Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\XwQu.exe
- %HOMEPATH%\gOEYMkgs\JwwI.exe
- %HOMEPATH%\gOEYMkgs\xIAW.exe
- %HOMEPATH%\gOEYMkgs\AYEU.exe
- %HOMEPATH%\gOEYMkgs\RMYa.exe
- %HOMEPATH%\gOEYMkgs\ZQck.exe
- %HOMEPATH%\gOEYMkgs\UQoK.exe
- %HOMEPATH%\gOEYMkgs\qoAI.exe
- %HOMEPATH%\gOEYMkgs\jswm.exe
- %HOMEPATH%\gOEYMkgs\lAQY.exe
- %HOMEPATH%\gOEYMkgs\agYq.exe
- %HOMEPATH%\gOEYMkgs\LogO.exe
- %HOMEPATH%\gOEYMkgs\rQMY.exe
- %HOMEPATH%\gOEYMkgs\Goge.exe
- %HOMEPATH%\gOEYMkgs\eEQI.exe
- %HOMEPATH%\gOEYMkgs\nwgG.exe
- %HOMEPATH%\gOEYMkgs\XQAc.exe
- %HOMEPATH%\gOEYMkgs\NMsu.exe
- %HOMEPATH%\gOEYMkgs\MsIi.exe
- %HOMEPATH%\gOEYMkgs\TAMQ.exe
- %HOMEPATH%\gOEYMkgs\WsQi.exe
- %HOMEPATH%\gOEYMkgs\DcgK.exe
- %HOMEPATH%\gOEYMkgs\SYIM.exe
- %HOMEPATH%\gOEYMkgs\PAkS.exe
- %HOMEPATH%\gOEYMkgs\pwQO.exe
- %HOMEPATH%\gOEYMkgs\vAAq.exe
- %HOMEPATH%\gOEYMkgs\bEgK.exe
- %HOMEPATH%\gOEYMkgs\QYso.exe
- %HOMEPATH%\gOEYMkgs\wooQ.exe
- %HOMEPATH%\gOEYMkgs\ycUQ.exe
- %TEMP%\WER3abf.dir00\manifest.txt
- %TEMP%\WER3abf.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\JYMw.exe
- %HOMEPATH%\gOEYMkgs\ssgs.exe
- %TEMP%\WER3abf.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\NAoW.exe
- %TEMP%\WER3abf.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\SQYi.exe
- %HOMEPATH%\gOEYMkgs\AQYW.exe
- %HOMEPATH%\gOEYMkgs\yMka.exe
- %HOMEPATH%\gOEYMkgs\Rkke.exe
- %HOMEPATH%\gOEYMkgs\wQAg.exe
- %HOMEPATH%\gOEYMkgs\UwIO.exe
- %HOMEPATH%\gOEYMkgs\jkoI.exe
- %HOMEPATH%\gOEYMkgs\pQUo.exe
- %HOMEPATH%\gOEYMkgs\WEkq.exe
- %HOMEPATH%\gOEYMkgs\agcy.exe
- %HOMEPATH%\gOEYMkgs\wgca.exe
- %HOMEPATH%\gOEYMkgs\jIwe.exe
- %HOMEPATH%\gOEYMkgs\jwMI.exe
- %HOMEPATH%\gOEYMkgs\OQUy.exe
- %HOMEPATH%\gOEYMkgs\FIwM.exe
- %HOMEPATH%\gOEYMkgs\MwkO.exe
- %HOMEPATH%\gOEYMkgs\Goki.exe
- %HOMEPATH%\gOEYMkgs\moIu.exe
- %HOMEPATH%\gOEYMkgs\uoYc.exe
- %HOMEPATH%\gOEYMkgs\pYQW.exe
- %HOMEPATH%\gOEYMkgs\uEEQ.exe
- %TEMP%\WERb158.dir00\manifest.txt
- %TEMP%\WERb158.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\BQss.exe
- %HOMEPATH%\gOEYMkgs\ewgO.exe
- %HOMEPATH%\gOEYMkgs\bIIa.exe
- %HOMEPATH%\gOEYMkgs\HMku.exe
- %HOMEPATH%\gOEYMkgs\Zccy.exe
- %HOMEPATH%\gOEYMkgs\UIsO.exe
