Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\gUww.exe
- %TEMP%\WER853d.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\GoMq.exe
- %HOMEPATH%\gOEYMkgs\DgcE.exe
- %HOMEPATH%\gOEYMkgs\SYUE.exe
- %TEMP%\WER853d.dir00\manifest.txt
- %TEMP%\WER853d.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\EMQc.exe
- %HOMEPATH%\gOEYMkgs\FQYM.exe
- %HOMEPATH%\gOEYMkgs\rokG.exe
- %HOMEPATH%\gOEYMkgs\ZAAu.exe
- %TEMP%\WER853d.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\OEAs.exe
- %HOMEPATH%\gOEYMkgs\McwG.exe
- %HOMEPATH%\gOEYMkgs\acIm.exe
- %HOMEPATH%\gOEYMkgs\vUgC.exe
- %HOMEPATH%\gOEYMkgs\bYsO.exe
- %HOMEPATH%\gOEYMkgs\fQEQ.exe
- %HOMEPATH%\gOEYMkgs\pIIa.exe
- %HOMEPATH%\gOEYMkgs\aQMq.exe
- %HOMEPATH%\gOEYMkgs\sIkA.exe
- %HOMEPATH%\gOEYMkgs\gUca.exe
- %HOMEPATH%\gOEYMkgs\sEEW.exe
- %HOMEPATH%\gOEYMkgs\mkYG.exe
- %HOMEPATH%\gOEYMkgs\LcEo.exe
- %HOMEPATH%\gOEYMkgs\QAUc.exe
- %HOMEPATH%\gOEYMkgs\GYwW.exe
- %HOMEPATH%\gOEYMkgs\bUAG.exe
- %HOMEPATH%\gOEYMkgs\dAIA.exe
- %HOMEPATH%\gOEYMkgs\nIsS.exe
- %HOMEPATH%\gOEYMkgs\EIoc.exe
- %HOMEPATH%\gOEYMkgs\GsUe.exe
- %HOMEPATH%\gOEYMkgs\SUYu.exe
- %HOMEPATH%\gOEYMkgs\vUQC.exe
- %HOMEPATH%\gOEYMkgs\RkQo.exe
- %HOMEPATH%\gOEYMkgs\DkIG.exe
- %TEMP%\WER0936.dir00\manifest.txt
- %TEMP%\WER0936.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\EgAa.exe
- %HOMEPATH%\gOEYMkgs\tkcU.exe
- %HOMEPATH%\gOEYMkgs\sEka.exe
- %HOMEPATH%\gOEYMkgs\wQow.exe
- %HOMEPATH%\gOEYMkgs\dIcM.exe
- %HOMEPATH%\gOEYMkgs\BgQq.exe
- %HOMEPATH%\gOEYMkgs\RAoE.exe
- %HOMEPATH%\gOEYMkgs\OskC.exe
- %HOMEPATH%\gOEYMkgs\Dsgq.exe
- %HOMEPATH%\gOEYMkgs\wQwM.exe
- %HOMEPATH%\gOEYMkgs\ToAC.exe
- %HOMEPATH%\gOEYMkgs\zcUM.exe
- %HOMEPATH%\gOEYMkgs\hccs.exe
- %HOMEPATH%\gOEYMkgs\MEEK.exe
- %HOMEPATH%\gOEYMkgs\zEMi.exe
- %HOMEPATH%\gOEYMkgs\pQYM.exe
- %HOMEPATH%\gOEYMkgs\kYUY.exe
- %HOMEPATH%\gOEYMkgs\oYAa.exe
- %HOMEPATH%\gOEYMkgs\Hkco.exe
- %HOMEPATH%\gOEYMkgs\QgEe.exe
- %HOMEPATH%\gOEYMkgs\CoQK.exe
- %HOMEPATH%\gOEYMkgs\towU.exe
- %HOMEPATH%\gOEYMkgs\FEkk.exe
- %TEMP%\WER6873.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER6873.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\GcYi.exe
- %HOMEPATH%\gOEYMkgs\AIoO.exe
- %HOMEPATH%\gOEYMkgs\KUIk.exe
- %HOMEPATH%\gOEYMkgs\dwAQ.exe
- %HOMEPATH%\gOEYMkgs\xggY.exe
- %HOMEPATH%\gOEYMkgs\ysAC.exe
- %HOMEPATH%\gOEYMkgs\jUIC.exe
- %HOMEPATH%\gOEYMkgs\Iwgu.exe
- %TEMP%\WER53ba.dir00\manifest.txt
