ALIASES:

Trojan:Win32/Comitsproc (Microsoft); Trojan.Gen (Symantec); Trojan.Win32.Inar.cb (Kaspersky); ERROR (Sunbelt); Trojan.Generic.7091530 (FSecure)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size: 621,575 bytes
File Type: EXE
Memory Resident: Yes
Initial Samples Received Date: 22 Mar 2012

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Trojan drops the following copies of itself into the affected system:

  • %Temp%\one.ocx

(Note: %Temp% is the Windows Temporary folder, which is usually C:\Windows\Temp or C:\WINNT\Temp.)

It creates the following folders:

  • %System Root%\iran
  • d:\iran
  • e:\iran
  • f:\iran
  • g:\iran
  • h:\iran
  • i:\iran
  • j:\iran
  • k:\iran
  • l:\iran
  • m:\iran
  • n:\iran
  • o:\iran
  • p:\iran
  • q:\iran
  • r:\iran
  • s:\iran
  • t:\iran
  • u:\iran
  • v:\iran
  • w:\iran
  • x:\iran
  • y:\iran
  • z:\iran
  • %User Startup% 
  • %Favorites%\Internet Explorer

(Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.. %User Startup% is the current user's Startup folder, which is usually C:\Windows\Profiles\{user name}\Start Menu\Programs\Startup on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu\Programs\Startup on Windows NT, and C:\Documents and Settings\{User name}\Start Menu\Programs\Startup.. %Favorites% is the current user's Favorites folder, which is usually C:\Windows\Favorites on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Favorites on Windows NT, and C:\Documents and Settings\{user name}\Favorites on Windows 2000, XP, and Server 2003.)

