Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\DsAQ.exe
- %HOMEPATH%\gOEYMkgs\pUwQ.exe
- %HOMEPATH%\gOEYMkgs\okco.exe
- %HOMEPATH%\gOEYMkgs\pAsg.exe
- %HOMEPATH%\gOEYMkgs\qEQy.exe
- %HOMEPATH%\gOEYMkgs\nwUY.exe
- %HOMEPATH%\gOEYMkgs\FUUI.exe
- %HOMEPATH%\gOEYMkgs\eogE.exe
- %HOMEPATH%\gOEYMkgs\XQge.exe
- %HOMEPATH%\gOEYMkgs\QoEC.exe
- %HOMEPATH%\gOEYMkgs\BwQO.exe
- %HOMEPATH%\gOEYMkgs\TMkI.exe
- %HOMEPATH%\gOEYMkgs\FAYO.exe
- %HOMEPATH%\gOEYMkgs\tkQO.exe
- %HOMEPATH%\gOEYMkgs\Lock.exe
- %HOMEPATH%\gOEYMkgs\XEMM.exe
- %HOMEPATH%\gOEYMkgs\dMEs.exe
- %HOMEPATH%\gOEYMkgs\rYwu.exe
- %HOMEPATH%\gOEYMkgs\eIMY.exe
- %HOMEPATH%\gOEYMkgs\dsgU.exe
- %HOMEPATH%\gOEYMkgs\fYAI.exe
- %HOMEPATH%\gOEYMkgs\bsYI.exe
- %HOMEPATH%\gOEYMkgs\DoAm.exe
- %HOMEPATH%\gOEYMkgs\ycQC.exe
- %HOMEPATH%\gOEYMkgs\oYga.exe
- %HOMEPATH%\gOEYMkgs\KoEe.exe
- %HOMEPATH%\gOEYMkgs\LsIM.exe
- %TEMP%\WER55a6.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\owkQ.exe
- %HOMEPATH%\gOEYMkgs\GQog.exe
- %HOMEPATH%\gOEYMkgs\scgC.exe
- %HOMEPATH%\gOEYMkgs\EgAo.exe
- %HOMEPATH%\gOEYMkgs\iQwq.exe
- %HOMEPATH%\gOEYMkgs\qEgu.exe
- %HOMEPATH%\gOEYMkgs\gIwM.exe
- %HOMEPATH%\gOEYMkgs\Nogg.exe
- %HOMEPATH%\gOEYMkgs\vMow.exe
- %TEMP%\WER55a6.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\dwIe.exe
- %HOMEPATH%\gOEYMkgs\pcAw.exe
- %HOMEPATH%\gOEYMkgs\yIUU.exe
- %TEMP%\WER55a6.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\sMkM.exe
- %HOMEPATH%\gOEYMkgs\eAYC.exe
- %HOMEPATH%\gOEYMkgs\xUYo.exe
- %HOMEPATH%\gOEYMkgs\OUAC.exe
- %TEMP%\WER55a6.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\Ukkq.exe
- %HOMEPATH%\gOEYMkgs\mUQo.exe
- %HOMEPATH%\gOEYMkgs\kYEq.exe
- %HOMEPATH%\gOEYMkgs\RQUw.exe
- %HOMEPATH%\gOEYMkgs\sQYy.exe
- %HOMEPATH%\gOEYMkgs\bgkE.exe
- %HOMEPATH%\gOEYMkgs\rIEy.exe
- %HOMEPATH%\gOEYMkgs\akIU.exe
- %HOMEPATH%\gOEYMkgs\YEoG.exe
- %HOMEPATH%\gOEYMkgs\hAkG.exe
- %HOMEPATH%\gOEYMkgs\LwMu.exe
- %HOMEPATH%\gOEYMkgs\tEco.exe
- %HOMEPATH%\gOEYMkgs\vEck.exe
- %HOMEPATH%\gOEYMkgs\SAsG.exe
- %HOMEPATH%\gOEYMkgs\gcoy.exe
- %HOMEPATH%\gOEYMkgs\OMsq.exe
- %HOMEPATH%\gOEYMkgs\zogQ.exe
- %HOMEPATH%\gOEYMkgs\wgoS.exe
- %HOMEPATH%\gOEYMkgs\fEEC.exe
- %HOMEPATH%\gOEYMkgs\mgQW.exe
- %HOMEPATH%\gOEYMkgs\eIoE.exe
- %HOMEPATH%\gOEYMkgs\JIoO.exe
- %HOMEPATH%\gOEYMkgs\Rkwu.exe
- %HOMEPATH%\gOEYMkgs\ykMA.exe
- %HOMEPATH%\gOEYMkgs\bssU.exe
- %HOMEPATH%\gOEYMkgs\VcQy.exe
- %HOMEPATH%\gOEYMkgs\GEwk.exe
- %HOMEPATH%\gOEYMkgs\zwoE.exe
- %HOMEPATH%\gOEYMkgs\OgcQ.exe
- %HOMEPATH%\gOEYMkgs\PoAs.exe
