Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- скрытых файлов
- расширений файлов
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Текущая директория>\<Имя файла>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\GssQ.exe
- %HOMEPATH%\gOEYMkgs\PUUy.exe
- %HOMEPATH%\gOEYMkgs\rIwi.exe
- %TEMP%\WER3142.dir00\manifest.txt
- %TEMP%\WER3142.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\dcQG.exe
- %HOMEPATH%\gOEYMkgs\Wsgg.exe
- %HOMEPATH%\gOEYMkgs\KcwC.exe
- %HOMEPATH%\gOEYMkgs\Qwwa.exe
- %HOMEPATH%\gOEYMkgs\ucgu.exe
- %HOMEPATH%\gOEYMkgs\LUkq.exe
- %HOMEPATH%\gOEYMkgs\Vswa.exe
- %TEMP%\WER3142.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\SUMy.exe
- %HOMEPATH%\gOEYMkgs\oEQy.exe
- %HOMEPATH%\gOEYMkgs\OUwY.exe
- %HOMEPATH%\gOEYMkgs\tEAa.exe
- %HOMEPATH%\gOEYMkgs\lYEY.exe
- %HOMEPATH%\gOEYMkgs\jogm.exe
- %HOMEPATH%\gOEYMkgs\oIIc.exe
- %HOMEPATH%\gOEYMkgs\JYMY.exe
- %HOMEPATH%\gOEYMkgs\cwsK.exe
- %HOMEPATH%\gOEYMkgs\zUoq.exe
- %HOMEPATH%\gOEYMkgs\MEQW.exe
- %HOMEPATH%\gOEYMkgs\Qwoc.exe
- %HOMEPATH%\gOEYMkgs\DoQs.exe
- %HOMEPATH%\gOEYMkgs\JQYy.exe
- %HOMEPATH%\gOEYMkgs\VIQS.exe
- %HOMEPATH%\gOEYMkgs\jock.exe
- %HOMEPATH%\gOEYMkgs\TMca.exe
- %HOMEPATH%\gOEYMkgs\qsgw.exe
- %HOMEPATH%\gOEYMkgs\GwcA.exe
- %HOMEPATH%\gOEYMkgs\UAQe.exe
- %HOMEPATH%\gOEYMkgs\Hsoe.exe
- %HOMEPATH%\gOEYMkgs\bkwO.exe
- %HOMEPATH%\gOEYMkgs\mwsa.exe
- %HOMEPATH%\gOEYMkgs\SQsC.exe
- %HOMEPATH%\gOEYMkgs\oUgu.exe
- %HOMEPATH%\gOEYMkgs\DIcS.exe
- %HOMEPATH%\gOEYMkgs\eoUC.exe
- %TEMP%\WER3142.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\bEQE.exe
- %HOMEPATH%\gOEYMkgs\UQQW.exe
- %HOMEPATH%\gOEYMkgs\PQAC.exe
- %HOMEPATH%\gOEYMkgs\rYQm.exe
- %HOMEPATH%\gOEYMkgs\cUcI.exe
- %HOMEPATH%\gOEYMkgs\kEYe.exe
- %HOMEPATH%\gOEYMkgs\rAgY.exe
- %HOMEPATH%\gOEYMkgs\oAIQ.exe
- %HOMEPATH%\gOEYMkgs\ycwQ.exe
- %HOMEPATH%\gOEYMkgs\QwIy.exe
- %HOMEPATH%\gOEYMkgs\Zkso.exe
- %HOMEPATH%\gOEYMkgs\twsw.exe
- %HOMEPATH%\gOEYMkgs\UsIq.exe
- %HOMEPATH%\gOEYMkgs\McoU.exe
- %HOMEPATH%\gOEYMkgs\qwwQ.exe
- %HOMEPATH%\gOEYMkgs\dIAE.exe
- %HOMEPATH%\gOEYMkgs\WYQo.exe
- %HOMEPATH%\gOEYMkgs\NIUC.exe
- %HOMEPATH%\gOEYMkgs\hcsI.exe
- %HOMEPATH%\gOEYMkgs\DIMA.exe
- %HOMEPATH%\gOEYMkgs\ZgAo.exe
- %HOMEPATH%\gOEYMkgs\VIMw.exe
- %HOMEPATH%\gOEYMkgs\uYIo.exe
- %HOMEPATH%\gOEYMkgs\QYIi.exe
