Trojan.StartPage.ZSB_ed0107d2ed

by malwarelabrobot on January 17th, 2015 in Malware Descriptions.

Trojan.Win32.Pasta.kri (Kaspersky), Trojan.StartPage.ZSB (B) (Emsisoft), Trojan.StartPage.ZSB (AdAware), Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, Virus, WormAutorun

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: ed0107d2ed0cdfa8f46609e57b82d1c0
SHA1: 7bfb45b4e230059812b117300dda620644d3aff3
SHA256: b4e6f84afc467d25d48a6dfe1fe60c70b73ccae9f99e720d964c7ba526605ba6
SSDeep: 6144:QCQL/bCr5QVOwYtReYydlxzYS8BUEAfi8x5p:QCQrbC69QReYSWxUEAfiup
Size: 273920 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2006-08-30 11:11:13
Analyzed on: WindowsXPESX SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour	Description
WormAutorun	A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

%original file name%.exe:204
cssrs.exe:1464
cssrs.exe:944
Explorer.EXE:128

Mutexes

The following mutexes were created/opened:

esdfsfweqjjjeewhqxfjknt
asdfoijq889aqewhqwe82nt
ShimCacheMutex
%original file name%.exeM_204_
wmiprvse.exeM_508_
msiexec.exeM_904_
vmtoolsd.exeM_2028_
jqs.exeM_1960_
mscorsvw.exeM_1912_
spoolsv.exeM_1424_
svchost.exeM_1096_
svchost.exeM_928_
lsass.exeM_772_
services.exeM_760_
winlogon.exeM_716_
csrss.exeM_692_
smss.exeM_620_
uxJLpe1m

File activity

The process %original file name%.exe:204 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\system.ini (72 bytes)
C:\autorun.inf (331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00212B74_Rar\%original file name%.exe (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winfoutb.exe (741 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (840 bytes)
%Documents and Settings%\%current user%\Application Data\cssrs.exe (1425 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (272 bytes)
C:\xcas.exe (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00212C8D_Rar\%original file name%.exe (1425 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe (2850 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\winfoutb.exe (0 bytes)

Registry activity

The process %original file name%.exe:204 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Aas]
"a4_440" = "3154413240"
"a3_694" = "697136351"
"a2_348" = "2494845701"
"a2_349" = "2502018314"
"a2_346" = "2480518607"
"a2_347" = "2487724160"
"a2_344" = "2466168970"
"a2_345" = "2473349422"
"a2_342" = "2451836241"
"a2_343" = "2459001464"
"a2_340" = "2437499340"
"a2_341" = "2444667039"
"a2_180" = "1290437472"
"a2_181" = "1297605872"
"a2_182" = "1304775382"
"a2_183" = "1311960278"
"a2_184" = "1319109975"
"a2_185" = "1326292182"
"a2_186" = "1333459911"
"a2_187" = "1340623083"
"a2_188" = "1347792615"
"a2_189" = "1354957297"
"a4_444" = "3183089724"
"a3_789" = "1344615644"
"a3_788" = "1371246781"

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKCU\Software\Aas]
"a2_749" = "1074695196"
"a2_742" = "1024512385"
"a2_743" = "1031687630"
"a2_740" = "1010184894"
"a2_741" = "1017353701"
"a2_746" = "1053203695"
"a2_747" = "1060368993"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a2_745" = "1046035812"
"a1_503" = "3934638544"
"a1_502" = "2825038410"
"a1_501" = "272213388"
"a1_500" = "670268104"
"a1_507" = "1988863044"
"a1_506" = "2861828"
"a1_505" = "1192935066"
"a1_504" = "3996693050"
"a1_509" = "522777259"
"a1_508" = "2630935477"
"a3_659" = "412749722"
"a3_658" = "405760891"
"a4_844" = "1755770828"
"a1_946" = "833193988"
"a3_78" = "542637991"
"a3_79" = "549622726"
"a3_72" = "533156193"
"a3_73" = "506656128"
"a3_70" = "485103791"
"a3_71" = "525712590"
"a3_76" = "561686245"
"a3_77" = "568613636"
"a3_74" = "513568291"
"a3_75" = "554631746"
"a3_259" = "1873798154"
"a3_258" = "1866220523"
"a1_435" = "3052030983"
"a1_434" = "93878329"
"a1_433" = "4089917779"
"a1_432" = "3900551289"
"a1_431" = "3249279002"
"a1_430" = "462607002"
"a3_251" = "1782710578"
"a3_250" = "1809280147"
"a3_253" = "1830771188"
"a3_252" = "1789764949"
"a3_255" = "1844811446"
"a3_254" = "1837822487"
"a3_257" = "1825746760"
"a3_256" = "1818692393"
"a3_784" = "1308623673"
"a3_783" = "1335193222"
"a3_782" = "1328269927"
"a3_781" = "1287147972"
"a1_636" = "1240751026"
"a3_321" = "2284435336"
"a3_320" = "2310935401"
"a3_323" = "2332478538"
"a3_322" = "2291869739"
"a3_325" = "2346910988"
"a3_324" = "2339397869"
"a3_327" = "2327338446"
"a3_326" = "2320415151"
"a3_329" = "2375379584"
"a3_328" = "2368468577"
"a3_971" = "2682835394"
"a1_729" = "663647828"
"a1_728" = "3199029653"
"a3_439" = "3130280062"
"a3_438" = "3123369951"
"a3_435" = "3101883130"
"a3_434" = "3094824539"
"a3_437" = "3149870012"
"a3_436" = "3142426397"
"a3_431" = "3106444646"
"a3_430" = "3065901255"
"a3_433" = "3087376952"
"a3_432" = "3113879961"
"a4_818" = "1569373682"
"a4_819" = "1576542803"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Aas]
"a4_810" = "1512020714"
"a4_811" = "1519189835"
"a4_812" = "1526358956"
"a4_813" = "1533528077"
"a4_814" = "1540697198"
"a4_815" = "1547866319"
"a4_816" = "1555035440"
"a4_817" = "1562204561"
"a1_670" = "2198671524"
"a2_748" = "1067538055"
"a1_593" = "1873014247"
"a3_94" = "690598327"
"a3_95" = "698045910"
"a3_96" = "671534665"
"a3_97" = "678453992"
"a3_90" = "662052915"
"a3_91" = "669107282"
"a3_92" = "643004661"
"a3_93" = "649993492"
"a3_98" = "685967115"
"a3_99" = "726580138"
"a4_605" = "42350909"
"a4_604" = "35181788"
"a4_607" = "56689151"
"a4_606" = "49520030"
"a4_601" = "13674425"
"a4_600" = "6505304"
"a4_603" = "28012667"
"a4_602" = "20843546"
"a4_979" = "2723602163"
"a4_978" = "2716433042"
"a4_609" = "71027393"
"a4_608" = "63858272"
"a1_982" = "2795599195"
"a1_981" = "1952839898"
"a1_980" = "3120124906"
"a3_869" = "1918293868"
"a2_744" = "1038852637"
"a1_855" = "76500398"
"a3_655" = "383827462"
"a1_857" = "2860102380"
"a1_856" = "423427606"
"a1_851" = "1457361921"
"a1_850" = "2866289751"
"a1_853" = "3395689339"
"a3_654" = "376767975"
"a1_859" = "1620224022"
"a3_657" = "431879896"
"a4_779" = "1289777963"
"a4_778" = "1282608842"
"a3_929" = "2381983272"
"a3_656" = "424825529"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"

[HKCU\Software\Aas]
"a4_771" = "1232424995"
"a3_651" = "388835458"
"a4_773" = "1246763237"
"a4_772" = "1239594116"
"a4_775" = "1261101479"
"a4_774" = "1253932358"
"a4_777" = "1275439721"
"a3_650" = "348370019"
"a3_653" = "369779012"
"a3_652" = "395889957"
"a4_151" = "1082537271"
"a4_150" = "1075368150"
"a4_153" = "1096875513"
"a4_152" = "1089706392"
"a4_155" = "1111213755"
"a4_154" = "1104044634"
"a4_157" = "1125551997"
"a4_156" = "1118382876"
"a4_159" = "1139890239"
"a4_158" = "1132721118"
"a1_185" = "1569051299"
"a1_184" = "1928037690"
"a1_183" = "61176110"
"a1_182" = "2945488434"
"a1_181" = "1429071044"
"a1_180" = "3715855613"
"a1_963" = "2121660589"
"a4_559" = "4007538639"
"a4_558" = "4000369518"
"a4_555" = "3978862155"
"a4_554" = "3971693034"
"a4_557" = "3993200397"
"a4_556" = "3986031276"
"a4_551" = "3950185671"
"a4_550" = "3943016550"
"a4_553" = "3964523913"
"a4_552" = "3957354792"
"a1_753" = "3134876680"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.114116.info"

[HKCU\Software\Aas]
"a4_824" = "1612388408"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a4_392" = "2810295432"
"a4_391" = "2803126311"
"a4_390" = "2795957190"
"a4_397" = "2846141037"
"a4_396" = "2838971916"
"a4_395" = "2831802795"
"a4_394" = "2824633674"
"a4_399" = "2860479279"
"a4_398" = "2853310158"
"a4_865" = "1906322369"
"a4_864" = "1899153248"
"a4_867" = "1920660611"
"a1_932" = "2665423507"
"a4_866" = "1913491490"
"a1_933" = "2191547891"
"a4_861" = "1877645885"
"a3_758" = "1122262303"
"a4_860" = "1870476764"
"a1_931" = "2666629270"
"a4_863" = "1891984127"
"a1_936" = "3644674079"
"a4_862" = "1884815006"
"a1_937" = "1476561486"
"a2_405" = "2903494928"
"a2_404" = "2896328596"
"a2_407" = "2917829196"
"a2_406" = "2910661193"
"a2_401" = "2874814107"
"a2_400" = "2867655258"
"a2_403" = "2889160904"
"a2_402" = "2881993253"
"a1_935" = "3775588477"
"a2_409" = "2932163355"
"a2_408" = "2924992949"
"a2_975" = "2694927414"
"a2_974" = "2687761497"
"a2_977" = "2709260385"
"a2_976" = "2702093429"
"a2_971" = "2666243852"
"a2_970" = "2659086912"
"a2_973" = "2680595504"
"a4_896" = "2128565120"
"a2_979" = "2723610276"
"a2_978" = "2716428143"
"a1_222" = "1343561125"
"a1_223" = "2422894005"
"a1_220" = "3402565863"
"a1_221" = "3550315257"
"a1_226" = "770498463"
"a1_227" = "458564186"
"a1_224" = "2937189214"
"a1_225" = "2202633049"
"a1_228" = "1455184925"
"a1_229" = "1614675099"
"a2_579" = "4150928041"
"a2_578" = "4143756684"
"a2_571" = "4093573718"
"a2_570" = "4086393037"
"a2_573" = "4107909746"
"a2_572" = "4100740459"
"a2_575" = "4122239495"
"a2_574" = "4115072211"
"a2_577" = "4136576666"
"a2_576" = "4129410236"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden]
"CheckedValue" = "1"

[HKCU\Software\Aas]
"a2_351" = "2516369112"
"a2_350" = "2509185332"
"a2_353" = "2530705378"
"a2_352" = "2523538887"
"a2_355" = "2545036900"
"a2_354" = "2537870271"
"a2_357" = "2559369561"
"a2_356" = "2552214673"
"a2_359" = "2573718224"
"a2_358" = "2566539500"
"a3_906" = "2183550307"
"a3_622" = "147491207"
"a2_193" = "1383643010"
"a2_192" = "1376479613"
"a2_191" = "1369308422"
"a2_190" = "1362126864"
"a2_197" = "1412312015"
"a2_196" = "1405156057"
"a2_195" = "1397975212"
"a2_194" = "1390809042"
"a3_624" = "195544665"
"a2_199" = "1426657368"
"a2_198" = "1419490696"
"a3_625" = "168917752"
"a2_759" = "1146403542"
"a3_626" = "175906587"
"a2_755" = "1117722516"
"a2_754" = "1110556613"
"a2_757" = "1132056542"
"a3_627" = "183481274"
"a2_751" = "1089035359"
"a2_750" = "1081870883"
"a2_753" = "1103386570"
"a2_752" = "1096204562"
"a1_536" = "1344708683"
"a1_537" = "2673764640"
"a1_534" = "512365469"
"a1_535" = "4167459822"
"a1_89" = "3300999544"
"a1_88" = "1214117941"
"a1_530" = "3902774892"
"a1_531" = "2618539333"
"a1_85" = "2377178715"
"a1_84" = "1013499277"
"a1_87" = "1124596542"
"a1_86" = "1105002894"
"a1_81" = "330539494"
"a1_80" = "798394633"
"a1_83" = "3793175757"
"a1_82" = "3735609561"
"a3_914" = "2274560123"
"a2_898" = "2142910561"
"a1_896" = "405641173"
"a1_890" = "23123043"
"a2_899" = "2150079168"
"a1_67" = "1529153719"
"a1_66" = "3703255243"
"a1_65" = "1549995768"
"a3_133" = "970345548"
"a1_63" = "1347369105"
"a3_135" = "950830350"
"a3_136" = "991836577"
"a1_60" = "1378104035"
"a3_138" = "1006335587"
"a3_139" = "979823234"
"a3_684" = "625694981"
"a1_438" = "2852705869"
"a3_682" = "577634371"
"a3_683" = "584688866"
"a1_69" = "2036654690"
"a1_68" = "4183324941"
"a3_228" = "1617824845"
"a3_229" = "1624875244"
"a3_224" = "1588903625"
"a3_225" = "1629901672"
"a3_226" = "1636956043"
"a3_227" = "1610836010"
"a3_220" = "1593911669"
"a3_221" = "1600966036"
"a3_222" = "1608410679"
"a3_223" = "1581849174"
"a1_408" = "3609490422"
"a1_409" = "2939260999"
"a1_402" = "2830034328"
"a1_403" = "1153740936"
"a1_400" = "1605636832"
"a1_401" = "2785184687"
"a1_406" = "3758470048"
"a1_407" = "1342973553"
"a1_404" = "2509178076"
"a1_405" = "1702655776"
"a2_823" = "1605210362"
"a2_822" = "1598057667"
"a2_821" = "1590883653"
"a3_354" = "2521277451"
"a3_355" = "2528204970"
"a3_356" = "2568813773"
"a3_357" = "2576322924"
"a3_350" = "2492225207"
"a3_351" = "2499791574"
"a3_352" = "2540269385"
"a3_353" = "2547254248"
"a2_827" = "1633900720"
"a1_628" = "1758427210"
"a3_358" = "2583246223"
"a3_359" = "2556735022"
"a1_854" = "1708402626"
"a2_826" = "1626719286"
"a2_825" = "1619553198"
"a1_718" = "3676749893"
"a1_719" = "3419782419"
"a1_716" = "3028733575"
"a1_717" = "1031264121"
"a1_714" = "256518135"
"a1_715" = "1625905186"
"a1_712" = "113708433"
"a1_713" = "2927554196"
"a1_710" = "1440421440"
"a1_711" = "3903371578"
"a4_809" = "1504851593"
"a4_808" = "1497682472"
"a4_803" = "1461836867"
"a1_629" = "4144379404"
"a4_801" = "1447498625"
"a4_800" = "1440329504"
"a4_807" = "1490513351"
"a4_806" = "1483344230"
"a4_805" = "1476175109"
"a4_804" = "1469005988"
"a4_37" = "265257477"
"a4_36" = "258088356"
"a4_35" = "250919235"
"a4_34" = "243750114"
"a4_33" = "236580993"
"a4_32" = "229411872"
"a4_31" = "222242751"
"a4_30" = "215073630"
"a4_144" = "1032353424"
"a4_39" = "279595719"
"a4_38" = "272426598"
"a3_915" = "2281614490"
"a4_843" = "1748601707"
"a3_142" = "1034864615"
"a4_946" = "2487021170"
"a4_947" = "2494190291"
"a4_944" = "2472682928"
"a4_945" = "2479852049"
"a4_942" = "2458344686"
"a4_943" = "2465513807"
"a4_940" = "2444006444"
"a4_941" = "2451175565"
"a4_948" = "2501359412"

[HKCU\Software\Aas\695404737]
"28676484" = "35"

[HKCU\Software\Aas]
"a4_498" = "3570222258"
"a4_499" = "3577391379"
"a4_494" = "3541545774"
"a4_495" = "3548714895"
"a4_496" = "3555884016"
"a4_497" = "3563053137"
"a4_490" = "3512869290"
"a4_491" = "3520038411"
"a4_492" = "3527207532"
"a4_493" = "3534376653"
"a3_448" = "3194799081"
"a3_449" = "3202245640"
"a2_941" = "2451169498"
"a4_708" = "780770372"
"a4_709" = "787939493"
"a3_918" = "2303105535"
"a3_919" = "2310025758"
"a4_704" = "752093888"
"a4_705" = "759263009"
"a4_706" = "766432130"
"a4_707" = "773601251"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_701" = "730586525"
"a4_702" = "737755646"
"a4_703" = "744924767"
"a1_888" = "3150116668"
"a1_889" = "10012052"
"a1_886" = "1867912427"
"a1_887" = "3107285413"
"a1_884" = "1138406454"
"a1_885" = "1062367496"
"a1_882" = "13181564"
"a1_883" = "590368990"
"a1_880" = "2539416638"
"a1_881" = "345968263"
"a4_124" = "888971004"
"a4_125" = "896140125"
"a4_126" = "903309246"
"a4_127" = "910478367"
"a4_120" = "860294520"
"a4_121" = "867463641"
"a4_122" = "874632762"
"a4_123" = "881801883"
"a4_128" = "917647488"
"a4_129" = "924816609"
"a2_593" = "4251296460"
"a3_444" = "3166269973"
"a3_445" = "3206813364"
"a1_831" = "949156742"
"a2_592" = "4244126093"
"a1_930" = "4153866543"
"a1_948" = "3697999870"
"a4_238" = "1706250798"
"a4_239" = "1713419919"
"a4_230" = "1648897830"
"a4_231" = "1656066951"
"a4_232" = "1663236072"
"a4_233" = "1670405193"
"a4_234" = "1677574314"
"a4_235" = "1684743435"
"a4_236" = "1691912556"
"a4_237" = "1699081677"
"a1_480" = "1635451812"
"a1_723" = "2340547393"
"a1_722" = "3298112809"
"a1_721" = "3904947838"
"a1_720" = "1623901038"
"a1_768" = "3955553886"
"a1_727" = "3561700427"
"a1_726" = "576751951"
"a2_643" = "314772776"
"a2_790" = "1368644031"
"a1_725" = "3941507849"
"a2_642" = "307602987"
"a1_724" = "3851715331"
"a2_641" = "300436227"
"a2_640" = "293267434"
"a2_647" = "343453426"