- %HOMEPATH%\gOEYMkgs\iskI.exe
- %HOMEPATH%\gOEYMkgs\Ccsa.exe
- %HOMEPATH%\gOEYMkgs\Qosk.exe
- %HOMEPATH%\gOEYMkgs\Csoi.exe
- %HOMEPATH%\gOEYMkgs\dkMw.exe
- %HOMEPATH%\gOEYMkgs\Hoge.exe
- %HOMEPATH%\gOEYMkgs\OwQC.exe
- %HOMEPATH%\gOEYMkgs\uYEs.exe
- %HOMEPATH%\gOEYMkgs\NwYM.exe
- %HOMEPATH%\gOEYMkgs\hQYA.exe
- %HOMEPATH%\gOEYMkgs\nQEm.exe
- %HOMEPATH%\gOEYMkgs\YssG.exe
- %HOMEPATH%\gOEYMkgs\bQUG.exe
- %HOMEPATH%\gOEYMkgs\hAgi.exe
- %HOMEPATH%\gOEYMkgs\kEIG.exe
- %HOMEPATH%\gOEYMkgs\JcEc.exe
- %HOMEPATH%\gOEYMkgs\Vcko.exe
- %HOMEPATH%\gOEYMkgs\eAcg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\usUG.exe
- %HOMEPATH%\gOEYMkgs\YcMe.exe
- %HOMEPATH%\gOEYMkgs\YQUQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\Wcoe.exe
- %HOMEPATH%\gOEYMkgs\EQgs.exe
- %HOMEPATH%\gOEYMkgs\ikEa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\HAwC.exe
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\eQIM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\Gggk.exe
- %HOMEPATH%\gOEYMkgs\PsMq.exe
- %HOMEPATH%\gOEYMkgs\cMQO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %TEMP%\WER62a9.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER62a9.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WER62a9.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\tssM.exe
- %TEMP%\WER62a9.dir00\manifest.txt
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\YEIG.exe
- %HOMEPATH%\gOEYMkgs\FEMy.exe
- %HOMEPATH%\gOEYMkgs\XcAA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\AQkW.exe
- %HOMEPATH%\gOEYMkgs\VIck.exe
- %HOMEPATH%\gOEYMkgs\nwEW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\sEke.exe
- %HOMEPATH%\gOEYMkgs\coAE.exe
- %HOMEPATH%\gOEYMkgs\iwoG.exe
- %HOMEPATH%\gOEYMkgs\pswu.exe
- %HOMEPATH%\gOEYMkgs\hYgQ.exe
- %HOMEPATH%\gOEYMkgs\mYwg.exe
- %HOMEPATH%\gOEYMkgs\fMUU.exe
- %HOMEPATH%\gOEYMkgs\AAAY.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\oscg.exe
- %HOMEPATH%\gOEYMkgs\mYEg.exe
- %HOMEPATH%\gOEYMkgs\kEYy.exe
- %HOMEPATH%\gOEYMkgs\zgkY.exe
- %HOMEPATH%\gOEYMkgs\TwMM.exe
- %HOMEPATH%\gOEYMkgs\oAkG.exe
- %HOMEPATH%\gOEYMkgs\yMQQ.exe
- %HOMEPATH%\gOEYMkgs\CIcs.exe
- %HOMEPATH%\gOEYMkgs\pEoQ.exe
- %HOMEPATH%\gOEYMkgs\aIgk.exe
- %HOMEPATH%\gOEYMkgs\OYck.exe
- %HOMEPATH%\gOEYMkgs\Moce.exe
- %HOMEPATH%\gOEYMkgs\dsYq.exe
- %HOMEPATH%\gOEYMkgs\rooY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %TEMP%\WERdba2.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\lEUw.exe
- %HOMEPATH%\gOEYMkgs\VAwa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\DwAe.exe
