Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\ZAYm.exe
- %HOMEPATH%\gOEYMkgs\CggO.exe
- %HOMEPATH%\gOEYMkgs\NkUe.exe
- %HOMEPATH%\gOEYMkgs\vcUk.exe
- %HOMEPATH%\gOEYMkgs\eckS.exe
- %HOMEPATH%\gOEYMkgs\egsI.exe
- %HOMEPATH%\gOEYMkgs\UAIQ.exe
- %HOMEPATH%\gOEYMkgs\EAEq.exe
- %HOMEPATH%\gOEYMkgs\eccq.exe
- %HOMEPATH%\gOEYMkgs\xAca.exe
- %HOMEPATH%\gOEYMkgs\iEck.exe
- %HOMEPATH%\gOEYMkgs\dcgm.exe
- %HOMEPATH%\gOEYMkgs\JUoE.exe
- %HOMEPATH%\gOEYMkgs\NwYI.exe
- %HOMEPATH%\gOEYMkgs\KAkI.exe
- %HOMEPATH%\gOEYMkgs\WMgI.exe
- %HOMEPATH%\gOEYMkgs\Mgcs.exe
- %HOMEPATH%\gOEYMkgs\XgIs.exe
- %HOMEPATH%\gOEYMkgs\RUMO.exe
- %HOMEPATH%\gOEYMkgs\AsYK.exe
- %HOMEPATH%\gOEYMkgs\toca.exe
- %HOMEPATH%\gOEYMkgs\TMMA.exe
- %HOMEPATH%\gOEYMkgs\OoMc.exe
- %HOMEPATH%\gOEYMkgs\SgUc.exe
- %HOMEPATH%\gOEYMkgs\YAIG.exe
- %HOMEPATH%\gOEYMkgs\KYQU.exe
- %HOMEPATH%\gOEYMkgs\hYoe.exe
- %HOMEPATH%\gOEYMkgs\yscG.exe
- %HOMEPATH%\gOEYMkgs\uEEE.exe
- %HOMEPATH%\gOEYMkgs\doMY.exe
- %HOMEPATH%\gOEYMkgs\FUAe.exe
- %HOMEPATH%\gOEYMkgs\eEoW.exe
- %HOMEPATH%\gOEYMkgs\eYMw.exe
- %HOMEPATH%\gOEYMkgs\qEUo.exe
- %HOMEPATH%\gOEYMkgs\KsEE.exe
- %HOMEPATH%\gOEYMkgs\QoAQ.exe
- %TEMP%\WER48a9.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\KQMM.exe
- %HOMEPATH%\gOEYMkgs\sgMG.exe
- %HOMEPATH%\gOEYMkgs\TAkC.exe
- %HOMEPATH%\gOEYMkgs\EsIU.exe
- %HOMEPATH%\gOEYMkgs\jsQG.exe
- %HOMEPATH%\gOEYMkgs\BMIC.exe
- %HOMEPATH%\gOEYMkgs\kkoy.exe
- %HOMEPATH%\gOEYMkgs\cAQQ.exe
- %HOMEPATH%\gOEYMkgs\xIYA.exe
- %HOMEPATH%\gOEYMkgs\lwAs.exe
- %HOMEPATH%\gOEYMkgs\mUsG.exe
- %HOMEPATH%\gOEYMkgs\UoYK.exe
- %HOMEPATH%\gOEYMkgs\qMwg.exe
- %HOMEPATH%\gOEYMkgs\GAQs.exe
- %HOMEPATH%\gOEYMkgs\ccAm.exe
- %HOMEPATH%\gOEYMkgs\pwYw.exe
- %HOMEPATH%\gOEYMkgs\IMkc.exe
- %HOMEPATH%\gOEYMkgs\PAMm.exe
- %HOMEPATH%\gOEYMkgs\QMoS.exe
- %HOMEPATH%\gOEYMkgs\TMIc.exe
- %HOMEPATH%\gOEYMkgs\pgEY.exe
- %HOMEPATH%\gOEYMkgs\oEEm.exe
- %HOMEPATH%\gOEYMkgs\oUUI.exe
- %HOMEPATH%\gOEYMkgs\EQUi.exe
- %HOMEPATH%\gOEYMkgs\mgEi.exe
- %HOMEPATH%\gOEYMkgs\PwIq.exe
- %TEMP%\WERc7de.dir00\manifest.txt
- %TEMP%\WERc7de.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\awke.exe
- %TEMP%\WERfdad.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERfdad.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WER3c02.dir00\manifest.txt
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %WINDIR%\pchealth\ERRORREP\UserDumps\ZgMYMIIE.exe.20170807-131819-00.hdmp
