Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\gwcm.exe
- %HOMEPATH%\gOEYMkgs\kkkK.exe
- %HOMEPATH%\gOEYMkgs\ggIa.exe
- %HOMEPATH%\gOEYMkgs\vsYk.exe
- %HOMEPATH%\gOEYMkgs\RAIW.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\VAog.exe
- %HOMEPATH%\gOEYMkgs\MUsi.exe
- %HOMEPATH%\gOEYMkgs\mMYe.exe
- %HOMEPATH%\gOEYMkgs\MAcK.exe
- %HOMEPATH%\gOEYMkgs\jYoM.exe
- %HOMEPATH%\gOEYMkgs\BAIM.exe
- %HOMEPATH%\gOEYMkgs\QIse.exe
- %HOMEPATH%\gOEYMkgs\WkYy.exe
- %HOMEPATH%\gOEYMkgs\hcoa.exe
- %HOMEPATH%\gOEYMkgs\roEa.exe
- %HOMEPATH%\gOEYMkgs\yIQw.exe
- %HOMEPATH%\gOEYMkgs\WEIU.exe
- %HOMEPATH%\gOEYMkgs\HQcy.exe
- %HOMEPATH%\gOEYMkgs\jUYY.exe
- %HOMEPATH%\gOEYMkgs\bogS.exe
- %HOMEPATH%\gOEYMkgs\WQcm.exe
- %HOMEPATH%\gOEYMkgs\FUki.exe
- %HOMEPATH%\gOEYMkgs\JgkW.exe
- %HOMEPATH%\gOEYMkgs\CsQu.exe
- %HOMEPATH%\gOEYMkgs\posA.exe
- %HOMEPATH%\gOEYMkgs\cggU.exe
- %HOMEPATH%\gOEYMkgs\JoEu.exe
- %HOMEPATH%\gOEYMkgs\ugQo.exe
- %HOMEPATH%\gOEYMkgs\Tkkg.exe
- %HOMEPATH%\gOEYMkgs\IwMw.exe
- %HOMEPATH%\gOEYMkgs\LQgS.exe
- %HOMEPATH%\gOEYMkgs\KoYA.exe
- %HOMEPATH%\gOEYMkgs\dEII.exe
- %HOMEPATH%\gOEYMkgs\YcwI.exe
- %HOMEPATH%\gOEYMkgs\ZEUu.exe
- %HOMEPATH%\gOEYMkgs\aQQy.exe
- %HOMEPATH%\gOEYMkgs\tUAM.exe
- %HOMEPATH%\gOEYMkgs\IkYE.exe
- %HOMEPATH%\gOEYMkgs\owsC.exe
- %HOMEPATH%\gOEYMkgs\uAki.exe
- %HOMEPATH%\gOEYMkgs\dsQa.exe
- %HOMEPATH%\gOEYMkgs\rkII.exe
- %HOMEPATH%\gOEYMkgs\qYoi.exe
- %HOMEPATH%\gOEYMkgs\dYcm.exe
- %HOMEPATH%\gOEYMkgs\GIEg.exe
- %HOMEPATH%\gOEYMkgs\fIcK.exe
- %HOMEPATH%\gOEYMkgs\ZUwO.exe
- %HOMEPATH%\gOEYMkgs\MUMM.exe
- %HOMEPATH%\gOEYMkgs\rogi.exe
- %HOMEPATH%\gOEYMkgs\moQc.exe
- %HOMEPATH%\gOEYMkgs\eQgm.exe
- %HOMEPATH%\gOEYMkgs\bssc.exe
- %HOMEPATH%\gOEYMkgs\hIYY.exe
- %HOMEPATH%\gOEYMkgs\dcgI.exe
- %HOMEPATH%\gOEYMkgs\VIEi.exe
- %HOMEPATH%\gOEYMkgs\gEke.exe
- %HOMEPATH%\gOEYMkgs\aAsu.exe
- %HOMEPATH%\gOEYMkgs\wsQk.exe
- %HOMEPATH%\gOEYMkgs\UgUc.exe
- %HOMEPATH%\gOEYMkgs\BEse.exe
- %HOMEPATH%\gOEYMkgs\wIoi.exe
- %HOMEPATH%\gOEYMkgs\YEQI.exe
- %HOMEPATH%\gOEYMkgs\ZoEq.exe
- %HOMEPATH%\gOEYMkgs\KMcs.exe
- %HOMEPATH%\gOEYMkgs\WAAm.exe
- %HOMEPATH%\gOEYMkgs\eMkM.exe
- %HOMEPATH%\gOEYMkgs\CoAq.exe
- %HOMEPATH%\gOEYMkgs\NgoO.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %HOMEPATH%\gOEYMkgs\VswE.exe