Autostart Technique

This Trojan adds the following registry entries to enable its automatic execution at every system startup:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%Favorites%\ Internet Explorer\Web.scr = "%Favorites%\ Internet Explorer\Web.pif"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)__CHAR(0x01)__CHAR(0x03)__CHAR(0x02)_5_CHAR(0x04)_5 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x06)__CHAR(0x05)__CHAR(0x05)_7_CHAR(0x01)_7 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)__CHAR(0x01)__CHAR(0x02)__CHAR(0x01)_9_CHAR(0x05)_9 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)__CHAR(0x02)__CHAR(0x06)__CHAR(0x03)_12_CHAR(0x04)_12 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0B)__CHAR(0x04)__CHAR(0x06)__CHAR(0x03)_1313 = "_CHAR(0x07)__CHAR(0x05)_13_CHAR(0x07)_13"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)__CHAR(0x0C)_1515 = "_CHAR(0x04)__CHAR(0x0B)__CHAR(0x07)_1515"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0B)__CHAR(0x01)__CHAR(0x0B)_17 = "_CHAR(0x05)__CHAR(0x0F)__CHAR(0x05)_17_CHAR(0x07)_17"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x10)__CHAR(0x06)__CHAR(0x06)__CHAR(0x08)_18_CHAR(0x01)_18 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)__CHAR(0x10)__CHAR(0x07)__CHAR(0x03)_19_CHAR(0x0F)_19 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)__CHAR(0x08)__CHAR(0x04)__CHAR(0x03)_2020 = "_CHAR(0x13)__CHAR(0x0C)_20_CHAR(0x01)_20"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)__CHAR(0x08)_23_CHAR(0x14)_23 = "_CHAR(0x05)__CHAR(0x10)__CHAR(0x0C)_23_CHAR(0x14)_23"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)__CHAR(0x08)__CHAR(0x0E)__CHAR(0x12)_2424 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x08)__CHAR(0x02)__CHAR(0x13)_2828 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0F)__CHAR(0x16)__CHAR(0x11)__CHAR(0x06)_30_CHAR(0x19)_30 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)__CHAR(0x18)__CHAR(0x10)__CHAR(0x0C)_31_CHAR(0x01)_31 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)__CHAR(0x1E)__CHAR(0x03)__CHAR(0x06)_32_CHAR(0x18)_32 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1E)__CHAR(0x10)__CHAR(0x15)_ 33_CHAR(0x19)_33 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)__CHAR(0x18)_35_CHAR(0x0E)_35 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)_# = "_CHAR(0x0C)__CHAR(0x12)__CHAR(0x17)__CHAR(0x1D)_36_CHAR(0x16)_36"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
#_CHAR(0x12)__CHAR(0x11)_$37_CHAR(0x08)_37 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x17)__CHAR(0x1E)__CHAR(0x11)__CHAR(0x06)_38_CHAR(0x18)_38 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x12)__CHAR(0x06)_ #41_CHAR(0x03)_41 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)__CHAR(0x1D)_ 42_CHAR(0x01)_42 = "_CHAR(0x19)__CHAR(0x0C)__CHAR(0x02)__CHAR(0x13)_4242"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)__CHAR(0x1C)_$_CHAR(0x0E)_4343 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
#_CHAR(0x0B)__CHAR(0x01)__CHAR(0x0F)_44&44 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1D)__CHAR(0x13)__CHAR(0x1C)_45$45 = "_CHAR(0x14)__CHAR(0x18)__CHAR(0x1B)_4545"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x12)_!_CHAR(0x1E)__CHAR(0x08)_46,46 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
)_CHAR(0x1F)__CHAR(0x13)__CHAR(0x1B)_47_CHAR(0x06)_47 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
'_CHAR(0x17)__CHAR(0x06)__CHAR(0x16)_48_CHAR(0x06)_48 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)_$_CHAR(0x10)_49_CHAR(0x0C)_49 = "_CHAR(0x01)_,!_CHAR(0x03)_49 49"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
&_CHAR(0x13)_.51_CHAR(0x1A)_51 = ",%_CHAR(0x0F)__CHAR(0x1E)_51_CHAR(0x05)_51"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)__CHAR(0x12)__CHAR(0x15)__CHAR(0x1D)_52/52 = "#&3_CHAR(0x12)_52_CHAR(0x04)_52"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)__CHAR(0x0E)_0_CHAR(0x0C)_53_CHAR(0x14)_53 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x16)_4_CHAR(0x1B)_54_CHAR(0x1F)_54 = "_CHAR(0x14)__CHAR(0x14)_*154$54"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)__CHAR(0x1C)_3_CHAR(0x0C)_55_CHAR(0x01)_55 = "5_CHAR(0x1B)_5_CHAR(0x0B)_55-55"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)__CHAR(0x18)__CHAR(0x03)_756_CHAR(0x15)_56 = "'0-_CHAR(0x16)_56$56"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0F)_1_CHAR(0x14)_57_CHAR(0x17)_57 = "_CHAR(0x04)_7"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)_$_CHAR(0x0F)_.58_CHAR(0x06)_58 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
7_CHAR(0x13)_8_CHAR(0x10)_59.59 = "2_CHAR(0x18)__CHAR(0x1D)__CHAR(0x10)_59*59"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x14)__CHAR(0x19)__CHAR(0x19)_:60_CHAR(0x15)_60 = "#*_CHAR(0x1C)_60_CHAR(0x13)_60"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)__CHAR(0x1D)__CHAR(0x15)__CHAR(0x1C)_61_CHAR(0x03)_61 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
2$_CHAR(0x19)__CHAR(0x12)_62462 = "#_CHAR(0x11)_'662_CHAR(0x0F)_62"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
'_CHAR(0x02)__CHAR(0x1D)_363663 = "=*,63_CHAR(0x10)_63"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
9_CHAR(0x0F)__CHAR(0x1E)__CHAR(0x16)_64364 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!_CHAR(0x10)_#'65_CHAR(0x15)_65 = "%1-6565"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1D)_/$#6666 = "0;$'66766"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1C)__CHAR(0x01)_?_CHAR(0x02)_67167 = "_CHAR(0x11)_+67467"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)__CHAR(0x06)__CHAR(0x18)_;6868 = "@'C568_CHAR(0x1A)_68"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)__CHAR(0x01)_)669 69 = "2@_CHAR(0x13)_69_CHAR(0x0B)_69"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
E_CHAR(0x17)_7070 = "_CHAR(0x1D)__CHAR(0x07)__CHAR(0x1A)_70_CHAR(0x14)_70"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)__CHAR(0x04)__CHAR(0x15)_;71_CHAR(0x11)_71 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)_7_CHAR(0x1D)__CHAR(0x02)_72372 = "%_CHAR(0x1F)_4"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)_&:-73_CHAR(0x13)_73 = "=!_CHAR(0x03)_73073"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1_CHAR(0x1F)__CHAR(0x11)_*74_CHAR(0x1A)_74 = "_CHAR(0x06)_?+74_CHAR(0x01)_74"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
22?_CHAR(0x1B)_7575 = "D_CHAR(0x05)__CHAR(0x13)_75&75"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
8;_CHAR(0x1D)_76_CHAR(0x0C)_76 = "C#F76/76"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
-_CHAR(0x06)__CHAR(0x02)_77577 = "_CHAR(0x0E)__CHAR(0x07)__CHAR(0x1A)_77077"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
,_CHAR(0x17)_678 78 = "_CHAR(0x07)_7K_CHAR(0x10)_7878"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!7M!79_CHAR(0x02)_79 = ":_CHAR(0x08)_.079F79"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
0=_CHAR(0x19)_280E80 = "_CHAR(0x15)__CHAR(0x14)__CHAR(0x05)__CHAR(0x1E)_80"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_G_CHAR(0x0E)__CHAR(0x05)_81F81 = "_CHAR(0x1E)__CHAR(0x0C)__CHAR(0x14)_&81I81"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0C)_382_CHAR(0x18)_82 = " .ED8282"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
=?983_CHAR(0x1D)_83 = "_CHAR(0x18)_L_CHAR(0x12)_83_CHAR(0x14)_83"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)_HF_CHAR(0x01)_84_CHAR(0x0F)_84 = "+_CHAR(0x17)_4-84/84"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
'B_CHAR(0x0F)_=85_CHAR(0x14)_85 = "KL_CHAR(0x07)_85_CHAR(0x16)_85"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
L;#86%86 = "%CL#86L86"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1 = "PO2887!87"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x07)_W-88U88 = "_CHAR(0x18)_#;)88_CHAR(0x05)_88"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x07)_CN89_CHAR(0x12)_89 = "1_CHAR(0x0E)_6889T89"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
X_CHAR(0x17)__CHAR(0x01)__CHAR(0x17)_90_CHAR(0x11)_90 = "XVH90.90"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_6._CHAR(0x1C)_91_CHAR(0x1D)_91 = "F_CHAR(0x07)_Q91_CHAR(0x04)_91"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
#S,&92I92 = "_CHAR(0x08)_P_CHAR(0x19)_92_CHAR(0x0B)_92"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
TK_CHAR(0x08)__CHAR(0x16)_93X93 = "$OHW9393"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
DA4_CHAR(0x1F)_95@95 = "4_CHAR(0x1E)_%9595"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1B)_L3496_CHAR(0x02)_96 = "@0_CHAR(0x1E)__CHAR(0x1C)_96696"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)_3W)9797 = "_CHAR(0x1A)_7E_CHAR(0x14)_97/97"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
@_CHAR(0x1F)_:498*98 = "_CHAR(0x0C)_2LE98_CHAR(0x15)_98"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%P_CHAR(0x14)_a103%103 = "__CHAR(0x1C)_&`1037103"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1B)_+_CHAR(0x1C)_K104[104 = "7X_CHAR(0x06)__CHAR(0x14)_1041104"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
O_CHAR(0x13)_OP105Q105 = "GFE_CHAR(0x1C)_105105"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)__CHAR(0x19)_+M106/106 = "_CHAR(0x15)__CHAR(0x19)_E_CHAR(0x1B)_1065106"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
PWNh107a107 = "P_CHAR(0x11)_/_CHAR(0x11)_107_CHAR(0x13)_107"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
e_CHAR(0x07)__CHAR(0x0C)_`108W108 = "`_CHAR(0x19)__CHAR(0x08)_G108]108"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
XN_CHAR(0x03)_R1098109 = "_CHAR(0x1E)__CHAR(0x03)_Q,109_CHAR(0x02)_109"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%Mm110(110 = " f8k1104110"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
+$_CHAR(0x0C)_111_CHAR(0x02)_111 = "O%G&111_CHAR(0x19)_111"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x10)__CHAR(0x0F)_Od112112 = "_CHAR(0x06)_$h112F112"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
p_CHAR(0x07)_AU113,113 = "`&C_CHAR(0x1F)_113_CHAR(0x05)_113"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
19V_CHAR(0x01)_114_CHAR(0x0C)_114 = "aCB\114c114"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)_mJ115H115 = "_CHAR(0x08)_`_CHAR(0x11)_115O115"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)_]D116/116 = "_CHAR(0x06)_hWh1167116"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
a_CHAR(0x13)_3?117_CHAR(0x17)_117 = "_CHAR(0x1D)_f3-117P117"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)__CHAR(0x05)__CHAR(0x05)_118:118 = "m_CHAR(0x16)__CHAR(0x06)_O118o118"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x03)_119_CHAR(0x1B)_119 = "O@OL119)119"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
,o55120[120 = "W)Eo120j120"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
29_CHAR(0x1F)_$1212121 = "7ps121T121"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!(R_CHAR(0x10)_122_CHAR(0x1A)_122 = "_CHAR(0x1A)_3M_CHAR(0x07)_122122"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
x\_CHAR(0x11)_*123n123 = "_CHAR(0x1B)_y-@123_CHAR(0x04)_123"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1_CHAR(0x10)__CHAR(0x12)_S124j124 = "0_CHAR(0x01)_u(124y124"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
64N_CHAR(0x0E)_125D125 = "3_CHAR(0x0F)_d_CHAR(0x0B)_125_CHAR(0x0B)_125"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
+_CHAR(0x1D)_9126Y126 = "=vLA126p126"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
b_CHAR(0x17)_yz127A127 = "U\Z1277127"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x18)_e_CHAR(0x0F)_{128&128 = "Fc~_CHAR(0x06)_128,128"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
T5_CHAR(0x0F)_A129j129 = "=OD#129=129"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Nqn130q130 = "_CHAR(0x0C)_sBk130/130"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Si?1318131 = "n]_CHAR(0x03)__CHAR(0x1A)_1319131"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
l }_CHAR(0x1F)_1329132 = "\_CHAR(0x04)_C132_CHAR(0x03)_132"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
I='_CHAR(0x02)_133_CHAR(0x16)_133 = "4ƒ_CHAR(0x0F)__CHAR(0x0C)_133z133"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
k‚_CHAR(0x0B)_‚134K134 = "Ib+134_CHAR(0x0B)_134"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
2tli135'135 = "Y_CHAR(0x0C)_135135"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0E)_3„136E136 = "_CHAR(0x19)_z_CHAR(0x14)_b136D136"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
8%2y137N137 = "v"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
A6I{138ƒ138 = "_CHAR(0x13)_;!F138M138"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
tW_CHAR(0x1A)_K139,139 = "_CHAR(0x19)_…3{139_CHAR(0x01)_139"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0C)_WRX140\140 = "p:1140k140"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Z = "[t5R141_CHAR(0x03)_141"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)_\2‡142Y142 = "Z{_CHAR(0x02)__CHAR(0x1C)_142e142"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
a_CHAR(0x0F)_]l143q143 = "*_CHAR(0x10)__CHAR(0x14)_d143U143"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
(~nR144d144 = "_CHAR(0x19)_0qK144C144"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
HLN145S145 = "%7,J145_CHAR(0x1B)_145"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
XFN_CHAR(0x0F)_146R146 = "_CHAR(0x05)_c{J1462146"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
95L'147‰147 = "Gug’147D147"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
n$_CHAR(0x05)_]148m148 = "_CHAR(0x07)_DrE148148"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
b_CHAR(0x16)_:_CHAR(0x0F)_149149 = "_CHAR(0x19)_UN2149_CHAR(0x14)_149"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ŽU_CHAR(0x1B)_k150…150 = "-~A150W150"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
e7tD151_CHAR(0x04)_151 = "`da_CHAR(0x1D)_151p151"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
—g_CHAR(0x15)_152Y152 = "_CHAR(0x12)_•••152_CHAR(0x15)_152"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1*„3153\153 = "c*_CHAR(0x13)_“153M153"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
}_CHAR(0x1E)__CHAR(0x13)_i154C154 = "n_CHAR(0x05)_e154@154"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x17)_B_CHAR(0x17)_ƒ155‹155 = "_CHAR(0x19)_&]155v155"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ipad156_CHAR(0x02)_156 = "€=_CHAR(0x1E)_g156g156"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
˜_CHAR(0x10)_˜_CHAR(0x0B)_157‚157 = "_CHAR(0x14)__CHAR(0x1D)_Xf157X157"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)__CHAR(0x12)_158_CHAR(0x1D)_158 = "„^šQ1580158"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6_CHAR(0x15)_š159n159 = "‹L‡K159;159"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0E)_h3_CHAR(0x06)_160x160 = "ˆ˜”_CHAR(0x03)_160A160"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
n(Š_CHAR(0x11)_161(161 = "_CHAR(0x0E)_GŠ"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
J/]162@162 = "RIo162Š162"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
 (q_CHAR(0x10)_163 163 = "MŠ9163†163"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
VX”A164@164 = "F_CHAR(0x1C)_l8164164"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1(4165 165 = "c_CHAR(0x0E)_‡)165Š165"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
›+‘166o166 = "E7166S166"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
l_CHAR(0x0C)__CHAR(0x1A)_167_CHAR(0x17)_167 = "]m{Ž167_CHAR(0x19)_167"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
@%i.168_CHAR(0x07)_168 = "lV\E1682168"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
