Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\pUQg.exe
- %HOMEPATH%\gOEYMkgs\XgYa.exe
- %HOMEPATH%\gOEYMkgs\LwAy.exe
- %HOMEPATH%\gOEYMkgs\JIEE.exe
- %TEMP%\WER3876.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\xYIa.exe
- %HOMEPATH%\gOEYMkgs\ocos.exe
- %HOMEPATH%\gOEYMkgs\moUe.exe
- %HOMEPATH%\gOEYMkgs\cooc.exe
- %HOMEPATH%\gOEYMkgs\VIgm.exe
- %HOMEPATH%\gOEYMkgs\nEYa.exe
- %HOMEPATH%\gOEYMkgs\CUYE.exe
- %HOMEPATH%\gOEYMkgs\Ogkc.exe
- %TEMP%\WER3876.dir00\manifest.txt
- %TEMP%\WER3876.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\kIga.exe
- %HOMEPATH%\gOEYMkgs\dkEe.exe
- %HOMEPATH%\gOEYMkgs\bsQg.exe
- %HOMEPATH%\gOEYMkgs\YwMu.exe
- %HOMEPATH%\gOEYMkgs\fgUm.exe
- %TEMP%\WER3876.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\mUwW.exe
- %HOMEPATH%\gOEYMkgs\psUY.exe
- %HOMEPATH%\gOEYMkgs\ZYYw.exe
- %HOMEPATH%\gOEYMkgs\eEEC.exe
- %HOMEPATH%\gOEYMkgs\Awwu.exe
- %HOMEPATH%\gOEYMkgs\eskk.exe
- %HOMEPATH%\gOEYMkgs\NwAc.exe
- %HOMEPATH%\gOEYMkgs\HMgg.exe
- %HOMEPATH%\gOEYMkgs\qIMe.exe
- %HOMEPATH%\gOEYMkgs\hgcU.exe
- %HOMEPATH%\gOEYMkgs\TAYi.exe
- %HOMEPATH%\gOEYMkgs\TkcS.exe
- %HOMEPATH%\gOEYMkgs\HYkw.exe
- %HOMEPATH%\gOEYMkgs\vYQm.exe
- %HOMEPATH%\gOEYMkgs\PEEc.exe
- %HOMEPATH%\gOEYMkgs\PIAC.exe
- %HOMEPATH%\gOEYMkgs\JIAs.exe
- %HOMEPATH%\gOEYMkgs\MYgu.exe
- %HOMEPATH%\gOEYMkgs\JMAg.exe
- %HOMEPATH%\gOEYMkgs\PooA.exe
- %HOMEPATH%\gOEYMkgs\zswm.exe
- %HOMEPATH%\gOEYMkgs\WAcg.exe
- %HOMEPATH%\gOEYMkgs\UAsG.exe
- %HOMEPATH%\gOEYMkgs\JwEk.exe
- %HOMEPATH%\gOEYMkgs\QYEy.exe
- %HOMEPATH%\gOEYMkgs\xgAm.exe
- %HOMEPATH%\gOEYMkgs\iQgE.exe
- %HOMEPATH%\gOEYMkgs\xIIQ.exe
- %HOMEPATH%\gOEYMkgs\BYcy.exe
- %HOMEPATH%\gOEYMkgs\ycoG.exe
- %HOMEPATH%\gOEYMkgs\XYYm.exe
- %HOMEPATH%\gOEYMkgs\FAEQ.exe
- %HOMEPATH%\gOEYMkgs\tIYS.exe
- %HOMEPATH%\gOEYMkgs\dAoW.exe
- %HOMEPATH%\gOEYMkgs\sgga.exe
- %HOMEPATH%\gOEYMkgs\gEgQ.exe
- %HOMEPATH%\gOEYMkgs\mIcY.exe
- %HOMEPATH%\gOEYMkgs\HkYK.exe
- %HOMEPATH%\gOEYMkgs\fkke.exe
- %HOMEPATH%\gOEYMkgs\VYQg.exe
- %HOMEPATH%\gOEYMkgs\ysMk.exe
- %HOMEPATH%\gOEYMkgs\Ccgi.exe
- %HOMEPATH%\gOEYMkgs\FYgK.exe
- %HOMEPATH%\gOEYMkgs\SUIO.exe
- %HOMEPATH%\gOEYMkgs\BAAe.exe
- %HOMEPATH%\gOEYMkgs\WsIa.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\BcgO.exe