- %HOMEPATH%\gOEYMkgs\VUgQ.exe
- %HOMEPATH%\gOEYMkgs\MwAq.exe
- %HOMEPATH%\gOEYMkgs\NsUe.exe
- %HOMEPATH%\gOEYMkgs\UgoS.exe
- %HOMEPATH%\gOEYMkgs\nsss.exe
- %HOMEPATH%\gOEYMkgs\Dogc.exe
- %HOMEPATH%\gOEYMkgs\akYS.exe
- %HOMEPATH%\gOEYMkgs\pYoK.exe
- %HOMEPATH%\gOEYMkgs\YUgA.exe
- %HOMEPATH%\gOEYMkgs\nswo.exe
- %HOMEPATH%\gOEYMkgs\aowS.exe
- %HOMEPATH%\gOEYMkgs\Nocu.exe
- %HOMEPATH%\gOEYMkgs\ZQko.exe
- %HOMEPATH%\gOEYMkgs\jQwm.exe
- %HOMEPATH%\gOEYMkgs\skka.exe
- %HOMEPATH%\gOEYMkgs\DEkM.exe
- %HOMEPATH%\gOEYMkgs\VwMe.exe
- %HOMEPATH%\gOEYMkgs\MYAK.exe
- %HOMEPATH%\gOEYMkgs\hcUU.exe
- %HOMEPATH%\gOEYMkgs\tAgg.exe
- %HOMEPATH%\gOEYMkgs\hsYm.exe
- %HOMEPATH%\gOEYMkgs\RcUC.exe
- %HOMEPATH%\gOEYMkgs\YMAa.exe
- %HOMEPATH%\gOEYMkgs\UEwk.exe
- %HOMEPATH%\gOEYMkgs\IQsK.exe
- %HOMEPATH%\gOEYMkgs\FcYe.exe
- %HOMEPATH%\gOEYMkgs\jowO.exe
- %HOMEPATH%\gOEYMkgs\ZcMq.exe
- %HOMEPATH%\gOEYMkgs\PYIy.exe
- %HOMEPATH%\gOEYMkgs\KQwQ.exe
- %HOMEPATH%\gOEYMkgs\xkoE.exe
- %HOMEPATH%\gOEYMkgs\CYoM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\MEIE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\kAIm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\CIsU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\pYEM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\doIq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\MgYI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\XYcc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\tUUE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\IUgK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\LkEc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\cEYS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\XswW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\qMMi.exe
- %TEMP%\WER0c02.dir00\manifest.txt
- %TEMP%\WER0c02.dir00\appcompat.txt
- %TEMP%\WER0c02.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERcaa3.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\caQc.txt
- <Current directory>\<File name>
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER0c02.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\uUIK.exe
