Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '%TEMP%\setup.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\setup.exe
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\rEIo.exe
- %HOMEPATH%\gOEYMkgs\GEkm.exe
- %HOMEPATH%\gOEYMkgs\xIcM.exe
- %HOMEPATH%\gOEYMkgs\AEAw.exe
- %HOMEPATH%\gOEYMkgs\AAow.exe
- %HOMEPATH%\gOEYMkgs\GUQe.exe
- %TEMP%\WER80dd.dir00\manifest.txt
- %TEMP%\WER80dd.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\KUEY.exe
- %HOMEPATH%\gOEYMkgs\IoAG.exe
- %TEMP%\WER80dd.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\HEgw.exe
- %HOMEPATH%\gOEYMkgs\qowW.exe
- %HOMEPATH%\gOEYMkgs\Rsgy.exe
- %HOMEPATH%\gOEYMkgs\kIoS.exe
- %HOMEPATH%\gOEYMkgs\zcwK.exe
- %HOMEPATH%\gOEYMkgs\jMEk.exe
- %HOMEPATH%\gOEYMkgs\jUwA.exe
- %HOMEPATH%\gOEYMkgs\FQwg.exe
- %HOMEPATH%\gOEYMkgs\rYEy.exe
- %HOMEPATH%\gOEYMkgs\jQkW.exe
- %HOMEPATH%\gOEYMkgs\rMEe.exe
- %HOMEPATH%\gOEYMkgs\XAkI.exe
- %HOMEPATH%\gOEYMkgs\uMog.exe
- %HOMEPATH%\gOEYMkgs\PAsm.exe
- %HOMEPATH%\gOEYMkgs\CYQm.exe
- %TEMP%\WER80dd.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\vEEw.exe
- %HOMEPATH%\gOEYMkgs\jYUa.exe
- %HOMEPATH%\gOEYMkgs\KEsQ.exe
- %HOMEPATH%\gOEYMkgs\OwcQ.exe
- %HOMEPATH%\gOEYMkgs\SUku.exe
- %HOMEPATH%\gOEYMkgs\mYoi.exe
- %HOMEPATH%\gOEYMkgs\fAAW.exe
- %TEMP%\WER1458.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\HEok.exe
- %HOMEPATH%\gOEYMkgs\foIy.exe
- %HOMEPATH%\gOEYMkgs\dIYu.exe
- %HOMEPATH%\gOEYMkgs\EMMO.exe
- %TEMP%\WER1458.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\BMYS.exe
- %HOMEPATH%\gOEYMkgs\VwcW.exe
- %HOMEPATH%\gOEYMkgs\pEkC.exe
- %HOMEPATH%\gOEYMkgs\fUEc.exe
- %HOMEPATH%\gOEYMkgs\NEoA.exe
- %HOMEPATH%\gOEYMkgs\XYEi.exe
- %HOMEPATH%\gOEYMkgs\GgIm.exe
- %HOMEPATH%\gOEYMkgs\lwsi.exe
- %HOMEPATH%\gOEYMkgs\HAck.exe
- %HOMEPATH%\gOEYMkgs\LMEC.exe
- %HOMEPATH%\gOEYMkgs\KMom.exe
- %HOMEPATH%\gOEYMkgs\xQkg.exe
- %HOMEPATH%\gOEYMkgs\tcgo.exe
- %HOMEPATH%\gOEYMkgs\VswS.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %TEMP%\WERfe4b.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERfe4b.dir00\manifest.txt
- %TEMP%\WERfe4b.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\MkAk.exe
- %HOMEPATH%\gOEYMkgs\pMQW.exe
- %HOMEPATH%\gOEYMkgs\awEi.exe
- %HOMEPATH%\gOEYMkgs\EkMu.exe
- %HOMEPATH%\gOEYMkgs\MAQI.exe
