Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\ntvdm.exe' -f
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\msiexec.exe
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\oQUg.exe
- %HOMEPATH%\gOEYMkgs\EgEQ.exe
- %HOMEPATH%\gOEYMkgs\GkUi.exe
- %HOMEPATH%\gOEYMkgs\JkEW.exe
- %HOMEPATH%\gOEYMkgs\jwMG.exe
- %HOMEPATH%\gOEYMkgs\RAUa.exe
- %HOMEPATH%\gOEYMkgs\dAQS.exe
- %HOMEPATH%\gOEYMkgs\FIIY.exe
- %HOMEPATH%\gOEYMkgs\rYUI.exe
- %HOMEPATH%\gOEYMkgs\zwAK.exe
- %TEMP%\WER53b9.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\HQsk.exe
- %HOMEPATH%\gOEYMkgs\hwIO.exe
- %HOMEPATH%\gOEYMkgs\OUQa.exe
- %HOMEPATH%\gOEYMkgs\oAoA.exe
- %TEMP%\WER53b9.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER53b9.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\mYYS.exe
- %HOMEPATH%\gOEYMkgs\IYMe.exe
- %HOMEPATH%\gOEYMkgs\VMoI.exe
- %HOMEPATH%\gOEYMkgs\rske.exe
- %HOMEPATH%\gOEYMkgs\dsQU.exe
- %HOMEPATH%\gOEYMkgs\xkUE.exe
- %HOMEPATH%\gOEYMkgs\Pwww.exe
- %HOMEPATH%\gOEYMkgs\yAYw.exe
- %HOMEPATH%\gOEYMkgs\VcMM.exe
- %HOMEPATH%\gOEYMkgs\zkwA.exe
- %HOMEPATH%\gOEYMkgs\pkYA.exe
- %HOMEPATH%\gOEYMkgs\asEg.exe
- %HOMEPATH%\gOEYMkgs\HoIA.exe
- %HOMEPATH%\gOEYMkgs\ZcgU.exe
- %HOMEPATH%\gOEYMkgs\IgEM.exe
- %HOMEPATH%\gOEYMkgs\BAMg.exe
- %HOMEPATH%\gOEYMkgs\ncUM.exe
- %HOMEPATH%\gOEYMkgs\TQMe.exe
- %HOMEPATH%\gOEYMkgs\kIoq.exe
- %HOMEPATH%\gOEYMkgs\pIwM.exe
- %HOMEPATH%\gOEYMkgs\yAQI.exe
- %HOMEPATH%\gOEYMkgs\swcU.exe
- %HOMEPATH%\gOEYMkgs\xYkY.exe
- %HOMEPATH%\gOEYMkgs\vEca.exe
- %HOMEPATH%\gOEYMkgs\AAAo.exe
- %HOMEPATH%\gOEYMkgs\WMoE.exe
- %HOMEPATH%\gOEYMkgs\ZEAG.exe
- %HOMEPATH%\gOEYMkgs\Tcoe.exe
- %HOMEPATH%\gOEYMkgs\OMcU.exe
- %HOMEPATH%\gOEYMkgs\mUQw.exe
- %HOMEPATH%\gOEYMkgs\PMsW.exe
- %HOMEPATH%\gOEYMkgs\vkQe.exe
- %HOMEPATH%\gOEYMkgs\qUks.exe
- %HOMEPATH%\gOEYMkgs\Boce.exe
- %HOMEPATH%\gOEYMkgs\Pgwg.exe
- %HOMEPATH%\gOEYMkgs\kwAk.exe
- %TEMP%\WER53b9.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\cAkS.exe
- %HOMEPATH%\gOEYMkgs\ZQIE.exe
- %HOMEPATH%\gOEYMkgs\CQIw.exe
- %TEMP%\WERcf23.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\WwYU.exe
- %HOMEPATH%\gOEYMkgs\OAQc.exe
- %HOMEPATH%\gOEYMkgs\KEAc.exe
- %HOMEPATH%\gOEYMkgs\Csoo.exe
- %HOMEPATH%\gOEYMkgs\WQMG.exe
- %HOMEPATH%\gOEYMkgs\tsAY.exe
- %HOMEPATH%\gOEYMkgs\jkwU.exe
- %HOMEPATH%\gOEYMkgs\PssI.exe
- %HOMEPATH%\gOEYMkgs\xgIq.exe
