Virus.Win32.Sality_afd23c01d5

by malwarelabrobot on March 3rd, 2016 in Malware Descriptions.

Trojan.Win32.Pasta.kri (Kaspersky), Trojan.StartPage.ZSB (B) (Emsisoft), Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, Virus, WormAutorun

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: afd23c01d51f0b44a2a57a25ebb860dd
SHA1: 1100d19ab058ea23061c0213674a4737a9799b09
SHA256: 9493765e1f60ed2a4a4e74c1703e0c20ef6990a3528c6eb451159b7b0b1d7e12
SSDeep: 3072:PQL/bCr1IPe5ML7CCFODmnu jwdWqovnOR:PQL/bCr4VF5uFdWqUs
Size: 237056 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 1993-07-14 00:47:25
Analyzed on: WindowsXP SP3 32-bit

Summary:

Virus. A program that recursively replicates a possibly evolved copy of itself.

Payload

Behaviour	Description
WormAutorun	A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer.

Process activity

The Virus creates the following process(es):
No processes have been created.
The Virus injects its code into the following process(es):

%original file name%.exe:1600
cssrs.exe:1568
cssrs.exe:1052
Explorer.EXE:532

Mutexes

The following mutexes were created/opened:

esdfsfweqjjjeewhqxfjknt
asdfoijq889aqewhqwe82nt
ShimCacheMutex
%original file name%.exeM_1600_
wmiprvse.exeM_1208_
wuauclt.exeM_1648_
vmtoolsd.exeM_1740_
jqs.exeM_1640_
spoolsv.exeM_1424_
svchost.exeM_1084_
svchost.exeM_904_
vmacthlp.exeM_892_
lsass.exeM_736_
services.exeM_724_
winlogon.exeM_680_
smss.exeM_424_
csrss.exeM_656_
uxJLpe1m

File activity

The process %original file name%.exe:1600 makes changes in the file system.
The Virus creates and/or writes to the following file(s):

%WinDir%\system.ini (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000CBF8C_Rar\%original file name%.exe (1281 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (528 bytes)
C:\gdena.pif (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000CBE83_Rar\%original file name%.exe (1281 bytes)
%Documents and Settings%\%current user%\Application Data\cssrs.exe (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\asqo.exe (741 bytes)
C:\autorun.inf (363 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (272 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe (2562 bytes)

The Virus deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\asqo.exe (0 bytes)

Registry activity

The process %original file name%.exe:1600 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKCU\Software\Aas]
"a4_440" = "3154413240"
"a3_694" = "697136351"
"a2_348" = "2494850267"
"a2_349" = "2502031415"
"a2_346" = "2480518474"
"a2_347" = "2487687375"
"a2_344" = "2466184277"
"a2_345" = "2473352995"
"a2_342" = "2451836772"
"a2_343" = "2459000914"
"a2_340" = "2437500535"
"a2_341" = "2444666882"
"a2_180" = "1290439947"
"a2_181" = "1297608191"
"a2_182" = "1304774607"
"a2_183" = "1311957174"
"a2_184" = "1319124067"
"a2_185" = "1326289315"
"a2_186" = "1333458701"
"a2_187" = "1340623160"
"a2_188" = "1347791928"
"a2_189" = "1354958675"
"a4_444" = "3183089724"
"a3_789" = "1344615644"
"a3_788" = "1371246781"

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKCU\Software\Aas]
"a2_749" = "1074704797"
"a2_742" = "1024517796"
"a2_743" = "1031687400"
"a2_740" = "1010185906"
"a2_741" = "1017353567"
"a2_746" = "1053204637"
"a2_747" = "1060368940"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a2_745" = "1046021070"
"a1_503" = "727737050"
"a1_502" = "1994372728"
"a1_501" = "3827740846"
"a1_500" = "927678024"
"a1_507" = "909490529"
"a1_506" = "381386979"
"a1_505" = "590318716"
"a1_504" = "6214470"
"a1_509" = "3070597802"
"a1_508" = "1914816043"
"a3_659" = "412749722"
"a3_658" = "405760891"
"a4_844" = "1755770828"
"a1_946" = "3350951215"
"a3_78" = "542637991"
"a3_79" = "549622726"
"a3_72" = "533156193"
"a3_73" = "506656128"
"a3_70" = "485103791"
"a3_71" = "525712590"
"a3_76" = "561686245"
"a3_77" = "568613636"
"a3_74" = "513568291"
"a3_75" = "554631746"
"a3_259" = "1873798154"
"a3_258" = "1866220523"
"a1_435" = "1123277592"
"a1_434" = "1552535045"
"a1_433" = "3165478819"
"a1_432" = "2388890380"
"a1_431" = "2203672354"
"a1_430" = "2864938223"
"a3_251" = "1782710578"
"a3_250" = "1809280147"
"a3_253" = "1830771188"
"a3_252" = "1789764949"
"a3_255" = "1844811446"
"a3_254" = "1837822487"
"a3_257" = "1825746760"
"a3_256" = "1818692393"
"a3_784" = "1308623673"
"a3_783" = "1335193222"
"a3_782" = "1328269927"
"a3_781" = "1287147972"
"a1_636" = "2541097328"
"a3_321" = "2284435336"
"a3_320" = "2310935401"
"a3_323" = "2332478538"
"a3_322" = "2291869739"
"a3_325" = "2346910988"
"a3_324" = "2339397869"
"a3_327" = "2327338446"
"a3_326" = "2320415151"
"a3_329" = "2375379584"
"a3_328" = "2368468577"
"a1_729" = "2643001988"
"a1_728" = "1156993292"
"a3_439" = "3130280062"
"a3_438" = "3123369951"
"a3_435" = "3101883130"
"a3_434" = "3094824539"
"a3_437" = "3149870012"
"a3_436" = "3142426397"
"a3_431" = "3106444646"
"a3_430" = "3065901255"
"a3_433" = "3087376952"
"a3_432" = "3113879961"
"a4_818" = "1569373682"
"a4_819" = "1576542803"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Aas]
"a4_810" = "1512020714"
"a4_811" = "1519189835"
"a4_812" = "1526358956"
"a4_813" = "1533528077"
"a4_814" = "1540697198"
"a4_815" = "1547866319"
"a4_816" = "1555035440"
"a4_817" = "1562204561"
"a1_670" = "208629530"
"a2_748" = "1067538119"
"a1_593" = "945843941"
"a3_94" = "690598327"
"a3_95" = "698045910"
"a3_96" = "671534665"
"a3_97" = "678453992"
"a3_90" = "662052915"
"a3_91" = "669107282"
"a3_92" = "643004661"
"a3_93" = "649993492"
"a3_98" = "685967115"
"a3_99" = "726580138"
"a4_605" = "42350909"
"a4_604" = "35181788"
"a4_607" = "56689151"
"a4_606" = "49520030"
"a4_601" = "13674425"
"a4_600" = "6505304"
"a4_603" = "28012667"
"a4_602" = "20843546"
"a4_609" = "71027393"
"a4_608" = "63858272"
"a3_869" = "1918293868"
"a2_744" = "1038852471"
"a1_855" = "2864689362"
"a3_655" = "383827462"
"a1_857" = "327610631"
"a1_856" = "1363709697"
"a1_851" = "2023264042"
"a1_850" = "2120090944"
"a1_853" = "490986584"
"a3_654" = "376767975"
"a1_859" = "586845237"
"a3_657" = "431879896"
"a4_779" = "1289777963"
"a4_778" = "1282608842"
"a3_929" = "2381983272"
"a3_656" = "424825529"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"

[HKCU\Software\Aas]
"a4_771" = "1232424995"
"a3_651" = "388835458"
"a4_773" = "1246763237"
"a4_772" = "1239594116"
"a4_775" = "1261101479"
"a4_774" = "1253932358"
"a4_777" = "1275439721"
"a3_650" = "348370019"
"a3_653" = "369779012"
"a3_652" = "395889957"
"a4_151" = "1082537271"
"a4_150" = "1075368150"
"a4_153" = "1096875513"
"a4_152" = "1089706392"
"a4_155" = "1111213755"
"a4_154" = "1104044634"
"a4_157" = "1125551997"
"a4_156" = "1118382876"
"a4_159" = "1139890239"
"a4_158" = "1132721118"
"a1_185" = "1626143812"
"a1_184" = "1220930785"
"a1_183" = "3084883821"
"a1_182" = "3174569286"
"a1_181" = "960382685"
"a1_180" = "250956676"
"a4_559" = "4007538639"
"a4_558" = "4000369518"
"a4_555" = "3978862155"
"a4_554" = "3971693034"
"a4_557" = "3993200397"
"a4_556" = "3986031276"
"a4_551" = "3950185671"
"a4_550" = "3943016550"
"a4_553" = "3964523913"
"a4_552" = "3957354792"
"a1_753" = "2819635583"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.114116.info"

[HKCU\Software\Aas]
"a4_824" = "1612388408"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a4_392" = "2810295432"
"a4_391" = "2803126311"
"a4_390" = "2795957190"
"a4_397" = "2846141037"
"a4_396" = "2838971916"
"a4_395" = "2831802795"
"a4_394" = "2824633674"
"a4_399" = "2860479279"
"a4_398" = "2853310158"
"a4_865" = "1906322369"
"a4_864" = "1899153248"
"a4_867" = "1920660611"
"a1_932" = "266674835"
"a4_866" = "1913491490"
"a1_933" = "3251683140"
"a4_861" = "1877645885"
"a3_758" = "1122262303"
"a4_860" = "1870476764"
"a1_931" = "2963761045"
"a4_863" = "1891984127"
"a1_936" = "942215186"
"a4_862" = "1884815006"
"a1_937" = "2872304988"
"a2_405" = "2903495754"
"a2_404" = "2896316750"
"a2_407" = "2917829430"
"a2_406" = "2910661937"
"a2_401" = "2874819082"
"a2_400" = "2867646277"
"a2_403" = "2889162644"
"a2_402" = "2881993953"
"a1_935" = "1526992159"
"a2_409" = "2932164502"
"a2_408" = "2924998119"
"a4_896" = "2128565120"
"a1_222" = "2415389317"
"a1_223" = "2091793967"
"a1_220" = "1917917926"
"a1_221" = "1426637803"
"a1_226" = "3591585237"
"a1_227" = "1499813488"
"a1_224" = "1703212329"
"a1_225" = "3193604127"
"a1_228" = "2434653644"
"a1_229" = "214769052"
"a2_579" = "4150926868"
"a2_578" = "4143757358"
"a2_571" = "4093572836"
"a2_570" = "4086389724"
"a2_573" = "4107907917"
"a2_572" = "4100740411"
"a2_575" = "4122242946"
"a2_574" = "4115084106"
"a2_577" = "4136604448"
"a2_576" = "4129408305"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden]
"CheckedValue" = "1"

[HKCU\Software\Aas]
"a2_351" = "2516353836"
"a2_350" = "2509185714"
"a2_353" = "2530702182"
"a2_352" = "2523537010"
"a2_355" = "2545035756"
"a2_354" = "2537872217"
"a2_357" = "2559371170"
"a2_356" = "2552202746"
"a2_359" = "2573720013"
"a2_358" = "2566539121"
"a3_906" = "2183550307"
"a3_622" = "147491207"
"a2_193" = "1383641750"
"a2_192" = "1376476525"
"a2_191" = "1369308541"
"a2_190" = "1362127312"
"a2_197" = "1412310615"
"a2_196" = "1405157262"
"a2_195" = "1397975743"
"a2_194" = "1390808294"
"a3_624" = "195544665"
"a2_199" = "1426659729"
"a2_198" = "1419493304"
"a3_625" = "168917752"
"a2_759" = "1146389726"
"a3_626" = "175906587"
"a2_755" = "1117722776"
"a2_754" = "1110555425"
"a2_757" = "1132054588"
"a3_627" = "183481274"
"a2_751" = "1089037682"
"a2_750" = "1081871381"
"a2_753" = "1103387604"
"a2_752" = "1096204366"
"a1_536" = "2949700735"
"a1_537" = "4269058498"
"a1_534" = "3796456835"
"a1_535" = "3981624970"
"a1_89" = "1235210725"
"a1_88" = "3050615692"
"a1_530" = "443321704"
"a1_531" = "396831363"
"a1_85" = "2091128551"
"a1_84" = "478057858"
"a1_87" = "2008458650"
"a1_86" = "1695948484"
"a1_81" = "1475750147"
"a1_80" = "3532671241"
"a1_83" = "1766172714"

"a3_914" = "2274560123"
"a2_898" = "2142899041"
"a1_896" = "2475321930"
"a1_890" = "2107228703"
"a2_899" = "2150079686"
"a1_67" = "1773150517"
"a1_66" = "606837374"
"a1_65" = "1995834868"
"a3_133" = "970345548"
"a1_63" = "1597814116"
"a3_135" = "950830350"
"a3_136" = "991836577"
"a1_60" = "4209733386"
"a3_138" = "1006335587"
"a3_139" = "979823234"
"a3_684" = "625694981"
"a1_438" = "927984005"
"a3_682" = "577634371"
"a3_683" = "584688866"
"a1_69" = "1392219512"
"a1_68" = "3528623261"
"a3_228" = "1617824845"
"a3_229" = "1624875244"
"a3_224" = "1588903625"
"a3_225" = "1629901672"
"a3_226" = "1636956043"
"a3_227" = "1610836010"
"a3_220" = "1593911669"
"a3_221" = "1600966036"
"a3_222" = "1608410679"
"a3_223" = "1581849174"
"a1_408" = "2775224782"
"a1_409" = "3719875232"
"a1_402" = "2464672012"
"a1_403" = "3730656769"
"a1_400" = "76572366"
"a1_401" = "3558443845"
"a1_406" = "2584983916"
"a1_407" = "4145999706"
"a1_404" = "983008989"
"a1_405" = "2605013292"
"a2_823" = "1605217104"
"a2_822" = "1598051741"
"a2_821" = "1590882538"
"a3_354" = "2521277451"
"a3_355" = "2528204970"
"a3_356" = "2568813773"
"a3_357" = "2576322924"
"a3_350" = "2492225207"
"a3_351" = "2499791574"
"a3_352" = "2540269385"
"a3_353" = "2547254248"
"a2_827" = "1633898545"
"a1_628" = "351296675"
"a3_358" = "2583246223"
"a3_359" = "2556735022"
"a1_854" = "197939407"
"a2_826" = "1626732349"
"a2_825" = "1619552951"
"a1_718" = "357101600"
"a1_719" = "1914038353"
"a1_716" = "754721043"
"a1_717" = "2636118004"
"a1_714" = "2801033636"
"a1_715" = "668560689"
"a1_712" = "2847013236"
"a1_713" = "2116908072"
"a1_710" = "1705018586"
"a1_711" = "473505086"
"a4_809" = "1504851593"
"a4_808" = "1497682472"
"a4_803" = "1461836867"
"a1_629" = "1982092009"
"a4_801" = "1447498625"
"a4_800" = "1440329504"
"a4_807" = "1490513351"
"a4_806" = "1483344230"
"a4_805" = "1476175109"
"a4_804" = "1469005988"
"a4_37" = "265257477"
"a4_36" = "258088356"
"a4_35" = "250919235"
"a4_34" = "243750114"
"a4_33" = "236580993"
"a4_32" = "229411872"
"a4_31" = "222242751"
"a4_30" = "215073630"
"a4_144" = "1032353424"
"a4_39" = "279595719"
"a4_38" = "272426598"
"a3_915" = "2281614490"
"a4_843" = "1748601707"
"a3_142" = "1034864615"
"a4_946" = "2487021170"
"a4_947" = "2494190291"
"a4_944" = "2472682928"
"a4_945" = "2479852049"
"a4_942" = "2458344686"
"a4_943" = "2465513807"
"a4_940" = "2444006444"
"a4_941" = "2451175565"
"a4_948" = "2501359412"

[HKCU\Software\Aas\695404737]
"28676484" = "35"

[HKCU\Software\Aas]
"a4_498" = "3570222258"
"a4_499" = "3577391379"
"a4_494" = "3541545774"
"a4_495" = "3548714895"
"a4_496" = "3555884016"
"a4_497" = "3563053137"
"a4_490" = "3512869290"
"a4_491" = "3520038411"
"a4_492" = "3527207532"
"a4_493" = "3534376653"
"a3_448" = "3194799081"
"a3_449" = "3202245640"
"a2_941" = "2451170550"
"a4_708" = "780770372"
"a4_709" = "787939493"
"a3_918" = "2303105535"
"a3_919" = "2310025758"
"a4_704" = "752093888"
"a4_705" = "759263009"
"a4_706" = "766432130"
"a4_707" = "773601251"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_701" = "730586525"
"a4_702" = "737755646"
"a4_703" = "744924767"
"a1_888" = "3774210993"
"a1_889" = "3096873422"
"a1_886" = "2085788449"
"a1_887" = "2569023913"
"a1_884" = "542304218"
"a1_885" = "2447540895"
"a1_882" = "1905984107"
"a1_883" = "4079360080"
"a1_880" = "3236323015"
"a1_881" = "3535551087"
"a4_124" = "888971004"
"a4_125" = "896140125"
"a4_126" = "903309246"
"a4_127" = "910478367"
"a4_120" = "860294520"
"a4_121" = "867463641"
"a4_122" = "874632762"
"a4_123" = "881801883"
"a4_128" = "917647488"
"a4_129" = "924816609"
"a2_593" = "4251295162"
"a3_444" = "3166269973"
"a3_445" = "3206813364"
"a1_831" = "1574677633"
"a2_592" = "4244111693"
"a1_930" = "2311547207"
"a1_948" = "1731637291"
"a4_238" = "1706250798"
"a4_239" = "1713419919"
"a4_230" = "1648897830"
"a4_231" = "1656066951"
"a4_232" = "1663236072"
"a4_233" = "1670405193"
"a4_234" = "1677574314"
"a4_235" = "1684743435"
"a4_236" = "1691912556"
"a4_237" = "1699081677"
"a1_480" = "101849855"
"a1_723" = "3127264589"
"a1_722" = "2220012988"
"a1_721" = "2496793743"
"a1_720" = "589957742"
"a1_768" = "1384426073"
"a1_727" = "2304769475"
"a1_726" = "180233800"
"a2_643" = "314770841"
"a2_790" = "1368646401"
"a1_725" = "1511525643"
"a2_642" = "307602149"
"a1_724" = "3844852237"
"a2_641" = "300436748"
"a2_640" = "293267858"
"a2_647" = "343451806"
"a2_646" = "336288409"
"a1_158" = "263883154"
"a1_159" = "909664929"
"a2_645" = "329119094"
"a1_150" = "3138490628"
"a1_151" = "981805417"
"a1_152" = "336195525"
"a1_153" = "965482059"
"a1_154" = "3965506311"
"a1_155" = "1950433025"
"a1_156" = "2607816514"
"a1_157" = "2357303366"
"a1_235" = "1356833751"
"a1_234" = "2227506141"
"a1_237" = "2070912136"
"a1_236" = "743710195"
"a1_231" = "1611167466"
"a1_230" = "3902626171"
"a1_233" = "3895754999"
"a1_232" = "4258425782"
"a1_239" = "4101198294"
"a1_238" = "1472569714"
"a2_210" = "1505513373"
"a2_211" = "1512678180"
"a2_212" = "1519860513"
"a2_213" = "1527028098"
"a2_214" = "1534194521"
"a2_215" = "1541362252"
"a2_216" = "1548537439"
"a2_217" = "1555697636"
"a2_218" = "1562864701"
"a2_219" = "1570032627"
"a2_508" = "3641910866"
"a2_509" = "3649079738"
"a2_504" = "3613230769"
"a2_505" = "3620413214"
"a2_506" = "3627579548"
"a2_507" = "3634746493"
"a2_500" = "3584562831"
"a2_501" = "3591721026"
"a2_502" = "3598896390"
"a2_503" = "3606061192"
"a2_791" = "1375798629"
"a2_698" = "709076537"
"a2_699" = "716243588"
"a2_694" = "680396804"
"a2_695" = "687578686"
"a2_696" = "694745852"
"a2_697" = "701911622"
"a2_690" = "651726992"
"a2_691" = "658894452"
"a2_692" = "666062507"
"a2_693" = "673227438"
"a2_324" = "2322800525"
"a2_325" = "2329964962"
"a2_326" = "2337129833"
"a2_327" = "2344298580"
"a2_320" = "2294110697"
"a2_321" = "2301281971"
"a2_322" = "2308463157"
"a2_323" = "2315630988"
"a1_521" = "3467163240"
"a1_520" = "1504779188"
"a1_523" = "2147369593"
"a1_522" = "30142398"
"a2_328" = "2351480373"
"a2_329" = "2358648484"
"a1_527" = "4279613138"
"a1_526" = "1941887760"
"a2_799" = "1433169781"
"a2_798" = "1425993973"
"a4_962" = "2601727106"
"a1_98" = "3674068588"
"a1_99" = "1354034622"
"a1_92" = "1116041874"
"a1_93" = "3353675104"
"a1_90" = "995491108"
"a1_91" = "2425951278"
"a1_96" = "1846282716"
"a1_97" = "1864590252"
"a1_94" = "153725378"
"a1_95" = "3407845253"
"a1_74" = "1059943005"
"a1_75" = "211735826"
"a1_76" = "69686931"
"a1_77" = "1579141246"
"a1_70" = "4095345883"
"a1_71" = "1499368636"
"a1_72" = "1350664454"
"a1_73" = "243641493"
"a3_699" = "733118194"
"a3_698" = "725670483"
"a3_129" = "907869896"
"a3_128" = "934369961"
"a1_78" = "1666401074"
"a1_79" = "1363442326"
"a3_239" = "1730403494"
"a3_238" = "1689270279"
"a3_237" = "1682343908"
"a3_236" = "1708909381"
"a3_235" = "1701334818"
"a3_234" = "1660856963"
"a3_233" = "1653814880"
"a3_232" = "1646370241"
"a3_231" = "1672935854"
"a3_230" = "1665877263"
"a1_419" = "3511075482"
"a1_418" = "3730398263"
"a3_953" = "2520368944"
"a1_415" = "2118523153"
"a1_414" = "2065119923"
"a1_417" = "1061784694"
"a1_416" = "3266696653"
"a1_411" = "2553738004"
"a1_410" = "401941763"
"a1_413" = "2463762446"
"a1_412" = "2750846882"
"a3_939" = "2419869154"
"a3_347" = "2504287570"
"a3_346" = "2463809843"
"a3_345" = "2456759440"
"a3_344" = "2482866289"
"a3_343" = "2475825118"
"a3_342" = "2468836287"
"a3_341" = "2427838236"
"a3_340" = "2420783869"
"a3_349" = "2485301780"
"a3_348" = "2511804917"
"a1_701" = "2804736045"
"a1_700" = "4082069900"
"a1_703" = "4114606349"
"a1_702" = "2532109378"
"a1_705" = "3303352826"
"a1_704" = "1633691289"
"a1_707" = "1719306173"
"a1_706" = "1755298781"
"a1_709" = "1683448299"
"a1_708" = "3344024828"
"a2_360" = "2580886943"
"a4_838" = "1712756102"
"a2_361" = "2588061211"
"a4_836" = "1698417860"
"a4_837" = "1705586981"
"a4_834" = "1684079618"
"a4_835" = "1691248739"
"a4_832" = "1669741376"
"a2_362" = "2595219204"
"a4_830" = "1655403134"
"a4_831" = "1662572255"
"a4_24" = "172058904"
"a4_25" = "179228025"
"a4_26" = "186397146"
"a4_27" = "193566267"
"a4_20" = "143382420"
"a4_21" = "150551541"
"a4_22" = "157720662"
"a4_23" = "164889783"
"a4_951" = "2522866775"
"a2_364" = "2609554097"
"a4_953" = "2537205017"
"a4_952" = "2530035896"
"a4_28" = "200735388"
"a4_29" = "207904509"
"a4_957" = "2565881501"
"a2_365" = "2616721980"
"a2_366" = "2623904740"
"a2_367" = "2631072870"
"a1_743" = "3011465019"
"a2_168" = "1204405019"

"a2_169" = "1211584867"
"a4_847" = "1777278191"
"a4_489" = "3505700169"
"a4_488" = "3498531048"
"a4_487" = "3491361927"
"a4_486" = "3484192806"
"a4_485" = "3477023685"
"a4_484" = "3469854564"
"a4_483" = "3462685443"
"a4_482" = "3455516322"
"a4_481" = "3448347201"
"a4_480" = "3441178080"
"a2_160" = "1147054875"
"a2_161" = "1154235496"
"a3_901" = "2147558220"
"a3_900" = "2174193453"
"a3_903" = "2162063374"
"a3_902" = "2154612719"
"a3_905" = "2209657024"
"a3_904" = "2202606753"
"a4_719" = "859630703"
"a4_718" = "852461582"
"a4_717" = "845292461"
"a4_716" = "838123340"
"a4_715" = "830954219"
"a4_714" = "823785098"
"a4_713" = "816615977"
"a4_712" = "809446856"
"a4_711" = "802277735"
"a4_710" = "795108614"
"a1_891" = "674526146"
"a3_776" = "1251683361"
"a1_893" = "1220180885"
"a1_892" = "2754945467"
"a1_895" = "3317746081"
"a1_894" = "1997185680"
"a1_897" = "3477872027"
"a3_777" = "1292288064"
"a1_899" = "240771565"
"a1_898" = "549576990"
"a3_774" = "1270749039"
"a4_137" = "982169577"
"a4_136" = "975000456"
"a4_135" = "967831335"
"a4_134" = "960662214"
"a4_133" = "953493093"
"a4_132" = "946323972"
"a4_131" = "939154851"
"a4_130" = "931985730"
"a3_772" = "1222762157"
"a4_139" = "996507819"
"a4_138" = "989338698"
"a3_770" = "1208254955"
"a3_771" = "1215707658"
"a2_455" = "3261956079"
"a1_617" = "3370197623"
"a4_229" = "1641728709"
"a4_228" = "1634559588"
"a4_223" = "1598713983"
"a4_222" = "1591544862"
"a4_221" = "1584375741"
"a4_220" = "1577206620"
"a4_227" = "1627390467"
"a4_226" = "1620221346"
"a4_225" = "1613052225"
"a4_224" = "1605883104"
"a1_615" = "1689485148"
"a2_459" = "3290621926"
"a3_678" = "548713167"
"a1_614" = "198352635"
"a1_820" = "1401871098"
"a1_821" = "1178507592"
"a1_822" = "972702755"

"a1_149" = "2077966892"
"a1_148" = "2095056168"
"a1_143" = "2527052080"
"a1_142" = "1496652545"
"a1_141" = "2253925942"
"a1_140" = "2669385283"
"a1_147" = "3964958479"
"a1_146" = "2048116092"
"a1_145" = "1933290668"
"a1_144" = "2305704170"
"a1_826" = "4181109925"
"a1_827" = "1395290741"
"a2_203" = "1455339708"
"a2_202" = "1448161129"
"a2_201" = "1441001598"
"a2_200" = "1433806581"
"a2_207" = "1484010080"
"a2_206" = "1476843753"
"a2_205" = "1469661820"
"a2_204" = "1462495675"
"a2_209" = "1498343762"
"a2_208" = "1491177600"
"a2_519" = "3720780286"
"a2_518" = "3713612817"
"a2_517" = "3706432014"
"a2_516" = "3699265070"
"a2_515" = "3692088069"
"a2_514" = "3684930597"
"a2_513" = "3677765564"
"a2_512" = "3670595336"
"a2_511" = "3663429400"
"a2_510" = "3656246335"
"a2_689" = "644559246"
"a2_688" = "637392999"
"a2_687" = "630225836"
"a2_686" = "623044491"
"a2_685" = "615875142"
"a2_684" = "608709921"
"a2_683" = "601542887"
"a2_682" = "594364743"
"a2_681" = "587245086"
"a2_680" = "580026427"
"a2_337" = "2415985290"
"a2_336" = "2408818063"
"a2_335" = "2401663426"
"a2_334" = "2394483289"
"a2_333" = "2387324933"
"a2_332" = "2380151019"
"a2_331" = "2372983420"
"a2_330" = "2365815005"
"a1_554" = "1326207569"
"a1_555" = "3690850326"
"a1_556" = "1716235879"
"a1_557" = "408468937"
"a3_242" = "1718323611"
"a1_551" = "2375972490"
"a2_339" = "2430335306"
"a2_338" = "2423166038"
"a4_673" = "529851137"
"a1_918" = "219054474"
"a1_919" = "49088650"
"a3_243" = "1725243962"
"a1_852" = "972593129"
"a1_914" = "2351119900"
"a1_398" = "1615212476"
"a1_399" = "1570640737"
"a4_679" = "572865863"
"a1_392" = "953075911"
"a1_393" = "948393142"
"a1_390" = "919241625"
"a1_391" = "3668052637"
"a1_396" = "3300241368"
"a1_397" = "268821552"
"a1_394" = "2472583930"
"a1_395" = "1068355609"
"a1_858" = "1817101637"
"a3_116" = "814879197"
"a3_117" = "821922428"
"a3_114" = "834001179"
"a3_115" = "807894458"
"a3_112" = "785940569"
"a3_113" = "826942712"
"a3_110" = "771902343"
"a3_111" = "778955814"
"a1_49" = "4122134317"
"a1_48" = "2586437230"
"a3_554" = "3988280259"
"a3_118" = "862924447"
"a3_119" = "869974846"
"a3_202" = "1465015971"
"a3_203" = "1472066242"
"a3_200" = "1416954337"
"a3_201" = "1424013824"
"a3_206" = "1493543975"
"a3_207" = "1500987462"
"a3_204" = "1445500773"
"a3_205" = "1452936068"
"a1_197" = "4118807777"
"a3_759" = "1163391422"
"a3_208" = "1508041977"
"a3_209" = "1481480472"
"a3_592" = "4261104249"
"a3_593" = "4234604184"
"a3_590" = "4246617511"
"a3_591" = "4253667782"
"a3_596" = "4289649661"
"a3_597" = "4263017500"
"a3_594" = "4241589051"
"a3_595" = "4282591066"
"a3_598" = "4270526655"
"a3_599" = "4277581022"
"a4_848" = "1784447312"
"a3_578" = "4160735531"
"a3_579" = "4134104394"
"a4_770" = "1225255874"
"a3_570" = "4069660115"
"a3_571" = "4076703346"
"a3_572" = "4117701269"
"a3_573" = "4124755764"
"a3_574" = "4098128727"
"a3_575" = "4105641974"
"a3_576" = "4146245737"
"a3_577" = "4153169032"
"a1_774" = "1546802719"
"a1_775" = "1721586169"
"a1_776" = "2992031682"
"a1_777" = "828162265"
"a1_191" = "1077025539"
"a1_771" = "1243144317"
"a1_772" = "1804607822"
"a1_773" = "2189573421"
"a1_953" = "3007808832"
"a3_927" = "2367492374"
"a1_778" = "2551219859"
"a1_779" = "1006592926"
"a3_926" = "2326953207"
"a2_17" = "121879886"
"a2_16" = "114712135"
"a2_15" = "107528834"
"a2_14" = "100361129"
"a2_13" = "93192779"
"a2_12" = "86027879"
"a2_11" = "78860082"
"a2_10" = "71692813"
"a4_829" = "1648234013"
"a4_828" = "1641064892"
"a4_776" = "1268270600"
"a1_592" = "3378312969"
"a2_19" = "136211176"
"a2_18" = "129045386"
"a4_11" = "78860331"
"a4_10" = "71691210"
"a4_13" = "93198573"
"a4_12" = "86029452"
"a4_15" = "107536815"
"a4_14" = "100367694"
"a4_17" = "121875057"
"a4_16" = "114705936"
"a4_19" = "136213299"
"a4_18" = "129044178"
"a4_926" = "2343638750"
"a4_927" = "2350807871"
"a1_878" = "2420738064"
"a4_921" = "2307793145"
"a4_922" = "2314962266"
"a1_595" = "825998543"
"a1_596" = "3911801997"
"a1_597" = "3933192219"
"a1_608" = "536451451"
"a1_609" = "976978801"
"a3_378" = "2693094675"
"a3_379" = "2700145074"
"a4_846" = "1770109070"
"a3_372" = "2683746013"
"a3_373" = "2657102716"
"a3_370" = "2669182491"
"a3_371" = "2676691642"
"a3_376" = "2712142929"
"a3_377" = "2686171376"
"a3_374" = "2664681375"
"a3_375" = "2705154110"
"a1_759" = "273203162"
"a3_488" = "3515101889"
"a3_489" = "3522680672"
"a4_841" = "1734263465"
"a4_840" = "1727094344"
"a1_950" = "2562198191"
"a3_484" = "3486690637"
"a1_952" = "693675203"
"a2_925" = "2336467722"
"a1_954" = "2465995365"
"a1_955" = "2612106202"
"a1_956" = "841037301"
"a3_485" = "3460055532"
"a1_958" = "2388133708"
"a2_922" = "2314965541"
"a1_750" = "2442101404"
"a1_751" = "436523333"
"a1_756" = "583211049"
"a1_757" = "270436590"
"a4_722" = "881138066"
"a4_723" = "888307187"
"a4_720" = "866799824"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"blank" = "http://www.114116.info"

[HKCU\Software\Aas]
"a4_726" = "909814550"
"a4_727" = "916983671"
"a4_724" = "895476308"
"a4_725" = "902645429"
"a4_728" = "924152792"
"a4_729" = "931321913"
"a3_127" = "927442486"
"a1_189" = "4138476887"
"a4_903" = "2178748967"
"a1_188" = "1108607238"
"a4_900" = "2157241604"
"a1_187" = "2178815232"
"a4_901" = "2164410725"
"a1_186" = "3058162470"
"a2_929" = "2365155096"
"a4_905" = "2193087209"
"a4_586" = "4201104906"
"a4_587" = "4208274027"
"a4_584" = "4186766664"
"a4_585" = "4193935785"
"a4_582" = "4172428422"
"a4_583" = "4179597543"
"a4_580" = "4158090180"
"a4_581" = "4165259301"
"a3_800" = "1423623433"
"a3_801" = "1464105384"
"a3_802" = "1471618507"
"a3_803" = "1445115498"
"a3_804" = "1452026509"
"a3_805" = "1459605292"
"a4_588" = "4215443148"
"a4_589" = "4222612269"
"a3_645" = "312377932"
"a4_909" = "2221763693"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"

[HKCU\Software\Aas]
"a4_218" = "1562868378"
"a4_219" = "1570037499"
"a4_216" = "1548530136"
"a4_217" = "1555699257"
"a4_214" = "1534191894"
"a4_215" = "1541361015"
"a4_212" = "1519853652"
"a4_213" = "1527022773"
"a4_210" = "1505515410"
"a4_211" = "1512684531"
"a4_458" = "3283457418"
"a4_459" = "3290626539"
"a4_108" = "774265068"
"a4_109" = "781434189"
"a1_843" = "1800048820"
"a4_102" = "731250342"
"a4_103" = "738419463"
"a4_100" = "716912100"
"a4_101" = "724081221"
"a4_106" = "759926826"
"a4_107" = "767095947"
"a4_104" = "745588584"
"a4_105" = "752757705"
"a1_605" = "2939998863"
"a1_558" = "3582096557"
"a1_559" = "843971041"
"a1_606" = "853468867"
"a3_925" = "2319505492"
"a1_178" = "3626281788"
"a1_179" = "339696782"
"a1_176" = "84945817"
"a1_177" = "1647177288"
"a1_174" = "520615061"
"a1_175" = "3753352948"
"a1_172" = "310577431"
"a1_173" = "99368430"
"a1_170" = "3414651864"
"a1_171" = "1564928152"
"a1_550" = "423571412"
"a2_236" = "1691915730"
"a2_237" = "1699083370"
"a2_234" = "1677551209"
"a2_235" = "1684749634"
"a2_232" = "1663230257"
"a2_233" = "1670398489"
"a2_230" = "1648900721"
"a2_231" = "1656075216"
"a1_553" = "292140506"
"a2_238" = "1706248972"
"a2_239" = "1713417092"
"a2_522" = "3742273205"
"a2_523" = "3749448827"
"a2_520" = "3727948214"
"a2_521" = "3735117702"
"a2_526" = "3770950908"
"a2_527" = "3778131668"
"a2_524" = "3756614630"
"a2_525" = "3763782765"
"a2_838" = "1712764503"
"a2_839" = "1719919692"
"a2_528" = "3785304893"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a3_688" = "620670617"
"a1_626" = "3206476526"
"a1_627" = "2291264547"
"a1_624" = "3659527882"
"a1_549" = "3033956280"
"a1_548" = "2756056060"
"a1_547" = "3566932764"
"a1_546" = "3558789468"
"a1_545" = "3260874718"
"a1_544" = "74651494"
"a1_543" = "2820961765"
"a1_542" = "587910382"
"a1_541" = "2171528897"
"a1_540" = "2323041958"
"a2_658" = "422319701"
"a2_659" = "429474952"
"a2_308" = "2208095725"
"a2_309" = "2215262086"
"a2_302" = "2165077956"
"a2_303" = "2172244035"
"a2_300" = "2150728187"
"a2_301" = "2157910016"
"a2_306" = "2193745651"
"a2_307" = "2200925917"
"a2_304" = "2179409549"
"a2_305" = "2186579296"
"a2_786" = "1339959013"
"a2_787" = "1347126004"
"a2_784" = "1325627113"
"a2_785" = "1332801116"
"a2_782" = "1311291163"
"a2_783" = "1318459800"
"a2_780" = "1296944324"
"a2_781" = "1304101578"
"a2_788" = "1354293939"
"a2_789" = "1361463322"
"a1_389" = "3633139772"
"a1_388" = "3488773467"
"a1_385" = "3175657391"
"a1_384" = "3676161759"
"a1_387" = "1929671928"
"a1_386" = "409312559"
"a1_381" = "1402804747"
"a1_380" = "3792795301"
"a1_383" = "3464187560"
"a1_382" = "832734433"
"a1_58" = "458599879"
"a1_59" = "3105640455"
"a1_56" = "1968151672"
"a1_57" = "320120810"
"a1_54" = "1035933736"
"a1_55" = "3125340814"
"a1_52" = "633154400"
"a1_53" = "2455715243"
"a1_50" = "4069924266"
"a1_51" = "762926348"
"a3_215" = "1524377438"
"a3_214" = "1517454143"
"a3_217" = "1572437008"
"a3_216" = "1565514737"
"a3_211" = "1529532890"
"a3_210" = "1488928187"
"a3_213" = "1510469276"
"a3_212" = "1536445053"
"a1_616" = "4245383429"
"a3_748" = "1050812741"
"a3_219" = "1553446098"
"a3_218" = "1545867443"
"a3_585" = "4177070976"
"a3_584" = "4170159969"
"a3_587" = "4225122370"
"a3_586" = "4217678883"
"a3_581" = "4182227468"
"a3_580" = "4141089261"
"a3_583" = "4162646734"
"a3_582" = "4189150895"
"a3_589" = "4205615364"
"a3_588" = "4198622437"
"a3_893" = "2090093684"
"a3_569" = "4062671280"
"a3_568" = "4088782097"
"a3_563" = "4052790138"
"a3_562" = "4045747931"
"a3_561" = "4005270200"
"a3_560" = "3997761049"
"a3_567" = "4081727742"
"a3_566" = "4040721503"
"a3_565" = "4033732668"
"a3_564" = "4026683293"
"a3_109" = "798021476"
"a3_108" = "790966981"
"a1_765" = "3752776836"
"a1_764" = "3972318243"
"a1_763" = "1690700143"
"a1_762" = "659234019"
"a1_761" = "1208965429"
"a3_724" = "878479485"
"a3_101" = "707522668"
"a3_100" = "733503437"
"a3_103" = "754977070"
"a3_102" = "714511503"
"a3_105" = "769475040"
"a3_104" = "762555713"
"a3_107" = "750493346"
"a3_106" = "742980099"
"a4_854" = "1827462038"
"a4_855" = "1834631159"
"a4_856" = "1841800280"
"a3_726" = "926531903"
"a4_850" = "1798785554"
"a4_851" = "1805954675"
"a4_852" = "1813123796"
"a4_853" = "1820292917"
"a3_721" = "890560280"
"a2_914" = "2257615909"
"a4_858" = "1856138522"
"a1_586" = "1876908855"
"a1_789" = "2073081633"
"a3_720" = "849951481"
"a4_393" = "2817464553"
"a3_898" = "2126083691"
"a3_723" = "904992730"
"a4_939" = "2436837323"
"a4_938" = "2429668202"
"a4_937" = "2422499081"
"a4_936" = "2415329960"
"a4_935" = "2408160839"
"a3_722" = "898003899"
"a4_933" = "2393822597"
"a4_932" = "2386653476"
"a4_931" = "2379484355"
"a4_930" = "2372315234"
"a3_955" = "2568364018"
"a1_788" = "4053312249"
"a1_619" = "3176626113"
"a1_618" = "2424638789"
"a3_369" = "2628699640"
"a3_368" = "2621645145"
"a3_365" = "2600170596"
"a3_364" = "2592723909"
"a3_367" = "2647756070"
"a3_366" = "2640767111"
"a3_361" = "2604787424"
"a3_360" = "2564178497"
"a3_363" = "2585673634"
"a3_362" = "2611780355"
"a4_520" = "3727942920"
"a4_521" = "3735112041"
"a1_584" = "4258543094"
"a4_522" = "3742281162"
"a2_62" = "444485717"
"a4_523" = "3749450283"
"a2_63" = "451652806"
"a4_524" = "3756619404"
"a2_60" = "430154614"
"a4_525" = "3763788525"
"a1_943" = "172338529"
"a1_942" = "226837342"
"a1_941" = "1883168724"
"a2_61" = "437321442"
"a1_947" = "2674723689"
"a4_526" = "3770957646"
"a1_945" = "2170906204"
"a1_944" = "1828971022"
"a2_66" = "473154075"
"a1_949" = "1486166783"
"a4_527" = "3778126767"
"a2_67" = "480336052"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKCU\Software\Aas]
"a2_64" = "458817895"
"a2_65" = "465986840"
"a4_735" = "974336639"
"a4_734" = "967167518"
"a4_737" = "988674881"
"a4_736" = "981505760"
"a4_731" = "945660155"
"a4_730" = "938491034"
"a4_733" = "959998397"
"a4_732" = "952829276"
"a4_739" = "1003013123"
"a4_738" = "995844002"
"a4_599" = "4294303479"
"a4_598" = "4287134358"
"a1_782" = "518943623"
"a4_591" = "4236950511"
"a4_590" = "4229781390"
"a4_593" = "4251288753"
"a4_592" = "4244119632"
"a4_595" = "4265626995"
"a4_594" = "4258457874"
"a4_597" = "4279965237"
"a4_596" = "4272796116"
"a1_786" = "2233909614"
"a1_41" = "3738860866"
"a1_40" = "401528190"
"a1_43" = "1436987397"
"a3_819" = "1559971962"
"a1_42" = "2055865782"
"a3_813" = "1516544548"
"a1_45" = "1833033296"
"a3_811" = "1536136546"
"a3_810" = "1528623299"
"a3_817" = "1545483192"
"a3_816" = "1571594009"
"a3_815" = "1564605158"
"a1_44" = "1363188625"
"a1_47" = "4129931379"
"a1_46" = "2647555641"
"a4_201" = "1440993321"
"a4_200" = "1433824200"
"a4_203" = "1455331563"
"a4_202" = "1448162442"
"a4_205" = "1469669805"
"a4_204" = "1462500684"
"a4_207" = "1484008047"
"a4_206" = "1476838926"
"a4_209" = "1498346289"
"a4_208" = "1491177168"
"a1_539" = "4090536178"
"a4_823" = "1605219287"
"a4_449" = "3218935329"
"a4_448" = "3211766208"
"a4_119" = "853125399"
"a4_118" = "845956278"
"a4_115" = "824448915"
"a4_114" = "817279794"
"a4_117" = "838787157"
"a4_116" = "831618036"
"a4_111" = "795772431"
"a4_110" = "788603310"
"a4_113" = "810110673"
"a4_112" = "802941552"
"a4_924" = "2329300508"
"a4_565" = "4050553365"
"a3_750" = "1098874375"
"a3_751" = "1105859238"
"a3_752" = "1079359193"
"a3_753" = "1086794616"
"a4_566" = "4057722486"
"a3_921" = "2290961104"
"a3_754" = "1127403419"
"a4_879" = "2006690063"
"a3_725" = "885927068"
"a3_755" = "1134321722"
"a3_756" = "1108280413"
"a1_783" = "893877371"
"a3_757" = "1115339004"
"a1_959" = "2178705700"
"a2_907" = "2207431992"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden]
"CheckedValue" = "1"

[HKCU\Software\Aas]
"a1_161" = "605631164"
"a1_160" = "529458202"
"a1_163" = "1547310975"
"a1_162" = "1458782674"
"a1_165" = "3794125020"
"a1_164" = "1561121404"
"a1_167" = "1392483474"
"a1_166" = "3634744235"
"a1_169" = "3711014848"
"a1_168" = "2506714869"
"a3_727" = "933979486"
"a2_535" = "3835485352"
"a2_534" = "3828302771"
"a2_537" = "3849820766"
"a2_536" = "3842650662"
"a2_531" = "3806801427"
"a2_530" = "3799632365"
"a2_533" = "3821134098"
"a2_532" = "3813967636"
"a2_829" = "1648235646"
"a2_828" = "1641068524"
"a2_539" = "3864165176"
"a2_538" = "3856985712"
"a4_447" = "3204597087"
"a1_572" = "3904394616"
"a1_573" = "431400611"
"a1_570" = "903235968"
"a1_571" = "2431350789"
"a1_576" = "1663551897"
"a1_577" = "2083031951"
"a1_574" = "3995193914"
"a1_575" = "1855847814"

"a1_578" = "2213484115"
"a1_579" = "2589171005"
"a2_649" = "357786329"
"a2_648" = "350618283"
"a2_319" = "2286944512"
"a2_318" = "2279779418"
"a2_315" = "2258278564"
"a2_314" = "2251098475"
"a2_317" = "2272612791"
"a2_316" = "2265434039"
"a2_311" = "2229594383"
"a2_310" = "2222435693"
"a2_313" = "2243932147"
"a2_312" = "2236760383"
"a2_229" = "1641733190"
"a2_228" = "1634562964"
"a2_221" = "1584367238"
"a2_220" = "1577214065"
"a2_223" = "1598707125"
"a2_222" = "1591548313"
"a2_225" = "1613046686"
"a2_224" = "1605891189"
"a2_227" = "1627395236"
"a2_226" = "1620214529"
"a1_370" = "1905908325"
"a1_371" = "2239499982"
"a1_372" = "3701912994"
"a1_373" = "209874589"
"a1_374" = "1306734718"
"a1_375" = "3998664515"
"a1_376" = "4063266574"
"a1_377" = "154082484"
"a1_378" = "578949219"
"a1_379" = "133274752"
"a2_793" = "1390144630"
"a2_792" = "1382985535"
"a2_795" = "1404478580"
"a2_794" = "1397312138"
"a2_797" = "1418828566"
"a2_796" = "1411648339"
"a3_36" = "241268621"
"a3_37" = "248309804"
"a3_183" = "1328655230"
"a1_29" = "2649826886"
"a1_28" = "400031560"
"a1_590" = "90316083"
"a1_23" = "4782603"
"a1_22" = "1375730573"
"a1_21" = "1840034043"
"a1_20" = "3107053992"
"a1_27" = "2567492490"
"a1_26" = "306742185"
"a1_25" = "3703034055"
"a1_24" = "3787951821"
"a1_284" = "527247808"
"a1_285" = "191558306"
"a1_286" = "1215456019"
"a1_287" = "1132193800"
"a1_280" = "2167505315"
"a1_281" = "722619661"
"a1_282" = "2338855811"
"a1_283" = "738568581"
"a3_31" = "205278614"
"a1_288" = "4134379388"
"a1_289" = "4079231960"
"a3_778" = "1299211491"
"a3_779" = "1306728706"
"a2_903" = "2178746624"
"a1_591" = "1455019932"
"a3_32" = "212854281"
"a3_558" = "4017332551"
"a3_559" = "4024255974"
"a3_556" = "3969214597"
"a3_557" = "4009757988"
"a1_552" = "3415452572"
"a3_555" = "3962303586"
"a3_552" = "3940752129"
"a3_553" = "3981361056"
"a3_550" = "3926311503"
"a3_551" = "3933234926"
"a1_598" = "4116360234"
"a1_599" = "2768996927"
"a3_178" = "1292673371"
"a3_179" = "1300121082"
"a3_174" = "1264145351"
"a3_175" = "1271198822"
"a3_176" = "1245079705"
"a3_177" = "1252068664"
"a3_170" = "1235731011"
"a3_171" = "1209100002"
"a3_172" = "1216092933"
"a3_173" = "1223671716"
"a2_31" = "222234600"
"a2_30" = "215078633"
"a2_33" = "236578690"
"a2_32" = "229420567"
"a2_35" = "250913227"
"a2_34" = "243748397"
"a2_37" = "265264490"
"a2_36" = "258081691"
"a2_39" = "279600416"
"a2_38" = "272432949"
"a3_486" = "3467639311"
"a3_487" = "3508182702"
"a3_480" = "3424608201"
"a3_481" = "3431657576"
"a3_482" = "3438646411"
"a3_483" = "3479636266"
"a4_902" = "2171579846"
"a2_584" = "4186759960"
"a4_79" = "566360559"
"a4_78" = "559191438"
"a4_906" = "2200256330"
"a4_907" = "2207425451"
"a4_904" = "2185918088"
"a2_585" = "4193941620"
"a4_73" = "523345833"
"a4_72" = "516176712"
"a4_71" = "509007591"
"a4_70" = "501838470"
"a4_77" = "552022317"
"a4_76" = "544853196"
"a4_75" = "537684075"
"a4_74" = "530514954"
"a3_642" = "324456811"
"a3_390" = "2812641775"
"a3_391" = "2786540046"
"a3_392" = "2793594529"
"a3_393" = "2800513728"
"a3_394" = "2841581411"
"a3_395" = "2848623490"
"a3_396" = "2821991461"
"a3_397" = "2829566020"
"a3_398" = "2870043879"
"a3_399" = "2877036806"
"a1_529" = "1765443334"
"a1_625" = "495546527"
"a1_622" = "1194300915"
"a1_623" = "2382290101"
"a1_620" = "2969711817"
"a1_621" = "4191034757"
"a3_643" = "331380106"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"

[HKCU\Software\Aas\695404737]
"7169121" = "190"

[HKCU\Software\Aas]
"a3_958" = "2556348631"
"a3_959" = "2563272054"
"a1_528" = "291261798"
"a2_588" = "4215445999"
"a3_950" = "2498827743"
"a3_951" = "2539425406"
"a3_956" = "2575413269"
"a3_957" = "2582860980"
"a3_954" = "2527820627"
"a2_589" = "4222608849"
"a3_827" = "1616916338"
"a1_770" = "1082897823"
"a4_199" = "1426655079"
"a3_505" = "3603458416"
"a3_504" = "3596547281"
"a2_363" = "2602388852"
"a3_507" = "3651577394"
"a3_506" = "3644525971"
"a3_501" = "3608550396"
"a3_646" = "352855791"
"a3_500" = "3568002909"
"a3_503" = "3623047358"
"a3_502" = "3615603743"
"a4_821" = "1590881045"
"a4_698" = "709079162"
"a4_699" = "716248283"
"a4_820" = "1583711924"
"a4_692" = "666064436"
"a4_693" = "673233557"
"a4_690" = "651726194"
"a4_691" = "658895315"
"a4_696" = "694740920"
"a4_697" = "701910041"
"a4_694" = "680402678"
"a4_695" = "687571799"
"a4_822" = "1598050166"
"a3_828" = "1624490901"
"a3_829" = "1664967732"
"a3_826" = "1643547347"
"a4_825" = "1619557529"
"a3_824" = "1628992017"
"a3_825" = "1636505264"
"a3_822" = "1581458783"
"a3_823" = "1588517374"
"a3_820" = "1600580765"
"a3_821" = "1607565628"
"a2_900" = "2157248251"
"a1_746" = "2613191376"
"a4_827" = "1633895771"
"a2_901" = "2164414261"
"a3_644" = "305393197"
"a4_826" = "1626726650"
"a2_902" = "2171581181"
"a4_274" = "1964339154"
"a4_275" = "1971508275"
"a4_276" = "1978677396"
"a4_277" = "1985846517"
"a4_270" = "1935662670"
"a4_271" = "1942831791"
"a4_272" = "1950000912"
"a4_273" = "1957170033"
"a2_904" = "2185914551"
"a4_278" = "1993015638"
"a4_279" = "2000184759"
"a2_905" = "2193081836"
"a2_906" = "2200249000"
"a4_478" = "3426839838"
"a4_479" = "3434008959"
"a4_476" = "3412501596"
"a4_477" = "3419670717"
"a4_474" = "3398163354"
"a4_475" = "3405332475"
"a4_472" = "3383825112"
"a4_473" = "3390994233"
"a4_470" = "3369486870"
"a4_471" = "3376655991"
"a4_308" = "2208089268"
"a4_309" = "2215258389"
"a4_300" = "2150736300"
"a4_301" = "2157905421"
"a4_302" = "2165074542"
"a4_303" = "2172243663"
"a4_304" = "2179412784"
"a4_305" = "2186581905"
"a4_306" = "2193751026"
"a4_307" = "2200920147"
"a1_114" = "623173548"
"a1_115" = "504215038"
"a1_116" = "2113995425"
"a1_117" = "3280976388"
"a1_110" = "3654345685"
"a1_111" = "3507538124"
"a1_112" = "2905568173"
"a1_113" = "594827013"
"a1_824" = "850185100"
"a1_118" = "549202189"
"a1_119" = "273008737"
"a2_662" = "450989672"
"a4_576" = "4129413696"
"a4_920" = "2300624024"
"a3_732" = "969437045"
"a2_498" = "3570227909"
"a2_499" = "3577395020"
"a2_492" = "3527200678"
"a2_493" = "3534378986"
"a2_490" = "3512875513"
"a2_491" = "3520044742"
"a2_496" = "3555877023"
"a2_497" = "3563061238"
"a2_494" = "3541544726"
"a2_495" = "3548711556"
"a2_816" = "1555034037"
"a2_817" = "1562198526"
"a2_814" = "1540689333"
"a2_815" = "1547863528"
"a2_812" = "1526363995"
"a3_740" = "1026900557"
"a2_810" = "1512028903"
"a2_811" = "1519182370"
"a3_733" = "943391636"
"a4_570" = "4086398970"
"a2_818" = "1569365645"
"a2_819" = "1576549354"
"a1_565" = "496488668"
"a1_564" = "2473293423"
"a1_567" = "2332113025"
"a1_566" = "802519855"
"a1_561" = "2367123919"
"a1_560" = "3322661627"
"a1_563" = "1397459993"
"a1_562" = "86931529"
"a1_569" = "647089328"
"a1_568" = "1820755047"
"a1_525" = "3837096884"
"a2_678" = "565693853"
"a2_679" = "572859339"
"a2_676" = "551356035"
"a2_677" = "558523345"
"a2_674" = "537027663"
"a2_675" = "544190820"
"a2_672" = "522674349"
"a2_673" = "529842646"
"a2_670" = "508342014"
"a2_671" = "515507433"
"a2_258" = "1849638799"
"a2_259" = "1856804284"
"a2_254" = "1820952299"
"a2_255" = "1828119999"
"a2_256" = "1835302375"
"a2_257" = "1842467020"
"a2_250" = "1792285171"
"a2_251" = "1799454336"
"a2_252" = "1806618695"
"a2_253" = "1813785230"
"a1_363" = "2015751382"
"a1_362" = "638883676"
"a1_361" = "2389728768"
"a1_360" = "1888414777"
"a1_367" = "744658259"
"a1_366" = "3198077212"
"a1_365" = "2449137143"
"a1_364" = "1155590818"
"a1_369" = "1184698767"
"a1_368" = "1965242413"
"a3_924" = "2346001461"
"a1_38" = "358020424"
"a1_39" = "1819259387"
"a1_30" = "336500101"
"a1_31" = "3991601894"
"a1_32" = "123962751"
"a1_33" = "2983417304"
"a1_34" = "2763153113"
"a1_35" = "3745298268"
"a1_36" = "880933741"
"a1_37" = "420475992"
"a1_297" = "714825424"
"a1_296" = "990940278"
"a1_295" = "4193911704"
"a1_294" = "2817863216"
"a1_293" = "3617372216"
"a1_292" = "3266284521"
"a1_291" = "3337982749"
"a1_290" = "416474287"
"a1_299" = "643227791"
"a1_298" = "1669795414"
"a3_769" = "1234824520"
"a1_600" = "3738760802"
"a2_668" = "494007975"
"a1_601" = "1540673031"
"a3_761" = "1143737968"
"a3_760" = "1170380241"
"a3_763" = "1191790386"
"a4_286" = "2050368606"
"a3_765" = "1206362100"
"a1_602" = "283807659"
"a3_767" = "1186780342"
"a3_766" = "1179725847"
"a2_108" = "774273853"
"a2_109" = "781428722"
"a4_878" = "1999520942"
"a1_603" = "2944546092"
"a2_100" = "716910483"
"a2_101" = "724074746"
"a2_102" = "731245001"
"a2_103" = "738411357"
"a2_104" = "745591131"
"a2_105" = "752762346"
"a2_106" = "759924032"
"a2_107" = "767093847"
"a3_541" = "3861793492"
"a3_540" = "3887912629"
"a3_543" = "3909387158"
"a3_542" = "3868847991"
"a3_545" = "3923892392"
"a3_544" = "3916833801"
"a3_547" = "3904770410"
"a3_546" = "3897785547"
"a3_549" = "3952815660"
"a3_548" = "3945379213"
"a1_607" = "1911324227"
"a1_589" = "1214966244"
"a1_588" = "3012995442"
"a3_169" = "1228156448"
"a3_168" = "1187689857"
"a3_167" = "1180635502"
"a3_166" = "1206680783"
"a3_165" = "1199757484"
"a3_164" = "1192698893"
"a3_163" = "1151697898"
"a3_162" = "1144713035"
"a3_161" = "1171213096"
"a3_160" = "1163777673"
"a1_749" = "1771201020"
"a1_748" = "1137220822"
"a2_28" = "200727267"
"a2_29" = "207898229"
"a2_26" = "186396549"
"a2_27" = "193574331"
"a2_24" = "172061444"
"a2_25" = "179230901"
"a2_22" = "157728025"
"a2_23" = "164893452"
"a2_20" = "143380387"
"a2_21" = "150542552"
"a4_68" = "487500228"
"a4_69" = "494669349"
"a4_917" = "2279116661"
"a4_916" = "2271947540"
"a4_911" = "2236101935"
"a4_910" = "2228932814"
"a4_913" = "2250440177"
"a4_912" = "2243271056"
"a4_60" = "430147260"
"a4_61" = "437316381"
"a4_62" = "444485502"
"a4_63" = "451654623"
"a4_64" = "458823744"
"a4_65" = "465992865"
"a4_66" = "473161986"
"a4_67" = "480331107"
"a4_833" = "1676910497"
"a4_959" = "2580219743"
"a2_758" = "1139218393"
"a2_7" = "50177368"
"a2_6" = "43023025"
"a2_5" = "35840178"
"a2_4" = "28675922"
"a2_3" = "21509179"
"a2_2" = "14347492"
"a2_1" = "7174603"
"a2_0" = "8202"
"a1_639" = "2401830470"
"a1_638" = "1580187848"
"a3_389" = "2805656908"
"a3_388" = "2765048109"
"a2_9" = "64526418"
"a2_8" = "57357404"
"a4_5" = "35845605"
"a4_4" = "28676484"
"a4_7" = "50183847"
"a4_6" = "43014726"
"a4_1" = "7169121"
"a4_0" = "0"
"a4_3" = "21507363"
"a4_2" = "14338242"
"a4_9" = "64522089"
"a4_8" = "57352968"
"a2_756" = "1124890744"
"a3_949" = "2491838908"
"a3_948" = "2484395293"
"a3_945" = "2462900280"
"a3_944" = "2455850905"
"a3_947" = "2510895354"
"a3_946" = "2503967835"
"a3_941" = "2467992228"
"a3_940" = "2427452933"
"a3_943" = "2482482022"
"a3_942" = "2474915527"
"a3_875" = "1961196962"
"a1_532" = "589429210"
"a1_533" = "1759270983"
"a4_845" = "1762939949"
"a2_853" = "1820287073"
"a3_708" = "797636205"
"a4_923" = "2322131387"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B9 95 D6 49 A1 01 10 BC 3B 78 AC 3F 30 29 D7 8D"

[HKCU\Software\Aas]
"a4_689" = "644557073"
"a4_688" = "637387952"
"a1_951" = "3192730382"
"a4_685" = "615880589"
"a4_684" = "608711468"
"a4_687" = "630218831"
"a4_686" = "623049710"
"a4_681" = "587204105"
"a4_680" = "580034984"
"a4_683" = "601542347"
"a4_682" = "594373226"
"a3_831" = "1645985014"
"a3_830" = "1671960663"
"a3_833" = "1659958664"
"a3_832" = "1652904297"
"a3_835" = "1707934282"
"a1_538" = "1506074499"
"a3_837" = "1688886028"
"a3_836" = "1681434349"
"a3_839" = "1736479694"
"a3_838" = "1729494959"
"a1_82" = "60149156"
"a1_957" = "2083807187"
"a4_267" = "1914155307"
"a4_266" = "1906986186"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Aas]
"a4_264" = "1892647944"
"a4_263" = "1885478823"
"a4_262" = "1878309702"
"a4_261" = "1871140581"
"a4_260" = "1863971460"

[HKCU\Software\Aas\695404737]
"43014726" = "0700687474703A2F2F7777772E6365726B657A6F676C752E6E65742F696D616765732F6C6F676F2E67696600687474703A2F2F6368616361726165647769726765732E636F6D2E62722F6C6F676F2E67696600687474703A2F2F616C6261736169726F6E6C696E652E636F6D2F696D616765732F627574746F6E2E67696600687474703A2F2F6368656D696E6F782E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F7777772E656D69726D6574616C73616E6179692E636F6D2F627574746F6E2E67696600687474703A2F2F636974796D6F6E732E696E2F696D616765732F6C6F676F2E67696600687474703A2F2F636F66612E636C2F6C6F676F2E676966"

[HKCU\Software\Aas]
"a4_269" = "1928493549"
"a4_268" = "1921324428"
"a4_461" = "3304964781"
"a4_460" = "3297795660"
"a4_463" = "3319303023"
"a4_462" = "3312133902"
"a4_465" = "3333641265"
"a4_464" = "3326472144"
"a4_467" = "3347979507"
"a4_466" = "3340810386"
"a4_469" = "3362317749"
"a4_468" = "3355148628"
"a4_897" = "2135734241"
"a4_898" = "2142903362"
"a4_899" = "2150072483"
"a2_560" = "4014706217"
"a4_319" = "2286949599"
"a4_318" = "2279780478"
"a1_840" = "2385611508"
"a4_313" = "2243934873"
"a4_312" = "2236765752"
"a4_311" = "2229596631"
"a4_310" = "2222427510"
"a4_317" = "2272611357"
"a4_316" = "2265442236"
"a4_315" = "2258273115"
"a4_314" = "2251103994"

"a3_130" = "915379051"
"a1_923" = "1879763205"
"a3_131" = "922302346"
"a3_132" = "962897965"
"a2_880" = "2013862327"
"a1_107" = "1710807973"
"a1_106" = "1449259108"
"a1_105" = "668912791"
"a1_104" = "3589032269"
"a1_103" = "1480040233"
"a1_102" = "2345528567"
"a1_101" = "891399961"
"a1_100" = "1401512635"
"a3_134" = "943841519"
"a1_109" = "491835710"
"a1_62" = "2280039965"
"a1_61" = "315297348"
"a3_137" = "998890944"
"a2_883" = "2035360740"
"a3_686" = "606179783"
"a2_489" = "3505690940"
"a2_488" = "3498528459"
"a3_687" = "613616230"
"a2_485" = "3477025190"
"a2_484" = "3469859439"
"a2_487" = "3491360408"
"a2_486" = "3484191937"
"a2_481" = "3448341696"
"a2_480" = "3441174830"
"a2_483" = "3462692428"
"a2_482" = "3455508031"
"a3_685" = "632749476"
"a2_882" = "2028194885"
"a2_809" = "1504849833"
"a2_808" = "1497690373"
"a4_721" = "873968945"
"a3_680" = "596757377"
"a2_801" = "1447496284"
"a2_800" = "1440330487"
"a2_803" = "1461845166"
"a3_681" = "570649632"
"a2_805" = "1476181078"
"a2_804" = "1469012088"
"a2_807" = "1490515227"
"a2_806" = "1483347766"
"a3_145" = "1022800088"
"a3_144" = "1015749817"
"a2_885" = "2049709118"
"a3_147" = "1070844314"
"a2_661" = "443813208"
"a2_660" = "436654571"
"a2_663" = "458156986"
"a3_146" = "1063277947"
"a2_665" = "472491589"
"a2_664" = "465336344"
"a2_667" = "486842316"
"a2_666" = "479658384"
"a2_669" = "501174155"
"a3_141" = "1027810116"
"a3_140" = "986812197"
"a2_881" = "2021025762"
"a3_143" = "1008236550"
"a2_249" = "1785116562"
"a2_248" = "1777937031"
"a2_247" = "1770768204"
"a2_246" = "1763601254"
"a2_245" = "1756443784"
"a2_244" = "1749266819"
"a2_243" = "1742104601"
"a2_242" = "1734920062"
"a2_241" = "1727750870"
"a2_240" = "1720582815"
"a1_356" = "881016662"
"a1_357" = "1972876552"
"a1_354" = "1289924469"
"a1_355" = "2418828767"
"a1_352" = "4113073454"
"a1_353" = "123200143"
"a1_350" = "1605079330"
"a1_351" = "3700807078"
"a2_855" = "1834621501"
"a4_646" = "336284870"
"a3_639" = "269411382"
"a1_358" = "1311335736"
"a1_359" = "311510459"
"a3_638" = "295912343"
"a2_887" = "2064045745"
"a2_886" = "2056876209"
"a3_795" = "1387647762"
"a3_718" = "869065255"
"a3_719" = "843023942"
"a3_714" = "807050403"
"a3_715" = "813969602"
"a3_716" = "821548389"
"a3_717" = "862013828"
"a3_710" = "778506031"
"a3_711" = "785556302"
"a3_712" = "826034145"
"a3_713" = "833615872"
"a2_820" = "1583718059"
"a2_119" = "853128718"
"a2_118" = "845962646"
"a4_869" = "1934998853"
"a4_868" = "1927829732"
"a2_113" = "810118694"
"a2_112" = "802933290"
"a2_111" = "795775406"
"a2_110" = "788610829"
"a2_117" = "838793614"
"a2_116" = "831611493"
"a2_115" = "824445592"
"a2_114" = "817278353"
"a3_534" = "3844868223"
"a3_535" = "3852446878"
"a3_536" = "3825811761"
"a3_537" = "3832866128"
"a3_530" = "3816471291"
"a3_531" = "3823394586"
"a3_532" = "3797414845"
"a3_533" = "3804403676"
"a3_538" = "3840383475"
"a3_539" = "3880858130"
"a2_813" = "1533531177"
"a3_152" = "1106310065"
"a3_153" = "1080268752"
"a3_150" = "1092336383"
"a3_151" = "1099259678"
"a3_156" = "1135231285"
"a3_157" = "1108731220"
"a3_154" = "1087178867"
"a3_155" = "1127787666"
"a3_628" = "223959005"
"a3_629" = "231000188"
"a3_158" = "1115724279"
"a3_159" = "1123168790"
"a2_59" = "422984342"
"a2_58" = "415803969"
"a2_53" = "379966170"
"a2_52" = "372801489"
"a2_51" = "365619163"
"a2_50" = "358449829"
"a2_57" = "408634976"
"a2_56" = "401468004"
"a2_55" = "394300961"
"a2_54" = "387136321"
"a4_842" = "1741432586"
"a4_55" = "394301655"
"a4_54" = "387132534"
"a4_57" = "408639897"
"a4_56" = "401470776"
"a4_51" = "365625171"
"a4_50" = "358456050"
"a4_53" = "379963413"
"a4_52" = "372794292"
"a3_440" = "3171413137"
"a3_441" = "3178398000"
"a3_442" = "3185321299"
"a3_443" = "3159349746"
"a4_59" = "422978139"
"a4_58" = "415809018"
"a3_446" = "3214379735"
"a3_447" = "3187748726"
"a1_644" = "1635525445"
"a1_645" = "1529953340"
"a1_646" = "2153782430"
"a1_647" = "2481398241"
"a1_640" = "1772266975"
"a1_641" = "2339002034"
"a1_642" = "3650073653"
"a1_643" = "944395421"
"a1_648" = "1221399606"
"a1_649" = "2542164912"
"a4_877" = "1992351821"

[HKCU\Software\Aas\695404737]
"21507363" = "0"

[HKCU\Software\Aas]
"a2_953" = "2537206590"
"a3_459" = "3307312066"
"a3_458" = "3266772899"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue" = "0"

[HKCU\Software\Aas]
"a4_784" = "1325623568"
"a4_785" = "1332792689"
"a4_786" = "1339961810"
"a4_787" = "1347130931"
"a4_780" = "1296947084"
"a4_781" = "1304116205"
"a4_782" = "1311285326"
"a4_783" = "1318454447"
"a1_828" = "984506594"
"a1_829" = "1033648707"
"a4_788" = "1354300052"
"a3_451" = "3249847498"
"a4_670" = "508343774"
"a4_671" = "515512895"
"a4_672" = "522682016"
"a3_450" = "3242793131"
"a4_674" = "537020258"
"a4_675" = "544189379"
"a4_676" = "551358500"
"a4_677" = "558527621"
"a4_678" = "565696742"
"a1_604" = "2147689970"
"a1_916" = "2920364458"
"a1_917" = "4213710765"
"a1_910" = "125181695"
"a1_911" = "2382647710"
"a1_912" = "3913213673"
"a1_913" = "718288095"
"a3_844" = "1772455397"
"a3_845" = "1746353668"
"a3_846" = "1753404071"
"a3_847" = "1760327366"
"a3_840" = "1743926369"
"a3_841" = "1717414016"
"a3_842" = "1724861731"
"a3_843" = "1765466434"
"a3_848" = "1801448313"
"a3_849" = "1808437144"
"a3_702" = "721038295"
"a4_874" = "1970844458"
"a1_654" = "2998550624"
"a4_961" = "2594557985"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt" = "1"

[HKCU\Software\Aas]
"a4_414" = "2968016094"
"a4_415" = "2975185215"
"a4_416" = "2982354336"
"a4_417" = "2989523457"
"a4_410" = "2939339610"
"a4_411" = "2946508731"
"a4_412" = "2953677852"
"a4_413" = "2960846973"
"a4_418" = "2996692578"
"a4_419" = "3003861699"
"a3_806" = "1500078927"
"a3_807" = "1507067886"
"a1_138" = "2953004160"
"a1_139" = "567015958"
"a3_907" = "2190592386"
"a1_132" = "1218540743"
"a1_133" = "674754876"
"a1_130" = "3598846492"
"a1_131" = "3212455674"
"a1_136" = "502670805"
"a1_137" = "2658222244"
"a1_134" = "3056214710"
"a1_135" = "2349729918"
"a3_768" = "1227770153"
"a4_328" = "2351471688"
"a4_329" = "2358640809"
"a4_326" = "2337133446"
"a4_327" = "2344302567"
"a4_324" = "2322795204"
"a4_325" = "2329964325"
"a4_322" = "2308456962"
"a4_323" = "2315626083"
"a4_320" = "2294118720"
"a4_321" = "2301287841"
"a4_528" = "3785295888"
"a4_529" = "3792465009"
"a4_258" = "1849633218"
"a4_259" = "1856802339"
"a4_252" = "1806618492"
"a4_253" = "1813787613"
"a4_250" = "1792280250"
"a4_251" = "1799449371"
"a4_256" = "1835294976"
"a4_257" = "1842464097"
"a4_254" = "1820956734"
"a4_255" = "1828125855"
"a3_909" = "2238580292"
"a2_470" = "3369494881"
"a2_471" = "3376647514"
"a2_472" = "3383821519"
"a2_473" = "3390990831"
"a2_474" = "3398156730"
"a2_475" = "3405324380"
"a2_476" = "3412508654"
"a2_477" = "3419675942"
"a2_478" = "3426842277"
"a2_479" = "3434006155"
"a4_880" = "2013859184"
"a3_908" = "2231591461"
"a1_797" = "1122906275"
"a2_878" = "1999524749"
"a2_879" = "2006695604"
"a2_874" = "1970843351"
"a2_875" = "1978010543"
"a2_876" = "1985179435"
"a2_877" = "1992344967"
"a2_870" = "1942174059"
"a2_871" = "1949341905"
"a2_872" = "1956508658"
"a2_873" = "1963676459"
"a1_349" = "1232478721"
"a1_348" = "2429401009"
"a2_586" = "4201107738"
"a2_587" = "4208278868"
"a2_580" = "4158081351"
"a2_581" = "4165268468"
"a2_582" = "4172421035"
"a2_583" = "4179591660"
"a1_341" = "4072511881"
"a1_340" = "2936594784"
"a1_343" = "3954644392"
"a1_342" = "1621075911"
"a1_345" = "510601207"
"a1_344" = "289486151"
"a1_347" = "982585884"
"a1_346" = "2273006244"
"a2_614" = "106879565"
"a2_615" = "114045619"
"a2_616" = "121219653"
"a2_617" = "128383592"
"a2_610" = "78197981"
"a2_611" = "85363722"
"a2_612" = "92532287"
"a2_613" = "99711374"
"a2_618" = "135546934"
"a2_619" = "142713616"
"a2_272" = "1950005751"
"a2_273" = "1957172992"
"a2_270" = "1935655677"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Aas]
"a2_276" = "1978671861"
"a2_277" = "1985839440"
"a2_274" = "1964340846"
"a2_275" = "1971517060"
"a2_908" = "2214603245"
"a2_909" = "2221766058"
"a2_278" = "1993022952"
"a2_279" = "2000180040"
"a1_842" = "1882120022"
"a2_298" = "2136406113"
"a2_299" = "2143559270"
"a1_841" = "2248637425"
"a2_290" = "2079035801"
"a2_291" = "2086208719"
"a2_292" = "2093376747"
"a2_293" = "2100558117"
"a2_294" = "2107726217"
"a2_295" = "2114882448"
"a2_296" = "2122057327"
"a2_297" = "2129224065"
"a2_728" = "924149456"
"a2_729" = "931316678"
"a4_512" = "3670589952"
"a2_720" = "866797190"
"a2_721" = "873959675"
"a2_722" = "881132746"
"a2_723" = "888299230"
"a2_724" = "895482368"
"a2_725" = "902651282"
"a2_726" = "909806493"
"a2_727" = "916991066"
"a1_594" = "3348636630"
"a4_450" = "3226104450"
"a3_791" = "1392659870"
"a3_709" = "804547212"
"a4_451" = "3233273571"
"a3_707" = "790584778"
"a3_706" = "749582763"
"a3_705" = "742524168"
"a3_704" = "769089769"
"a3_703" = "761646198"
"a4_452" = "3240442692"
"a3_701" = "713602996"
"a3_700" = "706548501"
"a4_890" = "2085550394"
"a4_891" = "2092719515"
"a4_892" = "2099888636"
"a4_453" = "3247611813"
"a4_894" = "2114226878"
"a4_895" = "2121395999"
"a2_128" = "917645903"
"a2_129" = "924814022"
"a2_126" = "903315249"
"a2_127" = "910479521"
"a2_124" = "888978230"
"a2_125" = "896144607"
"a2_122" = "874630765"
"a2_123" = "881793740"
"a2_120" = "860297097"
"a2_121" = "867462238"
"a3_35" = "267899754"
"a3_526" = "3787937127"
"a3_525" = "3780489412"
"a3_524" = "3739884709"
"a3_523" = "3732895746"
"a4_456" = "3269119176"
"a3_521" = "3751945024"
"a3_520" = "3744501537"
"a2_824" = "1612397333"
"a4_457" = "3276288297"
"a3_529" = "3809412696"
"a3_528" = "3768345145"
"a1_12" = "2535911751"
"a1_13" = "616205748"
"a1_10" = "468216223"
"a1_11" = "1369806929"
"a1_16" = "220883017"
"a1_17" = "3137273918"
"a1_14" = "2456974468"
"a1_15" = "1190671893"
"a1_18" = "610171023"
"a1_19" = "3928613640"
"a3_149" = "1051199068"
"a3_148" = "1044210237"
"a2_896" = "2128572589"
"a2_48" = "344126055"
"a2_49" = "351278574"
"a1_846" = "3221565655"
"a2_40" = "286767832"
"a2_41" = "293931433"
"a2_42" = "301100230"
"a2_43" = "308267612"
"a2_44" = "315447115"
"a2_45" = "322615434"
"a2_46" = "329782314"
"a2_47" = "336951016"
"a2_897" = "2135725728"
"a4_42" = "301103082"
"a4_43" = "308272203"
"a4_40" = "286764840"
"a4_41" = "293933961"
"a4_46" = "329779566"
"a4_47" = "336948687"
"a4_44" = "315441324"
"a4_45" = "322610445"
"a3_453" = "3230791052"
"a3_452" = "3223736685"
"a4_48" = "344117808"
"a4_49" = "351286929"
"a3_457" = "3259718400"
"a3_456" = "3285821153"
"a3_455" = "3278766670"
"a3_454" = "3271781935"
"a1_657" = "2553651521"
"a1_656" = "2356883406"
"a1_655" = "691623908"
"a1_632" = "133210668"
"a1_653" = "1652533012"
"a1_652" = "2523465412"
"a1_651" = "54390551"
"a1_650" = "868390926"
"a3_796" = "1428649909"
"a1_659" = "2369504413"
"a1_658" = "2730077725"
"a3_797" = "1435691988"
"a3_18" = "112354555"
"a3_19" = "152901914"
"a3_14" = "83367783"
"a3_15" = "124488582"
"a3_16" = "131411001"
"a3_17" = "104906840"
"a3_10" = "88506851"
"a3_11" = "95435266"
"a3_12" = "69459621"
"a3_13" = "76378820"
"a3_240" = "1737322713"
"a4_886" = "2056873910"
"a3_793" = "1406704208"
"a3_809" = "1488018592"
"a3_798" = "1442679927"
"a3_799" = "1416568982"
"a3_248" = "1761236945"
"a2_172" = "1233086960"
"a4_797" = "1418822141"
"a4_796" = "1411653020"
"a4_795" = "1404483899"
"a4_794" = "1397314778"
"a4_793" = "1390145657"
"a4_792" = "1382976536"
"a4_791" = "1375807415"
"a4_790" = "1368638294"
"a1_839" = "3254970966"
"a1_838" = "2688542427"
"a4_799" = "1433160383"
"a3_619" = "159571106"
"a4_663" = "458159927"
"a4_662" = "450990806"
"a4_661" = "443821685"
"a4_660" = "436652564"
"a4_667" = "486836411"
"a4_666" = "479667290"
"a4_665" = "472498169"
"a4_664" = "465329048"
"a1_907" = "1480931574"
"a1_906" = "727547793"
"a4_669" = "501174653"
"a4_668" = "494005532"
"a1_903" = "2915975292"
"a1_902" = "2812454888"
"a1_901" = "121122107"
"a1_900" = "4162998987"
"a3_857" = "1865835152"
"a3_856" = "1824837233"
"a3_855" = "1817794014"
"a3_854" = "1844425151"
"a3_853" = "1836850460"
"a3_852" = "1829861629"
"a3_851" = "1789379674"
"a3_850" = "1781801019"
"a1_635" = "4094967798"
"a4_949" = "2508528533"
"a3_859" = "1846328146"
"a3_858" = "1872824115"
"a1_734" = "517168709"
"a2_644" = "321952498"
"a4_454" = "3254780934"
"a1_524" = "1342426329"
"a4_407" = "2917832247"
"a4_406" = "2910663126"
"a4_405" = "2903494005"
"a4_404" = "2896324884"
"a4_403" = "2889155763"
"a4_402" = "2881986642"
"a4_401" = "2874817521"
"a4_400" = "2867648400"
"a1_825" = "3085717696"
"a1_879" = "2202885335"
"a3_640" = "276404393"
"a4_409" = "2932170489"
"a4_408" = "2925001368"
"a3_641" = "283851976"
"a1_514" = "654404887"
"a3_647" = "360438542"
"a4_789" = "1361469173"
"a1_129" = "525250732"
"a1_128" = "1395680500"
"a1_125" = "1142541327"
"a1_124" = "1188565288"
"a1_127" = "1863183326"
"a1_126" = "3006993891"
"a1_121" = "2447587977"
"a1_120" = "1717714691"
"a1_123" = "1415021762"
"a1_122" = "2110559984"
"a4_331" = "2372979051"
"a4_330" = "2365809930"
"a4_333" = "2387317293"
"a4_332" = "2380148172"
"a4_335" = "2401655535"
"a4_334" = "2394486414"
"a4_337" = "2415993777"
"a4_336" = "2408824656"
"a4_339" = "2430332019"
"a4_338" = "2423162898"
"a1_833" = "3874954740"
"a4_539" = "3864156219"
"a4_538" = "3856987098"
"a4_249" = "1785111129"
"a4_248" = "1777942008"
"a1_832" = "3819217137"
"a4_245" = "1756434645"
"a4_244" = "1749265524"
"a4_247" = "1770772887"
"a4_246" = "1763603766"
"a4_241" = "1727758161"
"a4_240" = "1720589040"
"a4_243" = "1742096403"
"a4_242" = "1734927282"
"a1_830" = "1252129523"
"a1_837" = "382664715"
"a1_836" = "3155149457"
"a1_835" = "3495073503"
"a1_754" = "4269846782"
"a1_834" = "1315647838"
"a1_634" = "3415013492"
"a2_463" = "3319305191"
"a2_462" = "3312136945"
"a2_461" = "3304971063"
"a2_460" = "3297788347"
"a2_467" = "3347987730"
"a2_466" = "3340804170"
"a2_465" = "3333639243"
"a2_464" = "3326472615"
"a2_469" = "3362322482"
"a2_468" = "3355153920"
"a1_934" = "1816711312"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools" = "1"

[HKCU\Software\Aas]
"a4_802" = "1454667746"
"a4_872" = "1956506216"
"a2_869" = "1934989455"
"a2_868" = "1927824665"
"a2_867" = "1920657702"
"a2_866" = "1913487883"
"a2_865" = "1906324908"
"a4_798" = "1425991262"
"a2_863" = "1891988830"
"a1_791" = "3366782221"
"a2_861" = "1877639861"
"a2_860" = "1870473271"
"a2_597" = "4279962490"
"a2_596" = "4272793403"
"a2_595" = "4265627708"
"a2_594" = "4258463548"
"a1_338" = "2485566796"
"a1_339" = "997507770"
"a2_591" = "4236945148"
"a2_590" = "4229788835"
"a1_334" = "2095240871"
"a1_335" = "4245979179"
"a1_336" = "2630533382"
"a1_337" = "2841335788"
"a1_330" = "2444663476"
"a1_331" = "810659653"
"a1_332" = "1622054500"
"a1_333" = "3206321240"
"a2_607" = "56697277"
"a2_606" = "49514225"
"a3_30" = "231909751"
"a2_604" = "35178785"
"a1_64" = "3323655534"
"a2_602" = "20852116"
"a2_601" = "13679195"
"a2_600" = "6513259"
"a4_875" = "1978013579"
"a2_609" = "71030458"
"a2_608" = "63863494"
"a2_265" = "1899819530"
"a2_264" = "1892653841"
"a2_267" = "1914152611"
"a2_266" = "1906988144"
"a2_261" = "1871148082"
"a2_260" = "1863964494"
"a2_263" = "1885472076"
"a2_262" = "1878304869"
"a2_919" = "2293449302"
"a1_908" = "3934274899"
"a2_269" = "1928488342"
"a2_268" = "1921319142"
"a1_905" = "3298323091"
"a2_884" = "2042527778"
"a1_482" = "3671866319"
"a1_483" = "1350524765"
"a2_289" = "2071874766"
"a2_288" = "2064708464"
"a1_486" = "760003448"
"a1_487" = "914821970"
"a1_484" = "282265467"
"a1_485" = "4003398556"
"a2_283" = "2028858206"
"a2_282" = "2021689789"
"a2_281" = "2014523626"
"a2_280" = "2007362188"
"a2_287" = "2057546044"
"a2_286" = "2050372221"
"a2_285" = "2043190894"
"a2_284" = "2036025337"
"a2_739" = "1003019572"
"a2_738" = "995836109"
"a3_522" = "3725445091"
"a2_733" = "960000039"
"a2_732" = "952835619"
"a2_731" = "945667560"
"a2_730" = "938484233"
"a2_737" = "988668550"
"a2_736" = "981514145"
"a2_735" = "974333144"
"a2_734" = "967169924"
"a4_446" = "3197427966"
"a1_637" = "1066928611"
"a3_912" = "2226582457"
"a1_240" = "3063086924"
"a1_241" = "1313725807"
"a1_242" = "2598670458"
"a1_243" = "637413196"
"a1_244" = "775721002"
"a1_245" = "272444773"
"a1_246" = "2668104205"
"a1_247" = "405889274"
"a1_248" = "1935951797"
"a1_249" = "2205829093"
"a3_738" = "978859403"
"a3_739" = "986426922"
"a4_445" = "3190258845"
"a2_131" = "939149004"
"a2_130" = "931981204"
"a2_133" = "953498401"
"a2_132" = "946328852"
"a2_135" = "967833190"
"a2_134" = "960665218"
"a2_137" = "982167094"
"a2_136" = "974998149"
"a2_139" = "996515810"
"a2_138" = "989347391"
"a4_889" = "2078381273"
"a4_888" = "2071212152"
"a2_79" = "566357512"
"a2_78" = "559188621"
"a3_916" = "2254979389"
"a3_288" = "2048100105"
"a3_289" = "2055027624"
"a3_184" = "1336102801"
"a3_917" = "2262558044"
"a3_282" = "2038692083"
"a3_283" = "2045680914"
"a3_280" = "1990631473"
"a3_281" = "2031109200"
"a3_286" = "2067091063"
"a3_287" = "2074141334"
"a3_284" = "2019045813"
"a3_285" = "2026624468"
"a3_606" = "66123703"
"a3_607" = "40004566"
"a3_604" = "52150005"
"a3_605" = "59069204"
"a3_602" = "4023859"
"a3_603" = "11016786"
"a3_600" = "23079281"
"a3_601" = "30657936"
"a4_700" = "723417404"
"a3_608" = "46992457"
"a3_609" = "87597288"
"a1_796" = "3035034577"
"a1_583" = "1576310264"
"a1_794" = "98323047"
"a1_795" = "847793656"
"a1_792" = "4183957924"
"a1_793" = "806346071"
"a1_790" = "2834741290"
"a1_582" = "3048601579"
"a3_635" = "240424626"
"a3_911" = "2219532038"
"a1_581" = "2738559713"
"a1_798" = "1996421925"
"a1_799" = "3119611652"
"a1_580" = "646630313"
"a3_198" = "1436076335"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"

[HKCU\Software\Aas]
"a3_196" = "1388556397"
"a3_197" = "1429034124"
"a3_194" = "1407548331"
"a3_195" = "1380982730"
"a3_192" = "1393042153"
"a3_193" = "1400620808"
"a3_190" = "1345525207"
"a3_191" = "1352568438"
"a1_585" = "3000411634"
"a3_468" = "3338201981"
"a3_469" = "3379269532"
"a3_466" = "3324236475"
"a3_467" = "3331159770"
"a3_464" = "3343287801"
"a3_465" = "3350216216"
"a3_462" = "3295169831"
"a3_463" = "3302744390"
"a3_460" = "3314758757"
"a3_461" = "3321800836"
"a1_468" = "1127933417"
"a1_469" = "3187807241"
"a3_518" = "3696916079"
"a3_519" = "3703958158"
"a1_460" = "22575381"
"a1_461" = "856789984"
"a1_462" = "3157689439"
"a1_463" = "3185588384"
"a1_464" = "1269294241"
"a1_465" = "2515021412"
"a1_466" = "3551463887"
"a1_467" = "2917708253"
"a3_29" = "224867540"
"a3_28" = "183865525"
"a1_668" = "172771502"
"a1_669" = "2506334028"
"a3_21" = "167399900"
"a3_20" = "159956413"
"a3_23" = "148336286"
"a3_22" = "140888703"
"a3_25" = "195929936"
"a3_24" = "188875569"
"a3_27" = "176880658"
"a3_26" = "169827315"
"a2_830" = "1655399753"
"a3_499" = "3560555322"
"a2_831" = "1662569971"
"a3_498" = "3587059355"
"a2_832" = "1669737861"
"a3_497" = "3579611768"
"a2_833" = "1676903301"
"a3_496" = "3539014105"
"a2_834" = "1684083316"
"a3_495" = "3532029350"
"a2_835" = "1691250960"
"a4_955" = "2551543259"
"a3_494" = "3524581639"
"a2_836" = "1698419033"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue" = "0"

[HKCU\Software\Aas]
"a3_493" = "3551077604"
"a2_837" = "1705584288"
"a3_492" = "3544154181"
"a3_491" = "3503090722"
"a3_527" = "3761424774"
"a3_490" = "3496037251"
"a3_775" = "1244236686"
"a4_915" = "2264778419"
"a3_868" = "1944793805"
"a2_529" = "3792456983"
"a4_914" = "2257609298"
"a3_862" = "1901368503"
"a3_863" = "1908803798"
"a3_860" = "1853775861"
"a3_861" = "1860825108"
"a3_866" = "1930361355"
"a3_867" = "1937350314"
"a3_864" = "1882303817"
"a3_865" = "1889747432"
"a1_806" = "4052185395"
"a1_807" = "2987105806"
"a1_804" = "238857449"
"a1_805" = "4251420252"
"a1_802" = "3256655415"
"a1_803" = "4130148637"
"a1_800" = "1968461801"
"a1_801" = "1856847320"
"a1_808" = "1846607473"
"a1_809" = "2378810203"
"a4_656" = "407976080"
"a4_657" = "415145201"
"a4_654" = "393637838"
"a4_655" = "400806959"
"a4_652" = "379299596"
"a4_653" = "386468717"
"a4_650" = "364961354"
"a4_651" = "372130475"
"a1_938" = "2400631091"
"a1_939" = "1251112321"
"a4_658" = "422314322"
"a4_659" = "429483443"
"a3_773" = "1263760076"
"a4_849" = "1791616433"
"a4_919" = "2293454903"
"a4_918" = "2286285782"
"a2_656" = "407973699"
"a1_875" = "3001777117"
"a4_925" = "2336469629"
"a3_762" = "1151312531"
"a1_684" = "3600845046"
"a4_438" = "3140074998"
"a4_439" = "3147244119"
"a1_874" = "841492983"
"a4_432" = "3097060272"
"a4_433" = "3104229393"
"a4_430" = "3082722030"
"a4_431" = "3089891151"
"a4_436" = "3125736756"
"a4_437" = "3132905877"
"a4_434" = "3111398514"
"a4_435" = "3118567635"
"a3_928" = "2374546825"
"a4_344" = "2466177624"
"a4_345" = "2473346745"
"a4_346" = "2480515866"
"a4_347" = "2487684987"
"a4_340" = "2437501140"
"a4_341" = "2444670261"
"a4_342" = "2451839382"
"a4_343" = "2459008503"
"a3_764" = "1198848853"
"a4_348" = "2494854108"
"a4_349" = "2502023229"
"a4_508" = "3641913468"
"a4_509" = "3649082589"
"a4_506" = "3627575226"
"a4_507" = "3634744347"
"a4_504" = "3613236984"
"a4_505" = "3620406105"
"a4_502" = "3598898742"
"a4_503" = "3606067863"
"a4_500" = "3584560500"
"a4_501" = "3591729621"
"a3_383" = "2729068342"
"a3_382" = "2721620631"
"a4_882" = "2028197426"
"a3_381" = "2748124788"
"a2_456" = "3269120709"
"a2_457" = "3276287329"
"a2_454" = "3254787423"
"a3_380" = "2741212629"
"a2_452" = "3240437043"
"a2_453" = "3247605342"
"a2_450" = "3226102486"
"a2_451" = "3233271508"
"a3_387" = "2757612682"
"a3_633" = "259938800"
"a2_458" = "3283465895"
"a3_386" = "2784112747"
"a3_385" = "2776670152"
"a4_881" = "2021028305"
"a3_384" = "2769681321"
"a1_735" = "359498529"
"a2_852" = "1813122562"
"a1_730" = "2204067751"
"a2_850" = "1798787389"
"a2_851" = "1805956545"
"a2_856" = "1841803711"
"a2_857" = "1848978324"
"a2_854" = "1827456209"
"a1_731" = "306696005"
"a3_632" = "252486993"
"a2_858" = "1856129232"
"a2_859" = "1863316054"
"a1_732" = "56838147"
"a1_733" = "3417259924"
"a1_329" = "2583065588"
"a1_328" = "1137247540"
"a1_327" = "833758153"
"a1_326" = "3498926041"
"a1_325" = "2211187776"
"a1_324" = "941259161"
"a1_323" = "2853791000"
"a1_322" = "1678480331"
"a1_321" = "3737691340"
"a1_320" = "743214620"
"a2_650" = "364954982"
"a1_436" = "2885940832"
"a1_736" = "3517089947"
"a3_631" = "211878206"
"a1_737" = "711791636"
"a2_652" = "379305199"
"a3_923" = "2339079058"
"a2_926" = "2343636569"
"a2_927" = "2350804184"
"a2_924" = "2329308797"
"a2_653" = "386471085"
"a4_887" = "2064043031"
"a2_923" = "2322133351"
"a2_920" = "2300614811"
"a2_921" = "2307786202"
"a2_654" = "393638200"
"a2_928" = "2357971515"
"a2_655" = "400802271"
"a3_630" = "204893343"
"a2_657" = "415152300"
"a3_922" = "2298015603"
"a1_495" = "3082557157"
"a1_494" = "3217736051"
"a1_497" = "2587285868"
"a1_496" = "1201748645"
"a1_491" = "2169723742"
"a1_490" = "2340031731"
"a1_493" = "1805299230"
"a1_492" = "1154060346"
"a1_499" = "1595183191"
"a1_498" = "3928055688"
"a3_637" = "288468852"
"a2_708" = "780764992"
"a2_709" = "787946373"
"a2_706" = "766429237"
"a2_707" = "773595883"
"a2_704" = "752096505"
"a2_705" = "759265867"
"a2_702" = "737763315"
"a2_703" = "744927592"
"a2_700" = "723412301"
"a2_701" = "730581746"
"a4_885" = "2049704789"
"a2_638" = "278937129"
"a2_639" = "286101870"
"a3_808" = "1481095169"
"a2_632" = "235919691"
"a2_633" = "243085224"
"a2_630" = "221585196"
"a2_631" = "228749839"
"a2_636" = "264586375"
"a2_637" = "271766461"
"a2_634" = "250253133"
"a2_635" = "257420188"
"a1_253" = "869549440"
"a1_252" = "856445902"
"a1_251" = "3096922178"
"a1_250" = "2004765672"
"a1_257" = "2191621833"
"a1_256" = "2543655766"
"a1_255" = "1918181157"
"a1_254" = "2410387051"
"a3_920" = "2284050097"
"a1_259" = "893716346"
"a1_258" = "4052483324"
"a3_729" = "914469392"
"a3_728" = "907418097"
"a4_884" = "2042535668"
"a2_144" = "1032344743"
"a2_145" = "1039517446"
"a2_146" = "1046685658"
"a2_147" = "1053867542"
"a2_140" = "1003683449"
"a2_141" = "1010850852"
"a2_142" = "1018016941"
"a2_143" = "1025182808"
"a1_781" = "1610130652"
"a1_780" = "887233469"
"a2_68" = "487505070"
"a2_69" = "494671106"
"a2_148" = "1061032763"
"a2_149" = "1068201038"
"a1_787" = "727410984"
"a4_455" = "3261950055"
"a3_299" = "2126993250"
"a3_298" = "2119545539"
"a3_295" = "2131608046"
"a3_294" = "2091003215"
"a3_297" = "2146049696"
"a3_296" = "2139060737"
"a3_291" = "2103079018"
"a3_290" = "2062081995"
"a3_293" = "2083555628"
"a3_292" = "2110067853"
"a1_904" = "3850473524"
"a3_634" = "266990099"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.114116.info"

[HKCU\Software\Aas]
"a3_618" = "152516611"
"a3_611" = "68549034"
"a3_610" = "95044875"
"a3_613" = "82982508"
"a3_612" = "75537869"
"a3_615" = "131026734"
"a3_614" = "123579023"
"a3_617" = "111511520"
"a3_616" = "104522561"
"a3_181" = "1280611004"
"a3_180" = "1307180573"
"a3_34" = "260325067"
"a3_182" = "1288058591"
"a3_185" = "1309597744"
"a3_33" = "253401768"
"a3_187" = "1324038386"
"a3_186" = "1316586579"
"a3_189" = "1371566516"
"a3_188" = "1364647189"
"a3_38" = "289377359"
"a3_39" = "296296686"
"a3_471" = "3359687774"
"a3_470" = "3386187839"
"a3_473" = "3407682832"
"a3_472" = "3367139569"
"a3_475" = "3422180818"
"a3_474" = "3414733235"
"a3_477" = "3403113108"
"a4_282" = "2021692122"
"a3_479" = "3450714966"
"a3_478" = "3443656503"
"a1_479" = "3403854129"
"a1_478" = "2692946755"
"a3_509" = "3632529140"
"a3_508" = "3624950357"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden" = "0"

[HKCU\Software\Aas]
"a1_473" = "2084421730"
"a1_472" = "1011540836"
"a1_471" = "2667770681"
"a1_470" = "1669464872"
"a1_477" = "1760230772"
"a1_476" = "1435150659"
"a1_475" = "3934050978"
"a1_474" = "3421741507"
"a4_533" = "3821141493"
"a1_679" = "3972098584"
"a1_678" = "717897447"
"a4_532" = "3813972372"
"a1_675" = "1453322140"
"a1_674" = "1718052825"
"a1_677" = "1749133210"
"a1_676" = "1880354456"
"a1_671" = "1150687301"
"a4_531" = "3806803251"
"a1_673" = "4131182803"
"a1_672" = "588765045"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_530" = "3799634130"
"a4_537" = "3849817977"
"a4_536" = "3842648856"
"a3_743" = "1014841262"
"a4_535" = "3835479735"
"a4_534" = "3828310614"
"a2_151" = "1082529306"
"a2_150" = "1075365728"
"a1_869" = "1455370523"
"a2_271" = "1942838547"
"a3_879" = "1989722918"
"a3_878" = "1982672519"
"a1_823" = "2582591695"
"a3_874" = "1954273539"
"a3_877" = "2009303652"
"a3_876" = "2001736133"
"a3_871" = "1966337070"
"a3_870" = "1925204879"
"a3_873" = "1946690784"
"a3_872" = "1973321793"
"a2_159" = "1139885808"
"a4_758" = "1139226422"
"a2_158" = "1132712915"
"a1_925" = "1870967142"
"a1_924" = "1319798747"
"a1_927" = "2024236419"
"a1_926" = "260118452"
"a1_921" = "1200055623"
"a1_920" = "3423224012"
"a3_787" = "1363737626"
"a1_922" = "632944391"
"a3_80" = "590099577"
"a1_929" = "1702626763"
"a1_928" = "1733853466"
"a4_649" = "357792233"
"a4_648" = "350623112"
"a4_641" = "300439265"
"a4_640" = "293270144"
"a4_643" = "314777507"
"a4_642" = "307608386"
"a4_645" = "329115749"
"a4_644" = "321946628"
"a4_647" = "343453991"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.114116.info"

[HKCU\Software\Aas]
"a3_786" = "1323129851"
"a1_819" = "1835086098"
"a1_818" = "1136968078"
"a3_785" = "1316202328"
"a3_746" = "1069934723"
"a1_811" = "2435767029"
"a1_810" = "3637326649"
"a1_813" = "612479040"
"a1_812" = "549890553"
"a1_815" = "3553548914"
"a1_814" = "1330327157"
"a1_817" = "858255436"
"a1_816" = "2612036766"
"a4_429" = "3075552909"
"a4_428" = "3068383788"
"a4_425" = "3046876425"
"a4_424" = "3039707304"
"a4_427" = "3061214667"
"a4_426" = "3054045546"
"a4_421" = "3018199941"
"a4_420" = "3011030820"
"a4_423" = "3032538183"
"a4_422" = "3025369062"

[HKCU\Software\Microsoft\Internet Explorer\AboutURLs]
"Tabs" = "http://www.114116.info"

[HKCU\Software\Aas]
"a3_745" = "1062892640"
"a3_742" = "1007917839"
"a3_741" = "1033955052"
"a2_802" = "1454659204"
"a4_357" = "2559376197"
"a4_356" = "2552207076"
"a4_355" = "2545037955"
"a4_354" = "2537868834"
"a4_353" = "2530699713"
"a4_352" = "2523530592"
"a4_351" = "2516361471"
"a4_350" = "2509192350"
"a3_747" = "1043369250"
"a4_359" = "2573714439"
"a4_358" = "2566545318"
"a4_511" = "3663420831"
"a4_510" = "3656251710"
"a4_513" = "3677759073"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.114116.info"

[HKCU\Software\Aas]
"a4_515" = "3692097315"
"a4_514" = "3684928194"
"a4_517" = "3706435557"
"a4_516" = "3699266436"
"a4_519" = "3720773799"
"a4_518" = "3713604678"
"a3_744" = "1021891521"
"a3_749" = "1091421668"

[HKCU\Software\Aas\695404737]
"50183847" = "646E17FCAC49FD2ABF5C1B14DA324F960A9E6BF1A7AD63F1B94E8C4121BFD8823BEA41403F2BA5A2F4E5B175345A12C297E56B692C8334AD1A99557CA8445991B1BC5BE0956B989246C16572B97F0213AAA51DCE6C829A383AF5EE322EC68B46D986FB427648ECC0BE94D3E857F27B0722666D37336EB4DEC3D72901E914F021"

[HKCU\Software\Aas]
"a2_845" = "1762938228"
"a2_844" = "1755771473"
"a2_847" = "1777271426"
"a2_846" = "1770102790"
"a2_841" = "1734268943"
"a2_840" = "1727089295"
"a2_843" = "1748604902"
"a2_842" = "1741438315"
"a3_780" = "1280228773"
"a4_928" = "2357976992"
"a2_849" = "1791608709"
"a2_848" = "1784454311"
"a1_312" = "941404257"
"a1_313" = "2632402187"
"a1_310" = "2255012043"
"a1_311" = "2388983915"
"a1_316" = "3611039488"
"a1_317" = "919770420"
"a1_314" = "2473858533"
"a1_315" = "1507321205"
"a3_620" = "166490309"
"a1_318" = "4114239180"
"a1_319" = "2203708382"
"a4_929" = "2365146113"
"a2_449" = "3218943546"
"a2_448" = "3211768938"
"a3_621" = "140449124"
"a2_441" = "3161573428"
"a2_440" = "3154418611"
"a2_443" = "3175918980"
"a2_442" = "3168753868"
"a2_445" = "3190253946"
"a2_444" = "3183083812"
"a2_447" = "3204599956"
"a2_446" = "3197433415"
"a2_939" = "2436838496"
"a2_938" = "2429670065"
"a4_893" = "2107057757"
"a2_931" = "2379486090"
"a2_930" = "2372317367"
"a2_933" = "2393820794"
"a2_932" = "2386651782"
"a2_935" = "2408153699"
"a2_934" = "2400988897"
"a2_937" = "2422501700"
"a2_936" = "2415337343"
"a3_818" = "1552537563"
"a2_711" = "802280208"
"a2_710" = "795113912"
"a2_713" = "816613086"
"a2_712" = "809448787"
"a2_715" = "830959644"
"a2_714" = "823782653"
"a2_717" = "845298126"
"a2_716" = "838118421"
"a2_719" = "859632844"
"a2_718" = "852465368"
"a1_587" = "42051625"
"a3_623" = "187965990"
"a2_629" = "214415327"
"a2_628" = "207234847"
"a2_625" = "185732358"
"a2_624" = "178566215"
"a2_627" = "200066268"
"a2_626" = "192897701"
"a2_621" = "157052602"
"a2_620" = "149884157"
"a2_623" = "171404741"
"a2_622" = "164232017"
"a1_266" = "2414050788"
"a1_267" = "3214440607"
"a1_264" = "882620258"
"a1_265" = "1234582331"
"a1_262" = "36359451"
"a1_263" = "2954273273"
"a1_260" = "111590902"
"a1_261" = "3331471019"
"a1_268" = "1618582741"
"a1_269" = "3233423962"
"a2_157" = "1125552214"
"a2_156" = "1118384700"
"a2_155" = "1111219820"
"a2_154" = "1104049445"
"a2_153" = "1096869422"
"a2_152" = "1089701781"
"a2_99" = "709740052"
"a2_98" = "702565689"
"a2_97" = "695413686"
"a2_96" = "688242107"
"a2_95" = "681058900"
"a2_94" = "673893404"
"a2_93" = "666725576"
"a2_92" = "659558043"
"a2_91" = "652392358"
"a2_90" = "645225869"
"a3_260" = "1847236781"
"a3_261" = "1854160076"
"a3_262" = "1861734767"
"a3_263" = "1902212494"
"a3_264" = "1909255713"
"a3_265" = "1883210304"
"a3_266" = "1890133731"
"a3_267" = "1930746626"
"a3_268" = "1938194341"
"a3_269" = "1945179076"
"a1_915" = "3930767334"
"a1_847" = "3264291410"
"a3_404" = "2913010493"
"a2_864" = "1899159097"
"a1_844" = "4112403093"
"a3_405" = "2886510428"
"a1_845" = "946960500"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a2_862" = "1884808994"
"a1_961" = "142722967"
"a3_668" = "477267765"
"a3_669" = "484195156"
"a1_960" = "615605243"
"a3_664" = "448737713"
"a3_665" = "489346512"
"a3_666" = "496258675"
"a3_667" = "470278802"
"a3_660" = "453353533"
"a3_661" = "460801116"
"a3_662" = "467859711"
"a3_663" = "441294110"
"a3_43" = "324843106"
"a3_42" = "284237251"
"a3_41" = "277248416"
"a3_40" = "269796609"
"a3_47" = "353765350"
"a3_46" = "313221959"
"a3_45" = "305778468"
"a3_44" = "332278405"
"a3_49" = "368270520"
"a3_48" = "360822809"
"a4_99" = "709742979"
"a4_98" = "702573858"
"a3_406" = "2893962239"
"a3_407" = "2901015582"
"a3_400" = "2884615609"
"a3_401" = "2857980376"
"a3_402" = "2865023611"
"a3_403" = "2906025626"
"a4_91" = "652390011"
"a4_90" = "645220890"
"a4_93" = "666728253"
"a4_92" = "659559132"
"a4_95" = "681066495"
"a4_94" = "673897374"
"a4_97" = "695404737"
"a4_96" = "688235616"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"

[HKCU\Software\Aas]
"a1_448" = "2201742751"
"a1_449" = "877576170"
"a1_446" = "2185955660"
"a3_408" = "2941554865"
"a1_444" = "2643687538"
"a1_445" = "2226009539"
"a1_442" = "279065900"
"a1_443" = "3316566914"
"a1_440" = "2659175399"
"a3_409" = "2949002448"
"a1_680" = "3257589610"
"a1_681" = "4148542039"
"a1_682" = "3922291419"
"a1_683" = "3894692375"
"a2_561" = "4021868724"
"a1_685" = "3226903729"
"a1_686" = "2116118196"
"a1_687" = "1507693702"
"a1_688" = "2231843330"
"a1_689" = "36430954"

"a3_834" = "1700949547"
"a1_767" = "1415435977"
"a1_766" = "159334887"
"a3_318" = "2262948439"
"a3_319" = "2303950582"
"a2_599" = "4294295719"
"a3_310" = "2239031135"
"a3_311" = "2246548478"
"a3_312" = "2219916305"
"a3_313" = "2226966704"
"a3_314" = "2267968723"
"a3_315" = "2275010930"
"a3_316" = "2248445333"
"a3_317" = "2255889972"
"a3_933" = "2410528684"
"a3_934" = "2384417743"
"a1_760" = "3937485735"
"a2_605" = "42344490"
"a3_935" = "2391471214"
"a3_476" = "3395669621"
"a1_447" = "2794274570"
"a2_603" = "28010977"
"a3_880" = "2030724953"
"a3_881" = "2037718008"
"a3_882" = "2044771355"
"a3_883" = "2018660538"
"a3_884" = "2025714909"
"a3_885" = "2066704764"
"a3_886" = "2073693599"
"a1_745" = "1314039568"
"a3_888" = "2054642257"
"a3_889" = "2061696752"
"a1_769" = "1187461132"
"a1_441" = "3862535018"
"a1_744" = "2072784109"

[HKCU\Software\Microsoft\Internet Explorer\AboutURLs]
"blank" = "http://www.114116.info"

[HKCU\Software\Aas]
"a4_857" = "1848969401"
"a4_638" = "278931902"
"a4_639" = "286101023"
"a4_634" = "250255418"
"a4_635" = "257424539"
"a4_636" = "264593660"
"a4_637" = "271762781"
"a4_630" = "221578934"
"a4_631" = "228748055"
"a4_632" = "235917176"
"a4_633" = "243086297"
"a2_913" = "2250433137"
"a1_747" = "213347397"
"a2_912" = "2243266128"
"a2_911" = "2236100574"
"a2_651" = "372136000"
"a2_910" = "2228931377"
"a3_794" = "1380597491"

[HKCU\Software\Aas\695404737]
"35845605" = "264"

[HKCU\Software\Aas]
"a2_917" = "2279124134"
"a4_883" = "2035366547"
"a2_916" = "2271950033"
"a4_740" = "1010182244"
"a4_741" = "1017351365"
"a4_742" = "1024520486"
"a4_743" = "1031689607"
"a4_744" = "1038858728"
"a4_745" = "1046027849"
"a4_746" = "1053196970"
"a4_747" = "1060366091"
"a4_748" = "1067535212"
"a4_749" = "1074704333"
"a1_866" = "800566586"
"a1_867" = "2696077018"
"a1_860" = "1646968846"
"a4_265" = "1899817065"
"a1_862" = "2127959882"
"a4_859" = "1863307643"
"a4_182" = "1304780022"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_180" = "1290441780"
"a4_181" = "1297610901"
"a4_186" = "1333456506"
"a4_187" = "1340625627"
"a4_184" = "1319118264"
"a4_185" = "1326287385"
"a4_188" = "1347794748"
"a4_189" = "1354963869"
"a1_741" = "1700688503"
"a2_918" = "2286281847"
"a4_168" = "1204412328"
"a1_194" = "2151174111"
"a1_195" = "2006365848"
"a4_160" = "1147059360"
"a4_161" = "1154228481"
"a4_162" = "1161397602"
"a4_163" = "1168566723"
"a4_164" = "1175735844"
"a4_165" = "1182904965"
"a4_166" = "1190074086"
"a4_167" = "1197243207"
"a4_296" = "2122059816"
"a4_297" = "2129228937"
"a4_294" = "2107721574"
"a4_295" = "2114890695"
"a4_292" = "2093383332"
"a4_293" = "2100552453"
"a4_290" = "2079045090"
"a4_291" = "2086214211"
"a4_142" = "1018015182"
"a3_952" = "2546868881"
"a4_568" = "4072060728"
"a4_569" = "4079229849"
"a4_298" = "2136398058"
"a4_299" = "2143567179"
"a2_598" = "4287131644"
"a1_192" = "352557833"
"a1_193" = "3510132629"
"a4_934" = "2400991718"
"a3_790" = "1351657855"
"a4_958" = "2573050622"
"a1_868" = "3939640233"
"a1_742" = "857719451"
"a4_368" = "2638236528"
"a4_369" = "2645405649"
"a4_362" = "2595221802"
"a4_363" = "2602390923"
"a4_360" = "2580883560"
"a4_361" = "2588052681"
"a4_366" = "2623898286"
"a4_367" = "2631067407"
"a4_364" = "2609560044"
"a4_365" = "2616729165"
"a1_305" = "1638495718"
"a1_304" = "3369388142"
"a1_307" = "3669313256"
"a1_306" = "3929659194"
"a1_301" = "1088408950"
"a1_300" = "36504450"
"a1_303" = "3247371137"
"a1_302" = "2151572191"
"a3_792" = "1399711281"
"a1_309" = "2593822792"
"a1_308" = "2514559669"
"a2_540" = "3871318195"
"a2_541" = "3878501098"
"a2_542" = "3885667154"
"a1_481" = "2016372591"
"a2_544" = "3900003210"
"a2_545" = "3907169051"
"a2_546" = "3914337537"
"a2_547" = "3921502496"
"a2_548" = "3928671169"
"a2_549" = "3935853141"
"a2_894" = "2114228638"
"a2_895" = "2121396989"
"a2_892" = "2099895932"
"a2_893" = "2107063178"
"a2_890" = "2085545867"
"a2_891" = "2092713091"
"a2_438" = "3140069334"
"a2_439" = "3147249742"
"a2_434" = "3111400156"
"a2_435" = "3118565221"
"a2_436" = "3125734201"
"a2_437" = "3132899469"
"a2_430" = "3082719025"
"a2_431" = "3089885044"
"a2_432" = "3097065178"
"a2_433" = "3104235519"
"a2_948" = "2501350902"
"a2_949" = "2508522366"
"a4_908" = "2214594572"
"a2_944" = "2472687698"
"a2_945" = "2479855603"
"a2_946" = "2487023445"
"a2_947" = "2494198450"
"a2_940" = "2444004353"
"a1_488" = "1385809574"
"a2_942" = "2458339096"
"a2_943" = "2465520938"
"a1_279" = "451864331"
"a1_278" = "1647521182"
"a1_489" = "1111333383"
"a1_271" = "1880078786"
"a1_270" = "1014408451"
"a1_273" = "2904591053"
"a1_272" = "1144189263"
"a1_275" = "1020357470"
"a1_274" = "2810627471"
"a1_277" = "3928485800"
"a1_276" = "1640607674"
"a2_764" = "1182239235"
"a2_765" = "1189400599"
"a2_766" = "1196572857"
"a2_767" = "1203743164"
"a2_760" = "1153558550"
"a2_761" = "1160739876"
"a2_762" = "1167905485"
"a2_763" = "1175063684"
"a2_768" = "1210923912"
"a2_769" = "1218094550"
"a2_382" = "2738606456"
"a2_383" = "2745775938"
"a2_380" = "2724259914"
"a2_381" = "2731438974"
"a2_386" = "2767278063"
"a2_387" = "2774443580"
"a2_384" = "2752951043"
"a2_385" = "2760106676"
"a2_388" = "2781625049"
"a2_389" = "2788792984"
"a1_613" = "535175178"
"a1_612" = "396930474"
"a1_611" = "59259841"
"a2_368" = "2638240839"
"a2_369" = "2645407542"
"a1_610" = "2963792186"
"a2_88" = "630890443"
"a2_89" = "638055418"
"a2_84" = "602207287"
"a2_85" = "609373682"
"a2_86" = "616537436"
"a2_87" = "623708868"
"a2_80" = "573522211"
"a2_81" = "580704604"
"a2_82" = "587872574"
"a2_83" = "595041934"
"a3_273" = "1974165848"
"a3_272" = "1966722361"
"a3_271" = "1926113414"
"a3_270" = "1918678119"
"a3_277" = "2002712284"
"a3_276" = "1962103485"
"a3_275" = "1954659866"
"a3_274" = "1947600379"
"a2_162" = "1161402567"
"a2_163" = "1168569184"
"a3_279" = "1983582110"
"a3_278" = "2009623423"
"a2_166" = "1190070305"
"a2_167" = "1197237925"
"a2_164" = "1175743835"
"a2_165" = "1182901713"
"a3_690" = "668723035"
"a3_679" = "589715310"
"a1_666" = "3898874116"
"a3_677" = "541662892"
"a3_676" = "568228365"
"a3_675" = "560775658"
"a3_674" = "553725259"
"a3_673" = "513247528"
"a3_672" = "505681033"
"a3_671" = "532246550"
"a3_670" = "525328375"
"a3_50" = "341766363"
"a3_51" = "348755322"
"a3_52" = "389745053"
"a3_53" = "396796476"
"a3_54" = "370165343"
"a3_55" = "377748222"
"a3_56" = "384737041"
"a3_57" = "425210800"
"a3_58" = "432789459"
"a3_59" = "406145138"
"a3_417" = "3006523432"
"a3_416" = "2965403529"
"a3_415" = "2958480150"
"a3_414" = "2984984311"
"a3_413" = "2977536596"
"a3_412" = "2970543669"
"a3_411" = "2929937810"
"a3_410" = "2922490227"
"a3_419" = "2986877162"
"a3_418" = "3013512267"
"a1_451" = "597229242"
"a1_450" = "3753543134"
"a1_453" = "13595112"
"a1_452" = "2035930358"
"a1_455" = "1505569854"
"a1_454" = "2505992909"
"a1_457" = "610713749"
"a1_456" = "709080734"
"a1_459" = "4162377762"
"a1_458" = "554462457"
"a1_693" = "1207653091"
"a1_692" = "1086097796"
"a1_691" = "1716377197"
"a1_690" = "2491338952"
"a1_697" = "2669723045"
"a1_696" = "1482722284"
"a1_695" = "190073356"
"a1_694" = "325456873"
"a1_699" = "3893782406"
"a1_698" = "479090700"
"a3_896" = "2145139113"
"a3_695" = "704178558"
"a1_962" = "2009475400"
"a3_309" = "2231976764"
"a3_308" = "2191503005"
"a3_303" = "2155521254"
"a3_302" = "2148466759"
"a3_301" = "2174512164"
"a3_300" = "2167589765"
"a3_307" = "2183924346"
"a3_306" = "2210566619"
"a3_305" = "2203581880"
"a3_304" = "2162448665"
"a4_86" = "616544406"
"a4_87" = "623713527"
"a4_84" = "602206164"
"a4_85" = "609375285"
"a4_82" = "587867922"
"a4_83" = "595037043"
"a4_80" = "573529680"
"a4_81" = "580698801"
"a3_887" = "2047190590"
"a3_730" = "921917107"
"a4_88" = "630882648"
"a4_89" = "638051769"
"a3_731" = "962513618"
"a4_954" = "2544374138"

[HKCU\Software\Aas\695404737]
"14338242" = "0"

[HKCU\Software\Aas]
"a3_913" = "2267125720"
"a3_736" = "998505673"
"a1_740" = "1339911739"
"a3_737" = "1005490536"
"a3_697" = "685057584"
"a3_892" = "2083171285"
"a3_891" = "2109683634"
"a3_890" = "2102235923"
"a3_897" = "2119163336"
"a3_734" = "950445111"
"a3_895" = "2138211638"
"a3_894" = "2131222679"
"a3_899" = "2166680202"
"a3_735" = "990926934"
"a3_696" = "678137233"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden" = "0"

[HKCU\Software\Aas]
"a4_387" = "2774449827"
"a1_940" = "224519011"
"a1_752" = "57930350"
"a4_629" = "214409813"
"a4_628" = "207240692"
"a4_627" = "200071571"
"a4_626" = "192902450"
"a4_625" = "185733329"
"a4_624" = "178564208"
"a4_623" = "171395087"
"a4_622" = "164225966"
"a4_621" = "157056845"
"a4_620" = "149887724"
"a2_75" = "537676022"
"a2_74" = "530521880"
"a2_77" = "552014028"
"a2_76" = "544835191"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"

[HKCU\Software\Aas]
"a2_71" = "509004219"
"a2_70" = "501835756"
"a4_753" = "1103380817"
"a4_752" = "1096211696"
"a4_751" = "1089042575"
"a4_750" = "1081873454"
"a4_757" = "1132057301"
"a2_73" = "523337918"
"a4_755" = "1117719059"
"a4_754" = "1110549938"
"a1_877" = "1584353552"
"a1_876" = "4080382617"
"a4_759" = "1146395543"
"a2_72" = "516171483"
"a1_873" = "202016119"
"a1_872" = "2848935901"
"a1_871" = "2706066120"
"a1_870" = "818827804"
"a4_195" = "1397978595"
"a4_194" = "1390809474"
"a4_197" = "1412316837"
"a4_196" = "1405147716"
"a4_191" = "1369302111"
"a4_190" = "1362132990"
"a4_193" = "1383640353"
"a4_192" = "1376471232"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_198" = "1419485958"
"a1_909" = "331918870"
"a4_179" = "1283272659"
"a4_178" = "1276103538"
"a4_173" = "1240257933"
"a4_172" = "1233088812"
"a4_171" = "1225919691"
"a4_170" = "1218750570"
"a4_177" = "1268934417"
"a4_176" = "1261765296"
"a4_175" = "1254596175"
"a4_174" = "1247427054"
"a4_577" = "4136582817"
"a3_123" = "898388146"
"a4_575" = "4122244575"
"a4_574" = "4115075454"
"a4_573" = "4107906333"
"a4_572" = "4100737212"
"a4_571" = "4093568091"
"a3_122" = "891468819"
"a3_121" = "850861040"
"a4_579" = "4150921059"
"a4_578" = "4143751938"
"a4_289" = "2071875969"
"a4_288" = "2064706848"
"a3_636" = "247859925"
"a3_120" = "843343697"
"a4_281" = "2014523001"
"a4_280" = "2007353880"
"a4_283" = "2028861243"
"a1_108" = "2936321408"
"a4_285" = "2043199485"
"a4_284" = "2036030364"
"a4_287" = "2057537727"
"a3_126" = "886312343"
"a3_125" = "879323508"
"a3_124" = "905966805"
"a3_691" = "642161658"
"a4_379" = "2717096859"
"a4_378" = "2709927738"
"a4_375" = "2688420375"
"a4_374" = "2681251254"
"a4_377" = "2702758617"
"a4_376" = "2695589496"
"a4_371" = "2659743891"
"a4_370" = "2652574770"
"a4_373" = "2674082133"
"a4_372" = "2666913012"
"a3_962" = "2584764075"
"a4_756" = "1124888180"
"a3_961" = "2611395080"
"a1_755" = "2693252171"
"a1_437" = "1227558844"
"a3_960" = "2604335593"
"a2_553" = "3964521971"
"a2_552" = "3957353613"
"a2_551" = "3950187262"
"a2_550" = "3943020447"
"a2_557" = "3993204862"
"a2_556" = "3986037568"
"a2_555" = "3978855572"
"a2_554" = "3971686486"
"a2_889" = "2078378858"
"a2_888" = "2071211593"
"a2_559" = "4007539070"
"a2_558" = "4000372457"
"a2_429" = "3075550064"
"a2_428" = "3068380476"
"a2_427" = "3061217441"
"a2_426" = "3054050273"
"a2_425" = "3046883178"
"a2_424" = "3039713022"
"a2_423" = "3032532654"
"a2_422" = "3025365553"
"a2_421" = "3018196177"
"a2_420" = "3011031711"
"a1_758" = "863834879"
"a2_565" = "4050555281"
"a2_959" = "2580224757"
"a2_958" = "2573055961"
"a2_957" = "2565874942"
"a2_956" = "2558706922"
"a2_955" = "2551541181"
"a2_954" = "2544372929"
"a1_785" = "1028475736"
"a2_952" = "2530044777"
"a2_951" = "2522871984"
"a2_950" = "2515691786"
"a1_208" = "553265413"
"a1_209" = "2105616232"
"a1_204" = "3480853506"
"a1_205" = "4054013169"
"a1_206" = "710017366"
"a1_207" = "529671448"
"a1_200" = "3318564107"
"a1_201" = "267625072"
"a1_202" = "1559239891"
"a1_203" = "3955268926"
"a2_777" = "1275402324"
"a2_776" = "1268276407"
"a2_775" = "1261093192"
"a2_774" = "1253925241"
"a2_773" = "1246758518"
"a2_772" = "1239591432"
"a2_771" = "1232424093"
"a2_770" = "1225257257"
"a2_779" = "1289776892"
"a2_778" = "1282609975"
"a2_395" = "2831810274"
"a2_394" = "2824628256"
"a2_397" = "2846143361"
"a2_396" = "2838974731"
"a2_391" = "2803125879"
"a2_390" = "2795961447"
"a2_393" = "2817461524"
"a2_392" = "2810287337"
"a2_399" = "2860476447"
"a2_398" = "2853313684"
"a2_568" = "4072051442"
"a2_569" = "4079237334"
"a2_379" = "2717091621"
"a2_378" = "2709918822"
"a2_373" = "2674089459"
"a2_372" = "2666907417"
"a2_371" = "2659741276"
"a2_370" = "2652570322"
"a2_377" = "2702756578"
"a2_376" = "2695591252"
"a2_375" = "2688421888"
"a2_374" = "2681257339"
"a3_246" = "1746738975"
"a3_247" = "1753789374"
"a3_244" = "1765852765"
"a3_245" = "1773304572"
"a2_179" = "1283273719"
"a2_178" = "1276105042"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"

[HKCU\Software\Aas]
"a3_241" = "1744311672"
"a2_175" = "1254604190"
"a2_174" = "1247421776"
"a2_177" = "1268940764"
"a2_176" = "1261770001"
"a2_171" = "1225921873"
"a2_170" = "1218753008"
"a2_173" = "1240256445"
"a3_249" = "1801832560"
"a4_960" = "2587388864"
"a1_510" = "1215919725"
"a1_511" = "4244780274"
"a1_512" = "4160653913"
"a1_513" = "1097176639"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt]
"CheckedValue" = "1"

[HKCU\Software\Aas]
"a1_515" = "4100140120"
"a1_516" = "847605981"
"a1_517" = "4068133342"
"a1_518" = "456990557"
"a1_519" = "4097187065"
"a3_648" = "367361953"
"a3_649" = "340792256"
"a3_69" = "478110732"
"a3_68" = "470664173"
"a3_65" = "449123976"
"a3_64" = "442135145"
"a3_67" = "497168202"
"a3_66" = "489720619"
"a3_61" = "454263092"
"a3_60" = "413199509"
"a3_63" = "468244982"
"a3_62" = "461186391"
"a1_784" = "3945418970"
"a3_514" = "3667976427"
"a2_543" = "3892835912"
"a1_424" = "2018912510"
"a1_425" = "2318478423"
"a1_426" = "2914177397"
"a1_427" = "2711655671"
"a1_420" = "4277972287"
"a1_421" = "4217698897"
"a1_422" = "2177157464"
"a1_423" = "4157342711"
"a3_199" = "1409969486"
"a1_428" = "2378866800"
"a1_429" = "296237386"
"a3_515" = "3709043978"
"a3_693" = "690213052"
"a3_338" = "2439897659"
"a3_339" = "2446886490"
"a3_336" = "2391856505"
"a3_337" = "2432846232"
"a3_334" = "2411437223"
"a3_335" = "2384801990"
"a3_332" = "2363312101"
"a3_333" = "2403923972"
"a3_330" = "2348814115"
"a3_331" = "2356388674"
"a1_738" = "1322349051"
"a1_739" = "3934012374"
"a3_428" = "3084957701"
"a3_429" = "3058850980"
"a3_422" = "3041926607"
"a3_423" = "3049502318"
"a3_420" = "2994455821"
"a3_421" = "3001383340"
"a3_426" = "3070911299"
"a3_427" = "3077900258"
"a3_424" = "3022858881"
"a3_425" = "3029913376"
"a1_864" = "2000137756"
"a2_915" = "2264781716"
"a1_865" = "1626873503"
"a4_870" = "1942167974"
"a4_873" = "1963675337"
"a1_861" = "2076017768"
"a1_863" = "1497975264"
"a3_87" = "607024862"
"a3_86" = "633131711"
"a3_85" = "626081308"
"a3_84" = "585598461"
"a3_83" = "578085210"
"a3_82" = "571034939"
"a3_81" = "597665944"
"a4_183" = "1311949143"
"a3_89" = "654610320"
"a3_88" = "614067057"
"a4_612" = "92534756"
"a4_613" = "99703877"
"a4_610" = "78196514"
"a4_611" = "85365635"
"a4_616" = "121211240"
"a4_617" = "128380361"
"a4_614" = "106872998"
"a4_615" = "114042119"
"a4_618" = "135549482"
"a4_619" = "142718603"
"a4_871" = "1949337095"
"a3_689" = "661144376"
"a3_812" = "1543047557"
"a3_692" = "649083933"
"a4_876" = "1985182700"
"a4_766" = "1196579390"
"a4_767" = "1203748511"
"a4_764" = "1182241148"
"a4_765" = "1189410269"
"a4_762" = "1167902906"
"a4_763" = "1175072027"
"a4_760" = "1153564664"
"a4_761" = "1160733785"
"a1_848" = "1103557389"
"a1_849" = "2191456260"
"a1_439" = "3721031657"
"a4_768" = "1210917632"
"a4_769" = "1218086753"
"a3_938" = "2446500163"
"a3_512" = "3687557161"
"a1_661" = "1968936750"
"a3_513" = "3660926024"
"a3_930" = "2355479115"
"a3_931" = "2362926826"
"a3_932" = "2403474189"
"a3_814" = "1523992135"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs" = "http://www.114116.info"

[HKCU\Software\Aas]
"a3_510" = "3639513879"
"a3_936" = "2398382209"
"a3_937" = "2439449888"
"a3_511" = "3679991734"
"a3_516" = "3715971501"
"a3_517" = "3723025868"
"a1_198" = "1747743839"
"a1_199" = "409910548"
"a4_148" = "1061029908"
"a4_149" = "1068199029"
"a4_146" = "1046691666"
"a4_147" = "1053860787"
"a1_196" = "729491696"
"a4_145" = "1039522545"
"a1_190" = "29923383"
"a4_143" = "1025184303"
"a4_140" = "1003676940"
"a4_141" = "1010846061"
"a3_910" = "2245638887"
"a4_548" = "3928678308"
"a4_549" = "3935847429"
"a4_542" = "3885663582"
"a4_543" = "3892832703"
"a4_540" = "3871325340"
"a4_541" = "3878494461"
"a4_546" = "3914340066"
"a4_547" = "3921509187"
"a4_544" = "3900001824"
"a4_545" = "3907170945"
"a4_839" = "1719925223"
"a1_662" = "4051247900"
"a1_663" = "1497542778"
"a1_660" = "2654544034"
"a4_380" = "2724265980"
"a4_381" = "2731435101"
"a4_382" = "2738604222"
"a4_383" = "2745773343"
"a4_384" = "2752942464"
"a4_385" = "2760111585"
"a4_386" = "2767280706"
"a4_169" = "1211581449"
"a4_388" = "2781618948"
"a4_389" = "2788788069"

"a1_667" = "342245344"
"a1_664" = "1266616367"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"

[HKCU\Software\Aas]
"a1_665" = "698365253"
"a1_0" = "174474351"
"a1_1" = "1834750235"
"a1_2" = "1764537593"
"a1_3" = "1263126650"
"a1_4" = "3528666314"
"a1_5" = "4264171753"
"a1_6" = "1428109341"
"a1_7" = "2709035006"
"a1_8" = "1226023294"
"a1_9" = "3953327676"
"a2_566" = "4057724843"
"a2_567" = "4064887984"
"a2_564" = "4043390769"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKCU\Software\Aas]
"a2_562" = "4029054661"
"a2_563" = "4036220500"
"a3_8" = "40388897"
"a3_9" = "47967552"
"a3_6" = "59977839"
"a3_7" = "67032206"
"a3_4" = "11991981"
"a3_5" = "52535244"
"a3_2" = "31040235"
"a3_3" = "4933386"
"a3_0" = "17001001"
"a3_1" = "23989832"
"a2_412" = "2953679329"
"a2_413" = "2960839858"
"a2_410" = "2939343977"
"a2_411" = "2946511341"
"a2_416" = "2982346757"
"a2_417" = "2989532711"
"a2_414" = "2968014625"
"a2_415" = "2975181928"
"a2_418" = "2996695977"
"a2_419" = "3003863644"
"a2_962" = "2601725007"
"a2_960" = "2587390976"
"a2_961" = "2594557395"
"a4_950" = "2515697654"
"a1_631" = "3216692649"
"a4_564" = "4043384244"
"a1_219" = "1507520674"
"a1_218" = "2062884556"
"a1_217" = "3112372599"
"a1_216" = "2513839621"
"a1_215" = "1897142073"
"a1_214" = "3556494758"
"a1_213" = "221294572"
"a1_212" = "2419375114"
"a1_211" = "662009514"
"a1_210" = "2213359044"
"a4_567" = "4064891607"
"a1_630" = "4079137915"
"a4_560" = "4014707760"
"a4_956" = "2558712380"
"a4_561" = "4021876881"
"a4_562" = "4029046002"
"a4_563" = "4036215123"
"a4_443" = "3175920603"
"a1_633" = "2124241688"
"a4_442" = "3168751482"
"a4_441" = "3161582361"

Task Manager is disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = "1"

To automatically run itself each time Windows is booted, the Virus adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TINTIMG" = "%Documents and Settings%\%current user%\Application Data\cssrs.exe"

A firewall is disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

Firewall notifications are disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"

The process cssrs.exe:1568 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE 1D 7B 09 D2 05 F1 77 B6 FE 38 78 92 DC 7A 5E"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

The process cssrs.exe:1052 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 96 C4 83 2A A6 43 34 08 35 8C D3 92 13 53 C6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

Dropped PE files

MD5	File path
c77a568b04bc97a1cfa8a8e2f16fd14f	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\000CBE83_Rar\%original file name%.exe
c77a568b04bc97a1cfa8a8e2f16fd14f	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\000CBF8C_Rar\%original file name%.exe
4ee401d288d2a181d88675c378a963d5	c:\gdena.pif

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer.

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	41984	41984	4.5713	f7d6a30a2c58c7a38b3cbe391d9cec4b
.rdata	49152	9994	10240	3.66555	6290e9c408ae6870143b78836ce64421
.data	61440	14500	4096	1.4687	448541fd66cace4cd3dfcf7e506ad72d
.rsrc	77824	80000	80384	3.43291	98a6c22ce487f38bfa3dff16299f6702
.reloc	159744	102400	99328	4.65991	f2ce52635f5669a7a0c41ef47ed3cedd

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Virus connects to the servers at the folowing location(s):

%original file name%.exe_1600:

$6.]$6.]$6.]

.text

.rdata

.data

.rsrc

@.reloc

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

GetProcessWindowStation

USER32.DLL

e:\dev\vircs_muluwu\release\cssrs.pdb

RegCreateKeyExW

RegCloseKey

ADVAPI32.dll

PSAPI.DLL

SHFileOperationW

ShellExecuteW

SHELL32.dll

SHLWAPI.dll

USER32.dll

GetCPInfo

GetConsoleOutputCP

KERNEL32.dll

3333333330

333333333333330

.LjR=W

.Jbjx=

^_^\^_\^[__^^_^^__^^^^___^__^\_\\_^^^^\^^_[__^^__^_^__^^\[^^_^_^^_^\_^_^^\^\^[^[[__^\^^^\-

333333333333333

444444444

33333333333333

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\000CBF8C_Rar\%original file name%.exe

%original file name%.exe

c:\%original file name%.exe

n Data\cssrs.exe

\cssrs.exe

.reloc

Y.pD;

hXXp://VVV.cerkezoglu.net/images/logo.gif

hXXp://chacaraedwirges.com.br/logo.gif

hXXp://albasaironline.com/images/button.gif

hXXp://cheminox.com/images/logo.gif

hXXp://VVV.emirmetalsanayi.com/button.gif

hXXp://citymons.in/images/logo.gif

hXXp://cofa.cl/logo.gif

logo.gif

/koonadance2.com/images/logo.gif

hXXp://kuplu.bel.tr/images/logo.gif

hXXp://VVV.liderancaspoliticas.com.br/logo.gif

hXXp://VVV.legalbilgisayar.com/img/logo.gif

hXXp://lifecom24.co.cc/images/logo.gif

uCo9%f

%F`;O

hXXp://89.11

.info/home.gifI

W.text

L32.dll

^p.At%

rnl.exe?

= =$=(=,=0=4=8=<=@

rv:1.9.2.3)

.NEtCLR

.klkjw:9fqwiBu

f3a.sysB

D6c.pBTab

drfig%s:*:

0}.T&?%x=

~UrlA'W

\'Web%

HTTP)s'PJ

o.ENHCD

KPCKwWEBWUPD

>*?456789:;<=

!"#$%&'()* ,-./01230 0

MSVCRT.dll

WS2_32.dll

SHFileOperationA

mscoree.dll

cssrs.exe

hXXp://VVV.114116.info

Windows\

age_URL

outURLs

%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe

%Documents and Settings%\%current user%\Application Data\cssrs.exe

Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt

%original file name%.exe_1600_rwx_0042E000_00011000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\000CBF8C_Rar\%original file name%.exe

%original file name%.exe

c:\%original file name%.exe

n Data\cssrs.exe

\cssrs.exe

.reloc

Y.pD;

hXXp://VVV.cerkezoglu.net/images/logo.gif

hXXp://chacaraedwirges.com.br/logo.gif

hXXp://albasaironline.com/images/button.gif

hXXp://cheminox.com/images/logo.gif

hXXp://VVV.emirmetalsanayi.com/button.gif

hXXp://citymons.in/images/logo.gif

hXXp://cofa.cl/logo.gif

logo.gif

/koonadance2.com/images/logo.gif

hXXp://kuplu.bel.tr/images/logo.gif

hXXp://VVV.liderancaspoliticas.com.br/logo.gif

hXXp://VVV.legalbilgisayar.com/img/logo.gif

hXXp://lifecom24.co.cc/images/logo.gif

uCo9%f

%F`;O

hXXp://89.11

.info/home.gifI

W.text

L32.dll

^p.At%

rnl.exe?

= =$=(=,=0=4=8=<=@

rv:1.9.2.3)

.NEtCLR

.klkjw:9fqwiBu

f3a.sysB

D6c.pBTab

drfig%s:*:

0}.T&?%x=

~UrlA'W

\'Web%

HTTP)s'PJ

o.ENHCD

KPCKwWEBWUPD

>*?456789:;<=

!"#$%&'()* ,-./01230 0

ADVAPI32.dll

MSVCRT.dll

SHELL32.dll

USER32.dll

WS2_32.dll

RegCloseKey

SHFileOperationA

cssrs.exe_1052:

$6.]$6.]$6.]

.text

.rdata

.data

.rsrc

@.reloc

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

GetProcessWindowStation

USER32.DLL

e:\dev\vircs_muluwu\release\cssrs.pdb

RegCreateKeyExW

RegCloseKey

ADVAPI32.dll

PSAPI.DLL

SHFileOperationW

ShellExecuteW

SHELL32.dll

SHLWAPI.dll

USER32.dll

GetCPInfo

GetConsoleOutputCP

KERNEL32.dll

3333333330

333333333333330

.LjR=W

.Jbjx=

^_^\^_\^[__^^_^^__^^^^___^__^\_\\_^^^^\^^_[__^^__^_^__^^\[^^_^_^^_^\_^_^^\^\^[^[[__^\^^^\-

333333333333333

444444444

33333333333333

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

cssrs.exe

.reloc

%Documents and Settings%\%current user%\Application Data\cssrs.exe

Y.pD;

hXXp://VVV.cerkezoglu.net/images/logo.gif

hXXp://chacaraedwirges.com.br/logo.gif

hXXp://albasaironline.com/images/button.gif

hXXp://cheminox.com/images/logo.gif

hXXp://VVV.emirmetalsanayi.com/button.gif

hXXp://citymons.in/images/logo.gif

hXXp://cofa.cl/logo.gif

logo.gif

/koonadance2.com/images/logo.gif

hXXp://kuplu.bel.tr/images/logo.gif

hXXp://VVV.liderancaspoliticas.com.br/logo.gif

hXXp://VVV.legalbilgisayar.com/img/logo.gif

hXXp://lifecom24.co.cc/images/logo.gif

uCo9%f

%F`;O

hXXp://89.11

.info/home.gifI

W.text

L32.dll

^p.At%

rnl.exe?

= =$=(=,=0=4=8=<=@

rv:1.9.2.3)

.NEtCLR

.klkjw:9fqwiBu

f3a.sysB

D6c.pBTab

drfig%s:*:

0}.T&?%x=

~UrlA'W

\'Web%

HTTP)s'PJ

o.ENHCD

KPCKwWEBWUPD

>*?456789:;<=

!"#$%&'()* ,-./01230 0

MSVCRT.dll

WS2_32.dll

SHFileOperationA

mscoree.dll

hXXp://VVV.114116.info

Windows\

age_URL

outURLs

%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe

%original file name%.exe_1600_rwx_00910000_00002000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

.reloc

Y.pD;

%original file name%.exe_1600_rwx_00920000_00001000:

|%original file name%.exeM_1600_

%original file name%.exe_1600_rwx_010D0000_0108E000:

c:\windows

hXXp://VVV.cerkezoglu.net/images/logo.gif

hXXp://chacaraedwirges.com.br/logo.gif

hXXp://albasaironline.com/images/button.gif

hXXp://cheminox.com/images/logo.gif

hXXp://VVV.emirmetalsanayi.com/button.gif

hXXp://citymons.in/images/logo.gif

hXXp://cofa.cl/logo.gif

%System%\drivers\ojjqp.sys

Y.pD;

8315158566

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

.reloc

hXXp://89.119.67.154/testo5/

hXXp://kukutrustnet777.info/home.gif

hXXp://kukutrustnet888.info/home.gif

hXXp://kukutrustnet987.info/home.gif

.text

KERNEL32.dll

USER32.dll

h.rdata

H.data

ntoskrnl.exe

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.1 (.NET CLR 3.5.30731)

Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Software\Microsoft\Windows\CurrentVersion

hXXp://VVV.klkjwre9fqwieluoi.info/

hXXp://kukutrustnet777888.info/

Software\Microsoft\Windows\CurrentVersion\policies\system

Software\Microsoft\Windows\ShellNoRoam\MUICache

%s:*:Enabled:ipsec

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

GdiPlus.dll

hXXp://

ipfltdrv.sys

VVV.microsoft.com

?%x=%d

&%x=%d

SYSTEM.INI

USER32.DLL

.%c%s

\\.\amsint32

NTDLL.DLL

autorun.inf

ADVAPI32.DLL

win%s.exe

%s.exe

WININET.DLL

InternetOpenUrlA

avast! Web Scanner

Avira AntiVir Premium WebGuard

cmdGuard

cmdAgent

Eset HTTP Server

ProtoPort Firewall service

SpIDer FS Monitor for Windows NT

Symantec Password Validation

WebrootDesktopFirewallDataService

WebrootFirewall

%d%d.tmp

SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

%s\%s

%s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

Software\Microsoft\Windows\CurrentVersion\Ext\Stats

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Explorer.exe

A2CMD.

ASHWEBSV.

AVGCC.AVGCHSVX.

DRWEB

DWEBLLIO

DWEBIO

FSGUIEXE.

MCVSSHLD.

NPFMSG.

SYMSPORT.

WEBSCANX.

.adata

M_%d_

%c%d_%d

?456789:;<=

!"#$%&'()* ,-./0123

GetProcessHeap

GetWindowsDirectoryA

RegEnumKeyExA

RegDeleteKeyA

RegOpenKeyExA

RegCreateKeyA

RegCloseKey

SHFileOperationA

&3&3&3&389

.rdata

.data

rnl.exe?

= =$=(=,=0=4=8=<=@

rv:1.9.2.3)

.NEtCLR

.klkjw:9fqwiBu

f3a.sysB

D6c.pBTab

drfig%s:*:

0}.T&?%x=

~UrlA'W

\'Web%

HTTP)s'PJ

o.ENHCD

KPCKwWEBWUPD

>*?456789:;<=

!"#$%&'()* ,-./01230 0

ADVAPI32.dll

MSVCRT.dll

SHELL32.dll

WS2_32.dll

cssrs.exe_1052_rwx_0042E000_00011000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

cssrs.exe

.reloc

%Documents and Settings%\%current user%\Application Data\cssrs.exe

Y.pD;

hXXp://VVV.cerkezoglu.net/images/logo.gif

hXXp://chacaraedwirges.com.br/logo.gif

hXXp://albasaironline.com/images/button.gif

hXXp://cheminox.com/images/logo.gif

hXXp://VVV.emirmetalsanayi.com/button.gif

hXXp://citymons.in/images/logo.gif

hXXp://cofa.cl/logo.gif

logo.gif

/koonadance2.com/images/logo.gif

hXXp://kuplu.bel.tr/images/logo.gif

hXXp://VVV.liderancaspoliticas.com.br/logo.gif

hXXp://VVV.legalbilgisayar.com/img/logo.gif

hXXp://lifecom24.co.cc/images/logo.gif

uCo9%f

%F`;O

hXXp://89.11

.info/home.gifI

W.text

L32.dll

^p.At%

rnl.exe?

= =$=(=,=0=4=8=<=@

rv:1.9.2.3)

.NEtCLR

.klkjw:9fqwiBu

f3a.sysB

D6c.pBTab

drfig%s:*:

0}.T&?%x=

~UrlA'W

\'Web%

HTTP)s'PJ

o.ENHCD

KPCKwWEBWUPD

>*?456789:;<=

!"#$%&'()* ,-./01230 0

ADVAPI32.dll

MSVCRT.dll

SHELL32.dll

USER32.dll

WS2_32.dll

RegCloseKey

SHFileOperationA

cssrs.exe_1052_rwx_00900000_00002000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

.reloc

Y.pD;

cssrs.exe_1052_rwx_00910000_00001000:

|cssrs.exeM_1052_

cssrs.exe_1568:

$6.]$6.]$6.]

.text

.rdata

.data

.rsrc

@.reloc

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

GetProcessWindowStation

USER32.DLL

e:\dev\vircs_muluwu\release\cssrs.pdb

RegCreateKeyExW

RegCloseKey

ADVAPI32.dll

PSAPI.DLL

SHFileOperationW

ShellExecuteW

SHELL32.dll

SHLWAPI.dll

USER32.dll

GetCPInfo

GetConsoleOutputCP

KERNEL32.dll

3333333330

333333333333330

.LjR=W

.Jbjx=

^_^\^_\^[__^^_^^__^^^^___^__^\_\\_^^^^\^^_[__^^__^_^__^^\[^^_^_^^_^\_^_^^\^\^[^[[__^\^^^\-

333333333333333

444444444

33333333333333

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

cssrs.exe

.reloc

%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe

Y.pD;

hXXp://VVV.cerkezoglu.net/images/logo.gif

hXXp://chacaraedwirges.com.br/logo.gif

hXXp://albasaironline.com/images/button.gif

hXXp://cheminox.com/images/logo.gif

hXXp://VVV.emirmetalsanayi.com/button.gif

hXXp://citymons.in/images/logo.gif

hXXp://cofa.cl/logo.gif

logo.gif

/koonadance2.com/images/logo.gif

hXXp://kuplu.bel.tr/images/logo.gif

hXXp://VVV.liderancaspoliticas.com.br/logo.gif

hXXp://VVV.legalbilgisayar.com/img/logo.gif

hXXp://lifecom24.co.cc/images/logo.gif

uCo9%f

%F`;O

hXXp://89.11

.info/home.gifI

W.text

L32.dll

^p.At%

rnl.exe?

= =$=(=,=0=4=8=<=@

rv:1.9.2.3)

.NEtCLR

.klkjw:9fqwiBu

f3a.sysB

D6c.pBTab

drfig%s:*:

0}.T&?%x=

~UrlA'W

\'Web%

HTTP)s'PJ

o.ENHCD

KPCKwWEBWUPD

>*?456789:;<=

!"#$%&'()* ,-./01230 0

MSVCRT.dll

WS2_32.dll

SHFileOperationA

mscoree.dll

hXXp://VVV.114116.info

Windows\

age_URL

outURLs

%Documents and Settings%\%current user%\Application Data\cssrs.exe

cssrs.exe_1568_rwx_0042E000_00011000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

cssrs.exe

.reloc

%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe

Y.pD;

hXXp://VVV.cerkezoglu.net/images/logo.gif

hXXp://chacaraedwirges.com.br/logo.gif

hXXp://albasaironline.com/images/button.gif

hXXp://cheminox.com/images/logo.gif

hXXp://VVV.emirmetalsanayi.com/button.gif

hXXp://citymons.in/images/logo.gif

hXXp://cofa.cl/logo.gif

logo.gif

/koonadance2.com/images/logo.gif

hXXp://kuplu.bel.tr/images/logo.gif

hXXp://VVV.liderancaspoliticas.com.br/logo.gif

hXXp://VVV.legalbilgisayar.com/img/logo.gif

hXXp://lifecom24.co.cc/images/logo.gif

uCo9%f

%F`;O

hXXp://89.11

.info/home.gifI

W.text

L32.dll

^p.At%

rnl.exe?

= =$=(=,=0=4=8=<=@

rv:1.9.2.3)

.NEtCLR

.klkjw:9fqwiBu

f3a.sysB

D6c.pBTab

drfig%s:*:

0}.T&?%x=

~UrlA'W

\'Web%

HTTP)s'PJ

o.ENHCD

KPCKwWEBWUPD

>*?456789:;<=

!"#$%&'()* ,-./01230 0

ADVAPI32.dll

MSVCRT.dll

SHELL32.dll

USER32.dll

WS2_32.dll

RegCloseKey

SHFileOperationA

cssrs.exe_1568_rwx_00900000_00002000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

.reloc

Y.pD;

cssrs.exe_1568_rwx_00910000_00001000:

|cssrs.exeM_1568_

Explorer.EXE_532_rwx_01E00000_00002000:

SHELL32.DLL

ShellExecuteA

KERNEL32.DLL

.reloc

Y.pD;

Explorer.EXE_532_rwx_01E10000_00001000:

|explorer.exeM_532_

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
Delete the original Virus file.
Delete or disinfect the following files created/modified by the Virus:

%WinDir%\system.ini (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000CBF8C_Rar\%original file name%.exe (1281 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (528 bytes)
C:\gdena.pif (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000CBE83_Rar\%original file name%.exe (1281 bytes)
%Documents and Settings%\%current user%\Application Data\cssrs.exe (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\asqo.exe (741 bytes)
C:\autorun.inf (363 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (272 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Startup\cssrs.exe (2562 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TINTIMG" = "%Documents and Settings%\%current user%\Application Data\cssrs.exe"
Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Virus.Win32.Sality_afd23c01d5

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Virus.Win32.Sality_afd23c01d5

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet