Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\yggU.exe
- %HOMEPATH%\gOEYMkgs\WoIK.exe
- %HOMEPATH%\gOEYMkgs\OwIi.exe
- %TEMP%\WER4470.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\ZEsI.exe
- %HOMEPATH%\gOEYMkgs\zMki.exe
- %HOMEPATH%\gOEYMkgs\RIYA.exe
- %HOMEPATH%\gOEYMkgs\NEQg.exe
- %HOMEPATH%\gOEYMkgs\ygYM.exe
- %HOMEPATH%\gOEYMkgs\mgki.exe
- %HOMEPATH%\gOEYMkgs\AocG.exe
- %HOMEPATH%\gOEYMkgs\XgsI.exe
- %HOMEPATH%\gOEYMkgs\IYQy.exe
- %HOMEPATH%\gOEYMkgs\yUoY.exe
- %TEMP%\WER4470.dir00\manifest.txt
- %TEMP%\WER4470.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\GQcO.exe
- %HOMEPATH%\gOEYMkgs\zIYU.exe
- %HOMEPATH%\gOEYMkgs\hIUu.exe
- %HOMEPATH%\gOEYMkgs\hccM.exe
- %TEMP%\WER4470.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\HQwy.exe
- %HOMEPATH%\gOEYMkgs\hcQA.exe
- %HOMEPATH%\gOEYMkgs\KAAu.exe
- %HOMEPATH%\gOEYMkgs\soQO.exe
- %HOMEPATH%\gOEYMkgs\MQcm.exe
- %HOMEPATH%\gOEYMkgs\fUYq.exe
- %HOMEPATH%\gOEYMkgs\xAYK.exe
- %HOMEPATH%\gOEYMkgs\xIcc.exe
- %HOMEPATH%\gOEYMkgs\EEsi.exe
- %HOMEPATH%\gOEYMkgs\IokE.exe
- %HOMEPATH%\gOEYMkgs\IUUw.exe
- %HOMEPATH%\gOEYMkgs\hoMY.exe
- %HOMEPATH%\gOEYMkgs\nMcq.exe
- %HOMEPATH%\gOEYMkgs\eYYY.exe
- %HOMEPATH%\gOEYMkgs\AoQC.exe
- %HOMEPATH%\gOEYMkgs\vMMI.exe
- %HOMEPATH%\gOEYMkgs\TIEU.exe
- %HOMEPATH%\gOEYMkgs\ZQsc.exe
- %HOMEPATH%\gOEYMkgs\zMEa.exe
- %HOMEPATH%\gOEYMkgs\gEAo.exe
- %HOMEPATH%\gOEYMkgs\nQUC.exe
- %HOMEPATH%\gOEYMkgs\GkIu.exe
- %HOMEPATH%\gOEYMkgs\KcUc.exe
- %HOMEPATH%\gOEYMkgs\BcsY.exe
- %HOMEPATH%\gOEYMkgs\dwoA.exe
- %HOMEPATH%\gOEYMkgs\bMci.exe
- %HOMEPATH%\gOEYMkgs\DwsW.exe
- %HOMEPATH%\gOEYMkgs\VgEO.exe
- %HOMEPATH%\gOEYMkgs\yIYg.exe
- %HOMEPATH%\gOEYMkgs\nwow.exe
- %HOMEPATH%\gOEYMkgs\aAws.exe
- %HOMEPATH%\gOEYMkgs\Hwcm.exe
- %HOMEPATH%\gOEYMkgs\qMIS.exe
- %HOMEPATH%\gOEYMkgs\pkUo.exe
- %HOMEPATH%\gOEYMkgs\xocA.exe
- %HOMEPATH%\gOEYMkgs\YkEM.exe
- %HOMEPATH%\gOEYMkgs\cgIm.exe
- %HOMEPATH%\gOEYMkgs\uAkk.exe
- %HOMEPATH%\gOEYMkgs\sswG.exe
- %HOMEPATH%\gOEYMkgs\CgkC.exe
- %HOMEPATH%\gOEYMkgs\GwcG.exe
- %HOMEPATH%\gOEYMkgs\rskK.exe
- %HOMEPATH%\gOEYMkgs\SsME.exe
- %HOMEPATH%\gOEYMkgs\kIsg.exe
- %TEMP%\WERb025.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\BwMo.exe
