Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- скрытых файлов
- расширений файлов
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Текущая директория>\<Имя файла>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\cgkE.exe
- %HOMEPATH%\gOEYMkgs\zIkw.exe
- %HOMEPATH%\gOEYMkgs\SUMa.exe
- %HOMEPATH%\gOEYMkgs\bcEW.exe
- %HOMEPATH%\gOEYMkgs\rckm.exe
- %HOMEPATH%\gOEYMkgs\EkEQ.exe
- %HOMEPATH%\gOEYMkgs\bwsI.exe
- %HOMEPATH%\gOEYMkgs\lwUo.exe
- %HOMEPATH%\gOEYMkgs\TIoo.exe
- %HOMEPATH%\gOEYMkgs\xIwg.exe
- %HOMEPATH%\gOEYMkgs\eAEk.exe
- %HOMEPATH%\gOEYMkgs\QccE.exe
- %HOMEPATH%\gOEYMkgs\VckE.exe
- %HOMEPATH%\gOEYMkgs\uwsg.exe
- %HOMEPATH%\gOEYMkgs\BoYg.exe
- %HOMEPATH%\gOEYMkgs\VcAw.exe
- %HOMEPATH%\gOEYMkgs\ZIcI.exe
- %HOMEPATH%\gOEYMkgs\NQgs.exe
- %HOMEPATH%\gOEYMkgs\ckMC.exe
- %HOMEPATH%\gOEYMkgs\uMYg.exe
- %HOMEPATH%\gOEYMkgs\CoYU.exe
- %HOMEPATH%\gOEYMkgs\bwgG.exe
- %HOMEPATH%\gOEYMkgs\GEUe.exe
- %HOMEPATH%\gOEYMkgs\McMo.exe
- %HOMEPATH%\gOEYMkgs\nwkY.exe
- %HOMEPATH%\gOEYMkgs\HIkW.exe
- %HOMEPATH%\gOEYMkgs\RAIS.exe
- %HOMEPATH%\gOEYMkgs\twwA.exe
- %HOMEPATH%\gOEYMkgs\HAIk.exe
- %HOMEPATH%\gOEYMkgs\qwYu.exe
- %HOMEPATH%\gOEYMkgs\eccC.exe
- %HOMEPATH%\gOEYMkgs\AcAW.exe
- %HOMEPATH%\gOEYMkgs\oAUa.exe
- %HOMEPATH%\gOEYMkgs\mMYY.exe
- %HOMEPATH%\gOEYMkgs\rEcQ.exe
- %HOMEPATH%\gOEYMkgs\RsMS.exe
- %HOMEPATH%\gOEYMkgs\vIAE.exe
- %HOMEPATH%\gOEYMkgs\AMQM.exe
- %HOMEPATH%\gOEYMkgs\qskk.exe
- %HOMEPATH%\gOEYMkgs\DMAm.exe
- %HOMEPATH%\gOEYMkgs\GsMi.exe
- %HOMEPATH%\gOEYMkgs\ycku.exe
- %HOMEPATH%\gOEYMkgs\eMYs.exe
- %HOMEPATH%\gOEYMkgs\mAwU.exe
- %HOMEPATH%\gOEYMkgs\OAUQ.exe
- %HOMEPATH%\gOEYMkgs\JkoK.exe
- %HOMEPATH%\gOEYMkgs\isQo.exe
- %HOMEPATH%\gOEYMkgs\AIwK.exe
- %HOMEPATH%\gOEYMkgs\OUAg.exe
- %HOMEPATH%\gOEYMkgs\rYQE.exe
- %HOMEPATH%\gOEYMkgs\PEAS.exe
- %HOMEPATH%\gOEYMkgs\YEMS.exe
- %HOMEPATH%\gOEYMkgs\XQQU.exe
- %HOMEPATH%\gOEYMkgs\KsAC.exe
- %HOMEPATH%\gOEYMkgs\gQcY.exe
- %HOMEPATH%\gOEYMkgs\qIEa.exe
- %HOMEPATH%\gOEYMkgs\LUss.exe
- %HOMEPATH%\gOEYMkgs\mwsG.exe
- %HOMEPATH%\gOEYMkgs\wYkM.exe
- %HOMEPATH%\gOEYMkgs\DcAq.exe
- %HOMEPATH%\gOEYMkgs\wgcO.exe
- %HOMEPATH%\gOEYMkgs\igUY.exe
- %HOMEPATH%\gOEYMkgs\bQEY.exe
- %HOMEPATH%\gOEYMkgs\VcQk.exe
- %HOMEPATH%\gOEYMkgs\QYco.exe
- %HOMEPATH%\gOEYMkgs\dgsE.exe
- %WINDIR%\pchealth\ERRORREP\UserDumps\ZgMYMIIE.exe.20170528-144816-00.mdmp
