Troj/Inject-AUU

Category: Viruses and Spyware Protection available since:05 Mar 2014 00:52:56 (GMT)
Type: Trojan Last Updated:05 Mar 2014 00:52:56 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Inject-AUU include:

Example 1

File Information

Size
283K
SHA-1
8dc3c44a07f22c0949713526f53a293a72167deb
MD5
9d79003b584328ff9132a7a573193501
CRC-32
e0c9f216
File type
Windows executable
First seen
2014-03-04

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\crnjenq.exe
Dropped Files
  • C:\WINDOWS\Tasks\{7D622B2A-7056-6C96-AF02-4841835EAF28}.job
    Size
    424
    SHA-1
    7825572e0a8684927620ac173097b75af15ce425
    MD5
    4001e347e1e01126e8667b1f26700dcb
    CRC-32
    c3defdde
    File type
    .JOB File Format
    First seen
    2014-03-04
Registry Keys Created
  • HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
    iCountry
    ZD□□y□□□□□□□0S□□□□□□□`[□□.□`□□□□□ X□□O□P□□□8□□□□□□□□□□□c□`□□07□□□□@□□`□□□D□□y□□□□□□□0S□□□□□□□`[□□.□`□□□□□ X□□O□P□□□8□□□□@-□0□□□□□□,□□□□P2□ □□`□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□P□□□□□□□□PR□□_□□□□□□□p□□□□□`□□□□□0□□□□□`>□□□□0c□□O□□e□□□□`□□□n□□□□@b□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□ [... 36528 intervening characters ...] □□□□□□□□□□1□□□□□□□□□□□K□□□□□p□□□□□□□□#□`^□□P□□K□P*□□□□□□□□C□p□□□□□□6□□=□□u□□z□0□□□□□`!□□□□□□□P□□□□□0t□□!□pG□`□□ □□□3□□□□□Z□PI□□f□□□□0□□`(□□□□p□□□v□□e□□□□□n□P□□□□□□□□□:□□4□□n□□□□□7□ □□□□□ □□□?□
  • HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
    Window
    dn□□h□□□□□□□@t□□□□□□□□F□□□□□□□□□□□V□□e□@□□□;□□□□□&□□□□`~□□□□P□□□□□@□□□□□@n□□h□□□□□□□@t□□□□□□□□F□□□□□□□□□□□V□□e□@□□□;□□□□0□□0□□0□□01□□□□□.□ □□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□p□□P□□`□□□□□0f□@C□□□□□□□□□□□□□p□□□□□@□□□□□□#□P□□PW□□S□□u□□□□□□□□□□□□□r□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□ [... 36528 intervening characters ...] +□□□□□□□□!□□□□□□□0□□□V□□□□ l□□□□□□□`□□pO□□S□□[□ □□□□□p□□0^□□□□ □□□&□@3□□_□□k□ □□□□□□□□□□□p□□□□□□□□□h□□1□□I□□□□0□□□0□@□□p}□PK□p{□`□□P□□□4□□□□□□□P\□□t□□□□□~□ □□□□□0□□0'□□□□□r□□□□P9□□□□□□□0□□□/□
  • HKCU_Classes\CLSID\{3AED03F9-03B9-2285-0354-9669A76F457A}
    BounceTime
