Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '%TEMP%\setup.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\setup.exe
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\YEUg.exe
- %HOMEPATH%\gOEYMkgs\VEYQ.exe
- %HOMEPATH%\gOEYMkgs\zAIU.exe
- %HOMEPATH%\gOEYMkgs\IssM.exe
- %HOMEPATH%\gOEYMkgs\sAsk.exe
- %HOMEPATH%\gOEYMkgs\QQMY.exe
- %HOMEPATH%\gOEYMkgs\IcgE.exe
- %HOMEPATH%\gOEYMkgs\dYEg.exe
- %HOMEPATH%\gOEYMkgs\aAkG.exe
- %HOMEPATH%\gOEYMkgs\QMAu.exe
- %HOMEPATH%\gOEYMkgs\jMES.exe
- %HOMEPATH%\gOEYMkgs\mwow.exe
- %HOMEPATH%\gOEYMkgs\hAQm.exe
- %HOMEPATH%\gOEYMkgs\ussY.exe
- %HOMEPATH%\gOEYMkgs\xYQQ.exe
- %HOMEPATH%\gOEYMkgs\iUMi.exe
- %HOMEPATH%\gOEYMkgs\fIoQ.exe
- %HOMEPATH%\gOEYMkgs\qcQC.exe
- %HOMEPATH%\gOEYMkgs\BYMc.exe
- %HOMEPATH%\gOEYMkgs\ekks.exe
- %HOMEPATH%\gOEYMkgs\lkcE.exe
- %HOMEPATH%\gOEYMkgs\wMsW.exe
- %HOMEPATH%\gOEYMkgs\zYYm.exe
- %HOMEPATH%\gOEYMkgs\XkAk.exe
- %HOMEPATH%\gOEYMkgs\CUcK.exe
- %HOMEPATH%\gOEYMkgs\OsAE.exe
- %HOMEPATH%\gOEYMkgs\RoUQ.exe
- %HOMEPATH%\gOEYMkgs\eUYa.exe
- %HOMEPATH%\gOEYMkgs\sAMc.exe
- %HOMEPATH%\gOEYMkgs\HwAq.exe
- %HOMEPATH%\gOEYMkgs\LYsk.exe
- %HOMEPATH%\gOEYMkgs\tkkS.exe
- %HOMEPATH%\gOEYMkgs\MQos.exe
- %HOMEPATH%\gOEYMkgs\gsQi.exe
- %HOMEPATH%\gOEYMkgs\mAcw.exe
- %HOMEPATH%\gOEYMkgs\sMQQ.exe
- %HOMEPATH%\gOEYMkgs\FAEK.exe
- %HOMEPATH%\gOEYMkgs\kMgi.exe
- %HOMEPATH%\gOEYMkgs\isgq.exe
- %HOMEPATH%\gOEYMkgs\yokY.exe
- %HOMEPATH%\gOEYMkgs\bQQC.exe
- %HOMEPATH%\gOEYMkgs\yIAi.exe
- %HOMEPATH%\gOEYMkgs\AUEG.exe
- %HOMEPATH%\gOEYMkgs\TkIC.exe
- %HOMEPATH%\gOEYMkgs\zIgk.exe
- %HOMEPATH%\gOEYMkgs\VgAC.exe
- %TEMP%\WER59ea.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\aMcI.exe
- %HOMEPATH%\gOEYMkgs\AAUu.exe
- %HOMEPATH%\gOEYMkgs\LcsW.exe
- %HOMEPATH%\gOEYMkgs\fQgg.exe
- %HOMEPATH%\gOEYMkgs\GMku.exe
- %HOMEPATH%\gOEYMkgs\moYS.exe
- %HOMEPATH%\gOEYMkgs\gUEC.exe
- %HOMEPATH%\gOEYMkgs\aQws.exe
- %HOMEPATH%\gOEYMkgs\acou.exe
- %HOMEPATH%\gOEYMkgs\XEUy.exe
- %HOMEPATH%\gOEYMkgs\fMUm.exe
- %HOMEPATH%\gOEYMkgs\wsso.exe
- %HOMEPATH%\gOEYMkgs\LoUk.exe
- %HOMEPATH%\gOEYMkgs\CAAs.exe
- %HOMEPATH%\gOEYMkgs\UEoi.exe
- %HOMEPATH%\gOEYMkgs\ngcM.exe
- %HOMEPATH%\gOEYMkgs\OsMc.exe
- %HOMEPATH%\gOEYMkgs\aQEG.exe
- %HOMEPATH%\gOEYMkgs\MUkg.exe
- %HOMEPATH%\gOEYMkgs\fEwY.exe
- %HOMEPATH%\gOEYMkgs\Ossc.exe
- %HOMEPATH%\gOEYMkgs\IQoa.exe
- %HOMEPATH%\gOEYMkgs\igAw.exe
- %HOMEPATH%\gOEYMkgs\VUUm.exe
