Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- скрытых файлов
- расширений файлов
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Текущая директория>\<Имя файла>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\nIQk.exe
- %HOMEPATH%\gOEYMkgs\lEcI.exe
- %HOMEPATH%\gOEYMkgs\IoUk.exe
- %HOMEPATH%\gOEYMkgs\AIka.exe
- %HOMEPATH%\gOEYMkgs\zskQ.exe
- %HOMEPATH%\gOEYMkgs\PcUo.exe
- %HOMEPATH%\gOEYMkgs\Ekge.exe
- %HOMEPATH%\gOEYMkgs\Jkgu.exe
- %HOMEPATH%\gOEYMkgs\sEIg.exe
- %HOMEPATH%\gOEYMkgs\fwkW.exe
- %HOMEPATH%\gOEYMkgs\NkES.exe
- %HOMEPATH%\gOEYMkgs\FQca.exe
- %HOMEPATH%\gOEYMkgs\EgEy.exe
- %HOMEPATH%\gOEYMkgs\wYsO.exe
- %HOMEPATH%\gOEYMkgs\qcsW.exe
- %HOMEPATH%\gOEYMkgs\VAkO.exe
- %HOMEPATH%\gOEYMkgs\rUAC.exe
- %HOMEPATH%\gOEYMkgs\fQEE.exe
- %HOMEPATH%\gOEYMkgs\qYYi.exe
- %HOMEPATH%\gOEYMkgs\kAko.exe
- %HOMEPATH%\gOEYMkgs\goYq.exe
- %HOMEPATH%\gOEYMkgs\OcQI.exe
- %HOMEPATH%\gOEYMkgs\gYoi.exe
- %HOMEPATH%\gOEYMkgs\NcYm.exe
- %HOMEPATH%\gOEYMkgs\DEYQ.exe
- %HOMEPATH%\gOEYMkgs\BMYq.exe
- %HOMEPATH%\gOEYMkgs\zAgo.exe
- %HOMEPATH%\gOEYMkgs\cckq.exe
- %HOMEPATH%\gOEYMkgs\cIQs.exe
- %HOMEPATH%\gOEYMkgs\wksw.exe
- %HOMEPATH%\gOEYMkgs\nMcm.exe
- %HOMEPATH%\gOEYMkgs\bUQe.exe
- %HOMEPATH%\gOEYMkgs\VEwW.exe
- %HOMEPATH%\gOEYMkgs\MUkm.exe
- %HOMEPATH%\gOEYMkgs\pwoY.exe
- %HOMEPATH%\gOEYMkgs\WAYu.exe
- %HOMEPATH%\gOEYMkgs\ekQe.exe
- %HOMEPATH%\gOEYMkgs\VckK.exe
- %HOMEPATH%\gOEYMkgs\KIkg.exe
- %HOMEPATH%\gOEYMkgs\gYgY.exe
- %HOMEPATH%\gOEYMkgs\iAUC.exe
- %HOMEPATH%\gOEYMkgs\zAwi.exe
- %HOMEPATH%\gOEYMkgs\SMEw.exe
- %HOMEPATH%\gOEYMkgs\GQcy.exe
- %HOMEPATH%\gOEYMkgs\rQsQ.exe
- %HOMEPATH%\gOEYMkgs\YgAu.exe
- %HOMEPATH%\gOEYMkgs\UQAw.exe
- %HOMEPATH%\gOEYMkgs\WoQY.exe
- %HOMEPATH%\gOEYMkgs\cIgE.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %HOMEPATH%\gOEYMkgs\aUEa.exe
- %HOMEPATH%\gOEYMkgs\JcYW.exe
- %HOMEPATH%\gOEYMkgs\sUYM.exe
- %HOMEPATH%\gOEYMkgs\hsca.exe
- %HOMEPATH%\gOEYMkgs\aYAk.exe
- %HOMEPATH%\gOEYMkgs\jYUa.exe
- %HOMEPATH%\gOEYMkgs\ckQe.exe
- %HOMEPATH%\gOEYMkgs\uAEW.exe
