Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- скрытых файлов
- расширений файлов
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Текущая директория>\<Имя файла>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- %HOMEPATH%\gOEYMkgs\IYsy.exe
- %HOMEPATH%\gOEYMkgs\FYIs.exe
- %HOMEPATH%\gOEYMkgs\DAgE.exe
- %HOMEPATH%\gOEYMkgs\bUws.exe
- %HOMEPATH%\gOEYMkgs\FEQY.exe
- %HOMEPATH%\gOEYMkgs\eAUQ.exe
- %HOMEPATH%\gOEYMkgs\QEIi.exe
- %HOMEPATH%\gOEYMkgs\XAkw.exe
- %HOMEPATH%\gOEYMkgs\JoEW.exe
- %HOMEPATH%\gOEYMkgs\QIwg.exe
- %HOMEPATH%\gOEYMkgs\AMYw.exe
- %HOMEPATH%\gOEYMkgs\UIIk.exe
- %HOMEPATH%\gOEYMkgs\uUYK.exe
- %HOMEPATH%\gOEYMkgs\XUgQ.exe
- %HOMEPATH%\gOEYMkgs\dokg.exe
- %HOMEPATH%\gOEYMkgs\oAsw.exe
- %HOMEPATH%\gOEYMkgs\McwW.exe
- %HOMEPATH%\gOEYMkgs\PQUi.exe
- %HOMEPATH%\gOEYMkgs\XMIw.exe
- %HOMEPATH%\gOEYMkgs\VcUW.exe
- %HOMEPATH%\gOEYMkgs\jswm.exe
- %HOMEPATH%\gOEYMkgs\dsYc.exe
- %HOMEPATH%\gOEYMkgs\LEkA.exe
- %HOMEPATH%\gOEYMkgs\acIO.exe
- %HOMEPATH%\gOEYMkgs\iQkA.exe
- %TEMP%\WERaec0.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\YMoo.exe
- %HOMEPATH%\gOEYMkgs\cIQy.exe
- %HOMEPATH%\gOEYMkgs\KQsM.exe
- %HOMEPATH%\gOEYMkgs\yYUU.exe
- %HOMEPATH%\gOEYMkgs\dsYg.exe
- %HOMEPATH%\gOEYMkgs\gMso.exe
- %HOMEPATH%\gOEYMkgs\HgAS.exe
- %HOMEPATH%\gOEYMkgs\KoQA.exe
- %HOMEPATH%\gOEYMkgs\hcsk.exe
- %TEMP%\WERaec0.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERaec0.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\DAkQ.exe
- %HOMEPATH%\gOEYMkgs\jMsQ.exe
- %HOMEPATH%\gOEYMkgs\SQIs.exe
- %TEMP%\WERaec0.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\HggW.exe
- %HOMEPATH%\gOEYMkgs\GIcM.exe
- %HOMEPATH%\gOEYMkgs\KYAa.exe
- %HOMEPATH%\gOEYMkgs\pUgU.exe
- %HOMEPATH%\gOEYMkgs\hQgG.exe
- %HOMEPATH%\gOEYMkgs\OEAA.exe
- %HOMEPATH%\gOEYMkgs\TsYM.exe
- %TEMP%\WER247f.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\iwQy.exe
- %HOMEPATH%\gOEYMkgs\qAQs.exe
- %HOMEPATH%\gOEYMkgs\AAMW.exe
- %HOMEPATH%\gOEYMkgs\Rssy.exe
- %HOMEPATH%\gOEYMkgs\lYYi.exe
- %HOMEPATH%\gOEYMkgs\voos.exe
- %HOMEPATH%\gOEYMkgs\aIwU.exe
- %HOMEPATH%\gOEYMkgs\WQko.exe
- %HOMEPATH%\gOEYMkgs\iMkC.exe
- %HOMEPATH%\gOEYMkgs\cAUU.exe
- %HOMEPATH%\gOEYMkgs\RIUY.exe
- %TEMP%\WER247f.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\Bsku.exe
- %TEMP%\WER247f.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\KEEE.exe
- %HOMEPATH%\gOEYMkgs\ykcO.exe
- %HOMEPATH%\gOEYMkgs\lMsa.exe
- %HOMEPATH%\gOEYMkgs\AsEK.exe
- %TEMP%\WER247f.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\OUIk.exe
- %HOMEPATH%\gOEYMkgs\sUQe.exe
