Program.Monitor.2887

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '8552' = '"sam.mon"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8842' = 'sam.mon'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"siemens.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '355' = 'sam.mon'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '377' = '"hell.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9800' = 'hell.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"sam.mon"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '4941' = 'hell.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9085' = 'siemens.exe'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"mysql.db"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '9953' = 'nokia.jpg'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '5002' = '"mysql.db"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4308' = 'mysql.db'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '5420' = '"nokia.jpg"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '9950' = 'siemens.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '8976' = '"siemens.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5139' = 'nokia.jpg'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"nokia.jpg"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"hell.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"boss.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '6159' = 'hacker.US'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '2252' = '"boss.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3545' = 'boss.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '9260' = '"hacker.US"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '6825' = 'system.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '1518' = '"system.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '484' = 'hacker.US'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"hacker.US"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5547' = 'intranet.net'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"intranet.net"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '3784' = 'intranet.net'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '9244' = '"intranet.net"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '9384' = 'internet.com'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"internet.com"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '2214' = 'boss.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '1020' = '"internet.com"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9733' = 'internet.com'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"test.com"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '8223' = 'pwd.me'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '4700' = '"test.com"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8006' = 'test.com'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '4376' = '"pwd.me"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '7450' = 'qw.cle'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '1858' = '"qw.cle"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1656' = 'pwd.me'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"pwd.me"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8865' = 'web.net'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"web.net"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '2807' = 'web.net'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '7440' = '"web.net"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '9331' = 'user.rar'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"user.rar"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '9616' = 'test.com'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '3248' = '"user.rar"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6831' = 'user.rar'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3654' = 'qw.cle'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5135' = 'sexy.bobs'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"sexy.bobs"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '18' = 'sexy.bobs'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '2104' = '"sexy.bobs"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '5546' = 'oracle.mgk'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"oracle.mgk"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '8218' = 'mysql.db'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '2892' = '"oracle.mgk"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '763' = 'oracle.mgk'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"sex.bit"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '3944' = '"qwe.dbg"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6935' = 'qwe.dbg'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"qw.cle"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '4998' = 'qwe.dbg'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '6044' = '"sex.bit"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7847' = 'sex.bit'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"qwe.dbg"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '3878' = 'sex.bit'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"911.rtl"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '752' = 'abcde.db'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '4755' = '"911.rtl"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8948' = '911.rtl'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"abcde.db"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '9731' = 'testing.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db" "testing.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '8414' = '"abcde.db"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8732' = 'abcde.db'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '2921' = '911.rtl'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '8584' = '"777.666"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8322' = '777.666'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"apple.me"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '4057' = '777.666'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"777.666"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7065' = '111.