Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '%TEMP%\maplestory.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\maplestory.exe
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\isEu.exe
- %HOMEPATH%\gOEYMkgs\dMga.exe
- %HOMEPATH%\gOEYMkgs\qcoS.exe
- %HOMEPATH%\gOEYMkgs\Vkcm.exe
- %HOMEPATH%\gOEYMkgs\vcYq.exe
- %HOMEPATH%\gOEYMkgs\lMYQ.exe
- %HOMEPATH%\gOEYMkgs\LgoE.exe
- %HOMEPATH%\gOEYMkgs\eQkG.exe
- %HOMEPATH%\gOEYMkgs\wYEU.exe
- %HOMEPATH%\gOEYMkgs\TQII.exe
- %HOMEPATH%\gOEYMkgs\KoAa.exe
- %HOMEPATH%\gOEYMkgs\DUsK.exe
- %HOMEPATH%\gOEYMkgs\UUII.exe
- %HOMEPATH%\gOEYMkgs\osce.exe
- %HOMEPATH%\gOEYMkgs\kssM.exe
- %HOMEPATH%\gOEYMkgs\jAgI.exe
- %HOMEPATH%\gOEYMkgs\ngwY.exe
- %HOMEPATH%\gOEYMkgs\vIYO.exe
- %HOMEPATH%\gOEYMkgs\ocYo.exe
- %HOMEPATH%\gOEYMkgs\wAAS.exe
- %HOMEPATH%\gOEYMkgs\PoMg.exe
- %HOMEPATH%\gOEYMkgs\fIgs.exe
- %HOMEPATH%\gOEYMkgs\TEQw.exe
- %HOMEPATH%\gOEYMkgs\BgAk.exe
- %HOMEPATH%\gOEYMkgs\YgQk.exe
- %HOMEPATH%\gOEYMkgs\CAMg.exe
- %HOMEPATH%\gOEYMkgs\GIoW.exe
- %HOMEPATH%\gOEYMkgs\dcoa.exe
- %HOMEPATH%\gOEYMkgs\FQMA.exe
- %HOMEPATH%\gOEYMkgs\FEQC.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\JcMI.exe
- %HOMEPATH%\gOEYMkgs\WMgo.exe
- %HOMEPATH%\gOEYMkgs\pcIg.exe
- %HOMEPATH%\gOEYMkgs\gsoI.exe
- %HOMEPATH%\gOEYMkgs\CUgq.exe
- %HOMEPATH%\gOEYMkgs\wkIm.exe
- %HOMEPATH%\gOEYMkgs\AYAa.exe
- %HOMEPATH%\gOEYMkgs\sYAg.exe
- %HOMEPATH%\gOEYMkgs\FIAA.exe
- %HOMEPATH%\gOEYMkgs\zYUG.exe
- %HOMEPATH%\gOEYMkgs\GwoQ.exe
- %HOMEPATH%\gOEYMkgs\fAou.exe
- %HOMEPATH%\gOEYMkgs\HIMs.exe
- %HOMEPATH%\gOEYMkgs\ugEK.exe
- %HOMEPATH%\gOEYMkgs\wYAS.exe
- %HOMEPATH%\gOEYMkgs\tsYa.exe
- %HOMEPATH%\gOEYMkgs\Vkss.exe
- %HOMEPATH%\gOEYMkgs\UEMO.exe
- %HOMEPATH%\gOEYMkgs\pIEI.exe
- %HOMEPATH%\gOEYMkgs\lQIE.exe
- %HOMEPATH%\gOEYMkgs\WsQI.exe
- %HOMEPATH%\gOEYMkgs\MUEM.exe
- %HOMEPATH%\gOEYMkgs\cIUE.exe
- %HOMEPATH%\gOEYMkgs\pcYO.exe
- %HOMEPATH%\gOEYMkgs\hwwy.exe
- %HOMEPATH%\gOEYMkgs\jggY.exe
- %HOMEPATH%\gOEYMkgs\VYgq.exe
- %HOMEPATH%\gOEYMkgs\Ekok.exe
- %HOMEPATH%\gOEYMkgs\jAAG.exe
- %HOMEPATH%\gOEYMkgs\UQQi.exe
- %HOMEPATH%\gOEYMkgs\KQEu.exe
- %HOMEPATH%\gOEYMkgs\fIQG.exe
- %HOMEPATH%\gOEYMkgs\vEUc.exe
- %HOMEPATH%\gOEYMkgs\hYwu.exe
