Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\zcAe.exe
- %HOMEPATH%\gOEYMkgs\ocoQ.exe
- %HOMEPATH%\gOEYMkgs\ngMC.exe
- %HOMEPATH%\gOEYMkgs\XAYc.exe
- %HOMEPATH%\gOEYMkgs\ZMUK.exe
- %HOMEPATH%\gOEYMkgs\eoIW.exe
- %HOMEPATH%\gOEYMkgs\sEQk.exe
- %HOMEPATH%\gOEYMkgs\GYMy.exe
- %HOMEPATH%\gOEYMkgs\dsAI.exe
- %HOMEPATH%\gOEYMkgs\PggI.exe
- %HOMEPATH%\gOEYMkgs\xoYQ.exe
- %HOMEPATH%\gOEYMkgs\KsIC.exe
- %HOMEPATH%\gOEYMkgs\xsQo.exe
- %HOMEPATH%\gOEYMkgs\Sosa.exe
- %HOMEPATH%\gOEYMkgs\Hska.exe
- %HOMEPATH%\gOEYMkgs\NAkE.exe
- %HOMEPATH%\gOEYMkgs\mAUU.exe
- %HOMEPATH%\gOEYMkgs\vEgc.exe
- %HOMEPATH%\gOEYMkgs\JEQi.exe
- %HOMEPATH%\gOEYMkgs\kAAK.exe
- %HOMEPATH%\gOEYMkgs\DQoe.exe
- %HOMEPATH%\gOEYMkgs\hAIU.exe
- %HOMEPATH%\gOEYMkgs\qEMG.exe
- %HOMEPATH%\gOEYMkgs\HYUU.exe
- %HOMEPATH%\gOEYMkgs\aIsq.exe
- %HOMEPATH%\gOEYMkgs\TUkY.exe
- %HOMEPATH%\gOEYMkgs\KoAg.exe
- %HOMEPATH%\gOEYMkgs\eQgi.exe
- %HOMEPATH%\gOEYMkgs\JEAY.exe
- %HOMEPATH%\gOEYMkgs\CUcY.exe
- %HOMEPATH%\gOEYMkgs\kcIC.exe
- %HOMEPATH%\gOEYMkgs\bgwI.exe
- %HOMEPATH%\gOEYMkgs\pUwy.exe
- %HOMEPATH%\gOEYMkgs\lwos.exe
- %HOMEPATH%\gOEYMkgs\BwYm.exe
- %HOMEPATH%\gOEYMkgs\dgAE.exe
- %HOMEPATH%\gOEYMkgs\zwsI.exe
- %HOMEPATH%\gOEYMkgs\xUMA.exe
- %HOMEPATH%\gOEYMkgs\xQoW.exe
- %HOMEPATH%\gOEYMkgs\qoAy.exe
- %HOMEPATH%\gOEYMkgs\FMEW.exe
- %HOMEPATH%\gOEYMkgs\ukEY.exe
- %HOMEPATH%\gOEYMkgs\BIIg.exe
- %HOMEPATH%\gOEYMkgs\EQUK.exe
- %HOMEPATH%\gOEYMkgs\iwMq.exe
- %HOMEPATH%\gOEYMkgs\SAYA.exe
- %HOMEPATH%\gOEYMkgs\CwUK.exe
- %HOMEPATH%\gOEYMkgs\zUkS.exe
- %HOMEPATH%\gOEYMkgs\DYgw.exe
- %HOMEPATH%\gOEYMkgs\PIAu.exe
- %HOMEPATH%\gOEYMkgs\qgIW.exe
- %HOMEPATH%\gOEYMkgs\Gwsq.exe
- %HOMEPATH%\gOEYMkgs\BooS.exe
- %HOMEPATH%\gOEYMkgs\wIkK.exe
- %HOMEPATH%\gOEYMkgs\Dscu.exe
- %HOMEPATH%\gOEYMkgs\pIAs.exe
- %HOMEPATH%\gOEYMkgs\VQAQ.exe
- %HOMEPATH%\gOEYMkgs\mQoG.exe
- %HOMEPATH%\gOEYMkgs\YUsk.exe
- %HOMEPATH%\gOEYMkgs\LskQ.exe
- %HOMEPATH%\gOEYMkgs\mEge.exe
- %HOMEPATH%\gOEYMkgs\tAow.exe
- %HOMEPATH%\gOEYMkgs\YIkK.exe
- %HOMEPATH%\gOEYMkgs\awMQ.exe
- %HOMEPATH%\gOEYMkgs\WUMe.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
- %HOMEPATH%\gOEYMkgs\pUoi.exe
- %HOMEPATH%\gOEYMkgs\OsUe.exe
