Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\wQcU.exe
- %HOMEPATH%\gOEYMkgs\AkIg.exe
- %HOMEPATH%\gOEYMkgs\VMAI.exe
- %HOMEPATH%\gOEYMkgs\PcYO.exe
- %HOMEPATH%\gOEYMkgs\vcwM.exe
- %HOMEPATH%\gOEYMkgs\dEMo.exe
- %HOMEPATH%\gOEYMkgs\jwYe.exe
- %HOMEPATH%\gOEYMkgs\sogs.exe
- %HOMEPATH%\gOEYMkgs\eIkW.exe
- %HOMEPATH%\gOEYMkgs\HcIK.exe
- %HOMEPATH%\gOEYMkgs\EYAs.exe
- %HOMEPATH%\gOEYMkgs\KYwG.exe
- %HOMEPATH%\gOEYMkgs\cEYO.exe
- %HOMEPATH%\gOEYMkgs\iowi.exe
- %HOMEPATH%\gOEYMkgs\YMko.exe
- %HOMEPATH%\gOEYMkgs\EosQ.exe
- %TEMP%\WER02ff.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\LMUC.exe
- %TEMP%\WER02ff.dir00\manifest.txt
- %TEMP%\WER02ff.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\ycEa.exe
- %HOMEPATH%\gOEYMkgs\nQcg.exe
- %HOMEPATH%\gOEYMkgs\BEgk.exe
- %HOMEPATH%\gOEYMkgs\GsYU.exe
- %TEMP%\WER02ff.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\LYwa.exe
- %HOMEPATH%\gOEYMkgs\IQUo.exe
- %HOMEPATH%\gOEYMkgs\iAsw.exe
- %HOMEPATH%\gOEYMkgs\zUsI.exe
- %HOMEPATH%\gOEYMkgs\mIAc.exe
- %HOMEPATH%\gOEYMkgs\uoAC.exe
- %HOMEPATH%\gOEYMkgs\uoMW.exe
- %HOMEPATH%\gOEYMkgs\bcgY.exe
- %HOMEPATH%\gOEYMkgs\EQAM.exe
- %HOMEPATH%\gOEYMkgs\ioow.exe
- %HOMEPATH%\gOEYMkgs\DgEU.exe
- %TEMP%\WER2a0f.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\wUMi.exe
- %TEMP%\WER2a0f.dir00\manifest.txt
- %TEMP%\WER2a0f.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\xAgM.exe
- %HOMEPATH%\gOEYMkgs\zAMc.exe
- %TEMP%\WER8bfa.dir00\manifest.txt
- %TEMP%\WER8bfa.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\VkQQ.exe
- %HOMEPATH%\gOEYMkgs\Nksw.exe
- %HOMEPATH%\gOEYMkgs\jwsS.exe
- %HOMEPATH%\gOEYMkgs\XYYg.exe
- %HOMEPATH%\gOEYMkgs\HcMk.exe
- %HOMEPATH%\gOEYMkgs\icsY.exe
- %HOMEPATH%\gOEYMkgs\bYUM.exe
- %HOMEPATH%\gOEYMkgs\tsAk.exe
- %TEMP%\WER8bfa.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\uIwg.exe
- %TEMP%\WER8bfa.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\gIIy.exe
- %HOMEPATH%\gOEYMkgs\qoAo.exe
- %TEMP%\WER7982.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\EgUY.exe
- %HOMEPATH%\gOEYMkgs\eEwi.exe
- %HOMEPATH%\gOEYMkgs\SIou.exe
- %TEMP%\WER7982.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\TsQw.exe
- %HOMEPATH%\gOEYMkgs\GUAe.exe
- %HOMEPATH%\gOEYMkgs\NcMU.exe
- %HOMEPATH%\gOEYMkgs\YIUo.exe
- %HOMEPATH%\gOEYMkgs\JYAe.exe
- %TEMP%\WER7982.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\ykgK.exe
