Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\wwQY.exe
- %HOMEPATH%\gOEYMkgs\qQIK.exe
- %HOMEPATH%\gOEYMkgs\ioEM.exe
- %HOMEPATH%\gOEYMkgs\RUwE.exe
- %HOMEPATH%\gOEYMkgs\tYQI.exe
- %HOMEPATH%\gOEYMkgs\yYYg.exe
- %HOMEPATH%\gOEYMkgs\cIAm.exe
- %HOMEPATH%\gOEYMkgs\YsIO.exe
- %HOMEPATH%\gOEYMkgs\PQQM.exe
- %HOMEPATH%\gOEYMkgs\hgoe.exe
- %HOMEPATH%\gOEYMkgs\Zwsq.exe
- %HOMEPATH%\gOEYMkgs\FMci.exe
- %HOMEPATH%\gOEYMkgs\pAMk.exe
- %HOMEPATH%\gOEYMkgs\BAsO.exe
- %HOMEPATH%\gOEYMkgs\AAME.exe
- %HOMEPATH%\gOEYMkgs\yEMc.exe
- %HOMEPATH%\gOEYMkgs\fsce.exe
- %HOMEPATH%\gOEYMkgs\sIUO.exe
- %HOMEPATH%\gOEYMkgs\KgUU.exe
- %HOMEPATH%\gOEYMkgs\oMAM.exe
- %HOMEPATH%\gOEYMkgs\NgkY.exe
- %HOMEPATH%\gOEYMkgs\CcUq.exe
- %HOMEPATH%\gOEYMkgs\VAIe.exe
- %HOMEPATH%\gOEYMkgs\vUgi.exe
- %HOMEPATH%\gOEYMkgs\Wkcy.exe
- %HOMEPATH%\gOEYMkgs\gMwm.exe
- %HOMEPATH%\gOEYMkgs\VQIo.exe
- %HOMEPATH%\gOEYMkgs\kUIA.exe
- %HOMEPATH%\gOEYMkgs\RkIo.exe
- %HOMEPATH%\gOEYMkgs\ggAq.exe
- %HOMEPATH%\gOEYMkgs\lccW.exe
- %HOMEPATH%\gOEYMkgs\AEcS.exe
- %HOMEPATH%\gOEYMkgs\VAci.exe
- %HOMEPATH%\gOEYMkgs\SUYS.exe
- %HOMEPATH%\gOEYMkgs\qAAs.exe
- %HOMEPATH%\gOEYMkgs\FAUU.exe
- %HOMEPATH%\gOEYMkgs\mwkI.exe
- %HOMEPATH%\gOEYMkgs\nkcg.exe
- %HOMEPATH%\gOEYMkgs\NUMa.exe
- %HOMEPATH%\gOEYMkgs\owAG.exe
- %TEMP%\WER68f8.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\UAsO.exe
- %HOMEPATH%\gOEYMkgs\GMIa.exe
- %TEMP%\WER68f8.dir00\manifest.txt
- %TEMP%\WER68f8.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\Sksg.exe
- %HOMEPATH%\gOEYMkgs\OIAq.exe
- %HOMEPATH%\gOEYMkgs\BUcm.exe
- %TEMP%\WER68f8.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\icky.exe
- %HOMEPATH%\gOEYMkgs\dgIy.exe
- %HOMEPATH%\gOEYMkgs\PQcc.exe
- %HOMEPATH%\gOEYMkgs\zIUQ.exe
- %HOMEPATH%\gOEYMkgs\lIIs.exe
- %HOMEPATH%\gOEYMkgs\FAYU.exe
- %HOMEPATH%\gOEYMkgs\ecUk.exe
- %HOMEPATH%\gOEYMkgs\cEsA.exe
- %HOMEPATH%\gOEYMkgs\XgQk.exe
- %HOMEPATH%\gOEYMkgs\zoAE.exe
- %HOMEPATH%\gOEYMkgs\EUoe.exe
- %HOMEPATH%\gOEYMkgs\UAYy.exe
- %HOMEPATH%\gOEYMkgs\kAEI.exe
- %HOMEPATH%\gOEYMkgs\IAcK.exe
- %HOMEPATH%\gOEYMkgs\UIUQ.exe
- %HOMEPATH%\gOEYMkgs\QYkG.exe
- %HOMEPATH%\gOEYMkgs\MAkI.exe
- %HOMEPATH%\gOEYMkgs\qwkg.exe
- %HOMEPATH%\gOEYMkgs\cIYS.exe
- %HOMEPATH%\gOEYMkgs\Xoka.exe
- %HOMEPATH%\gOEYMkgs\sIAO.exe
- %HOMEPATH%\gOEYMkgs\WkAg.exe
- %HOMEPATH%\gOEYMkgs\HAEQ.exe
- %HOMEPATH%\gOEYMkgs\PEcq.exe
- %HOMEPATH%\gOEYMkgs\JYMI.exe
- %HOMEPATH%\gOEYMkgs\mAMq.exe
- %HOMEPATH%\gOEYMkgs\vkMQ.exe
- %HOMEPATH%\gOEYMkgs\rwoS.exe
- %HOMEPATH%\gOEYMkgs\hUco.exe
- %HOMEPATH%\gOEYMkgs\BgAa.exe
- %HOMEPATH%\gOEYMkgs\ZwMg.exe
- %HOMEPATH%\gOEYMkgs\lYMk.exe
- %HOMEPATH%\gOEYMkgs\BIoO.exe
