Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\mksG.exe
- %TEMP%\WER6309.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\iwcO.exe
- %HOMEPATH%\gOEYMkgs\CUYG.exe
- %HOMEPATH%\gOEYMkgs\Ygoe.exe
- %TEMP%\WER6309.dir00\manifest.txt
- %TEMP%\WER6309.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\wYgu.exe
- %HOMEPATH%\gOEYMkgs\VQwQ.exe
- %HOMEPATH%\gOEYMkgs\zQQk.exe
- %HOMEPATH%\gOEYMkgs\ScsU.exe
- %TEMP%\WER6309.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\rQUQ.exe
- %HOMEPATH%\gOEYMkgs\aUsI.exe
- %HOMEPATH%\gOEYMkgs\bMsI.exe
- %HOMEPATH%\gOEYMkgs\OwcQ.exe
- %HOMEPATH%\gOEYMkgs\hUEq.exe
- %HOMEPATH%\gOEYMkgs\jgke.exe
- %HOMEPATH%\gOEYMkgs\VAoy.exe
- %HOMEPATH%\gOEYMkgs\msgy.exe
- %HOMEPATH%\gOEYMkgs\EgMU.exe
- %HOMEPATH%\gOEYMkgs\HMAw.exe
- %HOMEPATH%\gOEYMkgs\MAMC.exe
- %HOMEPATH%\gOEYMkgs\KMEY.exe
- %HOMEPATH%\gOEYMkgs\CQsC.exe
- %HOMEPATH%\gOEYMkgs\QsQg.exe
- %HOMEPATH%\gOEYMkgs\SgsE.exe
- %HOMEPATH%\gOEYMkgs\XUMI.exe
- %HOMEPATH%\gOEYMkgs\sAkC.exe
- %HOMEPATH%\gOEYMkgs\HwMe.exe
- %HOMEPATH%\gOEYMkgs\nQIG.exe
- %HOMEPATH%\gOEYMkgs\WwIQ.exe
- %HOMEPATH%\gOEYMkgs\Dwwi.exe
- %HOMEPATH%\gOEYMkgs\IQIu.exe
- %HOMEPATH%\gOEYMkgs\XoII.exe
- %HOMEPATH%\gOEYMkgs\uUAc.exe
- %HOMEPATH%\gOEYMkgs\isEo.exe
- %HOMEPATH%\gOEYMkgs\AcEC.exe
- %HOMEPATH%\gOEYMkgs\FUUk.exe
- %HOMEPATH%\gOEYMkgs\PswC.exe
- %HOMEPATH%\gOEYMkgs\NgEw.exe
- %HOMEPATH%\gOEYMkgs\mAMS.exe
- %HOMEPATH%\gOEYMkgs\iAsQ.exe
- %HOMEPATH%\gOEYMkgs\fIIy.exe
- %HOMEPATH%\gOEYMkgs\HMMU.exe
- %HOMEPATH%\gOEYMkgs\yIIA.exe
- %HOMEPATH%\gOEYMkgs\nsoc.exe
- %HOMEPATH%\gOEYMkgs\ywMO.exe
- %HOMEPATH%\gOEYMkgs\aUEq.exe
- %HOMEPATH%\gOEYMkgs\OQkY.exe
- %HOMEPATH%\gOEYMkgs\gssU.exe
- %HOMEPATH%\gOEYMkgs\YEIu.exe
- %HOMEPATH%\gOEYMkgs\Voka.exe
- %HOMEPATH%\gOEYMkgs\TgYo.exe
- %HOMEPATH%\gOEYMkgs\lcAI.exe
- %HOMEPATH%\gOEYMkgs\PEMA.exe
- %HOMEPATH%\gOEYMkgs\MoEa.exe
- %HOMEPATH%\gOEYMkgs\GQYC.exe
- %HOMEPATH%\gOEYMkgs\joII.exe
- %HOMEPATH%\gOEYMkgs\hgoc.exe
- %HOMEPATH%\gOEYMkgs\cAUQ.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %HOMEPATH%\gOEYMkgs\gsAi.exe
- %HOMEPATH%\gOEYMkgs\Okso.exe
- %HOMEPATH%\gOEYMkgs\cEcs.exe
- %HOMEPATH%\gOEYMkgs\UwUQ.exe
- %HOMEPATH%\gOEYMkgs\oUsc.exe
- %HOMEPATH%\gOEYMkgs\wAQm.exe
- %HOMEPATH%\gOEYMkgs\tEEk.exe
- %TEMP%\WER5625.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\PUYk.exe
