Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\rUgY.exe
- %HOMEPATH%\gOEYMkgs\ZsQs.exe
- %HOMEPATH%\gOEYMkgs\sUYg.exe
- %HOMEPATH%\gOEYMkgs\swAQ.exe
- %HOMEPATH%\gOEYMkgs\ncwk.exe
- %HOMEPATH%\gOEYMkgs\LcAC.exe
- %TEMP%\WER13dd.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\SsEG.exe
- %TEMP%\WER13dd.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\uQcI.exe
- %HOMEPATH%\gOEYMkgs\nEUu.exe
- %HOMEPATH%\gOEYMkgs\foEy.exe
- %HOMEPATH%\gOEYMkgs\soYS.exe
- %HOMEPATH%\gOEYMkgs\vEkI.exe
- %HOMEPATH%\gOEYMkgs\hsgG.exe
- %HOMEPATH%\gOEYMkgs\vgIo.exe
- %HOMEPATH%\gOEYMkgs\VkYC.exe
- %HOMEPATH%\gOEYMkgs\lIQE.exe
- %HOMEPATH%\gOEYMkgs\DYwY.exe
- %HOMEPATH%\gOEYMkgs\fwUs.exe
- %HOMEPATH%\gOEYMkgs\iAQQ.exe
- %HOMEPATH%\gOEYMkgs\bkYu.exe
- %HOMEPATH%\gOEYMkgs\msgQ.exe
- %HOMEPATH%\gOEYMkgs\GEkI.exe
- %HOMEPATH%\gOEYMkgs\jgsW.exe
- %HOMEPATH%\gOEYMkgs\Acow.exe
- %HOMEPATH%\gOEYMkgs\ZMkK.exe
- %HOMEPATH%\gOEYMkgs\dwYW.exe
- %HOMEPATH%\gOEYMkgs\BAAu.exe
- %HOMEPATH%\gOEYMkgs\qgsi.exe
- %HOMEPATH%\gOEYMkgs\LEog.exe
- %HOMEPATH%\gOEYMkgs\eYEy.exe
- %HOMEPATH%\gOEYMkgs\JYgK.exe
- %HOMEPATH%\gOEYMkgs\VUkC.exe
- %HOMEPATH%\gOEYMkgs\NYYo.exe
- %HOMEPATH%\gOEYMkgs\wsYg.exe
- %HOMEPATH%\gOEYMkgs\oIcM.exe
- %HOMEPATH%\gOEYMkgs\dkoe.exe
- %HOMEPATH%\gOEYMkgs\XMEi.exe
- %HOMEPATH%\gOEYMkgs\iQYM.exe
- %TEMP%\WER13dd.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\ZYYW.exe
- %TEMP%\WER13dd.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\VwUW.exe
- %HOMEPATH%\gOEYMkgs\wwsY.exe
- %HOMEPATH%\gOEYMkgs\fsAw.exe
- %HOMEPATH%\gOEYMkgs\RUIS.exe
- %HOMEPATH%\gOEYMkgs\jgAG.exe
- %HOMEPATH%\gOEYMkgs\bckm.exe
- %HOMEPATH%\gOEYMkgs\SsQk.exe
- %HOMEPATH%\gOEYMkgs\eEQs.exe
- %HOMEPATH%\gOEYMkgs\dkkE.exe
- %HOMEPATH%\gOEYMkgs\jwog.exe
- %HOMEPATH%\gOEYMkgs\wswe.exe
- %HOMEPATH%\gOEYMkgs\vkMI.exe
- %TEMP%\WER8900.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\CAcO.exe
- %HOMEPATH%\gOEYMkgs\XgMs.exe
- %HOMEPATH%\gOEYMkgs\zIEq.exe
- %HOMEPATH%\gOEYMkgs\jMws.exe
- %HOMEPATH%\gOEYMkgs\GEAo.exe
- %HOMEPATH%\gOEYMkgs\ZMsU.exe
- %HOMEPATH%\gOEYMkgs\eocs.exe
- %HOMEPATH%\gOEYMkgs\iEsM.exe
- %HOMEPATH%\gOEYMkgs\UQkO.exe
- %HOMEPATH%\gOEYMkgs\kgsg.exe
- %HOMEPATH%\gOEYMkgs\sUMk.exe
