Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aeEkEEcE.exe' = '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pUccUkoM.exe' = '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
Malicious functions:
To complicate detection of its presence in the operating system,
forces the system hide from view:
- hidden files
- file extensions
blocks the following features:
- User Account Control (UAC)
Creates and executes the following:
- '%TEMP%\mspaint_ovl_avx_clear_pattern.exe'
- '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
Executes the following:
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\svchost.exe' -k imgsvc
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Modifies file system :
Creates the following files:
- C:\RCX5C.tmp
- <Current directory>\HoAY.ico
- <Current directory>\gIwC.exe
- C:\RCX5B.tmp
- <Current directory>\cAUU.ico
- <Current directory>\JIcW.exe
- C:\RCX5D.tmp
- <Current directory>\yAkM.ico
- <Current directory>\vcgo.exe
- C:\RCX5F.tmp
- <Current directory>\dEsI.ico
- <Current directory>\AQsq.exe
- C:\RCX5E.tmp
- <Current directory>\GsgO.exe
- C:\RCX58.tmp
- <Current directory>\fAYI.ico
- <Current directory>\iEsw.exe
- C:\RCX57.tmp
- <Current directory>\mgsW.ico
- <Current directory>\OwQE.exe
- C:\RCX5A.tmp
- <Current directory>\WUwQ.ico
- <Current directory>\kQUU.exe
- C:\RCX59.tmp
- <Current directory>\fcAW.ico
- <Current directory>\kEsS.exe
- <Current directory>\hMEO.exe
- C:\RCX65.tmp
- <Current directory>\vYcC.ico
- <Current directory>\VkEo.exe
- C:\RCX64.tmp
- <Current directory>\UwcC.ico
- <Current directory>\PIkE.exe
- C:\RCX67.tmp
- <Current directory>\RcsA.ico
- <Current directory>\bQUG.exe
- C:\RCX66.tmp
- <Current directory>\okwW.ico
- <Current directory>\rQwW.exe
- <Current directory>\dEMo.ico
- <Current directory>\TEIW.exe
- C:\RCX61.tmp
- <Current directory>\dcEc.ico
- <Current directory>\ocYw.exe
- C:\RCX60.tmp
- <Current directory>\RAYc.ico
- <Current directory>\hEQU.exe
- C:\RCX63.tmp
- <Current directory>\hEwm.ico
- <Current directory>\qosI.exe
- C:\RCX62.tmp
- <Current directory>\fMsm.ico
- <Current directory>\PwYO.ico
- <Current directory>\ugQo.ico
- <Current directory>\kgEc.exe
- C:\RCX4B.tmp
- <Current directory>\fowG.ico
- <Current directory>\swom.exe
- C:\RCX4A.tmp
- <Current directory>\xgUK.ico
- <Current directory>\SAki.exe
- C:\RCX4D.tmp
- <Current directory>\MMgk.ico
- <Current directory>\NYoU.exe
- C:\RCX4C.tmp
- <Current directory>\ckMk.ico
- C:\RCX46.tmp
- <Current directory>\Yooe.ico
- <Current directory>\IEgY.exe
- C:\RCX45.tmp
- <Current directory>\kUoW.ico
- <Current directory>\nAEo.exe
- C:\RCX47.tmp
- <Current directory>\KsIA.ico
- <Current directory>\RooI.exe
- C:\RCX49.tmp
- <Current directory>\tYgA.ico
- <Current directory>\kIcS.exe
- C:\RCX48.tmp
- C:\RCX53.tmp
- <Current directory>\JMAe.ico
- <Current directory>\fcEs.exe
- C:\RCX52.tmp
- <Current directory>\iUwM.ico
- <Current directory>\DIIQ.exe
- C:\RCX54.tmp
- <Current directory>\xAES.ico
- <Current directory>\SIEO.exe
- C:\RCX56.tmp
- <Current directory>\RoQg.ico
- <Current directory>\RQwo.exe
- C:\RCX55.tmp
- <Current directory>\Bkcq.exe
- C:\RCX4F.tmp
- <Current directory>\CIQg.ico
- <Current directory>\GssW.exe
- C:\RCX4E.tmp
- <Current directory>\PkUa.ico
- <Current directory>\CcMs.exe
- C:\RCX51.tmp
- <Current directory>\ZQwG.ico
- <Current directory>\iIcK.exe
- C:\RCX50.tmp
- <Current directory>\BssI.ico
- <Current directory>\yIAw.exe
- <Current directory>\UUYI.ico
- <Current directory>\SUwu.exe