- %WINDIR%\pchealth\ERRORREP\UserDumps\ZgMYMIIE.exe.20170807-131819-00.mdmp
- %TEMP%\WER3c02.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\ggks.exe
- %HOMEPATH%\gOEYMkgs\KgMW.exe
- %HOMEPATH%\gOEYMkgs\eIQi.exe
- %TEMP%\WER3c02.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER3c02.dir00\ZgMYMIIE.exe.mdmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
- %HOMEPATH%\gOEYMkgs\ZUQY.exe
- %HOMEPATH%\gOEYMkgs\tEcS.exe
- %HOMEPATH%\gOEYMkgs\DwMQ.exe
- %HOMEPATH%\gOEYMkgs\zIII.exe
- %HOMEPATH%\gOEYMkgs\JgIU.exe
- %HOMEPATH%\gOEYMkgs\fYIM.exe
- %HOMEPATH%\gOEYMkgs\asAM.exe
- %HOMEPATH%\gOEYMkgs\uYQs.exe
- %HOMEPATH%\gOEYMkgs\lQQs.exe
- %HOMEPATH%\gOEYMkgs\nMcy.exe
- %HOMEPATH%\gOEYMkgs\NMEO.exe
- %HOMEPATH%\gOEYMkgs\bowC.exe
- %HOMEPATH%\gOEYMkgs\dkEk.exe
- %HOMEPATH%\gOEYMkgs\dcsk.exe
- %HOMEPATH%\gOEYMkgs\SMwe.exe
- %TEMP%\WERc7de.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\EEME.exe
- %HOMEPATH%\gOEYMkgs\wQMc.exe
- %TEMP%\WERc7de.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\MIIE.exe
- %HOMEPATH%\gOEYMkgs\hUgK.exe
- %HOMEPATH%\gOEYMkgs\pUoY.exe
- %HOMEPATH%\gOEYMkgs\XMcK.exe
- %HOMEPATH%\gOEYMkgs\XIIg.exe
- %HOMEPATH%\gOEYMkgs\bIIc.exe
- %HOMEPATH%\gOEYMkgs\dwUw.exe
- %HOMEPATH%\gOEYMkgs\xkgu.exe
- %TEMP%\WER48a9.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\Qkom.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\FEUc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\tEME.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\FwIM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\OIoO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\KcAs.exe
- %HOMEPATH%\gOEYMkgs\ZEkg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\UAYg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\Uwgu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- <Current directory>\<File name>
- %HOMEPATH%\gOEYMkgs\RMMC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\Ussy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\EYEy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\HcoK.exe
- %TEMP%\WER65bd.dir00\manifest.txt
- %TEMP%\WER65bd.dir00\appcompat.txt
- %TEMP%\WER65bd.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\tsUy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\BwUs.exe
