Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '%TEMP%\setup.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\setup.exe
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\eAkm.exe
- %HOMEPATH%\gOEYMkgs\Gwom.exe
- %HOMEPATH%\gOEYMkgs\vAEK.exe
- %HOMEPATH%\gOEYMkgs\lMEC.exe
- %HOMEPATH%\gOEYMkgs\dcwy.exe
- %HOMEPATH%\gOEYMkgs\FQsa.exe
- %TEMP%\WER5c25.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\zcMu.exe
- %HOMEPATH%\gOEYMkgs\isUI.exe
- %HOMEPATH%\gOEYMkgs\ngku.exe
- %HOMEPATH%\gOEYMkgs\zIgo.exe
- %HOMEPATH%\gOEYMkgs\NkQG.exe
- %HOMEPATH%\gOEYMkgs\PUEQ.exe
- %HOMEPATH%\gOEYMkgs\nkwc.exe
- %HOMEPATH%\gOEYMkgs\BIUQ.exe
- %HOMEPATH%\gOEYMkgs\YkwK.exe
- %HOMEPATH%\gOEYMkgs\XMgi.exe
- %HOMEPATH%\gOEYMkgs\RcIM.exe
- %HOMEPATH%\gOEYMkgs\hMwe.exe
- %TEMP%\WER5c25.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\sIoo.exe
- %TEMP%\WER5c25.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\GQYw.exe
- %TEMP%\WER5c25.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\LIoy.exe
- %HOMEPATH%\gOEYMkgs\VkAo.exe
- %HOMEPATH%\gOEYMkgs\kckU.exe
- %HOMEPATH%\gOEYMkgs\noMW.exe
- %HOMEPATH%\gOEYMkgs\gwoe.exe
- %HOMEPATH%\gOEYMkgs\mAUY.exe
- %HOMEPATH%\gOEYMkgs\UMEE.exe
- %HOMEPATH%\gOEYMkgs\jYgY.exe
- %HOMEPATH%\gOEYMkgs\Pcwi.exe
- %HOMEPATH%\gOEYMkgs\DIQa.exe
- %HOMEPATH%\gOEYMkgs\SEgO.exe
- %TEMP%\WERe493.dir00\manifest.txt
- %TEMP%\WERe493.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\Twkc.exe
- %HOMEPATH%\gOEYMkgs\CUwq.exe
- %HOMEPATH%\gOEYMkgs\nQci.exe
- %HOMEPATH%\gOEYMkgs\Twky.exe
- %HOMEPATH%\gOEYMkgs\ZcUA.exe
- %HOMEPATH%\gOEYMkgs\yUQg.exe
- %HOMEPATH%\gOEYMkgs\yAIY.exe
- %HOMEPATH%\gOEYMkgs\ZUAI.exe
- %HOMEPATH%\gOEYMkgs\wMAe.exe
- %HOMEPATH%\gOEYMkgs\NwcM.exe
- %HOMEPATH%\gOEYMkgs\wIEs.exe
- %HOMEPATH%\gOEYMkgs\icEg.exe
- %HOMEPATH%\gOEYMkgs\QccA.exe
- %HOMEPATH%\gOEYMkgs\JsUK.exe
- %HOMEPATH%\gOEYMkgs\zocm.exe
- %HOMEPATH%\gOEYMkgs\DMQm.exe
- %HOMEPATH%\gOEYMkgs\JQgc.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\yQEU.exe
- %HOMEPATH%\gOEYMkgs\WkYG.exe
- %HOMEPATH%\gOEYMkgs\YwMA.exe
- %HOMEPATH%\gOEYMkgs\DoYk.exe
- %HOMEPATH%\gOEYMkgs\YckY.exe
- %HOMEPATH%\gOEYMkgs\dwoI.exe
- %HOMEPATH%\gOEYMkgs\vAkg.exe
- %HOMEPATH%\gOEYMkgs\sIAk.exe
- %HOMEPATH%\gOEYMkgs\MQAA.exe
- %HOMEPATH%\gOEYMkgs\LUYm.exe
