TROJ_INAR.ERV
Trojan:Win32/Comitsproc (Microsoft); Trojan.Gen (Symantec); Trojan.Win32.Inar.cb (Kaspersky); ERROR (Sunbelt); Trojan.Generic.7091530 (FSecure)
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
621,575 bytes
EXE
Yes
22 Mar 2012
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan drops the following copies of itself into the affected system:
- %Temp%\one.ocx
(Note: %Temp% is the Windows Temporary folder, which is usually C:\Windows\Temp or C:\WINNT\Temp.)
It creates the following folders:
- %System Root%\iran
- d:\iran
- e:\iran
- f:\iran
- g:\iran
- h:\iran
- i:\iran
- j:\iran
- k:\iran
- l:\iran
- m:\iran
- n:\iran
- o:\iran
- p:\iran
- q:\iran
- r:\iran
- s:\iran
- t:\iran
- u:\iran
- v:\iran
- w:\iran
- x:\iran
- y:\iran
- z:\iran
- %User Startup%
- %Favorites%\Internet Explorer
(Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.. %User Startup% is the current user's Startup folder, which is usually C:\Windows\Profiles\{user name}\Start Menu\Programs\Startup on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu\Programs\Startup on Windows NT, and C:\Documents and Settings\{User name}\Start Menu\Programs\Startup.. %Favorites% is the current user's Favorites folder, which is usually C:\Windows\Favorites on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Favorites on Windows NT, and C:\Documents and Settings\{user name}\Favorites on Windows 2000, XP, and Server 2003.)
Autostart Technique
This Trojan adds the following registry entries to enable its automatic execution at every system startup:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%Favorites%\ Internet Explorer\Web.scr = "%Favorites%\ Internet Explorer\Web.pif"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)__CHAR(0x01)__CHAR(0x03)__CHAR(0x02)_5_CHAR(0x04)_5 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x06)__CHAR(0x05)__CHAR(0x05)_7_CHAR(0x01)_7 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)__CHAR(0x01)__CHAR(0x02)__CHAR(0x01)_9_CHAR(0x05)_9 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)__CHAR(0x02)__CHAR(0x06)__CHAR(0x03)_12_CHAR(0x04)_12 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0B)__CHAR(0x04)__CHAR(0x06)__CHAR(0x03)_1313 = "_CHAR(0x07)__CHAR(0x05)_13_CHAR(0x07)_13"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)__CHAR(0x0C)_1515 = "_CHAR(0x04)__CHAR(0x0B)__CHAR(0x07)_1515"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0B)__CHAR(0x01)__CHAR(0x0B)_17 = "_CHAR(0x05)__CHAR(0x0F)__CHAR(0x05)_17_CHAR(0x07)_17"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x10)__CHAR(0x06)__CHAR(0x06)__CHAR(0x08)_18_CHAR(0x01)_18 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)__CHAR(0x10)__CHAR(0x07)__CHAR(0x03)_19_CHAR(0x0F)_19 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)__CHAR(0x08)__CHAR(0x04)__CHAR(0x03)_2020 = "_CHAR(0x13)__CHAR(0x0C)_20_CHAR(0x01)_20"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)__CHAR(0x08)_23_CHAR(0x14)_23 = "_CHAR(0x05)__CHAR(0x10)__CHAR(0x0C)_23_CHAR(0x14)_23"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)__CHAR(0x08)__CHAR(0x0E)__CHAR(0x12)_2424 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x08)__CHAR(0x02)__CHAR(0x13)_2828 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0F)__CHAR(0x16)__CHAR(0x11)__CHAR(0x06)_30_CHAR(0x19)_30 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)__CHAR(0x18)__CHAR(0x10)__CHAR(0x0C)_31_CHAR(0x01)_31 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)__CHAR(0x1E)__CHAR(0x03)__CHAR(0x06)_32_CHAR(0x18)_32 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1E)__CHAR(0x10)__CHAR(0x15)_ 33_CHAR(0x19)_33 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)__CHAR(0x18)_35_CHAR(0x0E)_35 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)_# = "_CHAR(0x0C)__CHAR(0x12)__CHAR(0x17)__CHAR(0x1D)_36_CHAR(0x16)_36"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
#_CHAR(0x12)__CHAR(0x11)_$37_CHAR(0x08)_37 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x17)__CHAR(0x1E)__CHAR(0x11)__CHAR(0x06)_38_CHAR(0x18)_38 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x12)__CHAR(0x06)_ #41_CHAR(0x03)_41 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)__CHAR(0x1D)_ 42_CHAR(0x01)_42 = "_CHAR(0x19)__CHAR(0x0C)__CHAR(0x02)__CHAR(0x13)_4242"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)__CHAR(0x1C)_$_CHAR(0x0E)_4343 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
#_CHAR(0x0B)__CHAR(0x01)__CHAR(0x0F)_44&44 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1D)__CHAR(0x13)__CHAR(0x1C)_45$45 = "_CHAR(0x14)__CHAR(0x18)__CHAR(0x1B)_4545"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x12)_!_CHAR(0x1E)__CHAR(0x08)_46,46 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
)_CHAR(0x1F)__CHAR(0x13)__CHAR(0x1B)_47_CHAR(0x06)_47 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
'_CHAR(0x17)__CHAR(0x06)__CHAR(0x16)_48_CHAR(0x06)_48 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)_$_CHAR(0x10)_49_CHAR(0x0C)_49 = "_CHAR(0x01)_,!_CHAR(0x03)_49 49"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
&_CHAR(0x13)_.51_CHAR(0x1A)_51 = ",%_CHAR(0x0F)__CHAR(0x1E)_51_CHAR(0x05)_51"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)__CHAR(0x12)__CHAR(0x15)__CHAR(0x1D)_52/52 = "#&3_CHAR(0x12)_52_CHAR(0x04)_52"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)__CHAR(0x0E)_0_CHAR(0x0C)_53_CHAR(0x14)_53 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x16)_4_CHAR(0x1B)_54_CHAR(0x1F)_54 = "_CHAR(0x14)__CHAR(0x14)_*154$54"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)__CHAR(0x1C)_3_CHAR(0x0C)_55_CHAR(0x01)_55 = "5_CHAR(0x1B)_5_CHAR(0x0B)_55-55"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)__CHAR(0x18)__CHAR(0x03)_756_CHAR(0x15)_56 = "'0-_CHAR(0x16)_56$56"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0F)_1_CHAR(0x14)_57_CHAR(0x17)_57 = "_CHAR(0x04)_7"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)_$_CHAR(0x0F)_.58_CHAR(0x06)_58 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
7_CHAR(0x13)_8_CHAR(0x10)_59.59 = "2_CHAR(0x18)__CHAR(0x1D)__CHAR(0x10)_59*59"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x14)__CHAR(0x19)__CHAR(0x19)_:60_CHAR(0x15)_60 = "#*_CHAR(0x1C)_60_CHAR(0x13)_60"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)__CHAR(0x1D)__CHAR(0x15)__CHAR(0x1C)_61_CHAR(0x03)_61 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
2$_CHAR(0x19)__CHAR(0x12)_62462 = "#_CHAR(0x11)_'662_CHAR(0x0F)_62"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
'_CHAR(0x02)__CHAR(0x1D)_363663 = "=*,63_CHAR(0x10)_63"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
9_CHAR(0x0F)__CHAR(0x1E)__CHAR(0x16)_64364 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!_CHAR(0x10)_#'65_CHAR(0x15)_65 = "%1-6565"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1D)_/$#6666 = "0;$'66766"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1C)__CHAR(0x01)_?_CHAR(0x02)_67167 = "_CHAR(0x11)_+67467"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)__CHAR(0x06)__CHAR(0x18)_;6868 = "@'C568_CHAR(0x1A)_68"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)__CHAR(0x01)_)669 69 = "2@_CHAR(0x13)_69_CHAR(0x0B)_69"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
E_CHAR(0x17)_7070 = "_CHAR(0x1D)__CHAR(0x07)__CHAR(0x1A)_70_CHAR(0x14)_70"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)__CHAR(0x04)__CHAR(0x15)_;71_CHAR(0x11)_71 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)_7_CHAR(0x1D)__CHAR(0x02)_72372 = "%_CHAR(0x1F)_4"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)_&:-73_CHAR(0x13)_73 = "=!_CHAR(0x03)_73073"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1_CHAR(0x1F)__CHAR(0x11)_*74_CHAR(0x1A)_74 = "_CHAR(0x06)_?+74_CHAR(0x01)_74"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
22?_CHAR(0x1B)_7575 = "D_CHAR(0x05)__CHAR(0x13)_75&75"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
8;_CHAR(0x1D)_76_CHAR(0x0C)_76 = "C#F76/76"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
-_CHAR(0x06)__CHAR(0x02)_77577 = "_CHAR(0x0E)__CHAR(0x07)__CHAR(0x1A)_77077"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
,_CHAR(0x17)_678 78 = "_CHAR(0x07)_7K_CHAR(0x10)_7878"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!7M!79_CHAR(0x02)_79 = ":_CHAR(0x08)_.079F79"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
0=_CHAR(0x19)_280E80 = "_CHAR(0x15)__CHAR(0x14)__CHAR(0x05)__CHAR(0x1E)_80"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_G_CHAR(0x0E)__CHAR(0x05)_81F81 = "_CHAR(0x1E)__CHAR(0x0C)__CHAR(0x14)_&81I81"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0C)_382_CHAR(0x18)_82 = " .ED8282"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
=?983_CHAR(0x1D)_83 = "_CHAR(0x18)_L_CHAR(0x12)_83_CHAR(0x14)_83"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)_HF_CHAR(0x01)_84_CHAR(0x0F)_84 = "+_CHAR(0x17)_4-84/84"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
'B_CHAR(0x0F)_=85_CHAR(0x14)_85 = "KL_CHAR(0x07)_85_CHAR(0x16)_85"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
L;#86%86 = "%CL#86L86"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1 = "PO2887!87"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x07)_W-88U88 = "_CHAR(0x18)_#;)88_CHAR(0x05)_88"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x07)_CN89_CHAR(0x12)_89 = "1_CHAR(0x0E)_6889T89"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
X_CHAR(0x17)__CHAR(0x01)__CHAR(0x17)_90_CHAR(0x11)_90 = "XVH90.90"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_6._CHAR(0x1C)_91_CHAR(0x1D)_91 = "F_CHAR(0x07)_Q91_CHAR(0x04)_91"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
#S,&92I92 = "_CHAR(0x08)_P_CHAR(0x19)_92_CHAR(0x0B)_92"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
TK_CHAR(0x08)__CHAR(0x16)_93X93 = "$OHW9393"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
DA4_CHAR(0x1F)_95@95 = "4_CHAR(0x1E)_%9595"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1B)_L3496_CHAR(0x02)_96 = "@0_CHAR(0x1E)__CHAR(0x1C)_96696"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)_3W)9797 = "_CHAR(0x1A)_7E_CHAR(0x14)_97/97"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
@_CHAR(0x1F)_:498*98 = "_CHAR(0x0C)_2LE98_CHAR(0x15)_98"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%P_CHAR(0x14)_a103%103 = "__CHAR(0x1C)_&`1037103"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1B)_+_CHAR(0x1C)_K104[104 = "7X_CHAR(0x06)__CHAR(0x14)_1041104"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
O_CHAR(0x13)_OP105Q105 = "GFE_CHAR(0x1C)_105105"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)__CHAR(0x19)_+M106/106 = "_CHAR(0x15)__CHAR(0x19)_E_CHAR(0x1B)_1065106"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
PWNh107a107 = "P_CHAR(0x11)_/_CHAR(0x11)_107_CHAR(0x13)_107"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
e_CHAR(0x07)__CHAR(0x0C)_`108W108 = "`_CHAR(0x19)__CHAR(0x08)_G108]108"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
XN_CHAR(0x03)_R1098109 = "_CHAR(0x1E)__CHAR(0x03)_Q,109_CHAR(0x02)_109"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%Mm110(110 = " f8k1104110"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
+$_CHAR(0x0C)_111_CHAR(0x02)_111 = "O%G&111_CHAR(0x19)_111"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x10)__CHAR(0x0F)_Od112112 = "_CHAR(0x06)_$h112F112"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
p_CHAR(0x07)_AU113,113 = "`&C_CHAR(0x1F)_113_CHAR(0x05)_113"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
19V_CHAR(0x01)_114_CHAR(0x0C)_114 = "aCB\114c114"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)_mJ115H115 = "_CHAR(0x08)_`_CHAR(0x11)_115O115"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)_]D116/116 = "_CHAR(0x06)_hWh1167116"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
a_CHAR(0x13)_3?117_CHAR(0x17)_117 = "_CHAR(0x1D)_f3-117P117"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)__CHAR(0x05)__CHAR(0x05)_118:118 = "m_CHAR(0x16)__CHAR(0x06)_O118o118"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)_119_CHAR(0x1B)_119 = "O@OL119)119"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
