Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '%TEMP%\setup.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\setup.exe
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\FMEO.exe
- %HOMEPATH%\gOEYMkgs\jAkA.exe
- %HOMEPATH%\gOEYMkgs\DkUE.exe
- %HOMEPATH%\gOEYMkgs\ZooW.exe
- %HOMEPATH%\gOEYMkgs\hMYG.exe
- %HOMEPATH%\gOEYMkgs\PkkI.exe
- %HOMEPATH%\gOEYMkgs\tEEW.exe
- %HOMEPATH%\gOEYMkgs\Docq.exe
- %HOMEPATH%\gOEYMkgs\pkgE.exe
- %HOMEPATH%\gOEYMkgs\Foom.exe
- %HOMEPATH%\gOEYMkgs\FkMu.exe
- %HOMEPATH%\gOEYMkgs\GAUm.exe
- %HOMEPATH%\gOEYMkgs\DUwK.exe
- %HOMEPATH%\gOEYMkgs\BsoO.exe
- %HOMEPATH%\gOEYMkgs\cUUy.exe
- %HOMEPATH%\gOEYMkgs\DMAq.exe
- %HOMEPATH%\gOEYMkgs\KkgS.exe
- %HOMEPATH%\gOEYMkgs\wIsW.exe
- %HOMEPATH%\gOEYMkgs\OIoW.exe
- %HOMEPATH%\gOEYMkgs\hMYE.exe
- %HOMEPATH%\gOEYMkgs\PMQA.exe
- %HOMEPATH%\gOEYMkgs\TMci.exe
- %HOMEPATH%\gOEYMkgs\wMIm.exe
- %HOMEPATH%\gOEYMkgs\iMMa.exe
- %HOMEPATH%\gOEYMkgs\rAwQ.exe
- %HOMEPATH%\gOEYMkgs\asMu.exe
- %HOMEPATH%\gOEYMkgs\PwMS.exe
- %HOMEPATH%\gOEYMkgs\iUMo.exe
- %HOMEPATH%\gOEYMkgs\KYEG.exe
- %HOMEPATH%\gOEYMkgs\EQoU.exe
- %HOMEPATH%\gOEYMkgs\vIAO.exe
- %HOMEPATH%\gOEYMkgs\CQMM.exe
- %TEMP%\WER1b56.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\eEss.exe
- %HOMEPATH%\gOEYMkgs\wgow.exe
- %HOMEPATH%\gOEYMkgs\EYIo.exe
- %HOMEPATH%\gOEYMkgs\ncQW.exe
- %HOMEPATH%\gOEYMkgs\AQsA.exe
- %HOMEPATH%\gOEYMkgs\GsUI.exe
- %HOMEPATH%\gOEYMkgs\fAEw.exe
- %HOMEPATH%\gOEYMkgs\iEMe.exe
- %HOMEPATH%\gOEYMkgs\jIwq.exe
- %HOMEPATH%\gOEYMkgs\OscC.exe
- %HOMEPATH%\gOEYMkgs\FoAG.exe
- %HOMEPATH%\gOEYMkgs\kssS.exe
- %HOMEPATH%\gOEYMkgs\GMkm.exe
- %HOMEPATH%\gOEYMkgs\JIsq.exe
- %HOMEPATH%\gOEYMkgs\Ykkq.exe
- %HOMEPATH%\gOEYMkgs\gwsI.exe
- %HOMEPATH%\gOEYMkgs\RIcm.exe
- %HOMEPATH%\gOEYMkgs\Pgcq.exe
- %HOMEPATH%\gOEYMkgs\uUoQ.exe
- %HOMEPATH%\gOEYMkgs\lIQw.exe
- %HOMEPATH%\gOEYMkgs\bosM.exe
- %HOMEPATH%\gOEYMkgs\xsws.exe
- %HOMEPATH%\gOEYMkgs\RAEo.exe
- %HOMEPATH%\gOEYMkgs\XQgs.exe
- %HOMEPATH%\gOEYMkgs\sIIO.exe
- %TEMP%\WER90db.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\SIAW.exe
- %TEMP%\WER90db.dir00\manifest.txt
- %TEMP%\WER90db.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\dAoM.exe
- %HOMEPATH%\gOEYMkgs\ssES.exe
