Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '%TEMP%\update.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\update.exe
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\MkMg.exe
- %HOMEPATH%\gOEYMkgs\REEA.exe
- %HOMEPATH%\gOEYMkgs\EIAi.exe
- %TEMP%\WERe3fb.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\xEcI.exe
- %HOMEPATH%\gOEYMkgs\uAsA.exe
- %HOMEPATH%\gOEYMkgs\gsMS.exe
- %HOMEPATH%\gOEYMkgs\KMUk.exe
- %HOMEPATH%\gOEYMkgs\XMAU.exe
- %HOMEPATH%\gOEYMkgs\vosQ.exe
- %HOMEPATH%\gOEYMkgs\WMUI.exe
- %TEMP%\WERe3fb.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\hkIQ.exe
- %HOMEPATH%\gOEYMkgs\RcAm.exe
- %HOMEPATH%\gOEYMkgs\dwAG.exe
- %TEMP%\WERe3fb.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\iwwQ.exe
- %HOMEPATH%\gOEYMkgs\rQAu.exe
- %TEMP%\WERe3fb.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\yscE.exe
- %HOMEPATH%\gOEYMkgs\CEog.exe
- %HOMEPATH%\gOEYMkgs\qgoO.exe
- %HOMEPATH%\gOEYMkgs\RMIE.exe
- %HOMEPATH%\gOEYMkgs\igoc.exe
- %HOMEPATH%\gOEYMkgs\NskQ.exe
- %HOMEPATH%\gOEYMkgs\KIsY.exe
- %HOMEPATH%\gOEYMkgs\PYsi.exe
- %HOMEPATH%\gOEYMkgs\wAMA.exe
- %HOMEPATH%\gOEYMkgs\EkMQ.exe
- %HOMEPATH%\gOEYMkgs\HsYa.exe
- %HOMEPATH%\gOEYMkgs\VIMW.exe
- %HOMEPATH%\gOEYMkgs\Rggg.exe
- %HOMEPATH%\gOEYMkgs\xMoQ.exe
- %HOMEPATH%\gOEYMkgs\GgcQ.exe
- %HOMEPATH%\gOEYMkgs\tAEw.exe
- %HOMEPATH%\gOEYMkgs\bEcY.exe
- %HOMEPATH%\gOEYMkgs\zcUK.exe
- %HOMEPATH%\gOEYMkgs\bogM.exe
- %HOMEPATH%\gOEYMkgs\pcYA.exe
- %HOMEPATH%\gOEYMkgs\UoIu.exe
- %HOMEPATH%\gOEYMkgs\UAEU.exe
- %HOMEPATH%\gOEYMkgs\RMoE.exe
- %HOMEPATH%\gOEYMkgs\OgkK.exe
- %HOMEPATH%\gOEYMkgs\GswW.exe
- %HOMEPATH%\gOEYMkgs\TsIo.exe
- %HOMEPATH%\gOEYMkgs\OwkE.exe
- %HOMEPATH%\gOEYMkgs\MIIA.exe
- %HOMEPATH%\gOEYMkgs\hcAE.exe
- %HOMEPATH%\gOEYMkgs\aMEs.exe
- %HOMEPATH%\gOEYMkgs\cogm.exe
- %HOMEPATH%\gOEYMkgs\osQc.exe
- %HOMEPATH%\gOEYMkgs\jUsu.exe
- %HOMEPATH%\gOEYMkgs\dgAc.exe
- %HOMEPATH%\gOEYMkgs\eYUs.exe
- %TEMP%\WER5f9f.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\YYgW.exe
- %HOMEPATH%\gOEYMkgs\KUAg.exe
- %HOMEPATH%\gOEYMkgs\OIsA.exe
- %HOMEPATH%\gOEYMkgs\OksW.exe
- %HOMEPATH%\gOEYMkgs\KoQO.exe
- %HOMEPATH%\gOEYMkgs\igIK.exe
- %HOMEPATH%\gOEYMkgs\zsws.exe
- %HOMEPATH%\gOEYMkgs\KEku.exe
- %HOMEPATH%\gOEYMkgs\GUQu.exe
- %HOMEPATH%\gOEYMkgs\GQAo.exe
- %HOMEPATH%\gOEYMkgs\HEkQ.exe
- %HOMEPATH%\gOEYMkgs\fAko.exe
- %HOMEPATH%\gOEYMkgs\HcsQ.exe
- %HOMEPATH%\gOEYMkgs\NsAo.exe
- %HOMEPATH%\gOEYMkgs\lUwo.exe
- %HOMEPATH%\gOEYMkgs\oAQG.exe
- %HOMEPATH%\gOEYMkgs\qokc.exe
- %HOMEPATH%\gOEYMkgs\KEws.exe
- %HOMEPATH%\gOEYMkgs\NwUe.exe
- %HOMEPATH%\gOEYMkgs\Ukow.exe
- %HOMEPATH%\gOEYMkgs\oIUI.exe
- %HOMEPATH%\gOEYMkgs\pUIE.exe
- %HOMEPATH%\gOEYMkgs\LoAQ.exe
- %HOMEPATH%\gOEYMkgs\WEQm.exe
- %HOMEPATH%\gOEYMkgs\bIQY.exe
- %HOMEPATH%\gOEYMkgs\lMwo.exe
