Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\GkkS.exe
- %HOMEPATH%\gOEYMkgs\YsMW.exe
- %HOMEPATH%\gOEYMkgs\IIkW.exe
- %HOMEPATH%\gOEYMkgs\igwU.exe
- %HOMEPATH%\gOEYMkgs\KYwK.exe
- %HOMEPATH%\gOEYMkgs\LMMW.exe
- %TEMP%\WER6f4e.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\sYMK.exe
- %TEMP%\WER6f4e.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\BUIy.exe
- %HOMEPATH%\gOEYMkgs\iMcy.exe
- %HOMEPATH%\gOEYMkgs\WkYo.exe
- %HOMEPATH%\gOEYMkgs\eMgs.exe
- %HOMEPATH%\gOEYMkgs\NIoM.exe
- %HOMEPATH%\gOEYMkgs\ygUS.exe
- %HOMEPATH%\gOEYMkgs\QUQy.exe
- %HOMEPATH%\gOEYMkgs\bAAc.exe
- %HOMEPATH%\gOEYMkgs\dAwq.exe
- %HOMEPATH%\gOEYMkgs\xckm.exe
- %HOMEPATH%\gOEYMkgs\TMMY.exe
- %HOMEPATH%\gOEYMkgs\SQcu.exe
- %HOMEPATH%\gOEYMkgs\kIQu.exe
- %HOMEPATH%\gOEYMkgs\LUAA.exe
- %HOMEPATH%\gOEYMkgs\pwAG.exe
- %HOMEPATH%\gOEYMkgs\ZcoY.exe
- %HOMEPATH%\gOEYMkgs\oYki.exe
- %HOMEPATH%\gOEYMkgs\HIQA.exe
- %HOMEPATH%\gOEYMkgs\ogwK.exe
- %HOMEPATH%\gOEYMkgs\WIUw.exe
- %HOMEPATH%\gOEYMkgs\rwQs.exe
- %HOMEPATH%\gOEYMkgs\UQko.exe
- %HOMEPATH%\gOEYMkgs\fEsm.exe
- %HOMEPATH%\gOEYMkgs\pIcU.exe
- %HOMEPATH%\gOEYMkgs\Dowk.exe
- %HOMEPATH%\gOEYMkgs\EMsO.exe
- %HOMEPATH%\gOEYMkgs\eYMg.exe
- %HOMEPATH%\gOEYMkgs\akUK.exe
- %HOMEPATH%\gOEYMkgs\rgkq.exe
- %HOMEPATH%\gOEYMkgs\voYM.exe
- %TEMP%\WER6f4e.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\IEQE.exe
- %HOMEPATH%\gOEYMkgs\Pswk.exe
- %HOMEPATH%\gOEYMkgs\ZIUA.exe
- %TEMP%\WER6f4e.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\WYEe.exe
- %HOMEPATH%\gOEYMkgs\xcEC.exe
- %HOMEPATH%\gOEYMkgs\hMgA.exe
- %HOMEPATH%\gOEYMkgs\gYYc.exe
- %HOMEPATH%\gOEYMkgs\lccm.exe
- %HOMEPATH%\gOEYMkgs\kcUe.exe
- %HOMEPATH%\gOEYMkgs\JYAW.exe
- %HOMEPATH%\gOEYMkgs\BkUw.exe
- %HOMEPATH%\gOEYMkgs\ywMy.exe
- %HOMEPATH%\gOEYMkgs\VIsm.exe
- %HOMEPATH%\gOEYMkgs\qEoW.exe
- %HOMEPATH%\gOEYMkgs\CkMY.exe
- %HOMEPATH%\gOEYMkgs\wwkg.exe
- %HOMEPATH%\gOEYMkgs\JkAQ.exe
- %HOMEPATH%\gOEYMkgs\iYsm.exe
- %HOMEPATH%\gOEYMkgs\jYsW.exe
- %HOMEPATH%\gOEYMkgs\oMQa.exe
- %HOMEPATH%\gOEYMkgs\yMEk.exe
- %HOMEPATH%\gOEYMkgs\agcM.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\IYUO.exe
- %HOMEPATH%\gOEYMkgs\Fksi.exe
- %HOMEPATH%\gOEYMkgs\SkUK.exe
