Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '%TEMP%\setup.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\setup.exe
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\tcsi.exe
- %HOMEPATH%\gOEYMkgs\UYAc.exe
- %HOMEPATH%\gOEYMkgs\asEG.exe
- %HOMEPATH%\gOEYMkgs\PQMe.exe
- %HOMEPATH%\gOEYMkgs\hMAE.exe
- %HOMEPATH%\gOEYMkgs\zkQO.exe
- %HOMEPATH%\gOEYMkgs\hUsi.exe
- %HOMEPATH%\gOEYMkgs\fAEa.exe
- %HOMEPATH%\gOEYMkgs\VYkY.exe
- %HOMEPATH%\gOEYMkgs\CYMM.exe
- %HOMEPATH%\gOEYMkgs\ykQo.exe
- %HOMEPATH%\gOEYMkgs\XYsm.exe
- %HOMEPATH%\gOEYMkgs\KoAm.exe
- %HOMEPATH%\gOEYMkgs\TQAg.exe
- %HOMEPATH%\gOEYMkgs\HkAW.exe
- %TEMP%\WER998b.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\TYcY.exe
- %TEMP%\WER998b.dir00\manifest.txt
- %TEMP%\WER998b.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\sIQg.exe
- %HOMEPATH%\gOEYMkgs\fIEG.exe
- %HOMEPATH%\gOEYMkgs\coQI.exe
- %HOMEPATH%\gOEYMkgs\oIkO.exe
- %TEMP%\WER998b.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\hgoC.exe
- %HOMEPATH%\gOEYMkgs\dkgK.exe
- %HOMEPATH%\gOEYMkgs\Jssk.exe
- %HOMEPATH%\gOEYMkgs\cYEW.exe
- %HOMEPATH%\gOEYMkgs\XQcg.exe
- %HOMEPATH%\gOEYMkgs\qYMK.exe
- %HOMEPATH%\gOEYMkgs\MwMo.exe
- %HOMEPATH%\gOEYMkgs\lMAM.exe
- %HOMEPATH%\gOEYMkgs\tssy.exe
- %HOMEPATH%\gOEYMkgs\IMQw.exe
- %HOMEPATH%\gOEYMkgs\SkIQ.exe
- %HOMEPATH%\gOEYMkgs\fAIm.exe
- %HOMEPATH%\gOEYMkgs\NcIa.exe
- %HOMEPATH%\gOEYMkgs\fEAq.exe
- %HOMEPATH%\gOEYMkgs\dkEe.exe
- %HOMEPATH%\gOEYMkgs\dAEg.exe
- %HOMEPATH%\gOEYMkgs\nYMq.exe
- %HOMEPATH%\gOEYMkgs\VAww.exe
- %HOMEPATH%\gOEYMkgs\HgsQ.exe
- %HOMEPATH%\gOEYMkgs\mMMI.exe
- %HOMEPATH%\gOEYMkgs\jEMq.exe
- %HOMEPATH%\gOEYMkgs\QcUO.exe
- %HOMEPATH%\gOEYMkgs\SgQK.exe
- %HOMEPATH%\gOEYMkgs\yEgw.exe
- %HOMEPATH%\gOEYMkgs\dAgy.exe
- %HOMEPATH%\gOEYMkgs\gEgU.exe
- %HOMEPATH%\gOEYMkgs\qocC.exe
- %HOMEPATH%\gOEYMkgs\sEoq.exe
- %HOMEPATH%\gOEYMkgs\LQAq.exe
- %HOMEPATH%\gOEYMkgs\vkwK.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %HOMEPATH%\gOEYMkgs\GwsO.exe
- %HOMEPATH%\gOEYMkgs\tMky.exe
- %HOMEPATH%\gOEYMkgs\swAi.exe
- %HOMEPATH%\gOEYMkgs\coso.exe
- %HOMEPATH%\gOEYMkgs\JgUg.exe
- %HOMEPATH%\gOEYMkgs\zoco.exe
- %HOMEPATH%\gOEYMkgs\DYQQ.exe
- %HOMEPATH%\gOEYMkgs\HcQk.exe
- %HOMEPATH%\gOEYMkgs\Rgcw.exe
