Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\KskA.exe
- %TEMP%\WER472f.dir00\manifest.txt
- %TEMP%\WER472f.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\OMco.exe
- %HOMEPATH%\gOEYMkgs\CgAY.exe
- %HOMEPATH%\gOEYMkgs\dUQG.exe
- %HOMEPATH%\gOEYMkgs\kgAo.exe
- %TEMP%\WER472f.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\kcQQ.exe
- %HOMEPATH%\gOEYMkgs\ZAYK.exe
- %HOMEPATH%\gOEYMkgs\iYcK.exe
- %TEMP%\WER472f.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\tQsE.exe
- %HOMEPATH%\gOEYMkgs\LcMi.exe
- %HOMEPATH%\gOEYMkgs\sEUE.exe
- %HOMEPATH%\gOEYMkgs\ksEi.exe
- %HOMEPATH%\gOEYMkgs\nYgU.exe
- %HOMEPATH%\gOEYMkgs\zscO.exe
- %HOMEPATH%\gOEYMkgs\kIEc.exe
- %HOMEPATH%\gOEYMkgs\oEsi.exe
- %HOMEPATH%\gOEYMkgs\cgUO.exe
- %HOMEPATH%\gOEYMkgs\vEka.exe
- %HOMEPATH%\gOEYMkgs\IAAs.exe
- %HOMEPATH%\gOEYMkgs\JIUK.exe
- %HOMEPATH%\gOEYMkgs\JUoS.exe
- %HOMEPATH%\gOEYMkgs\eEoa.exe
- %TEMP%\WERcb07.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\OoYe.exe
- %HOMEPATH%\gOEYMkgs\MYMi.exe
- %HOMEPATH%\gOEYMkgs\KUAo.exe
- %HOMEPATH%\gOEYMkgs\PYIS.exe
- %TEMP%\WERcb07.dir00\manifest.txt
- %TEMP%\WERcb07.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERcb07.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\gsIM.exe
- %HOMEPATH%\gOEYMkgs\AwQE.exe
- %HOMEPATH%\gOEYMkgs\FYkK.exe
- %HOMEPATH%\gOEYMkgs\zYQA.exe
- %HOMEPATH%\gOEYMkgs\Aoki.exe
- %HOMEPATH%\gOEYMkgs\pYUC.exe
- %HOMEPATH%\gOEYMkgs\YEAS.exe
- %HOMEPATH%\gOEYMkgs\ZAkW.exe
- %HOMEPATH%\gOEYMkgs\QcYA.exe
- %HOMEPATH%\gOEYMkgs\ugcy.exe
- %HOMEPATH%\gOEYMkgs\EgUk.exe
- %HOMEPATH%\gOEYMkgs\pscA.exe
- %HOMEPATH%\gOEYMkgs\aMsw.exe
- %HOMEPATH%\gOEYMkgs\uccO.exe
- %HOMEPATH%\gOEYMkgs\XkYq.exe
- %HOMEPATH%\gOEYMkgs\Wkgm.exe
- %HOMEPATH%\gOEYMkgs\oAgo.exe
- %HOMEPATH%\gOEYMkgs\McQQ.exe
- %HOMEPATH%\gOEYMkgs\BgsC.exe
- %HOMEPATH%\gOEYMkgs\XIAQ.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %HOMEPATH%\gOEYMkgs\coci.exe
- %HOMEPATH%\gOEYMkgs\ocQy.exe
- %HOMEPATH%\gOEYMkgs\ccsI.exe
- %HOMEPATH%\gOEYMkgs\loEI.exe
- %HOMEPATH%\gOEYMkgs\oggG.exe
- %HOMEPATH%\gOEYMkgs\ukkY.exe
- %HOMEPATH%\gOEYMkgs\VIsm.exe
- %HOMEPATH%\gOEYMkgs\EsEO.exe
- %HOMEPATH%\gOEYMkgs\CMAS.exe
- %HOMEPATH%\gOEYMkgs\UEgI.exe
- %HOMEPATH%\gOEYMkgs\sUIW.exe
