Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '%TEMP%\ashAvSrv.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\ashAvSrv.exe
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\FEYW.exe
- %HOMEPATH%\gOEYMkgs\oIAg.exe
- %HOMEPATH%\gOEYMkgs\CMQa.exe
- %HOMEPATH%\gOEYMkgs\oMgq.exe
- %HOMEPATH%\gOEYMkgs\rogO.exe
- %HOMEPATH%\gOEYMkgs\JQIE.exe
- %HOMEPATH%\gOEYMkgs\coAi.exe
- %HOMEPATH%\gOEYMkgs\CIwG.exe
- %TEMP%\WER905d.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER905d.dir00\manifest.txt
- %TEMP%\WER905d.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\Jskk.exe
- %HOMEPATH%\gOEYMkgs\QckO.exe
- %HOMEPATH%\gOEYMkgs\BgEi.exe
- %HOMEPATH%\gOEYMkgs\sYMY.exe
- %HOMEPATH%\gOEYMkgs\OgAa.exe
- %HOMEPATH%\gOEYMkgs\tYcq.exe
- %HOMEPATH%\gOEYMkgs\OIUM.exe
- %HOMEPATH%\gOEYMkgs\NsIe.exe
- %HOMEPATH%\gOEYMkgs\ocAO.exe
- %HOMEPATH%\gOEYMkgs\wIUa.exe
- %HOMEPATH%\gOEYMkgs\lwkY.exe
- %HOMEPATH%\gOEYMkgs\mEMk.exe
- %HOMEPATH%\gOEYMkgs\Rkwg.exe
- %HOMEPATH%\gOEYMkgs\hAAy.exe
- %HOMEPATH%\gOEYMkgs\uokS.exe
- %HOMEPATH%\gOEYMkgs\pose.exe
- %HOMEPATH%\gOEYMkgs\ewwM.exe
- %HOMEPATH%\gOEYMkgs\XQYI.exe
- %HOMEPATH%\gOEYMkgs\pwwY.exe
- %HOMEPATH%\gOEYMkgs\rwIg.exe
- %HOMEPATH%\gOEYMkgs\qoka.exe
- %HOMEPATH%\gOEYMkgs\hoIC.exe
- %HOMEPATH%\gOEYMkgs\PIki.exe
- %HOMEPATH%\gOEYMkgs\gcYa.exe
- %HOMEPATH%\gOEYMkgs\wkcq.exe
- %HOMEPATH%\gOEYMkgs\YUsC.exe
- %HOMEPATH%\gOEYMkgs\ossq.exe
- %HOMEPATH%\gOEYMkgs\bEwe.exe
- %HOMEPATH%\gOEYMkgs\NIIU.exe
- %HOMEPATH%\gOEYMkgs\zoAi.exe
- %HOMEPATH%\gOEYMkgs\iIUQ.exe
- %TEMP%\WER905d.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\OwwU.exe
- %HOMEPATH%\gOEYMkgs\zwIi.exe
- %HOMEPATH%\gOEYMkgs\gIcQ.exe
- %HOMEPATH%\gOEYMkgs\ugcg.exe
- %HOMEPATH%\gOEYMkgs\QoAO.exe
- %HOMEPATH%\gOEYMkgs\HAQm.exe
- %HOMEPATH%\gOEYMkgs\OoMQ.exe
- %HOMEPATH%\gOEYMkgs\TkAk.exe
- %HOMEPATH%\gOEYMkgs\dgsW.exe
- %HOMEPATH%\gOEYMkgs\HAEg.exe
- %HOMEPATH%\gOEYMkgs\KEsI.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %HOMEPATH%\gOEYMkgs\WUcw.exe
- %HOMEPATH%\gOEYMkgs\wMYc.exe
- %HOMEPATH%\gOEYMkgs\RIsO.exe
- %HOMEPATH%\gOEYMkgs\JsAg.exe
- %HOMEPATH%\gOEYMkgs\MIUi.exe
- %HOMEPATH%\gOEYMkgs\McQS.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\aEwm.exe
- %HOMEPATH%\gOEYMkgs\ycEE.exe
- %HOMEPATH%\gOEYMkgs\VQwS.exe
