Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\kUcs.exe
- %HOMEPATH%\gOEYMkgs\hUoS.exe
- %HOMEPATH%\gOEYMkgs\TUIK.exe
- %HOMEPATH%\gOEYMkgs\QQsU.exe
- %HOMEPATH%\gOEYMkgs\jIgU.exe
- %HOMEPATH%\gOEYMkgs\OQwA.exe
- %HOMEPATH%\gOEYMkgs\FcwG.exe
- %TEMP%\WER3afc.dir00\manifest.txt
- %TEMP%\WER3afc.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\lAsQ.exe
- %HOMEPATH%\gOEYMkgs\KUAc.exe
- %HOMEPATH%\gOEYMkgs\QUoY.exe
- %HOMEPATH%\gOEYMkgs\kYwg.exe
- %HOMEPATH%\gOEYMkgs\UMQS.exe
- %HOMEPATH%\gOEYMkgs\XUYU.exe
- %HOMEPATH%\gOEYMkgs\Aowe.exe
- %HOMEPATH%\gOEYMkgs\Pwoo.exe
- %HOMEPATH%\gOEYMkgs\eUAU.exe
- %HOMEPATH%\gOEYMkgs\akYy.exe
- %HOMEPATH%\gOEYMkgs\oAsy.exe
- %HOMEPATH%\gOEYMkgs\Uscw.exe
- %HOMEPATH%\gOEYMkgs\XowM.exe
- %HOMEPATH%\gOEYMkgs\hYoc.exe
- %HOMEPATH%\gOEYMkgs\GEQS.exe
- %HOMEPATH%\gOEYMkgs\wMka.exe
- %HOMEPATH%\gOEYMkgs\iMQU.exe
- %HOMEPATH%\gOEYMkgs\rcAw.exe
- %HOMEPATH%\gOEYMkgs\jcgQ.exe
- %HOMEPATH%\gOEYMkgs\ooAM.exe
- %TEMP%\WER3afc.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\YMkI.exe
- %HOMEPATH%\gOEYMkgs\SccC.exe
- %HOMEPATH%\gOEYMkgs\rAEY.exe
- %HOMEPATH%\gOEYMkgs\wgYY.exe
- %HOMEPATH%\gOEYMkgs\mgMq.exe
- %HOMEPATH%\gOEYMkgs\XMsc.exe
- %HOMEPATH%\gOEYMkgs\VAky.exe
- %HOMEPATH%\gOEYMkgs\lYcM.exe
- %HOMEPATH%\gOEYMkgs\HoYg.exe
- %HOMEPATH%\gOEYMkgs\lgcW.exe
- %HOMEPATH%\gOEYMkgs\cksy.exe
- %HOMEPATH%\gOEYMkgs\jIga.exe
- %HOMEPATH%\gOEYMkgs\xcIi.exe
- %HOMEPATH%\gOEYMkgs\pcIa.exe
- %HOMEPATH%\gOEYMkgs\WkkK.exe
- %HOMEPATH%\gOEYMkgs\msMy.exe
- %HOMEPATH%\gOEYMkgs\xYIs.exe
- %HOMEPATH%\gOEYMkgs\Awkk.exe
- %HOMEPATH%\gOEYMkgs\QQIC.exe
- %TEMP%\WER3afc.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\GIQW.exe
- %HOMEPATH%\gOEYMkgs\RkIu.exe
- %HOMEPATH%\gOEYMkgs\ScIW.exe
- %HOMEPATH%\gOEYMkgs\ysIi.exe
- %HOMEPATH%\gOEYMkgs\TMMu.exe
- %HOMEPATH%\gOEYMkgs\ZwQC.exe
- %HOMEPATH%\gOEYMkgs\iEkk.exe
- %HOMEPATH%\gOEYMkgs\Agkg.exe
- %HOMEPATH%\gOEYMkgs\TUIw.exe
- %HOMEPATH%\gOEYMkgs\QMoW.exe
- %HOMEPATH%\gOEYMkgs\VoMC.exe
- %HOMEPATH%\gOEYMkgs\aMIK.exe
- %HOMEPATH%\gOEYMkgs\rgsY.exe
- %HOMEPATH%\gOEYMkgs\TUYw.exe
- %HOMEPATH%\gOEYMkgs\WAMq.exe
- %TEMP%\WERb0d0.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\ngcE.exe