- %HOMEPATH%\gOEYMkgs\roAu.exe
- %HOMEPATH%\gOEYMkgs\IAES.exe
- %HOMEPATH%\gOEYMkgs\VQgC.exe
- %HOMEPATH%\gOEYMkgs\logA.exe
- %HOMEPATH%\gOEYMkgs\rEkW.exe
- %HOMEPATH%\gOEYMkgs\iocu.exe
- %HOMEPATH%\gOEYMkgs\VUEW.exe
- %HOMEPATH%\gOEYMkgs\gEUK.exe
- %HOMEPATH%\gOEYMkgs\uEQW.exe
- %HOMEPATH%\gOEYMkgs\QYEW.exe
- %HOMEPATH%\gOEYMkgs\zAgI.exe
- %HOMEPATH%\gOEYMkgs\WAAA.exe
- %HOMEPATH%\gOEYMkgs\pkUK.exe
- %HOMEPATH%\gOEYMkgs\WEQk.exe
- %HOMEPATH%\gOEYMkgs\GwoE.exe
- %HOMEPATH%\gOEYMkgs\NsAq.exe
- %HOMEPATH%\gOEYMkgs\HAAG.exe
- %HOMEPATH%\gOEYMkgs\nIQC.exe
- %HOMEPATH%\gOEYMkgs\jwUs.exe
- %HOMEPATH%\gOEYMkgs\NocC.exe
- %HOMEPATH%\gOEYMkgs\aIIi.exe
- %HOMEPATH%\gOEYMkgs\kAcy.exe
- %HOMEPATH%\gOEYMkgs\rAMA.exe
- %HOMEPATH%\gOEYMkgs\IYYY.exe
- %HOMEPATH%\gOEYMkgs\bYQM.exe
- %HOMEPATH%\gOEYMkgs\xAUM.exe
- %HOMEPATH%\gOEYMkgs\bcAm.exe
- %HOMEPATH%\gOEYMkgs\gYok.exe
- %HOMEPATH%\gOEYMkgs\LEEy.exe
- %TEMP%\WER90db.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\eAYK.exe
- %HOMEPATH%\gOEYMkgs\AUsW.exe
- %HOMEPATH%\gOEYMkgs\JgEa.exe
- %HOMEPATH%\gOEYMkgs\eIEM.exe
- %HOMEPATH%\gOEYMkgs\VEgQ.exe
- %HOMEPATH%\gOEYMkgs\QwIY.exe
- %HOMEPATH%\gOEYMkgs\lgQa.exe
- %TEMP%\WER1b56.dir00\appcompat.txt
- %TEMP%\WERad73.dir00\manifest.txt
- %TEMP%\WERad73.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\FUME.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\zswg.exe
- %TEMP%\WERad73.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\TQoS.exe
- %HOMEPATH%\gOEYMkgs\IwkO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\jAAa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\WgUe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\wIcG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\TgAy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\JQoc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\TMEi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\RsIA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %TEMP%\WER3677.dir00\manifest.txt
- %TEMP%\WER3677.dir00\appcompat.txt
- %TEMP%\WER3677.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\eoAI.exe
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER3677.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\usoG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\dUMU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %TEMP%\WERad73.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\RYYm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\YMIm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\EAEa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\oMEu.exe
- %HOMEPATH%\gOEYMkgs\OcQg.exe
- %HOMEPATH%\gOEYMkgs\fQsg.exe
- %HOMEPATH%\gOEYMkgs\sIAi.exe
- %HOMEPATH%\gOEYMkgs\jggI.exe
- %HOMEPATH%\gOEYMkgs\lEYS.exe
- %HOMEPATH%\gOEYMkgs\Jwou.exe
- %HOMEPATH%\gOEYMkgs\PcIe.exe
- %HOMEPATH%\gOEYMkgs\jkci.exe
- %HOMEPATH%\gOEYMkgs\LcQO.exe
- %HOMEPATH%\gOEYMkgs\XcYC.exe
- %HOMEPATH%\gOEYMkgs\Owwa.exe
- %HOMEPATH%\gOEYMkgs\PAAw.exe
- %HOMEPATH%\gOEYMkgs\hEke.exe
- %HOMEPATH%\gOEYMkgs\zQgM.exe
- %HOMEPATH%\gOEYMkgs\ywYq.exe
- %TEMP%\WER1b56.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\HIgw.exe
- %HOMEPATH%\gOEYMkgs\MAoW.exe
- %HOMEPATH%\gOEYMkgs\NkkY.exe
- %TEMP%\WER1b56.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\EQwy.exe
- %HOMEPATH%\gOEYMkgs\UwwO.exe
- %HOMEPATH%\gOEYMkgs\LgEU.exe
- %HOMEPATH%\gOEYMkgs\lcQG.exe
- %HOMEPATH%\gOEYMkgs\XIYK.exe
- %HOMEPATH%\gOEYMkgs\bwMm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\GMwQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\jEEg.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\JQQA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\YcwA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\xgsK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\BQgC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\LMwA.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\ZcYm.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\QMwo.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\TEUw.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\VMMu.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\toUq.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\OIoW.exe
- %HOMEPATH%\gOEYMkgs\BsoO.exe
- %HOMEPATH%\gOEYMkgs\KkgS.exe
- %HOMEPATH%\gOEYMkgs\wIsW.exe
- %HOMEPATH%\gOEYMkgs\cUUy.exe
- %HOMEPATH%\gOEYMkgs\iMMa.exe
- %HOMEPATH%\gOEYMkgs\rAwQ.exe
- %HOMEPATH%\gOEYMkgs\DMAq.exe
- %HOMEPATH%\gOEYMkgs\wMIm.exe