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"111.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '6854' = '111.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '9464' = '"111.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '9690' = '"testing.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '4943' = '"pc.cold"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7420' = 'pc.cold'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db" "testing.exe" "start.end" "www.com" "pc.cold"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"www.com"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '5757' = 'pc.cold'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db" "testing.exe" "start.end" "www.com" "pc.cold"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"pc.cold"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '630' = 'windows.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db" "testing.exe" "start.end" "www.com" "pc.cold" "windows.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"windows.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '976' = 'windows.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db" "testing.exe" "start.end" "www.com" "pc.cold" "windows.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '25' = '"windows.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db" "testing.exe" "start.end" "www.com"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '7613' = 'start.end'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db" "testing.exe" "start.end"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '2352' = '"start.end"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1707' = 'testing.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db" "testing.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"testing.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9254' = 'start.end'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db" "testing.exe" "start.end" "www.com"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '5735' = '"www.com"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3454' = 'www.com'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me" "777.666" "111.exe" "911.rtl" "abcde.db" "testing.exe" "start.end"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"start.end"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '8350' = 'www.com'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '470' = '"2004.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1523' = '2004.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"2005.zip"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '4793' = '2004.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"2004.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9955' = '2000.txt'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"2000.txt"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '2927' = '2000.txt'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '8206' = '"2000.txt"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '8166' = '2006.rar'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '6692' = '"2006.rar"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2679' = 'system.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"system.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5463' = '2006.rar'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '7178' = '"2005.zip"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9400' = '2005.zip'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"2006.rar"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '5417' = '2005.zip'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '1506' = 'aaa.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '5206' = 'apollo13.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '1614' = '"apollo13.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8055' = '123abc.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"123abc.dll"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2488' = 'apollo13.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe" "apple.me"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '1165' = '"apple.me"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7745' = 'apple.me'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll" "apollo13.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"apollo13.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '6848' = 'apple.me'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '6811' = '"123abc.dll"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"aaa.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '5089' = 'abcd.txt'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '1259' = '"aaa.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8691' = 'aaa.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"abcd.txt"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '2561' = '123abc.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt" "123abc.dll"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '669' = '"abcd.txt"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1691' = 'abcd.txt'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe" "web.net" "user.rar" "test.com" "pwd.me" "qw.cle" "qwe.dbg" "sex.bit" "sexy.bobs" "oracle.mgk" "mysql.db" "nokia.jpg" "siemens.exe" "sam.mon" "hell.exe" "intranet.net" "internet.com" "boss.exe" "hacker.US" "system.exe" "2006.rar" "2005.zip" "2004.exe" "2000.txt" "aaa.exe" "abcd.txt"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '9501' = '"1234567890.ini"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4487' = '1234567890.ini'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"123456789.jpg"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '5065' = '1234567890.ini'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '9185' = '"access.dll"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4200' = 'access.