- %TEMP%\WER95b0.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER95b0.dir00\ZgMYMIIE.exe.mdmp
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %WINDIR%\pchealth\ERRORREP\UserDumps\ZgMYMIIE.exe.20170528-144816-00.hdmp
- %HOMEPATH%\gOEYMkgs\swcE.exe
- %HOMEPATH%\gOEYMkgs\DoYy.exe
- %HOMEPATH%\gOEYMkgs\ZYsM.exe
- %HOMEPATH%\gOEYMkgs\oMog.exe
- %HOMEPATH%\gOEYMkgs\JsUo.exe
- %HOMEPATH%\gOEYMkgs\OEAa.exe
- %HOMEPATH%\gOEYMkgs\DIwa.exe
- %HOMEPATH%\gOEYMkgs\SYcU.exe
- %HOMEPATH%\gOEYMkgs\TUIa.exe
- %HOMEPATH%\gOEYMkgs\Ewgo.exe
- %HOMEPATH%\gOEYMkgs\kAIi.exe
- %HOMEPATH%\gOEYMkgs\kckM.exe
- %HOMEPATH%\gOEYMkgs\Egge.exe
- %HOMEPATH%\gOEYMkgs\hoAg.exe
- %HOMEPATH%\gOEYMkgs\mssK.exe
- %HOMEPATH%\gOEYMkgs\gEgy.exe
- %HOMEPATH%\gOEYMkgs\tIIo.exe
- %HOMEPATH%\gOEYMkgs\MEsE.exe
- %HOMEPATH%\gOEYMkgs\xAIw.exe
- %HOMEPATH%\gOEYMkgs\mMAG.exe
- %HOMEPATH%\gOEYMkgs\Uscw.exe
- %HOMEPATH%\gOEYMkgs\DYEk.exe
- %HOMEPATH%\gOEYMkgs\BMIk.exe
- %HOMEPATH%\gOEYMkgs\ckwA.exe
- %HOMEPATH%\gOEYMkgs\ZUAi.exe
- %HOMEPATH%\gOEYMkgs\VoIe.exe
- %HOMEPATH%\gOEYMkgs\PQQu.exe
- %HOMEPATH%\gOEYMkgs\xYUg.exe
- %HOMEPATH%\gOEYMkgs\vwge.exe
- %HOMEPATH%\gOEYMkgs\VIwC.exe
- %HOMEPATH%\gOEYMkgs\aYIA.exe
- %HOMEPATH%\gOEYMkgs\bwIw.exe
- %HOMEPATH%\gOEYMkgs\NgMu.exe
- %HOMEPATH%\gOEYMkgs\IUoS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\RQMm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\joUQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZUAU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\NcIQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\akoG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\DIUm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\cQcy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\aAUM.exe
- %HOMEPATH%\gOEYMkgs\uMIM.exe
- %HOMEPATH%\gOEYMkgs\lIoG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\hksC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\UUke.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\caQc.txt
- %TEMP%\WER0675.dir00\manifest.txt
- %TEMP%\WER0675.dir00\appcompat.txt
- %TEMP%\WER793f.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER793f.dir00\ZgMYMIIE.exe.mdmp
- <Текущая директория>\<Имя файла>
