Gen.Variant.Strictor.115225_4d31a58baf

Susp_Dropper (Kaspersky), Gen:Variant.Strictor.115225 (B) (Emsisoft), Gen:Variant.Strictor.115225 (AdAware), Trojan.NSIS.StartPage.FD, mzpefinder_pcap_file.YR (Lavasoft MAS) Behaviour: Trojan The des...
Blog rating:2 out of5 with2 ratings

Gen.Variant.Strictor.115225_4d31a58baf

by malwarelabrobot on August 21st, 2017 in Malware Descriptions.

Susp_Dropper (Kaspersky), Gen:Variant.Strictor.115225 (B) (Emsisoft), Gen:Variant.Strictor.115225 (AdAware), Trojan.NSIS.StartPage.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 4d31a58baf434807e6bd3fb33338d4a7
SHA1: d8b6fea25c52437b37824694d2f9fb2b6092a24d
SHA256: 0d3b98f962c2b73aa84df94454ff1e0e220cbba1cf1dffcf5dc05fa99c1bfd22
SSDeep: 1536:IpgpHzb9dZVX9fHMvG0D3XJLRomcrspFIg: gXdZt9P6D3XJLir L
Size: 56477 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:52
Analyzed on: Windows7 SP1 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:1084
EasySpeedPC.exe:1128
EasySpeedPC.exe:1788
EasySpeedPC.exe:592
EasySpeedPC.exe:2592
EasySpeedPC.exe:3664
EasySpeedPC.exe:1780
EasySpeedPC.exe:2652
EasySpeedPC.exe:1952
EasySpeedPC.exe:3492
EasySpeedPC.exe:2480
EasySpeedPC.exe:3348
EasySpeedPC.exe:2132
EasySpeedPC.exe:2036
EasySpeedPC.exe:3104
EasySpeedPC.exe:2328
EasySpeedPC.exe:1944
EasySpeedPC.exe:3572
EasySpeedPC.exe:2172
EasySpeedPC.exe:3768
EasySpeedPC.exe:1016
EasySpeedPC.exe:3592
EasySpeedPC.exe:2648
EasySpeedPC.exe:2872
EasySpeedPC.exe:3956
EasySpeedPC.exe:2456
EasySpeedPC.exe:2420
EasySpeedPC.exe:3216
EasySpeedPC.exe:1340
EasySpeedPC.exe:2764
EasySpeedPC.exe:3728
EasySpeedPC.exe:1592
EasySpeedPC.exe:3700
EasySpeedPC.exe:3884
EasySpeedPC.exe:2316
EasySpeedPC.exe:4012
EasySpeedPC.exe:3624
EasySpeedPC.exe:3504
EasySpeedPC.exe:1972
EasySpeedPC.exe:2700
EasySpeedPC.exe:3424
EasySpeedPC.exe:536
EasySpeedPC.exe:720
EasySpeedPC.exe:2416
EasySpeedPC.exe:2792
EasySpeedPC.exe:3848
EasySpeedPC.exe:1368

The Trojan injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1084 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr190B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\inetc.dll (0 bytes)

The process EasySpeedPC.exe:1128 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmB4ED.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmB4ED.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmB4ED.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB2E9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmB4ED.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmB4ED.tmp (0 bytes)

The process EasySpeedPC.exe:1788 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscEA01.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscEA01.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscEA01.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscEA01.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshE7FD.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscEA01.tmp\inetc.dll (0 bytes)

The process EasySpeedPC.exe:592 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx254C.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx254C.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx254C.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx254C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2348.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx254C.tmp\inetc.dll (0 bytes)

The process EasySpeedPC.exe:2592 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssC497.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssC497.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssC497.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxC293.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssC497.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssC497.tmp\inetc.dll (0 bytes)

The process EasySpeedPC.exe:3664 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshFD04.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshFD04.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshFD04.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshFD04.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshFD04.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmFB00.tmp (0 bytes)

