Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- скрытых файлов
- расширений файлов
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '%TEMP%\ashAvSrv.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\ashAvSrv.exe
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\mooc.exe
- %HOMEPATH%\gOEYMkgs\wIEu.exe
- %HOMEPATH%\gOEYMkgs\cIwO.exe
- %HOMEPATH%\gOEYMkgs\xUMI.exe
- %HOMEPATH%\gOEYMkgs\hUAi.exe
- %HOMEPATH%\gOEYMkgs\AYQy.exe
- %HOMEPATH%\gOEYMkgs\HYYU.exe
- %HOMEPATH%\gOEYMkgs\IgYc.exe
- %HOMEPATH%\gOEYMkgs\xcQy.exe
- %HOMEPATH%\gOEYMkgs\aAso.exe
- %HOMEPATH%\gOEYMkgs\kYko.exe
- %HOMEPATH%\gOEYMkgs\oYQC.exe
- %HOMEPATH%\gOEYMkgs\XMQA.exe
- %HOMEPATH%\gOEYMkgs\AcEG.exe
- %HOMEPATH%\gOEYMkgs\ucYq.exe
- %HOMEPATH%\gOEYMkgs\zsUk.exe
- %HOMEPATH%\gOEYMkgs\BwUG.exe
- %HOMEPATH%\gOEYMkgs\kEAo.exe
- %HOMEPATH%\gOEYMkgs\ugEu.exe
- %HOMEPATH%\gOEYMkgs\wsUk.exe
- %HOMEPATH%\gOEYMkgs\lkwA.exe
- %HOMEPATH%\gOEYMkgs\aoYo.exe
- %HOMEPATH%\gOEYMkgs\pIEi.exe
- %HOMEPATH%\gOEYMkgs\JogK.exe
- %HOMEPATH%\gOEYMkgs\OkcI.exe
- %HOMEPATH%\gOEYMkgs\EQoy.exe
- %HOMEPATH%\gOEYMkgs\cQYI.exe
- %HOMEPATH%\gOEYMkgs\goAI.exe
- %HOMEPATH%\gOEYMkgs\zQgk.exe
- %HOMEPATH%\gOEYMkgs\OIkE.exe
- %HOMEPATH%\gOEYMkgs\EgIs.exe
- %HOMEPATH%\gOEYMkgs\REgu.exe
- %HOMEPATH%\gOEYMkgs\KskI.exe
- %HOMEPATH%\gOEYMkgs\CsUy.exe
- %HOMEPATH%\gOEYMkgs\yowA.exe
- %HOMEPATH%\gOEYMkgs\NEwo.exe
- %HOMEPATH%\gOEYMkgs\aAAs.exe
- %HOMEPATH%\gOEYMkgs\uQke.exe
- %HOMEPATH%\gOEYMkgs\rkYU.exe
- %HOMEPATH%\gOEYMkgs\xcsY.exe
- %HOMEPATH%\gOEYMkgs\BkgK.exe
- %HOMEPATH%\gOEYMkgs\hIge.exe
- %HOMEPATH%\gOEYMkgs\kcwG.exe
- %HOMEPATH%\gOEYMkgs\YoMy.exe
- %HOMEPATH%\gOEYMkgs\TgIY.exe
- %HOMEPATH%\gOEYMkgs\okgQ.exe
- %HOMEPATH%\gOEYMkgs\nkIe.exe
- %HOMEPATH%\gOEYMkgs\sMYO.exe
- %HOMEPATH%\gOEYMkgs\YMAm.exe
- %HOMEPATH%\gOEYMkgs\qIUG.exe
- %HOMEPATH%\gOEYMkgs\kUMA.exe
- %HOMEPATH%\gOEYMkgs\eAUS.exe
- %HOMEPATH%\gOEYMkgs\gMwC.exe
- %HOMEPATH%\gOEYMkgs\QwUY.exe
- %HOMEPATH%\gOEYMkgs\mwsA.exe
- %HOMEPATH%\gOEYMkgs\MEQC.exe
- %HOMEPATH%\gOEYMkgs\sMsQ.exe
- %HOMEPATH%\gOEYMkgs\ioMQ.exe
- %HOMEPATH%\gOEYMkgs\eYoO.exe
- %HOMEPATH%\gOEYMkgs\WUkg.exe
- %HOMEPATH%\gOEYMkgs\XIcQ.exe
- %HOMEPATH%\gOEYMkgs\gUoo.exe
- %HOMEPATH%\gOEYMkgs\HMYS.exe
- %TEMP%\WER84b5.dir00\appcompat.txt