- %TEMP%\WER8900.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\NoYg.exe
- %TEMP%\WER8900.dir00\appcompat.txt
- %TEMP%\WER8900.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\EkAE.exe
- %HOMEPATH%\gOEYMkgs\akwI.exe
- %HOMEPATH%\gOEYMkgs\vsgM.exe
- %HOMEPATH%\gOEYMkgs\ioQO.exe
- %HOMEPATH%\gOEYMkgs\ToES.exe
- %HOMEPATH%\gOEYMkgs\YkYI.exe
- %HOMEPATH%\gOEYMkgs\DgwS.exe
- %HOMEPATH%\gOEYMkgs\EwcI.exe
- %HOMEPATH%\gOEYMkgs\AYIQ.exe
- %HOMEPATH%\gOEYMkgs\AoMw.exe
- %HOMEPATH%\gOEYMkgs\GcUE.exe
- %HOMEPATH%\gOEYMkgs\rQkc.exe
- %HOMEPATH%\gOEYMkgs\aMAi.exe
- %HOMEPATH%\gOEYMkgs\cwso.exe
- %HOMEPATH%\gOEYMkgs\hUUw.exe
- %HOMEPATH%\gOEYMkgs\Mogo.exe
- %HOMEPATH%\gOEYMkgs\oAIK.exe
- %HOMEPATH%\gOEYMkgs\tEQq.exe
- %HOMEPATH%\gOEYMkgs\mYsq.exe
- %HOMEPATH%\gOEYMkgs\ZooE.exe
- %HOMEPATH%\gOEYMkgs\vsgw.exe
- %HOMEPATH%\gOEYMkgs\KAgY.exe
- %HOMEPATH%\gOEYMkgs\zMMG.exe
- %HOMEPATH%\gOEYMkgs\vsQE.exe
- %HOMEPATH%\gOEYMkgs\mQYQ.exe
- %HOMEPATH%\gOEYMkgs\pEEe.exe
- %HOMEPATH%\gOEYMkgs\WIQm.exe
- %HOMEPATH%\gOEYMkgs\aIsQ.exe
- %HOMEPATH%\gOEYMkgs\cQcE.exe
- %HOMEPATH%\gOEYMkgs\qsIq.exe
- %HOMEPATH%\gOEYMkgs\hQwS.exe
- %HOMEPATH%\gOEYMkgs\iwsQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\NgcC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\hMIm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\yMQG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\mkse.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\tQQq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\NkQo.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\Pwsg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\uAci.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\Uswu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\TAMG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\XEgs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\Uwcw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %TEMP%\WER284b.dir00\appcompat.txt
- %TEMP%\WER284b.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\tsIG.exe
