Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Current directory>\<File name>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\qcEy.exe
- %HOMEPATH%\gOEYMkgs\TQgc.exe
- %HOMEPATH%\gOEYMkgs\wsYe.exe
- %HOMEPATH%\gOEYMkgs\Cokw.exe
- %HOMEPATH%\gOEYMkgs\WMUe.exe
- %HOMEPATH%\gOEYMkgs\WQAy.exe
- %HOMEPATH%\gOEYMkgs\egkO.exe
- %HOMEPATH%\gOEYMkgs\VsoE.exe
- %HOMEPATH%\gOEYMkgs\OAEo.exe
- %HOMEPATH%\gOEYMkgs\cEsu.exe
- %HOMEPATH%\gOEYMkgs\WYks.exe
- %HOMEPATH%\gOEYMkgs\cQUg.exe
- %HOMEPATH%\gOEYMkgs\TUUK.exe
- %HOMEPATH%\gOEYMkgs\BIQY.exe
- %HOMEPATH%\gOEYMkgs\AUsw.exe
- %HOMEPATH%\gOEYMkgs\UMku.exe
- %HOMEPATH%\gOEYMkgs\CEss.exe
- %HOMEPATH%\gOEYMkgs\Doks.exe
- %HOMEPATH%\gOEYMkgs\UAsk.exe
- %HOMEPATH%\gOEYMkgs\MccO.exe
- %HOMEPATH%\gOEYMkgs\uAsg.exe
- %HOMEPATH%\gOEYMkgs\lkoC.exe
- %HOMEPATH%\gOEYMkgs\VsEA.exe
- %HOMEPATH%\gOEYMkgs\dUEi.exe
- %HOMEPATH%\gOEYMkgs\zgwO.exe
- %HOMEPATH%\gOEYMkgs\jIYU.exe
- %TEMP%\WER4ffc.dir00\manifest.txt
- %TEMP%\WER4ffc.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\fEUY.exe
- %HOMEPATH%\gOEYMkgs\vYoq.exe
- %HOMEPATH%\gOEYMkgs\sUoS.exe
- %HOMEPATH%\gOEYMkgs\MIEc.exe
- %HOMEPATH%\gOEYMkgs\AkII.exe
- %TEMP%\WER4ffc.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\rUAq.exe
- %HOMEPATH%\gOEYMkgs\aAAe.exe
- %TEMP%\WER4ffc.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\ZsEk.exe
- %HOMEPATH%\gOEYMkgs\soou.exe
- %HOMEPATH%\gOEYMkgs\NQQq.exe
- %HOMEPATH%\gOEYMkgs\qYEq.exe
- %HOMEPATH%\gOEYMkgs\Powu.exe
- %HOMEPATH%\gOEYMkgs\HkMS.exe
- %HOMEPATH%\gOEYMkgs\gAQs.exe
- %HOMEPATH%\gOEYMkgs\xMkW.exe
- %HOMEPATH%\gOEYMkgs\awUE.exe
- %HOMEPATH%\gOEYMkgs\IIkM.exe
- %HOMEPATH%\gOEYMkgs\nEwA.exe
- %HOMEPATH%\gOEYMkgs\LEcQ.exe
- %HOMEPATH%\gOEYMkgs\tIcs.exe
- %HOMEPATH%\gOEYMkgs\sEsE.exe
- %HOMEPATH%\gOEYMkgs\nkIe.exe
- %HOMEPATH%\gOEYMkgs\TYks.exe
- %HOMEPATH%\gOEYMkgs\fQsS.exe
- %HOMEPATH%\gOEYMkgs\pUIQ.exe
- %TEMP%\WERc60b.dir00\manifest.txt
- %TEMP%\WERc60b.dir00\appcompat.txt
- %TEMP%\WERc60b.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\swAO.exe
- %HOMEPATH%\gOEYMkgs\SogC.exe
- %TEMP%\WERc60b.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\tsIQ.exe
- %HOMEPATH%\gOEYMkgs\osMC.exe
- %HOMEPATH%\gOEYMkgs\SgIc.exe