- %TEMP%\WER0675.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER0675.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\DMsK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\KYcE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\icQo.exe
- %HOMEPATH%\gOEYMkgs\gUMy.exe
- %TEMP%\WERe8eb.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WER793f.dir00\manifest.txt
- %TEMP%\WER793f.dir00\appcompat.txt
- %TEMP%\WERe8eb.dir00\manifest.txt
- %TEMP%\WERe8eb.dir00\appcompat.txt
- %TEMP%\WERe8eb.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\gAkg.exe
- %HOMEPATH%\gOEYMkgs\vwUA.exe
- %HOMEPATH%\gOEYMkgs\yocM.exe
- %HOMEPATH%\gOEYMkgs\mAge.exe
- %HOMEPATH%\gOEYMkgs\jMMG.exe
- %HOMEPATH%\gOEYMkgs\DUAw.exe
- %HOMEPATH%\gOEYMkgs\MsIM.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %TEMP%\WERd7a7.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\PMUw.exe
- %TEMP%\WERd7a7.dir00\manifest.txt
- %TEMP%\WERd7a7.dir00\appcompat.txt
- %TEMP%\WERd7a7.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\xcwi.exe
- %HOMEPATH%\gOEYMkgs\QUQm.exe
- %HOMEPATH%\gOEYMkgs\AoYo.exe
- %HOMEPATH%\gOEYMkgs\EcwA.exe
- %HOMEPATH%\gOEYMkgs\BsEY.exe
- %HOMEPATH%\gOEYMkgs\UIoo.exe
- %HOMEPATH%\gOEYMkgs\Vwsc.exe
- %HOMEPATH%\gOEYMkgs\HsMe.exe
- %HOMEPATH%\gOEYMkgs\KIAM.exe
- %HOMEPATH%\gOEYMkgs\zggM.exe
- %HOMEPATH%\gOEYMkgs\HwIK.exe
- %HOMEPATH%\gOEYMkgs\OQkM.exe
- %HOMEPATH%\gOEYMkgs\loQQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\kYME.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\UQAs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\vUkW.exe
- %HOMEPATH%\gOEYMkgs\FMok.exe
- %HOMEPATH%\gOEYMkgs\NEEu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\qkgy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\CMgA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\SoEO.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\HwUE.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\AUAU.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\JMcK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\FQQg.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\agMO.exe
- %HOMEPATH%\gOEYMkgs\NQgs.exe
- %HOMEPATH%\gOEYMkgs\ckMC.exe
- %HOMEPATH%\gOEYMkgs\XQQU.exe
- %HOMEPATH%\gOEYMkgs\ZIcI.exe
- %HOMEPATH%\gOEYMkgs\uwsg.exe
- %HOMEPATH%\gOEYMkgs\uMYg.exe
- %HOMEPATH%\gOEYMkgs\McMo.exe
- %HOMEPATH%\gOEYMkgs\BoYg.exe
- %HOMEPATH%\gOEYMkgs\VcAw.exe