- %HOMEPATH%\gOEYMkgs\skcO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\fMEc.exe
- %TEMP%\WERdba2.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\lgIm.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\hwwI.exe
- %HOMEPATH%\gOEYMkgs\DYkG.exe
- %HOMEPATH%\gOEYMkgs\BwAM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %TEMP%\WERdba2.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %TEMP%\WERdba2.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\Qosk.exe
- %HOMEPATH%\gOEYMkgs\Ukkq.exe
- %HOMEPATH%\gOEYMkgs\Csoi.exe
- %HOMEPATH%\gOEYMkgs\Ccsa.exe
- %HOMEPATH%\gOEYMkgs\Lock.exe
- %HOMEPATH%\gOEYMkgs\FAYO.exe
- %HOMEPATH%\gOEYMkgs\XEMM.exe
- %HOMEPATH%\gOEYMkgs\dMEs.exe
- %HOMEPATH%\gOEYMkgs\Hoge.exe
- %HOMEPATH%\gOEYMkgs\PoAs.exe
- %HOMEPATH%\gOEYMkgs\zwoE.exe
- %HOMEPATH%\gOEYMkgs\OwQC.exe
- %HOMEPATH%\gOEYMkgs\OgcQ.exe
- %HOMEPATH%\gOEYMkgs\iskI.exe
- %HOMEPATH%\gOEYMkgs\dkMw.exe
- %HOMEPATH%\gOEYMkgs\VcQy.exe
- %HOMEPATH%\gOEYMkgs\GEwk.exe
- %HOMEPATH%\gOEYMkgs\tkQO.exe
- %HOMEPATH%\gOEYMkgs\pUwQ.exe
- %HOMEPATH%\gOEYMkgs\nwUY.exe
- %HOMEPATH%\gOEYMkgs\okco.exe
- %HOMEPATH%\gOEYMkgs\DsAQ.exe
- %HOMEPATH%\gOEYMkgs\XQge.exe
- %HOMEPATH%\gOEYMkgs\FUUI.exe
- %HOMEPATH%\gOEYMkgs\QoEC.exe
- %HOMEPATH%\gOEYMkgs\BwQO.exe
- %HOMEPATH%\gOEYMkgs\qEQy.exe
- %HOMEPATH%\gOEYMkgs\DoAm.exe
- %HOMEPATH%\gOEYMkgs\fYAI.exe
- %HOMEPATH%\gOEYMkgs\rYwu.exe
- %HOMEPATH%\gOEYMkgs\bsYI.exe
- %HOMEPATH%\gOEYMkgs\TMkI.exe
- %HOMEPATH%\gOEYMkgs\pAsg.exe
- %HOMEPATH%\gOEYMkgs\eIMY.exe
- %HOMEPATH%\gOEYMkgs\dsgU.exe
- %HOMEPATH%\gOEYMkgs\vEck.exe
- %HOMEPATH%\gOEYMkgs\sQYy.exe
- %HOMEPATH%\gOEYMkgs\mgQW.exe
- %HOMEPATH%\gOEYMkgs\eIoE.exe
- %HOMEPATH%\gOEYMkgs\mUQo.exe
- %HOMEPATH%\gOEYMkgs\kYEq.exe
- %HOMEPATH%\gOEYMkgs\bgkE.exe
- %HOMEPATH%\gOEYMkgs\RQUw.exe
- %HOMEPATH%\gOEYMkgs\JIoO.exe
- %HOMEPATH%\gOEYMkgs\OMsq.exe
- %HOMEPATH%\gOEYMkgs\SAsG.exe
- %HOMEPATH%\gOEYMkgs\zogQ.exe
- %HOMEPATH%\gOEYMkgs\wgoS.exe
- %HOMEPATH%\gOEYMkgs\Rkwu.exe
- %HOMEPATH%\gOEYMkgs\ykMA.exe
- %HOMEPATH%\gOEYMkgs\gcoy.exe
- %HOMEPATH%\gOEYMkgs\fEEC.exe
- %HOMEPATH%\gOEYMkgs\rIEy.exe
- %HOMEPATH%\gOEYMkgs\bQUG.exe
- %HOMEPATH%\gOEYMkgs\Vcko.exe
- %HOMEPATH%\gOEYMkgs\uYEs.exe
- %HOMEPATH%\gOEYMkgs\NwYM.exe
- %HOMEPATH%\gOEYMkgs\hAgi.exe
- %HOMEPATH%\gOEYMkgs\kEIG.exe
- %HOMEPATH%\gOEYMkgs\eAcg.exe
- %HOMEPATH%\gOEYMkgs\JcEc.exe
- %HOMEPATH%\gOEYMkgs\hQYA.exe
- %HOMEPATH%\gOEYMkgs\hAkG.exe
- %HOMEPATH%\gOEYMkgs\akIU.exe
- %HOMEPATH%\gOEYMkgs\LwMu.exe