    qh□ b□P□□□□□pu□p□□□□□pG□`□□@□□□□□PO□@i□□□□□)□□□□ ,□□□□P~□□□□□□□□□□□□□□□□□b□Pc□0□□□□□□y□□□□□□□□L□□□□□□□□□□ N□ b□□□□□%□0□□□□□□□□p□□□<□□□□□(□□□□p□□`□□ 1□□□□□□□`□□0R□ □□p□□p□□□1□□□□□□□p□□ U□□□□□□□□□□□;□□□□`□□□□□□^□□□□□□□□□□□=□`□□p□□□□□@^□□□□□□□□□□□:□□□□□□□□□□PT□□□□`□□□□□P□□□Z□ ^□□□□□M□`□□□X□□□□□□□□□□□□□$□□}□□□□0%□□□□□;□□□□`□□□□□□^□□□□□□□□□□□=□`□□p□□□□□@^□□□□□□□□□□□:□□□□□□□□□□PT□□□□`□□`□□ 1□□□□□□□`□□0R□ □□p□□p□□□1□□□□□□□p□□ U□□□□□□□□□□□;□□□□`□□□□□□^□□□□□□□□□□□=□`□□p□□□□□@^□□□□□□□□□□□:□□□□□□□□□□PT□□□□`□□`□□ 1□□□□□□□`□□0R□ □□p□□p□□□1□□□□□□□p□□ U□□□□□□□□□□□;□□□□`□□□□□□^□□□□□□□□□□□=□`□□p□□□□□@^□□□□□□□□□□□:□□□□□□□□□□PT□□□□`□□`□□ 1□□□□□□□`□□0R□ □□p□□p□□□1□□□□□□□p□□ U□□□□□□□□□□□;□□□□`□□□□□□^□□□□□□□□□□□=□`□□p□□□□□@^□□□□□□□□□□□:□□□□□□□□□□PT□□□□`□□`□□ 1□□□□□□□`□□0R□ □□p□□ [... 14400 intervening characters ...] p□□□1□□□□□□□p□□ U□□□□□□□□□□□;□□□□`□□□□□□^□□□□□□□□□□ □□□□□□□□p'□ □□□q□0□□□□□□:□□□□□□□□□□PT□□□□`□□□□□□□□□f□□t□□□□p*□□|□@□□□□□□□□□□□□□□□□□□□□□□□□M□□□□□x□□□□P□□□g□□□□P□□□□□□□□□b□□□□□□□□;□□□□ T□□□□
  • HKCU_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
    Window
    dn□□h□□□□□□□@t□□□□□□□□F□□□□□□□□□□□V□□e□@□□□;□□□□□&□□□□`~□□□□P□□□□□@□□□□□@n□□h□□□□□□□@t□□□□□□□□F□□□□□□□□□□□V□□e□@□□□;□□□□0□□0□□0□□01□□□□□.□ □□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□p□□P□□`□□□□□0f□@C□□□□□□□□□□□□□p□□□□□@□□□□□□#□P□□PW□□S□□u□□□□□□□□□□□□□r□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□□□□□#□□□□□□□□□□□R□□□□□□□P□□□0□@□□ □□□□□□L□□□□□□□□□□□=□P□□□□□ □□□_□□□□ □□ [... 36528 intervening characters ...] +□□□□□□□□!□□□□□□□0□□□V□□□□ l□□□□□□□`□□pO□□S□□[□ □□□□□p□□0^□□□□ □□□&□@3□□_□□k□ □□□□□□□□□□□p□□□□□□□□□h□□1□□I□□□□0□□□0□@□□p}□PK□p{□`□□P□□□4□□□□□□□P\□□t□□□□□~□ □□□□□0□□0'□□□□□r□□□□P9□□□□□□□0□□□/□
  • HKCU\Software\Classes\CLSID\{3AED03F9-03B9-2285-0354-9669A76F457A}
    BounceTime