- %HOMEPATH%\gOEYMkgs\oQko.exe
- %HOMEPATH%\gOEYMkgs\gkMA.exe
- %HOMEPATH%\gOEYMkgs\ckIc.exe
- %HOMEPATH%\gOEYMkgs\bwIu.exe
- %HOMEPATH%\gOEYMkgs\ucoG.exe
- %HOMEPATH%\gOEYMkgs\yAwG.exe
- %HOMEPATH%\gOEYMkgs\YIkW.exe
- %HOMEPATH%\gOEYMkgs\sYAA.exe
- %HOMEPATH%\gOEYMkgs\ZUEa.exe
- %HOMEPATH%\gOEYMkgs\rQIE.exe
- %HOMEPATH%\gOEYMkgs\tYEs.exe
- %HOMEPATH%\gOEYMkgs\lAEq.exe
- %HOMEPATH%\gOEYMkgs\gQEM.exe
- %HOMEPATH%\gOEYMkgs\kgwG.exe
- %HOMEPATH%\gOEYMkgs\Dggc.exe
- %HOMEPATH%\gOEYMkgs\sIgw.exe
- %HOMEPATH%\gOEYMkgs\EwMM.exe
- %HOMEPATH%\gOEYMkgs\Dkgq.exe
- %HOMEPATH%\gOEYMkgs\gYAe.exe
- %HOMEPATH%\gOEYMkgs\RIsw.exe
- %HOMEPATH%\gOEYMkgs\FsYe.exe
- %HOMEPATH%\gOEYMkgs\AwkG.exe
- %HOMEPATH%\gOEYMkgs\jMEQ.exe
- %HOMEPATH%\gOEYMkgs\vAQg.exe
- %HOMEPATH%\gOEYMkgs\TQEG.exe
- %HOMEPATH%\gOEYMkgs\FYoO.exe
- %HOMEPATH%\gOEYMkgs\UkoU.exe
- %HOMEPATH%\gOEYMkgs\wEUA.exe
- %HOMEPATH%\gOEYMkgs\IAEW.exe
- %HOMEPATH%\gOEYMkgs\SwQI.exe
- %HOMEPATH%\gOEYMkgs\kgga.exe
- %HOMEPATH%\gOEYMkgs\ecIa.exe
- %HOMEPATH%\gOEYMkgs\fsMI.exe
- %HOMEPATH%\gOEYMkgs\yYki.exe
- %HOMEPATH%\gOEYMkgs\RgAO.exe
- %HOMEPATH%\gOEYMkgs\RIoE.exe
- %HOMEPATH%\gOEYMkgs\rMky.exe
- %HOMEPATH%\gOEYMkgs\BEci.exe
- %HOMEPATH%\gOEYMkgs\iEEE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\vgsm.exe
- %HOMEPATH%\gOEYMkgs\aUMY.exe
- %HOMEPATH%\gOEYMkgs\acsG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\AoYU.exe
- %HOMEPATH%\gOEYMkgs\bUMw.exe
- %HOMEPATH%\gOEYMkgs\ZEoG.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\igoo.exe
- %HOMEPATH%\gOEYMkgs\fIoE.exe
- %HOMEPATH%\gOEYMkgs\iUIk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\QYom.exe
- %HOMEPATH%\gOEYMkgs\UQUY.exe
- <Текущая директория>\<Имя файла>
- %TEMP%\dGIcYYwg.bat
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\ysko.exe
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %HOMEPATH%\gOEYMkgs\kEos.exe
- %HOMEPATH%\gOEYMkgs\jQoi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\twsq.exe
- %HOMEPATH%\gOEYMkgs\NAEW.exe
