Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- расширений файлов
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\REMq.exe
- %HOMEPATH%\gOEYMkgs\voYq.exe
- %HOMEPATH%\gOEYMkgs\HUUg.exe
- %HOMEPATH%\gOEYMkgs\NkEq.exe
- %HOMEPATH%\gOEYMkgs\mgkO.exe
- %HOMEPATH%\gOEYMkgs\PMAq.exe
- %HOMEPATH%\gOEYMkgs\nEIA.exe
- %HOMEPATH%\gOEYMkgs\Joks.exe
- %HOMEPATH%\gOEYMkgs\WMcG.exe
- %HOMEPATH%\gOEYMkgs\bsAu.exe
- %HOMEPATH%\gOEYMkgs\ygom.exe
- %HOMEPATH%\gOEYMkgs\VUsw.exe
- %HOMEPATH%\gOEYMkgs\fowO.exe
- %HOMEPATH%\gOEYMkgs\OIgs.exe
- %HOMEPATH%\gOEYMkgs\Zscs.exe
- %HOMEPATH%\gOEYMkgs\NUwi.exe
- %HOMEPATH%\gOEYMkgs\jwIq.exe
- %HOMEPATH%\gOEYMkgs\CskK.exe
- %HOMEPATH%\gOEYMkgs\TMUk.exe
- %HOMEPATH%\gOEYMkgs\mAwk.exe
- %HOMEPATH%\gOEYMkgs\WMgo.exe
- %HOMEPATH%\gOEYMkgs\rQAu.exe
- %HOMEPATH%\gOEYMkgs\IMoc.exe
- %HOMEPATH%\gOEYMkgs\sAEG.exe
- %HOMEPATH%\gOEYMkgs\sUQW.exe
- %HOMEPATH%\gOEYMkgs\FYwk.exe
- %HOMEPATH%\gOEYMkgs\nkMI.exe
- %HOMEPATH%\gOEYMkgs\rIsq.exe
- %HOMEPATH%\gOEYMkgs\gooQ.exe
- %HOMEPATH%\gOEYMkgs\qYwM.exe
- %HOMEPATH%\gOEYMkgs\XYEK.exe
- %HOMEPATH%\gOEYMkgs\REsC.exe
- %HOMEPATH%\gOEYMkgs\Oksw.exe
- %HOMEPATH%\gOEYMkgs\OUcc.exe
- %HOMEPATH%\gOEYMkgs\hQIU.exe
- %HOMEPATH%\gOEYMkgs\CMco.exe
- %HOMEPATH%\gOEYMkgs\jMwk.exe
- %HOMEPATH%\gOEYMkgs\ikUs.exe
- %HOMEPATH%\gOEYMkgs\rgoW.exe
- %HOMEPATH%\gOEYMkgs\CsIu.exe
- %HOMEPATH%\gOEYMkgs\vQYk.exe
- %HOMEPATH%\gOEYMkgs\wAww.exe
- %HOMEPATH%\gOEYMkgs\lwEy.exe
- %HOMEPATH%\gOEYMkgs\oMwc.exe
- %HOMEPATH%\gOEYMkgs\FIQg.exe
- %HOMEPATH%\gOEYMkgs\ZMMU.exe
- %HOMEPATH%\gOEYMkgs\PMUu.exe
- %HOMEPATH%\gOEYMkgs\YUgA.exe
- %HOMEPATH%\gOEYMkgs\VwAi.exe
- %HOMEPATH%\gOEYMkgs\OQAS.exe
- %HOMEPATH%\gOEYMkgs\VssO.exe
- %HOMEPATH%\gOEYMkgs\eIwC.exe
- %HOMEPATH%\gOEYMkgs\RQIS.exe
- %HOMEPATH%\gOEYMkgs\fEAC.exe
- %HOMEPATH%\gOEYMkgs\MckE.exe
- %HOMEPATH%\gOEYMkgs\tsoE.exe
- %HOMEPATH%\gOEYMkgs\pIou.exe
- %HOMEPATH%\gOEYMkgs\rkMS.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %HOMEPATH%\gOEYMkgs\csIm.exe
- %HOMEPATH%\gOEYMkgs\ckMC.exe
- %HOMEPATH%\gOEYMkgs\sAEi.exe
- %HOMEPATH%\gOEYMkgs\cQQa.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\PgAG.exe