- %HOMEPATH%\gOEYMkgs\tIIo.exe
- %HOMEPATH%\gOEYMkgs\Ewgo.exe
- %HOMEPATH%\gOEYMkgs\hoAg.exe
- %HOMEPATH%\gOEYMkgs\SYcU.exe
- %HOMEPATH%\gOEYMkgs\TUIa.exe
- %HOMEPATH%\gOEYMkgs\MEsE.exe
- %HOMEPATH%\gOEYMkgs\mssK.exe
- %HOMEPATH%\gOEYMkgs\gEgy.exe
- %HOMEPATH%\gOEYMkgs\xAIw.exe
- %HOMEPATH%\gOEYMkgs\mMAG.exe
- %HOMEPATH%\gOEYMkgs\eAEk.exe
- %HOMEPATH%\gOEYMkgs\QccE.exe
- %HOMEPATH%\gOEYMkgs\SUMa.exe
- %HOMEPATH%\gOEYMkgs\bwsI.exe
- %HOMEPATH%\gOEYMkgs\VckE.exe
- %HOMEPATH%\gOEYMkgs\xIwg.exe
- %HOMEPATH%\gOEYMkgs\eMYs.exe
- %HOMEPATH%\gOEYMkgs\lwUo.exe
- %HOMEPATH%\gOEYMkgs\TIoo.exe
- %HOMEPATH%\gOEYMkgs\zIkw.exe
- %HOMEPATH%\gOEYMkgs\CoYU.exe
- %HOMEPATH%\gOEYMkgs\bwgG.exe
- %HOMEPATH%\gOEYMkgs\nwkY.exe
- %HOMEPATH%\gOEYMkgs\HIkW.exe
- %HOMEPATH%\gOEYMkgs\GEUe.exe
- %HOMEPATH%\gOEYMkgs\EkEQ.exe
- %HOMEPATH%\gOEYMkgs\cgkE.exe
- %HOMEPATH%\gOEYMkgs\bcEW.exe
- %HOMEPATH%\gOEYMkgs\rckm.exe
- %HOMEPATH%\gOEYMkgs\Egge.exe
- %HOMEPATH%\gOEYMkgs\wYkM.exe
- %HOMEPATH%\gOEYMkgs\KsAC.exe
- %HOMEPATH%\gOEYMkgs\LUss.exe
- %HOMEPATH%\gOEYMkgs\mwsG.exe
- %HOMEPATH%\gOEYMkgs\gQcY.exe
- %HOMEPATH%\gOEYMkgs\VcQk.exe
- %HOMEPATH%\gOEYMkgs\QYco.exe
- %HOMEPATH%\gOEYMkgs\qIEa.exe
- %HOMEPATH%\gOEYMkgs\DcAq.exe
- %HOMEPATH%\gOEYMkgs\oMog.exe
- %TEMP%\WER95b0.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\swcE.exe
- %WINDIR%\pchealth\ERRORREP\UserDumps\ZgMYMIIE.exe.20170528-144816-00.mdmp
- %TEMP%\WER95b0.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\JsUo.exe
- %HOMEPATH%\gOEYMkgs\DoYy.exe
- %HOMEPATH%\gOEYMkgs\ZYsM.exe
- %HOMEPATH%\gOEYMkgs\OEAa.exe
- %HOMEPATH%\gOEYMkgs\DIwa.exe
- %HOMEPATH%\gOEYMkgs\bwIw.exe
- %HOMEPATH%\gOEYMkgs\NgMu.exe
- %HOMEPATH%\gOEYMkgs\PQQu.exe
- %HOMEPATH%\gOEYMkgs\aYIA.exe
- %HOMEPATH%\gOEYMkgs\xYUg.exe
- %HOMEPATH%\gOEYMkgs\kAIi.exe
- %HOMEPATH%\gOEYMkgs\kckM.exe
- %HOMEPATH%\gOEYMkgs\vwge.exe
- %HOMEPATH%\gOEYMkgs\VIwC.exe
- %HOMEPATH%\gOEYMkgs\BMIk.exe
- %HOMEPATH%\gOEYMkgs\igUY.exe
- %HOMEPATH%\gOEYMkgs\bQEY.exe
- %HOMEPATH%\gOEYMkgs\dgsE.exe
- %HOMEPATH%\gOEYMkgs\wgcO.exe
- %HOMEPATH%\gOEYMkgs\ckwA.exe
- %HOMEPATH%\gOEYMkgs\Uscw.exe
- %HOMEPATH%\gOEYMkgs\DYEk.exe
- %HOMEPATH%\gOEYMkgs\ZUAi.exe
- %HOMEPATH%\gOEYMkgs\VoIe.exe
- %HOMEPATH%\gOEYMkgs\JMcK.exe
- %HOMEPATH%\gOEYMkgs\UQAs.exe
- %HOMEPATH%\gOEYMkgs\FQQg.exe
- %HOMEPATH%\gOEYMkgs\agMO.exe