- %HOMEPATH%\gOEYMkgs\iAAE.exe
- %HOMEPATH%\gOEYMkgs\rAoo.exe
- %HOMEPATH%\gOEYMkgs\xUsM.exe
- %HOMEPATH%\gOEYMkgs\Gkwm.exe
- %HOMEPATH%\gOEYMkgs\hQYc.exe
- %HOMEPATH%\gOEYMkgs\ocEW.exe
- %HOMEPATH%\gOEYMkgs\qYUw.exe
- %HOMEPATH%\gOEYMkgs\FIUg.exe
- %HOMEPATH%\gOEYMkgs\ksUK.exe
- %HOMEPATH%\gOEYMkgs\NEgS.exe
- %HOMEPATH%\gOEYMkgs\igIG.exe
- %HOMEPATH%\gOEYMkgs\lcIm.exe
- %HOMEPATH%\gOEYMkgs\EwMg.exe
- %HOMEPATH%\gOEYMkgs\IMkQ.exe
- %HOMEPATH%\gOEYMkgs\goEY.exe
- %HOMEPATH%\gOEYMkgs\cEsM.exe
- %HOMEPATH%\gOEYMkgs\PQoy.exe
- %HOMEPATH%\gOEYMkgs\dYIG.exe
- %HOMEPATH%\gOEYMkgs\zEAU.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\XYUw.exe
- %HOMEPATH%\gOEYMkgs\IwcS.exe
- %HOMEPATH%\gOEYMkgs\mcUo.exe
- %HOMEPATH%\gOEYMkgs\NgIE.exe
- %HOMEPATH%\gOEYMkgs\jcEW.exe
- %HOMEPATH%\gOEYMkgs\qMoy.exe
- %HOMEPATH%\gOEYMkgs\xIQk.exe
- %HOMEPATH%\gOEYMkgs\fMEs.exe
- %HOMEPATH%\gOEYMkgs\EwYw.exe
- %HOMEPATH%\gOEYMkgs\ZcoM.exe
- %HOMEPATH%\gOEYMkgs\UkYs.exe
- %HOMEPATH%\gOEYMkgs\XoQm.exe
- %HOMEPATH%\gOEYMkgs\BwMg.exe
- %HOMEPATH%\gOEYMkgs\OsgK.exe
- %HOMEPATH%\gOEYMkgs\TkYY.exe
- %HOMEPATH%\gOEYMkgs\TYYq.exe
- %HOMEPATH%\gOEYMkgs\eUwG.exe
- %HOMEPATH%\gOEYMkgs\YAUU.exe
- %HOMEPATH%\gOEYMkgs\QQQY.exe
- %TEMP%\WERecf1.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\VIEm.exe
- %HOMEPATH%\gOEYMkgs\DUoc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\AkAE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\Escw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\lcEo.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\fIQU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\lgEY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %TEMP%\WERecf1.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\ooEm.exe
- %TEMP%\WERecf1.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\iIck.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\OogQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %TEMP%\WERecf1.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\MMYA.exe
- %TEMP%\WER6a9c.dir00\manifest.txt
- %TEMP%\WER6a9c.dir00\appcompat.txt
- %TEMP%\WER6a9c.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\wwUk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\iQoO.exe