The process EasySpeedPC.exe:1780 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF6BD.tmp\EasySpeedPC.exe (4384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF6BD.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssF4BA.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF6BD.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF6BD.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF6BD.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:2652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscC7E1.tmp\EasySpeedPC.exe (4384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscC7E1.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscC7E1.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshC5DD.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscC7E1.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscC7E1.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:1952 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshC19A.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshC19A.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshBF77.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshC19A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshC19A.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshC19A.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:3492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF057.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF057.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF057.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF057.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF057.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssEE54.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:2480 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2867.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2867.tmp\EasySpeedPC.exe (3865 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2654.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2867.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2867.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2867.tmp\inetc.dll (0 bytes)

The process EasySpeedPC.exe:3348 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx1E4A.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx1E4A.tmp\EasySpeedPC.exe (3865 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx1E4A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm5D7A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx1E4A.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc1C46.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx1E4A.tmp\EasySpeedPC.exe (0 bytes)

The process EasySpeedPC.exe:2132 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssDA87.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssDA87.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssDA87.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssDA87.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxD883.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssDA87.tmp (0 bytes)

The process EasySpeedPC.exe:2036 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc44CD.tmp\EasySpeedPC.exe (4576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc44CD.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh42C9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc44CD.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc44CD.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc44CD.tmp\inetc.dll (0 bytes)

The process EasySpeedPC.exe:3104 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF5C.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF5C.tmp\EasySpeedPC.exe (3865 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF5C.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx157.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF5C.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF5C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:2328 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1297.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (6080 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1297.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx1093.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr33DB.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1297.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1297.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1297.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe (0 bytes)

The process EasySpeedPC.exe:1944 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshBB34.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshBB34.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshBB34.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxB921.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshBB34.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshBB34.tmp (0 bytes)

The process EasySpeedPC.exe:3572 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr29CD.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:2172 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscB809.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscB809.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscB809.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshB605.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscB809.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscB809.tmp (0 bytes)

The process EasySpeedPC.exe:3768 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCB0C.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCB0C.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCB0C.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCB0C.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxC8F9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCB0C.tmp (0 bytes)

The process EasySpeedPC.exe:1016 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCE18.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCE18.tmp\EasySpeedPC.exe (3865 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCE18.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCE18.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmCC14.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCE18.tmp\EasySpeedPC.exe (0 bytes)

The process EasySpeedPC.exe:3592 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss3553.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss3553.tmp\EasySpeedPC.exe (3865 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss3553.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss3553.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx334F.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss3553.tmp\EasySpeedPC.exe (0 bytes)

The process EasySpeedPC.exe:2648 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx3DAC.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx3DAC.tmp\EasySpeedPC.exe (3865 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh3B79.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx3DAC.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx3DAC.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx3DAC.tmp (0 bytes)

The process EasySpeedPC.exe:2872 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshF392.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshF392.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF17F.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshF392.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshF392.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshF392.tmp\inetc.dll (0 bytes)

The process EasySpeedPC.exe:3956 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc1803.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc1803.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh15FF.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc1803.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc1803.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc1803.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:2456 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss41D1.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss41D1.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss41D1.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss41D1.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx3FCD.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss41D1.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:2420 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmDDC1.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmDDC1.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssDBBE.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmDDC1.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmDDC1.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmDDC1.tmp\EasySpeedPC.exe (0 bytes)

The process EasySpeedPC.exe:3216 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE6E5.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE6E5.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE6E5.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE6E5.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE4E2.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE6E5.tmp\inetc.dll (0 bytes)

The process EasySpeedPC.exe:1340 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1B1F.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1B1F.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1B1F.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1B1F.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1B1F.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx191B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:2764 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD124.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD124.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD124.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmCF20.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD124.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD124.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:3728 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss2BE1.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss2BE1.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss2BE1.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh29CD.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss2BE1.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss2BE1.tmp\EasySpeedPC.exe (0 bytes)