- %HOMEPATH%\gOEYMkgs\oAAY.exe
- %HOMEPATH%\gOEYMkgs\ZIQq.exe
- %HOMEPATH%\gOEYMkgs\psgC.exe
- %HOMEPATH%\gOEYMkgs\jUAS.exe
- %HOMEPATH%\gOEYMkgs\JIwI.exe
- %HOMEPATH%\gOEYMkgs\EcAa.exe
- %HOMEPATH%\gOEYMkgs\OMgo.exe
- %HOMEPATH%\gOEYMkgs\ZYMg.exe
- %HOMEPATH%\gOEYMkgs\VcMK.exe
- %HOMEPATH%\gOEYMkgs\FAEC.exe
- %HOMEPATH%\gOEYMkgs\KkIS.exe
- %HOMEPATH%\gOEYMkgs\CEYM.exe
- %HOMEPATH%\gOEYMkgs\NkEe.exe
- %HOMEPATH%\gOEYMkgs\wQwY.exe
- %HOMEPATH%\gOEYMkgs\cEYs.exe
- %HOMEPATH%\gOEYMkgs\mUga.exe
- %HOMEPATH%\gOEYMkgs\CkAy.exe
- %HOMEPATH%\gOEYMkgs\dEQS.exe
- %HOMEPATH%\gOEYMkgs\KIMQ.exe
- %HOMEPATH%\gOEYMkgs\nooM.exe
- %HOMEPATH%\gOEYMkgs\ggMq.exe
- %HOMEPATH%\gOEYMkgs\AwAm.exe
- %HOMEPATH%\gOEYMkgs\xwsu.exe
- %HOMEPATH%\gOEYMkgs\vQIY.exe
- %HOMEPATH%\gOEYMkgs\yAkU.exe
- %HOMEPATH%\gOEYMkgs\xMkQ.exe
- %HOMEPATH%\gOEYMkgs\QcwY.exe
- %HOMEPATH%\gOEYMkgs\JUEU.exe
- %HOMEPATH%\gOEYMkgs\FEQS.exe
- %HOMEPATH%\gOEYMkgs\Vowk.exe
- %HOMEPATH%\gOEYMkgs\eoQG.exe
- %HOMEPATH%\gOEYMkgs\EAMw.exe
- %HOMEPATH%\gOEYMkgs\Lwkm.exe
- %HOMEPATH%\gOEYMkgs\KEwm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\OowQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %TEMP%\WER5007.dir00\manifest.txt
- %TEMP%\WER5007.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\OkoK.exe
- %HOMEPATH%\gOEYMkgs\cUgY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\wsYG.exe
- %TEMP%\WER5007.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\rkkg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\RUwA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\EogC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\CIku.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\twQe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\eEMK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\jkUS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %TEMP%\WER5007.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WERdf3e.dir00\manifest.txt
- %TEMP%\WERdf3e.dir00\appcompat.txt
- %TEMP%\WERdf3e.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\eUUC.exe
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WERdf3e.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\mwoS.exe