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER6a9c.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\Hcku.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\HYYU.exe
- %HOMEPATH%\gOEYMkgs\LQsi.exe
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\gIcM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\Egka.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\Tkcq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\gAsM.exe
- %HOMEPATH%\gOEYMkgs\mUok.exe
- %HOMEPATH%\gOEYMkgs\qwsM.exe
- %HOMEPATH%\gOEYMkgs\EQgY.exe
- %HOMEPATH%\gOEYMkgs\dIIE.exe
- %HOMEPATH%\gOEYMkgs\Qkgw.exe
- %HOMEPATH%\gOEYMkgs\Jkow.exe
- %TEMP%\WER5d98.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\wUEq.exe
- %HOMEPATH%\gOEYMkgs\oQsM.exe
- %HOMEPATH%\gOEYMkgs\oYwm.exe
- %HOMEPATH%\gOEYMkgs\lIME.exe
- %TEMP%\WER5d98.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\RQUw.exe
- %HOMEPATH%\gOEYMkgs\Bgcy.exe
- %HOMEPATH%\gOEYMkgs\ccAa.exe
- %HOMEPATH%\gOEYMkgs\VAgc.exe
- %HOMEPATH%\gOEYMkgs\eEwE.exe
- %HOMEPATH%\gOEYMkgs\MAcg.exe
- %HOMEPATH%\gOEYMkgs\BooE.exe
- %HOMEPATH%\gOEYMkgs\JMoO.exe
- %HOMEPATH%\gOEYMkgs\XUUa.exe
- %HOMEPATH%\gOEYMkgs\ukYy.exe
- %HOMEPATH%\gOEYMkgs\PkIm.exe
- %HOMEPATH%\gOEYMkgs\egMQ.exe
- %HOMEPATH%\gOEYMkgs\HAsm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\QQkO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\esMC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\JwIe.exe
- %HOMEPATH%\gOEYMkgs\YMAG.exe
- %HOMEPATH%\gOEYMkgs\XgoE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\usoe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\pUss.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %TEMP%\WER5d98.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\EYgC.exe
- %TEMP%\WER5d98.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\zYEA.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\bYAK.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\cIsc.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\dYAe.exe
- %HOMEPATH%\gOEYMkgs\mcUo.exe
- %HOMEPATH%\gOEYMkgs\BgsC.exe
- %HOMEPATH%\gOEYMkgs\XYUw.exe
- %HOMEPATH%\gOEYMkgs\IwcS.exe
- %HOMEPATH%\gOEYMkgs\nYgU.exe
- %HOMEPATH%\gOEYMkgs\LcMi.exe
- %HOMEPATH%\gOEYMkgs\sEUE.exe
- %HOMEPATH%\gOEYMkgs\zscO.exe
