Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\WQcM.exe
- %HOMEPATH%\gOEYMkgs\kwQs.exe
- %HOMEPATH%\gOEYMkgs\MkIu.exe
- %HOMEPATH%\gOEYMkgs\vMUK.exe
- %HOMEPATH%\gOEYMkgs\Kwky.exe
- %HOMEPATH%\gOEYMkgs\DQYK.exe
- %HOMEPATH%\gOEYMkgs\ckYK.exe
- %HOMEPATH%\gOEYMkgs\HYAe.exe
- %HOMEPATH%\gOEYMkgs\sckC.exe
- %HOMEPATH%\gOEYMkgs\FYoU.exe
- %HOMEPATH%\gOEYMkgs\FAga.exe
- %HOMEPATH%\gOEYMkgs\GYgg.exe
- %HOMEPATH%\gOEYMkgs\vEMU.exe
- %HOMEPATH%\gOEYMkgs\icwK.exe
- %HOMEPATH%\gOEYMkgs\McYi.exe
- %HOMEPATH%\gOEYMkgs\zAgo.exe
- %HOMEPATH%\gOEYMkgs\uAMO.exe
- %HOMEPATH%\gOEYMkgs\xMEM.exe
- %HOMEPATH%\gOEYMkgs\SkQu.exe
- %HOMEPATH%\gOEYMkgs\Bwwa.exe
- %HOMEPATH%\gOEYMkgs\iQYe.exe
- %HOMEPATH%\gOEYMkgs\SwkQ.exe
- %HOMEPATH%\gOEYMkgs\dsQK.exe
- %HOMEPATH%\gOEYMkgs\tQka.exe
- %HOMEPATH%\gOEYMkgs\BUoq.exe
- %HOMEPATH%\gOEYMkgs\HoAi.exe
- %TEMP%\WERc857.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\rocG.exe
- %HOMEPATH%\gOEYMkgs\HwUe.exe
- %HOMEPATH%\gOEYMkgs\iUwu.exe
- %TEMP%\WERc857.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\HMgA.exe
- %HOMEPATH%\gOEYMkgs\qUgW.exe
- %HOMEPATH%\gOEYMkgs\FQAQ.exe
- %HOMEPATH%\gOEYMkgs\FQkI.exe
- %HOMEPATH%\gOEYMkgs\VAgm.exe
- %HOMEPATH%\gOEYMkgs\AcgI.exe
- %HOMEPATH%\gOEYMkgs\Ccky.exe
- %TEMP%\WERc857.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\lMcm.exe
- %HOMEPATH%\gOEYMkgs\HkIE.exe
- %HOMEPATH%\gOEYMkgs\ZswS.exe
- %HOMEPATH%\gOEYMkgs\SQki.exe
- %HOMEPATH%\gOEYMkgs\TwsY.exe
- %HOMEPATH%\gOEYMkgs\SEIq.exe
- %HOMEPATH%\gOEYMkgs\TYgG.exe
- %HOMEPATH%\gOEYMkgs\moMs.exe
- %HOMEPATH%\gOEYMkgs\KsAe.exe
- %HOMEPATH%\gOEYMkgs\IAwI.exe
- %HOMEPATH%\gOEYMkgs\FAEY.exe
- %HOMEPATH%\gOEYMkgs\dogo.exe
- %HOMEPATH%\gOEYMkgs\yAcY.exe
- %HOMEPATH%\gOEYMkgs\aMgQ.exe
- %HOMEPATH%\gOEYMkgs\aIES.exe
- %HOMEPATH%\gOEYMkgs\BIoi.exe
- %HOMEPATH%\gOEYMkgs\QgQa.exe
- %HOMEPATH%\gOEYMkgs\KcgO.exe
- %HOMEPATH%\gOEYMkgs\TgYm.exe
- %HOMEPATH%\gOEYMkgs\NwYS.exe
- %HOMEPATH%\gOEYMkgs\gggc.exe
- %HOMEPATH%\gOEYMkgs\xcwa.exe
- %HOMEPATH%\gOEYMkgs\lksO.exe
- %HOMEPATH%\gOEYMkgs\xcca.exe
- %HOMEPATH%\gOEYMkgs\pMIY.exe
- %HOMEPATH%\gOEYMkgs\VIUy.exe
- %HOMEPATH%\gOEYMkgs\goca.exe
- %TEMP%\WERb17f.dir00\appcompat.txt
- %TEMP%\WERb17f.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERb17f.dir00\ZgMYMIIE.exe.mdmp