- %HOMEPATH%\gOEYMkgs\xoMq.exe
- %TEMP%\WER13c7.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER13c7.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\QYYO.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER13c7.dir00\manifest.txt
- %TEMP%\WER13c7.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\hggK.exe
- %HOMEPATH%\gOEYMkgs\cEQq.exe
- %HOMEPATH%\gOEYMkgs\pYEe.exe
- %HOMEPATH%\gOEYMkgs\esUo.exe
- %HOMEPATH%\gOEYMkgs\ZUks.exe
- %HOMEPATH%\gOEYMkgs\bcMo.exe
- %HOMEPATH%\gOEYMkgs\YEsE.exe
- %HOMEPATH%\gOEYMkgs\zgkm.exe
- %HOMEPATH%\gOEYMkgs\EoMw.exe
- %HOMEPATH%\gOEYMkgs\NMEo.exe
- %HOMEPATH%\gOEYMkgs\bQow.exe
- %HOMEPATH%\gOEYMkgs\EIwC.exe
- %HOMEPATH%\gOEYMkgs\xcUw.exe
- %HOMEPATH%\gOEYMkgs\xIAQ.exe
- %HOMEPATH%\gOEYMkgs\AEIY.exe
- %HOMEPATH%\gOEYMkgs\tosE.exe
- %HOMEPATH%\gOEYMkgs\pUYW.exe
- %HOMEPATH%\gOEYMkgs\Jcwg.exe
- %HOMEPATH%\gOEYMkgs\nska.exe
- %HOMEPATH%\gOEYMkgs\dgQS.exe
- %HOMEPATH%\gOEYMkgs\ScUa.exe
- %HOMEPATH%\gOEYMkgs\ywAK.exe
- %HOMEPATH%\gOEYMkgs\wcgc.exe
- %HOMEPATH%\gOEYMkgs\OEEG.exe
- %HOMEPATH%\gOEYMkgs\cYoA.exe
- %HOMEPATH%\gOEYMkgs\SUcM.exe
- %HOMEPATH%\gOEYMkgs\XAcu.exe
- %HOMEPATH%\gOEYMkgs\KQUO.exe
- %HOMEPATH%\gOEYMkgs\EcgE.exe
- %HOMEPATH%\gOEYMkgs\fAEU.exe
- %HOMEPATH%\gOEYMkgs\IAcI.exe
- %HOMEPATH%\gOEYMkgs\jEMs.exe
- %HOMEPATH%\gOEYMkgs\EIIk.exe
- %HOMEPATH%\gOEYMkgs\UQQg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\rwQk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\qcEo.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\Sske.exe
- %HOMEPATH%\gOEYMkgs\usME.exe
- %HOMEPATH%\gOEYMkgs\gIUi.exe
- %TEMP%\WERb093.dir00\manifest.txt
- %TEMP%\WERb093.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\ugUw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\aQEm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\mIgW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\WgEm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\YIMI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\iAUC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\AAsW.exe
- %ALLUSERSPROFILE%\caQc.txt
- %TEMP%\WER3962.dir00\manifest.txt
- %TEMP%\WER3962.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\eIUK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\HQwy.exe