- %HOMEPATH%\gOEYMkgs\kIEc.exe
- %HOMEPATH%\gOEYMkgs\zEAU.exe
- %HOMEPATH%\gOEYMkgs\IMkQ.exe
- %HOMEPATH%\gOEYMkgs\PQoy.exe
- %HOMEPATH%\gOEYMkgs\dYIG.exe
- %HOMEPATH%\gOEYMkgs\goEY.exe
- %HOMEPATH%\gOEYMkgs\jcEW.exe
- %HOMEPATH%\gOEYMkgs\qMoy.exe
- %HOMEPATH%\gOEYMkgs\cEsM.exe
- %HOMEPATH%\gOEYMkgs\NgIE.exe
- %HOMEPATH%\gOEYMkgs\ksEi.exe
- %HOMEPATH%\gOEYMkgs\kgAo.exe
- %HOMEPATH%\gOEYMkgs\iYcK.exe
- %HOMEPATH%\gOEYMkgs\dUQG.exe
- %HOMEPATH%\gOEYMkgs\KskA.exe
- %HOMEPATH%\gOEYMkgs\tQsE.exe
- %HOMEPATH%\gOEYMkgs\QcYA.exe
- %HOMEPATH%\gOEYMkgs\ugcy.exe
- %HOMEPATH%\gOEYMkgs\kcQQ.exe
- %HOMEPATH%\gOEYMkgs\ZAYK.exe
- %HOMEPATH%\gOEYMkgs\JUoS.exe
- %HOMEPATH%\gOEYMkgs\eEoa.exe
- %HOMEPATH%\gOEYMkgs\oEsi.exe
- %HOMEPATH%\gOEYMkgs\JIUK.exe
- %HOMEPATH%\gOEYMkgs\cgUO.exe
- %HOMEPATH%\gOEYMkgs\OMco.exe
- %HOMEPATH%\gOEYMkgs\CgAY.exe
- %HOMEPATH%\gOEYMkgs\vEka.exe
- %HOMEPATH%\gOEYMkgs\IAAs.exe
- %HOMEPATH%\gOEYMkgs\TYYq.exe
- %HOMEPATH%\gOEYMkgs\ksUK.exe
- %HOMEPATH%\gOEYMkgs\NEgS.exe
- %HOMEPATH%\gOEYMkgs\EwMg.exe
- %HOMEPATH%\gOEYMkgs\FIUg.exe
- %HOMEPATH%\gOEYMkgs\ocQy.exe
- %HOMEPATH%\gOEYMkgs\XIAQ.exe
- %HOMEPATH%\gOEYMkgs\coci.exe
- %HOMEPATH%\gOEYMkgs\ccsI.exe
- %HOMEPATH%\gOEYMkgs\loEI.exe
- %HOMEPATH%\gOEYMkgs\ocEW.exe
- %HOMEPATH%\gOEYMkgs\iAAE.exe
- %HOMEPATH%\gOEYMkgs\Gkwm.exe
- %HOMEPATH%\gOEYMkgs\hQYc.exe
- %HOMEPATH%\gOEYMkgs\rAoo.exe
- %HOMEPATH%\gOEYMkgs\igIG.exe
- %HOMEPATH%\gOEYMkgs\lcIm.exe
- %HOMEPATH%\gOEYMkgs\xUsM.exe
- %HOMEPATH%\gOEYMkgs\qYUw.exe
- %HOMEPATH%\gOEYMkgs\oggG.exe
- %HOMEPATH%\gOEYMkgs\EwYw.exe
- %HOMEPATH%\gOEYMkgs\BwMg.exe
- %HOMEPATH%\gOEYMkgs\xIQk.exe
- %HOMEPATH%\gOEYMkgs\fMEs.exe
- %HOMEPATH%\gOEYMkgs\eUwG.exe
- %HOMEPATH%\gOEYMkgs\OsgK.exe
- %HOMEPATH%\gOEYMkgs\TkYY.exe
- %HOMEPATH%\gOEYMkgs\YAUU.exe
- %HOMEPATH%\gOEYMkgs\QQQY.exe
- %HOMEPATH%\gOEYMkgs\sUIW.exe
- %HOMEPATH%\gOEYMkgs\ukkY.exe
- %HOMEPATH%\gOEYMkgs\CMAS.exe
- %HOMEPATH%\gOEYMkgs\UEgI.exe
- %HOMEPATH%\gOEYMkgs\VIsm.exe
- %HOMEPATH%\gOEYMkgs\UkYs.exe
- %HOMEPATH%\gOEYMkgs\XoQm.exe
- %HOMEPATH%\gOEYMkgs\EsEO.exe
- %HOMEPATH%\gOEYMkgs\ZcoM.exe
- %HOMEPATH%\gOEYMkgs\EgUk.exe
- %HOMEPATH%\gOEYMkgs\JwIe.exe
- %HOMEPATH%\gOEYMkgs\QQkO.exe
- %HOMEPATH%\gOEYMkgs\bYAK.exe
- %HOMEPATH%\gOEYMkgs\esMC.exe