- %HOMEPATH%\gOEYMkgs\wkcO.exe
- %HOMEPATH%\gOEYMkgs\vwke.exe
- %HOMEPATH%\gOEYMkgs\gQAI.exe
- %HOMEPATH%\gOEYMkgs\YMUO.exe
- %HOMEPATH%\gOEYMkgs\BgsC.exe
- %HOMEPATH%\gOEYMkgs\Gcww.exe
- %HOMEPATH%\gOEYMkgs\focy.exe
- %HOMEPATH%\gOEYMkgs\iYEk.exe
- %HOMEPATH%\gOEYMkgs\mQse.exe
- %HOMEPATH%\gOEYMkgs\QgYY.exe
- %HOMEPATH%\gOEYMkgs\twEU.exe
- %HOMEPATH%\gOEYMkgs\ckMQ.exe
- %HOMEPATH%\gOEYMkgs\GsQK.exe
- %HOMEPATH%\gOEYMkgs\EEIY.exe
- %HOMEPATH%\gOEYMkgs\oYoo.exe
- %HOMEPATH%\gOEYMkgs\vYcM.exe
- %HOMEPATH%\gOEYMkgs\SEYI.exe
- %HOMEPATH%\gOEYMkgs\IQca.exe
- %HOMEPATH%\gOEYMkgs\ykwG.exe
- %HOMEPATH%\gOEYMkgs\CEAg.exe
- %HOMEPATH%\gOEYMkgs\BQAA.exe
- %HOMEPATH%\gOEYMkgs\EUgI.exe
- %HOMEPATH%\gOEYMkgs\kYQw.exe
- %HOMEPATH%\gOEYMkgs\xUYQ.exe
- %HOMEPATH%\gOEYMkgs\SogM.exe
- %HOMEPATH%\gOEYMkgs\oEAG.exe
- %HOMEPATH%\gOEYMkgs\zkQi.exe
- %HOMEPATH%\gOEYMkgs\lkwo.exe
- %HOMEPATH%\gOEYMkgs\fIws.exe
- %HOMEPATH%\gOEYMkgs\PswK.exe
- %HOMEPATH%\gOEYMkgs\XgMG.exe
- %TEMP%\WER7982.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\SAUW.exe
- %HOMEPATH%\gOEYMkgs\CsEg.exe
- %HOMEPATH%\gOEYMkgs\nwES.exe
- %HOMEPATH%\gOEYMkgs\QgEm.exe
- %HOMEPATH%\gOEYMkgs\uQAk.exe
- %HOMEPATH%\gOEYMkgs\tooG.exe
- %HOMEPATH%\gOEYMkgs\nkkq.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %HOMEPATH%\gOEYMkgs\EwYC.exe
- %TEMP%\WER2a0f.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\GQIm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\mcYa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\foYe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\XEkw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\IUsK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\gQsO.exe
- %TEMP%\WER29b7.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WER29b7.dir00\manifest.txt
- %TEMP%\WER29b7.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\VsIo.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\Ogsu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\DgMo.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\gEoO.exe
- %HOMEPATH%\gOEYMkgs\eMcu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %TEMP%\WER29b7.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\DoYY.exe
- %ALLUSERSPROFILE%\caQc.txt
- %TEMP%\WER44e9.dir00\manifest.txt
- %TEMP%\WER44e9.dir00\appcompat.txt