- %TEMP%\WER65bd.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\wcMS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\kQcq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\eIgk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\WAQC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\MYEG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\pUsa.exe
- %HOMEPATH%\gOEYMkgs\JQgs.exe
- %HOMEPATH%\gOEYMkgs\vMQs.exe
- %HOMEPATH%\gOEYMkgs\QscA.exe
- %HOMEPATH%\gOEYMkgs\TQAc.exe
- %HOMEPATH%\gOEYMkgs\jUQw.exe
- %HOMEPATH%\gOEYMkgs\XEUk.exe
- %HOMEPATH%\gOEYMkgs\JkMs.exe
- %HOMEPATH%\gOEYMkgs\ZsUA.exe
- %HOMEPATH%\gOEYMkgs\Ycsc.exe
- %HOMEPATH%\gOEYMkgs\xgsc.exe
- %HOMEPATH%\gOEYMkgs\zQcC.exe
- %HOMEPATH%\gOEYMkgs\foci.exe
- %HOMEPATH%\gOEYMkgs\Nowc.exe
- %HOMEPATH%\gOEYMkgs\ewEw.exe
- %HOMEPATH%\gOEYMkgs\vcsU.exe
- %HOMEPATH%\gOEYMkgs\Egcq.exe
- %HOMEPATH%\gOEYMkgs\rMIK.exe
- %HOMEPATH%\gOEYMkgs\igUE.exe
- %TEMP%\WER48a9.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\CAUE.exe
- %HOMEPATH%\gOEYMkgs\hAwq.exe
- %HOMEPATH%\gOEYMkgs\skIw.exe
- %HOMEPATH%\gOEYMkgs\AAYa.exe
- %TEMP%\WER48a9.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\gkMK.exe
- %HOMEPATH%\gOEYMkgs\EAQO.exe
- %HOMEPATH%\gOEYMkgs\DYAy.exe
- %TEMP%\WERd84d.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\BgAY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\pYwE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %TEMP%\WERd84d.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\YQUG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\XUcY.exe
- %TEMP%\WERd84d.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %TEMP%\WERd84d.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\ewEG.exe
- %HOMEPATH%\gOEYMkgs\DMoO.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\HgYS.exe
- %HOMEPATH%\gOEYMkgs\LIYO.exe
- %HOMEPATH%\gOEYMkgs\HcYm.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\cIEA.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\coIe.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\KkQK.exe
- %HOMEPATH%\gOEYMkgs\NwYI.exe
- %HOMEPATH%\gOEYMkgs\KAkI.exe
- %HOMEPATH%\gOEYMkgs\RUMO.exe
- %HOMEPATH%\gOEYMkgs\Mgcs.exe
- %HOMEPATH%\gOEYMkgs\XgIs.exe
- %HOMEPATH%\gOEYMkgs\YAIG.exe
- %HOMEPATH%\gOEYMkgs\KYQU.exe
- %HOMEPATH%\gOEYMkgs\SgUc.exe
- %HOMEPATH%\gOEYMkgs\WMgI.exe
- %HOMEPATH%\gOEYMkgs\AsYK.exe
- %HOMEPATH%\gOEYMkgs\uYQs.exe