- %HOMEPATH%\gOEYMkgs\tscy.exe
- %HOMEPATH%\gOEYMkgs\NcgS.exe
- %HOMEPATH%\gOEYMkgs\FoEA.exe
- %HOMEPATH%\gOEYMkgs\PgEk.exe
- %HOMEPATH%\gOEYMkgs\bMEM.exe
- %HOMEPATH%\gOEYMkgs\nIMQ.exe
- %HOMEPATH%\gOEYMkgs\vcUi.exe
- %HOMEPATH%\gOEYMkgs\hMgk.exe
- %HOMEPATH%\gOEYMkgs\BgQW.exe
- %HOMEPATH%\gOEYMkgs\Xwww.exe
- %HOMEPATH%\gOEYMkgs\uIwq.exe
- %HOMEPATH%\gOEYMkgs\PskA.exe
- %HOMEPATH%\gOEYMkgs\BsAw.exe
- %HOMEPATH%\gOEYMkgs\lAgY.exe
- %HOMEPATH%\gOEYMkgs\Wwom.exe
- %HOMEPATH%\gOEYMkgs\tAMa.exe
- %HOMEPATH%\gOEYMkgs\gokk.exe
- %HOMEPATH%\gOEYMkgs\EckS.exe
- %HOMEPATH%\gOEYMkgs\hMEq.exe
- %HOMEPATH%\gOEYMkgs\JUEM.exe
- %HOMEPATH%\gOEYMkgs\OoUO.exe
- %HOMEPATH%\gOEYMkgs\zwwk.exe
- %HOMEPATH%\gOEYMkgs\XoAm.exe
- %HOMEPATH%\gOEYMkgs\vUMk.exe
- %HOMEPATH%\gOEYMkgs\kIok.exe
- %HOMEPATH%\gOEYMkgs\rAoq.exe
- %HOMEPATH%\gOEYMkgs\wMkk.exe
- %HOMEPATH%\gOEYMkgs\bgkg.exe
- %HOMEPATH%\gOEYMkgs\PwkQ.exe
- %HOMEPATH%\gOEYMkgs\OAQM.exe
- %HOMEPATH%\gOEYMkgs\FwAe.exe
- %HOMEPATH%\gOEYMkgs\XQEC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\pUMy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\OQsu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\eAAC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\dkMC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\iooY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\koMQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\qQYY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\ecIk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\BEQo.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\AEIy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\bMwQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %TEMP%\WERfc8e.dir00\appcompat.txt
- %TEMP%\WERfc8e.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\caQc.txt
- %TEMP%\WER74bc.dir00\ZgMYMIIE.exe.mdmp
- <Current directory>\<File name>
- %TEMP%\WERfc8e.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WERfc8e.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\ysko.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\kQAs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\PkcW.exe
- %TEMP%\WER74bc.dir00\manifest.txt
- %TEMP%\WER74bc.dir00\appcompat.txt
- %TEMP%\WER74bc.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\CAQy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\ycMS.exe
- %HOMEPATH%\gOEYMkgs\gYQa.exe
- %HOMEPATH%\gOEYMkgs\JYIk.exe
- %HOMEPATH%\gOEYMkgs\uAgQ.exe
- %HOMEPATH%\gOEYMkgs\BUAM.exe
- %HOMEPATH%\gOEYMkgs\JQoM.exe
- %HOMEPATH%\gOEYMkgs\FokO.exe
- %HOMEPATH%\gOEYMkgs\wYIi.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\Ckcc.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\DoIi.exe
- %HOMEPATH%\gOEYMkgs\vkwq.exe
- %HOMEPATH%\gOEYMkgs\Xgws.exe
- %HOMEPATH%\gOEYMkgs\XEgg.exe
- %HOMEPATH%\gOEYMkgs\BMMM.exe
- %HOMEPATH%\gOEYMkgs\wIUI.exe
- %HOMEPATH%\gOEYMkgs\tEcA.exe
- %HOMEPATH%\gOEYMkgs\qsMw.exe
- %HOMEPATH%\gOEYMkgs\hgcC.exe
- %HOMEPATH%\gOEYMkgs\WUYy.exe
- %HOMEPATH%\gOEYMkgs\PEkC.exe
- %HOMEPATH%\gOEYMkgs\ckYK.exe
- %HOMEPATH%\gOEYMkgs\UgAE.exe
- %HOMEPATH%\gOEYMkgs\MIQk.exe
- %HOMEPATH%\gOEYMkgs\ToEG.exe
- %HOMEPATH%\gOEYMkgs\hwgY.exe
- %HOMEPATH%\gOEYMkgs\NAIw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\aQgu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\fMkg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\BQsI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\wowy.exe
- %HOMEPATH%\gOEYMkgs\TQgK.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\dIMk.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\rQoU.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\bAsM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\GUYc.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\JwIe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\hMEq.exe
- %HOMEPATH%\gOEYMkgs\lAgY.exe
- %HOMEPATH%\gOEYMkgs\gokk.exe
- %HOMEPATH%\gOEYMkgs\EckS.exe
- %HOMEPATH%\gOEYMkgs\Wwom.exe
- %HOMEPATH%\gOEYMkgs\NAkE.exe
- %HOMEPATH%\gOEYMkgs\mAUU.exe
- %HOMEPATH%\gOEYMkgs\tAMa.exe
- %HOMEPATH%\gOEYMkgs\PIAu.exe
- %HOMEPATH%\gOEYMkgs\Xwww.exe
- %HOMEPATH%\gOEYMkgs\wMkk.exe
- %HOMEPATH%\gOEYMkgs\bgkg.exe
- %HOMEPATH%\gOEYMkgs\FwAe.exe
- %HOMEPATH%\gOEYMkgs\rAoq.exe
- %HOMEPATH%\gOEYMkgs\uIwq.exe
- %HOMEPATH%\gOEYMkgs\hMgk.exe
- %HOMEPATH%\gOEYMkgs\BgQW.exe
- %HOMEPATH%\gOEYMkgs\PskA.exe
- %HOMEPATH%\gOEYMkgs\BsAw.exe
- %HOMEPATH%\gOEYMkgs\vEgc.exe
- %HOMEPATH%\gOEYMkgs\zcAe.exe
- %HOMEPATH%\gOEYMkgs\ocoQ.exe
- %HOMEPATH%\gOEYMkgs\ZMUK.exe
- %HOMEPATH%\gOEYMkgs\eoIW.exe
- %HOMEPATH%\gOEYMkgs\ngMC.exe
- %HOMEPATH%\gOEYMkgs\KsIC.exe
- %HOMEPATH%\gOEYMkgs\sEQk.exe
- %HOMEPATH%\gOEYMkgs\PggI.exe
- %HOMEPATH%\gOEYMkgs\xoYQ.exe
- %HOMEPATH%\gOEYMkgs\XAYc.exe
- %HOMEPATH%\gOEYMkgs\Hska.exe
- %HOMEPATH%\gOEYMkgs\hAIU.exe
- %HOMEPATH%\gOEYMkgs\xsQo.exe
- %HOMEPATH%\gOEYMkgs\Sosa.exe
- %HOMEPATH%\gOEYMkgs\qEMG.exe
- %HOMEPATH%\gOEYMkgs\kAAK.exe
- %HOMEPATH%\gOEYMkgs\DQoe.exe
- %HOMEPATH%\gOEYMkgs\HYUU.exe
- %HOMEPATH%\gOEYMkgs\JEQi.exe
- %HOMEPATH%\gOEYMkgs\OAQM.exe
- %HOMEPATH%\gOEYMkgs\WUMe.exe
- %HOMEPATH%\gOEYMkgs\PgEk.exe
- %HOMEPATH%\gOEYMkgs\YIkK.exe
- %HOMEPATH%\gOEYMkgs\awMQ.exe
- %HOMEPATH%\gOEYMkgs\bMEM.exe
- %HOMEPATH%\gOEYMkgs\NcgS.exe
- %HOMEPATH%\gOEYMkgs\FoEA.exe
- %HOMEPATH%\gOEYMkgs\nIMQ.exe
- %HOMEPATH%\gOEYMkgs\tscy.exe
- %HOMEPATH%\gOEYMkgs\OsUe.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- %HOMEPATH%\gOEYMkgs\pUoi.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- %HOMEPATH%\gOEYMkgs\wIkK.exe
- %HOMEPATH%\gOEYMkgs\XoAm.exe
- %HOMEPATH%\gOEYMkgs\vUMk.exe
- %HOMEPATH%\gOEYMkgs\YUsk.exe
- %HOMEPATH%\gOEYMkgs\vcUi.exe
- %HOMEPATH%\gOEYMkgs\kIok.exe
- %HOMEPATH%\gOEYMkgs\zwwk.exe
- %HOMEPATH%\gOEYMkgs\PwkQ.exe
- %HOMEPATH%\gOEYMkgs\JUEM.exe
- %HOMEPATH%\gOEYMkgs\OoUO.exe
- %HOMEPATH%\gOEYMkgs\mQoG.exe
- %HOMEPATH%\gOEYMkgs\qgIW.exe
- %HOMEPATH%\gOEYMkgs\Gwsq.exe
- %HOMEPATH%\gOEYMkgs\Dscu.exe
- %HOMEPATH%\gOEYMkgs\pIAs.exe
- %HOMEPATH%\gOEYMkgs\BooS.exe
- %HOMEPATH%\gOEYMkgs\tAow.exe
- %HOMEPATH%\gOEYMkgs\VQAQ.exe
- %HOMEPATH%\gOEYMkgs\LskQ.exe
- %HOMEPATH%\gOEYMkgs\mEge.exe
- %HOMEPATH%\gOEYMkgs\GYMy.exe
- %HOMEPATH%\gOEYMkgs\JwIe.exe
- %HOMEPATH%\gOEYMkgs\bAsM.exe
- %HOMEPATH%\gOEYMkgs\TQgK.exe
- %HOMEPATH%\gOEYMkgs\dIMk.exe
- %HOMEPATH%\gOEYMkgs\GUYc.exe
- %HOMEPATH%\gOEYMkgs\aQgu.exe
- %HOMEPATH%\gOEYMkgs\wowy.exe
- %HOMEPATH%\gOEYMkgs\fMkg.exe
- %HOMEPATH%\gOEYMkgs\NAIw.exe
- %HOMEPATH%\gOEYMkgs\rQoU.exe
- %HOMEPATH%\gOEYMkgs\uAgQ.exe
