Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\jsUa.exe
- %HOMEPATH%\gOEYMkgs\uMMy.exe
- %HOMEPATH%\gOEYMkgs\dAom.exe
- %HOMEPATH%\gOEYMkgs\SIsy.exe
- %HOMEPATH%\gOEYMkgs\MMAw.exe
- %HOMEPATH%\gOEYMkgs\YQgm.exe
- %HOMEPATH%\gOEYMkgs\swcm.exe
- %HOMEPATH%\gOEYMkgs\AcQW.exe
- %HOMEPATH%\gOEYMkgs\uUkO.exe
- %HOMEPATH%\gOEYMkgs\Wccq.exe
- %HOMEPATH%\gOEYMkgs\msYC.exe
- %HOMEPATH%\gOEYMkgs\Bgks.exe
- %HOMEPATH%\gOEYMkgs\WcEE.exe
- %HOMEPATH%\gOEYMkgs\gcke.exe
- %HOMEPATH%\gOEYMkgs\OoYu.exe
- %HOMEPATH%\gOEYMkgs\XEoG.exe
- %HOMEPATH%\gOEYMkgs\VAIO.exe
- %HOMEPATH%\gOEYMkgs\NUga.exe
- %HOMEPATH%\gOEYMkgs\ugcg.exe
- %HOMEPATH%\gOEYMkgs\goUA.exe
- %HOMEPATH%\gOEYMkgs\qwEk.exe
- %HOMEPATH%\gOEYMkgs\MEcM.exe
- %HOMEPATH%\gOEYMkgs\yssG.exe
- %HOMEPATH%\gOEYMkgs\awIa.exe
- %HOMEPATH%\gOEYMkgs\xwMM.exe
- %HOMEPATH%\gOEYMkgs\EkwG.exe
- %HOMEPATH%\gOEYMkgs\VYQQ.exe
- %HOMEPATH%\gOEYMkgs\iMwu.exe
- %HOMEPATH%\gOEYMkgs\oAco.exe
- %HOMEPATH%\gOEYMkgs\zMkO.exe
- %HOMEPATH%\gOEYMkgs\pkEm.exe
- %HOMEPATH%\gOEYMkgs\KgwO.exe
- %HOMEPATH%\gOEYMkgs\hkoE.exe
- %HOMEPATH%\gOEYMkgs\GcsI.exe
- %HOMEPATH%\gOEYMkgs\PsUg.exe
- %HOMEPATH%\gOEYMkgs\EgUG.exe
- %HOMEPATH%\gOEYMkgs\TYgg.exe
- %HOMEPATH%\gOEYMkgs\qUok.exe
- %HOMEPATH%\gOEYMkgs\vsoU.exe
- %HOMEPATH%\gOEYMkgs\YAMM.exe
- %HOMEPATH%\gOEYMkgs\ZYYc.exe
- %HOMEPATH%\gOEYMkgs\uMMQ.exe
- %HOMEPATH%\gOEYMkgs\Lgku.exe
- %HOMEPATH%\gOEYMkgs\yYca.exe
- %HOMEPATH%\gOEYMkgs\KsIU.exe
- %HOMEPATH%\gOEYMkgs\ycsS.exe
- %HOMEPATH%\gOEYMkgs\Xcoa.exe
- %HOMEPATH%\gOEYMkgs\EQgU.exe
- %HOMEPATH%\gOEYMkgs\IYEK.exe
- %HOMEPATH%\gOEYMkgs\nosa.exe
- %HOMEPATH%\gOEYMkgs\GkYu.exe
- %HOMEPATH%\gOEYMkgs\zgEC.exe
- %HOMEPATH%\gOEYMkgs\foks.exe
- %HOMEPATH%\gOEYMkgs\QMYE.exe
- %HOMEPATH%\gOEYMkgs\jksw.exe
- %HOMEPATH%\gOEYMkgs\WYoo.exe
- %HOMEPATH%\gOEYMkgs\KgIo.exe
- %HOMEPATH%\gOEYMkgs\uUQu.exe
- %HOMEPATH%\gOEYMkgs\hUgI.exe
- %HOMEPATH%\gOEYMkgs\MoYq.exe
- %HOMEPATH%\gOEYMkgs\RQAG.exe
- %HOMEPATH%\gOEYMkgs\iUkq.exe
- %HOMEPATH%\gOEYMkgs\JMYs.exe
- %HOMEPATH%\gOEYMkgs\OUQm.exe
- %TEMP%\WER928c.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER928c.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\MgAe.exe
- %TEMP%\WER1175.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WER928c.dir00\manifest.txt
