Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1517' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15429' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17495' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '803' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24266' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1033' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31334' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28911' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17808' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20036' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5767' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3984' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27514' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '632' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2371' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23508' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11194' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '90' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8785' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9684' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29238' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6065' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24735' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9142' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10506' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14164' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17754' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6793' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23025' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21301' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28194' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26361' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4511' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16484' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15131' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14760' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20519' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16440' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12991' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25961' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2572' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15718' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32731' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5552' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16157' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14359' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23382' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5342' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30523' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3403' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20201' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26194' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12414' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3406' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10333' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3065' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2044' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7247' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18242' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30963' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3577' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16552' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4394' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21554' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6118' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12034' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26238' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23279' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4208' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25189' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27323' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21793' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25599' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6543' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11716' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14159' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10397' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20885' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '838' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8272' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '945' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14813' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12591' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21516' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25209' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2513' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7809' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25350' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8747' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4975' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12771' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7647' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28784' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26830' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16528' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19146' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29365' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13631' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31974' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15517' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7388' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6167' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19508' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18526' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26382' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5855' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28032' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8136' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5699' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31681' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3388' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29385' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '779' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14335' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22175' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2347' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22117' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2709' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16186' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26836' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20891' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24525' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10261' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1893' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30470' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25565' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12528' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15732' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5357' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26122' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26523' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11243' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3232' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17984' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2235' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23861' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6427' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31354' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6539' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27876' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19025' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25825' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16929' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28589' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1307' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24540' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27861' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2265' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13925' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30998' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25795' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4985' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29043' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19777' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32433' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7691' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1634' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17867' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27930' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8346' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20475' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25165' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12322' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32678' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4697' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30538' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14618' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15532' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32336' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28887' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25819' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22356' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27735' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28100' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20026' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28639' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19650' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '379' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22756' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19664' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2645' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25536' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13578' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5425' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20690' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11853' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '579' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23900' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29020' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9260' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1976' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9914' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30367' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26220' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7848' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5269' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17710' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18765' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1864' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10456' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12523' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16855' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7320' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14686' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26039' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10090' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26908' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8351' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25169' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9220' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17031' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1082' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17901' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21535' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5586' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22405' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13724' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30513' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14564' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31383' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2249' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19068' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13695' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28804' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12855' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29673' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22732' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17358' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1409' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19458' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18325' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1165' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22947' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17573' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1624' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24055' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19381' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19552' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28559' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12610' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7237' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6128' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19640' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14266' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31085' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1951' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29346' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13397' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10632' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27451' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22077' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25712' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9762' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26581' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28774' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4799' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2547' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19366' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27287' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19087' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30284' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11570' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9318' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11228' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3417' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20235' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4286' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14923' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5658' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22477' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6528' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15079' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7910' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11032' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4989' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30924' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21883' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23347' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7397' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24216' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8478' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25296' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9347' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24769' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32052' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21305' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22702' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17329' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1380' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3974' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20792' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10677' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11071' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1350' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18169' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12796' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5854' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22673' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6724' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25111' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27021' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7950' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29614' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13665' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30484' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26664' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8682' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2996' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18076' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1384' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18560' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1399' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30533' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29849' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14955' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24817' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22468' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3397' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19034' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18389' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32399' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22194' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8140' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24275' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19742' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1199' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3622' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25775' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27509' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11598' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6636' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13455' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21602' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4892' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18232' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5234' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25086' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10881' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7188' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19532' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27597' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18135' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5923' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8370' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6210' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2903' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6357' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10265' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24290' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6133' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9552' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22209' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16523' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12668' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4008' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '388' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4954' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1257' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2254' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11960' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9010' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '232' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19058' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28593' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8170' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19400' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30518' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29477' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32443' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12532' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28403' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12454' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29273' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10715' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27534' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1008' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26185' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29917' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11076' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23899' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22380' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25643' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21994' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4603' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18218' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29292' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26492' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2693' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31163' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27196' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '500' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12160' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31148' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4848' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29448' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20269' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14017' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19541' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9885' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29321' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29047' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30984' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15424' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27284' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27553' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19459' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14256' = '<Full path to virus>'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- 'C:\lsass.exe' /pid=25308
- 'C:\lsass.exe' /pid=3624
- 'C:\lsass.exe' exe <Full path to virus>
- 'C:\lsass.exe' /pid=21852
- C:\lsass.exe
- '85.##.215.24':3128
- '89.##.140.72':3128
- '78.##.203.15':3128
- '78.##9.172.151':3128
- '88.##6.21.64':3128
- '78.##.51.194':3128
- '78.##.214.119':3128
- '89.##6.166.36':3128
- '84.##.176.211':3128
- '66.##0.96.64':3128
- '89.##5.102.133':3128
- '78.#3.71.68':3128
- '88.##1.165.236':3128
- '79.##5.135.107':3128
- '77.##9.15.42':3128
- '20#.#74.220.109':3128
- '89.##9.131.61':3128
- '88.##3.149.23':3128
- '95.##.234.90':3128
- '21#.#04.96.180':3128
- '77.#1.12.40':3128
- '94.##0.163.13':3128
- '85.##0.110.121':3128
- '21#.#34.6.228':3128
- '93.##3.183.141':3128
- '85.#7.2.95':3128
- '19#.#7.201.7':3128
- '93.##4.149.148':3128
- '82.##4.121.252':3128
- '86.##6.70.10':3128
- '89.##.84.247':3128
- '89.##7.66.162':3128
- '78.#8.23.20':3128
- '19#.#6.56.94':3128
- '85.##.196.109':3128
- '77.##.224.13':3128
- '86.##6.42.38':3128
- '82.##9.227.107':3128
- '24.##.42.198':3128
- '80.##.90.181':3128
- '89.##5.183.10':3128
- '86.##2.65.36':3128
- '90.##1.62.225':3128
- '88.##3.57.97':3128
- '21#.#10.10.154':3128
- '78.#0.40.95':3128
- '78.##.134.80':3128
- '20#.#7.207.94':3128
- '92.#3.25.11':3128
- '92.##5.57.228':3128
- '64.#6.51.27':3128
- '86.##7.8.127':3128
- '85.#7.2.164':3128
- '79.##9.88.158':3128
- '86.##5.197.46':3128
- '82.##4.121.182':3128
- '77.#8.37.43':3128
- '20#.#2.173.244':3128
- '94.##0.210.75':3128
- '79.#39.0.32':3128
- '87.##1.26.10':3128
- '86.##6.93.160':3128
- '89.##.200.80':3128
- '20#.82.33.1':3128
- '21#.#43.70.81':3128
- '21#.#6.140.181':3128
- '78.##.161.61':3128
- '87.##0.191.77':3128
- '19#.#99.71.211':3128
- '84.##7.21.73':3128
- '89.#7.80.47':3128
- '21#.#42.72.166':3128
- '95.##4.15.177':3128
- '88.##6.154.35':3128
- '94.##3.76.221':3128
- '89.##7.223.179':3128
- '81.##.237.207':3128
- '85.##3.229.132':3128
- '86.##6.70.157':3128
- '92.##5.117.9':3128
- '85.##.165.64':3128
- '95.##5.74.112':3128
- '95.##4.25.120':3128
- '82.##.71.245':3128
- '20#.#42.123.167':3128
- '60.##3.177.246':3128
- '78.#3.65.7':3128
- '79.##2.82.233':3128
- '92.##5.249.205':3128
- '86.#3.157.9':3128
- '89.##.204.162':3128
- '89.##.62.113':3128
- '61.##.142.64':3128
- '81.##.244.227':3128
- '89.##.231.221':3128
- '77.##.242.162':3128
- '83.##1.105.189':3128
- '88.##6.109.207':3128
- '88.##6.17.13':3128
- 'td.pt':80
- '90.##1.62.225':312
- '89.#4.%d':3128
- '11#########82.37027588.37027588.hthtth':0
- '24#########82.52756228.52756228.http':0
- '78.##9.181.129':3128
- '19#.#84.44.18':3128
- '81.##2.186.240':3128
- '86.##2.176.149':3128
- '22#.#3.79.36':3128
- '94.##0.137.33':3128
- '89.##1.9.132':3128
- '66.##8.18.139':3128
- '78.#4.94.57':3128
- '81.##.243.145':3128
- '89.##5.186.233':3128
- '82.##.244.191':3128
- '24.##.179.226':3128
- '89.##5.38.160':3128
- '85.##7.169.177':3128
- '88.##2.11.164':3128
- '81.##.229.60':3128
- '80.#40.9.22':3128
- '85.##9.136.178':3128
- '80.##.10.227':3128
- '82.##2.146.90':3128
- '87.#9.66.85':3128
- '19#.#7.71.101':3128
- '84.##0.49.72':3128
- '78.##.125.29':3128
- '83.##.199.159':3128
- '19#.#6.170.247':3128
- '21#.#13.242.249':3128
- '87.##1.88.225':3128
- '94.##2.80.61':3128
- '93.##3.47.104':3128
- '20#.#1.105.100':3128
- '20#.#08.124.27':3128
- '78.##.226.90':3128
- '72.##2.234.181':3128
- '88.##6.115.210':3128
- '94.##8.100.237':3128
- '85.##7.161.146':3128
- '86.##7.17.218':3128
- '81.##0.98.254':3128
- '95.##.248.19':3128
- '19#.#7.70.235':3128
- '85.##.54.190':3128
- '78.##.144.42':3128
- '95.##4.89.51':3128
- '78.##.13.101':3128
- '78.##.212.193':3128
- '21#.#7.152.251':3128
- '89.##.237.194':3128
- '91.##.69.223':3128
- '87.##8.31.228':3128
- '87.##.219.200':3128
- '68.##1.35.204':3128
- '82.##9.64.61':3128
- '62.##1.152.90':3128
- '19#.#08.74.169':3128
- '89.##.58.226':3128
- '85.##.154.175':3128
- '66.##9.154.228':3128
- '95.##.179.47':3128
- '89.##9.62.107':3128
- '24.##3.68.216':3128
- '82.##5.65.226':3128
- '82.#9.87.66':3128
- '78.##.115.72':3128
- '78.##.173.86':3128
- '89.#7.139.2':3128
- '89.##.56.142':3128
- '79.##8.128.156':3128
- '82.##.110.189':3128
- '70.##.209.65':3128
- '65.##.103.110':3128
- '89.#3.29.65':3128
- '20#.#10.218.121':3128
- '89.##3.228.187':3128
- '79.##9.48.211':3128
- '81.##0.210.162':3128
- '86.##7.230.165':3128
- '88.##6.52.149':3128
- '89.##5.212.210':3128
- '19#.#7.191.83':3128
- '89.##.96.203':3128
- '89.##1.88.61':3128
- '89.##5.69.248':3128
- '19#.#10.41.194':3128
- '86.##5.193.73':3128
- '85.#7.70.81':3128
- '95.##4.14.172':3128
- '19#.#7.185.109':3128
- '85.#5.20.84':3128
- '78.##.187.223':3128
- '24.##1.13.11':3128
- '94.##6.73.229':3128
- '95.##1.76.208':3128
- '88.##9.142.24':3128
- '93.##.209.115':3128
- '77.##1.107.150':3128
- '59.##.239.197':3128
- '92.##5.184.157':3128
- '86.##1.168.70':3128
- '89.##8.27.76':3128
- '89.##.170.114':3128
- '94.##1.36.144':3128
- '89.##.151.49':3128
- '80.##0.29.111':3128
- '20#.#4.195.242':3128
- '84.##.152.85':3128
- '20#.#60.198.123':3128
- '84.##8.198.129':3128
- '19#.#3.91.155':3128
- '89.##6.52.69':3128
- '77.#48.49.9':3128
- '89.##.246.40':3128
- '19#.#6.240.229':3128
- '77.##9.25.140':3128
- '93.##4.48.144':3128
- '94.##2.2.176':3128
- '86.##6.214.14':3128
- '66.##.113.90':3128
- '20#.#41.194.137':3128
- '93.##7.179.67':3128
- '92.##4.122.161':3128
- '19#.#5.238.98':3128
- '93.##5.62.162':3128
- '84.##.72.249':3128
- '67.##0.38.123':3128
- '94.##4.251.102':3128
- '91.##7.214.91':3128
- '85.##6.24.122':3128
- '21#.#67.4.208':3128
- '89.##.246.232':3128
- '86.##0.188.39':3128
- '89.#8.18.52':3128
- '85.##.35.246':3128
- '99.##6.134.64':3128
- '19#.#13.131.137':3128
- '89.##2.103.153':3128
- '88.##4.158.30':3128
- '85.##8.61.184':3128
- '86.##.136.211':3128
- '78.##9.158.45':3128
- '78.##.161.92':3128
- '87.##1.122.102':3128
- '19#.#9.97.28':3128
- '21#.#47.44.177':3128
- '21#.#0.222.59':3128
- '93.##3.87.174':3128
- '89.##3.129.12':3128
- '95.#5.191.8':3128
- '19#.#8.222.77':3128
- '77.##.63.169':3128
- '89.##.73.148':3128
- '95.#5.143.5':3128
- '88.##4.19.39':3128
- '89.##0.71.27':3128
- '89.##.249.95':3128
- '77.##2.81.175':3128
- '20#.#32.79.74':3128
- '77.##.10.109':3128
- '19#.#5.178.57':3128
- '83.##5.175.196':3128
- '82.##1.195.46':3128
- '95.##4.57.160':3128
- '20#.#31.186.98':3128
- '89.##8.244.109':3128
- '20#.#.14.144':3128
- '84.##1.228.19':3128
- '85.#5.5.224':3128
- '21#.#5.124.34':3128
- '94.##0.27.69':3128
- '19#.#6.201.92':3128
- '93.##4.127.147':3128
- '93.##5.121.169':3128
- '78.##.94.112':3128
- '86.##7.244.21':3128
- '89.##.92.121':3128
- '82.##6.228.62':3128
- '89.##5.80.149':3128
- '62.##9.108.253':3128
- '86.##2.65.81':3128
- '85.##.248.60':3128
- '87.##6.133.225':3128
- '79.#0.98.34':3128
- '90.##9.156.86':3128
- '78.##.183.96':3128
- '84.##.157.33':3128
- '21#.#1.224.139':3128
- '41.##7.136.116':3128
- '65.##.113.221':3128
- '20#.#48.53.132':3128
- '89.##.210.166':3128
- '77.##.194.210':3128
- '94.#6.61.16':3128
- '82.##3.148.199':3128
- '82.##4.193.130':3128
- '87.##0.81.241':3128
- '95.##4.44.71':3128
- '89.##.96.111':3128
- '91.##.240.214':3128
- '77.##0.128.227':3128
- '81.##.251.229':3128
- DNS ASK 24#########82.52756228.52756228.http
- DNS ASK 89.#4.%d
- DNS ASK 11#########82.37027588.37027588.hthtth
- DNS ASK 77.ttp
- DNS ASK td.pt
- ClassName: 'Indicator' WindowName: '(null)'