- %HOMEPATH%\gOEYMkgs\YIUO.exe
- %HOMEPATH%\gOEYMkgs\zssk.exe
- %HOMEPATH%\gOEYMkgs\zAsw.exe
- %HOMEPATH%\gOEYMkgs\aUAQ.exe
- %HOMEPATH%\gOEYMkgs\LEIG.exe
- %HOMEPATH%\gOEYMkgs\nsAa.exe
- %HOMEPATH%\gOEYMkgs\UsIC.exe
- %HOMEPATH%\gOEYMkgs\sgoA.exe
- %HOMEPATH%\gOEYMkgs\gIYk.exe
- %HOMEPATH%\gOEYMkgs\uUIc.exe
- %HOMEPATH%\gOEYMkgs\eMEC.exe
- %HOMEPATH%\gOEYMkgs\nscE.exe
- %HOMEPATH%\gOEYMkgs\oowi.exe
- %HOMEPATH%\gOEYMkgs\vUsA.exe
- %HOMEPATH%\gOEYMkgs\ykMY.exe
- %HOMEPATH%\gOEYMkgs\IUQO.exe
- %HOMEPATH%\gOEYMkgs\HkIe.exe
- %HOMEPATH%\gOEYMkgs\GYkc.exe
- %HOMEPATH%\gOEYMkgs\oUwu.exe
- %HOMEPATH%\gOEYMkgs\eoUi.exe
- %HOMEPATH%\gOEYMkgs\nUsS.exe
- %HOMEPATH%\gOEYMkgs\jAgu.exe
- %HOMEPATH%\gOEYMkgs\UQsM.exe
- %HOMEPATH%\gOEYMkgs\AYgI.exe
- %HOMEPATH%\gOEYMkgs\XAUy.exe
- %HOMEPATH%\gOEYMkgs\GQYs.exe
- %HOMEPATH%\gOEYMkgs\bgwI.exe
- %HOMEPATH%\gOEYMkgs\tAkc.exe
- %HOMEPATH%\gOEYMkgs\lkMm.exe
- %HOMEPATH%\gOEYMkgs\sEUA.exe
- %HOMEPATH%\gOEYMkgs\cMsu.exe
- %HOMEPATH%\gOEYMkgs\ccsk.exe
- %HOMEPATH%\gOEYMkgs\cAYU.exe
- %HOMEPATH%\gOEYMkgs\ZswM.exe
- %HOMEPATH%\gOEYMkgs\aQgs.exe
- %HOMEPATH%\gOEYMkgs\yAka.exe
- %HOMEPATH%\gOEYMkgs\JMIU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\CUck.exe
- %HOMEPATH%\gOEYMkgs\XUMu.exe
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\Lwko.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\GUgI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\aUEe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\rYwC.exe
- %TEMP%\WER80f7.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\Dcws.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\cIoe.exe
- %HOMEPATH%\gOEYMkgs\GIks.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\GkoA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\RUAi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %TEMP%\WER0e16.dir00\appcompat.txt
- %TEMP%\WER0e16.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\PMkY.exe