- %HOMEPATH%\gOEYMkgs\tEco.exe
- %HOMEPATH%\gOEYMkgs\nQEm.exe
- %HOMEPATH%\gOEYMkgs\YssG.exe
- %HOMEPATH%\gOEYMkgs\YEoG.exe
- %HOMEPATH%\gOEYMkgs\bssU.exe
- %HOMEPATH%\gOEYMkgs\eogE.exe
- %HOMEPATH%\gOEYMkgs\lEUw.exe
- %HOMEPATH%\gOEYMkgs\DwAe.exe
- %HOMEPATH%\gOEYMkgs\BwAM.exe
- %HOMEPATH%\gOEYMkgs\VAwa.exe
- %HOMEPATH%\gOEYMkgs\sEke.exe
- %HOMEPATH%\gOEYMkgs\eQIM.exe
- %HOMEPATH%\gOEYMkgs\fMEc.exe
- %HOMEPATH%\gOEYMkgs\skcO.exe
- %HOMEPATH%\gOEYMkgs\DYkG.exe
- %HOMEPATH%\gOEYMkgs\fMUU.exe
- %HOMEPATH%\gOEYMkgs\oscg.exe
- %HOMEPATH%\gOEYMkgs\coAE.exe
- %HOMEPATH%\gOEYMkgs\iwoG.exe
- %HOMEPATH%\gOEYMkgs\hwwI.exe
- %HOMEPATH%\gOEYMkgs\lgIm.exe
- %HOMEPATH%\gOEYMkgs\AAAY.exe
- %HOMEPATH%\gOEYMkgs\rooY.exe
- %TEMP%\XQEgIUcw.bat
- %HOMEPATH%\gOEYMkgs\FEMy.exe
- %HOMEPATH%\gOEYMkgs\YEIG.exe
- %HOMEPATH%\gOEYMkgs\Wcoe.exe
- %HOMEPATH%\gOEYMkgs\XcAA.exe
- %HOMEPATH%\gOEYMkgs\AQkW.exe
- %HOMEPATH%\gOEYMkgs\tssM.exe
- %HOMEPATH%\gOEYMkgs\nwEW.exe
- %HOMEPATH%\gOEYMkgs\VIck.exe
- %HOMEPATH%\gOEYMkgs\EQgs.exe
- %HOMEPATH%\gOEYMkgs\PsMq.exe
- %HOMEPATH%\gOEYMkgs\Gggk.exe
- %HOMEPATH%\gOEYMkgs\HAwC.exe
- %HOMEPATH%\gOEYMkgs\cMQO.exe
- %HOMEPATH%\gOEYMkgs\usUG.exe
- %HOMEPATH%\gOEYMkgs\ikEa.exe
- %HOMEPATH%\gOEYMkgs\YQUQ.exe
- %HOMEPATH%\gOEYMkgs\YcMe.exe
- %HOMEPATH%\gOEYMkgs\LsIM.exe
- %HOMEPATH%\gOEYMkgs\oYga.exe
- %HOMEPATH%\gOEYMkgs\Nogg.exe
- %HOMEPATH%\gOEYMkgs\owkQ.exe
- %HOMEPATH%\gOEYMkgs\qEgu.exe
- %HOMEPATH%\gOEYMkgs\gIwM.exe
- %HOMEPATH%\gOEYMkgs\KoEe.exe
- %HOMEPATH%\gOEYMkgs\GQog.exe
- %HOMEPATH%\gOEYMkgs\eAYC.exe
- %HOMEPATH%\gOEYMkgs\yIUU.exe
- %HOMEPATH%\gOEYMkgs\dwIe.exe
- %HOMEPATH%\gOEYMkgs\ycQC.exe
- %HOMEPATH%\gOEYMkgs\pcAw.exe
- %HOMEPATH%\gOEYMkgs\xUYo.exe
- %HOMEPATH%\gOEYMkgs\sMkM.exe
- %HOMEPATH%\gOEYMkgs\vMow.exe
- %HOMEPATH%\gOEYMkgs\OUAC.exe
- %HOMEPATH%\gOEYMkgs\iQwq.exe
- %HOMEPATH%\gOEYMkgs\pEoQ.exe
- %HOMEPATH%\gOEYMkgs\aIgk.exe
- %HOMEPATH%\gOEYMkgs\dsYq.exe
- %HOMEPATH%\gOEYMkgs\OYck.exe
- %HOMEPATH%\gOEYMkgs\mYwg.exe
- %HOMEPATH%\gOEYMkgs\pswu.exe
- %HOMEPATH%\gOEYMkgs\mYEg.exe
- %HOMEPATH%\gOEYMkgs\hYgQ.exe
- %HOMEPATH%\gOEYMkgs\Moce.exe
- %HOMEPATH%\gOEYMkgs\oAkG.exe
- %HOMEPATH%\gOEYMkgs\yMQQ.exe
- %HOMEPATH%\gOEYMkgs\scgC.exe
- %HOMEPATH%\gOEYMkgs\EgAo.exe
- %HOMEPATH%\gOEYMkgs\zgkY.exe
- %HOMEPATH%\gOEYMkgs\CIcs.exe
- %HOMEPATH%\gOEYMkgs\TwMM.exe
- %HOMEPATH%\gOEYMkgs\kEYy.exe
- %HOMEPATH%\gOEYMkgs\coAE.exe
- '74.##5.232.51':80
- http:/// via 74.##5.232.51
- http://google.com/ via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'