- %HOMEPATH%\gOEYMkgs\HooK.exe
- %TEMP%\WER5625.dir00\manifest.txt
- %TEMP%\WER5625.dir00\appcompat.txt
- %TEMP%\WER5625.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\IAoe.exe
- %HOMEPATH%\gOEYMkgs\wMoO.exe
- %HOMEPATH%\gOEYMkgs\Hgoe.exe
- %HOMEPATH%\gOEYMkgs\pEgQ.exe
- %HOMEPATH%\gOEYMkgs\dUoS.exe
- %HOMEPATH%\gOEYMkgs\DYwe.exe
- %HOMEPATH%\gOEYMkgs\PMgU.exe
- %HOMEPATH%\gOEYMkgs\ZMEi.exe
- %HOMEPATH%\gOEYMkgs\Osoo.exe
- %HOMEPATH%\gOEYMkgs\ZIUO.exe
- %HOMEPATH%\gOEYMkgs\YUwK.exe
- %HOMEPATH%\gOEYMkgs\OMcw.exe
- %HOMEPATH%\gOEYMkgs\skgy.exe
- %HOMEPATH%\gOEYMkgs\hUgk.exe
- %HOMEPATH%\gOEYMkgs\aYgk.exe
- %HOMEPATH%\gOEYMkgs\uwcY.exe
- %HOMEPATH%\gOEYMkgs\eIgI.exe
- %HOMEPATH%\gOEYMkgs\jUQk.exe
- %HOMEPATH%\gOEYMkgs\dYoI.exe
- %HOMEPATH%\gOEYMkgs\WwYs.exe
- %HOMEPATH%\gOEYMkgs\eUsk.exe
- %HOMEPATH%\gOEYMkgs\EsEO.exe
- %HOMEPATH%\gOEYMkgs\KQAO.exe
- %TEMP%\WERd976.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\ZIwG.exe
- %TEMP%\WERd976.dir00\manifest.txt
- %TEMP%\WERd976.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\SYwG.exe
- %TEMP%\WERd976.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\agMg.exe
- %HOMEPATH%\gOEYMkgs\oIIu.exe
- %HOMEPATH%\gOEYMkgs\qkgS.exe
- %HOMEPATH%\gOEYMkgs\FcQG.exe
- %HOMEPATH%\gOEYMkgs\BEEs.exe
- %HOMEPATH%\gOEYMkgs\TgQm.exe
- %HOMEPATH%\gOEYMkgs\xUgW.exe
- %HOMEPATH%\gOEYMkgs\EoMy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\YYMq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\TUcE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\UEEw.exe
- %TEMP%\WER01b5.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\GMki.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %TEMP%\WER01b5.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\dcMu.exe
- %HOMEPATH%\gOEYMkgs\NMoK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\awYU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\rMMa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\GoQa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\DEQe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\pUYe.exe
- %HOMEPATH%\gOEYMkgs\AokA.exe
- %ALLUSERSPROFILE%\caQc.txt
- %TEMP%\WER1266.dir00\manifest.txt
- %TEMP%\WER1266.dir00\appcompat.txt
- %TEMP%\WER8ae2.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER8ae2.dir00\ZgMYMIIE.exe.mdmp
- <Current directory>\<File name>