- C:\RCX80.tmp
- <Current directory>\TgkW.ico
- <Current directory>\MgwM.exe
- C:\RCX7F.tmp
- <Current directory>\cUsm.ico
- <Current directory>\Asgu.exe
- C:\RCX82.tmp
- <Current directory>\TQwG.ico
- <Current directory>\BEUg.exe
- C:\RCX81.tmp
- <Current directory>\qYAI.ico
- <Current directory>\KAkI.exe
- C:\RCX7B.tmp
- <Current directory>\qksQ.ico
- <Current directory>\oIMI.exe
- C:\RCX7A.tmp
- <Current directory>\yUMu.ico
- <Current directory>\mEYu.exe
- <Current directory>\QIQe.ico
- <Current directory>\TAgi.exe
- C:\RCX7E.tmp
- C:\RCX7C.tmp
- <Current directory>\GAUM.exe
- C:\RCX7D.tmp
- C:\RCX88.tmp
- <Current directory>\zAIy.ico
- <Current directory>\aYEO.exe
- C:\RCX87.tmp
- <Current directory>\EkYu.ico
- <Current directory>\Fsgi.exe
- C:\RCX89.tmp
- <Current directory>\Pkgc.ico
- <Current directory>\Goog.exe
- C:\RCX8B.tmp
- <Current directory>\lQgO.ico
- <Current directory>\nkUe.exe
- C:\RCX8A.tmp
- <Current directory>\HAku.exe
- C:\RCX84.tmp
- <Current directory>\jQUG.ico
- <Current directory>\FYIm.exe
- C:\RCX83.tmp
- <Current directory>\tgwW.ico
- <Current directory>\qUcm.exe
- C:\RCX86.tmp
- <Current directory>\dEcU.ico
- <Current directory>\CUUK.exe
- C:\RCX85.tmp
- <Current directory>\CokW.ico
- <Current directory>\dMMk.exe
- <Current directory>\vckq.ico
- <Current directory>\ssUS.ico
- <Current directory>\vEwg.exe
- C:\RCX6E.tmp
- <Current directory>\OUsk.ico
- <Current directory>\hscO.exe
- C:\RCX6D.tmp
- <Current directory>\EYks.ico
- <Current directory>\xowI.exe
- C:\RCX70.tmp
- <Current directory>\BgIc.ico
- <Current directory>\DcMC.exe
- C:\RCX6F.tmp
- <Current directory>\QUcY.ico
- C:\RCX69.tmp
- <Current directory>\icIi.ico
- <Current directory>\scMK.exe
- C:\RCX68.tmp
- <Current directory>\SoIy.ico
- <Current directory>\VksW.exe
- C:\RCX6A.tmp
- <Current directory>\RIoe.ico
- <Current directory>\NIco.exe
- C:\RCX6C.tmp
- <Current directory>\tUYk.ico
- <Current directory>\TMMI.exe
- C:\RCX6B.tmp
- C:\RCX76.tmp
- <Current directory>\tAUY.ico
- <Current directory>\NYIk.exe
- C:\RCX75.tmp
- <Current directory>\hEAA.ico
- <Current directory>\TQko.exe
- C:\RCX77.tmp
- <Current directory>\ioYG.ico
- <Current directory>\ZIcE.exe
- C:\RCX79.tmp
- <Current directory>\iAgk.ico
- <Current directory>\YIYM.exe
- C:\RCX78.tmp
- <Current directory>\xIIm.exe
- C:\RCX72.tmp
- <Current directory>\uQcw.ico
- <Current directory>\lEYq.exe
- C:\RCX71.tmp
- <Current directory>\ocsE.ico
- <Current directory>\jgko.exe
- C:\RCX74.tmp
- <Current directory>\LMQw.ico
- <Current directory>\xIcG.exe
- C:\RCX73.tmp
- <Current directory>\QkIa.ico
- <Current directory>\RkMQ.exe
- C:\RCX16.tmp
- <Current directory>\lcoW.ico
- <Current directory>\IIgM.exe
- C:\RCX15.tmp
- <Current directory>\dgoC.ico
- <Current directory>\OcQU.exe
- C:\RCX17.tmp
- <Current directory>\okkI.ico
- <Current directory>\HIgE.exe
- C:\RCX19.tmp
- <Current directory>\wMYm.ico
- <Current directory>\aMkO.exe
- C:\RCX18.tmp
- <Current directory>\MMQo.exe
- C:\RCX12.tmp
- <Current directory>\xQQc.ico
- <Current directory>\RgUQ.exe
- C:\RCX11.tmp
- <Current directory>\CwcW.ico
- <Current directory>\tkga.exe
- C:\RCX14.tmp
- <Current directory>\sAgq.ico
- <Current directory>\JUwq.exe
- C:\RCX13.tmp
- <Current directory>\wcoG.ico
- <Current directory>\aYoW.exe
- <Current directory>\rQcC.exe
- C:\RCX1F.tmp
- <Current directory>\rwoY.ico
- <Current directory>\FAIu.exe
- C:\RCX1E.tmp
- <Current directory>\UcIo.ico
- <Current directory>\ggsK.exe
- C:\RCX21.tmp