    qh□ b□P□□□□□pu□p□□□□□pG□`□□@□□□□□PO□@i□□□□□)□□□□ ,□□□□P~□□□□□□□□□□□□□□□□□b□Pc□0□□□□□□y□□□□□□□□L□□□□□□□□□□ N□ b□□□□□%□0□□□□□□□□p□□□<□□□□□(□□□□p□□`□□ 1□□□□□□□`□□0R□ □□p□□p□□□1□□□□□□□p□□ U□□□□□□□□□□□;□□□□`□□□□□□^□□□□□□□□□□□=□`□□p□□□□□@^□□□□□□□□□□□:□□□□□□□□□□PT□□□□`□□□□□P□□□Z□ ^□□□□□M□`□□□X□□□□□□□□□□□□□$□□}□□□□0%□□□□□;□□□□`□□□□□□^□□□□□□□□□□□=□`□□p□□□□□@^□□□□□□□□□□□:□□□□□□□□□□PT□□□□`□□`□□ 1□□□□□□□`□□0R□ □□p□□p□□□1□□□□□□□p□□ U□□□□□□□□□□□;□□□□`□□□□□□^□□□□□□□□□□□=□`□□p□□□□□@^□□□□□□□□□□□:□□□□□□□□□□PT□□□□`□□`□□ 1□□□□□□□`□□0R□ □□p□□p□□□1□□□□□□□p□□ U□□□□□□□□□□□;□□□□`□□□□□□^□□□□□□□□□□□=□`□□p□□□□□@^□□□□□□□□□□□:□□□□□□□□□□PT□□□□`□□`□□ 1□□□□□□□`□□0R□ □□p□□p□□□1□□□□□□□p□□ U□□□□□□□□□□□;□□□□`□□□□□□^□□□□□□□□□□□=□`□□p□□□□□@^□□□□□□□□□□□:□□□□□□□□□□PT□□□□`□□`□□ 1□□□□□□□`□□0R□ □□p□□ [... 14400 intervening characters ...] p□□□1□□□□□□□p□□ U□□□□□□□□□□□;□□□□`□□□□□□^□□□□□□□□□□ □□□□□□□□p'□ □□□q□0□□□□□□:□□□□□□□□□□PT□□□□`□□□□□□□□□f□□t□□□□p*□□|□@□□□□□□□□□□□□□□□□□□□□□□□□M□□□□□x□□□□P□□□g□□□□P□□□□□□□□□b□□□□□□□□;□□□□ T□□□□
  • HKCU\Software\Classes\CLSID\{100A4C98-7480-48AC-A95D-A067A236DC6B}
    CharSet
    po□`~□P□□□□□ q□p□□□□□pJ□0□□□□□`;□□@□P_□□□□p$□□□□@'□□□□□v□`□□□□□□□□□□□p□□pD□□m□@□□□□□□x□@□□□□□□a□□□□□□□p□□0I□`~□□□□□□□`□□□=□□□□p□□□'□0□□□□□@□□`□□p□□□<□□□□`□□□□□□Z□□□□□□□□□□□&□□□□□□□□□□Ph□□□□`□□0□□□1□□5□□□□p□□ O□□□□@□□□□□□□□0□□p□□□□□@S□□□□`□□`□□p5□□%□□□□`□□`I□□□□□□□□□□□□□@□□□□□□c□□O□ >□□□□□□□□□□□□□□□□□□□ .□□+□□□□□T□@R□□c□□□□□□□`z□ /□0o□□□□□&□□□□□□□□□□Ph□□□□`□□0□□□1□□5□□□□p□□ O□□□□@□□□□□□□□0□□p□□□□□@S□□□□`□□`□□p5□□%□□□□`□□`I□□□□□□□□□□□□□□□□`□□@□□@^□□□□□□□□□□□ □□□□@□□`□□0x□p□□p□□p□□□<□□□□`□□□□□□Z□□□□□□□□□□□&□□□□□□□□□□Ph□□□□`□□0□□□1□□5□□□□p□□ O□□□□@□□□□□□□□0□□p□□□□□@S□□□□`□□`□□p5□□%□□□□`□□`I□□□□□□□□□□□□□□□□`□□@□□@^□□□□□□□□□□□ □□□□@□□`□□0x□p□□p□□p□□□<□□□□`□□□□□□Z□□□□□□□□□□□&□□□□□□□□□□Ph□□□□`□□0□□□1□□5□□□□p□□ O□□□□@□□□□□□□□0□□p□□□□□@S□□□□`□□`□□p5□□%□□□□`□□`I□□□□□□□ [... 36528 intervening characters ...] `*□0□□□□□□□□□□□□?□□□□□Z□ □□``□□□□□□□03□□_□0L□□@□□□□0□□□□□□i□□□□`□□□0□□!□ u□□n□□□□□□□□□□□□□0□□0□□□□□□R□ !□`V□□□□□□□p□□□□□□J□□H□0z□□□□□□□□□□□□□p□□pA□0x□ □□□r□□□□p□□`□□□7□P□□`i□p□□□□□0□□P□□□□□□.□
  • HKCU_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
    iCountry