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
- %TEMP%\WERb17f.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\awoy.exe
- %HOMEPATH%\gOEYMkgs\ZgYm.exe
- %HOMEPATH%\gOEYMkgs\fEgM.exe
- %HOMEPATH%\gOEYMkgs\zYsc.exe
- %HOMEPATH%\gOEYMkgs\kogy.exe
- %HOMEPATH%\gOEYMkgs\MwoU.exe
- %HOMEPATH%\gOEYMkgs\OgUM.exe
- %HOMEPATH%\gOEYMkgs\VMoG.exe
- %HOMEPATH%\gOEYMkgs\jsEi.exe
- %HOMEPATH%\gOEYMkgs\tsgE.exe
- %HOMEPATH%\gOEYMkgs\ckoi.exe
- %TEMP%\WER4763.dir00\manifest.txt
- %TEMP%\WER4763.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\KAce.exe
- %HOMEPATH%\gOEYMkgs\RcYY.exe
- %HOMEPATH%\gOEYMkgs\Kgcs.exe
- %TEMP%\WER4763.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\foYs.exe
- %TEMP%\WER4763.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\yEAe.exe
- %HOMEPATH%\gOEYMkgs\BIIM.exe
- %HOMEPATH%\gOEYMkgs\aEIQ.exe
- %HOMEPATH%\gOEYMkgs\MMgu.exe
- %HOMEPATH%\gOEYMkgs\lgAY.exe
- %HOMEPATH%\gOEYMkgs\dYEy.exe
- %HOMEPATH%\gOEYMkgs\PckE.exe
- %HOMEPATH%\gOEYMkgs\Ekcm.exe
- %HOMEPATH%\gOEYMkgs\IUMo.exe
- %HOMEPATH%\gOEYMkgs\dQMc.exe
- %HOMEPATH%\gOEYMkgs\LcIM.exe
- %HOMEPATH%\gOEYMkgs\zQAy.exe
- %HOMEPATH%\gOEYMkgs\sYIG.exe
- %HOMEPATH%\gOEYMkgs\uEkm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\uosq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\yIgQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\TEYw.exe
- %HOMEPATH%\gOEYMkgs\RgUs.exe
- %HOMEPATH%\gOEYMkgs\NkUO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\hYMa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZUMU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\fUYK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZcsO.exe
- %HOMEPATH%\gOEYMkgs\coQG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\vcom.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\KAQu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\FEcm.exe
- %TEMP%\WERdb16.dir00\manifest.txt
- %TEMP%\WERdb16.dir00\appcompat.txt
- %TEMP%\WERdb16.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\aEsG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\IIUW.exe