- %HOMEPATH%\gOEYMkgs\bUUq.exe
- %TEMP%\WERfe4b.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\SEAW.exe
- %HOMEPATH%\gOEYMkgs\TEcI.exe
- %HOMEPATH%\gOEYMkgs\QUgC.exe
- %HOMEPATH%\gOEYMkgs\NgUU.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\WEci.exe
- %HOMEPATH%\gOEYMkgs\FMkq.exe
- %HOMEPATH%\gOEYMkgs\iQkQ.exe
- %HOMEPATH%\gOEYMkgs\YsYu.exe
- %HOMEPATH%\gOEYMkgs\EgUE.exe
- %HOMEPATH%\gOEYMkgs\jcIC.exe
- %HOMEPATH%\gOEYMkgs\NcEM.exe
- %HOMEPATH%\gOEYMkgs\NcMk.exe
- %HOMEPATH%\gOEYMkgs\jYAc.exe
- %HOMEPATH%\gOEYMkgs\iosq.exe
- %HOMEPATH%\gOEYMkgs\vwIg.exe
- %HOMEPATH%\gOEYMkgs\JMEu.exe
- %HOMEPATH%\gOEYMkgs\psYo.exe
- %HOMEPATH%\gOEYMkgs\GAQI.exe
- %HOMEPATH%\gOEYMkgs\SEMI.exe
- %HOMEPATH%\gOEYMkgs\qQYU.exe
- %HOMEPATH%\gOEYMkgs\wYMO.exe
- %HOMEPATH%\gOEYMkgs\SAMG.exe
- %HOMEPATH%\gOEYMkgs\rwUW.exe
- %HOMEPATH%\gOEYMkgs\bEIe.exe
- %HOMEPATH%\gOEYMkgs\PIUs.exe
- %HOMEPATH%\gOEYMkgs\iYoG.exe
- %HOMEPATH%\gOEYMkgs\CcUk.exe
- %HOMEPATH%\gOEYMkgs\FMIg.exe
- %HOMEPATH%\gOEYMkgs\iQMe.exe
- %HOMEPATH%\gOEYMkgs\zIAE.exe
- %HOMEPATH%\gOEYMkgs\nwIG.exe
- %HOMEPATH%\gOEYMkgs\VoUE.exe
- %HOMEPATH%\gOEYMkgs\cIkQ.exe
- %HOMEPATH%\gOEYMkgs\gMow.exe
- %HOMEPATH%\gOEYMkgs\kgAM.exe
- %HOMEPATH%\gOEYMkgs\lIoa.exe
- %HOMEPATH%\gOEYMkgs\pQIE.exe
- %HOMEPATH%\gOEYMkgs\wAEg.exe
- %HOMEPATH%\gOEYMkgs\VkAa.exe
- %HOMEPATH%\gOEYMkgs\OYYO.exe
- %TEMP%\WER1458.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\CUIY.exe
- %TEMP%\WER23dd.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %TEMP%\WER23dd.dir00\manifest.txt
- %TEMP%\WER23dd.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\hwAs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\mYMu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %TEMP%\WER23dd.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\MwYU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\vcIC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\uQEq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\tcYy.exe
- %HOMEPATH%\gOEYMkgs\FMYe.exe
- %HOMEPATH%\gOEYMkgs\iwQM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\cEsm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\NIQG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\foQw.exe
- %TEMP%\WERab63.dir00\manifest.txt
- %TEMP%\WERab63.dir00\appcompat.txt
