Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '327' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28966' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31844' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3157' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6488' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8163' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6970' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20237' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22991' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21903' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14821' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13113' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21479' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18520' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27258' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5391' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13748' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30981' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19527' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5448' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13017' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8212' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11447' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5529' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16845' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6049' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19145' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21584' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15666' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16334' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4756' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28648' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16072' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25989' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30208' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5797' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12154' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20429' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23388' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16731' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4236' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18730' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8894' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22071' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19058' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17651' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5295' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13236' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20748' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30283' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11017' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29917' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8536' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16893' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '646' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3433' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27884' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14090' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22838' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2579' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2483' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18300' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5286' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4555' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7424' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30975' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30103' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20372' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19359' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22657' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7123' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2994' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8984' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3773' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11910' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26185' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23722' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28461' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14568' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16601' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4789' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29477' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32680' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '952' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9309' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17885' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25770' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22462' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29282' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24381' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3172' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27087' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11772' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18568' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12845' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7367' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20983' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2188' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25144' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26161' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14024' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25087' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6455' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15032' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8073' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30867' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13934' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13414' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25908' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '375' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20348' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10951' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21307' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2408' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3415' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9992' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1635' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '838' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6756' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9195' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25250' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30804' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17359' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14602' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20730' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11113' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31306' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8455' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12674' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21770' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27388' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12569' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5848' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1019' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5433' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7676' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32274' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20456' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4922' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2336' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22748' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20147' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3003' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14229' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27730' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30689' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19470' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11853' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24056' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7448' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24624' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9390' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20486' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9904' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19999' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9643' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30651' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '546' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17088' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26437' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13122' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30843' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5854' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31964' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16869' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2895' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1196' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24128' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15251' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4814' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10650' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25665' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3806' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16349' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9471' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '595' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14544' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32298' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20925' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21202' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14983' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29363' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18763' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8626' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29258' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16682' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27803' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17203' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19422' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4651' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18048' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22348' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28924' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7472' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22080' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1855' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27745' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18869' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31137' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12512' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26900' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10512' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19308' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6513' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29883' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28079' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17284' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20724' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16911' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20243' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31339' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17341' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8245' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30566' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6164' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3205' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16529' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16821' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14081' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9953' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20023' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22706' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1993' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19885' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27511' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21861' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2709' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20682' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30160' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20543' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25941' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3310' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28242' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13447' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '871' = '<Full path to virus>'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- 'C:\lsass.exe' /pid=3692
- 'C:\lsass.exe' /pid=3524
- 'C:\lsass.exe' /pid=4044
- 'C:\lsass.exe' /pid=3148
- 'C:\lsass.exe' /pid=3396
- 'C:\lsass.exe' /pid=2644
- 'C:\lsass.exe' /pid=3500
- 'C:\lsass.exe' exe <Full path to virus>
- 'C:\lsass.exe' /pid=1708
- 'C:\lsass.exe' /pid=3612
- 'C:\lsass.exe' /pid=3756
- C:\lsass.exe