- %HOMEPATH%\gOEYMkgs\AUgW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\xoQO.exe
- %TEMP%\WERcaa3.dir00\manifest.txt
- %TEMP%\WERcaa3.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\HAEA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %TEMP%\WERcaa3.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\ewAa.exe
- %HOMEPATH%\gOEYMkgs\LYYs.exe
- %HOMEPATH%\gOEYMkgs\mAAm.exe
- %HOMEPATH%\gOEYMkgs\EAAC.exe
- %HOMEPATH%\gOEYMkgs\sosa.exe
- %HOMEPATH%\gOEYMkgs\dAAk.exe
- %HOMEPATH%\gOEYMkgs\Oswg.exe
- %HOMEPATH%\gOEYMkgs\RAEC.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\Jskm.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\EAgw.exe
- %HOMEPATH%\gOEYMkgs\zMgM.exe
- %HOMEPATH%\gOEYMkgs\SEYo.exe
- %HOMEPATH%\gOEYMkgs\zYQK.exe
- %TEMP%\WER2637.dir00\manifest.txt
- %TEMP%\WER2637.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\YYUW.exe
- %HOMEPATH%\gOEYMkgs\Cksy.exe
- %HOMEPATH%\gOEYMkgs\jwIE.exe
- %HOMEPATH%\gOEYMkgs\xEME.exe
- %HOMEPATH%\gOEYMkgs\gAss.exe
- %HOMEPATH%\gOEYMkgs\hEcM.exe
- %TEMP%\WER2637.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\doww.exe
- %TEMP%\WER2637.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\EIIE.exe
- %HOMEPATH%\gOEYMkgs\cYQM.exe
- %HOMEPATH%\gOEYMkgs\Rwsu.exe
- %TEMP%\WERad0f.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\JkMe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\LMgG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\wUkK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\TIIO.exe
- %HOMEPATH%\gOEYMkgs\CwEe.exe
- %HOMEPATH%\gOEYMkgs\xwQm.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\JMkq.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\qYEG.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %TEMP%\WERad0f.dir00\appcompat.txt
- %TEMP%\WERad0f.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\LsUw.exe
- %TEMP%\WERad0f.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\DEkM.exe
- %HOMEPATH%\gOEYMkgs\eQgm.exe
- %HOMEPATH%\gOEYMkgs\jQwm.exe
- %HOMEPATH%\gOEYMkgs\skka.exe
- %HOMEPATH%\gOEYMkgs\yIQw.exe
- %HOMEPATH%\gOEYMkgs\WkYy.exe
- %HOMEPATH%\gOEYMkgs\hcoa.exe
- %HOMEPATH%\gOEYMkgs\WEIU.exe
- %HOMEPATH%\gOEYMkgs\HQcy.exe
- %HOMEPATH%\gOEYMkgs\ZQko.exe
- %HOMEPATH%\gOEYMkgs\pYoK.exe