,o55120[120 = "W)Eo120j120"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
29_CHAR(0x1F)_$1212121 = "7ps121T121"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!(R_CHAR(0x10)_122_CHAR(0x1A)_122 = "_CHAR(0x1A)_3M_CHAR(0x07)_122122"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
x\_CHAR(0x11)_*123n123 = "_CHAR(0x1B)_y-@123_CHAR(0x04)_123"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1_CHAR(0x10)__CHAR(0x12)_S124j124 = "0_CHAR(0x01)_u(124y124"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
64N_CHAR(0x0E)_125D125 = "3_CHAR(0x0F)_d_CHAR(0x0B)_125_CHAR(0x0B)_125"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
+_CHAR(0x1D)_9126Y126 = "=vLA126p126"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
b_CHAR(0x17)_yz127A127 = "U\Z1277127"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x18)_e_CHAR(0x0F)_{128&128 = "Fc~_CHAR(0x06)_128,128"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
T5_CHAR(0x0F)_A129j129 = "=OD#129=129"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Nqn130q130 = "_CHAR(0x0C)_sBk130/130"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Si?1318131 = "n]_CHAR(0x03)__CHAR(0x1A)_1319131"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
l }_CHAR(0x1F)_1329132 = "\_CHAR(0x04)_C132_CHAR(0x03)_132"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
I='_CHAR(0x02)_133_CHAR(0x16)_133 = "4_CHAR(0x0F)__CHAR(0x0C)_133z133"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
k_CHAR(0x0B)_134K134 = "Ib+134_CHAR(0x0B)_134"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
2tli135'135 = "Y_CHAR(0x0C)_135135"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0E)_3136E136 = "_CHAR(0x19)_z_CHAR(0x14)_b136D136"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
8%2y137N137 = "v"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
A6I{138138 = "_CHAR(0x13)_;!F138M138"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
tW_CHAR(0x1A)_K139,139 = "_CHAR(0x19)_
3{139_CHAR(0x01)_139"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0C)_WRX140\140 = "p:1140k140"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Z = "[t5R141_CHAR(0x03)_141"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)_\2142Y142 = "Z{_CHAR(0x02)__CHAR(0x1C)_142e142"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
a_CHAR(0x0F)_]l143q143 = "*_CHAR(0x10)__CHAR(0x14)_d143U143"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
(~nR144d144 = "_CHAR(0x19)_0qK144C144"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
HLN145S145 = "%7,J145_CHAR(0x1B)_145"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
XFN_CHAR(0x0F)_146R146 = "_CHAR(0x05)_c{J1462146"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
95L'147147 = "Gug147D147"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
n$_CHAR(0x05)_]148m148 = "_CHAR(0x07)_DrE148148"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
b_CHAR(0x16)_:_CHAR(0x0F)_149149 = "_CHAR(0x19)_UN2149_CHAR(0x14)_149"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
U_CHAR(0x1B)_k150
150 = "-~A150W150"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
e7tD151_CHAR(0x04)_151 = "`da_CHAR(0x1D)_151p151"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
g_CHAR(0x15)_152Y152 = "_CHAR(0x12)_152_CHAR(0x15)_152"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1*3153\153 = "c*_CHAR(0x13)_153M153"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
}_CHAR(0x1E)__CHAR(0x13)_i154C154 = "n_CHAR(0x05)_e154@154"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x17)_B_CHAR(0x17)_155155 = "_CHAR(0x19)_&]155v155"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ipad156_CHAR(0x02)_156 = "=_CHAR(0x1E)_g156g156"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x10)__CHAR(0x0B)_157157 = "_CHAR(0x14)__CHAR(0x1D)_Xf157X157"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)__CHAR(0x12)_158_CHAR(0x1D)_158 = "^Q1580158"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6_CHAR(0x15)_159n159 = "LK159;159"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0E)_h3_CHAR(0x06)_160x160 = "_CHAR(0x03)_160A160"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
n(_CHAR(0x11)_161(161 = "_CHAR(0x0E)_G"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
J/]162@162 = "RIo162162"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
(q_CHAR(0x10)_163 163 = "M9163163"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
VXA164@164 = "F_CHAR(0x1C)_l8164164"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1(4165 165 = "c_CHAR(0x0E)_)165165"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
+166o166 = "E7166S166"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
l_CHAR(0x0C)__CHAR(0x1A)_167_CHAR(0x17)_167 = "]m{167_CHAR(0x19)_167"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
@%i.168_CHAR(0x07)_168 = "lV\E1682168"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1E)_g169169 = ":5D1693169"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
AL170170 = ";s\j1709170"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
u_CHAR(0x16)_r171171 = "sR171#171"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)_%rj172172 = "Tª172*172"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
t1'173o173 = ")d-173N173"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
l_CHAR(0x1E)_0.174*174 = ":w&`174¤174"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Qr175/175 = "_CHAR(0x15)_t _CHAR(0x17)_175#175"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x16)_\%176_CHAR(0x08)_176 = "C_CHAR(0x03)_-_CHAR(0x1F)_176%176"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0F)_p2177I177 = "nN+Q177y177"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_=178178 = "«£01788178"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¦-$179_CHAR(0x13)_179 = "?@l179179"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)_[180h180 = "a_CHAR(0x13)_b180180"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¯_CHAR(0x11)_1818181 = "¯8_CHAR(0x19)_181^181"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
´l)182®182 = "v_CHAR(0x0F)__CHAR(0x08)_182182"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
X+p183_183 = "g_CHAR(0x1D)_f183183"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
P)*184\184 = "j_CHAR(0x0C)_184_CHAR(0x0F)_184"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x14)_e±185m185 = "*«q185185"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
\UK186G186 = "@p186$186"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!fh187¸187 = "_,187d187"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
kX188·188 = "¹=©188+188"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
®FC189_CHAR(0x04)_189 = "3q189Y189"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
®n¦190`190 = "`O"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%¦191191 = "_CHAR(0x1B)_zª1913191"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x07)_[U192192 = "XI«¸192n192"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Tw_CHAR(0x04)_193n193 = "5£8193©193"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¬c194£194 = "bª70194h194"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
5:º195i195 = "%¤_CHAR(0x01)_U195"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
k!(196i196 = "a*;196Y196"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
?T1197H197 = "¢F«m197197"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¡Tµm198y198 = ";EV198C198"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
PO_CHAR(0x1F)_1996199 = "P_CHAR(0x12)_y199#199"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1D)_s!I200!200 = "F©_CHAR(0x0F)_B2003200"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_n201_CHAR(0x0B)_201 = "F201^201"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)_À_CHAR(0x04)_202_CHAR(0x07)_202 = "j^_CHAR(0x03)_±2022202"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
)203]203 = "#R/203*203"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
@¯S_CHAR(0x1A)_204u204 = "_CHAR(0x15)_±¼£204`204"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
^\a205O205 = "?s 205P205"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
tA¶206g206 = "´_CHAR(0x15)_Ë206±206"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)__207207 = "_CHAR(0x12)___CHAR(0x15)_D207n207"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)_¶È~208}208 = "H.208ª208"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
'Q209%209 = "0Æl209209"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ƨ¿Z210d210 = "¸mB210210"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
b·2110211 = "v]_CHAR(0x0F)_2111211"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
{$¡212}212 = "¨.S212`212"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
m_CHAR(0x1D)_La213r213 = "Ï_CHAR(0x1A)_.213Ð213"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Å_CHAR(0x1B)__CHAR(0x06)_214D214 = "214¶214"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
I¦215215 = "T£_CHAR(0x17)_5215.215"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
KV¹z216°216 = "+£AÂ2160216"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
HjR217_217 = "t)217217"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
X_CHAR(0x12)__CHAR(0x04)__CHAR(0x0B)_218²218 = "!®218 218"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
:b219219 = "§¥uÙ219Ì219"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
²Íw220220 = "LDÇ220Ô220"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_$Hh221
221 = "UvQ*221_CHAR(0x05)_221"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Òe1_CHAR(0x1F)_222222 = "_CHAR(0x16)__²_222_CHAR(0x1B)_222"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
UÆÆ^223w223 = "_CHAR(0x15)_7I½223223"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x10)_Â#_CHAR(0x16)_224Ï224 = "lÆÇ224Í224"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
M¬5225225 = "cÅ5A225v225"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ϩ«¤226@226 = "j_CHAR(0x17)_S¥226r226"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)__CHAR(0x16)_W227·227 = "c¦ 227227"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x07)_¼N£228!228 = "H_CHAR(0x0C)_³228_CHAR(0x1F)_228"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
É_CHAR(0x1E)_N229229 = "s"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
l!Ã230230 = "R®Ù230ß230"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)__CHAR(0x15)_231H231 = "_CHAR(0x03)_G)231½231"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¡j\4232½232 = "ãI¸¼232_CHAR(0x03)_232"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
D?_CHAR(0x17)_·233Í233 = "Sµ·233ª233"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
R_CHAR(0x16)_t234 234 = "}U¼234Û234"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ß+b=235é235 = "§}Î 235¤235"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0C)_½_CHAR(0x1B)_ 236236 = "±_CHAR(0x07)_@236É236"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ù8[!237è237 = "TE-À237)237"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
xQ238á238 = "ê¸×¢238\238"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
`Å239K239 = "Q2s7239H239"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
êAÃ240240 = "AÂ240s240"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
a_CHAR(0x19)_À241X241 = "sÁ241s241"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
u_CHAR(0x02)_ÉG242_CHAR(0x15)_242 = "J_CHAR(0x1F)_Ã242É242"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ºà243243 = "»dƶ243v243"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)__CHAR(0x0E)__CHAR(0x04)__CHAR(0x16)_244¥244 = "Sh_CHAR(0x0F)_¡244é244"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)_ÓôZ245_CHAR(0x03)_245 = "·q¡;245Ú245"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¬¾_CHAR(0x12)_c246Ì246 = "Öµ)_CHAR(0x02)_2467246"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
º
i^247Ê247 = "Q
¡_CHAR(0x03)_247247"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¥_CHAR(0x0B)_@248_CHAR(0x17)_248 = "°Vi248O248"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Å©Â_CHAR(0x0F)_249w249 = ")_CHAR(0x0F)__F249Ñ249"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