- %TEMP%\WER284b.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER284b.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\UoIk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\BEAM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\OAka.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\DEII.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\yUcO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\zUIq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\DsQu.exe
- %HOMEPATH%\gOEYMkgs\NAQg.exe
- %HOMEPATH%\gOEYMkgs\Rsoa.exe
- %HOMEPATH%\gOEYMkgs\FMgK.exe
- %HOMEPATH%\gOEYMkgs\UQQk.exe
- %HOMEPATH%\gOEYMkgs\DQsA.exe
- %HOMEPATH%\gOEYMkgs\ksYe.exe
- %HOMEPATH%\gOEYMkgs\QoMY.exe
- %HOMEPATH%\gOEYMkgs\iYUA.exe
- %TEMP%\WERa7e4.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\gEAS.exe
- %HOMEPATH%\gOEYMkgs\OgIk.exe
- %HOMEPATH%\gOEYMkgs\kgUE.exe
- %HOMEPATH%\gOEYMkgs\tcEs.exe
- %HOMEPATH%\gOEYMkgs\wgkk.exe
- %HOMEPATH%\gOEYMkgs\OIUm.exe
- %HOMEPATH%\gOEYMkgs\DIQQ.exe
- %HOMEPATH%\gOEYMkgs\lEss.exe
- %HOMEPATH%\gOEYMkgs\okYM.exe
- %HOMEPATH%\gOEYMkgs\IgUS.exe
- %HOMEPATH%\gOEYMkgs\fggI.exe
- %HOMEPATH%\gOEYMkgs\gEYu.exe
- %HOMEPATH%\gOEYMkgs\JQMs.exe
- %HOMEPATH%\gOEYMkgs\hUMA.exe
- %HOMEPATH%\gOEYMkgs\Booe.exe
- %HOMEPATH%\gOEYMkgs\YYQW.exe
- %TEMP%\WERa7e4.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\jIAO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\CwIC.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\bgUm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\fcEU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\QkQC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\EMYo.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\sIca.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\icgA.exe
- %TEMP%\WERa7e4.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERa7e4.dir00\ZgMYMIIE.exe.mdmp
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\fccs.exe
- %HOMEPATH%\gOEYMkgs\soEM.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\Dogc.exe
- %HOMEPATH%\gOEYMkgs\DYwY.exe
- %HOMEPATH%\gOEYMkgs\vEkI.exe
- %HOMEPATH%\gOEYMkgs\VkYC.exe
- %HOMEPATH%\gOEYMkgs\lIQE.exe
- %HOMEPATH%\gOEYMkgs\hsgG.exe
- %HOMEPATH%\gOEYMkgs\GEkI.exe
- %HOMEPATH%\gOEYMkgs\jgsW.exe
- %HOMEPATH%\gOEYMkgs\vgIo.exe
- %HOMEPATH%\gOEYMkgs\msgQ.exe
- %HOMEPATH%\gOEYMkgs\AYIQ.exe
- %HOMEPATH%\gOEYMkgs\Mogo.exe