- %HOMEPATH%\gOEYMkgs\MIwM.exe
- %HOMEPATH%\gOEYMkgs\OkQo.exe
- %HOMEPATH%\gOEYMkgs\fQgs.exe
- %HOMEPATH%\gOEYMkgs\woAk.exe
- %HOMEPATH%\gOEYMkgs\uQcS.exe
- %HOMEPATH%\gOEYMkgs\FoMc.exe
- %HOMEPATH%\gOEYMkgs\IkwA.exe
- %HOMEPATH%\gOEYMkgs\noAI.exe
- %HOMEPATH%\gOEYMkgs\tIIo.exe
- %HOMEPATH%\gOEYMkgs\qIIk.exe
- %HOMEPATH%\gOEYMkgs\bckG.exe
- %HOMEPATH%\gOEYMkgs\yUYC.exe
- %HOMEPATH%\gOEYMkgs\XkYc.exe
- %HOMEPATH%\gOEYMkgs\oUcs.exe
- %HOMEPATH%\gOEYMkgs\jIUG.exe
- %HOMEPATH%\gOEYMkgs\egci.exe
- %HOMEPATH%\gOEYMkgs\TUYQ.exe
- %HOMEPATH%\gOEYMkgs\ZIIU.exe
- %HOMEPATH%\gOEYMkgs\hAUs.exe
- %HOMEPATH%\gOEYMkgs\icwi.exe
- %HOMEPATH%\gOEYMkgs\RgwE.exe
- %HOMEPATH%\gOEYMkgs\uoEq.exe
- %HOMEPATH%\gOEYMkgs\aAwg.exe
- %HOMEPATH%\gOEYMkgs\lkMK.exe
- %HOMEPATH%\gOEYMkgs\iEca.exe
- %HOMEPATH%\gOEYMkgs\oggg.exe
- %HOMEPATH%\gOEYMkgs\ScMC.exe
- %HOMEPATH%\gOEYMkgs\AMQC.exe
- %HOMEPATH%\gOEYMkgs\AUIK.exe
- %HOMEPATH%\gOEYMkgs\Kcoo.exe
- %HOMEPATH%\gOEYMkgs\vQYG.exe
- %HOMEPATH%\gOEYMkgs\mYIc.exe
- %HOMEPATH%\gOEYMkgs\Aowy.exe
- %HOMEPATH%\gOEYMkgs\xYAU.exe
- %HOMEPATH%\gOEYMkgs\ZUoi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\sEUU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\OcgS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\jIcA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\JQoa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\WUcm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\Ekou.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\rYoi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\Mwke.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\oYQE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\NAoa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\fcMG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\EEMw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %TEMP%\WER9aba.dir00\manifest.txt
- %TEMP%\WER9aba.dir00\appcompat.txt
- %TEMP%\WER9aba.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\kMYk.exe