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"1234567890.ini"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '4589' = 'access.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2743' = '123456789.jpg'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"1234567.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '5695' = '12345678.rar'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '1646' = '"1234567.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7861' = '1234567.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '6671' = '"12345678.rar"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '4159' = '123456789.jpg'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '3581' = '"123456789.jpg"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8335' = '12345678.rar'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"12345678.rar"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"access.dll"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"billy.doi"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '6705' = 'ibm.max'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '6451' = '"billy.doi"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1457' = 'billy.doi'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '974' = '"ibm.max"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '3361' = 'internet.html'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '2769' = '"internet.html"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '862' = 'ibm.max'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"ibm.max"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2567' = 'command.hex'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"command.hex"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '4630' = 'command.hex'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '3700' = '"command.hex"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '2286' = 'bob.fu'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"bob.fu"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '8908' = 'billy.doi'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '9674' = '"bob.fu"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5941' = 'bob.fu'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"qwerty.bat"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '6053' = 'awerty.scr'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '6613' = '"qwerty.bat"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8875' = 'qwerty.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '1035' = '"awerty.scr"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '6283' = '007.vb'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '5004' = '"007.vb"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6562' = 'awerty.scr'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"awerty.scr"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Messangerr' = '%WINDIR%\Micro.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"%WINDIR%\Micro.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'PoliceS' = '%WINDIR%\Micro.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'FlexTo' = '"%WINDIR%\Micro.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '5292' = 'Fake.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"Fake.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '8166' = 'qwerty.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '6102' = '"Fake.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5740' = 'Fake.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9446' = '007.vb'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2479' = '12345.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"12345.dll"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '3967' = '12345.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '2367' = '"12345.dll"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '8976' = '123456.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"123456.dll"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '3860' = '1234567.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '6025' = '"123456.dll"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '876' = '123456.dll'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"1234.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '6046' = '"123.xx"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1711' = '123.xx'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"007.vb"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '399' = '123.xx'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '2186' = '"1234.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3518' = '1234.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"123.xx"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '3502' = '1234.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"win2000.123"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '9120' = 'win2k.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '7113' = '"win2000.123"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4884' = 'win2000.123'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"win2k.dll"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '4788' = 'win98.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '2141' = '"win2k.dll"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6456' = 'win2k.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '872' = 'win2000.123'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '396' = '"pass.rip"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4785' = 'pass.rip'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"linux.zip"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '980' = 'pass.rip'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"pass.rip"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5410' = 'pass1234.sys'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"pass1234.sys"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '4999' = 'pass1234.sys'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '7159' = '"pass1234.sys"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '8156' = '"win98.