- %HOMEPATH%\gOEYMkgs\TkEW.exe
- %HOMEPATH%\gOEYMkgs\DUMK.exe
- %HOMEPATH%\gOEYMkgs\esge.exe
- %HOMEPATH%\gOEYMkgs\wIgA.exe
- %HOMEPATH%\gOEYMkgs\TUkG.exe
- %HOMEPATH%\gOEYMkgs\osUk.exe
- %HOMEPATH%\gOEYMkgs\yswe.exe
- %HOMEPATH%\gOEYMkgs\RwIw.exe
- %HOMEPATH%\gOEYMkgs\iMww.exe
- %HOMEPATH%\gOEYMkgs\XIYw.exe
- %HOMEPATH%\gOEYMkgs\gEss.exe
- %HOMEPATH%\gOEYMkgs\KUAE.exe
- %HOMEPATH%\gOEYMkgs\acAW.exe
- %HOMEPATH%\gOEYMkgs\cwcS.exe
- %HOMEPATH%\gOEYMkgs\mIoe.exe
- %HOMEPATH%\gOEYMkgs\MUUy.exe
- %HOMEPATH%\gOEYMkgs\LcwG.exe
- %TEMP%\WERcef8.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\yoMo.exe
- %HOMEPATH%\gOEYMkgs\wwQk.exe
- %HOMEPATH%\gOEYMkgs\rssC.exe
- %TEMP%\WERcef8.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\aIkA.exe
- %TEMP%\WERcef8.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\yosQ.exe
- %HOMEPATH%\gOEYMkgs\pMkI.exe
- %HOMEPATH%\gOEYMkgs\dIUk.exe
- %TEMP%\WERcef8.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\EMMA.exe
- %HOMEPATH%\gOEYMkgs\sUwA.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %HOMEPATH%\gOEYMkgs\mQEW.exe
- %HOMEPATH%\gOEYMkgs\okAA.exe
- %HOMEPATH%\gOEYMkgs\pkME.exe
- %HOMEPATH%\gOEYMkgs\xQwm.exe
- %HOMEPATH%\gOEYMkgs\IEkC.exe
- %HOMEPATH%\gOEYMkgs\yAIO.exe
- %HOMEPATH%\gOEYMkgs\nUAO.exe
- %HOMEPATH%\gOEYMkgs\jgYa.exe
- %HOMEPATH%\gOEYMkgs\dAwU.exe
- %HOMEPATH%\gOEYMkgs\IEgc.exe
- %HOMEPATH%\gOEYMkgs\ywEg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\VckE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\ucso.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\HUwy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\NYcK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\BoEM.exe
- %TEMP%\WERf16c.dir00\manifest.txt
- %TEMP%\WERf16c.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\YwQS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\LUAi.exe
- %HOMEPATH%\gOEYMkgs\vYAG.exe
- %TEMP%\WERf16c.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZoEi.exe
- %TEMP%\WERf16c.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\pAgm.exe
- %HOMEPATH%\gOEYMkgs\CEwi.exe
- %TEMP%\WER792c.dir00\manifest.txt
- %TEMP%\WER792c.dir00\appcompat.txt
- %TEMP%\WER792c.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\dEUs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\UEUS.exe