- %HOMEPATH%\gOEYMkgs\jUEC.exe
- %HOMEPATH%\gOEYMkgs\QggU.exe
- %HOMEPATH%\gOEYMkgs\cscE.exe
- %HOMEPATH%\gOEYMkgs\LQsE.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\YwEI.exe
- %HOMEPATH%\gOEYMkgs\dEMI.exe
- %HOMEPATH%\gOEYMkgs\pgMO.exe
- %HOMEPATH%\gOEYMkgs\DEkg.exe
- %HOMEPATH%\gOEYMkgs\WQMk.exe
- %HOMEPATH%\gOEYMkgs\lowi.exe
- %HOMEPATH%\gOEYMkgs\XwIq.exe
- %HOMEPATH%\gOEYMkgs\uYIy.exe
- %HOMEPATH%\gOEYMkgs\agYa.exe
- %HOMEPATH%\gOEYMkgs\MkkQ.exe
- %HOMEPATH%\gOEYMkgs\qIQY.exe
- %HOMEPATH%\gOEYMkgs\CkEc.exe
- %HOMEPATH%\gOEYMkgs\VwEU.exe
- %HOMEPATH%\gOEYMkgs\UwMQ.exe
- %HOMEPATH%\gOEYMkgs\QQsk.exe
- %TEMP%\WER9d2c.dir00\manifest.txt
- %TEMP%\WER9d2c.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\uEgG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\cwIq.exe
- %HOMEPATH%\gOEYMkgs\UIsC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\wkww.exe
- %HOMEPATH%\gOEYMkgs\sgQY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %TEMP%\WER9d2c.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\bsAQ.exe
- %TEMP%\WER025d.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %TEMP%\WER025d.dir00\manifest.txt
- %TEMP%\WER025d.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\rcQS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\TkUi.exe
- %HOMEPATH%\gOEYMkgs\iUAA.exe
- %TEMP%\WER025d.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %TEMP%\WER9d2c.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WER1c88.dir00\appcompat.txt
- %TEMP%\WER1c88.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER1c88.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\Pkgq.exe
- %TEMP%\WER1c88.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\DgoS.exe
- %HOMEPATH%\gOEYMkgs\QEEQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\psgs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\okkk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\PYsE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\EYsq.exe
- %HOMEPATH%\gOEYMkgs\eEMS.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\Ekgk.exe
- %HOMEPATH%\gOEYMkgs\XEow.exe
- %HOMEPATH%\gOEYMkgs\GwUM.exe
- %HOMEPATH%\gOEYMkgs\DkEQ.exe
- %HOMEPATH%\gOEYMkgs\MIUU.exe
- %TEMP%\WER79a6.dir00\manifest.txt
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\poUW.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\OUkw.exe
- %TEMP%\WERf54a.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\qEUM.exe
- %HOMEPATH%\gOEYMkgs\zEMS.exe
- %TEMP%\WERf54a.dir00\manifest.txt
- %TEMP%\WERf54a.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\KQkY.exe
- %HOMEPATH%\gOEYMkgs\iMog.exe
- %HOMEPATH%\gOEYMkgs\PAEw.exe
- %HOMEPATH%\gOEYMkgs\oswK.exe