- <Current directory>\nYQy.ico
- <Current directory>\GssE.exe
- C:\RCX20.tmp
- <Current directory>\DYgA.ico
- <Current directory>\NYUU.exe
- <Current directory>\dUEy.ico
- <Current directory>\pgoo.exe
- C:\RCX1B.tmp
- <Current directory>\ZUYo.ico
- <Current directory>\xQQG.exe
- C:\RCX1A.tmp
- <Current directory>\TkYk.ico
- <Current directory>\lQAC.exe
- C:\RCX1D.tmp
- <Current directory>\Loka.ico
- <Current directory>\fUky.exe
- C:\RCX1C.tmp
- <Current directory>\mYkQ.ico
- <Current directory>\SEgY.ico
- <Current directory>\BMkw.ico
- <Current directory>\LIEI.exe
- C:\RCX5.tmp
- <Current directory>\zwQI.ico
- <Current directory>\oMoS.exe
- C:\RCX4.tmp
- <Current directory>\cIsY.ico
- <Current directory>\WgUW.exe
- C:\RCX7.tmp
- <Current directory>\XYEY.ico
- <Current directory>\pkMI.exe
- C:\RCX6.tmp
- <Current directory>\lkYS.ico
- %HOMEPATH%\f.inf
- <Current directory>\TgQa.ico
- <Current directory>\HQQq.exe
- %TEMP%\AQAkAMAA.bat
- %TEMP%\mspaint_ovl_avx_clear_pattern.exe
- C:\RCX1.tmp
- <Current directory>\ZIwM.ico
- <Current directory>\tsIQ.exe
- C:\RCX3.tmp
- <Current directory>\NQEA.ico
- <Current directory>\CscY.exe
- C:\RCX2.tmp
- C:\RCXD.tmp
- <Current directory>\CwwE.ico
- <Current directory>\Dkwe.exe
- C:\RCXC.tmp
- <Current directory>\kkgS.ico
- <Current directory>\jUkC.exe
- C:\RCXE.tmp
- <Current directory>\Yoww.ico
- <Current directory>\LEsC.exe
- C:\RCX10.tmp
- <Current directory>\Qscg.ico
- <Current directory>\SAkO.exe
- C:\RCXF.tmp
- <Current directory>\YMsW.exe
- C:\RCX9.tmp
- <Current directory>\Qogq.ico
- <Current directory>\bIUC.exe
- C:\RCX8.tmp
- <Current directory>\pokY.ico
- <Current directory>\MsMO.exe
- C:\RCXB.tmp
- <Current directory>\xIoy.ico
- <Current directory>\AMco.exe
- C:\RCXA.tmp
- <Current directory>\kIcY.ico
- <Current directory>\nUUK.exe
- C:\RCX39.tmp
- <Current directory>\bYwK.ico
- <Current directory>\FkYu.exe
- C:\RCX38.tmp
- <Current directory>\pcsW.ico
- <Current directory>\Ncwy.exe
- C:\RCX3A.tmp
- <Current directory>\Iccw.ico
- <Current directory>\BoYI.exe
- C:\RCX3C.tmp
- <Current directory>\OYAi.ico
- <Current directory>\hUEO.exe
- C:\RCX3B.tmp
- <Current directory>\ZgYK.exe
- C:\RCX35.tmp
- <Current directory>\owEM.ico
- <Current directory>\jgYS.exe
- C:\RCX34.tmp
- <Current directory>\VcgS.ico
- <Current directory>\fQIU.exe
- C:\RCX37.tmp
- <Current directory>\Cwky.ico
- <Current directory>\fIEg.exe
- C:\RCX36.tmp
- <Current directory>\ukQS.ico
- <Current directory>\LkIk.exe
- <Current directory>\LoAk.exe
- C:\RCX42.tmp
- <Current directory>\FMAe.ico
- <Current directory>\zEME.exe
- C:\RCX41.tmp
- <Current directory>\zMAc.ico
- <Current directory>\RYsA.exe
- C:\RCX44.tmp
- <Current directory>\JAke.ico
- <Current directory>\asQm.exe
- C:\RCX43.tmp
- <Current directory>\zIIs.ico
- <Current directory>\XAsk.exe
- <Current directory>\BgES.ico
- <Current directory>\vIwA.exe
- C:\RCX3E.tmp
- <Current directory>\rUAi.ico
- <Current directory>\woka.exe
- C:\RCX3D.tmp
- <Current directory>\dwEs.ico
- <Current directory>\OIgW.exe
- C:\RCX40.tmp
- <Current directory>\TcAS.ico
- <Current directory>\IQIY.exe
- C:\RCX3F.tmp
- <Current directory>\pcoy.ico
- <Current directory>\VEUi.ico
- <Current directory>\CMcs.ico
- <Current directory>\ockO.exe
- C:\RCX28.tmp
- <Current directory>\DgkY.ico
- <Current directory>\xIcU.exe
- C:\RCX27.tmp
- <Current directory>\WYUC.ico
- <Current directory>\msou.exe
- C:\RCX2A.tmp
- <Current directory>\DEwg.ico
- <Current directory>\NAAe.exe
- C:\RCX29.tmp