- %HOMEPATH%\gOEYMkgs\cMwk.exe
- %HOMEPATH%\gOEYMkgs\YIky.exe
- %HOMEPATH%\gOEYMkgs\ZsYe.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %HOMEPATH%\gOEYMkgs\lgww.exe
- %HOMEPATH%\gOEYMkgs\agEe.exe
- %HOMEPATH%\gOEYMkgs\KAgA.exe
- %HOMEPATH%\gOEYMkgs\vosm.exe
- %HOMEPATH%\gOEYMkgs\egYq.exe
- %HOMEPATH%\gOEYMkgs\mgwq.exe
- %HOMEPATH%\gOEYMkgs\RUIw.exe
- %HOMEPATH%\gOEYMkgs\yAkU.exe
- %HOMEPATH%\gOEYMkgs\DMEc.exe
- %HOMEPATH%\gOEYMkgs\Icsi.exe
- %HOMEPATH%\gOEYMkgs\PYwk.exe
- %HOMEPATH%\gOEYMkgs\cgcA.exe
- %HOMEPATH%\gOEYMkgs\sgcI.exe
- %HOMEPATH%\gOEYMkgs\hQMY.exe
- %HOMEPATH%\gOEYMkgs\pMcq.exe
- %HOMEPATH%\gOEYMkgs\gIEQ.exe
- %HOMEPATH%\gOEYMkgs\FsQC.exe
- %HOMEPATH%\gOEYMkgs\acsG.exe
- %HOMEPATH%\gOEYMkgs\rUUG.exe
- %HOMEPATH%\gOEYMkgs\docc.exe
- %HOMEPATH%\gOEYMkgs\BYEo.exe
- %HOMEPATH%\gOEYMkgs\ngoW.exe
- %HOMEPATH%\gOEYMkgs\tMcY.exe
- %HOMEPATH%\gOEYMkgs\XQsM.exe
- %HOMEPATH%\gOEYMkgs\DMcC.exe
- %HOMEPATH%\gOEYMkgs\BcgS.exe
- %HOMEPATH%\gOEYMkgs\bQMu.exe
- %HOMEPATH%\gOEYMkgs\gcMk.exe
- %HOMEPATH%\gOEYMkgs\SMkw.exe
- %HOMEPATH%\gOEYMkgs\EUoa.exe
- %HOMEPATH%\gOEYMkgs\voMK.exe
- %HOMEPATH%\gOEYMkgs\ysMK.exe
- %HOMEPATH%\gOEYMkgs\woEu.exe
- %HOMEPATH%\gOEYMkgs\NEkg.exe
- %HOMEPATH%\gOEYMkgs\SwAa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZcAi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\bIsS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\CsQU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\WsgK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\kgQm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\Fscq.exe
- %TEMP%\WERdf2e.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\SIwA.exe
- %HOMEPATH%\gOEYMkgs\wQos.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\JsIw.exe
- %HOMEPATH%\gOEYMkgs\SEEa.exe
- <Current directory>\<File name>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\bAUi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %TEMP%\WER5a93.dir00\appcompat.txt
- %TEMP%\WER5a93.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER5a93.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\IsEQ.exe
- %TEMP%\WER5a93.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\kEki.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\xYkC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\LUUc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\rkYu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\JIgW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\igAo.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\rMcm.exe
- %HOMEPATH%\gOEYMkgs\OYgo.exe
- %HOMEPATH%\gOEYMkgs\tYAs.exe
- %HOMEPATH%\gOEYMkgs\wAga.exe
- %HOMEPATH%\gOEYMkgs\FsEm.exe
- %HOMEPATH%\gOEYMkgs\bEcC.exe
- %HOMEPATH%\gOEYMkgs\EAgm.exe
- %HOMEPATH%\gOEYMkgs\dgMS.exe
- %HOMEPATH%\gOEYMkgs\zIss.exe
- %HOMEPATH%\gOEYMkgs\lwQi.exe
- %HOMEPATH%\gOEYMkgs\wEoe.exe
- %HOMEPATH%\gOEYMkgs\SQQk.exe
- %HOMEPATH%\gOEYMkgs\koEQ.exe
- %HOMEPATH%\gOEYMkgs\noUY.exe
- %HOMEPATH%\gOEYMkgs\hQMU.exe
- %HOMEPATH%\gOEYMkgs\jIEM.exe
- %HOMEPATH%\gOEYMkgs\OAUa.exe
- %HOMEPATH%\gOEYMkgs\GIYa.exe
- %HOMEPATH%\gOEYMkgs\XAEc.exe
- %HOMEPATH%\gOEYMkgs\wgcw.exe
- %HOMEPATH%\gOEYMkgs\AQgm.exe
- %HOMEPATH%\gOEYMkgs\kMAO.exe
- %HOMEPATH%\gOEYMkgs\QokW.exe
- %HOMEPATH%\gOEYMkgs\GoIU.exe
- %HOMEPATH%\gOEYMkgs\Dkcc.exe
- %HOMEPATH%\gOEYMkgs\KcYA.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\kAwk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %TEMP%\WERdf2e.dir00\manifest.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\uwQE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\XMAW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %TEMP%\WERdf2e.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\OAII.exe
- %TEMP%\WERdf2e.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\tcUq.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\Xgkm.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\KwMU.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\wMoe.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\MUQQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\AMkq.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\wgIe.exe
- %HOMEPATH%\gOEYMkgs\BIQY.exe
- %HOMEPATH%\gOEYMkgs\AUsw.exe
- %HOMEPATH%\gOEYMkgs\Doks.exe
- %HOMEPATH%\gOEYMkgs\UAsk.exe
- %HOMEPATH%\gOEYMkgs\UMku.exe
- %HOMEPATH%\gOEYMkgs\zgwO.exe
- %HOMEPATH%\gOEYMkgs\MccO.exe
- %HOMEPATH%\gOEYMkgs\VsEA.exe
- %HOMEPATH%\gOEYMkgs\dUEi.exe
- %HOMEPATH%\gOEYMkgs\rUUG.exe
- %HOMEPATH%\gOEYMkgs\docc.exe
- %HOMEPATH%\gOEYMkgs\PYwk.exe
- %HOMEPATH%\gOEYMkgs\cgcA.exe
- %HOMEPATH%\gOEYMkgs\BYEo.exe
- %HOMEPATH%\gOEYMkgs\acsG.exe
- %HOMEPATH%\gOEYMkgs\CEss.exe
- %HOMEPATH%\gOEYMkgs\gIEQ.exe
- %HOMEPATH%\gOEYMkgs\FsQC.exe
- %HOMEPATH%\gOEYMkgs\uAsg.exe
- %HOMEPATH%\gOEYMkgs\egkO.exe
- %HOMEPATH%\gOEYMkgs\VsoE.exe
- %HOMEPATH%\gOEYMkgs\WYks.exe
- %HOMEPATH%\gOEYMkgs\cQUg.exe
- %HOMEPATH%\gOEYMkgs\OAEo.exe
- %HOMEPATH%\gOEYMkgs\gAQs.exe
- %HOMEPATH%\gOEYMkgs\xMkW.exe
- %HOMEPATH%\gOEYMkgs\jIYU.exe
- %HOMEPATH%\gOEYMkgs\HkMS.exe
- %HOMEPATH%\gOEYMkgs\Cokw.exe
- %HOMEPATH%\gOEYMkgs\WMUe.exe
- %HOMEPATH%\gOEYMkgs\lkoC.exe
- %HOMEPATH%\gOEYMkgs\TUUK.exe
- %HOMEPATH%\gOEYMkgs\WQAy.exe
- %HOMEPATH%\gOEYMkgs\wsYe.exe
- %HOMEPATH%\gOEYMkgs\cEsu.exe
- %HOMEPATH%\gOEYMkgs\qcEy.exe
- %HOMEPATH%\gOEYMkgs\TQgc.exe
- %HOMEPATH%\gOEYMkgs\Icsi.exe
- %HOMEPATH%\gOEYMkgs\SgIc.exe
- %HOMEPATH%\gOEYMkgs\pUIQ.exe
- %HOMEPATH%\gOEYMkgs\vosm.exe
- %HOMEPATH%\gOEYMkgs\egYq.exe
- %HOMEPATH%\gOEYMkgs\nkIe.exe
- %HOMEPATH%\gOEYMkgs\tsIQ.exe
- %HOMEPATH%\gOEYMkgs\osMC.exe
- %HOMEPATH%\gOEYMkgs\TYks.exe
- %HOMEPATH%\gOEYMkgs\fQsS.exe
- %HOMEPATH%\gOEYMkgs\cMwk.exe
- %HOMEPATH%\gOEYMkgs\YIky.exe
- %HOMEPATH%\gOEYMkgs\lgww.exe
- %HOMEPATH%\gOEYMkgs\agEe.exe
- %HOMEPATH%\gOEYMkgs\ZsYe.exe
- %HOMEPATH%\gOEYMkgs\yAkU.exe
- %HOMEPATH%\gOEYMkgs\KAgA.exe
- %HOMEPATH%\gOEYMkgs\mgwq.exe
- %HOMEPATH%\gOEYMkgs\RUIw.exe
- %HOMEPATH%\gOEYMkgs\swAO.exe
- %HOMEPATH%\gOEYMkgs\SMkw.exe
- %HOMEPATH%\gOEYMkgs\EUoa.exe
- %HOMEPATH%\gOEYMkgs\woEu.exe
- %HOMEPATH%\gOEYMkgs\NEkg.exe
- %HOMEPATH%\gOEYMkgs\voMK.exe
- %HOMEPATH%\gOEYMkgs\hQMY.exe
- %HOMEPATH%\gOEYMkgs\pMcq.exe
- %HOMEPATH%\gOEYMkgs\ngoW.exe
- %HOMEPATH%\gOEYMkgs\sgcI.exe
- %HOMEPATH%\gOEYMkgs\BcgS.exe
- %HOMEPATH%\gOEYMkgs\bQMu.exe
- %HOMEPATH%\gOEYMkgs\SogC.exe
- %HOMEPATH%\gOEYMkgs\DMEc.exe
- %HOMEPATH%\gOEYMkgs\gcMk.exe
- %HOMEPATH%\gOEYMkgs\DMcC.exe
- %HOMEPATH%\gOEYMkgs\ysMK.exe
- %HOMEPATH%\gOEYMkgs\tMcY.exe
- %HOMEPATH%\gOEYMkgs\XQsM.exe
- %HOMEPATH%\gOEYMkgs\tcUq.exe
- %HOMEPATH%\gOEYMkgs\uwQE.exe
- %HOMEPATH%\gOEYMkgs\wgIe.exe
- %HOMEPATH%\gOEYMkgs\MUQQ.exe
- %HOMEPATH%\gOEYMkgs\kAwk.exe
- %HOMEPATH%\gOEYMkgs\wQos.exe
- %HOMEPATH%\gOEYMkgs\JsIw.exe
- %HOMEPATH%\gOEYMkgs\OAII.exe
- %HOMEPATH%\gOEYMkgs\XMAW.exe
- %HOMEPATH%\gOEYMkgs\dgMS.exe
- %HOMEPATH%\gOEYMkgs\zIss.exe
- %HOMEPATH%\gOEYMkgs\SQQk.exe
- %HOMEPATH%\gOEYMkgs\koEQ.exe
- %HOMEPATH%\gOEYMkgs\lwQi.exe
- %HOMEPATH%\gOEYMkgs\Xgkm.exe
- %HOMEPATH%\gOEYMkgs\AMkq.exe
- %HOMEPATH%\gOEYMkgs\KwMU.exe
- %HOMEPATH%\gOEYMkgs\wMoe.exe
- %HOMEPATH%\gOEYMkgs\SIwA.exe
- %HOMEPATH%\gOEYMkgs\rkYu.exe
- %HOMEPATH%\gOEYMkgs\xYkC.exe
- %HOMEPATH%\gOEYMkgs\WsgK.exe
- %HOMEPATH%\gOEYMkgs\LUUc.exe
- %HOMEPATH%\gOEYMkgs\igAo.exe
- %HOMEPATH%\gOEYMkgs\kEki.exe
- %HOMEPATH%\gOEYMkgs\IsEQ.exe
- %HOMEPATH%\gOEYMkgs\rMcm.exe
- %HOMEPATH%\gOEYMkgs\JIgW.exe
- %TEMP%\DGcokYws.bat
- %HOMEPATH%\gOEYMkgs\Fscq.exe
- %HOMEPATH%\gOEYMkgs\bAUi.exe
- %HOMEPATH%\gOEYMkgs\SEEa.exe
- %HOMEPATH%\gOEYMkgs\bIsS.exe
- %HOMEPATH%\gOEYMkgs\kgQm.exe
- %HOMEPATH%\gOEYMkgs\CsQU.exe
- %HOMEPATH%\gOEYMkgs\SwAa.exe
- %HOMEPATH%\gOEYMkgs\ZcAi.exe
- %HOMEPATH%\gOEYMkgs\wEoe.exe
- %HOMEPATH%\gOEYMkgs\sUoS.exe
- %HOMEPATH%\gOEYMkgs\MIEc.exe
- %HOMEPATH%\gOEYMkgs\soou.exe
- %HOMEPATH%\gOEYMkgs\vYoq.exe
- %HOMEPATH%\gOEYMkgs\fEUY.exe
- %HOMEPATH%\gOEYMkgs\AkII.exe
- %HOMEPATH%\gOEYMkgs\rUAq.exe
- %HOMEPATH%\gOEYMkgs\aAAe.exe
- %HOMEPATH%\gOEYMkgs\ZsEk.exe
- %HOMEPATH%\gOEYMkgs\Powu.exe
- %HOMEPATH%\gOEYMkgs\LEcQ.exe
- %HOMEPATH%\gOEYMkgs\NQQq.exe
- %HOMEPATH%\gOEYMkgs\qYEq.exe
- %HOMEPATH%\gOEYMkgs\tIcs.exe
- %HOMEPATH%\gOEYMkgs\IIkM.exe
- %HOMEPATH%\gOEYMkgs\nEwA.exe
- %HOMEPATH%\gOEYMkgs\sEsE.exe
- %HOMEPATH%\gOEYMkgs\awUE.exe
- %HOMEPATH%\gOEYMkgs\GIYa.exe
- %HOMEPATH%\gOEYMkgs\noUY.exe
- %HOMEPATH%\gOEYMkgs\FsEm.exe
- %HOMEPATH%\gOEYMkgs\kMAO.exe
- %HOMEPATH%\gOEYMkgs\QokW.exe
- %HOMEPATH%\gOEYMkgs\bEcC.exe
- %HOMEPATH%\gOEYMkgs\tYAs.exe
- %HOMEPATH%\gOEYMkgs\wAga.exe
- %HOMEPATH%\gOEYMkgs\EAgm.exe
- %HOMEPATH%\gOEYMkgs\OYgo.exe
- %HOMEPATH%\gOEYMkgs\hQMU.exe
- %HOMEPATH%\gOEYMkgs\jIEM.exe
- %HOMEPATH%\gOEYMkgs\XAEc.exe
- %HOMEPATH%\gOEYMkgs\wgcw.exe
- %HOMEPATH%\gOEYMkgs\OAUa.exe
- %HOMEPATH%\gOEYMkgs\KcYA.exe
- %HOMEPATH%\gOEYMkgs\AQgm.exe
- %HOMEPATH%\gOEYMkgs\GoIU.exe
- %HOMEPATH%\gOEYMkgs\Dkcc.exe
- %HOMEPATH%\gOEYMkgs\NQQq.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'