The process EasySpeedPC.exe:1592 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmD75B.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmD75B.tmp\EasySpeedPC.exe (4576 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmD75B.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmD75B.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmD75B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssD558.tmp (0 bytes)

The process EasySpeedPC.exe:3700 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh2D37.tmp (0 bytes)

The process EasySpeedPC.exe:3884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD430.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD430.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmD22C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD430.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD430.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD430.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss45C6.tmp (0 bytes)

The process EasySpeedPC.exe:2316 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw30A0.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe (0 bytes)

The process EasySpeedPC.exe:4012 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxAFAF.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe (0 bytes)

The process EasySpeedPC.exe:3624 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2F.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2F.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFE2C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2F.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2F.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2F.tmp\EasySpeedPC.exe (0 bytes)

The process EasySpeedPC.exe:3504 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr2673.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp (0 bytes)

The process EasySpeedPC.exe:1972 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr3735.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe (0 bytes)

The process EasySpeedPC.exe:2700 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc3237.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc3237.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc3237.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss3024.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc3237.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc3237.tmp\inetc.dll (0 bytes)

The process EasySpeedPC.exe:3424 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscED0D.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscED0D.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshEB09.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscED0D.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscED0D.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscED0D.tmp\inetc.dll (0 bytes)

The process EasySpeedPC.exe:536 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscBE6F.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscBE6F.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssBC5C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscBE6F.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscBE6F.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscBE6F.tmp (0 bytes)

The process EasySpeedPC.exe:720 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscF9D9.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscF9D9.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshF7D5.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscF9D9.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscF9D9.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscF9D9.tmp (0 bytes)

The process EasySpeedPC.exe:2416 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE3D9.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE3D9.tmp\inetc.dll (44 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE3D9.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE3D9.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssE1D6.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE3D9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:2792 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2F0C.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2F0C.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2F0C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2D08.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2F0C.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2F0C.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)

The process EasySpeedPC.exe:3848 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE0CD.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE0CD.tmp\EasySpeedPC.exe (3865 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE0CD.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssDECA.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE0CD.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE0CD.tmp\EasySpeedPC.exe (0 bytes)

The process EasySpeedPC.exe:1368 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2240.tmp\EasySpeedPC.exe (3865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2240.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2240.tmp\EasySpeedPC.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2240.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm202C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2240.tmp (0 bytes)

Registry activity

The process %original file name%.exe:1084 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\4d31a58baf434807e6bd3fb33338d4a7_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\4d31a58baf434807e6bd3fb33338d4a7_RASAPI32]
"EnableFileTracing" = "0"
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\4d31a58baf434807e6bd3fb33338d4a7_RASMANCS]
"EnableFileTracing" = "0"
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\4d31a58baf434807e6bd3fb33338d4a7_RASMANCS]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\4d31a58baf434807e6bd3fb33338d4a7_RASAPI32]
"MaxFileSize" = "1048576"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe,"

[HKLM\SOFTWARE\Microsoft\Tracing\4d31a58baf434807e6bd3fb33338d4a7_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\4d31a58baf434807e6bd3fb33338d4a7_RASMANCS]
"MaxFileSize" = "1048576"
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\4d31a58baf434807e6bd3fb33338d4a7_RASAPI32]
"EnableConsoleTracing" = "0"

"ConsoleTracingMask" = "4294901760"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:1128 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 45 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr;"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:1788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 56 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrL"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:592 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 64 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrd"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2592 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4A 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr@"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3664 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 5C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrR"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:1780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 5A 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrP"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4B 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrA"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:1952 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr?"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 58 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrN"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2480 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 65 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsre"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3348 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 43 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 51 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrG"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 6C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3104 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 5E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrT"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2328 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:1944 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 47 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 46 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr<"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3768 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:1016 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4D 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3592 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 69 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsri"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2648 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 6A 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrm"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2872 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 59 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrO"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3956 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 60 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr^"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2456 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 6B 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrn"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2420 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 52 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrH"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 55 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrK"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:1340 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 61 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr_"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2764 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3728 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 66 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrf"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:1592 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 50 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3F 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4F 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2316 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 40 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:4012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 44 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 5D 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrS"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3504 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\EasySpeedPC_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\EasySpeedPC_RASMANCS]
"ConsoleTracingMask" = "4294901760"
"EnableConsoleTracing" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe,"