- '77.##4.45.135':3128
- '87.##.147.94':3128
- '98.##9.64.223':3128
- '98.##9.64.214':3128
- '21#.#42.113.17':3128
- '19#.#17.202.60':3128
- '21#.#86.183.4':3128
- '89.##0.224.55':3128
- '94.##2.97.15':3128
- '80.##.150.162':3128
- '21#.#01.133.104':3128
- '18#.#67.31.182':3128
- '81.##.82.232':3128
- '20#.#02.75.6':3128
- '12#.#8.100.240':3128
- '21#.#78.232.187':3128
- '10#.#08.27.92':3128
- '81.##.126.172':3128
- '19#.#00.128.52':3128
- '18#.#1.21.231':3128
- '17#.#5.130.127':3128
- '11#.#00.101.127':3128
- '77.##5.55.87':3128
- '77.#55.56.8':3128
- '85.##4.49.205':3128
- '24.#.229.177':3128
- '85.##6.114.149':3128
- '62.##3.174.192':3128
- '94.##1.193.175':3128
- '83.##5.40.168':3128
- '80.##1.171.226':3128
- '83.#1.113.6':3128
- '21#.#01.133.103':3128
- '41.##3.57.76':3128
- '83.#6.48.46':3128
- '10#.#2.176.166':3128
- '21#.#33.230.39':3128
- '76.##5.78.223':3128
- '21#.#98.142.157':3128
- '11#.#84.195.232':3128
- '77.##5.249.198':3128
- '18#.#6.46.30':3128
- '98.##9.64.167':3128
- '97.##.186.102':3128
- '83.##.181.109':3128
- '13#.#32.68.126':3128
- '94.##2.106.51':3128
- '85.##9.108.87':3128
- '90.##0.235.81':3128
- '11#.#02.80.48':3128
- '80.##0.149.51':3128
- '85.##4.169.5':3128
- '22#.#31.127.13':3128
- '20#.#8.132.31':3128
- '11#.#96.2.21':3128
- '62.#.128.105':3128
- '83.##8.250.75':3128
- '21#.#19.195.218':3128
- '11#.#35.57.248':3128
- '91.##6.241.46':3128
- '19#.#50.251.37':3128
- '81.##3.67.193':3128
- '85.#0.9.113':3128
- '76.##8.190.6':3128
- '11#.#02.56.105':3128
- '81.##6.64.210':3128
- '97.#3.2.234':3128
- '87.##.147.106':3128
- '83.##6.96.86':3128
- '94.##2.98.234':3128
- '85.##1.62.36':3128
- '83.##8.217.24':3128
- '85.##.96.201':3128
- '19#.#49.180.202':3128
- '82.##1.137.149':3128
- '72.##0.97.203':3128
- '11#.#4.56.143':3128
- '11#.#99.117.217':3128
- '10#.#2.193.231':3128
- '20#.#37.228.52':3128
- '83.##5.129.65':3128
- '18#.#20.168.21':3128
- '99.##.207.116':3128
- '83.##5.21.180':3128
- '19#.#3.54.192':3128
- '19#.#24.170.28':3128
- '13#.#32.70.146':3128
- '80.##.136.119':3128
- '88.##.174.171':3128
- '87.##5.173.153':3128
- '18#.#5.17.157':3128
- '90.##0.232.145':3128
- '74.##.209.166':3128
- '62.##0.172.231':3128
- '62.##2.194.188':3128
- '83.##0.105.22':3128
- '83.##8.209.18':3128
- '94.##2.100.196':3128
- '94.##2.98.235':3128
- '60.##.179.17':3128
- '77.##5.40.51':3
- '21#.#8.240.243':6667
- 'localhost':2638
- 'localhost':6308
- '80.##1.50.193':3128
- '20#.#8.54.82':3128
- '41.##3.57.74':3128
- '20#.#33.56.96':3128
- '84.##2.83.165':3128
- '19#.#08.235.75':3128
- '21#.#7.80.254':3128
- '79.##7.110.172':3128
- '83.##5.134.134':3128
- '19#.#7.120.229':3128
- '84.##5.193.235':3128
- '85.##4.188.8':3128
- '20#.#72.230.241':3128
- '77.##5.57.152':3128
- '83.##8.194.24':3128
- '92.##.150.39':3128
- '41.##0.97.178':3128
- '11#.#4.56.147':3128
- '19#.#11.26.219':3128
- '82.##.161.16':3128
- '85.##5.95.162':3128
- '62.##7.207.67':3128
- '21#.#82.69.210':3128
- '14#.#52.155.73':3128
- '17#.#02.28.13':3128
- '83.##.111.31':3128
- '21#.#2.242.130':3128
- '68.##5.48.76':3128
- '89.##7.201.178':3128
- '83.##8.139.122':3128
- '89.##2.68.56':3128
- '84.##0.42.113':3128
- '81.##.166.173':3128
- '88.##6.79.53':3128
- '20#.#68.128.133':3128
- '20#.#62.71.184':3128
- '83.##8.219.130':3128
- '12#.#22.114.174':3128
- '12#.#22.176.148':3128
- '82.##.141.57':3128
- '21#.#6.112.137':3128
- '11#.#33.204.163':3128
- '83.##9.201.247':3128
- '85.##5.94.235':3128
- '17#.#44.22.189':3128
- '10#.#82.59.247':3128
- '21#.#08.216.5':3128
- '98.##0.141.78':3128
- '20#.#52.243.171':3128
- '20#.#15.73.121':3128
- '95.##.243.254':3128
- '67.##.252.140':3128
- '83.##5.105.186':3128
- '19#.152.7.2':3128
- '91.##4.52.125':3128
- '88.##3.179.180':3128
- '87.##5.149.141':3128
- '12#.#3.30.18':3128
- '12#.#20.83.66':3128
- '41.##6.12.78':3128
- '72.##4.185.240':3128
- '72.#28.4.46':3128
- '59.##1.27.183':3128
- '94.##2.98.236':3128
- '12#.#8.31.244':3128
- '19#.#51.53.33':3128
- '19#.#13.176.245':3128
- '86.##.170.92':3128
- '77.##5.242.126':3128
- '20#.#59.217.231':3128
- '85.##7.57.116':3128
- '94.##2.98.239':3128
- '20#.#4.142.201':3128
- '19#.#25.64.42':3128
- '21#.#28.216.119':3128
- '77.#55.47.0':3128
- '61.#0.64.59':3128
- '82.##2.103.247':3128
- '83.##8.254.181':3128
- '79.##9.99.236':3128
- '84.##5.88.22':3128
- '19#.#17.221.150':3128
- '16#.#32.245.79':3128
- '14#.#21.133.104':3128
- '12#.#5.234.238':3128
- '85.#24.51.4':3128
- '83.##3.182.140':3128
- '83.##2.175.155':3128
- '11#.#97.112.123':3128
- '12#.#.41.218':3128
- '83.##6.24.225':3128
- '20#.#09.60.66':3128
- '41.##8.152.27':3128
- '81.#3.69.85':3128
- '88.##7.38.114':3128
- '24.##.206.135':3128
- '41.##5.16.168':3128
- '10#.#3.140.245':3128
- '77.##5.242.249':3128
- '85.##5.92.14':3128
- '99.##8.240.251':3128
- '18#.#5.161.33':3128
- '92.##.151.95':3128
- '77.##3.105.221':3128
- '12#.#0.110.123':3128
- '85.##0.163.129':3128
- '20#.#5.57.214':3128
- '68.#.92.130':3128
- '83.##8.215.248':3128
- '59.##.204.96':3128
- '90.##0.239.233':3128
- '78.##.16.143':3128
- '84.##.157.83':3128
- '84.##2.179.18':3128
- '78.##.46.158':3128
- '12#.#22.138.224':3128
- '24.##7.157.146':3128
- '21#.#31.78.245':3128
- '59.##.245.122':3128
- '92.##2.164.52':3128
- '89.##5.184.123':3128
- '76.##9.47.171':3128
- '81.##.183.102':3128
- '12#.#3.179.150':3128
- '11#.#34.190.80':3128
- '21#.#4.81.66':3128
- '78.##.103.64':3128
- '22#.#10.236.128':3128
- '83.##5.106.169':3128
- '94.##2.97.11':3128
- '19#.#9.98.92':3128
- '19#.#30.146.202':3128
- '11#.#00.94.30':3128
- '10#.#3.84.121':3128
- '19#.#6.17.132':3128
- '87.##5.152.175':3128
- '19#.#79.10.210':3128
- '85.##5.93.219':3128
- '74.#15.5.41':3128
- '85.##4.50.43':3128
- '83.##5.91.184':3128
- '41.##3.57.72':3128
- '21#.#38.71.79':3128
- '98.##9.64.169':3128
- '20#.#4.79.91':3128
- '21#.#19.194.130':3128
- '98.##9.64.172':3128
- '12#.#20.32.130':3128
- '78.##.110.30':3128
- '87.##0.35.118':3128
- '24.#4.6.90':3128
- '95.##.109.111':3128
- '76.##7.241.22':3128
- '71.##.24.152':3128
- '12#.#22.134.68':3128
- '19#.#06.214.121':3128
- '93.##6.75.185':3128
- '83.##.50.209':3128
- '20#.#26.67.58':3128
- '85.##5.94.200':3128
- '20#.#64.211.106':3128
- '19#.#6.173.176':3128
- '93.##9.156.127':3128
- '20#.#3.48.179':3128
- '83.##8.222.1':3128
- '20#.#4.168.241':3128
- '19#.#49.50.68':3128
- '59.##.180.79':3128
- '20#.#33.56.81':3128
- '41.##5.16.40':3128
- '80.##0.205.51':3128
- '11#.#96.6.37':3128
- '92.##.143.179':3128
- '69.##6.75.104':3128
- '10#.#8.36.229':3128
- '98.##8.216.65':3128
- '21#.#42.108.176':3128
- '22#.#24.239.106':3128
- '18#.#8.112.37':3128
- '78.##.154.223':3128
- '71.##6.216.47':3128
- '84.##8.205.214':3128
- '10#.#3.70.133':3128
- '12#.#68.217.244':3128
- '71.##.71.232':3128
- '87.##5.154.33':3128
- '17#.#02.29.80':3128
- '95.##.103.111':3128
- '87.##5.37.160':3128
- '87.##5.157.183':3128
- '89.##.244.228':3128
- '85.##.185.143':3128
- '77.##5.40.51':3128
- '13#.#25.39.60':3128
- '20#.#5.228.22':3128
- '11#.#70.3.142':3128
- '83.##6.96.218':3128
- '85.##5.93.154':3128
- '88.##7.68.231':3128
- '20#.#64.57.110':3128
- ClassName: 'Indicator' WindowName: '(null)'