- %TEMP%\WER53ba.dir00\appcompat.txt
- %TEMP%\WER53ba.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERc928.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WERc928.dir00\manifest.txt
- %TEMP%\WERc928.dir00\appcompat.txt
- %TEMP%\WERc928.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERe5b7.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WER6873.dir00\manifest.txt
- %TEMP%\WER6873.dir00\appcompat.txt
- %TEMP%\WERe5b7.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER53ba.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WERe5b7.dir00\manifest.txt
- %TEMP%\WERe5b7.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\OskK.exe
- %HOMEPATH%\gOEYMkgs\OsUU.exe
- %HOMEPATH%\gOEYMkgs\rQQa.exe
- %HOMEPATH%\gOEYMkgs\RAQG.exe
- %HOMEPATH%\gOEYMkgs\aAcI.exe
- %HOMEPATH%\gOEYMkgs\JEwG.exe
- %HOMEPATH%\gOEYMkgs\mQYW.exe
- %HOMEPATH%\gOEYMkgs\AAkE.exe
- %HOMEPATH%\gOEYMkgs\coMc.exe
- %HOMEPATH%\gOEYMkgs\NYsm.exe
- %HOMEPATH%\gOEYMkgs\DoUo.exe
- %HOMEPATH%\gOEYMkgs\Pswg.exe
- %HOMEPATH%\gOEYMkgs\CAsG.exe
- %HOMEPATH%\gOEYMkgs\RAEM.exe
- %HOMEPATH%\gOEYMkgs\IAYi.exe
- %HOMEPATH%\gOEYMkgs\aUIG.exe
- %TEMP%\WERf2b3.dir00\manifest.txt
- %TEMP%\WERf2b3.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\iEga.exe
- %HOMEPATH%\gOEYMkgs\YYIi.exe
- %HOMEPATH%\gOEYMkgs\nEwI.exe
- %HOMEPATH%\gOEYMkgs\xkUq.exe
- %TEMP%\WERf2b3.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\mwoW.exe
- %HOMEPATH%\gOEYMkgs\EQgy.exe
- %HOMEPATH%\gOEYMkgs\xoEw.exe
- %HOMEPATH%\gOEYMkgs\agoo.exe
- %HOMEPATH%\gOEYMkgs\EEsS.exe
- %TEMP%\WERf2b3.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\uEwe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\CMco.exe
- %HOMEPATH%\gOEYMkgs\jskA.exe
- %TEMP%\WER21b4.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\TwUS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\BsUc.exe
- %HOMEPATH%\gOEYMkgs\BMow.exe
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZIUI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\wocg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\JgMI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %TEMP%\WER21b4.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\AUUc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %TEMP%\WER21b4.dir00\manifest.txt
- %TEMP%\WER21b4.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\qsYm.exe
- %HOMEPATH%\gOEYMkgs\wwkm.exe
- %TEMP%\WERae80.dir00\manifest.txt