- %TEMP%\WER84b5.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER84b5.dir00\ZgMYMIIE.exe.mdmp
- C:\Documents and Settings\LocalService\gOEYMkgs\SSIkQYgQ
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
- %TEMP%\WER84b5.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\eMEU.exe
- %HOMEPATH%\gOEYMkgs\pIcO.exe
- %HOMEPATH%\gOEYMkgs\XwAK.exe
- %HOMEPATH%\gOEYMkgs\vsYy.exe
- %HOMEPATH%\gOEYMkgs\kcEy.exe
- %HOMEPATH%\gOEYMkgs\LEAi.exe
- %HOMEPATH%\gOEYMkgs\pgAC.exe
- %HOMEPATH%\gOEYMkgs\EYAw.exe
- %HOMEPATH%\gOEYMkgs\fsMw.exe
- %HOMEPATH%\gOEYMkgs\OkUm.exe
- %HOMEPATH%\gOEYMkgs\dwQc.exe
- %HOMEPATH%\gOEYMkgs\QEsk.exe
- %HOMEPATH%\gOEYMkgs\WMYm.exe
- %HOMEPATH%\gOEYMkgs\wQwI.exe
- %HOMEPATH%\gOEYMkgs\vsgC.exe
- %HOMEPATH%\gOEYMkgs\PIss.exe
- %HOMEPATH%\gOEYMkgs\cIEC.exe
- %HOMEPATH%\gOEYMkgs\wAce.exe
- %HOMEPATH%\gOEYMkgs\KgsC.exe
- %HOMEPATH%\gOEYMkgs\HkAO.exe
- %HOMEPATH%\gOEYMkgs\qkgw.exe
- %HOMEPATH%\gOEYMkgs\jEcs.exe
- %HOMEPATH%\gOEYMkgs\jggY.exe
- %HOMEPATH%\gOEYMkgs\TAcg.exe
- %HOMEPATH%\gOEYMkgs\YUYU.exe
- %HOMEPATH%\gOEYMkgs\WsAK.exe
- %HOMEPATH%\gOEYMkgs\PUkW.exe
- %HOMEPATH%\gOEYMkgs\CAwi.exe
- %HOMEPATH%\gOEYMkgs\DYYG.exe
- %HOMEPATH%\gOEYMkgs\eEEs.exe
- %HOMEPATH%\gOEYMkgs\bcoS.exe
- %HOMEPATH%\gOEYMkgs\uUMw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\ksQE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\WUEa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\SEwC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\HYkI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\rAMY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZAYu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\RoES.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\Ogsm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\pEYw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\dMoA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\mgII.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\GYUE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %TEMP%\WERa5d4.dir00\manifest.txt
- %TEMP%\WERa5d4.dir00\appcompat.txt
- %TEMP%\WERa5d4.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER1812.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\gUoW.exe
- %ALLUSERSPROFILE%\caQc.txt