- %TEMP%\WER928c.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\QUYi.exe
- %HOMEPATH%\gOEYMkgs\XIEe.exe
- %HOMEPATH%\gOEYMkgs\HEcY.exe
- %HOMEPATH%\gOEYMkgs\WAoC.exe
- %HOMEPATH%\gOEYMkgs\lIsK.exe
- %HOMEPATH%\gOEYMkgs\pgYU.exe
- %HOMEPATH%\gOEYMkgs\ckMA.exe
- %TEMP%\WER2445.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\oEIc.exe
- %HOMEPATH%\gOEYMkgs\BAcY.exe
- %HOMEPATH%\gOEYMkgs\UEYW.exe
- %HOMEPATH%\gOEYMkgs\XAwm.exe
- %TEMP%\WER2445.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\CMwA.exe
- %TEMP%\WER2445.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\KIYo.exe
- %TEMP%\WER2445.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\ZwYU.exe
- %HOMEPATH%\gOEYMkgs\FcIo.exe
- %HOMEPATH%\gOEYMkgs\iMwY.exe
- %HOMEPATH%\gOEYMkgs\CoQA.exe
- %HOMEPATH%\gOEYMkgs\bcwU.exe
- %HOMEPATH%\gOEYMkgs\gocU.exe
- %HOMEPATH%\gOEYMkgs\GYQS.exe
- %HOMEPATH%\gOEYMkgs\LEAS.exe
- %HOMEPATH%\gOEYMkgs\QIAm.exe
- %HOMEPATH%\gOEYMkgs\DMUW.exe
- %HOMEPATH%\gOEYMkgs\TYAq.exe
- %HOMEPATH%\gOEYMkgs\GIsS.exe
- %HOMEPATH%\gOEYMkgs\QAAQ.exe
- %HOMEPATH%\gOEYMkgs\nwMk.exe
- %HOMEPATH%\gOEYMkgs\lEMm.exe
- %HOMEPATH%\gOEYMkgs\TEwQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\dAsw.exe
- %TEMP%\WERdce7.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\nAga.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\Foou.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\MEIC.exe
- %TEMP%\WERdce7.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERdce7.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\CoIm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\IIgm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\HUkM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\FYQO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\ywAM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZYoS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\aMMY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %TEMP%\WER5991.dir00\manifest.txt
- %TEMP%\WER5991.dir00\appcompat.txt
- %TEMP%\WER5991.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\ackW.exe
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER5991.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\NwQo.exe