- %HOMEPATH%\gOEYMkgs\SUkG.exe
- %HOMEPATH%\gOEYMkgs\Osww.exe
- %HOMEPATH%\gOEYMkgs\RQIG.exe
- %HOMEPATH%\gOEYMkgs\JkMQ.exe
- %HOMEPATH%\gOEYMkgs\pQEY.exe
- %HOMEPATH%\gOEYMkgs\swgu.exe
- %HOMEPATH%\gOEYMkgs\RUIk.exe
- %HOMEPATH%\gOEYMkgs\YYMc.exe
- %HOMEPATH%\gOEYMkgs\UQsE.exe
- %HOMEPATH%\gOEYMkgs\yoQm.exe
- %HOMEPATH%\gOEYMkgs\VIgq.exe
- %HOMEPATH%\gOEYMkgs\sosq.exe
- %HOMEPATH%\gOEYMkgs\ikAc.exe
- %HOMEPATH%\gOEYMkgs\LoAo.exe
- %HOMEPATH%\gOEYMkgs\nkIU.exe
- %HOMEPATH%\gOEYMkgs\FgAW.exe
- %HOMEPATH%\gOEYMkgs\QAIQ.exe
- %HOMEPATH%\gOEYMkgs\uIoO.exe
- %HOMEPATH%\gOEYMkgs\PgYC.exe
- %HOMEPATH%\gOEYMkgs\mQkm.exe
- %HOMEPATH%\gOEYMkgs\ZUQS.exe
- %HOMEPATH%\gOEYMkgs\zIgY.exe
- %HOMEPATH%\gOEYMkgs\XQwi.exe
- %HOMEPATH%\gOEYMkgs\swoO.exe
- %HOMEPATH%\gOEYMkgs\qwsU.exe
- %HOMEPATH%\gOEYMkgs\PAUG.exe
- %HOMEPATH%\gOEYMkgs\pYIe.exe
- %HOMEPATH%\gOEYMkgs\lQoI.exe
- %HOMEPATH%\gOEYMkgs\lMcw.exe
- %HOMEPATH%\gOEYMkgs\JEgc.exe
- %HOMEPATH%\gOEYMkgs\NgUC.exe
- %HOMEPATH%\gOEYMkgs\xwIK.exe
- %HOMEPATH%\gOEYMkgs\dYoA.exe
- %HOMEPATH%\gOEYMkgs\lYgs.exe
- %HOMEPATH%\gOEYMkgs\AoMM.exe
- %HOMEPATH%\gOEYMkgs\AooG.exe
- %HOMEPATH%\gOEYMkgs\qIUM.exe
- %HOMEPATH%\gOEYMkgs\GAMa.exe
- %HOMEPATH%\gOEYMkgs\wIEM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\tEoa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\VccY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\WAwq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\KkgC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\QgYO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\zgME.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\DYkE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\pAQM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\GEMi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\ncss.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\WEwq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZoUm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %TEMP%\WER3071.dir00\manifest.txt
- %TEMP%\WER3071.dir00\appcompat.txt
- %TEMP%\WER3071.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERae5b.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERae5b.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER3071.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %TEMP%\WERae5b.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\vMQs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\IUEY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\IEMG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\hocA.exe