—_CHAR(0x1E)_gŒ169169 = ":5DŠ1693169"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
’AL170ƒ170 = ";s\j1709170"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
uš_CHAR(0x16)_r171171 = "•sR171#171"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)_%rj172‰172 = "œTª172*172"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
t”1'173o173 = ")d-173N173"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
l_CHAR(0x1E)_0.174*174 = ":w&`174¤174"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Q˜r„175/175 = "_CHAR(0x15)_t _CHAR(0x17)_175#175"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x16)_\%176_CHAR(0x08)_176 = "C_CHAR(0x03)_-_CHAR(0x1F)_176%176"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0F)_p2“177I177 = "nN+Q177y177"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
†_CHAR(0x1A)_„=178›178 = "«ž£01788178"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¦•-$179_CHAR(0x13)_179 = "?­@l179‘179"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)_[‘€180h180 = "a_CHAR(0x13)_b180“180"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ƒ¯_CHAR(0x11)_1818181 = "¯8_CHAR(0x19)_181^181"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
´l)182®182 = "v_CHAR(0x0F)__CHAR(0x08)_€182’182"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Xˆ+p183_183 = "g”_CHAR(0x1D)_f183œ183"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
P)*184\184 = "‹žj_CHAR(0x0C)_184_CHAR(0x0F)_184"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x14)_€e±185m185 = "*«qŒ185•185"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ˆ\UK186G186 = "‘@p186$186"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!fh187¸187 = "ž_,“187d187"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
™kX188·188 = "¹‘=©188+188"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
†®FC189_CHAR(0x04)_189 = "ƒ3q189Y189"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
®—n¦190`190 = "`O"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%‰˜¦191’191 = "_CHAR(0x1B)_zªŽ1913191"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
‹_CHAR(0x07)_[U192192 = "XI«¸192n192"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Tw_CHAR(0x04)_’193n193 = "5£„8193©193"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
–¬c194£194 = "bª70194h194"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
‚5:º195i195 = "%¤_CHAR(0x01)_U195"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
k!(‘196i196 = "a*;196Y196"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
?T1’197H197 = "¢F«m197Ž197"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¡Tµm198y198 = ";E”V198C198"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ŸPO_CHAR(0x1F)_1996199 = "P_CHAR(0x12)_y199#199"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1D)_s!I200!200 = "F©_CHAR(0x0F)_B2003200"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_nŒŠ201_CHAR(0x0B)_201 = "F’›201^201"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)_À_CHAR(0x04)_202_CHAR(0x07)_202 = "j^_CHAR(0x03)_±2022202"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
…•)203]203 = "#R/203*203"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
@¯S_CHAR(0x1A)_204u204 = "_CHAR(0x15)_±¼£204`204"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
—^\a205O205 = "?s 205P205"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
tA¶206g206 = "´Ÿ_CHAR(0x15)_Ë206±206"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)_Š_š207ƒ207 = "_CHAR(0x12)___CHAR(0x15)_D207n207"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)_¶È~208}208 = "ŠH.‰208ª208"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
'Q209%209 = "0Ælƒ209209"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ƨ¿Z210d210 = "¸mB210›210"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
‚bŸ·2110211 = "v—]_CHAR(0x0F)_2111211"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
{$¡212}212 = "¨.S212`212"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
m_CHAR(0x1D)_La213r213 = "ώ_CHAR(0x1A)_.213Ð213"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ř_CHAR(0x1B)__CHAR(0x06)_214D214 = "—Ÿšœ214¶214"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
“I¦215—215 = "T£_CHAR(0x17)_5215.215"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
KV¹z216°216 = "+£AÂ2160216"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
HjR217_217 = "t)‘217217"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
X_CHAR(0x12)__CHAR(0x04)__CHAR(0x0B)_218²218 = "‘!®218 218"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
™:œb219219 = "§¥uÙ219Ì219"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Š²Íw220220 = "›LDÇ220Ô220"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_$Hh221…221 = "UvQ*221_CHAR(0x05)_221"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Òe1_CHAR(0x1F)_222‚222 = "_CHAR(0x16)__²_222_CHAR(0x1B)_222"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
UÆÆ^223w223 = "_CHAR(0x15)_7I½223Ÿ223"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x10)_Â#_CHAR(0x16)_224Ï224 = "l”ÆÇ224Í224"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
M¬5225“225 = "cÅ5A225v225"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ϩ«¤226@226 = "j_CHAR(0x17)_S¥226r226"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)__CHAR(0x16)_W†227·227 = "c¦ 227‰227"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x07)_¼N£228!228 = "H_CHAR(0x0C)_³228_CHAR(0x1F)_228"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
É_CHAR(0x1E)_N229•229 = "s"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
l!Ã230Œ230 = "R®Ù230ß230"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
›_CHAR(0x1A)_œ_CHAR(0x15)_231H231 = "_CHAR(0x03)_G)™231½231"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¡j\4232½232 = "ãI¸¼232_CHAR(0x03)_232"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
D?_CHAR(0x17)_·233Í233 = "S‹µ·233ª233"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
R_CHAR(0x16)_t234 234 = "‘}U¼234Û234"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ß+b=235é235 = "§}Π235¤235"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0C)_½_CHAR(0x1B)_ 236Š236 = "“±_CHAR(0x07)_@236É236"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ù8[!237è237 = "TE-À237)237"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
xQ†„238á238 = "ê¸×¢238\238"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
`Ś‘239K239 = "Q2s7239H239"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
˜êAÃ240“240 = "A‚‘240s240"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
a_CHAR(0x19)_•À241X241 = "”ŠsÁ241s241"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
u_CHAR(0x02)_ÉG242_CHAR(0x15)_242 = "J_CHAR(0x1F)_Ñ242É242"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
“ºà243™243 = "»dƶ243v243"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)__CHAR(0x0E)__CHAR(0x04)__CHAR(0x16)_244¥244 = "Sh_CHAR(0x0F)_¡244é244"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)_ÓôZ245_CHAR(0x03)_245 = "·q¡;245Ú245"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¬¾_CHAR(0x12)_c246Ì246 = "Öµ)_CHAR(0x02)_2467246"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
º…i^247Ê247 = "Q…¡_CHAR(0x03)_247—247"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¥_CHAR(0x0B)_“@248_CHAR(0x17)_248 = "°Vi248O248"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Å©Â_CHAR(0x0F)_249w249 = ")_CHAR(0x0F)__F249Ñ249"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
o_CHAR(0x16)_gž250º250 = "ÈjFc250_CHAR(0x0B)_250"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
•ø_CHAR(0x1B)_¼251251 = "¡{_251¾251"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
4Ò_€252q252 = "_CHAR(0x14)_`Ä252h252"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
åb•'253I253 = "î֋æ253«253"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ã{Öð254˜254 = "x亶254a254"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
/+¡255_CHAR(0x0C)_255 = "þ¢ÝY255Œ255"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x0B)__CHAR(0x08)_14_CHAR(0x05)_14 = "_CHAR(0x08)__CHAR(0x01)__CHAR(0x01)_1414"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0C)__CHAR(0x01)__CHAR(0x02)_1616 = "_CHAR(0x0B)__CHAR(0x01)__CHAR(0x06)__CHAR(0x0E)_1616"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x12)__CHAR(0x10)__CHAR(0x05)__CHAR(0x05)_19_CHAR(0x11)_19 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x12)__CHAR(0x10)_20_CHAR(0x13)_20 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x0C)__CHAR(0x05)_21_CHAR(0x13)_21 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0C)__CHAR(0x12)__CHAR(0x0B)__CHAR(0x02)_2222 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x16)__CHAR(0x03)__CHAR(0x03)_23_CHAR(0x08)_23 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)__CHAR(0x11)_25_CHAR(0x06)_25 = "_CHAR(0x18)__CHAR(0x13)__CHAR(0x12)_25_CHAR(0x10)_25"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)__CHAR(0x16)__CHAR(0x0C)_26_CHAR(0x0B)_26 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1B)__CHAR(0x10)__CHAR(0x15)__CHAR(0x11)_30_CHAR(0x1D)_30 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x07)__CHAR(0x17)_31_CHAR(0x13)_31 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1D)__CHAR(0x0E)__CHAR(0x1C)__CHAR(0x01)_33_CHAR(0x1D)_33 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)__CHAR(0x04)__CHAR(0x08)__CHAR(0x11)_34_CHAR(0x18)_34 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0F)__CHAR(0x18)__CHAR(0x15)_35_CHAR(0x13)_35 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)__CHAR(0x0C)__CHAR(0x17)_36_CHAR(0x04)_36 = "_CHAR(0x02)__CHAR(0x19)_ 3636"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
#_CHAR(0x03)_ = "_CHAR(0x08)__CHAR(0x11)__CHAR(0x0F)__CHAR(0x06)_37_CHAR(0x04)_37"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)__CHAR(0x0E)__CHAR(0x19)_#38%38 = "#_CHAR(0x17)__CHAR(0x12)_3838"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
$_CHAR(0x1D)_39 39 = "$_CHAR(0x12)_#_CHAR(0x10)_39 39"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0F)__CHAR(0x19)_'_CHAR(0x0E)_41_CHAR(0x11)_41 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1D)__CHAR(0x0E)_ %42_CHAR(0x1B)_42 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)_()_CHAR(0x19)_43#43 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0B)_''44(44 = "!_CHAR(0x19)__CHAR(0x1E)__CHAR(0x10)_44"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0B)__CHAR(0x0E)__CHAR(0x14)_45_CHAR(0x0F)_45 = "_CHAR(0x1D)__CHAR(0x1E)_,45%45"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)_) 46'46 = "_CHAR(0x04)__CHAR(0x11)__CHAR(0x15)_'46_CHAR(0x0C)_46"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x18)_! #47_CHAR(0x1B)_47 = "_CHAR(0x18)_!_CHAR(0x0B)_47_CHAR(0x0E)_47"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)_'_CHAR(0x1D)__CHAR(0x05)_48_CHAR(0x0B)_48 = "!!_CHAR(0x1D)_!48_CHAR(0x01)_48"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
*_CHAR(0x06)_(*49_CHAR(0x0E)_49 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)__CHAR(0x1B)__CHAR(0x10)__CHAR(0x12)_50_CHAR(0x13)_50 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1C)__CHAR(0x02)__CHAR(0x18)__CHAR(0x06)_51-51 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x18)__CHAR(0x02)__CHAR(0x07)_-52052 = "#/_CHAR(0x08)__CHAR(0x1F)_52%52"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0E)__CHAR(0x18)__CHAR(0x01)_+53 53 = "_CHAR(0x06)_2_CHAR(0x06)__CHAR(0x05)_53153"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
2_CHAR(0x0F)__CHAR(0x07)_%54454 = "2,+_CHAR(0x1F)_54_CHAR(0x08)_54"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
#_CHAR(0x1B)_+655_CHAR(0x02)_55 = "!5_CHAR(0x13)__CHAR(0x03)_55155"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x17)__CHAR(0x12)_(_CHAR(0x18)_56_CHAR(0x01)_56 = "%_CHAR(0x0B)__CHAR(0x16)_56&56"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
2 (_CHAR(0x11)_57$57 = "_CHAR(0x02)_-!_CHAR(0x0B)_57_CHAR(0x0B)_57"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x16)__CHAR(0x04)__CHAR(0x14)_058_CHAR(0x18)_58 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x10)__CHAR(0x14)_$-59159 = "_CHAR(0x1D)__CHAR(0x18)_0#59_CHAR(0x0C)_59"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
+_CHAR(0x10)__CHAR(0x1C)_6161 = "_CHAR(0x11)_)961_CHAR(0x16)_61"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)__CHAR(0x12)_#62_CHAR(0x16)_62 = "+_CHAR(0x10)_6262"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)__CHAR(0x04)__CHAR(0x02)__CHAR(0x15)_63163 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
?;_CHAR(0x01)_%64_CHAR(0x1E)_64 = "_CHAR(0x01)__CHAR(0x17)_4 64 64"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
*/265_CHAR(0x05)_65 = "*:_CHAR(0x14)_165665"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!,_CHAR(0x1D)_?66_CHAR(0x07)_66 = "5%8)66/66"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1C)__CHAR(0x18)__CHAR(0x19)__CHAR(0x16)_67167 = "._CHAR(0x06)_&_CHAR(0x02)_67A67"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x19)_/_CHAR(0x1D)_468_CHAR(0x14)_68 = "_CHAR(0x02)_2.&68_CHAR(0x03)_68"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)_$=$69_CHAR(0x1F)_69 = "_CHAR(0x1D)_A_CHAR(0x1F)__CHAR(0x08)_69_CHAR(0x03)_69"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
=)_CHAR(0x1D)_.70_CHAR(0x05)_70 = "_CHAR(0x01)__CHAR(0x1D)_8_CHAR(0x04)_70_CHAR(0x05)_70"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
8_CHAR(0x19)_'71671 = "_CHAR(0x17)_8.71571"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
A_CHAR(0x13)_-473873 = ";_CHAR(0x13)__CHAR(0x15)_,7373"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)_1_CHAR(0x19)_=74_CHAR(0x07)_74 = "0-#074E74"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1A)_JD_CHAR(0x17)_75!75 = ",_CHAR(0x16)_)_CHAR(0x18)_75;75"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
D%76276 = "(_CHAR(0x1E)_5_CHAR(0x11)_76C76"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
;-?-77*77 = "_CHAR(0x0B)_@(_CHAR(0x1D)_77077"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
-_CHAR(0x14)_-)78278 = "=(KJ78878"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
K_CHAR(0x1A)_M_CHAR(0x04)_79_CHAR(0x16)_79 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x18)_I_CHAR(0x1A)_*80080 = "_CHAR(0x12)__CHAR(0x1D)__CHAR(0x1B)__CHAR(0x1D)_80,80"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
I_CHAR(0x1F)_2%81_CHAR(0x19)_81 = "+/A81B81"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)__CHAR(0x14)_;82:82 = "'_CHAR(0x08)__CHAR(0x15)_*82"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)__CHAR(0x17)_LH83683 = "N8_CHAR(0x0B)__CHAR(0x1A)_83)83"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)__CHAR(0x02)_)784_CHAR(0x0E)_84 = "@:_CHAR(0x0E)_#84_CHAR(0x11)_84"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
N0-S85F85 = "_CHAR(0x07)_-1/8585"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
1:ME86286 = "8_CHAR(0x08)_I86S86"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
9_CHAR(0x16)_O_CHAR(0x0B)_87N87 = "5Q_CHAR(0x07)__CHAR(0x08)_87487"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
T&$!88_CHAR(0x05)_88 = "O_CHAR(0x06)__CHAR(0x04)_&88@88"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
2'_CHAR(0x05)_89989 = "AM0S89_CHAR(0x07)_89"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
G2_CHAR(0x1F)_A90&90 = "R_CHAR(0x1F)_=S90U90"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x07)__CHAR(0x04)__CHAR(0x06)__CHAR(0x10)_91H91 = "{random characters}"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%_CHAR(0x10)_(N93_CHAR(0x02)_93 = "5D!.93393"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
04&C94B94 = "43A$94_CHAR(0x02)_94"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