- %HOMEPATH%\gOEYMkgs\aowS.exe
- %HOMEPATH%\gOEYMkgs\Nocu.exe
- %HOMEPATH%\gOEYMkgs\YUgA.exe
- %HOMEPATH%\gOEYMkgs\MYAK.exe
- %HOMEPATH%\gOEYMkgs\hcUU.exe
- %HOMEPATH%\gOEYMkgs\nswo.exe
- %HOMEPATH%\gOEYMkgs\VwMe.exe
- %HOMEPATH%\gOEYMkgs\roEa.exe
- %HOMEPATH%\gOEYMkgs\ggIa.exe
- %HOMEPATH%\gOEYMkgs\MAcK.exe
- %HOMEPATH%\gOEYMkgs\gwcm.exe
- %HOMEPATH%\gOEYMkgs\kkkK.exe
- %HOMEPATH%\gOEYMkgs\jYoM.exe
- %HOMEPATH%\gOEYMkgs\MUsi.exe
- %HOMEPATH%\gOEYMkgs\mMYe.exe
- %HOMEPATH%\gOEYMkgs\BAIM.exe
- %HOMEPATH%\gOEYMkgs\VAog.exe
- %HOMEPATH%\gOEYMkgs\CsQu.exe
- %HOMEPATH%\gOEYMkgs\jUYY.exe
- %HOMEPATH%\gOEYMkgs\FUki.exe
- %HOMEPATH%\gOEYMkgs\JgkW.exe
- %HOMEPATH%\gOEYMkgs\bogS.exe
- %HOMEPATH%\gOEYMkgs\vsYk.exe
- %HOMEPATH%\gOEYMkgs\RAIW.exe
- %HOMEPATH%\gOEYMkgs\WQcm.exe
- %HOMEPATH%\gOEYMkgs\QIse.exe
- %HOMEPATH%\gOEYMkgs\tAgg.exe
- %HOMEPATH%\gOEYMkgs\KMcs.exe
- %HOMEPATH%\gOEYMkgs\VIEi.exe
- %HOMEPATH%\gOEYMkgs\MwAq.exe
- %HOMEPATH%\gOEYMkgs\NsUe.exe
- %HOMEPATH%\gOEYMkgs\gEke.exe
- %HOMEPATH%\gOEYMkgs\hIYY.exe
- %HOMEPATH%\gOEYMkgs\dcgI.exe
- %HOMEPATH%\gOEYMkgs\aAsu.exe
- %HOMEPATH%\gOEYMkgs\bssc.exe
- %HOMEPATH%\gOEYMkgs\WAAm.exe
- %HOMEPATH%\gOEYMkgs\eMkM.exe
- %HOMEPATH%\gOEYMkgs\NgoO.exe
- %HOMEPATH%\gOEYMkgs\VswE.exe
- %HOMEPATH%\gOEYMkgs\CoAq.exe
- %HOMEPATH%\gOEYMkgs\Dogc.exe
- %HOMEPATH%\gOEYMkgs\VUgQ.exe
- %HOMEPATH%\gOEYMkgs\UgoS.exe
- %HOMEPATH%\gOEYMkgs\nsss.exe
- %HOMEPATH%\gOEYMkgs\wIoi.exe
- %HOMEPATH%\gOEYMkgs\YMAa.exe
- %HOMEPATH%\gOEYMkgs\KQwQ.exe
- %HOMEPATH%\gOEYMkgs\hsYm.exe
- %HOMEPATH%\gOEYMkgs\RcUC.exe
- %HOMEPATH%\gOEYMkgs\xkoE.exe
- %HOMEPATH%\gOEYMkgs\ZcMq.exe
- %HOMEPATH%\gOEYMkgs\PYIy.exe
- %HOMEPATH%\gOEYMkgs\CYoM.exe
- %HOMEPATH%\gOEYMkgs\jowO.exe
- %HOMEPATH%\gOEYMkgs\wsQk.exe
- %HOMEPATH%\gOEYMkgs\UgUc.exe
- %HOMEPATH%\gOEYMkgs\YEQI.exe
- %HOMEPATH%\gOEYMkgs\ZoEq.exe
- %HOMEPATH%\gOEYMkgs\BEse.exe
- %HOMEPATH%\gOEYMkgs\IQsK.exe
- %HOMEPATH%\gOEYMkgs\FcYe.exe
- %HOMEPATH%\gOEYMkgs\akYS.exe
- %HOMEPATH%\gOEYMkgs\UEwk.exe
- %HOMEPATH%\gOEYMkgs\posA.exe
- %HOMEPATH%\gOEYMkgs\CwEe.exe
- %HOMEPATH%\gOEYMkgs\JkMe.exe
- %HOMEPATH%\gOEYMkgs\JMkq.exe
- %HOMEPATH%\gOEYMkgs\LsUw.exe
- %HOMEPATH%\gOEYMkgs\Rwsu.exe