- %HOMEPATH%\gOEYMkgs\YMAG.exe
- %HOMEPATH%\gOEYMkgs\usoe.exe
- %HOMEPATH%\gOEYMkgs\ooEm.exe
- %HOMEPATH%\gOEYMkgs\pUss.exe
- %HOMEPATH%\gOEYMkgs\XgoE.exe
- %HOMEPATH%\gOEYMkgs\lIME.exe
- %HOMEPATH%\gOEYMkgs\wUEq.exe
- %HOMEPATH%\gOEYMkgs\Jkow.exe
- %HOMEPATH%\gOEYMkgs\oYwm.exe
- %HOMEPATH%\gOEYMkgs\oQsM.exe
- %HOMEPATH%\gOEYMkgs\cIsc.exe
- %HOMEPATH%\gOEYMkgs\dYAe.exe
- %HOMEPATH%\gOEYMkgs\zYEA.exe
- %HOMEPATH%\gOEYMkgs\EYgC.exe
- %HOMEPATH%\gOEYMkgs\lgEY.exe
- %HOMEPATH%\gOEYMkgs\Hcku.exe
- %HOMEPATH%\gOEYMkgs\HYYU.exe
- %HOMEPATH%\gOEYMkgs\LQsi.exe
- %TEMP%\YKAoYcsE.bat
- %HOMEPATH%\gOEYMkgs\Egka.exe
- %HOMEPATH%\gOEYMkgs\wwUk.exe
- %HOMEPATH%\gOEYMkgs\iQoO.exe
- %HOMEPATH%\gOEYMkgs\Tkcq.exe
- %HOMEPATH%\gOEYMkgs\gIcM.exe
- %HOMEPATH%\gOEYMkgs\OogQ.exe
- %HOMEPATH%\gOEYMkgs\DUoc.exe
- %HOMEPATH%\gOEYMkgs\iIck.exe
- %HOMEPATH%\gOEYMkgs\MMYA.exe
- %HOMEPATH%\gOEYMkgs\AkAE.exe
- %HOMEPATH%\gOEYMkgs\fIQU.exe
- %HOMEPATH%\gOEYMkgs\Escw.exe
- %HOMEPATH%\gOEYMkgs\VIEm.exe
- %HOMEPATH%\gOEYMkgs\lcEo.exe
- %HOMEPATH%\gOEYMkgs\qwsM.exe
- %HOMEPATH%\gOEYMkgs\PYIS.exe
- %HOMEPATH%\gOEYMkgs\OoYe.exe
- %HOMEPATH%\gOEYMkgs\XkYq.exe
- %HOMEPATH%\gOEYMkgs\KUAo.exe
- %HOMEPATH%\gOEYMkgs\MYMi.exe
- %HOMEPATH%\gOEYMkgs\Aoki.exe
- %HOMEPATH%\gOEYMkgs\gsIM.exe
- %HOMEPATH%\gOEYMkgs\FYkK.exe
- %HOMEPATH%\gOEYMkgs\zYQA.exe
- %HOMEPATH%\gOEYMkgs\ZAkW.exe
- %HOMEPATH%\gOEYMkgs\pscA.exe
- %HOMEPATH%\gOEYMkgs\pYUC.exe
- %HOMEPATH%\gOEYMkgs\YEAS.exe
- %HOMEPATH%\gOEYMkgs\Wkgm.exe
- %HOMEPATH%\gOEYMkgs\aMsw.exe
- %HOMEPATH%\gOEYMkgs\uccO.exe
- %HOMEPATH%\gOEYMkgs\oAgo.exe
- %HOMEPATH%\gOEYMkgs\McQQ.exe
- %HOMEPATH%\gOEYMkgs\AwQE.exe
- %HOMEPATH%\gOEYMkgs\XUUa.exe
- %HOMEPATH%\gOEYMkgs\ukYy.exe
- %HOMEPATH%\gOEYMkgs\HAsm.exe
- %HOMEPATH%\gOEYMkgs\JMoO.exe
- %HOMEPATH%\gOEYMkgs\EQgY.exe
- %HOMEPATH%\gOEYMkgs\gAsM.exe
- %HOMEPATH%\gOEYMkgs\mUok.exe
- %HOMEPATH%\gOEYMkgs\dIIE.exe
- %HOMEPATH%\gOEYMkgs\Qkgw.exe
- %HOMEPATH%\gOEYMkgs\MAcg.exe
- %HOMEPATH%\gOEYMkgs\RQUw.exe
- %HOMEPATH%\gOEYMkgs\VAgc.exe
- %HOMEPATH%\gOEYMkgs\eEwE.exe
- %HOMEPATH%\gOEYMkgs\Bgcy.exe
- %HOMEPATH%\gOEYMkgs\PkIm.exe
- %HOMEPATH%\gOEYMkgs\egMQ.exe
- %HOMEPATH%\gOEYMkgs\ccAa.exe
- %HOMEPATH%\gOEYMkgs\BooE.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'