- %TEMP%\WER9b73.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER9aba.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %TEMP%\WER9b73.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZYIs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\osYI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\oIYa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\QcMW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %TEMP%\WER9b73.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\roEC.exe
- %TEMP%\WER9b73.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\RMsk.exe
- %HOMEPATH%\gOEYMkgs\AQUM.exe
- %HOMEPATH%\gOEYMkgs\TEEe.exe
- %HOMEPATH%\gOEYMkgs\Iwgu.exe
- %HOMEPATH%\gOEYMkgs\Sskc.exe
- %HOMEPATH%\gOEYMkgs\oYYG.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\aUga.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\MUUo.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\yoMI.exe
- %HOMEPATH%\gOEYMkgs\ukse.exe
- %HOMEPATH%\gOEYMkgs\tQsM.exe
- %HOMEPATH%\gOEYMkgs\lMAi.exe
- %HOMEPATH%\gOEYMkgs\GYsC.exe
- %HOMEPATH%\gOEYMkgs\lIQW.exe
- %HOMEPATH%\gOEYMkgs\OkMU.exe
- %HOMEPATH%\gOEYMkgs\mEUu.exe
- %HOMEPATH%\gOEYMkgs\kIca.exe
- %HOMEPATH%\gOEYMkgs\ncso.exe
- %HOMEPATH%\gOEYMkgs\lIcc.exe
- %HOMEPATH%\gOEYMkgs\iQsW.exe
- %HOMEPATH%\gOEYMkgs\PkYm.exe
- %HOMEPATH%\gOEYMkgs\QsoW.exe
- %HOMEPATH%\gOEYMkgs\PMwa.exe
- %TEMP%\WER1709.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %TEMP%\WER1709.dir00\manifest.txt
- %TEMP%\WER1709.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\rcsG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\IIUm.exe
- %HOMEPATH%\gOEYMkgs\kAos.exe
- %TEMP%\WER1709.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\YIgW.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\tEgy.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\sUcC.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\wwQU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\pssS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\KkAK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\oMQG.exe
- %HOMEPATH%\gOEYMkgs\hAUs.exe
- %HOMEPATH%\gOEYMkgs\ngwY.exe
- %HOMEPATH%\gOEYMkgs\TUYQ.exe
- %HOMEPATH%\gOEYMkgs\ZIIU.exe
- %HOMEPATH%\gOEYMkgs\vIYO.exe
- %HOMEPATH%\gOEYMkgs\kssM.exe
- %HOMEPATH%\gOEYMkgs\jAgI.exe
- %HOMEPATH%\gOEYMkgs\ocYo.exe
- %HOMEPATH%\gOEYMkgs\osce.exe
- %HOMEPATH%\gOEYMkgs\egci.exe
- %HOMEPATH%\gOEYMkgs\bckG.exe