- <Current directory>\RsUs.ico
- C:\RCX23.tmp
- <Current directory>\CEkG.ico
- <Current directory>\jIUM.exe
- C:\RCX22.tmp
- <Current directory>\NwMw.ico
- <Current directory>\yIce.exe
- C:\RCX24.tmp
- <Current directory>\Hgcw.ico
- <Current directory>\MkEC.exe
- C:\RCX26.tmp
- <Current directory>\xgUU.ico
- <Current directory>\VQcA.exe
- C:\RCX25.tmp
- C:\RCX30.tmp
- <Current directory>\mYcc.ico
- <Current directory>\wMwu.exe
- C:\RCX2F.tmp
- <Current directory>\VEck.ico
- <Current directory>\zgkM.exe
- C:\RCX31.tmp
- <Current directory>\doAC.ico
- <Current directory>\OQIq.exe
- C:\RCX33.tmp
- <Current directory>\rEMk.ico
- <Current directory>\PEYA.exe
- C:\RCX32.tmp
- <Current directory>\OQgO.exe
- C:\RCX2C.tmp
- <Current directory>\MYAs.ico
- <Current directory>\dQgA.exe
- C:\RCX2B.tmp
- <Current directory>\kMQO.ico
- <Current directory>\VoMy.exe
- C:\RCX2E.tmp
- <Current directory>\CIYG.ico
- <Current directory>\SMsm.exe
- C:\RCX2D.tmp
- <Current directory>\DUEO.ico
- <Current directory>\zoYk.exe
Sets the 'hidden' attribute to the following files:
- %ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe
- %HOMEPATH%\fCkYUMIQ\pUccUkoM.exe
Deletes the following files:
- <Current directory>\gIwC.exe
- <Current directory>\HoAY.ico
- <Current directory>\JIcW.exe
- <Current directory>\cAUU.ico
- <Current directory>\vcgo.exe
- <Current directory>\yAkM.ico
- <Current directory>\AQsq.exe
- <Current directory>\dEsI.ico
- <Current directory>\WUwQ.ico
- <Current directory>\mgsW.ico
- <Current directory>\OwQE.exe
- <Current directory>\PwYO.ico
- <Current directory>\GsgO.exe
- <Current directory>\fcAW.ico
- <Current directory>\kQUU.exe
- <Current directory>\fAYI.ico
- <Current directory>\kEsS.exe
- <Current directory>\UwcC.ico
- <Current directory>\PIkE.exe
- <Current directory>\hEwm.ico
- <Current directory>\hMEO.exe
- <Current directory>\okwW.ico
- <Current directory>\bQUG.exe
- <Current directory>\vYcC.ico
- <Current directory>\rQwW.exe
- <Current directory>\VkEo.exe
- <Current directory>\TEIW.exe
- <Current directory>\dEMo.ico
- <Current directory>\ocYw.exe
- <Current directory>\dcEc.ico
- <Current directory>\hEQU.exe
- <Current directory>\fMsm.ico
- <Current directory>\qosI.exe
- <Current directory>\RAYc.ico
- <Current directory>\iEsw.exe
- <Current directory>\ugQo.ico
- <Current directory>\NYoU.exe
- <Current directory>\fowG.ico
- <Current directory>\kgEc.exe
- <Current directory>\ckMk.ico
- <Current directory>\GssW.exe
- <Current directory>\xgUK.ico
- <Current directory>\SAki.exe
- <Current directory>\swom.exe
- <Current directory>\IEgY.exe
- <Current directory>\Yooe.ico
- <Current directory>\nAEo.exe
- <Current directory>\kUoW.ico
- <Current directory>\RooI.exe
- <Current directory>\KsIA.ico
- <Current directory>\kIcS.exe
- <Current directory>\tYgA.ico
- <Current directory>\fcEs.exe
- <Current directory>\JMAe.ico
- <Current directory>\DIIQ.exe
- <Current directory>\iUwM.ico
- <Current directory>\SIEO.exe
- <Current directory>\xAES.ico
- <Current directory>\RQwo.exe
- <Current directory>\RoQg.ico
- <Current directory>\ZQwG.ico
- <Current directory>\PkUa.ico
- <Current directory>\CcMs.exe
- <Current directory>\MMgk.ico
- <Current directory>\Bkcq.exe
- <Current directory>\BssI.ico
- <Current directory>\iIcK.exe
- <Current directory>\CIQg.ico
- <Current directory>\yIAw.exe
- <Current directory>\RcsA.ico
- <Current directory>\UUYI.ico
- <Current directory>\BEUg.exe
- <Current directory>\TgkW.ico
- <Current directory>\SUwu.exe