"a2_646" = "336287380"
"a1_158" = "1152334254"
"a1_159" = "782952545"
"a2_645" = "329107506"
"a1_150" = "3452084119"
"a1_151" = "3479370823"
"a1_152" = "3282917158"
"a1_153" = "3681603906"
"a1_154" = "2979827485"
"a1_155" = "189865737"
"a1_156" = "2990110932"
"a1_157" = "182762305"
"a1_235" = "4280638301"
"a1_234" = "3563143446"
"a1_237" = "1541030676"
"a1_236" = "1750370257"
"a1_231" = "369915470"
"a1_230" = "3764576154"
"a1_233" = "3830747008"
"a1_232" = "2906428721"
"a1_239" = "2610917613"
"a1_238" = "2513834619"
"a2_210" = "1505522879"
"a2_211" = "1512678123"
"a2_212" = "1519846814"
"a2_213" = "1527029165"
"a2_214" = "1534194613"
"a2_215" = "1541362325"
"a2_216" = "1548528791"
"a2_217" = "1555694770"
"a2_218" = "1562860509"
"a2_219" = "1570030032"
"a1_966" = "3131044939"
"a2_508" = "3641913215"
"a2_509" = "3649079851"
"a2_504" = "3613229301"
"a2_505" = "3620413286"
"a2_506" = "3627580013"
"a2_507" = "3634746524"
"a2_500" = "3584568635"
"a2_501" = "3591721367"
"a2_502" = "3598893886"
"a2_503" = "3606061195"
"a2_791" = "1375812562"
"a2_698" = "709078306"
"a2_699" = "716246272"
"a2_694" = "680396059"
"a2_695" = "687576895"
"a2_696" = "694732154"
"a2_697" = "701912696"
"a2_690" = "651727873"
"a2_691" = "658888452"
"a2_692" = "666081143"
"a2_693" = "673230847"
"a2_324" = "2322796971"
"a2_325" = "2329965272"
"a2_326" = "2337132293"
"a2_327" = "2344293578"
"a2_320" = "2294112815"
"a2_321" = "2301281424"
"a2_322" = "2308463987"
"a2_323" = "2315631588"
"a1_521" = "2663973591"
"a1_520" = "1990247505"
"a1_523" = "3400977010"
"a1_522" = "79302064"
"a2_328" = "2351465832"
"a2_329" = "2358646781"
"a1_527" = "1491980786"
"a1_526" = "690877237"
"a2_799" = "1433164193"
"a2_798" = "1425996910"
"a4_962" = "2601727106"
"a1_98" = "1322327167"
"a1_99" = "1369221463"
"a1_92" = "1236415365"
"a1_93" = "3267181154"
"a1_90" = "2854845772"
"a1_91" = "3764090937"
"a1_96" = "355350590"
"a1_97" = "2874624952"
"a1_94" = "1480287429"
"a1_95" = "3797457794"
"a1_74" = "4228695390"
"a1_75" = "1993163314"
"a1_76" = "1108932629"
"a1_77" = "203798644"
"a1_70" = "1020719674"
"a1_71" = "353396409"
"a1_72" = "1889387540"
"a1_73" = "3981846268"
"a3_699" = "733118194"
"a3_698" = "725670483"
"a3_129" = "907869896"
"a3_128" = "934369961"
"a1_78" = "818424271"
"a1_79" = "2249141431"
"a3_239" = "1730403494"
"a3_238" = "1689270279"
"a3_237" = "1682343908"
"a3_236" = "1708909381"
"a3_235" = "1701334818"
"a3_234" = "1660856963"
"a3_233" = "1653814880"
"a3_232" = "1646370241"
"a3_231" = "1672935854"
"a3_230" = "1665877263"
"a1_419" = "2200595710"
"a1_418" = "2092888280"
"a3_953" = "2520368944"
"a1_415" = "1435195986"
"a1_414" = "3022708103"
"a1_417" = "2707353688"
"a1_416" = "3310212638"
"a1_411" = "1640738509"
"a1_410" = "1999513318"
"a1_413" = "2783934483"
"a1_412" = "1717400896"
"a3_939" = "2419869154"
"a3_347" = "2504287570"
"a3_346" = "2463809843"
"a3_345" = "2456759440"
"a3_344" = "2482866289"
"a3_343" = "2475825118"
"a3_342" = "2468836287"
"a3_341" = "2427838236"
"a3_340" = "2420783869"
"a3_349" = "2485301780"
"a3_348" = "2511804917"
"a1_701" = "1483825347"
"a1_700" = "2225908454"
"a1_703" = "98035937"
"a1_702" = "3141764012"
"a1_705" = "4055019167"
"a1_704" = "34842492"
"a1_707" = "4049833389"
"a1_706" = "2918318398"
"a1_709" = "4091563547"
"a1_708" = "1272820765"
"a2_360" = "2580885693"
"a4_838" = "1712756102"
"a2_361" = "2588055253"
"a4_836" = "1698417860"
"a4_837" = "1705586981"
"a4_834" = "1684079618"
"a4_835" = "1691248739"
"a4_832" = "1669741376"
"a2_362" = "2595220653"
"a4_830" = "1655403134"
"a4_831" = "1662572255"
"a4_24" = "172058904"
"a4_25" = "179228025"
"a4_26" = "186397146"
"a4_27" = "193566267"
"a4_20" = "143382420"
"a4_21" = "150551541"
"a4_22" = "157720662"
"a4_23" = "164889783"
"a4_951" = "2522866775"
"a2_364" = "2609555308"
"a4_953" = "2537205017"
"a4_952" = "2530035896"
"a4_28" = "200735388"
"a4_29" = "207904509"
"a4_957" = "2565881501"
"a2_365" = "2616722761"
"a2_366" = "2623905735"
"a2_367" = "2631072054"
"a1_743" = "3028344286"
"a2_168" = "1204419282"

"a2_169" = "1211588692"
"a4_847" = "1777278191"
"a4_489" = "3505700169"
"a4_488" = "3498531048"
"a4_487" = "3491361927"
"a4_486" = "3484192806"
"a4_485" = "3477023685"
"a4_484" = "3469854564"
"a4_483" = "3462685443"
"a4_482" = "3455516322"
"a4_481" = "3448347201"
"a4_480" = "3441178080"
"a2_160" = "1147054868"
"a4_973" = "2680587437"
"a2_161" = "1154220853"
"a4_977" = "2709263921"
"a4_972" = "2673418316"
"a4_971" = "2666249195"
"a3_901" = "2147558220"
"a3_900" = "2174193453"
"a3_903" = "2162063374"
"a3_902" = "2154612719"
"a3_905" = "2209657024"
"a3_904" = "2202606753"
"a4_719" = "859630703"
"a4_718" = "852461582"
"a4_717" = "845292461"
"a4_716" = "838123340"
"a4_715" = "830954219"
"a4_714" = "823785098"
"a4_713" = "816615977"
"a4_712" = "809446856"
"a4_711" = "802277735"
"a4_710" = "795108614"
"a1_891" = "4136271298"
"a3_776" = "1251683361"
"a1_893" = "4145810180"
"a1_892" = "476574504"
"a1_895" = "3660009070"
"a1_894" = "3191877572"
"a1_897" = "849003709"
"a3_777" = "1292288064"
"a1_899" = "2976248062"
"a1_898" = "1635992976"
"a4_974" = "2687756558"
"a3_774" = "1270749039"
"a4_137" = "982169577"
"a4_136" = "975000456"
"a4_135" = "967831335"
"a4_134" = "960662214"
"a4_133" = "953493093"
"a4_132" = "946323972"
"a4_131" = "939154851"
"a4_130" = "931985730"
"a3_772" = "1222762157"
"a4_139" = "996507819"
"a4_138" = "989338698"
"a4_975" = "2694925679"
"a3_770" = "1208254955"
"a3_771" = "1215707658"
"a2_455" = "3261955733"
"a1_617" = "53684632"
"a4_229" = "1641728709"
"a4_228" = "1634559588"
"a4_223" = "1598713983"
"a4_222" = "1591544862"
"a4_221" = "1584375741"
"a4_220" = "1577206620"
"a4_227" = "1627390467"
"a4_226" = "1620221346"
"a4_225" = "1613052225"
"a4_224" = "1605883104"
"a1_615" = "91846011"
"a2_459" = "3290620508"
"a3_678" = "548713167"
"a1_614" = "5359322"
"a1_820" = "1298200040"
"a1_821" = "1272353612"
"a1_822" = "3623143225"

"a1_149" = "1030084687"
"a1_148" = "1448252490"
"a1_143" = "4199974518"
"a1_142" = "146246551"
"a1_141" = "1489077533"
"a1_140" = "1913722565"
"a1_147" = "3935661069"
"a1_146" = "559303951"
"a1_145" = "1508506060"
"a1_144" = "1303199691"
"a1_826" = "3619700887"
"a1_827" = "3841152614"
"a2_203" = "1455328908"
"a2_202" = "1448157453"
"a2_201" = "1440990186"
"a2_200" = "1433825870"
"a2_207" = "1484010870"
"a2_206" = "1476843523"
"a2_205" = "1469654306"
"a2_204" = "1462497011"
"a2_209" = "1498344138"
"a2_208" = "1491178976"
"a2_519" = "3720782077"
"a2_518" = "3713613675"
"a2_517" = "3706426420"
"a2_516" = "3699274512"
"a2_515" = "3692088548"
"a2_514" = "3684936175"
"a2_513" = "3677761618"
"a2_512" = "3670595747"
"a2_511" = "3663414340"
"a2_510" = "3656243978"
"a2_689" = "644549604"
"a2_688" = "637391627"
"a2_687" = "630226349"
"a2_686" = "623044325"
"a2_685" = "615877679"
"a2_684" = "608708183"
"a2_683" = "601544268"
"a2_682" = "594364857"
"a2_681" = "587210025"
"a2_680" = "580026851"
"a2_337" = "2416000566"
"a2_336" = "2408818107"
"a2_335" = "2401649286"
"a2_334" = "2394478297"
"a2_333" = "2387314599"
"a2_332" = "2380149219"
"a2_331" = "2372981634"
"a2_330" = "2365813413"
"a1_554" = "2289154134"
"a1_555" = "834689182"
"a1_556" = "2210737397"
"a1_557" = "1156715383"
"a3_242" = "1718323611"
"a1_551" = "2438067380"
"a2_339" = "2430333316"
"a2_338" = "2423166866"
"a4_673" = "529851137"
"a1_918" = "1243982188"
"a1_919" = "3234474603"
"a3_243" = "1725243962"
"a1_852" = "4042829591"
"a1_914" = "4245659177"
"a1_398" = "2026778519"
"a1_399" = "4187628130"
"a4_679" = "572865863"
"a1_392" = "963053248"
"a1_393" = "720484484"
"a1_390" = "3016608263"
"a1_391" = "1130496362"
"a1_396" = "1511269187"
"a1_397" = "1503383224"
"a1_394" = "2393714842"
"a1_395" = "2683233685"
"a1_858" = "105189958"
"a3_116" = "814879197"
"a3_117" = "821922428"
"a3_114" = "834001179"
"a3_115" = "807894458"
"a3_112" = "785940569"
"a3_113" = "826942712"
"a3_110" = "771902343"
"a3_111" = "778955814"
"a1_49" = "3334710105"
"a1_48" = "3891993486"
"a3_554" = "3988280259"
"a3_118" = "862924447"
"a3_119" = "869974846"
"a3_202" = "1465015971"
"a3_203" = "1472066242"
"a3_200" = "1416954337"
"a3_201" = "1424013824"
"a3_206" = "1493543975"
"a3_207" = "1500987462"
"a3_204" = "1445500773"
"a3_205" = "1452936068"
"a1_197" = "999756540"
"a3_759" = "1163391422"
"a3_208" = "1508041977"
"a3_209" = "1481480472"
"a3_592" = "4261104249"
"a3_593" = "4234604184"
"a3_590" = "4246617511"
"a3_591" = "4253667782"
"a3_596" = "4289649661"
"a3_597" = "4263017500"
"a3_594" = "4241589051"
"a3_595" = "4282591066"
"a3_598" = "4270526655"
"a3_599" = "4277581022"
"a4_848" = "1784447312"
"a3_578" = "4160735531"
"a3_579" = "4134104394"
"a4_770" = "1225255874"
"a3_570" = "4069660115"
"a3_571" = "4076703346"
"a3_572" = "4117701269"
"a3_573" = "4124755764"
"a3_574" = "4098128727"
"a3_575" = "4105641974"
"a3_576" = "4146245737"
"a3_577" = "4153169032"
"a1_774" = "1516604696"
"a1_775" = "2461929459"
"a1_776" = "4005642079"
"a1_777" = "3308710710"
"a1_191" = "731814017"
"a1_771" = "189332302"
"a1_772" = "2736428253"
"a1_773" = "2721997488"
"a1_953" = "2198052011"
"a3_927" = "2367492374"
"a1_778" = "4216178618"
"a1_779" = "2414564722"
"a3_926" = "2326953207"
"a2_17" = "121876502"
"a2_16" = "114710783"
"a2_15" = "107544234"
"a2_14" = "100362681"
"a2_13" = "93193498"
"a2_12" = "86027323"
"a2_11" = "78869254"
"a2_10" = "71692965"
"a4_829" = "1648234013"
"a4_828" = "1641064892"
"a4_776" = "1268270600"
"a1_592" = "1084418030"
"a2_19" = "136210231"
"a2_18" = "129046281"
"a4_11" = "78860331"
"a4_10" = "71691210"
"a4_13" = "93198573"
"a4_12" = "86029452"
"a4_15" = "107536815"
"a4_14" = "100367694"
"a4_17" = "121875057"
"a4_16" = "114705936"
"a4_19" = "136213299"
"a4_18" = "129044178"
"a4_926" = "2343638750"
"a4_927" = "2350807871"
"a1_878" = "2892887287"
"a4_921" = "2307793145"
"a4_922" = "2314962266"
"a1_595" = "3329068863"
"a1_596" = "2633027177"
"a1_597" = "3254924643"
"a1_608" = "1791772205"
"a1_609" = "3308709756"
"a3_378" = "2693094675"
"a3_379" = "2700145074"
"a4_846" = "1770109070"
"a3_372" = "2683746013"
"a3_373" = "2657102716"
"a3_370" = "2669182491"
"a3_371" = "2676691642"
"a3_376" = "2712142929"
"a3_377" = "2686171376"
"a3_374" = "2664681375"
"a3_375" = "2705154110"
"a1_759" = "640420046"
"a3_488" = "3515101889"
"a3_489" = "3522680672"
"a4_841" = "1734263465"
"a4_840" = "1727094344"
"a1_950" = "4224215587"
"a3_484" = "3486690637"
"a1_952" = "657850597"
"a2_925" = "2336468675"
"a1_954" = "55260963"
"a1_955" = "4158053793"
"a1_956" = "2664866629"
"a3_485" = "3460055532"
"a1_958" = "3887223872"
"a2_922" = "2314969351"
"a1_750" = "1705398641"
"a1_751" = "4073609162"
"a1_756" = "3356736093"
"a1_757" = "2461518860"
"a4_722" = "881138066"
"a4_723" = "888307187"
"a4_720" = "866799824"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"blank" = "http://www.114116.info"

[HKCU\Software\Aas]
"a4_726" = "909814550"
"a4_727" = "916983671"
"a4_724" = "895476308"
"a4_725" = "902645429"
"a4_728" = "924152792"
"a4_729" = "931321913"
"a3_978" = "2699694267"
"a3_979" = "2740303066"
"a3_127" = "927442486"
"a1_189" = "2765704389"
"a4_903" = "2178748967"
"a1_188" = "3146132324"
"a4_900" = "2157241604"
"a1_187" = "3036422625"
"a4_901" = "2164410725"
"a1_186" = "716868149"
"a2_929" = "2365155116"
"a4_905" = "2193087209"
"a4_586" = "4201104906"
"a4_587" = "4208274027"
"a4_584" = "4186766664"
"a4_585" = "4193935785"
"a4_582" = "4172428422"
"a4_583" = "4179597543"
"a4_580" = "4158090180"
"a4_581" = "4165259301"
"a3_800" = "1423623433"
"a3_801" = "1464105384"
"a3_802" = "1471618507"
"a3_803" = "1445115498"
"a3_804" = "1452026509"
"a3_805" = "1459605292"
"a4_588" = "4215443148"
"a4_589" = "4222612269"
"a3_645" = "312377932"
"a4_909" = "2221763693"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"