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %TEMP%\WERa5d4.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %TEMP%\WER1812.dir00\manifest.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %TEMP%\WER1812.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\pkgi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\bsoe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %TEMP%\WER1812.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\xgcm.exe
- %HOMEPATH%\gOEYMkgs\xUUW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\tYAs.exe
- %HOMEPATH%\gOEYMkgs\LEos.exe
- %HOMEPATH%\gOEYMkgs\pIMG.exe
- %HOMEPATH%\gOEYMkgs\Tccm.exe
- %HOMEPATH%\gOEYMkgs\kIUM.exe
- %HOMEPATH%\gOEYMkgs\JkUA.exe
- %HOMEPATH%\gOEYMkgs\dggQ.exe
- %HOMEPATH%\gOEYMkgs\rIYe.exe
- %HOMEPATH%\gOEYMkgs\wgUC.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\oAoY.exe
- %HOMEPATH%\gOEYMkgs\AMcy.exe
- %HOMEPATH%\gOEYMkgs\uMcE.exe
- %HOMEPATH%\gOEYMkgs\akcg.exe
- %HOMEPATH%\gOEYMkgs\Ekwm.exe
- %HOMEPATH%\gOEYMkgs\UwMq.exe
- %HOMEPATH%\gOEYMkgs\EYwm.exe
- %HOMEPATH%\gOEYMkgs\YMEo.exe
- %HOMEPATH%\gOEYMkgs\xoQE.exe
- %HOMEPATH%\gOEYMkgs\IkAq.exe
- %HOMEPATH%\gOEYMkgs\DYUE.exe
- %HOMEPATH%\gOEYMkgs\cggA.exe
- %HOMEPATH%\gOEYMkgs\pkgg.exe
- %HOMEPATH%\gOEYMkgs\BIQs.exe
- %HOMEPATH%\gOEYMkgs\IQEg.exe
- %HOMEPATH%\gOEYMkgs\soQc.exe
- %HOMEPATH%\gOEYMkgs\rsQI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\iEMk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\QMYq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\iYMY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\UowU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\PgcM.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\BAwC.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\CwQO.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\vIok.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\NkoY.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\mwMq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\BoMk.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\JMso.exe
- %HOMEPATH%\gOEYMkgs\BwUG.exe
- %HOMEPATH%\gOEYMkgs\kEAo.exe
- %HOMEPATH%\gOEYMkgs\wQwI.exe
- %HOMEPATH%\gOEYMkgs\vsgC.exe
- %HOMEPATH%\gOEYMkgs\ugEu.exe
- %HOMEPATH%\gOEYMkgs\zsUk.exe
- %HOMEPATH%\gOEYMkgs\pIEi.exe
- %HOMEPATH%\gOEYMkgs\AcEG.exe
- %HOMEPATH%\gOEYMkgs\ucYq.exe
- %HOMEPATH%\gOEYMkgs\WMYm.exe
- %HOMEPATH%\gOEYMkgs\QEsk.exe