    ZD□□y□□□□□□□0S□□□□□□□`[□□.□`□□□□□ X□□O□P□□□8□□□□□□□□□□□c□`□□07□□□□@□□`□□□D□□y□□□□□□□0S□□□□□□□`[□□.□`□□□□□ X□□O□P□□□8□□□□@-□0□□□□□□,□□□□P2□ □□`□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□P□□□□□□□□PR□□_□□□□□□□p□□□□□`□□□□□0□□□□□`>□□□□0c□□O□□e□□□□`□□□n□□□□@b□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□□□□□!□P□□p□□□□□□N□□□□p□□ [... 36528 intervening characters ...] □□□□□□□□□□1□□□□□□□□□□□K□□□□□p□□□□□□□□#□`^□□P□□K□P*□□□□□□□□C□p□□□□□□6□□=□□u□□z□0□□□□□`!□□□□□□□P□□□□□0t□□!□pG□`□□ □□□3□□□□□Z□PI□□f□□□□0□□`(□□□□p□□□v□□e□□□□□n□P□□□□□□□□□:□□4□□n□□□□□7□ □□□□□ □□□?□
  • HKCU_Classes\CLSID\{100A4C98-7480-48AC-A95D-A067A236DC6B}
    CharSet
    po□`~□P□□□□□ q□p□□□□□pJ□0□□□□□`;□□@□P_□□□□p$□□□□@'□□□□□v□`□□□□□□□□□□□p□□pD□□m□@□□□□□□x□@□□□□□□a□□□□□□□p□□0I□`~□□□□□□□`□□□=□□□□p□□□'□0□□□□□@□□`□□p□□□<□□□□`□□□□□□Z□□□□□□□□□□□&□□□□□□□□□□Ph□□□□`□□0□□□1□□5□□□□p□□ O□□□□@□□□□□□□□0□□p□□□□□@S□□□□`□□`□□p5□□%□□□□`□□`I□□□□□□□□□□□□□@□□□□□□c□□O□ >□□□□□□□□□□□□□□□□□□□ .□□+□□□□□T□@R□□c□□□□□□□`z□ /□0o□□□□□&□□□□□□□□□□Ph□□□□`□□0□□□1□□5□□□□p□□ O□□□□@□□□□□□□□0□□p□□□□□@S□□□□`□□`□□p5□□%□□□□`□□`I□□□□□□□□□□□□□□□□`□□@□□@^□□□□□□□□□□□ □□□□@□□`□□0x□p□□p□□p□□□<□□□□`□□□□□□Z□□□□□□□□□□□&□□□□□□□□□□Ph□□□□`□□0□□□1□□5□□□□p□□ O□□□□@□□□□□□□□0□□p□□□□□@S□□□□`□□`□□p5□□%□□□□`□□`I□□□□□□□□□□□□□□□□`□□@□□@^□□□□□□□□□□□ □□□□@□□`□□0x□p□□p□□p□□□<□□□□`□□□□□□Z□□□□□□□□□□□&□□□□□□□□□□Ph□□□□`□□0□□□1□□5□□□□p□□ O□□□□@□□□□□□□□0□□p□□□□□@S□□□□`□□`□□p5□□%□□□□`□□`I□□□□□□□ [... 36528 intervening characters ...] `*□0□□□□□□□□□□□□?□□□□□Z□ □□``□□□□□□□03□□_□0L□□@□□□□0□□□□□□i□□□□`□□□0□□!□ u□□n□□□□□□□□□□□□□0□□0□□□□□□R□ !□`V□□□□□□□p□□□□□□J□□H□0z□□□□□□□□□□□□□p□□pA□0x□ □□□r□□□□p□□`□□□7□P□□`i□p□□□□□0□□P□□□□□□.□
Processes Created
  • c:\Documents and Settings\test user\application data\identities\{e2564744-a8ed-497d-924b-a548b20ca034}\crnjenq.exe
DNS Requests
  • judrast.com
  • portechego.info

Example 2

File Information

Size
283K
SHA-1
b66dbc5d081409d51ac8048ec0909bf7c1bc1b07
MD5
b7515db6314a9a7692a49fef3e312d06
CRC-32
f7c3f45e
File type
Windows executable
First seen
2014-03-03

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Adobe\Acrobat\8.0\Collab\djuxram.exe
Dropped Files
  • C:\WINDOWS\Tasks\{56BD7E50-071B-6E03-7322-1A16F162F934}.job
    Size
    374
    SHA-1
    4d192c5c4bbff674bba0c9d8808eacc272fc1285
    MD5
    4e1f45cc4e24ae0b830c4a10792522a2
    CRC-32
    990906d7
    File type