- %TEMP%\WERbd16.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERbd16.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WER44a1.dir00\manifest.txt
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %TEMP%\WERbd16.dir00\manifest.txt
- %TEMP%\WERbd16.dir00\appcompat.txt
- %TEMP%\WER44a1.dir00\appcompat.txt
- %TEMP%\WERcf23.dir00\manifest.txt
- %TEMP%\WERcf23.dir00\appcompat.txt
- %TEMP%\WERcf23.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER44a1.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER44a1.dir00\ZgMYMIIE.exe.mdmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
- %HOMEPATH%\gOEYMkgs\mIAk.exe
- %HOMEPATH%\gOEYMkgs\wsgy.exe
- %HOMEPATH%\gOEYMkgs\jMgG.exe
- %HOMEPATH%\gOEYMkgs\FUEq.exe
- %HOMEPATH%\gOEYMkgs\BAwS.exe
- %HOMEPATH%\gOEYMkgs\OIIw.exe
- %HOMEPATH%\gOEYMkgs\ywgg.exe
- %HOMEPATH%\gOEYMkgs\GgQC.exe
- %HOMEPATH%\gOEYMkgs\zgsG.exe
- %HOMEPATH%\gOEYMkgs\SMos.exe
- %HOMEPATH%\gOEYMkgs\kQcC.exe
- %HOMEPATH%\gOEYMkgs\gQEC.exe
- %HOMEPATH%\gOEYMkgs\VAkg.exe
- %HOMEPATH%\gOEYMkgs\msoC.exe
- %HOMEPATH%\gOEYMkgs\UosS.exe
- %HOMEPATH%\gOEYMkgs\EggG.exe
- %HOMEPATH%\gOEYMkgs\JcEs.exe
- %HOMEPATH%\gOEYMkgs\qsYs.exe
- %HOMEPATH%\gOEYMkgs\UwUC.exe
- %HOMEPATH%\gOEYMkgs\rIAe.exe
- %HOMEPATH%\gOEYMkgs\vwAS.exe
- %HOMEPATH%\gOEYMkgs\jogi.exe
- %HOMEPATH%\gOEYMkgs\wUsC.exe
- %HOMEPATH%\gOEYMkgs\mUEu.exe
- %HOMEPATH%\gOEYMkgs\wEko.exe
- %HOMEPATH%\gOEYMkgs\mQUi.exe
- %HOMEPATH%\gOEYMkgs\VwMg.exe
- %HOMEPATH%\gOEYMkgs\tooi.exe
- %HOMEPATH%\gOEYMkgs\DIwG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\qowG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\aIAc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\GQAO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\skAg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\KwYy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\CEUu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\EEQG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\VcQc.exe
- %HOMEPATH%\gOEYMkgs\QQsA.exe
- %HOMEPATH%\gOEYMkgs\eUsg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\TUgC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\twYk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\PAIk.exe
- %TEMP%\WER6097.dir00\manifest.txt
- %TEMP%\WER6097.dir00\appcompat.txt
- %TEMP%\WER6097.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\vgwY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\DcYM.exe