- %TEMP%\WERae5b.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\eMEU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\wwEy.exe
- %HOMEPATH%\gOEYMkgs\akoY.exe
- %HOMEPATH%\gOEYMkgs\nYES.exe
- %HOMEPATH%\gOEYMkgs\yIYC.exe
- %HOMEPATH%\gOEYMkgs\XMYe.exe
- %HOMEPATH%\gOEYMkgs\zMIc.exe
- %HOMEPATH%\gOEYMkgs\eAQi.exe
- %TEMP%\WER1a22.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\mkou.exe
- %TEMP%\WER1a22.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\rQIK.exe
- %HOMEPATH%\gOEYMkgs\AwIa.exe
- %TEMP%\WER1a22.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\wYsO.exe
- %HOMEPATH%\gOEYMkgs\CAgg.exe
- %HOMEPATH%\gOEYMkgs\xock.exe
- %HOMEPATH%\gOEYMkgs\BooU.exe
- %HOMEPATH%\gOEYMkgs\ggwu.exe
- %HOMEPATH%\gOEYMkgs\sYQc.exe
- %HOMEPATH%\gOEYMkgs\KsQM.exe
- %HOMEPATH%\gOEYMkgs\TMAi.exe
- %HOMEPATH%\gOEYMkgs\gYwG.exe
- %HOMEPATH%\gOEYMkgs\sYgU.exe
- %HOMEPATH%\gOEYMkgs\BUMA.exe
- %HOMEPATH%\gOEYMkgs\PMQI.exe
- %HOMEPATH%\gOEYMkgs\foAs.exe
- %TEMP%\WER1a22.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\hMwS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\vkMM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\CowW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\RUcC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\tcIA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\MEkg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\voMK.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\UIIu.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\xsMW.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\hMcI.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\tcES.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\JEwi.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\tYcq.exe
- %HOMEPATH%\gOEYMkgs\OIUM.exe
- %HOMEPATH%\gOEYMkgs\mQkm.exe
- %HOMEPATH%\gOEYMkgs\ZUQS.exe
- %HOMEPATH%\gOEYMkgs\NsIe.exe
- %HOMEPATH%\gOEYMkgs\OgAa.exe
- %HOMEPATH%\gOEYMkgs\mEMk.exe
- %HOMEPATH%\gOEYMkgs\BgEi.exe
- %HOMEPATH%\gOEYMkgs\sYMY.exe
- %HOMEPATH%\gOEYMkgs\ikAc.exe