    application/data
    First seen
    2014-03-04
  • c:\Documents and Settings\test user\Local Settings\Temp\CEdJrUID3.tmp
    Size
    692
    SHA-1
    d5a2e8c7fbc3a71d34b0aae2bc65c02752bcf513
    MD5
    045b950ae3dc7f017fd77a3ef433be8e
    CRC-32
    4d131085
    File type
    application/octet-stream
    First seen
    2014-03-04
Registry Keys Created
  • HKCU_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
    ColorC
    ph□□c□@□□□□□`□p□□□□□□M□□.□□□□□□□ b□@c□`□□`□□□□□□-□□□□ x□□□□□7□□□□`□□`□□□h□□c□@□□□□□`□p□□□□□□M□□.□□□□□□□ b□@c□`□□`□□□□□□□□□□□p□□□:□ □□□(□□□□`□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□P□□□□□ □□0□□□R□□E□□□□□□□□□□□□□□□□□□□`□□@.□□%□p□□□c□@U□□~□□□□□□□ t□ ?□Pt□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□ [... 36528 intervening characters ...] `-□□□□□□□□'□□□□□/□p□□ ]□□□□`j□0□□□□□ □□PD□ g□□]□□□□P□□0□□□U□□□□`□□0-□□□□PY□□`□□□□□□□0□□0□□0□□□□□0□□□n□□:□p}□□□□□□□□□□□□□Pv□□□0}□@□□□□□□2□□□□p□□□Z□□□□□□□x□□□□□□□p□□□,□@4□@t□□□□□□□□□□□□□□□□□)□
  • HKCU_Classes\CLSID\{30AB3B0C-2C5B-7AD7-2E05-7315B664ED0C}
    Pattern Upgrade
    cf□0x□0□□0□□□`□ □□□□□□r□0□□□□□□□□□t□pk□□□□□)□□□□06□□□□□7□□□□□□□□□□□(□P□□pb□Pb□`□□□□□□q□□□□□□□□V□p□□p□□p□□pS□`h□□□□P8□□□□□□□□□□@□□□4□@□□□&□□□□□□□□□□□$□□□□@□□□□□`O□□□□p□□ □□□3□□□□□□□P□□0O□□□□□□□p□□□&□□□□□□□@□□0^□□□□P□□ □□□5□□□□P□□□□□ I□□□□□□□P□□□0□□&□@□□□□□PU□□□□P□□□□□□□□□T□0D□□□□P□□□□□PE□P□□□□□□□□□□□%□□F□□□□P-□`□□□5□□□□□□□□□□ K□□□□@□□p□□□ □□□□p□□P□□p\□□□□□□□ □□□ □□□□□□□□□□□I□□□□□□□0□□□1□□□□P□□P□□PZ□□□□P□□`□□□&□PV□□□□ □□`_□□□□@□□`□□□:□□#□P□□p□□0^□□□□□□□p□□□t□□□□ □□@□□ k□□□□□□□□□□□□□□□□p□□□□□pZ□□□□□□□□□□□$□□□□@□□□□□`O□□□□p□□ □□□3□□□□□□□P□□0O□□□□□□□p□□□&□□□□□□□@□□0^□□□□P□□ □□□5□□□□P□□□□□ I□□□□□□□P□□□0□□&□@□□□□□PU□□□□P□□□□□□1□□□□□□□□□□□□□□□□ □□0□□□□□□□□□□□p□□pn□□□□p□□`□□□5□□□□□□□□□□ K□□□□@□□p□□□ □□□□p□□P□□p\□□□□□□□ □□□ □□□□□□□□□□□I□□□□□□□0□□□1□□□□P□□P□□PZ□□□□P□□ [... 14400 intervening characters ...] `□□□&□PV□□□□ □□`_□□□□@□□`□□□:□□#□P□□p□□0^□□□□□□□□□□□□□ □□□□□0-□@*□□l□□□□□□□□□□□□□p□□□□□pZ□□□□□□□`@□`□□□{□@~□`,□ 7□@|□@□□□□□□□□□□□□□□□□□□□□□□□P□□□□□□e□□□□0□□□z□□□□P□□□□□□□□`j□□□□□□□□!□□□□□□□@□□
  • HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