- %HOMEPATH%\gOEYMkgs\mYMg.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %HOMEPATH%\gOEYMkgs\kowM.exe
- %HOMEPATH%\gOEYMkgs\LgEQ.exe
- %HOMEPATH%\gOEYMkgs\DUcg.exe
- %HOMEPATH%\gOEYMkgs\cYgC.exe
- %HOMEPATH%\gOEYMkgs\nAkc.exe
- %HOMEPATH%\gOEYMkgs\QQsa.exe
- %HOMEPATH%\gOEYMkgs\TcAm.exe
- %HOMEPATH%\gOEYMkgs\VssM.exe
- %HOMEPATH%\gOEYMkgs\Kwki.exe
- %HOMEPATH%\gOEYMkgs\FYAY.exe
- %HOMEPATH%\gOEYMkgs\IwQo.exe
- %HOMEPATH%\gOEYMkgs\BsEA.exe
- %HOMEPATH%\gOEYMkgs\Qsws.exe
- %HOMEPATH%\gOEYMkgs\KUYE.exe
- %HOMEPATH%\gOEYMkgs\OQsG.exe
- %HOMEPATH%\gOEYMkgs\SQwi.exe
- %HOMEPATH%\gOEYMkgs\fsYe.exe
- %HOMEPATH%\gOEYMkgs\PEcm.exe
- %HOMEPATH%\gOEYMkgs\iQwm.exe
- %HOMEPATH%\gOEYMkgs\cowm.exe
- %HOMEPATH%\gOEYMkgs\UwYo.exe
- %HOMEPATH%\gOEYMkgs\RssS.exe
- %HOMEPATH%\gOEYMkgs\sEku.exe
- %TEMP%\WERb158.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\oQEY.exe
- %HOMEPATH%\gOEYMkgs\fgwu.exe
- %HOMEPATH%\gOEYMkgs\asAq.exe
- %TEMP%\WERb158.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\mcAk.exe
- %HOMEPATH%\gOEYMkgs\XkgK.exe
- %HOMEPATH%\gOEYMkgs\HIwI.exe
- %HOMEPATH%\gOEYMkgs\IcMa.exe
- %HOMEPATH%\gOEYMkgs\OMIG.exe
- %HOMEPATH%\gOEYMkgs\OQQK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\TAYA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\cwYs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\zwcY.exe
- %HOMEPATH%\gOEYMkgs\SoYq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\mEQs.exe
- <Current directory>\<File name>
- %HOMEPATH%\gOEYMkgs\jgAm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\bEEA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\IoQq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\BIoU.exe
- %TEMP%\WERd696.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\WcEC.exe
- %HOMEPATH%\gOEYMkgs\GQEA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\bckw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %TEMP%\WER5726.dir00\appcompat.txt
- %ALLUSERSPROFILE%\caQc.txt
- %TEMP%\WER5726.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\QIQs.exe