- %HOMEPATH%\gOEYMkgs\vMkU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\VIAM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\KQQu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\VwQA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\tQAm.exe
- %HOMEPATH%\gOEYMkgs\ygQS.exe
- %HOMEPATH%\gOEYMkgs\zMQY.exe
- %TEMP%\WERc25c.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\oEMA.exe
- %HOMEPATH%\gOEYMkgs\NskC.exe
- %HOMEPATH%\gOEYMkgs\PQAc.exe
- %HOMEPATH%\gOEYMkgs\jcMK.exe
- %HOMEPATH%\gOEYMkgs\qwMi.exe
- %TEMP%\WERc25c.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WERc25c.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\JwIE.exe
- %TEMP%\WERc25c.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\mMEs.exe
- %HOMEPATH%\gOEYMkgs\hgcG.exe
- %HOMEPATH%\gOEYMkgs\GgkS.exe
- %HOMEPATH%\gOEYMkgs\aUoG.exe
- %HOMEPATH%\gOEYMkgs\ZQsY.exe
- %HOMEPATH%\gOEYMkgs\bggy.exe
- %HOMEPATH%\gOEYMkgs\jUEK.exe
- %HOMEPATH%\gOEYMkgs\Rkkw.exe
- %HOMEPATH%\gOEYMkgs\XAge.exe
- %HOMEPATH%\gOEYMkgs\LkkY.exe
- %HOMEPATH%\gOEYMkgs\mYcS.exe
- %HOMEPATH%\gOEYMkgs\LYIq.exe
- %HOMEPATH%\gOEYMkgs\vkko.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\YYom.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\wUMo.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\sYoi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\rckE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\MYoA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\uwwy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\gAIU.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\kwMi.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\CsYw.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\ggcu.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\IIgI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\YwEw.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\qcYI.exe
- %HOMEPATH%\gOEYMkgs\CkAy.exe
- %HOMEPATH%\gOEYMkgs\dkEe.exe
- %HOMEPATH%\gOEYMkgs\cEYs.exe
- %HOMEPATH%\gOEYMkgs\mUga.exe
- %HOMEPATH%\gOEYMkgs\bsQg.exe
- %HOMEPATH%\gOEYMkgs\psUY.exe
- %HOMEPATH%\gOEYMkgs\ZYYw.exe
- %HOMEPATH%\gOEYMkgs\YwMu.exe
- %HOMEPATH%\gOEYMkgs\kIga.exe
- %HOMEPATH%\gOEYMkgs\wQwY.exe
- %HOMEPATH%\gOEYMkgs\VcMK.exe
- %HOMEPATH%\gOEYMkgs\CEYM.exe
- %HOMEPATH%\gOEYMkgs\NkEe.exe
- %HOMEPATH%\gOEYMkgs\FAEC.exe
- %HOMEPATH%\gOEYMkgs\KIMQ.exe
- %HOMEPATH%\gOEYMkgs\nooM.exe
- %HOMEPATH%\gOEYMkgs\KkIS.exe
- %HOMEPATH%\gOEYMkgs\dEQS.exe
- %HOMEPATH%\gOEYMkgs\eEEC.exe
- %HOMEPATH%\gOEYMkgs\ocos.exe
- %HOMEPATH%\gOEYMkgs\moUe.exe
- %HOMEPATH%\gOEYMkgs\nEYa.exe
- %HOMEPATH%\gOEYMkgs\CUYE.exe
- %HOMEPATH%\gOEYMkgs\cooc.exe
- %HOMEPATH%\gOEYMkgs\UAsG.exe
- %HOMEPATH%\gOEYMkgs\JwEk.exe
- %HOMEPATH%\gOEYMkgs\Awwu.exe
- %HOMEPATH%\gOEYMkgs\WAcg.exe
- %HOMEPATH%\gOEYMkgs\Ogkc.exe
- %HOMEPATH%\gOEYMkgs\JIEE.exe
- %HOMEPATH%\gOEYMkgs\fgUm.exe
- %HOMEPATH%\gOEYMkgs\mUwW.exe
- %HOMEPATH%\gOEYMkgs\xYIa.exe
- %HOMEPATH%\gOEYMkgs\LwAy.exe
- %HOMEPATH%\gOEYMkgs\VIgm.exe
- %HOMEPATH%\gOEYMkgs\pUQg.exe
- %HOMEPATH%\gOEYMkgs\XgYa.exe
- %HOMEPATH%\gOEYMkgs\ggMq.exe
- %HOMEPATH%\gOEYMkgs\FYgK.exe
- %HOMEPATH%\gOEYMkgs\dAoW.exe
- %HOMEPATH%\gOEYMkgs\psgC.exe
- %HOMEPATH%\gOEYMkgs\jUAS.exe
- %HOMEPATH%\gOEYMkgs\sgga.exe
- %HOMEPATH%\gOEYMkgs\FAEQ.exe
- %HOMEPATH%\gOEYMkgs\tIYS.exe
- %HOMEPATH%\gOEYMkgs\gEgQ.exe
- %HOMEPATH%\gOEYMkgs\XYYm.exe
- %HOMEPATH%\gOEYMkgs\SUIO.exe
- %HOMEPATH%\gOEYMkgs\BAAe.exe
- %HOMEPATH%\gOEYMkgs\BcgO.exe
- %HOMEPATH%\gOEYMkgs\oAAY.exe
- %HOMEPATH%\gOEYMkgs\WsIa.exe
- %HOMEPATH%\gOEYMkgs\OMgo.exe
- %HOMEPATH%\gOEYMkgs\ZIQq.exe
- %HOMEPATH%\gOEYMkgs\JIwI.exe
- %HOMEPATH%\gOEYMkgs\EcAa.exe
- %HOMEPATH%\gOEYMkgs\VYQg.exe
- %HOMEPATH%\gOEYMkgs\vQIY.exe
- %HOMEPATH%\gOEYMkgs\eoQG.exe
- %HOMEPATH%\gOEYMkgs\AwAm.exe
- %HOMEPATH%\gOEYMkgs\xwsu.exe
- %HOMEPATH%\gOEYMkgs\EAMw.exe
- %HOMEPATH%\gOEYMkgs\FEQS.exe
- %HOMEPATH%\gOEYMkgs\Vowk.exe
- %HOMEPATH%\gOEYMkgs\Lwkm.exe
- %HOMEPATH%\gOEYMkgs\JUEU.exe
- %HOMEPATH%\gOEYMkgs\mIcY.exe
- %HOMEPATH%\gOEYMkgs\HkYK.exe
- %HOMEPATH%\gOEYMkgs\ysMk.exe
- %HOMEPATH%\gOEYMkgs\Ccgi.exe
- %HOMEPATH%\gOEYMkgs\fkke.exe
- %HOMEPATH%\gOEYMkgs\xMkQ.exe
- %HOMEPATH%\gOEYMkgs\QcwY.exe
- %HOMEPATH%\gOEYMkgs\ZYMg.exe
- %HOMEPATH%\gOEYMkgs\yAkU.exe
- %HOMEPATH%\gOEYMkgs\JMAg.exe
- %HOMEPATH%\gOEYMkgs\gAIU.exe
- %HOMEPATH%\gOEYMkgs\sYoi.exe
- %HOMEPATH%\gOEYMkgs\qcYI.exe
- %HOMEPATH%\gOEYMkgs\IIgI.exe
- %HOMEPATH%\gOEYMkgs\YYom.exe
- %HOMEPATH%\gOEYMkgs\rckE.exe
- %HOMEPATH%\gOEYMkgs\MYoA.exe
- %HOMEPATH%\gOEYMkgs\wUMo.exe
- %HOMEPATH%\gOEYMkgs\uwwy.exe
- %HOMEPATH%\gOEYMkgs\JwIE.exe
- %HOMEPATH%\gOEYMkgs\jcMK.exe
- %HOMEPATH%\gOEYMkgs\ygQS.exe
- %HOMEPATH%\gOEYMkgs\zMQY.exe
- %HOMEPATH%\gOEYMkgs\qwMi.exe
- %HOMEPATH%\gOEYMkgs\kwMi.exe
- %HOMEPATH%\gOEYMkgs\YwEw.exe
- %HOMEPATH%\gOEYMkgs\CsYw.exe
- %HOMEPATH%\gOEYMkgs\ggcu.exe
- %HOMEPATH%\gOEYMkgs\CIku.exe
- %HOMEPATH%\gOEYMkgs\vMkU.exe
- %HOMEPATH%\gOEYMkgs\VwQA.exe
- %HOMEPATH%\gOEYMkgs\wsYG.exe
- %HOMEPATH%\gOEYMkgs\VIAM.exe
- %TEMP%\iasYQYMQ.bat
- %HOMEPATH%\gOEYMkgs\mwoS.exe
- %HOMEPATH%\gOEYMkgs\eUUC.exe
- %HOMEPATH%\gOEYMkgs\tQAm.exe
- %HOMEPATH%\gOEYMkgs\KQQu.exe
- %HOMEPATH%\gOEYMkgs\jkUS.exe
- %HOMEPATH%\gOEYMkgs\twQe.exe
- %HOMEPATH%\gOEYMkgs\RUwA.exe
- %HOMEPATH%\gOEYMkgs\EogC.exe
- %HOMEPATH%\gOEYMkgs\eEMK.exe
- %HOMEPATH%\gOEYMkgs\rkkg.exe
- %HOMEPATH%\gOEYMkgs\cUgY.exe
- %HOMEPATH%\gOEYMkgs\OkoK.exe
- %HOMEPATH%\gOEYMkgs\OowQ.exe
- %HOMEPATH%\gOEYMkgs\PQAc.exe
- %HOMEPATH%\gOEYMkgs\TAYi.exe
- %HOMEPATH%\gOEYMkgs\eskk.exe
- %HOMEPATH%\gOEYMkgs\qIMe.exe
- %HOMEPATH%\gOEYMkgs\hgcU.exe
- %HOMEPATH%\gOEYMkgs\NwAc.exe
- %HOMEPATH%\gOEYMkgs\PIAC.exe
- %HOMEPATH%\gOEYMkgs\JIAs.exe
- %HOMEPATH%\gOEYMkgs\HMgg.exe
- %HOMEPATH%\gOEYMkgs\PEEc.exe
- %HOMEPATH%\gOEYMkgs\xIIQ.exe
- %HOMEPATH%\gOEYMkgs\BYcy.exe
- %HOMEPATH%\gOEYMkgs\PooA.exe
- %HOMEPATH%\gOEYMkgs\zswm.exe
- %HOMEPATH%\gOEYMkgs\ycoG.exe
- %HOMEPATH%\gOEYMkgs\iQgE.exe
- %HOMEPATH%\gOEYMkgs\MYgu.exe
- %HOMEPATH%\gOEYMkgs\QYEy.exe
- %HOMEPATH%\gOEYMkgs\xgAm.exe
- %HOMEPATH%\gOEYMkgs\TkcS.exe
- %HOMEPATH%\gOEYMkgs\vkko.exe
- %HOMEPATH%\gOEYMkgs\Rkkw.exe
- %HOMEPATH%\gOEYMkgs\mYcS.exe
- %HOMEPATH%\gOEYMkgs\LYIq.exe
- %HOMEPATH%\gOEYMkgs\XAge.exe
- %HOMEPATH%\gOEYMkgs\oEMA.exe
- %HOMEPATH%\gOEYMkgs\NskC.exe
- %HOMEPATH%\gOEYMkgs\LkkY.exe
- %HOMEPATH%\gOEYMkgs\mMEs.exe
- %HOMEPATH%\gOEYMkgs\KEwm.exe
- %HOMEPATH%\gOEYMkgs\ZQsY.exe
- %HOMEPATH%\gOEYMkgs\HYkw.exe
- %HOMEPATH%\gOEYMkgs\vYQm.exe
- %HOMEPATH%\gOEYMkgs\bggy.exe
- %HOMEPATH%\gOEYMkgs\GgkS.exe
- %HOMEPATH%\gOEYMkgs\aUoG.exe
- %HOMEPATH%\gOEYMkgs\jUEK.exe
- %HOMEPATH%\gOEYMkgs\hgcG.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'