Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\BAcm.exe
- %HOMEPATH%\gOEYMkgs\WkQm.exe
- %HOMEPATH%\gOEYMkgs\rYAm.exe
- %HOMEPATH%\gOEYMkgs\WQYQ.exe
- %HOMEPATH%\gOEYMkgs\VwQo.exe
- %HOMEPATH%\gOEYMkgs\mUcO.exe
- %HOMEPATH%\gOEYMkgs\MYMU.exe
- %HOMEPATH%\gOEYMkgs\rwwI.exe
- %HOMEPATH%\gOEYMkgs\GcUe.exe
- %HOMEPATH%\gOEYMkgs\cgUo.exe
- %HOMEPATH%\gOEYMkgs\Dcsw.exe
- %HOMEPATH%\gOEYMkgs\LosS.exe
- %HOMEPATH%\gOEYMkgs\KUAS.exe
- %HOMEPATH%\gOEYMkgs\usAs.exe
- %HOMEPATH%\gOEYMkgs\aIMk.exe
- %HOMEPATH%\gOEYMkgs\CkQa.exe
- %HOMEPATH%\gOEYMkgs\TgkW.exe
- %HOMEPATH%\gOEYMkgs\rUYg.exe
- %HOMEPATH%\gOEYMkgs\UocY.exe
- %HOMEPATH%\gOEYMkgs\jAEO.exe
- %HOMEPATH%\gOEYMkgs\CwoA.exe
- %HOMEPATH%\gOEYMkgs\XAsa.exe
- %HOMEPATH%\gOEYMkgs\zIoU.exe
- %HOMEPATH%\gOEYMkgs\mUQE.exe
- %HOMEPATH%\gOEYMkgs\qcgK.exe
- %HOMEPATH%\gOEYMkgs\NMME.exe
- %HOMEPATH%\gOEYMkgs\KoQg.exe
- %TEMP%\WERabfe.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\zsIu.exe
- %HOMEPATH%\gOEYMkgs\ZAsO.exe
- %HOMEPATH%\gOEYMkgs\sQMo.exe
- %TEMP%\WERabfe.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\eAoa.exe
- %HOMEPATH%\gOEYMkgs\swkg.exe
- %HOMEPATH%\gOEYMkgs\QYIy.exe
- %TEMP%\WERabfe.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\vIEo.exe
- %TEMP%\WERabfe.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\eAYw.exe
- %HOMEPATH%\gOEYMkgs\DcsK.exe
- %HOMEPATH%\gOEYMkgs\sEgW.exe
- %HOMEPATH%\gOEYMkgs\nUwq.exe
- %HOMEPATH%\gOEYMkgs\KcEk.exe
- %HOMEPATH%\gOEYMkgs\Agse.exe
- %HOMEPATH%\gOEYMkgs\FMoi.exe
- %HOMEPATH%\gOEYMkgs\lYkM.exe
- %HOMEPATH%\gOEYMkgs\CMwO.exe
- %HOMEPATH%\gOEYMkgs\TAsi.exe
- %HOMEPATH%\gOEYMkgs\FskC.exe
- %HOMEPATH%\gOEYMkgs\yYkG.exe
- %HOMEPATH%\gOEYMkgs\SIsU.exe
- %HOMEPATH%\gOEYMkgs\qooq.exe
- %HOMEPATH%\gOEYMkgs\vYoG.exe
- %HOMEPATH%\gOEYMkgs\uEUa.exe
- %HOMEPATH%\gOEYMkgs\vIse.exe
- %HOMEPATH%\gOEYMkgs\cgci.exe
- %HOMEPATH%\gOEYMkgs\iwsc.exe
- %HOMEPATH%\gOEYMkgs\wYoc.exe
- %HOMEPATH%\gOEYMkgs\kwMa.exe
- %HOMEPATH%\gOEYMkgs\dkoU.exe
- %HOMEPATH%\gOEYMkgs\fQQq.exe
- %HOMEPATH%\gOEYMkgs\iMwW.exe
- %TEMP%\WER2299.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\Acca.exe
- %HOMEPATH%\gOEYMkgs\Scsm.exe
- %HOMEPATH%\gOEYMkgs\kEEW.exe
- %HOMEPATH%\gOEYMkgs\kcIE.exe
- %TEMP%\WER156a.dir00\ZgMYMIIE.exe.mdmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %TEMP%\WER9fd4.dir00\manifest.txt