- %TEMP%\WERab63.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\nMcY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\LYAm.exe
- %TEMP%\WERab63.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\mcUc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\jksO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\tsYY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\fAUO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZMgU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\pkcA.exe
- %HOMEPATH%\gOEYMkgs\bkke.exe
- %HOMEPATH%\gOEYMkgs\UUcw.exe
- %HOMEPATH%\gOEYMkgs\sckO.exe
- %HOMEPATH%\gOEYMkgs\RYoK.exe
- %HOMEPATH%\gOEYMkgs\zAMq.exe
- %HOMEPATH%\gOEYMkgs\LYsm.exe
- %HOMEPATH%\gOEYMkgs\fgEY.exe
- %HOMEPATH%\gOEYMkgs\fEsi.exe
- %HOMEPATH%\gOEYMkgs\LckW.exe
- %HOMEPATH%\gOEYMkgs\kYsI.exe
- %HOMEPATH%\gOEYMkgs\DckC.exe
- %HOMEPATH%\gOEYMkgs\NMYo.exe
- %HOMEPATH%\gOEYMkgs\JgwU.exe
- %HOMEPATH%\gOEYMkgs\hssK.exe
- %HOMEPATH%\gOEYMkgs\nwkO.exe
- %HOMEPATH%\gOEYMkgs\xckS.exe
- %HOMEPATH%\gOEYMkgs\GIsg.exe
- %TEMP%\WER1458.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\psAY.exe
- %HOMEPATH%\gOEYMkgs\FcMu.exe
- %HOMEPATH%\gOEYMkgs\ZIQy.exe
- %HOMEPATH%\gOEYMkgs\PcYw.exe
- %HOMEPATH%\gOEYMkgs\aMcC.exe
- %HOMEPATH%\gOEYMkgs\mYUi.exe
- %HOMEPATH%\gOEYMkgs\nMAS.exe
- %HOMEPATH%\gOEYMkgs\WoYw.exe
- %TEMP%\WER9d03.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\josw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\hYMq.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\vIEY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\vAoI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\KAEO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\MQMO.exe
- %TEMP%\WER9d03.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\ZoEW.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %TEMP%\WER9d03.dir00\appcompat.txt
- %TEMP%\WER9d03.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\PAAS.exe
- %HOMEPATH%\gOEYMkgs\TEkm.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\SAgY.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\dgoA.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\FQwg.exe
- %HOMEPATH%\gOEYMkgs\Rsgy.exe
- %HOMEPATH%\gOEYMkgs\jMEk.exe
- %HOMEPATH%\gOEYMkgs\jUwA.exe
- %HOMEPATH%\gOEYMkgs\kIoS.exe