[HKLM\SOFTWARE\Microsoft\Tracing\EasySpeedPC_RASMANCS]
"FileTracingMask" = "4294901760"
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\EasySpeedPC_RASAPI32]
"ConsoleTracingMask" = "4294901760"
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3D 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\EasySpeedPC_RASAPI32]
"FileDirectory" = "%windir%\tracing"
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\EasySpeedPC_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\EasySpeedPC_RASAPI32]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\EasySpeedPC_RASMANCS]
"EnableFileTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:1972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 42 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 68 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrh"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3424 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 57 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrM"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 48 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr>"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:720 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 5B 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2416 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 54 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrJ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:2792 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 67 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrg"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:3848 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 53 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrI"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process EasySpeedPC.exe:1368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 63 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrc"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

Dropped PE files

MD5 File path
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscB809.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscBE6F.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscC7E1.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscEA01.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscED0D.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscF9D9.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshBB34.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshC19A.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCB0C.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCE18.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD124.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD430.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshF392.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshFD04.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2F.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmB4ED.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmD75B.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmDDC1.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE0CD.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE3D9.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE6E5.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF057.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF6BD.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssC497.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssDA87.tmp\EasySpeedPC.exe
1e3aecf80dd135cea6e6f747d7c4164c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 7.0.2
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 7.0.2.1238
File Description:
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 23628 24064 4.46394 856b32eb77dfd6fb67f21d6543272da5
.rdata 28672 4764 5120 3.4982 dc77f8a1e6985a4361c55642680ddb4f
.data 36864 154712 1024 3.3278 7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata 192512 36864 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 229376 12984 13312 3.77918 03f7b42e1324710a9b8f885c732a9afb

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 4
f2d773e220a32bb8ea1faf46b0e980ec
9bdf4e6aaeb3e5c68763dd83352208ee
334e9968d0fdd3d04f218c7796bc5f61
e04e24ea563c88337fe042d90005ff6e

URLs

URL IP
hxxp://d1e0sagtwf5bmy.cloudfront.net/publishers/47/809/EasySpeedPC.app
hxxp://download.easyspeedpc.net/publishers/47/809/EasySpeedPC.app 54.230.44.204
dns.msftncsi.com 131.107.255.255


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
ET POLICY PE EXE or DLL Windows file download HTTP
ET POLICY Executable served from Amazon S3