- %HOMEPATH%\gOEYMkgs\vcMo.exe
- %HOMEPATH%\gOEYMkgs\PkAc.exe
- %HOMEPATH%\gOEYMkgs\DAwA.exe
- %HOMEPATH%\gOEYMkgs\QAgS.exe
- %HOMEPATH%\gOEYMkgs\VAUc.exe
- %HOMEPATH%\gOEYMkgs\owMA.exe
- %HOMEPATH%\gOEYMkgs\soMk.exe
- %HOMEPATH%\gOEYMkgs\ZAYE.exe
- %HOMEPATH%\gOEYMkgs\mYQY.exe
- %HOMEPATH%\gOEYMkgs\ugoI.exe
- %HOMEPATH%\gOEYMkgs\yocK.exe
- %HOMEPATH%\gOEYMkgs\hQcw.exe
- %HOMEPATH%\gOEYMkgs\kUoQ.exe
- %HOMEPATH%\gOEYMkgs\TwAa.exe
- %HOMEPATH%\gOEYMkgs\rEwe.exe
- %HOMEPATH%\gOEYMkgs\LYgY.exe
- %HOMEPATH%\gOEYMkgs\sAYI.exe
- %HOMEPATH%\gOEYMkgs\tQMG.exe
- %HOMEPATH%\gOEYMkgs\hUEe.exe
- %HOMEPATH%\gOEYMkgs\vgku.exe
- %HOMEPATH%\gOEYMkgs\mwsq.exe
- %HOMEPATH%\gOEYMkgs\rMwW.exe
- %HOMEPATH%\gOEYMkgs\SIUe.exe
- %HOMEPATH%\gOEYMkgs\swAm.exe
- %HOMEPATH%\gOEYMkgs\eAMc.exe
- %HOMEPATH%\gOEYMkgs\WYMs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\LwwE.exe
- %HOMEPATH%\gOEYMkgs\BAou.exe
- %HOMEPATH%\gOEYMkgs\NQoE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\LcAi.exe
- %HOMEPATH%\gOEYMkgs\kwQU.exe
- %HOMEPATH%\gOEYMkgs\QYEi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- <Текущая директория>\<Имя файла>
- %HOMEPATH%\gOEYMkgs\sAsy.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\lsEK.exe
- %HOMEPATH%\gOEYMkgs\eocW.exe
- %HOMEPATH%\gOEYMkgs\vEYs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\PsUS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\caQc.txt
- %TEMP%\WERb9b0.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WERb9b0.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\hIQo.exe
- %TEMP%\WERb9b0.dir00\manifest.txt
- %TEMP%\WERb9b0.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\SIEM.exe
- %HOMEPATH%\gOEYMkgs\QkcU.exe
- %HOMEPATH%\gOEYMkgs\akcS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\WoIA.exe
- %HOMEPATH%\gOEYMkgs\BQsy.exe
- %HOMEPATH%\gOEYMkgs\DAMc.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %TEMP%\WER33a2.dir00\ZgMYMIIE.exe.mdmp
- %HOMEPATH%\gOEYMkgs\hgsm.exe
- %HOMEPATH%\gOEYMkgs\CosE.exe
- %HOMEPATH%\gOEYMkgs\gYUQ.exe
- %HOMEPATH%\gOEYMkgs\oMAI.exe
- %HOMEPATH%\gOEYMkgs\gQsk.exe
- %HOMEPATH%\gOEYMkgs\GAka.exe
- %HOMEPATH%\gOEYMkgs\rwEa.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\AsMM.exe
- %HOMEPATH%\gOEYMkgs\kYQY.exe
- %HOMEPATH%\gOEYMkgs\ccQW.exe
- %HOMEPATH%\gOEYMkgs\QMgK.exe
- %HOMEPATH%\gOEYMkgs\fwEM.exe
- %HOMEPATH%\gOEYMkgs\fkYq.exe
- %HOMEPATH%\gOEYMkgs\jIUK.exe
- %HOMEPATH%\gOEYMkgs\HQge.exe
- %HOMEPATH%\gOEYMkgs\tUwq.exe
- %HOMEPATH%\gOEYMkgs\DwoY.exe
- %HOMEPATH%\gOEYMkgs\OsYG.exe
- %HOMEPATH%\gOEYMkgs\SsMK.exe
- %HOMEPATH%\gOEYMkgs\hoUW.exe
- %HOMEPATH%\gOEYMkgs\RUEc.exe
- %TEMP%\WER33a2.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\zskw.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\WQgu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\xkcm.exe
- %HOMEPATH%\gOEYMkgs\tEYG.exe
- %HOMEPATH%\gOEYMkgs\Kcsa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\PEAA.exe
- %HOMEPATH%\gOEYMkgs\ecoY.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\Oowa.exe
- %HOMEPATH%\gOEYMkgs\EQou.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %TEMP%\WER33a2.dir00\appcompat.txt
- %TEMP%\WER33a2.dir00\manifest.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\CYAo.exe
- %HOMEPATH%\gOEYMkgs\dokg.exe
- %HOMEPATH%\gOEYMkgs\uUYK.exe
- %HOMEPATH%\gOEYMkgs\oAsw.exe
- %HOMEPATH%\gOEYMkgs\McwW.exe
- %HOMEPATH%\gOEYMkgs\dsYc.exe
- %HOMEPATH%\gOEYMkgs\LEkA.exe
- %HOMEPATH%\gOEYMkgs\XUgQ.exe
- %HOMEPATH%\gOEYMkgs\PQUi.exe
- %HOMEPATH%\gOEYMkgs\TsYM.exe
- %HOMEPATH%\gOEYMkgs\ZAYE.exe
- %HOMEPATH%\gOEYMkgs\hQcw.exe
- %HOMEPATH%\gOEYMkgs\DAwA.exe
- %HOMEPATH%\gOEYMkgs\QAgS.exe
- %HOMEPATH%\gOEYMkgs\mYQY.exe
- %HOMEPATH%\gOEYMkgs\ugoI.exe
- %HOMEPATH%\gOEYMkgs\kUoQ.exe
- %HOMEPATH%\gOEYMkgs\yocK.exe
- %HOMEPATH%\gOEYMkgs\AMYw.exe
- %HOMEPATH%\gOEYMkgs\JoEW.exe
- %HOMEPATH%\gOEYMkgs\eAUQ.exe
- %HOMEPATH%\gOEYMkgs\QIwg.exe
- %HOMEPATH%\gOEYMkgs\acIO.exe
- %HOMEPATH%\gOEYMkgs\SQIs.exe
- %HOMEPATH%\gOEYMkgs\QEIi.exe
- %HOMEPATH%\gOEYMkgs\XAkw.exe
- %HOMEPATH%\gOEYMkgs\FYIs.exe
- %HOMEPATH%\gOEYMkgs\VcUW.exe
- %HOMEPATH%\gOEYMkgs\UIIk.exe
- %HOMEPATH%\gOEYMkgs\jswm.exe
- %HOMEPATH%\gOEYMkgs\XMIw.exe
- %HOMEPATH%\gOEYMkgs\DAgE.exe
- %HOMEPATH%\gOEYMkgs\IYsy.exe
- %HOMEPATH%\gOEYMkgs\bUws.exe
- %HOMEPATH%\gOEYMkgs\FEQY.exe
- %HOMEPATH%\gOEYMkgs\iwQy.exe
- %HOMEPATH%\gOEYMkgs\lYYi.exe
- %HOMEPATH%\gOEYMkgs\Rssy.exe
- %HOMEPATH%\gOEYMkgs\qAQs.exe
- %HOMEPATH%\gOEYMkgs\WQko.exe
- %HOMEPATH%\gOEYMkgs\voos.exe
- %HOMEPATH%\gOEYMkgs\iMkC.exe
- %HOMEPATH%\gOEYMkgs\cAUU.exe
- %HOMEPATH%\gOEYMkgs\AAMW.exe
- %HOMEPATH%\gOEYMkgs\lMsa.exe
- %HOMEPATH%\gOEYMkgs\sUQe.exe
- %HOMEPATH%\gOEYMkgs\ykcO.exe
- %HOMEPATH%\gOEYMkgs\Bsku.exe
- %HOMEPATH%\gOEYMkgs\AsEK.exe
- %HOMEPATH%\gOEYMkgs\RIUY.exe
- %HOMEPATH%\gOEYMkgs\vcMo.exe
- %HOMEPATH%\gOEYMkgs\OUIk.exe
- %HOMEPATH%\gOEYMkgs\mwsq.exe
- %HOMEPATH%\gOEYMkgs\rMwW.exe
- %HOMEPATH%\gOEYMkgs\eAMc.exe
- %HOMEPATH%\gOEYMkgs\SIUe.exe
- %HOMEPATH%\gOEYMkgs\soMk.exe
- %HOMEPATH%\gOEYMkgs\VAUc.exe
- %HOMEPATH%\gOEYMkgs\TwAa.exe
- %HOMEPATH%\gOEYMkgs\owMA.exe
- %HOMEPATH%\gOEYMkgs\swAm.exe
- %HOMEPATH%\gOEYMkgs\tQMG.exe
- %HOMEPATH%\gOEYMkgs\hUEe.exe
- %HOMEPATH%\gOEYMkgs\aIwU.exe
- %HOMEPATH%\gOEYMkgs\PkAc.exe
- %HOMEPATH%\gOEYMkgs\LYgY.exe
- %HOMEPATH%\gOEYMkgs\vgku.exe
- %HOMEPATH%\gOEYMkgs\sAYI.exe
- %HOMEPATH%\gOEYMkgs\rEwe.exe
- %HOMEPATH%\gOEYMkgs\jMsQ.exe
- %HOMEPATH%\gOEYMkgs\zskw.exe
- %HOMEPATH%\gOEYMkgs\Kcsa.exe
- %HOMEPATH%\gOEYMkgs\PEAA.exe
- %HOMEPATH%\gOEYMkgs\WQgu.exe
- %HOMEPATH%\gOEYMkgs\lsEK.exe
- %HOMEPATH%\gOEYMkgs\sAsy.exe
- %HOMEPATH%\gOEYMkgs\tEYG.exe
- %HOMEPATH%\gOEYMkgs\xkcm.exe
- %HOMEPATH%\gOEYMkgs\CYAo.exe
- %HOMEPATH%\gOEYMkgs\AsMM.exe
- %HOMEPATH%\gOEYMkgs\rwEa.exe
- %HOMEPATH%\gOEYMkgs\CosE.exe
- %HOMEPATH%\gOEYMkgs\GAka.exe
- %HOMEPATH%\gOEYMkgs\ecoY.exe
- %HOMEPATH%\gOEYMkgs\EQou.exe
- %HOMEPATH%\gOEYMkgs\RUEc.exe
- %HOMEPATH%\gOEYMkgs\Oowa.exe
- %HOMEPATH%\gOEYMkgs\QkcU.exe
- %HOMEPATH%\gOEYMkgs\SIEM.exe
- %HOMEPATH%\gOEYMkgs\LcAi.exe
- %HOMEPATH%\gOEYMkgs\akcS.exe
- %HOMEPATH%\gOEYMkgs\WoIA.exe
- %HOMEPATH%\gOEYMkgs\hIQo.exe
- %HOMEPATH%\gOEYMkgs\DAMc.exe
- %HOMEPATH%\gOEYMkgs\BQsy.exe
- %HOMEPATH%\gOEYMkgs\kwQU.exe
- %HOMEPATH%\gOEYMkgs\vEYs.exe
- %TEMP%\ZCMQcMcE.bat
- %HOMEPATH%\gOEYMkgs\eocW.exe
- %HOMEPATH%\gOEYMkgs\PsUS.exe
- %HOMEPATH%\gOEYMkgs\LwwE.exe
- %HOMEPATH%\gOEYMkgs\QYEi.exe
- %HOMEPATH%\gOEYMkgs\NQoE.exe
- %HOMEPATH%\gOEYMkgs\BAou.exe
- %HOMEPATH%\gOEYMkgs\yYUU.exe
- %HOMEPATH%\gOEYMkgs\KoQA.exe
- %HOMEPATH%\gOEYMkgs\YMoo.exe
- %HOMEPATH%\gOEYMkgs\iQkA.exe
- %HOMEPATH%\gOEYMkgs\dsYg.exe
- %HOMEPATH%\gOEYMkgs\gMso.exe
- %HOMEPATH%\gOEYMkgs\hcsk.exe
- %HOMEPATH%\gOEYMkgs\HgAS.exe
- %HOMEPATH%\gOEYMkgs\KQsM.exe
- %HOMEPATH%\gOEYMkgs\hQgG.exe
- %HOMEPATH%\gOEYMkgs\OEAA.exe
- %HOMEPATH%\gOEYMkgs\DAkQ.exe
- %HOMEPATH%\gOEYMkgs\HggW.exe
- %HOMEPATH%\gOEYMkgs\KYAa.exe
- %HOMEPATH%\gOEYMkgs\cIQy.exe
- %HOMEPATH%\gOEYMkgs\pUgU.exe
- %HOMEPATH%\gOEYMkgs\GIcM.exe
- %HOMEPATH%\gOEYMkgs\DwoY.exe
- %HOMEPATH%\gOEYMkgs\kYQY.exe
- %HOMEPATH%\gOEYMkgs\OsYG.exe
- %HOMEPATH%\gOEYMkgs\tUwq.exe
- %HOMEPATH%\gOEYMkgs\gYUQ.exe
- %HOMEPATH%\gOEYMkgs\hgsm.exe
- %HOMEPATH%\gOEYMkgs\oMAI.exe
- %HOMEPATH%\gOEYMkgs\gQsk.exe
- %HOMEPATH%\gOEYMkgs\hoUW.exe
- %HOMEPATH%\gOEYMkgs\jIUK.exe
- %HOMEPATH%\gOEYMkgs\fwEM.exe
- %HOMEPATH%\gOEYMkgs\WYMs.exe
- %HOMEPATH%\gOEYMkgs\fkYq.exe
- %HOMEPATH%\gOEYMkgs\HQge.exe
- %HOMEPATH%\gOEYMkgs\SsMK.exe
- %HOMEPATH%\gOEYMkgs\ccQW.exe
- %HOMEPATH%\gOEYMkgs\QMgK.exe
- %HOMEPATH%\gOEYMkgs\hcsk.exe
- %HOMEPATH%\gOEYMkgs\OsYG.exe
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK google.com
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'