- %TEMP%\WER0e16.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER0e16.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\ikIM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\cgMg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\UAQQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\LsIw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\UwEW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\jEwc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\BocY.exe
- %HOMEPATH%\gOEYMkgs\wcwu.exe
- %HOMEPATH%\gOEYMkgs\oksa.exe
- %HOMEPATH%\gOEYMkgs\pYsA.exe
- %HOMEPATH%\gOEYMkgs\eMwI.exe
- %TEMP%\WERf25d.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\vcYM.exe
- %HOMEPATH%\gOEYMkgs\jgEm.exe
- %HOMEPATH%\gOEYMkgs\Poco.exe
- %HOMEPATH%\gOEYMkgs\igIG.exe
- %HOMEPATH%\gOEYMkgs\RQYU.exe
- %HOMEPATH%\gOEYMkgs\tEwy.exe
- %HOMEPATH%\gOEYMkgs\fgcA.exe
- %HOMEPATH%\gOEYMkgs\tYwW.exe
- %HOMEPATH%\gOEYMkgs\ZMwG.exe
- %HOMEPATH%\gOEYMkgs\VIcq.exe
- %HOMEPATH%\gOEYMkgs\hQIQ.exe
- %HOMEPATH%\gOEYMkgs\wYUq.exe
- %HOMEPATH%\gOEYMkgs\xEom.exe
- %HOMEPATH%\gOEYMkgs\FMQw.exe
- %HOMEPATH%\gOEYMkgs\vkwg.exe
- %TEMP%\WERf25d.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\Eoce.exe
- %HOMEPATH%\gOEYMkgs\NokG.exe
- %TEMP%\WERf25d.dir00\manifest.txt
- %TEMP%\WERf25d.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\hUIm.exe
- %TEMP%\WER80f7.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\UwkK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\LIkO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\Gkwy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\iYAi.exe
- %HOMEPATH%\gOEYMkgs\IUIg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\LwQs.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\gwcA.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\JUsC.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %TEMP%\WER80f7.dir00\manifest.txt
- %TEMP%\WER80f7.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\ZQEY.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\Sgcq.exe
- %HOMEPATH%\gOEYMkgs\oUwu.exe
- %HOMEPATH%\gOEYMkgs\bAAc.exe
- %HOMEPATH%\gOEYMkgs\HkIe.exe
- %HOMEPATH%\gOEYMkgs\GYkc.exe
- %HOMEPATH%\gOEYMkgs\dAwq.exe
- %HOMEPATH%\gOEYMkgs\ygUS.exe
- %HOMEPATH%\gOEYMkgs\QUQy.exe
- %HOMEPATH%\gOEYMkgs\xckm.exe
- %HOMEPATH%\gOEYMkgs\NIoM.exe
- %HOMEPATH%\gOEYMkgs\IUQO.exe
- %HOMEPATH%\gOEYMkgs\eMEC.exe
- %HOMEPATH%\gOEYMkgs\vUsA.exe