- %HOMEPATH%\gOEYMkgs\oUcs.exe
- %HOMEPATH%\gOEYMkgs\jIUG.exe
- %HOMEPATH%\gOEYMkgs\yUYC.exe
- %HOMEPATH%\gOEYMkgs\RgwE.exe
- %HOMEPATH%\gOEYMkgs\uoEq.exe
- %HOMEPATH%\gOEYMkgs\XkYc.exe
- %HOMEPATH%\gOEYMkgs\icwi.exe
- %HOMEPATH%\gOEYMkgs\TEQw.exe
- %HOMEPATH%\gOEYMkgs\qcoS.exe
- %HOMEPATH%\gOEYMkgs\TQII.exe
- %HOMEPATH%\gOEYMkgs\isEu.exe
- %HOMEPATH%\gOEYMkgs\dMga.exe
- %HOMEPATH%\gOEYMkgs\KoAa.exe
- %HOMEPATH%\gOEYMkgs\eQkG.exe
- %HOMEPATH%\gOEYMkgs\wYEU.exe
- %HOMEPATH%\gOEYMkgs\DUsK.exe
- %HOMEPATH%\gOEYMkgs\LgoE.exe
- %HOMEPATH%\gOEYMkgs\wAAS.exe
- %HOMEPATH%\gOEYMkgs\PoMg.exe
- %HOMEPATH%\gOEYMkgs\BgAk.exe
- %HOMEPATH%\gOEYMkgs\YgQk.exe
- %HOMEPATH%\gOEYMkgs\fIgs.exe
- %HOMEPATH%\gOEYMkgs\vcYq.exe
- %HOMEPATH%\gOEYMkgs\lMYQ.exe
- %HOMEPATH%\gOEYMkgs\UUII.exe
- %HOMEPATH%\gOEYMkgs\Vkcm.exe
- %HOMEPATH%\gOEYMkgs\aAwg.exe
- %HOMEPATH%\gOEYMkgs\IkwA.exe
- %HOMEPATH%\gOEYMkgs\fIQG.exe
- %HOMEPATH%\gOEYMkgs\uQcS.exe
- %HOMEPATH%\gOEYMkgs\FoMc.exe
- %HOMEPATH%\gOEYMkgs\cIUE.exe
- %HOMEPATH%\gOEYMkgs\lQIE.exe
- %HOMEPATH%\gOEYMkgs\WsQI.exe
- %HOMEPATH%\gOEYMkgs\pcYO.exe
- %HOMEPATH%\gOEYMkgs\hwwy.exe
- %HOMEPATH%\gOEYMkgs\woAk.exe
- %HOMEPATH%\gOEYMkgs\vEUc.exe
- %HOMEPATH%\gOEYMkgs\OkQo.exe
- %HOMEPATH%\gOEYMkgs\fQgs.exe
- %HOMEPATH%\gOEYMkgs\hYwu.exe
- %HOMEPATH%\gOEYMkgs\tIIo.exe
- %HOMEPATH%\gOEYMkgs\qIIk.exe
- %HOMEPATH%\gOEYMkgs\MIwM.exe
- %HOMEPATH%\gOEYMkgs\noAI.exe
- %HOMEPATH%\gOEYMkgs\MUEM.exe
- %HOMEPATH%\gOEYMkgs\oggg.exe
- %HOMEPATH%\gOEYMkgs\Aowy.exe
- %HOMEPATH%\gOEYMkgs\lkMK.exe
- %HOMEPATH%\gOEYMkgs\iEca.exe
- %HOMEPATH%\gOEYMkgs\xYAU.exe
- %HOMEPATH%\gOEYMkgs\vQYG.exe
- %HOMEPATH%\gOEYMkgs\mYIc.exe
- %HOMEPATH%\gOEYMkgs\ZUoi.exe
- %HOMEPATH%\gOEYMkgs\Kcoo.exe
- %HOMEPATH%\gOEYMkgs\KQEu.exe
- %HOMEPATH%\gOEYMkgs\jggY.exe
- %HOMEPATH%\gOEYMkgs\jAAG.exe
- %HOMEPATH%\gOEYMkgs\UQQi.exe
- %HOMEPATH%\gOEYMkgs\VYgq.exe
- %HOMEPATH%\gOEYMkgs\AMQC.exe
- %HOMEPATH%\gOEYMkgs\AUIK.exe
- %HOMEPATH%\gOEYMkgs\Ekok.exe
- %HOMEPATH%\gOEYMkgs\ScMC.exe
- %HOMEPATH%\gOEYMkgs\GwoQ.exe
- %HOMEPATH%\gOEYMkgs\oMQG.exe
- %HOMEPATH%\gOEYMkgs\pssS.exe
- %HOMEPATH%\gOEYMkgs\tEgy.exe
- %HOMEPATH%\gOEYMkgs\KkAK.exe
- %HOMEPATH%\gOEYMkgs\YIgW.exe
- %HOMEPATH%\gOEYMkgs\rcsG.exe