[HKCU\Software\Aas]
"a4_966" = "2630403590"
"a4_218" = "1562868378"
"a4_219" = "1570037499"
"a4_216" = "1548530136"
"a4_217" = "1555699257"
"a4_214" = "1534191894"
"a4_215" = "1541361015"
"a4_212" = "1519853652"
"a4_213" = "1527022773"
"a4_210" = "1505515410"
"a4_211" = "1512684531"
"a4_458" = "3283457418"
"a4_459" = "3290626539"
"a4_108" = "774265068"
"a4_109" = "781434189"
"a1_843" = "1886253862"
"a4_102" = "731250342"
"a4_103" = "738419463"
"a4_100" = "716912100"
"a4_101" = "724081221"
"a4_106" = "759926826"
"a4_107" = "767095947"
"a4_104" = "745588584"
"a4_105" = "752757705"
"a1_605" = "826318332"
"a1_558" = "3242490419"
"a1_559" = "3232464799"
"a1_606" = "1711249996"
"a3_925" = "2319505492"
"a1_178" = "1238610641"
"a1_179" = "1561375629"
"a1_176" = "3172646126"
"a1_177" = "3224198742"
"a1_174" = "11594551"
"a1_175" = "472688921"
"a1_172" = "1332158569"
"a1_173" = "1561134649"
"a1_170" = "1894192437"
"a1_171" = "768637828"
"a1_550" = "1163571418"
"a2_236" = "1691915141"
"a2_237" = "1699083541"
"a2_234" = "1677581253"
"a2_235" = "1684735442"
"a2_232" = "1663232739"
"a2_233" = "1670400600"
"a2_230" = "1648898405"
"a2_231" = "1656065393"
"a1_553" = "3349622981"
"a2_238" = "1706249175"
"a2_239" = "1713417377"
"a2_522" = "3742282596"
"a2_523" = "3749448390"
"a2_520" = "3727949134"
"a2_521" = "3735115577"
"a2_526" = "3770948707"
"a2_527" = "3778119032"
"a2_524" = "3756617123"
"a2_525" = "3763782986"
"a2_838" = "1712751465"
"a2_839" = "1719918808"
"a2_528" = "3785299126"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a3_688" = "620670617"
"a1_626" = "4090891367"
"a1_627" = "3205408470"
"a1_624" = "3949550638"
"a1_549" = "577825372"
"a1_548" = "4035516643"
"a1_547" = "697555709"
"a1_546" = "4041638360"
"a1_545" = "1616133087"
"a1_544" = "2954108311"
"a1_543" = "1520699371"
"a1_542" = "491674123"
"a1_541" = "4268576310"
"a1_540" = "4073760197"
"a2_658" = "422320526"
"a2_659" = "429486868"
"a2_308" = "2208096147"
"a2_309" = "2215264054"
"a2_302" = "2165079970"
"a2_303" = "2172251630"
"a2_300" = "2150728299"
"a2_301" = "2157911014"
"a2_306" = "2193747229"
"a2_307" = "2200926573"
"a2_304" = "2179410955"
"a2_305" = "2186578995"
"a2_786" = "1339959625"
"a2_787" = "1347125580"
"a2_784" = "1325626294"
"a2_785" = "1332793590"
"a2_782" = "1311292362"
"a2_783" = "1318460680"
"a2_780" = "1296942283"
"a2_781" = "1304110810"
"a2_788" = "1354291219"
"a2_789" = "1361477303"
"a1_389" = "3751690503"
"a1_388" = "3767642994"
"a1_385" = "4280103775"
"a1_384" = "332008157"
"a1_387" = "1906200182"
"a1_386" = "1974076717"
"a1_381" = "3965312036"
"a1_380" = "1910562630"
"a1_383" = "131599265"
"a1_382" = "3632695531"
"a1_58" = "2182767315"
"a1_59" = "2456537396"
"a1_56" = "1744648264"
"a1_57" = "1883640868"
"a1_54" = "3808153918"
"a1_55" = "188072107"
"a1_52" = "4284904629"
"a1_53" = "710783352"
"a1_50" = "1375495737"
"a1_51" = "1328780293"
"a3_215" = "1524377438"
"a3_214" = "1517454143"
"a3_217" = "1572437008"
"a3_216" = "1565514737"
"a3_211" = "1529532890"
"a3_210" = "1488928187"
"a3_213" = "1510469276"
"a3_212" = "1536445053"
"a1_616" = "2686957350"
"a3_748" = "1050812741"
"a3_219" = "1553446098"
"a3_218" = "1545867443"
"a3_585" = "4177070976"
"a3_584" = "4170159969"
"a3_587" = "4225122370"
"a3_586" = "4217678883"
"a3_581" = "4182227468"
"a3_580" = "4141089261"
"a3_583" = "4162646734"
"a3_582" = "4189150895"
"a3_589" = "4205615364"
"a3_588" = "4198622437"
"a3_893" = "2090093684"
"a3_569" = "4062671280"
"a3_568" = "4088782097"
"a3_563" = "4052790138"
"a3_562" = "4045747931"
"a3_561" = "4005270200"
"a3_560" = "3997761049"
"a3_567" = "4081727742"
"a3_566" = "4040721503"
"a3_565" = "4033732668"
"a3_564" = "4026683293"
"a3_109" = "798021476"
"a3_108" = "790966981"
"a1_765" = "4153156031"
"a1_764" = "3094220735"
"a1_763" = "3197682511"
"a1_762" = "129461749"
"a1_761" = "194678885"
"a3_724" = "878479485"
"a3_101" = "707522668"
"a3_100" = "733503437"
"a3_103" = "754977070"
"a3_102" = "714511503"
"a3_105" = "769475040"
"a3_104" = "762555713"
"a3_107" = "750493346"
"a3_106" = "742980099"
"a4_854" = "1827462038"
"a4_855" = "1834631159"
"a4_856" = "1841800280"
"a3_726" = "926531903"
"a4_850" = "1798785554"
"a4_851" = "1805954675"
"a4_852" = "1813123796"
"a4_853" = "1820292917"
"a3_721" = "890560280"
"a2_914" = "2257600613"
"a4_858" = "1856138522"
"a1_586" = "1957647481"
"a1_789" = "711974967"
"a3_720" = "849951481"
"a4_393" = "2817464553"
"a3_898" = "2126083691"
"a3_723" = "904992730"
"a4_939" = "2436837323"
"a4_938" = "2429668202"
"a4_937" = "2422499081"
"a4_936" = "2415329960"
"a4_935" = "2408160839"
"a3_722" = "898003899"
"a4_933" = "2393822597"
"a4_932" = "2386653476"
"a4_931" = "2379484355"
"a4_930" = "2372315234"
"a3_955" = "2568364018"
"a1_788" = "2626156201"
"a1_619" = "424482294"
"a1_618" = "1864890192"
"a3_369" = "2628699640"
"a3_368" = "2621645145"
"a3_365" = "2600170596"
"a3_364" = "2592723909"
"a3_367" = "2647756070"
"a3_366" = "2640767111"
"a3_361" = "2604787424"
"a3_360" = "2564178497"
"a3_363" = "2585673634"
"a3_362" = "2611780355"
"a4_520" = "3727942920"
"a4_521" = "3735112041"
"a1_584" = "722015388"
"a4_522" = "3742281162"
"a2_62" = "444486363"
"a4_523" = "3749450283"
"a2_63" = "451651616"
"a4_524" = "3756619404"
"a1_971" = "3919016110"
"a2_60" = "430153675"
"a4_525" = "3763788525"
"a1_943" = "4280901393"
"a1_942" = "3471187517"
"a1_941" = "3410203104"
"a2_61" = "437321367"
"a1_947" = "2700228741"
"a4_526" = "3770957646"
"a1_945" = "720665684"
"a1_944" = "1342408157"
"a2_66" = "473168485"
"a1_949" = "3156566976"
"a4_527" = "3778126767"
"a2_67" = "480336100"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKCU\Software\Aas]
"a2_64" = "458818727"
"a2_65" = "465985420"
"a4_735" = "974336639"
"a4_734" = "967167518"
"a4_737" = "988674881"
"a4_736" = "981505760"
"a4_731" = "945660155"
"a4_730" = "938491034"
"a4_733" = "959998397"
"a4_732" = "952829276"
"a4_739" = "1003013123"
"a4_738" = "995844002"
"a3_969" = "2668861696"
"a3_968" = "2627790049"
"a4_599" = "4294303479"
"a4_598" = "4287134358"
"a1_782" = "3711430128"
"a4_591" = "4236950511"
"a4_590" = "4229781390"
"a4_593" = "4251288753"
"a4_592" = "4244119632"
"a4_595" = "4265626995"
"a4_594" = "4258457874"
"a4_597" = "4279965237"
"a4_596" = "4272796116"
"a1_786" = "1416955276"
"a1_41" = "2329734138"
"a1_40" = "2830129233"
"a1_43" = "825649201"
"a3_819" = "1559971962"
"a1_42" = "210578865"
"a3_813" = "1516544548"
"a1_45" = "3362637123"
"a3_811" = "1536136546"
"a3_810" = "1528623299"
"a3_817" = "1545483192"
"a3_816" = "1571594009"
"a3_815" = "1564605158"
"a1_44" = "1065094643"
"a1_47" = "1923326655"
"a1_46" = "2443461306"
"a4_201" = "1440993321"
"a4_200" = "1433824200"
"a4_203" = "1455331563"
"a4_202" = "1448162442"
"a4_205" = "1469669805"
"a4_204" = "1462500684"
"a4_207" = "1484008047"
"a4_206" = "1476838926"
"a4_209" = "1498346289"
"a4_208" = "1491177168"
"a4_823" = "1605219287"
"a4_449" = "3218935329"
"a4_448" = "3211766208"
"a4_119" = "853125399"
"a4_118" = "845956278"
"a4_115" = "824448915"
"a4_114" = "817279794"
"a4_117" = "838787157"
"a4_116" = "831618036"
"a4_111" = "795772431"
"a4_110" = "788603310"
"a4_113" = "810110673"
"a4_112" = "802941552"
"a4_924" = "2329300508"
"a4_565" = "4050553365"
"a3_750" = "1098874375"
"a3_751" = "1105859238"
"a3_752" = "1079359193"
"a3_753" = "1086794616"
"a4_566" = "4057722486"
"a3_921" = "2290961104"
"a3_754" = "1127403419"
"a4_879" = "2006690063"
"a3_725" = "885927068"
"a3_755" = "1134321722"
"a3_756" = "1108280413"
"a1_783" = "475697137"
"a3_757" = "1115339004"
"a1_959" = "628937878"
"a2_907" = "2207417731"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden]
"CheckedValue" = "1"

[HKCU\Software\Aas]
"a1_161" = "2569369788"
"a1_160" = "2879917270"
"a1_163" = "1395182234"
"a1_162" = "83189163"
"a1_165" = "1148256085"
"a1_164" = "1838097655"
"a1_167" = "4132569098"
"a1_166" = "238469684"
"a1_169" = "490179666"
"a1_168" = "4049707732"
"a3_727" = "933979486"
"a2_535" = "3835486036"
"a2_534" = "3828317615"
"a2_537" = "3849826107"
"a2_536" = "3842650903"
"a2_531" = "3806801427"
"a2_530" = "3799632679"
"a2_533" = "3821134873"
"a2_532" = "3813966145"
"a2_829" = "1648236155"
"a2_828" = "1641067763"
"a2_539" = "3864150326"
"a2_538" = "3856983468"
"a4_447" = "3204597087"
"a1_572" = "883018949"
"a1_573" = "3022510912"
"a1_570" = "3688042019"
"a1_571" = "3472397189"
"a1_576" = "470414100"
"a1_577" = "2560634527"
"a1_574" = "353788460"
"a1_575" = "341812502"
"a1_578" = "3025835384"
"a1_579" = "1896275367"
"a2_649" = "357786967"
"a2_648" = "350620071"
"a2_319" = "2286947588"
"a2_318" = "2279779073"
"a2_315" = "2258277468"
"a2_314" = "2251096509"
"a2_317" = "2272620506"
"a2_316" = "2265433245"
"a2_311" = "2229595905"
"a2_310" = "2222435617"
"a2_313" = "2243929907"
"a2_312" = "2236763686"
"a2_229" = "1641734028"
"a2_228" = "1634562847"
"a2_221" = "1584381174"
"a2_220" = "1577212074"
"a2_223" = "1598711755"
"a2_222" = "1591546105"
"a2_225" = "1613049761"
"a2_224" = "1605878045"
"a2_227" = "1627395436"
"a2_226" = "1620214885"
"a1_370" = "3558164106"
"a1_371" = "2190481637"
"a1_372" = "2131018953"
"a1_373" = "2500134202"
"a1_374" = "2741231328"
"a1_375" = "2261934913"
"a1_376" = "742687235"
"a1_377" = "2948890006"
"a1_378" = "2088246627"
"a1_379" = "2677411409"
"a2_793" = "1390143093"
"a2_792" = "1382978120"
"a2_795" = "1404477696"
"a2_794" = "1397312737"
"a2_797" = "1418828149"
"a2_796" = "1411647515"
"a3_36" = "241268621"
"a3_37" = "248309804"
"a3_183" = "1328655230"
"a1_29" = "2943873857"
"a1_28" = "2468619701"
"a1_590" = "1898774737"
"a1_23" = "864058602"
"a1_22" = "4165139436"
"a1_21" = "285767205"
"a1_20" = "3890683434"
"a1_27" = "2882076526"
"a1_26" = "1693630115"
"a1_25" = "459047956"
"a1_24" = "1339572289"
"a1_284" = "1052045261"
"a1_285" = "278361229"
"a1_286" = "3836760593"
"a1_287" = "3778998504"
"a1_280" = "9633604"
"a1_281" = "1933510727"
"a1_282" = "995694438"
"a1_283" = "1217482336"
"a3_31" = "205278614"
"a1_288" = "4071334046"
"a1_289" = "1185119448"
"a3_778" = "1299211491"
"a3_779" = "1306728706"
"a2_903" = "2178757221"
"a1_591" = "966412438"
"a3_32" = "212854281"
"a2_972" = "2673423654"
"a3_558" = "4017332551"
"a3_559" = "4024255974"
"a3_556" = "3969214597"
"a3_557" = "4009757988"
"a1_552" = "4090356451"
"a3_555" = "3962303586"
"a3_552" = "3940752129"
"a3_553" = "3981361056"
"a3_550" = "3926311503"
"a3_551" = "3933234926"
"a1_598" = "4192288604"
"a1_599" = "1993412414"
"a3_178" = "1292673371"
"a3_179" = "1300121082"
"a3_174" = "1264145351"
"a3_175" = "1271198822"
"a3_176" = "1245079705"
"a3_177" = "1252068664"
"a3_170" = "1235731011"
"a3_171" = "1209100002"
"a3_172" = "1216092933"
"a3_173" = "1223671716"
"a2_31" = "222248590"
"a2_30" = "215084729"
"a2_33" = "236578172"
"a2_32" = "229415404"
"a2_35" = "250914151"
"a2_34" = "243747547"
"a2_37" = "265263206"
"a2_36" = "258082907"
"a2_39" = "279603856"
"a2_38" = "272431453"
"a3_486" = "3467639311"
"a3_487" = "3508182702"
"a3_480" = "3424608201"
"a3_481" = "3431657576"
"a3_482" = "3438646411"
"a3_483" = "3479636266"
"a4_902" = "2171579846"
"a2_584" = "4186763173"
"a4_79" = "566360559"
"a4_78" = "559191438"
"a4_906" = "2200256330"
"a4_907" = "2207425451"
"a4_904" = "2185918088"
"a2_585" = "4193941873"
"a4_73" = "523345833"
"a4_72" = "516176712"
"a4_71" = "509007591"
"a4_70" = "501838470"
"a4_77" = "552022317"
"a4_76" = "544853196"
"a4_75" = "537684075"
"a4_74" = "530514954"
"a3_642" = "324456811"
"a3_390" = "2812641775"
"a3_391" = "2786540046"
"a3_392" = "2793594529"
"a3_393" = "2800513728"
"a3_394" = "2841581411"
"a3_395" = "2848623490"
"a3_396" = "2821991461"
"a3_397" = "2829566020"
"a3_398" = "2870043879"
"a3_399" = "2877036806"
"a1_529" = "1491029544"
"a1_625" = "1020734235"
"a1_622" = "4154427633"
"a1_623" = "249660543"
"a1_620" = "3013634224"
"a1_621" = "4073256739"
"a3_643" = "331380106"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"

[HKCU\Software\Aas\695404737]
"7169121" = "198"

[HKCU\Software\Aas]
"a3_958" = "2556348631"
"a3_959" = "2563272054"
"a1_528" = "3408735150"
"a2_588" = "4215445803"
"a3_950" = "2498827743"
"a3_951" = "2539425406"
"a3_956" = "2575413269"
"a3_957" = "2582860980"
"a3_954" = "2527820627"
"a2_589" = "4222608814"
"a1_976" = "565962685"
"a1_977" = "841280068"
"a1_974" = "804117584"
"a1_975" = "2184408118"
"a1_972" = "3053813793"
"a1_973" = "1403626233"
"a1_970" = "3457299164"
"a3_827" = "1616916338"
"a1_770" = "3637108636"
"a1_978" = "3691185614"
"a1_979" = "2467807165"
"a4_199" = "1426655079"
"a3_505" = "3603458416"
"a3_504" = "3596547281"
"a2_363" = "2602398896"
"a3_507" = "3651577394"
"a3_506" = "3644525971"
"a3_501" = "3608550396"
"a3_646" = "352855791"
"a3_500" = "3568002909"
"a3_503" = "3623047358"
"a3_502" = "3615603743"
"a4_821" = "1590881045"
"a4_698" = "709079162"
"a4_699" = "716248283"
"a4_820" = "1583711924"
"a4_692" = "666064436"
"a4_693" = "673233557"
"a4_690" = "651726194"
"a4_691" = "658895315"
"a4_696" = "694740920"
"a4_697" = "701910041"
"a4_694" = "680402678"
"a4_695" = "687571799"
"a4_822" = "1598050166"
"a3_828" = "1624490901"
"a3_829" = "1664967732"
"a3_826" = "1643547347"
"a4_825" = "1619557529"
"a3_824" = "1628992017"
"a3_825" = "1636505264"
"a3_822" = "1581458783"
"a3_823" = "1588517374"
"a3_820" = "1600580765"
"a3_821" = "1607565628"
"a2_900" = "2157233787"
"a1_746" = "2879575650"
"a4_827" = "1633895771"
"a2_901" = "2164413932"
"a3_644" = "305393197"
"a4_826" = "1626726650"
"a2_902" = "2171580775"
"a4_274" = "1964339154"
"a4_275" = "1971508275"
"a4_276" = "1978677396"
"a4_277" = "1985846517"
"a4_270" = "1935662670"
"a4_271" = "1942831791"
"a4_272" = "1950000912"
"a4_273" = "1957170033"
"a2_904" = "2185913090"
"a4_278" = "1993015638"
"a4_279" = "2000184759"
"a2_905" = "2193081098"
"a2_906" = "2200249135"
"a4_478" = "3426839838"
"a4_479" = "3434008959"
"a4_476" = "3412501596"
"a4_477" = "3419670717"
"a4_474" = "3398163354"
"a4_475" = "3405332475"
"a4_472" = "3383825112"
"a4_473" = "3390994233"
"a4_470" = "3369486870"
"a4_471" = "3376655991"
"a4_308" = "2208089268"
"a4_309" = "2215258389"
"a4_300" = "2150736300"
"a4_301" = "2157905421"
"a4_302" = "2165074542"
"a4_303" = "2172243663"
"a4_304" = "2179412784"
"a4_305" = "2186581905"
"a4_306" = "2193751026"
"a4_307" = "2200920147"
"a1_114" = "3048295180"
"a1_115" = "2137218093"
"a1_116" = "1408390048"
"a1_117" = "2275985531"
"a1_110" = "1533853168"
"a1_111" = "2115844944"
"a1_112" = "1803194299"
"a1_113" = "2511137145"
"a1_824" = "1923324292"
"a1_118" = "2315203321"
"a1_119" = "2002362325"
"a2_662" = "450987136"
"a4_576" = "4129413696"
"a4_920" = "2300624024"
"a3_732" = "969437045"
"a2_498" = "3570225877"
"a2_499" = "3577396881"
"a2_492" = "3527199480"
"a2_493" = "3534377754"
"a2_490" = "3512874972"
"a2_491" = "3520045596"
"a2_496" = "3555880265"
"a2_497" = "3563059094"
"a2_494" = "3541537385"
"a2_495" = "3548708968"
"a2_816" = "1555031039"
"a2_817" = "1562198839"
"a2_814" = "1540698601"
"a2_815" = "1547864012"
"a2_812" = "1526364531"
"a3_740" = "1026900557"
"a2_810" = "1512015034"
"a2_811" = "1519182107"
"a3_733" = "943391636"
"a4_570" = "4086398970"
"a2_818" = "1569368159"
"a2_819" = "1576534532"
"a1_565" = "3197477196"
"a1_564" = "1597682670"
"a1_567" = "2123725929"
"a1_566" = "1008606655"
"a1_561" = "4071099224"
"a1_560" = "1241136751"
"a1_563" = "2482527499"
"a1_562" = "2078830763"
"a1_569" = "3029373888"
"a1_568" = "731411299"
"a1_525" = "338697555"
"a2_678" = "565692086"
"a2_679" = "572860140"
"a2_676" = "551357179"
"a2_677" = "558525141"
"a2_674" = "537027761"
"a2_675" = "544194016"
"a2_672" = "522675010"
"a2_673" = "529856864"
"a2_670" = "508340667"
"a2_671" = "515521195"
"a3_982" = "2728158783"
"a2_258" = "1849636326"
"a2_259" = "1856804354"
"a2_254" = "1820951910"
"a2_255" = "1828119833"
"a2_256" = "1835301394"
"a2_257" = "1842470846"
"a2_250" = "1792283463"
"a2_251" = "1799453072"
"a2_252" = "1806620321"
"a2_253" = "1813785796"
"a1_363" = "2277736259"
"a1_362" = "17135607"
"a1_361" = "4021278990"
"a1_360" = "3153652787"
"a1_367" = "2161651798"
"a1_366" = "855897362"
"a1_365" = "636193550"
"a1_364" = "766701092"
"a1_369" = "4252368031"
"a1_368" = "2794229541"
"a3_977" = "2692709400"
"a3_924" = "2346001461"
"a1_38" = "3508011780"
"a1_39" = "270475928"
"a1_30" = "1112499246"
"a1_31" = "2394333415"
"a1_32" = "1556255208"
"a1_33" = "2208563911"
"a1_34" = "1780439094"
"a1_35" = "719668756"
"a1_36" = "1429524948"
"a1_37" = "3973527581"
"a1_297" = "559486151"
"a1_296" = "4274935925"
"a1_295" = "1482360466"
"a1_294" = "1305139512"
"a1_293" = "369236840"
"a1_292" = "1718860533"
"a1_291" = "4190974490"
"a1_290" = "1180253372"
"a1_299" = "2489808661"
"a1_298" = "3009850551"
"a3_769" = "1234824520"
"a1_600" = "2453958401"
"a2_668" = "494007057"
"a1_601" = "3814552688"
"a3_761" = "1143737968"
"a3_760" = "1170380241"
"a3_763" = "1191790386"
"a4_286" = "2050368606"
"a3_765" = "1206362100"
"a1_602" = "29811388"
"a3_767" = "1186780342"
"a3_766" = "1179725847"
"a2_108" = "774260136"
"a2_109" = "781428122"
"a4_878" = "1999520942"
"a1_603" = "222409770"
"a2_100" = "716907275"
"a2_101" = "724074603"
"a2_102" = "731244849"
"a2_103" = "738423860"
"a2_104" = "745596735"
"a2_105" = "752761214"
"a2_106" = "759926059"
"a2_107" = "767086663"
"a3_541" = "3861793492"
"a3_540" = "3887912629"
"a3_543" = "3909387158"
"a3_542" = "3868847991"
"a3_545" = "3923892392"
"a3_544" = "3916833801"
"a3_547" = "3904770410"
"a3_546" = "3897785547"
"a3_549" = "3952815660"
"a3_548" = "3945379213"
"a1_607" = "824652866"
"a1_589" = "3306922982"
"a1_588" = "2867396100"
"a3_169" = "1228156448"
"a3_168" = "1187689857"
"a3_167" = "1180635502"
"a3_166" = "1206680783"
"a3_165" = "1199757484"
"a3_164" = "1192698893"
"a3_163" = "1151697898"
"a3_162" = "1144713035"
"a3_161" = "1171213096"
"a3_160" = "1163777673"
"a1_749" = "4140686736"
"a1_748" = "1282342967"
"a2_28" = "200729187"
"a2_29" = "207897139"
"a2_26" = "186396186"
"a2_27" = "193563097"
"a2_24" = "172062047"
"a2_25" = "179230662"
"a2_22" = "157726309"
"a2_23" = "164894832"
"a2_20" = "143379011"
"a2_21" = "150547615"
"a4_68" = "487500228"
"a4_69" = "494669349"
"a4_917" = "2279116661"
"a4_916" = "2271947540"
"a4_911" = "2236101935"
"a4_910" = "2228932814"
"a4_913" = "2250440177"
"a4_912" = "2243271056"
"a4_60" = "430147260"
"a4_61" = "437316381"
"a4_62" = "444485502"
"a4_63" = "451654623"
"a4_64" = "458823744"
"a4_65" = "465992865"
"a4_66" = "473161986"
"a4_67" = "480331107"
"a4_833" = "1676910497"
"a4_959" = "2580219743"
"a2_758" = "1139224347"
"a2_7" = "50175796"
"a2_6" = "43008993"
"a2_5" = "35842826"
"a2_4" = "28684885"
"a2_3" = "21508509"
"a2_2" = "14346441"
"a2_1" = "7172768"
"a2_0" = "7005"
"a1_639" = "1407688158"
"a1_638" = "3961931267"
"a3_389" = "2805656908"
"a3_388" = "2765048109"
"a2_9" = "64528111"
"a2_8" = "57360106"
"a4_5" = "35845605"
"a4_4" = "28676484"
"a4_7" = "50183847"
"a4_6" = "43014726"
"a4_1" = "7169121"
"a4_0" = "0"
"a4_3" = "21507363"
"a4_2" = "14338242"
"a4_9" = "64522089"
"a4_8" = "57352968"
"a2_756" = "1124890852"
"a3_949" = "2491838908"
"a3_948" = "2484395293"
"a3_945" = "2462900280"
"a3_944" = "2455850905"
"a3_947" = "2510895354"
"a3_946" = "2503967835"
"a3_941" = "2467992228"
"a3_940" = "2427452933"
"a3_943" = "2482482022"
"a3_942" = "2474915527"
"a3_875" = "1961196962"
"a1_532" = "3497885480"
"a1_533" = "3934584649"
"a4_845" = "1762939949"
"a2_853" = "1820287213"
"a3_708" = "797636205"
"a4_923" = "2322131387"
"a3_970" = "2675785123"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 3A 5B B5 E1 6C F5 F5 74 38 F3 C1 56 91 81 CD"