- %TEMP%\WERb0d0.dir00\manifest.txt
- %TEMP%\WERb0d0.dir00\appcompat.txt
- %TEMP%\WERb0d0.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\Ksog.exe
- %HOMEPATH%\gOEYMkgs\EsAM.exe
- %HOMEPATH%\gOEYMkgs\IgcQ.exe
- %HOMEPATH%\gOEYMkgs\XcwE.exe
- %HOMEPATH%\gOEYMkgs\mUYq.exe
- %HOMEPATH%\gOEYMkgs\EIge.exe
- %HOMEPATH%\gOEYMkgs\KQIy.exe
- %HOMEPATH%\gOEYMkgs\aYwS.exe
- %HOMEPATH%\gOEYMkgs\iEIW.exe
- %HOMEPATH%\gOEYMkgs\qgAC.exe
- %HOMEPATH%\gOEYMkgs\Iwce.exe
- %HOMEPATH%\gOEYMkgs\Xswg.exe
- %HOMEPATH%\gOEYMkgs\QUgE.exe
- %HOMEPATH%\gOEYMkgs\HMcQ.exe
- %HOMEPATH%\gOEYMkgs\IIIm.exe
- %HOMEPATH%\gOEYMkgs\lwYk.exe
- %HOMEPATH%\gOEYMkgs\GIsO.exe
- %HOMEPATH%\gOEYMkgs\lIQG.exe
- %HOMEPATH%\gOEYMkgs\McQG.exe
- %HOMEPATH%\gOEYMkgs\tAMC.exe
- %HOMEPATH%\gOEYMkgs\eMcM.exe
- %HOMEPATH%\gOEYMkgs\IIEe.exe
- %HOMEPATH%\gOEYMkgs\CUMm.exe
- %HOMEPATH%\gOEYMkgs\IEYy.exe
- %HOMEPATH%\gOEYMkgs\RcwG.exe
- %HOMEPATH%\gOEYMkgs\fkUq.exe
- %HOMEPATH%\gOEYMkgs\DYcQ.exe
- %HOMEPATH%\gOEYMkgs\KAEY.exe
- %HOMEPATH%\gOEYMkgs\TIIK.exe
- %HOMEPATH%\gOEYMkgs\WMUO.exe
- %HOMEPATH%\gOEYMkgs\FcYy.exe
- %HOMEPATH%\gOEYMkgs\lYQE.exe
- %HOMEPATH%\gOEYMkgs\zIwC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\nQII.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\RkUw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\IwMe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\uwIM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\icAI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\hUsi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\ycge.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\gwEk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\egci.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\WIIU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\jEAU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\AYkI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %TEMP%\WER5695.dir00\manifest.txt
- %TEMP%\WER5695.dir00\appcompat.txt
- %TEMP%\WER5695.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\uMcs.exe