o_CHAR(0x16)_g250º250 = "ÈjFc250_CHAR(0x0B)_250"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ø_CHAR(0x1B)_¼251251 = "¡{_251¾251"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
4Ò_252q252 = "_CHAR(0x14)_`Ä252h252"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
åb'253I253 = "îÖæ253«253"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ã{Öð254254 = "x亶254a254"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
/+¡255_CHAR(0x0C)_255 = "þ¢ÝY255255"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x0B)__CHAR(0x08)_14_CHAR(0x05)_14 = "_CHAR(0x08)__CHAR(0x01)__CHAR(0x01)_1414"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0C)__CHAR(0x01)__CHAR(0x02)_1616 = "_CHAR(0x0B)__CHAR(0x01)__CHAR(0x06)__CHAR(0x0E)_1616"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x12)__CHAR(0x10)__CHAR(0x05)__CHAR(0x05)_19_CHAR(0x11)_19 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x12)__CHAR(0x10)_20_CHAR(0x13)_20 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x0C)__CHAR(0x05)_21_CHAR(0x13)_21 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0C)__CHAR(0x12)__CHAR(0x0B)__CHAR(0x02)_2222 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x16)__CHAR(0x03)__CHAR(0x03)_23_CHAR(0x08)_23 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)__CHAR(0x11)_25_CHAR(0x06)_25 = "_CHAR(0x18)__CHAR(0x13)__CHAR(0x12)_25_CHAR(0x10)_25"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)__CHAR(0x16)__CHAR(0x0C)_26_CHAR(0x0B)_26 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1B)__CHAR(0x10)__CHAR(0x15)__CHAR(0x11)_30_CHAR(0x1D)_30 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x07)__CHAR(0x17)_31_CHAR(0x13)_31 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1D)__CHAR(0x0E)__CHAR(0x1C)__CHAR(0x01)_33_CHAR(0x1D)_33 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)__CHAR(0x04)__CHAR(0x08)__CHAR(0x11)_34_CHAR(0x18)_34 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0F)__CHAR(0x18)__CHAR(0x15)_35_CHAR(0x13)_35 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)__CHAR(0x0C)__CHAR(0x17)_36_CHAR(0x04)_36 = "_CHAR(0x02)__CHAR(0x19)_ 3636"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
#_CHAR(0x03)_ = "_CHAR(0x08)__CHAR(0x11)__CHAR(0x0F)__CHAR(0x06)_37_CHAR(0x04)_37"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)__CHAR(0x0E)__CHAR(0x19)_#38%38 = "#_CHAR(0x17)__CHAR(0x12)_3838"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
$_CHAR(0x1D)_39 39 = "$_CHAR(0x12)_#_CHAR(0x10)_39 39"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0F)__CHAR(0x19)_'_CHAR(0x0E)_41_CHAR(0x11)_41 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1D)__CHAR(0x0E)_ %42_CHAR(0x1B)_42 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)_()_CHAR(0x19)_43#43 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0B)_''44(44 = "!_CHAR(0x19)__CHAR(0x1E)__CHAR(0x10)_44"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0B)__CHAR(0x0E)__CHAR(0x14)_45_CHAR(0x0F)_45 = "_CHAR(0x1D)__CHAR(0x1E)_,45%45"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)_) 46'46 = "_CHAR(0x04)__CHAR(0x11)__CHAR(0x15)_'46_CHAR(0x0C)_46"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x18)_! #47_CHAR(0x1B)_47 = "_CHAR(0x18)_!_CHAR(0x0B)_47_CHAR(0x0E)_47"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)_'_CHAR(0x1D)__CHAR(0x05)_48_CHAR(0x0B)_48 = "!!_CHAR(0x1D)_!48_CHAR(0x01)_48"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
*_CHAR(0x06)_(*49_CHAR(0x0E)_49 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)__CHAR(0x1B)__CHAR(0x10)__CHAR(0x12)_50_CHAR(0x13)_50 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1C)__CHAR(0x02)__CHAR(0x18)__CHAR(0x06)_51-51 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x18)__CHAR(0x02)__CHAR(0x07)_-52052 = "#/_CHAR(0x08)__CHAR(0x1F)_52%52"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0E)__CHAR(0x18)__CHAR(0x01)_+53 53 = "_CHAR(0x06)_2_CHAR(0x06)__CHAR(0x05)_53153"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
2_CHAR(0x0F)__CHAR(0x07)_%54454 = "2,+_CHAR(0x1F)_54_CHAR(0x08)_54"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
#_CHAR(0x1B)_+655_CHAR(0x02)_55 = "!5_CHAR(0x13)__CHAR(0x03)_55155"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x17)__CHAR(0x12)_(_CHAR(0x18)_56_CHAR(0x01)_56 = "%_CHAR(0x0B)__CHAR(0x16)_56&56"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
2 (_CHAR(0x11)_57$57 = "_CHAR(0x02)_-!_CHAR(0x0B)_57_CHAR(0x0B)_57"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x16)__CHAR(0x04)__CHAR(0x14)_058_CHAR(0x18)_58 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x10)__CHAR(0x14)_$-59159 = "_CHAR(0x1D)__CHAR(0x18)_0#59_CHAR(0x0C)_59"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
+_CHAR(0x10)__CHAR(0x1C)_6161 = "_CHAR(0x11)_)961_CHAR(0x16)_61"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)__CHAR(0x12)_#62_CHAR(0x16)_62 = "+_CHAR(0x10)_6262"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)__CHAR(0x04)__CHAR(0x02)__CHAR(0x15)_63163 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
?;_CHAR(0x01)_%64_CHAR(0x1E)_64 = "_CHAR(0x01)__CHAR(0x17)_4 64 64"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
*/265_CHAR(0x05)_65 = "*:_CHAR(0x14)_165665"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!,_CHAR(0x1D)_?66_CHAR(0x07)_66 = "5%8)66/66"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1C)__CHAR(0x18)__CHAR(0x19)__CHAR(0x16)_67167 = "._CHAR(0x06)_&_CHAR(0x02)_67A67"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)_/_CHAR(0x1D)_468_CHAR(0x14)_68 = "_CHAR(0x02)_2.&68_CHAR(0x03)_68"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)_$=$69_CHAR(0x1F)_69 = "_CHAR(0x1D)_A_CHAR(0x1F)__CHAR(0x08)_69_CHAR(0x03)_69"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
=)_CHAR(0x1D)_.70_CHAR(0x05)_70 = "_CHAR(0x01)__CHAR(0x1D)_8_CHAR(0x04)_70_CHAR(0x05)_70"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
8_CHAR(0x19)_'71671 = "_CHAR(0x17)_8.71571"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
A_CHAR(0x13)_-473873 = ";_CHAR(0x13)__CHAR(0x15)_,7373"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)_1_CHAR(0x19)_=74_CHAR(0x07)_74 = "0-#074E74"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_JD_CHAR(0x17)_75!75 = ",_CHAR(0x16)_)_CHAR(0x18)_75;75"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
D%76276 = "(_CHAR(0x1E)_5_CHAR(0x11)_76C76"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
;-?-77*77 = "_CHAR(0x0B)_@(_CHAR(0x1D)_77077"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
-_CHAR(0x14)_-)78278 = "=(KJ78878"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
K_CHAR(0x1A)_M_CHAR(0x04)_79_CHAR(0x16)_79 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x18)_I_CHAR(0x1A)_*80080 = "_CHAR(0x12)__CHAR(0x1D)__CHAR(0x1B)__CHAR(0x1D)_80,80"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
I_CHAR(0x1F)_2%81_CHAR(0x19)_81 = "+/A81B81"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)__CHAR(0x14)_;82:82 = "'_CHAR(0x08)__CHAR(0x15)_*82"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x17)_LH83683 = "N8_CHAR(0x0B)__CHAR(0x1A)_83)83"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)__CHAR(0x02)_)784_CHAR(0x0E)_84 = "@:_CHAR(0x0E)_#84_CHAR(0x11)_84"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
N0-S85F85 = "_CHAR(0x07)_-1/8585"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1:ME86286 = "8_CHAR(0x08)_I86S86"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
9_CHAR(0x16)_O_CHAR(0x0B)_87N87 = "5Q_CHAR(0x07)__CHAR(0x08)_87487"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
T&$!88_CHAR(0x05)_88 = "O_CHAR(0x06)__CHAR(0x04)_&88@88"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
2'_CHAR(0x05)_89989 = "AM0S89_CHAR(0x07)_89"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
G2_CHAR(0x1F)_A90&90 = "R_CHAR(0x1F)_=S90U90"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x07)__CHAR(0x04)__CHAR(0x06)__CHAR(0x10)_91H91 = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%_CHAR(0x10)_(N93_CHAR(0x02)_93 = "5D!.93393"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
04&C94B94 = "43A$94_CHAR(0x02)_94"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
XL$95#95 = "OB"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)_DB/96896 = "Y_CHAR(0x06)_[296_CHAR(0x1B)_96"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
-_CHAR(0x13)_&D97_CHAR(0x04)_97 = "QU_CHAR(0x08)__CHAR(0x06)_97#97"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
KZJ+98_CHAR(0x1E)_98 = "2_CHAR(0x19)__CHAR(0x08)__98D98"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
-0299]99 = "_CHAR(0x0B)__CHAR(0x05)_299699"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)_-QU1009100 = "V_CHAR(0x13)_AF100A100"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
K+'(101_CHAR(0x11)_101 = "!%d101P101"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
R&dZ102B102 = "._CHAR(0x1B)_\H102102"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
&9\]104_CHAR(0x0E)_104 = "_CHAR(0x11)_8DC1043104"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
;$d_CHAR(0x15)_105_CHAR(0x02)_105 = "68PJ1055105"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
a_CHAR(0x06)_,G106.106 = "`_CHAR(0x19)_*;106_CHAR(0x1B)_106"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
G0_CHAR(0x0E)_2107T107 = "7I_CHAR(0x05)_c107_CHAR(0x11)_107"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
,?/)1088108 = "k79_CHAR(0x11)_108_CHAR(0x08)_108"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1E)_!_CHAR(0x0E)_1098109 = "_CHAR(0x0F)_JM109109"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)_C'm110#110 = "4IZ110_CHAR(0x03)_110"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0B)__CHAR(0x07)_0_CHAR(0x1E)_1119111 = "Zd_CHAR(0x16)_?111k111"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
L.g5112g112 = "A!N?1120112"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
,&_CHAR(0x13)__CHAR(0x19)_113_CHAR(0x1F)_113 = "+*_CHAR(0x02)_P113_CHAR(0x0C)_113"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0E)__CHAR(0x1A)_114)114 = "_CHAR(0x05)__CHAR(0x12)_\a114h114"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
?i!_CHAR(0x14)_115@115 = "ki+(115E115"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1B)__CHAR(0x04)__CHAR(0x0C)_S116F116 = "VFlX116p116"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)_3j1172117 = "E+!_CHAR(0x14)_117_117"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
3et3118_CHAR(0x1F)_118 = "_CHAR(0x12)__CHAR(0x05)_,/118E118"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
pJ4_CHAR(0x01)_119_CHAR(0x11)_119 = "_CHAR(0x05)_);X119u119"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
C_M120`120 = "9M _CHAR(0x1F)_120 120"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
e?_CHAR(0x07)_3121K121 = "MwA_CHAR(0x18)_121_CHAR(0x1F)_121"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
E3_CHAR(0x07)_122=122 = ") 2T1222122"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
nw4123w123 = "%^9^1236123"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
/_CHAR(0x16)_jq1247124 = "M3Nm124r124"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
df2 1253125 = "X(mP125_CHAR(0x15)_125"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%_CHAR(0x01)__CHAR(0x04)_126_CHAR(0x14)_126 = "JIb_CHAR(0x0B)_126F126"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
uU_CHAR(0x07)_1274127 = "_CHAR(0x1C)_S_CHAR(0x0C)_?127E127"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
=!H_CHAR(0x04)_128^128 = "M.q/128/128"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
yy_CHAR(0x0F)_\129z129 = "e;=J129_CHAR(0x1A)_129"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
KL_CHAR(0x05)_130S130 = "q_CHAR(0x11)_130_CHAR(0x13)_130"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)_D/x131_CHAR(0x16)_131 = "V_CHAR(0x1C)__CHAR(0x0B)_"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
\?!O132132 = "_CHAR(0x1A)_&Jd132s132"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
q;LB133133 = "T4;_CHAR(0x0B)_133s133"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6`_CHAR(0x1A)_a134_CHAR(0x1D)_134 = "W _CHAR(0x1D)_,134B134"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x12)_^c135_CHAR(0x12)_135 = "*_CHAR(0x04)_135h135"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)_$_CHAR(0x18)_136_CHAR(0x1C)_136 = "8UQ136G136"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