- %TEMP%\WER5726.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER5726.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\BwYO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\AMYI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\tAQy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\wMwy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\BEsm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\YQsk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\hYAC.exe
- %HOMEPATH%\gOEYMkgs\acwO.exe
- %HOMEPATH%\gOEYMkgs\TQcM.exe
- %HOMEPATH%\gOEYMkgs\wsgi.exe
- %HOMEPATH%\gOEYMkgs\LIIe.exe
- %HOMEPATH%\gOEYMkgs\ekwi.exe
- %HOMEPATH%\gOEYMkgs\poIg.exe
- %HOMEPATH%\gOEYMkgs\zEAQ.exe
- %HOMEPATH%\gOEYMkgs\vAcA.exe
- %HOMEPATH%\gOEYMkgs\xgEA.exe
- %HOMEPATH%\gOEYMkgs\iUIU.exe
- %HOMEPATH%\gOEYMkgs\nkwI.exe
- %HOMEPATH%\gOEYMkgs\XAos.exe
- %HOMEPATH%\gOEYMkgs\Bsss.exe
- %HOMEPATH%\gOEYMkgs\iQgQ.exe
- %HOMEPATH%\gOEYMkgs\lMgC.exe
- %HOMEPATH%\gOEYMkgs\qUkw.exe
- %HOMEPATH%\gOEYMkgs\doca.exe
- %HOMEPATH%\gOEYMkgs\MUgu.exe
- %HOMEPATH%\gOEYMkgs\SEsS.exe
- %HOMEPATH%\gOEYMkgs\ioIo.exe
- %HOMEPATH%\gOEYMkgs\bIUE.exe
- %HOMEPATH%\gOEYMkgs\pAAC.exe
- %HOMEPATH%\gOEYMkgs\icAA.exe
- %HOMEPATH%\gOEYMkgs\pocq.exe
- %HOMEPATH%\gOEYMkgs\PAog.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\Gsok.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\ssEg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\OwYS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\tAMY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %TEMP%\WERd696.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERd696.dir00\manifest.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %TEMP%\WERd696.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\xgcW.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\GQUM.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\OYgG.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\cEEq.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\rsoS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\gksW.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\okgi.exe
- %HOMEPATH%\gOEYMkgs\Goge.exe
- %HOMEPATH%\gOEYMkgs\eEQI.exe
- %HOMEPATH%\gOEYMkgs\NMsu.exe
- %HOMEPATH%\gOEYMkgs\MsIi.exe
- %HOMEPATH%\gOEYMkgs\nwgG.exe
- %HOMEPATH%\gOEYMkgs\pwQO.exe
- %HOMEPATH%\gOEYMkgs\TAMQ.exe
- %HOMEPATH%\gOEYMkgs\SYIM.exe
- %HOMEPATH%\gOEYMkgs\PAkS.exe
- %HOMEPATH%\gOEYMkgs\iQwm.exe