Traffic

GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 48
X-Cache: Hit from cloudfront
Via: 1.1 f17892129c0657c8d9d0809a1b0b00be.cloudfront.net (CloudFront)
X-Amz-Cf-Id: MRIrFooN9VlCN5e_BezxH5rcEfDwPaFWZ1vDLozpxyNLUUyhEPmFBg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 40
X-Cache: Hit from cloudfront
Via: 1.1 605e6ba1f1cba02856e68eba7a887943.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 7d-a0KMcbFIRtmuyj-_sBxU7x-xuCll8gxe05eQEPBQubFyXvO98oA==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 1
X-Cache: Hit from cloudfront
Via: 1.1 f17892129c0657c8d9d0809a1b0b00be.cloudfront.net (CloudFront)
X-Amz-Cf-Id: S18wj5iM6NasUPu6H-4RC3toCOo7q_xxov3iJ0W0HxxXJhzFQLdTNQ==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 53
X-Cache: Hit from cloudfront
Via: 1.1 b451ce1932d9b97c4ef54f2f37ecb931.cloudfront.net (CloudFront)
X-Amz-Cf-Id: ZUbDYJFzqROnyOYYXaXqDlkffRPWpsG0A10aSxY2bf-M9358RL3BqQ==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 14
X-Cache: Hit from cloudfront
Via: 1.1 0991a4b934302d120a32dada6513dc35.cloudfront.net (CloudFront)
X-Amz-Cf-Id: _9w6Jbl8yiCugHd419vdwpySdMawr9rfONGSh6qLlb6u-PpMUwVPOg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 42
X-Cache: Hit from cloudfront
Via: 1.1 d2e34d11a094aa8f0c8077cfdf5b4b38.cloudfront.net (CloudFront)
X-Amz-Cf-Id: ZhZOKGIfbieH9Bz0HGW9p8qlj_2hYStbrdiWWN6ZaY70fO2GDFTZcw==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 47
X-Cache: Hit from cloudfront
Via: 1.1 5d53a1d9ef3a6f7480785993c37a7ad5.cloudfront.net (CloudFront)
X-Amz-Cf-Id: OGgFQj--QwSjQx-ejgPyAU9cfnMjUte4i7VGWRUdUqYX3aq3zKOcXQ==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 38
X-Cache: Hit from cloudfront
Via: 1.1 16a8156bb9e085b1e79a6bf5cb89d49e.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 2GsexIuIp8rm19FXUaGTUin5RZmFJoHWyR1OheAy5hyXjH7wOwm5tA==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 37
X-Cache: Hit from cloudfront
Via: 1.1 bd881f081f56cf6bcf454c79fda1ac83.cloudfront.net (CloudFront)
X-Amz-Cf-Id: E4dKI2eVSFwFl9IjFnp1EV5UvyAweCVGZT8Ly2R52XXnvEEiCcXo3g==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 55
X-Cache: Hit from cloudfront
Via: 1.1 94c77a19ef16a232cab516a47d310738.cloudfront.net (CloudFront)
X-Amz-Cf-Id: OcrrGVbNKrAFqeAgwx1g3WnMoPbMljwxtGzk8xybK9zRZbpE-VGi3w==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 46
X-Cache: Hit from cloudfront
Via: 1.1 d2e34d11a094aa8f0c8077cfdf5b4b38.cloudfront.net (CloudFront)
X-Amz-Cf-Id: k594B3_7OGvyD1Vo6lNQ4AMgP3gPHX2p2e_KEQ7uvvhwO_xTpOZJAg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 36
X-Cache: Hit from cloudfront
Via: 1.1 6fd049110ebc3ac6deddab8b0bf5d686.cloudfront.net (CloudFront)
X-Amz-Cf-Id: TMzANFYVgvR5VPYKY1Y1fuls3j6Z-q3UrFgGzDsoxg4slHvMdCObVg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 49
X-Cache: Hit from cloudfront
Via: 1.1 d7876feb6aad13be77dcc3a0028488b5.cloudfront.net (CloudFront)
X-Amz-Cf-Id: PogNGQOScbwrmlHnWSiV_RbrDf8BX-VvBgfnRU3v3G62MgAKNuyLzQ==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 51
X-Cache: Hit from cloudfront