n = "-mP1137_CHAR(0x01)_137"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
4h#L138+138 = "NRBJ1382138"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)_u':139X139 = "q_CHAR(0x11)_O]139_CHAR(0x1F)_139"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ed(\140,140 = "2I140&140"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
H141P141 = "5U)_CHAR(0x0F)_141o141"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
I{142_142 = "_CHAR(0x12)_eL_CHAR(0x11)_1422142"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
DN143143 = "8G143J143"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
LY{ 144c144 = "_CHAR(0x18)_144_CHAR(0x10)_144"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
R_CHAR(0x1B)_F+145145 = "=7F 145+145"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
z+um146'146 = "=g_CHAR(0x06)__146,146"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6NU147_CHAR(0x17)_147 = "_CHAR(0x08)_h_CHAR(0x02)__CHAR(0x0E)_147_CHAR(0x07)_147"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)_4148:148 = "Mf148$148"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
{zk_CHAR(0x08)_149Z149 = "BP[149h149"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
o~y150_CHAR(0x15)_150 = "8_CHAR(0x1C)_150o150"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
$M3151*151 = "8K_CHAR(0x01)_"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
U_CHAR(0x16)_W152152 = "D!N,1521152"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
,n_CHAR(0x13)_153_CHAR(0x14)_153 = "[8t153153"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Z;154154 = "]a:=154E154"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)_T]155u155 = "@(155?155"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
fb_CHAR(0x1A)_t156_CHAR(0x1B)_156 = "4#_CHAR(0x1A)_K156156"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_s157-157 = "Vp_CHAR(0x13)_157157"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)_r158_CHAR(0x18)_158 = "C_CHAR(0x1E)_YB158_CHAR(0x07)_158"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)__CHAR(0x0F)_8M159$159 = "ha/159159"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
{_CHAR(0x01)_vd160_CHAR(0x08)_160 = "j:_CHAR(0x11)_U1603160"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
+aK161_CHAR(0x18)_161 = "D_CHAR(0x1E)_#161^161"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x17)_]_162o162 = "{dcj162k162"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
w
fc163d163 = "@_CHAR(0x1C)_v163{163"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
u164y164 = "[164_CHAR(0x0C)_164"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
?G=165g165 = "0V_CHAR(0x1F)_165_CHAR(0x06)_165"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
X_CHAR(0x13)_T166R166 = "-oF/166m166"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!¦%_CHAR(0x14)_167Y167 = "8_CHAR(0x0C)__CHAR(0x05)_167167"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
O_CHAR(0x0F)_£E168q168 = "a65168F168"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
3j_CHAR(0x0F)_169*169 = "$_CHAR(0x08)__CHAR(0x05)_169o169"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
§)7170h170 = "_CHAR(0x0F)_ j170E170"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
&¦1171_CHAR(0x03)_171 = "g_CHAR(0x1C)_d171_CHAR(0x1D)_171"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)_¦_CHAR(0x1D)_8172_CHAR(0x1A)_172 = "_CHAR(0x0C)__CHAR(0x14)_1X172@172"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
x_CHAR(0x16)_1738173 = "h_CHAR(0x13)_173b173"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1E)__CHAR(0x17)_ªx174174 = "ª5174_CHAR(0x19)_174"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
SET.175]175 = "@]_CHAR(0x07)_¢175_CHAR(0x0F)_175"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¨9176t176 = "¤_CHAR(0x19)__CHAR(0x0F)_:1763176"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
£F_CHAR(0x11)_177=177 = "{_CHAR(0x01)_o177
177"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)_[_CHAR(0x08)_178s178 = "l(-178 178"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
²_CHAR(0x05)_C1798179 = "VªII179_CHAR(0x11)_179"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
`r.180§180 = "hrX180\180"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
r_CHAR(0x04)__CHAR(0x12)_181181 = "B&181w181"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
$_CHAR(0x1D)_H182g182 = "¡0W182Q182"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
W±]_CHAR(0x08)_183_CHAR(0x08)_183 = "6¦1_CHAR(0x17)_183_CHAR(0x1A)_183"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
·f¶184§184 = "_CHAR(0x17)_=W³184_CHAR(0x1D)_184"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
~m_CHAR(0x15)_185¸185 = "^o²185S185"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
´_CHAR(0x0F)_G9186_CHAR(0x19)_186 = "8;¨186@186"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
{©bk187187 = "¶±_CHAR(0x1F)_187²187"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
KP_CHAR(0x1A)_l188V188 = "[oE188188"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
£mº]189§189 = ",§_CHAR(0x10)_¯189189"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
VL_CHAR(0x05)_p190C190 = "O_CHAR(0x1B)_«190190"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
r3_CHAR(0x1A)_«191E191 = "«!_CHAR(0x1D)_191191"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
whµ192°192 = "¾PI192¸192"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
q\1939193 = "¯¦:_CHAR(0x01)_193_CHAR(0x01)_193"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ª_CHAR(0x11)_
_CHAR(0x0C)_1943194 = "NX194_CHAR(0x10)_194"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)_Z_CHAR(0x19)_ª195195 = "y¾_CHAR(0x05)__CHAR(0x1E)_195®195"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ZKY!196X196 = "0oa196¦196"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ia_¡197%197 = "`VGQ197@197"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
4!¥198]198 = "1_CHAR(0x1E)_W)198)198"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
»W_CHAR(0x14)_199_CHAR(0x1F)_199 = "N_CHAR(0x06)_¥199199"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1D)_A200,200 = " o-²200p200"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ÄgT201201 = "P_CHAR(0x01)_T201_CHAR(0x01)_201"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
c6E&202`202 = "#_CHAR(0x12)_202202"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
0®AH203*203 = "1~%Ã203[203"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
YG_CHAR(0x1E)_204K204 = "°g_CHAR(0x1B)_204q204"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1C)_j_CHAR(0x10)_205205 = "¸205i205"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
S_CHAR(0x18)_Í206¥206 = "hN206_CHAR(0x0F)_206"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
7µ`207W207 = "_CHAR(0x12)_$1207_CHAR(0x1F)_207"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Bw³{208«208 = "Z208¾208"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
*®8209209 = "fÎ[209_CHAR(0x0F)_209"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%_CHAR(0x08)_210Ç210 = "º¹6210210"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
gQ_CHAR(0x18)_¶211_CHAR(0x13)_211 = "'S2112211"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
__CHAR(0x1B)_` 212º212 = "_CHAR(0x18)_ _CHAR(0x1D)_212k212"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x18)_Î213u213 = "ZÍw213²213"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
©;¾Æ214 214 = "Ìhm214É214"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ÆÊ_CHAR(0x10)_I215[215 = "¥O&215 215"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
À¿_CHAR(0x14)_!216216 = "_CHAR(0x0F)_¨_CHAR(0x12)__CHAR(0x04)_216:216"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
#Ê
217217 = "I_CHAR(0x1C)_¡¼217x217"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x14)_O\i218Ô218 = "6`}d218218"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
º_CHAR(0x1E)_s)219_CHAR(0x03)_219 = "7\6W219219"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ac±2208220 = "Ç,¹220u220"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
(M221221 = "_CHAR(0x1F)_W_C221Ã221"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
:!222222 = "$gÉi222V222"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
°×_CHAR(0x08)_223223 = "Ø_CHAR(0x06)_Y223_CHAR(0x19)_223"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!_CHAR(0x02)_}Ì224Ó224 = "_CHAR(0x1E)_!224Q224"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6B¤v225225 = "vÔÝ225-225"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Å226f226 = "Ô]_CHAR(0x1B)_T226o226"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ºà9227;227 = "ÈV*_CHAR(0x05)_227m227"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
]Û228Å228 = "tÄo228_CHAR(0x0C)_228"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)_ä
Ï229×229 = "Nßs229ä229"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Úh230V230 = "¨ueà230v230"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
0AÀ¾231231 = "_CHAR(0x12)_vÖâ231231"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
7]+Ô232µ232 = "´âÃ232232"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)_?¥233233 = "SaHq233Æ233"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ÑÂEi234E234 = "¯·àn234%234"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Nº¼F235©235 = "RO235¯235"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
á_CHAR(0x1B)_{/236236 = "£á²B2367236"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
L_CHAR(0x1E)__CHAR(0x19)_a237237 = "Å$5237ß237"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ð0Ä_CHAR(0x10)_238g238 = "i_CHAR(0x07)_k238_CHAR(0x12)_238"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Þ7j¿239_CHAR(0x0E)_239 = "NRtÂ239f239"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6#_CHAR(0x16)__CHAR(0x0F)_240g240 = "¤_CHAR(0x08)_À_CHAR(0x1C)_240+240"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
^ä(ª241241 = "Q£Üg241!241"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
CÏT¥242Ñ242 = "·_CHAR(0x1C)_½y242Â242"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¤_CHAR(0x0E)__CHAR(0x14)_243Ë243 = "1z5^2439243"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ugH$244244 = "éÖ$2440244"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
+_CHAR(0x17)_òÐ245Ü245 = "ð"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6_CHAR(0x01)_5Y246¸246 = "qÖÂ246¯246"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
'xÀ248Î248 = "_CHAR(0x16)_
]248k248"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
õ0_CHAR(0x16)_249K249 = "_CHAR(0x0E)_8_CHAR(0x18)_'249&249"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x17)_250k250 = "]5Ý250_CHAR(0x10)_250"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
v£¤251251 = "d¿¹_CHAR(0x1D)_251E251"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ØÕ_CHAR(0x07)__CHAR(0x13)_252È252 = "¯_CHAR(0x01)_ß2520252"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
â_CHAR(0x02)__CHAR(0x1E)_253[253 = "ã{r¹253Á253"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ܲe
254P254 = "kï254_CHAR(0x1B)_254"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
æ _CHAR(0x0C)_ì255_CHAR(0x0E)_255 = "#¬_CHAR(0x19)_255255"
Dropping Routine
This Trojan drops the following files:
- %Temp%\m.bat
- %Temp%\o.bat
- %User Startup%\SoundDivx.lnk
- %Temp%\l.bat
- %Temp%\a.bat
- %Temp%\j.bat
- \My picture.lnk
- %Start Menu%\Programs\My picture.lnk
(Note: %Temp% is the Windows Temporary folder, which is usually C:\Windows\Temp or C:\WINNT\Temp.. %User Startup% is the current user's Startup folder, which is usually C:\Windows\Profiles\{user name}\Start Menu\Programs\Startup on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu\Programs\Startup on Windows NT, and C:\Documents and Settings\{User name}\Start Menu\Programs\Startup.. %Start Menu% is the current user's Start Menu folder, which is usually C:\Windows\Profiles\{user name}\Start Menu on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu on Windows NT and C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003.)