- %HOMEPATH%\gOEYMkgs\hAoY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\qgsW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\DgIW.exe
- %HOMEPATH%\gOEYMkgs\iUcW.exe
- %HOMEPATH%\gOEYMkgs\fggy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\jwII.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\pscM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\Mgkw.exe
- %HOMEPATH%\gOEYMkgs\UMAW.exe
- %HOMEPATH%\gOEYMkgs\EosK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %TEMP%\WERffb3.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\caQc.txt
- %TEMP%\WERffb3.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERffb3.dir00\manifest.txt
- %TEMP%\WERffb3.dir00\appcompat.txt
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\GgQY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\jMQI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\iIwg.exe
- %HOMEPATH%\gOEYMkgs\PEIg.exe
- %HOMEPATH%\gOEYMkgs\kQkk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\Esce.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\PIgY.exe
- %HOMEPATH%\gOEYMkgs\TAIO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %TEMP%\WER6baa.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\Bwsm.exe
- %HOMEPATH%\gOEYMkgs\ykoY.exe
- %TEMP%\WER6baa.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\CUki.exe
- %HOMEPATH%\gOEYMkgs\PEoA.exe
- %HOMEPATH%\gOEYMkgs\JQko.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\EgkS.exe
- %HOMEPATH%\gOEYMkgs\nAkU.exe
- %TEMP%\WER6baa.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\DIYO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\sUoU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\ekku.exe
- %HOMEPATH%\gOEYMkgs\PwEy.exe
- %HOMEPATH%\gOEYMkgs\pkUU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %TEMP%\WER6baa.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\tUcq.exe
- %HOMEPATH%\gOEYMkgs\Ccwu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\CIAq.exe
- %HOMEPATH%\gOEYMkgs\KsEe.exe
- %HOMEPATH%\gOEYMkgs\REYO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\fAko.exe
- %HOMEPATH%\gOEYMkgs\HEkQ.exe
- %HOMEPATH%\gOEYMkgs\HcsQ.exe
- %HOMEPATH%\gOEYMkgs\hkIQ.exe
- %HOMEPATH%\gOEYMkgs\dwAG.exe
- %HOMEPATH%\gOEYMkgs\RcAm.exe
- %HOMEPATH%\gOEYMkgs\lUwo.exe
- %HOMEPATH%\gOEYMkgs\KEku.exe
- %HOMEPATH%\gOEYMkgs\GQAo.exe
- %HOMEPATH%\gOEYMkgs\GUQu.exe
- %HOMEPATH%\gOEYMkgs\NsAo.exe
- %HOMEPATH%\gOEYMkgs\zsws.exe
- %HOMEPATH%\gOEYMkgs\igIK.exe
- %HOMEPATH%\gOEYMkgs\WMUI.exe
- %HOMEPATH%\gOEYMkgs\KMUk.exe
- %HOMEPATH%\gOEYMkgs\vosQ.exe
- %HOMEPATH%\gOEYMkgs\XMAU.exe
- %HOMEPATH%\gOEYMkgs\GgcQ.exe
- %HOMEPATH%\gOEYMkgs\gsMS.exe
- %HOMEPATH%\gOEYMkgs\uAsA.exe
- %HOMEPATH%\gOEYMkgs\REEA.exe
- %HOMEPATH%\gOEYMkgs\iwwQ.exe
- %HOMEPATH%\gOEYMkgs\rQAu.exe
- %HOMEPATH%\gOEYMkgs\yscE.exe