- %TEMP%\WERb3bc.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERb3bc.dir00\ZgMYMIIE.exe.mdmp
- <Current directory>\<File name>
- %TEMP%\WER44e9.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER44e9.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %TEMP%\WERb3bc.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\vUcq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\rYIk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\bwUo.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\yksi.exe
- %TEMP%\WERb3bc.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\TkYm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\dcMK.exe
- %HOMEPATH%\gOEYMkgs\jEcI.exe
- %HOMEPATH%\gOEYMkgs\rIgI.exe
- %TEMP%\WERa7f4.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\jocw.exe
- %HOMEPATH%\gOEYMkgs\Hggc.exe
- %HOMEPATH%\gOEYMkgs\hUYM.exe
- %TEMP%\WERa7f4.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\TMAQ.exe
- %TEMP%\WERa7f4.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\MQYu.exe
- %HOMEPATH%\gOEYMkgs\QsEW.exe
- %TEMP%\WERa7f4.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\BQcQ.exe
- %HOMEPATH%\gOEYMkgs\hUsE.exe
- %HOMEPATH%\gOEYMkgs\JsQE.exe
- %HOMEPATH%\gOEYMkgs\FgQa.exe
- %HOMEPATH%\gOEYMkgs\hkck.exe
- %HOMEPATH%\gOEYMkgs\VgMA.exe
- %HOMEPATH%\gOEYMkgs\zAIA.exe
- %HOMEPATH%\gOEYMkgs\HwAU.exe
- %HOMEPATH%\gOEYMkgs\bkMO.exe
- %HOMEPATH%\gOEYMkgs\hsso.exe
- %HOMEPATH%\gOEYMkgs\kYwW.exe
- %HOMEPATH%\gOEYMkgs\GskQ.exe
- %HOMEPATH%\gOEYMkgs\aEAC.exe
- %HOMEPATH%\gOEYMkgs\soUU.exe
- %HOMEPATH%\gOEYMkgs\dwUK.exe
- %HOMEPATH%\gOEYMkgs\hUUM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\SoIM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\nYEY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\OMkc.exe
- %HOMEPATH%\gOEYMkgs\RAIc.exe
- %HOMEPATH%\gOEYMkgs\NwIG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\RAMw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\XkkC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\JwEu.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\DgME.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\jIMK.exe
- %HOMEPATH%\gOEYMkgs\RAAg.exe
- %HOMEPATH%\gOEYMkgs\AcYs.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\XgMc.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\lYkS.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\LMUC.exe