This report is generated via an automated analysis system.
SOLUTION
9.200
Step 1
For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Step 2
Restart in Safe Mode
Step 3
Delete this registry value
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- %Favorites%\ Internet Explorer\Web.scr = "%Favorites%\ Internet Explorer\Web.pif"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x02)__CHAR(0x01)__CHAR(0x03)__CHAR(0x02)_5_CHAR(0x04)_5 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x04)__CHAR(0x06)__CHAR(0x05)__CHAR(0x05)_7_CHAR(0x01)_7 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x01)__CHAR(0x01)__CHAR(0x02)__CHAR(0x01)_9_CHAR(0x05)_9 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x08)__CHAR(0x02)__CHAR(0x06)__CHAR(0x03)_12_CHAR(0x04)_12 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0B)__CHAR(0x04)__CHAR(0x06)__CHAR(0x03)_1313 = "_CHAR(0x07)__CHAR(0x05)_13_CHAR(0x07)_13"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x01)__CHAR(0x0C)_1515 = "_CHAR(0x04)__CHAR(0x0B)__CHAR(0x07)_1515"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0B)__CHAR(0x01)__CHAR(0x0B)_17 = "_CHAR(0x05)__CHAR(0x0F)__CHAR(0x05)_17_CHAR(0x07)_17"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x10)__CHAR(0x06)__CHAR(0x06)__CHAR(0x08)_18_CHAR(0x01)_18 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x02)__CHAR(0x10)__CHAR(0x07)__CHAR(0x03)_19_CHAR(0x0F)_19 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x06)__CHAR(0x08)__CHAR(0x04)__CHAR(0x03)_2020 = "_CHAR(0x13)__CHAR(0x0C)_20_CHAR(0x01)_20"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x05)__CHAR(0x08)_23_CHAR(0x14)_23 = "_CHAR(0x05)__CHAR(0x10)__CHAR(0x0C)_23_CHAR(0x14)_23"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x08)__CHAR(0x08)__CHAR(0x0E)__CHAR(0x12)_2424 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x04)__CHAR(0x08)__CHAR(0x02)__CHAR(0x13)_2828 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0F)__CHAR(0x16)__CHAR(0x11)__CHAR(0x06)_30_CHAR(0x19)_30 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x06)__CHAR(0x18)__CHAR(0x10)__CHAR(0x0C)_31_CHAR(0x01)_31 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x19)__CHAR(0x1E)__CHAR(0x03)__CHAR(0x06)_32_CHAR(0x18)_32 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1E)__CHAR(0x10)__CHAR(0x15)_ 33_CHAR(0x19)_33 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x11)__CHAR(0x18)_35_CHAR(0x0E)_35 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x03)_# = "_CHAR(0x0C)__CHAR(0x12)__CHAR(0x17)__CHAR(0x1D)_36_CHAR(0x16)_36"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- #_CHAR(0x12)__CHAR(0x11)_$37_CHAR(0x08)_37 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x17)__CHAR(0x1E)__CHAR(0x11)__CHAR(0x06)_38_CHAR(0x18)_38 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x12)__CHAR(0x06)_ #41_CHAR(0x03)_41 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x15)__CHAR(0x1D)_ 42_CHAR(0x01)_42 = "_CHAR(0x19)__CHAR(0x0C)__CHAR(0x02)__CHAR(0x13)_4242"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x03)__CHAR(0x1C)_$_CHAR(0x0E)_4343 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- #_CHAR(0x0B)__CHAR(0x01)__CHAR(0x0F)_44&44 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1D)__CHAR(0x13)__CHAR(0x1C)_45$45 = "_CHAR(0x14)__CHAR(0x18)__CHAR(0x1B)_4545"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x12)_!_CHAR(0x1E)__CHAR(0x08)_46,46 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- )_CHAR(0x1F)__CHAR(0x13)__CHAR(0x1B)_47_CHAR(0x06)_47 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- '_CHAR(0x17)__CHAR(0x06)__CHAR(0x16)_48_CHAR(0x06)_48 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x08)_$_CHAR(0x10)_49_CHAR(0x0C)_49 = "_CHAR(0x01)_,!_CHAR(0x03)_49 49"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- &_CHAR(0x13)_.51_CHAR(0x1A)_51 = ",%_CHAR(0x0F)__CHAR(0x1E)_51_CHAR(0x05)_51"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x11)__CHAR(0x12)__CHAR(0x15)__CHAR(0x1D)_52/52 = "#&3_CHAR(0x12)_52_CHAR(0x04)_52"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x15)__CHAR(0x0E)_0_CHAR(0x0C)_53_CHAR(0x14)_53 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x16)_4_CHAR(0x1B)_54_CHAR(0x1F)_54 = "_CHAR(0x14)__CHAR(0x14)_*154$54"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1F)__CHAR(0x1C)_3_CHAR(0x0C)_55_CHAR(0x01)_55 = "5_CHAR(0x1B)_5_CHAR(0x0B)_55-55"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x05)__CHAR(0x18)__CHAR(0x03)_756_CHAR(0x15)_56 = "'0-_CHAR(0x16)_56$56"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0F)_1_CHAR(0x14)_57_CHAR(0x17)_57 = "_CHAR(0x04)_7"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x03)_$_CHAR(0x0F)_.58_CHAR(0x06)_58 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 7_CHAR(0x13)_8_CHAR(0x10)_59.59 = "2_CHAR(0x18)__CHAR(0x1D)__CHAR(0x10)_59*59"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x14)__CHAR(0x19)__CHAR(0x19)_:60_CHAR(0x15)_60 = "#*_CHAR(0x1C)_60_CHAR(0x13)_60"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x19)__CHAR(0x1D)__CHAR(0x15)__CHAR(0x1C)_61_CHAR(0x03)_61 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 2$_CHAR(0x19)__CHAR(0x12)_62462 = "#_CHAR(0x11)_'662_CHAR(0x0F)_62"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- '_CHAR(0x02)__CHAR(0x1D)_363663 = "=*,63_CHAR(0x10)_63"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 9_CHAR(0x0F)__CHAR(0x1E)__CHAR(0x16)_64364 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- !_CHAR(0x10)_#'65_CHAR(0x15)_65 = "%1-6565"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1D)_/$#6666 = "0;$'66766"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1C)__CHAR(0x01)_?_CHAR(0x02)_67167 = "_CHAR(0x11)_+67467"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x03)__CHAR(0x06)__CHAR(0x18)_;6868 = "@'C568_CHAR(0x1A)_68"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x01)__CHAR(0x01)_)669 69 = "2@_CHAR(0x13)_69_CHAR(0x0B)_69"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- E_CHAR(0x17)_7070 = "_CHAR(0x1D)__CHAR(0x07)__CHAR(0x1A)_70_CHAR(0x14)_70"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x13)__CHAR(0x04)__CHAR(0x15)_;71_CHAR(0x11)_71 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x05)_7_CHAR(0x1D)__CHAR(0x02)_72372 = "%_CHAR(0x1F)_4"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x11)_&:-73_CHAR(0x13)_73 = "=!_CHAR(0x03)_73073"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 1_CHAR(0x1F)__CHAR(0x11)_*74_CHAR(0x1A)_74 = "_CHAR(0x06)_?+74_CHAR(0x01)_74"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 22?_CHAR(0x1B)_7575 = "D_CHAR(0x05)__CHAR(0x13)_75&75"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 8;_CHAR(0x1D)_76_CHAR(0x0C)_76 = "C#F76/76"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- -_CHAR(0x06)__CHAR(0x02)_77577 = "_CHAR(0x0E)__CHAR(0x07)__CHAR(0x1A)_77077"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ,_CHAR(0x17)_678 78 = "_CHAR(0x07)_7K_CHAR(0x10)_7878"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- !7M!79_CHAR(0x02)_79 = ":_CHAR(0x08)_.079F79"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 0=_CHAR(0x19)_280E80 = "_CHAR(0x15)__CHAR(0x14)__CHAR(0x05)__CHAR(0x1E)_80"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1A)_G_CHAR(0x0E)__CHAR(0x05)_81F81 = "_CHAR(0x1E)__CHAR(0x0C)__CHAR(0x14)_&81I81"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0C)_382_CHAR(0x18)_82 = " .ED8282"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- =?983_CHAR(0x1D)_83 = "_CHAR(0x18)_L_CHAR(0x12)_83_CHAR(0x14)_83"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x03)_HF_CHAR(0x01)_84_CHAR(0x0F)_84 = "+_CHAR(0x17)_4-84/84"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 'B_CHAR(0x0F)_=85_CHAR(0x14)_85 = "KL_CHAR(0x07)_85_CHAR(0x16)_85"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- L;#86%86 = "%CL#86L86"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 1 = "PO2887!87"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x07)_W-88U88 = "_CHAR(0x18)_#;)88_CHAR(0x05)_88"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x07)_CN89_CHAR(0x12)_89 = "1_CHAR(0x0E)_6889T89"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- X_CHAR(0x17)__CHAR(0x01)__CHAR(0x17)_90_CHAR(0x11)_90 = "XVH90.90"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1A)_6._CHAR(0x1C)_91_CHAR(0x1D)_91 = "F_CHAR(0x07)_Q91_CHAR(0x04)_91"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- #S,&92I92 = "_CHAR(0x08)_P_CHAR(0x19)_92_CHAR(0x0B)_92"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- TK_CHAR(0x08)__CHAR(0x16)_93X93 = "$OHW9393"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- DA4_CHAR(0x1F)_95@95 = "4_CHAR(0x1E)_%9595"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1B)_L3496_CHAR(0x02)_96 = "@0_CHAR(0x1E)__CHAR(0x1C)_96696"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x15)_3W)9797 = "_CHAR(0x1A)_7E_CHAR(0x14)_97/97"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- @_CHAR(0x1F)_:498*98 = "_CHAR(0x0C)_2LE98_CHAR(0x15)_98"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- %P_CHAR(0x14)_a103%103 = "__CHAR(0x1C)_&`1037103"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1B)_+_CHAR(0x1C)_K104[104 = "7X_CHAR(0x06)__CHAR(0x14)_1041104"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- O_CHAR(0x13)_OP105Q105 = "GFE_CHAR(0x1C)_105105"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x19)__CHAR(0x19)_+M106/106 = "_CHAR(0x15)__CHAR(0x19)_E_CHAR(0x1B)_1065106"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- PWNh107a107 = "P_CHAR(0x11)_/_CHAR(0x11)_107_CHAR(0x13)_107"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- e_CHAR(0x07)__CHAR(0x0C)_`108W108 = "`_CHAR(0x19)__CHAR(0x08)_G108]108"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- XN_CHAR(0x03)_R1098109 = "_CHAR(0x1E)__CHAR(0x03)_Q,109_CHAR(0x02)_109"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- %Mm110(110 = " f8k1104110"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- +$_CHAR(0x0C)_111_CHAR(0x02)_111 = "O%G&111_CHAR(0x19)_111"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x10)__CHAR(0x0F)_Od112112 = "_CHAR(0x06)_$h112F112"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- p_CHAR(0x07)_AU113,113 = "`&C_CHAR(0x1F)_113_CHAR(0x05)_113"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 19V_CHAR(0x01)_114_CHAR(0x0C)_114 = "aCB\114c114"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x15)_mJ115H115 = "_CHAR(0x08)_`_CHAR(0x11)_115O115"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x13)_]D116/116 = "_CHAR(0x06)_hWh1167116"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- a_CHAR(0x13)_3?117_CHAR(0x17)_117 = "_CHAR(0x1D)_f3-117P117"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x08)__CHAR(0x05)__CHAR(0x05)_118:118 = "m_CHAR(0x16)__CHAR(0x06)_O118o118"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x03)_119_CHAR(0x1B)_119 = "O@OL119)119"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ,o55120[120 = "W)Eo120j120"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 29_CHAR(0x1F)_$1212121 = "7ps121T121"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- !