- %TEMP%\WER1a86.dir00\ZgMYMIIE.exe.mdmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
- %TEMP%\WERaec0.dir00\manifest.txt
- %TEMP%\WER1a86.dir00\manifest.txt
- %TEMP%\WER1a86.dir00\appcompat.txt
- %TEMP%\WER1a86.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERaec0.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\TUsE.exe
- %HOMEPATH%\gOEYMkgs\hIcS.exe
- %HOMEPATH%\gOEYMkgs\esYW.exe
- %TEMP%\WERaec0.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERaec0.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\JsYe.exe
- %HOMEPATH%\gOEYMkgs\Qkci.exe
- %HOMEPATH%\gOEYMkgs\xUAg.exe
- %HOMEPATH%\gOEYMkgs\TwUa.exe
- %HOMEPATH%\gOEYMkgs\Gkkg.exe
- %HOMEPATH%\gOEYMkgs\dkcw.exe
- %HOMEPATH%\gOEYMkgs\mgME.exe
- %HOMEPATH%\gOEYMkgs\eoQQ.exe
- %HOMEPATH%\gOEYMkgs\kIgE.exe
- %HOMEPATH%\gOEYMkgs\ygwa.exe
- %HOMEPATH%\gOEYMkgs\MYEI.exe
- %HOMEPATH%\gOEYMkgs\OoUY.exe
- %HOMEPATH%\gOEYMkgs\ZsoC.exe
- %HOMEPATH%\gOEYMkgs\uskC.exe
- %HOMEPATH%\gOEYMkgs\dEsY.exe
- %HOMEPATH%\gOEYMkgs\oAMc.exe
- %HOMEPATH%\gOEYMkgs\dMsi.exe
- %HOMEPATH%\gOEYMkgs\vwcs.exe
- %HOMEPATH%\gOEYMkgs\RAwY.exe
- %HOMEPATH%\gOEYMkgs\ecsc.exe
- %HOMEPATH%\gOEYMkgs\CUss.exe
- %HOMEPATH%\gOEYMkgs\qQQE.exe
- %HOMEPATH%\gOEYMkgs\fIIi.exe
- %HOMEPATH%\gOEYMkgs\hgkg.exe
- %HOMEPATH%\gOEYMkgs\oEkQ.exe
- %HOMEPATH%\gOEYMkgs\FAQM.exe
- %HOMEPATH%\gOEYMkgs\vMsC.exe
- %HOMEPATH%\gOEYMkgs\oQUa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\AQcY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\XIso.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\wQke.exe
- %HOMEPATH%\gOEYMkgs\tAMG.exe
- %HOMEPATH%\gOEYMkgs\FggI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\qcoi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\PIgK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\CIsi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\IMkY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\BUII.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\nYAS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\uUAa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\AcQq.exe
- %TEMP%\WER4e46.dir00\manifest.txt
- %TEMP%\WER4e46.dir00\appcompat.txt
- %TEMP%\WER4e46.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\iwcG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\YwgU.exe