- %TEMP%\WER792c.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\PEoO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\goMs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\VosW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\uIoQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\rgsC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\ggUI.exe
- %HOMEPATH%\gOEYMkgs\QUIu.exe
- %HOMEPATH%\gOEYMkgs\BIMY.exe
- %HOMEPATH%\gOEYMkgs\NcAC.exe
- %HOMEPATH%\gOEYMkgs\AQgW.exe
- %HOMEPATH%\gOEYMkgs\rYAW.exe
- %HOMEPATH%\gOEYMkgs\kUMs.exe
- %TEMP%\WER6ad1.dir00\manifest.txt
- %TEMP%\WER6ad1.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\lEMU.exe
- %HOMEPATH%\gOEYMkgs\OoAY.exe
- %TEMP%\WER6ad1.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\mwsY.exe
- %HOMEPATH%\gOEYMkgs\YsIC.exe
- %HOMEPATH%\gOEYMkgs\KsAm.exe
- %HOMEPATH%\gOEYMkgs\xcgq.exe
- %TEMP%\WERe493.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\fcwo.exe
- %HOMEPATH%\gOEYMkgs\msYQ.exe
- %TEMP%\WERe493.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\WoAw.exe
- %HOMEPATH%\gOEYMkgs\roso.exe
- %HOMEPATH%\gOEYMkgs\CsQa.exe
- %HOMEPATH%\gOEYMkgs\qsQY.exe
- %HOMEPATH%\gOEYMkgs\MkkO.exe
- %HOMEPATH%\gOEYMkgs\KAga.exe
- %HOMEPATH%\gOEYMkgs\rAwk.exe
- %HOMEPATH%\gOEYMkgs\yEEa.exe
- %HOMEPATH%\gOEYMkgs\EYsk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\UIwy.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\LsIQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\mQge.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\tYwy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\ygkQ.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\vcMQ.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\bIkI.exe
- %TEMP%\WER6ad1.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\IIYU.exe
- %HOMEPATH%\gOEYMkgs\BAsI.exe
- %HOMEPATH%\gOEYMkgs\FscQ.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\ucAy.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\TUIy.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\hMwe.exe
- %HOMEPATH%\gOEYMkgs\nkwc.exe
- %HOMEPATH%\gOEYMkgs\XMgi.exe
- %HOMEPATH%\gOEYMkgs\RcIM.exe
- %HOMEPATH%\gOEYMkgs\BIUQ.exe
- %HOMEPATH%\gOEYMkgs\VkAo.exe
- %HOMEPATH%\gOEYMkgs\sIoo.exe