- %HOMEPATH%\gOEYMkgs\ykMY.exe
- %HOMEPATH%\gOEYMkgs\nscE.exe
- %HOMEPATH%\gOEYMkgs\nUsS.exe
- %HOMEPATH%\gOEYMkgs\jAgu.exe
- %HOMEPATH%\gOEYMkgs\oowi.exe
- %HOMEPATH%\gOEYMkgs\eoUi.exe
- %HOMEPATH%\gOEYMkgs\LUAA.exe
- %HOMEPATH%\gOEYMkgs\IIkW.exe
- %HOMEPATH%\gOEYMkgs\BUIy.exe
- %HOMEPATH%\gOEYMkgs\GkkS.exe
- %HOMEPATH%\gOEYMkgs\YsMW.exe
- %HOMEPATH%\gOEYMkgs\iMcy.exe
- %HOMEPATH%\gOEYMkgs\oYki.exe
- %HOMEPATH%\gOEYMkgs\ZIUA.exe
- %HOMEPATH%\gOEYMkgs\WkYo.exe
- %HOMEPATH%\gOEYMkgs\sYMK.exe
- %HOMEPATH%\gOEYMkgs\TMMY.exe
- %HOMEPATH%\gOEYMkgs\SQcu.exe
- %HOMEPATH%\gOEYMkgs\pwAG.exe
- %HOMEPATH%\gOEYMkgs\ZcoY.exe
- %HOMEPATH%\gOEYMkgs\kIQu.exe
- %HOMEPATH%\gOEYMkgs\KYwK.exe
- %HOMEPATH%\gOEYMkgs\LMMW.exe
- %HOMEPATH%\gOEYMkgs\eMgs.exe
- %HOMEPATH%\gOEYMkgs\igwU.exe
- %HOMEPATH%\gOEYMkgs\UQsM.exe
- %HOMEPATH%\gOEYMkgs\nsAa.exe
- %HOMEPATH%\gOEYMkgs\qEoW.exe
- %HOMEPATH%\gOEYMkgs\aUAQ.exe
- %HOMEPATH%\gOEYMkgs\LEIG.exe
- %HOMEPATH%\gOEYMkgs\CkMY.exe
- %HOMEPATH%\gOEYMkgs\ywMy.exe
- %HOMEPATH%\gOEYMkgs\VIsm.exe
- %HOMEPATH%\gOEYMkgs\wwkg.exe
- %HOMEPATH%\gOEYMkgs\BkUw.exe
- %HOMEPATH%\gOEYMkgs\zAsw.exe
- %HOMEPATH%\gOEYMkgs\IYUO.exe
- %HOMEPATH%\gOEYMkgs\YIUO.exe
- %HOMEPATH%\gOEYMkgs\zssk.exe
- %HOMEPATH%\gOEYMkgs\Fksi.exe
- %HOMEPATH%\gOEYMkgs\sgoA.exe
- %HOMEPATH%\gOEYMkgs\gIYk.exe
- %HOMEPATH%\gOEYMkgs\SkUK.exe
- %HOMEPATH%\gOEYMkgs\UsIC.exe
- %HOMEPATH%\gOEYMkgs\oMQa.exe
- %HOMEPATH%\gOEYMkgs\GQYs.exe
- %HOMEPATH%\gOEYMkgs\cAYU.exe
- %HOMEPATH%\gOEYMkgs\AYgI.exe
- %HOMEPATH%\gOEYMkgs\XAUy.exe
- %HOMEPATH%\gOEYMkgs\ZswM.exe
- %HOMEPATH%\gOEYMkgs\cMsu.exe
- %HOMEPATH%\gOEYMkgs\ccsk.exe
- %HOMEPATH%\gOEYMkgs\aQgs.exe
- %HOMEPATH%\gOEYMkgs\sEUA.exe
- %HOMEPATH%\gOEYMkgs\JkAQ.exe
- %HOMEPATH%\gOEYMkgs\iYsm.exe
- %HOMEPATH%\gOEYMkgs\yMEk.exe
- %HOMEPATH%\gOEYMkgs\agcM.exe
- %HOMEPATH%\gOEYMkgs\jYsW.exe
- %HOMEPATH%\gOEYMkgs\tAkc.exe
- %HOMEPATH%\gOEYMkgs\lkMm.exe
- %HOMEPATH%\gOEYMkgs\uUIc.exe
- %HOMEPATH%\gOEYMkgs\bgwI.exe
- %HOMEPATH%\gOEYMkgs\WYEe.exe
- %HOMEPATH%\gOEYMkgs\UwkK.exe
- %HOMEPATH%\gOEYMkgs\hUIm.exe
- %HOMEPATH%\gOEYMkgs\Sgcq.exe
- %HOMEPATH%\gOEYMkgs\IUIg.exe
- %HOMEPATH%\gOEYMkgs\Gkwy.exe
- %HOMEPATH%\gOEYMkgs\Dcws.exe
