Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lacMcYws.exe' = '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SSIkQYgQ.exe' = '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
- <STUBS_DIR>\test.exe
- C:\Far2\Far.exe
- скрытых файлов
- расширений файлов
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Текущая директория>\<Имя файла>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\gOEYMkgs\Fsku.exe
- %HOMEPATH%\gOEYMkgs\oEAY.exe
- <STUBS_DIR>\GUARD\GUARD.EXE.exe
- %HOMEPATH%\gOEYMkgs\zgca.exe
- %HOMEPATH%\gOEYMkgs\xUkE.exe
- %HOMEPATH%\gOEYMkgs\ZUoe.exe
- %HOMEPATH%\gOEYMkgs\DQAO.exe
- %HOMEPATH%\gOEYMkgs\oAgq.exe
- %HOMEPATH%\gOEYMkgs\dAIS.exe
- %HOMEPATH%\gOEYMkgs\REcg.exe
- %HOMEPATH%\gOEYMkgs\VYUw.exe
- %HOMEPATH%\gOEYMkgs\DIgu.exe
- %HOMEPATH%\gOEYMkgs\lMQS.exe
- %HOMEPATH%\gOEYMkgs\HYEE.exe
- %HOMEPATH%\gOEYMkgs\bMcU.exe
- %HOMEPATH%\gOEYMkgs\ZYcc.exe
- <STUBS_DIR>\MCAGENT\MCAGENT.EXE.exe
- %HOMEPATH%\gOEYMkgs\CUMO.exe
- %HOMEPATH%\gOEYMkgs\uAAe.exe
- %HOMEPATH%\gOEYMkgs\zkIG.exe
- %HOMEPATH%\gOEYMkgs\NIYI.exe
- %HOMEPATH%\gOEYMkgs\dMkO.exe
- %HOMEPATH%\gOEYMkgs\PUII.exe
- %HOMEPATH%\gOEYMkgs\cQMY.exe
- %HOMEPATH%\gOEYMkgs\KYEQ.exe
- %HOMEPATH%\gOEYMkgs\kUwc.exe
- %HOMEPATH%\gOEYMkgs\PQgy.exe
- %HOMEPATH%\gOEYMkgs\uAom.exe
- %HOMEPATH%\gOEYMkgs\CUUe.exe
- %HOMEPATH%\gOEYMkgs\KEEq.exe
- %HOMEPATH%\gOEYMkgs\usMA.exe
- %HOMEPATH%\gOEYMkgs\kkQi.exe
- %HOMEPATH%\gOEYMkgs\XsMu.exe
- %HOMEPATH%\gOEYMkgs\qAMk.exe
- %HOMEPATH%\gOEYMkgs\asou.exe
- %HOMEPATH%\gOEYMkgs\kIwK.exe
- %HOMEPATH%\gOEYMkgs\dIQq.exe
- %HOMEPATH%\gOEYMkgs\Tcwo.exe
- %HOMEPATH%\gOEYMkgs\yEki.exe
- %HOMEPATH%\gOEYMkgs\oQwg.exe
- %HOMEPATH%\gOEYMkgs\mIwE.exe
- %HOMEPATH%\gOEYMkgs\zgcS.exe
- %HOMEPATH%\gOEYMkgs\awAa.exe
- %HOMEPATH%\gOEYMkgs\sUUc.exe
- %HOMEPATH%\gOEYMkgs\qMYm.exe
- %HOMEPATH%\gOEYMkgs\yYUK.exe
- %HOMEPATH%\gOEYMkgs\ussC.exe
- %HOMEPATH%\gOEYMkgs\MMgC.exe
- %HOMEPATH%\gOEYMkgs\lkAU.exe
- %HOMEPATH%\gOEYMkgs\xsck.exe
- %HOMEPATH%\gOEYMkgs\eQEK.exe
- %HOMEPATH%\gOEYMkgs\sYYe.exe
- %HOMEPATH%\gOEYMkgs\FMgA.exe
- %HOMEPATH%\gOEYMkgs\XwoA.exe
- %HOMEPATH%\gOEYMkgs\VgAU.exe
- %HOMEPATH%\gOEYMkgs\qQQK.exe
- %HOMEPATH%\gOEYMkgs\ZMsm.exe
- %HOMEPATH%\gOEYMkgs\uIcW.exe
- %HOMEPATH%\gOEYMkgs\qEAK.exe
- %HOMEPATH%\gOEYMkgs\FckE.exe
- %HOMEPATH%\gOEYMkgs\Yooq.exe
- %HOMEPATH%\gOEYMkgs\AQAo.exe
- %HOMEPATH%\gOEYMkgs\ikYU.exe
- %HOMEPATH%\gOEYMkgs\xQEA.exe