- <Current directory>\qYAI.ico
- <Current directory>\FYIm.exe
- <Current directory>\cUsm.ico
- <Current directory>\Asgu.exe
- <Current directory>\MgwM.exe
- <Current directory>\yUMu.ico
- <Current directory>\mEYu.exe
- <Current directory>\vckq.ico
- <Current directory>\KAkI.exe
- <Current directory>\TAgi.exe
- <Current directory>\QIQe.ico
- <Current directory>\qksQ.ico
- <Current directory>\GAUM.exe
- <Current directory>\aYEO.exe
- <Current directory>\zAIy.ico
- <Current directory>\Fsgi.exe
- <Current directory>\EkYu.ico
- <Current directory>\Goog.exe
- <Current directory>\Pkgc.ico
- <Current directory>\nkUe.exe
- <Current directory>\lQgO.ico
- <Current directory>\dEcU.ico
- <Current directory>\tgwW.ico
- <Current directory>\qUcm.exe
- <Current directory>\TQwG.ico
- <Current directory>\HAku.exe
- <Current directory>\CokW.ico
- <Current directory>\CUUK.exe
- <Current directory>\jQUG.ico
- <Current directory>\dMMk.exe
- <Current directory>\oIMI.exe
- <Current directory>\ssUS.ico
- <Current directory>\DcMC.exe
- <Current directory>\OUsk.ico
- <Current directory>\vEwg.exe
- <Current directory>\QUcY.ico
- <Current directory>\lEYq.exe
- <Current directory>\EYks.ico
- <Current directory>\xowI.exe
- <Current directory>\hscO.exe
- <Current directory>\scMK.exe
- <Current directory>\icIi.ico
- <Current directory>\VksW.exe
- <Current directory>\SoIy.ico
- <Current directory>\NIco.exe
- <Current directory>\RIoe.ico
- <Current directory>\TMMI.exe
- <Current directory>\tUYk.ico
- <Current directory>\NYIk.exe
- <Current directory>\tAUY.ico
- <Current directory>\TQko.exe
- <Current directory>\hEAA.ico
- <Current directory>\ZIcE.exe
- <Current directory>\ioYG.ico
- <Current directory>\YIYM.exe
- <Current directory>\iAgk.ico
- <Current directory>\LMQw.ico
- <Current directory>\ocsE.ico
- <Current directory>\jgko.exe
- <Current directory>\BgIc.ico
- <Current directory>\xIIm.exe
- <Current directory>\QkIa.ico
- <Current directory>\xIcG.exe
- <Current directory>\uQcw.ico
- <Current directory>\RkMQ.exe
- <Current directory>\lcoW.ico
- <Current directory>\aMkO.exe
- <Current directory>\dgoC.ico
- <Current directory>\IIgM.exe
- <Current directory>\okkI.ico
- <Current directory>\xQQG.exe
- <Current directory>\wMYm.ico
- <Current directory>\HIgE.exe
- <Current directory>\OcQU.exe
- <Current directory>\tkga.exe
- <Current directory>\xQQc.ico
- <Current directory>\MMQo.exe
- <Current directory>\CwcW.ico
- <Current directory>\JUwq.exe
- <Current directory>\sAgq.ico
- <Current directory>\aYoW.exe
- <Current directory>\wcoG.ico
- <Current directory>\ggsK.exe
- <Current directory>\rwoY.ico
- <Current directory>\rQcC.exe
- <Current directory>\UcIo.ico
- <Current directory>\GssE.exe
- <Current directory>\nYQy.ico
- <Current directory>\NYUU.exe
- <Current directory>\DYgA.ico
- <Current directory>\Loka.ico
- <Current directory>\dUEy.ico
- <Current directory>\fUky.exe
- <Current directory>\ZUYo.ico
- <Current directory>\pgoo.exe
- <Current directory>\mYkQ.ico
- <Current directory>\FAIu.exe
- <Current directory>\TkYk.ico
- <Current directory>\lQAC.exe
- <Current directory>\SEgY.ico
- <Current directory>\pkMI.exe
- <Current directory>\cIsY.ico
- <Current directory>\LIEI.exe
- <Current directory>\BMkw.ico
- <Current directory>\bIUC.exe
- <Current directory>\XYEY.ico
- <Current directory>\WgUW.exe
- <Current directory>\lkYS.ico
- <Current directory>\zwQI.ico
- <Current directory>\TgQa.ico
- <Current directory>\CscY.exe
- %TEMP%\AQAkAMAA.bat
- <Current directory>\HQQq.exe