- %TEMP%\WER1266.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER1266.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %TEMP%\WER8ae2.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %TEMP%\WER01b5.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\uYMC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %TEMP%\WER01b5.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\BMcy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\yYgy.exe
- %TEMP%\WER8ae2.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\LcMq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\nEQO.exe
- %HOMEPATH%\gOEYMkgs\MMwM.exe
- %HOMEPATH%\gOEYMkgs\SsAY.exe
- %HOMEPATH%\gOEYMkgs\DQwg.exe
- %HOMEPATH%\gOEYMkgs\oAQs.exe
- %HOMEPATH%\gOEYMkgs\TwAQ.exe
- %HOMEPATH%\gOEYMkgs\SIMa.exe
- %HOMEPATH%\gOEYMkgs\Jcwg.exe
- %HOMEPATH%\gOEYMkgs\IYMC.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\WgMy.exe
- %HOMEPATH%\gOEYMkgs\cowa.exe
- %HOMEPATH%\gOEYMkgs\kMIw.exe
- %HOMEPATH%\gOEYMkgs\gkEm.exe
- %HOMEPATH%\gOEYMkgs\UMoi.exe
- %HOMEPATH%\gOEYMkgs\rAMA.exe
- %HOMEPATH%\gOEYMkgs\lUQo.exe
- %TEMP%\WERf7bf.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\mMAS.exe
- %TEMP%\WERf7bf.dir00\manifest.txt
- %TEMP%\WERf7bf.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\XcYO.exe
- %HOMEPATH%\gOEYMkgs\oYEy.exe
- %HOMEPATH%\gOEYMkgs\nIYY.exe
- %HOMEPATH%\gOEYMkgs\DowY.exe
- %TEMP%\WERf7bf.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\EMQs.exe
- %HOMEPATH%\gOEYMkgs\cUMW.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\KsAm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\OYMQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\RwAa.exe
- %HOMEPATH%\gOEYMkgs\GMUK.exe
- %HOMEPATH%\gOEYMkgs\FwES.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\mUsK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\zIIs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\BMQM.exe
- %TEMP%\WER7906.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\fMsC.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\qUIE.exe
- %TEMP%\WER7906.dir00\appcompat.txt
- %TEMP%\WER7906.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\pgkg.exe
- %TEMP%\WER7906.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\joIS.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\bMsI.exe
- %HOMEPATH%\gOEYMkgs\OwcQ.exe