- %HOMEPATH%\gOEYMkgs\pgAC.exe
- %HOMEPATH%\gOEYMkgs\OkUm.exe
- %HOMEPATH%\gOEYMkgs\dwQc.exe
- %HOMEPATH%\gOEYMkgs\EYAw.exe
- %HOMEPATH%\gOEYMkgs\cIEC.exe
- %HOMEPATH%\gOEYMkgs\wAce.exe
- %HOMEPATH%\gOEYMkgs\fsMw.exe
- %HOMEPATH%\gOEYMkgs\PIss.exe
- %HOMEPATH%\gOEYMkgs\JogK.exe
- %HOMEPATH%\gOEYMkgs\kYko.exe
- %HOMEPATH%\gOEYMkgs\oYQC.exe
- %HOMEPATH%\gOEYMkgs\cIwO.exe
- %HOMEPATH%\gOEYMkgs\aAso.exe
- %HOMEPATH%\gOEYMkgs\HYYU.exe
- %HOMEPATH%\gOEYMkgs\hIge.exe
- %HOMEPATH%\gOEYMkgs\kcwG.exe
- %HOMEPATH%\gOEYMkgs\IgYc.exe
- %HOMEPATH%\gOEYMkgs\xcQy.exe
- %HOMEPATH%\gOEYMkgs\wIEu.exe
- %HOMEPATH%\gOEYMkgs\lkwA.exe
- %HOMEPATH%\gOEYMkgs\aoYo.exe
- %HOMEPATH%\gOEYMkgs\OkcI.exe
- %HOMEPATH%\gOEYMkgs\wsUk.exe
- %HOMEPATH%\gOEYMkgs\XMQA.exe
- %HOMEPATH%\gOEYMkgs\AYQy.exe
- %HOMEPATH%\gOEYMkgs\mooc.exe
- %HOMEPATH%\gOEYMkgs\xUMI.exe
- %HOMEPATH%\gOEYMkgs\hUAi.exe
- %HOMEPATH%\gOEYMkgs\KgsC.exe
- %HOMEPATH%\gOEYMkgs\pIcO.exe
- %HOMEPATH%\gOEYMkgs\XwAK.exe
- %HOMEPATH%\gOEYMkgs\LEAi.exe
- %HOMEPATH%\gOEYMkgs\eMEU.exe
- %HOMEPATH%\gOEYMkgs\HMYS.exe
- %HOMEPATH%\gOEYMkgs\MEQC.exe
- %HOMEPATH%\gOEYMkgs\kUMA.exe
- %HOMEPATH%\gOEYMkgs\QwUY.exe
- %HOMEPATH%\gOEYMkgs\mwsA.exe
- %HOMEPATH%\gOEYMkgs\kcEy.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- %HOMEPATH%\gOEYMkgs\vsYy.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- %HOMEPATH%\gOEYMkgs\eAUS.exe
- %HOMEPATH%\gOEYMkgs\jEcs.exe
- %HOMEPATH%\gOEYMkgs\DYYG.exe
- %HOMEPATH%\gOEYMkgs\HkAO.exe
- %HOMEPATH%\gOEYMkgs\qkgw.exe
- %HOMEPATH%\gOEYMkgs\eEEs.exe
- %HOMEPATH%\gOEYMkgs\PUkW.exe
- %HOMEPATH%\gOEYMkgs\CAwi.exe
- %HOMEPATH%\gOEYMkgs\bcoS.exe
- %HOMEPATH%\gOEYMkgs\WsAK.exe
- %HOMEPATH%\gOEYMkgs\YUYU.exe
- %HOMEPATH%\gOEYMkgs\XIcQ.exe
- %HOMEPATH%\gOEYMkgs\gUoo.exe
- %HOMEPATH%\gOEYMkgs\gMwC.exe
- %HOMEPATH%\gOEYMkgs\WUkg.exe
- %HOMEPATH%\gOEYMkgs\sMsQ.exe
- %HOMEPATH%\gOEYMkgs\jggY.exe
- %HOMEPATH%\gOEYMkgs\TAcg.exe
- %HOMEPATH%\gOEYMkgs\ioMQ.exe
- %HOMEPATH%\gOEYMkgs\eYoO.exe
- %HOMEPATH%\gOEYMkgs\YoMy.exe
- %HOMEPATH%\gOEYMkgs\mwMq.exe
- %HOMEPATH%\gOEYMkgs\BAwC.exe
- %HOMEPATH%\gOEYMkgs\BoMk.exe
- %HOMEPATH%\gOEYMkgs\JMso.exe
- %HOMEPATH%\gOEYMkgs\QMYq.exe
- %HOMEPATH%\gOEYMkgs\PgcM.exe
- %HOMEPATH%\gOEYMkgs\iYMY.exe
- %HOMEPATH%\gOEYMkgs\rsQI.exe
- %HOMEPATH%\gOEYMkgs\iEMk.exe