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WERdb16.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\dcIy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\GMUe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\sYEq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\Hkci.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\cQAI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\ugIy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\iwUg.exe
- %HOMEPATH%\gOEYMkgs\GwkY.exe
- %HOMEPATH%\gOEYMkgs\oEIy.exe
- %HOMEPATH%\gOEYMkgs\RUYQ.exe
- %HOMEPATH%\gOEYMkgs\jEAg.exe
- %HOMEPATH%\gOEYMkgs\pEwq.exe
- %HOMEPATH%\gOEYMkgs\UkIw.exe
- %HOMEPATH%\gOEYMkgs\AYkG.exe
- %HOMEPATH%\gOEYMkgs\UwYq.exe
- %HOMEPATH%\gOEYMkgs\NEEA.exe
- %HOMEPATH%\gOEYMkgs\bcgs.exe
- %HOMEPATH%\gOEYMkgs\IgYa.exe
- %HOMEPATH%\gOEYMkgs\EEYI.exe
- %HOMEPATH%\gOEYMkgs\bgge.exe
- %HOMEPATH%\gOEYMkgs\Lcwg.exe
- %HOMEPATH%\gOEYMkgs\ykEc.exe
- %HOMEPATH%\gOEYMkgs\XwMK.exe
- %TEMP%\WERc857.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\dIgC.exe
- %HOMEPATH%\gOEYMkgs\WEMe.exe
- %HOMEPATH%\gOEYMkgs\Uckw.exe
- %HOMEPATH%\gOEYMkgs\Jwwi.exe
- %HOMEPATH%\gOEYMkgs\msIW.exe
- %HOMEPATH%\gOEYMkgs\MUEM.exe
- %HOMEPATH%\gOEYMkgs\QsIM.exe
- %HOMEPATH%\gOEYMkgs\DAou.exe
- %HOMEPATH%\gOEYMkgs\IkMY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %TEMP%\WER5f81.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\mcgY.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\Gsgs.exe
- %HOMEPATH%\gOEYMkgs\IcsC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\QUok.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\jgcq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\pAYS.exe
- %TEMP%\WER5f81.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\RcAG.exe
- %HOMEPATH%\gOEYMkgs\BwQy.exe
- %TEMP%\WER5f81.dir00\manifest.txt
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\iAII.exe
- %TEMP%\WER5f81.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\TcYE.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\NMIG.exe
- %HOMEPATH%\gOEYMkgs\xMEM.exe
- %HOMEPATH%\gOEYMkgs\SkQu.exe
- %HOMEPATH%\gOEYMkgs\aMgQ.exe
- %HOMEPATH%\gOEYMkgs\uAMO.exe
- %HOMEPATH%\gOEYMkgs\icwK.exe
- %HOMEPATH%\gOEYMkgs\Bwwa.exe
- %HOMEPATH%\gOEYMkgs\tQka.exe
- %HOMEPATH%\gOEYMkgs\McYi.exe
- %HOMEPATH%\gOEYMkgs\zAgo.exe
- %HOMEPATH%\gOEYMkgs\Kgcs.exe
- %HOMEPATH%\gOEYMkgs\VMoG.exe