[HKCU\Software\Aas]
"a1_968" = "1582094757"
"a4_689" = "644557073"
"a4_688" = "637387952"
"a1_951" = "1298829699"
"a4_685" = "615880589"
"a4_684" = "608711468"
"a4_687" = "630218831"
"a4_686" = "623049710"
"a4_681" = "587204105"
"a4_680" = "580034984"
"a4_683" = "601542347"
"a4_682" = "594373226"
"a3_831" = "1645985014"
"a3_830" = "1671960663"
"a3_833" = "1659958664"
"a3_832" = "1652904297"
"a3_835" = "1707934282"
"a1_538" = "4054653828"
"a3_837" = "1688886028"
"a3_836" = "1681434349"
"a3_839" = "1736479694"
"a3_838" = "1729494959"
"a1_539" = "4174189242"
"a1_957" = "4054816240"
"a4_267" = "1914155307"
"a4_266" = "1906986186"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Aas]
"a4_264" = "1892647944"
"a4_263" = "1885478823"
"a4_262" = "1878309702"
"a4_261" = "1871140581"
"a4_260" = "1863971460"

[HKCU\Software\Aas\695404737]
"43014726" = "0A00687474703A2F2F616B7A696C2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F7777772E63723473682E676F2E726F2F6C6F676F2E67696600687474703A2F2F6172746761732E636F6D2E62722F627574746F6E2E67696600687474703A2F2F6561726E6D6F6E657962642E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F736F68616D776F726C642E696E2F696D616765732F627574746F6E2E67696600687474703A2F2F73696D6963616E692E636F6D2F6C6F676F2E67696600687474703A2F2F7777772E73746F72667265652E636F6D2F696D616765732F6C6F676F732E67696600687474703A2F2F6E65776E69726D616E2E696E2F627574746F6E2E67696600687474703A2F2F7777772E6D736963742E696E2F696D616765732F6C6F676F2E67696600687474703A2F2F67616E757A6173762E636F6D2F6C6F676F2E676966"

[HKCU\Software\Aas]
"a4_269" = "1928493549"
"a4_268" = "1921324428"
"a4_461" = "3304964781"
"a4_460" = "3297795660"
"a4_463" = "3319303023"
"a4_462" = "3312133902"
"a4_465" = "3333641265"
"a4_464" = "3326472144"
"a4_467" = "3347979507"
"a4_466" = "3340810386"
"a4_469" = "3362317749"
"a4_468" = "3355148628"
"a4_897" = "2135734241"
"a4_898" = "2142903362"
"a4_899" = "2150072483"
"a2_560" = "4014705000"
"a4_319" = "2286949599"
"a4_318" = "2279780478"
"a1_840" = "2737203073"
"a4_313" = "2243934873"
"a4_312" = "2236765752"
"a4_311" = "2229596631"
"a4_310" = "2222427510"
"a4_317" = "2272611357"
"a4_316" = "2265442236"
"a4_315" = "2258273115"
"a4_314" = "2251103994"

"a3_130" = "915379051"
"a1_923" = "2135236613"
"a3_131" = "922302346"
"a3_132" = "962897965"
"a2_880" = "2013860435"
"a1_107" = "1931314898"
"a1_106" = "1821869438"
"a1_105" = "2026597508"
"a1_104" = "3949781206"
"a1_103" = "888597361"
"a1_102" = "1406723485"
"a1_101" = "4086320412"
"a1_100" = "2812026045"
"a3_134" = "943841519"
"a1_109" = "2438481690"
"a1_62" = "268986919"
"a1_61" = "2516236880"
"a3_137" = "998890944"
"a2_883" = "2035360326"
"a3_686" = "606179783"
"a2_489" = "3505693712"
"a2_488" = "3498528036"
"a3_687" = "613616230"
"a2_485" = "3477026197"
"a2_484" = "3469860844"
"a2_487" = "3491359448"
"a2_486" = "3484190320"
"a2_481" = "3448340838"
"a2_480" = "3441176253"
"a2_483" = "3462676690"
"a2_482" = "3455509853"
"a3_974" = "2704311079"
"a3_685" = "632749476"
"a3_975" = "2711758662"
"a2_882" = "2028191897"
"a3_976" = "2685262841"
"a2_809" = "1504849651"
"a2_808" = "1497690197"
"a4_721" = "873968945"
"a3_680" = "596757377"
"a2_801" = "1447495403"
"a2_800" = "1440331613"
"a2_803" = "1461830960"
"a3_681" = "570649632"
"a2_805" = "1476181458"
"a2_804" = "1469011563"
"a2_807" = "1490516664"
"a2_806" = "1483353260"
"a3_145" = "1022800088"
"a3_972" = "2656717413"
"a3_144" = "1015749817"
"a2_885" = "2049710579"
"a3_973" = "2663771780"
"a3_147" = "1070844314"
"a2_661" = "443822487"
"a2_660" = "436654518"
"a2_663" = "458157741"
"a3_146" = "1063277947"
"a2_665" = "472489891"
"a2_664" = "465322302"
"a2_667" = "486839863"
"a2_666" = "479659813"
"a2_669" = "501173298"
"a3_141" = "1027810116"
"a3_140" = "986812197"
"a2_881" = "2021025762"
"a3_143" = "1008236550"
"a2_249" = "1785103294"
"a2_248" = "1777935946"
"a2_247" = "1770767230"
"a2_246" = "1763602409"
"a2_245" = "1756433886"
"a2_244" = "1749269415"
"a2_243" = "1742102516"
"a2_242" = "1734934095"
"a2_241" = "1727750624"
"a2_240" = "1720596957"
"a1_356" = "39503919"
"a1_357" = "65993723"
"a1_354" = "2256825211"
"a1_355" = "1570629687"
"a1_352" = "1066201693"
"a1_353" = "4036486655"
"a1_350" = "665994440"
"a1_351" = "2535643538"
"a2_855" = "1834624450"
"a4_646" = "336284870"
"a3_639" = "269411382"
"a1_358" = "2447516699"
"a1_359" = "2675829342"
"a3_638" = "295912343"
"a2_887" = "2064046304"
"a2_886" = "2056876764"
"a3_795" = "1387647762"
"a3_718" = "869065255"
"a3_719" = "843023942"
"a3_714" = "807050403"
"a3_715" = "813969602"
"a3_716" = "821548389"
"a3_717" = "862013828"
"a3_710" = "778506031"
"a3_711" = "785556302"
"a3_712" = "826034145"
"a3_713" = "833615872"
"a2_820" = "1583717137"
"a2_119" = "853127223"
"a2_118" = "845960940"
"a4_869" = "1934998853"
"a4_868" = "1927829732"
"a2_113" = "810112176"
"a2_112" = "802946472"
"a2_111" = "795775688"
"a2_110" = "788594767"
"a2_117" = "838794696"
"a2_116" = "831614575"
"a2_115" = "824446536"
"a2_114" = "817297966"
"a3_534" = "3844868223"
"a3_535" = "3852446878"
"a3_536" = "3825811761"
"a3_537" = "3832866128"
"a3_530" = "3816471291"
"a3_531" = "3823394586"
"a3_532" = "3797414845"
"a3_533" = "3804403676"
"a3_538" = "3840383475"
"a3_539" = "3880858130"
"a2_813" = "1533534124"
"a3_152" = "1106310065"
"a3_153" = "1080268752"
"a3_150" = "1092336383"
"a3_151" = "1099259678"
"a3_156" = "1135231285"
"a3_157" = "1108731220"
"a3_154" = "1087178867"
"a3_155" = "1127787666"
"a3_628" = "223959005"
"a3_629" = "231000188"
"a3_158" = "1115724279"
"a3_159" = "1123168790"
"a2_59" = "422984640"
"a2_58" = "415802797"
"a2_53" = "379966206"
"a2_52" = "372800114"
"a2_51" = "365618292"
"a2_50" = "358464255"
"a2_57" = "408634813"
"a2_56" = "401467589"
"a2_55" = "394300391"
"a2_54" = "387134137"
"a4_842" = "1741432586"
"a4_55" = "394301655"
"a4_54" = "387132534"
"a4_57" = "408639897"
"a4_56" = "401470776"
"a4_51" = "365625171"
"a4_50" = "358456050"
"a4_53" = "379963413"
"a4_52" = "372794292"
"a3_440" = "3171413137"
"a3_441" = "3178398000"
"a3_442" = "3185321299"
"a3_443" = "3159349746"
"a4_59" = "422978139"
"a4_58" = "415809018"
"a3_446" = "3214379735"
"a3_447" = "3187748726"
"a1_644" = "2673929051"
"a1_645" = "124634940"
"a1_646" = "1662323596"
"a1_647" = "1207628146"
"a1_640" = "2446881596"
"a1_641" = "4268072287"
"a1_642" = "247673371"
"a1_643" = "2123462350"
"a1_648" = "707517688"
"a1_649" = "805582263"
"a4_877" = "1992351821"

[HKCU\Software\Aas\695404737]
"21507363" = "0"

[HKCU\Software\Aas]
"a2_953" = "2537209758"
"a3_459" = "3307312066"
"a3_458" = "3266772899"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue" = "0"

[HKCU\Software\Aas]
"a4_784" = "1325623568"
"a4_785" = "1332792689"
"a4_786" = "1339961810"
"a4_787" = "1347130931"
"a4_780" = "1296947084"
"a4_781" = "1304116205"
"a4_782" = "1311285326"
"a4_783" = "1318454447"
"a1_828" = "3383231488"
"a1_829" = "321483811"
"a4_788" = "1354300052"
"a3_451" = "3249847498"
"a4_670" = "508343774"
"a4_671" = "515512895"
"a4_672" = "522682016"
"a3_450" = "3242793131"
"a4_674" = "537020258"
"a4_675" = "544189379"
"a4_676" = "551358500"
"a4_677" = "558527621"
"a4_678" = "565696742"
"a1_604" = "2910385041"
"a1_916" = "3550938701"
"a1_917" = "73627502"
"a1_910" = "2306080658"
"a1_911" = "2572426614"
"a1_912" = "1204392668"
"a1_913" = "1498011727"
"a3_844" = "1772455397"
"a3_845" = "1746353668"
"a3_846" = "1753404071"
"a3_847" = "1760327366"
"a3_840" = "1743926369"
"a3_841" = "1717414016"
"a3_842" = "1724861731"
"a3_843" = "1765466434"
"a3_848" = "1801448313"
"a3_849" = "1808437144"
"a3_702" = "721038295"
"a4_874" = "1970844458"
"a1_654" = "2245163271"
"a4_961" = "2594557985"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt" = "1"