- %TEMP%\WERb025.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\MoEK.exe
- %TEMP%\WERb025.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\fIwI.exe
- %HOMEPATH%\gOEYMkgs\jogm.exe
- %HOMEPATH%\gOEYMkgs\PIYE.exe
- %HOMEPATH%\gOEYMkgs\pMEM.exe
- %HOMEPATH%\gOEYMkgs\AwIe.exe
- %HOMEPATH%\gOEYMkgs\GIMS.exe
- %HOMEPATH%\gOEYMkgs\IAcG.exe
- %TEMP%\WERb025.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\WUso.exe
- %HOMEPATH%\gOEYMkgs\xcoW.exe
- %HOMEPATH%\gOEYMkgs\aoIi.exe
- %HOMEPATH%\gOEYMkgs\MkcK.exe
- %HOMEPATH%\gOEYMkgs\WIwq.exe
- %HOMEPATH%\gOEYMkgs\oMck.exe
- %HOMEPATH%\gOEYMkgs\iIMk.exe
- %HOMEPATH%\gOEYMkgs\Pwsu.exe
- %HOMEPATH%\gOEYMkgs\JAkU.exe
- %HOMEPATH%\gOEYMkgs\IsIK.exe
- %HOMEPATH%\gOEYMkgs\EwEK.exe
- %HOMEPATH%\gOEYMkgs\zscE.exe
- %HOMEPATH%\gOEYMkgs\FscU.exe
- %HOMEPATH%\gOEYMkgs\dgkK.exe
- %HOMEPATH%\gOEYMkgs\kYIa.exe
- %HOMEPATH%\gOEYMkgs\vAUK.exe
- %HOMEPATH%\gOEYMkgs\asco.exe
- %HOMEPATH%\gOEYMkgs\GAoY.exe
- %HOMEPATH%\gOEYMkgs\EMMe.exe
- %HOMEPATH%\gOEYMkgs\VUgS.exe
- %HOMEPATH%\gOEYMkgs\pQkE.exe
- %HOMEPATH%\gOEYMkgs\scAO.exe
- %HOMEPATH%\gOEYMkgs\Iwcg.exe
- %HOMEPATH%\gOEYMkgs\ewIs.exe
- %HOMEPATH%\gOEYMkgs\mogy.exe
- %HOMEPATH%\gOEYMkgs\Vwww.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\CQAq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\WAgy.exe
- %TEMP%\WER5d95.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\iIko.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\QcYk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %TEMP%\WER5d95.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\kwAg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\sEUq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\DwUk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\JQAc.exe
- %HOMEPATH%\gOEYMkgs\coIM.exe
- %HOMEPATH%\gOEYMkgs\vcAu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\poAC.exe
- %TEMP%\WER5d95.dir00\manifest.txt
- %TEMP%\WER5d95.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %TEMP%\WERd912.dir00\manifest.txt
- %TEMP%\WERd912.dir00\appcompat.txt
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\QYwS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\VMUa.exe