- %TEMP%\WERdce7.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\ZgsS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\DEgi.exe
- %HOMEPATH%\gOEYMkgs\CscU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\McAu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\oEcu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\zMMA.exe
- %HOMEPATH%\gOEYMkgs\PYUG.exe
- %HOMEPATH%\gOEYMkgs\kMgk.exe
- %HOMEPATH%\gOEYMkgs\dUkI.exe
- %HOMEPATH%\gOEYMkgs\fwAs.exe
- %HOMEPATH%\gOEYMkgs\HAYO.exe
- %HOMEPATH%\gOEYMkgs\Igss.exe
- %HOMEPATH%\gOEYMkgs\ygYG.exe
- %HOMEPATH%\gOEYMkgs\NEgu.exe
- %HOMEPATH%\gOEYMkgs\ZYgI.exe
- %HOMEPATH%\gOEYMkgs\HMoC.exe
- %HOMEPATH%\gOEYMkgs\zYUO.exe
- %HOMEPATH%\gOEYMkgs\VwEG.exe
- %HOMEPATH%\gOEYMkgs\PcAE.exe
- %HOMEPATH%\gOEYMkgs\joMe.exe
- %HOMEPATH%\gOEYMkgs\HgQq.exe
- %HOMEPATH%\gOEYMkgs\XIwi.exe
- %HOMEPATH%\gOEYMkgs\YYkq.exe
- %HOMEPATH%\gOEYMkgs\UUYU.exe
- %HOMEPATH%\gOEYMkgs\YwQO.exe
- %HOMEPATH%\gOEYMkgs\SoQG.exe
- %HOMEPATH%\gOEYMkgs\PsME.exe
- %HOMEPATH%\gOEYMkgs\nsUs.exe
- %HOMEPATH%\gOEYMkgs\UoQM.exe
- %HOMEPATH%\gOEYMkgs\HsMY.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\gIMA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\ncEg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\jEAa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\PQoK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\Ysom.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\hsMs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\jUYY.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\qQsG.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\AsYq.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\FYcG.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\GUwq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\HUAM.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\Qokm.exe
- %HOMEPATH%\gOEYMkgs\awIa.exe
- %HOMEPATH%\gOEYMkgs\xwMM.exe
- %HOMEPATH%\gOEYMkgs\XEoG.exe
- %HOMEPATH%\gOEYMkgs\yssG.exe
- %HOMEPATH%\gOEYMkgs\goUA.exe
- %HOMEPATH%\gOEYMkgs\WcEE.exe
- %HOMEPATH%\gOEYMkgs\SIsy.exe
- %HOMEPATH%\gOEYMkgs\qwEk.exe
- %HOMEPATH%\gOEYMkgs\MEcM.exe
- %HOMEPATH%\gOEYMkgs\CMwA.exe
- %HOMEPATH%\gOEYMkgs\KIYo.exe