(R_CHAR(0x10)_122_CHAR(0x1A)_122 = "_CHAR(0x1A)_3M_CHAR(0x07)_122122"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- x\_CHAR(0x11)_*123n123 = "_CHAR(0x1B)_y-@123_CHAR(0x04)_123"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 1_CHAR(0x10)__CHAR(0x12)_S124j124 = "0_CHAR(0x01)_u(124y124"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 64N_CHAR(0x0E)_125D125 = "3_CHAR(0x0F)_d_CHAR(0x0B)_125_CHAR(0x0B)_125"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- +_CHAR(0x1D)_9126Y126 = "=vLA126p126"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- b_CHAR(0x17)_yz127A127 = "U\Z1277127"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x18)_e_CHAR(0x0F)_{128&128 = "Fc~_CHAR(0x06)_128,128"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- T5_CHAR(0x0F)_A129j129 = "=OD#129=129"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Nqn130q130 = "_CHAR(0x0C)_sBk130/130"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Si?1318131 = "n]_CHAR(0x03)__CHAR(0x1A)_1319131"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- l }_CHAR(0x1F)_1329132 = "\_CHAR(0x04)_C132_CHAR(0x03)_132"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- I='_CHAR(0x02)_133_CHAR(0x16)_133 = "4_CHAR(0x0F)__CHAR(0x0C)_133z133"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- k_CHAR(0x0B)_134K134 = "Ib+134_CHAR(0x0B)_134"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 2tli135'135 = "Y_CHAR(0x0C)_135135"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0E)_3136E136 = "_CHAR(0x19)_z_CHAR(0x14)_b136D136"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 8%2y137N137 = "v"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- A6I{138138 = "_CHAR(0x13)_;!F138M138"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- tW_CHAR(0x1A)_K139,139 = "_CHAR(0x19)_ 3{139_CHAR(0x01)_139"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0C)_WRX140\140 = "p:1140k140"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Z = "[t5R141_CHAR(0x03)_141"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x01)_\2142Y142 = "Z{_CHAR(0x02)__CHAR(0x1C)_142e142"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- a_CHAR(0x0F)_]l143q143 = "*_CHAR(0x10)__CHAR(0x14)_d143U143"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- (~nR144d144 = "_CHAR(0x19)_0qK144C144"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HLN145S145 = "%7,J145_CHAR(0x1B)_145"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- XFN_CHAR(0x0F)_146R146 = "_CHAR(0x05)_c{J1462146"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 95L'147147 = "Gug147D147"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- n$_CHAR(0x05)_]148m148 = "_CHAR(0x07)_DrE148148"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- b_CHAR(0x16)_:_CHAR(0x0F)_149149 = "_CHAR(0x19)_UN2149_CHAR(0x14)_149"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- U_CHAR(0x1B)_k150 150 = "-~A150W150"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- e7tD151_CHAR(0x04)_151 = "`da_CHAR(0x1D)_151p151"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- g_CHAR(0x15)_152Y152 = "_CHAR(0x12)_152_CHAR(0x15)_152"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 1*3153\153 = "c*_CHAR(0x13)_153M153"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- }_CHAR(0x1E)__CHAR(0x13)_i154C154 = "n_CHAR(0x05)_e154@154"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x17)_B_CHAR(0x17)_155155 = "_CHAR(0x19)_&]155v155"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ipad156_CHAR(0x02)_156 = "=_CHAR(0x1E)_g156g156"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x10)__CHAR(0x0B)_157157 = "_CHAR(0x14)__CHAR(0x1D)_Xf157X157"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x11)__CHAR(0x12)_158_CHAR(0x1D)_158 = "^Q1580158"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 6_CHAR(0x15)_159n159 = "LK159;159"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0E)_h3_CHAR(0x06)_160x160 = "_CHAR(0x03)_160A160"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- n(_CHAR(0x11)_161(161 = "_CHAR(0x0E)_G"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- J/]162@162 = "RIo162162"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- (q_CHAR(0x10)_163 163 = "M9163163"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- VXA164@164 = "F_CHAR(0x1C)_l8164164"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 1(4165 165 = "c_CHAR(0x0E)_)165165"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- +166o166 = "E7166S166"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- l_CHAR(0x0C)__CHAR(0x1A)_167_CHAR(0x17)_167 = "]m{167_CHAR(0x19)_167"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- @%i.168_CHAR(0x07)_168 = "lV\E1682168"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1E)_g169169 = ":5D1693169"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- AL170170 = ";s\j1709170"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- u_CHAR(0x16)_r171171 = "sR171#171"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x19)_%rj172172 = "Tª172*172"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- t1'173o173 = ")d-173N173"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- l_CHAR(0x1E)_0.174*174 = ":w&`174¤174"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Qr175/175 = "_CHAR(0x15)_t _CHAR(0x17)_175#175"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x16)_\%176_CHAR(0x08)_176 = "C_CHAR(0x03)_-_CHAR(0x1F)_176%176"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0F)_p2177I177 = "nN+Q177y177"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1A)_=178178 = "«£01788178"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ¦-$179_CHAR(0x13)_179 = "?@l179179"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x08)_[180h180 = "a_CHAR(0x13)_b180180"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ¯_CHAR(0x11)_1818181 = "¯8_CHAR(0x19)_181^181"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ´l)182®182 = "v_CHAR(0x0F)__CHAR(0x08)_182182"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- X+p183_183 = "g_CHAR(0x1D)_f183183"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- P)*184\184 = "j_CHAR(0x0C)_184_CHAR(0x0F)_184"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x14)_e±185m185 = "*«q185185"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- \UK186G186 = "@p186$186"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- !fh187¸187 = "_,187d187"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- kX188·188 = "¹=©188+188"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ®FC189_CHAR(0x04)_189 = "3q189Y189"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ®n¦190`190 = "`O"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- %¦191191 = "_CHAR(0x1B)_zª1913191"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x07)_[U192192 = "XI«¸192n192"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Tw_CHAR(0x04)_193n193 = "5£8193©193"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ¬c194£194 = "bª70194h194"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 5:º195i195 = "%¤_CHAR(0x01)_U195"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- k!(196i196 = "a*;196Y196"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ?T1197H197 = "¢F«m197197"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ¡Tµm198y198 = ";EV198C198"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- PO_CHAR(0x1F)_1996199 = "P_CHAR(0x12)_y199#199"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1D)_s!I200!200 = "F©_CHAR(0x0F)_B2003200"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1A)_n201_CHAR(0x0B)_201 = "F201^201"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1F)_À_CHAR(0x04)_202_CHAR(0x07)_202 = "j^_CHAR(0x03)_±2022202"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- )203]203 = "#R/203*203"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- @¯S_CHAR(0x1A)_204u204 = "_CHAR(0x15)_±¼£204`204"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ^\a205O205 = "?s 205P205"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- tA¶206g206 = "´_CHAR(0x15)_Ë206±206"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1F)__207207 = "_CHAR(0x12)___CHAR(0x15)_D207n207"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x08)_¶È~208}208 = "H.208ª208"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 'Q209%209 = "0Æl209209"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ƨ¿Z210d210 = "¸mB210210"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- b·2110211 = "v]_CHAR(0x0F)_2111211"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- {$¡212}212 = "¨.S212`212"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- m_CHAR(0x1D)_La213r213 = "Ï_CHAR(0x1A)_.213Ð213"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Å_CHAR(0x1B)__CHAR(0x06)_214D214 = "214¶214"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- I¦215215 = "T£_CHAR(0x17)_5215.215"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- KV¹z216°216 = "+£AÂ2160216"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HjR217_217 = "t)217217"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- X_CHAR(0x12)__CHAR(0x04)__CHAR(0x0B)_218²218 = "!®218 218"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- :b219219 = "§¥uÙ219Ì219"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ²Íw220220 = "LDÇ220Ô220"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1A)_$Hh221 221 = "UvQ*221_CHAR(0x05)_221"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Òe1_CHAR(0x1F)_222222 = "_CHAR(0x16)__²_222_CHAR(0x1B)_222"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- UÆÆ^223w223 = "_CHAR(0x15)_7I½223223"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x10)_Â#_CHAR(0x16)_224Ï224 = "lÆÇ224Í224"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- M¬5225225 = "cÅ5A225v225"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Ϩ«¤226@226 = "j_CHAR(0x17)_S¥226r226"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1F)__CHAR(0x16)_W227·227 = "c¦ 227227"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x07)_¼N£228!228 = "H_CHAR(0x0C)_³228_CHAR(0x1F)_228"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- É_CHAR(0x1E)_N229229 = "s"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- l!Ã230230 = "R®Ù230ß230"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1A)__CHAR(0x15)_231H231 = "_CHAR(0x03)_G)231½231"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ¡j\4232½232 = "ãI¸¼232_CHAR(0x03)_232"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- D?_CHAR(0x17)_·233Í233 = "Sµ·233ª233"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- R_CHAR(0x16)_t234 234 = "}U¼234Û234"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ß+b=235é235 = "§}Î 235¤235"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0C)_½_CHAR(0x1B)_ 236236 = "±_CHAR(0x07)_@236É236"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Ù8[!237è237 = "TE-À237)237"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- xQ238á238 = "ê¸×¢238\238"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- `Å239K239 = "Q2s7239H239"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- êAÃ240240 = "AÂ240s240"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- a_CHAR(0x19)_À241X241 = "sÁ241s241"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- u_CHAR(0x02)_ÉG242_CHAR(0x15)_242 = "J_CHAR(0x1F)_Ã242É242"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ºà243243 = "»dƶ243v243"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1A)__CHAR(0x0E)__CHAR(0x04)__CHAR(0x16)_244¥244 = "Sh_CHAR(0x0F)_¡244é244"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x15)_ÓôZ245_CHAR(0x03)_245 = "·q¡;245Ú245"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ¬¾_CHAR(0x12)_c246Ì246 = "Öµ)_CHAR(0x02)_2467246"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- º i^247Ê247 = "Q ¡_CHAR(0x03)_247247"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ¥_CHAR(0x0B)_@248_CHAR(0x17)_248 = "°Vi248O248"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Å©Â_CHAR(0x0F)_249w249 = ")_CHAR(0x0F)__F249Ñ249"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- o_CHAR(0x16)_g250º250 = "ÈjFc250_CHAR(0x0B)_250"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ø_CHAR(0x1B)_¼251251 = "¡{_251¾251"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 4Ò_252q252 = "_CHAR(0x14)_`Ä252h252"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- åb'253I253 = "îÖæ253«253"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Ã{Öð254254 = "x亶254a254"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- /+¡255_CHAR(0x0C)_255 = "þ¢ÝY255255"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x04)__CHAR(0x0B)__CHAR(0x08)_14_CHAR(0x05)_14 = "_CHAR(0x08)__CHAR(0x01)__CHAR(0x01)_1414"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0C)__CHAR(0x01)__CHAR(0x02)_1616 = "_CHAR(0x0B)__CHAR(0x01)__CHAR(0x06)__CHAR(0x0E)_1616"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x12)__CHAR(0x10)__CHAR(0x05)__CHAR(0x05)_19_CHAR(0x11)_19 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x04)__CHAR(0x12)__CHAR(0x10)_20_CHAR(0x13)_20 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x04)__CHAR(0x0C)__CHAR(0x05)_21_CHAR(0x13)_21 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0C)__CHAR(0x12)__CHAR(0x0B)__CHAR(0x02)_2222 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x16)__CHAR(0x03)__CHAR(0x03)_23_CHAR(0x08)_23 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x13)__CHAR(0x11)_25_CHAR(0x06)_25 = "_CHAR(0x18)__CHAR(0x13)__CHAR(0x12)_25_CHAR(0x10)_25"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x13)__CHAR(0x16)__CHAR(0x0C)_26_CHAR(0x0B)_26 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1B)__CHAR(0x10)__CHAR(0x15)__CHAR(0x11)_30_CHAR(0x1D)_30 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x04)__CHAR(0x07)__CHAR(0x17)_31_CHAR(0x13)_31 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1D)__CHAR(0x0E)__CHAR(0x1C)__CHAR(0x01)_33_CHAR(0x1D)_33 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x11)__CHAR(0x04)__CHAR(0x08)__CHAR(0x11)_34_CHAR(0x18)_34 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0F)__CHAR(0x18)__CHAR(0x15)_35_CHAR(0x13)_35 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x06)__CHAR(0x0C)__CHAR(0x17)_36_CHAR(0x04)_36 = "_CHAR(0x02)__CHAR(0x19)_ 3636"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- #_CHAR(0x03)_ = "_CHAR(0x08)__CHAR(0x11)__CHAR(0x0F)__CHAR(0x06)_37_CHAR(0x04)_37"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x01)__CHAR(0x0E)__CHAR(0x19)_#38%38 = "#_CHAR(0x17)__CHAR(0x12)_3838"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- $_CHAR(0x1D)_39 39 = "$_CHAR(0x12)_#_CHAR(0x10)_39 39"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0F)__CHAR(0x19)_'_CHAR(0x0E)_41_CHAR(0x11)_41 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1D)__CHAR(0x0E)_ %42_CHAR(0x1B)_42 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x19)_()_CHAR(0x19)_43#43 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0B)_''44(44 = "!_CHAR(0x19)__CHAR(0x1E)__CHAR(0x10)_44"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0B)__CHAR(0x0E)__CHAR(0x14)_45_CHAR(0x0F)_45 = "_CHAR(0x1D)__CHAR(0x1E)_,45%45"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x13)_) 46'46 = "_CHAR(0x04)__CHAR(0x11)__CHAR(0x15)_'46_CHAR(0x0C)_46"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x18)_! #47_CHAR(0x1B)_47 = "_CHAR(0x18)_!_CHAR(0x0B)_47_CHAR(0x0E)_47"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x19)_'_CHAR(0x1D)__CHAR(0x05)_48_CHAR(0x0B)_48 = "!!_CHAR(0x1D)_!48_CHAR(0x01)_48"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- *_CHAR(0x06)_(*49_CHAR(0x0E)_49 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x05)__CHAR(0x1B)__CHAR(0x10)__CHAR(0x12)_50_CHAR(0x13)_50 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1C)__CHAR(0x02)__CHAR(0x18)__CHAR(0x06)_51-51 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x18)__CHAR(0x02)__CHAR(0x07)_-52052 = "#/_CHAR(0x08)__CHAR(0x1F)_52%52"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0E)__CHAR(0x18)__CHAR(0x01)_+53 53 = "_CHAR(0x06)_2_CHAR(0x06)__CHAR(0x05)_53153"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 2_CHAR(0x0F)__CHAR(0x07)_%54454 = "2,+_CHAR(0x1F)_54_CHAR(0x08)_54"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- #_CHAR(0x1B)_+655_CHAR(0x02)_55 = "!5_CHAR(0x13)__CHAR(0x03)_55155"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x17)__CHAR(0x12)_(_CHAR(0x18)_56_CHAR(0x01)_56 = "%_CHAR(0x0B)__CHAR(0x16)_56&56"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 2 (_CHAR(0x11)_57$57 = "_CHAR(0x02)_-!_CHAR(0x0B)_57_CHAR(0x0B)_57"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x16)__CHAR(0x04)__CHAR(0x14)_058_CHAR(0x18)_58 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x10)__CHAR(0x14)_$-59159 = "_CHAR(0x1D)__CHAR(0x18)_0#59_CHAR(0x0C)_59"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- +_CHAR(0x10)__CHAR(0x1C)_6161 = "_CHAR(0x11)_)961_CHAR(0x16)_61"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1F)__CHAR(0x12)_#62_CHAR(0x16)_62 = "+_CHAR(0x10)_6262"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x02)__CHAR(0x04)__CHAR(0x02)__CHAR(0x15)_63163 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ?;_CHAR(0x01)_%64_CHAR(0x1E)_64 = "_CHAR(0x01)__CHAR(0x17)_4 64 64"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- */265_CHAR(0x05)_65 = "*:_CHAR(0x14)_165665"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- !,_CHAR(0x1D)_?66_CHAR(0x07)_66 = "5%8)66/66"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1C)__CHAR(0x18)__CHAR(0x19)__CHAR(0x16)_67167 = "._CHAR(0x06)_&_CHAR(0x02)_67A67"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x19)_/_CHAR(0x1D)_468_CHAR(0x14)_68 = "_CHAR(0x02)_2.&68_CHAR(0x03)_68"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x13)_$=$69_CHAR(0x1F)_69 = "_CHAR(0x1D)_A_CHAR(0x1F)__CHAR(0x08)_69_CHAR(0x03)_69"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- =)_CHAR(0x1D)_.70_CHAR(0x05)_70 = "_CHAR(0x01)__CHAR(0x1D)_8_CHAR(0x04)_70_CHAR(0x05)_70"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 8_CHAR(0x19)_'71671 = "_CHAR(0x17)_8.71571"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- A_CHAR(0x13)_-473873 = ";_CHAR(0x13)__CHAR(0x15)_,7373"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x08)_1_CHAR(0x19)_=74_CHAR(0x07)_74 = "0-#074E74"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1A)_JD_CHAR(0x17)_75!75 = ",_CHAR(0x16)_)_CHAR(0x18)_75;75"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- D%76276 = "(_CHAR(0x1E)_5_CHAR(0x11)_76C76"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ;-?-77*77 = "_CHAR(0x0B)_@(_CHAR(0x1D)_77077"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- -_CHAR(0x14)_-)78278 = "=(KJ78878"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- K_CHAR(0x1A)_M_CHAR(0x04)_79_CHAR(0x16)_79 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x18)_I_CHAR(0x1A)_*80080 = "_CHAR(0x12)__CHAR(0x1D)__CHAR(0x1B)__CHAR(0x1D)_80,80"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- I_CHAR(0x1F)_2%81_CHAR(0x19)_81 = "+/A81B81"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x05)__CHAR(0x14)_;82:82 = "'_CHAR(0x08)__CHAR(0x15)_*82"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x04)__CHAR(0x17)_LH83683 = "N8_CHAR(0x0B)__CHAR(0x1A)_83)83"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x06)__CHAR(0x02)_)784_CHAR(0x0E)_84 = "@:_CHAR(0x0E)_#84_CHAR(0x11)_84"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- N0-S85F85 = "_CHAR(0x07)_-1/8585"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 1:ME86286 = "8_CHAR(0x08)_I86S86"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 9_CHAR(0x16)_O_CHAR(0x0B)_87N87 = "5Q_CHAR(0x07)__CHAR(0x08)_87487"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- T&$!88_CHAR(0x05)_88 = "O_CHAR(0x06)__CHAR(0x04)_&88@88"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 2'_CHAR(0x05)_89989 = "AM0S89_CHAR(0x07)_89"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- G2_CHAR(0x1F)_A90&90 = "R_CHAR(0x1F)_=S90U90"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x07)__CHAR(0x04)__CHAR(0x06)__CHAR(0x10)_91H91 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- %_CHAR(0x10)_(N93_CHAR(0x02)_93 = "5D!.93393"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 04&C94B94 = "43A$94_CHAR(0x02)_94"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- XL$95#95 = "OB"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x04)_DB/96896 = "Y_CHAR(0x06)_[296_CHAR(0x1B)_96"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- -_CHAR(0x13)_&D97_CHAR(0x04)_97 = "QU_CHAR(0x08)__CHAR(0x06)_97#97"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- KZJ+98_CHAR(0x1E)_98 = "2_CHAR(0x19)__CHAR(0x08)__98D98"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- -0299]99 = "_CHAR(0x0B)__CHAR(0x05)_299699"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x08)_-QU1009100 = "V_CHAR(0x13)_AF100A100"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- K+'(101_CHAR(0x11)_101 = "!%d101P101"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- R&dZ102B102 = "._CHAR(0x1B)_\H102102"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- &9\]104_CHAR(0x0E)_104 = "_CHAR(0x11)_8DC1043104"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ;$d_CHAR(0x15)_105_CHAR(0x02)_105 = "68PJ1055105"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- a_CHAR(0x06)_,G106.106 = "`_CHAR(0x19)_*;106_CHAR(0x1B)_106"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- G0_CHAR(0x0E)_2107T107 = "7I_CHAR(0x05)_c107_CHAR(0x11)_107"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ,?/)1088108 = "k79_CHAR(0x11)_108_CHAR(0x08)_108"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1E)_!_CHAR(0x0E)_1098109 = "_CHAR(0x0F)_JM109109"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x04)_C'm110#110 = "4IZ110_CHAR(0x03)_110"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0B)__CHAR(0x07)_0_CHAR(0x1E)_1119111 = "Zd_CHAR(0x16)_?111k111"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- L.g5112g112 = "A!N?1120112"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ,&_CHAR(0x13)__CHAR(0x19)_113_CHAR(0x1F)_113 = "+*_CHAR(0x02)_P113_CHAR(0x0C)_113"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x0E)__CHAR(0x1A)_114)114 = "_CHAR(0x05)__CHAR(0x12)_\a114h114"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ?i!_CHAR(0x14)_115@115 = "ki+(115E115"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1B)__CHAR(0x04)__CHAR(0x0C)_S116F116 = "VFlX116p116"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x06)_3j1172117 = "E+!_CHAR(0x14)_117_117"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 3et3118_CHAR(0x1F)_118 = "_CHAR(0x12)__CHAR(0x05)_,/118E118"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- pJ4_CHAR(0x01)_119_CHAR(0x11)_119 = "_CHAR(0x05)_);X119u119"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- C_M120`120 = "9M _CHAR(0x1F)_120 120"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- e?