- %TEMP%\WER59ea.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\iIMA.exe
- %TEMP%\WER59ea.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\AcQa.exe
- %HOMEPATH%\gOEYMkgs\hsAE.exe
- %HOMEPATH%\gOEYMkgs\BscA.exe
- %HOMEPATH%\gOEYMkgs\ocIG.exe
- %HOMEPATH%\gOEYMkgs\gEAK.exe
- %HOMEPATH%\gOEYMkgs\Rows.exe
- %HOMEPATH%\gOEYMkgs\VUIy.exe
- %TEMP%\WER59ea.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\MUAs.exe
- %HOMEPATH%\gOEYMkgs\lAAa.exe
- %HOMEPATH%\gOEYMkgs\Coga.exe
- %HOMEPATH%\gOEYMkgs\YYgs.exe
- %HOMEPATH%\gOEYMkgs\lQIq.exe
- %HOMEPATH%\gOEYMkgs\Qgoq.exe
- %HOMEPATH%\gOEYMkgs\SUgK.exe
- %HOMEPATH%\gOEYMkgs\TEMI.exe
- %HOMEPATH%\gOEYMkgs\oAIy.exe
- %HOMEPATH%\gOEYMkgs\eQEM.exe
- %HOMEPATH%\gOEYMkgs\owUy.exe
- %HOMEPATH%\gOEYMkgs\bock.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\SMAM.exe
- %HOMEPATH%\gOEYMkgs\vsQe.exe
- %HOMEPATH%\gOEYMkgs\nQUy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\cIAG.exe
- %HOMEPATH%\gOEYMkgs\mksw.exe
- %HOMEPATH%\gOEYMkgs\ewky.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\BUEM.exe
- %HOMEPATH%\gOEYMkgs\wQkg.exe
- %HOMEPATH%\gOEYMkgs\rYoI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\HoUQ.exe
- %TEMP%\WERff1a.dir00\appcompat.txt
- %TEMP%\WERff1a.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERff1a.dir00\manifest.txt
- %TEMP%\WER6a94.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\caQc.txt
- %TEMP%\WERff1a.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %TEMP%\WER6a94.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\fYce.exe
- %HOMEPATH%\gOEYMkgs\Tokg.exe
- %HOMEPATH%\gOEYMkgs\fQsy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %TEMP%\WER6a94.dir00\manifest.txt
- %TEMP%\WER6a94.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\aEsY.exe
- %HOMEPATH%\gOEYMkgs\aYwi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\rcYG.exe
- %TEMP%\WERe2d5.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\HYYG.exe
- %HOMEPATH%\gOEYMkgs\lYAw.exe
- %HOMEPATH%\gOEYMkgs\boMy.exe
- %HOMEPATH%\gOEYMkgs\mIIq.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\gUsA.exe
- %HOMEPATH%\gOEYMkgs\Fwok.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %TEMP%\WERe2d5.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WERe2d5.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\DEAc.exe
- %HOMEPATH%\gOEYMkgs\asQg.exe
- %HOMEPATH%\gOEYMkgs\TMAq.exe
- %HOMEPATH%\gOEYMkgs\fYAw.exe
- %HOMEPATH%\gOEYMkgs\xgEi.exe
- %HOMEPATH%\gOEYMkgs\NEse.exe
- %TEMP%\WERe2d5.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\bUEc.exe
- %HOMEPATH%\gOEYMkgs\zYoG.exe
- %HOMEPATH%\gOEYMkgs\NwQg.exe
- %HOMEPATH%\gOEYMkgs\mMQy.exe
- %HOMEPATH%\gOEYMkgs\PEMg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\vUsc.exe
- %HOMEPATH%\gOEYMkgs\eogM.exe
- %HOMEPATH%\gOEYMkgs\tcUa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\uAwe.exe
- %HOMEPATH%\gOEYMkgs\lUoO.exe
- %HOMEPATH%\gOEYMkgs\RUQk.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\ccIQ.exe
- %HOMEPATH%\gOEYMkgs\lUAI.exe
- %HOMEPATH%\gOEYMkgs\MkYu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\cQEC.exe
- %HOMEPATH%\gOEYMkgs\fIoQ.exe
- %HOMEPATH%\gOEYMkgs\xYQQ.exe
- %HOMEPATH%\gOEYMkgs\ocIG.exe
- %HOMEPATH%\gOEYMkgs\iUMi.exe
- %HOMEPATH%\gOEYMkgs\qcQC.exe
- %HOMEPATH%\gOEYMkgs\wMsW.exe
- %HOMEPATH%\gOEYMkgs\hAQm.exe
- %HOMEPATH%\gOEYMkgs\ussY.exe
- %HOMEPATH%\gOEYMkgs\VUUm.exe
- %HOMEPATH%\gOEYMkgs\hsAE.exe
- %HOMEPATH%\gOEYMkgs\AcQa.exe
- %HOMEPATH%\gOEYMkgs\iIMA.exe
- %HOMEPATH%\gOEYMkgs\gEAK.exe
- %HOMEPATH%\gOEYMkgs\BscA.exe
- %HOMEPATH%\gOEYMkgs\Rows.exe
- %HOMEPATH%\gOEYMkgs\VUIy.exe
- %HOMEPATH%\gOEYMkgs\zYYm.exe
- %HOMEPATH%\gOEYMkgs\QMAu.exe
- %HOMEPATH%\gOEYMkgs\jMES.exe
- %HOMEPATH%\gOEYMkgs\VEYQ.exe
- %HOMEPATH%\gOEYMkgs\QQMY.exe
- %HOMEPATH%\gOEYMkgs\dYEg.exe
- %HOMEPATH%\gOEYMkgs\isgq.exe
- %HOMEPATH%\gOEYMkgs\aAkG.exe
- %HOMEPATH%\gOEYMkgs\IcgE.exe
- %HOMEPATH%\gOEYMkgs\ekks.exe
- %HOMEPATH%\gOEYMkgs\mwow.exe
- %HOMEPATH%\gOEYMkgs\lkcE.exe
- %HOMEPATH%\gOEYMkgs\BYMc.exe
- %HOMEPATH%\gOEYMkgs\zAIU.exe
- %HOMEPATH%\gOEYMkgs\YEUg.exe
- %HOMEPATH%\gOEYMkgs\IssM.exe
- %HOMEPATH%\gOEYMkgs\sAsk.exe
- %HOMEPATH%\gOEYMkgs\TEMI.exe
- %HOMEPATH%\gOEYMkgs\fEwY.exe
- %HOMEPATH%\gOEYMkgs\wsso.exe
- %HOMEPATH%\gOEYMkgs\Ossc.exe
- %HOMEPATH%\gOEYMkgs\MUkg.exe
- %HOMEPATH%\gOEYMkgs\LcsW.exe
- %HOMEPATH%\gOEYMkgs\aMcI.exe
- %HOMEPATH%\gOEYMkgs\fQgg.exe
- %HOMEPATH%\gOEYMkgs\GMku.exe
- %HOMEPATH%\gOEYMkgs\UEoi.exe
- %HOMEPATH%\gOEYMkgs\LoUk.exe
- %HOMEPATH%\gOEYMkgs\ngcM.exe
- %HOMEPATH%\gOEYMkgs\OsMc.exe
- %HOMEPATH%\gOEYMkgs\IQoa.exe
- %HOMEPATH%\gOEYMkgs\igAw.exe
- %HOMEPATH%\gOEYMkgs\CAAs.exe
- %HOMEPATH%\gOEYMkgs\aQEG.exe
- %HOMEPATH%\gOEYMkgs\AAUu.exe
- %HOMEPATH%\gOEYMkgs\lAAa.exe
- %HOMEPATH%\gOEYMkgs\Qgoq.exe
- %HOMEPATH%\gOEYMkgs\Coga.exe
- %HOMEPATH%\gOEYMkgs\MUAs.exe
- %HOMEPATH%\gOEYMkgs\oAIy.exe
- %HOMEPATH%\gOEYMkgs\SUgK.exe
- %HOMEPATH%\gOEYMkgs\eQEM.exe
- %HOMEPATH%\gOEYMkgs\owUy.exe
- %HOMEPATH%\gOEYMkgs\fMUm.exe
- %HOMEPATH%\gOEYMkgs\acou.exe
- %HOMEPATH%\gOEYMkgs\moYS.exe
- %HOMEPATH%\gOEYMkgs\XEUy.exe
- %HOMEPATH%\gOEYMkgs\YYgs.exe
- %HOMEPATH%\gOEYMkgs\lQIq.exe
- %HOMEPATH%\gOEYMkgs\gUEC.exe
- %HOMEPATH%\gOEYMkgs\aQws.exe
- %HOMEPATH%\gOEYMkgs\vUsc.exe
- %HOMEPATH%\gOEYMkgs\PEMg.exe
- %HOMEPATH%\gOEYMkgs\MkYu.exe
- %HOMEPATH%\gOEYMkgs\lUoO.exe
- %HOMEPATH%\gOEYMkgs\tcUa.exe
- %HOMEPATH%\gOEYMkgs\rcYG.exe
- %HOMEPATH%\gOEYMkgs\eogM.exe
- %HOMEPATH%\gOEYMkgs\uAwe.exe
- %HOMEPATH%\gOEYMkgs\Fwok.exe
- %HOMEPATH%\gOEYMkgs\gUsA.exe
- %HOMEPATH%\gOEYMkgs\HYYG.exe
- %HOMEPATH%\gOEYMkgs\mIIq.exe
- %HOMEPATH%\gOEYMkgs\lUAI.exe
- %HOMEPATH%\gOEYMkgs\cQEC.exe
- %HOMEPATH%\gOEYMkgs\ccIQ.exe
- %HOMEPATH%\gOEYMkgs\RUQk.exe
- %HOMEPATH%\gOEYMkgs\BUEM.exe
- %HOMEPATH%\gOEYMkgs\fQsy.exe
- %HOMEPATH%\gOEYMkgs\Tokg.exe
- %HOMEPATH%\gOEYMkgs\cIAG.exe
- %HOMEPATH%\gOEYMkgs\nQUy.exe
- %HOMEPATH%\gOEYMkgs\aEsY.exe
- %TEMP%\xmIQgoQI.bat
- %HOMEPATH%\gOEYMkgs\fYce.exe
- %HOMEPATH%\gOEYMkgs\aYwi.exe
- %HOMEPATH%\gOEYMkgs\HoUQ.exe
- %HOMEPATH%\gOEYMkgs\rYoI.exe
- %HOMEPATH%\gOEYMkgs\ewky.exe
- %HOMEPATH%\gOEYMkgs\wQkg.exe
- %HOMEPATH%\gOEYMkgs\bock.exe
- %HOMEPATH%\gOEYMkgs\vsQe.exe
- %HOMEPATH%\gOEYMkgs\mksw.exe
- %HOMEPATH%\gOEYMkgs\SMAM.exe
- %HOMEPATH%\gOEYMkgs\boMy.exe
- %HOMEPATH%\gOEYMkgs\mAcw.exe
- %HOMEPATH%\gOEYMkgs\RoUQ.exe
- %HOMEPATH%\gOEYMkgs\yIAi.exe
- %HOMEPATH%\gOEYMkgs\AUEG.exe
- %HOMEPATH%\gOEYMkgs\XkAk.exe
- %HOMEPATH%\gOEYMkgs\CUcK.exe
- %HOMEPATH%\gOEYMkgs\eUYa.exe
- %HOMEPATH%\gOEYMkgs\OsAE.exe
- %HOMEPATH%\gOEYMkgs\sMQQ.exe
- %HOMEPATH%\gOEYMkgs\FAEK.exe
- %HOMEPATH%\gOEYMkgs\yokY.exe
- %HOMEPATH%\gOEYMkgs\kMgi.exe
- %HOMEPATH%\gOEYMkgs\VgAC.exe
- %HOMEPATH%\gOEYMkgs\TkIC.exe
- %HOMEPATH%\gOEYMkgs\bQQC.exe
- %HOMEPATH%\gOEYMkgs\zIgk.exe
- %HOMEPATH%\gOEYMkgs\sAMc.exe
- %HOMEPATH%\gOEYMkgs\NEse.exe
- %HOMEPATH%\gOEYMkgs\NwQg.exe
- %HOMEPATH%\gOEYMkgs\DEAc.exe
- %HOMEPATH%\gOEYMkgs\asQg.exe
- %HOMEPATH%\gOEYMkgs\bUEc.exe
- %HOMEPATH%\gOEYMkgs\lYAw.exe
- %HOMEPATH%\gOEYMkgs\mMQy.exe
- %HOMEPATH%\gOEYMkgs\zYoG.exe
- %HOMEPATH%\gOEYMkgs\tkkS.exe
- %HOMEPATH%\gOEYMkgs\HwAq.exe
- %HOMEPATH%\gOEYMkgs\MQos.exe
- %HOMEPATH%\gOEYMkgs\gsQi.exe
- %HOMEPATH%\gOEYMkgs\xgEi.exe
- %HOMEPATH%\gOEYMkgs\TMAq.exe
- %HOMEPATH%\gOEYMkgs\LYsk.exe
- %HOMEPATH%\gOEYMkgs\fYAw.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'