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER6097.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\HcgO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\xckC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\wcoC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\OQYe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\mQQI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\CQMI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZIMS.exe
- %HOMEPATH%\gOEYMkgs\tkMY.exe
- %HOMEPATH%\gOEYMkgs\nIwW.exe
- %HOMEPATH%\gOEYMkgs\sEwG.exe
- %HOMEPATH%\gOEYMkgs\CcIo.exe
- %HOMEPATH%\gOEYMkgs\BsoE.exe
- %HOMEPATH%\gOEYMkgs\KEYU.exe
- %HOMEPATH%\gOEYMkgs\zYQM.exe
- %HOMEPATH%\gOEYMkgs\KoEM.exe
- %HOMEPATH%\gOEYMkgs\gEAG.exe
- %HOMEPATH%\gOEYMkgs\xcIG.exe
- %HOMEPATH%\gOEYMkgs\ikgM.exe
- %HOMEPATH%\gOEYMkgs\PMcm.exe
- %HOMEPATH%\gOEYMkgs\DQsC.exe
- %HOMEPATH%\gOEYMkgs\OoQK.exe
- %HOMEPATH%\gOEYMkgs\xIQc.exe
- %HOMEPATH%\gOEYMkgs\PAUu.exe
- %HOMEPATH%\gOEYMkgs\ngAy.exe
- %HOMEPATH%\gOEYMkgs\rgIu.exe
- %HOMEPATH%\gOEYMkgs\tsIO.exe
- %HOMEPATH%\gOEYMkgs\mIgU.exe
- %HOMEPATH%\gOEYMkgs\NsoO.exe
- %HOMEPATH%\gOEYMkgs\oIIk.exe
- %HOMEPATH%\gOEYMkgs\KUcE.exe
- %HOMEPATH%\gOEYMkgs\nUco.exe
- %HOMEPATH%\gOEYMkgs\voku.exe
- %HOMEPATH%\gOEYMkgs\OQUM.exe
- %HOMEPATH%\gOEYMkgs\uAce.exe
- %TEMP%\WERe850.dir00\ZgMYMIIE.exe.mdmp
- %WINDIR%\Temp\scs2.tmp
- %TEMP%\WERe850.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\roQy.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %WINDIR%\Temp\scs1.tmp
- %HOMEPATH%\gOEYMkgs\kUEe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\uQUA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\lEgc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\uQQA.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\JAAk.exe
- %HOMEPATH%\gOEYMkgs\Ngws.exe
- %HOMEPATH%\gOEYMkgs\OQsA.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %TEMP%\WERe850.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\kgAA.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\ooQe.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %TEMP%\WERe850.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\yAYw.exe
- %HOMEPATH%\gOEYMkgs\VcMM.exe
- %HOMEPATH%\gOEYMkgs\Pwww.exe
- %HOMEPATH%\gOEYMkgs\oAoA.exe
- %HOMEPATH%\gOEYMkgs\VMoI.exe
- %HOMEPATH%\gOEYMkgs\JkEW.exe
- %HOMEPATH%\gOEYMkgs\jwMG.exe
- %HOMEPATH%\gOEYMkgs\xkUE.exe
- %HOMEPATH%\gOEYMkgs\rske.exe
- %HOMEPATH%\gOEYMkgs\dsQU.exe