- %TEMP%\WERd912.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WERd912.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\cAkm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\LcwC.exe
- %HOMEPATH%\gOEYMkgs\oAcm.exe
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\SQoQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\fwIa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\lQgW.exe
- %HOMEPATH%\gOEYMkgs\hgIM.exe
- %HOMEPATH%\gOEYMkgs\ZAsq.exe
- %HOMEPATH%\gOEYMkgs\iIci.exe
- %HOMEPATH%\gOEYMkgs\pogO.exe
- %HOMEPATH%\gOEYMkgs\dAsi.exe
- %HOMEPATH%\gOEYMkgs\BMgS.exe
- %HOMEPATH%\gOEYMkgs\fAcU.exe
- %TEMP%\WERce43.dir00\appcompat.txt
- %TEMP%\WERce43.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\hwwm.exe
- %HOMEPATH%\gOEYMkgs\QIMQ.exe
- %HOMEPATH%\gOEYMkgs\pkQy.exe
- %TEMP%\WERce43.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\XYMe.exe
- %HOMEPATH%\gOEYMkgs\eMQq.exe
- %HOMEPATH%\gOEYMkgs\nEUu.exe
- %HOMEPATH%\gOEYMkgs\YgEU.exe
- %HOMEPATH%\gOEYMkgs\pUQE.exe
- %HOMEPATH%\gOEYMkgs\qsky.exe
- %HOMEPATH%\gOEYMkgs\PUYS.exe
- %HOMEPATH%\gOEYMkgs\hAcC.exe
- %HOMEPATH%\gOEYMkgs\DUsI.exe
- %HOMEPATH%\gOEYMkgs\xQwC.exe
- %HOMEPATH%\gOEYMkgs\SIkW.exe
- %HOMEPATH%\gOEYMkgs\NQMG.exe
- %HOMEPATH%\gOEYMkgs\TgUy.exe
- %HOMEPATH%\gOEYMkgs\EwMK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\QgsS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\lgoQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\awUu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\swUu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\XUQi.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\PoQI.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %TEMP%\WERce43.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\pYUY.exe
- %HOMEPATH%\gOEYMkgs\ccIM.exe
- %HOMEPATH%\gOEYMkgs\IwoW.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\swkc.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\icQg.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\zIYU.exe
- %HOMEPATH%\gOEYMkgs\hIUu.exe
- %HOMEPATH%\gOEYMkgs\IsIK.exe
- %HOMEPATH%\gOEYMkgs\GQcO.exe
- %HOMEPATH%\gOEYMkgs\yUoY.exe
- %HOMEPATH%\gOEYMkgs\soQO.exe
- %HOMEPATH%\gOEYMkgs\MQcm.exe
- %HOMEPATH%\gOEYMkgs\hccM.exe
- %HOMEPATH%\gOEYMkgs\KAAu.exe
- %HOMEPATH%\gOEYMkgs\aoIi.exe