- %TEMP%\WER3962.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER3962.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %TEMP%\WERb093.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\qYwQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\Uoks.exe
- %TEMP%\WERb093.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\CwcM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\jAcA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\mose.exe
- %HOMEPATH%\gOEYMkgs\bcUk.exe
- %HOMEPATH%\gOEYMkgs\gMwE.exe
- %HOMEPATH%\gOEYMkgs\sMcw.exe
- %HOMEPATH%\gOEYMkgs\Lkwg.exe
- %HOMEPATH%\gOEYMkgs\Kwwm.exe
- %HOMEPATH%\gOEYMkgs\poYu.exe
- %HOMEPATH%\gOEYMkgs\gEUm.exe
- %HOMEPATH%\gOEYMkgs\EwMe.exe
- %TEMP%\WER236c.dir00\manifest.txt
- %TEMP%\WER236c.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\UggS.exe
- %HOMEPATH%\gOEYMkgs\lkcu.exe
- %HOMEPATH%\gOEYMkgs\kYEO.exe
- %HOMEPATH%\gOEYMkgs\lcAq.exe
- %HOMEPATH%\gOEYMkgs\oAAi.exe
- %HOMEPATH%\gOEYMkgs\KkIC.exe
- %HOMEPATH%\gOEYMkgs\Sosu.exe
- %HOMEPATH%\gOEYMkgs\ckki.exe
- %HOMEPATH%\gOEYMkgs\BQEy.exe
- %HOMEPATH%\gOEYMkgs\yAwa.exe
- %HOMEPATH%\gOEYMkgs\QAoG.exe
- %HOMEPATH%\gOEYMkgs\wwcO.exe
- %HOMEPATH%\gOEYMkgs\WMsg.exe
- %HOMEPATH%\gOEYMkgs\EEgy.exe
- %HOMEPATH%\gOEYMkgs\zcMu.exe
- %HOMEPATH%\gOEYMkgs\scYa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\xEsA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\aYMe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\iMoy.exe
- %HOMEPATH%\gOEYMkgs\CcQO.exe
- %HOMEPATH%\gOEYMkgs\YEEe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\EMQA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\bwoQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\eAcS.exe
- %TEMP%\WER236c.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\Tgou.exe
- %TEMP%\WER236c.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\jogi.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\VEYu.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\nYQo.exe
- %HOMEPATH%\gOEYMkgs\sIQg.exe
- %HOMEPATH%\gOEYMkgs\hgoC.exe
- %HOMEPATH%\gOEYMkgs\TQAg.exe
- %HOMEPATH%\gOEYMkgs\HkAW.exe
- %HOMEPATH%\gOEYMkgs\dkgK.exe
- %HOMEPATH%\gOEYMkgs\oIkO.exe
- %HOMEPATH%\gOEYMkgs\PQMe.exe
- %HOMEPATH%\gOEYMkgs\fIEG.exe