- %HOMEPATH%\gOEYMkgs\CwQO.exe
- %HOMEPATH%\gOEYMkgs\oAoY.exe
- %HOMEPATH%\gOEYMkgs\AMcy.exe
- %HOMEPATH%\gOEYMkgs\pIMG.exe
- %HOMEPATH%\gOEYMkgs\Tccm.exe
- %HOMEPATH%\gOEYMkgs\uMcE.exe
- %HOMEPATH%\gOEYMkgs\vIok.exe
- %HOMEPATH%\gOEYMkgs\NkoY.exe
- %HOMEPATH%\gOEYMkgs\rIYe.exe
- %HOMEPATH%\gOEYMkgs\wgUC.exe
- %HOMEPATH%\gOEYMkgs\UowU.exe
- %HOMEPATH%\gOEYMkgs\pkgi.exe
- %HOMEPATH%\gOEYMkgs\bsoe.exe
- %HOMEPATH%\gOEYMkgs\ZAYu.exe
- %HOMEPATH%\gOEYMkgs\HYkI.exe
- %HOMEPATH%\gOEYMkgs\xUUW.exe
- %HOMEPATH%\gOEYMkgs\gUoW.exe
- %TEMP%\FiAEQEkM.bat
- %HOMEPATH%\gOEYMkgs\tYAs.exe
- %HOMEPATH%\gOEYMkgs\xgcm.exe
- %HOMEPATH%\gOEYMkgs\rAMY.exe
- %HOMEPATH%\gOEYMkgs\Ogsm.exe
- %HOMEPATH%\gOEYMkgs\GYUE.exe
- %HOMEPATH%\gOEYMkgs\pEYw.exe
- %HOMEPATH%\gOEYMkgs\RoES.exe
- %HOMEPATH%\gOEYMkgs\dMoA.exe
- %HOMEPATH%\gOEYMkgs\SEwC.exe
- %HOMEPATH%\gOEYMkgs\ksQE.exe
- %HOMEPATH%\gOEYMkgs\mgII.exe
- %HOMEPATH%\gOEYMkgs\WUEa.exe
- %HOMEPATH%\gOEYMkgs\LEos.exe
- %HOMEPATH%\gOEYMkgs\EgIs.exe
- %HOMEPATH%\gOEYMkgs\EQoy.exe
- %HOMEPATH%\gOEYMkgs\zQgk.exe
- %HOMEPATH%\gOEYMkgs\OIkE.exe
- %HOMEPATH%\gOEYMkgs\cQYI.exe
- %HOMEPATH%\gOEYMkgs\NEwo.exe
- %HOMEPATH%\gOEYMkgs\aAAs.exe
- %HOMEPATH%\gOEYMkgs\goAI.exe
- %HOMEPATH%\gOEYMkgs\yowA.exe
- %HOMEPATH%\gOEYMkgs\uQke.exe
- %HOMEPATH%\gOEYMkgs\BkgK.exe
- %HOMEPATH%\gOEYMkgs\sMYO.exe
- %HOMEPATH%\gOEYMkgs\rkYU.exe
- %HOMEPATH%\gOEYMkgs\xcsY.exe
- %HOMEPATH%\gOEYMkgs\YMAm.exe
- %HOMEPATH%\gOEYMkgs\okgQ.exe
- %HOMEPATH%\gOEYMkgs\nkIe.exe
- %HOMEPATH%\gOEYMkgs\qIUG.exe
- %HOMEPATH%\gOEYMkgs\TgIY.exe
- %HOMEPATH%\gOEYMkgs\REgu.exe
- %HOMEPATH%\gOEYMkgs\DYUE.exe
- %HOMEPATH%\gOEYMkgs\cggA.exe
- %HOMEPATH%\gOEYMkgs\IQEg.exe
- %HOMEPATH%\gOEYMkgs\soQc.exe
- %HOMEPATH%\gOEYMkgs\pkgg.exe
- %HOMEPATH%\gOEYMkgs\JkUA.exe
- %HOMEPATH%\gOEYMkgs\dggQ.exe
- %HOMEPATH%\gOEYMkgs\akcg.exe
- %HOMEPATH%\gOEYMkgs\kIUM.exe
- %HOMEPATH%\gOEYMkgs\BIQs.exe
- %HOMEPATH%\gOEYMkgs\uUMw.exe
- %HOMEPATH%\gOEYMkgs\YMEo.exe
- %HOMEPATH%\gOEYMkgs\KskI.exe
- %HOMEPATH%\gOEYMkgs\CsUy.exe
- %HOMEPATH%\gOEYMkgs\xoQE.exe
- %HOMEPATH%\gOEYMkgs\UwMq.exe
- %HOMEPATH%\gOEYMkgs\EYwm.exe
- %HOMEPATH%\gOEYMkgs\IkAq.exe
- %HOMEPATH%\gOEYMkgs\Ekwm.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Open'
- ClassName: '' WindowName: 'Run'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'