- %HOMEPATH%\gOEYMkgs\ZwYU.exe
- %HOMEPATH%\gOEYMkgs\FcIo.exe
- %HOMEPATH%\gOEYMkgs\VAIO.exe
- %HOMEPATH%\gOEYMkgs\gcke.exe
- %HOMEPATH%\gOEYMkgs\OoYu.exe
- %HOMEPATH%\gOEYMkgs\NUga.exe
- %HOMEPATH%\gOEYMkgs\ugcg.exe
- %HOMEPATH%\gOEYMkgs\MMAw.exe
- %HOMEPATH%\gOEYMkgs\Lgku.exe
- %HOMEPATH%\gOEYMkgs\yYca.exe
- %HOMEPATH%\gOEYMkgs\uUkO.exe
- %HOMEPATH%\gOEYMkgs\EkwG.exe
- %HOMEPATH%\gOEYMkgs\KsIU.exe
- %HOMEPATH%\gOEYMkgs\uMMQ.exe
- %HOMEPATH%\gOEYMkgs\IYEK.exe
- %HOMEPATH%\gOEYMkgs\YAMM.exe
- %HOMEPATH%\gOEYMkgs\ZYYc.exe
- %HOMEPATH%\gOEYMkgs\uMMy.exe
- %HOMEPATH%\gOEYMkgs\dAom.exe
- %HOMEPATH%\gOEYMkgs\YQgm.exe
- %HOMEPATH%\gOEYMkgs\jsUa.exe
- %HOMEPATH%\gOEYMkgs\Wccq.exe
- %HOMEPATH%\gOEYMkgs\swcm.exe
- %HOMEPATH%\gOEYMkgs\AcQW.exe
- %HOMEPATH%\gOEYMkgs\msYC.exe
- %HOMEPATH%\gOEYMkgs\Bgks.exe
- %HOMEPATH%\gOEYMkgs\BAcY.exe
- %HOMEPATH%\gOEYMkgs\zgEC.exe
- %HOMEPATH%\gOEYMkgs\foks.exe
- %HOMEPATH%\gOEYMkgs\WYoo.exe
- %HOMEPATH%\gOEYMkgs\KgIo.exe
- %HOMEPATH%\gOEYMkgs\QMYE.exe
- %HOMEPATH%\gOEYMkgs\JMYs.exe
- %HOMEPATH%\gOEYMkgs\uUQu.exe
- %HOMEPATH%\gOEYMkgs\RQAG.exe
- %HOMEPATH%\gOEYMkgs\iUkq.exe
- %HOMEPATH%\gOEYMkgs\lIsK.exe
- %HOMEPATH%\gOEYMkgs\pgYU.exe
- %HOMEPATH%\gOEYMkgs\MgAe.exe
- %HOMEPATH%\gOEYMkgs\WAoC.exe
- %HOMEPATH%\gOEYMkgs\QUYi.exe
- %HOMEPATH%\gOEYMkgs\OUQm.exe
- %HOMEPATH%\gOEYMkgs\jksw.exe
- %HOMEPATH%\gOEYMkgs\XIEe.exe
- %HOMEPATH%\gOEYMkgs\HEcY.exe
- %HOMEPATH%\gOEYMkgs\hUgI.exe
- %HOMEPATH%\gOEYMkgs\DMUW.exe
- %HOMEPATH%\gOEYMkgs\TYAq.exe
- %HOMEPATH%\gOEYMkgs\nwMk.exe
- %HOMEPATH%\gOEYMkgs\lEMm.exe
- %HOMEPATH%\gOEYMkgs\GIsS.exe
- %HOMEPATH%\gOEYMkgs\XAwm.exe
- %HOMEPATH%\gOEYMkgs\oEIc.exe
- %HOMEPATH%\gOEYMkgs\iMwY.exe
- %HOMEPATH%\gOEYMkgs\UEYW.exe
- %HOMEPATH%\gOEYMkgs\GYQS.exe
- %HOMEPATH%\gOEYMkgs\LEAS.exe
- %HOMEPATH%\gOEYMkgs\MoYq.exe
- %HOMEPATH%\gOEYMkgs\ckMA.exe
- %HOMEPATH%\gOEYMkgs\QIAm.exe
- %HOMEPATH%\gOEYMkgs\gocU.exe
- %HOMEPATH%\gOEYMkgs\QAAQ.exe
- %HOMEPATH%\gOEYMkgs\CoQA.exe
- %HOMEPATH%\gOEYMkgs\bcwU.exe
- %HOMEPATH%\gOEYMkgs\nosa.exe
- %HOMEPATH%\gOEYMkgs\jUYY.exe
- %HOMEPATH%\gOEYMkgs\jEAa.exe
- %HOMEPATH%\gOEYMkgs\Qokm.exe
- %HOMEPATH%\gOEYMkgs\GUwq.exe
- %HOMEPATH%\gOEYMkgs\gIMA.exe
- %HOMEPATH%\gOEYMkgs\PQoK.exe