Via: 1.1 f32dfb4a33594b7c1c1bbebfe50a0bfd.cloudfront.net (CloudFront)
X-Amz-Cf-Id: MeoAZryFBWbfTgGovKihSF4b7NKpVsSMckDgB1t9bfz07xw5Es9wTA==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 46
X-Cache: Hit from cloudfront
Via: 1.1 0be769c7e09c2ff80afb194a85a78b4c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: NAetsnXYcbsoEN5Ihv62Tke0zCoibVTW3WWdAzjWfYPDc9Mjd6v_6w==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 54
X-Cache: Hit from cloudfront
Via: 1.1 fea2754625efced449ee81cd3c469ec9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 0M1IIebiv4WWECAFwPmyK3oCGiPFUqqj1xRHjMXrdY6FL6Gagh-2BA==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................@..............j..<.....W..?....;.tBj\V
.Z?....SW.....E....p@...u...|p@.=....u.W..xp@...u..E..E...F:.u.9].t.j.
.....Wh.HC...C..W..tp@..^...j..0...S.....P..F...5...j......j........j.
.......WV..pp@...t.j......9].......V..F..........WV..@..j......S.Z....
..E.PWh....V..lp@...t#.E.;.v%8.t!V.CF..;.t...,P.u..8C.....E.......9]..
.....h....WW..hp@......j.......M.QVh....SPS..dp@.....o........j......P
V..?...r...j1........E....V.u..E...>..V...@...t.V..B....h.HC.V..B..
P..=..P..B..V..D.....@..}..|1V.xE..3.;.t..M....QP..`p@....E.......
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 60
X-Cache: Hit from cloudfront
Via: 1.1 54430e3a116fc3eedb9a0318cb1ee1e9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: pcCtNkIgsX5JY9u3ZHKRsSAnSNWX6c397TXO5mIMYTwIt-WiHUGf8g==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D....B..P..=..
P..B..V..D.....@..}..|1V.xE..3.;.t..M....QP..`p@....E.........#...
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 52
X-Cache: Hit from cloudfront
Via: 1.1 e482e2c19d6e57adc72e19f731c7bf44.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 3A2FYWdxrFI0z41TLE76cSE_iAYBr1DYDKqkUIXYbrRLOjoZw_6j7Q==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 4
X-Cache: Hit from cloudfront
Via: 1.1 09393f32f516ce23b0b6bbd4b022977b.cloudfront.net (CloudFront)
X-Amz-Cf-Id: NOrZJv_OKMp3KFA-daKfApDNqj75kHWBUlpVLJujTLIQTBmDvLTVJw==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 54430e3a116fc3eedb9a0318cb1ee1e9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: h_9ViOFRx0Ay0WEODKnbdQEt5Xr3gNmlc4JGb2-KggT9DF3kLR1ryw==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 2
X-Cache: Hit from cloudfront
Via: 1.1 4cef090fba24867bb1a518bc7c5a1e98.cloudfront.net (CloudFront)
X-Amz-Cf-Id: PBziJWBCXs70iS0FfBOJRQRW6ZT0aRitJJcwQf6kbhoDzp9d6yW7Kw==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 3
X-Cache: Hit from cloudfront
Via: 1.1 f17892129c0657c8d9d0809a1b0b00be.cloudfront.net (CloudFront)
X-Amz-Cf-Id: l7GdLhdj7E55rctJKNopxb3Rv5kHcSSv8Xx3R9c_UZPu6DQSyjhl-g==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 50
X-Cache: Hit from cloudfront
Via: 1.1 175adbcec6b88ee3f70449424fdb0fa3.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 6ffYzeDS0dG9PtBKu0rdchlWxMxTo5_Gnck7XybXh9Qj3-XHssWSLw==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 43
X-Cache: Hit from cloudfront
Via: 1.1 709dc82c12bfdfc2826d5d578d7721fa.cloudfront.net (CloudFront)