- %HOMEPATH%\gOEYMkgs\ggos.exe
- %HOMEPATH%\gOEYMkgs\fQou.exe
- <STUBS_DIR>\ZONEALARM\ZONEALARM.EXE.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %TEMP%\~DF1185.tmp
- %TEMP%\twskcEoo.bat
- %HOMEPATH%\gOEYMkgs\tokW.exe
- %HOMEPATH%\gOEYMkgs\jEkm.exe
- %HOMEPATH%\gOEYMkgs\kIkG.exe
- %HOMEPATH%\gOEYMkgs\UcEC.exe
- %HOMEPATH%\gOEYMkgs\CsYW.exe
- %HOMEPATH%\gOEYMkgs\ZEYc.exe
- %HOMEPATH%\gOEYMkgs\OQsi.exe
- %HOMEPATH%\gOEYMkgs\ugAm.exe
- %HOMEPATH%\gOEYMkgs\hMUI.exe
- <STUBS_DIR>\NAVAPW32\NAVAPW32.EXE.exe
- %HOMEPATH%\gOEYMkgs\TwkI.exe
- %HOMEPATH%\gOEYMkgs\MEEg.exe
- %HOMEPATH%\gOEYMkgs\yggi.exe
- %HOMEPATH%\gOEYMkgs\CQAE.exe
- %HOMEPATH%\gOEYMkgs\cooQ.exe
- %HOMEPATH%\gOEYMkgs\QIEy.exe
- %HOMEPATH%\gOEYMkgs\Jkgg.exe
- %HOMEPATH%\gOEYMkgs\nkUQ.exe
- %HOMEPATH%\gOEYMkgs\EQoY.exe
- %HOMEPATH%\gOEYMkgs\cYou.exe
- %HOMEPATH%\gOEYMkgs\agEq.exe
- %HOMEPATH%\gOEYMkgs\EsIK.exe
- %HOMEPATH%\gOEYMkgs\eIMc.exe
- %HOMEPATH%\gOEYMkgs\gUEe.exe
- %HOMEPATH%\gOEYMkgs\zoQK.exe
- %HOMEPATH%\gOEYMkgs\XUoy.exe
- %HOMEPATH%\gOEYMkgs\ysUc.exe
- %HOMEPATH%\gOEYMkgs\KAwC.exe
- %HOMEPATH%\gOEYMkgs\WooM.exe
- %HOMEPATH%\gOEYMkgs\LgkG.exe
- %HOMEPATH%\gOEYMkgs\igcI.exe
- %HOMEPATH%\gOEYMkgs\ZUwa.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\EAow.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %HOMEPATH%\gOEYMkgs\noQU.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %HOMEPATH%\gOEYMkgs\IoEo.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- %HOMEPATH%\gOEYMkgs\TUAk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\Cgko.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\Nokm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %HOMEPATH%\gOEYMkgs\ksMk.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %HOMEPATH%\gOEYMkgs\gYkI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\WcwE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\GwcQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\qQAs.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\NokI.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %HOMEPATH%\gOEYMkgs\kogg.exe
- %HOMEPATH%\gOEYMkgs\fcEa.exe
- <Текущая директория>\<Имя файла>
- %TEMP%\NygEAQYg.bat
- %HOMEPATH%\gOEYMkgs\jIQY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %HOMEPATH%\gOEYMkgs\YgMu.exe
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\NIEY.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %HOMEPATH%\gOEYMkgs\agQq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %HOMEPATH%\gOEYMkgs\SIoi.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %HOMEPATH%\gOEYMkgs\LgYE.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %HOMEPATH%\gOEYMkgs\KsMu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\xkos.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %HOMEPATH%\gOEYMkgs\LAAq.exe
- <STUBS_DIR>\AVP\AVP.EXE.exe
- %HOMEPATH%\gOEYMkgs\WIcE.exe
- <STUBS_DIR>\AVPCC\AVPCC.EXE.exe
- %HOMEPATH%\gOEYMkgs\JoMK.exe
- <STUBS_DIR>\AVP32\AVP32.EXE.exe
- %HOMEPATH%\gOEYMkgs\BMUK.exe
- %HOMEPATH%\gOEYMkgs\iMUI.exe
- %HOMEPATH%\gOEYMkgs\vAII.exe
- <STUBS_DIR>\AVGCTRL\AVGCTRL.EXE.exe
- %HOMEPATH%\gOEYMkgs\nwsm.exe
- <STUBS_DIR>\AVGCC32\AVGCC32.EXE.exe
- %HOMEPATH%\gOEYMkgs\FAwQ.exe
- %HOMEPATH%\gOEYMkgs\PAkY.exe
- %HOMEPATH%\gOEYMkgs\RMUm.exe
- %HOMEPATH%\gOEYMkgs\usUA.exe
- %HOMEPATH%\gOEYMkgs\Uoce.exe
- %HOMEPATH%\gOEYMkgs\QoYG.exe
- %HOMEPATH%\gOEYMkgs\AIwA.exe
- <STUBS_DIR>\AVSYNMGR\AVSYNMGR.EXE.exe
- %HOMEPATH%\gOEYMkgs\JUcW.exe
- <STUBS_DIR>\AVPM\AVPM.EXE.exe
- %HOMEPATH%\gOEYMkgs\gMQG.exe
- %HOMEPATH%\gOEYMkgs\zQoE.exe
- %HOMEPATH%\gOEYMkgs\PMYi.exe
- %HOMEPATH%\gOEYMkgs\bwkO.exe
- %HOMEPATH%\gOEYMkgs\BQQW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %HOMEPATH%\gOEYMkgs\JIEA.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\QMcE.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %HOMEPATH%\gOEYMkgs\oswK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %HOMEPATH%\gOEYMkgs\mIYu.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\kcEe.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %HOMEPATH%\gOEYMkgs\dAwA.exe
- %HOMEPATH%\gOEYMkgs\IAsQ.exe
- %HOMEPATH%\gOEYMkgs\fQQq.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\sQYy.exe
- %HOMEPATH%\gOEYMkgs\fAQA.exe
- %HOMEPATH%\gOEYMkgs\DUgS.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\QYsW.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\Tkge.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %HOMEPATH%\gOEYMkgs\uMUG.exe
- %HOMEPATH%\gOEYMkgs\bMcU.exe
- %HOMEPATH%\gOEYMkgs\ZYcc.exe
- %HOMEPATH%\gOEYMkgs\uAAe.exe
- %HOMEPATH%\gOEYMkgs\HYEE.exe
- %HOMEPATH%\gOEYMkgs\PUII.exe
- %HOMEPATH%\gOEYMkgs\zkIG.exe
- %HOMEPATH%\gOEYMkgs\NIYI.exe
- %HOMEPATH%\gOEYMkgs\cQMY.exe
- %HOMEPATH%\gOEYMkgs\KYEQ.exe
- %HOMEPATH%\gOEYMkgs\CUMO.exe
- %HOMEPATH%\gOEYMkgs\hMUI.exe
- %HOMEPATH%\gOEYMkgs\Jkgg.exe
- %HOMEPATH%\gOEYMkgs\yggi.exe
- %HOMEPATH%\gOEYMkgs\ugAm.exe
- %HOMEPATH%\gOEYMkgs\nkUQ.exe
- %HOMEPATH%\gOEYMkgs\cooQ.exe
- %HOMEPATH%\gOEYMkgs\QIEy.exe
- %HOMEPATH%\gOEYMkgs\EQoY.exe
- %HOMEPATH%\gOEYMkgs\CQAE.exe
- %HOMEPATH%\gOEYMkgs\dAIS.exe
- %HOMEPATH%\gOEYMkgs\kUwc.exe
- %HOMEPATH%\gOEYMkgs\DQAO.exe
- %HOMEPATH%\gOEYMkgs\oAgq.exe
- %HOMEPATH%\gOEYMkgs\awAa.exe
- %HOMEPATH%\gOEYMkgs\oQwg.exe
- %HOMEPATH%\gOEYMkgs\mIwE.exe
- %HOMEPATH%\gOEYMkgs\sUUc.exe
- %HOMEPATH%\gOEYMkgs\qMYm.exe
- %HOMEPATH%\gOEYMkgs\DIgu.exe
- %HOMEPATH%\gOEYMkgs\zgca.exe
- %HOMEPATH%\gOEYMkgs\xUkE.exe
- %HOMEPATH%\gOEYMkgs\dMkO.exe
- %HOMEPATH%\gOEYMkgs\lMQS.exe
- %HOMEPATH%\gOEYMkgs\ZUoe.exe
- %HOMEPATH%\gOEYMkgs\REcg.exe
- %HOMEPATH%\gOEYMkgs\VYUw.exe
- %HOMEPATH%\gOEYMkgs\Fsku.exe
- %HOMEPATH%\gOEYMkgs\oEAY.exe
- %HOMEPATH%\gOEYMkgs\ZMsm.exe
- %HOMEPATH%\gOEYMkgs\sYYe.exe
- %HOMEPATH%\gOEYMkgs\VgAU.exe
- %HOMEPATH%\gOEYMkgs\qQQK.exe
- %HOMEPATH%\gOEYMkgs\FMgA.exe
- %HOMEPATH%\gOEYMkgs\AQAo.exe
- %HOMEPATH%\gOEYMkgs\ikYU.exe
- %HOMEPATH%\gOEYMkgs\XwoA.exe
- %HOMEPATH%\gOEYMkgs\Yooq.exe
- %HOMEPATH%\gOEYMkgs\xQEA.exe
- %HOMEPATH%\gOEYMkgs\fQou.exe
- %HOMEPATH%\gOEYMkgs\UcEC.exe
- %TEMP%\twskcEoo.bat
- %HOMEPATH%\gOEYMkgs\ggos.exe
- %HOMEPATH%\gOEYMkgs\CsYW.exe
- %HOMEPATH%\gOEYMkgs\jEkm.exe
- %HOMEPATH%\gOEYMkgs\kIkG.exe
- %HOMEPATH%\gOEYMkgs\ZEYc.exe
- %HOMEPATH%\gOEYMkgs\tokW.exe
- %HOMEPATH%\gOEYMkgs\ZUwa.exe
- %HOMEPATH%\gOEYMkgs\ysUc.exe
- %HOMEPATH%\gOEYMkgs\LgkG.exe
- %HOMEPATH%\gOEYMkgs\igcI.exe
- %HOMEPATH%\gOEYMkgs\KAwC.exe
- %HOMEPATH%\gOEYMkgs\TwkI.exe
- %HOMEPATH%\gOEYMkgs\MEEg.exe
- %HOMEPATH%\gOEYMkgs\WooM.exe
- %HOMEPATH%\gOEYMkgs\cYou.exe
- %HOMEPATH%\gOEYMkgs\eIMc.exe
- %HOMEPATH%\gOEYMkgs\FckE.exe
- %HOMEPATH%\gOEYMkgs\OQsi.exe
- %HOMEPATH%\gOEYMkgs\uIcW.exe
- %HOMEPATH%\gOEYMkgs\qEAK.exe
- %HOMEPATH%\gOEYMkgs\gUEe.exe
- %HOMEPATH%\gOEYMkgs\agEq.exe
- %HOMEPATH%\gOEYMkgs\EsIK.exe
- %HOMEPATH%\gOEYMkgs\zoQK.exe
- %HOMEPATH%\gOEYMkgs\XUoy.exe
- %HOMEPATH%\gOEYMkgs\zgcS.exe
- %HOMEPATH%\gOEYMkgs\kcEe.exe
- %HOMEPATH%\gOEYMkgs\oswK.exe
- %HOMEPATH%\gOEYMkgs\BQQW.exe
- %HOMEPATH%\gOEYMkgs\JIEA.exe
- %HOMEPATH%\gOEYMkgs\mIYu.exe
- %HOMEPATH%\gOEYMkgs\gYkI.exe
- %HOMEPATH%\gOEYMkgs\NokI.exe
- %HOMEPATH%\gOEYMkgs\WcwE.exe
- %HOMEPATH%\gOEYMkgs\ksMk.exe
- %HOMEPATH%\gOEYMkgs\QMcE.exe
- %HOMEPATH%\gOEYMkgs\DUgS.exe
- %HOMEPATH%\gOEYMkgs\IAsQ.exe
- %HOMEPATH%\gOEYMkgs\sQYy.exe
- %HOMEPATH%\gOEYMkgs\fAQA.exe
- %HOMEPATH%\gOEYMkgs\fQQq.exe
- %HOMEPATH%\gOEYMkgs\QYsW.exe
- %HOMEPATH%\gOEYMkgs\dAwA.exe
- %HOMEPATH%\gOEYMkgs\Tkge.exe
- %HOMEPATH%\gOEYMkgs\uMUG.exe
- %HOMEPATH%\gOEYMkgs\xkos.exe
- %HOMEPATH%\gOEYMkgs\LgYE.exe
- %HOMEPATH%\gOEYMkgs\NIEY.exe
- %HOMEPATH%\gOEYMkgs\agQq.exe
- %HOMEPATH%\gOEYMkgs\KsMu.exe
- %HOMEPATH%\gOEYMkgs\fcEa.exe
- %TEMP%\NygEAQYg.bat
- %HOMEPATH%\gOEYMkgs\jIQY.exe
- %HOMEPATH%\gOEYMkgs\YgMu.exe
- %HOMEPATH%\gOEYMkgs\SIoi.exe
- %HOMEPATH%\gOEYMkgs\noQU.exe
- %HOMEPATH%\gOEYMkgs\IoEo.exe
- %HOMEPATH%\gOEYMkgs\GwcQ.exe
- %HOMEPATH%\gOEYMkgs\qQAs.exe
- %HOMEPATH%\gOEYMkgs\EAow.exe
- %HOMEPATH%\gOEYMkgs\TUAk.exe
- %HOMEPATH%\gOEYMkgs\kogg.exe
- %HOMEPATH%\gOEYMkgs\Cgko.exe
- %HOMEPATH%\gOEYMkgs\Nokm.exe
- %HOMEPATH%\gOEYMkgs\CUUe.exe
- %HOMEPATH%\gOEYMkgs\kIwK.exe
- %HOMEPATH%\gOEYMkgs\PQgy.exe
- %HOMEPATH%\gOEYMkgs\uAom.exe
- %HOMEPATH%\gOEYMkgs\dIQq.exe
- %HOMEPATH%\gOEYMkgs\qAMk.exe
- %HOMEPATH%\gOEYMkgs\asou.exe
- %HOMEPATH%\gOEYMkgs\Tcwo.exe
- %HOMEPATH%\gOEYMkgs\XsMu.exe
- %HOMEPATH%\gOEYMkgs\kkQi.exe
- %HOMEPATH%\gOEYMkgs\eQEK.exe
- %HOMEPATH%\gOEYMkgs\yYUK.exe
- %HOMEPATH%\gOEYMkgs\lkAU.exe
- %HOMEPATH%\gOEYMkgs\xsck.exe
- %HOMEPATH%\gOEYMkgs\ussC.exe
- %HOMEPATH%\gOEYMkgs\KEEq.exe
- %HOMEPATH%\gOEYMkgs\usMA.exe
- %HOMEPATH%\gOEYMkgs\MMgC.exe
- %HOMEPATH%\gOEYMkgs\yEki.exe
- %HOMEPATH%\gOEYMkgs\LAAq.exe
- %HOMEPATH%\gOEYMkgs\WIcE.exe
- %HOMEPATH%\gOEYMkgs\FAwQ.exe
- %HOMEPATH%\gOEYMkgs\JoMK.exe
- %HOMEPATH%\gOEYMkgs\nwsm.exe
- %HOMEPATH%\gOEYMkgs\vAII.exe
- %HOMEPATH%\gOEYMkgs\bwkO.exe
- %HOMEPATH%\gOEYMkgs\BMUK.exe
- %HOMEPATH%\gOEYMkgs\iMUI.exe
- %HOMEPATH%\gOEYMkgs\JUcW.exe
- %HOMEPATH%\gOEYMkgs\AIwA.exe
- %HOMEPATH%\gOEYMkgs\PAkY.exe
- %HOMEPATH%\gOEYMkgs\Uoce.exe
- %HOMEPATH%\gOEYMkgs\QoYG.exe
- %HOMEPATH%\gOEYMkgs\RMUm.exe
- %HOMEPATH%\gOEYMkgs\zQoE.exe
- %HOMEPATH%\gOEYMkgs\PMYi.exe
- %HOMEPATH%\gOEYMkgs\usUA.exe
- %HOMEPATH%\gOEYMkgs\gMQG.exe
- '74.##5.232.51':443
- 'ap#.###coincharts.com':443
- '74.##5.232.51':80
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
- DNS ASK ma##.google.com
- DNS ASK ap#.###coincharts.com
- DNS ASK google.com
- ClassName: '' WindowName: 'Run'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'Open'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: '' WindowName: 'lacMcYws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'xSMgIcIg'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'