- %HOMEPATH%\gOEYMkgs\iIMk.exe
- %HOMEPATH%\gOEYMkgs\WUso.exe
- %HOMEPATH%\gOEYMkgs\xcoW.exe
- %HOMEPATH%\gOEYMkgs\EwEK.exe
- %HOMEPATH%\gOEYMkgs\Pwsu.exe
- %HOMEPATH%\gOEYMkgs\JAkU.exe
- %HOMEPATH%\gOEYMkgs\zscE.exe
- %HOMEPATH%\gOEYMkgs\FscU.exe
- %HOMEPATH%\gOEYMkgs\HQwy.exe
- %HOMEPATH%\gOEYMkgs\ygYM.exe
- %HOMEPATH%\gOEYMkgs\mgki.exe
- %HOMEPATH%\gOEYMkgs\IYQy.exe
- %HOMEPATH%\gOEYMkgs\NEQg.exe
- %HOMEPATH%\gOEYMkgs\GkIu.exe
- %HOMEPATH%\gOEYMkgs\zMEa.exe
- %HOMEPATH%\gOEYMkgs\gEAo.exe
- %HOMEPATH%\gOEYMkgs\KcUc.exe
- %HOMEPATH%\gOEYMkgs\BcsY.exe
- %HOMEPATH%\gOEYMkgs\zMki.exe
- %HOMEPATH%\gOEYMkgs\yggU.exe
- %HOMEPATH%\gOEYMkgs\hcQA.exe
- %HOMEPATH%\gOEYMkgs\ZEsI.exe
- %HOMEPATH%\gOEYMkgs\WoIK.exe
- %HOMEPATH%\gOEYMkgs\AocG.exe
- %HOMEPATH%\gOEYMkgs\XgsI.exe
- %HOMEPATH%\gOEYMkgs\OwIi.exe
- %HOMEPATH%\gOEYMkgs\RIYA.exe
- %HOMEPATH%\gOEYMkgs\oMck.exe
- %HOMEPATH%\gOEYMkgs\cgIm.exe
- %HOMEPATH%\gOEYMkgs\Hwcm.exe
- %HOMEPATH%\gOEYMkgs\xocA.exe
- %HOMEPATH%\gOEYMkgs\YkEM.exe
- %HOMEPATH%\gOEYMkgs\qMIS.exe
- %HOMEPATH%\gOEYMkgs\rskK.exe
- %HOMEPATH%\gOEYMkgs\SsME.exe
- %HOMEPATH%\gOEYMkgs\pkUo.exe
- %HOMEPATH%\gOEYMkgs\uAkk.exe
- %HOMEPATH%\gOEYMkgs\BwMo.exe
- %HOMEPATH%\gOEYMkgs\jogm.exe
- %HOMEPATH%\gOEYMkgs\MoEK.exe
- %HOMEPATH%\gOEYMkgs\fIwI.exe
- %HOMEPATH%\gOEYMkgs\GIMS.exe
- %HOMEPATH%\gOEYMkgs\pMEM.exe
- %HOMEPATH%\gOEYMkgs\AwIe.exe
- %HOMEPATH%\gOEYMkgs\IAcG.exe
- %HOMEPATH%\gOEYMkgs\PIYE.exe
- %HOMEPATH%\gOEYMkgs\kIsg.exe
- %HOMEPATH%\gOEYMkgs\mogy.exe
- %HOMEPATH%\gOEYMkgs\Vwww.exe
- %HOMEPATH%\gOEYMkgs\VUgS.exe
- %HOMEPATH%\gOEYMkgs\ewIs.exe
- %HOMEPATH%\gOEYMkgs\pQkE.exe
- %HOMEPATH%\gOEYMkgs\MkcK.exe
- %HOMEPATH%\gOEYMkgs\WIwq.exe
- %HOMEPATH%\gOEYMkgs\scAO.exe
- %HOMEPATH%\gOEYMkgs\Iwcg.exe
- %HOMEPATH%\gOEYMkgs\GwcG.exe
- %HOMEPATH%\gOEYMkgs\asco.exe
- %HOMEPATH%\gOEYMkgs\sswG.exe
- %HOMEPATH%\gOEYMkgs\CgkC.exe
- %HOMEPATH%\gOEYMkgs\GAoY.exe
- %HOMEPATH%\gOEYMkgs\kYIa.exe
- %HOMEPATH%\gOEYMkgs\vAUK.exe
- %HOMEPATH%\gOEYMkgs\EMMe.exe
- %HOMEPATH%\gOEYMkgs\dgkK.exe
- %HOMEPATH%\gOEYMkgs\nQUC.exe
- %HOMEPATH%\gOEYMkgs\lgoQ.exe
- %HOMEPATH%\gOEYMkgs\EwMK.exe
- %HOMEPATH%\gOEYMkgs\IwoW.exe
- %HOMEPATH%\gOEYMkgs\swkc.exe
- %HOMEPATH%\gOEYMkgs\QgsS.exe