- %HOMEPATH%\gOEYMkgs\coQI.exe
- %HOMEPATH%\gOEYMkgs\Jcwg.exe
- %HOMEPATH%\gOEYMkgs\nska.exe
- %HOMEPATH%\gOEYMkgs\NMEo.exe
- %HOMEPATH%\gOEYMkgs\xIAQ.exe
- %HOMEPATH%\gOEYMkgs\dgQS.exe
- %HOMEPATH%\gOEYMkgs\pUYW.exe
- %HOMEPATH%\gOEYMkgs\TYcY.exe
- %HOMEPATH%\gOEYMkgs\AEIY.exe
- %HOMEPATH%\gOEYMkgs\tosE.exe
- %HOMEPATH%\gOEYMkgs\hMAE.exe
- %HOMEPATH%\gOEYMkgs\HgsQ.exe
- %HOMEPATH%\gOEYMkgs\mMMI.exe
- %HOMEPATH%\gOEYMkgs\VYkY.exe
- %HOMEPATH%\gOEYMkgs\CYMM.exe
- %HOMEPATH%\gOEYMkgs\jEMq.exe
- %HOMEPATH%\gOEYMkgs\VAww.exe
- %HOMEPATH%\gOEYMkgs\QcUO.exe
- %HOMEPATH%\gOEYMkgs\dAEg.exe
- %HOMEPATH%\gOEYMkgs\nYMq.exe
- %HOMEPATH%\gOEYMkgs\UYAc.exe
- %HOMEPATH%\gOEYMkgs\asEG.exe
- %HOMEPATH%\gOEYMkgs\zkQO.exe
- %HOMEPATH%\gOEYMkgs\tcsi.exe
- %HOMEPATH%\gOEYMkgs\hUsi.exe
- %HOMEPATH%\gOEYMkgs\KoAm.exe
- %HOMEPATH%\gOEYMkgs\fAEa.exe
- %HOMEPATH%\gOEYMkgs\ykQo.exe
- %HOMEPATH%\gOEYMkgs\XYsm.exe
- %HOMEPATH%\gOEYMkgs\EoMw.exe
- %HOMEPATH%\gOEYMkgs\LQAq.exe
- %HOMEPATH%\gOEYMkgs\vkwK.exe
- %HOMEPATH%\gOEYMkgs\tMky.exe
- %HOMEPATH%\gOEYMkgs\swAi.exe
- %HOMEPATH%\gOEYMkgs\coso.exe
- %HOMEPATH%\gOEYMkgs\xoMq.exe
- %HOMEPATH%\gOEYMkgs\JgUg.exe
- %HOMEPATH%\gOEYMkgs\HcQk.exe
- %HOMEPATH%\gOEYMkgs\Rgcw.exe
- %HOMEPATH%\gOEYMkgs\ZUks.exe
- %HOMEPATH%\gOEYMkgs\bcMo.exe
- %HOMEPATH%\gOEYMkgs\QYYO.exe
- %HOMEPATH%\gOEYMkgs\hggK.exe
- %HOMEPATH%\gOEYMkgs\YEsE.exe
- %HOMEPATH%\gOEYMkgs\esUo.exe
- %HOMEPATH%\gOEYMkgs\GwsO.exe
- %HOMEPATH%\gOEYMkgs\cEQq.exe
- %HOMEPATH%\gOEYMkgs\pYEe.exe
- %HOMEPATH%\gOEYMkgs\zoco.exe
- %HOMEPATH%\gOEYMkgs\KQUO.exe
- %HOMEPATH%\gOEYMkgs\EcgE.exe
- %HOMEPATH%\gOEYMkgs\jEMs.exe
- %HOMEPATH%\gOEYMkgs\EIIk.exe
- %HOMEPATH%\gOEYMkgs\fAEU.exe
- %HOMEPATH%\gOEYMkgs\xcUw.exe
- %HOMEPATH%\gOEYMkgs\zgkm.exe
- %HOMEPATH%\gOEYMkgs\bQow.exe
- %HOMEPATH%\gOEYMkgs\EIwC.exe
- %HOMEPATH%\gOEYMkgs\cYoA.exe
- %HOMEPATH%\gOEYMkgs\SUcM.exe
- %HOMEPATH%\gOEYMkgs\DYQQ.exe
- %HOMEPATH%\gOEYMkgs\OEEG.exe
- %HOMEPATH%\gOEYMkgs\ScUa.exe
- %HOMEPATH%\gOEYMkgs\XAcu.exe
- %HOMEPATH%\gOEYMkgs\IAcI.exe
- %HOMEPATH%\gOEYMkgs\ywAK.exe
- %HOMEPATH%\gOEYMkgs\wcgc.exe
- %HOMEPATH%\gOEYMkgs\gEgU.exe
- %HOMEPATH%\gOEYMkgs\iMoy.exe
- %HOMEPATH%\gOEYMkgs\xEsA.exe
- %HOMEPATH%\gOEYMkgs\jogi.exe
- %HOMEPATH%\gOEYMkgs\aYMe.exe