- %TEMP%\WER156a.dir00\manifest.txt
- %TEMP%\WER156a.dir00\appcompat.txt
- %TEMP%\WER156a.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER9fd4.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\DwoG.exe
- %HOMEPATH%\gOEYMkgs\cssc.exe
- %HOMEPATH%\gOEYMkgs\joUm.exe
- %TEMP%\WER9fd4.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER9fd4.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\WMkO.exe
- %TEMP%\WER2299.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\EEcM.exe
- %HOMEPATH%\gOEYMkgs\RAsy.exe
- %HOMEPATH%\gOEYMkgs\QQMy.exe
- %HOMEPATH%\gOEYMkgs\egMy.exe
- %HOMEPATH%\gOEYMkgs\MUQc.exe
- %HOMEPATH%\gOEYMkgs\ucIE.exe
- %HOMEPATH%\gOEYMkgs\gMMc.exe
- %HOMEPATH%\gOEYMkgs\PEoU.exe
- %HOMEPATH%\gOEYMkgs\AYgQ.exe
- %HOMEPATH%\gOEYMkgs\LkkO.exe
- %HOMEPATH%\gOEYMkgs\lwgC.exe
- %HOMEPATH%\gOEYMkgs\vwsg.exe
- %HOMEPATH%\gOEYMkgs\hsQk.exe
- %HOMEPATH%\gOEYMkgs\pYUw.exe
- %TEMP%\WER2299.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\fAcI.exe
- %HOMEPATH%\gOEYMkgs\EUQS.exe
- %HOMEPATH%\gOEYMkgs\ZYAu.exe
- %HOMEPATH%\gOEYMkgs\mIoi.exe
- %HOMEPATH%\gOEYMkgs\mcQu.exe
- %HOMEPATH%\gOEYMkgs\TcAe.exe
- %HOMEPATH%\gOEYMkgs\gEgo.exe
- %HOMEPATH%\gOEYMkgs\wksg.exe
- %HOMEPATH%\gOEYMkgs\Doko.exe
- %HOMEPATH%\gOEYMkgs\JUou.exe
- %TEMP%\WER2299.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\aUkE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\IgEG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\kEka.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\NgYk.exe
- %HOMEPATH%\gOEYMkgs\jwEQ.exe
- %HOMEPATH%\gOEYMkgs\hUQq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\wsQC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\eIIs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\lgwE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\NgES.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\BAYA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\TwUQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\eoYm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\cMww.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\caQc.txt
- %TEMP%\WER5570.dir00\manifest.txt
- %TEMP%\WER5570.dir00\appcompat.txt
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\hIwM.exe