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER5695.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\MgEI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\xsMo.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\Escy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\MYgE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\NQAG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\sgMw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\iAgk.exe
- %HOMEPATH%\gOEYMkgs\gcAq.exe
- %HOMEPATH%\gOEYMkgs\fQUo.exe
- %HOMEPATH%\gOEYMkgs\rEsG.exe
- %HOMEPATH%\gOEYMkgs\gEAy.exe
- %HOMEPATH%\gOEYMkgs\twUs.exe
- %HOMEPATH%\gOEYMkgs\NgwI.exe
- %HOMEPATH%\gOEYMkgs\OoEM.exe
- %HOMEPATH%\gOEYMkgs\EEIU.exe
- %HOMEPATH%\gOEYMkgs\xIwC.exe
- %HOMEPATH%\gOEYMkgs\ZEoe.exe
- %HOMEPATH%\gOEYMkgs\UsEI.exe
- %HOMEPATH%\gOEYMkgs\jYkY.exe
- %HOMEPATH%\gOEYMkgs\UAki.exe
- %HOMEPATH%\gOEYMkgs\bUMm.exe
- %HOMEPATH%\gOEYMkgs\eEAS.exe
- %HOMEPATH%\gOEYMkgs\hYAg.exe
- %HOMEPATH%\gOEYMkgs\vUww.exe
- %HOMEPATH%\gOEYMkgs\wUoa.exe
- %HOMEPATH%\gOEYMkgs\BgYw.exe
- %HOMEPATH%\gOEYMkgs\wAUE.exe
- %HOMEPATH%\gOEYMkgs\SEwk.exe
- %HOMEPATH%\gOEYMkgs\GIgM.exe
- %HOMEPATH%\gOEYMkgs\kUMe.exe
- %HOMEPATH%\gOEYMkgs\kksC.exe
- %HOMEPATH%\gOEYMkgs\TcEO.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\mYYq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\jggQ.exe
- %HOMEPATH%\gOEYMkgs\NMMi.exe
- %TEMP%\WERcf09.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- <Current directory>\<File name>
- %HOMEPATH%\gOEYMkgs\qUoA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\aAsY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\XIws.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\GUEE.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\oAYG.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %TEMP%\WERcf09.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\gQcm.exe
- %HOMEPATH%\gOEYMkgs\aYYq.exe
- %TEMP%\WERcf09.dir00\manifest.txt
- %TEMP%\WERcf09.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\akYy.exe
- %HOMEPATH%\gOEYMkgs\UMQS.exe
- %HOMEPATH%\gOEYMkgs\Pwoo.exe
- %HOMEPATH%\gOEYMkgs\eUAU.exe
- %HOMEPATH%\gOEYMkgs\XUYU.exe
- %HOMEPATH%\gOEYMkgs\GEQS.exe
- %HOMEPATH%\gOEYMkgs\wMka.exe
- %HOMEPATH%\gOEYMkgs\Aowe.exe
- %HOMEPATH%\gOEYMkgs\hYoc.exe
- %HOMEPATH%\gOEYMkgs\qgAC.exe
- %HOMEPATH%\gOEYMkgs\GIsO.exe
