.bat
- C:\RCX90D.tmp
- <Current directory>\aaUM.ico
- <Current directory>\OQAe.exe
- C:\RCX1D42.tmp
- <Current directory>\Uukg.ico
- <Current directory>\SoYi.exe
- C:\RCX1BCB.tmp
- <Current directory>\QKAg.ico
- <Current directory>\IQIc.exe
- C:\RCX1FD3.tmp
- <Current directory>\cKIM.ico
- <Current directory>\EoQG.exe
- C:\RCX1E7B.tmp
- <Current directory>\ZMEc.exe
- <Current directory>\bmcY.ico
- <Current directory>\xEUA.exe
- C:\RCX12D2.tmp
- <Current directory>\EEMg.ico
- <Current directory>\cIUK.exe
- C:\RCX18FC.tmp
- <Current directory>\lMEc.ico
- <Current directory>\bYIC.exe
- C:\RCX1469.tmp
- <Current directory>\kOwU.ico
- <Current directory>\gyUI.ico
- <Current directory>\NqEw.ico
- <Current directory>\VQEA.exe
- C:\RCXF2A4.tmp
- <Current directory>\Twso.ico
- <Current directory>\ooAy.exe
- C:\RCXF748.tmp
- <Current directory>\wGoQ.ico
- <Current directory>\oAcG.exe
- C:\RCXF498.tmp
- <Current directory>\UMcY.ico
- C:\RCXF062.tmp
- <Current directory>\kUca.exe
- C:\RCXED15.tmp
- <Current directory>\fwsk.ico
- <Current directory>\SgUe.exe
- C:\RCXEC0B.tmp
- <Current directory>\KgwY.ico
- <Current directory>\kMMO.exe
- C:\RCXEE6E.tmp
- <Current directory>\yEsg.ico
- <Current directory>\UQIE.exe
- <Current directory>\bKQE.ico
- <Current directory>\hUUC.exe
- C:\RCXFF77.tmp
- <Current directory>\rokk.ico
- <Current directory>\nksw.exe
- <Current directory>\HQMs.exe
- C:\RCX2D3.tmp
- <Current directory>\tOgM.ico
- C:\RCXCF.tmp
- <Auxiliary element>
- C:\RCXFE7C.tmp
- <Current directory>\QcUm.exe
- C:\RCXFB4F.tmp
- <Current directory>\RCMo.ico
- <Current directory>\bgcQ.exe
- C:\RCXF8EE.tmp
- <Current directory>\QYcc.ico
- <Current directory>\ewUS.exe
- C:\RCXFCE6.tmp
- <Current directory>\zMwc.ico
- <Current directory>\rEUE.exe
- <Current directory>\ZEAQ.exe
- <Current directory>\FUww.ico
- <Current directory>\nwsM.exe
- <Current directory>\BGEg.ico
- <Current directory>\yQYw.exe
- <Current directory>\BycM.ico
- <Current directory>\QYQo.exe
- <Current directory>\OMkg.ico
- <Current directory>\vUUk.exe
- <Current directory>\jkMI.ico
- <Current directory>\poQK.exe
- <Current directory>\QYkc.ico
- <Current directory>\kUcs.exe
- <Current directory>\jCQA.ico
- <Current directory>\UIYq.exe
- <Current directory>\rAwQ.ico
- <Current directory>\Esge.exe
- <Current directory>\CcAU.ico
- <Current directory>\FYgo.exe
- <Current directory>\XEww.ico
- <Current directory>\cEsQ.exe
- <Current directory>\pOIY.ico
- <Current directory>\zUEm.exe
- <Current directory>\jIwQ.ico
- <Current directory>\Gksu.exe
- <Current directory>\cEUM.ico
- <Current directory>\vkAu.exe
- <Current directory>\tQEk.ico
- <Current directory>\bIgs.ico
- <Current directory>\iIsW.exe
- <Current directory>\GmYs.ico
- <Current directory>\Nkwu.exe
- <Current directory>\DUkE.ico
- <Current directory>\iggc.exe
- <Current directory>\EKUs.ico
- <Current directory>\UkoG.exe
- <Current directory>\aGsY.ico
- <Current directory>\wkMu.exe