- %HOMEPATH%\gOEYMkgs\uMog.exe
- %HOMEPATH%\gOEYMkgs\PAsm.exe
- %HOMEPATH%\gOEYMkgs\zcwK.exe
- %HOMEPATH%\gOEYMkgs\rYEy.exe
- %HOMEPATH%\gOEYMkgs\wYMO.exe
- %HOMEPATH%\gOEYMkgs\PIUs.exe
- %HOMEPATH%\gOEYMkgs\JMEu.exe
- %HOMEPATH%\gOEYMkgs\psYo.exe
- %HOMEPATH%\gOEYMkgs\iYoG.exe
- %HOMEPATH%\gOEYMkgs\rwUW.exe
- %HOMEPATH%\gOEYMkgs\bEIe.exe
- %HOMEPATH%\gOEYMkgs\CcUk.exe
- %HOMEPATH%\gOEYMkgs\SAMG.exe
- %HOMEPATH%\gOEYMkgs\CYQm.exe
- %HOMEPATH%\gOEYMkgs\KUEY.exe
- %HOMEPATH%\gOEYMkgs\IoAG.exe
- %HOMEPATH%\gOEYMkgs\HEgw.exe
- %HOMEPATH%\gOEYMkgs\qowW.exe
- %HOMEPATH%\gOEYMkgs\fUEc.exe
- %HOMEPATH%\gOEYMkgs\BMYS.exe
- %HOMEPATH%\gOEYMkgs\VwcW.exe
- %HOMEPATH%\gOEYMkgs\NEoA.exe
- %HOMEPATH%\gOEYMkgs\XYEi.exe
- %HOMEPATH%\gOEYMkgs\XAkI.exe
- %HOMEPATH%\gOEYMkgs\AEAw.exe
- %HOMEPATH%\gOEYMkgs\jQkW.exe
- %HOMEPATH%\gOEYMkgs\rMEe.exe
- %HOMEPATH%\gOEYMkgs\AAow.exe
- %HOMEPATH%\gOEYMkgs\GEkm.exe
- %HOMEPATH%\gOEYMkgs\xIcM.exe
- %HOMEPATH%\gOEYMkgs\GUQe.exe
- %HOMEPATH%\gOEYMkgs\rEIo.exe
- %HOMEPATH%\gOEYMkgs\vwIg.exe
- %HOMEPATH%\gOEYMkgs\jcIC.exe
- %HOMEPATH%\gOEYMkgs\MkAk.exe
- %HOMEPATH%\gOEYMkgs\YsYu.exe
- %HOMEPATH%\gOEYMkgs\EgUE.exe
- %HOMEPATH%\gOEYMkgs\VswS.exe
- %HOMEPATH%\gOEYMkgs\SEAW.exe
- %HOMEPATH%\gOEYMkgs\awEi.exe
- %HOMEPATH%\gOEYMkgs\pMQW.exe
- %HOMEPATH%\gOEYMkgs\bUUq.exe
- %HOMEPATH%\gOEYMkgs\TEcI.exe
- %HOMEPATH%\gOEYMkgs\QUgC.exe
- %HOMEPATH%\gOEYMkgs\WEci.exe
- %HOMEPATH%\gOEYMkgs\FMkq.exe
- %HOMEPATH%\gOEYMkgs\NgUU.exe
- %HOMEPATH%\gOEYMkgs\NcMk.exe
- %HOMEPATH%\gOEYMkgs\jYAc.exe
- %HOMEPATH%\gOEYMkgs\iQkQ.exe
- %HOMEPATH%\gOEYMkgs\NcEM.exe
- %HOMEPATH%\gOEYMkgs\EkMu.exe
- %HOMEPATH%\gOEYMkgs\OYYO.exe
- %HOMEPATH%\gOEYMkgs\kgAM.exe
- %HOMEPATH%\gOEYMkgs\wAEg.exe
- %HOMEPATH%\gOEYMkgs\VkAa.exe
- %HOMEPATH%\gOEYMkgs\lIoa.exe
- %HOMEPATH%\gOEYMkgs\SEMI.exe
- %HOMEPATH%\gOEYMkgs\qQYU.exe
- %HOMEPATH%\gOEYMkgs\pQIE.exe
- %HOMEPATH%\gOEYMkgs\GAQI.exe
- %HOMEPATH%\gOEYMkgs\nwIG.exe
- %HOMEPATH%\gOEYMkgs\VoUE.exe
- %HOMEPATH%\gOEYMkgs\MAQI.exe
- %HOMEPATH%\gOEYMkgs\iosq.exe
- %HOMEPATH%\gOEYMkgs\cIkQ.exe
- %HOMEPATH%\gOEYMkgs\zIAE.exe
- %HOMEPATH%\gOEYMkgs\gMow.exe
- %HOMEPATH%\gOEYMkgs\FMIg.exe
- %HOMEPATH%\gOEYMkgs\iQMe.exe
- %HOMEPATH%\gOEYMkgs\pEkC.exe
- %HOMEPATH%\gOEYMkgs\josw.exe
- %HOMEPATH%\gOEYMkgs\hYMq.exe
- %HOMEPATH%\gOEYMkgs\SAgY.exe