XL$95#95 = "OB"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)_DB/96896 = "Y_CHAR(0x06)_[296_CHAR(0x1B)_96"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
-_CHAR(0x13)_&D97_CHAR(0x04)_97 = "QU_CHAR(0x08)__CHAR(0x06)_97#97"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
KZJ+98_CHAR(0x1E)_98 = "2_CHAR(0x19)__CHAR(0x08)__98D98"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
-0299]99 = "_CHAR(0x0B)__CHAR(0x05)_299699"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x08)_-QU1009100 = "V_CHAR(0x13)_AF100A100"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
K+'(101_CHAR(0x11)_101 = "!%d101P101"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
R&dZ102B102 = "._CHAR(0x1B)_\H102102"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
&9\]104_CHAR(0x0E)_104 = "_CHAR(0x11)_8DC1043104"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
;$d_CHAR(0x15)_105_CHAR(0x02)_105 = "68PJ1055105"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
a_CHAR(0x06)_,G106.106 = "`_CHAR(0x19)_*;106_CHAR(0x1B)_106"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
G0_CHAR(0x0E)_2107T107 = "7I_CHAR(0x05)_c107_CHAR(0x11)_107"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
,?/)1088108 = "k79_CHAR(0x11)_108_CHAR(0x08)_108"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1E)_!_CHAR(0x0E)_1098109 = "_CHAR(0x0F)_JM109109"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x04)_C'm110#110 = "4IZ110_CHAR(0x03)_110"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0B)__CHAR(0x07)_0_CHAR(0x1E)_1119111 = "Zd_CHAR(0x16)_?111k111"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
L.g5112g112 = "A!N?1120112"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
,&_CHAR(0x13)__CHAR(0x19)_113_CHAR(0x1F)_113 = "+*_CHAR(0x02)_P113_CHAR(0x0C)_113"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x0E)__CHAR(0x1A)_114)114 = "_CHAR(0x05)__CHAR(0x12)_\a114h114"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
?i!_CHAR(0x14)_115@115 = "ki+(115E115"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1B)__CHAR(0x04)__CHAR(0x0C)_S116F116 = "VFlX116p116"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)_3j1172117 = "E+!_CHAR(0x14)_117_117"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
3et3118_CHAR(0x1F)_118 = "_CHAR(0x12)__CHAR(0x05)_,/118E118"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
pJ4_CHAR(0x01)_119_CHAR(0x11)_119 = "_CHAR(0x05)_);X119u119"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
C_M120`120 = "9M _CHAR(0x1F)_120 120"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
e?_CHAR(0x07)_3121K121 = "MwA_CHAR(0x18)_121_CHAR(0x1F)_121"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
E3_CHAR(0x07)_122=122 = ") 2T1222122"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
nw4123w123 = "%^9^1236123"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
/_CHAR(0x16)_jq1247124 = "M3Nm124r124"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
df2 1253125 = "X(mP125_CHAR(0x15)_125"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
%_CHAR(0x01)__CHAR(0x04)_126_CHAR(0x14)_126 = "JIb_CHAR(0x0B)_126F126"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
uU_CHAR(0x07)_1274127 = "_CHAR(0x1C)_S_CHAR(0x0C)_?127E127"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
=!H_CHAR(0x04)_128^128 = "M.q/128/128"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
yy_CHAR(0x0F)_\129z129 = "e;=J129_CHAR(0x1A)_129"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
KL_CHAR(0x05)_130S130 = "q_CHAR(0x11)_130_CHAR(0x13)_130"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1F)_D/x131_CHAR(0x16)_131 = "V_CHAR(0x1C)__CHAR(0x0B)_"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
\?!O132132 = "_CHAR(0x1A)_&Jd132s132"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
q;LB133€133 = "T4;_CHAR(0x0B)_133s133"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6`_CHAR(0x1A)_a134_CHAR(0x1D)_134 = "W _CHAR(0x1D)_,134B134"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x12)_^c135_CHAR(0x12)_135 = "*€_CHAR(0x04)_135h135"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)_‡$_CHAR(0x18)_136_CHAR(0x1C)_136 = "8UQ136G136"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
n = "-mP1137_CHAR(0x01)_137"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
4h#L138+138 = "NRBJ1382138"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x05)_u':139X139 = "q_CHAR(0x11)_O]139_CHAR(0x1F)_139"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ed(\140,140 = "2‰I‚140&140"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Hƒ141P141 = "5U)_CHAR(0x0F)_141o141"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
IŠ{142_142 = "_CHAR(0x12)_eL_CHAR(0x11)_1422142"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
DƒN143ˆ143 = "8‰G†143J143"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
LY{ 144c144 = "_CHAR(0x18)_144_CHAR(0x10)_144"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
R_CHAR(0x1B)_F+145Š145 = "=7F 145+145"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
z+um146'146 = "=g_CHAR(0x06)__146,146"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6NUŒ147_CHAR(0x17)_147 = "_CHAR(0x08)_h_CHAR(0x02)__CHAR(0x0E)_147_CHAR(0x07)_147"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x13)_4ƒ148:148 = "M€f148$148"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
{zk_CHAR(0x08)_149Z149 = "BP[„149h149"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
oŠ~y150_CHAR(0x15)_150 = "‘8ˆ_CHAR(0x1C)_150o150"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
$M3151*151 = "8K_CHAR(0x01)_"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
U_CHAR(0x16)_W152152 = "D!N,1521152"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
,n‹_CHAR(0x13)_153_CHAR(0x14)_153 = "[8t‚153‹153"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Z;154‹154 = "]a:=154E154"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x01)_T]˜155u155 = "˜@(155?155"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
fb_CHAR(0x1A)_t156_CHAR(0x1B)_156 = "4#_CHAR(0x1A)_K156156"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
‹’_CHAR(0x1A)_s157-157 = "Vp_CHAR(0x13)_157157"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)_r€158_CHAR(0x18)_158 = "C_CHAR(0x1E)_YB158_CHAR(0x07)_158"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x06)__CHAR(0x0F)_8M159$159 = "hŠa/159€159"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
{_CHAR(0x01)_vd160_CHAR(0x08)_160 = "j:_CHAR(0x11)_U1603160"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
—+aK161_CHAR(0x18)_161 = "D_CHAR(0x1E)_#”161^161"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x17)_]_162o162 = "{dcj162k162"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
w…fc163d163 = "@_CHAR(0x1C)_”v163{163"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
 uŸ164y164 = "›[š164_CHAR(0x0C)_164"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
?G=165g165 = "0V_CHAR(0x1F)_ž165_CHAR(0x06)_165"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
X‰_CHAR(0x13)_T166R166 = "-oF/166m166"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!¦%_CHAR(0x14)_167Y167 = "Š8_CHAR(0x0C)__CHAR(0x05)_167š167"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
O_CHAR(0x0F)_£E168q168 = "a65168F168"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
3j‰_CHAR(0x0F)_169*169 = "$œ_CHAR(0x08)__CHAR(0x05)_169o169"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
§)7170h170 = "_CHAR(0x0F)_ œj170E170"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
&¦1ƒ171_CHAR(0x03)_171 = "g_CHAR(0x1C)_Ÿd171_CHAR(0x1D)_171"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)_¦_CHAR(0x1D)_8172_CHAR(0x1A)_172 = "_CHAR(0x0C)__CHAR(0x14)_1X172@172"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Šx_CHAR(0x16)_1738173 = "•h_CHAR(0x13)_Ÿ173b173"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1E)__CHAR(0x17)_ªx174174 = "ª“5174_CHAR(0x19)_174"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
SET.175]175 = "@]_CHAR(0x07)_¢175_CHAR(0x0F)_175"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¨–9176t176 = "¤_CHAR(0x19)__CHAR(0x0F)_:1763176"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
£F™_CHAR(0x11)_177=177 = "{‰_CHAR(0x01)_o177…177"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)_[Œ_CHAR(0x08)_178s178 = "l(-178 178"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
²_CHAR(0x05)_C1798179 = "VªII179_CHAR(0x11)_179"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
`r˜.180§180 = "‹hrX180\180"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
r_CHAR(0x04)__CHAR(0x12)_181‰181 = "€B&ž181w181"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
­$_CHAR(0x1D)_H182g182 = "¡0W182Q182"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
W±]_CHAR(0x08)_183_CHAR(0x08)_183 = "6¦1_CHAR(0x17)_183_CHAR(0x1A)_183"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
·f¶‘184§184 = "_CHAR(0x17)_=W³184_CHAR(0x1D)_184"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
~m_CHAR(0x15)_185¸185 = "„^o²185S185"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
´_CHAR(0x0F)_G9186_CHAR(0x19)_186 = "8;¨186@186"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
{©bk187—187 = "¶±_CHAR(0x1F)_187²187"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
KP_CHAR(0x1A)_l188V188 = "[oEŸ188­188"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
£mº]189§189 = ",§_CHAR(0x10)_¯189189"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
VL_CHAR(0x05)_p190C190 = "O_CHAR(0x1B)_«„190190"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
r3_CHAR(0x1A)_«191E191 = "«!“_CHAR(0x1D)_191˜191"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
€whµ192°192 = "¾PI—192¸192"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
q–’\1939193 = "¯¦:_CHAR(0x01)_193_CHAR(0x01)_193"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ª_CHAR(0x11)_…_CHAR(0x0C)_1943194 = "NX„194_CHAR(0x10)_194"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x15)_Z_CHAR(0x19)_ª195195 = "y¾_CHAR(0x05)__CHAR(0x1E)_195®195"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ZKY!196X196 = "0’oa196¦196"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ia_¡197%197 = "`VGQ197@197"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
4!¥198]198 = "1_CHAR(0x1E)_W)198)198"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
»W_CHAR(0x14)_199_CHAR(0x1F)_199 = "N_CHAR(0x06)_¥199199"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
œ_CHAR(0x1D)_A200,200 = " o-²200p200"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ä­gT201­201 = "P_CHAR(0x01)_‹T201_CHAR(0x01)_201"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
c6E&202`202 = "˜#_CHAR(0x12)_202Ÿ202"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
0®AH203*203 = "1~%Ã203[203"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
YG_CHAR(0x1E)_‰204K204 = "°gˆ_CHAR(0x1B)_204q204"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x1C)_‹j_CHAR(0x10)_205€205 = "­Â¸Ÿ205i205"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
S_CHAR(0x18)_­Í206¥206 = "hN˜206_CHAR(0x0F)_206"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
7µ`207W207 = "‚_CHAR(0x12)_$1207_CHAR(0x1F)_207"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Bw³{208«208 = "‹œZ208¾208"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
*Š®8209•209 = "fΒ[209_CHAR(0x0F)_209"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
˜%_CHAR(0x08)_•210Ç210 = "ºŸ¹6210‹210"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
gQ_CHAR(0x18)_¶211_CHAR(0x13)_211 = "‡Ÿ'S2112211"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
__CHAR(0x1B)_` 212º212 = "_CHAR(0x18)_ _CHAR(0x1D)_–212k212"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x18)_‡Î213u213 = "•ZÍw213²213"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
©;¾Æ214 214 = "Ìhm214É214"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ÆÊ_CHAR(0x10)_I215[215 = "¥O&ˆ215 215"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
À¿_CHAR(0x14)_!216Š216 = "_CHAR(0x0F)_¨_CHAR(0x12)__CHAR(0x04)_216:216"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
•#ʅ217217 = "I_CHAR(0x1C)_¡¼217x217"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x14)_O\i218Ô218 = "6`}d218ˆ218"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
º_CHAR(0x1E)_s)219_CHAR(0x03)_219 = "7\6W219‹219"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
a›c±2208220 = "ǚ,¹220u220"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
(M221“221 = "_CHAR(0x1F)_W_C221Ã221"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
:š!222˜222 = "$gÉi222V222"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
°×_CHAR(0x08)_223Š223 = "ؓ_CHAR(0x06)_Y223_CHAR(0x19)_223"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
!_CHAR(0x02)_}Ì224Ó224 = "›_CHAR(0x1E)_ž!224Q224"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6B¤v225225 = "‘vÔÝ225-225"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Å226f226 = "Ô]_CHAR(0x1B)_T226o226"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ºœà9227;227 = "ÈV*_CHAR(0x05)_227m227"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
]ە228Å228 = "tÄo228_CHAR(0x0C)_228"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x11)_ä…Ï229×229 = "˜Nßs229ä229"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ÚhŽ230V230 = "¨ueà230v230"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
0AÀ¾231Œ231 = "_CHAR(0x12)_vÖâ231„231"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
7]+Ô232µ232 = "´âÕ232ˆ232"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
_CHAR(0x02)_Œ?¥233–233 = "SaHq233Æ233"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ÑÂEi234E234 = "¯·àn234%234"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Nº¼F235©235 = "R„•O235¯235"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
á_CHAR(0x1B)_{/236ƒ236 = "£á²B2367236"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
L_CHAR(0x1E)__CHAR(0x19)_a237‡237 = "Å$5€237ß237"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Ð0Ä_CHAR(0x10)_238g238 = "i_CHAR(0x07)_kˆ238_CHAR(0x12)_238"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Þ7j¿239_CHAR(0x0E)_239 = "NRtÂ239f239"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6#_CHAR(0x16)__CHAR(0x0F)_240g240 = "¤_CHAR(0x08)_À_CHAR(0x1C)_240+240"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
^ä(ª241ˆ241 = "Q£Üg241!241"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
CÏT¥242Ñ242 = "·_CHAR(0x1C)_½y242Â242"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
¤_CHAR(0x0E)_Œ_CHAR(0x14)_243Ë243 = "1z5^2439243"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ugH$244244 = "éք$2440244"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
+_CHAR(0x17)_òÐ245Ü245 = "ð„"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
6_CHAR(0x01)_5Y246¸246 = "q†ÖÂ246¯246"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ˆ'xÀ248Î248 = "_CHAR(0x16)_‘…]248k248"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
õ0_CHAR(0x16)_249K249 = "_CHAR(0x0E)_8_CHAR(0x18)_'249&249"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
’_CHAR(0x04)__CHAR(0x17)_™250k250 = "]5Ý250_CHAR(0x10)_250"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
v£¤251„251 = "d¿¹_CHAR(0x1D)_251E251"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ØÕ_CHAR(0x07)__CHAR(0x13)_252È252 = "¯_CHAR(0x01)_ߑ2520252"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
â_CHAR(0x02)__CHAR(0x1E)_253[253 = "ã{r¹253Á253"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
ܲe…254P254 = "†kï‘254_CHAR(0x1B)_254"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
æ _CHAR(0x0C)_ì255_CHAR(0x0E)_255 = "#¬_CHAR(0x19)_™255—255"