- <Current directory>\XOoY.ico
- <Current directory>\OwMK.exe
- <Current directory>\fwQg.ico
- <Current directory>\McgI.exe
- <Current directory>\RAMY.exe
- <Current directory>\liMU.ico
- <Current directory>\qwoi.exe
- <Current directory>\CkMM.ico
- <Current directory>\tUcS.exe
- <Current directory>\GOAk.ico
- <Current directory>\Dsou.exe
- <Current directory>\BKwo.ico
- %TEMP%\BkooYMMU.bat
- <Current directory>\kkAK.exe
- <Current directory>\sIwO.exe
- <Current directory>\xacY.ico
- <Current directory>\Eskq.exe
- <Current directory>\TqcU.ico
- <Current directory>\MkcI.ico
- <Current directory>\Yske.exe
- <Current directory>\TqEw.ico
- <Current directory>\Mgog.exe
- <Current directory>\iEgY.ico
- <Current directory>\kAcC.exe
- <Current directory>\ESIU.ico
- <Current directory>\cYkw.exe
- <Current directory>\IKAM.ico
- <Current directory>\aIUU.exe
- <Current directory>\Uwok.ico
- <Current directory>\HkkC.exe
- <Current directory>\BeYM.ico
- <Current directory>\msgU.exe
- <Current directory>\WIUo.exe
- <Current directory>\YyAk.ico
- <Current directory>\fcEO.exe
- <Current directory>\EWgA.ico
- <Current directory>\YwcY.exe
- <Current directory>\SIYk.ico
- <Current directory>\tQom.exe
- <Current directory>\AwYI.ico
- %TEMP%\mkooogkA.bat
- <Current directory>\VUAY.exe
- <Current directory>\aQkM.exe
- <Current directory>\uEMk.ico
- <Current directory>\PQAo.exe
- <Current directory>\eGUE.ico
- <Current directory>\bMAA.ico
- <Current directory>\cAoW.exe
- <Current directory>\bCEo.ico
- <Current directory>\wgga.exe
- <Current directory>\jEMY.ico
- <Current directory>\BogG.exe
- <Current directory>\MAAs.ico
- <Current directory>\EYoc.exe
- <Current directory>\ryIM.ico
- %TEMP%\hAEgcIQA.bat
- <Current directory>\WOgc.ico
- <Current directory>\ZUMO.exe
- <Current directory>\tgMg.ico
- <Current directory>\VQoa.exe
- <Current directory>\eUEw.ico
- <Current directory>\XcIC.exe
- <Current directory>\lgMo.ico
- <Current directory>\DgAi.exe
- <Current directory>\cuwY.ico
- <Current directory>\qkYE.exe
- <Current directory>\BIUo.ico
- <Current directory>\xgQA.exe
- <Current directory>\fmYE.ico
- <Current directory>\CAkm.exe
- <Current directory>\SUAg.ico
- <Current directory>\EIEs.exe
- <Current directory>\tsYI.ico
- <Current directory>\Wgwy.exe
- <Current directory>\GIMI.ico
- <Current directory>\akYE.exe
- <Current directory>\tmEo.ico
- <Current directory>\vIwq.exe
- <Current directory>\DAEc.ico
- <Current directory>\eQUW.exe
- <Current directory>\NEEY.ico
- <Current directory>\NcIu.exe
- <Current directory>\gcwI.ico
- <Current directory>\lkgG.exe
- <Current directory>\Dgos.ico
- <Current directory>\iQMc.exe
- <Current directory>\uEIY.ico
- <Current directory>\acgo.exe
- <Current directory>\hYYk.ico
- <Current directory>\JGok.ico
- <Current directory>\vAYw.exe
- <Current directory>\tWIs.ico
- <Current directory>\UAUQ.exe
- <Current directory>\Vqwo.ico
- <Current directory>\sYQm.exe