- %HOMEPATH%\gOEYMkgs\jsEi.exe
- %HOMEPATH%\gOEYMkgs\LcIM.exe
- %HOMEPATH%\gOEYMkgs\ckoi.exe
- %HOMEPATH%\gOEYMkgs\tsgE.exe
- %HOMEPATH%\gOEYMkgs\yEAe.exe
- %HOMEPATH%\gOEYMkgs\RcYY.exe
- %HOMEPATH%\gOEYMkgs\KAce.exe
- %HOMEPATH%\gOEYMkgs\foYs.exe
- %HOMEPATH%\gOEYMkgs\BUoq.exe
- %HOMEPATH%\gOEYMkgs\GYgg.exe
- %HOMEPATH%\gOEYMkgs\vEMU.exe
- %HOMEPATH%\gOEYMkgs\ckYK.exe
- %HOMEPATH%\gOEYMkgs\FAga.exe
- %HOMEPATH%\gOEYMkgs\HYAe.exe
- %HOMEPATH%\gOEYMkgs\SQki.exe
- %HOMEPATH%\gOEYMkgs\TwsY.exe
- %HOMEPATH%\gOEYMkgs\sckC.exe
- %HOMEPATH%\gOEYMkgs\FYoU.exe
- %HOMEPATH%\gOEYMkgs\MkIu.exe
- %HOMEPATH%\gOEYMkgs\SwkQ.exe
- %HOMEPATH%\gOEYMkgs\dsQK.exe
- %HOMEPATH%\gOEYMkgs\HoAi.exe
- %HOMEPATH%\gOEYMkgs\iQYe.exe
- %HOMEPATH%\gOEYMkgs\vMUK.exe
- %HOMEPATH%\gOEYMkgs\WQcM.exe
- %HOMEPATH%\gOEYMkgs\kwQs.exe
- %HOMEPATH%\gOEYMkgs\Kwky.exe
- %HOMEPATH%\gOEYMkgs\DQYK.exe
- %HOMEPATH%\gOEYMkgs\dQMc.exe
- %HOMEPATH%\gOEYMkgs\ZgYm.exe
- %HOMEPATH%\gOEYMkgs\fEgM.exe
- %HOMEPATH%\gOEYMkgs\MwoU.exe
- %HOMEPATH%\gOEYMkgs\OgUM.exe
- %HOMEPATH%\gOEYMkgs\zYsc.exe
- %HOMEPATH%\gOEYMkgs\NwYS.exe
- %HOMEPATH%\gOEYMkgs\aIES.exe
- %HOMEPATH%\gOEYMkgs\KcgO.exe
- %HOMEPATH%\gOEYMkgs\TgYm.exe
- %HOMEPATH%\gOEYMkgs\kogy.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- %HOMEPATH%\gOEYMkgs\awoy.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- %HOMEPATH%\gOEYMkgs\BIoi.exe
- %HOMEPATH%\gOEYMkgs\aEIQ.exe
- %HOMEPATH%\gOEYMkgs\MMgu.exe
- %HOMEPATH%\gOEYMkgs\PckE.exe
- %HOMEPATH%\gOEYMkgs\BIIM.exe
- %HOMEPATH%\gOEYMkgs\Ekcm.exe
- %HOMEPATH%\gOEYMkgs\uEkm.exe
- %HOMEPATH%\gOEYMkgs\IUMo.exe
- %HOMEPATH%\gOEYMkgs\zQAy.exe
- %HOMEPATH%\gOEYMkgs\sYIG.exe
- %HOMEPATH%\gOEYMkgs\dYEy.exe
- %HOMEPATH%\gOEYMkgs\pMIY.exe
- %HOMEPATH%\gOEYMkgs\VIUy.exe
- %HOMEPATH%\gOEYMkgs\QgQa.exe
- %HOMEPATH%\gOEYMkgs\gggc.exe
- %HOMEPATH%\gOEYMkgs\goca.exe
- %HOMEPATH%\gOEYMkgs\xcca.exe
- %HOMEPATH%\gOEYMkgs\lgAY.exe
- %HOMEPATH%\gOEYMkgs\xcwa.exe
- %HOMEPATH%\gOEYMkgs\lksO.exe
- %HOMEPATH%\gOEYMkgs\SEIq.exe
- %HOMEPATH%\gOEYMkgs\IkMY.exe
- %HOMEPATH%\gOEYMkgs\Gsgs.exe
- %HOMEPATH%\gOEYMkgs\iAII.exe
- %HOMEPATH%\gOEYMkgs\mcgY.exe
- %HOMEPATH%\gOEYMkgs\jgcq.exe
- %HOMEPATH%\gOEYMkgs\coQG.exe
- %HOMEPATH%\gOEYMkgs\fUYK.exe
- %HOMEPATH%\gOEYMkgs\IcsC.exe