Dropping Routine

This Trojan drops the following files:

  • %Temp%\m.bat
  • %Temp%\o.bat
  • %User Startup%\SoundDivx.lnk
  • %Temp%\l.bat
  • %Temp%\a.bat
  • %Temp%\j.bat
  • \My picture.lnk
  • %Start Menu%\Programs\My picture.lnk

(Note: %Temp% is the Windows Temporary folder, which is usually C:\Windows\Temp or C:\WINNT\Temp.. %User Startup% is the current user's Startup folder, which is usually C:\Windows\Profiles\{user name}\Start Menu\Programs\Startup on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu\Programs\Startup on Windows NT, and C:\Documents and Settings\{User name}\Start Menu\Programs\Startup.. %Start Menu% is the current user's Start Menu folder, which is usually C:\Windows\Profiles\{user name}\Start Menu on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu on Windows NT and C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003.)

This report is generated via an automated analysis system.

  SOLUTION

Minimum Scan Engine: 9.200

Step 1

For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

Step 2

Restart in Safe Mode

[ Learn More ]

Step 3

Delete this registry value

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • %Favorites%\ Internet Explorer\Web.scr = "%Favorites%\ Internet Explorer\Web.pif"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x02)__CHAR(0x01)__CHAR(0x03)__CHAR(0x02)_5_CHAR(0x04)_5 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x04)__CHAR(0x06)__CHAR(0x05)__CHAR(0x05)_7_CHAR(0x01)_7 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x01)__CHAR(0x01)__CHAR(0x02)__CHAR(0x01)_9_CHAR(0x05)_9 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x08)__CHAR(0x02)__CHAR(0x06)__CHAR(0x03)_12_CHAR(0x04)_12 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0B)__CHAR(0x04)__CHAR(0x06)__CHAR(0x03)_1313 = "_CHAR(0x07)__CHAR(0x05)_13_CHAR(0x07)_13"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x01)__CHAR(0x0C)_1515 = "_CHAR(0x04)__CHAR(0x0B)__CHAR(0x07)_1515"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0B)__CHAR(0x01)__CHAR(0x0B)_17 = "_CHAR(0x05)__CHAR(0x0F)__CHAR(0x05)_17_CHAR(0x07)_17"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x10)__CHAR(0x06)__CHAR(0x06)__CHAR(0x08)_18_CHAR(0x01)_18 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x02)__CHAR(0x10)__CHAR(0x07)__CHAR(0x03)_19_CHAR(0x0F)_19 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x06)__CHAR(0x08)__CHAR(0x04)__CHAR(0x03)_2020 = "_CHAR(0x13)__CHAR(0x0C)_20_CHAR(0x01)_20"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x05)__CHAR(0x08)_23_CHAR(0x14)_23 = "_CHAR(0x05)__CHAR(0x10)__CHAR(0x0C)_23_CHAR(0x14)_23"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x08)__CHAR(0x08)__CHAR(0x0E)__CHAR(0x12)_2424 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x04)__CHAR(0x08)__CHAR(0x02)__CHAR(0x13)_2828 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0F)__CHAR(0x16)__CHAR(0x11)__CHAR(0x06)_30_CHAR(0x19)_30 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x06)__CHAR(0x18)__CHAR(0x10)__CHAR(0x0C)_31_CHAR(0x01)_31 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x19)__CHAR(0x1E)__CHAR(0x03)__CHAR(0x06)_32_CHAR(0x18)_32 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1E)__CHAR(0x10)__CHAR(0x15)_ 33_CHAR(0x19)_33 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x11)__CHAR(0x18)_35_CHAR(0x0E)_35 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x03)_# = "_CHAR(0x0C)__CHAR(0x12)__CHAR(0x17)__CHAR(0x1D)_36_CHAR(0x16)_36"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • #_CHAR(0x12)__CHAR(0x11)_$37_CHAR(0x08)_37 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x17)__CHAR(0x1E)__CHAR(0x11)__CHAR(0x06)_38_CHAR(0x18)_38 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x12)__CHAR(0x06)_ #41_CHAR(0x03)_41 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x15)__CHAR(0x1D)_ 42_CHAR(0x01)_42 = "_CHAR(0x19)__CHAR(0x0C)__CHAR(0x02)__CHAR(0x13)_4242"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x03)__CHAR(0x1C)_$_CHAR(0x0E)_4343 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • #_CHAR(0x0B)__CHAR(0x01)__CHAR(0x0F)_44&44 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1D)__CHAR(0x13)__CHAR(0x1C)_45$45 = "_CHAR(0x14)__CHAR(0x18)__CHAR(0x1B)_4545"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x12)_!_CHAR(0x1E)__CHAR(0x08)_46,46 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • )_CHAR(0x1F)__CHAR(0x13)__CHAR(0x1B)_47_CHAR(0x06)_47 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • '_CHAR(0x17)__CHAR(0x06)__CHAR(0x16)_48_CHAR(0x06)_48 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x08)_$_CHAR(0x10)_49_CHAR(0x0C)_49 = "_CHAR(0x01)_,!_CHAR(0x03)_49 49"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • &_CHAR(0x13)_.51_CHAR(0x1A)_51 = ",%_CHAR(0x0F)__CHAR(0x1E)_51_CHAR(0x05)_51"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x11)__CHAR(0x12)__CHAR(0x15)__CHAR(0x1D)_52/52 = "#&3_CHAR(0x12)_52_CHAR(0x04)_52"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x15)__CHAR(0x0E)_0_CHAR(0x0C)_53_CHAR(0x14)_53 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x16)_4_CHAR(0x1B)_54_CHAR(0x1F)_54 = "_CHAR(0x14)__CHAR(0x14)_*154$54"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1F)__CHAR(0x1C)_3_CHAR(0x0C)_55_CHAR(0x01)_55 = "5_CHAR(0x1B)_5_CHAR(0x0B)_55-55"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x05)__CHAR(0x18)__CHAR(0x03)_756_CHAR(0x15)_56 = "'0-_CHAR(0x16)_56$56"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0F)_1_CHAR(0x14)_57_CHAR(0x17)_57 = "_CHAR(0x04)_7"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x03)_$_CHAR(0x0F)_.58_CHAR(0x06)_58 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 7_CHAR(0x13)_8_CHAR(0x10)_59.59 = "2_CHAR(0x18)__CHAR(0x1D)__CHAR(0x10)_59*59"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x14)__CHAR(0x19)__CHAR(0x19)_:60_CHAR(0x15)_60 = "#*_CHAR(0x1C)_60_CHAR(0x13)_60"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x19)__CHAR(0x1D)__CHAR(0x15)__CHAR(0x1C)_61_CHAR(0x03)_61 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 2$_CHAR(0x19)__CHAR(0x12)_62462 = "#_CHAR(0x11)_'662_CHAR(0x0F)_62"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • '_CHAR(0x02)__CHAR(0x1D)_363663 = "=*,63_CHAR(0x10)_63"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 9_CHAR(0x0F)__CHAR(0x1E)__CHAR(0x16)_64364 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • !_CHAR(0x10)_#'65_CHAR(0x15)_65 = "%1-6565"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1D)_/$#6666 = "0;$'66766"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1C)__CHAR(0x01)_?_CHAR(0x02)_67167 = "_CHAR(0x11)_+67467"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x03)__CHAR(0x06)__CHAR(0x18)_;6868 = "@'C568_CHAR(0x1A)_68"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x01)__CHAR(0x01)_)669 69 = "2@_CHAR(0x13)_69_CHAR(0x0B)_69"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • E_CHAR(0x17)_7070 = "_CHAR(0x1D)__CHAR(0x07)__CHAR(0x1A)_70_CHAR(0x14)_70"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x13)__CHAR(0x04)__CHAR(0x15)_;71_CHAR(0x11)_71 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x05)_7_CHAR(0x1D)__CHAR(0x02)_72372 = "%_CHAR(0x1F)_4"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x11)_&:-73_CHAR(0x13)_73 = "=!_CHAR(0x03)_73073"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 1_CHAR(0x1F)__CHAR(0x11)_*74_CHAR(0x1A)_74 = "_CHAR(0x06)_?+74_CHAR(0x01)_74"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 22?_CHAR(0x1B)_7575 = "D_CHAR(0x05)__CHAR(0x13)_75&75"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 8;_CHAR(0x1D)_76_CHAR(0x0C)_76 = "C#F76/76"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • -_CHAR(0x06)__CHAR(0x02)_77577 = "_CHAR(0x0E)__CHAR(0x07)__CHAR(0x1A)_77077"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ,_CHAR(0x17)_678 78 = "_CHAR(0x07)_7K_CHAR(0x10)_7878"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • !7M!79_CHAR(0x02)_79 = ":_CHAR(0x08)_.079F79"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 0=_CHAR(0x19)_280E80 = "_CHAR(0x15)__CHAR(0x14)__CHAR(0x05)__CHAR(0x1E)_80"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1A)_G_CHAR(0x0E)__CHAR(0x05)_81F81 = "_CHAR(0x1E)__CHAR(0x0C)__CHAR(0x14)_&81I81"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0C)_382_CHAR(0x18)_82 = " .ED8282"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • =?983_CHAR(0x1D)_83 = "_CHAR(0x18)_L_CHAR(0x12)_83_CHAR(0x14)_83"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x03)_HF_CHAR(0x01)_84_CHAR(0x0F)_84 = "+_CHAR(0x17)_4-84/84"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 'B_CHAR(0x0F)_=85_CHAR(0x14)_85 = "KL_CHAR(0x07)_85_CHAR(0x16)_85"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • L;#86%86 = "%CL#86L86"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 1 = "PO2887!87"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x07)_W-88U88 = "_CHAR(0x18)_#;)88_CHAR(0x05)_88"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x07)_CN89_CHAR(0x12)_89 = "1_CHAR(0x0E)_6889T89"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • X_CHAR(0x17)__CHAR(0x01)__CHAR(0x17)_90_CHAR(0x11)_90 = "XVH90.90"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1A)_6._CHAR(0x1C)_91_CHAR(0x1D)_91 = "F_CHAR(0x07)_Q91_CHAR(0x04)_91"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • #S,&92I92 = "_CHAR(0x08)_P_CHAR(0x19)_92_CHAR(0x0B)_92"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • TK_CHAR(0x08)__CHAR(0x16)_93X93 = "$OHW9393"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • DA4_CHAR(0x1F)_95@95 = "4_CHAR(0x1E)_%9595"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1B)_L3496_CHAR(0x02)_96 = "@0_CHAR(0x1E)__CHAR(0x1C)_96696"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x15)_3W)9797 = "_CHAR(0x1A)_7E_CHAR(0x14)_97/97"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • @_CHAR(0x1F)_:498*98 = "_CHAR(0x0C)_2LE98_CHAR(0x15)_98"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • %P_CHAR(0x14)_a103%103 = "__CHAR(0x1C)_&`1037103"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1B)_+_CHAR(0x1C)_K104[104 = "7X_CHAR(0x06)__CHAR(0x14)_1041104"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • O_CHAR(0x13)_OP105Q105 = "GFE_CHAR(0x1C)_105105"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x19)__CHAR(0x19)_+M106/106 = "_CHAR(0x15)__CHAR(0x19)_E_CHAR(0x1B)_1065106"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • PWNh107a107 = "P_CHAR(0x11)_/_CHAR(0x11)_107_CHAR(0x13)_107"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • e_CHAR(0x07)__CHAR(0x0C)_`108W108 = "`_CHAR(0x19)__CHAR(0x08)_G108]108"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • XN_CHAR(0x03)_R1098109 = "_CHAR(0x1E)__CHAR(0x03)_Q,109_CHAR(0x02)_109"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • %Mm110(110 = " f8k1104110"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • +$_CHAR(0x0C)_111_CHAR(0x02)_111 = "O%G&111_CHAR(0x19)_111"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x10)__CHAR(0x0F)_Od112112 = "_CHAR(0x06)_$h112F112"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • p_CHAR(0x07)_AU113,113 = "`&C_CHAR(0x1F)_113_CHAR(0x05)_113"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 19V_CHAR(0x01)_114_CHAR(0x0C)_114 = "aCB\114c114"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x15)_mJ115H115 = "_CHAR(0x08)_`_CHAR(0x11)_115O115"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x13)_]D116/116 = "_CHAR(0x06)_hWh1167116"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • a_CHAR(0x13)_3?117_CHAR(0x17)_117 = "_CHAR(0x1D)_f3-117P117"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x08)__CHAR(0x05)__CHAR(0x05)_118:118 = "m_CHAR(0x16)__CHAR(0x06)_O118o118"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x03)_119_CHAR(0x1B)_119 = "O@OL119)119"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ,o55120[120 = "W)Eo120j120"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 29_CHAR(0x1F)_$1212121 = "7ps121T121"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • !(R_CHAR(0x10)_122_CHAR(0x1A)_122 = "_CHAR(0x1A)_3M_CHAR(0x07)_122122"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • x\_CHAR(0x11)_*123n123 = "_CHAR(0x1B)_y-@123_CHAR(0x04)_123"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 1_CHAR(0x10)__CHAR(0x12)_S124j124 = "0_CHAR(0x01)_u(124y124"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 64N_CHAR(0x0E)_125D125 = "3_CHAR(0x0F)_d_CHAR(0x0B)_125_CHAR(0x0B)_125"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • +_CHAR(0x1D)_9126Y126 = "=vLA126p126"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • b_CHAR(0x17)_yz127A127 = "U\Z1277127"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x18)_e_CHAR(0x0F)_{128&128 = "Fc~_CHAR(0x06)_128,128"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • T5_CHAR(0x0F)_A129j129 = "=OD#129=129"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Nqn130q130 = "_CHAR(0x0C)_sBk130/130"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Si?1318131 = "n]_CHAR(0x03)__CHAR(0x1A)_1319131"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • l }_CHAR(0x1F)_1329132 = "\_CHAR(0x04)_C132_CHAR(0x03)_132"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • I='_CHAR(0x02)_133_CHAR(0x16)_133 = "4ƒ_CHAR(0x0F)__CHAR(0x0C)_133z133"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • k‚_CHAR(0x0B)_‚134K134 = "Ib+134_CHAR(0x0B)_134"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 2tli135'135 = "Y_CHAR(0x0C)_135135"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0E)_3„136E136 = "_CHAR(0x19)_z_CHAR(0x14)_b136D136"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 8%2y137N137 = "v"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • A6I{138ƒ138 = "_CHAR(0x13)_;!F138M138"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • tW_CHAR(0x1A)_K139,139 = "_CHAR(0x19)_…3{139_CHAR(0x01)_139"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0C)_WRX140\140 = "p:1140k140"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Z = "[t5R141_CHAR(0x03)_141"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x01)_\2‡142Y142 = "Z{_CHAR(0x02)__CHAR(0x1C)_142e142"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • a_CHAR(0x0F)_]l143q143 = "*_CHAR(0x10)__CHAR(0x14)_d143U143"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • (~nR144d144 = "_CHAR(0x19)_0qK144C144"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • HLN145S145 = "%7,J145_CHAR(0x1B)_145"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • XFN_CHAR(0x0F)_146R146 = "_CHAR(0x05)_c{J1462146"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 95L'147‰147 = "Gug’147D147"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • n$_CHAR(0x05)_]148m148 = "_CHAR(0x07)_DrE148148"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • b_CHAR(0x16)_:_CHAR(0x0F)_149149 = "_CHAR(0x19)_UN2149_CHAR(0x14)_149"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ŽU_CHAR(0x1B)_k150…150 = "-~A150W150"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • e7tD151_CHAR(0x04)_151 = "`da_CHAR(0x1D)_151p151"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • —g_CHAR(0x15)_152Y152 = "_CHAR(0x12)_•••152_CHAR(0x15)_152"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 1*„3153\153 = "c*_CHAR(0x13)_“153M153"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • }_CHAR(0x1E)__CHAR(0x13)_i154C154 = "n_CHAR(0x05)_e154@154"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x17)_B_CHAR(0x17)_ƒ155‹155 = "_CHAR(0x19)_&]155v155"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ipad156_CHAR(0x02)_156 = "€=_CHAR(0x1E)_g156g156"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ˜_CHAR(0x10)_˜_CHAR(0x0B)_157‚157 = "_CHAR(0x14)__CHAR(0x1D)_Xf157X157"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x11)__CHAR(0x12)_158_CHAR(0x1D)_158 = "„^šQ1580158"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 6_CHAR(0x15)_š159n159 = "‹L‡K159;159"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0E)_h3_CHAR(0x06)_160x160 = "ˆ˜”_CHAR(0x03)_160A160"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • n(Š_CHAR(0x11)_161(161 = "_CHAR(0x0E)_GŠ"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • J/]162@162 = "RIo162Š162"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    •  (q_CHAR(0x10)_163 163 = "MŠ9163†163"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • VX”A164@164 = "F_CHAR(0x1C)_l8164164"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 1(4165 165 = "c_CHAR(0x0E)_‡)165Š165"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ›+‘166o166 = "E7166S166"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • l_CHAR(0x0C)__CHAR(0x1A)_167_CHAR(0x17)_167 = "]m{Ž167_CHAR(0x19)_167"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • @%i.168_CHAR(0x07)_168 = "lV\E1682168"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • —_CHAR(0x1E)_gŒ169169 = ":5DŠ1693169"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ’AL170ƒ170 = ";s\j1709170"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • uš_CHAR(0x16)_r171171 = "•sR171#171"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x19)_%rj172‰172 = "œTª172*172"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • t”1'173o173 = ")d-173N173"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • l_CHAR(0x1E)_0.174*174 = ":w&`174¤174"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Q˜r„175/175 = "_CHAR(0x15)_t _CHAR(0x17)_175#175"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x16)_\%176_CHAR(0x08)_176 = "C_CHAR(0x03)_-_CHAR(0x1F)_176%176"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0F)_p2“177I177 = "nN+Q177y177"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • †_CHAR(0x1A)_„=178›178 = "«ž£01788178"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ¦•-$179_CHAR(0x13)_179 = "?­@l179‘179"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x08)_[‘€180h180 = "a_CHAR(0x13)_b180“180"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ƒ¯_CHAR(0x11)_1818181 = "¯8_CHAR(0x19)_181^181"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ´l)182®182 = "v_CHAR(0x0F)__CHAR(0x08)_€182’182"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Xˆ+p183_183 = "g”_CHAR(0x1D)_f183œ183"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • P)*184\184 = "‹žj_CHAR(0x0C)_184_CHAR(0x0F)_184"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x14)_€e±185m185 = "*«qŒ185•185"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ˆ\UK186G186 = "‘@p186$186"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • !fh187¸187 = "ž_,“187d187"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ™kX188·188 = "¹‘=©188+188"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • †®FC189_CHAR(0x04)_189 = "ƒ3q189Y189"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ®—n¦190`190 = "`O"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • %‰˜¦191’191 = "_CHAR(0x1B)_zªŽ1913191"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ‹_CHAR(0x07)_[U192192 = "XI«¸192n192"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Tw_CHAR(0x04)_’193n193 = "5£„8193©193"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • –¬c194£194 = "bª70194h194"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ‚5:º195i195 = "%¤_CHAR(0x01)_U195"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • k!(‘196i196 = "a*;196Y196"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ?T1’197H197 = "¢F«m197Ž197"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ¡Tµm198y198 = ";E”V198C198"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ŸPO_CHAR(0x1F)_1996199 = "P_CHAR(0x12)_y199#199"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1D)_s!I200!200 = "F©_CHAR(0x0F)_B2003200"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1A)_nŒŠ201_CHAR(0x0B)_201 = "F’›201^201"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1F)_À_CHAR(0x04)_202_CHAR(0x07)_202 = "j^_CHAR(0x03)_±2022202"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • …•)203]203 = "#R/203*203"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • @¯S_CHAR(0x1A)_204u204 = "_CHAR(0x15)_±¼£204`204"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • —^\a205O205 = "?s 205P205"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • tA¶206g206 = "´Ÿ_CHAR(0x15)_Ë206±206"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1F)_Š_š207ƒ207 = "_CHAR(0x12)___CHAR(0x15)_D207n207"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x08)_¶È~208}208 = "ŠH.‰208ª208"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 'Q209%209 = "0Ælƒ209209"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ƨ¿Z210d210 = "¸mB210›210"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ‚bŸ·2110211 = "v—]_CHAR(0x0F)_2111211"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • {$¡212}212 = "¨.S212`212"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • m_CHAR(0x1D)_La213r213 = "ώ_CHAR(0x1A)_.213Ð213"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ř_CHAR(0x1B)__CHAR(0x06)_214D214 = "—Ÿšœ214¶214"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • “I¦215—215 = "T£_CHAR(0x17)_5215.215"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • KV¹z216°216 = "+£AÂ2160216"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • HjR217_217 = "t)‘217217"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • X_CHAR(0x12)__CHAR(0x04)__CHAR(0x0B)_218²218 = "‘!®218 218"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ™:œb219219 = "§¥uÙ219Ì219"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Š²Íw220220 = "›LDÇ220Ô220"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1A)_$Hh221…221 = "UvQ*221_CHAR(0x05)_221"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Òe1_CHAR(0x1F)_222‚222 = "_CHAR(0x16)__²_222_CHAR(0x1B)_222"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • UÆÆ^223w223 = "_CHAR(0x15)_7I½223Ÿ223"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x10)_Â#_CHAR(0x16)_224Ï224 = "l”ÆÇ224Í224"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • M¬5225“225 = "cÅ5A225v225"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Ϩ«¤226@226 = "j_CHAR(0x17)_S¥226r226"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1F)__CHAR(0x16)_W†227·227 = "c¦ 227‰227"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x07)_¼N£228!228 = "H_CHAR(0x0C)_³228_CHAR(0x1F)_228"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • É_CHAR(0x1E)_N229•229 = "s"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • l!Ã230Œ230 = "R®Ù230ß230"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ›_CHAR(0x1A)_œ_CHAR(0x15)_231H231 = "_CHAR(0x03)_G)™231½231"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ¡j\4232½232 = "ãI¸¼232_CHAR(0x03)_232"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • D?_CHAR(0x17)_·233Í233 = "S‹µ·233ª233"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • R_CHAR(0x16)_t234 234 = "‘}U¼234Û234"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ß+b=235é235 = "§}Π235¤235"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0C)_½_CHAR(0x1B)_ 236Š236 = "“±_CHAR(0x07)_@236É236"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Ù8[!237è237 = "TE-À237)237"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • xQ†„238á238 = "ê¸×¢238\238"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • `Ś‘239K239 = "Q2s7239H239"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ˜êAÃ240“240 = "A‚‘240s240"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • a_CHAR(0x19)_•À241X241 = "”ŠsÁ241s241"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • u_CHAR(0x02)_ÉG242_CHAR(0x15)_242 = "J_CHAR(0x1F)_Ñ242É242"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • “ºà243™243 = "»dƶ243v243"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1A)__CHAR(0x0E)__CHAR(0x04)__CHAR(0x16)_244¥244 = "Sh_CHAR(0x0F)_¡244é244"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x15)_ÓôZ245_CHAR(0x03)_245 = "·q¡;245Ú245"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ¬¾_CHAR(0x12)_c246Ì246 = "Öµ)_CHAR(0x02)_2467246"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • º…i^247Ê247 = "Q…¡_CHAR(0x03)_247—247"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ¥_CHAR(0x0B)_“@248_CHAR(0x17)_248 = "°Vi248O248"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Å©Â_CHAR(0x0F)_249w249 = ")_CHAR(0x0F)__F249Ñ249"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • o_CHAR(0x16)_gž250º250 = "ÈjFc250_CHAR(0x0B)_250"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • •ø_CHAR(0x1B)_¼251251 = "¡{_251¾251"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 4Ò_€252q252 = "_CHAR(0x14)_`Ä252h252"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • åb•'253I253 = "î֋æ253«253"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Ã{Öð254˜254 = "x亶254a254"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • /+¡255_CHAR(0x0C)_255 = "þ¢ÝY255Œ255"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x04)__CHAR(0x0B)__CHAR(0x08)_14_CHAR(0x05)_14 = "_CHAR(0x08)__CHAR(0x01)__CHAR(0x01)_1414"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0C)__CHAR(0x01)__CHAR(0x02)_1616 = "_CHAR(0x0B)__CHAR(0x01)__CHAR(0x06)__CHAR(0x0E)_1616"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x12)__CHAR(0x10)__CHAR(0x05)__CHAR(0x05)_19_CHAR(0x11)_19 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x04)__CHAR(0x12)__CHAR(0x10)_20_CHAR(0x13)_20 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x04)__CHAR(0x0C)__CHAR(0x05)_21_CHAR(0x13)_21 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0C)__CHAR(0x12)__CHAR(0x0B)__CHAR(0x02)_2222 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x16)__CHAR(0x03)__CHAR(0x03)_23_CHAR(0x08)_23 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x13)__CHAR(0x11)_25_CHAR(0x06)_25 = "_CHAR(0x18)__CHAR(0x13)__CHAR(0x12)_25_CHAR(0x10)_25"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x13)__CHAR(0x16)__CHAR(0x0C)_26_CHAR(0x0B)_26 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1B)__CHAR(0x10)__CHAR(0x15)__CHAR(0x11)_30_CHAR(0x1D)_30 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x04)__CHAR(0x07)__CHAR(0x17)_31_CHAR(0x13)_31 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1D)__CHAR(0x0E)__CHAR(0x1C)__CHAR(0x01)_33_CHAR(0x1D)_33 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x11)__CHAR(0x04)__CHAR(0x08)__CHAR(0x11)_34_CHAR(0x18)_34 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0F)__CHAR(0x18)__CHAR(0x15)_35_CHAR(0x13)_35 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x06)__CHAR(0x0C)__CHAR(0x17)_36_CHAR(0x04)_36 = "_CHAR(0x02)__CHAR(0x19)_ 3636"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • #_CHAR(0x03)_ = "_CHAR(0x08)__CHAR(0x11)__CHAR(0x0F)__CHAR(0x06)_37_CHAR(0x04)_37"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x01)__CHAR(0x0E)__CHAR(0x19)_#38%38 = "#_CHAR(0x17)__CHAR(0x12)_3838"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • $_CHAR(0x1D)_39 39 = "$_CHAR(0x12)_#_CHAR(0x10)_39 39"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0F)__CHAR(0x19)_'_CHAR(0x0E)_41_CHAR(0x11)_41 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1D)__CHAR(0x0E)_ %42_CHAR(0x1B)_42 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x19)_()_CHAR(0x19)_43#43 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0B)_''44(44 = "!_CHAR(0x19)__CHAR(0x1E)__CHAR(0x10)_44"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0B)__CHAR(0x0E)__CHAR(0x14)_45_CHAR(0x0F)_45 = "_CHAR(0x1D)__CHAR(0x1E)_,45%45"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x13)_) 46'46 = "_CHAR(0x04)__CHAR(0x11)__CHAR(0x15)_'46_CHAR(0x0C)_46"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x18)_! #47_CHAR(0x1B)_47 = "_CHAR(0x18)_!_CHAR(0x0B)_47_CHAR(0x0E)_47"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x19)_'_CHAR(0x1D)__CHAR(0x05)_48_CHAR(0x0B)_48 = "!!_CHAR(0x1D)_!48_CHAR(0x01)_48"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • *_CHAR(0x06)_(*49_CHAR(0x0E)_49 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x05)__CHAR(0x1B)__CHAR(0x10)__CHAR(0x12)_50_CHAR(0x13)_50 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1C)__CHAR(0x02)__CHAR(0x18)__CHAR(0x06)_51-51 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x18)__CHAR(0x02)__CHAR(0x07)_-52052 = "#/_CHAR(0x08)__CHAR(0x1F)_52%52"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0E)__CHAR(0x18)__CHAR(0x01)_+53 53 = "_CHAR(0x06)_2_CHAR(0x06)__CHAR(0x05)_53153"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 2_CHAR(0x0F)__CHAR(0x07)_%54454 = "2,+_CHAR(0x1F)_54_CHAR(0x08)_54"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • #_CHAR(0x1B)_+655_CHAR(0x02)_55 = "!5_CHAR(0x13)__CHAR(0x03)_55155"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x17)__CHAR(0x12)_(_CHAR(0x18)_56_CHAR(0x01)_56 = "%_CHAR(0x0B)__CHAR(0x16)_56&56"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 2 (_CHAR(0x11)_57$57 = "_CHAR(0x02)_-!_CHAR(0x0B)_57_CHAR(0x0B)_57"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x16)__CHAR(0x04)__CHAR(0x14)_058_CHAR(0x18)_58 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x10)__CHAR(0x14)_$-59159 = "_CHAR(0x1D)__CHAR(0x18)_0#59_CHAR(0x0C)_59"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • +_CHAR(0x10)__CHAR(0x1C)_6161 = "_CHAR(0x11)_)961_CHAR(0x16)_61"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1F)__CHAR(0x12)_#62_CHAR(0x16)_62 = "+_CHAR(0x10)_6262"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x02)__CHAR(0x04)__CHAR(0x02)__CHAR(0x15)_63163 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ?;_CHAR(0x01)_%64_CHAR(0x1E)_64 = "_CHAR(0x01)__CHAR(0x17)_4 64 64"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • */265_CHAR(0x05)_65 = "*:_CHAR(0x14)_165665"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • !,_CHAR(0x1D)_?66_CHAR(0x07)_66 = "5%8)66/66"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1C)__CHAR(0x18)__CHAR(0x19)__CHAR(0x16)_67167 = "._CHAR(0x06)_&_CHAR(0x02)_67A67"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x19)_/_CHAR(0x1D)_468_CHAR(0x14)_68 = "_CHAR(0x02)_2.&68_CHAR(0x03)_68"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x13)_$=$69_CHAR(0x1F)_69 = "_CHAR(0x1D)_A_CHAR(0x1F)__CHAR(0x08)_69_CHAR(0x03)_69"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • =)_CHAR(0x1D)_.70_CHAR(0x05)_70 = "_CHAR(0x01)__CHAR(0x1D)_8_CHAR(0x04)_70_CHAR(0x05)_70"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 8_CHAR(0x19)_'71671 = "_CHAR(0x17)_8.71571"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • A_CHAR(0x13)_-473873 = ";_CHAR(0x13)__CHAR(0x15)_,7373"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x08)_1_CHAR(0x19)_=74_CHAR(0x07)_74 = "0-#074E74"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1A)_JD_CHAR(0x17)_75!75 = ",_CHAR(0x16)_)_CHAR(0x18)_75;75"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • D%76276 = "(_CHAR(0x1E)_5_CHAR(0x11)_76C76"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ;-?-77*77 = "_CHAR(0x0B)_@(_CHAR(0x1D)_77077"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • -_CHAR(0x14)_-)78278 = "=(KJ78878"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • K_CHAR(0x1A)_M_CHAR(0x04)_79_CHAR(0x16)_79 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x18)_I_CHAR(0x1A)_*80080 = "_CHAR(0x12)__CHAR(0x1D)__CHAR(0x1B)__CHAR(0x1D)_80,80"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • I_CHAR(0x1F)_2%81_CHAR(0x19)_81 = "+/A81B81"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x05)__CHAR(0x14)_;82:82 = "'_CHAR(0x08)__CHAR(0x15)_*82"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x04)__CHAR(0x17)_LH83683 = "N8_CHAR(0x0B)__CHAR(0x1A)_83)83"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x06)__CHAR(0x02)_)784_CHAR(0x0E)_84 = "@:_CHAR(0x0E)_#84_CHAR(0x11)_84"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • N0-S85F85 = "_CHAR(0x07)_-1/8585"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 1:ME86286 = "8_CHAR(0x08)_I86S86"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 9_CHAR(0x16)_O_CHAR(0x0B)_87N87 = "5Q_CHAR(0x07)__CHAR(0x08)_87487"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • T&$!88_CHAR(0x05)_88 = "O_CHAR(0x06)__CHAR(0x04)_&88@88"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 2'_CHAR(0x05)_89989 = "AM0S89_CHAR(0x07)_89"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • G2_CHAR(0x1F)_A90&90 = "R_CHAR(0x1F)_=S90U90"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x07)__CHAR(0x04)__CHAR(0x06)__CHAR(0x10)_91H91 = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • %_CHAR(0x10)_(N93_CHAR(0x02)_93 = "5D!.93393"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 04&C94B94 = "43A$94_CHAR(0x02)_94"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • XL$95#95 = "OB"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x04)_DB/96896 = "Y_CHAR(0x06)_[296_CHAR(0x1B)_96"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • -_CHAR(0x13)_&D97_CHAR(0x04)_97 = "QU_CHAR(0x08)__CHAR(0x06)_97#97"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • KZJ+98_CHAR(0x1E)_98 = "2_CHAR(0x19)__CHAR(0x08)__98D98"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • -0299]99 = "_CHAR(0x0B)__CHAR(0x05)_299699"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x08)_-QU1009100 = "V_CHAR(0x13)_AF100A100"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • K+'(101_CHAR(0x11)_101 = "!%d101P101"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • R&dZ102B102 = "._CHAR(0x1B)_\H102102"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • &9\]104_CHAR(0x0E)_104 = "_CHAR(0x11)_8DC1043104"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ;$d_CHAR(0x15)_105_CHAR(0x02)_105 = "68PJ1055105"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • a_CHAR(0x06)_,G106.106 = "`_CHAR(0x19)_*;106_CHAR(0x1B)_106"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • G0_CHAR(0x0E)_2107T107 = "7I_CHAR(0x05)_c107_CHAR(0x11)_107"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ,?/)1088108 = "k79_CHAR(0x11)_108_CHAR(0x08)_108"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1E)_!_CHAR(0x0E)_1098109 = "_CHAR(0x0F)_JM109109"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x04)_C'm110#110 = "4IZ110_CHAR(0x03)_110"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0B)__CHAR(0x07)_0_CHAR(0x1E)_1119111 = "Zd_CHAR(0x16)_?111k111"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • L.g5112g112 = "A!N?1120112"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ,&_CHAR(0x13)__CHAR(0x19)_113_CHAR(0x1F)_113 = "+*_CHAR(0x02)_P113_CHAR(0x0C)_113"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x0E)__CHAR(0x1A)_114)114 = "_CHAR(0x05)__CHAR(0x12)_\a114h114"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ?i!_CHAR(0x14)_115@115 = "ki+(115E115"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1B)__CHAR(0x04)__CHAR(0x0C)_S116F116 = "VFlX116p116"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x06)_3j1172117 = "E+!_CHAR(0x14)_117_117"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 3et3118_CHAR(0x1F)_118 = "_CHAR(0x12)__CHAR(0x05)_,/118E118"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • pJ4_CHAR(0x01)_119_CHAR(0x11)_119 = "_CHAR(0x05)_);X119u119"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • C_M120`120 = "9M _CHAR(0x1F)_120 120"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • e?