X-Amz-Cf-Id: QmI_AHmO0Bb-X3xFjh38EHVRYJQD1rmha1QDMOqAIVRuXx4iiQhP6Q==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 56
X-Cache: Hit from cloudfront
Via: 1.1 7b6339693d82ec593824b8c6ad776117.cloudfront.net (CloudFront)
X-Amz-Cf-Id: nFVwGUuCAKW1sHP5-NAlsfcAm3IjpuS6UCs_Bee2eypqugCCRuZsyQ==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 38
X-Cache: Hit from cloudfront
Via: 1.1 b451ce1932d9b97c4ef54f2f37ecb931.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 2Vve2XlLWE4JYgDJ5ibwpVF-3zMUFiQ05SdXhn20VI3fGIwUXDIyNg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 39
X-Cache: Hit from cloudfront
Via: 1.1 973544984500f17f202d338274a94acc.cloudfront.net (CloudFront)
X-Amz-Cf-Id: p1g-uUL9bSHZVf6TXgH2ldb_CuFZ9Tng94PBa0HJTDy8fiT5DEDkcQ==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 54
X-Cache: Hit from cloudfront
Via: 1.1 709dc82c12bfdfc2826d5d578d7721fa.cloudfront.net (CloudFront)
X-Amz-Cf-Id: F4PcDBHx2xzlG8IErHNMgHDYdXhLkie91x6PWad1GzctqhB3yAJI9Q==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 50
X-Cache: Hit from cloudfront
Via: 1.1 09393f32f516ce23b0b6bbd4b022977b.cloudfront.net (CloudFront)
X-Amz-Cf-Id: zLLSy7Qa2aJomviW_SFQPbxNo9hr70OoW8mqIhgjDuidguThng874w==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 35
X-Cache: Hit from cloudfront
Via: 1.1 f32dfb4a33594b7c1c1bbebfe50a0bfd.cloudfront.net (CloudFront)
X-Amz-Cf-Id: xWk4KzfXo2GEFLWt289_iGfH6yQ2yFvgC3k4bbgszx1Y7h98cyZmWA==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 42
X-Cache: Hit from cloudfront
Via: 1.1 0be769c7e09c2ff80afb194a85a78b4c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 8C86YO7wx7zI1qdwWfjxMt9EjJsKy_tb790c2WRbsFJW3USPBJcpSg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 3
X-Cache: Hit from cloudfront
Via: 1.1 09393f32f516ce23b0b6bbd4b022977b.cloudfront.net (CloudFront)
X-Amz-Cf-Id: hfiRUAJrXT2IFmLfZXnsrwJ_EZOhPY7v0yP6oAZ9OrWZetPu_xLRFQ==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 44
X-Cache: Hit from cloudfront
Via: 1.1 54430e3a116fc3eedb9a0318cb1ee1e9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: LjG_by85-h8b7cfkTNKJDGNaPIWV1hjDoatFa6h4We-dQj4LxBWOTg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 45
X-Cache: Hit from cloudfront
Via: 1.1 a418a5add122000ef61afe8a1637f885.cloudfront.net (CloudFront)
X-Amz-Cf-Id: IKI6yYBvWvdvavNYPuStfLfSJbwrUNWGrZtvDDTl-Hw7-nHR4fjZFA==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /publishers/47/809/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 56477
Connection: keep-alive
Date: Sun, 20 Aug 2017 05:35:35 GMT
Last-Modified: Fri, 11 Nov 2016 09:33:20 GMT
ETag: "1e3aecf80dd135cea6e6f747d7c4164c"
Accept-Ranges: bytes
Server: AmazonS3
Age: 41
X-Cache: Hit from cloudfront
Via: 1.1 c438f26ccd08e3dcd1f5cc4a61417fde.cloudfront.net (CloudFront)
X-Amz-Cf-Id: _Tstt344CAnAeaDigDegGhXW-5oSxk1kpFY_el5eInNTJH6fDRKGkw==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
.......2..............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...2.......4...z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