- %HOMEPATH%\gOEYMkgs\QUok.exe
- %HOMEPATH%\gOEYMkgs\NMIG.exe
- %HOMEPATH%\gOEYMkgs\AYkG.exe
- %HOMEPATH%\gOEYMkgs\UwYq.exe
- %HOMEPATH%\gOEYMkgs\IgYa.exe
- %HOMEPATH%\gOEYMkgs\EEYI.exe
- %HOMEPATH%\gOEYMkgs\NEEA.exe
- %HOMEPATH%\gOEYMkgs\pAYS.exe
- %HOMEPATH%\gOEYMkgs\TcYE.exe
- %HOMEPATH%\gOEYMkgs\RcAG.exe
- %HOMEPATH%\gOEYMkgs\BwQy.exe
- %TEMP%\tqkMQMEA.bat
- %HOMEPATH%\gOEYMkgs\dcIy.exe
- %HOMEPATH%\gOEYMkgs\GMUe.exe
- %HOMEPATH%\gOEYMkgs\hYMa.exe
- %HOMEPATH%\gOEYMkgs\sYEq.exe
- %HOMEPATH%\gOEYMkgs\cQAI.exe
- %HOMEPATH%\gOEYMkgs\aEsG.exe
- %HOMEPATH%\gOEYMkgs\IIUW.exe
- %HOMEPATH%\gOEYMkgs\ugIy.exe
- %HOMEPATH%\gOEYMkgs\Hkci.exe
- %HOMEPATH%\gOEYMkgs\NkUO.exe
- %HOMEPATH%\gOEYMkgs\FEcm.exe
- %HOMEPATH%\gOEYMkgs\vcom.exe
- %HOMEPATH%\gOEYMkgs\ZcsO.exe
- %HOMEPATH%\gOEYMkgs\KAQu.exe
- %HOMEPATH%\gOEYMkgs\yIgQ.exe
- %HOMEPATH%\gOEYMkgs\RgUs.exe
- %HOMEPATH%\gOEYMkgs\ZUMU.exe
- %HOMEPATH%\gOEYMkgs\TEYw.exe
- %HOMEPATH%\gOEYMkgs\uosq.exe
- %HOMEPATH%\gOEYMkgs\bcgs.exe
- %HOMEPATH%\gOEYMkgs\rocG.exe
- %HOMEPATH%\gOEYMkgs\HwUe.exe
- %HOMEPATH%\gOEYMkgs\iUwu.exe
- %HOMEPATH%\gOEYMkgs\HMgA.exe
- %HOMEPATH%\gOEYMkgs\qUgW.exe
- %HOMEPATH%\gOEYMkgs\FQAQ.exe
- %HOMEPATH%\gOEYMkgs\FQkI.exe
- %HOMEPATH%\gOEYMkgs\AcgI.exe
- %HOMEPATH%\gOEYMkgs\Ccky.exe
- %HOMEPATH%\gOEYMkgs\IAwI.exe
- %HOMEPATH%\gOEYMkgs\ZswS.exe
- %HOMEPATH%\gOEYMkgs\TYgG.exe
- %HOMEPATH%\gOEYMkgs\lMcm.exe
- %HOMEPATH%\gOEYMkgs\HkIE.exe
- %HOMEPATH%\gOEYMkgs\FAEY.exe
- %HOMEPATH%\gOEYMkgs\moMs.exe
- %HOMEPATH%\gOEYMkgs\KsAe.exe
- %HOMEPATH%\gOEYMkgs\dogo.exe
- %HOMEPATH%\gOEYMkgs\yAcY.exe
- %HOMEPATH%\gOEYMkgs\VAgm.exe
- %HOMEPATH%\gOEYMkgs\RUYQ.exe
- %HOMEPATH%\gOEYMkgs\jEAg.exe
- %HOMEPATH%\gOEYMkgs\Jwwi.exe
- %HOMEPATH%\gOEYMkgs\msIW.exe
- %HOMEPATH%\gOEYMkgs\pEwq.exe
- %HOMEPATH%\gOEYMkgs\oEIy.exe
- %HOMEPATH%\gOEYMkgs\UkIw.exe
- %HOMEPATH%\gOEYMkgs\iwUg.exe
- %HOMEPATH%\gOEYMkgs\GwkY.exe
- %HOMEPATH%\gOEYMkgs\Uckw.exe
- %HOMEPATH%\gOEYMkgs\bgge.exe
- %HOMEPATH%\gOEYMkgs\Lcwg.exe
- %HOMEPATH%\gOEYMkgs\XwMK.exe
- %HOMEPATH%\gOEYMkgs\dIgC.exe
- %HOMEPATH%\gOEYMkgs\ykEc.exe
- %HOMEPATH%\gOEYMkgs\QsIM.exe
- %HOMEPATH%\gOEYMkgs\DAou.exe
- %HOMEPATH%\gOEYMkgs\WEMe.exe
- %HOMEPATH%\gOEYMkgs\MUEM.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'