- %HOMEPATH%\gOEYMkgs\VAoy.exe
- %HOMEPATH%\gOEYMkgs\msgy.exe
- %HOMEPATH%\gOEYMkgs\hUEq.exe
- %HOMEPATH%\gOEYMkgs\QsQg.exe
- %HOMEPATH%\gOEYMkgs\SgsE.exe
- %HOMEPATH%\gOEYMkgs\EgMU.exe
- %HOMEPATH%\gOEYMkgs\CQsC.exe
- %HOMEPATH%\gOEYMkgs\dYoI.exe
- %HOMEPATH%\gOEYMkgs\WwYs.exe
- %HOMEPATH%\gOEYMkgs\YUwK.exe
- %HOMEPATH%\gOEYMkgs\aYgk.exe
- %HOMEPATH%\gOEYMkgs\eUsk.exe
- %HOMEPATH%\gOEYMkgs\jUQk.exe
- %HOMEPATH%\gOEYMkgs\jgke.exe
- %HOMEPATH%\gOEYMkgs\uwcY.exe
- %HOMEPATH%\gOEYMkgs\eIgI.exe
- %HOMEPATH%\gOEYMkgs\HMAw.exe
- %HOMEPATH%\gOEYMkgs\zQQk.exe
- %HOMEPATH%\gOEYMkgs\XUMI.exe
- %HOMEPATH%\gOEYMkgs\wYgu.exe
- %HOMEPATH%\gOEYMkgs\VQwQ.exe
- %HOMEPATH%\gOEYMkgs\yIIA.exe
- %HOMEPATH%\gOEYMkgs\iAsQ.exe
- %HOMEPATH%\gOEYMkgs\fIIy.exe
- %HOMEPATH%\gOEYMkgs\nsoc.exe
- %HOMEPATH%\gOEYMkgs\ywMO.exe
- %HOMEPATH%\gOEYMkgs\aUsI.exe
- %HOMEPATH%\gOEYMkgs\CUYG.exe
- %HOMEPATH%\gOEYMkgs\MAMC.exe
- %HOMEPATH%\gOEYMkgs\KMEY.exe
- %HOMEPATH%\gOEYMkgs\Ygoe.exe
- %HOMEPATH%\gOEYMkgs\ScsU.exe
- %HOMEPATH%\gOEYMkgs\rQUQ.exe
- %HOMEPATH%\gOEYMkgs\mksG.exe
- %HOMEPATH%\gOEYMkgs\iwcO.exe
- %HOMEPATH%\gOEYMkgs\ZIUO.exe
- %HOMEPATH%\gOEYMkgs\hgoc.exe
- %HOMEPATH%\gOEYMkgs\cAUQ.exe
- %HOMEPATH%\gOEYMkgs\tEEk.exe
- %HOMEPATH%\gOEYMkgs\joII.exe
- %HOMEPATH%\gOEYMkgs\PEMA.exe
- %HOMEPATH%\gOEYMkgs\UwUQ.exe
- %HOMEPATH%\gOEYMkgs\oUsc.exe
- %HOMEPATH%\gOEYMkgs\MoEa.exe
- %HOMEPATH%\gOEYMkgs\GQYC.exe
- %HOMEPATH%\gOEYMkgs\IAoe.exe
- %HOMEPATH%\gOEYMkgs\dUoS.exe
- %HOMEPATH%\gOEYMkgs\PUYk.exe
- %HOMEPATH%\gOEYMkgs\HooK.exe
- %HOMEPATH%\gOEYMkgs\DYwe.exe
- %HOMEPATH%\gOEYMkgs\Hgoe.exe
- %HOMEPATH%\gOEYMkgs\pEgQ.exe
- %HOMEPATH%\gOEYMkgs\PMgU.exe
- %HOMEPATH%\gOEYMkgs\wMoO.exe
- %HOMEPATH%\gOEYMkgs\wAQm.exe
- %HOMEPATH%\gOEYMkgs\oIIu.exe
- %HOMEPATH%\gOEYMkgs\qkgS.exe
- %HOMEPATH%\gOEYMkgs\TgQm.exe
- %HOMEPATH%\gOEYMkgs\agMg.exe
- %HOMEPATH%\gOEYMkgs\EsEO.exe
- %HOMEPATH%\gOEYMkgs\hUgk.exe
- %HOMEPATH%\gOEYMkgs\Osoo.exe
- %HOMEPATH%\gOEYMkgs\OMcw.exe
- %HOMEPATH%\gOEYMkgs\skgy.exe
- %HOMEPATH%\gOEYMkgs\cEcs.exe
- %HOMEPATH%\gOEYMkgs\ZMEi.exe
- %HOMEPATH%\gOEYMkgs\gsAi.exe
- %HOMEPATH%\gOEYMkgs\Okso.exe
- %HOMEPATH%\gOEYMkgs\SYwG.exe
- %HOMEPATH%\gOEYMkgs\FcQG.exe
- %HOMEPATH%\gOEYMkgs\BEEs.exe
- %HOMEPATH%\gOEYMkgs\KQAO.exe
- %HOMEPATH%\gOEYMkgs\ZIwG.exe
- %HOMEPATH%\gOEYMkgs\HMMU.exe
- %HOMEPATH%\gOEYMkgs\OYMQ.exe