- %HOMEPATH%\gOEYMkgs\MkMg.exe
- %HOMEPATH%\gOEYMkgs\EIAi.exe
- %HOMEPATH%\gOEYMkgs\xEcI.exe
- %HOMEPATH%\gOEYMkgs\pUIE.exe
- %HOMEPATH%\gOEYMkgs\TsIo.exe
- %HOMEPATH%\gOEYMkgs\GswW.exe
- %HOMEPATH%\gOEYMkgs\KUAg.exe
- %HOMEPATH%\gOEYMkgs\RMoE.exe
- %HOMEPATH%\gOEYMkgs\UAEU.exe
- %HOMEPATH%\gOEYMkgs\OgkK.exe
- %HOMEPATH%\gOEYMkgs\YYgW.exe
- %HOMEPATH%\gOEYMkgs\jUsu.exe
- %HOMEPATH%\gOEYMkgs\osQc.exe
- %HOMEPATH%\gOEYMkgs\dgAc.exe
- %HOMEPATH%\gOEYMkgs\OIsA.exe
- %HOMEPATH%\gOEYMkgs\KoQO.exe
- %HOMEPATH%\gOEYMkgs\OksW.exe
- %HOMEPATH%\gOEYMkgs\aMEs.exe
- %HOMEPATH%\gOEYMkgs\WEQm.exe
- %HOMEPATH%\gOEYMkgs\qokc.exe
- %HOMEPATH%\gOEYMkgs\oAQG.exe
- %HOMEPATH%\gOEYMkgs\oIUI.exe
- %HOMEPATH%\gOEYMkgs\LoAQ.exe
- %HOMEPATH%\gOEYMkgs\bIQY.exe
- %HOMEPATH%\gOEYMkgs\KEws.exe
- %HOMEPATH%\gOEYMkgs\OwkE.exe
- %HOMEPATH%\gOEYMkgs\hcAE.exe
- %HOMEPATH%\gOEYMkgs\cogm.exe
- %HOMEPATH%\gOEYMkgs\Ukow.exe
- %HOMEPATH%\gOEYMkgs\NwUe.exe
- %HOMEPATH%\gOEYMkgs\MIIA.exe
- %HOMEPATH%\gOEYMkgs\tAEw.exe
- %HOMEPATH%\gOEYMkgs\pkUU.exe
- %HOMEPATH%\gOEYMkgs\DIYO.exe
- %HOMEPATH%\gOEYMkgs\sUoU.exe
- %HOMEPATH%\gOEYMkgs\pscM.exe
- %HOMEPATH%\gOEYMkgs\ekku.exe
- %HOMEPATH%\gOEYMkgs\PwEy.exe
- %HOMEPATH%\gOEYMkgs\CIAq.exe
- %HOMEPATH%\gOEYMkgs\tUcq.exe
- %HOMEPATH%\gOEYMkgs\Ccwu.exe
- %HOMEPATH%\gOEYMkgs\TAIO.exe
- %HOMEPATH%\gOEYMkgs\KsEe.exe
- %TEMP%\JCswcwkc.bat
- %HOMEPATH%\gOEYMkgs\REYO.exe
- %HOMEPATH%\gOEYMkgs\jwII.exe
- %HOMEPATH%\gOEYMkgs\GgQY.exe
- %HOMEPATH%\gOEYMkgs\jMQI.exe
- %HOMEPATH%\gOEYMkgs\DgIW.exe
- %HOMEPATH%\gOEYMkgs\iIwg.exe
- %HOMEPATH%\gOEYMkgs\PEIg.exe
- %HOMEPATH%\gOEYMkgs\kQkk.exe
- %HOMEPATH%\gOEYMkgs\iUcW.exe
- %HOMEPATH%\gOEYMkgs\Mgkw.exe
- %HOMEPATH%\gOEYMkgs\UMAW.exe
- %HOMEPATH%\gOEYMkgs\EosK.exe
- %HOMEPATH%\gOEYMkgs\fggy.exe
- %HOMEPATH%\gOEYMkgs\hAoY.exe
- %HOMEPATH%\gOEYMkgs\qgsW.exe
- %HOMEPATH%\gOEYMkgs\Bwsm.exe
- %HOMEPATH%\gOEYMkgs\NskQ.exe
- %HOMEPATH%\gOEYMkgs\igoc.exe
- %HOMEPATH%\gOEYMkgs\zcUK.exe
- %HOMEPATH%\gOEYMkgs\qgoO.exe
- %HOMEPATH%\gOEYMkgs\CEog.exe
- %HOMEPATH%\gOEYMkgs\RMIE.exe
- %HOMEPATH%\gOEYMkgs\bEcY.exe
- %HOMEPATH%\gOEYMkgs\Rggg.exe
- %HOMEPATH%\gOEYMkgs\VIMW.exe
- %HOMEPATH%\gOEYMkgs\xMoQ.exe
- %HOMEPATH%\gOEYMkgs\bogM.exe
- %HOMEPATH%\gOEYMkgs\UoIu.exe
- %HOMEPATH%\gOEYMkgs\pcYA.exe
- %HOMEPATH%\gOEYMkgs\EkMQ.exe
- %HOMEPATH%\gOEYMkgs\nAkU.exe
- %HOMEPATH%\gOEYMkgs\ykoY.exe
- %HOMEPATH%\gOEYMkgs\CUki.exe
- %HOMEPATH%\gOEYMkgs\Esce.exe
- %HOMEPATH%\gOEYMkgs\PIgY.exe
- %HOMEPATH%\gOEYMkgs\EgkS.exe
- %HOMEPATH%\gOEYMkgs\JQko.exe
- %HOMEPATH%\gOEYMkgs\KIsY.exe
- %HOMEPATH%\gOEYMkgs\wAMA.exe
- %HOMEPATH%\gOEYMkgs\HsYa.exe
- %HOMEPATH%\gOEYMkgs\PEoA.exe
- %HOMEPATH%\gOEYMkgs\lMwo.exe
- %HOMEPATH%\gOEYMkgs\PYsi.exe
- %HOMEPATH%\gOEYMkgs\REYO.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'