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WER4e46.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\awck.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\sMEK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\XgYi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\sYkM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\DYsU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\YQow.exe
- %HOMEPATH%\gOEYMkgs\asEw.exe
- %HOMEPATH%\gOEYMkgs\ussg.exe
- %HOMEPATH%\gOEYMkgs\YsIE.exe
- %HOMEPATH%\gOEYMkgs\IooY.exe
- %HOMEPATH%\gOEYMkgs\FgIy.exe
- %HOMEPATH%\gOEYMkgs\XMgG.exe
- %HOMEPATH%\gOEYMkgs\RMki.exe
- %HOMEPATH%\gOEYMkgs\ZAIs.exe
- %HOMEPATH%\gOEYMkgs\sIEE.exe
- %TEMP%\WERc5c7.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\fogU.exe
- %HOMEPATH%\gOEYMkgs\xMYY.exe
- %HOMEPATH%\gOEYMkgs\Lcwq.exe
- %HOMEPATH%\gOEYMkgs\mAMG.exe
- %HOMEPATH%\gOEYMkgs\EUEA.exe
- %HOMEPATH%\gOEYMkgs\BsEO.exe
- %HOMEPATH%\gOEYMkgs\xMwO.exe
- %HOMEPATH%\gOEYMkgs\mYsg.exe
- %HOMEPATH%\gOEYMkgs\NYQu.exe
- %HOMEPATH%\gOEYMkgs\pcUI.exe
- %HOMEPATH%\gOEYMkgs\VYgW.exe
- %HOMEPATH%\gOEYMkgs\toQG.exe
- %HOMEPATH%\gOEYMkgs\OMIW.exe
- %HOMEPATH%\gOEYMkgs\dIoE.exe
- %HOMEPATH%\gOEYMkgs\UEwE.exe
- %HOMEPATH%\gOEYMkgs\UQoS.exe
- %HOMEPATH%\gOEYMkgs\VMMG.exe
- <Текущая директория>\<Имя файла>
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\UgMe.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\nMEs.exe
- %HOMEPATH%\gOEYMkgs\lEss.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\EUMe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\okIA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %TEMP%\WERc5c7.dir00\ZgMYMIIE.exe.hdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\OYok.exe
- %TEMP%\WERc5c7.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\lQAA.exe
- %HOMEPATH%\gOEYMkgs\Fgwy.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\zoIc.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\nIgW.exe
- %HOMEPATH%\gOEYMkgs\gEgE.exe
- %TEMP%\WERc5c7.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\lYEY.exe
- %HOMEPATH%\gOEYMkgs\jogm.exe
- %HOMEPATH%\gOEYMkgs\MYEI.exe
- %HOMEPATH%\gOEYMkgs\tEAa.exe
- %HOMEPATH%\gOEYMkgs\SUMy.exe
- %HOMEPATH%\gOEYMkgs\oIIc.exe
- %HOMEPATH%\gOEYMkgs\MEQW.exe
- %HOMEPATH%\gOEYMkgs\oEQy.exe
- %HOMEPATH%\gOEYMkgs\OUwY.exe
- %HOMEPATH%\gOEYMkgs\ygwa.exe
- %HOMEPATH%\gOEYMkgs\xUAg.exe
- %HOMEPATH%\gOEYMkgs\TwUa.exe
- %HOMEPATH%\gOEYMkgs\mgME.exe
- %HOMEPATH%\gOEYMkgs\Qkci.exe
- %HOMEPATH%\gOEYMkgs\eoQQ.exe
- %HOMEPATH%\gOEYMkgs\uskC.exe
- %HOMEPATH%\gOEYMkgs\kIgE.exe
- %HOMEPATH%\gOEYMkgs\OoUY.exe
- %HOMEPATH%\gOEYMkgs\ZsoC.exe
- %HOMEPATH%\gOEYMkgs\Qwoc.exe
- %HOMEPATH%\gOEYMkgs\Qwwa.exe
- %HOMEPATH%\gOEYMkgs\ucgu.exe
- %HOMEPATH%\gOEYMkgs\Vswa.exe
- %HOMEPATH%\gOEYMkgs\KcwC.exe
- %HOMEPATH%\gOEYMkgs\UQQW.exe
- %HOMEPATH%\gOEYMkgs\eoUC.exe
- %HOMEPATH%\gOEYMkgs\bEQE.exe
- %HOMEPATH%\gOEYMkgs\PQAC.exe
- %HOMEPATH%\gOEYMkgs\rYQm.exe
- %HOMEPATH%\gOEYMkgs\LUkq.exe
- %HOMEPATH%\gOEYMkgs\cwsK.exe
- %HOMEPATH%\gOEYMkgs\zUoq.exe
- %HOMEPATH%\gOEYMkgs\DoQs.exe
- %HOMEPATH%\gOEYMkgs\JYMY.exe
- %HOMEPATH%\gOEYMkgs\dcQG.exe
- %HOMEPATH%\gOEYMkgs\rIwi.exe
- %HOMEPATH%\gOEYMkgs\Wsgg.exe
- %HOMEPATH%\gOEYMkgs\GssQ.exe
- %HOMEPATH%\gOEYMkgs\PUUy.exe
- %HOMEPATH%\gOEYMkgs\dkcw.exe
- %HOMEPATH%\gOEYMkgs\qwwQ.exe
- %HOMEPATH%\gOEYMkgs\dIAE.exe
- %HOMEPATH%\gOEYMkgs\hIcS.exe
- %HOMEPATH%\gOEYMkgs\esYW.exe
- %HOMEPATH%\gOEYMkgs\WYQo.exe
- %HOMEPATH%\gOEYMkgs\McoU.exe
- %HOMEPATH%\gOEYMkgs\NIUC.exe
- %HOMEPATH%\gOEYMkgs\twsw.exe
- %HOMEPATH%\gOEYMkgs\UsIq.exe
- %HOMEPATH%\gOEYMkgs\TUsE.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- %HOMEPATH%\gOEYMkgs\JsYe.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- %HOMEPATH%\gOEYMkgs\VIMw.exe
- %HOMEPATH%\gOEYMkgs\oEkQ.exe
- %HOMEPATH%\gOEYMkgs\FAQM.exe
- %HOMEPATH%\gOEYMkgs\dMsi.exe
- %HOMEPATH%\gOEYMkgs\CUss.exe
- %HOMEPATH%\gOEYMkgs\vMsC.exe
- %HOMEPATH%\gOEYMkgs\hgkg.exe
- %HOMEPATH%\gOEYMkgs\Gkkg.exe
- %HOMEPATH%\gOEYMkgs\qQQE.exe
- %HOMEPATH%\gOEYMkgs\fIIi.exe
- %HOMEPATH%\gOEYMkgs\oAMc.exe
- %HOMEPATH%\gOEYMkgs\hcsI.exe
- %HOMEPATH%\gOEYMkgs\DIMA.exe
- %HOMEPATH%\gOEYMkgs\uYIo.exe
- %HOMEPATH%\gOEYMkgs\QYIi.exe
- %HOMEPATH%\gOEYMkgs\ZgAo.exe
- %HOMEPATH%\gOEYMkgs\ecsc.exe
- %HOMEPATH%\gOEYMkgs\dEsY.exe
- %HOMEPATH%\gOEYMkgs\vwcs.exe
- %HOMEPATH%\gOEYMkgs\RAwY.exe
- %HOMEPATH%\gOEYMkgs\cUcI.exe
- %HOMEPATH%\gOEYMkgs\VMMG.exe
- %TEMP%\ICIQYowc.bat
- %HOMEPATH%\gOEYMkgs\nIgW.exe
- %HOMEPATH%\gOEYMkgs\UgMe.exe
- %HOMEPATH%\gOEYMkgs\nMEs.exe
- %HOMEPATH%\gOEYMkgs\EUMe.exe
- %HOMEPATH%\gOEYMkgs\BUII.exe
- %HOMEPATH%\gOEYMkgs\okIA.exe
- %HOMEPATH%\gOEYMkgs\lEss.exe
- %HOMEPATH%\gOEYMkgs\zoIc.exe
- %HOMEPATH%\gOEYMkgs\Lcwq.exe
- %HOMEPATH%\gOEYMkgs\ZAIs.exe
- %HOMEPATH%\gOEYMkgs\fogU.exe
- %HOMEPATH%\gOEYMkgs\xMYY.exe
- %HOMEPATH%\gOEYMkgs\sIEE.exe
- %HOMEPATH%\gOEYMkgs\OYok.exe
- %HOMEPATH%\gOEYMkgs\gEgE.exe
- %HOMEPATH%\gOEYMkgs\lQAA.exe
- %HOMEPATH%\gOEYMkgs\Fgwy.exe
- %HOMEPATH%\gOEYMkgs\CIsi.exe
- %HOMEPATH%\gOEYMkgs\awck.exe
- %HOMEPATH%\gOEYMkgs\sMEK.exe
- %HOMEPATH%\gOEYMkgs\qcoi.exe
- %HOMEPATH%\gOEYMkgs\XgYi.exe
- %HOMEPATH%\gOEYMkgs\DYsU.exe
- %HOMEPATH%\gOEYMkgs\iwcG.exe
- %HOMEPATH%\gOEYMkgs\YwgU.exe
- %HOMEPATH%\gOEYMkgs\YQow.exe
- %HOMEPATH%\gOEYMkgs\sYkM.exe
- %HOMEPATH%\gOEYMkgs\FggI.exe
- %HOMEPATH%\gOEYMkgs\AcQq.exe
- %HOMEPATH%\gOEYMkgs\nYAS.exe
- %HOMEPATH%\gOEYMkgs\IMkY.exe
- %HOMEPATH%\gOEYMkgs\uUAa.exe
- %HOMEPATH%\gOEYMkgs\XIso.exe
- %HOMEPATH%\gOEYMkgs\tAMG.exe
- %HOMEPATH%\gOEYMkgs\PIgK.exe
- %HOMEPATH%\gOEYMkgs\wQke.exe
- %HOMEPATH%\gOEYMkgs\AQcY.exe
- %HOMEPATH%\gOEYMkgs\RMki.exe
- %HOMEPATH%\gOEYMkgs\UAQe.exe
- %HOMEPATH%\gOEYMkgs\SQsC.exe
- %HOMEPATH%\gOEYMkgs\VIQS.exe
- %HOMEPATH%\gOEYMkgs\jock.exe
- %HOMEPATH%\gOEYMkgs\oUgu.exe
- %HOMEPATH%\gOEYMkgs\bkwO.exe
- %HOMEPATH%\gOEYMkgs\mwsa.exe
- %HOMEPATH%\gOEYMkgs\DIcS.exe
- %HOMEPATH%\gOEYMkgs\Hsoe.exe
- %HOMEPATH%\gOEYMkgs\JQYy.exe
- %HOMEPATH%\gOEYMkgs\Zkso.exe
- %HOMEPATH%\gOEYMkgs\kEYe.exe
- %HOMEPATH%\gOEYMkgs\ycwQ.exe
- %HOMEPATH%\gOEYMkgs\QwIy.exe
- %HOMEPATH%\gOEYMkgs\rAgY.exe
- %HOMEPATH%\gOEYMkgs\qsgw.exe
- %HOMEPATH%\gOEYMkgs\GwcA.exe
- %HOMEPATH%\gOEYMkgs\oAIQ.exe
- %HOMEPATH%\gOEYMkgs\TMca.exe
- %HOMEPATH%\gOEYMkgs\oQUa.exe
- %HOMEPATH%\gOEYMkgs\OMIW.exe
- %HOMEPATH%\gOEYMkgs\IooY.exe
- %HOMEPATH%\gOEYMkgs\VYgW.exe
- %HOMEPATH%\gOEYMkgs\toQG.exe
- %HOMEPATH%\gOEYMkgs\FgIy.exe
- %HOMEPATH%\gOEYMkgs\ussg.exe
- %HOMEPATH%\gOEYMkgs\YsIE.exe
- %HOMEPATH%\gOEYMkgs\XMgG.exe
- %HOMEPATH%\gOEYMkgs\asEw.exe
- %HOMEPATH%\gOEYMkgs\UQoS.exe
- %HOMEPATH%\gOEYMkgs\NYQu.exe
- %HOMEPATH%\gOEYMkgs\mAMG.exe
- %HOMEPATH%\gOEYMkgs\xMwO.exe
- %HOMEPATH%\gOEYMkgs\mYsg.exe
- %HOMEPATH%\gOEYMkgs\EUEA.exe
- %HOMEPATH%\gOEYMkgs\dIoE.exe
- %HOMEPATH%\gOEYMkgs\UEwE.exe
- %HOMEPATH%\gOEYMkgs\BsEO.exe
- %HOMEPATH%\gOEYMkgs\pcUI.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'