- %HOMEPATH%\gOEYMkgs\RwAa.exe
- %HOMEPATH%\gOEYMkgs\joIS.exe
- %HOMEPATH%\gOEYMkgs\pgkg.exe
- %HOMEPATH%\gOEYMkgs\KsAm.exe
- %HOMEPATH%\gOEYMkgs\FwES.exe
- %HOMEPATH%\gOEYMkgs\mUsK.exe
- %HOMEPATH%\gOEYMkgs\GMUK.exe
- %HOMEPATH%\gOEYMkgs\zIIs.exe
- %HOMEPATH%\gOEYMkgs\kMIw.exe
- %HOMEPATH%\gOEYMkgs\gkEm.exe
- %HOMEPATH%\gOEYMkgs\Jcwg.exe
- %HOMEPATH%\gOEYMkgs\cowa.exe
- %HOMEPATH%\gOEYMkgs\IYMC.exe
- %HOMEPATH%\gOEYMkgs\qUIE.exe
- %HOMEPATH%\gOEYMkgs\BMQM.exe
- %HOMEPATH%\gOEYMkgs\WgMy.exe
- %HOMEPATH%\gOEYMkgs\fMsC.exe
- %HOMEPATH%\gOEYMkgs\rMMa.exe
- %HOMEPATH%\gOEYMkgs\AokA.exe
- %HOMEPATH%\gOEYMkgs\BMcy.exe
- %HOMEPATH%\gOEYMkgs\GMki.exe
- %HOMEPATH%\gOEYMkgs\UEEw.exe
- %HOMEPATH%\gOEYMkgs\uYMC.exe
- %HOMEPATH%\gOEYMkgs\yYgy.exe
- %TEMP%\UAkEcEUA.bat
- %HOMEPATH%\gOEYMkgs\LcMq.exe
- %HOMEPATH%\gOEYMkgs\nEQO.exe
- %HOMEPATH%\gOEYMkgs\DEQe.exe
- %HOMEPATH%\gOEYMkgs\pUYe.exe
- %HOMEPATH%\gOEYMkgs\NMoK.exe
- %HOMEPATH%\gOEYMkgs\awYU.exe
- %HOMEPATH%\gOEYMkgs\GoQa.exe
- %HOMEPATH%\gOEYMkgs\EoMy.exe
- %HOMEPATH%\gOEYMkgs\YYMq.exe
- %HOMEPATH%\gOEYMkgs\dcMu.exe
- %HOMEPATH%\gOEYMkgs\TUcE.exe
- %HOMEPATH%\gOEYMkgs\DQwg.exe
- %HOMEPATH%\gOEYMkgs\sAkC.exe
- %HOMEPATH%\gOEYMkgs\HwMe.exe
- %HOMEPATH%\gOEYMkgs\Dwwi.exe
- %HOMEPATH%\gOEYMkgs\IQIu.exe
- %HOMEPATH%\gOEYMkgs\nQIG.exe
- %HOMEPATH%\gOEYMkgs\PswC.exe
- %HOMEPATH%\gOEYMkgs\NgEw.exe
- %HOMEPATH%\gOEYMkgs\XoII.exe
- %HOMEPATH%\gOEYMkgs\FUUk.exe
- %HOMEPATH%\gOEYMkgs\TgYo.exe
- %HOMEPATH%\gOEYMkgs\lcAI.exe
- %HOMEPATH%\gOEYMkgs\aUEq.exe
- %HOMEPATH%\gOEYMkgs\Voka.exe
- %HOMEPATH%\gOEYMkgs\OQkY.exe
- %HOMEPATH%\gOEYMkgs\mAMS.exe
- %HOMEPATH%\gOEYMkgs\WwIQ.exe
- %HOMEPATH%\gOEYMkgs\gssU.exe
- %HOMEPATH%\gOEYMkgs\YEIu.exe
- %HOMEPATH%\gOEYMkgs\uUAc.exe
- %HOMEPATH%\gOEYMkgs\DowY.exe
- %HOMEPATH%\gOEYMkgs\UMoi.exe
- %HOMEPATH%\gOEYMkgs\oYEy.exe
- %HOMEPATH%\gOEYMkgs\nIYY.exe
- %HOMEPATH%\gOEYMkgs\oAQs.exe
- %HOMEPATH%\gOEYMkgs\MMwM.exe
- %HOMEPATH%\gOEYMkgs\SsAY.exe
- %HOMEPATH%\gOEYMkgs\TwAQ.exe
- %HOMEPATH%\gOEYMkgs\SIMa.exe
- %HOMEPATH%\gOEYMkgs\xUgW.exe
- %HOMEPATH%\gOEYMkgs\mMAS.exe
- %HOMEPATH%\gOEYMkgs\isEo.exe
- %HOMEPATH%\gOEYMkgs\AcEC.exe
- %HOMEPATH%\gOEYMkgs\rAMA.exe
- %HOMEPATH%\gOEYMkgs\EMQs.exe
- %HOMEPATH%\gOEYMkgs\cUMW.exe
- %HOMEPATH%\gOEYMkgs\lUQo.exe
- %HOMEPATH%\gOEYMkgs\XcYO.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'