- %HOMEPATH%\gOEYMkgs\wkIW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\VUQq.exe
- %HOMEPATH%\gOEYMkgs\rswE.exe
- %HOMEPATH%\gOEYMkgs\CogE.exe
- %HOMEPATH%\gOEYMkgs\OwYS.exe
- %HOMEPATH%\gOEYMkgs\WAEE.exe
- %HOMEPATH%\gOEYMkgs\vwEY.exe
- %HOMEPATH%\gOEYMkgs\xkcQ.exe
- %HOMEPATH%\gOEYMkgs\ScYs.exe
- %HOMEPATH%\gOEYMkgs\pcMQ.exe
- %HOMEPATH%\gOEYMkgs\vAUq.exe
- %HOMEPATH%\gOEYMkgs\OUkm.exe
- %HOMEPATH%\gOEYMkgs\UoEE.exe
- %HOMEPATH%\gOEYMkgs\KEUG.exe
- %HOMEPATH%\gOEYMkgs\tAwY.exe
- %HOMEPATH%\gOEYMkgs\eMAe.exe
- %HOMEPATH%\gOEYMkgs\iUYI.exe
- %HOMEPATH%\gOEYMkgs\ZkkQ.exe
- %HOMEPATH%\gOEYMkgs\qYwo.exe
- %HOMEPATH%\gOEYMkgs\ywoO.exe
- %HOMEPATH%\gOEYMkgs\CEIo.exe
- %HOMEPATH%\gOEYMkgs\EEQa.exe
- %HOMEPATH%\gOEYMkgs\lUcU.exe
- %HOMEPATH%\gOEYMkgs\XIMI.exe
- %HOMEPATH%\gOEYMkgs\KEcC.exe
- %HOMEPATH%\gOEYMkgs\xAQK.exe
- %HOMEPATH%\gOEYMkgs\JoEO.exe
- %HOMEPATH%\gOEYMkgs\gEYE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\EIoY.exe
- %HOMEPATH%\gOEYMkgs\wccU.exe
- %HOMEPATH%\gOEYMkgs\osok.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\rAoG.exe
- %HOMEPATH%\gOEYMkgs\hQsK.exe
- %HOMEPATH%\gOEYMkgs\KQws.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\aUMm.exe
- %HOMEPATH%\gOEYMkgs\TQMM.exe
- %HOMEPATH%\gOEYMkgs\RAoM.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\DUkI.exe
- %HOMEPATH%\gOEYMkgs\qcsW.exe
- %HOMEPATH%\gOEYMkgs\EgEy.exe
- %HOMEPATH%\gOEYMkgs\VAkO.exe
- %HOMEPATH%\gOEYMkgs\rUAC.exe
- %HOMEPATH%\gOEYMkgs\wYsO.exe
- %HOMEPATH%\gOEYMkgs\gYoi.exe
- %HOMEPATH%\gOEYMkgs\goYq.exe
- %HOMEPATH%\gOEYMkgs\fQEE.exe
- %HOMEPATH%\gOEYMkgs\OcQI.exe
- %HOMEPATH%\gOEYMkgs\RIsw.exe
- %HOMEPATH%\gOEYMkgs\vAQg.exe
- %HOMEPATH%\gOEYMkgs\Dggc.exe
- %HOMEPATH%\gOEYMkgs\sIgw.exe
- %HOMEPATH%\gOEYMkgs\TQEG.exe
- %HOMEPATH%\gOEYMkgs\AwkG.exe
- %HOMEPATH%\gOEYMkgs\WoQY.exe
- %HOMEPATH%\gOEYMkgs\jMEQ.exe
- %HOMEPATH%\gOEYMkgs\FsYe.exe
- %HOMEPATH%\gOEYMkgs\qYYi.exe
- %HOMEPATH%\gOEYMkgs\Ekge.exe
- %HOMEPATH%\gOEYMkgs\Jkgu.exe
- %HOMEPATH%\gOEYMkgs\NkES.exe
- %HOMEPATH%\gOEYMkgs\sEIg.exe
- %HOMEPATH%\gOEYMkgs\NcYm.exe
- %HOMEPATH%\gOEYMkgs\KIkg.exe
- %HOMEPATH%\gOEYMkgs\ekQe.exe
- %HOMEPATH%\gOEYMkgs\gYgY.exe
- %HOMEPATH%\gOEYMkgs\iAUC.exe
- %HOMEPATH%\gOEYMkgs\AIka.exe
- %HOMEPATH%\gOEYMkgs\zskQ.exe
- %HOMEPATH%\gOEYMkgs\kAko.exe
- %HOMEPATH%\gOEYMkgs\FQca.exe
- %HOMEPATH%\gOEYMkgs\IoUk.exe
- %HOMEPATH%\gOEYMkgs\PcUo.exe
- %HOMEPATH%\gOEYMkgs\fwkW.exe
- %HOMEPATH%\gOEYMkgs\nIQk.exe
- %HOMEPATH%\gOEYMkgs\lEcI.exe
- %HOMEPATH%\gOEYMkgs\EwMM.exe
- %HOMEPATH%\gOEYMkgs\gkMA.exe
- %HOMEPATH%\gOEYMkgs\JcYW.exe
- %HOMEPATH%\gOEYMkgs\ZUEa.exe
- %HOMEPATH%\gOEYMkgs\rQIE.exe
- %HOMEPATH%\gOEYMkgs\sUYM.exe
- %HOMEPATH%\gOEYMkgs\hsca.exe
- %HOMEPATH%\gOEYMkgs\uAEW.exe
- %HOMEPATH%\gOEYMkgs\aUEa.exe
- %HOMEPATH%\gOEYMkgs\cIgE.exe
- %HOMEPATH%\gOEYMkgs\ucoG.exe
- %HOMEPATH%\gOEYMkgs\ckIc.exe
- %HOMEPATH%\gOEYMkgs\yAwG.exe
- %HOMEPATH%\gOEYMkgs\YIkW.exe
- %HOMEPATH%\gOEYMkgs\bwIu.exe
- %HOMEPATH%\gOEYMkgs\gQEM.exe
- %HOMEPATH%\gOEYMkgs\tYEs.exe
- %HOMEPATH%\gOEYMkgs\sYAA.exe
- %HOMEPATH%\gOEYMkgs\lAEq.exe
- %HOMEPATH%\gOEYMkgs\oQko.exe
- %HOMEPATH%\gOEYMkgs\rMky.exe
- %HOMEPATH%\gOEYMkgs\RgAO.exe
- %HOMEPATH%\gOEYMkgs\ecIa.exe
- %HOMEPATH%\gOEYMkgs\RIoE.exe
- %HOMEPATH%\gOEYMkgs\fsMI.exe
- %HOMEPATH%\gOEYMkgs\Dkgq.exe
- %HOMEPATH%\gOEYMkgs\gYAe.exe
- %HOMEPATH%\gOEYMkgs\yYki.exe
- %HOMEPATH%\gOEYMkgs\FYoO.exe
- %HOMEPATH%\gOEYMkgs\jYUa.exe
- %HOMEPATH%\gOEYMkgs\kgwG.exe
- %HOMEPATH%\gOEYMkgs\ckQe.exe
- %HOMEPATH%\gOEYMkgs\aYAk.exe
- %HOMEPATH%\gOEYMkgs\SwQI.exe
- %HOMEPATH%\gOEYMkgs\UkoU.exe
- %HOMEPATH%\gOEYMkgs\wEUA.exe
- %HOMEPATH%\gOEYMkgs\kgga.exe
- %HOMEPATH%\gOEYMkgs\IAEW.exe
- %HOMEPATH%\gOEYMkgs\VckK.exe
- %HOMEPATH%\gOEYMkgs\EIoY.exe
- %HOMEPATH%\gOEYMkgs\gEYE.exe
- %HOMEPATH%\gOEYMkgs\RAoM.exe
- %HOMEPATH%\gOEYMkgs\hQsK.exe
- %HOMEPATH%\gOEYMkgs\wccU.exe
- %HOMEPATH%\gOEYMkgs\rswE.exe
- %HOMEPATH%\gOEYMkgs\igoo.exe
- %HOMEPATH%\gOEYMkgs\rAoG.exe
- %HOMEPATH%\gOEYMkgs\osok.exe
- %HOMEPATH%\gOEYMkgs\pcMQ.exe
- %HOMEPATH%\gOEYMkgs\vAUq.exe
- %HOMEPATH%\gOEYMkgs\KEUG.exe
- %HOMEPATH%\gOEYMkgs\OUkm.exe
- %HOMEPATH%\gOEYMkgs\JoEO.exe
- %HOMEPATH%\gOEYMkgs\TQMM.exe
- %HOMEPATH%\gOEYMkgs\DUkI.exe
- %HOMEPATH%\gOEYMkgs\aUMm.exe
- %HOMEPATH%\gOEYMkgs\KQws.exe
- %HOMEPATH%\gOEYMkgs\ZEoG.exe
- %HOMEPATH%\gOEYMkgs\jQoi.exe
- %HOMEPATH%\gOEYMkgs\NAEW.exe
- %HOMEPATH%\gOEYMkgs\UQUY.exe
- %HOMEPATH%\gOEYMkgs\twsq.exe
- %HOMEPATH%\gOEYMkgs\VUQq.exe
- %HOMEPATH%\gOEYMkgs\ysko.exe
- %TEMP%\dGIcYYwg.bat
- %HOMEPATH%\gOEYMkgs\wkIW.exe
- %HOMEPATH%\gOEYMkgs\kEos.exe
- %HOMEPATH%\gOEYMkgs\iUIk.exe
- %HOMEPATH%\gOEYMkgs\bUMw.exe
- %HOMEPATH%\gOEYMkgs\fIoE.exe
- %HOMEPATH%\gOEYMkgs\QYom.exe
- %HOMEPATH%\gOEYMkgs\vgsm.exe
- %HOMEPATH%\gOEYMkgs\AoYU.exe
- %HOMEPATH%\gOEYMkgs\acsG.exe
- %HOMEPATH%\gOEYMkgs\iEEE.exe
- %HOMEPATH%\gOEYMkgs\aUMY.exe
- %HOMEPATH%\gOEYMkgs\UoEE.exe
- %HOMEPATH%\gOEYMkgs\BMYq.exe
- %HOMEPATH%\gOEYMkgs\wksw.exe
- %HOMEPATH%\gOEYMkgs\zAgo.exe
- %HOMEPATH%\gOEYMkgs\DEYQ.exe
- %HOMEPATH%\gOEYMkgs\MUkm.exe
- %HOMEPATH%\gOEYMkgs\nMcm.exe
- %HOMEPATH%\gOEYMkgs\bUQe.exe
- %HOMEPATH%\gOEYMkgs\pwoY.exe
- %HOMEPATH%\gOEYMkgs\VEwW.exe
- %HOMEPATH%\gOEYMkgs\UQAw.exe
- %HOMEPATH%\gOEYMkgs\rQsQ.exe
- %HOMEPATH%\gOEYMkgs\zAwi.exe
- %HOMEPATH%\gOEYMkgs\YgAu.exe
- %HOMEPATH%\gOEYMkgs\SMEw.exe
- %HOMEPATH%\gOEYMkgs\cckq.exe
- %HOMEPATH%\gOEYMkgs\cIQs.exe
- %HOMEPATH%\gOEYMkgs\GQcy.exe
- %HOMEPATH%\gOEYMkgs\WAYu.exe
- %HOMEPATH%\gOEYMkgs\BEci.exe
- %HOMEPATH%\gOEYMkgs\tAwY.exe
- %HOMEPATH%\gOEYMkgs\vwEY.exe
- %HOMEPATH%\gOEYMkgs\EEQa.exe
- %HOMEPATH%\gOEYMkgs\lUcU.exe
- %HOMEPATH%\gOEYMkgs\xkcQ.exe
- %HOMEPATH%\gOEYMkgs\OwYS.exe
- %HOMEPATH%\gOEYMkgs\ScYs.exe
- %HOMEPATH%\gOEYMkgs\WAEE.exe
- %HOMEPATH%\gOEYMkgs\CogE.exe
- %HOMEPATH%\gOEYMkgs\ZkkQ.exe
- %HOMEPATH%\gOEYMkgs\eMAe.exe
- %HOMEPATH%\gOEYMkgs\qYwo.exe
- %HOMEPATH%\gOEYMkgs\ywoO.exe
- %HOMEPATH%\gOEYMkgs\iUYI.exe
- %HOMEPATH%\gOEYMkgs\xAQK.exe
- %HOMEPATH%\gOEYMkgs\XIMI.exe
- %HOMEPATH%\gOEYMkgs\CEIo.exe
- %HOMEPATH%\gOEYMkgs\KEcC.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'