- %TEMP%\WERae80.dir00\appcompat.txt
- %TEMP%\WERae80.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\CskK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\MAAa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %TEMP%\WERae80.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\UEwq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\cMcu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\bcog.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\dYMe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\SkMU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\toUy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\hsws.exe
- %HOMEPATH%\gOEYMkgs\TYEm.exe
- %HOMEPATH%\gOEYMkgs\xosQ.exe
- %HOMEPATH%\gOEYMkgs\bEUI.exe
- %HOMEPATH%\gOEYMkgs\JcEq.exe
- %HOMEPATH%\gOEYMkgs\GgQI.exe
- %HOMEPATH%\gOEYMkgs\Okky.exe
- %HOMEPATH%\gOEYMkgs\VcMm.exe
- %HOMEPATH%\gOEYMkgs\aEEU.exe
- %HOMEPATH%\gOEYMkgs\WEsa.exe
- %HOMEPATH%\gOEYMkgs\uYUI.exe
- %HOMEPATH%\gOEYMkgs\wcca.exe
- %HOMEPATH%\gOEYMkgs\Jcgq.exe
- %HOMEPATH%\gOEYMkgs\ZUIG.exe
- %HOMEPATH%\gOEYMkgs\ygMK.exe
- %HOMEPATH%\gOEYMkgs\SkQc.exe
- %HOMEPATH%\gOEYMkgs\EQUk.exe
- %HOMEPATH%\gOEYMkgs\fowY.exe
- %TEMP%\WER0936.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WER0936.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\IYES.exe
- %HOMEPATH%\gOEYMkgs\BAEM.exe
- %HOMEPATH%\gOEYMkgs\rQUy.exe
- %HOMEPATH%\gOEYMkgs\CcoU.exe
- %HOMEPATH%\gOEYMkgs\oAgq.exe
- %HOMEPATH%\gOEYMkgs\PcQk.exe
- %HOMEPATH%\gOEYMkgs\vQEY.exe
- %HOMEPATH%\gOEYMkgs\ZQQy.exe
- %HOMEPATH%\gOEYMkgs\GQIw.exe
- %HOMEPATH%\gOEYMkgs\cswk.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\zoca.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\pMcY.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\skAe.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\PAoq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\Vcsu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\vgww.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\igAs.exe
- %TEMP%\WER9c35.dir00\manifest.txt
- %TEMP%\WER9c35.dir00\appcompat.txt
- %TEMP%\WER9c35.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\HIkm.exe
- %HOMEPATH%\gOEYMkgs\UkMS.exe
- %HOMEPATH%\gOEYMkgs\Kcoi.exe
- %HOMEPATH%\gOEYMkgs\Tcsi.exe
- %HOMEPATH%\gOEYMkgs\SQEi.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\IcAU.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %TEMP%\WER9c35.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\gkYk.exe