- %HOMEPATH%\gOEYMkgs\cIoe.exe
- %HOMEPATH%\gOEYMkgs\iYAi.exe
- %HOMEPATH%\gOEYMkgs\LIkO.exe
- %HOMEPATH%\gOEYMkgs\jgEm.exe
- %HOMEPATH%\gOEYMkgs\Poco.exe
- %HOMEPATH%\gOEYMkgs\tEwy.exe
- %HOMEPATH%\gOEYMkgs\fgcA.exe
- %HOMEPATH%\gOEYMkgs\igIG.exe
- %HOMEPATH%\gOEYMkgs\LwQs.exe
- %HOMEPATH%\gOEYMkgs\ZQEY.exe
- %HOMEPATH%\gOEYMkgs\gwcA.exe
- %HOMEPATH%\gOEYMkgs\JUsC.exe
- %HOMEPATH%\gOEYMkgs\rYwC.exe
- %HOMEPATH%\gOEYMkgs\LsIw.exe
- %HOMEPATH%\gOEYMkgs\cgMg.exe
- %HOMEPATH%\gOEYMkgs\GUgI.exe
- %HOMEPATH%\gOEYMkgs\UAQQ.exe
- %HOMEPATH%\gOEYMkgs\jEwc.exe
- %HOMEPATH%\gOEYMkgs\ikIM.exe
- %HOMEPATH%\gOEYMkgs\PMkY.exe
- %HOMEPATH%\gOEYMkgs\BocY.exe
- %HOMEPATH%\gOEYMkgs\UwEW.exe
- %HOMEPATH%\gOEYMkgs\GkoA.exe
- %HOMEPATH%\gOEYMkgs\XUMu.exe
- %HOMEPATH%\gOEYMkgs\RUAi.exe
- %HOMEPATH%\gOEYMkgs\GIks.exe
- %TEMP%\sGIUMogA.bat
- %HOMEPATH%\gOEYMkgs\aUEe.exe
- %HOMEPATH%\gOEYMkgs\Lwko.exe
- %HOMEPATH%\gOEYMkgs\JMIU.exe
- %HOMEPATH%\gOEYMkgs\CUck.exe
- %HOMEPATH%\gOEYMkgs\RQYU.exe
- %HOMEPATH%\gOEYMkgs\fEsm.exe
- %HOMEPATH%\gOEYMkgs\HIQA.exe
- %HOMEPATH%\gOEYMkgs\rwQs.exe
- %HOMEPATH%\gOEYMkgs\UQko.exe
- %HOMEPATH%\gOEYMkgs\ogwK.exe
- %HOMEPATH%\gOEYMkgs\akUK.exe
- %HOMEPATH%\gOEYMkgs\rgkq.exe
- %HOMEPATH%\gOEYMkgs\WIUw.exe
- %HOMEPATH%\gOEYMkgs\eYMg.exe
- %HOMEPATH%\gOEYMkgs\lccm.exe
- %HOMEPATH%\gOEYMkgs\kcUe.exe
- %HOMEPATH%\gOEYMkgs\IEQE.exe
- %HOMEPATH%\gOEYMkgs\Pswk.exe
- %HOMEPATH%\gOEYMkgs\JYAW.exe
- %HOMEPATH%\gOEYMkgs\gYYc.exe
- %HOMEPATH%\gOEYMkgs\voYM.exe
- %HOMEPATH%\gOEYMkgs\xcEC.exe
- %HOMEPATH%\gOEYMkgs\hMgA.exe
- %HOMEPATH%\gOEYMkgs\pIcU.exe
- %HOMEPATH%\gOEYMkgs\Eoce.exe
- %HOMEPATH%\gOEYMkgs\tYwW.exe
- %HOMEPATH%\gOEYMkgs\NokG.exe
- %HOMEPATH%\gOEYMkgs\vkwg.exe
- %HOMEPATH%\gOEYMkgs\eMwI.exe
- %HOMEPATH%\gOEYMkgs\oksa.exe
- %HOMEPATH%\gOEYMkgs\pYsA.exe
- %HOMEPATH%\gOEYMkgs\vcYM.exe
- %HOMEPATH%\gOEYMkgs\wcwu.exe
- %HOMEPATH%\gOEYMkgs\yAka.exe
- %HOMEPATH%\gOEYMkgs\wYUq.exe
- %HOMEPATH%\gOEYMkgs\Dowk.exe
- %HOMEPATH%\gOEYMkgs\EMsO.exe
- %HOMEPATH%\gOEYMkgs\xEom.exe
- %HOMEPATH%\gOEYMkgs\VIcq.exe
- %HOMEPATH%\gOEYMkgs\hQIQ.exe
- %HOMEPATH%\gOEYMkgs\FMQw.exe
- %HOMEPATH%\gOEYMkgs\ZMwG.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'