- %HOMEPATH%\gOEYMkgs\vIEY.exe
- %HOMEPATH%\gOEYMkgs\KAEO.exe
- %HOMEPATH%\gOEYMkgs\uQEq.exe
- %HOMEPATH%\gOEYMkgs\tcYy.exe
- %HOMEPATH%\gOEYMkgs\MQMO.exe
- %HOMEPATH%\gOEYMkgs\vAoI.exe
- %HOMEPATH%\gOEYMkgs\fEsi.exe
- %HOMEPATH%\gOEYMkgs\LckW.exe
- %HOMEPATH%\gOEYMkgs\NMYo.exe
- %HOMEPATH%\gOEYMkgs\JgwU.exe
- %HOMEPATH%\gOEYMkgs\kYsI.exe
- %HOMEPATH%\gOEYMkgs\dgoA.exe
- %HOMEPATH%\gOEYMkgs\TEkm.exe
- %HOMEPATH%\gOEYMkgs\ZoEW.exe
- %HOMEPATH%\gOEYMkgs\PAAS.exe
- %HOMEPATH%\gOEYMkgs\vcIC.exe
- %HOMEPATH%\gOEYMkgs\mcUc.exe
- %HOMEPATH%\gOEYMkgs\jksO.exe
- %HOMEPATH%\gOEYMkgs\foQw.exe
- %HOMEPATH%\gOEYMkgs\tsYY.exe
- %HOMEPATH%\gOEYMkgs\ZMgU.exe
- %HOMEPATH%\gOEYMkgs\nMcY.exe
- %HOMEPATH%\gOEYMkgs\LYAm.exe
- %HOMEPATH%\gOEYMkgs\pkcA.exe
- %HOMEPATH%\gOEYMkgs\fAUO.exe
- %HOMEPATH%\gOEYMkgs\iwQM.exe
- %HOMEPATH%\gOEYMkgs\cEsm.exe
- %HOMEPATH%\gOEYMkgs\FMYe.exe
- %HOMEPATH%\gOEYMkgs\NIQG.exe
- %HOMEPATH%\gOEYMkgs\CUIY.exe
- %HOMEPATH%\gOEYMkgs\mYMu.exe
- %TEMP%\kmkQkAEk.bat
- %HOMEPATH%\gOEYMkgs\hwAs.exe
- %HOMEPATH%\gOEYMkgs\MwYU.exe
- %HOMEPATH%\gOEYMkgs\DckC.exe
- %HOMEPATH%\gOEYMkgs\jYUa.exe
- %HOMEPATH%\gOEYMkgs\KEsQ.exe
- %HOMEPATH%\gOEYMkgs\mYoi.exe
- %HOMEPATH%\gOEYMkgs\vEEw.exe
- %HOMEPATH%\gOEYMkgs\fAAW.exe
- %HOMEPATH%\gOEYMkgs\HEok.exe
- %HOMEPATH%\gOEYMkgs\foIy.exe
- %HOMEPATH%\gOEYMkgs\dIYu.exe
- %HOMEPATH%\gOEYMkgs\EMMO.exe
- %HOMEPATH%\gOEYMkgs\xQkg.exe
- %HOMEPATH%\gOEYMkgs\tcgo.exe
- %HOMEPATH%\gOEYMkgs\GgIm.exe
- %HOMEPATH%\gOEYMkgs\KMom.exe
- %HOMEPATH%\gOEYMkgs\lwsi.exe
- %HOMEPATH%\gOEYMkgs\OwcQ.exe
- %HOMEPATH%\gOEYMkgs\SUku.exe
- %HOMEPATH%\gOEYMkgs\HAck.exe
- %HOMEPATH%\gOEYMkgs\LMEC.exe
- %HOMEPATH%\gOEYMkgs\GIsg.exe
- %HOMEPATH%\gOEYMkgs\RYoK.exe
- %HOMEPATH%\gOEYMkgs\zAMq.exe
- %HOMEPATH%\gOEYMkgs\PcYw.exe
- %HOMEPATH%\gOEYMkgs\aMcC.exe
- %HOMEPATH%\gOEYMkgs\LYsm.exe
- %HOMEPATH%\gOEYMkgs\sckO.exe
- %HOMEPATH%\gOEYMkgs\fgEY.exe
- %HOMEPATH%\gOEYMkgs\bkke.exe
- %HOMEPATH%\gOEYMkgs\UUcw.exe
- %HOMEPATH%\gOEYMkgs\nwkO.exe
- %HOMEPATH%\gOEYMkgs\xckS.exe
- %HOMEPATH%\gOEYMkgs\psAY.exe
- %HOMEPATH%\gOEYMkgs\hssK.exe
- %HOMEPATH%\gOEYMkgs\FcMu.exe
- %HOMEPATH%\gOEYMkgs\WoYw.exe
- %HOMEPATH%\gOEYMkgs\ZIQy.exe
- %HOMEPATH%\gOEYMkgs\mYUi.exe
- %HOMEPATH%\gOEYMkgs\nMAS.exe
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'