- %HOMEPATH%\gOEYMkgs\kAcy.exe
- %HOMEPATH%\gOEYMkgs\rAMA.exe
- %HOMEPATH%\gOEYMkgs\WEQk.exe
- %HOMEPATH%\gOEYMkgs\GwoE.exe
- %HOMEPATH%\gOEYMkgs\IYYY.exe
- %HOMEPATH%\gOEYMkgs\aIIi.exe
- %HOMEPATH%\gOEYMkgs\Pgcq.exe
- %HOMEPATH%\gOEYMkgs\jwUs.exe
- %HOMEPATH%\gOEYMkgs\NocC.exe
- %HOMEPATH%\gOEYMkgs\hMYE.exe
- %HOMEPATH%\gOEYMkgs\GAUm.exe
- %HOMEPATH%\gOEYMkgs\tEEW.exe
- %HOMEPATH%\gOEYMkgs\Foom.exe
- %HOMEPATH%\gOEYMkgs\FkMu.exe
- %HOMEPATH%\gOEYMkgs\Docq.exe
- %HOMEPATH%\gOEYMkgs\OscC.exe
- %HOMEPATH%\gOEYMkgs\FoAG.exe
- %HOMEPATH%\gOEYMkgs\pkgE.exe
- %HOMEPATH%\gOEYMkgs\jIwq.exe
- %HOMEPATH%\gOEYMkgs\DUwK.exe
- %HOMEPATH%\gOEYMkgs\ZooW.exe
- %HOMEPATH%\gOEYMkgs\PMQA.exe
- %HOMEPATH%\gOEYMkgs\TMci.exe
- %HOMEPATH%\gOEYMkgs\hMYG.exe
- %HOMEPATH%\gOEYMkgs\jAkA.exe
- %HOMEPATH%\gOEYMkgs\DkUE.exe
- %HOMEPATH%\gOEYMkgs\PkkI.exe
- %HOMEPATH%\gOEYMkgs\FMEO.exe
- %HOMEPATH%\gOEYMkgs\pkUK.exe
- %HOMEPATH%\gOEYMkgs\uEQW.exe
- %HOMEPATH%\gOEYMkgs\ssES.exe
- %HOMEPATH%\gOEYMkgs\VUEW.exe
- %HOMEPATH%\gOEYMkgs\gEUK.exe
- %HOMEPATH%\gOEYMkgs\xsws.exe
- %HOMEPATH%\gOEYMkgs\uUoQ.exe
- %HOMEPATH%\gOEYMkgs\lIQw.exe
- %HOMEPATH%\gOEYMkgs\RAEo.exe
- %HOMEPATH%\gOEYMkgs\XQgs.exe
- %HOMEPATH%\gOEYMkgs\iocu.exe
- %HOMEPATH%\gOEYMkgs\roAu.exe
- %HOMEPATH%\gOEYMkgs\logA.exe
- %HOMEPATH%\gOEYMkgs\rEkW.exe
- %HOMEPATH%\gOEYMkgs\IAES.exe
- %HOMEPATH%\gOEYMkgs\zAgI.exe
- %HOMEPATH%\gOEYMkgs\WAAA.exe
- %HOMEPATH%\gOEYMkgs\VQgC.exe
- %HOMEPATH%\gOEYMkgs\QYEW.exe
- %HOMEPATH%\gOEYMkgs\bosM.exe
- %HOMEPATH%\gOEYMkgs\AUsW.exe
- %HOMEPATH%\gOEYMkgs\JgEa.exe
- %HOMEPATH%\gOEYMkgs\QwIY.exe
- %HOMEPATH%\gOEYMkgs\lgQa.exe
- %HOMEPATH%\gOEYMkgs\eIEM.exe
- %HOMEPATH%\gOEYMkgs\HAAG.exe
- %HOMEPATH%\gOEYMkgs\nIQC.exe
- %HOMEPATH%\gOEYMkgs\bYQM.exe
- %HOMEPATH%\gOEYMkgs\NsAq.exe
- %HOMEPATH%\gOEYMkgs\SIAW.exe
- %HOMEPATH%\gOEYMkgs\LEEy.exe
- %HOMEPATH%\gOEYMkgs\dAoM.exe
- %HOMEPATH%\gOEYMkgs\sIIO.exe
- %HOMEPATH%\gOEYMkgs\eAYK.exe
- %HOMEPATH%\gOEYMkgs\gYok.exe
- %HOMEPATH%\gOEYMkgs\VEgQ.exe
- %HOMEPATH%\gOEYMkgs\xAUM.exe
- %HOMEPATH%\gOEYMkgs\bcAm.exe
- %HOMEPATH%\gOEYMkgs\GsUI.exe
- %HOMEPATH%\gOEYMkgs\jEEg.exe
- %HOMEPATH%\gOEYMkgs\JQQA.exe
- %HOMEPATH%\gOEYMkgs\TEUw.exe
- %HOMEPATH%\gOEYMkgs\VMMu.exe
- %HOMEPATH%\gOEYMkgs\GMwQ.exe