- %HOMEPATH%\gOEYMkgs\CcQO.exe
- %HOMEPATH%\gOEYMkgs\EMQA.exe
- %HOMEPATH%\gOEYMkgs\WgEm.exe
- %HOMEPATH%\gOEYMkgs\bwoQ.exe
- %HOMEPATH%\gOEYMkgs\YEEe.exe
- %HOMEPATH%\gOEYMkgs\lkcu.exe
- %HOMEPATH%\gOEYMkgs\kYEO.exe
- %HOMEPATH%\gOEYMkgs\gEUm.exe
- %HOMEPATH%\gOEYMkgs\UggS.exe
- %HOMEPATH%\gOEYMkgs\EwMe.exe
- %HOMEPATH%\gOEYMkgs\VEYu.exe
- %HOMEPATH%\gOEYMkgs\nYQo.exe
- %HOMEPATH%\gOEYMkgs\Tgou.exe
- %HOMEPATH%\gOEYMkgs\eAcS.exe
- %HOMEPATH%\gOEYMkgs\aQEm.exe
- %HOMEPATH%\gOEYMkgs\qYwQ.exe
- %HOMEPATH%\gOEYMkgs\jAcA.exe
- %HOMEPATH%\gOEYMkgs\gIUi.exe
- %HOMEPATH%\gOEYMkgs\Uoks.exe
- %HOMEPATH%\gOEYMkgs\mose.exe
- %HOMEPATH%\gOEYMkgs\eIUK.exe
- %HOMEPATH%\gOEYMkgs\HQwy.exe
- %HOMEPATH%\gOEYMkgs\CwcM.exe
- %TEMP%\QYIcEUIY.bat
- %HOMEPATH%\gOEYMkgs\AAsW.exe
- %HOMEPATH%\gOEYMkgs\YIMI.exe
- %HOMEPATH%\gOEYMkgs\mIgW.exe
- %HOMEPATH%\gOEYMkgs\iAUC.exe
- %HOMEPATH%\gOEYMkgs\qcEo.exe
- %HOMEPATH%\gOEYMkgs\usME.exe
- %HOMEPATH%\gOEYMkgs\ugUw.exe
- %HOMEPATH%\gOEYMkgs\Sske.exe
- %HOMEPATH%\gOEYMkgs\rwQk.exe
- %HOMEPATH%\gOEYMkgs\sMcw.exe
- %HOMEPATH%\gOEYMkgs\tssy.exe
- %HOMEPATH%\gOEYMkgs\NcIa.exe
- %HOMEPATH%\gOEYMkgs\cYEW.exe
- %HOMEPATH%\gOEYMkgs\XQcg.exe
- %HOMEPATH%\gOEYMkgs\fEAq.exe
- %HOMEPATH%\gOEYMkgs\SkIQ.exe
- %HOMEPATH%\gOEYMkgs\fAIm.exe
- %HOMEPATH%\gOEYMkgs\dkEe.exe
- %HOMEPATH%\gOEYMkgs\IMQw.exe
- %HOMEPATH%\gOEYMkgs\SgQK.exe
- %HOMEPATH%\gOEYMkgs\yEgw.exe
- %HOMEPATH%\gOEYMkgs\qocC.exe
- %HOMEPATH%\gOEYMkgs\sEoq.exe
- %HOMEPATH%\gOEYMkgs\dAgy.exe
- %HOMEPATH%\gOEYMkgs\lMAM.exe
- %HOMEPATH%\gOEYMkgs\Jssk.exe
- %HOMEPATH%\gOEYMkgs\qYMK.exe
- %HOMEPATH%\gOEYMkgs\MwMo.exe
- %HOMEPATH%\gOEYMkgs\UQQg.exe
- %HOMEPATH%\gOEYMkgs\wwcO.exe
- %HOMEPATH%\gOEYMkgs\WMsg.exe
- %HOMEPATH%\gOEYMkgs\scYa.exe
- %HOMEPATH%\gOEYMkgs\QAoG.exe
- %HOMEPATH%\gOEYMkgs\Lkwg.exe
- %HOMEPATH%\gOEYMkgs\bcUk.exe
- %HOMEPATH%\gOEYMkgs\gMwE.exe
- %HOMEPATH%\gOEYMkgs\Kwwm.exe
- %HOMEPATH%\gOEYMkgs\poYu.exe
- %HOMEPATH%\gOEYMkgs\BQEy.exe
- %HOMEPATH%\gOEYMkgs\lcAq.exe
- %HOMEPATH%\gOEYMkgs\Sosu.exe
- %HOMEPATH%\gOEYMkgs\ckki.exe
- %HOMEPATH%\gOEYMkgs\oAAi.exe
- %HOMEPATH%\gOEYMkgs\EEgy.exe
- %HOMEPATH%\gOEYMkgs\zcMu.exe
- %HOMEPATH%\gOEYMkgs\KkIC.exe
- %HOMEPATH%\gOEYMkgs\yAwa.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'