- %HOMEPATH%\gOEYMkgs\sEEW.exe
- %HOMEPATH%\gOEYMkgs\mkYG.exe
- %HOMEPATH%\gOEYMkgs\LcEo.exe
- %HOMEPATH%\gOEYMkgs\gUca.exe
- %HOMEPATH%\gOEYMkgs\SYUE.exe
- %HOMEPATH%\gOEYMkgs\GoMq.exe
- %HOMEPATH%\gOEYMkgs\OEAs.exe
- %HOMEPATH%\gOEYMkgs\DgcE.exe
- %HOMEPATH%\gOEYMkgs\gUww.exe
- %HOMEPATH%\gOEYMkgs\fQEQ.exe
- %HOMEPATH%\gOEYMkgs\acIm.exe
- %HOMEPATH%\gOEYMkgs\aQMq.exe
- %HOMEPATH%\gOEYMkgs\sIkA.exe
- %HOMEPATH%\gOEYMkgs\vUgC.exe
- %HOMEPATH%\gOEYMkgs\GYwW.exe
- %HOMEPATH%\gOEYMkgs\bUAG.exe
- %HOMEPATH%\gOEYMkgs\bYsO.exe
- %HOMEPATH%\gOEYMkgs\QAUc.exe
- %HOMEPATH%\gOEYMkgs\McwG.exe
- %HOMEPATH%\gOEYMkgs\OskC.exe
- %HOMEPATH%\gOEYMkgs\kYUY.exe
- %HOMEPATH%\gOEYMkgs\BgQq.exe
- %HOMEPATH%\gOEYMkgs\RAoE.exe
- %HOMEPATH%\gOEYMkgs\oYAa.exe
- %HOMEPATH%\gOEYMkgs\hccs.exe
- %HOMEPATH%\gOEYMkgs\MEEK.exe
- %HOMEPATH%\gOEYMkgs\Hkco.exe
- %HOMEPATH%\gOEYMkgs\pQYM.exe
- %HOMEPATH%\gOEYMkgs\FQYM.exe
- %HOMEPATH%\gOEYMkgs\rokG.exe
- %HOMEPATH%\gOEYMkgs\ZAAu.exe
- %HOMEPATH%\gOEYMkgs\EMQc.exe
- %HOMEPATH%\gOEYMkgs\dAIA.exe
- %HOMEPATH%\gOEYMkgs\zcUM.exe
- %HOMEPATH%\gOEYMkgs\Dsgq.exe
- %HOMEPATH%\gOEYMkgs\wQwM.exe
- %HOMEPATH%\gOEYMkgs\ToAC.exe
- %HOMEPATH%\gOEYMkgs\pIIa.exe
- %HOMEPATH%\gOEYMkgs\dwAQ.exe
- %HOMEPATH%\gOEYMkgs\OskK.exe
- %HOMEPATH%\gOEYMkgs\AIoO.exe
- %HOMEPATH%\gOEYMkgs\KUIk.exe
- %HOMEPATH%\gOEYMkgs\YYIi.exe
- %HOMEPATH%\gOEYMkgs\iEga.exe
- %HOMEPATH%\gOEYMkgs\aUIG.exe
- %HOMEPATH%\gOEYMkgs\nEwI.exe
- %HOMEPATH%\gOEYMkgs\xkUq.exe
- %HOMEPATH%\gOEYMkgs\QgEe.exe
- %HOMEPATH%\gOEYMkgs\CoQK.exe
- %HOMEPATH%\gOEYMkgs\GcYi.exe
- %HOMEPATH%\gOEYMkgs\FEkk.exe
- %HOMEPATH%\gOEYMkgs\towU.exe
- %HOMEPATH%\gOEYMkgs\Iwgu.exe
- %HOMEPATH%\gOEYMkgs\xggY.exe
- %HOMEPATH%\gOEYMkgs\ysAC.exe
- %HOMEPATH%\gOEYMkgs\jUIC.exe
- %HOMEPATH%\gOEYMkgs\agoo.exe
- %HOMEPATH%\gOEYMkgs\CAsG.exe
- %HOMEPATH%\gOEYMkgs\RAEM.exe
- %HOMEPATH%\gOEYMkgs\rQQa.exe
- %HOMEPATH%\gOEYMkgs\RAQG.exe
- %HOMEPATH%\gOEYMkgs\IAYi.exe
- %HOMEPATH%\gOEYMkgs\NYsm.exe
- %HOMEPATH%\gOEYMkgs\DoUo.exe
- %HOMEPATH%\gOEYMkgs\Pswg.exe
- %HOMEPATH%\gOEYMkgs\coMc.exe
- %HOMEPATH%\gOEYMkgs\mwoW.exe
- %HOMEPATH%\gOEYMkgs\EQgy.exe
- %HOMEPATH%\gOEYMkgs\EEsS.exe
- %HOMEPATH%\gOEYMkgs\xoEw.exe
- %HOMEPATH%\gOEYMkgs\JEwG.exe
- %HOMEPATH%\gOEYMkgs\aAcI.exe
- %HOMEPATH%\gOEYMkgs\OsUU.exe
- %HOMEPATH%\gOEYMkgs\mQYW.exe
- %HOMEPATH%\gOEYMkgs\AAkE.exe