- %HOMEPATH%\gOEYMkgs\aYwS.exe
- %HOMEPATH%\gOEYMkgs\iEIW.exe
- %HOMEPATH%\gOEYMkgs\lIQG.exe
- %HOMEPATH%\gOEYMkgs\IIIm.exe
- %HOMEPATH%\gOEYMkgs\lwYk.exe
- %HOMEPATH%\gOEYMkgs\McQG.exe
- %HOMEPATH%\gOEYMkgs\HMcQ.exe
- %HOMEPATH%\gOEYMkgs\oAsy.exe
- %HOMEPATH%\gOEYMkgs\QUoY.exe
- %HOMEPATH%\gOEYMkgs\FcwG.exe
- %HOMEPATH%\gOEYMkgs\lAsQ.exe
- %HOMEPATH%\gOEYMkgs\KUAc.exe
- %HOMEPATH%\gOEYMkgs\iMQU.exe
- %HOMEPATH%\gOEYMkgs\WkkK.exe
- %HOMEPATH%\gOEYMkgs\lgcW.exe
- %HOMEPATH%\gOEYMkgs\xcIi.exe
- %HOMEPATH%\gOEYMkgs\pcIa.exe
- %HOMEPATH%\gOEYMkgs\kYwg.exe
- %HOMEPATH%\gOEYMkgs\QQsU.exe
- %HOMEPATH%\gOEYMkgs\Uscw.exe
- %HOMEPATH%\gOEYMkgs\XowM.exe
- %HOMEPATH%\gOEYMkgs\jIgU.exe
- %HOMEPATH%\gOEYMkgs\hUoS.exe
- %HOMEPATH%\gOEYMkgs\TUIK.exe
- %HOMEPATH%\gOEYMkgs\OQwA.exe
- %HOMEPATH%\gOEYMkgs\kUcs.exe
- %HOMEPATH%\gOEYMkgs\QUgE.exe
- %HOMEPATH%\gOEYMkgs\iEkk.exe
- %HOMEPATH%\gOEYMkgs\RkIu.exe
- %HOMEPATH%\gOEYMkgs\TMMu.exe
- %HOMEPATH%\gOEYMkgs\ZwQC.exe
- %HOMEPATH%\gOEYMkgs\ScIW.exe
- %HOMEPATH%\gOEYMkgs\aMIK.exe
- %HOMEPATH%\gOEYMkgs\rgsY.exe
- %HOMEPATH%\gOEYMkgs\ysIi.exe
- %HOMEPATH%\gOEYMkgs\VoMC.exe
- %HOMEPATH%\gOEYMkgs\XcwE.exe
- %HOMEPATH%\gOEYMkgs\mUYq.exe
- %HOMEPATH%\gOEYMkgs\WAMq.exe
- %HOMEPATH%\gOEYMkgs\ngcE.exe
- %HOMEPATH%\gOEYMkgs\EIge.exe
- %HOMEPATH%\gOEYMkgs\IgcQ.exe
- %HOMEPATH%\gOEYMkgs\TUYw.exe
- %HOMEPATH%\gOEYMkgs\Ksog.exe
- %HOMEPATH%\gOEYMkgs\EsAM.exe
- %HOMEPATH%\gOEYMkgs\Agkg.exe
- %HOMEPATH%\gOEYMkgs\lYQE.exe
- %HOMEPATH%\gOEYMkgs\DYcQ.exe
- %HOMEPATH%\gOEYMkgs\WMUO.exe
- %HOMEPATH%\gOEYMkgs\FcYy.exe
- %HOMEPATH%\gOEYMkgs\KAEY.exe
- %HOMEPATH%\gOEYMkgs\Iwce.exe
- %HOMEPATH%\gOEYMkgs\Xswg.exe
- %HOMEPATH%\gOEYMkgs\TIIK.exe
- %HOMEPATH%\gOEYMkgs\tAMC.exe
- %HOMEPATH%\gOEYMkgs\KQIy.exe
- %HOMEPATH%\gOEYMkgs\IEYy.exe
- %HOMEPATH%\gOEYMkgs\TUIw.exe
- %HOMEPATH%\gOEYMkgs\QMoW.exe
- %HOMEPATH%\gOEYMkgs\RcwG.exe
- %HOMEPATH%\gOEYMkgs\IIEe.exe
- %HOMEPATH%\gOEYMkgs\CUMm.exe
- %HOMEPATH%\gOEYMkgs\fkUq.exe
- %HOMEPATH%\gOEYMkgs\eMcM.exe
- %HOMEPATH%\gOEYMkgs\cksy.exe
- %HOMEPATH%\gOEYMkgs\mYYq.exe
- %HOMEPATH%\gOEYMkgs\jggQ.exe
- %HOMEPATH%\gOEYMkgs\gQcm.exe
- %HOMEPATH%\gOEYMkgs\NMMi.exe
- %HOMEPATH%\gOEYMkgs\aAsY.exe
- %HOMEPATH%\gOEYMkgs\gwEk.exe