- %TEMP%\WERf54a.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\ncEa.exe
- %HOMEPATH%\gOEYMkgs\Bgoi.exe
- %TEMP%\WER79a6.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\zsIq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\qwEQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\tIok.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\BMAg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\skow.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\QsUG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\ScoU.exe
- %HOMEPATH%\gOEYMkgs\Awsg.exe
- %TEMP%\WER79a6.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\gUIG.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %TEMP%\WER79a6.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\Bkss.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\kYsy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\kEsk.exe
- %HOMEPATH%\gOEYMkgs\QggU.exe
- %HOMEPATH%\gOEYMkgs\cscE.exe
- %HOMEPATH%\gOEYMkgs\YwEI.exe
- %HOMEPATH%\gOEYMkgs\dEMI.exe
- %HOMEPATH%\gOEYMkgs\sIUO.exe
- %HOMEPATH%\gOEYMkgs\KgUU.exe
- %HOMEPATH%\gOEYMkgs\LQsE.exe
- %HOMEPATH%\gOEYMkgs\fsce.exe
- %HOMEPATH%\gOEYMkgs\ZwMg.exe
- %HOMEPATH%\gOEYMkgs\pgMO.exe
- %HOMEPATH%\gOEYMkgs\lYMk.exe
- %HOMEPATH%\gOEYMkgs\qIQY.exe
- %HOMEPATH%\gOEYMkgs\CkEc.exe
- %HOMEPATH%\gOEYMkgs\hUco.exe
- %HOMEPATH%\gOEYMkgs\BgAa.exe
- %HOMEPATH%\gOEYMkgs\BIoO.exe
- %HOMEPATH%\gOEYMkgs\jUEC.exe
- %HOMEPATH%\gOEYMkgs\BAsO.exe
- %HOMEPATH%\gOEYMkgs\yYYg.exe
- %HOMEPATH%\gOEYMkgs\wwQY.exe
- %HOMEPATH%\gOEYMkgs\RUwE.exe
- %HOMEPATH%\gOEYMkgs\tYQI.exe
- %HOMEPATH%\gOEYMkgs\hgoe.exe
- %HOMEPATH%\gOEYMkgs\Zwsq.exe
- %HOMEPATH%\gOEYMkgs\qQIK.exe
- %HOMEPATH%\gOEYMkgs\ioEM.exe
- %HOMEPATH%\gOEYMkgs\pAMk.exe
- %HOMEPATH%\gOEYMkgs\VAIe.exe
- %HOMEPATH%\gOEYMkgs\vUgi.exe
- %HOMEPATH%\gOEYMkgs\AAME.exe
- %HOMEPATH%\gOEYMkgs\yEMc.exe
- %HOMEPATH%\gOEYMkgs\NgkY.exe
- %HOMEPATH%\gOEYMkgs\CcUq.exe
- %HOMEPATH%\gOEYMkgs\Wkcy.exe
- %HOMEPATH%\gOEYMkgs\oMAM.exe
- %HOMEPATH%\gOEYMkgs\UIUQ.exe
- %HOMEPATH%\gOEYMkgs\FAYU.exe
- %HOMEPATH%\gOEYMkgs\HAEQ.exe
- %HOMEPATH%\gOEYMkgs\PEcq.exe
- %HOMEPATH%\gOEYMkgs\PQcc.exe
- %HOMEPATH%\gOEYMkgs\zIUQ.exe
- %HOMEPATH%\gOEYMkgs\ecUk.exe
- %HOMEPATH%\gOEYMkgs\cEsA.exe
- %HOMEPATH%\gOEYMkgs\WkAg.exe
- %HOMEPATH%\gOEYMkgs\QYkG.exe
- %HOMEPATH%\gOEYMkgs\MAkI.exe
- %HOMEPATH%\gOEYMkgs\Xoka.exe
- %HOMEPATH%\gOEYMkgs\sIAO.exe
- %HOMEPATH%\gOEYMkgs\mAMq.exe
- %HOMEPATH%\gOEYMkgs\vkMQ.exe
- %HOMEPATH%\gOEYMkgs\qwkg.exe
- %HOMEPATH%\gOEYMkgs\JYMI.exe
- %HOMEPATH%\gOEYMkgs\lIIs.exe
- %HOMEPATH%\gOEYMkgs\WQMk.exe
- %HOMEPATH%\gOEYMkgs\lowi.exe
- %HOMEPATH%\gOEYMkgs\agYa.exe
- %HOMEPATH%\gOEYMkgs\DEkg.exe