- %HOMEPATH%\gOEYMkgs\kkYa.exe
- %HOMEPATH%\gOEYMkgs\bMIe.exe
- %HOMEPATH%\gOEYMkgs\lcEk.exe
- %HOMEPATH%\gOEYMkgs\eQwe.exe
- %HOMEPATH%\gOEYMkgs\wgkI.exe
- %HOMEPATH%\gOEYMkgs\XsYQ.exe
- %HOMEPATH%\gOEYMkgs\HIYO.exe
- %HOMEPATH%\gOEYMkgs\SMEw.exe
- %HOMEPATH%\gOEYMkgs\jcMa.exe
- %HOMEPATH%\gOEYMkgs\GYsO.exe
- %HOMEPATH%\gOEYMkgs\GwkA.exe
- %HOMEPATH%\gOEYMkgs\fYQS.exe
- %HOMEPATH%\gOEYMkgs\cQsY.exe
- %HOMEPATH%\gOEYMkgs\fgwo.exe
- %HOMEPATH%\gOEYMkgs\oIkq.exe
- %HOMEPATH%\gOEYMkgs\XYoW.exe
- %HOMEPATH%\gOEYMkgs\GAYC.exe
- %HOMEPATH%\gOEYMkgs\rEcc.exe
- %HOMEPATH%\gOEYMkgs\mocU.exe
- %HOMEPATH%\gOEYMkgs\Rssm.exe
- %HOMEPATH%\gOEYMkgs\hske.exe
- %HOMEPATH%\gOEYMkgs\XscI.exe
- %HOMEPATH%\gOEYMkgs\KAUW.exe
- %HOMEPATH%\gOEYMkgs\dAIS.exe
- %HOMEPATH%\gOEYMkgs\JQQK.exe
- %HOMEPATH%\gOEYMkgs\AYwK.exe
- %HOMEPATH%\gOEYMkgs\ckEO.exe
- %HOMEPATH%\gOEYMkgs\fogm.exe
- %HOMEPATH%\gOEYMkgs\wwUK.exe
- %HOMEPATH%\gOEYMkgs\TwcU.exe
- %HOMEPATH%\gOEYMkgs\lMAq.exe
- %HOMEPATH%\gOEYMkgs\RQMs.exe
- %HOMEPATH%\gOEYMkgs\pQAa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\koQA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\GQYA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\PIku.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\Zcso.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\rkoK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\JcMG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\hwUY.exe
- %HOMEPATH%\gOEYMkgs\Isge.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- <Текущая директория>\<Имя файла>
- %HOMEPATH%\gOEYMkgs\hYwW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\swkm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\dEAE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %TEMP%\WEReb4d.dir00\appcompat.txt
- %TEMP%\WEReb4d.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WEReb4d.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\VsAW.exe