- %HOMEPATH%\gOEYMkgs\cowm.exe
- %HOMEPATH%\gOEYMkgs\IwQo.exe
- %HOMEPATH%\gOEYMkgs\BsEA.exe
- %HOMEPATH%\gOEYMkgs\UwYo.exe
- %HOMEPATH%\gOEYMkgs\PEcm.exe
- %HOMEPATH%\gOEYMkgs\XQAc.exe
- %HOMEPATH%\gOEYMkgs\SQwi.exe
- %HOMEPATH%\gOEYMkgs\fsYe.exe
- %HOMEPATH%\gOEYMkgs\WsQi.exe
- %HOMEPATH%\gOEYMkgs\UQoK.exe
- %HOMEPATH%\gOEYMkgs\qoAI.exe
- %HOMEPATH%\gOEYMkgs\agYq.exe
- %HOMEPATH%\gOEYMkgs\LogO.exe
- %HOMEPATH%\gOEYMkgs\jswm.exe
- %HOMEPATH%\gOEYMkgs\jkoI.exe
- %HOMEPATH%\gOEYMkgs\pQUo.exe
- %HOMEPATH%\gOEYMkgs\vAAq.exe
- %HOMEPATH%\gOEYMkgs\UwIO.exe
- %HOMEPATH%\gOEYMkgs\AYEU.exe
- %HOMEPATH%\gOEYMkgs\RMYa.exe
- %HOMEPATH%\gOEYMkgs\DcgK.exe
- %HOMEPATH%\gOEYMkgs\rQMY.exe
- %HOMEPATH%\gOEYMkgs\ZQck.exe
- %HOMEPATH%\gOEYMkgs\xIAW.exe
- %HOMEPATH%\gOEYMkgs\lAQY.exe
- %HOMEPATH%\gOEYMkgs\XwQu.exe
- %HOMEPATH%\gOEYMkgs\JwwI.exe
- %HOMEPATH%\gOEYMkgs\FYAY.exe
- %HOMEPATH%\gOEYMkgs\HMku.exe
- %HOMEPATH%\gOEYMkgs\moIu.exe
- %HOMEPATH%\gOEYMkgs\cYgC.exe
- %HOMEPATH%\gOEYMkgs\nAkc.exe
- %HOMEPATH%\gOEYMkgs\uoYc.exe
- %HOMEPATH%\gOEYMkgs\MwkO.exe
- %HOMEPATH%\gOEYMkgs\Goki.exe
- %HOMEPATH%\gOEYMkgs\pYQW.exe
- %HOMEPATH%\gOEYMkgs\FIwM.exe
- %HOMEPATH%\gOEYMkgs\Zccy.exe
- %HOMEPATH%\gOEYMkgs\UIsO.exe
- %HOMEPATH%\gOEYMkgs\kowM.exe
- %HOMEPATH%\gOEYMkgs\LgEQ.exe
- %HOMEPATH%\gOEYMkgs\mYMg.exe
- %HOMEPATH%\gOEYMkgs\VssM.exe
- %HOMEPATH%\gOEYMkgs\DUcg.exe
- %HOMEPATH%\gOEYMkgs\QQsa.exe
- %HOMEPATH%\gOEYMkgs\TcAm.exe
- %HOMEPATH%\gOEYMkgs\BQss.exe
- %HOMEPATH%\gOEYMkgs\mcAk.exe
- %HOMEPATH%\gOEYMkgs\XkgK.exe
- %HOMEPATH%\gOEYMkgs\OMIG.exe
- %HOMEPATH%\gOEYMkgs\OQQK.exe
- %HOMEPATH%\gOEYMkgs\HIwI.exe
- %HOMEPATH%\gOEYMkgs\KUYE.exe
- %HOMEPATH%\gOEYMkgs\OQsG.exe
- %HOMEPATH%\gOEYMkgs\RssS.exe
- %HOMEPATH%\gOEYMkgs\Qsws.exe
- %HOMEPATH%\gOEYMkgs\uEEQ.exe
- %HOMEPATH%\gOEYMkgs\Kwki.exe
- %HOMEPATH%\gOEYMkgs\ewgO.exe
- %HOMEPATH%\gOEYMkgs\bIIa.exe
- %HOMEPATH%\gOEYMkgs\fgwu.exe
- %HOMEPATH%\gOEYMkgs\oQEY.exe
- %HOMEPATH%\gOEYMkgs\IcMa.exe
- %HOMEPATH%\gOEYMkgs\asAq.exe
- %HOMEPATH%\gOEYMkgs\sEku.exe
- %HOMEPATH%\gOEYMkgs\xgcW.exe
- %HOMEPATH%\gOEYMkgs\OwYS.exe
- %HOMEPATH%\gOEYMkgs\okgi.exe
- %HOMEPATH%\gOEYMkgs\rsoS.exe
- %HOMEPATH%\gOEYMkgs\Gsok.exe
- %HOMEPATH%\gOEYMkgs\IoQq.exe