- <Current directory>\ZIwM.ico
- <Current directory>\oMoS.exe
- <Current directory>\NQEA.ico
- <Current directory>\tsIQ.exe
- <Current directory>\CwwE.ico
- <Current directory>\SAkO.exe
- <Current directory>\kkgS.ico
- <Current directory>\Dkwe.exe
- <Current directory>\Yoww.ico
- <Current directory>\RgUQ.exe
- <Current directory>\Qscg.ico
- <Current directory>\LEsC.exe
- <Current directory>\jUkC.exe
- <Current directory>\MsMO.exe
- <Current directory>\Qogq.ico
- <Current directory>\YMsW.exe
- <Current directory>\pokY.ico
- <Current directory>\AMco.exe
- <Current directory>\xIoy.ico
- <Current directory>\nUUK.exe
- <Current directory>\kIcY.ico
- <Current directory>\yIce.exe
- <Current directory>\bYwK.ico
- <Current directory>\hUEO.exe
- <Current directory>\pcsW.ico
- <Current directory>\FkYu.exe
- <Current directory>\Iccw.ico
- <Current directory>\woka.exe
- <Current directory>\OYAi.ico
- <Current directory>\BoYI.exe
- <Current directory>\Ncwy.exe
- <Current directory>\fQIU.exe
- <Current directory>\owEM.ico
- <Current directory>\ZgYK.exe
- <Current directory>\VcgS.ico
- <Current directory>\fIEg.exe
- <Current directory>\Cwky.ico
- <Current directory>\LkIk.exe
- <Current directory>\ukQS.ico
- <Current directory>\RYsA.exe
- <Current directory>\FMAe.ico
- <Current directory>\LoAk.exe
- <Current directory>\zMAc.ico
- <Current directory>\asQm.exe
- <Current directory>\JAke.ico
- <Current directory>\XAsk.exe
- <Current directory>\zIIs.ico
- <Current directory>\TcAS.ico
- <Current directory>\BgES.ico
- <Current directory>\IQIY.exe
- <Current directory>\rUAi.ico
- <Current directory>\vIwA.exe
- <Current directory>\pcoy.ico
- <Current directory>\zEME.exe
- <Current directory>\dwEs.ico
- <Current directory>\OIgW.exe
- <Current directory>\VEUi.ico
- <Current directory>\NAAe.exe
- <Current directory>\WYUC.ico
- <Current directory>\ockO.exe
- <Current directory>\CMcs.ico
- <Current directory>\dQgA.exe
- <Current directory>\DEwg.ico
- <Current directory>\msou.exe
- <Current directory>\RsUs.ico
- <Current directory>\DgkY.ico
- <Current directory>\CEkG.ico
- <Current directory>\VQcA.exe
- <Current directory>\NwMw.ico
- <Current directory>\jIUM.exe
- <Current directory>\Hgcw.ico
- <Current directory>\xIcU.exe
- <Current directory>\xgUU.ico
- <Current directory>\MkEC.exe
- <Current directory>\mYcc.ico
- <Current directory>\PEYA.exe
- <Current directory>\VEck.ico
- <Current directory>\wMwu.exe
- <Current directory>\doAC.ico
- <Current directory>\jgYS.exe
- <Current directory>\rEMk.ico
- <Current directory>\OQIq.exe
- <Current directory>\zgkM.exe
- <Current directory>\VoMy.exe
- <Current directory>\MYAs.ico
- <Current directory>\OQgO.exe
- <Current directory>\kMQO.ico
- <Current directory>\SMsm.exe
- <Current directory>\CIYG.ico
- <Current directory>\zoYk.exe
- <Current directory>\DUEO.ico
Moves the following files:
- from C:\RCX5D.tmp to <Current directory>\gIwC.exe
- from C:\RCX5C.tmp to <Current directory>\JIcW.exe
- from C:\RCX5F.tmp to <Current directory>\vcgo.exe
- from C:\RCX5E.tmp to <Current directory>\AQsq.exe
- from C:\RCX59.tmp to <Current directory>\OwQE.exe
- from C:\RCX58.tmp to <Current directory>\GsgO.exe
- from C:\RCX5B.tmp to <Current directory>\kQUU.exe
- from C:\RCX5A.tmp to <Current directory>\kEsS.exe
- from C:\RCX60.tmp to <Current directory>\ocYw.exe
- from C:\RCX66.tmp to <Current directory>\PIkE.exe
- from C:\RCX65.tmp to <Current directory>\hMEO.exe
- from C:\RCX68.tmp to <Current directory>\bQUG.exe
- from C:\RCX67.tmp to <Current directory>\rQwW.exe
- from C:\RCX62.tmp to <Current directory>\qosI.exe
- from C:\RCX61.tmp to <Current directory>\TEIW.exe
- from C:\RCX64.tmp to <Current directory>\VkEo.exe
- from C:\RCX63.tmp to <Current directory>\hEQU.exe
- from C:\RCX4C.tmp to <Current directory>\NYoU.exe
- from C:\RCX4B.tmp to <Current directory>\kgEc.exe
- from C:\RCX4E.tmp to <Current directory>\GssW.exe
- from C:\RCX4D.tmp to <Current directory>\SAki.exe
- from C:\RCX48.tmp to <Current directory>\kIcS.exe
- from C:\RCX47.tmp to <Current directory>\IEgY.exe
- from C:\RCX4A.tmp to <Current directory>\swom.exe
- from C:\RCX49.tmp to <Current directory>\RooI.exe
- from C:\RCX4F.tmp to <Current directory>\Bkcq.exe
- from C:\RCX55.tmp to <Current directory>\RQwo.exe
- from C:\RCX54.tmp to <Current directory>\fcEs.exe
- from C:\RCX57.tmp to <Current directory>\iEsw.exe
- from C:\RCX56.tmp to <Current directory>\SIEO.exe
- from C:\RCX51.tmp to <Current directory>\yIAw.exe
- from C:\RCX50.tmp to <Current directory>\CcMs.exe
- from C:\RCX53.tmp to <Current directory>\DIIQ.exe
- from C:\RCX52.tmp to <Current directory>\iIcK.exe
- from C:\RCX69.tmp to <Current directory>\VksW.exe
- from C:\RCX80.tmp to <Current directory>\SUwu.exe
- from C:\RCX7F.tmp to <Current directory>\MgwM.exe
- from C:\RCX82.tmp to <Current directory>\Asgu.exe
- from C:\RCX81.tmp to <Current directory>\BEUg.exe
- from C:\RCX7C.tmp to <Current directory>\mEYu.exe
- from C:\RCX7B.tmp to <Current directory>\KAkI.exe
- from C:\RCX7E.tmp to <Current directory>\TAgi.exe
- from C:\RCX7D.tmp to <Current directory>\GAUM.exe
- from C:\RCX83.tmp to <Current directory>\FYIm.exe
- from C:\RCX89.tmp to <Current directory>\aYEO.exe
- from C:\RCX88.tmp to <Current directory>\Fsgi.exe
- from C:\RCX8B.tmp to <Current directory>\Goog.exe
- from C:\RCX8A.tmp to <Current directory>\nkUe.exe
- from C:\RCX85.tmp to <Current directory>\qUcm.exe
- from C:\RCX84.tmp to <Current directory>\HAku.exe
- from C:\RCX87.tmp to <Current directory>\CUUK.exe
- from C:\RCX86.tmp to <Current directory>\dMMk.exe
- from C:\RCX6F.tmp to <Current directory>\DcMC.exe
- from C:\RCX6E.tmp to <Current directory>\vEwg.exe
- from C:\RCX71.tmp to <Current directory>\lEYq.exe
- from C:\RCX70.tmp to <Current directory>\xowI.exe
- from C:\RCX6B.tmp to <Current directory>\TMMI.exe
- from C:\RCX6A.tmp to <Current directory>\scMK.exe
- from C:\RCX6D.tmp to <Current directory>\hscO.exe
- from C:\RCX6C.tmp to <Current directory>\NIco.exe
- from C:\RCX72.tmp to <Current directory>\xIIm.exe
- from C:\RCX78.tmp to <Current directory>\YIYM.exe
- from C:\RCX77.tmp to <Current directory>\NYIk.exe
- from C:\RCX7A.tmp to <Current directory>\oIMI.exe
- from C:\RCX79.tmp to <Current directory>\ZIcE.exe
- from C:\RCX74.tmp to <Current directory>\RkMQ.exe
- from C:\RCX73.tmp to <Current directory>\jgko.exe
- from C:\RCX76.tmp to <Current directory>\TQko.exe
- from C:\RCX75.tmp to <Current directory>\xIcG.exe
- from C:\RCX46.tmp to <Current directory>\nAEo.exe
- from C:\RCX17.tmp to <Current directory>\IIgM.exe
- from C:\RCX16.tmp to <Current directory>\OcQU.exe
- from C:\RCX19.tmp to <Current directory>\HIgE.exe
- from C:\RCX18.tmp to <Current directory>\aMkO.exe
- from C:\RCX13.tmp to <Current directory>\tkga.exe
- from C:\RCX12.tmp to <Current directory>\MMQo.exe
- from C:\RCX15.tmp to <Current directory>\JUwq.exe
- from C:\RCX14.tmp to <Current directory>\aYoW.exe
- from C:\RCX1A.tmp to <Current directory>\xQQG.exe
- from C:\RCX20.tmp to <Current directory>\ggsK.exe
- from C:\RCX1F.tmp to <Current directory>\rQcC.exe
- from C:\RCX22.tmp to <Current directory>\GssE.exe
- from C:\RCX21.tmp to <Current directory>\NYUU.exe
- from C:\RCX1C.tmp to <Current directory>\fUky.exe
- from C:\RCX1B.tmp to <Current directory>\pgoo.exe
- from C:\RCX1E.tmp to <Current directory>\FAIu.exe
- from C:\RCX1D.tmp to <Current directory>\lQAC.exe
- from C:\RCX6.tmp to <Current directory>\pkMI.exe
- from C:\RCX5.tmp to <Current directory>\LIEI.exe
- from C:\RCX8.tmp to <Current directory>\bIUC.exe
- from C:\RCX7.tmp to <Current directory>\WgUW.exe
- from C:\RCX2.tmp to <Current directory>\CscY.exe
- from C:\RCX1.tmp to <Current directory>\HQQq.exe
- from C:\RCX4.tmp to <Current directory>\oMoS.exe
- from C:\RCX3.tmp to <Current directory>\tsIQ.exe
- from C:\RCX9.tmp to <Current directory>\YMsW.exe
- from C:\RCXF.tmp to <Current directory>\SAkO.exe
- from C:\RCXE.tmp to <Current directory>\Dkwe.exe
- from C:\RCX11.tmp to <Current directory>\RgUQ.exe
- from C:\RCX10.tmp to <Current directory>\LEsC.exe
- from C:\RCXB.tmp to <Current directory>\nUUK.exe
- from C:\RCXA.tmp to <Current directory>\MsMO.exe
- from C:\RCXD.tmp to <Current directory>\jUkC.exe
- from C:\RCXC.tmp to <Current directory>\AMco.exe
- from C:\RCX23.tmp to <Current directory>\yIce.exe
- from C:\RCX3A.tmp to <Current directory>\FkYu.exe
- from C:\RCX39.tmp to <Current directory>\Ncwy.exe
- from C:\RCX3C.tmp to <Current directory>\BoYI.exe
- from C:\RCX3B.tmp to <Current directory>\hUEO.exe
- from C:\RCX36.tmp to <Current directory>\fQIU.exe
- from C:\RCX35.tmp to <Current directory>\ZgYK.exe
- from C:\RCX38.tmp to <Current directory>\fIEg.exe
- from C:\RCX37.tmp to <Current directory>\LkIk.exe
- from C:\RCX3D.tmp to <Current directory>\woka.exe
- from C:\RCX43.tmp to <Current directory>\RYsA.exe
- from C:\RCX42.tmp to <Current directory>\LoAk.exe
- from C:\RCX45.tmp to <Current directory>\asQm.exe
- from C:\RCX44.tmp to <Current directory>\XAsk.exe
- from C:\RCX3F.tmp to <Current directory>\IQIY.exe
- from C:\RCX3E.tmp to <Current directory>\vIwA.exe
- from C:\RCX41.tmp to <Current directory>\zEME.exe
- from C:\RCX40.tmp to <Current directory>\OIgW.exe
- from C:\RCX29.tmp to <Current directory>\NAAe.exe
- from C:\RCX28.tmp to <Current directory>\ockO.exe
- from C:\RCX2B.tmp to <Current directory>\dQgA.exe
- from C:\RCX2A.tmp to <Current directory>\msou.exe
- from C:\RCX25.tmp to <Current directory>\VQcA.exe
- from C:\RCX24.tmp to <Current directory>\jIUM.exe
- from C:\RCX27.tmp to <Current directory>\xIcU.exe
- from C:\RCX26.tmp to <Current directory>\MkEC.exe
- from C:\RCX2C.tmp to <Current directory>\OQgO.exe
- from C:\RCX32.tmp to <Current directory>\PEYA.exe
- from C:\RCX31.tmp to <Current directory>\wMwu.exe
- from C:\RCX34.tmp to <Current directory>\jgYS.exe
- from C:\RCX33.tmp to <Current directory>\OQIq.exe
- from C:\RCX2E.tmp to <Current directory>\zoYk.exe
- from C:\RCX2D.tmp to <Current directory>\VoMy.exe
- from C:\RCX30.tmp to <Current directory>\zgkM.exe
- from C:\RCX2F.tmp to <Current directory>\SMsm.exe
Network activity:
Connects to:
- '19#.#86.45.170':9999
- '74.##5.232.51':80
- '20#.#7.164.69':9999
- '20#.#19.204.12':9999
TCP:
HTTP GET requests:
- 74.##5.232.51/
UDP:
- DNS ASK google.com
Miscellaneous:
Searches for the following windows:
- ClassName: '' WindowName: 'Open'
- ClassName: '' WindowName: 'Run'
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'mywMQEoQ'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'