[HKCU\Software\Aas]
"a4_414" = "2968016094"
"a4_415" = "2975185215"
"a4_416" = "2982354336"
"a4_417" = "2989523457"
"a4_410" = "2939339610"
"a4_411" = "2946508731"
"a4_412" = "2953677852"
"a4_413" = "2960846973"
"a4_418" = "2996692578"
"a4_419" = "3003861699"
"a3_806" = "1500078927"
"a3_807" = "1507067886"
"a1_138" = "1899283587"
"a1_139" = "1567557370"
"a3_907" = "2190592386"
"a1_132" = "682857145"
"a1_133" = "106328870"
"a1_130" = "1121967884"
"a1_131" = "576629375"
"a1_136" = "3177128404"
"a1_137" = "3400654053"
"a1_134" = "1510588923"
"a1_135" = "2332766575"
"a3_768" = "1227770153"
"a4_328" = "2351471688"
"a4_329" = "2358640809"
"a4_326" = "2337133446"
"a4_327" = "2344302567"
"a4_324" = "2322795204"
"a4_325" = "2329964325"
"a4_322" = "2308456962"
"a4_323" = "2315626083"
"a4_320" = "2294118720"
"a4_321" = "2301287841"
"a4_528" = "3785295888"
"a4_529" = "3792465009"
"a4_258" = "1849633218"
"a4_259" = "1856802339"
"a4_252" = "1806618492"
"a4_253" = "1813787613"
"a4_250" = "1792280250"
"a4_251" = "1799449371"
"a4_256" = "1835294976"
"a4_257" = "1842464097"
"a4_254" = "1820956734"
"a4_255" = "1828125855"
"a3_909" = "2238580292"
"a2_470" = "3369489037"
"a2_471" = "3376658352"
"a2_472" = "3383824143"
"a2_473" = "3390988396"
"a2_474" = "3398160083"
"a2_475" = "3405324134"
"a2_476" = "3412507867"
"a2_477" = "3419673614"
"a2_478" = "3426842697"
"a2_479" = "3434006127"
"a4_880" = "2013859184"
"a3_908" = "2231591461"
"a1_797" = "3844030630"
"a2_878" = "1999527722"
"a2_879" = "2006692184"
"a2_874" = "1970841152"
"a2_875" = "1978020954"
"a2_876" = "1985173697"
"a2_877" = "1992358499"
"a2_870" = "1942175279"
"a2_871" = "1949342744"
"a2_872" = "1956498055"
"a2_873" = "1963675947"
"a1_349" = "179332219"
"a1_348" = "1820835682"
"a2_586" = "4201110423"
"a2_587" = "4208276400"
"a2_580" = "4158094406"
"a2_581" = "4165259232"
"a2_582" = "4172425808"
"a2_583" = "4179593180"
"a1_341" = "4255945324"
"a1_340" = "3424156813"
"a1_343" = "295782571"
"a1_342" = "1590808519"
"a1_345" = "2444677088"
"a1_344" = "1069394662"
"a1_347" = "2935220780"
"a1_346" = "2696230724"
"a2_614" = "106881185"
"a2_615" = "114047754"
"a2_616" = "121213441"
"a2_617" = "128383139"
"a2_610" = "78199439"
"a2_611" = "85363534"
"a2_612" = "92530947"
"a2_613" = "99697525"
"a2_618" = "135557413"
"a2_619" = "142716621"
"a2_272" = "1950006383"
"a2_273" = "1957174350"
"a2_270" = "1935656553"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Aas]
"a2_276" = "1978674527"
"a2_277" = "1985839670"
"a2_274" = "1964341077"
"a2_275" = "1971505218"
"a2_908" = "2214596851"
"a2_909" = "2221765062"
"a2_278" = "1993022707"
"a2_279" = "2000189705"
"a1_842" = "3114927024"
"a2_298" = "2136393069"
"a2_299" = "2143562460"
"a1_841" = "3704901106"
"a2_290" = "2079041637"
"a2_291" = "2086207603"
"a2_292" = "2093376345"
"a2_293" = "2100559512"
"a2_294" = "2107727666"
"a2_295" = "2114894889"
"a2_296" = "2122059039"
"a2_297" = "2129227638"
"a2_728" = "924151333"
"a2_729" = "931318270"
"a4_512" = "3670589952"
"a2_720" = "866799096"
"a2_721" = "873964068"
"a2_722" = "881134669"
"a2_723" = "888301000"
"a2_724" = "895467819"
"a2_725" = "902651094"
"a2_726" = "909819001"
"a2_727" = "916986495"
"a1_594" = "680255044"
"a4_450" = "3226104450"
"a3_791" = "1392659870"
"a3_709" = "804547212"
"a4_451" = "3233273571"
"a3_707" = "790584778"
"a3_706" = "749582763"
"a3_705" = "742524168"
"a3_704" = "769089769"
"a3_703" = "761646198"
"a4_452" = "3240442692"
"a3_701" = "713602996"
"a3_700" = "706548501"
"a4_890" = "2085550394"
"a4_891" = "2092719515"
"a4_892" = "2099888636"
"a4_453" = "3247611813"
"a4_894" = "2114226878"
"a4_895" = "2121395999"
"a2_128" = "917646775"
"a2_129" = "924814174"
"a2_126" = "903299993"
"a2_127" = "910479470"
"a2_124" = "888963114"
"a2_125" = "896145738"
"a2_122" = "874641043"
"a2_123" = "881796392"
"a2_120" = "860333501"
"a2_121" = "867461485"
"a3_35" = "267899754"
"a3_526" = "3787937127"
"a3_525" = "3780489412"
"a3_524" = "3739884709"
"a3_523" = "3732895746"
"a4_456" = "3269119176"
"a3_521" = "3751945024"
"a3_520" = "3744501537"
"a2_824" = "1612383764"
"a4_457" = "3276288297"
"a3_529" = "3809412696"
"a3_528" = "3768345145"
"a1_12" = "696532437"
"a1_13" = "654585529"
"a1_10" = "2521692278"
"a1_11" = "1406971772"
"a1_16" = "79840813"
"a1_17" = "2140924236"
"a1_14" = "1790543148"
"a1_15" = "887442788"
"a1_18" = "1325369227"
"a1_19" = "216070762"
"a3_149" = "1051199068"
"a3_148" = "1044210237"
"a2_896" = "2128573223"
"a2_48" = "344115895"
"a2_49" = "351284828"
"a1_846" = "1036627162"
"a2_40" = "286756771"
"a2_41" = "293941756"
"a2_42" = "301097600"
"a2_43" = "308266347"
"a2_44" = "315447995"
"a2_45" = "322614009"
"a2_46" = "329785039"
"a2_47" = "336940074"
"a2_897" = "2135729336"
"a4_42" = "301103082"
"a4_43" = "308272203"
"a4_40" = "286764840"
"a4_41" = "293933961"
"a4_46" = "329779566"
"a4_47" = "336948687"
"a4_44" = "315441324"
"a4_45" = "322610445"
"a3_453" = "3230791052"
"a3_452" = "3223736685"
"a4_48" = "344117808"
"a4_49" = "351286929"
"a3_457" = "3259718400"
"a3_456" = "3285821153"
"a3_455" = "3278766670"
"a3_454" = "3271781935"
"a1_657" = "2833791434"
"a1_656" = "728000146"
"a1_655" = "137465364"
"a1_632" = "1056403495"
"a1_653" = "3344234916"
"a1_652" = "2058268685"
"a1_651" = "2169646614"
"a1_650" = "636215284"
"a3_796" = "1428649909"
"a1_659" = "2282214638"
"a1_658" = "2791198444"
"a3_797" = "1435691988"
"a3_18" = "112354555"
"a3_19" = "152901914"
"a3_14" = "83367783"
"a3_15" = "124488582"
"a3_16" = "131411001"
"a3_17" = "104906840"
"a3_10" = "88506851"
"a3_11" = "95435266"
"a3_12" = "69459621"
"a3_13" = "76378820"
"a3_240" = "1737322713"
"a4_886" = "2056873910"
"a3_793" = "1406704208"
"a3_809" = "1488018592"
"a3_798" = "1442679927"
"a3_799" = "1416568982"
"a3_248" = "1761236945"
"a2_172" = "1233088483"
"a4_797" = "1418822141"
"a4_796" = "1411653020"
"a4_795" = "1404483899"
"a4_794" = "1397314778"
"a4_793" = "1390145657"
"a4_792" = "1382976536"
"a4_791" = "1375807415"
"a4_790" = "1368638294"
"a1_839" = "2882739635"
"a1_838" = "3274964441"
"a4_799" = "1433160383"
"a3_619" = "159571106"
"a4_663" = "458159927"
"a4_662" = "450990806"
"a4_661" = "443821685"
"a4_660" = "436652564"
"a4_667" = "486836411"
"a4_666" = "479667290"
"a4_665" = "472498169"
"a4_664" = "465329048"
"a1_907" = "123968609"
"a1_906" = "221990166"
"a4_669" = "501174653"
"a4_668" = "494005532"
"a1_903" = "1270290550"
"a1_902" = "142771103"
"a1_901" = "323540287"
"a1_900" = "4043033949"
"a3_857" = "1865835152"
"a3_856" = "1824837233"
"a3_855" = "1817794014"
"a3_854" = "1844425151"
"a3_853" = "1836850460"
"a3_852" = "1829861629"
"a3_851" = "1789379674"
"a3_850" = "1781801019"
"a1_635" = "3160060709"
"a4_949" = "2508528533"
"a3_859" = "1846328146"
"a3_858" = "1872824115"
"a1_734" = "1600711584"
"a2_644" = "321954825"
"a4_976" = "2702094800"
"a4_454" = "3254780934"
"a1_524" = "3650708040"
"a4_407" = "2917832247"
"a4_406" = "2910663126"
"a4_405" = "2903494005"
"a4_404" = "2896324884"
"a4_403" = "2889155763"
"a4_402" = "2881986642"
"a4_401" = "2874817521"
"a4_400" = "2867648400"
"a1_825" = "4175631558"
"a1_879" = "1469247042"
"a3_640" = "276404393"
"a4_409" = "2932170489"
"a4_408" = "2925001368"
"a3_641" = "283851976"
"a1_514" = "2343827092"
"a3_647" = "360438542"
"a4_789" = "1361469173"
"a1_129" = "2967331758"
"a1_128" = "2020238286"
"a1_125" = "3022418962"
"a1_124" = "430671522"
"a1_127" = "468320673"
"a1_126" = "939936762"
"a1_121" = "2257459340"
"a1_120" = "2717413924"
"a1_123" = "196089282"
"a1_122" = "2557704441"
"a4_331" = "2372979051"
"a4_330" = "2365809930"
"a4_333" = "2387317293"
"a4_332" = "2380148172"
"a4_335" = "2401655535"
"a4_334" = "2394486414"
"a4_337" = "2415993777"
"a4_336" = "2408824656"
"a4_339" = "2430332019"
"a4_338" = "2423162898"
"a1_833" = "3419023391"
"a4_539" = "3864156219"
"a4_538" = "3856987098"
"a4_249" = "1785111129"
"a4_248" = "1777942008"
"a1_832" = "2668787981"
"a4_245" = "1756434645"
"a4_244" = "1749265524"
"a4_247" = "1770772887"
"a4_246" = "1763603766"
"a4_241" = "1727758161"
"a4_240" = "1720589040"
"a4_243" = "1742096403"
"a4_242" = "1734927282"
"a1_830" = "3224180013"
"a1_837" = "683742076"
"a1_836" = "626415782"
"a1_835" = "338892597"
"a1_754" = "1845397995"
"a1_834" = "1375898740"
"a1_634" = "3001265510"
"a2_463" = "3319305455"
"a2_462" = "3312136901"
"a2_461" = "3304972668"
"a2_460" = "3297789537"
"a2_467" = "3347987912"
"a2_466" = "3340807487"
"a2_465" = "3333640030"
"a2_464" = "3326463890"
"a2_469" = "3362322962"
"a2_468" = "3355156830"
"a1_934" = "1098936492"
"a4_802" = "1454667746"
"a4_872" = "1956506216"
"a2_869" = "1934993190"
"a2_868" = "1927824007"
"a2_867" = "1920658566"
"a2_866" = "1913490661"
"a2_865" = "1906323518"
"a4_798" = "1425991262"
"a2_863" = "1891989299"
"a1_791" = "4278317573"
"a2_861" = "1877639260"
"a2_860" = "1870474494"
"a2_597" = "4279960444"
"a2_596" = "4272794931"
"a2_595" = "4265627979"
"a2_594" = "4258449449"
"a1_338" = "1404460718"
"a1_339" = "1522773709"
"a2_591" = "4236944816"
"a2_590" = "4229778009"
"a1_334" = "2734374142"
"a1_335" = "382986812"
"a1_336" = "2880951627"
"a1_337" = "2293305759"
"a1_330" = "490991665"
"a1_331" = "2194995664"
"a1_332" = "499578494"
"a1_333" = "2048570976"
"a2_607" = "56697554"
"a2_606" = "49515035"
"a3_30" = "231909751"
"a2_604" = "35179259"
"a1_64" = "232338825"
"a2_602" = "20845079"
"a2_601" = "13676834"
"a2_600" = "6511102"
"a4_875" = "1978013579"
"a2_609" = "71028909"
"a2_608" = "63849386"
"a2_265" = "1899809373"
"a2_264" = "1892653739"
"a2_267" = "1914154790"
"a2_266" = "1906989370"
"a2_261" = "1871137473"
"a2_260" = "1863963043"
"a2_263" = "1885472898"
"a2_262" = "1878304022"
"a2_919" = "2293452284"
"a1_908" = "3514588755"
"a2_269" = "1928490650"
"a2_268" = "1921331611"
"a1_905" = "3320296118"
"a2_884" = "2042529422"
"a1_482" = "2248096028"
"a1_483" = "2529167057"
"a2_289" = "2071874214"
"a2_288" = "2064710539"
"a1_486" = "2455783663"
"a1_487" = "4178351825"
"a1_484" = "3270104922"
"a1_485" = "2122662803"
"a2_283" = "2028858564"
"a2_282" = "2021700221"
"a2_281" = "2014523626"
"a2_280" = "2007356789"
"a2_287" = "2057540898"
"a2_286" = "2050372014"
"a2_285" = "2043191746"
"a2_284" = "2036023673"
"a2_739" = "1003019941"
"a2_738" = "995838121"
"a3_522" = "3725445091"
"a2_733" = "960003778"
"a2_732" = "952836067"
"a2_731" = "945667578"
"a2_730" = "938485615"
"a2_737" = "988669286"
"a2_736" = "981503228"
"a2_735" = "974334949"
"a2_734" = "967169852"
"a4_446" = "3197427966"
"a1_637" = "1253738754"
"a3_912" = "2226582457"
"a1_240" = "37647748"
"a1_241" = "770518246"
"a1_242" = "3658571244"
"a1_243" = "1020573026"
"a1_244" = "2424857348"
"a1_245" = "1676952596"
"a1_246" = "426981988"
"a1_247" = "1965749710"
"a1_248" = "366809505"
"a1_249" = "3442922244"
"a3_738" = "978859403"
"a3_739" = "986426922"
"a4_445" = "3190258845"
"a2_131" = "939148010"
"a2_130" = "931980123"
"a2_133" = "953497991"
"a2_132" = "946329689"
"a2_135" = "967833277"
"a2_134" = "960664726"
"a2_137" = "982167456"
"a2_136" = "974996831"
"a2_139" = "996517074"
"a2_138" = "989334383"
"a4_889" = "2078381273"
"a4_888" = "2071212152"
"a2_79" = "566353972"
"a2_78" = "559188945"
"a3_916" = "2254979389"
"a3_288" = "2048100105"
"a3_289" = "2055027624"
"a3_184" = "1336102801"
"a3_917" = "2262558044"
"a3_282" = "2038692083"
"a3_283" = "2045680914"
"a3_280" = "1990631473"
"a3_281" = "2031109200"
"a3_286" = "2067091063"
"a3_287" = "2074141334"
"a3_284" = "2019045813"
"a3_285" = "2026624468"
"a3_606" = "66123703"
"a3_607" = "40004566"
"a3_604" = "52150005"
"a3_605" = "59069204"
"a3_602" = "4023859"
"a3_603" = "11016786"
"a3_600" = "23079281"
"a3_601" = "30657936"
"a4_700" = "723417404"
"a3_608" = "46992457"
"a3_609" = "87597288"
"a1_796" = "692823625"
"a1_583" = "360338839"
"a1_794" = "2055514728"
"a1_795" = "3165344098"
"a1_792" = "1539164070"
"a1_793" = "1671181484"
"a1_790" = "3519695631"
"a1_582" = "1830928349"
"a3_635" = "240424626"
"a3_911" = "2219532038"
"a1_581" = "287551851"
"a1_798" = "2174634497"
"a1_799" = "2085741438"
"a1_580" = "526405498"
"a3_198" = "1436076335"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"

[HKCU\Software\Aas]
"a3_196" = "1388556397"
"a3_197" = "1429034124"
"a3_194" = "1407548331"
"a3_195" = "1380982730"
"a3_192" = "1393042153"
"a3_193" = "1400620808"
"a3_190" = "1345525207"
"a3_191" = "1352568438"
"a2_981" = "2737944931"
"a1_585" = "3033537532"
"a3_468" = "3338201981"
"a3_469" = "3379269532"
"a3_466" = "3324236475"
"a3_467" = "3331159770"
"a3_464" = "3343287801"
"a3_465" = "3350216216"
"a3_462" = "3295169831"
"a3_463" = "3302744390"
"a3_460" = "3314758757"
"a3_461" = "3321800836"
"a1_468" = "96218658"
"a1_469" = "2590507234"
"a3_518" = "3696916079"
"a3_519" = "3703958158"
"a1_460" = "166729101"
"a1_461" = "646850254"
"a1_462" = "562566194"
"a1_463" = "2929739288"
"a1_464" = "558600876"
"a1_465" = "890898054"
"a1_466" = "2294272964"
"a1_467" = "3129451934"
"a3_29" = "224867540"
"a3_28" = "183865525"
"a1_668" = "3756282435"
"a1_669" = "4078082317"
"a3_21" = "167399900"
"a3_20" = "159956413"
"a3_23" = "148336286"
"a3_22" = "140888703"
"a3_25" = "195929936"
"a3_24" = "188875569"
"a3_27" = "176880658"
"a3_26" = "169827315"
"a2_830" = "1655402396"
"a3_499" = "3560555322"
"a2_831" = "1662567202"
"a3_498" = "3587059355"
"a2_832" = "1669737923"
"a3_497" = "3579611768"
"a2_833" = "1676904782"
"a3_496" = "3539014105"
"a2_834" = "1684085573"
"a3_495" = "3532029350"
"a2_835" = "1691240500"
"a4_955" = "2551543259"
"a3_494" = "3524581639"
"a2_836" = "1698421631"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue" = "0"

[HKCU\Software\Aas]
"a3_493" = "3551077604"
"a2_837" = "1705585700"
"a3_492" = "3544154181"
"a3_491" = "3503090722"
"a3_527" = "3761424774"
"a3_490" = "3496037251"
"a3_775" = "1244236686"
"a4_915" = "2264778419"
"a3_868" = "1944793805"
"a2_529" = "3792453874"
"a4_914" = "2257609298"
"a3_862" = "1901368503"
"a3_863" = "1908803798"
"a3_860" = "1853775861"
"a3_861" = "1860825108"
"a3_866" = "1930361355"
"a3_867" = "1937350314"
"a3_864" = "1882303817"
"a3_865" = "1889747432"
"a1_806" = "446953428"
"a1_807" = "1813137054"
"a1_804" = "3814548477"
"a1_805" = "589819230"
"a1_802" = "2967021750"
"a1_803" = "873289489"
"a1_800" = "1211851422"
"a1_801" = "1146063311"
"a1_808" = "3587416433"
"a1_809" = "3715170521"
"a4_656" = "407976080"
"a4_657" = "415145201"
"a4_654" = "393637838"
"a4_655" = "400806959"
"a4_652" = "379299596"
"a4_653" = "386468717"
"a4_650" = "364961354"
"a4_651" = "372130475"
"a1_938" = "1437141791"
"a1_939" = "3085352857"
"a4_658" = "422314322"
"a4_659" = "429483443"
"a3_773" = "1263760076"
"a4_849" = "1791616433"
"a4_919" = "2293454903"
"a4_918" = "2286285782"
"a2_656" = "407970862"
"a1_875" = "3927802067"
"a4_925" = "2336469629"
"a3_762" = "1151312531"
"a1_684" = "1007438201"
"a4_438" = "3140074998"
"a4_439" = "3147244119"
"a1_874" = "3614438503"
"a4_432" = "3097060272"
"a4_433" = "3104229393"
"a4_430" = "3082722030"
"a4_431" = "3089891151"
"a4_436" = "3125736756"
"a4_437" = "3132905877"
"a4_434" = "3111398514"
"a4_435" = "3118567635"
"a3_928" = "2374546825"
"a4_344" = "2466177624"
"a4_345" = "2473346745"
"a4_346" = "2480515866"
"a4_347" = "2487684987"
"a4_340" = "2437501140"
"a4_341" = "2444670261"
"a4_342" = "2451839382"
"a4_343" = "2459008503"
"a3_764" = "1198848853"
"a4_348" = "2494854108"
"a4_349" = "2502023229"
"a4_508" = "3641913468"
"a4_509" = "3649082589"
"a4_506" = "3627575226"
"a4_507" = "3634744347"
"a4_504" = "3613236984"
"a4_505" = "3620406105"
"a4_502" = "3598898742"
"a4_503" = "3606067863"
"a4_500" = "3584560500"
"a4_501" = "3591729621"
"a3_383" = "2729068342"
"a3_382" = "2721620631"
"a4_882" = "2028197426"
"a3_381" = "2748124788"
"a2_456" = "3269121914"
"a2_457" = "3276286963"
"a2_454" = "3254786398"
"a3_380" = "2741212629"
"a2_452" = "3240434035"
"a2_453" = "3247605895"
"a2_450" = "3226103583"
"a2_451" = "3233271020"
"a3_387" = "2757612682"
"a3_633" = "259938800"
"a2_458" = "3283454045"
"a3_386" = "2784112747"
"a3_385" = "2776670152"
"a4_881" = "2021028305"
"a3_384" = "2769681321"
"a1_735" = "2070313508"
"a2_852" = "1813122857"
"a1_730" = "560558807"
"a2_850" = "1798788451"
"a2_851" = "1805955639"
"a2_856" = "1841804191"
"a2_857" = "1848972295"
"a2_854" = "1827456523"
"a1_731" = "3661663650"
"a3_632" = "252486993"
"a2_858" = "1856139773"
"a2_859" = "1863305512"
"a1_732" = "4146035721"
"a1_733" = "776751076"
"a1_329" = "3365314035"
"a1_328" = "2043280955"
"a1_327" = "424218926"
"a1_326" = "110392515"
"a1_325" = "2223208572"
"a1_324" = "424376729"
"a1_323" = "1445892157"
"a1_322" = "3024273865"
"a1_321" = "3715290780"
"a1_320" = "2798468119"
"a2_650" = "364954831"
"a1_436" = "4009043197"
"a1_736" = "3766713522"
"a3_631" = "211878206"
"a1_737" = "2803968136"
"a2_652" = "379305134"
"a3_923" = "2339079058"
"a2_926" = "2343646787"
"a2_927" = "2350804126"
"a2_924" = "2329301183"
"a2_653" = "386473664"
"a4_887" = "2064043031"
"a2_923" = "2322134805"
"a2_920" = "2300618759"
"a2_921" = "2307784891"
"a2_654" = "393628750"
"a2_928" = "2357971425"
"a2_655" = "400804166"
"a3_630" = "204893343"
"a2_657" = "415139806"
"a3_922" = "2298015603"
"a1_495" = "2891035161"
"a1_494" = "1742373269"
"a1_497" = "3633634364"
"a1_496" = "4205052216"
"a1_491" = "2919447621"
"a1_490" = "2724138338"
"a1_493" = "1277265523"
"a1_492" = "258142765"
"a1_499" = "624739655"
"a1_498" = "855460583"
"a3_637" = "288468852"
"a2_708" = "780763668"
"a2_709" = "787945990"
"a2_706" = "766428904"
"a2_707" = "773592270"
"a2_704" = "752095452"
"a2_705" = "759265655"
"a2_702" = "737741399"
"a2_703" = "744930210"
"a2_700" = "723410971"
"a2_701" = "730580154"
"a4_885" = "2049704789"
"a2_638" = "278924089"
"a2_639" = "286104024"
"a3_808" = "1481095169"
"a2_632" = "235920085"
"a2_633" = "243083969"
"a2_630" = "221583477"
"a2_631" = "228749410"
"a2_636" = "264598887"
"a2_637" = "271767834"
"a2_634" = "250252624"
"a2_635" = "257418740"
"a1_253" = "2653641735"
"a1_252" = "206810546"
"a1_251" = "2409632839"
"a1_250" = "3965565188"
"a1_257" = "4227918392"
"a1_256" = "1412281689"
"a1_255" = "2394541643"
"a1_254" = "1194569312"
"a3_920" = "2284050097"
"a1_259" = "281229691"
"a1_258" = "2010904207"
"a3_729" = "914469392"
"a3_728" = "907418097"
"a4_884" = "2042535668"
"a2_144" = "1032350112"
"a2_145" = "1039495216"
"a2_146" = "1046684733"
"a2_147" = "1053867601"
"a2_140" = "1003682652"
"a2_141" = "1010849366"
"a2_142" = "1018015894"
"a2_143" = "1025183626"
"a1_781" = "2669255975"
"a1_780" = "822980057"
"a2_68" = "487505603"
"a2_69" = "494671265"
"a2_148" = "1061036009"
"a2_149" = "1068200241"
"a1_787" = "3600416622"
"a4_455" = "3261950055"
"a3_299" = "2126993250"
"a3_298" = "2119545539"
"a3_295" = "2131608046"
"a3_294" = "2091003215"
"a3_297" = "2146049696"
"a3_296" = "2139060737"
"a3_291" = "2103079018"
"a3_290" = "2062081995"
"a3_293" = "2083555628"
"a3_292" = "2110067853"
"a1_904" = "2736449010"
"a3_634" = "266990099"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.114116.info"