- %HOMEPATH%\gOEYMkgs\BIoU.exe
- %HOMEPATH%\gOEYMkgs\ssEg.exe
- %HOMEPATH%\gOEYMkgs\tAMY.exe
- %HOMEPATH%\gOEYMkgs\zEAQ.exe
- %HOMEPATH%\gOEYMkgs\vAcA.exe
- %HOMEPATH%\gOEYMkgs\nkwI.exe
- %HOMEPATH%\gOEYMkgs\XAos.exe
- %HOMEPATH%\gOEYMkgs\xgEA.exe
- %HOMEPATH%\gOEYMkgs\GQUM.exe
- %HOMEPATH%\gOEYMkgs\gksW.exe
- %HOMEPATH%\gOEYMkgs\OYgG.exe
- %HOMEPATH%\gOEYMkgs\cEEq.exe
- %HOMEPATH%\gOEYMkgs\bEEA.exe
- %HOMEPATH%\gOEYMkgs\wMwy.exe
- %HOMEPATH%\gOEYMkgs\AMYI.exe
- %HOMEPATH%\gOEYMkgs\mEQs.exe
- %HOMEPATH%\gOEYMkgs\tAQy.exe
- %HOMEPATH%\gOEYMkgs\YQsk.exe
- %HOMEPATH%\gOEYMkgs\BwYO.exe
- %HOMEPATH%\gOEYMkgs\QIQs.exe
- %HOMEPATH%\gOEYMkgs\hYAC.exe
- %HOMEPATH%\gOEYMkgs\BEsm.exe
- %HOMEPATH%\gOEYMkgs\WcEC.exe
- %HOMEPATH%\gOEYMkgs\cwYs.exe
- %HOMEPATH%\gOEYMkgs\GQEA.exe
- %HOMEPATH%\gOEYMkgs\bckw.exe
- %HOMEPATH%\gOEYMkgs\zwcY.exe
- %TEMP%\LuwYEoUQ.bat
- %HOMEPATH%\gOEYMkgs\SoYq.exe
- %HOMEPATH%\gOEYMkgs\TAYA.exe
- %HOMEPATH%\gOEYMkgs\jgAm.exe
- %HOMEPATH%\gOEYMkgs\iUIU.exe
- %HOMEPATH%\gOEYMkgs\bEgK.exe
- %HOMEPATH%\gOEYMkgs\QYso.exe
- %HOMEPATH%\gOEYMkgs\AQYW.exe
- %HOMEPATH%\gOEYMkgs\ycUQ.exe
- %HOMEPATH%\gOEYMkgs\wooQ.exe
- %HOMEPATH%\gOEYMkgs\JYMw.exe
- %HOMEPATH%\gOEYMkgs\ssgs.exe
- %HOMEPATH%\gOEYMkgs\NAoW.exe
- %HOMEPATH%\gOEYMkgs\SQYi.exe
- %HOMEPATH%\gOEYMkgs\wQAg.exe
- %HOMEPATH%\gOEYMkgs\jIwe.exe
- %HOMEPATH%\gOEYMkgs\yMka.exe
- %HOMEPATH%\gOEYMkgs\Rkke.exe
- %HOMEPATH%\gOEYMkgs\jwMI.exe
- %HOMEPATH%\gOEYMkgs\agcy.exe
- %HOMEPATH%\gOEYMkgs\wgca.exe
- %HOMEPATH%\gOEYMkgs\OQUy.exe
- %HOMEPATH%\gOEYMkgs\WEkq.exe
- %HOMEPATH%\gOEYMkgs\doca.exe
- %HOMEPATH%\gOEYMkgs\Bsss.exe
- %HOMEPATH%\gOEYMkgs\LIIe.exe
- %HOMEPATH%\gOEYMkgs\bIUE.exe
- %HOMEPATH%\gOEYMkgs\pAAC.exe
- %HOMEPATH%\gOEYMkgs\ekwi.exe
- %HOMEPATH%\gOEYMkgs\TQcM.exe
- %HOMEPATH%\gOEYMkgs\wsgi.exe
- %HOMEPATH%\gOEYMkgs\poIg.exe
- %HOMEPATH%\gOEYMkgs\acwO.exe
- %HOMEPATH%\gOEYMkgs\iQgQ.exe
- %HOMEPATH%\gOEYMkgs\lMgC.exe
- %HOMEPATH%\gOEYMkgs\MUgu.exe
- %HOMEPATH%\gOEYMkgs\SEsS.exe
- %HOMEPATH%\gOEYMkgs\qUkw.exe
- %HOMEPATH%\gOEYMkgs\PAog.exe
- %HOMEPATH%\gOEYMkgs\ioIo.exe
- %HOMEPATH%\gOEYMkgs\icAA.exe
- %HOMEPATH%\gOEYMkgs\pocq.exe
- %HOMEPATH%\gOEYMkgs\tAMY.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'