- %HOMEPATH%\gOEYMkgs\egci.exe
- %HOMEPATH%\gOEYMkgs\qUoA.exe
- %TEMP%\xkogoccc.bat
- %HOMEPATH%\gOEYMkgs\OoEM.exe
- %HOMEPATH%\gOEYMkgs\EEIU.exe
- %HOMEPATH%\gOEYMkgs\UsEI.exe
- %HOMEPATH%\gOEYMkgs\jYkY.exe
- %HOMEPATH%\gOEYMkgs\xIwC.exe
- %HOMEPATH%\gOEYMkgs\XIws.exe
- %HOMEPATH%\gOEYMkgs\aYYq.exe
- %HOMEPATH%\gOEYMkgs\GUEE.exe
- %HOMEPATH%\gOEYMkgs\oAYG.exe
- %HOMEPATH%\gOEYMkgs\ycge.exe
- %HOMEPATH%\gOEYMkgs\MYgE.exe
- %HOMEPATH%\gOEYMkgs\xsMo.exe
- %HOMEPATH%\gOEYMkgs\uwIM.exe
- %HOMEPATH%\gOEYMkgs\Escy.exe
- %HOMEPATH%\gOEYMkgs\sgMw.exe
- %HOMEPATH%\gOEYMkgs\MgEI.exe
- %HOMEPATH%\gOEYMkgs\uMcs.exe
- %HOMEPATH%\gOEYMkgs\iAgk.exe
- %HOMEPATH%\gOEYMkgs\NQAG.exe
- %HOMEPATH%\gOEYMkgs\WIIU.exe
- %HOMEPATH%\gOEYMkgs\hUsi.exe
- %HOMEPATH%\gOEYMkgs\jEAU.exe
- %HOMEPATH%\gOEYMkgs\AYkI.exe
- %HOMEPATH%\gOEYMkgs\RkUw.exe
- %HOMEPATH%\gOEYMkgs\icAI.exe
- %HOMEPATH%\gOEYMkgs\IwMe.exe
- %HOMEPATH%\gOEYMkgs\zIwC.exe
- %HOMEPATH%\gOEYMkgs\nQII.exe
- %HOMEPATH%\gOEYMkgs\ZEoe.exe
- %HOMEPATH%\gOEYMkgs\ooAM.exe
- %HOMEPATH%\gOEYMkgs\XMsc.exe
- %HOMEPATH%\gOEYMkgs\rcAw.exe
- %HOMEPATH%\gOEYMkgs\jcgQ.exe
- %HOMEPATH%\gOEYMkgs\VAky.exe
- %HOMEPATH%\gOEYMkgs\wgYY.exe
- %HOMEPATH%\gOEYMkgs\mgMq.exe
- %HOMEPATH%\gOEYMkgs\lYcM.exe
- %HOMEPATH%\gOEYMkgs\rAEY.exe
- %HOMEPATH%\gOEYMkgs\GIQW.exe
- %HOMEPATH%\gOEYMkgs\msMy.exe
- %HOMEPATH%\gOEYMkgs\jIga.exe
- %HOMEPATH%\gOEYMkgs\QQIC.exe
- %HOMEPATH%\gOEYMkgs\xYIs.exe
- %HOMEPATH%\gOEYMkgs\YMkI.exe
- %HOMEPATH%\gOEYMkgs\SccC.exe
- %HOMEPATH%\gOEYMkgs\Awkk.exe
- %HOMEPATH%\gOEYMkgs\HoYg.exe
- %HOMEPATH%\gOEYMkgs\vUww.exe
- %HOMEPATH%\gOEYMkgs\UAki.exe
- %HOMEPATH%\gOEYMkgs\gEAy.exe
- %HOMEPATH%\gOEYMkgs\SEwk.exe
- %HOMEPATH%\gOEYMkgs\GIgM.exe
- %HOMEPATH%\gOEYMkgs\twUs.exe
- %HOMEPATH%\gOEYMkgs\fQUo.exe
- %HOMEPATH%\gOEYMkgs\rEsG.exe
- %HOMEPATH%\gOEYMkgs\NgwI.exe
- %HOMEPATH%\gOEYMkgs\gcAq.exe
- %HOMEPATH%\gOEYMkgs\bUMm.exe
- %HOMEPATH%\gOEYMkgs\eEAS.exe
- %HOMEPATH%\gOEYMkgs\wUoa.exe
- %HOMEPATH%\gOEYMkgs\BgYw.exe
- %HOMEPATH%\gOEYMkgs\hYAg.exe
- %HOMEPATH%\gOEYMkgs\TcEO.exe
- %HOMEPATH%\gOEYMkgs\wAUE.exe
- %HOMEPATH%\gOEYMkgs\kUMe.exe
- %HOMEPATH%\gOEYMkgs\kksC.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'