EasySpeedPC.exe_1856:

.text
`.rdata
@.data
.ndata
.rsrc
uDSSh
hu2.iu
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
KERNEL32.dll
ExitWindowsEx
USER32.dll
GDI32.dll
SHFileOperationA
ShellExecuteA
SHELL32.dll
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
verifying installer: %d%%
hXXp://nsis.sf.net/NSIS_Error
... %d%%
~nsu.tmp
%u.%u%s%s
RegDeleteKeyExA
%s=%s
*?|<>/":
%Program Files%
\inetc.dll
\EasySpeedPC.exe
hXXp://download.easyspeedpc.net/publishers/47/809/EasySpeedPC.app
\EasySpeedPC.exe"
$$\wininit.ini
n\%F-^
.ZS4$h
S.V.SV)k
"C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn59C4.tmp\EasySpeedPC.exe"
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn59C4.tmp
EasySpeedPC.exe
ers\"%CurrentUserName%"\AppData\Local\Temp\nsn5A5F.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn59C4.tmp\EasySpeedPC.exe
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
8.2.0.4499
8.2.0


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:1084
    EasySpeedPC.exe:1128
    EasySpeedPC.exe:1788
    EasySpeedPC.exe:592
    EasySpeedPC.exe:2592
    EasySpeedPC.exe:3664
    EasySpeedPC.exe:1780
    EasySpeedPC.exe:2652
    EasySpeedPC.exe:1952
    EasySpeedPC.exe:3492
    EasySpeedPC.exe:2480
    EasySpeedPC.exe:3348
    EasySpeedPC.exe:2132
    EasySpeedPC.exe:2036
    EasySpeedPC.exe:3104
    EasySpeedPC.exe:2328
    EasySpeedPC.exe:1944
    EasySpeedPC.exe:3572
    EasySpeedPC.exe:2172
    EasySpeedPC.exe:3768
    EasySpeedPC.exe:1016
    EasySpeedPC.exe:3592
    EasySpeedPC.exe:2648
    EasySpeedPC.exe:2872
    EasySpeedPC.exe:3956
    EasySpeedPC.exe:2456
    EasySpeedPC.exe:2420
    EasySpeedPC.exe:3216
    EasySpeedPC.exe:1340
    EasySpeedPC.exe:2764
    EasySpeedPC.exe:3728
    EasySpeedPC.exe:1592
    EasySpeedPC.exe:3700
    EasySpeedPC.exe:3884
    EasySpeedPC.exe:2316
    EasySpeedPC.exe:4012
    EasySpeedPC.exe:3624
    EasySpeedPC.exe:3504
    EasySpeedPC.exe:1972
    EasySpeedPC.exe:2700
    EasySpeedPC.exe:3424
    EasySpeedPC.exe:536
    EasySpeedPC.exe:720
    EasySpeedPC.exe:2416
    EasySpeedPC.exe:2792
    EasySpeedPC.exe:3848
    EasySpeedPC.exe:1368

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsw1B4D.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\EasySpeedPC[1].app (3040 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmB4ED.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmB4ED.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\EasySpeedPC[1].app (3040 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscEA01.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscEA01.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx254C.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx254C.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssC497.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssC497.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshFD04.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshFD04.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF6BD.tmp\EasySpeedPC.exe (4384 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF6BD.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscC7E1.tmp\EasySpeedPC.exe (4384 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscC7E1.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshC19A.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshC19A.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF057.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmF057.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2867.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2867.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsh5F7E.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx1E4A.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx1E4A.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssDA87.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssDA87.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc44CD.tmp\EasySpeedPC.exe (4576 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc44CD.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF5C.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF5C.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1297.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm35DF.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1297.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshBB34.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshBB34.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2BD1.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscB809.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscB809.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCB0C.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCB0C.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCE18.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshCE18.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss3553.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss3553.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx3DAC.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx3DAC.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshF392.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshF392.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc1803.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc1803.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss41D1.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss41D1.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmDDC1.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmDDC1.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE6E5.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE6E5.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1B1F.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss1B1F.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD124.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD124.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss2BE1.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss2BE1.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmD75B.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmD75B.tmp\EasySpeedPC.exe (4576 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc2F3B.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD430.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshD430.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr32A4.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsrB1B2.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2F.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2F.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm2877.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsm3939.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc3237.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc3237.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscED0D.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscED0D.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscBE6F.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscBE6F.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscF9D9.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscF9D9.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE3D9.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE3D9.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2F0C.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2F0C.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE0CD.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsmE0CD.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2240.tmp\EasySpeedPC.exe (3865 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx2240.tmp\inetc.dll (44 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Average: 2 (2 votes)


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2025 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now