[HKCU\Software\Aas]
"a3_618" = "152516611"
"a3_611" = "68549034"
"a3_610" = "95044875"
"a3_613" = "82982508"
"a3_612" = "75537869"
"a3_615" = "131026734"
"a3_614" = "123579023"
"a3_617" = "111511520"
"a3_616" = "104522561"
"a3_181" = "1280611004"
"a3_180" = "1307180573"
"a3_34" = "260325067"
"a3_182" = "1288058591"
"a3_185" = "1309597744"
"a3_33" = "253401768"
"a3_187" = "1324038386"
"a3_186" = "1316586579"
"a3_189" = "1371566516"
"a3_188" = "1364647189"
"a3_38" = "289377359"
"a3_39" = "296296686"
"a3_471" = "3359687774"
"a3_470" = "3386187839"
"a3_473" = "3407682832"
"a3_472" = "3367139569"
"a3_475" = "3422180818"
"a3_474" = "3414733235"
"a3_477" = "3403113108"
"a4_282" = "2021692122"
"a3_479" = "3450714966"
"a3_478" = "3443656503"
"a1_479" = "3290715572"
"a1_478" = "2101725899"
"a3_509" = "3632529140"
"a3_508" = "3624950357"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden" = "0"

[HKCU\Software\Aas]
"a1_473" = "3873119051"
"a1_472" = "2060501777"
"a1_471" = "2103947833"
"a1_470" = "3229270698"
"a1_477" = "2688140255"
"a1_476" = "3722586393"
"a1_475" = "169662882"
"a1_474" = "1184330536"
"a4_533" = "3821141493"
"a1_679" = "1536131862"
"a1_678" = "2111447992"
"a4_532" = "3813972372"
"a1_675" = "2915780494"
"a1_674" = "3256373727"
"a1_677" = "796600653"
"a1_676" = "2376912282"
"a1_671" = "2601753958"
"a4_531" = "3806803251"
"a1_673" = "1375775421"
"a1_672" = "175040666"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_530" = "3799634130"
"a4_537" = "3849817977"
"a4_536" = "3842648856"
"a3_743" = "1014841262"
"a4_535" = "3835479735"
"a3_981" = "2721238428"
"a3_980" = "2747738493"
"a4_534" = "3828310614"
"a2_151" = "1082534526"
"a2_150" = "1075366513"
"a1_869" = "3544699965"
"a2_271" = "1942837490"
"a3_879" = "1989722918"
"a3_878" = "1982672519"
"a1_823" = "194656130"
"a3_874" = "1954273539"
"a3_877" = "2009303652"
"a3_876" = "2001736133"
"a3_871" = "1966337070"
"a3_870" = "1925204879"
"a3_873" = "1946690784"
"a3_872" = "1973321793"
"a2_159" = "1139887856"
"a4_758" = "1139226422"
"a2_158" = "1132718713"
"a1_925" = "4047634516"
"a1_924" = "1784310997"
"a1_927" = "4067280225"
"a1_926" = "2138363823"
"a1_921" = "66375499"
"a1_920" = "2627970139"
"a3_787" = "1363737626"
"a1_922" = "1161421325"
"a3_80" = "590099577"
"a1_929" = "26000498"
"a1_928" = "4141707262"
"a4_649" = "357792233"
"a4_648" = "350623112"
"a4_641" = "300439265"
"a4_640" = "293270144"
"a4_643" = "314777507"
"a4_642" = "307608386"
"a4_645" = "329115749"
"a4_644" = "321946628"
"a4_647" = "343453991"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.114116.info"

[HKCU\Software\Aas]
"a3_786" = "1323129851"
"a1_819" = "3770854154"
"a1_818" = "999813964"
"a3_785" = "1316202328"
"a3_746" = "1069934723"
"a1_811" = "4224572144"
"a1_810" = "1553552980"
"a1_813" = "3807035993"
"a1_812" = "2324589305"
"a1_815" = "969413008"
"a1_814" = "3945883356"
"a1_817" = "3135821869"
"a1_816" = "3881672587"
"a4_963" = "2608896227"
"a4_429" = "3075552909"
"a4_428" = "3068383788"
"a4_425" = "3046876425"
"a4_424" = "3039707304"
"a4_427" = "3061214667"
"a4_426" = "3054045546"
"a4_421" = "3018199941"
"a4_420" = "3011030820"
"a4_423" = "3032538183"
"a4_422" = "3025369062"

[HKCU\Software\Microsoft\Internet Explorer\AboutURLs]
"Tabs" = "http://www.114116.info"

[HKCU\Software\Aas]
"a3_745" = "1062892640"
"a3_742" = "1007917839"
"a4_967" = "2637572711"
"a3_741" = "1033955052"
"a2_802" = "1454665028"
"a4_357" = "2559376197"
"a4_356" = "2552207076"
"a4_355" = "2545037955"
"a4_354" = "2537868834"
"a4_353" = "2530699713"
"a4_352" = "2523530592"
"a4_351" = "2516361471"
"a4_350" = "2509192350"
"a3_747" = "1043369250"
"a4_359" = "2573714439"
"a4_358" = "2566545318"
"a4_511" = "3663420831"
"a4_510" = "3656251710"
"a4_513" = "3677759073"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.114116.info"

[HKCU\Software\Aas]
"a4_515" = "3692097315"
"a4_514" = "3684928194"
"a4_517" = "3706435557"
"a4_516" = "3699266436"
"a4_519" = "3720773799"
"a4_518" = "3713604678"
"a3_744" = "1021891521"
"a3_749" = "1091421668"

[HKCU\Software\Aas\695404737]
"50183847" = "91B7B29E83DF27BD845620F31F81699AEA234A0AF364777AFD8013C50880BEED261AF09F76D756B22D8490BFC624276D3076D4A74CC35D08D3701A2CD26E8FE302DFAECE118977A4B1E380EEB284A8F1F5762C79B4FF22C5F28C90BFC5888DEA3DA748B07164541111D2655DA3E285F8167DE1B62CBC7E30883AFB31B5B55DA8"

[HKCU\Software\Aas]
"a2_845" = "1762935505"
"a2_844" = "1755771297"
"a2_847" = "1777273154"
"a2_846" = "1770104525"
"a2_841" = "1734270234"
"a2_840" = "1727088355"
"a2_843" = "1748603875"
"a2_842" = "1741437031"
"a3_780" = "1280228773"
"a4_928" = "2357976992"
"a2_849" = "1791621353"
"a2_848" = "1784453230"
"a1_312" = "959717487"
"a1_313" = "3285743593"
"a1_310" = "1527501595"
"a1_311" = "3275147145"
"a1_316" = "1679270129"
"a1_317" = "88733040"
"a1_314" = "1561773508"
"a1_315" = "520096258"
"a3_620" = "166490309"
"a1_318" = "4171012135"
"a1_319" = "896368521"
"a4_929" = "2365146113"
"a4_982" = "2745109526"
"a2_449" = "3218935921"
"a2_448" = "3211768383"
"a3_621" = "140449124"
"a2_441" = "3161573826"
"a2_440" = "3154417812"
"a2_443" = "3175917604"
"a2_442" = "3168751627"
"a2_445" = "3190252317"
"a2_444" = "3183087404"
"a2_447" = "3204602831"
"a2_446" = "3197433890"
"a2_939" = "2436828136"
"a2_938" = "2429671309"
"a4_893" = "2107057757"
"a2_931" = "2379486553"
"a2_930" = "2372317917"
"a2_933" = "2393820711"
"a2_932" = "2386652625"
"a2_935" = "2408132717"
"a2_934" = "2400986369"
"a2_937" = "2422505256"
"a2_936" = "2415335991"
"a3_818" = "1552537563"
"a2_711" = "802280556"
"a2_710" = "795114029"
"a2_713" = "816613548"
"a2_712" = "809450079"
"a2_715" = "830948044"
"a2_714" = "823779684"
"a2_717" = "845284165"
"a2_716" = "838117361"
"a2_719" = "859621797"
"a2_718" = "852467245"
"a1_587" = "148908049"
"a3_623" = "187965990"
"a2_629" = "214401532"
"a2_628" = "207233046"
"a2_625" = "185732560"
"a2_624" = "178565475"
"a2_627" = "200067782"
"a2_626" = "192897629"
"a2_621" = "157049654"
"a2_620" = "149881049"
"a2_623" = "171397268"
"a2_622" = "164232929"
"a1_266" = "3730965876"
"a1_267" = "1798034015"
"a1_264" = "978954321"
"a1_265" = "2759130068"
"a1_262" = "2892756216"
"a1_263" = "3282233072"
"a1_260" = "2803953098"
"a1_261" = "1836282715"
"a1_268" = "854208433"
"a1_269" = "2027422648"
"a2_157" = "1125559868"
"a2_156" = "1118374093"
"a2_155" = "1111218982"
"a2_154" = "1104051775"
"a2_153" = "1096870678"
"a2_152" = "1089715018"
"a2_99" = "709742214"
"a2_98" = "702564353"
"a2_97" = "695406710"
"a2_96" = "688241223"
"a2_95" = "681059616"
"a2_94" = "673890489"
"a2_93" = "666720213"
"a2_92" = "659556814"
"a2_91" = "652391807"
"a2_90" = "645229144"
"a3_260" = "1847236781"
"a3_261" = "1854160076"
"a3_262" = "1861734767"
"a3_263" = "1902212494"
"a3_264" = "1909255713"
"a3_265" = "1883210304"
"a3_266" = "1890133731"
"a3_267" = "1930746626"
"a3_268" = "1938194341"
"a3_269" = "1945179076"
"a1_915" = "2733185634"
"a1_847" = "754719060"
"a3_404" = "2913010493"
"a2_864" = "1899160653"
"a1_844" = "1978901873"
"a3_405" = "2886510428"
"a1_845" = "1689326176"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a2_862" = "1884808441"
"a1_961" = "3774786651"
"a3_668" = "477267765"
"a3_669" = "484195156"
"a1_960" = "3374189694"
"a3_664" = "448737713"
"a3_665" = "489346512"
"a3_666" = "496258675"
"a3_667" = "470278802"
"a3_660" = "453353533"
"a3_661" = "460801116"
"a3_662" = "467859711"
"a3_663" = "441294110"
"a3_43" = "324843106"
"a3_42" = "284237251"
"a3_41" = "277248416"
"a3_40" = "269796609"
"a3_47" = "353765350"
"a3_46" = "313221959"
"a3_45" = "305778468"
"a3_44" = "332278405"
"a1_965" = "22545105"
"a3_49" = "368270520"
"a3_48" = "360822809"
"a1_964" = "3324541176"
"a4_99" = "709742979"
"a4_98" = "702573858"
"a3_406" = "2893962239"
"a3_407" = "2901015582"
"a3_400" = "2884615609"
"a3_401" = "2857980376"
"a3_402" = "2865023611"
"a3_403" = "2906025626"
"a4_91" = "652390011"
"a4_90" = "645220890"
"a4_93" = "666728253"
"a4_92" = "659559132"
"a4_95" = "681066495"
"a4_94" = "673897374"
"a4_97" = "695404737"
"a4_96" = "688235616"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"

[HKCU\Software\Aas]
"a1_448" = "3837429913"
"a1_449" = "2354421995"
"a1_446" = "1543805115"
"a3_408" = "2941554865"
"a1_444" = "4264435430"
"a1_445" = "2309789001"
"a1_442" = "4150527292"
"a1_443" = "631558805"
"a1_440" = "1832917874"
"a3_409" = "2949002448"
"a1_680" = "981929447"
"a1_681" = "3172664501"
"a1_682" = "3343277364"
"a1_683" = "2933197668"
"a2_561" = "4021874289"
"a1_685" = "683247411"
"a1_686" = "3948059072"
"a1_687" = "520168945"
"a1_688" = "1736168971"
"a1_689" = "937357640"

"a3_834" = "1700949547"
"a1_767" = "699262161"
"a1_766" = "2751760631"
"a3_318" = "2262948439"
"a3_319" = "2303950582"
"a2_599" = "4294311028"
"a3_310" = "2239031135"
"a3_311" = "2246548478"
"a3_312" = "2219916305"
"a3_313" = "2226966704"
"a3_314" = "2267968723"
"a3_315" = "2275010930"
"a3_316" = "2248445333"
"a3_317" = "2255889972"
"a3_933" = "2410528684"
"a3_934" = "2384417743"
"a1_760" = "3326125890"
"a2_605" = "42345664"
"a3_935" = "2391471214"
"a3_476" = "3395669621"
"a1_447" = "2156294927"
"a2_603" = "28011099"
"a3_880" = "2030724953"
"a3_881" = "2037718008"
"a3_882" = "2044771355"
"a3_883" = "2018660538"
"a3_884" = "2025714909"
"a3_885" = "2066704764"
"a3_886" = "2073693599"
"a1_745" = "4237288439"
"a3_888" = "2054642257"
"a3_889" = "2061696752"
"a1_769" = "2224901914"
"a1_441" = "1780316490"
"a4_964" = "2616065348"
"a1_744" = "2629200724"

[HKCU\Software\Microsoft\Internet Explorer\AboutURLs]
"blank" = "http://www.114116.info"

[HKCU\Software\Aas]
"a4_857" = "1848969401"
"a4_638" = "278931902"
"a4_639" = "286101023"
"a4_634" = "250255418"
"a4_635" = "257424539"
"a4_636" = "264593660"
"a4_637" = "271762781"
"a4_630" = "221578934"
"a4_631" = "228748055"
"a4_632" = "235917176"
"a4_633" = "243086297"
"a2_913" = "2250434534"
"a1_747" = "4254369919"
"a2_912" = "2243265172"
"a2_911" = "2236098953"
"a2_651" = "372137814"
"a2_910" = "2228929843"
"a3_794" = "1380597491"

[HKCU\Software\Aas\695404737]
"35845605" = "343"