- %TEMP%\WEReb4d.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\EEou.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\uQkA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\zwwA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\xEce.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\bwMO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\EskI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\RIYu.exe
- %HOMEPATH%\gOEYMkgs\akko.exe
- %HOMEPATH%\gOEYMkgs\RcUO.exe
- %HOMEPATH%\gOEYMkgs\rsAi.exe
- %HOMEPATH%\gOEYMkgs\TEQm.exe
- %HOMEPATH%\gOEYMkgs\BcEK.exe
- %HOMEPATH%\gOEYMkgs\FsQy.exe
- %HOMEPATH%\gOEYMkgs\OYsc.exe
- %HOMEPATH%\gOEYMkgs\LQYs.exe
- %HOMEPATH%\gOEYMkgs\HUES.exe
- %HOMEPATH%\gOEYMkgs\uYgU.exe
- %HOMEPATH%\gOEYMkgs\MoAK.exe
- %HOMEPATH%\gOEYMkgs\tsYC.exe
- %HOMEPATH%\gOEYMkgs\hYgO.exe
- %HOMEPATH%\gOEYMkgs\dgAq.exe
- %HOMEPATH%\gOEYMkgs\UYUo.exe
- %HOMEPATH%\gOEYMkgs\eIsg.exe
- %HOMEPATH%\gOEYMkgs\CYwA.exe
- %HOMEPATH%\gOEYMkgs\IssA.exe
- %HOMEPATH%\gOEYMkgs\toYW.exe
- %HOMEPATH%\gOEYMkgs\fssa.exe
- %HOMEPATH%\gOEYMkgs\ZAkg.exe
- %HOMEPATH%\gOEYMkgs\OQYA.exe
- %HOMEPATH%\gOEYMkgs\ugQY.exe
- %HOMEPATH%\gOEYMkgs\Ksck.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\esEI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\LMMG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\LscM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\jUwG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\mIQk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\tcMU.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\kIgY.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\uYIU.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\nsgW.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\cAIi.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\ysUU.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\CskK.exe
- %HOMEPATH%\gOEYMkgs\fowO.exe
- %HOMEPATH%\gOEYMkgs\NUwi.exe
- %HOMEPATH%\gOEYMkgs\jwIq.exe
- %HOMEPATH%\gOEYMkgs\OIgs.exe
- %HOMEPATH%\gOEYMkgs\IMoc.exe
- %HOMEPATH%\gOEYMkgs\sAEG.exe
- %HOMEPATH%\gOEYMkgs\Zscs.exe
- %HOMEPATH%\gOEYMkgs\rQAu.exe
- %HOMEPATH%\gOEYMkgs\rEcc.exe
- %HOMEPATH%\gOEYMkgs\mocU.exe
- %HOMEPATH%\gOEYMkgs\GYsO.exe
- %HOMEPATH%\gOEYMkgs\GwkA.exe
- %HOMEPATH%\gOEYMkgs\Rssm.exe
- %HOMEPATH%\gOEYMkgs\GAYC.exe