- %HOMEPATH%\gOEYMkgs\LoAo.exe
- %HOMEPATH%\gOEYMkgs\QAIQ.exe
- %HOMEPATH%\gOEYMkgs\uIoO.exe
- %HOMEPATH%\gOEYMkgs\nkIU.exe
- %HOMEPATH%\gOEYMkgs\swoO.exe
- %HOMEPATH%\gOEYMkgs\PgYC.exe
- %HOMEPATH%\gOEYMkgs\zIgY.exe
- %HOMEPATH%\gOEYMkgs\XQwi.exe
- %HOMEPATH%\gOEYMkgs\Rkwg.exe
- %HOMEPATH%\gOEYMkgs\Jskk.exe
- %HOMEPATH%\gOEYMkgs\coAi.exe
- %HOMEPATH%\gOEYMkgs\oIAg.exe
- %HOMEPATH%\gOEYMkgs\CMQa.exe
- %HOMEPATH%\gOEYMkgs\CIwG.exe
- %HOMEPATH%\gOEYMkgs\zwIi.exe
- %HOMEPATH%\gOEYMkgs\NIIU.exe
- %HOMEPATH%\gOEYMkgs\uokS.exe
- %HOMEPATH%\gOEYMkgs\OwwU.exe
- %HOMEPATH%\gOEYMkgs\wIUa.exe
- %HOMEPATH%\gOEYMkgs\lwkY.exe
- %HOMEPATH%\gOEYMkgs\hAAy.exe
- %HOMEPATH%\gOEYMkgs\ocAO.exe
- %HOMEPATH%\gOEYMkgs\QckO.exe
- %HOMEPATH%\gOEYMkgs\JQIE.exe
- %HOMEPATH%\gOEYMkgs\FEYW.exe
- %HOMEPATH%\gOEYMkgs\oMgq.exe
- %HOMEPATH%\gOEYMkgs\rogO.exe
- %HOMEPATH%\gOEYMkgs\FgAW.exe
- %HOMEPATH%\gOEYMkgs\YYMc.exe
- %HOMEPATH%\gOEYMkgs\ycEE.exe
- %HOMEPATH%\gOEYMkgs\swgu.exe
- %HOMEPATH%\gOEYMkgs\RUIk.exe
- %HOMEPATH%\gOEYMkgs\WUcw.exe
- %HOMEPATH%\gOEYMkgs\HAEg.exe
- %HOMEPATH%\gOEYMkgs\KEsI.exe
- %HOMEPATH%\gOEYMkgs\wMYc.exe
- %HOMEPATH%\gOEYMkgs\dgsW.exe
- %HOMEPATH%\gOEYMkgs\pQEY.exe
- %HOMEPATH%\gOEYMkgs\VQwS.exe
- %HOMEPATH%\gOEYMkgs\RQIG.exe
- %HOMEPATH%\gOEYMkgs\JkMQ.exe
- %HOMEPATH%\gOEYMkgs\SUkG.exe
- %HOMEPATH%\gOEYMkgs\yoQm.exe
- %HOMEPATH%\gOEYMkgs\VIgq.exe
- %HOMEPATH%\gOEYMkgs\Osww.exe
- %HOMEPATH%\gOEYMkgs\UQsE.exe
- %HOMEPATH%\gOEYMkgs\McQS.exe
- %HOMEPATH%\gOEYMkgs\AoMM.exe
- %HOMEPATH%\gOEYMkgs\AooG.exe
- %HOMEPATH%\gOEYMkgs\pYIe.exe
- %HOMEPATH%\gOEYMkgs\lQoI.exe
- %HOMEPATH%\gOEYMkgs\qIUM.exe
- %HOMEPATH%\gOEYMkgs\lYgs.exe
- %HOMEPATH%\gOEYMkgs\qwsU.exe
- %HOMEPATH%\gOEYMkgs\xwIK.exe
- %HOMEPATH%\gOEYMkgs\dYoA.exe
- %HOMEPATH%\gOEYMkgs\JsAg.exe
- %HOMEPATH%\gOEYMkgs\MIUi.exe
- %HOMEPATH%\gOEYMkgs\aEwm.exe
- %HOMEPATH%\gOEYMkgs\RIsO.exe
- %HOMEPATH%\gOEYMkgs\sosq.exe
- %HOMEPATH%\gOEYMkgs\NgUC.exe
- %HOMEPATH%\gOEYMkgs\PAUG.exe
- %HOMEPATH%\gOEYMkgs\lMcw.exe
- %HOMEPATH%\gOEYMkgs\JEgc.exe
- %HOMEPATH%\gOEYMkgs\zoAi.exe
- %HOMEPATH%\gOEYMkgs\vkMM.exe
- %HOMEPATH%\gOEYMkgs\CowW.exe
- %HOMEPATH%\gOEYMkgs\hMcI.exe
- %HOMEPATH%\gOEYMkgs\tcES.exe
- %HOMEPATH%\gOEYMkgs\hMwS.exe
- %HOMEPATH%\gOEYMkgs\RUcC.exe
- %HOMEPATH%\gOEYMkgs\pAQM.exe
- %HOMEPATH%\gOEYMkgs\tcIA.exe