- %HOMEPATH%\gOEYMkgs\Ysom.exe
- %HOMEPATH%\gOEYMkgs\ncEg.exe
- %HOMEPATH%\gOEYMkgs\hsMs.exe
- %HOMEPATH%\gOEYMkgs\Igss.exe
- %HOMEPATH%\gOEYMkgs\ygYG.exe
- %HOMEPATH%\gOEYMkgs\HMoC.exe
- %HOMEPATH%\gOEYMkgs\zYUO.exe
- %HOMEPATH%\gOEYMkgs\NEgu.exe
- %HOMEPATH%\gOEYMkgs\qQsG.exe
- %HOMEPATH%\gOEYMkgs\HUAM.exe
- %HOMEPATH%\gOEYMkgs\AsYq.exe
- %HOMEPATH%\gOEYMkgs\FYcG.exe
- %HOMEPATH%\gOEYMkgs\FYQO.exe
- %HOMEPATH%\gOEYMkgs\DEgi.exe
- %HOMEPATH%\gOEYMkgs\NwQo.exe
- %HOMEPATH%\gOEYMkgs\MEIC.exe
- %HOMEPATH%\gOEYMkgs\ZgsS.exe
- %HOMEPATH%\gOEYMkgs\oEcu.exe
- %TEMP%\gQsMIUUs.bat
- %HOMEPATH%\gOEYMkgs\ackW.exe
- %HOMEPATH%\gOEYMkgs\CscU.exe
- %HOMEPATH%\gOEYMkgs\McAu.exe
- %HOMEPATH%\gOEYMkgs\aMMY.exe
- %HOMEPATH%\gOEYMkgs\ywAM.exe
- %HOMEPATH%\gOEYMkgs\IIgm.exe
- %HOMEPATH%\gOEYMkgs\HUkM.exe
- %HOMEPATH%\gOEYMkgs\ZYoS.exe
- %HOMEPATH%\gOEYMkgs\dAsw.exe
- %HOMEPATH%\gOEYMkgs\CoIm.exe
- %HOMEPATH%\gOEYMkgs\nAga.exe
- %HOMEPATH%\gOEYMkgs\Foou.exe
- %HOMEPATH%\gOEYMkgs\ZYgI.exe
- %HOMEPATH%\gOEYMkgs\EgUG.exe
- %HOMEPATH%\gOEYMkgs\TYgg.exe
- %HOMEPATH%\gOEYMkgs\iMwu.exe
- %HOMEPATH%\gOEYMkgs\oAco.exe
- %HOMEPATH%\gOEYMkgs\qUok.exe
- %HOMEPATH%\gOEYMkgs\PsUg.exe
- %HOMEPATH%\gOEYMkgs\TEwQ.exe
- %HOMEPATH%\gOEYMkgs\hkoE.exe
- %HOMEPATH%\gOEYMkgs\GcsI.exe
- %HOMEPATH%\gOEYMkgs\Xcoa.exe
- %HOMEPATH%\gOEYMkgs\EQgU.exe
- %HOMEPATH%\gOEYMkgs\GkYu.exe
- %HOMEPATH%\gOEYMkgs\ycsS.exe
- %HOMEPATH%\gOEYMkgs\vsoU.exe
- %HOMEPATH%\gOEYMkgs\KgwO.exe
- %HOMEPATH%\gOEYMkgs\VYQQ.exe
- %HOMEPATH%\gOEYMkgs\zMkO.exe
- %HOMEPATH%\gOEYMkgs\pkEm.exe
- %HOMEPATH%\gOEYMkgs\XIwi.exe
- %HOMEPATH%\gOEYMkgs\VwEG.exe
- %HOMEPATH%\gOEYMkgs\dUkI.exe
- %HOMEPATH%\gOEYMkgs\SoQG.exe
- %HOMEPATH%\gOEYMkgs\PsME.exe
- %HOMEPATH%\gOEYMkgs\fwAs.exe
- %HOMEPATH%\gOEYMkgs\PYUG.exe
- %HOMEPATH%\gOEYMkgs\kMgk.exe
- %HOMEPATH%\gOEYMkgs\HAYO.exe
- %HOMEPATH%\gOEYMkgs\zMMA.exe
- %HOMEPATH%\gOEYMkgs\PcAE.exe
- %HOMEPATH%\gOEYMkgs\joMe.exe
- %HOMEPATH%\gOEYMkgs\YYkq.exe
- %HOMEPATH%\gOEYMkgs\UUYU.exe
- %HOMEPATH%\gOEYMkgs\HgQq.exe
- %HOMEPATH%\gOEYMkgs\HsMY.exe
- %HOMEPATH%\gOEYMkgs\YwQO.exe
- %HOMEPATH%\gOEYMkgs\nsUs.exe
- %HOMEPATH%\gOEYMkgs\UoQM.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: '' WindowName: 'lacMcYws.exe'