- %HOMEPATH%\gOEYMkgs\vUkW.exe
- %HOMEPATH%\gOEYMkgs\CMgA.exe
- %HOMEPATH%\gOEYMkgs\NEEu.exe
- %HOMEPATH%\gOEYMkgs\kYME.exe
- %HOMEPATH%\gOEYMkgs\FMok.exe
- %HOMEPATH%\gOEYMkgs\HwUE.exe
- %HOMEPATH%\gOEYMkgs\gAkg.exe
- %HOMEPATH%\gOEYMkgs\vwUA.exe
- %HOMEPATH%\gOEYMkgs\jMMG.exe
- %HOMEPATH%\gOEYMkgs\DUAw.exe
- %HOMEPATH%\gOEYMkgs\yocM.exe
- %HOMEPATH%\gOEYMkgs\AUAU.exe
- %HOMEPATH%\gOEYMkgs\SoEO.exe
- %HOMEPATH%\gOEYMkgs\MsIM.exe
- %HOMEPATH%\gOEYMkgs\PMUw.exe
- %HOMEPATH%\gOEYMkgs\akoG.exe
- %HOMEPATH%\gOEYMkgs\ZUAU.exe
- %HOMEPATH%\gOEYMkgs\RQMm.exe
- %HOMEPATH%\gOEYMkgs\NcIQ.exe
- %HOMEPATH%\gOEYMkgs\KYcE.exe
- %HOMEPATH%\gOEYMkgs\gUMy.exe
- %TEMP%\ugowMgcE.bat
- %HOMEPATH%\gOEYMkgs\icQo.exe
- %HOMEPATH%\gOEYMkgs\DMsK.exe
- %HOMEPATH%\gOEYMkgs\IUoS.exe
- %HOMEPATH%\gOEYMkgs\aAUM.exe
- %HOMEPATH%\gOEYMkgs\DIUm.exe
- %HOMEPATH%\gOEYMkgs\qkgy.exe
- %HOMEPATH%\gOEYMkgs\cQcy.exe
- %HOMEPATH%\gOEYMkgs\uMIM.exe
- %HOMEPATH%\gOEYMkgs\hksC.exe
- %HOMEPATH%\gOEYMkgs\joUQ.exe
- %HOMEPATH%\gOEYMkgs\UUke.exe
- %HOMEPATH%\gOEYMkgs\lIoG.exe
- %HOMEPATH%\gOEYMkgs\mAge.exe
- %HOMEPATH%\gOEYMkgs\qwYu.exe
- %HOMEPATH%\gOEYMkgs\eccC.exe
- %HOMEPATH%\gOEYMkgs\AIwK.exe
- %HOMEPATH%\gOEYMkgs\OUAg.exe
- %HOMEPATH%\gOEYMkgs\AcAW.exe
- %HOMEPATH%\gOEYMkgs\HAIk.exe
- %HOMEPATH%\gOEYMkgs\oAUa.exe
- %HOMEPATH%\gOEYMkgs\RAIS.exe
- %HOMEPATH%\gOEYMkgs\twwA.exe
- %HOMEPATH%\gOEYMkgs\isQo.exe
- %HOMEPATH%\gOEYMkgs\DMAm.exe
- %HOMEPATH%\gOEYMkgs\GsMi.exe
- %HOMEPATH%\gOEYMkgs\mAwU.exe
- %HOMEPATH%\gOEYMkgs\OAUQ.exe
- %HOMEPATH%\gOEYMkgs\ycku.exe
- %HOMEPATH%\gOEYMkgs\PEAS.exe
- %HOMEPATH%\gOEYMkgs\YEMS.exe
- %HOMEPATH%\gOEYMkgs\JkoK.exe
- %HOMEPATH%\gOEYMkgs\rYQE.exe
- %HOMEPATH%\gOEYMkgs\Vwsc.exe
- %HOMEPATH%\gOEYMkgs\HwIK.exe
- %HOMEPATH%\gOEYMkgs\QUQm.exe
- %HOMEPATH%\gOEYMkgs\AoYo.exe
- %HOMEPATH%\gOEYMkgs\OQkM.exe
- %HOMEPATH%\gOEYMkgs\KIAM.exe
- %HOMEPATH%\gOEYMkgs\zggM.exe
- %HOMEPATH%\gOEYMkgs\loQQ.exe
- %HOMEPATH%\gOEYMkgs\HsMe.exe
- %HOMEPATH%\gOEYMkgs\xcwi.exe
- %HOMEPATH%\gOEYMkgs\qskk.exe
- %HOMEPATH%\gOEYMkgs\mMYY.exe
- %HOMEPATH%\gOEYMkgs\vIAE.exe
- %HOMEPATH%\gOEYMkgs\AMQM.exe
- %HOMEPATH%\gOEYMkgs\rEcQ.exe
- %HOMEPATH%\gOEYMkgs\BsEY.exe
- %HOMEPATH%\gOEYMkgs\UIoo.exe
- %HOMEPATH%\gOEYMkgs\RsMS.exe
- %HOMEPATH%\gOEYMkgs\EcwA.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Open File'