- %HOMEPATH%\gOEYMkgs\YMko.exe
- %HOMEPATH%\gOEYMkgs\kYQw.exe
- %HOMEPATH%\gOEYMkgs\xUYQ.exe
- %HOMEPATH%\gOEYMkgs\EosQ.exe
- %HOMEPATH%\gOEYMkgs\IQUo.exe
- %HOMEPATH%\gOEYMkgs\nQcg.exe
- %HOMEPATH%\gOEYMkgs\ycEa.exe
- %HOMEPATH%\gOEYMkgs\LYwa.exe
- %HOMEPATH%\gOEYMkgs\EUgI.exe
- %HOMEPATH%\gOEYMkgs\oYoo.exe
- %HOMEPATH%\gOEYMkgs\vYcM.exe
- %HOMEPATH%\gOEYMkgs\ykwG.exe
- %HOMEPATH%\gOEYMkgs\CEAg.exe
- %HOMEPATH%\gOEYMkgs\SEYI.exe
- %HOMEPATH%\gOEYMkgs\oEAG.exe
- %HOMEPATH%\gOEYMkgs\zkQi.exe
- %HOMEPATH%\gOEYMkgs\BQAA.exe
- %HOMEPATH%\gOEYMkgs\SogM.exe
- %HOMEPATH%\gOEYMkgs\cEYO.exe
- %HOMEPATH%\gOEYMkgs\sogs.exe
- %HOMEPATH%\gOEYMkgs\EYAs.exe
- %HOMEPATH%\gOEYMkgs\KYwG.exe
- %HOMEPATH%\gOEYMkgs\eIkW.exe
- %HOMEPATH%\gOEYMkgs\Nksw.exe
- %HOMEPATH%\gOEYMkgs\jwsS.exe
- %HOMEPATH%\gOEYMkgs\HcIK.exe
- %HOMEPATH%\gOEYMkgs\iAsw.exe
- %HOMEPATH%\gOEYMkgs\jwYe.exe
- %HOMEPATH%\gOEYMkgs\iowi.exe
- %HOMEPATH%\gOEYMkgs\PcYO.exe
- %HOMEPATH%\gOEYMkgs\BEgk.exe
- %HOMEPATH%\gOEYMkgs\GsYU.exe
- %HOMEPATH%\gOEYMkgs\vcwM.exe
- %HOMEPATH%\gOEYMkgs\AkIg.exe
- %HOMEPATH%\gOEYMkgs\VMAI.exe
- %HOMEPATH%\gOEYMkgs\dEMo.exe
- %HOMEPATH%\gOEYMkgs\wQcU.exe
- %HOMEPATH%\gOEYMkgs\QgYY.exe
- %HOMEPATH%\gOEYMkgs\ykgK.exe
- %HOMEPATH%\gOEYMkgs\iYEk.exe
- %HOMEPATH%\gOEYMkgs\mQse.exe
- %HOMEPATH%\gOEYMkgs\EgUY.exe
- %HOMEPATH%\gOEYMkgs\gIIy.exe
- %HOMEPATH%\gOEYMkgs\qoAo.exe
- %HOMEPATH%\gOEYMkgs\eEwi.exe
- %HOMEPATH%\gOEYMkgs\SIou.exe
- %HOMEPATH%\gOEYMkgs\GsQK.exe
- %HOMEPATH%\gOEYMkgs\Gcww.exe
- %HOMEPATH%\gOEYMkgs\wkcO.exe
- %HOMEPATH%\gOEYMkgs\YMUO.exe
- %HOMEPATH%\gOEYMkgs\BgsC.exe
- %HOMEPATH%\gOEYMkgs\vwke.exe
- %HOMEPATH%\gOEYMkgs\twEU.exe
- %HOMEPATH%\gOEYMkgs\ckMQ.exe
- %HOMEPATH%\gOEYMkgs\gQAI.exe
- %HOMEPATH%\gOEYMkgs\focy.exe
- %HOMEPATH%\gOEYMkgs\nkkq.exe
- %HOMEPATH%\gOEYMkgs\EwYC.exe
- %HOMEPATH%\gOEYMkgs\XgMG.exe
- %HOMEPATH%\gOEYMkgs\nwES.exe
- %HOMEPATH%\gOEYMkgs\QgEm.exe
- %HOMEPATH%\gOEYMkgs\lkwo.exe
- %HOMEPATH%\gOEYMkgs\IQca.exe
- %HOMEPATH%\gOEYMkgs\uQAk.exe
- %HOMEPATH%\gOEYMkgs\tooG.exe
- %HOMEPATH%\gOEYMkgs\PswK.exe
- %HOMEPATH%\gOEYMkgs\TsQw.exe
- %HOMEPATH%\gOEYMkgs\GUAe.exe
- %HOMEPATH%\gOEYMkgs\YIUo.exe
- %HOMEPATH%\gOEYMkgs\JYAe.exe
- %HOMEPATH%\gOEYMkgs\NcMU.exe
- %HOMEPATH%\gOEYMkgs\CsEg.exe
- %HOMEPATH%\gOEYMkgs\fIws.exe
- %HOMEPATH%\gOEYMkgs\EEIY.exe
- %HOMEPATH%\gOEYMkgs\SAUW.exe
- %HOMEPATH%\gOEYMkgs\nYEY.exe