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '8187' = '"winpass.dll"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6014' = 'winpass.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"winnt.u"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '9873' = 'winpass.dll'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"winpass.dll"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2706' = 'root.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"root.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '4818' = 'root.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u" "winpass.dll" "root.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '7823' = '"root.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '8564' = 'win95.shh'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '2653' = '"win95.shh"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '749' = 'win98.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"win98.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2875' = 'win95.shh'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh" "winnt.u"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '9833' = '"winnt.u"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7492' = 'winnt.u'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip" "pass.rip" "pass1234.sys" "win2000.123" "win2k.dll" "win98.exe" "win95.shh"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"win95.shh"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '3448' = 'winnt.u'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '9716' = '"data.db"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9982' = 'data.db'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"bitch.sex"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '6404' = 'data.db'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"data.db"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4831' = 'database.rar'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"database.rar"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '4992' = 'database.rar'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '3621' = '"database.rar"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '7645' = 'winxp.rar'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '3859' = '"winxp.rar"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4797' = 'internet.html'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"internet.html"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1727' = 'winxp.rar'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '945' = '"bitch.sex"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8244' = 'bitch.sex'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"winxp.rar"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '1477' = 'bitch.sex'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '54' = 'home.wtn'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '9553' = 'loginpass.h'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '617' = '"loginpass.h"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7577' = 'login.pas'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"login.pas"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5570' = 'loginpass.h'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h" "linux.zip"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '6660' = '"linux.zip"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6234' = 'linux.zip'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas" "loginpass.h"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"loginpass.h"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '6720' = 'linux.zip'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '2901' = '"login.pas"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"home.wtn"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '7227' = 'server.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '1933' = '"home.wtn"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2689' = 'home.wtn'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe"'
[<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4fz8rk-15aq-16nc-23or4-2ke0fa051515}] 'StubPath' = '"server.exe"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '8841' = 'login.pas'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe" "login.pas"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '4489' = '"server.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8470' = 'server.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe, "%WINDIR%\Micro.exe" "Fake.exe" "qwerty.bat" "awerty.scr" "007.vb" "123.xx" "1234.exe" "12345.dll" "123456.dll" "1234567.exe" "12345678.rar" "123456789.jpg" "1234567890.ini" "access.dll" "command.hex" "bob.fu" "billy.doi" "ibm.max" "internet.html" "winxp.rar" "bitch.sex" "data.db" "database.rar" "home.wtn" "server.exe"'

Modifies file system :

Creates the following files:

%WINDIR%\login.pas
%WINDIR%\server.exe
%WINDIR%\linux.zip
%WINDIR%\loginpass.h
%WINDIR%\home.wtn
%WINDIR%\bitch.sex
%WINDIR%\winxp.rar
%WINDIR%\database.rar
%WINDIR%\data.db
%WINDIR%\winnt.u
%WINDIR%\win95.shh
%WINDIR%\root.exe
%WINDIR%\winpass.dll
%WINDIR%\win98.exe
%WINDIR%\pass1234.sys
%WINDIR%\pass.rip
%WINDIR%\win2k.dll
%WINDIR%\win2000.123
%WINDIR%\internet.html
%WINDIR%\1234.exe
%WINDIR%\123.xx
%WINDIR%\123456.dll
%WINDIR%\12345.dll
%WINDIR%\007.vb
%WINDIR%\Fake.exe
<Current directory>\windows.exe
%WINDIR%\awerty.scr
%WINDIR%\qwerty.bat
%WINDIR%\bob.fu
%WINDIR%\command.hex
%WINDIR%\ibm.max
%WINDIR%\billy.doi
%WINDIR%\access.dll
%WINDIR%\12345678.rar
%WINDIR%\1234567.exe
%WINDIR%\1234567890.ini
%WINDIR%\123456789.jpg
%WINDIR%\123abc.dll
%WINDIR%\abcd.txt
%WINDIR%\apple.me
%WINDIR%\apollo13.exe
%WINDIR%\aaa.exe
%WINDIR%\2005.zip
%WINDIR%\2006.rar
%WINDIR%\2000.txt
%WINDIR%\2004.exe
%WINDIR%\www.com
%WINDIR%\start.end
%WINDIR%\windows.exe
%WINDIR%\pc.cold
%WINDIR%\testing.exe
%WINDIR%\111.exe
%WINDIR%\777.666
%WINDIR%\abcde.db
%WINDIR%\911.rtl
%WINDIR%\system.exe
%WINDIR%\sex.bit
%WINDIR%\qwe.dbg
%WINDIR%\oracle.mgk
%WINDIR%\sexy.bobs
%WINDIR%\qw.cle
%WINDIR%\user.rar
%WINDIR%\web.net