- %HOMEPATH%\gOEYMkgs\QQsk.exe
- %HOMEPATH%\gOEYMkgs\MkkQ.exe
- %HOMEPATH%\gOEYMkgs\VwEU.exe
- %HOMEPATH%\gOEYMkgs\UwMQ.exe
- %HOMEPATH%\gOEYMkgs\uYIy.exe
- %HOMEPATH%\gOEYMkgs\IAcK.exe
- %HOMEPATH%\gOEYMkgs\XgQk.exe
- %HOMEPATH%\gOEYMkgs\UAYy.exe
- %HOMEPATH%\gOEYMkgs\kAEI.exe
- %HOMEPATH%\gOEYMkgs\rwoS.exe
- %HOMEPATH%\gOEYMkgs\XwIq.exe
- %HOMEPATH%\gOEYMkgs\zoAE.exe
- %HOMEPATH%\gOEYMkgs\EUoe.exe
- %HOMEPATH%\gOEYMkgs\FMci.exe
- %HOMEPATH%\gOEYMkgs\ScoU.exe
- %HOMEPATH%\gOEYMkgs\tIok.exe
- %HOMEPATH%\gOEYMkgs\kEsk.exe
- %HOMEPATH%\gOEYMkgs\Bkss.exe
- %HOMEPATH%\gOEYMkgs\QsUG.exe
- %HOMEPATH%\gOEYMkgs\BMAg.exe
- %HOMEPATH%\gOEYMkgs\zsIq.exe
- %HOMEPATH%\gOEYMkgs\qwEQ.exe
- %HOMEPATH%\gOEYMkgs\kYsy.exe
- %HOMEPATH%\gOEYMkgs\eEMS.exe
- %HOMEPATH%\gOEYMkgs\Ekgk.exe
- %HOMEPATH%\gOEYMkgs\GwUM.exe
- %HOMEPATH%\gOEYMkgs\DkEQ.exe
- %HOMEPATH%\gOEYMkgs\gUIG.exe
- %HOMEPATH%\gOEYMkgs\Awsg.exe
- %HOMEPATH%\gOEYMkgs\poUW.exe
- %HOMEPATH%\gOEYMkgs\MIUU.exe
- %HOMEPATH%\gOEYMkgs\skow.exe
- %TEMP%\uqkQkkwQ.bat
- %HOMEPATH%\gOEYMkgs\PYsE.exe
- %HOMEPATH%\gOEYMkgs\psgs.exe
- %HOMEPATH%\gOEYMkgs\QEEQ.exe
- %HOMEPATH%\gOEYMkgs\DgoS.exe
- %HOMEPATH%\gOEYMkgs\Pkgq.exe
- %HOMEPATH%\gOEYMkgs\EYsq.exe
- %HOMEPATH%\gOEYMkgs\okkk.exe
- %HOMEPATH%\gOEYMkgs\wkww.exe
- %HOMEPATH%\gOEYMkgs\rcQS.exe
- %HOMEPATH%\gOEYMkgs\TkUi.exe
- %HOMEPATH%\gOEYMkgs\bsAQ.exe
- %HOMEPATH%\gOEYMkgs\iUAA.exe
- %HOMEPATH%\gOEYMkgs\sgQY.exe
- %HOMEPATH%\gOEYMkgs\UIsC.exe
- %HOMEPATH%\gOEYMkgs\uEgG.exe
- %HOMEPATH%\gOEYMkgs\cwIq.exe
- %HOMEPATH%\gOEYMkgs\BUcm.exe
- %HOMEPATH%\gOEYMkgs\NUMa.exe
- %HOMEPATH%\gOEYMkgs\Sksg.exe
- %HOMEPATH%\gOEYMkgs\OIAq.exe
- %HOMEPATH%\gOEYMkgs\AEcS.exe
- %HOMEPATH%\gOEYMkgs\VQIo.exe
- %HOMEPATH%\gOEYMkgs\ggAq.exe
- %HOMEPATH%\gOEYMkgs\lccW.exe
- %HOMEPATH%\gOEYMkgs\dgIy.exe
- %HOMEPATH%\gOEYMkgs\PQQM.exe
- %HOMEPATH%\gOEYMkgs\gMwm.exe
- %HOMEPATH%\gOEYMkgs\cIAm.exe
- %HOMEPATH%\gOEYMkgs\YsIO.exe
- %HOMEPATH%\gOEYMkgs\UAsO.exe
- %HOMEPATH%\gOEYMkgs\icky.exe
- %HOMEPATH%\gOEYMkgs\GMIa.exe
- %HOMEPATH%\gOEYMkgs\owAG.exe
- %HOMEPATH%\gOEYMkgs\kUIA.exe
- %HOMEPATH%\gOEYMkgs\Bgoi.exe
- %HOMEPATH%\gOEYMkgs\iMog.exe
- %HOMEPATH%\gOEYMkgs\zEMS.exe
- %HOMEPATH%\gOEYMkgs\ncEa.exe
- %HOMEPATH%\gOEYMkgs\OUkw.exe
- %HOMEPATH%\gOEYMkgs\XEow.exe
- %HOMEPATH%\gOEYMkgs\PAEw.exe
- %HOMEPATH%\gOEYMkgs\oswK.exe
- %HOMEPATH%\gOEYMkgs\qEUM.exe
- %HOMEPATH%\gOEYMkgs\mwkI.exe
- %HOMEPATH%\gOEYMkgs\nkcg.exe
- %HOMEPATH%\gOEYMkgs\RkIo.exe
- %HOMEPATH%\gOEYMkgs\FAUU.exe
- %HOMEPATH%\gOEYMkgs\qAAs.exe
- %HOMEPATH%\gOEYMkgs\KQkY.exe
- %HOMEPATH%\gOEYMkgs\VAci.exe
- %HOMEPATH%\gOEYMkgs\SUYS.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'