- %TEMP%\WER5570.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER5570.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\BMAe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\UYsO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\GgUg.exe
- %HOMEPATH%\gOEYMkgs\swAW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %TEMP%\WERc0b8.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\SUcS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\PMMc.exe
- %TEMP%\WERc0b8.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\sogo.exe
- %HOMEPATH%\gOEYMkgs\mQci.exe
- %HOMEPATH%\gOEYMkgs\pIgw.exe
- %HOMEPATH%\gOEYMkgs\TYUg.exe
- %HOMEPATH%\gOEYMkgs\vocA.exe
- %HOMEPATH%\gOEYMkgs\HskY.exe
- %HOMEPATH%\gOEYMkgs\XUsq.exe
- %HOMEPATH%\gOEYMkgs\tUQe.exe
- %HOMEPATH%\gOEYMkgs\qoEW.exe
- %HOMEPATH%\gOEYMkgs\qQwK.exe
- %HOMEPATH%\gOEYMkgs\tsYm.exe
- %HOMEPATH%\gOEYMkgs\sYwA.exe
- %HOMEPATH%\gOEYMkgs\dsoY.exe
- %HOMEPATH%\gOEYMkgs\HYgk.exe
- %HOMEPATH%\gOEYMkgs\tskO.exe
- %HOMEPATH%\gOEYMkgs\NcsS.exe
- %HOMEPATH%\gOEYMkgs\Tsgm.exe
- %HOMEPATH%\gOEYMkgs\OYgK.exe
- %HOMEPATH%\gOEYMkgs\WcgS.exe
- %HOMEPATH%\gOEYMkgs\GIUm.exe
- %HOMEPATH%\gOEYMkgs\SIQg.exe
- %HOMEPATH%\gOEYMkgs\FAwU.exe
- %HOMEPATH%\gOEYMkgs\hMom.exe
- %HOMEPATH%\gOEYMkgs\fcQu.exe
- %HOMEPATH%\gOEYMkgs\MUII.exe
- %HOMEPATH%\gOEYMkgs\IAkm.exe
- %HOMEPATH%\gOEYMkgs\KUws.exe
- %HOMEPATH%\gOEYMkgs\YEwS.exe
- %HOMEPATH%\gOEYMkgs\MAoI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZcUI.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\eQcU.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\sgAY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\PQsS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\yYcM.exe
- %TEMP%\WER3dda.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\aMkY.exe
- %HOMEPATH%\gOEYMkgs\wIEw.exe
- %TEMP%\WER3dda.dir00\manifest.txt
- %TEMP%\WER3dda.dir00\appcompat.txt
- %TEMP%\WER3dda.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\lgoE.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\YAYq.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\DMgG.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\qcgK.exe
- %HOMEPATH%\gOEYMkgs\NMME.exe
- %HOMEPATH%\gOEYMkgs\jAEO.exe
- %HOMEPATH%\gOEYMkgs\mUQE.exe
- %HOMEPATH%\gOEYMkgs\CwoA.exe
- %HOMEPATH%\gOEYMkgs\WQYQ.exe