    ColorC
    ph□□c□@□□□□□`□p□□□□□□M□□.□□□□□□□ b□@c□`□□`□□□□□□-□□□□ x□□□□□7□□□□`□□`□□□h□□c□@□□□□□`□p□□□□□□M□□.□□□□□□□ b□@c□`□□`□□□□□□□□□□□p□□□:□ □□□(□□□□`□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□P□□□□□ □□0□□□R□□E□□□□□□□□□□□□□□□□□□□`□□@.□□%□p□□□c□@U□□~□□□□□□□ t□ ?□Pt□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□□□□□□□□□□□□□p□□@T□0□□p□□□□□0;□□5□`□□□□□Px□□□□□□□□□□□;□p□□p□□`□□□T□□□□`□□ [... 36528 intervening characters ...] `-□□□□□□□□'□□□□□/□p□□ ]□□□□`j□0□□□□□ □□PD□ g□□]□□□□P□□0□□□U□□□□`□□0-□□□□PY□□`□□□□□□□0□□0□□0□□□□□0□□□n□□:□p}□□□□□□□□□□□□□Pv□□□0}□@□□□□□□2□□□□p□□□Z□□□□□□□x□□□□□□□p□□□,□@4□@t□□□□□□□□□□□□□□□□□)□
  • HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    High Contrast Black (large)
    {n□□d□`□□ □□□b□@□□□□□`N□0□□ □□□□□□S□□i□0□□□+□`□□@-□□□□0v□p□□□6□0□□□□□@□□□f□Pk□0□□P□□□x□P□□□□□□P□0□□□□□□□□□B□□,□ □□P>□□□□@&□P□□□□□□:□□□□□&□□□□@□□□□□□?□□^□□□□p□□ □□p□□ □□ □□□:□□□□@□□□□□PW□□□□□□□□□□□&□□□□□□□□□□□□□□□□□□□□□□□ □□4□□□□`□□p□□0□□p□□p□□p=□□□□P□□□□□0I□□□□□□□□□□□□□□□□p□□□c□@O□□5□□□□`□□p□□`□□□□□□□□`/□@+□□□□□□□□[□ v□p□□p□□□s□□?□□u□`□□□'□□V□p□□@□□□□□p□□@□□P□□`□□ □□□□□`□□□O□□□□`□□ □□05□□□□P□□□□□P\□□□□□□□P□□□□□@□□□□□@□□0□□□□□@□□□□□p8□□□□ □□□□□□\□p□□`□□□□□□5□□□□P□□□□□@P□□□□□□□□□□□}□0□□ □□P□□□U□□□□@□□`□□□8□□□□□□□□□□`I□□□□□□□□□□pt□□□□□□□p□□@O□□□□□□□□□□□|□p□□p□□□□□□R□□□□P□□□□□□&□□□□□□□p□□`X□@□□□□□0□□□1□ >□□□□□□□@T□□□□p□□□□□□□□p□□`□□P□□□Z□□□□□□□□□□□<□□5□□□□□□□`H□□□□p□□0□□@t□0□□@□□ □□□s□`□□□□□□□□□ □□□□`□□P□□□Z□□□□P□□□□□□3□□_□□□□ □□px□□□□□□□0□□□t□□□□@□□□□□□W□□□□ □□ [... 36528 intervening characters ...] '□□'□□□□`h□@□□□□□`□□□F□0□□□d□□□□ □□□□□□L□P□□`[□□□□p□□□□□□H□□□□□□□□.□□'□□□□□c□□□□□□□`*□□□□□□□@□□□□□□`□@!□P|□0□□□□□0o□□□□□~□□□□□{□□□□□□□`3□@□□@□□`□□ |□ □□07□@□□□□□0□□@□□□□□□;□p□□@:□□□□@□□□□□ '□
  • HKCU\Software\Classes\CLSID\{44EF02FB-53DD-5DE2-D93B-8D0C9A7E2D50}
    CoolSwitchRows