_CHAR(0x07)_3121K121 = "MwA_CHAR(0x18)_121_CHAR(0x1F)_121"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- E3_CHAR(0x07)_122=122 = ") 2T1222122"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- nw4123w123 = "%^9^1236123"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- /_CHAR(0x16)_jq1247124 = "M3Nm124r124"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- df2 1253125 = "X(mP125_CHAR(0x15)_125"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- %_CHAR(0x01)__CHAR(0x04)_126_CHAR(0x14)_126 = "JIb_CHAR(0x0B)_126F126"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- uU_CHAR(0x07)_1274127 = "_CHAR(0x1C)_S_CHAR(0x0C)_?127E127"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- =!H_CHAR(0x04)_128^128 = "M.q/128/128"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- yy_CHAR(0x0F)_\129z129 = "e;=J129_CHAR(0x1A)_129"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- KL_CHAR(0x05)_130S130 = "q_CHAR(0x11)_130_CHAR(0x13)_130"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1F)_D/x131_CHAR(0x16)_131 = "V_CHAR(0x1C)__CHAR(0x0B)_"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- \?!O132132 = "_CHAR(0x1A)_&Jd132s132"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- q;LB133133 = "T4;_CHAR(0x0B)_133s133"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 6`_CHAR(0x1A)_a134_CHAR(0x1D)_134 = "W _CHAR(0x1D)_,134B134"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x12)_^c135_CHAR(0x12)_135 = "*_CHAR(0x04)_135h135"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x02)_$_CHAR(0x18)_136_CHAR(0x1C)_136 = "8UQ136G136"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- n = "-mP1137_CHAR(0x01)_137"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 4h#L138+138 = "NRBJ1382138"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x05)_u':139X139 = "q_CHAR(0x11)_O]139_CHAR(0x1F)_139"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Ed(\140,140 = "2I140&140"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- H141P141 = "5U)_CHAR(0x0F)_141o141"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- I{142_142 = "_CHAR(0x12)_eL_CHAR(0x11)_1422142"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- DN143143 = "8G143J143"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- LY{ 144c144 = "_CHAR(0x18)_144_CHAR(0x10)_144"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- R_CHAR(0x1B)_F+145145 = "=7F 145+145"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- z+um146'146 = "=g_CHAR(0x06)__146,146"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 6NU147_CHAR(0x17)_147 = "_CHAR(0x08)_h_CHAR(0x02)__CHAR(0x0E)_147_CHAR(0x07)_147"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x13)_4148:148 = "Mf148$148"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- {zk_CHAR(0x08)_149Z149 = "BP[149h149"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- o~y150_CHAR(0x15)_150 = "8_CHAR(0x1C)_150o150"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- $M3151*151 = "8K_CHAR(0x01)_"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- U_CHAR(0x16)_W152152 = "D!N,1521152"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ,n_CHAR(0x13)_153_CHAR(0x14)_153 = "[8t153153"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Z;154154 = "]a:=154E154"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x01)_T]155u155 = "@(155?155"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- fb_CHAR(0x1A)_t156_CHAR(0x1B)_156 = "4#_CHAR(0x1A)_K156156"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1A)_s157-157 = "Vp_CHAR(0x13)_157157"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x02)_r158_CHAR(0x18)_158 = "C_CHAR(0x1E)_YB158_CHAR(0x07)_158"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x06)__CHAR(0x0F)_8M159$159 = "ha/159159"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- {_CHAR(0x01)_vd160_CHAR(0x08)_160 = "j:_CHAR(0x11)_U1603160"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- +aK161_CHAR(0x18)_161 = "D_CHAR(0x1E)_#161^161"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x17)_]_162o162 = "{dcj162k162"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- w fc163d163 = "@_CHAR(0x1C)_v163{163"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- u164y164 = "[164_CHAR(0x0C)_164"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ?G=165g165 = "0V_CHAR(0x1F)_165_CHAR(0x06)_165"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- X_CHAR(0x13)_T166R166 = "-oF/166m166"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- !¦%_CHAR(0x14)_167Y167 = "8_CHAR(0x0C)__CHAR(0x05)_167167"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- O_CHAR(0x0F)_£E168q168 = "a65168F168"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 3j_CHAR(0x0F)_169*169 = "$_CHAR(0x08)__CHAR(0x05)_169o169"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- §)7170h170 = "_CHAR(0x0F)_ j170E170"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- &¦1171_CHAR(0x03)_171 = "g_CHAR(0x1C)_d171_CHAR(0x1D)_171"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x11)_¦_CHAR(0x1D)_8172_CHAR(0x1A)_172 = "_CHAR(0x0C)__CHAR(0x14)_1X172@172"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- x_CHAR(0x16)_1738173 = "h_CHAR(0x13)_173b173"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1E)__CHAR(0x17)_ªx174174 = "ª5174_CHAR(0x19)_174"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- SET.175]175 = "@]_CHAR(0x07)_¢175_CHAR(0x0F)_175"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ¨9176t176 = "¤_CHAR(0x19)__CHAR(0x0F)_:1763176"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- £F_CHAR(0x11)_177=177 = "{_CHAR(0x01)_o177 177"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x02)_[_CHAR(0x08)_178s178 = "l(-178 178"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ²_CHAR(0x05)_C1798179 = "VªII179_CHAR(0x11)_179"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- `r.180§180 = "hrX180\180"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- r_CHAR(0x04)__CHAR(0x12)_181181 = "B&181w181"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- $_CHAR(0x1D)_H182g182 = "¡0W182Q182"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- W±]_CHAR(0x08)_183_CHAR(0x08)_183 = "6¦1_CHAR(0x17)_183_CHAR(0x1A)_183"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ·f¶184§184 = "_CHAR(0x17)_=W³184_CHAR(0x1D)_184"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ~m_CHAR(0x15)_185¸185 = "^o²185S185"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ´_CHAR(0x0F)_G9186_CHAR(0x19)_186 = "8;¨186@186"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- {©bk187187 = "¶±_CHAR(0x1F)_187²187"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- KP_CHAR(0x1A)_l188V188 = "[oE188188"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- £mº]189§189 = ",§_CHAR(0x10)_¯189189"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- VL_CHAR(0x05)_p190C190 = "O_CHAR(0x1B)_«190190"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- r3_CHAR(0x1A)_«191E191 = "«!_CHAR(0x1D)_191191"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- whµ192°192 = "¾PI192¸192"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- q\1939193 = "¯¦:_CHAR(0x01)_193_CHAR(0x01)_193"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ª_CHAR(0x11)_ _CHAR(0x0C)_1943194 = "NX194_CHAR(0x10)_194"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x15)_Z_CHAR(0x19)_ª195195 = "y¾_CHAR(0x05)__CHAR(0x1E)_195®195"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ZKY!196X196 = "0oa196¦196"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Ia_¡197%197 = "`VGQ197@197"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 4!¥198]198 = "1_CHAR(0x1E)_W)198)198"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- »W_CHAR(0x14)_199_CHAR(0x1F)_199 = "N_CHAR(0x06)_¥199199"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1D)_A200,200 = " o-²200p200"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ÄgT201201 = "P_CHAR(0x01)_T201_CHAR(0x01)_201"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- c6E&202`202 = "#_CHAR(0x12)_202202"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 0®AH203*203 = "1~%Ã203[203"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- YG_CHAR(0x1E)_204K204 = "°g_CHAR(0x1B)_204q204"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x1C)_j_CHAR(0x10)_205205 = "¸205i205"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- S_CHAR(0x18)_Í206¥206 = "hN206_CHAR(0x0F)_206"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 7µ`207W207 = "_CHAR(0x12)_$1207_CHAR(0x1F)_207"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Bw³{208«208 = "Z208¾208"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- *®8209209 = "fÎ[209_CHAR(0x0F)_209"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- %_CHAR(0x08)_210Ç210 = "º¹6210210"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- gQ_CHAR(0x18)_¶211_CHAR(0x13)_211 = "'S2112211"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- __CHAR(0x1B)_` 212º212 = "_CHAR(0x18)_ _CHAR(0x1D)_212k212"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x18)_Î213u213 = "ZÍw213²213"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ©;¾Æ214 214 = "Ìhm214É214"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ÆÊ_CHAR(0x10)_I215[215 = "¥O&215 215"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- À¿_CHAR(0x14)_!216216 = "_CHAR(0x0F)_¨_CHAR(0x12)__CHAR(0x04)_216:216"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- #Ê 217217 = "I_CHAR(0x1C)_¡¼217x217"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x14)_O\i218Ô218 = "6`}d218218"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- º_CHAR(0x1E)_s)219_CHAR(0x03)_219 = "7\6W219219"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ac±2208220 = "Ç,¹220u220"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- (M221221 = "_CHAR(0x1F)_W_C221Ã221"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- :!222222 = "$gÉi222V222"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- °×_CHAR(0x08)_223223 = "Ø_CHAR(0x06)_Y223_CHAR(0x19)_223"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- !_CHAR(0x02)_}Ì224Ó224 = "_CHAR(0x1E)_!224Q224"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 6B¤v225225 = "vÔÝ225-225"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Å226f226 = "Ô]_CHAR(0x1B)_T226o226"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ºà9227;227 = "ÈV*_CHAR(0x05)_227m227"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ]Û228Å228 = "tÄo228_CHAR(0x0C)_228"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x11)_ä Ï229×229 = "Nßs229ä229"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Úh230V230 = "¨ueà230v230"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 0AÀ¾231231 = "_CHAR(0x12)_vÖâ231231"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 7]+Ô232µ232 = "´âÃ232232"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x02)_?¥233233 = "SaHq233Æ233"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ÑÂEi234E234 = "¯·àn234%234"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Nº¼F235©235 = "RO235¯235"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- á_CHAR(0x1B)_{/236236 = "£á²B2367236"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- L_CHAR(0x1E)__CHAR(0x19)_a237237 = "Å$5237ß237"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Ð0Ä_CHAR(0x10)_238g238 = "i_CHAR(0x07)_k238_CHAR(0x12)_238"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Þ7j¿239_CHAR(0x0E)_239 = "NRtÂ239f239"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 6#_CHAR(0x16)__CHAR(0x0F)_240g240 = "¤_CHAR(0x08)_À_CHAR(0x1C)_240+240"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ^ä(ª241241 = "Q£Üg241!241"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- CÏT¥242Ñ242 = "·_CHAR(0x1C)_½y242Â242"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ¤_CHAR(0x0E)__CHAR(0x14)_243Ë243 = "1z5^2439243"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ugH$244244 = "éÖ$2440244"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- +_CHAR(0x17)_òÐ245Ü245 = "ð"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 6_CHAR(0x01)_5Y246¸246 = "qÖÂ246¯246"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- 'xÀ248Î248 = "_CHAR(0x16)_ ]248k248"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- õ0_CHAR(0x16)_249K249 = "_CHAR(0x0E)_8_CHAR(0x18)_'249&249"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- _CHAR(0x04)__CHAR(0x17)_250k250 = "]5Ý250_CHAR(0x10)_250"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- v£¤251251 = "d¿¹_CHAR(0x1D)_251E251"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ØÕ_CHAR(0x07)__CHAR(0x13)_252È252 = "¯_CHAR(0x01)_ß2520252"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- â_CHAR(0x02)__CHAR(0x1E)_253[253 = "ã{r¹253Á253"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- ܲe 254P254 = "kï254_CHAR(0x1B)_254"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- æ _CHAR(0x0C)_ì255_CHAR(0x0E)_255 = "#¬_CHAR(0x19)_255255"
Step 4
Search and delete these files
- %Temp%\m.bat
- %Temp%\o.bat
- %User Startup%\SoundDivx.lnk
- %Temp%\l.bat
- %Temp%\a.bat
- %Temp%\j.bat
- \My picture.lnk
- %Start Menu%\Programs\My picture.lnk
Step 5
Search and delete these folders
- %System Root%\iran
- d:\iran
- e:\iran
- f:\iran
- g:\iran
- h:\iran
- i:\iran
- j:\iran
- k:\iran
- l:\iran
- m:\iran
- n:\iran
- o:\iran
- p:\iran
- q:\iran
- r:\iran
- s:\iran
- t:\iran
- u:\iran
- v:\iran
- w:\iran
- x:\iran
- y:\iran
- z:\iran
- %User Startup%
- %Favorites%\Internet Explorer
Step 6
Restart in normal mode and scan your computer with your Trend Micro product for files detected as TROJ_INAR.ERV. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.