- %HOMEPATH%\gOEYMkgs\VwAi.exe
- %HOMEPATH%\gOEYMkgs\oIkq.exe
- %HOMEPATH%\gOEYMkgs\XYoW.exe
- %HOMEPATH%\gOEYMkgs\TMUk.exe
- %HOMEPATH%\gOEYMkgs\nEIA.exe
- %HOMEPATH%\gOEYMkgs\Joks.exe
- %HOMEPATH%\gOEYMkgs\ygom.exe
- %HOMEPATH%\gOEYMkgs\VUsw.exe
- %HOMEPATH%\gOEYMkgs\WMcG.exe
- %HOMEPATH%\gOEYMkgs\wAww.exe
- %HOMEPATH%\gOEYMkgs\jMwk.exe
- %HOMEPATH%\gOEYMkgs\CsIu.exe
- %HOMEPATH%\gOEYMkgs\vQYk.exe
- %HOMEPATH%\gOEYMkgs\NkEq.exe
- %HOMEPATH%\gOEYMkgs\mgkO.exe
- %HOMEPATH%\gOEYMkgs\mAwk.exe
- %HOMEPATH%\gOEYMkgs\WMgo.exe
- %HOMEPATH%\gOEYMkgs\PMAq.exe
- %HOMEPATH%\gOEYMkgs\HUUg.exe
- %HOMEPATH%\gOEYMkgs\bsAu.exe
- %HOMEPATH%\gOEYMkgs\REMq.exe
- %HOMEPATH%\gOEYMkgs\voYq.exe
- %HOMEPATH%\gOEYMkgs\jcMa.exe
- %HOMEPATH%\gOEYMkgs\RQIS.exe
- %HOMEPATH%\gOEYMkgs\fEAC.exe
- %HOMEPATH%\gOEYMkgs\eQwe.exe
- %HOMEPATH%\gOEYMkgs\wgkI.exe
- %HOMEPATH%\gOEYMkgs\MckE.exe
- %HOMEPATH%\gOEYMkgs\eIwC.exe
- %HOMEPATH%\gOEYMkgs\csIm.exe
- %HOMEPATH%\gOEYMkgs\OQAS.exe
- %HOMEPATH%\gOEYMkgs\VssO.exe
- %HOMEPATH%\gOEYMkgs\bMIe.exe
- %HOMEPATH%\gOEYMkgs\sAEi.exe
- %HOMEPATH%\gOEYMkgs\PgAG.exe
- %HOMEPATH%\gOEYMkgs\kkYa.exe
- %HOMEPATH%\gOEYMkgs\cQQa.exe
- %HOMEPATH%\gOEYMkgs\SMEw.exe
- %HOMEPATH%\gOEYMkgs\lcEk.exe
- %HOMEPATH%\gOEYMkgs\XsYQ.exe
- %HOMEPATH%\gOEYMkgs\HIYO.exe
- %HOMEPATH%\gOEYMkgs\ckMC.exe
- %HOMEPATH%\gOEYMkgs\RQMs.exe
- %HOMEPATH%\gOEYMkgs\ckEO.exe
- %HOMEPATH%\gOEYMkgs\TwcU.exe
- %HOMEPATH%\gOEYMkgs\lMAq.exe
- %HOMEPATH%\gOEYMkgs\fogm.exe
- %HOMEPATH%\gOEYMkgs\cQsY.exe
- %HOMEPATH%\gOEYMkgs\fgwo.exe
- %HOMEPATH%\gOEYMkgs\wwUK.exe
- %HOMEPATH%\gOEYMkgs\fYQS.exe
- %HOMEPATH%\gOEYMkgs\rkMS.exe
- %HOMEPATH%\gOEYMkgs\dAIS.exe
- %HOMEPATH%\gOEYMkgs\tsoE.exe
- %HOMEPATH%\gOEYMkgs\pIou.exe
- %HOMEPATH%\gOEYMkgs\JQQK.exe
- %HOMEPATH%\gOEYMkgs\XscI.exe
- %HOMEPATH%\gOEYMkgs\KAUW.exe
- %HOMEPATH%\gOEYMkgs\AYwK.exe
- %HOMEPATH%\gOEYMkgs\hske.exe
- %HOMEPATH%\gOEYMkgs\ikUs.exe
- %HOMEPATH%\gOEYMkgs\LMMG.exe
- %HOMEPATH%\gOEYMkgs\Ksck.exe
- %HOMEPATH%\gOEYMkgs\nsgW.exe
- %HOMEPATH%\gOEYMkgs\cAIi.exe
- %HOMEPATH%\gOEYMkgs\esEI.exe
- %HOMEPATH%\gOEYMkgs\jUwG.exe
- %HOMEPATH%\gOEYMkgs\Isge.exe
- %HOMEPATH%\gOEYMkgs\mIQk.exe