    ph□□`□P□□@□□□x□p□□□□□pM□□□□□□□□□□0I□Pc□□□□p#□□□□@5□p□□ □`□□□□□□□□P□□p□□□s□@d□@□□□□□□□□□□□□□□V□□□□□□□P□□0N□□`□□□□□8□□□□□□□□□□p□□ 9□0□□03□□□□`□□P□□□;□@□□`□□□□□@S□□□□ □□□□□□8□□□□□□□`□□PT□□□□`□□□□□□#□ □□`□□p□□□H□□□□□□□□□□` □□□□p□□ □□@T□□□□`□□□□□□<□□□□ □□`□□□W□□□□□□□□□□□□□`□□□□□0}□□]□□□□□□□□□□0□□□□□@□□□□□□□□□"□□□□□S□@U□□}□□□□`□□□s□ □□□h□□□□□8□□□□□□□`□□PT□□□□`□□□□□□#□ □□`□□p□□□H□□□□□□□□□□` □□□□p□□ □□@T□□□□`□□□□□□<□□□□ □□`□□□W□□□□□□□□□□□;□□□□`□□□□□@L□`□□`□□□□□□'□□□□□□□`□□□O□□□□p□□P□□□;□@□□`□□□□□@S□□□□ □□□□□□8□□□□□□□`□□PT□□□□`□□□□□□#□ □□`□□p□□□H□□□□□□□□□□` □□□□p□□ □□@T□□□□`□□□□□□<□□□□ □□`□□□W□□□□□□□□□□□;□□□□`□□□□□@L□`□□`□□□□□□'□□□□□□□`□□□O□□□□p□□P□□□;□@□□`□□□□□@S□□□□ □□□□□□8□□□□□□□`□□PT□□□□`□□□□□□#□ □□`□□p□□□H□□□□□□□□□□` □□□□p□□ □□@T□□□□`□□□□□□<□□□□ □□`□□□W□□□□□□□ [... 36528 intervening characters ...] `-□□□□□□□p<□@□□□□□0□□□]□□□□`r□`□□□□□0□□□X□0K□□^□□□□□□□0□□□U□□□□`□□□.□□3□□B□pg□□□□□□□□□□□□□0□□□□□ □□□n□□&□`Q□□□□□□□□3□□□□□v□□O□0}□p□□□□□□)□0□□p□□PF□0□□□□□`□P□□□□□`□□□0□P□□□w□p□□0:□□□□P□□□□□□)□
  • HKCU_Classes\CLSID\{44EF02FB-53DD-5DE2-D93B-8D0C9A7E2D50}
    CoolSwitchRows
    ph□□`□P□□@□□□x□p□□□□□pM□□□□□□□□□□0I□Pc□□□□p#□□□□@5□p□□ □`□□□□□□□□P□□p□□□s□@d□@□□□□□□□□□□□□□□V□□□□□□□P□□0N□□`□□□□□8□□□□□□□□□□p□□ 9□0□□03□□□□`□□P□□□;□@□□`□□□□□@S□□□□ □□□□□□8□□□□□□□`□□PT□□□□`□□□□□□#□ □□`□□p□□□H□□□□□□□□□□` □□□□p□□ □□@T□□□□`□□□□□□<□□□□ □□`□□□W□□□□□□□□□□□□□`□□□□□0}□□]□□□□□□□□□□0□□□□□@□□□□□□□□□"□□□□□S□@U□□}□□□□`□□□s□ □□□h□□□□□8□□□□□□□`□□PT□□□□`□□□□□□#□ □□`□□p□□□H□□□□□□□□□□` □□□□p□□ □□@T□□□□`□□□□□□<□□□□ □□`□□□W□□□□□□□□□□□;□□□□`□□□□□@L□`□□`□□□□□□'□□□□□□□`□□□O□□□□p□□P□□□;□@□□`□□□□□@S□□□□ □□□□□□8□□□□□□□`□□PT□□□□`□□□□□□#□ □□`□□p□□□H□□□□□□□□□□` □□□□p□□ □□@T□□□□`□□□□□□<□□□□ □□`□□□W□□□□□□□□□□□;□□□□`□□□□□@L□`□□`□□□□□□'□□□□□□□`□□□O□□□□p□□P□□□;□@□□`□□□□□@S□□□□ □□□□□□8□□□□□□□`□□PT□□□□`□□□□□□#□ □□`□□p□□□H□□□□□□□□□□` □□□□p□□ □□@T□□□□`□□□□□□<□□□□ □□`□□□W□□□□□□□ [... 36528 intervening characters ...] `-□□□□□□□p<□@□□□□□0□□□]□□□□`r□`□□□□□0□□□X□0K□□^□□□□□□□0□□□U□□□□`□□□.□□3□□B□pg□□□□□□□□□□□□□0□□□□□ □□□n□□&□`Q□□□□□□□□3□□□□□v□□O□0}□p□□□□□□)□0□□p□□PF□0□□□□□`□P□□□□□`□□□0□P□□□w□p□□0:□□□□P□□□□□□)□
  • HKCU_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    High Contrast Black (large)