- %HOMEPATH%\gOEYMkgs\YcwA.exe
- %HOMEPATH%\gOEYMkgs\OcQg.exe
- %HOMEPATH%\gOEYMkgs\xgsK.exe
- %HOMEPATH%\gOEYMkgs\BQgC.exe
- %HOMEPATH%\gOEYMkgs\jkci.exe
- %HOMEPATH%\gOEYMkgs\LcQO.exe
- %HOMEPATH%\gOEYMkgs\PAAw.exe
- %HOMEPATH%\gOEYMkgs\hEke.exe
- %HOMEPATH%\gOEYMkgs\XcYC.exe
- %HOMEPATH%\gOEYMkgs\ZcYm.exe
- %HOMEPATH%\gOEYMkgs\toUq.exe
- %HOMEPATH%\gOEYMkgs\QMwo.exe
- %HOMEPATH%\gOEYMkgs\LMwA.exe
- %HOMEPATH%\gOEYMkgs\TgAy.exe
- %HOMEPATH%\gOEYMkgs\dUMU.exe
- %HOMEPATH%\gOEYMkgs\EAEa.exe
- %HOMEPATH%\gOEYMkgs\TQoS.exe
- %HOMEPATH%\gOEYMkgs\RYYm.exe
- %TEMP%\eAAYsoQA.bat
- %HOMEPATH%\gOEYMkgs\usoG.exe
- %HOMEPATH%\gOEYMkgs\eoAI.exe
- %HOMEPATH%\gOEYMkgs\oMEu.exe
- %HOMEPATH%\gOEYMkgs\YMIm.exe
- %HOMEPATH%\gOEYMkgs\RsIA.exe
- %HOMEPATH%\gOEYMkgs\JQoc.exe
- %HOMEPATH%\gOEYMkgs\WgUe.exe
- %HOMEPATH%\gOEYMkgs\wIcG.exe
- %HOMEPATH%\gOEYMkgs\TMEi.exe
- %HOMEPATH%\gOEYMkgs\IwkO.exe
- %HOMEPATH%\gOEYMkgs\jAAa.exe
- %HOMEPATH%\gOEYMkgs\FUME.exe
- %HOMEPATH%\gOEYMkgs\zswg.exe
- %HOMEPATH%\gOEYMkgs\Owwa.exe
- %HOMEPATH%\gOEYMkgs\vIAO.exe
- %HOMEPATH%\gOEYMkgs\asMu.exe
- %HOMEPATH%\gOEYMkgs\KYEG.exe
- %HOMEPATH%\gOEYMkgs\EQoU.exe
- %HOMEPATH%\gOEYMkgs\PwMS.exe
- %HOMEPATH%\gOEYMkgs\EYIo.exe
- %HOMEPATH%\gOEYMkgs\ncQW.exe
- %HOMEPATH%\gOEYMkgs\iUMo.exe
- %HOMEPATH%\gOEYMkgs\wgow.exe
- %HOMEPATH%\gOEYMkgs\Ykkq.exe
- %HOMEPATH%\gOEYMkgs\gwsI.exe
- %HOMEPATH%\gOEYMkgs\fAEw.exe
- %HOMEPATH%\gOEYMkgs\iEMe.exe
- %HOMEPATH%\gOEYMkgs\RIcm.exe
- %HOMEPATH%\gOEYMkgs\JIsq.exe
- %HOMEPATH%\gOEYMkgs\AQsA.exe
- %HOMEPATH%\gOEYMkgs\kssS.exe
- %HOMEPATH%\gOEYMkgs\GMkm.exe
- %HOMEPATH%\gOEYMkgs\CQMM.exe
- %HOMEPATH%\gOEYMkgs\zQgM.exe
- %HOMEPATH%\gOEYMkgs\lEYS.exe
- %HOMEPATH%\gOEYMkgs\UwwO.exe
- %HOMEPATH%\gOEYMkgs\LgEU.exe
- %HOMEPATH%\gOEYMkgs\Jwou.exe
- %HOMEPATH%\gOEYMkgs\sIAi.exe
- %HOMEPATH%\gOEYMkgs\jggI.exe
- %HOMEPATH%\gOEYMkgs\PcIe.exe
- %HOMEPATH%\gOEYMkgs\fQsg.exe
- %HOMEPATH%\gOEYMkgs\NkkY.exe
- %HOMEPATH%\gOEYMkgs\ywYq.exe
- %HOMEPATH%\gOEYMkgs\eEss.exe
- %HOMEPATH%\gOEYMkgs\MAoW.exe
- %HOMEPATH%\gOEYMkgs\HIgw.exe
- %HOMEPATH%\gOEYMkgs\bwMm.exe
- %HOMEPATH%\gOEYMkgs\EQwy.exe
- %HOMEPATH%\gOEYMkgs\lcQG.exe
- %HOMEPATH%\gOEYMkgs\XIYK.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'