- %HOMEPATH%\gOEYMkgs\BUAM.exe
- %HOMEPATH%\gOEYMkgs\wYIi.exe
- %HOMEPATH%\gOEYMkgs\JYIk.exe
- %HOMEPATH%\gOEYMkgs\DoIi.exe
- %HOMEPATH%\gOEYMkgs\Ckcc.exe
- %HOMEPATH%\gOEYMkgs\hwgY.exe
- %HOMEPATH%\gOEYMkgs\vkwq.exe
- %HOMEPATH%\gOEYMkgs\Xgws.exe
- %HOMEPATH%\gOEYMkgs\BQsI.exe
- %HOMEPATH%\gOEYMkgs\dkMC.exe
- %HOMEPATH%\gOEYMkgs\kQAs.exe
- %HOMEPATH%\gOEYMkgs\iooY.exe
- %HOMEPATH%\gOEYMkgs\eAAC.exe
- %HOMEPATH%\gOEYMkgs\PkcW.exe
- %HOMEPATH%\gOEYMkgs\ycMS.exe
- %TEMP%\kEQMIwMA.bat
- %HOMEPATH%\gOEYMkgs\ysko.exe
- %HOMEPATH%\gOEYMkgs\CAQy.exe
- %HOMEPATH%\gOEYMkgs\pUMy.exe
- %HOMEPATH%\gOEYMkgs\koMQ.exe
- %HOMEPATH%\gOEYMkgs\qQYY.exe
- %HOMEPATH%\gOEYMkgs\gYQa.exe
- %HOMEPATH%\gOEYMkgs\ecIk.exe
- %HOMEPATH%\gOEYMkgs\bMwQ.exe
- %HOMEPATH%\gOEYMkgs\OQsu.exe
- %HOMEPATH%\gOEYMkgs\XQEC.exe
- %HOMEPATH%\gOEYMkgs\BEQo.exe
- %HOMEPATH%\gOEYMkgs\AEIy.exe
- %HOMEPATH%\gOEYMkgs\FokO.exe
- %HOMEPATH%\gOEYMkgs\iwMq.exe
- %HOMEPATH%\gOEYMkgs\SAYA.exe
- %HOMEPATH%\gOEYMkgs\DYgw.exe
- %HOMEPATH%\gOEYMkgs\EQUK.exe
- %HOMEPATH%\gOEYMkgs\JEAY.exe
- %HOMEPATH%\gOEYMkgs\TUkY.exe
- %HOMEPATH%\gOEYMkgs\KoAg.exe
- %HOMEPATH%\gOEYMkgs\CUcY.exe
- %HOMEPATH%\gOEYMkgs\kcIC.exe
- %HOMEPATH%\gOEYMkgs\zUkS.exe
- %HOMEPATH%\gOEYMkgs\FMEW.exe
- %HOMEPATH%\gOEYMkgs\ukEY.exe
- %HOMEPATH%\gOEYMkgs\dsAI.exe
- %HOMEPATH%\gOEYMkgs\aIsq.exe
- %HOMEPATH%\gOEYMkgs\BIIg.exe
- %HOMEPATH%\gOEYMkgs\qoAy.exe
- %HOMEPATH%\gOEYMkgs\CwUK.exe
- %HOMEPATH%\gOEYMkgs\xUMA.exe
- %HOMEPATH%\gOEYMkgs\xQoW.exe
- %HOMEPATH%\gOEYMkgs\eQgi.exe
- %HOMEPATH%\gOEYMkgs\UgAE.exe
- %HOMEPATH%\gOEYMkgs\MIQk.exe
- %HOMEPATH%\gOEYMkgs\BMMM.exe
- %HOMEPATH%\gOEYMkgs\wIUI.exe
- %HOMEPATH%\gOEYMkgs\ToEG.exe
- %HOMEPATH%\gOEYMkgs\ckYK.exe
- %HOMEPATH%\gOEYMkgs\JQoM.exe
- %HOMEPATH%\gOEYMkgs\WUYy.exe
- %HOMEPATH%\gOEYMkgs\PEkC.exe
- %HOMEPATH%\gOEYMkgs\XEgg.exe
- %HOMEPATH%\gOEYMkgs\zwsI.exe
- %HOMEPATH%\gOEYMkgs\bgwI.exe
- %HOMEPATH%\gOEYMkgs\BwYm.exe
- %HOMEPATH%\gOEYMkgs\dgAE.exe
- %HOMEPATH%\gOEYMkgs\pUwy.exe
- %HOMEPATH%\gOEYMkgs\qsMw.exe
- %HOMEPATH%\gOEYMkgs\hgcC.exe
- %HOMEPATH%\gOEYMkgs\lwos.exe
- %HOMEPATH%\gOEYMkgs\tEcA.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'