- %HOMEPATH%\gOEYMkgs\OMkc.exe
- %HOMEPATH%\gOEYMkgs\AcYs.exe
- %HOMEPATH%\gOEYMkgs\XgMc.exe
- %HOMEPATH%\gOEYMkgs\SoIM.exe
- %HOMEPATH%\gOEYMkgs\NwIG.exe
- %HOMEPATH%\gOEYMkgs\RAMw.exe
- %HOMEPATH%\gOEYMkgs\RAIc.exe
- %HOMEPATH%\gOEYMkgs\XkkC.exe
- %HOMEPATH%\gOEYMkgs\lYkS.exe
- %HOMEPATH%\gOEYMkgs\TMAQ.exe
- %HOMEPATH%\gOEYMkgs\MQYu.exe
- %HOMEPATH%\gOEYMkgs\QsEW.exe
- %HOMEPATH%\gOEYMkgs\BQcQ.exe
- %HOMEPATH%\gOEYMkgs\hUUM.exe
- %HOMEPATH%\gOEYMkgs\JwEu.exe
- %HOMEPATH%\gOEYMkgs\RAAg.exe
- %HOMEPATH%\gOEYMkgs\DgME.exe
- %HOMEPATH%\gOEYMkgs\jIMK.exe
- %HOMEPATH%\gOEYMkgs\bwUo.exe
- %HOMEPATH%\gOEYMkgs\vUcq.exe
- %HOMEPATH%\gOEYMkgs\XEkw.exe
- %HOMEPATH%\gOEYMkgs\DoYY.exe
- %HOMEPATH%\gOEYMkgs\rYIk.exe
- %HOMEPATH%\gOEYMkgs\yksi.exe
- %TEMP%\UWgQAAcE.bat
- %HOMEPATH%\gOEYMkgs\TkYm.exe
- %HOMEPATH%\gOEYMkgs\dcMK.exe
- %HOMEPATH%\gOEYMkgs\gQsO.exe
- %HOMEPATH%\gOEYMkgs\eMcu.exe
- %HOMEPATH%\gOEYMkgs\DgMo.exe
- %HOMEPATH%\gOEYMkgs\Ogsu.exe
- %HOMEPATH%\gOEYMkgs\VsIo.exe
- %HOMEPATH%\gOEYMkgs\gEoO.exe
- %HOMEPATH%\gOEYMkgs\mcYa.exe
- %HOMEPATH%\gOEYMkgs\IUsK.exe
- %HOMEPATH%\gOEYMkgs\foYe.exe
- %HOMEPATH%\gOEYMkgs\GQIm.exe
- %HOMEPATH%\gOEYMkgs\mIAc.exe
- %HOMEPATH%\gOEYMkgs\uoAC.exe
- %HOMEPATH%\gOEYMkgs\EQAM.exe
- %HOMEPATH%\gOEYMkgs\zUsI.exe
- %HOMEPATH%\gOEYMkgs\ioow.exe
- %HOMEPATH%\gOEYMkgs\wUMi.exe
- %HOMEPATH%\gOEYMkgs\VgMA.exe
- %HOMEPATH%\gOEYMkgs\xAgM.exe
- %HOMEPATH%\gOEYMkgs\DgEU.exe
- %HOMEPATH%\gOEYMkgs\bcgY.exe
- %HOMEPATH%\gOEYMkgs\HcMk.exe
- %HOMEPATH%\gOEYMkgs\uIwg.exe
- %HOMEPATH%\gOEYMkgs\XYYg.exe
- %HOMEPATH%\gOEYMkgs\VkQQ.exe
- %HOMEPATH%\gOEYMkgs\icsY.exe
- %HOMEPATH%\gOEYMkgs\zAMc.exe
- %HOMEPATH%\gOEYMkgs\uoMW.exe
- %HOMEPATH%\gOEYMkgs\bYUM.exe
- %HOMEPATH%\gOEYMkgs\tsAk.exe
- %HOMEPATH%\gOEYMkgs\GskQ.exe
- %HOMEPATH%\gOEYMkgs\hUsE.exe
- %HOMEPATH%\gOEYMkgs\hsso.exe
- %HOMEPATH%\gOEYMkgs\kYwW.exe
- %HOMEPATH%\gOEYMkgs\jocw.exe
- %HOMEPATH%\gOEYMkgs\jEcI.exe
- %HOMEPATH%\gOEYMkgs\rIgI.exe
- %HOMEPATH%\gOEYMkgs\Hggc.exe
- %HOMEPATH%\gOEYMkgs\hUYM.exe
- %HOMEPATH%\gOEYMkgs\dwUK.exe
- %HOMEPATH%\gOEYMkgs\JsQE.exe
- %TEMP%\tMkQAwUA.bat
- %HOMEPATH%\gOEYMkgs\zAIA.exe
- %HOMEPATH%\gOEYMkgs\HwAU.exe
- %HOMEPATH%\gOEYMkgs\FgQa.exe
- %HOMEPATH%\gOEYMkgs\aEAC.exe
- %HOMEPATH%\gOEYMkgs\soUU.exe
- %HOMEPATH%\gOEYMkgs\hkck.exe
- %HOMEPATH%\gOEYMkgs\bkMO.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'