- %HOMEPATH%\gOEYMkgs\YkwK.exe
- %HOMEPATH%\gOEYMkgs\LIoy.exe
- %HOMEPATH%\gOEYMkgs\rssC.exe
- %HOMEPATH%\gOEYMkgs\MUUy.exe
- %HOMEPATH%\gOEYMkgs\yoMo.exe
- %HOMEPATH%\gOEYMkgs\wwQk.exe
- %HOMEPATH%\gOEYMkgs\LcwG.exe
- %HOMEPATH%\gOEYMkgs\aIkA.exe
- %HOMEPATH%\gOEYMkgs\yosQ.exe
- %HOMEPATH%\gOEYMkgs\pMkI.exe
- %HOMEPATH%\gOEYMkgs\dIUk.exe
- %HOMEPATH%\gOEYMkgs\GQYw.exe
- %HOMEPATH%\gOEYMkgs\ngku.exe
- %HOMEPATH%\gOEYMkgs\kckU.exe
- %HOMEPATH%\gOEYMkgs\zcMu.exe
- %HOMEPATH%\gOEYMkgs\isUI.exe
- %HOMEPATH%\gOEYMkgs\yAIY.exe
- %HOMEPATH%\gOEYMkgs\Twky.exe
- %HOMEPATH%\gOEYMkgs\ZcUA.exe
- %HOMEPATH%\gOEYMkgs\ZUAI.exe
- %HOMEPATH%\gOEYMkgs\wMAe.exe
- %HOMEPATH%\gOEYMkgs\FQsa.exe
- %HOMEPATH%\gOEYMkgs\eAkm.exe
- %HOMEPATH%\gOEYMkgs\lMEC.exe
- %HOMEPATH%\gOEYMkgs\dcwy.exe
- %HOMEPATH%\gOEYMkgs\Gwom.exe
- %HOMEPATH%\gOEYMkgs\NkQG.exe
- %HOMEPATH%\gOEYMkgs\PUEQ.exe
- %HOMEPATH%\gOEYMkgs\vAEK.exe
- %HOMEPATH%\gOEYMkgs\zIgo.exe
- %HOMEPATH%\gOEYMkgs\nUAO.exe
- %HOMEPATH%\gOEYMkgs\XIYw.exe
- %HOMEPATH%\gOEYMkgs\gEss.exe
- %HOMEPATH%\gOEYMkgs\cwcS.exe
- %HOMEPATH%\gOEYMkgs\iMww.exe
- %HOMEPATH%\gOEYMkgs\WkYG.exe
- %HOMEPATH%\gOEYMkgs\JQgc.exe
- %HOMEPATH%\gOEYMkgs\yQEU.exe
- %HOMEPATH%\gOEYMkgs\YwMA.exe
- %HOMEPATH%\gOEYMkgs\DoYk.exe
- %HOMEPATH%\gOEYMkgs\yswe.exe
- %HOMEPATH%\gOEYMkgs\DUMK.exe
- %HOMEPATH%\gOEYMkgs\TUkG.exe
- %HOMEPATH%\gOEYMkgs\osUk.exe
- %HOMEPATH%\gOEYMkgs\esge.exe
- %HOMEPATH%\gOEYMkgs\KUAE.exe
- %HOMEPATH%\gOEYMkgs\acAW.exe
- %HOMEPATH%\gOEYMkgs\wIgA.exe
- %HOMEPATH%\gOEYMkgs\RwIw.exe
- %HOMEPATH%\gOEYMkgs\YckY.exe
- %HOMEPATH%\gOEYMkgs\sUwA.exe
- %HOMEPATH%\gOEYMkgs\xQwm.exe
- %HOMEPATH%\gOEYMkgs\pkME.exe
- %HOMEPATH%\gOEYMkgs\EMMA.exe
- %HOMEPATH%\gOEYMkgs\jgYa.exe
- %HOMEPATH%\gOEYMkgs\IEkC.exe
- %HOMEPATH%\gOEYMkgs\yAIO.exe
- %HOMEPATH%\gOEYMkgs\dAwU.exe
- %HOMEPATH%\gOEYMkgs\IEgc.exe
- %HOMEPATH%\gOEYMkgs\TkEW.exe
- %HOMEPATH%\gOEYMkgs\dwoI.exe
- %HOMEPATH%\gOEYMkgs\MQAA.exe
- %HOMEPATH%\gOEYMkgs\LUYm.exe
- %HOMEPATH%\gOEYMkgs\vAkg.exe
- %HOMEPATH%\gOEYMkgs\mQEW.exe
- %HOMEPATH%\gOEYMkgs\okAA.exe
- %HOMEPATH%\gOEYMkgs\sIAk.exe
- %HOMEPATH%\gOEYMkgs\mIoe.exe
- %HOMEPATH%\gOEYMkgs\EYsk.exe
- %HOMEPATH%\gOEYMkgs\UIwy.exe
- %HOMEPATH%\gOEYMkgs\ucAy.exe
- %HOMEPATH%\gOEYMkgs\LsIQ.exe
- %HOMEPATH%\gOEYMkgs\tYwy.exe
- %HOMEPATH%\gOEYMkgs\YwQS.exe
- %HOMEPATH%\gOEYMkgs\LUAi.exe
- %HOMEPATH%\gOEYMkgs\ygkQ.exe
- %HOMEPATH%\gOEYMkgs\mQge.exe
- %HOMEPATH%\gOEYMkgs\yEEa.exe
- %HOMEPATH%\gOEYMkgs\bIkI.exe
- %HOMEPATH%\gOEYMkgs\lEMU.exe
- %HOMEPATH%\gOEYMkgs\OoAY.exe
- %HOMEPATH%\gOEYMkgs\IIYU.exe
- %HOMEPATH%\gOEYMkgs\TUIy.exe
- %HOMEPATH%\gOEYMkgs\FscQ.exe
- %HOMEPATH%\gOEYMkgs\vcMQ.exe
- %HOMEPATH%\gOEYMkgs\BAsI.exe
- %HOMEPATH%\gOEYMkgs\vYAG.exe
- %HOMEPATH%\gOEYMkgs\PEoO.exe
- %HOMEPATH%\gOEYMkgs\goMs.exe
- %HOMEPATH%\gOEYMkgs\CEwi.exe
- %HOMEPATH%\gOEYMkgs\VosW.exe
- %HOMEPATH%\gOEYMkgs\rgsC.exe
- %HOMEPATH%\gOEYMkgs\dEUs.exe
- %HOMEPATH%\gOEYMkgs\UEUS.exe
- %HOMEPATH%\gOEYMkgs\ggUI.exe
- %HOMEPATH%\gOEYMkgs\uIoQ.exe
- %HOMEPATH%\gOEYMkgs\ucso.exe
- %TEMP%\swoUwEoA.bat
- %HOMEPATH%\gOEYMkgs\pAgm.exe
- %HOMEPATH%\gOEYMkgs\ZoEi.exe
- %HOMEPATH%\gOEYMkgs\ywEg.exe
- %HOMEPATH%\gOEYMkgs\BoEM.exe
- %HOMEPATH%\gOEYMkgs\HUwy.exe
- %HOMEPATH%\gOEYMkgs\VckE.exe
- %HOMEPATH%\gOEYMkgs\NYcK.exe
- %HOMEPATH%\gOEYMkgs\YsIC.exe
- %HOMEPATH%\gOEYMkgs\noMW.exe
- %HOMEPATH%\gOEYMkgs\gwoe.exe
- %HOMEPATH%\gOEYMkgs\jYgY.exe
- %HOMEPATH%\gOEYMkgs\Pcwi.exe
- %HOMEPATH%\gOEYMkgs\mAUY.exe
- %HOMEPATH%\gOEYMkgs\CUwq.exe
- %HOMEPATH%\gOEYMkgs\nQci.exe
- %HOMEPATH%\gOEYMkgs\DIQa.exe
- %HOMEPATH%\gOEYMkgs\Twkc.exe
- %HOMEPATH%\gOEYMkgs\JsUK.exe
- %HOMEPATH%\gOEYMkgs\zocm.exe
- %HOMEPATH%\gOEYMkgs\yUQg.exe
- %HOMEPATH%\gOEYMkgs\NwcM.exe
- %HOMEPATH%\gOEYMkgs\DMQm.exe
- %HOMEPATH%\gOEYMkgs\QccA.exe
- %HOMEPATH%\gOEYMkgs\UMEE.exe
- %HOMEPATH%\gOEYMkgs\wIEs.exe
- %HOMEPATH%\gOEYMkgs\icEg.exe
- %HOMEPATH%\gOEYMkgs\SEgO.exe
- %HOMEPATH%\gOEYMkgs\AQgW.exe
- %HOMEPATH%\gOEYMkgs\rYAW.exe
- %HOMEPATH%\gOEYMkgs\CsQa.exe
- %HOMEPATH%\gOEYMkgs\qsQY.exe
- %HOMEPATH%\gOEYMkgs\kUMs.exe
- %HOMEPATH%\gOEYMkgs\NcAC.exe
- %HOMEPATH%\gOEYMkgs\mwsY.exe
- %HOMEPATH%\gOEYMkgs\QUIu.exe
- %HOMEPATH%\gOEYMkgs\BIMY.exe
- %HOMEPATH%\gOEYMkgs\KsAm.exe
- %HOMEPATH%\gOEYMkgs\xcgq.exe
- %HOMEPATH%\gOEYMkgs\fcwo.exe
- %HOMEPATH%\gOEYMkgs\msYQ.exe
- %HOMEPATH%\gOEYMkgs\WoAw.exe
- %HOMEPATH%\gOEYMkgs\rAwk.exe
- %HOMEPATH%\gOEYMkgs\roso.exe
- %HOMEPATH%\gOEYMkgs\MkkO.exe
- %HOMEPATH%\gOEYMkgs\KAga.exe
- %HOMEPATH%\gOEYMkgs\gwoe.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'