- %HOMEPATH%\gOEYMkgs\LMgG.exe
- %HOMEPATH%\gOEYMkgs\LYYs.exe
- %HOMEPATH%\gOEYMkgs\wUkK.exe
- %HOMEPATH%\gOEYMkgs\TIIO.exe
- %HOMEPATH%\gOEYMkgs\EAgw.exe
- %HOMEPATH%\gOEYMkgs\zMgM.exe
- %HOMEPATH%\gOEYMkgs\EAAC.exe
- %HOMEPATH%\gOEYMkgs\sosa.exe
- %HOMEPATH%\gOEYMkgs\SEYo.exe
- %HOMEPATH%\gOEYMkgs\qYEG.exe
- %HOMEPATH%\gOEYMkgs\xwQm.exe
- %HOMEPATH%\gOEYMkgs\Jskm.exe
- %HOMEPATH%\gOEYMkgs\cYQM.exe
- %HOMEPATH%\gOEYMkgs\IUgK.exe
- %HOMEPATH%\gOEYMkgs\qMMi.exe
- %HOMEPATH%\gOEYMkgs\AUgW.exe
- %HOMEPATH%\gOEYMkgs\MgYI.exe
- %HOMEPATH%\gOEYMkgs\pYEM.exe
- %HOMEPATH%\gOEYMkgs\xoQO.exe
- %HOMEPATH%\gOEYMkgs\uUIK.exe
- %TEMP%\EgkoYwcA.bat
- %HOMEPATH%\gOEYMkgs\ewAa.exe
- %HOMEPATH%\gOEYMkgs\HAEA.exe
- %HOMEPATH%\gOEYMkgs\XswW.exe
- %HOMEPATH%\gOEYMkgs\LkEc.exe
- %HOMEPATH%\gOEYMkgs\XYcc.exe
- %HOMEPATH%\gOEYMkgs\tUUE.exe
- %HOMEPATH%\gOEYMkgs\cEYS.exe
- %HOMEPATH%\gOEYMkgs\MEIE.exe
- %HOMEPATH%\gOEYMkgs\doIq.exe
- %HOMEPATH%\gOEYMkgs\kAIm.exe
- %HOMEPATH%\gOEYMkgs\CIsU.exe
- %HOMEPATH%\gOEYMkgs\mAAm.exe
- %HOMEPATH%\gOEYMkgs\ZUwO.exe
- %HOMEPATH%\gOEYMkgs\IkYE.exe
- %HOMEPATH%\gOEYMkgs\GIEg.exe
- %HOMEPATH%\gOEYMkgs\fIcK.exe
- %HOMEPATH%\gOEYMkgs\Tkkg.exe
- %HOMEPATH%\gOEYMkgs\cggU.exe
- %HOMEPATH%\gOEYMkgs\JoEu.exe
- %HOMEPATH%\gOEYMkgs\IwMw.exe
- %HOMEPATH%\gOEYMkgs\LQgS.exe
- %HOMEPATH%\gOEYMkgs\dYcm.exe
- %HOMEPATH%\gOEYMkgs\owsC.exe
- %HOMEPATH%\gOEYMkgs\rkII.exe
- %HOMEPATH%\gOEYMkgs\qYoi.exe
- %HOMEPATH%\gOEYMkgs\uAki.exe
- %HOMEPATH%\gOEYMkgs\rogi.exe
- %HOMEPATH%\gOEYMkgs\moQc.exe
- %HOMEPATH%\gOEYMkgs\dsQa.exe
- %HOMEPATH%\gOEYMkgs\MUMM.exe
- %HOMEPATH%\gOEYMkgs\ugQo.exe
- %HOMEPATH%\gOEYMkgs\EIIE.exe
- %HOMEPATH%\gOEYMkgs\gAss.exe
- %HOMEPATH%\gOEYMkgs\YYUW.exe
- %HOMEPATH%\gOEYMkgs\doww.exe
- %HOMEPATH%\gOEYMkgs\hEcM.exe
- %HOMEPATH%\gOEYMkgs\Oswg.exe
- %HOMEPATH%\gOEYMkgs\RAEC.exe
- %HOMEPATH%\gOEYMkgs\zYQK.exe
- %HOMEPATH%\gOEYMkgs\dAAk.exe
- %HOMEPATH%\gOEYMkgs\tUAM.exe
- %HOMEPATH%\gOEYMkgs\KoYA.exe
- %HOMEPATH%\gOEYMkgs\ZEUu.exe
- %HOMEPATH%\gOEYMkgs\aQQy.exe
- %HOMEPATH%\gOEYMkgs\dEII.exe
- %HOMEPATH%\gOEYMkgs\jwIE.exe
- %HOMEPATH%\gOEYMkgs\xEME.exe
- %HOMEPATH%\gOEYMkgs\YcwI.exe
- %HOMEPATH%\gOEYMkgs\Cksy.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'