%WINDIR%\pwd.me
%WINDIR%\test.com
%WINDIR%\internet.com
%WINDIR%\intranet.net
%WINDIR%\hacker.US
%WINDIR%\boss.exe
%WINDIR%\hell.exe
%WINDIR%\nokia.jpg
%WINDIR%\mysql.db
%WINDIR%\sam.mon
%WINDIR%\siemens.exe
<Current directory>\server.exe
<Current directory>\home.wtn
<Current directory>\loginpass.h
<Current directory>\login.pas
<Current directory>\database.rar
<Current directory>\winxp.rar
<Current directory>\internet.html
<Current directory>\data.db
<Current directory>\bitch.sex
<Current directory>\win95.shh
<Current directory>\win98.exe
<Current directory>\winpass.dll
<Current directory>\winnt.u
<Current directory>\win2k.dll
<Current directory>\pass.rip
<Current directory>\linux.zip
<Current directory>\win2000.123
<Current directory>\pass1234.sys
<Current directory>\ibm.max
<Current directory>\123.xx
<Current directory>\007.vb
<Current directory>\12345.dll
<Current directory>\1234.exe
<Current directory>\awerty.scr
%WINDIR%\Micro.exe
%WINDIR%\ntdII.dll
<Current directory>\qwerty.bat
<Current directory>\Fake.exe
<Current directory>\command.hex
<Current directory>\access.dll
<Current directory>\billy.doi
<Current directory>\bob.fu
<Current directory>\1234567890.ini
<Current directory>\1234567.exe
<Current directory>\123456.dll
<Current directory>\123456789.jpg
<Current directory>\12345678.rar
<Current directory>\abcd.txt
<Current directory>\aaa.exe
<Current directory>\apollo13.exe
<Current directory>\123abc.dll
<Current directory>\2000.txt
<Current directory>\2006.rar
<Current directory>\system.exe
<Current directory>\2004.exe
<Current directory>\2005.zip
<Current directory>\start.end
<Current directory>\testing.exe
<Current directory>\pc.cold
<Current directory>\www.com
<Current directory>\abcde.db
<Current directory>\777.666
<Current directory>\apple.me
<Current directory>\911.rtl
<Current directory>\111.exe
<Current directory>\hacker.US
<Current directory>\qwe.dbg
<Current directory>\qw.cle
<Current directory>\sexy.bobs
<Current directory>\sex.bit
<Current directory>\pwd.me
<Current directory>\web.net
<Current directory>\root.exe
<Current directory>\test.com
<Current directory>\user.rar
<Current directory>\intranet.net
<Current directory>\hell.exe
<Current directory>\boss.exe
<Current directory>\internet.com
<Current directory>\sam.mon
<Current directory>\mysql.db
<Current directory>\oracle.mgk
<Current directory>\siemens.exe
<Current directory>\nokia.jpg

Sets the 'hidden' attribute to the following files:

%WINDIR%\login.pas
%WINDIR%\server.exe
%WINDIR%\linux.zip
%WINDIR%\loginpass.h
%WINDIR%\home.wtn
%WINDIR%\bitch.sex
%WINDIR%\winxp.rar
%WINDIR%\database.rar
%WINDIR%\data.db
%WINDIR%\winnt.u
%WINDIR%\win95.shh
%WINDIR%\root.exe
%WINDIR%\winpass.dll
%WINDIR%\win98.exe
%WINDIR%\pass1234.sys
%WINDIR%\pass.rip
%WINDIR%\win2k.dll
%WINDIR%\win2000.123
%WINDIR%\12345.dll
%WINDIR%\1234.exe
%WINDIR%\1234567.exe
%WINDIR%\123456.dll
%WINDIR%\123.xx
%WINDIR%\qwerty.bat
%WINDIR%\Fake.exe
%WINDIR%\007.vb
%WINDIR%\awerty.scr
%WINDIR%\billy.doi
%WINDIR%\bob.fu
%WINDIR%\internet.html
%WINDIR%\ibm.max
%WINDIR%\command.hex
%WINDIR%\123456789.jpg
%WINDIR%\12345678.rar
%WINDIR%\access.dll
%WINDIR%\1234567890.ini
%WINDIR%\web.net
%WINDIR%\123abc.dll
%WINDIR%\abcd.txt
%WINDIR%\apple.me
%WINDIR%\apollo13.exe
%WINDIR%\aaa.exe
%WINDIR%\2005.zip
%WINDIR%\2006.rar
%WINDIR%\2000.txt
%WINDIR%\2004.exe
%WINDIR%\www.com
%WINDIR%\start.end
%WINDIR%\windows.exe
%WINDIR%\pc.cold
%WINDIR%\testing.exe
%WINDIR%\111.exe
%WINDIR%\777.666
%WINDIR%\abcde.db
%WINDIR%\911.rtl
%WINDIR%\sexy.bobs
%WINDIR%\sex.bit
%WINDIR%\mysql.db
%WINDIR%\oracle.mgk
%WINDIR%\qwe.dbg
%WINDIR%\test.com
%WINDIR%\user.rar
%WINDIR%\qw.cle
%WINDIR%\pwd.me
%WINDIR%\boss.exe
%WINDIR%\internet.com
%WINDIR%\system.exe
%WINDIR%\hacker.US
%WINDIR%\intranet.net
%WINDIR%\siemens.exe
%WINDIR%\nokia.jpg
%WINDIR%\hell.exe
%WINDIR%\sam.mon
<Current directory>\login.pas
<Current directory>\server.exe
<Current directory>\linux.zip
<Current directory>\loginpass.h
<Current directory>\home.wtn
<Current directory>\bitch.sex
<Current directory>\winxp.rar
<Current directory>\database.rar
<Current directory>\data.db
<Current directory>\winnt.u
<Current directory>\win95.shh
<Current directory>\root.exe
<Current directory>\winpass.dll
<Current directory>\win98.exe
<Current directory>\pass1234.sys
<Current directory>\pass.rip
<Current directory>\win2k.dll
<Current directory>\win2000.123
<Current directory>\12345.dll
<Current directory>\1234.exe
<Current directory>\1234567.exe
<Current directory>\123456.dll
<Current directory>\123.xx
<Current directory>\qwerty.bat
<Current directory>\Fake.exe
<Current directory>\007.vb
<Current directory>\awerty.scr
<Current directory>\billy.doi
<Current directory>\bob.fu
<Current directory>\internet.html
<Current directory>\ibm.max
<Current directory>\command.hex
<Current directory>\123456789.jpg
<Current directory>\12345678.rar
<Current directory>\access.dll
<Current directory>\1234567890.ini
<Current directory>\web.net
<Current directory>\123abc.dll
<Current directory>\abcd.txt
<Current directory>\apple.me
<Current directory>\apollo13.exe
<Current directory>\aaa.exe
<Current directory>\2005.zip
<Current directory>\2006.rar
<Current directory>\2000.txt
<Current directory>\2004.exe
<Current directory>\www.com
<Current directory>\start.end
<Current directory>\windows.exe
<Current directory>\pc.cold
<Current directory>\testing.exe
<Current directory>\111.exe
<Current directory>\777.666
<Current directory>\abcde.db
<Current directory>\911.rtl
<Current directory>\sexy.bobs
<Current directory>\sex.bit
<Current directory>\mysql.db
<Current directory>\oracle.mgk
<Current directory>\qwe.dbg
<Current directory>\test.com
<Current directory>\user.rar
<Current directory>\qw.cle
<Current directory>\pwd.me
<Current directory>\boss.exe
<Current directory>\internet.com
<Current directory>\system.exe
<Current directory>\hacker.US
<Current directory>\intranet.net
<Current directory>\siemens.exe
<Current directory>\nokia.jpg
<Current directory>\hell.exe
<Current directory>\sam.mon

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations

Free trial