- %HOMEPATH%\gOEYMkgs\zEMi.exe
- %HOMEPATH%\gOEYMkgs\vgww.exe
- %HOMEPATH%\gOEYMkgs\igAs.exe
- %HOMEPATH%\gOEYMkgs\pMcY.exe
- %HOMEPATH%\gOEYMkgs\zoca.exe
- %HOMEPATH%\gOEYMkgs\PAoq.exe
- %HOMEPATH%\gOEYMkgs\wocg.exe
- %HOMEPATH%\gOEYMkgs\ZIUI.exe
- %HOMEPATH%\gOEYMkgs\Vcsu.exe
- %HOMEPATH%\gOEYMkgs\JgMI.exe
- %HOMEPATH%\gOEYMkgs\Kcoi.exe
- %HOMEPATH%\gOEYMkgs\Tcsi.exe
- %HOMEPATH%\gOEYMkgs\cswk.exe
- %HOMEPATH%\gOEYMkgs\UkMS.exe
- %HOMEPATH%\gOEYMkgs\HIkm.exe
- %HOMEPATH%\gOEYMkgs\IcAU.exe
- %HOMEPATH%\gOEYMkgs\skAe.exe
- %HOMEPATH%\gOEYMkgs\gkYk.exe
- %HOMEPATH%\gOEYMkgs\SQEi.exe
- %HOMEPATH%\gOEYMkgs\qsYm.exe
- %HOMEPATH%\gOEYMkgs\UEwq.exe
- %HOMEPATH%\gOEYMkgs\toUy.exe
- %HOMEPATH%\gOEYMkgs\bcog.exe
- %HOMEPATH%\gOEYMkgs\cMcu.exe
- %HOMEPATH%\gOEYMkgs\hsws.exe
- %HOMEPATH%\gOEYMkgs\MAAa.exe
- %HOMEPATH%\gOEYMkgs\CskK.exe
- %HOMEPATH%\gOEYMkgs\dYMe.exe
- %HOMEPATH%\gOEYMkgs\SkMU.exe
- %HOMEPATH%\gOEYMkgs\CMco.exe
- %HOMEPATH%\gOEYMkgs\uEwe.exe
- %HOMEPATH%\gOEYMkgs\AUUc.exe
- %HOMEPATH%\gOEYMkgs\jskA.exe
- %HOMEPATH%\gOEYMkgs\BMow.exe
- %HOMEPATH%\gOEYMkgs\TwUS.exe
- %HOMEPATH%\gOEYMkgs\wwkm.exe
- %TEMP%\EekUkMQw.bat
- %HOMEPATH%\gOEYMkgs\BsUc.exe
- %HOMEPATH%\gOEYMkgs\uYUI.exe
- %HOMEPATH%\gOEYMkgs\EgAa.exe
- %HOMEPATH%\gOEYMkgs\IYES.exe
- %HOMEPATH%\gOEYMkgs\dIcM.exe
- %HOMEPATH%\gOEYMkgs\tkcU.exe
- %HOMEPATH%\gOEYMkgs\BAEM.exe
- %HOMEPATH%\gOEYMkgs\fowY.exe
- %HOMEPATH%\gOEYMkgs\vQEY.exe
- %HOMEPATH%\gOEYMkgs\SkQc.exe
- %HOMEPATH%\gOEYMkgs\EQUk.exe
- %HOMEPATH%\gOEYMkgs\DkIG.exe
- %HOMEPATH%\gOEYMkgs\SUYu.exe
- %HOMEPATH%\gOEYMkgs\vUQC.exe
- %HOMEPATH%\gOEYMkgs\RkQo.exe
- %HOMEPATH%\gOEYMkgs\nIsS.exe
- %HOMEPATH%\gOEYMkgs\sEka.exe
- %HOMEPATH%\gOEYMkgs\wQow.exe
- %HOMEPATH%\gOEYMkgs\EIoc.exe
- %HOMEPATH%\gOEYMkgs\GsUe.exe
- %HOMEPATH%\gOEYMkgs\ZQQy.exe
- %HOMEPATH%\gOEYMkgs\bEUI.exe
- %HOMEPATH%\gOEYMkgs\Jcgq.exe
- %HOMEPATH%\gOEYMkgs\TYEm.exe
- %HOMEPATH%\gOEYMkgs\xosQ.exe
- %HOMEPATH%\gOEYMkgs\ZUIG.exe
- %HOMEPATH%\gOEYMkgs\aEEU.exe
- %HOMEPATH%\gOEYMkgs\WEsa.exe
- %HOMEPATH%\gOEYMkgs\ygMK.exe
- %HOMEPATH%\gOEYMkgs\wcca.exe
- %HOMEPATH%\gOEYMkgs\rQUy.exe
- %HOMEPATH%\gOEYMkgs\CcoU.exe
- %HOMEPATH%\gOEYMkgs\GQIw.exe
- %HOMEPATH%\gOEYMkgs\PcQk.exe
- %HOMEPATH%\gOEYMkgs\oAgq.exe
- %HOMEPATH%\gOEYMkgs\VcMm.exe
- %HOMEPATH%\gOEYMkgs\JcEq.exe
- %HOMEPATH%\gOEYMkgs\GgQI.exe
- %HOMEPATH%\gOEYMkgs\Okky.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'