- %HOMEPATH%\gOEYMkgs\msoC.exe
- %HOMEPATH%\gOEYMkgs\zgsG.exe
- %HOMEPATH%\gOEYMkgs\VAkg.exe
- %HOMEPATH%\gOEYMkgs\GgQC.exe
- %HOMEPATH%\gOEYMkgs\gQEC.exe
- %HOMEPATH%\gOEYMkgs\IYMe.exe
- %HOMEPATH%\gOEYMkgs\OUQa.exe
- %HOMEPATH%\gOEYMkgs\mYYS.exe
- %HOMEPATH%\gOEYMkgs\SMos.exe
- %HOMEPATH%\gOEYMkgs\kQcC.exe
- %HOMEPATH%\gOEYMkgs\OMcU.exe
- %HOMEPATH%\gOEYMkgs\vEca.exe
- %HOMEPATH%\gOEYMkgs\Tcoe.exe
- %HOMEPATH%\gOEYMkgs\zkwA.exe
- %HOMEPATH%\gOEYMkgs\ZEAG.exe
- %HOMEPATH%\gOEYMkgs\Boce.exe
- %HOMEPATH%\gOEYMkgs\Pgwg.exe
- %HOMEPATH%\gOEYMkgs\mUQw.exe
- %HOMEPATH%\gOEYMkgs\AAAo.exe
- %HOMEPATH%\gOEYMkgs\WMoE.exe
- %HOMEPATH%\gOEYMkgs\GkUi.exe
- %HOMEPATH%\gOEYMkgs\dAQS.exe
- %HOMEPATH%\gOEYMkgs\EgEQ.exe
- %HOMEPATH%\gOEYMkgs\RAUa.exe
- %HOMEPATH%\gOEYMkgs\oQUg.exe
- %HOMEPATH%\gOEYMkgs\rYUI.exe
- %HOMEPATH%\gOEYMkgs\zwAK.exe
- %HOMEPATH%\gOEYMkgs\FIIY.exe
- %HOMEPATH%\gOEYMkgs\HQsk.exe
- %HOMEPATH%\gOEYMkgs\hwIO.exe
- %HOMEPATH%\gOEYMkgs\KEAc.exe
- %HOMEPATH%\gOEYMkgs\jkwU.exe
- %HOMEPATH%\gOEYMkgs\CQIw.exe
- %HOMEPATH%\gOEYMkgs\cAkS.exe
- %HOMEPATH%\gOEYMkgs\ZQIE.exe
- %HOMEPATH%\gOEYMkgs\WQMG.exe
- %HOMEPATH%\gOEYMkgs\tsAY.exe
- %HOMEPATH%\gOEYMkgs\Csoo.exe
- %HOMEPATH%\gOEYMkgs\PssI.exe
- %HOMEPATH%\gOEYMkgs\xgIq.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- %HOMEPATH%\gOEYMkgs\WwYU.exe
- %HOMEPATH%\gOEYMkgs\OAQc.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- %HOMEPATH%\gOEYMkgs\mUEu.exe
- %HOMEPATH%\gOEYMkgs\BAwS.exe
- %HOMEPATH%\gOEYMkgs\wUsC.exe
- %HOMEPATH%\gOEYMkgs\VwMg.exe
- %HOMEPATH%\gOEYMkgs\jogi.exe
- %HOMEPATH%\gOEYMkgs\jMgG.exe
- %HOMEPATH%\gOEYMkgs\FUEq.exe
- %HOMEPATH%\gOEYMkgs\wsgy.exe
- %HOMEPATH%\gOEYMkgs\OIIw.exe
- %HOMEPATH%\gOEYMkgs\ywgg.exe
- %HOMEPATH%\gOEYMkgs\rIAe.exe
- %HOMEPATH%\gOEYMkgs\UosS.exe
- %HOMEPATH%\gOEYMkgs\UwUC.exe
- %HOMEPATH%\gOEYMkgs\mIAk.exe
- %HOMEPATH%\gOEYMkgs\qsYs.exe
- %HOMEPATH%\gOEYMkgs\wEko.exe
- %HOMEPATH%\gOEYMkgs\mQUi.exe
- %HOMEPATH%\gOEYMkgs\vwAS.exe
- %HOMEPATH%\gOEYMkgs\EggG.exe
- %HOMEPATH%\gOEYMkgs\JcEs.exe
- %HOMEPATH%\gOEYMkgs\kwAk.exe
- %WINDIR%\Temp\scs1.tmp
- %HOMEPATH%\gOEYMkgs\lEgc.exe
- %WINDIR%\Temp\scs2.tmp
- %HOMEPATH%\gOEYMkgs\roQy.exe
- %HOMEPATH%\gOEYMkgs\uAce.exe
- %HOMEPATH%\gOEYMkgs\EEQG.exe
- %HOMEPATH%\gOEYMkgs\VcQc.exe
- %TEMP%\tMMEUQEE.bat
- %HOMEPATH%\gOEYMkgs\kUEe.exe
- %HOMEPATH%\gOEYMkgs\uQUA.exe
- %HOMEPATH%\gOEYMkgs\OQUM.exe