- %HOMEPATH%\gOEYMkgs\IIUm.exe
- %HOMEPATH%\gOEYMkgs\PMwa.exe
- %HOMEPATH%\gOEYMkgs\kAos.exe
- %HOMEPATH%\gOEYMkgs\AQUM.exe
- %HOMEPATH%\gOEYMkgs\TEEe.exe
- %HOMEPATH%\gOEYMkgs\oYYG.exe
- %HOMEPATH%\gOEYMkgs\RMsk.exe
- %HOMEPATH%\gOEYMkgs\MUUo.exe
- %HOMEPATH%\gOEYMkgs\sUcC.exe
- %HOMEPATH%\gOEYMkgs\wwQU.exe
- %HOMEPATH%\gOEYMkgs\yoMI.exe
- %HOMEPATH%\gOEYMkgs\aUga.exe
- %HOMEPATH%\gOEYMkgs\oYQE.exe
- %HOMEPATH%\gOEYMkgs\osYI.exe
- %HOMEPATH%\gOEYMkgs\oIYa.exe
- %HOMEPATH%\gOEYMkgs\Ekou.exe
- %HOMEPATH%\gOEYMkgs\JQoa.exe
- %HOMEPATH%\gOEYMkgs\ZYIs.exe
- %HOMEPATH%\gOEYMkgs\kMYk.exe
- %TEMP%\XWckswsY.bat
- %HOMEPATH%\gOEYMkgs\roEC.exe
- %HOMEPATH%\gOEYMkgs\QcMW.exe
- %HOMEPATH%\gOEYMkgs\EEMw.exe
- %HOMEPATH%\gOEYMkgs\NAoa.exe
- %HOMEPATH%\gOEYMkgs\rYoi.exe
- %HOMEPATH%\gOEYMkgs\Mwke.exe
- %HOMEPATH%\gOEYMkgs\fcMG.exe
- %HOMEPATH%\gOEYMkgs\sEUU.exe
- %HOMEPATH%\gOEYMkgs\WUcm.exe
- %HOMEPATH%\gOEYMkgs\OcgS.exe
- %HOMEPATH%\gOEYMkgs\jIcA.exe
- %HOMEPATH%\gOEYMkgs\Sskc.exe
- %HOMEPATH%\gOEYMkgs\AYAa.exe
- %HOMEPATH%\gOEYMkgs\FQMA.exe
- %HOMEPATH%\gOEYMkgs\wYAS.exe
- %HOMEPATH%\gOEYMkgs\tsYa.exe
- %HOMEPATH%\gOEYMkgs\FEQC.exe
- %HOMEPATH%\gOEYMkgs\dcoa.exe
- %HOMEPATH%\gOEYMkgs\gsoI.exe
- %HOMEPATH%\gOEYMkgs\CAMg.exe
- %HOMEPATH%\gOEYMkgs\GIoW.exe
- %HOMEPATH%\gOEYMkgs\sYAg.exe
- %HOMEPATH%\gOEYMkgs\FIAA.exe
- %HOMEPATH%\gOEYMkgs\fAou.exe
- %HOMEPATH%\gOEYMkgs\HIMs.exe
- %HOMEPATH%\gOEYMkgs\zYUG.exe
- %HOMEPATH%\gOEYMkgs\pIEI.exe
- %HOMEPATH%\gOEYMkgs\ugEK.exe
- %HOMEPATH%\gOEYMkgs\Vkss.exe
- %HOMEPATH%\gOEYMkgs\UEMO.exe
- %HOMEPATH%\gOEYMkgs\CUgq.exe
- %HOMEPATH%\gOEYMkgs\PkYm.exe
- %HOMEPATH%\gOEYMkgs\QsoW.exe
- %HOMEPATH%\gOEYMkgs\GYsC.exe
- %HOMEPATH%\gOEYMkgs\iQsW.exe
- %HOMEPATH%\gOEYMkgs\kIca.exe
- %HOMEPATH%\gOEYMkgs\ukse.exe
- %HOMEPATH%\gOEYMkgs\Iwgu.exe
- %HOMEPATH%\gOEYMkgs\ncso.exe
- %HOMEPATH%\gOEYMkgs\lIcc.exe
- %HOMEPATH%\gOEYMkgs\WMgo.exe
- %HOMEPATH%\gOEYMkgs\pcIg.exe
- %HOMEPATH%\gOEYMkgs\wkIm.exe
- %HOMEPATH%\gOEYMkgs\JcMI.exe
- %HOMEPATH%\gOEYMkgs\lIQW.exe
- %HOMEPATH%\gOEYMkgs\tQsM.exe
- %HOMEPATH%\gOEYMkgs\lMAi.exe
- %HOMEPATH%\gOEYMkgs\OkMU.exe
- %HOMEPATH%\gOEYMkgs\mEUu.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'