- %HOMEPATH%\gOEYMkgs\DgwS.exe
- %HOMEPATH%\gOEYMkgs\EwcI.exe
- %HOMEPATH%\gOEYMkgs\oAIK.exe
- %HOMEPATH%\gOEYMkgs\cwso.exe
- %HOMEPATH%\gOEYMkgs\hUUw.exe
- %HOMEPATH%\gOEYMkgs\tEQq.exe
- %HOMEPATH%\gOEYMkgs\aMAi.exe
- %HOMEPATH%\gOEYMkgs\fwUs.exe
- %HOMEPATH%\gOEYMkgs\foEy.exe
- %HOMEPATH%\gOEYMkgs\SsEG.exe
- %HOMEPATH%\gOEYMkgs\uQcI.exe
- %HOMEPATH%\gOEYMkgs\nEUu.exe
- %HOMEPATH%\gOEYMkgs\Acow.exe
- %HOMEPATH%\gOEYMkgs\iQYM.exe
- %HOMEPATH%\gOEYMkgs\ZYYW.exe
- %HOMEPATH%\gOEYMkgs\VwUW.exe
- %HOMEPATH%\gOEYMkgs\wwsY.exe
- %HOMEPATH%\gOEYMkgs\soYS.exe
- %HOMEPATH%\gOEYMkgs\swAQ.exe
- %HOMEPATH%\gOEYMkgs\iAQQ.exe
- %HOMEPATH%\gOEYMkgs\bkYu.exe
- %HOMEPATH%\gOEYMkgs\ncwk.exe
- %HOMEPATH%\gOEYMkgs\ZsQs.exe
- %HOMEPATH%\gOEYMkgs\sUYg.exe
- %HOMEPATH%\gOEYMkgs\LcAC.exe
- %HOMEPATH%\gOEYMkgs\rUgY.exe
- %HOMEPATH%\gOEYMkgs\rQkc.exe
- %HOMEPATH%\gOEYMkgs\CAcO.exe
- %HOMEPATH%\gOEYMkgs\dkkE.exe
- %HOMEPATH%\gOEYMkgs\iEsM.exe
- %HOMEPATH%\gOEYMkgs\vkMI.exe
- %HOMEPATH%\gOEYMkgs\jwog.exe
- %HOMEPATH%\gOEYMkgs\ZMsU.exe
- %HOMEPATH%\gOEYMkgs\eocs.exe
- %HOMEPATH%\gOEYMkgs\wswe.exe
- %HOMEPATH%\gOEYMkgs\GEAo.exe
- %HOMEPATH%\gOEYMkgs\kgsg.exe
- %HOMEPATH%\gOEYMkgs\sUMk.exe
- %HOMEPATH%\gOEYMkgs\NoYg.exe
- %HOMEPATH%\gOEYMkgs\UQkO.exe
- %HOMEPATH%\gOEYMkgs\vsgM.exe
- %HOMEPATH%\gOEYMkgs\EkAE.exe
- %HOMEPATH%\gOEYMkgs\akwI.exe
- %HOMEPATH%\gOEYMkgs\ioQO.exe
- %HOMEPATH%\gOEYMkgs\ToES.exe
- %HOMEPATH%\gOEYMkgs\XgMs.exe
- %HOMEPATH%\gOEYMkgs\hQwS.exe
- %HOMEPATH%\gOEYMkgs\pEEe.exe
- %HOMEPATH%\gOEYMkgs\cQcE.exe
- %HOMEPATH%\gOEYMkgs\qsIq.exe
- %HOMEPATH%\gOEYMkgs\WIQm.exe
- %HOMEPATH%\gOEYMkgs\AoMw.exe
- %HOMEPATH%\gOEYMkgs\GcUE.exe
- %HOMEPATH%\gOEYMkgs\aIsQ.exe
- %HOMEPATH%\gOEYMkgs\mYsq.exe
- %HOMEPATH%\gOEYMkgs\YkYI.exe
- %HOMEPATH%\gOEYMkgs\zMMG.exe
- %HOMEPATH%\gOEYMkgs\zIEq.exe
- %HOMEPATH%\gOEYMkgs\jMws.exe
- %HOMEPATH%\gOEYMkgs\vsQE.exe
- %HOMEPATH%\gOEYMkgs\vsgw.exe
- %HOMEPATH%\gOEYMkgs\KAgY.exe
- %HOMEPATH%\gOEYMkgs\mQYQ.exe
- %HOMEPATH%\gOEYMkgs\ZooE.exe
- %HOMEPATH%\gOEYMkgs\bckm.exe
- %HOMEPATH%\gOEYMkgs\bgUm.exe
- %HOMEPATH%\gOEYMkgs\jIAO.exe
- %HOMEPATH%\gOEYMkgs\fccs.exe
- %HOMEPATH%\gOEYMkgs\CwIC.exe
- %HOMEPATH%\gOEYMkgs\QkQC.exe
- %HOMEPATH%\gOEYMkgs\uAci.exe