- %HOMEPATH%\gOEYMkgs\VwQo.exe
- %HOMEPATH%\gOEYMkgs\XAsa.exe
- %HOMEPATH%\gOEYMkgs\zIoU.exe
- %HOMEPATH%\gOEYMkgs\uEUa.exe
- %HOMEPATH%\gOEYMkgs\TgkW.exe
- %HOMEPATH%\gOEYMkgs\AYgQ.exe
- %HOMEPATH%\gOEYMkgs\LkkO.exe
- %HOMEPATH%\gOEYMkgs\rUYg.exe
- %HOMEPATH%\gOEYMkgs\aIMk.exe
- %HOMEPATH%\gOEYMkgs\CkQa.exe
- %HOMEPATH%\gOEYMkgs\UocY.exe
- %HOMEPATH%\gOEYMkgs\usAs.exe
- %HOMEPATH%\gOEYMkgs\mUcO.exe
- %HOMEPATH%\gOEYMkgs\Agse.exe
- %HOMEPATH%\gOEYMkgs\FMoi.exe
- %HOMEPATH%\gOEYMkgs\cgUo.exe
- %HOMEPATH%\gOEYMkgs\KoQg.exe
- %HOMEPATH%\gOEYMkgs\lYkM.exe
- %HOMEPATH%\gOEYMkgs\KcEk.exe
- %HOMEPATH%\gOEYMkgs\CMwO.exe
- %HOMEPATH%\gOEYMkgs\sEgW.exe
- %HOMEPATH%\gOEYMkgs\nUwq.exe
- %HOMEPATH%\gOEYMkgs\rYAm.exe
- %HOMEPATH%\gOEYMkgs\MYMU.exe
- %HOMEPATH%\gOEYMkgs\BAcm.exe
- %HOMEPATH%\gOEYMkgs\WkQm.exe
- %HOMEPATH%\gOEYMkgs\Dcsw.exe
- %HOMEPATH%\gOEYMkgs\rwwI.exe
- %HOMEPATH%\gOEYMkgs\GcUe.exe
- %HOMEPATH%\gOEYMkgs\LosS.exe
- %HOMEPATH%\gOEYMkgs\KUAS.exe
- %HOMEPATH%\gOEYMkgs\PEoU.exe
- %HOMEPATH%\gOEYMkgs\Scsm.exe
- %HOMEPATH%\gOEYMkgs\kEEW.exe
- %HOMEPATH%\gOEYMkgs\iwsc.exe
- %HOMEPATH%\gOEYMkgs\fQQq.exe
- %HOMEPATH%\gOEYMkgs\kcIE.exe
- %HOMEPATH%\gOEYMkgs\EUQS.exe
- %HOMEPATH%\gOEYMkgs\ZYAu.exe
- %HOMEPATH%\gOEYMkgs\iMwW.exe
- %HOMEPATH%\gOEYMkgs\Acca.exe
- %HOMEPATH%\gOEYMkgs\cssc.exe
- %HOMEPATH%\gOEYMkgs\joUm.exe
- %HOMEPATH%\gOEYMkgs\WMkO.exe
- %HOMEPATH%\gOEYMkgs\DwoG.exe
- %HOMEPATH%\gOEYMkgs\wYoc.exe
- %HOMEPATH%\gOEYMkgs\vIse.exe
- %HOMEPATH%\gOEYMkgs\cgci.exe
- %HOMEPATH%\gOEYMkgs\kwMa.exe
- %HOMEPATH%\gOEYMkgs\dkoU.exe
- %HOMEPATH%\gOEYMkgs\mIoi.exe
- %HOMEPATH%\gOEYMkgs\EEcM.exe
- %HOMEPATH%\gOEYMkgs\RAsy.exe
- %HOMEPATH%\gOEYMkgs\MUQc.exe
- %HOMEPATH%\gOEYMkgs\ucIE.exe
- %HOMEPATH%\gOEYMkgs\QQMy.exe
- %HOMEPATH%\gOEYMkgs\vwsg.exe
- %HOMEPATH%\gOEYMkgs\hsQk.exe
- %HOMEPATH%\gOEYMkgs\gMMc.exe
- %HOMEPATH%\gOEYMkgs\lwgC.exe
- %HOMEPATH%\gOEYMkgs\mcQu.exe
- %HOMEPATH%\gOEYMkgs\Doko.exe
- %HOMEPATH%\gOEYMkgs\pYUw.exe
- %HOMEPATH%\gOEYMkgs\fAcI.exe
- %HOMEPATH%\gOEYMkgs\JUou.exe
- %HOMEPATH%\gOEYMkgs\wksg.exe
- %HOMEPATH%\gOEYMkgs\egMy.exe
- %HOMEPATH%\gOEYMkgs\TcAe.exe
- %HOMEPATH%\gOEYMkgs\gEgo.exe
- %HOMEPATH%\gOEYMkgs\SIsU.exe
- %HOMEPATH%\gOEYMkgs\ZcUI.exe
- %HOMEPATH%\gOEYMkgs\PQsS.exe
- %HOMEPATH%\gOEYMkgs\eQcU.exe
- %HOMEPATH%\gOEYMkgs\MAoI.exe