    {n□□d□`□□ □□□b□@□□□□□`N□0□□ □□□□□□S□□i□0□□□+□`□□@-□□□□0v□p□□□6□0□□□□□@□□□f□Pk□0□□P□□□x□P□□□□□□P□0□□□□□□□□□B□□,□ □□P>□□□□@&□P□□□□□□:□□□□□&□□□□@□□□□□□?□□^□□□□p□□ □□p□□ □□ □□□:□□□□@□□□□□PW□□□□□□□□□□□&□□□□□□□□□□□□□□□□□□□□□□□ □□4□□□□`□□p□□0□□p□□p□□p=□□□□P□□□□□0I□□□□□□□□□□□□□□□□p□□□c□@O□□5□□□□`□□p□□`□□□□□□□□`/□@+□□□□□□□□[□ v□p□□p□□□s□□?□□u□`□□□'□□V□p□□@□□□□□p□□@□□P□□`□□ □□□□□`□□□O□□□□`□□ □□05□□□□P□□□□□P\□□□□□□□P□□□□□@□□□□□@□□0□□□□□@□□□□□p8□□□□ □□□□□□\□p□□`□□□□□□5□□□□P□□□□□@P□□□□□□□□□□□}□0□□ □□P□□□U□□□□@□□`□□□8□□□□□□□□□□`I□□□□□□□□□□pt□□□□□□□p□□@O□□□□□□□□□□□|□p□□p□□□□□□R□□□□P□□□□□□&□□□□□□□p□□`X□@□□□□□0□□□1□ >□□□□□□□@T□□□□p□□□□□□□□p□□`□□P□□□Z□□□□□□□□□□□<□□5□□□□□□□`H□□□□p□□0□□@t□0□□@□□ □□□s□`□□□□□□□□□ □□□□`□□P□□□Z□□□□P□□□□□□3□□_□□□□ □□px□□□□□□□0□□□t□□□□@□□□□□□W□□□□ □□ [... 36528 intervening characters ...] '□□'□□□□`h□@□□□□□`□□□F□0□□□d□□□□ □□□□□□L□P□□`[□□□□p□□□□□□H□□□□□□□□.□□'□□□□□c□□□□□□□`*□□□□□□□@□□□□□□`□@!□P|□0□□□□□0o□□□□□~□□□□□{□□□□□□□`3□@□□@□□`□□ |□ □□07□@□□□□□0□□@□□□□□□;□p□□@:□□□□@□□□□□ '□
  • HKCU\Software\Classes\CLSID\{30AB3B0C-2C5B-7AD7-2E05-7315B664ED0C}
    Pattern Upgrade
    cf□0x□0□□0□□□`□ □□□□□□r□0□□□□□□□□□t□pk□□□□□)□□□□06□□□□□7□□□□□□□□□□□(□P□□pb□Pb□`□□□□□□q□□□□□□□□V□p□□p□□p□□pS□`h□□□□P8□□□□□□□□□□@□□□4□@□□□&□□□□□□□□□□□$□□□□@□□□□□`O□□□□p□□ □□□3□□□□□□□P□□0O□□□□□□□p□□□&□□□□□□□@□□0^□□□□P□□ □□□5□□□□P□□□□□ I□□□□□□□P□□□0□□&□@□□□□□PU□□□□P□□□□□□□□□T□0D□□□□P□□□□□PE□P□□□□□□□□□□□%□□F□□□□P-□`□□□5□□□□□□□□□□ K□□□□@□□p□□□ □□□□p□□P□□p\□□□□□□□ □□□ □□□□□□□□□□□I□□□□□□□0□□□1□□□□P□□P□□PZ□□□□P□□`□□□&□PV□□□□ □□`_□□□□@□□`□□□:□□#□P□□p□□0^□□□□□□□p□□□t□□□□ □□@□□ k□□□□□□□□□□□□□□□□p□□□□□pZ□□□□□□□□□□□$□□□□@□□□□□`O□□□□p□□ □□□3□□□□□□□P□□0O□□□□□□□p□□□&□□□□□□□@□□0^□□□□P□□ □□□5□□□□P□□□□□ I□□□□□□□P□□□0□□&□@□□□□□PU□□□□P□□□□□□1□□□□□□□□□□□□□□□□ □□0□□□□□□□□□□□p□□pn□□□□p□□`□□□5□□□□□□□□□□ K□□□□@□□p□□□ □□□□p□□P□□p\□□□□□□□ □□□ □□□□□□□□□□□I□□□□□□□0□□□1□□□□P□□P□□PZ□□□□P□□ [... 14400 intervening characters ...] `□□□&□PV□□□□ □□`_□□□□@□□`□□□:□□#□P□□p□□0^□□□□□□□□□□□□□ □□□□□0-□@*□□l□□□□□□□□□□□□□p□□□□□pZ□□□□□□□`@□`□□□{□@~□`,□ 7□@|□@□□□□□□□□□□□□□□□□□□□□□□□P□□□□□□e□□□□0□□□z□□□□P□□□□□□□□`j□□□□□□□□!□□□□□□□@□□
Processes Created
  • c:\Documents and Settings\test user\application data\adobe\acrobat\8.0\collab\djuxram.exe
DNS Requests
  • judrast.com
  • portechego.info

download Try Sophos products for free
Download now