- %HOMEPATH%\gOEYMkgs\Uswu.exe
- %HOMEPATH%\gOEYMkgs\EMYo.exe
- %HOMEPATH%\gOEYMkgs\fcEU.exe
- %HOMEPATH%\gOEYMkgs\QoMY.exe
- %HOMEPATH%\gOEYMkgs\iYUA.exe
- %HOMEPATH%\gOEYMkgs\OgIk.exe
- %HOMEPATH%\gOEYMkgs\kgUE.exe
- %HOMEPATH%\gOEYMkgs\icgA.exe
- %HOMEPATH%\gOEYMkgs\Dogc.exe
- %TEMP%\jYMkUgEs.bat
- %HOMEPATH%\gOEYMkgs\sIca.exe
- %HOMEPATH%\gOEYMkgs\soEM.exe
- %HOMEPATH%\gOEYMkgs\Pwsg.exe
- %HOMEPATH%\gOEYMkgs\DEII.exe
- %HOMEPATH%\gOEYMkgs\BEAM.exe
- %HOMEPATH%\gOEYMkgs\mkse.exe
- %HOMEPATH%\gOEYMkgs\OAka.exe
- %HOMEPATH%\gOEYMkgs\zUIq.exe
- %HOMEPATH%\gOEYMkgs\UoIk.exe
- %HOMEPATH%\gOEYMkgs\tsIG.exe
- %HOMEPATH%\gOEYMkgs\DsQu.exe
- %HOMEPATH%\gOEYMkgs\yUcO.exe
- %HOMEPATH%\gOEYMkgs\TAMG.exe
- %HOMEPATH%\gOEYMkgs\NkQo.exe
- %HOMEPATH%\gOEYMkgs\XEgs.exe
- %HOMEPATH%\gOEYMkgs\Uwcw.exe
- %HOMEPATH%\gOEYMkgs\hMIm.exe
- %HOMEPATH%\gOEYMkgs\tQQq.exe
- %HOMEPATH%\gOEYMkgs\yMQG.exe
- %HOMEPATH%\gOEYMkgs\iwsQ.exe
- %HOMEPATH%\gOEYMkgs\NgcC.exe
- %HOMEPATH%\gOEYMkgs\gEAS.exe
- %HOMEPATH%\gOEYMkgs\BAAu.exe
- %HOMEPATH%\gOEYMkgs\wsYg.exe
- %HOMEPATH%\gOEYMkgs\ZMkK.exe
- %HOMEPATH%\gOEYMkgs\dwYW.exe
- %HOMEPATH%\gOEYMkgs\oIcM.exe
- %HOMEPATH%\gOEYMkgs\VUkC.exe
- %HOMEPATH%\gOEYMkgs\NYYo.exe
- %HOMEPATH%\gOEYMkgs\dkoe.exe
- %HOMEPATH%\gOEYMkgs\JYgK.exe
- %HOMEPATH%\gOEYMkgs\fsAw.exe
- %HOMEPATH%\gOEYMkgs\RUIS.exe
- %HOMEPATH%\gOEYMkgs\SsQk.exe
- %HOMEPATH%\gOEYMkgs\eEQs.exe
- %HOMEPATH%\gOEYMkgs\jgAG.exe
- %HOMEPATH%\gOEYMkgs\LEog.exe
- %HOMEPATH%\gOEYMkgs\eYEy.exe
- %HOMEPATH%\gOEYMkgs\XMEi.exe
- %HOMEPATH%\gOEYMkgs\qgsi.exe
- %HOMEPATH%\gOEYMkgs\lEss.exe
- %HOMEPATH%\gOEYMkgs\tcEs.exe
- %HOMEPATH%\gOEYMkgs\UQQk.exe
- %HOMEPATH%\gOEYMkgs\gEYu.exe
- %HOMEPATH%\gOEYMkgs\JQMs.exe
- %HOMEPATH%\gOEYMkgs\DQsA.exe
- %HOMEPATH%\gOEYMkgs\Rsoa.exe
- %HOMEPATH%\gOEYMkgs\FMgK.exe
- %HOMEPATH%\gOEYMkgs\ksYe.exe
- %HOMEPATH%\gOEYMkgs\NAQg.exe
- %HOMEPATH%\gOEYMkgs\wgkk.exe
- %HOMEPATH%\gOEYMkgs\OIUm.exe
- %HOMEPATH%\gOEYMkgs\okYM.exe
- %HOMEPATH%\gOEYMkgs\IgUS.exe
- %HOMEPATH%\gOEYMkgs\DIQQ.exe
- %HOMEPATH%\gOEYMkgs\YYQW.exe
- %HOMEPATH%\gOEYMkgs\fggI.exe
- %HOMEPATH%\gOEYMkgs\hUMA.exe
- %HOMEPATH%\gOEYMkgs\Booe.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'