- %HOMEPATH%\gOEYMkgs\LscM.exe
- %HOMEPATH%\gOEYMkgs\FsQy.exe
- %HOMEPATH%\gOEYMkgs\OYsc.exe
- %HOMEPATH%\gOEYMkgs\uYgU.exe
- %HOMEPATH%\gOEYMkgs\MoAK.exe
- %HOMEPATH%\gOEYMkgs\LQYs.exe
- %HOMEPATH%\gOEYMkgs\kIgY.exe
- %HOMEPATH%\gOEYMkgs\ysUU.exe
- %HOMEPATH%\gOEYMkgs\uYIU.exe
- %HOMEPATH%\gOEYMkgs\tcMU.exe
- %TEMP%\tGYkAYAQ.bat
- %HOMEPATH%\gOEYMkgs\zwwA.exe
- %HOMEPATH%\gOEYMkgs\EEou.exe
- %HOMEPATH%\gOEYMkgs\PIku.exe
- %HOMEPATH%\gOEYMkgs\Zcso.exe
- %HOMEPATH%\gOEYMkgs\uQkA.exe
- %HOMEPATH%\gOEYMkgs\bwMO.exe
- %HOMEPATH%\gOEYMkgs\VsAW.exe
- %HOMEPATH%\gOEYMkgs\EskI.exe
- %HOMEPATH%\gOEYMkgs\xEce.exe
- %HOMEPATH%\gOEYMkgs\dEAE.exe
- %HOMEPATH%\gOEYMkgs\hYwW.exe
- %HOMEPATH%\gOEYMkgs\JcMG.exe
- %HOMEPATH%\gOEYMkgs\hwUY.exe
- %HOMEPATH%\gOEYMkgs\swkm.exe
- %HOMEPATH%\gOEYMkgs\koQA.exe
- %HOMEPATH%\gOEYMkgs\rkoK.exe
- %HOMEPATH%\gOEYMkgs\GQYA.exe
- %HOMEPATH%\gOEYMkgs\pQAa.exe
- %HOMEPATH%\gOEYMkgs\HUES.exe
- %HOMEPATH%\gOEYMkgs\FYwk.exe
- %HOMEPATH%\gOEYMkgs\nkMI.exe
- %HOMEPATH%\gOEYMkgs\qYwM.exe
- %HOMEPATH%\gOEYMkgs\sUQW.exe
- %HOMEPATH%\gOEYMkgs\OUcc.exe
- %HOMEPATH%\gOEYMkgs\XYEK.exe
- %HOMEPATH%\gOEYMkgs\REsC.exe
- %HOMEPATH%\gOEYMkgs\hQIU.exe
- %HOMEPATH%\gOEYMkgs\CMco.exe
- %HOMEPATH%\gOEYMkgs\PMUu.exe
- %HOMEPATH%\gOEYMkgs\YUgA.exe
- %HOMEPATH%\gOEYMkgs\rgoW.exe
- %HOMEPATH%\gOEYMkgs\ZMMU.exe
- %HOMEPATH%\gOEYMkgs\lwEy.exe
- %HOMEPATH%\gOEYMkgs\rIsq.exe
- %HOMEPATH%\gOEYMkgs\gooQ.exe
- %HOMEPATH%\gOEYMkgs\oMwc.exe
- %HOMEPATH%\gOEYMkgs\FIQg.exe
- %HOMEPATH%\gOEYMkgs\Oksw.exe
- %HOMEPATH%\gOEYMkgs\fssa.exe
- %HOMEPATH%\gOEYMkgs\rsAi.exe
- %HOMEPATH%\gOEYMkgs\IssA.exe
- %HOMEPATH%\gOEYMkgs\toYW.exe
- %HOMEPATH%\gOEYMkgs\TEQm.exe
- %HOMEPATH%\gOEYMkgs\akko.exe
- %HOMEPATH%\gOEYMkgs\RcUO.exe
- %HOMEPATH%\gOEYMkgs\BcEK.exe
- %HOMEPATH%\gOEYMkgs\RIYu.exe
- %HOMEPATH%\gOEYMkgs\CYwA.exe
- %HOMEPATH%\gOEYMkgs\tsYC.exe
- %HOMEPATH%\gOEYMkgs\UYUo.exe
- %HOMEPATH%\gOEYMkgs\eIsg.exe
- %HOMEPATH%\gOEYMkgs\hYgO.exe
- %HOMEPATH%\gOEYMkgs\OQYA.exe
- %HOMEPATH%\gOEYMkgs\ugQY.exe
- %HOMEPATH%\gOEYMkgs\dgAq.exe
- %HOMEPATH%\gOEYMkgs\ZAkg.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'