- %HOMEPATH%\gOEYMkgs\yYcM.exe
- %HOMEPATH%\gOEYMkgs\BAYA.exe
- %HOMEPATH%\gOEYMkgs\lgwE.exe
- %HOMEPATH%\gOEYMkgs\sgAY.exe
- %HOMEPATH%\gOEYMkgs\sogo.exe
- %HOMEPATH%\gOEYMkgs\tsYm.exe
- %HOMEPATH%\gOEYMkgs\YEwS.exe
- %HOMEPATH%\gOEYMkgs\qoEW.exe
- %HOMEPATH%\gOEYMkgs\qQwK.exe
- %HOMEPATH%\gOEYMkgs\wIEw.exe
- %HOMEPATH%\gOEYMkgs\lgoE.exe
- %HOMEPATH%\gOEYMkgs\YAYq.exe
- %HOMEPATH%\gOEYMkgs\aMkY.exe
- %HOMEPATH%\gOEYMkgs\DMgG.exe
- %HOMEPATH%\gOEYMkgs\NgES.exe
- %HOMEPATH%\gOEYMkgs\GgUg.exe
- %HOMEPATH%\gOEYMkgs\BMAe.exe
- %HOMEPATH%\gOEYMkgs\wsQC.exe
- %HOMEPATH%\gOEYMkgs\UYsO.exe
- %HOMEPATH%\gOEYMkgs\swAW.exe
- %TEMP%\zCUEoEsM.bat
- %HOMEPATH%\gOEYMkgs\hIwM.exe
- %HOMEPATH%\gOEYMkgs\PMMc.exe
- %HOMEPATH%\gOEYMkgs\SUcS.exe
- %HOMEPATH%\gOEYMkgs\TwUQ.exe
- %HOMEPATH%\gOEYMkgs\kEka.exe
- %HOMEPATH%\gOEYMkgs\eoYm.exe
- %HOMEPATH%\gOEYMkgs\cMww.exe
- %HOMEPATH%\gOEYMkgs\NgYk.exe
- %HOMEPATH%\gOEYMkgs\eIIs.exe
- %HOMEPATH%\gOEYMkgs\hUQq.exe
- %HOMEPATH%\gOEYMkgs\IgEG.exe
- %HOMEPATH%\gOEYMkgs\jwEQ.exe
- %HOMEPATH%\gOEYMkgs\HYgk.exe
- %HOMEPATH%\gOEYMkgs\DcsK.exe
- %HOMEPATH%\gOEYMkgs\QYIy.exe
- %HOMEPATH%\gOEYMkgs\swkg.exe
- %HOMEPATH%\gOEYMkgs\eAYw.exe
- %HOMEPATH%\gOEYMkgs\vIEo.exe
- %HOMEPATH%\gOEYMkgs\WcgS.exe
- %HOMEPATH%\gOEYMkgs\GIUm.exe
- %HOMEPATH%\gOEYMkgs\aUkE.exe
- %HOMEPATH%\gOEYMkgs\OYgK.exe
- %HOMEPATH%\gOEYMkgs\TAsi.exe
- %HOMEPATH%\gOEYMkgs\FskC.exe
- %HOMEPATH%\gOEYMkgs\qooq.exe
- %HOMEPATH%\gOEYMkgs\vYoG.exe
- %HOMEPATH%\gOEYMkgs\yYkG.exe
- %HOMEPATH%\gOEYMkgs\zsIu.exe
- %HOMEPATH%\gOEYMkgs\ZAsO.exe
- %HOMEPATH%\gOEYMkgs\sQMo.exe
- %HOMEPATH%\gOEYMkgs\eAoa.exe
- %HOMEPATH%\gOEYMkgs\tskO.exe
- %HOMEPATH%\gOEYMkgs\XUsq.exe
- %HOMEPATH%\gOEYMkgs\mQci.exe
- %HOMEPATH%\gOEYMkgs\vocA.exe
- %HOMEPATH%\gOEYMkgs\HskY.exe
- %HOMEPATH%\gOEYMkgs\pIgw.exe
- %HOMEPATH%\gOEYMkgs\sYwA.exe
- %HOMEPATH%\gOEYMkgs\dsoY.exe
- %HOMEPATH%\gOEYMkgs\TYUg.exe
- %HOMEPATH%\gOEYMkgs\tUQe.exe
- %HOMEPATH%\gOEYMkgs\SIQg.exe
- %HOMEPATH%\gOEYMkgs\MUII.exe
- %HOMEPATH%\gOEYMkgs\NcsS.exe
- %HOMEPATH%\gOEYMkgs\Tsgm.exe
- %HOMEPATH%\gOEYMkgs\IAkm.exe
- %HOMEPATH%\gOEYMkgs\hMom.exe
- %HOMEPATH%\gOEYMkgs\fcQu.exe
- %HOMEPATH%\gOEYMkgs\KUws.exe
- %HOMEPATH%\gOEYMkgs\FAwU.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'
- ClassName: 'Shell_TrayWnd' WindowName: ''