- %HOMEPATH%\gOEYMkgs\MEkg.exe
- %HOMEPATH%\gOEYMkgs\rQIK.exe
- %HOMEPATH%\gOEYMkgs\AwIa.exe
- %HOMEPATH%\gOEYMkgs\nYES.exe
- %HOMEPATH%\gOEYMkgs\yIYC.exe
- %HOMEPATH%\gOEYMkgs\mkou.exe
- %HOMEPATH%\gOEYMkgs\UIIu.exe
- %HOMEPATH%\gOEYMkgs\JEwi.exe
- %HOMEPATH%\gOEYMkgs\xsMW.exe
- %HOMEPATH%\gOEYMkgs\voMK.exe
- %HOMEPATH%\gOEYMkgs\GEMi.exe
- %HOMEPATH%\gOEYMkgs\IUEY.exe
- %HOMEPATH%\gOEYMkgs\IEMG.exe
- %HOMEPATH%\gOEYMkgs\WAwq.exe
- %HOMEPATH%\gOEYMkgs\KkgC.exe
- %HOMEPATH%\gOEYMkgs\vMQs.exe
- %HOMEPATH%\gOEYMkgs\hocA.exe
- %TEMP%\CUoIkcwg.bat
- %HOMEPATH%\gOEYMkgs\eMEU.exe
- %HOMEPATH%\gOEYMkgs\wwEy.exe
- %HOMEPATH%\gOEYMkgs\ZoUm.exe
- %HOMEPATH%\gOEYMkgs\ncss.exe
- %HOMEPATH%\gOEYMkgs\DYkE.exe
- %HOMEPATH%\gOEYMkgs\WEwq.exe
- %HOMEPATH%\gOEYMkgs\zgME.exe
- %HOMEPATH%\gOEYMkgs\tEoa.exe
- %HOMEPATH%\gOEYMkgs\QgYO.exe
- %HOMEPATH%\gOEYMkgs\VccY.exe
- %HOMEPATH%\gOEYMkgs\wIEM.exe
- %HOMEPATH%\gOEYMkgs\akoY.exe
- %HOMEPATH%\gOEYMkgs\pose.exe
- %HOMEPATH%\gOEYMkgs\ewwM.exe
- %HOMEPATH%\gOEYMkgs\rwIg.exe
- %HOMEPATH%\gOEYMkgs\qoka.exe
- %HOMEPATH%\gOEYMkgs\XQYI.exe
- %HOMEPATH%\gOEYMkgs\ossq.exe
- %HOMEPATH%\gOEYMkgs\hoIC.exe
- %HOMEPATH%\gOEYMkgs\wkcq.exe
- %HOMEPATH%\gOEYMkgs\YUsC.exe
- %HOMEPATH%\gOEYMkgs\OoMQ.exe
- %HOMEPATH%\gOEYMkgs\TkAk.exe
- %HOMEPATH%\gOEYMkgs\iIUQ.exe
- %HOMEPATH%\gOEYMkgs\HAQm.exe
- %HOMEPATH%\gOEYMkgs\gIcQ.exe
- %HOMEPATH%\gOEYMkgs\bEwe.exe
- %HOMEPATH%\gOEYMkgs\pwwY.exe
- %HOMEPATH%\gOEYMkgs\ugcg.exe
- %HOMEPATH%\gOEYMkgs\QoAO.exe
- %HOMEPATH%\gOEYMkgs\PIki.exe
- %HOMEPATH%\gOEYMkgs\TMAi.exe
- %HOMEPATH%\gOEYMkgs\gYwG.exe
- %HOMEPATH%\gOEYMkgs\PMQI.exe
- %HOMEPATH%\gOEYMkgs\foAs.exe
- %HOMEPATH%\gOEYMkgs\sYgU.exe
- %HOMEPATH%\gOEYMkgs\zMIc.exe
- %HOMEPATH%\gOEYMkgs\eAQi.exe
- %HOMEPATH%\gOEYMkgs\wYsO.exe
- %HOMEPATH%\gOEYMkgs\XMYe.exe
- %HOMEPATH%\gOEYMkgs\ggwu.exe
- %HOMEPATH%\gOEYMkgs\sYQc.exe
- %HOMEPATH%\gOEYMkgs\gcYa.exe
- %HOMEPATH%\gOEYMkgs\GAMa.exe
- %HOMEPATH%\gOEYMkgs\KsQM.exe
- %HOMEPATH%\gOEYMkgs\BooU.exe
- %HOMEPATH%\gOEYMkgs\BUMA.exe
- %HOMEPATH%\gOEYMkgs\CAgg.exe
- %HOMEPATH%\gOEYMkgs\xock.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http:/// via 74.##5.232.51
- http://google.com/ via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'
- ClassName: 'Shell_TrayWnd' WindowName: ''