- %HOMEPATH%\gOEYMkgs\bowC.exe
- %HOMEPATH%\gOEYMkgs\zIII.exe
- %HOMEPATH%\gOEYMkgs\tEcS.exe
- %HOMEPATH%\gOEYMkgs\DwMQ.exe
- %HOMEPATH%\gOEYMkgs\nMcy.exe
- %HOMEPATH%\gOEYMkgs\NMEO.exe
- %HOMEPATH%\gOEYMkgs\lQQs.exe
- %HOMEPATH%\gOEYMkgs\dkEk.exe
- %HOMEPATH%\gOEYMkgs\dcsk.exe
- %HOMEPATH%\gOEYMkgs\EAEq.exe
- %HOMEPATH%\gOEYMkgs\eccq.exe
- %HOMEPATH%\gOEYMkgs\JUoE.exe
- %HOMEPATH%\gOEYMkgs\iEck.exe
- %HOMEPATH%\gOEYMkgs\dcgm.exe
- %HOMEPATH%\gOEYMkgs\cAQQ.exe
- %HOMEPATH%\gOEYMkgs\xIYA.exe
- %HOMEPATH%\gOEYMkgs\kkoy.exe
- %HOMEPATH%\gOEYMkgs\xAca.exe
- %HOMEPATH%\gOEYMkgs\hYoe.exe
- %HOMEPATH%\gOEYMkgs\vcUk.exe
- %HOMEPATH%\gOEYMkgs\eckS.exe
- %HOMEPATH%\gOEYMkgs\OoMc.exe
- %HOMEPATH%\gOEYMkgs\toca.exe
- %HOMEPATH%\gOEYMkgs\TMMA.exe
- %HOMEPATH%\gOEYMkgs\NkUe.exe
- %HOMEPATH%\gOEYMkgs\UAIQ.exe
- %HOMEPATH%\gOEYMkgs\CggO.exe
- %HOMEPATH%\gOEYMkgs\egsI.exe
- %HOMEPATH%\gOEYMkgs\ZAYm.exe
- %HOMEPATH%\gOEYMkgs\eIQi.exe
- %HOMEPATH%\gOEYMkgs\TMIc.exe
- %HOMEPATH%\gOEYMkgs\KgMW.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- %HOMEPATH%\gOEYMkgs\ggks.exe
- %HOMEPATH%\gOEYMkgs\PAMm.exe
- %HOMEPATH%\gOEYMkgs\QMoS.exe
- %HOMEPATH%\gOEYMkgs\IMkc.exe
- %HOMEPATH%\gOEYMkgs\pgEY.exe
- %HOMEPATH%\gOEYMkgs\oEEm.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- %TEMP%\WERfdad.dir00\ZgMYMIIE.exe.mdmp
- %WINDIR%\pchealth\ERRORREP\UserDumps\ZgMYMIIE.exe.20170807-131819-00.mdmp
- %TEMP%\WERfdad.dir00\ZgMYMIIE.exe.hdmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- %HOMEPATH%\gOEYMkgs\xkgu.exe
- %HOMEPATH%\gOEYMkgs\pUoY.exe
- %HOMEPATH%\gOEYMkgs\dwUw.exe
- %HOMEPATH%\gOEYMkgs\hUgK.exe
- %HOMEPATH%\gOEYMkgs\bIIc.exe
- %HOMEPATH%\gOEYMkgs\fYIM.exe
- %HOMEPATH%\gOEYMkgs\asAM.exe
- %HOMEPATH%\gOEYMkgs\JgIU.exe
- %HOMEPATH%\gOEYMkgs\XMcK.exe
- %HOMEPATH%\gOEYMkgs\XIIg.exe
- %HOMEPATH%\gOEYMkgs\mgEi.exe
- %HOMEPATH%\gOEYMkgs\PwIq.exe
- %HOMEPATH%\gOEYMkgs\EQUi.exe
- %HOMEPATH%\gOEYMkgs\oUUI.exe
- %HOMEPATH%\gOEYMkgs\awke.exe
- %HOMEPATH%\gOEYMkgs\SMwe.exe
- %HOMEPATH%\gOEYMkgs\EEME.exe
- %HOMEPATH%\gOEYMkgs\MIIE.exe
- %HOMEPATH%\gOEYMkgs\ZUQY.exe
- %HOMEPATH%\gOEYMkgs\wQMc.exe
- %HOMEPATH%\gOEYMkgs\EsIU.exe
- %HOMEPATH%\gOEYMkgs\pYwE.exe
- %HOMEPATH%\gOEYMkgs\BgAY.exe
- %HOMEPATH%\gOEYMkgs\cIEA.exe
- %HOMEPATH%\gOEYMkgs\coIe.exe
- %HOMEPATH%\gOEYMkgs\KkQK.exe
- %HOMEPATH%\gOEYMkgs\Uwgu.exe
- %HOMEPATH%\gOEYMkgs\ZEkg.exe
- %HOMEPATH%\gOEYMkgs\XUcY.exe
- %HOMEPATH%\gOEYMkgs\YQUG.exe
- %HOMEPATH%\gOEYMkgs\ewEG.exe
- %HOMEPATH%\gOEYMkgs\Ycsc.exe
- %HOMEPATH%\gOEYMkgs\xgsc.exe
- %HOMEPATH%\gOEYMkgs\ZsUA.exe
- %HOMEPATH%\gOEYMkgs\foci.exe
- %HOMEPATH%\gOEYMkgs\Nowc.exe
- %HOMEPATH%\gOEYMkgs\DMoO.exe
- %HOMEPATH%\gOEYMkgs\HgYS.exe
- %HOMEPATH%\gOEYMkgs\HcYm.exe
- %HOMEPATH%\gOEYMkgs\DYAy.exe
- %HOMEPATH%\gOEYMkgs\LIYO.exe
- %HOMEPATH%\gOEYMkgs\wcMS.exe
- %HOMEPATH%\gOEYMkgs\kQcq.exe
- %HOMEPATH%\gOEYMkgs\eIgk.exe
- %HOMEPATH%\gOEYMkgs\FwIM.exe
- %HOMEPATH%\gOEYMkgs\HcoK.exe
- %HOMEPATH%\gOEYMkgs\tsUy.exe
- %HOMEPATH%\gOEYMkgs\BwUs.exe
- %HOMEPATH%\gOEYMkgs\WAQC.exe
- %HOMEPATH%\gOEYMkgs\MYEG.exe
- %HOMEPATH%\gOEYMkgs\pUsa.exe
- %HOMEPATH%\gOEYMkgs\RMMC.exe
- %HOMEPATH%\gOEYMkgs\Ussy.exe
- %HOMEPATH%\gOEYMkgs\EYEy.exe
- %HOMEPATH%\gOEYMkgs\UAYg.exe
- %TEMP%\seYMQosI.bat
- %HOMEPATH%\gOEYMkgs\OIoO.exe
- %HOMEPATH%\gOEYMkgs\KcAs.exe
- %HOMEPATH%\gOEYMkgs\FEUc.exe
- %HOMEPATH%\gOEYMkgs\tEME.exe
- %HOMEPATH%\gOEYMkgs\Qkom.exe
- %HOMEPATH%\gOEYMkgs\uEEE.exe
- %HOMEPATH%\gOEYMkgs\doMY.exe
- %HOMEPATH%\gOEYMkgs\yscG.exe
- %HOMEPATH%\gOEYMkgs\eEoW.exe
- %HOMEPATH%\gOEYMkgs\eYMw.exe
- %HOMEPATH%\gOEYMkgs\TAkC.exe
- %HOMEPATH%\gOEYMkgs\KsEE.exe
- %HOMEPATH%\gOEYMkgs\sgMG.exe
- %HOMEPATH%\gOEYMkgs\qEUo.exe
- %HOMEPATH%\gOEYMkgs\KQMM.exe
- %HOMEPATH%\gOEYMkgs\GAQs.exe
- %HOMEPATH%\gOEYMkgs\ccAm.exe
- %HOMEPATH%\gOEYMkgs\lwAs.exe
- %HOMEPATH%\gOEYMkgs\jsQG.exe
- %HOMEPATH%\gOEYMkgs\BMIC.exe
- %HOMEPATH%\gOEYMkgs\qMwg.exe
- %HOMEPATH%\gOEYMkgs\FUAe.exe
- %HOMEPATH%\gOEYMkgs\UoYK.exe
- %HOMEPATH%\gOEYMkgs\pwYw.exe
- %HOMEPATH%\gOEYMkgs\mUsG.exe
- %HOMEPATH%\gOEYMkgs\jUQw.exe
- %HOMEPATH%\gOEYMkgs\XEUk.exe
- %HOMEPATH%\gOEYMkgs\TQAc.exe
- %HOMEPATH%\gOEYMkgs\skIw.exe
- %HOMEPATH%\gOEYMkgs\AAYa.exe
- %HOMEPATH%\gOEYMkgs\JkMs.exe
- %HOMEPATH%\gOEYMkgs\zQcC.exe
- %HOMEPATH%\gOEYMkgs\QscA.exe
- %HOMEPATH%\gOEYMkgs\JQgs.exe
- %HOMEPATH%\gOEYMkgs\vMQs.exe
- %HOMEPATH%\gOEYMkgs\ewEw.exe
- %HOMEPATH%\gOEYMkgs\vcsU.exe
- %HOMEPATH%\gOEYMkgs\igUE.exe
- %HOMEPATH%\gOEYMkgs\QoAQ.exe
- %HOMEPATH%\gOEYMkgs\rMIK.exe
- %HOMEPATH%\gOEYMkgs\EAQO.exe
- %HOMEPATH%\gOEYMkgs\hAwq.exe
- %HOMEPATH%\gOEYMkgs\gkMK.exe
- %HOMEPATH%\gOEYMkgs\Egcq.exe
- %HOMEPATH%\gOEYMkgs\CAUE.exe
- %HOMEPATH%\gOEYMkgs\KsEE.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'