- %HOMEPATH%\gOEYMkgs\Ngws.exe
- %HOMEPATH%\gOEYMkgs\gEAG.exe
- %HOMEPATH%\gOEYMkgs\zYQM.exe
- %HOMEPATH%\gOEYMkgs\KoEM.exe
- %HOMEPATH%\gOEYMkgs\ooQe.exe
- %HOMEPATH%\gOEYMkgs\kgAA.exe
- %HOMEPATH%\gOEYMkgs\JAAk.exe
- %HOMEPATH%\gOEYMkgs\OQsA.exe
- %HOMEPATH%\gOEYMkgs\uQQA.exe
- %HOMEPATH%\gOEYMkgs\HcgO.exe
- %HOMEPATH%\gOEYMkgs\xckC.exe
- %HOMEPATH%\gOEYMkgs\wcoC.exe
- %HOMEPATH%\gOEYMkgs\GQAO.exe
- %HOMEPATH%\gOEYMkgs\PAIk.exe
- %HOMEPATH%\gOEYMkgs\vgwY.exe
- %HOMEPATH%\gOEYMkgs\DcYM.exe
- %HOMEPATH%\gOEYMkgs\OQYe.exe
- %HOMEPATH%\gOEYMkgs\mQQI.exe
- %HOMEPATH%\gOEYMkgs\CQMI.exe
- %HOMEPATH%\gOEYMkgs\eUsg.exe
- %HOMEPATH%\gOEYMkgs\TUgC.exe
- %HOMEPATH%\gOEYMkgs\twYk.exe
- %HOMEPATH%\gOEYMkgs\CEUu.exe
- %HOMEPATH%\gOEYMkgs\QQsA.exe
- %HOMEPATH%\gOEYMkgs\skAg.exe
- %HOMEPATH%\gOEYMkgs\KwYy.exe
- %HOMEPATH%\gOEYMkgs\qowG.exe
- %HOMEPATH%\gOEYMkgs\aIAc.exe
- %HOMEPATH%\gOEYMkgs\DIwG.exe
- %HOMEPATH%\gOEYMkgs\TQMe.exe
- %HOMEPATH%\gOEYMkgs\kIoq.exe
- %HOMEPATH%\gOEYMkgs\xYkY.exe
- %HOMEPATH%\gOEYMkgs\yAQI.exe
- %HOMEPATH%\gOEYMkgs\swcU.exe
- %HOMEPATH%\gOEYMkgs\ngAy.exe
- %HOMEPATH%\gOEYMkgs\rgIu.exe
- %HOMEPATH%\gOEYMkgs\PAUu.exe
- %HOMEPATH%\gOEYMkgs\pIwM.exe
- %HOMEPATH%\gOEYMkgs\tooi.exe
- %HOMEPATH%\gOEYMkgs\ZcgU.exe
- %HOMEPATH%\gOEYMkgs\IgEM.exe
- %HOMEPATH%\gOEYMkgs\qUks.exe
- %HOMEPATH%\gOEYMkgs\PMsW.exe
- %HOMEPATH%\gOEYMkgs\vkQe.exe
- %HOMEPATH%\gOEYMkgs\HoIA.exe
- %HOMEPATH%\gOEYMkgs\ncUM.exe
- %HOMEPATH%\gOEYMkgs\asEg.exe
- %HOMEPATH%\gOEYMkgs\BAMg.exe
- %HOMEPATH%\gOEYMkgs\pkYA.exe
- %HOMEPATH%\gOEYMkgs\ZIMS.exe
- %HOMEPATH%\gOEYMkgs\tkMY.exe
- %HOMEPATH%\gOEYMkgs\BsoE.exe
- %HOMEPATH%\gOEYMkgs\sEwG.exe
- %HOMEPATH%\gOEYMkgs\CcIo.exe
- %HOMEPATH%\gOEYMkgs\ikgM.exe
- %HOMEPATH%\gOEYMkgs\PMcm.exe
- %HOMEPATH%\gOEYMkgs\xcIG.exe
- %HOMEPATH%\gOEYMkgs\nIwW.exe
- %HOMEPATH%\gOEYMkgs\KEYU.exe
- %HOMEPATH%\gOEYMkgs\tsIO.exe
- %HOMEPATH%\gOEYMkgs\KUcE.exe
- %HOMEPATH%\gOEYMkgs\xIQc.exe
- %HOMEPATH%\gOEYMkgs\DQsC.exe
- %HOMEPATH%\gOEYMkgs\OoQK.exe
- %HOMEPATH%\gOEYMkgs\NsoO.exe
- %HOMEPATH%\gOEYMkgs\oIIk.exe
- %HOMEPATH%\gOEYMkgs\mIgU.exe
- %HOMEPATH%\gOEYMkgs\nUco.exe
- %HOMEPATH%\gOEYMkgs\voku.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http:/// via 74.##5.232.51
- http://google.com/ via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-c4c.c54.390002'
- ClassName: '' WindowName: 'Open File'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'xSMgIcIg'