- %HOMEPATH%\gOEYMkgs\awUu.exe
- %HOMEPATH%\gOEYMkgs\DwUk.exe
- %HOMEPATH%\gOEYMkgs\swUu.exe
- %HOMEPATH%\gOEYMkgs\XUQi.exe
- %HOMEPATH%\gOEYMkgs\QIMQ.exe
- %HOMEPATH%\gOEYMkgs\pkQy.exe
- %HOMEPATH%\gOEYMkgs\iIci.exe
- %HOMEPATH%\gOEYMkgs\fAcU.exe
- %HOMEPATH%\gOEYMkgs\hwwm.exe
- %HOMEPATH%\gOEYMkgs\ccIM.exe
- %HOMEPATH%\gOEYMkgs\icQg.exe
- %HOMEPATH%\gOEYMkgs\pYUY.exe
- %HOMEPATH%\gOEYMkgs\PoQI.exe
- %HOMEPATH%\gOEYMkgs\JQAc.exe
- %HOMEPATH%\gOEYMkgs\cAkm.exe
- %HOMEPATH%\gOEYMkgs\LcwC.exe
- %HOMEPATH%\gOEYMkgs\oAcm.exe
- %TEMP%\eIIsIEQQ.bat
- %HOMEPATH%\gOEYMkgs\fwIa.exe
- %HOMEPATH%\gOEYMkgs\QYwS.exe
- %HOMEPATH%\gOEYMkgs\VMUa.exe
- %HOMEPATH%\gOEYMkgs\lQgW.exe
- %HOMEPATH%\gOEYMkgs\SQoQ.exe
- %HOMEPATH%\gOEYMkgs\vcAu.exe
- %HOMEPATH%\gOEYMkgs\poAC.exe
- %HOMEPATH%\gOEYMkgs\sEUq.exe
- %HOMEPATH%\gOEYMkgs\coIM.exe
- %HOMEPATH%\gOEYMkgs\WAgy.exe
- %HOMEPATH%\gOEYMkgs\kwAg.exe
- %HOMEPATH%\gOEYMkgs\QcYk.exe
- %HOMEPATH%\gOEYMkgs\CQAq.exe
- %HOMEPATH%\gOEYMkgs\iIko.exe
- %HOMEPATH%\gOEYMkgs\ZAsq.exe
- %HOMEPATH%\gOEYMkgs\xAYK.exe
- %HOMEPATH%\gOEYMkgs\xIcc.exe
- %HOMEPATH%\gOEYMkgs\IUUw.exe
- %HOMEPATH%\gOEYMkgs\fUYq.exe
- %HOMEPATH%\gOEYMkgs\hoMY.exe
- %HOMEPATH%\gOEYMkgs\ZQsc.exe
- %HOMEPATH%\gOEYMkgs\nMcq.exe
- %HOMEPATH%\gOEYMkgs\vMMI.exe
- %HOMEPATH%\gOEYMkgs\TIEU.exe
- %HOMEPATH%\gOEYMkgs\nwow.exe
- %HOMEPATH%\gOEYMkgs\aAws.exe
- %HOMEPATH%\gOEYMkgs\dwoA.exe
- %HOMEPATH%\gOEYMkgs\yIYg.exe
- %HOMEPATH%\gOEYMkgs\bMci.exe
- %HOMEPATH%\gOEYMkgs\EEsi.exe
- %HOMEPATH%\gOEYMkgs\IokE.exe
- %HOMEPATH%\gOEYMkgs\DwsW.exe
- %HOMEPATH%\gOEYMkgs\VgEO.exe
- %HOMEPATH%\gOEYMkgs\eYYY.exe
- %HOMEPATH%\gOEYMkgs\hAcC.exe
- %HOMEPATH%\gOEYMkgs\DUsI.exe
- %HOMEPATH%\gOEYMkgs\NQMG.exe
- %HOMEPATH%\gOEYMkgs\TgUy.exe
- %HOMEPATH%\gOEYMkgs\xQwC.exe
- %HOMEPATH%\gOEYMkgs\BMgS.exe
- %HOMEPATH%\gOEYMkgs\hgIM.exe
- %HOMEPATH%\gOEYMkgs\pogO.exe
- %HOMEPATH%\gOEYMkgs\dAsi.exe
- %HOMEPATH%\gOEYMkgs\pUQE.exe
- %HOMEPATH%\gOEYMkgs\qsky.exe
- %HOMEPATH%\gOEYMkgs\AoQC.exe
- %HOMEPATH%\gOEYMkgs\YgEU.exe
- %HOMEPATH%\gOEYMkgs\XYMe.exe
- %HOMEPATH%\gOEYMkgs\PUYS.exe
- %HOMEPATH%\gOEYMkgs\SIkW.exe
- %HOMEPATH%\gOEYMkgs\eMQq.exe
- %HOMEPATH%\gOEYMkgs\nEUu.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'