[HKCU\Software\Aas]
"a2_917" = "2279119485"
"a4_883" = "2035366547"
"a2_916" = "2271950675"
"a4_740" = "1010182244"
"a4_741" = "1017351365"
"a4_742" = "1024520486"
"a4_743" = "1031689607"
"a4_744" = "1038858728"
"a4_745" = "1046027849"
"a4_746" = "1053196970"
"a4_747" = "1060366091"
"a4_748" = "1067535212"
"a4_749" = "1074704333"
"a1_866" = "926200984"
"a1_867" = "3525002305"
"a1_860" = "1731797253"
"a4_265" = "1899817065"
"a1_862" = "2653274059"
"a4_859" = "1863307643"
"a4_182" = "1304780022"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_180" = "1290441780"
"a4_181" = "1297610901"
"a4_186" = "1333456506"
"a4_187" = "1340625627"
"a4_184" = "1319118264"
"a4_185" = "1326287385"
"a4_188" = "1347794748"
"a4_189" = "1354963869"
"a1_741" = "1986858255"
"a2_918" = "2286282943"
"a4_168" = "1204412328"
"a1_194" = "3578999615"
"a1_195" = "286265269"
"a4_160" = "1147059360"
"a4_161" = "1154228481"
"a4_162" = "1161397602"
"a4_163" = "1168566723"
"a4_164" = "1175735844"
"a4_165" = "1182904965"
"a4_166" = "1190074086"
"a4_167" = "1197243207"
"a4_296" = "2122059816"
"a4_297" = "2129228937"
"a4_294" = "2107721574"
"a4_295" = "2114890695"
"a4_292" = "2093383332"
"a4_293" = "2100552453"
"a4_290" = "2079045090"
"a4_291" = "2086214211"
"a4_142" = "1018015182"
"a3_952" = "2546868881"
"a4_568" = "4072060728"
"a4_569" = "4079229849"
"a4_298" = "2136398058"
"a4_299" = "2143567179"
"a2_598" = "4287125829"
"a1_192" = "4216065274"
"a1_193" = "876670324"
"a1_969" = "3583759195"
"a4_934" = "2400991718"
"a3_790" = "1351657855"
"a4_958" = "2573050622"
"a1_868" = "1454546111"
"a1_742" = "1223614335"
"a4_368" = "2638236528"
"a4_369" = "2645405649"
"a4_362" = "2595221802"
"a4_363" = "2602390923"
"a4_360" = "2580883560"
"a4_361" = "2588052681"
"a4_366" = "2623898286"
"a4_367" = "2631067407"
"a4_364" = "2609560044"
"a4_365" = "2616729165"
"a1_305" = "3931319775"
"a1_304" = "3567141229"
"a1_307" = "307322478"
"a1_306" = "2625846827"
"a1_301" = "1735616372"
"a1_300" = "1691602455"
"a1_303" = "2137210993"
"a1_302" = "3715503189"
"a3_792" = "1399711281"
"a1_309" = "1648814093"
"a1_308" = "152210880"
"a2_540" = "3871320857"
"a2_541" = "3878486100"
"a2_542" = "3885666921"
"a1_481" = "1870097693"
"a2_544" = "3900004282"
"a2_545" = "3907167622"
"a2_546" = "3914349541"
"a2_547" = "3921504050"
"a2_548" = "3928671734"
"a2_549" = "3935852602"
"a2_894" = "2114236276"
"a2_895" = "2121397893"
"a2_892" = "2099897819"
"a2_893" = "2107048772"
"a2_890" = "2085542264"
"a2_891" = "2092712781"
"a2_438" = "3140067035"
"a2_439" = "3147251074"
"a2_434" = "3111401351"
"a2_435" = "3118565360"
"a2_436" = "3125734422"
"a2_437" = "3132901065"
"a2_430" = "3082716216"
"a2_431" = "3089882901"
"a2_432" = "3097066295"
"a2_433" = "3104238142"
"a2_948" = "2501351171"
"a2_949" = "2508525096"
"a4_908" = "2214594572"
"a2_944" = "2472674791"
"a2_945" = "2479855266"
"a2_946" = "2487022674"
"a2_947" = "2494186654"
"a2_940" = "2444001941"
"a1_488" = "3229655329"
"a2_942" = "2458340249"
"a2_943" = "2465490612"
"a1_279" = "636132576"
"a1_278" = "3191505130"
"a1_489" = "2570832916"
"a1_271" = "583472098"
"a1_270" = "702026558"
"a1_273" = "3651566910"
"a1_272" = "2050380103"
"a1_275" = "728607343"
"a1_274" = "2844804588"
"a1_277" = "2590585161"
"a1_276" = "302702797"
"a2_764" = "1182239136"
"a2_765" = "1189408473"
"a2_766" = "1196573419"
"a2_767" = "1203743702"
"a2_760" = "1153557042"
"a2_761" = "1160739471"
"a2_762" = "1167908829"
"a2_763" = "1175064054"
"a2_768" = "1210922114"
"a2_769" = "1218092487"
"a2_382" = "2738607590"
"a2_383" = "2745775996"
"a2_380" = "2724256813"
"a2_381" = "2731428316"
"a2_386" = "2767289061"
"a2_387" = "2774442196"
"a2_384" = "2752941098"
"a2_385" = "2760108086"
"a2_388" = "2781623607"
"a2_389" = "2788792680"
"a1_613" = "1453135384"
"a1_612" = "523231577"
"a1_611" = "458096712"
"a2_368" = "2638238489"
"a2_369" = "2645408347"
"a1_610" = "3331261307"
"a2_88" = "630889651"
"a2_89" = "638057965"
"a2_84" = "602208602"
"a2_85" = "609374122"
"a2_86" = "616538479"
"a2_87" = "623706400"
"a2_80" = "573522140"
"a2_81" = "580705919"
"a2_82" = "587872491"
"a2_83" = "595041318"
"a3_273" = "1974165848"
"a3_272" = "1966722361"
"a3_271" = "1926113414"
"a3_270" = "1918678119"
"a3_277" = "2002712284"
"a3_276" = "1962103485"
"a3_275" = "1954659866"
"a3_274" = "1947600379"
"a2_162" = "1161401140"
"a2_163" = "1168571502"
"a3_279" = "1983582110"
"a3_278" = "2009623423"
"a2_166" = "1190081324"
"a2_167" = "1197239465"
"a2_164" = "1175739761"
"a2_165" = "1182902709"
"a3_690" = "668723035"
"a3_679" = "589715310"
"a1_666" = "3671747459"
"a3_677" = "541662892"
"a3_676" = "568228365"
"a3_675" = "560775658"
"a3_674" = "553725259"
"a3_673" = "513247528"
"a3_672" = "505681033"
"a3_671" = "532246550"
"a3_670" = "525328375"
"a3_50" = "341766363"
"a3_51" = "348755322"
"a3_52" = "389745053"
"a3_53" = "396796476"
"a3_54" = "370165343"
"a3_55" = "377748222"
"a3_56" = "384737041"
"a3_57" = "425210800"
"a3_58" = "432789459"
"a3_59" = "406145138"
"a3_417" = "3006523432"
"a3_416" = "2965403529"
"a3_415" = "2958480150"
"a3_414" = "2984984311"
"a3_413" = "2977536596"
"a3_412" = "2970543669"
"a3_411" = "2929937810"
"a3_410" = "2922490227"
"a3_419" = "2986877162"
"a3_418" = "3013512267"
"a1_451" = "2863106483"
"a1_450" = "441991119"
"a1_453" = "3270165656"
"a1_452" = "69947921"
"a1_455" = "1539127835"
"a1_454" = "1962123620"
"a1_457" = "311939652"
"a1_456" = "578638487"
"a1_459" = "1509873842"
"a1_458" = "2003887682"
"a1_693" = "120155433"
"a1_692" = "2713911385"
"a1_691" = "4292609121"
"a1_690" = "2842273323"
"a1_697" = "2195135046"
"a1_696" = "3745771376"
"a1_695" = "1781770510"
"a1_694" = "532403016"
"a1_699" = "2428810422"
"a1_698" = "4164630563"
"a3_896" = "2145139113"
"a3_695" = "704178558"
"a1_962" = "1087771099"
"a3_309" = "2231976764"
"a3_308" = "2191503005"
"a3_303" = "2155521254"
"a3_302" = "2148466759"
"a3_301" = "2174512164"
"a3_300" = "2167589765"
"a3_307" = "2183924346"
"a3_306" = "2210566619"
"a3_305" = "2203581880"
"a3_304" = "2162448665"
"a4_86" = "616544406"
"a4_87" = "623713527"
"a4_84" = "602206164"
"a4_85" = "609375285"
"a4_82" = "587867922"
"a4_83" = "595037043"
"a4_80" = "573529680"
"a4_81" = "580698801"
"a3_887" = "2047190590"
"a3_730" = "921917107"
"a4_88" = "630882648"
"a4_89" = "638051769"
"a3_731" = "962513618"
"a4_954" = "2544374138"

[HKCU\Software\Aas\695404737]
"14338242" = "0"

[HKCU\Software\Aas]
"a3_913" = "2267125720"
"a3_736" = "998505673"
"a1_740" = "1617170138"
"a3_737" = "1005490536"
"a3_697" = "685057584"
"a3_892" = "2083171285"
"a3_891" = "2109683634"
"a3_890" = "2102235923"
"a3_897" = "2119163336"
"a3_734" = "950445111"
"a3_895" = "2138211638"
"a3_894" = "2131222679"
"a3_899" = "2166680202"
"a3_735" = "990926934"
"a3_696" = "678137233"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden" = "0"

[HKCU\Software\Aas]
"a1_967" = "2089327140"
"a4_387" = "2774449827"
"a1_940" = "1009509745"
"a1_752" = "176062776"
"a4_629" = "214409813"
"a4_628" = "207240692"
"a4_627" = "200071571"
"a4_626" = "192902450"
"a4_625" = "185733329"
"a4_624" = "178564208"
"a4_623" = "171395087"
"a4_622" = "164225966"
"a4_621" = "157056845"
"a4_620" = "149887724"
"a2_75" = "537687146"
"a2_74" = "530520269"
"a2_77" = "552020472"
"a2_76" = "544855859"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"

[HKCU\Software\Aas]
"a2_71" = "509002016"
"a2_70" = "501830059"
"a4_753" = "1103380817"
"a4_752" = "1096211696"
"a4_751" = "1089042575"
"a4_750" = "1081873454"
"a4_757" = "1132057301"
"a2_73" = "523353220"
"a4_755" = "1117719059"
"a4_754" = "1110549938"
"a1_877" = "1428697601"
"a1_876" = "1397889439"
"a4_759" = "1146395543"
"a2_72" = "516169775"
"a1_873" = "4128205200"
"a1_872" = "1632273214"
"a1_871" = "3199069139"
"a1_870" = "1089451635"
"a4_195" = "1397978595"
"a4_194" = "1390809474"
"a4_197" = "1412316837"
"a4_196" = "1405147716"
"a4_191" = "1369302111"
"a4_190" = "1362132990"
"a4_193" = "1383640353"
"a4_192" = "1376471232"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_198" = "1419485958"
"a1_909" = "3763035556"
"a4_179" = "1283272659"
"a4_178" = "1276103538"
"a4_173" = "1240257933"
"a4_172" = "1233088812"
"a4_171" = "1225919691"
"a4_170" = "1218750570"
"a4_177" = "1268934417"
"a4_176" = "1261765296"
"a4_175" = "1254596175"
"a4_174" = "1247427054"
"a4_577" = "4136582817"
"a3_123" = "898388146"
"a4_575" = "4122244575"
"a4_574" = "4115075454"
"a4_573" = "4107906333"
"a4_572" = "4100737212"
"a4_571" = "4093568091"
"a3_122" = "891468819"
"a4_970" = "2659080074"
"a3_121" = "850861040"
"a4_579" = "4150921059"
"a4_578" = "4143751938"
"a4_289" = "2071875969"
"a4_288" = "2064706848"
"a3_636" = "247859925"
"a3_120" = "843343697"
"a4_281" = "2014523001"
"a4_280" = "2007353880"
"a4_283" = "2028861243"
"a1_108" = "2134855716"
"a4_285" = "2043199485"
"a4_284" = "2036030364"
"a4_287" = "2057537727"
"a3_126" = "886312343"
"a3_125" = "879323508"
"a3_124" = "905966805"
"a4_965" = "2623234469"
"a3_691" = "642161658"
"a3_967" = "2620735566"
"a4_379" = "2717096859"
"a4_378" = "2709927738"
"a3_966" = "2647370799"
"a4_375" = "2688420375"
"a4_374" = "2681251254"
"a4_377" = "2702758617"
"a4_376" = "2695589496"
"a4_371" = "2659743891"
"a4_370" = "2652574770"
"a4_373" = "2674082133"
"a4_372" = "2666913012"
"a3_964" = "2599327597"
"a3_963" = "2592338634"
"a3_962" = "2584764075"
"a4_756" = "1124888180"
"a3_961" = "2611395080"
"a1_755" = "3355538014"
"a1_437" = "3804769224"
"a3_960" = "2604335593"
"a2_553" = "3964521584"
"a2_552" = "3957354447"
"a2_551" = "3950194354"
"a2_550" = "3943009207"
"a2_557" = "3993191644"
"a2_556" = "3986039729"
"a2_555" = "3978857409"
"a2_554" = "3971687737"
"a2_889" = "2078378007"
"a2_888" = "2071211812"
"a2_559" = "4007540506"
"a2_558" = "4000372371"
"a4_980" = "2730771284"
"a4_981" = "2737940405"
"a2_429" = "3075547386"
"a2_428" = "3068392354"
"a2_427" = "3061215264"
"a2_426" = "3054050304"
"a2_425" = "3046881502"
"a2_424" = "3039715823"
"a2_423" = "3032531389"
"a2_422" = "3025366724"
"a2_421" = "3018198764"
"a2_420" = "3011031694"
"a1_758" = "1654972394"
"a2_565" = "4050556498"
"a2_959" = "2580225017"
"a2_958" = "2573057198"
"a2_957" = "2565876166"
"a2_956" = "2558720721"
"a2_955" = "2551539769"
"a2_954" = "2544372579"
"a1_785" = "2482479046"
"a2_952" = "2530038375"
"a2_951" = "2522871846"
"a2_950" = "2515688697"
"a1_208" = "3733431752"
"a1_209" = "53918819"
"a1_204" = "634089279"
"a1_205" = "535926257"
"a1_206" = "629937863"
"a1_207" = "1533425690"
"a1_200" = "2679942332"
"a1_201" = "163417725"
"a1_202" = "1570797914"
"a1_203" = "333748920"
"a2_777" = "1275442989"
"a2_776" = "1268276244"
"a2_775" = "1261106736"
"a2_774" = "1253925028"
"a2_773" = "1246771690"
"a2_772" = "1239592227"
"a2_771" = "1232423083"
"a2_770" = "1225257821"
"a2_779" = "1289775856"
"a2_778" = "1282611481"
"a2_395" = "2831809293"
"a2_394" = "2824628926"
"a2_397" = "2846144260"
"a2_396" = "2838976912"
"a2_391" = "2803124896"
"a2_390" = "2795959168"
"a2_393" = "2817458608"
"a2_392" = "2810294028"
"a2_399" = "2860471901"
"a2_398" = "2853311525"
"a2_568" = "4072058203"
"a2_569" = "4079224828"
"a2_379" = "2717091818"
"a2_378" = "2709924335"
"a2_373" = "2674090335"
"a2_372" = "2666908343"
"a2_371" = "2659735950"
"a2_370" = "2652583349"
"a2_377" = "2702756709"
"a2_376" = "2695591386"
"a2_375" = "2688423538"
"a2_374" = "2681243105"
"a3_246" = "1746738975"
"a3_247" = "1753789374"
"a3_244" = "1765852765"
"a3_245" = "1773304572"
"a2_179" = "1283263730"
"a2_178" = "1276106029"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"

[HKCU\Software\Aas]
"a3_241" = "1744311672"
"a2_175" = "1254603581"
"a2_174" = "1247419428"
"a2_177" = "1268937197"
"a2_176" = "1261769604"
"a2_171" = "1225921692"
"a2_170" = "1218753008"
"a2_173" = "1240255242"
"a3_249" = "1801832560"
"a4_960" = "2587388864"
"a1_510" = "803373417"
"a1_511" = "1764865217"
"a1_512" = "1132621259"
"a1_513" = "1359562543"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt]
"CheckedValue" = "1"

[HKCU\Software\Aas]
"a1_515" = "232286331"
"a1_516" = "4237390045"
"a1_517" = "959348373"
"a1_518" = "1334050965"
"a1_519" = "1999221886"
"a3_648" = "367361953"
"a3_649" = "340792256"
"a3_69" = "478110732"
"a3_68" = "470664173"
"a3_65" = "449123976"
"a3_64" = "442135145"
"a3_67" = "497168202"
"a3_66" = "489720619"
"a3_61" = "454263092"
"a3_60" = "413199509"
"a3_63" = "468244982"
"a3_62" = "461186391"
"a1_784" = "440866374"
"a3_514" = "3667976427"
"a2_543" = "3892836001"
"a1_424" = "2890184692"
"a1_425" = "1763555251"
"a1_426" = "3282801972"
"a1_427" = "975927810"
"a1_420" = "998178410"
"a1_421" = "108226268"
"a1_422" = "2948469805"
"a1_423" = "2274585465"
"a3_199" = "1409969486"
"a1_428" = "1211356567"
"a1_429" = "32394968"
"a3_515" = "3709043978"
"a3_693" = "690213052"
"a2_965" = "2623240322"
"a3_338" = "2439897659"
"a3_339" = "2446886490"
"a3_336" = "2391856505"
"a3_337" = "2432846232"
"a3_334" = "2411437223"
"a3_335" = "2384801990"
"a3_332" = "2363312101"
"a3_333" = "2403923972"
"a3_330" = "2348814115"
"a3_331" = "2356388674"
"a1_738" = "3133209908"
"a1_739" = "2236785997"
"a3_428" = "3084957701"
"a3_429" = "3058850980"
"a3_422" = "3041926607"
"a3_423" = "3049502318"
"a3_420" = "2994455821"
"a3_421" = "3001383340"
"a3_426" = "3070911299"
"a3_427" = "3077900258"
"a3_424" = "3022858881"
"a3_425" = "3029913376"
"a1_864" = "3936197979"
"a2_915" = "2264786415"
"a1_865" = "3840695694"
"a4_870" = "1942167974"
"a4_873" = "1963675337"
"a1_861" = "1419419383"
"a1_863" = "3906675767"
"a3_87" = "607024862"
"a3_86" = "633131711"
"a3_85" = "626081308"
"a3_84" = "585598461"
"a3_83" = "578085210"
"a3_82" = "571034939"
"a3_81" = "597665944"
"a4_183" = "1311949143"
"a3_89" = "654610320"
"a3_88" = "614067057"
"a4_612" = "92534756"
"a4_613" = "99703877"
"a4_610" = "78196514"
"a4_611" = "85365635"
"a4_616" = "121211240"
"a4_617" = "128380361"
"a4_614" = "106872998"
"a4_615" = "114042119"
"a4_968" = "2644741832"
"a4_969" = "2651910953"
"a4_618" = "135549482"
"a4_619" = "142718603"
"a4_871" = "1949337095"
"a3_689" = "661144376"
"a3_812" = "1543047557"
"a3_692" = "649083933"
"a4_876" = "1985182700"
"a4_766" = "1196579390"
"a4_767" = "1203748511"
"a4_764" = "1182241148"
"a4_765" = "1189410269"
"a4_762" = "1167902906"
"a4_763" = "1175072027"
"a4_760" = "1153564664"
"a4_761" = "1160733785"
"a1_848" = "3738373786"
"a1_849" = "1861550566"
"a1_439" = "1946479911"
"a4_768" = "1210917632"
"a4_769" = "1218086753"
"a3_938" = "2446500163"
"a3_512" = "3687557161"
"a1_661" = "2994496312"
"a3_513" = "3660926024"
"a3_930" = "2355479115"
"a3_931" = "2362926826"
"a3_932" = "2403474189"
"a3_814" = "1523992135"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs" = "http://www.114116.info"

[HKCU\Software\Aas]
"a3_510" = "3639513879"
"a3_936" = "2398382209"
"a3_937" = "2439449888"
"a3_511" = "3679991734"
"a3_516" = "3715971501"
"a3_517" = "3723025868"
"a1_198" = "2678699080"
"a1_199" = "3661401353"
"a4_148" = "1061029908"
"a4_149" = "1068199029"
"a4_146" = "1046691666"
"a4_147" = "1053860787"
"a1_196" = "284139801"
"a4_145" = "1039522545"
"a1_190" = "1025167011"
"a4_143" = "1025184303"
"a4_140" = "1003676940"
"a4_141" = "1010846061"
"a3_910" = "2245638887"
"a4_548" = "3928678308"
"a4_549" = "3935847429"
"a4_542" = "3885663582"
"a4_543" = "3892832703"
"a4_540" = "3871325340"
"a4_541" = "3878494461"
"a4_546" = "3914340066"
"a4_547" = "3921509187"
"a4_544" = "3900001824"
"a4_545" = "3907170945"
"a4_839" = "1719925223"
"a1_662" = "3629060970"
"a1_663" = "4165837452"
"a3_965" = "2639793036"
"a1_660" = "505209933"
"a4_380" = "2724265980"
"a4_381" = "2731435101"
"a4_382" = "2738604222"
"a4_383" = "2745773343"
"a4_384" = "2752942464"
"a4_385" = "2760111585"
"a4_386" = "2767280706"
"a4_169" = "1211581449"
"a4_388" = "2781618948"
"a4_389" = "2788788069"