- <Current directory>\oWws.ico
- <Current directory>\rCQk.ico
- <Current directory>\fUUc.exe
- <Current directory>\gGUk.ico
- <Current directory>\ycoa.exe
- <Current directory>\yUQG.exe
- <Current directory>\NcIw.ico
- %TEMP%\WAAswUEc.bat
- <Current directory>\nAgw.ico
- <Current directory>\JEEg.exe
- <Current directory>\NEQY.ico
- <Current directory>\KoAC.exe
- <Current directory>\BYww.ico
- <Current directory>\Hskc.exe
- <Current directory>\qQkE.ico
- %HOMEPATH%\CaIocokM\GocwIYEUIRTH
- C:\ProgramData\sIAowgok\rSYkcwMwANEC
- <Current directory>\<Virus name>GQVI
- C:\ProgramData\ZQIIosos\XiskIEYEDMGQ
- %TEMP%\LeMssQAU.bat
- <Current directory>\BcEW.exe
- <Current directory>\EyoY.ico
- <Current directory>\HcgW.exe
- <Current directory>\pawc.ico
- <Current directory>\FYgc.exe
- <Current directory>\DokI.ico
- <Current directory>\HkkW.exe
- <Current directory>\ZoAc.ico
- <Current directory>\xgcg.exe
- <Current directory>\ZMcY.exe
- <Current directory>\JAMs.ico
- <Current directory>\yIsQ.exe
- <Current directory>\lEEI.ico
- <Current directory>\TkUk.ico
- %TEMP%\xkEQEgwA.bat
- <Current directory>\aMEc.exe
- <Current directory>\vsUq.exe
- <Current directory>\pgwA.ico
- %TEMP%\TmoooUMU.bat
- <Current directory>\xUQE.ico
- <Current directory>\FEUK.exe
- <Current directory>\Nooc.ico
- <Current directory>\zssU.exe
- <Current directory>\fkkK.exe
- <Current directory>\eQgM.ico
- <Current directory>\XUUI.exe
- <Current directory>\aaUM.ico
- <Current directory>\EEIi.exe
- <Current directory>\LwcY.ico
- <Current directory>\OQAe.exe
- <Current directory>\SoYi.exe
- <Current directory>\QKAg.ico
- <Current directory>\ZMEc.exe
- <Current directory>\Uukg.ico
- <Current directory>\IQIc.exe
- <Current directory>\cKIM.ico
- <Current directory>\EoQG.exe
- <Current directory>\bmcY.ico
- <Current directory>\cIUK.exe
- <Current directory>\EEMg.ico
- <Current directory>\xEUA.exe
- <Current directory>\lMEc.ico
- <Current directory>\bYIC.exe
- <Current directory>\kOwU.ico
- <Current directory>\NqEw.ico
- <Current directory>\ooAy.exe
- <Current directory>\Twso.ico
- <Current directory>\VQEA.exe
- <Current directory>\wGoQ.ico
- <Current directory>\oAcG.exe
- <Current directory>\UMcY.ico
- <Current directory>\kUca.exe
- <Current directory>\fwsk.ico
- <Current directory>\SgUe.exe
- <Current directory>\yEsg.ico
- <Current directory>\kMMO.exe
- <Current directory>\KgwY.ico
- <Current directory>\UQIE.exe
- <Current directory>\bKQE.ico
- <Current directory>\nksw.exe
- <Current directory>\rokk.ico
- <Current directory>\hUUC.exe
- <Current directory>\gyUI.ico
- <Current directory>\HQMs.exe
- <Current directory>\tOgM.ico
- <Current directory>\QcUm.exe
- <Current directory>\RCMo.ico
- <Current directory>\bgcQ.exe
- <Current directory>\zMwc.ico
- <Current directory>\ewUS.exe
- <Current directory>\QYcc.ico
- <Current directory>\rEUE.exe
- from C:\RCX47E0.tmp to <Current directory>\ZEAQ.exe
- from C:\RCX49F3.tmp to <Current directory>\QYQo.exe
- from C:\RCX4B99.tmp to <Current directory>\yQYw.exe
- from C:\RCX4399.tmp to <Current directory>\poQK.exe
- from C:\RCX44F1.tmp to <Current directory>\kUcs.exe
- from C:\RCX46B6.tmp to <Current directory>\nwsM.exe
- from C:\RCX4D11.tmp to <Current directory>\zUEm.exe
- from C:\RCX532D.tmp to <Current directory>\UIYq.exe
- from C:\RCX54F2.tmp to <Current directory>\cEsQ.exe
- from C:\RCX5744.tmp to <Current directory>\FYgo.exe
- from C:\RCX4E59.tmp to <Current directory>\Gksu.exe
- from C:\RCX4FF0.tmp to <Current directory>\vkAu.exe
- from C:\RCX5177.tmp to <Current directory>\Esge.exe
- from C:\RCX2AC2.tmp to <Current directory>\Nkwu.exe
- from C:\RCX2D52.tmp to <Current directory>\iggc.exe
- from C:\RCX3001.tmp to <Current directory>\kkAK.exe
- from C:\RCX2562.tmp to <Current directory>\McgI.exe
- from C:\RCX26BA.tmp to <Current directory>\OwMK.exe
- from C:\RCX293B.tmp to <Current directory>\iIsW.exe
- from C:\RCX333D.tmp to <Current directory>\sIwO.exe
- from C:\RCX3C07.tmp to <Current directory>\Dsou.exe
- from C:\RCX3EA7.tmp to <Current directory>\tUcS.exe
- from C:\RCX4250.tmp to <Current directory>\vUUk.exe
- from C:\RCX359E.tmp to <Current directory>\Eskq.exe
- from C:\RCX37D1.tmp to <Current directory>\qwoi.exe
- from C:\RCX39A6.tmp to <Current directory>\RAMY.exe
- from C:\RCX5B89.tmp to <Current directory>\EYoc.exe
- from C:\RCX7918.tmp to <Current directory>\Yske.exe
- from C:\RCX7B5B.tmp to <Current directory>\Mgog.exe
- from C:\RCX7CD2.tmp to <Current directory>\kAcC.exe
- from C:\RCX7455.tmp to <Current directory>\cYkw.exe
- from C:\RCX760A.tmp to <Current directory>\msgU.exe
- from C:\RCX77A1.tmp to <Current directory>\HkkC.exe
- from C:\RCX7E78.tmp to <Current directory>\VUAY.exe
- from C:\RCX87B0.tmp to <Current directory>\WIUo.exe
- from C:\RCX8927.tmp to <Current directory>\tQom.exe
- from C:\RCX8AAE.tmp to <Current directory>\YwcY.exe
- from C:\RCX82BD.tmp to <Current directory>\aQkM.exe
- from C:\RCX84B1.tmp to <Current directory>\PQAo.exe
- from C:\RCX8619.tmp to <Current directory>\fcEO.exe
- from C:\RCX62FC.tmp to <Current directory>\wgga.exe
- from C:\RCX6445.tmp to <Current directory>\BogG.exe
- from C:\RCX65BC.tmp to <Current directory>\CAkm.exe
- from C:\RCX5DBC.tmp to <Current directory>\VQoa.exe
- from C:\RCX5F91.tmp to <Current directory>\ZUMO.exe
- from C:\RCX608B.tmp to <Current directory>\cAoW.exe
- from C:\RCX6734.tmp to <Current directory>\xgQA.exe
- from C:\RCX6FDF.tmp to <Current directory>\DgAi.exe
- from C:\RCX7108.tmp to <Current directory>\qkYE.exe
- from C:\RCX7280.tmp to <Current directory>\aIUU.exe
- from C:\RCX69C4.tmp to <Current directory>\Wgwy.exe
- from C:\RCX6BD7.tmp to <Current directory>\EIEs.exe
- from C:\RCX6DAC.tmp to <Current directory>\XcIC.exe
- from C:\RCX23BC.tmp to <Current directory>\UkoG.exe
- from C:\RCXD133.tmp to <Current directory>\NcIu.exe
- from C:\RCXD327.tmp to <Current directory>\eQUW.exe
- from C:\RCXD72E.tmp to <Current directory>\fUUc.exe
- from C:\RCXC9E0.tmp to <Current directory>\acgo.exe
- from C:\RCXCDF6.tmp to <Current directory>\vIwq.exe
- from C:\RCXCF7D.tmp to <Current directory>\akYE.exe
- from C:\RCXDA5A.tmp to <Current directory>\ycoa.exe
- from C:\RCXEA65.tmp to <Current directory>\sYQm.exe
- from C:\RCXEC0B.tmp to <Current directory>\SgUe.exe
- from C:\RCXED15.tmp to <Current directory>\kUca.exe
- from C:\RCXE266.tmp to <Current directory>\yUQG.exe
- from C:\RCXE60F.tmp to <Current directory>\vAYw.exe
- from C:\RCXE880.tmp to <Current directory>\UAUQ.exe
- from C:\RCXA7D5.tmp to <Current directory>\Hskc.exe
- from C:\RCXACE5.tmp to <Current directory>\yIsQ.exe
- from C:\RCXB3F8.tmp to <Current directory>\ZMcY.exe
- from C:\RCX8C95.tmp to <Current directory>\BcEW.exe
- from C:\RCX9685.tmp to <Current directory>\JEEg.exe
- from C:\RCX9C11.tmp to <Current directory>\KoAC.exe
- from C:\RCXBC42.tmp to <Current directory>\aMEc.exe
- from C:\RCXC4BF.tmp to <Current directory>\HkkW.exe
- from C:\RCXC627.tmp to <Current directory>\lkgG.exe
- from C:\RCXC76F.tmp to <Current directory>\iQMc.exe
- from C:\RCXBF11.tmp to <Current directory>\FYgc.exe
- from C:\RCXC23D.tmp to <Current directory>\HcgW.exe
- from C:\RCXC309.tmp to <Current directory>\xgcg.exe
- from C:\RCXEE6E.tmp to <Current directory>\UQIE.exe
- from C:\RCXE6D.tmp to <Current directory>\zssU.exe
- from C:\RCX114B.tmp to <Current directory>\FEUK.exe
- from C:\RCX12D2.tmp to <Current directory>\cIUK.exe
- from C:\RCX90D.tmp to <Current directory>\OQAe.exe
- from C:\RCXAB3.tmp to <Current directory>\EEIi.exe
- from C:\RCXC98.tmp to <Current directory>\vsUq.exe
- from C:\RCX1469.tmp to <Current directory>\xEUA.exe
- from C:\RCX1E7B.tmp to <Current directory>\EoQG.exe
- from C:\RCX1FD3.tmp to <Current directory>\IQIc.exe
- from C:\RCX2215.tmp to <Current directory>\wkMu.exe
- from C:\RCX18FC.tmp to <Current directory>\bYIC.exe
- from C:\RCX1BCB.tmp to <Current directory>\ZMEc.exe
- from C:\RCX1D42.tmp to <Current directory>\SoYi.exe
- from C:\RCXF748.tmp to <Current directory>\oAcG.exe
- from C:\RCXF8EE.tmp to <Current directory>\bgcQ.exe
- from C:\RCXFB4F.tmp to <Current directory>\QcUm.exe
- from C:\RCXF062.tmp to <Current directory>\kMMO.exe
- from C:\RCXF2A4.tmp to <Current directory>\ooAy.exe
- from C:\RCXF498.tmp to <Current directory>\VQEA.exe
- from C:\RCXFCE6.tmp to <Current directory>\rEUE.exe
- from C:\RCX2D3.tmp to <Current directory>\HQMs.exe
- from C:\RCX479.tmp to <Current directory>\XUUI.exe
- from C:\RCX5E1.tmp to <Current directory>\fkkK.exe
- from C:\RCXFE7C.tmp to <Current directory>\ewUS.exe
- from C:\RCXFF77.tmp to <Current directory>\nksw.exe
- from C:\RCXCF.tmp to <Current directory>\hUUC.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- ClassName: '' WindowName: 'rSYkcwMw.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'GocwIYEU.exe'