Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\aMQu.exe
- %HOMEPATH%\gOEYMkgs\CYgU.exe
- %HOMEPATH%\gOEYMkgs\igUq.exe
- %HOMEPATH%\gOEYMkgs\MUkS.exe
- %HOMEPATH%\gOEYMkgs\UcAg.exe
- %HOMEPATH%\gOEYMkgs\fwsC.exe
- %HOMEPATH%\gOEYMkgs\REAm.exe
- %HOMEPATH%\gOEYMkgs\MgQU.exe
- %HOMEPATH%\gOEYMkgs\fwIe.exe
- %HOMEPATH%\gOEYMkgs\IAEi.exe
- %HOMEPATH%\gOEYMkgs\mUAk.exe
- %HOMEPATH%\gOEYMkgs\bIIC.exe
- %HOMEPATH%\gOEYMkgs\YUwG.exe
- %HOMEPATH%\gOEYMkgs\DUMY.exe
- %HOMEPATH%\gOEYMkgs\pUkk.exe
- %HOMEPATH%\gOEYMkgs\vcIu.exe
- %HOMEPATH%\gOEYMkgs\DkgU.exe
- %HOMEPATH%\gOEYMkgs\aEQu.exe
- %HOMEPATH%\gOEYMkgs\XUIw.exe
- %HOMEPATH%\gOEYMkgs\EQEg.exe
- %HOMEPATH%\gOEYMkgs\josQ.exe
- %HOMEPATH%\gOEYMkgs\CcYk.exe
- %HOMEPATH%\gOEYMkgs\cEou.exe
- %HOMEPATH%\gOEYMkgs\KEoQ.exe
- %HOMEPATH%\gOEYMkgs\kYUG.exe
- %HOMEPATH%\gOEYMkgs\jYkG.exe
- %TEMP%\WER0788.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\XsAG.exe
- %HOMEPATH%\gOEYMkgs\uQAw.exe
- %HOMEPATH%\gOEYMkgs\lEUg.exe
- %TEMP%\WER0788.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\BYIw.exe
- %HOMEPATH%\gOEYMkgs\cIks.exe
- %HOMEPATH%\gOEYMkgs\RwoY.exe
- %HOMEPATH%\gOEYMkgs\wYsO.exe
- %HOMEPATH%\gOEYMkgs\KQkU.exe
- %HOMEPATH%\gOEYMkgs\XEAM.exe
- %HOMEPATH%\gOEYMkgs\NAYQ.exe
- %HOMEPATH%\gOEYMkgs\MIQG.exe
- %HOMEPATH%\gOEYMkgs\ZUoM.exe
- %HOMEPATH%\gOEYMkgs\FoUy.exe
- %HOMEPATH%\gOEYMkgs\lUMK.exe
- %HOMEPATH%\gOEYMkgs\lwwG.exe
- %HOMEPATH%\gOEYMkgs\EAYG.exe
- %HOMEPATH%\gOEYMkgs\dwEe.exe
- %HOMEPATH%\gOEYMkgs\TkcQ.exe
- %TEMP%\WER0788.dir00\manifest.txt
- %TEMP%\WER0788.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\josG.exe
- %HOMEPATH%\gOEYMkgs\ZoQE.exe
- %HOMEPATH%\gOEYMkgs\QUAm.exe
- %HOMEPATH%\gOEYMkgs\iYsa.exe
- %HOMEPATH%\gOEYMkgs\mMwU.exe
- %HOMEPATH%\gOEYMkgs\oIsK.exe
- %HOMEPATH%\gOEYMkgs\RgcY.exe
- %HOMEPATH%\gOEYMkgs\WUEC.exe
- %HOMEPATH%\gOEYMkgs\lUUq.exe
- %HOMEPATH%\gOEYMkgs\fQoG.exe
- %HOMEPATH%\gOEYMkgs\uEcI.exe
- %HOMEPATH%\gOEYMkgs\wsYu.exe
- %HOMEPATH%\gOEYMkgs\IUAg.exe
- %HOMEPATH%\gOEYMkgs\LYka.exe
- %HOMEPATH%\gOEYMkgs\WMQs.exe
- %HOMEPATH%\gOEYMkgs\qowG.exe
- %HOMEPATH%\gOEYMkgs\hMEI.exe
- %HOMEPATH%\gOEYMkgs\BAsa.exe
- %HOMEPATH%\gOEYMkgs\cQgE.exe
- %HOMEPATH%\gOEYMkgs\dgoe.exe
- %HOMEPATH%\gOEYMkgs\TcEy.exe
- %HOMEPATH%\gOEYMkgs\SowE.exe
- %HOMEPATH%\gOEYMkgs\RYwe.exe
- %HOMEPATH%\gOEYMkgs\FIMC.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
- %HOMEPATH%\gOEYMkgs\zsEM.exe
- %HOMEPATH%\gOEYMkgs\WEAU.exe
- %HOMEPATH%\gOEYMkgs\yQAM.exe
- %HOMEPATH%\gOEYMkgs\UUAM.exe
- %HOMEPATH%\gOEYMkgs\wQwg.exe
- %HOMEPATH%\gOEYMkgs\WIsG.exe
- %HOMEPATH%\gOEYMkgs\fUIg.exe
- %HOMEPATH%\gOEYMkgs\yIgy.exe
- %HOMEPATH%\gOEYMkgs\uYwC.exe
- %HOMEPATH%\gOEYMkgs\BoAY.exe
- %HOMEPATH%\gOEYMkgs\OMAe.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\PcEu.exe
- %HOMEPATH%\gOEYMkgs\BAcy.exe
- %HOMEPATH%\gOEYMkgs\sggC.exe
- %HOMEPATH%\gOEYMkgs\dccE.exe
- %HOMEPATH%\gOEYMkgs\ikAi.exe
- %HOMEPATH%\gOEYMkgs\pYsY.exe
- %HOMEPATH%\gOEYMkgs\vYMY.exe
- %HOMEPATH%\gOEYMkgs\UMEi.exe
- %HOMEPATH%\gOEYMkgs\mokY.exe
- %HOMEPATH%\gOEYMkgs\NMQC.exe
- %HOMEPATH%\gOEYMkgs\pkwC.exe
- %HOMEPATH%\gOEYMkgs\fQkE.exe
- %HOMEPATH%\gOEYMkgs\FgcU.exe
- %HOMEPATH%\gOEYMkgs\AYEs.exe
- %HOMEPATH%\gOEYMkgs\Qwwa.exe
- %HOMEPATH%\gOEYMkgs\CcQS.exe
- %HOMEPATH%\gOEYMkgs\BMgy.exe
- %HOMEPATH%\gOEYMkgs\nQck.exe
- %HOMEPATH%\gOEYMkgs\dMYq.exe
- %HOMEPATH%\gOEYMkgs\kkkA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\dQcw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- <Current directory>\<File name>
- %HOMEPATH%\gOEYMkgs\zAUm.exe
- %HOMEPATH%\gOEYMkgs\ZEIe.exe
- %HOMEPATH%\gOEYMkgs\OAgQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\mooS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\PcgQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\CMwi.exe
- %TEMP%\WERa186.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\XgMy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\LEcI.exe
- %TEMP%\WERa186.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %TEMP%\WERa186.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\HsYy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\LQIa.exe
- %TEMP%\WERa186.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER2987.dir00\manifest.txt
- %TEMP%\WER2987.dir00\appcompat.txt
- %TEMP%\WER2987.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\CAUu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\VIws.exe
- %TEMP%\WER2987.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\wYga.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\Kkcc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\KQwe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\wEQA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\QAQE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\gcIA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\hYMG.exe
- %HOMEPATH%\gOEYMkgs\EAgk.exe
- %TEMP%\WER8920.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\DEEU.exe
- %TEMP%\WER8920.dir00\manifest.txt
- %TEMP%\WER8920.dir00\appcompat.txt
- %TEMP%\WER8920.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\AAQY.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\nMAq.exe
- %HOMEPATH%\gOEYMkgs\KQIy.exe
- %HOMEPATH%\gOEYMkgs\NcQq.exe
- %HOMEPATH%\gOEYMkgs\tAkk.exe
- %HOMEPATH%\gOEYMkgs\HIsK.exe
- %HOMEPATH%\gOEYMkgs\egkK.exe
- %HOMEPATH%\gOEYMkgs\skYk.exe
- %HOMEPATH%\gOEYMkgs\JIgG.exe
- %HOMEPATH%\gOEYMkgs\tkso.exe
- %HOMEPATH%\gOEYMkgs\TMEu.exe
- %HOMEPATH%\gOEYMkgs\icsE.exe
- %HOMEPATH%\gOEYMkgs\uQky.exe
- %HOMEPATH%\gOEYMkgs\YcEg.exe
- %HOMEPATH%\gOEYMkgs\oQUY.exe
- %HOMEPATH%\gOEYMkgs\vgsa.exe
- %HOMEPATH%\gOEYMkgs\RQgI.exe
- %HOMEPATH%\gOEYMkgs\bMAK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\UEcy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %TEMP%\WER1cb5.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\xMcO.exe
- %HOMEPATH%\gOEYMkgs\oMUe.exe
- %HOMEPATH%\gOEYMkgs\CsgI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\RwIi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\WwES.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\bYwg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\zYoM.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\DcAW.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\ikUm.exe
- %TEMP%\WER1cb5.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\XoQM.exe
- %TEMP%\WER1cb5.dir00\manifest.txt
- %TEMP%\WER1cb5.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\ikAi.exe
- %HOMEPATH%\gOEYMkgs\pYsY.exe
- %HOMEPATH%\gOEYMkgs\uYwC.exe
- %HOMEPATH%\gOEYMkgs\PcEu.exe
- %HOMEPATH%\gOEYMkgs\vYMY.exe
- %HOMEPATH%\gOEYMkgs\dccE.exe
- %HOMEPATH%\gOEYMkgs\mMwU.exe
- %HOMEPATH%\gOEYMkgs\BAcy.exe
- %HOMEPATH%\gOEYMkgs\sggC.exe
- %HOMEPATH%\gOEYMkgs\yIgy.exe
- %HOMEPATH%\gOEYMkgs\kkkA.exe
- %HOMEPATH%\gOEYMkgs\Qwwa.exe
- %HOMEPATH%\gOEYMkgs\nQck.exe
- %HOMEPATH%\gOEYMkgs\dMYq.exe
- %HOMEPATH%\gOEYMkgs\CcQS.exe
- %HOMEPATH%\gOEYMkgs\OMAe.exe
- %HOMEPATH%\gOEYMkgs\fUIg.exe
- %HOMEPATH%\gOEYMkgs\BMgy.exe
- %HOMEPATH%\gOEYMkgs\BoAY.exe
- %HOMEPATH%\gOEYMkgs\DkgU.exe
- %HOMEPATH%\gOEYMkgs\MUkS.exe
- %HOMEPATH%\gOEYMkgs\UcAg.exe
- %HOMEPATH%\gOEYMkgs\CcYk.exe
- %HOMEPATH%\gOEYMkgs\cEou.exe
- %HOMEPATH%\gOEYMkgs\fwsC.exe
- %HOMEPATH%\gOEYMkgs\igUq.exe
- %HOMEPATH%\gOEYMkgs\REAm.exe
- %HOMEPATH%\gOEYMkgs\aMQu.exe
- %HOMEPATH%\gOEYMkgs\CYgU.exe
- %HOMEPATH%\gOEYMkgs\josQ.exe
- %HOMEPATH%\gOEYMkgs\DUMY.exe
- %HOMEPATH%\gOEYMkgs\pUkk.exe
- %HOMEPATH%\gOEYMkgs\aEQu.exe
- %HOMEPATH%\gOEYMkgs\XUIw.exe
- %HOMEPATH%\gOEYMkgs\vcIu.exe
- %HOMEPATH%\gOEYMkgs\kYUG.exe
- %HOMEPATH%\gOEYMkgs\jYkG.exe
- %HOMEPATH%\gOEYMkgs\EQEg.exe
- %HOMEPATH%\gOEYMkgs\KEoQ.exe
- %HOMEPATH%\gOEYMkgs\AYEs.exe
- %HOMEPATH%\gOEYMkgs\WIsG.exe
- %HOMEPATH%\gOEYMkgs\zsEM.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- %HOMEPATH%\gOEYMkgs\wQwg.exe
- %HOMEPATH%\gOEYMkgs\WEAU.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- %HOMEPATH%\gOEYMkgs\FIMC.exe
- %HOMEPATH%\gOEYMkgs\cQgE.exe
- %HOMEPATH%\gOEYMkgs\SowE.exe
- %HOMEPATH%\gOEYMkgs\RYwe.exe
- %HOMEPATH%\gOEYMkgs\dgoe.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- %HOMEPATH%\gOEYMkgs\TcEy.exe
- %HOMEPATH%\gOEYMkgs\UUAM.exe
- %HOMEPATH%\gOEYMkgs\yQAM.exe
- %HOMEPATH%\gOEYMkgs\WMQs.exe
- %HOMEPATH%\gOEYMkgs\pkwC.exe
- %HOMEPATH%\gOEYMkgs\IUAg.exe
- %HOMEPATH%\gOEYMkgs\LYka.exe
- %HOMEPATH%\gOEYMkgs\fQkE.exe
- %HOMEPATH%\gOEYMkgs\mokY.exe
- %HOMEPATH%\gOEYMkgs\NMQC.exe
- %HOMEPATH%\gOEYMkgs\FgcU.exe
- %HOMEPATH%\gOEYMkgs\UMEi.exe
- %HOMEPATH%\gOEYMkgs\BAsa.exe
- %HOMEPATH%\gOEYMkgs\uEcI.exe
- %HOMEPATH%\gOEYMkgs\oIsK.exe
- %HOMEPATH%\gOEYMkgs\lUUq.exe
- %HOMEPATH%\gOEYMkgs\fQoG.exe
- %HOMEPATH%\gOEYMkgs\RgcY.exe
- %HOMEPATH%\gOEYMkgs\qowG.exe
- %HOMEPATH%\gOEYMkgs\hMEI.exe
- %HOMEPATH%\gOEYMkgs\WUEC.exe
- %HOMEPATH%\gOEYMkgs\wsYu.exe
- %HOMEPATH%\gOEYMkgs\mUAk.exe
- %HOMEPATH%\gOEYMkgs\ikUm.exe
- %HOMEPATH%\gOEYMkgs\xMcO.exe
- %HOMEPATH%\gOEYMkgs\zYoM.exe
- %HOMEPATH%\gOEYMkgs\XoQM.exe
- %HOMEPATH%\gOEYMkgs\UEcy.exe
- %HOMEPATH%\gOEYMkgs\CsgI.exe
- %HOMEPATH%\gOEYMkgs\RwIi.exe
- %HOMEPATH%\gOEYMkgs\oMUe.exe
- %HOMEPATH%\gOEYMkgs\WwES.exe
- %HOMEPATH%\gOEYMkgs\bYwg.exe
- %HOMEPATH%\gOEYMkgs\EAgk.exe
- %HOMEPATH%\gOEYMkgs\KQIy.exe
- %HOMEPATH%\gOEYMkgs\DEEU.exe
- %HOMEPATH%\gOEYMkgs\hYMG.exe
- %HOMEPATH%\gOEYMkgs\NcQq.exe
- %HOMEPATH%\gOEYMkgs\nMAq.exe
- %HOMEPATH%\gOEYMkgs\DcAW.exe
- %HOMEPATH%\gOEYMkgs\tAkk.exe
- %HOMEPATH%\gOEYMkgs\AAQY.exe
- %HOMEPATH%\gOEYMkgs\XgMy.exe
- %HOMEPATH%\gOEYMkgs\wYga.exe
- %HOMEPATH%\gOEYMkgs\Kkcc.exe
- %HOMEPATH%\gOEYMkgs\mooS.exe
- %HOMEPATH%\gOEYMkgs\KQwe.exe
- %HOMEPATH%\gOEYMkgs\QAQE.exe
- %HOMEPATH%\gOEYMkgs\CAUu.exe
- %HOMEPATH%\gOEYMkgs\VIws.exe
- %HOMEPATH%\gOEYMkgs\gcIA.exe
- %HOMEPATH%\gOEYMkgs\wEQA.exe
- %HOMEPATH%\gOEYMkgs\OAgQ.exe
- %HOMEPATH%\gOEYMkgs\LQIa.exe
- %HOMEPATH%\gOEYMkgs\HsYy.exe
- %HOMEPATH%\gOEYMkgs\LEcI.exe
- %HOMEPATH%\gOEYMkgs\CMwi.exe
- %TEMP%\miUQsUYQ.bat
- %HOMEPATH%\gOEYMkgs\ZEIe.exe
- %HOMEPATH%\gOEYMkgs\PcgQ.exe
- %HOMEPATH%\gOEYMkgs\zAUm.exe
- %HOMEPATH%\gOEYMkgs\dQcw.exe
- %HOMEPATH%\gOEYMkgs\oQUY.exe
- %HOMEPATH%\gOEYMkgs\ZoQE.exe
- %HOMEPATH%\gOEYMkgs\QUAm.exe
- %HOMEPATH%\gOEYMkgs\lUMK.exe
- %HOMEPATH%\gOEYMkgs\TkcQ.exe
- %HOMEPATH%\gOEYMkgs\iYsa.exe
- %HOMEPATH%\gOEYMkgs\BYIw.exe
- %HOMEPATH%\gOEYMkgs\XsAG.exe
- %HOMEPATH%\gOEYMkgs\josG.exe
- %HOMEPATH%\gOEYMkgs\lEUg.exe
- %HOMEPATH%\gOEYMkgs\FoUy.exe
- %HOMEPATH%\gOEYMkgs\MgQU.exe
- %HOMEPATH%\gOEYMkgs\fwIe.exe
- %HOMEPATH%\gOEYMkgs\bIIC.exe
- %HOMEPATH%\gOEYMkgs\YUwG.exe
- %HOMEPATH%\gOEYMkgs\IAEi.exe
- %HOMEPATH%\gOEYMkgs\dwEe.exe
- %HOMEPATH%\gOEYMkgs\ZUoM.exe
- %HOMEPATH%\gOEYMkgs\lwwG.exe
- %HOMEPATH%\gOEYMkgs\EAYG.exe
- %HOMEPATH%\gOEYMkgs\uQAw.exe
- %HOMEPATH%\gOEYMkgs\skYk.exe
- %HOMEPATH%\gOEYMkgs\icsE.exe
- %HOMEPATH%\gOEYMkgs\HIsK.exe
- %HOMEPATH%\gOEYMkgs\egkK.exe
- %HOMEPATH%\gOEYMkgs\vgsa.exe
- %HOMEPATH%\gOEYMkgs\uQky.exe
- %HOMEPATH%\gOEYMkgs\YcEg.exe
- %HOMEPATH%\gOEYMkgs\RQgI.exe
- %HOMEPATH%\gOEYMkgs\bMAK.exe
- %HOMEPATH%\gOEYMkgs\TMEu.exe
- %HOMEPATH%\gOEYMkgs\NAYQ.exe
- %HOMEPATH%\gOEYMkgs\MIQG.exe
- %HOMEPATH%\gOEYMkgs\cIks.exe
- %HOMEPATH%\gOEYMkgs\XEAM.exe
- %HOMEPATH%\gOEYMkgs\RwoY.exe
- %HOMEPATH%\gOEYMkgs\JIgG.exe
- %HOMEPATH%\gOEYMkgs\tkso.exe
- %HOMEPATH%\gOEYMkgs\wYsO.exe
- %HOMEPATH%\gOEYMkgs\KQkU.exe
- '74.##5.232.51':80
- http:/// via 74.##5.232.51
- http://google.com/ via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'