_CHAR(0x07)_3121K121 = "MwA_CHAR(0x18)_121_CHAR(0x1F)_121"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • E3_CHAR(0x07)_122=122 = ") 2T1222122"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • nw4123w123 = "%^9^1236123"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • /_CHAR(0x16)_jq1247124 = "M3Nm124r124"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • df2 1253125 = "X(mP125_CHAR(0x15)_125"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • %_CHAR(0x01)__CHAR(0x04)_126_CHAR(0x14)_126 = "JIb_CHAR(0x0B)_126F126"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • uU_CHAR(0x07)_1274127 = "_CHAR(0x1C)_S_CHAR(0x0C)_?127E127"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • =!H_CHAR(0x04)_128^128 = "M.q/128/128"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • yy_CHAR(0x0F)_\129z129 = "e;=J129_CHAR(0x1A)_129"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • KL_CHAR(0x05)_130S130 = "q_CHAR(0x11)_130_CHAR(0x13)_130"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1F)_D/x131_CHAR(0x16)_131 = "V_CHAR(0x1C)__CHAR(0x0B)_"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • \?!O132132 = "_CHAR(0x1A)_&Jd132s132"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • q;LB133€133 = "T4;_CHAR(0x0B)_133s133"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 6`_CHAR(0x1A)_a134_CHAR(0x1D)_134 = "W _CHAR(0x1D)_,134B134"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x12)_^c135_CHAR(0x12)_135 = "*€_CHAR(0x04)_135h135"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x02)_‡$_CHAR(0x18)_136_CHAR(0x1C)_136 = "8UQ136G136"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • n = "-mP1137_CHAR(0x01)_137"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 4h#L138+138 = "NRBJ1382138"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x05)_u':139X139 = "q_CHAR(0x11)_O]139_CHAR(0x1F)_139"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Ed(\140,140 = "2‰I‚140&140"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Hƒ141P141 = "5U)_CHAR(0x0F)_141o141"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • IŠ{142_142 = "_CHAR(0x12)_eL_CHAR(0x11)_1422142"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • DƒN143ˆ143 = "8‰G†143J143"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • LY{ 144c144 = "_CHAR(0x18)_144_CHAR(0x10)_144"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • R_CHAR(0x1B)_F+145Š145 = "=7F 145+145"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • z+um146'146 = "=g_CHAR(0x06)__146,146"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 6NUŒ147_CHAR(0x17)_147 = "_CHAR(0x08)_h_CHAR(0x02)__CHAR(0x0E)_147_CHAR(0x07)_147"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x13)_4ƒ148:148 = "M€f148$148"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • {zk_CHAR(0x08)_149Z149 = "BP[„149h149"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • oŠ~y150_CHAR(0x15)_150 = "‘8ˆ_CHAR(0x1C)_150o150"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • $M3151*151 = "8K_CHAR(0x01)_"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • U_CHAR(0x16)_W152152 = "D!N,1521152"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ,n‹_CHAR(0x13)_153_CHAR(0x14)_153 = "[8t‚153‹153"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Z;154‹154 = "]a:=154E154"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x01)_T]˜155u155 = "˜@(155?155"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • fb_CHAR(0x1A)_t156_CHAR(0x1B)_156 = "4#_CHAR(0x1A)_K156156"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ‹’_CHAR(0x1A)_s157-157 = "Vp_CHAR(0x13)_157157"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x02)_r€158_CHAR(0x18)_158 = "C_CHAR(0x1E)_YB158_CHAR(0x07)_158"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x06)__CHAR(0x0F)_8M159$159 = "hŠa/159€159"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • {_CHAR(0x01)_vd160_CHAR(0x08)_160 = "j:_CHAR(0x11)_U1603160"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • —+aK161_CHAR(0x18)_161 = "D_CHAR(0x1E)_#”161^161"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x17)_]_162o162 = "{dcj162k162"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • w…fc163d163 = "@_CHAR(0x1C)_”v163{163"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    •  uŸ164y164 = "›[š164_CHAR(0x0C)_164"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ?G=165g165 = "0V_CHAR(0x1F)_ž165_CHAR(0x06)_165"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • X‰_CHAR(0x13)_T166R166 = "-oF/166m166"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • !¦%_CHAR(0x14)_167Y167 = "Š8_CHAR(0x0C)__CHAR(0x05)_167š167"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • O_CHAR(0x0F)_£E168q168 = "a65168F168"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 3j‰_CHAR(0x0F)_169*169 = "$œ_CHAR(0x08)__CHAR(0x05)_169o169"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • §)7170h170 = "_CHAR(0x0F)_ œj170E170"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • &¦1ƒ171_CHAR(0x03)_171 = "g_CHAR(0x1C)_Ÿd171_CHAR(0x1D)_171"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x11)_¦_CHAR(0x1D)_8172_CHAR(0x1A)_172 = "_CHAR(0x0C)__CHAR(0x14)_1X172@172"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Šx_CHAR(0x16)_1738173 = "•h_CHAR(0x13)_Ÿ173b173"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1E)__CHAR(0x17)_ªx174174 = "ª“5174_CHAR(0x19)_174"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • SET.175]175 = "@]_CHAR(0x07)_¢175_CHAR(0x0F)_175"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ¨–9176t176 = "¤_CHAR(0x19)__CHAR(0x0F)_:1763176"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • £F™_CHAR(0x11)_177=177 = "{‰_CHAR(0x01)_o177…177"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x02)_[Œ_CHAR(0x08)_178s178 = "l(-178 178"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ²_CHAR(0x05)_C1798179 = "VªII179_CHAR(0x11)_179"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • `r˜.180§180 = "‹hrX180\180"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • r_CHAR(0x04)__CHAR(0x12)_181‰181 = "€B&ž181w181"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ­$_CHAR(0x1D)_H182g182 = "¡0W182Q182"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • W±]_CHAR(0x08)_183_CHAR(0x08)_183 = "6¦1_CHAR(0x17)_183_CHAR(0x1A)_183"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ·f¶‘184§184 = "_CHAR(0x17)_=W³184_CHAR(0x1D)_184"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ~m_CHAR(0x15)_185¸185 = "„^o²185S185"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ´_CHAR(0x0F)_G9186_CHAR(0x19)_186 = "8;¨186@186"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • {©bk187—187 = "¶±_CHAR(0x1F)_187²187"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • KP_CHAR(0x1A)_l188V188 = "[oEŸ188­188"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • £mº]189§189 = ",§_CHAR(0x10)_¯189189"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • VL_CHAR(0x05)_p190C190 = "O_CHAR(0x1B)_«„190190"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • r3_CHAR(0x1A)_«191E191 = "«!“_CHAR(0x1D)_191˜191"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • €whµ192°192 = "¾PI—192¸192"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • q–’\1939193 = "¯¦:_CHAR(0x01)_193_CHAR(0x01)_193"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ª_CHAR(0x11)_…_CHAR(0x0C)_1943194 = "NX„194_CHAR(0x10)_194"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x15)_Z_CHAR(0x19)_ª195195 = "y¾_CHAR(0x05)__CHAR(0x1E)_195®195"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ZKY!196X196 = "0’oa196¦196"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Ia_¡197%197 = "`VGQ197@197"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 4!¥198]198 = "1_CHAR(0x1E)_W)198)198"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • »W_CHAR(0x14)_199_CHAR(0x1F)_199 = "N_CHAR(0x06)_¥199199"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • œ_CHAR(0x1D)_A200,200 = " o-²200p200"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Ä­gT201­201 = "P_CHAR(0x01)_‹T201_CHAR(0x01)_201"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • c6E&202`202 = "˜#_CHAR(0x12)_202Ÿ202"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 0®AH203*203 = "1~%Ã203[203"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • YG_CHAR(0x1E)_‰204K204 = "°gˆ_CHAR(0x1B)_204q204"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x1C)_‹j_CHAR(0x10)_205€205 = "­Â¸Ÿ205i205"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • S_CHAR(0x18)_­Í206¥206 = "hN˜206_CHAR(0x0F)_206"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 7µ`207W207 = "‚_CHAR(0x12)_$1207_CHAR(0x1F)_207"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Bw³{208«208 = "‹œZ208¾208"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • *Š®8209•209 = "fΒ[209_CHAR(0x0F)_209"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ˜%_CHAR(0x08)_•210Ç210 = "ºŸ¹6210‹210"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • gQ_CHAR(0x18)_¶211_CHAR(0x13)_211 = "‡Ÿ'S2112211"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • __CHAR(0x1B)_` 212º212 = "_CHAR(0x18)_ _CHAR(0x1D)_–212k212"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x18)_‡Î213u213 = "•ZÍw213²213"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ©;¾Æ214 214 = "Ìhm214É214"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ÆÊ_CHAR(0x10)_I215[215 = "¥O&ˆ215 215"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • À¿_CHAR(0x14)_!216Š216 = "_CHAR(0x0F)_¨_CHAR(0x12)__CHAR(0x04)_216:216"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • •#ʅ217217 = "I_CHAR(0x1C)_¡¼217x217"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x14)_O\i218Ô218 = "6`}d218ˆ218"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • º_CHAR(0x1E)_s)219_CHAR(0x03)_219 = "7\6W219‹219"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • a›c±2208220 = "ǚ,¹220u220"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • (M221“221 = "_CHAR(0x1F)_W_C221Ã221"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • :š!222˜222 = "$gÉi222V222"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • °×_CHAR(0x08)_223Š223 = "ؓ_CHAR(0x06)_Y223_CHAR(0x19)_223"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • !_CHAR(0x02)_}Ì224Ó224 = "›_CHAR(0x1E)_ž!224Q224"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 6B¤v225225 = "‘vÔÝ225-225"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Å226f226 = "Ô]_CHAR(0x1B)_T226o226"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ºœà9227;227 = "ÈV*_CHAR(0x05)_227m227"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ]ە228Å228 = "tÄo228_CHAR(0x0C)_228"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x11)_ä…Ï229×229 = "˜Nßs229ä229"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ÚhŽ230V230 = "¨ueà230v230"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 0AÀ¾231Œ231 = "_CHAR(0x12)_vÖâ231„231"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 7]+Ô232µ232 = "´âÕ232ˆ232"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • _CHAR(0x02)_Œ?¥233–233 = "SaHq233Æ233"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ÑÂEi234E234 = "¯·àn234%234"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Nº¼F235©235 = "R„•O235¯235"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • á_CHAR(0x1B)_{/236ƒ236 = "£á²B2367236"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • L_CHAR(0x1E)__CHAR(0x19)_a237‡237 = "Å$5€237ß237"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Ð0Ä_CHAR(0x10)_238g238 = "i_CHAR(0x07)_kˆ238_CHAR(0x12)_238"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Þ7j¿239_CHAR(0x0E)_239 = "NRtÂ239f239"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 6#_CHAR(0x16)__CHAR(0x0F)_240g240 = "¤_CHAR(0x08)_À_CHAR(0x1C)_240+240"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ^ä(ª241ˆ241 = "Q£Üg241!241"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • CÏT¥242Ñ242 = "·_CHAR(0x1C)_½y242Â242"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ¤_CHAR(0x0E)_Œ_CHAR(0x14)_243Ë243 = "1z5^2439243"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ugH$244244 = "éք$2440244"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • +_CHAR(0x17)_òÐ245Ü245 = "ð„"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 6_CHAR(0x01)_5Y246¸246 = "q†ÖÂ246¯246"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ˆ'xÀ248Î248 = "_CHAR(0x16)_‘…]248k248"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • õ0_CHAR(0x16)_249K249 = "_CHAR(0x0E)_8_CHAR(0x18)_'249&249"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ’_CHAR(0x04)__CHAR(0x17)_™250k250 = "]5Ý250_CHAR(0x10)_250"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • v£¤251„251 = "d¿¹_CHAR(0x1D)_251E251"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ØÕ_CHAR(0x07)__CHAR(0x13)_252È252 = "¯_CHAR(0x01)_ߑ2520252"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • â_CHAR(0x02)__CHAR(0x1E)_253[253 = "ã{r¹253Á253"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • ܲe…254P254 = "†kï‘254_CHAR(0x1B)_254"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • æ _CHAR(0x0C)_ì255_CHAR(0x0E)_255 = "#¬_CHAR(0x19)_™255—255"

Step 4

Search and delete these files

[ Learn More ]
There may be some component files that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.
  • %Temp%\m.bat
  • %Temp%\o.bat
  • %User Startup%\SoundDivx.lnk
  • %Temp%\l.bat
  • %Temp%\a.bat
  • %Temp%\j.bat
  • \My picture.lnk
  • %Start Menu%\Programs\My picture.lnk

Step 5

Search and delete these folders

[ Learn More ]
Please make sure you check the Search Hidden Files and Folders checkbox in the More advanced options option to include all hidden folders in the search result.
  • %System Root%\iran
  • d:\iran
  • e:\iran
  • f:\iran
  • g:\iran
  • h:\iran
  • i:\iran
  • j:\iran
  • k:\iran
  • l:\iran
  • m:\iran
  • n:\iran
  • o:\iran
  • p:\iran
  • q:\iran
  • r:\iran
  • s:\iran
  • t:\iran
  • u:\iran
  • v:\iran
  • w:\iran
  • x:\iran
  • y:\iran
  • z:\iran
  • %User Startup% 
  • %Favorites%\Internet Explorer

Step 6

Restart in normal mode and scan your computer with your Trend Micro product for files detected as TROJ_INAR.ERV. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.