"a1_667" = "200991725"
"a1_664" = "2054368709"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"

[HKCU\Software\Aas]
"a1_665" = "2016199844"
"a1_0" = "1211228002"
"a1_1" = "2882572219"
"a1_2" = "4208957963"
"a1_3" = "2522834045"
"a1_4" = "3374809297"
"a1_5" = "3612135612"
"a1_6" = "4010214941"
"a1_7" = "348974036"
"a1_8" = "2823416758"
"a1_9" = "4126632970"
"a2_566" = "4057712934"
"a2_567" = "4064890624"
"a2_564" = "4043390486"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKCU\Software\Aas]
"a2_562" = "4029038797"
"a2_563" = "4036221908"
"a3_8" = "40388897"
"a3_9" = "47967552"
"a3_6" = "59977839"
"a3_7" = "67032206"
"a3_4" = "11991981"
"a3_5" = "52535244"
"a3_2" = "31040235"
"a3_3" = "4933386"
"a3_0" = "17001001"
"a3_1" = "23989832"
"a2_412" = "2953681906"
"a2_413" = "2960838902"
"a2_410" = "2939346672"
"a2_411" = "2946514474"
"a2_416" = "2982349313"
"a2_417" = "2989528939"
"a2_414" = "2968012987"
"a2_415" = "2975179614"
"a2_418" = "2996698117"
"a2_419" = "3003868601"
"a2_962" = "2601724982"
"a2_963" = "2608893684"
"a2_960" = "2587380092"
"a2_961" = "2594556974"
"a2_966" = "2630409242"
"a2_967" = "2637575179"
"a2_964" = "2616060497"
"a4_950" = "2515697654"
"a1_631" = "2738900958"
"a2_968" = "2644743107"
"a2_969" = "2651903715"
"a4_564" = "4043384244"
"a1_219" = "3274285223"
"a1_218" = "2539158052"
"a1_217" = "1500166246"
"a1_216" = "1535047317"
"a1_215" = "2656278335"
"a1_214" = "1423109854"
"a1_213" = "2529940458"
"a1_212" = "1332957852"
"a1_211" = "2817355599"
"a1_210" = "612552736"
"a4_567" = "4064891607"
"a1_630" = "962877453"
"a2_980" = "2730776216"
"a4_560" = "4014707760"
"a2_982" = "2745113361"
"a4_956" = "2558712380"
"a4_561" = "4021876881"
"a4_562" = "4029046002"
"a4_563" = "4036215123"
"a4_443" = "3175920603"
"a1_633" = "3001881216"
"a4_442" = "3168751482"
"a4_441" = "3161582361"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TINTIMG" = "%Documents and Settings%\%current user%\Application Data\cssrs.exe"

A firewall is disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

Firewall notifications are disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"

The process cssrs.exe:1464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 B4 B6 AF 80 49 11 75 1F 6C 51 BA F9 51 61 A2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

The process cssrs.exe:944 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 CC 9C E1 1C 3D 8B 00 16 A9 CE 4B E9 94 44 96"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

Dropped PE files

MD5	File path
3d00e46b4280fbc5e1b758244ba8d3e4	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\00212B74_Rar\%original file name%.exe
3d00e46b4280fbc5e1b758244ba8d3e4	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\00212C8D_Rar\%original file name%.exe
b7a670e488208d71239012380fd6d87f	c:\xcas.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	41716	41984	4.56001	4a77e71b3902c8dc0f9d299b55bcd83c
.rdata	49152	9994	10240	3.66555	6290e9c408ae6870143b78836ce64421
.data	61440	14500	4096	1.4687	448541fd66cace4cd3dfcf7e506ad72d
.rsrc	77824	80000	80384	3.43291	98a6c22ce487f38bfa3dff16299f6702
.reloc	159744	139264	136192	4.70554	f687a7f95b10aa82ae6a9f3f2dc27039

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_204:

$6.]$6.]$6.]

.text

.rdata

.data

.rsrc

@.reloc

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

GetProcessWindowStation

USER32.DLL

e:\dev\vircs_muluwu\release\cssrs.pdb

RegCreateKeyExW

RegCloseKey

ADVAPI32.dll

PSAPI.DLL

SHFileOperationW

ShellExecuteW

SHELL32.dll

SHLWAPI.dll

USER32.dll

GetCPInfo

GetConsoleOutputCP

KERNEL32.dll

3333333330

333333333333330

.LjR=W

.Jbjx=

^_^\^_\^[__^^_^^__^^^^___^__^\_\\_^^^^\^^_[__^^__^_^__^^\[^^_^_^^_^\_^_^^\^\^[^[[__^\^^^\-

333333333333333

444444444

33333333333333

0 0$0(0,00040~0

2 2$2(2,2

J.NTs

GtCp

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\00212C8D_Rar\%original file name%.exe

%original file name%.exe

c:\%original file name%.exe

n Data\cssrs.exe

\cssrs.exe

.reloc

hXXp://akzil.com/images/logo.gif

hXXp://VVV.cr4sh.go.ro/logo.gif

hXXp://artgas.com.br/button.gif

hXXp://earnmoneybd.com/images/logo.gif

hXXp://sohamworld.in/images/button.gif

hXXp://simicani.com/logo.gif

hXXp://VVV.storfree.com/images/logos.gif

hXXp://newnirman.in/button.gif

hXXp://VVV.msict.in/images/logo.gif

hXXp://ganuzasv.com/logo.gif

{s/logo.gif

hXXp://aktanbobinaj.com/images/button.gif

hXXp://aiadmkinternetwing.org/logo.gif

'8.168.222.206/logos.gif

.info/J

home.gifI888

h.rata

Bkrnl.exe?

= =$=(=,=

322%2`.50727)

.klkjw:9fqwi

FamXf39.sys

.pBTa8

%s:*:

Bg.laXV

&?%x=

GUrlA'

Web%w|nc

HTTP)

2GUARDCMD.

.ENHCDM

PL/KPCKwWEB

MM.PFW.

.bssf

J:CRT

MSVCRT.dll

WS2_32.dll

SHFileOperationA

mscoree.dll

cssrs.exe

hXXp://VVV.114116.info

Windows\

age_URL

outURLs

%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe

%Documents and Settings%\%current user%\Application Data\cssrs.exe

Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt

%original file name%.exe_204_rwx_00437000_00011000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\00212C8D_Rar\%original file name%.exe

%original file name%.exe

c:\%original file name%.exe

n Data\cssrs.exe

\cssrs.exe

.reloc

hXXp://akzil.com/images/logo.gif

hXXp://VVV.cr4sh.go.ro/logo.gif

hXXp://artgas.com.br/button.gif

hXXp://earnmoneybd.com/images/logo.gif

hXXp://sohamworld.in/images/button.gif

hXXp://simicani.com/logo.gif

hXXp://VVV.storfree.com/images/logos.gif

hXXp://newnirman.in/button.gif

hXXp://VVV.msict.in/images/logo.gif

hXXp://ganuzasv.com/logo.gif

{s/logo.gif

hXXp://aktanbobinaj.com/images/button.gif

hXXp://aiadmkinternetwing.org/logo.gif

'8.168.222.206/logos.gif

.info/J

home.gifI888

.text

KERNEL32.dll

h.rata

Bkrnl.exe?

= =$=(=,=

322%2`.50727)

.klkjw:9fqwi

FamXf39.sys

.pBTa8

%s:*:

Bg.laXV

&?%x=

GUrlA'

Web%w|nc

HTTP)

2GUARDCMD.

.ENHCDM

PL/KPCKwWEB

MM.PFW.

.bssf

J:CRT

ADVAPI32.dll

MSVCRT.dll

SHELL32.dll

USER32.dll

WS2_32.dll

RegCloseKey

SHFileOperationA

%original file name%.exe_204_rwx_00920000_00002000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

.reloc

%original file name%.exe_204_rwx_00930000_00001000:

|%original file name%.exeM_204_

%original file name%.exe_204_rwx_010E0000_0108E000:

c:\windows

hXXp://akzil.com/images/logo.gif

hXXp://VVV.cr4sh.go.ro/logo.gif

hXXp://artgas.com.br/button.gif

hXXp://earnmoneybd.com/images/logo.gif

hXXp://sohamworld.in/images/button.gif

hXXp://simicani.com/logo.gif

hXXp://VVV.storfree.com/images/logos.gif

hXXp://newnirman.in/button.gif

hXXp://VVV.msict.in/images/logo.gif

hXXp://ganuzasv.com/logo.gif

%System%\drivers\gkkkrn.sys

21703434861

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

.reloc

hXXp://89.119.67.154/testo5/

hXXp://kukutrustnet777.info/home.gif

hXXp://kukutrustnet888.info/home.gif

hXXp://kukutrustnet987.info/home.gif

.text

KERNEL32.dll

USER32.dll

h.rdata

H.data

ntoskrnl.exe

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Software\Microsoft\Windows\CurrentVersion

hXXp://VVV.klkjwre9fqwieluoi.info/

hXXp://kukutrustnet777888.info/

Software\Microsoft\Windows\CurrentVersion\policies\system

Software\Microsoft\Windows\ShellNoRoam\MUICache

%s:*:Enabled:ipsec

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

GdiPlus.dll

hXXp://

ipfltdrv.sys

VVV.microsoft.com

?%x=%d

&%x=%d

SYSTEM.INI

USER32.DLL

.%c%s

\\.\amsint32

NTDLL.DLL

autorun.inf

ADVAPI32.DLL

win%s.exe

%s.exe

WININET.DLL

InternetOpenUrlA

avast! Web Scanner

Avira AntiVir Premium WebGuard

cmdGuard

cmdAgent

Eset HTTP Server

ProtoPort Firewall service

SpIDer FS Monitor for Windows NT

Symantec Password Validation

WebrootDesktopFirewallDataService

WebrootFirewall

%d%d.tmp

SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

%s\%s

%s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

Software\Microsoft\Windows\CurrentVersion\Ext\Stats

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Explorer.exe

A2CMD.

ASHWEBSV.

AVGCC.AVGCHSVX.

DRWEB

DWEBLLIO

DWEBIO

FSGUIEXE.

MCVSSHLD.

NPFMSG.

SYMSPORT.

WEBSCANX.

.adata

M_%d_

%c%d_%d

?456789:;<=

!"#$%&'()* ,-./0123

GetProcessHeap

GetWindowsDirectoryA

RegEnumKeyExA

RegDeleteKeyA

RegOpenKeyExA

RegCreateKeyA

RegCloseKey

SHFileOperationA

&3&3&3&389

.rdata

.data

Bkrnl.exe?

= =$=(=,=

322%2`.50727)

.klkjw:9fqwi

FamXf39.sys

.pBTa8

%s:*:

Bg.laXV

&?%x=

GUrlA'

Web%w|nc

HTTP)

2GUARDCMD.

.ENHCDM

PL/KPCKwWEB

MM.PFW.

.bssf

J:CRT

ADVAPI32.dll

MSVCRT.dll

SHELL32.dll

WS2_32.dll

cssrs.exe_1464:

$6.]$6.]$6.]

.text

.rdata

.data

.rsrc

@.reloc

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

GetProcessWindowStation

USER32.DLL

e:\dev\vircs_muluwu\release\cssrs.pdb

RegCreateKeyExW

RegCloseKey

ADVAPI32.dll

PSAPI.DLL

SHFileOperationW

ShellExecuteW

SHELL32.dll

SHLWAPI.dll

USER32.dll

GetCPInfo

GetConsoleOutputCP

KERNEL32.dll

3333333330

333333333333330

.LjR=W

.Jbjx=

^_^\^_\^[__^^_^^__^^^^___^__^\_\\_^^^^\^^_[__^^__^_^__^^\[^^_^_^^_^\_^_^^\^\^[^[[__^\^^^\-

333333333333333

444444444

33333333333333

0 0$0(0,00040~0

2 2$2(2,2

J.NTs

GtCp

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

cssrs.exe

.reloc

%Documents and Settings%\%current user%\Application Data\cssrs.exe

hXXp://akzil.com/images/logo.gif

hXXp://VVV.cr4sh.go.ro/logo.gif

hXXp://artgas.com.br/button.gif

hXXp://earnmoneybd.com/images/logo.gif

hXXp://sohamworld.in/images/button.gif

hXXp://simicani.com/logo.gif

hXXp://VVV.storfree.com/images/logos.gif

hXXp://newnirman.in/button.gif

hXXp://VVV.msict.in/images/logo.gif

hXXp://ganuzasv.com/logo.gif

{s/logo.gif

hXXp://aktanbobinaj.com/images/button.gif

hXXp://aiadmkinternetwing.org/logo.gif

'8.168.222.206/logos.gif

.info/J

home.gifI888

h.rata

Bkrnl.exe?

= =$=(=,=

322%2`.50727)

.klkjw:9fqwi

FamXf39.sys

.pBTa8

%s:*:

Bg.laXV

&?%x=

GUrlA'

Web%w|nc

HTTP)

2GUARDCMD.

.ENHCDM

PL/KPCKwWEB

MM.PFW.

.bssf

J:CRT

MSVCRT.dll

WS2_32.dll

SHFileOperationA

mscoree.dll

hXXp://VVV.114116.info

Windows\

age_URL

outURLs

%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe

cssrs.exe_1464_rwx_00437000_00011000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

cssrs.exe

.reloc

%Documents and Settings%\%current user%\Application Data\cssrs.exe

hXXp://akzil.com/images/logo.gif

hXXp://VVV.cr4sh.go.ro/logo.gif

hXXp://artgas.com.br/button.gif

hXXp://earnmoneybd.com/images/logo.gif

hXXp://sohamworld.in/images/button.gif

hXXp://simicani.com/logo.gif

hXXp://VVV.storfree.com/images/logos.gif

hXXp://newnirman.in/button.gif

hXXp://VVV.msict.in/images/logo.gif

hXXp://ganuzasv.com/logo.gif

{s/logo.gif

hXXp://aktanbobinaj.com/images/button.gif

hXXp://aiadmkinternetwing.org/logo.gif

'8.168.222.206/logos.gif

.info/J

home.gifI888

.text

KERNEL32.dll

h.rata

Bkrnl.exe?

= =$=(=,=

322%2`.50727)

.klkjw:9fqwi

FamXf39.sys

.pBTa8

%s:*:

Bg.laXV

&?%x=

GUrlA'

Web%w|nc

HTTP)

2GUARDCMD.

.ENHCDM

PL/KPCKwWEB

MM.PFW.

.bssf

J:CRT

ADVAPI32.dll

MSVCRT.dll

SHELL32.dll

USER32.dll

WS2_32.dll

RegCloseKey

SHFileOperationA

cssrs.exe_1464_rwx_00910000_00002000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

.reloc

cssrs.exe_1464_rwx_00920000_00001000:

|cssrs.exeM_1464_

cssrs.exe_944:

$6.]$6.]$6.]

.text

.rdata

.data

.rsrc

@.reloc

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

GetProcessWindowStation

USER32.DLL

e:\dev\vircs_muluwu\release\cssrs.pdb

RegCreateKeyExW

RegCloseKey

ADVAPI32.dll

PSAPI.DLL

SHFileOperationW

ShellExecuteW

SHELL32.dll

SHLWAPI.dll

USER32.dll

GetCPInfo

GetConsoleOutputCP

KERNEL32.dll

3333333330

333333333333330

.LjR=W

.Jbjx=

^_^\^_\^[__^^_^^__^^^^___^__^\_\\_^^^^\^^_[__^^__^_^__^^\[^^_^_^^_^\_^_^^\^\^[^[[__^\^^^\-

333333333333333

444444444

33333333333333

0 0$0(0,00040~0

2 2$2(2,2

J.NTs

GtCp

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

cssrs.exe

.reloc

%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe

hXXp://akzil.com/images/logo.gif

hXXp://VVV.cr4sh.go.ro/logo.gif

hXXp://artgas.com.br/button.gif

hXXp://earnmoneybd.com/images/logo.gif

hXXp://sohamworld.in/images/button.gif

hXXp://simicani.com/logo.gif

hXXp://VVV.storfree.com/images/logos.gif

hXXp://newnirman.in/button.gif

hXXp://VVV.msict.in/images/logo.gif

hXXp://ganuzasv.com/logo.gif

{s/logo.gif

hXXp://aktanbobinaj.com/images/button.gif

hXXp://aiadmkinternetwing.org/logo.gif

'8.168.222.206/logos.gif

.info/J

home.gifI888

h.rata

Bkrnl.exe?

= =$=(=,=

322%2`.50727)

.klkjw:9fqwi

FamXf39.sys

.pBTa8

%s:*:

Bg.laXV

&?%x=

GUrlA'

Web%w|nc

HTTP)

2GUARDCMD.

.ENHCDM

PL/KPCKwWEB

MM.PFW.

.bssf

J:CRT

MSVCRT.dll

WS2_32.dll

SHFileOperationA

mscoree.dll

hXXp://VVV.114116.info

Windows\

age_URL

outURLs

%Documents and Settings%\%current user%\Application Data\cssrs.exe

cssrs.exe_944_rwx_00437000_00011000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

cssrs.exe

.reloc

%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe

hXXp://akzil.com/images/logo.gif

hXXp://VVV.cr4sh.go.ro/logo.gif

hXXp://artgas.com.br/button.gif

hXXp://earnmoneybd.com/images/logo.gif

hXXp://sohamworld.in/images/button.gif

hXXp://simicani.com/logo.gif

hXXp://VVV.storfree.com/images/logos.gif

hXXp://newnirman.in/button.gif

hXXp://VVV.msict.in/images/logo.gif

hXXp://ganuzasv.com/logo.gif

{s/logo.gif

hXXp://aktanbobinaj.com/images/button.gif

hXXp://aiadmkinternetwing.org/logo.gif

'8.168.222.206/logos.gif

.info/J

home.gifI888

.text

KERNEL32.dll

h.rata

Bkrnl.exe?

= =$=(=,=

322%2`.50727)

.klkjw:9fqwi

FamXf39.sys

.pBTa8

%s:*:

Bg.laXV

&?%x=

GUrlA'

Web%w|nc

HTTP)

2GUARDCMD.

.ENHCDM

PL/KPCKwWEB

MM.PFW.

.bssf

J:CRT

ADVAPI32.dll

MSVCRT.dll

SHELL32.dll

USER32.dll

WS2_32.dll

RegCloseKey

SHFileOperationA

cssrs.exe_944_rwx_00910000_00002000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

.reloc

cssrs.exe_944_rwx_00920000_00001000:

|cssrs.exeM_944_

Explorer.EXE_128_rwx_00E70000_00002000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

.reloc

Explorer.EXE_128_rwx_00E80000_00001000:

|explorer.exeM_128_

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%WinDir%\system.ini (72 bytes)
C:\autorun.inf (331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00212B74_Rar\%original file name%.exe (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winfoutb.exe (741 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (840 bytes)
%Documents and Settings%\%current user%\Application Data\cssrs.exe (1425 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (272 bytes)
C:\xcas.exe (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00212C8D_Rar\%original file name%.exe (1425 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe (2850 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TINTIMG" = "%Documents and Settings%\%current user%\Application Data\cssrs.exe"
Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.StartPage.ZSB_ed0107d2ed

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.StartPage.ZSB_ed0107d2ed

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet