Trojan-Dropper.Win32.Agent.hjne (Kaspersky), Virus.Win32.Sality.at (v) (VIPRE), Trojan-Dropper.Win32.Agent!IK (Emsisoft), Backdoor.Win32.Farfli.FD, Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, Worm.Win32.Dorkbot.FD, VirusSality.YR, WormDorkbot.YR, GenericUDPFlooder.YR, GenericIRCBot.YR, GenericMSNWorm.YR, GenericUSBInfector.YR, GenericDNSBlocker.YR, GenericAutorunWorm.YR, GenericSYNFlooder.YR, GenericInjector.YR, BankerGeneric.YR, GenericProxy.YR, GenericPhysicalDrive0.YR (Lavasoft MAS)Behaviour: Trojan-Dropper, Banker, Trojan, Backdoor, Flooder, Worm, Virus, WormAutorun, IRCBot, MSNWorm, DNSBlocker, UDPFlooder, SYNFlooder, Trojan-Proxy, USBInfector
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 84a72b0a7de3c06e0a62470b992508a6
SHA1: 6bcd4c2f73347733367c88a0562437f3656c7fb0
SHA256: edd73b5e22a95b0e6a85e60f6022fbb1b81635378757513f206a2e89a19ac4b1
SSDeep: 6144:16NMkmWLk2FqgAJITs6S8NX8l/H2z/vvgsA:16GYjAag67MRWz/3s
Size: 367616 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: F
Created at: 2013-04-13 17:05:59
Summary: Virus. A program that recursively replicates a possibly evolved copy of itself.
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer. |
IRCBot | A bot can communicate with command and control servers via IRC channel. |
MSNWorm | A worm can spread its copies through the MSN Messanger. |
DNSBlocker | A program can block designated DNS servers for making it difficult for users to locate specific domains or web sites on the Internet. |
UDPFlooder | This program can make a UDP flood. A UDP flood attack is a denial-of-service attack using the User Datagram Protocol (UDP). It can be initiated by sending a large number of UDP packets to random ports on a remote host. |
SYNFlooder | This program can make a SYN flood. It is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. |
Trojan-Proxy | This program can launch a proxy server (SOCKS4) on a designated TCP port. |
USBInfector | A program can register a device notification with the help of RegisterDeviceNotification. So it is notified when a USB device is plugged and then the worm copies itself to the USB device plugged into the affected computer. |
Process activity
The Virus creates the following process(es):
%original file name%.exe:47540
The Virus injects its code into the following process(es):
%original file name%.exe:1544
%original file name%.exe:47272
mspaint.exe:47608
File activity
The process %original file name%.exe:1544 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%System%\drivers\omguh.sys (5 bytes)
%WinDir%\system.ini (70 bytes)
D:\disablejavawarnsec.exe (888 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (840 bytes)
D:\autorun.inf (341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\riubep.exe (741 bytes)
C:\blsp.exe (103 bytes)
C:\autorun.inf (239 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (272 bytes)
D:\jholpp.pif (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ryrrbn.exe (15019 bytes)
The Virus deletes the following file(s):
%System%\drivers\omguh.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ryrrbn.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\riubep.exe (0 bytes)
The process %original file name%.exe:47272 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\ScreenSaverPro.scr (2105 bytes)
%Documents and Settings%\%current user%\Application Data\temp.bin (2105 bytes)
The process mspaint.exe:47608 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\Microsoft\Cukmko.exe (2105 bytes)
The Virus deletes the following file(s):
C:\%original file name%.exe (0 bytes)
Registry activity
The process %original file name%.exe:1544 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKCU\Software\Aas]
"a4_440" = "3154413240"
"a2_348" = "2494851520"
"a2_349" = "2502018511"
"a2_346" = "2480517465"
"a2_347" = "2487687795"
"a2_344" = "2466182591"
"a2_345" = "2473352194"
"a2_342" = "2451834017"
"a2_343" = "2459002597"
"a2_340" = "2437498035"
"a2_341" = "2444667798"
"a2_180" = "1290449935"
"a2_181" = "1297605042"
"a2_182" = "1304774225"
"a2_183" = "1311955504"
"a2_184" = "1319110127"
"a2_185" = "1326292284"
"a2_186" = "1333459246"
"a2_187" = "1340622615"
"a2_188" = "1347791203"
"a2_189" = "1354971294"
"a4_444" = "3183089724"
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"
[HKCU\Software\Aas]
"a1_503" = "2418014118"
"a1_502" = "1783367423"
"a1_501" = "3803246870"
"a1_500" = "2566252230"
"a1_507" = "3178381886"
"a1_506" = "2805149925"
"a1_505" = "2378425286"
"a1_504" = "4079007393"
"a1_509" = "706200308"
"a1_508" = "471259688"
"a3_659" = "412749722"
"a3_658" = "405760891"
"a3_78" = "542637991"
"a3_79" = "549622726"
"a3_72" = "533156193"
"a3_73" = "506656128"
"a3_70" = "485103791"
"a3_71" = "525712590"
"a3_76" = "561686245"
"a3_77" = "568613636"
"a3_74" = "513568291"
"a3_75" = "554631746"
"a3_259" = "1873798154"
"a3_258" = "1866220523"
"a1_435" = "3487400814"
"a1_434" = "865039544"
"a1_433" = "1050306477"
"a1_432" = "1439328431"
"a1_431" = "3124015858"
"a1_430" = "2866535089"
"a3_251" = "1782710578"
"a3_250" = "1809280147"
"a3_253" = "1830771188"
"a3_252" = "1789764949"
"a3_255" = "1844811446"
"a3_254" = "1837822487"
"a3_257" = "1825746760"
"a3_256" = "1818692393"
"a1_636" = "2958459822"
"a3_321" = "2284435336"
"a3_320" = "2310935401"
"a3_323" = "2332478538"
"a3_322" = "2291869739"
"a3_325" = "2346910988"
"a3_324" = "2339397869"
"a3_327" = "2327338446"
"a3_326" = "2320415151"
"a3_329" = "2375379584"
"a3_328" = "2368468577"
"a3_439" = "3130280062"
"a3_438" = "3123369951"
"a3_435" = "3101883130"
"a3_434" = "3094824539"
"a3_437" = "3149870012"
"a3_436" = "3142426397"
"a3_431" = "3106444646"
"a3_430" = "3065901255"
"a3_433" = "3087376952"
"a3_432" = "3113879961"
"a1_670" = "497085280"
"a1_593" = "1377325288"
"a3_94" = "690598327"
"a3_95" = "698045910"
"a3_96" = "671534665"
"a3_97" = "678453992"
"a3_90" = "662052915"
"a3_91" = "669107282"
"a3_92" = "643004661"
"a3_93" = "649993492"
"a3_98" = "685967115"
"a3_99" = "726580138"
"a4_605" = "42350909"
"a4_604" = "35181788"
"a4_607" = "56689151"
"a4_606" = "49520030"
"a4_601" = "13674425"
"a4_600" = "6505304"
"a4_603" = "28012667"
"a4_602" = "20843546"
"a4_609" = "71027393"
"a4_608" = "63858272"
"a3_655" = "383827462"
"a3_654" = "376767975"
"a3_657" = "431879896"
"a3_656" = "424825529"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"
[HKCU\Software\Aas]
"a3_651" = "388835458"
"a3_650" = "348370019"
"a3_653" = "369779012"
"a3_652" = "395889957"
"a4_151" = "1082537271"
"a4_150" = "1075368150"
"a4_153" = "1096875513"
"a4_152" = "1089706392"
"a4_155" = "1111213755"
"a4_154" = "1104044634"
"a4_157" = "1125551997"
"a4_156" = "1118382876"
"a4_159" = "1139890239"
"a4_158" = "1132721118"
"a1_185" = "3979658324"
"a1_184" = "1705708257"
"a1_183" = "3185199118"
"a1_182" = "1525774523"
"a1_181" = "152016622"
"a1_180" = "488118920"
"a4_559" = "4007538639"
"a4_558" = "4000369518"
"a4_555" = "3978862155"
"a4_554" = "3971693034"
"a4_557" = "3993200397"
"a4_556" = "3986031276"
"a4_551" = "3950185671"
"a4_550" = "3943016550"
"a4_553" = "3964523913"
"a4_552" = "3957354792"
"a4_393" = "2817464553"
"a4_392" = "2810295432"
"a4_391" = "2803126311"
"a4_390" = "2795957190"
"a4_397" = "2846141037"
"a4_396" = "2838971916"
"a4_395" = "2831802795"
"a4_394" = "2824633674"
"a4_399" = "2860479279"
"a4_398" = "2853310158"
"a2_405" = "2903501174"
"a2_404" = "2896330339"
"a2_407" = "2917827421"
"a2_406" = "2910660854"
"a2_401" = "2874812102"
"a2_400" = "2867655869"
"a2_403" = "2889161048"
"a2_402" = "2881994741"
"a2_409" = "2932163293"
"a2_408" = "2924994692"
"a1_222" = "2692666959"
"a1_223" = "2385606084"
"a1_220" = "61112359"
"a1_221" = "1869934821"
"a1_226" = "2332699752"
"a1_227" = "30740926"
"a1_224" = "3400836796"
"a1_225" = "3222146554"
"a1_228" = "193029499"
"a1_229" = "44195703"
"a2_579" = "4150923744"
"a2_578" = "4143759174"
"a2_571" = "4093571836"
"a2_570" = "4086392546"
"a2_573" = "4107908834"
"a2_572" = "4100743099"
"a2_575" = "4122242301"
"a2_574" = "4115074705"
"a2_577" = "4136575836"
"a2_576" = "4129407011"
"a2_351" = "2516369042"
"a2_350" = "2509184682"
"a2_353" = "2530702582"
"a2_352" = "2523533891"
"a2_355" = "2545036187"
"a2_354" = "2537876887"
"a2_357" = "2559370693"
"a2_356" = "2552204379"
"a2_359" = "2573721525"
"a2_358" = "2566539656"
"a3_622" = "147491207"
"a2_193" = "1383643742"
"a2_192" = "1376474214"
"a2_191" = "1369307864"
"a2_190" = "1362126864"
"a2_197" = "1412311870"
"a2_196" = "1405144091"
"a2_195" = "1398003606"
"a2_194" = "1390806629"
"a3_624" = "195544665"
"a2_199" = "1426659956"
"a2_198" = "1419493304"
"a3_625" = "168917752"
"a3_626" = "175906587"
"a3_627" = "183481274"
"a1_536" = "2332363329"
"a1_537" = "119924271"
"a1_534" = "1412417580"
"a1_535" = "564989890"
"a1_89" = "402585859"
"a1_88" = "1012813069"
"a1_530" = "3991448199"
"a1_531" = "3773082601"
"a1_85" = "673247623"
"a1_84" = "4223381870"
"a1_87" = "2144287049"
"a1_86" = "1583957288"
"a1_81" = "60309407"
"a1_80" = "3619021715"
"a1_83" = "3198556365"
"a1_82" = "2461012270"
"a1_67" = "1326870845"
"a1_66" = "1687152647"
"a1_65" = "2082465788"
"a3_133" = "970345548"
"a1_63" = "44026865"
"a3_135" = "950830350"
"a3_136" = "991836577"
"a1_60" = "1287670786"
"a3_138" = "1006335587"
"a3_139" = "979823234"
"a1_438" = "3992055880"
"a1_69" = "1225663612"
"a1_68" = "103011217"
"a3_228" = "1617824845"
"a3_229" = "1624875244"
"a3_224" = "1588903625"
"a3_225" = "1629901672"
"a3_226" = "1636956043"
"a3_227" = "1610836010"
"a3_220" = "1593911669"
"a3_221" = "1600966036"
"a3_222" = "1608410679"
"a3_223" = "1581849174"
"a1_408" = "3436537386"
"a1_409" = "4063490885"
"a1_402" = "3454083211"
"a1_403" = "1451125989"
"a1_400" = "3317919435"
"a1_401" = "688510687"
"a1_406" = "2643443821"
"a1_407" = "3649251455"
"a1_404" = "2481528874"
"a1_405" = "3736050472"
"a3_354" = "2521277451"
"a3_355" = "2528204970"
"a3_356" = "2568813773"
"a3_357" = "2576322924"
"a3_350" = "2492225207"
"a3_351" = "2499791574"
"a3_352" = "2540269385"
"a3_353" = "2547254248"
"a1_628" = "2901950542"
"a3_358" = "2583246223"
"a3_359" = "2556735022"
"a1_629" = "1992605195"
"a4_37" = "265257477"
"a4_36" = "258088356"
"a4_35" = "250919235"
"a4_34" = "243750114"
"a4_33" = "236580993"
"a4_32" = "229411872"
"a4_31" = "222242751"
"a4_30" = "215073630"
"a4_144" = "1032353424"
"a4_39" = "279595719"
"a4_38" = "272426598"
"a3_142" = "1034864615"
[HKCU\Software\Aas\695404737]
"28676484" = "35"
[HKCU\Software\Aas]
"a4_498" = "3570222258"
"a4_499" = "3577391379"
"a4_494" = "3541545774"
"a4_495" = "3548714895"
"a4_496" = "3555884016"
"a4_497" = "3563053137"
"a4_490" = "3512869290"
"a4_491" = "3520038411"
"a4_492" = "3527207532"
"a4_493" = "3534376653"
"a3_448" = "3194799081"
"a3_449" = "3202245640"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_124" = "888971004"
"a4_125" = "896140125"
"a4_126" = "903309246"
"a4_127" = "910478367"
"a4_120" = "860294520"
"a4_121" = "867463641"
"a4_122" = "874632762"
"a4_123" = "881801883"
"a4_128" = "917647488"
"a4_129" = "924816609"
"a2_593" = "4251295442"
"a3_444" = "3166269973"
"a3_445" = "3206813364"
"a2_592" = "4244125961"
"a4_238" = "1706250798"
"a4_239" = "1713419919"
"a4_230" = "1648897830"
"a4_231" = "1656066951"
"a4_232" = "1663236072"
"a4_233" = "1670405193"
"a4_234" = "1677574314"
"a4_235" = "1684743435"
"a4_236" = "1691912556"
"a4_237" = "1699081677"
"a1_480" = "3754711131"
"a2_643" = "314771556"
"a2_642" = "307605066"
"a2_641" = "300435618"
"a2_640" = "293261735"
"a2_647" = "343450540"
"a2_646" = "336286463"
"a1_158" = "4270896275"
"a1_159" = "2423358746"
"a2_645" = "329119411"
"a1_150" = "1270092935"
"a1_151" = "736307084"
"a1_152" = "1623843541"
"a1_153" = "565500320"
"a1_154" = "3092577796"
"a1_155" = "3562353813"
"a1_156" = "1933081664"
"a1_157" = "1380755395"
"a1_235" = "544217173"
"a1_234" = "12158951"
"a1_237" = "1432260994"
"a1_236" = "2183690489"
"a1_231" = "318063182"
"a1_230" = "359466226"
"a1_233" = "1815913244"
"a1_232" = "1502001754"
"a1_239" = "3724820529"
"a1_238" = "3741451107"
"a2_210" = "1505522264"
"a2_211" = "1512681124"
"a2_212" = "1519860683"
"a2_213" = "1527028732"
"a2_214" = "1534196801"
"a2_215" = "1541363790"
"a2_216" = "1548526674"
"a2_217" = "1555695855"
"a2_218" = "1562861681"
"a2_219" = "1570030568"
"a2_508" = "3641911671"
"a2_509" = "3649080773"
"a2_504" = "3613229279"
"a2_505" = "3620409466"
"a2_506" = "3627579689"
"a2_507" = "3634746850"
"a2_500" = "3584561795"
"a2_501" = "3591728931"
"a2_502" = "3598895253"
"a2_503" = "3606061576"
"a2_324" = "2322799741"
"a2_325" = "2329955055"
"a2_326" = "2337131431"
"a2_327" = "2344296864"
"a2_320" = "2294111060"
"a2_321" = "2301280543"
"a2_322" = "2308464517"
"a2_323" = "2315618224"
"a1_521" = "3220686040"
"a1_520" = "4133933652"
"a1_523" = "341323163"
"a1_522" = "3364503699"
"a2_328" = "2351479170"
"a2_329" = "2358648012"
"a1_527" = "4055896088"
"a1_526" = "1658288131"
"a1_98" = "1306396276"
"a1_99" = "913101911"
"a1_92" = "2112997216"
"a1_93" = "2583813490"
"a1_90" = "3083820851"
"a1_91" = "1903018581"
"a1_96" = "348551262"
"a1_97" = "2202416797"
"a1_94" = "1443404747"
"a1_95" = "3111709485"
"a1_74" = "22252335"
"a1_75" = "2094197207"
"a1_76" = "3897287573"
"a1_77" = "2460403806"
"a1_70" = "2839947707"
"a1_71" = "2609559479"
"a1_72" = "780146332"
"a1_73" = "2103302679"
"a3_129" = "907869896"
"a3_128" = "934369961"
"a1_78" = "1208190256"
"a1_79" = "840152496"
"a3_239" = "1730403494"
"a3_238" = "1689270279"
"a3_237" = "1682343908"
"a3_236" = "1708909381"
"a3_235" = "1701334818"
"a3_234" = "1660856963"
"a3_233" = "1653814880"
"a3_232" = "1646370241"
"a3_231" = "1672935854"
"a3_230" = "1665877263"
"a1_419" = "505726460"
"a1_418" = "2945808445"
"a1_415" = "3113680979"
"a1_414" = "2567467109"
"a1_417" = "234388659"
"a1_416" = "3492106493"
"a1_411" = "186725386"
"a1_410" = "1388228754"
"a1_413" = "2637529000"
"a1_412" = "3003812903"
"a3_347" = "2504287570"
"a3_346" = "2463809843"
"a3_345" = "2456759440"
"a3_344" = "2482866289"
"a3_343" = "2475825118"
"a3_342" = "2468836287"
"a3_341" = "2427838236"
"a3_340" = "2420783869"
"a3_349" = "2485301780"
"a3_348" = "2511804917"
"a2_360" = "2580889103"
"a2_361" = "2588056477"
"a2_362" = "2595220181"
"a4_24" = "172058904"
"a4_25" = "179228025"
"a4_26" = "186397146"
"a4_27" = "193566267"
"a4_20" = "143382420"
"a4_21" = "150551541"
"a4_22" = "157720662"
"a4_23" = "164889783"
"a2_364" = "2609557102"
"a4_28" = "200735388"
"a4_29" = "207904509"
"a2_365" = "2616723027"
"a2_366" = "2623903166"
"a2_367" = "2631073768"
"a2_168" = "1204405684"
"a2_169" = "1211588389"
"a4_489" = "3505700169"
"a4_488" = "3498531048"
"a4_487" = "3491361927"
"a4_486" = "3484192806"
"a4_485" = "3477023685"
"a4_484" = "3469854564"
"a4_483" = "3462685443"
"a4_482" = "3455516322"
"a4_481" = "3448347201"
"a4_480" = "3441178080"
"a2_160" = "1147054416"
"a2_161" = "1154234416"
"a4_137" = "982169577"
"a4_136" = "975000456"
"a4_135" = "967831335"
"a4_134" = "960662214"
"a4_133" = "953493093"
"a4_132" = "946323972"
"a4_131" = "939154851"
"a4_130" = "931985730"
"a4_139" = "996507819"
"a4_138" = "989338698"
"a2_455" = "3261952509"
"a1_617" = "3043171840"
"a4_229" = "1641728709"
"a4_228" = "1634559588"
"a4_223" = "1598713983"
"a4_222" = "1591544862"
"a4_221" = "1584375741"
"a4_220" = "1577206620"
"a4_227" = "1627390467"
"a4_226" = "1620221346"
"a4_225" = "1613052225"
"a4_224" = "1605883104"
"a1_615" = "2938199378"
"a2_459" = "3290620424"
"a1_614" = "212083967"
"a1_149" = "520850285"
"a1_148" = "2266973529"
"a1_143" = "965896569"
"a1_142" = "2870599571"
"a1_141" = "796508675"
"a1_140" = "1326189509"
"a1_147" = "676054013"
"a1_146" = "1569605519"
"a1_145" = "2937079471"
"a1_144" = "2313810252"
"a2_203" = "1455325372"
"a2_202" = "1448158121"
"a2_201" = "1440991582"
"a2_200" = "1433826757"
"a2_207" = "1484013556"
"a2_206" = "1476844139"
"a2_205" = "1469661420"
"a2_204" = "1462494765"
"a2_209" = "1498342674"
"a2_208" = "1491177778"
"a2_519" = "3720779498"
"a2_518" = "3713611913"
"a2_517" = "3706431589"
"a2_516" = "3699274070"
"a2_515" = "3692099320"
"a2_514" = "3684932901"
"a2_513" = "3677763906"
"a2_512" = "3670596198"
"a2_511" = "3663414182"
"a2_510" = "3656246445"
"a2_337" = "2415999947"
"a2_336" = "2408817760"
"a2_335" = "2401651969"
"a2_334" = "2394484695"
"a2_333" = "2387315222"
"a2_332" = "2380148867"
"a2_331" = "2372981966"
"a2_330" = "2365800748"
"a1_554" = "2569515187"
"a1_555" = "2935078418"
"a1_556" = "1019978433"
"a1_557" = "2470714289"
"a3_242" = "1718323611"
"a1_551" = "222264987"
"a2_339" = "2430333475"
"a2_338" = "2423168421"
"a3_243" = "1725243962"
"a1_398" = "3415219098"
"a1_399" = "3084205693"
"a1_392" = "3378807256"
"a1_393" = "3952503706"
"a1_390" = "382820248"
"a1_391" = "790024940"
"a1_396" = "2676536951"
"a1_397" = "2166965177"
"a1_394" = "203760923"
"a1_395" = "1421271317"
"a3_116" = "814879197"
"a3_117" = "821922428"
"a3_114" = "834001179"
"a3_115" = "807894458"
"a3_112" = "785940569"
"a3_113" = "826942712"
"a3_110" = "771902343"
"a3_111" = "778955814"
"a1_49" = "2568109536"
"a1_48" = "4015190302"
"a3_554" = "3988280259"
"a3_118" = "862924447"
"a3_119" = "869974846"
"a3_202" = "1465015971"
"a3_203" = "1472066242"
"a3_200" = "1416954337"
"a3_201" = "1424013824"
"a3_206" = "1493543975"
"a3_207" = "1500987462"
"a3_204" = "1445500773"
"a3_205" = "1452936068"
"a1_197" = "316210910"
"a3_208" = "1508041977"
"a3_209" = "1481480472"
"a3_592" = "4261104249"
"a3_593" = "4234604184"
"a3_590" = "4246617511"
"a3_591" = "4253667782"
"a3_596" = "4289649661"
"a3_597" = "4263017500"
"a3_594" = "4241589051"
"a3_595" = "4282591066"
"a3_598" = "4270526655"
"a3_599" = "4277581022"
"a3_578" = "4160735531"
"a3_579" = "4134104394"
"a3_570" = "4069660115"
"a3_571" = "4076703346"
"a3_572" = "4117701269"
"a3_573" = "4124755764"
"a3_574" = "4098128727"
"a3_575" = "4105641974"
"a3_576" = "4146245737"
"a3_577" = "4153169032"
"a1_191" = "2457415943"
"a2_17" = "121877532"
"a2_16" = "114711538"
"a2_15" = "107542671"
"a2_14" = "100361112"
"a2_13" = "93193702"
"a2_12" = "86020422"
"a2_11" = "78860130"
"a2_10" = "71694657"
"a1_592" = "2736896737"
"a2_19" = "136206101"
"a2_18" = "129045441"
"a4_11" = "78860331"
"a4_10" = "71691210"
"a4_13" = "93198573"
"a4_12" = "86029452"
"a4_15" = "107536815"
"a4_14" = "100367694"
"a4_17" = "121875057"
"a4_16" = "114705936"
"a4_19" = "136213299"
"a4_18" = "129044178"
"a1_595" = "2818641981"
"a1_596" = "1113366157"
"a1_597" = "199682185"
"a1_608" = "3171345272"
"a1_609" = "1425865073"
"a3_378" = "2693094675"
"a3_379" = "2700145074"
"a3_372" = "2683746013"
"a3_373" = "2657102716"
"a3_370" = "2669182491"
"a3_371" = "2676691642"
"a3_376" = "2712142929"
"a3_377" = "2686171376"
"a3_374" = "2664681375"
"a3_375" = "2705154110"
"a3_488" = "3515101889"
"a3_489" = "3522680672"
"a3_484" = "3486690637"
"a3_485" = "3460055532"
"a1_661" = "3005459488"
"a3_127" = "927442486"
"a1_189" = "3671103830"
"a1_188" = "1799419886"
"a1_187" = "1615806817"
"a1_186" = "1911998004"
"a4_586" = "4201104906"
"a4_587" = "4208274027"
"a4_584" = "4186766664"
"a4_585" = "4193935785"
"a4_582" = "4172428422"
"a4_583" = "4179597543"
"a4_580" = "4158090180"
"a4_581" = "4165259301"
"a4_588" = "4215443148"
"a4_589" = "4222612269"
"a3_645" = "312377932"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"
[HKCU\Software\Aas]
"a4_218" = "1562868378"
"a4_219" = "1570037499"
"a4_216" = "1548530136"
"a4_217" = "1555699257"
"a4_214" = "1534191894"
"a4_215" = "1541361015"
"a4_212" = "1519853652"
"a4_213" = "1527022773"
"a4_210" = "1505515410"
"a4_211" = "1512684531"
"a4_458" = "3283457418"
"a4_459" = "3290626539"
"a4_108" = "774265068"
"a4_109" = "781434189"
"a4_102" = "731250342"
"a4_103" = "738419463"
"a4_100" = "716912100"
"a4_101" = "724081221"
"a4_106" = "759926826"
"a4_107" = "767095947"
"a4_104" = "745588584"
"a4_105" = "752757705"
"a1_605" = "3299822176"
"a1_558" = "1834681911"
"a1_559" = "4103874960"
"a1_606" = "96235696"
"a1_178" = "1912971812"
"a1_179" = "730335372"
"a1_176" = "3887838701"
"a1_177" = "3968330819"
"a1_174" = "3338827185"
"a1_175" = "1201982987"
"a1_172" = "4264032240"
"a1_173" = "2425576916"
"a1_170" = "2040442637"
"a1_171" = "2731775894"
"a1_550" = "2177742376"
"a2_236" = "1691921387"
"a2_237" = "1699084584"
"a2_234" = "1677581454"
"a2_235" = "1684749456"
"a2_232" = "1663230408"
"a2_233" = "1670399337"
"a2_230" = "1648900113"
"a2_231" = "1656063104"
"a1_553" = "1348509249"
"a2_238" = "1706249577"
"a2_239" = "1713416415"
"a2_522" = "3742284581"
"a2_523" = "3749447116"
"a2_520" = "3727945823"
"a2_521" = "3735120486"
"a2_526" = "3770951919"
"a2_527" = "3778133369"
"a2_524" = "3756617435"
"a2_525" = "3763762018"
"a2_528" = "3785298249"
"a2_529" = "3792457632"
"a1_626" = "2183096463"
"a1_627" = "4034408648"
"a1_624" = "249893582"
"a1_549" = "4230882642"
"a1_548" = "639339372"
"a1_547" = "944696817"
"a1_546" = "3483589309"
"a1_545" = "2318328118"
"a1_544" = "1123130738"
"a1_543" = "1438376682"
"a1_542" = "699972581"
"a1_541" = "1917276726"
"a1_540" = "4201540128"
"a2_658" = "422322552"
"a2_659" = "429490116"
"a2_308" = "2208096022"
"a2_309" = "2215250628"
"a2_302" = "2165077054"
"a2_303" = "2172246983"
"a2_300" = "2150741579"
"a2_301" = "2157908270"
"a2_306" = "2193747373"
"a2_307" = "2200926148"
"a2_304" = "2179404760"
"a2_305" = "2186579638"
"a1_389" = "1607177432"
"a1_388" = "1558794329"
"a1_385" = "263749340"
"a1_384" = "4151430075"
"a1_387" = "544906526"
"a1_386" = "2229294209"
"a1_381" = "1220921825"
"a1_380" = "2010458325"
"a1_383" = "3227375062"
"a1_382" = "1630278811"
"a1_58" = "1286596545"
"a1_59" = "2941743340"
"a1_56" = "1943336018"
"a1_57" = "440955335"
"a1_54" = "2502170815"
"a1_55" = "4211462429"
"a1_52" = "1384394475"
"a1_53" = "1633336954"
"a1_50" = "1952892070"
"a1_51" = "2146740492"
"a3_215" = "1524377438"
"a3_214" = "1517454143"
"a3_217" = "1572437008"
"a3_216" = "1565514737"
"a3_211" = "1529532890"
"a3_210" = "1488928187"
"a3_213" = "1510469276"
"a3_212" = "1536445053"
"a1_616" = "526011397"
"a3_219" = "1553446098"
"a3_218" = "1545867443"
"a3_585" = "4177070976"
"a3_584" = "4170159969"
"a3_587" = "4225122370"
"a3_586" = "4217678883"
"a3_581" = "4182227468"
"a3_580" = "4141089261"
"a3_583" = "4162646734"
"a3_582" = "4189150895"
"a3_589" = "4205615364"
"a3_588" = "4198622437"
"a3_569" = "4062671280"
"a3_568" = "4088782097"
"a3_563" = "4052790138"
"a3_562" = "4045747931"
"a3_561" = "4005270200"
"a3_560" = "3997761049"
"a3_567" = "4081727742"
"a3_566" = "4040721503"
"a3_565" = "4033732668"
"a3_564" = "4026683293"
"a3_109" = "798021476"
"a3_108" = "790966981"
"a3_101" = "707522668"
"a3_100" = "733503437"
"a3_103" = "754977070"
"a3_102" = "714511503"
"a3_105" = "769475040"
"a3_104" = "762555713"
"a3_107" = "750493346"
"a3_106" = "742980099"
"a1_586" = "2274282261"
"a1_619" = "4134943150"
"a1_618" = "3599979412"
"a3_369" = "2628699640"
"a3_368" = "2621645145"
"a3_365" = "2600170596"
"a3_364" = "2592723909"
"a3_367" = "2647756070"
"a3_366" = "2640767111"
"a3_361" = "2604787424"
"a3_360" = "2564178497"
"a3_363" = "2585673634"
"a3_362" = "2611780355"
"a4_520" = "3727942920"
"a4_521" = "3735112041"
"a1_584" = "2349082424"
"a4_522" = "3742281162"
"a2_62" = "444485725"
"a4_523" = "3749450283"
"a2_63" = "451653342"
"a4_524" = "3756619404"
"a2_60" = "430153594"
"a4_525" = "3763788525"
"a2_61" = "437318989"
"a4_526" = "3770957646"
"a2_66" = "473154162"
"a4_527" = "3778126767"
"a2_67" = "480334334"
"a2_64" = "458819551"
"a2_65" = "465986158"
"a4_599" = "4294303479"
"a4_598" = "4287134358"
"a4_591" = "4236950511"
"a4_590" = "4229781390"
"a4_593" = "4251288753"
"a4_592" = "4244119632"
"a4_595" = "4265626995"
"a4_594" = "4258457874"
"a4_597" = "4279965237"
"a4_596" = "4272796116"
"a1_41" = "1765728573"
"a1_40" = "420709013"
"a1_43" = "2862372114"
"a1_42" = "3112843057"
"a1_45" = "28551135"
"a1_44" = "1189918353"
"a1_47" = "762911384"
"a1_46" = "3888509213"
"a4_201" = "1440993321"
"a4_200" = "1433824200"
"a4_203" = "1455331563"
"a4_202" = "1448162442"
"a4_205" = "1469669805"
"a4_204" = "1462500684"
"a4_207" = "1484008047"
"a4_206" = "1476838926"
"a4_209" = "1498346289"
"a4_208" = "1491177168"
"a4_449" = "3218935329"
"a4_448" = "3211766208"
"a4_119" = "853125399"
"a4_118" = "845956278"
"a4_115" = "824448915"
"a4_114" = "817279794"
"a4_117" = "838787157"
"a4_116" = "831618036"
"a4_111" = "795772431"
"a4_110" = "788603310"
"a4_113" = "810110673"
"a4_112" = "802941552"
"a4_565" = "4050553365"
"a4_566" = "4057722486"
"a1_161" = "4112282700"
"a1_160" = "44858397"
"a1_163" = "1524588157"
"a1_162" = "1701355823"
"a1_165" = "3765861342"
"a1_164" = "2294443133"
"a1_167" = "3426868981"
"a1_166" = "3157412444"
"a1_169" = "192655701"
"a1_168" = "1306551574"
"a2_535" = "3835486060"
"a2_534" = "3828302615"
"a2_537" = "3849824947"
"a2_536" = "3842653928"
"a2_531" = "3806794866"
"a2_530" = "3799633631"
"a2_533" = "3821135266"
"a2_532" = "3813967101"
"a2_539" = "3864153868"
"a2_538" = "3856986027"
"a4_447" = "3204597087"
"a1_572" = "389587402"
"a1_573" = "1087857413"
"a1_570" = "3659354531"
"a1_571" = "2737838823"
"a1_576" = "486802928"
"a1_577" = "2892142443"
"a1_574" = "2677259458"
"a1_575" = "1217149842"
"a1_578" = "28407255"
"a1_579" = "1083143212"
"a2_649" = "357789334"
"a2_648" = "350619663"
"a2_319" = "2286947894"
"a2_318" = "2279773533"
"a2_315" = "2258277512"
"a2_314" = "2251099024"
"a2_317" = "2272613818"
"a2_316" = "2265447845"
"a2_311" = "2229593672"
"a2_310" = "2222431108"
"a2_313" = "2243928803"
"a2_312" = "2236762283"
"a2_229" = "1641733124"
"a2_228" = "1634551779"
"a2_221" = "1584378330"
"a2_220" = "1577214107"
"a2_223" = "1598706514"
"a2_222" = "1591553999"
"a2_225" = "1613044598"
"a2_224" = "1605881210"
"a2_227" = "1627397994"
"a2_226" = "1620214044"
"a1_370" = "1407353372"
"a1_371" = "3296461310"
"a1_372" = "3316248380"
"a1_373" = "1865613067"
"a1_374" = "1854628469"
"a1_375" = "2414418732"
"a1_376" = "3134327298"
"a1_377" = "2575140522"
"a1_378" = "1009720931"
"a1_379" = "1820140710"
"a3_36" = "241268621"
"a3_37" = "248309804"
"a3_183" = "1328655230"
"a1_29" = "2982343586"
"a1_28" = "3638591177"
"a1_590" = "3086562526"
"a1_23" = "3866426633"
"a1_22" = "4032711274"
"a1_21" = "1168015750"
"a1_20" = "3932891432"
"a1_27" = "233808366"
"a1_26" = "1553048961"
"a1_25" = "410155095"
"a1_24" = "1413698870"
"a1_284" = "1290237138"
"a1_285" = "777938856"
"a1_286" = "1098861576"
"a1_287" = "4235066565"
"a1_280" = "232207526"
"a1_281" = "3677215664"
"a1_282" = "2052474208"
"a1_283" = "3380971655"
"a3_31" = "205278614"
"a1_288" = "2462627224"
"a1_289" = "3211003609"
"a1_591" = "2862029882"
"a3_32" = "212854281"
"a3_558" = "4017332551"
"a3_559" = "4024255974"
"a3_556" = "3969214597"
"a3_557" = "4009757988"
"a1_552" = "4212558305"
"a3_555" = "3962303586"
"a3_552" = "3940752129"
"a3_553" = "3981361056"
"a3_550" = "3926311503"
"a3_551" = "3933234926"
"a1_598" = "2324828864"
"a1_599" = "2807513669"
"a3_178" = "1292673371"
"a3_179" = "1300121082"
"a3_174" = "1264145351"
"a3_175" = "1271198822"
"a3_176" = "1245079705"
"a3_177" = "1252068664"
"a3_170" = "1235731011"
"a3_171" = "1209100002"
"a3_172" = "1216092933"
"a3_173" = "1223671716"
"a2_31" = "222248192"
"a2_30" = "215078011"
"a2_33" = "236579355"
"a2_32" = "229415879"
"a2_35" = "250912859"
"a2_34" = "243759055"
"a2_37" = "265265362"
"a2_36" = "258081816"
"a2_39" = "279599180"
"a2_38" = "272432766"
"a3_486" = "3467639311"
"a3_487" = "3508182702"
"a3_480" = "3424608201"
"a3_481" = "3431657576"
"a3_482" = "3438646411"
"a3_483" = "3479636266"
"a2_584" = "4186760209"
"a4_79" = "566360559"
"a4_78" = "559191438"
"a2_585" = "4193941971"
"a4_73" = "523345833"
"a4_72" = "516176712"
"a4_71" = "509007591"
"a4_70" = "501838470"
"a4_77" = "552022317"
"a4_76" = "544853196"
"a4_75" = "537684075"
"a4_74" = "530514954"
"a3_642" = "324456811"
"a3_390" = "2812641775"
"a3_391" = "2786540046"
"a3_392" = "2793594529"
"a3_393" = "2800513728"
"a3_394" = "2841581411"
"a3_395" = "2848623490"
"a3_396" = "2821991461"
"a3_397" = "2829566020"
"a3_398" = "2870043879"
"a3_399" = "2877036806"
"a1_529" = "2004643018"
"a1_625" = "949394335"
"a1_622" = "4091197971"
"a1_623" = "3661848662"
"a1_620" = "3955175206"
"a1_621" = "1994313465"
"a3_643" = "331380106"
[HKCU\Software\Aas\695404737]
"7169121" = "200"
[HKCU\Software\Aas]
"a1_528" = "93162203"
"a2_588" = "4215444625"
"a2_589" = "4222571142"
"a4_199" = "1426655079"
"a3_505" = "3603458416"
"a3_504" = "3596547281"
"a2_363" = "2602385740"
"a3_507" = "3651577394"
"a3_506" = "3644525971"
"a3_501" = "3608550396"
"a3_500" = "3568002909"
"a3_503" = "3623047358"
"a3_502" = "3615603743"
"a3_644" = "305393197"
"a4_274" = "1964339154"
"a4_275" = "1971508275"
"a4_276" = "1978677396"
"a4_277" = "1985846517"
"a4_270" = "1935662670"
"a4_271" = "1942831791"
"a4_272" = "1950000912"
"a4_273" = "1957170033"
"a4_278" = "1993015638"
"a4_279" = "2000184759"
"a4_478" = "3426839838"
"a4_479" = "3434008959"
"a4_476" = "3412501596"
"a4_477" = "3419670717"
"a4_474" = "3398163354"
"a4_475" = "3405332475"
"a4_472" = "3383825112"
"a4_473" = "3390994233"
"a4_470" = "3369486870"
"a4_471" = "3376655991"
"a4_308" = "2208089268"
"a4_309" = "2215258389"
"a4_300" = "2150736300"
"a4_301" = "2157905421"
"a4_302" = "2165074542"
"a4_303" = "2172243663"
"a4_304" = "2179412784"
"a4_305" = "2186581905"
"a4_306" = "2193751026"
"a4_307" = "2200920147"
"a1_114" = "677036399"
"a1_115" = "3513015843"
"a1_116" = "2865429706"
"a1_117" = "1665741793"
"a1_110" = "1053745680"
"a1_111" = "3753476276"
"a1_112" = "3718780493"
"a1_113" = "3426853853"
"a1_118" = "1768937964"
"a1_119" = "1792249678"
"a4_576" = "4129413696"
"a2_498" = "3570229063"
"a2_499" = "3577394519"
"a2_492" = "3527210879"
"a2_493" = "3534378768"
"a2_490" = "3512875997"
"a2_491" = "3520041036"
"a2_496" = "3555877147"
"a2_497" = "3563058752"
"a2_494" = "3541538054"
"a2_495" = "3548711344"
"a4_570" = "4086398970"
"a1_565" = "2849315086"
"a1_564" = "1564670468"
"a1_567" = "2317217282"
"a1_566" = "2395236292"
"a1_561" = "3441727975"
"a1_560" = "2624377577"
"a1_563" = "44648161"
"a1_562" = "2958569391"
"a1_569" = "3146486471"
"a1_568" = "3689860719"
"a1_525" = "3868371892"
"a2_670" = "508342147"
"a2_671" = "515507129"
"a2_258" = "1849635027"
"a2_259" = "1856804663"
"a2_254" = "1820951871"
"a2_255" = "1828119247"
"a2_256" = "1835300888"
"a2_257" = "1842467616"
"a2_250" = "1792288107"
"a2_251" = "1799451412"
"a2_252" = "1806625873"
"a2_253" = "1813786231"
"a1_363" = "1321269303"
"a1_362" = "999026752"
"a1_361" = "419157363"
"a1_360" = "3907062688"
"a1_367" = "506528342"
"a1_366" = "2756298211"
"a1_365" = "1649929268"
"a1_364" = "2508556881"
"a1_369" = "301041663"
"a1_368" = "2956653167"
"a1_38" = "2161171421"
"a1_39" = "3102893545"
"a1_30" = "1467456272"
"a1_31" = "4109477493"
"a1_32" = "3227178394"
"a1_33" = "853762137"
"a1_34" = "717846361"
"a1_35" = "197147377"
"a1_36" = "4201006825"
"a1_37" = "3865557463"
"a1_297" = "1478786727"
"a1_296" = "1954203130"
"a1_295" = "2138493342"
"a1_294" = "3894008411"
"a1_293" = "2267909210"
"a1_292" = "3194031609"
"a1_291" = "980855353"
"a1_290" = "1562544076"
"a1_299" = "2859678519"
"a1_298" = "2567776342"
"a1_600" = "3412920805"
"a2_668" = "493997617"
"a1_601" = "18766085"
"a4_286" = "2050368606"
"a1_602" = "1001866564"
"a2_108" = "774273127"
"a2_109" = "781428178"
"a1_603" = "2203999522"
"a2_100" = "716909801"
"a2_101" = "724075026"
"a2_102" = "731241183"
"a2_103" = "738426722"
"a2_104" = "745590845"
"a2_105" = "752760695"
"a2_106" = "759924421"
"a2_107" = "767094404"
"a3_541" = "3861793492"
"a3_540" = "3887912629"
"a3_543" = "3909387158"
"a3_542" = "3868847991"
"a3_545" = "3923892392"
"a3_544" = "3916833801"
"a3_547" = "3904770410"
"a3_546" = "3897785547"
"a3_549" = "3952815660"
"a3_548" = "3945379213"
"a1_607" = "3526240977"
"a1_589" = "1818855776"
"a1_588" = "2542857595"
"a3_169" = "1228156448"
"a3_168" = "1187689857"
"a3_167" = "1180635502"
"a3_166" = "1206680783"
"a3_165" = "1199757484"
"a3_164" = "1192698893"
"a3_163" = "1151697898"
"a3_162" = "1144713035"
"a3_161" = "1171213096"
"a3_160" = "1163777673"
"a2_28" = "200729745"
"a2_29" = "207912236"
"a2_26" = "186394163"
"a2_27" = "193574878"
"a2_24" = "172061447"
"a2_25" = "179231714"
"a2_22" = "157712663"
"a2_23" = "164894729"
"a2_20" = "143376638"
"a2_21" = "150545667"
"a4_68" = "487500228"
"a4_69" = "494669349"
"a4_60" = "430147260"
"a4_61" = "437316381"
"a4_62" = "444485502"
"a4_63" = "451654623"
"a4_64" = "458823744"
"a4_65" = "465992865"
"a4_66" = "473161986"
"a4_67" = "480331107"
"a2_7" = "50175868"
"a2_6" = "43011689"
"a2_5" = "35842835"
"a2_4" = "28673229"
"a2_3" = "21499074"
"a2_2" = "14340165"
"a2_1" = "7161266"
"a2_0" = "7926"
"a1_639" = "3896641357"
"a1_638" = "351951842"
"a3_389" = "2805656908"
"a3_388" = "2765048109"
"a2_9" = "64526692"
"a2_8" = "57359591"
"a4_5" = "35845605"
"a4_4" = "28676484"
"a4_7" = "50183847"
"a4_6" = "43014726"
"a4_1" = "7169121"
"a4_0" = "0"
"a4_3" = "21507363"
"a4_2" = "14338242"
"a4_9" = "64522089"
"a4_8" = "57352968"
"a1_532" = "19394761"
"a1_533" = "725520296"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 C6 08 DC D2 40 9B E0 2A 3E 01 66 E0 B4 58 10"
[HKCU\Software\Aas]
"a1_538" = "4024840288"
"a1_539" = "3467017826"
"a4_267" = "1914155307"
"a4_266" = "1906986186"
"a4_265" = "1899817065"
"a4_264" = "1892647944"
"a4_263" = "1885478823"
"a4_262" = "1878309702"
"a4_261" = "1871140581"
"a4_260" = "1863971460"
[HKCU\Software\Aas\695404737]
"43014726" = "0B00687474703A2F2F646967697475726B2E6164736C2E636F6D2E74722F706963747572655F6C6962726172792F6C6F676F2E67696600687474703A2F2F7777772E6962726168696D7265622E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F696E666F636F6D6D73797374656D732E636F6D2F627574746F6E2E67696600687474703A2F2F6C6176616E79616372656174696F6E2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F6265646176612D636861742E636F6D2F627574746F6E2E67696600687474703A2F2F66726573686D69727A612E746B2F6C6F676F2E67696600687474703A2F2F72616469616E746A6577656C63726166742E636F6D2F696D616765732F627574746F6E2E67696600687474703A2F2F736574732D686D2E746B2F6C6F676F2E67696600687474703A2F2F7777772E6A61726167726F75702E636F6D2E61722F696D672F6C6F676F2E67696600687474703A2F2F62657374696E666F2E76762E73692F696D672F6C6F676F2E67696600687474703A2F2F766564646167726F75702E74776F6D696E692E636F6D2F696D672F6C6F676F5F6267672E676966"
[HKCU\Software\Aas]
"a4_269" = "1928493549"
"a4_268" = "1921324428"
"a4_461" = "3304964781"
"a4_460" = "3297795660"
"a4_463" = "3319303023"
"a4_462" = "3312133902"
"a4_465" = "3333641265"
"a4_464" = "3326472144"
"a4_467" = "3347979507"
"a4_466" = "3340810386"
"a4_469" = "3362317749"
"a4_468" = "3355148628"
"a2_560" = "4014706643"
"a4_319" = "2286949599"
"a4_318" = "2279780478"
"a4_313" = "2243934873"
"a4_312" = "2236765752"
"a4_311" = "2229596631"
"a4_310" = "2222427510"
"a4_317" = "2272611357"
"a4_316" = "2265442236"
"a4_315" = "2258273115"
"a4_314" = "2251103994"
"a3_130" = "915379051"
"a3_131" = "922302346"
"a3_132" = "962897965"
"a1_107" = "4033194236"
"a1_106" = "3763463269"
"a1_105" = "2582566779"
"a1_104" = "901487910"
"a1_103" = "528886739"
"a1_102" = "3103703515"
"a1_101" = "2561176862"
"a1_100" = "223364025"
"a3_134" = "943841519"
"a1_109" = "1254879221"
"a1_62" = "4027847350"
"a1_61" = "3098738855"
"a3_137" = "998890944"
"a2_489" = "3505695690"
"a2_488" = "3498525843"
"a2_485" = "3477015384"
"a2_484" = "3469860548"
"a2_487" = "3491360744"
"a2_486" = "3484192140"
"a2_481" = "3448344198"
"a2_480" = "3441175744"
"a2_483" = "3462676676"
"a2_482" = "3455509425"
"a3_145" = "1022800088"
"a3_144" = "1015749817"
"a3_147" = "1070844314"
"a2_661" = "443822608"
"a2_660" = "436656019"
"a2_663" = "458150653"
"a3_146" = "1063277947"
"a2_665" = "472491582"
"a2_664" = "465322820"
"a2_667" = "486842354"
"a2_666" = "479673301"
"a2_669" = "501173022"
"a3_141" = "1027810116"
"a3_140" = "986812197"
"a3_143" = "1008236550"
"a2_249" = "1785118707"
"a2_248" = "1777936222"
"a2_247" = "1770767510"
"a2_246" = "1763595665"
"a2_245" = "1756432386"
"a2_244" = "1749267451"
"a2_243" = "1742102268"
"a2_242" = "1734933032"
"a2_241" = "1727750992"
"a2_240" = "1720582279"
"a1_356" = "424898184"
"a1_357" = "3467546235"
"a1_354" = "1876595690"
"a1_355" = "3275365594"
"a1_352" = "3393258718"
"a1_353" = "3976597781"
"a1_350" = "1214670115"
"a1_351" = "2445369562"
"a3_639" = "269411382"
"a1_358" = "2729481570"
"a1_359" = "2007699295"
"a3_638" = "295912343"
"a2_119" = "853127309"
"a2_118" = "845961427"
"a2_113" = "810113926"
"a2_112" = "802900209"
"a2_111" = "795780386"
"a2_110" = "788608865"
"a2_117" = "838779768"
"a2_116" = "831612039"
"a2_115" = "824445379"
"a2_114" = "817277133"
"a3_534" = "3844868223"
"a3_535" = "3852446878"
"a3_536" = "3825811761"
"a3_537" = "3832866128"
"a3_530" = "3816471291"
"a3_531" = "3823394586"
"a3_532" = "3797414845"
"a3_533" = "3804403676"
"a3_538" = "3840383475"
"a3_539" = "3880858130"
"a3_152" = "1106310065"
"a3_153" = "1080268752"
"a3_150" = "1092336383"
"a3_151" = "1099259678"
"a3_156" = "1135231285"
"a3_157" = "1108731220"
"a3_154" = "1087178867"
"a3_155" = "1127787666"
"a3_628" = "223959005"
"a3_629" = "231000188"
"a3_158" = "1115724279"
"a3_159" = "1123168790"
"a2_59" = "422984748"
"a2_58" = "415802093"
"a2_53" = "379965874"
"a2_52" = "372800172"
"a2_51" = "365618616"
"a2_50" = "358449961"
"a2_57" = "408634876"
"a2_56" = "401467443"
"a2_55" = "394310606"
"a2_54" = "387136059"
"a4_55" = "394301655"
"a4_54" = "387132534"
"a4_57" = "408639897"
"a4_56" = "401470776"
"a4_51" = "365625171"
"a4_50" = "358456050"
"a4_53" = "379963413"
"a4_52" = "372794292"
"a3_440" = "3171413137"
"a3_441" = "3178398000"
"a3_442" = "3185321299"
"a3_443" = "3159349746"
"a4_59" = "422978139"
"a4_58" = "415809018"
"a3_446" = "3214379735"
"a3_447" = "3187748726"
"a1_644" = "1422518346"
"a1_645" = "1236396575"
"a1_646" = "1730295443"
"a1_647" = "1750964979"
"a1_640" = "2928205017"
"a1_641" = "3571855413"
"a1_642" = "2337207823"
"a1_643" = "381655034"
"a1_648" = "3572903878"
"a1_649" = "1593710759"
[HKCU\Software\Aas\695404737]
"21507363" = "0"
[HKCU\Software\Aas]
"a3_459" = "3307312066"
"a3_458" = "3266772899"
"a3_451" = "3249847498"
"a4_670" = "508343774"
"a4_671" = "515512895"
"a3_450" = "3242793131"
"a1_604" = "2008347013"
"a1_654" = "740421019"
"a4_414" = "2968016094"
"a4_415" = "2975185215"
"a4_416" = "2982354336"
"a4_417" = "2989523457"
"a4_410" = "2939339610"
"a4_411" = "2946508731"
"a4_412" = "2953677852"
"a4_413" = "2960846973"
"a4_418" = "2996692578"
"a4_419" = "3003861699"
"a1_138" = "3044060439"
"a1_139" = "215549870"
"a1_132" = "1901345114"
"a1_133" = "286262076"
"a1_130" = "2779245851"
"a1_131" = "579855548"
"a1_136" = "2827231191"
"a1_137" = "3795210035"
"a1_134" = "654276241"
"a1_135" = "2569912181"
"a4_328" = "2351471688"
"a4_329" = "2358640809"
"a4_326" = "2337133446"
"a4_327" = "2344302567"
"a4_324" = "2322795204"
"a4_325" = "2329964325"
"a4_322" = "2308456962"
"a4_323" = "2315626083"
"a4_320" = "2294118720"
"a4_321" = "2301287841"
"a4_528" = "3785295888"
"a4_529" = "3792465009"
"a4_258" = "1849633218"
"a4_259" = "1856802339"
"a4_252" = "1806618492"
"a4_253" = "1813787613"
"a4_250" = "1792280250"
"a4_251" = "1799449371"
"a4_256" = "1835294976"
"a4_257" = "1842464097"
"a4_254" = "1820956734"
"a4_255" = "1828125855"
"a2_470" = "3369491860"
"a2_471" = "3376646737"
"a2_472" = "3383822568"
"a2_473" = "3390988761"
"a2_474" = "3398157719"
"a2_475" = "3405324572"
"a2_476" = "3412507731"
"a2_477" = "3419673174"
"a2_478" = "3426840804"
"a2_479" = "3434008025"
"a1_349" = "2521341431"
"a1_348" = "3230861962"
"a2_586" = "4201111133"
"a2_587" = "4208278992"
"a2_580" = "4158091987"
"a2_581" = "4165268980"
"a2_582" = "4172427129"
"a2_583" = "4179591484"
"a1_341" = "1527841535"
"a1_340" = "4151268484"
"a1_343" = "3862568121"
"a1_342" = "4150107816"
"a1_345" = "4090456688"
"a1_344" = "2679412481"
"a1_347" = "3067555666"
"a1_346" = "4110311385"
"a2_614" = "106878869"
"a2_615" = "114047831"
"a2_616" = "121214807"
"a2_617" = "128371997"
"a2_610" = "78198701"
"a2_611" = "85361732"
"a2_612" = "92528735"
"a2_613" = "99698679"
"a2_618" = "135557546"
"a2_619" = "142715660"
"a2_272" = "1950005941"
"a2_273" = "1957178984"
"a2_270" = "1935654942"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Aas]
"a2_276" = "1978675059"
"a2_277" = "1985854719"
"a2_274" = "1964341668"
"a2_275" = "1971503685"
"a2_278" = "1993022023"
"a2_279" = "2000189458"
"a2_298" = "2136406181"
"a2_299" = "2143557760"
"a2_290" = "2079043053"
"a2_291" = "2086208838"
"a2_292" = "2093377787"
"a2_293" = "2100557190"
"a2_294" = "2107723894"
"a2_295" = "2114892263"
"a2_296" = "2122059499"
"a2_297" = "2129226674"
"a1_594" = "3598537569"
"a4_450" = "3226104450"
"a4_451" = "3233273571"
"a4_452" = "3240442692"
"a4_453" = "3247611813"
"a2_128" = "917647056"
"a2_129" = "924814150"
"a2_126" = "903314909"
"a2_127" = "910479608"
"a2_124" = "888978053"
"a2_125" = "896147126"
"a2_122" = "874629393"
"a2_123" = "881795204"
"a2_120" = "860296715"
"a2_121" = "867462158"
"a3_35" = "267899754"
"a3_526" = "3787937127"
"a3_525" = "3780489412"
"a3_524" = "3739884709"
"a3_523" = "3732895746"
"a4_456" = "3269119176"
"a3_521" = "3751945024"
"a3_520" = "3744501537"
"a4_457" = "3276288297"
"a3_529" = "3809412696"
"a3_528" = "3768345145"
"a1_12" = "1314924754"
"a1_13" = "1069618842"
"a1_10" = "1888275971"
"a1_11" = "1527786134"
"a1_16" = "1272603054"
"a1_17" = "775534799"
"a1_14" = "1378156917"
"a1_15" = "398461051"
"a1_18" = "2911003297"
"a1_19" = "3664157509"
"a3_149" = "1051199068"
"a3_148" = "1044210237"
"a2_48" = "344116214"
"a2_49" = "351283430"
"a2_40" = "286765105"
"a2_41" = "293942851"
"a2_42" = "301099528"
"a2_43" = "308265158"
"a2_44" = "315449226"
"a2_45" = "322616644"
"a2_46" = "329782495"
"a2_47" = "336951208"
"a4_42" = "301103082"
"a4_43" = "308272203"
"a4_40" = "286764840"
"a4_41" = "293933961"
"a4_46" = "329779566"
"a4_47" = "336948687"
"a4_44" = "315441324"
"a4_45" = "322610445"
"a3_453" = "3230791052"
"a3_452" = "3223736685"
"a4_48" = "344117808"
"a4_49" = "351286929"
"a3_457" = "3259718400"
"a3_456" = "3285821153"
"a3_455" = "3278766670"
"a3_454" = "3271781935"
"a1_657" = "2305181092"
"a1_656" = "2488441830"
"a1_655" = "3142760449"
"a1_632" = "339251888"
"a1_653" = "3373063377"
"a1_652" = "2545913429"
"a1_651" = "1027863541"
"a1_650" = "1901569799"
"a1_659" = "1903686301"
"a1_658" = "2534678044"
"a3_18" = "112354555"
"a3_19" = "152901914"
"a3_14" = "83367783"
"a3_15" = "124488582"
"a3_16" = "131411001"
"a3_17" = "104906840"
"a3_10" = "88506851"
"a3_11" = "95435266"
"a3_12" = "69459621"
"a3_13" = "76378820"
"a3_240" = "1737322713"
"a3_248" = "1761236945"
"a2_172" = "1233086155"
"a4_663" = "458159927"
"a4_662" = "450990806"
"a4_661" = "443821685"
"a4_660" = "436652564"
"a4_667" = "486836411"
"a4_666" = "479667290"
"a4_665" = "472498169"
"a4_664" = "465329048"
"a4_669" = "501174653"
"a4_668" = "494005532"
"a1_635" = "1112555510"
"a2_644" = "321952174"
"a4_454" = "3254780934"
"a1_524" = "4179042772"
"a4_407" = "2917832247"
"a4_406" = "2910663126"
"a4_405" = "2903494005"
"a4_404" = "2896324884"
"a4_403" = "2889155763"
"a4_402" = "2881986642"
"a4_401" = "2874817521"
"a4_400" = "2867648400"
"a3_640" = "276404393"
"a4_409" = "2932170489"
"a4_408" = "2925001368"
"a3_641" = "283851976"
"a3_646" = "352855791"
"a3_647" = "360438542"
"a1_129" = "3487919144"
"a1_128" = "625567704"
"a1_125" = "469466470"
"a1_124" = "3701291142"
"a1_127" = "372474326"
"a1_126" = "3575796192"
"a1_121" = "1148690324"
"a1_120" = "1159607590"
"a1_123" = "2927685058"
"a1_122" = "1563996013"
"a4_331" = "2372979051"
"a4_330" = "2365809930"
"a4_333" = "2387317293"
"a4_332" = "2380148172"
"a4_335" = "2401655535"
"a4_334" = "2394486414"
"a4_337" = "2415993777"
"a4_336" = "2408824656"
"a4_339" = "2430332019"
"a4_338" = "2423162898"
"a4_539" = "3864156219"
"a4_538" = "3856987098"
"a4_249" = "1785111129"
"a4_248" = "1777942008"
"a4_245" = "1756434645"
"a4_244" = "1749265524"
"a4_247" = "1770772887"
"a4_246" = "1763603766"
"a4_241" = "1727758161"
"a4_240" = "1720589040"
"a4_243" = "1742096403"
"a4_242" = "1734927282"
"a1_634" = "3444038255"
"a2_463" = "3319307280"
"a2_462" = "3312136613"
"a2_461" = "3304971875"
"a2_460" = "3297790775"
"a2_467" = "3347973416"
"a2_466" = "3340804709"
"a2_465" = "3333649488"
"a2_464" = "3326474087"
"a2_469" = "3362320590"
"a2_468" = "3355156679"
"a2_597" = "4279960511"
"a2_596" = "4272794551"
"a2_595" = "4265635422"
"a2_594" = "4258461636"
"a1_338" = "3721622597"
"a1_339" = "2109007821"
"a2_591" = "4236947110"
"a2_590" = "4229778809"
"a1_334" = "2294128626"
"a1_335" = "2575217561"
"a1_336" = "2468802348"
"a1_337" = "111210474"
"a1_330" = "2775623281"
"a1_331" = "3982134078"
"a1_332" = "1892895634"
"a1_333" = "1301016733"
"a2_607" = "56696105"
"a2_606" = "49513801"
"a3_30" = "231909751"
"a2_604" = "35176916"
"a1_64" = "2954264817"
"a2_602" = "20847101"
"a2_601" = "13679878"
"a2_600" = "6512757"
"a2_609" = "71030212"
"a2_608" = "63863120"
"a2_265" = "1899819444"
"a2_264" = "1892656352"
"a2_267" = "1914154166"
"a2_266" = "1906987837"
"a2_261" = "1871134882"
"a2_260" = "1863967971"
"a2_263" = "1885470876"
"a2_262" = "1878304492"
"a2_269" = "1928487030"
"a2_268" = "1921332226"
"a1_482" = "3891040540"
"a1_483" = "3564751989"
"a2_289" = "2071874461"
"a2_288" = "2064709156"
"a1_486" = "1419921306"
"a1_487" = "1340842968"
"a1_484" = "631440879"
"a1_485" = "340578204"
"a2_283" = "2028855377"
"a2_282" = "2021691099"
"a2_281" = "2014526434"
"a2_280" = "2007356488"
"a2_287" = "2057543433"
"a2_286" = "2050375229"
"a2_285" = "2043192935"
"a2_284" = "2036038162"
"a3_522" = "3725445091"
"a4_446" = "3197427966"
"a1_637" = "2242107480"
"a1_240" = "1878445737"
"a1_241" = "1684997892"
"a1_242" = "2665612999"
"a1_243" = "1268969740"
"a1_244" = "2497792929"
"a1_245" = "1620074343"
"a1_246" = "3088341386"
"a1_247" = "1455133735"
"a1_248" = "2938972669"
"a1_249" = "2254502687"
"a4_445" = "3190258845"
"a2_131" = "939148692"
"a2_130" = "931980646"
"a2_133" = "953495818"
"a2_132" = "946329529"
"a2_135" = "967831927"
"a2_134" = "960671500"
"a2_137" = "982167216"
"a2_136" = "974998094"
"a2_139" = "996513686"
"a2_138" = "989346880"
"a2_79" = "566354127"
"a2_78" = "559188958"
"a3_288" = "2048100105"
"a3_289" = "2055027624"
"a3_184" = "1336102801"
"a3_282" = "2038692083"
"a3_283" = "2045680914"
"a3_280" = "1990631473"
"a3_281" = "2031109200"
"a3_286" = "2067091063"
"a3_287" = "2074141334"
"a3_284" = "2019045813"
"a3_285" = "2026624468"
"a3_606" = "66123703"
"a3_607" = "40004566"
"a3_604" = "52150005"
"a3_605" = "59069204"
"a3_602" = "4023859"
"a3_603" = "11016786"
"a3_600" = "23079281"
"a3_601" = "30657936"
"a3_608" = "46992457"
"a3_609" = "87597288"
"a1_583" = "3189126491"
"a1_582" = "683642048"
"a3_635" = "240424626"
"a1_581" = "2725441879"
"a1_580" = "928694136"
"a3_198" = "1436076335"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"
[HKCU\Software\Aas]
"a3_196" = "1388556397"
"a3_197" = "1429034124"
"a3_194" = "1407548331"
"a3_195" = "1380982730"
"a3_192" = "1393042153"
"a3_193" = "1400620808"
"a3_190" = "1345525207"
"a3_191" = "1352568438"
"a1_585" = "3581544338"
"a3_468" = "3338201981"
"a3_469" = "3379269532"
"a3_466" = "3324236475"
"a3_467" = "3331159770"
"a3_464" = "3343287801"
"a3_465" = "3350216216"
"a3_462" = "3295169831"
"a3_463" = "3302744390"
"a3_460" = "3314758757"
"a3_461" = "3321800836"
"a1_468" = "3998459917"
"a1_469" = "2064868859"
"a3_518" = "3696916079"
"a3_519" = "3703958158"
"a1_460" = "4071651605"
"a1_461" = "53458903"
"a1_462" = "2502512472"
"a1_463" = "4132305458"
"a1_464" = "3534143769"
"a1_465" = "1450870776"
"a1_466" = "71837865"
"a1_467" = "2434851492"
"a3_29" = "224867540"
"a3_28" = "183865525"
"a1_668" = "2015651346"
"a1_669" = "825542227"
"a3_21" = "167399900"
"a3_20" = "159956413"
"a3_23" = "148336286"
"a3_22" = "140888703"
"a3_25" = "195929936"
"a3_24" = "188875569"
"a3_27" = "176880658"
"a3_26" = "169827315"
"a3_499" = "3560555322"
"a3_498" = "3587059355"
"a3_497" = "3579611768"
"a3_496" = "3539014105"
"a3_495" = "3532029350"
"a3_494" = "3524581639"
"a3_493" = "3551077604"
"a3_492" = "3544154181"
"a3_491" = "3503090722"
"a3_527" = "3761424774"
"a3_490" = "3496037251"
"a4_656" = "407976080"
"a4_657" = "415145201"
"a4_654" = "393637838"
"a4_655" = "400806959"
"a4_652" = "379299596"
"a4_653" = "386468717"
"a4_650" = "364961354"
"a4_651" = "372130475"
"a4_658" = "422314322"
"a4_659" = "429483443"
"a2_656" = "407971489"
"a4_438" = "3140074998"
"a4_439" = "3147244119"
"a4_432" = "3097060272"
"a4_433" = "3104229393"
"a4_430" = "3082722030"
"a4_431" = "3089891151"
"a4_436" = "3125736756"
"a4_437" = "3132905877"
"a4_434" = "3111398514"
"a4_435" = "3118567635"
"a4_344" = "2466177624"
"a4_345" = "2473346745"
"a4_346" = "2480515866"
"a4_347" = "2487684987"
"a4_340" = "2437501140"
"a4_341" = "2444670261"
"a4_342" = "2451839382"
"a4_343" = "2459008503"
"a4_348" = "2494854108"
"a4_349" = "2502023229"
"a4_508" = "3641913468"
"a4_509" = "3649082589"
"a4_506" = "3627575226"
"a4_507" = "3634744347"
"a4_504" = "3613236984"
"a4_505" = "3620406105"
"a4_502" = "3598898742"
"a4_503" = "3606067863"
"a4_500" = "3584560500"
"a4_501" = "3591729621"
"a3_383" = "2729068342"
"a3_382" = "2721620631"
"a3_381" = "2748124788"
"a2_456" = "3269121759"
"a2_457" = "3276280324"
"a2_454" = "3254787549"
"a3_380" = "2741212629"
"a2_452" = "3240437730"
"a2_453" = "3247604994"
"a2_450" = "3226102927"
"a2_451" = "3233269804"
"a3_387" = "2757612682"
"a3_633" = "259938800"
"a2_458" = "3283452525"
"a3_386" = "2784112747"
"a3_385" = "2776670152"
"a3_384" = "2769681321"
"a3_632" = "252486993"
"a1_329" = "2526553213"
"a1_328" = "2988360064"
"a1_327" = "3918546618"
"a1_326" = "565168863"
"a1_325" = "2441977334"
"a1_324" = "3951287669"
"a1_323" = "131460573"
"a1_322" = "3004776855"
"a1_321" = "1546461882"
"a1_320" = "4089860228"
"a2_650" = "364953681"
"a1_436" = "2577907424"
"a3_631" = "211878206"
"a2_652" = "379305783"
"a2_653" = "386472978"
"a2_654" = "393640323"
"a2_655" = "400805516"
"a3_630" = "204893343"
"a2_657" = "415139472"
"a1_495" = "1219959346"
"a1_494" = "2507753746"
"a1_497" = "1961362748"
"a1_496" = "806227373"
"a1_491" = "1367970318"
"a1_490" = "3532633732"
"a1_493" = "2434921366"
"a1_492" = "185437250"
"a1_499" = "639294300"
"a1_498" = "2591024676"
"a3_637" = "288468852"
"a2_638" = "278937297"
"a2_639" = "286102847"
"a2_632" = "235917710"
"a2_633" = "243084174"
"a2_630" = "221584212"
"a2_631" = "228739130"
"a2_636" = "264599686"
"a2_637" = "271766382"
"a2_634" = "250249397"
"a2_635" = "257417142"
"a1_253" = "2916843151"
"a1_252" = "1559946021"
"a1_251" = "2921184565"
"a1_250" = "1698868931"
"a1_257" = "456627244"
"a1_256" = "2740400205"
"a1_255" = "2018772257"
"a1_254" = "1954826126"
"a1_259" = "1811554786"
"a1_258" = "3177406367"
"a2_144" = "1032347911"
"a2_145" = "1039519737"
"a2_146" = "1046684013"
"a2_147" = "1053867620"
"a2_140" = "1003680497"
"a2_141" = "1010854277"
"a2_142" = "1018017139"
"a2_143" = "1025192484"
"a2_68" = "487491987"
"a2_69" = "494671976"
"a2_148" = "1061033515"
"a2_149" = "1068201754"
"a4_455" = "3261950055"
"a3_299" = "2126993250"
"a3_298" = "2119545539"
"a3_295" = "2131608046"
"a3_294" = "2091003215"
"a3_297" = "2146049696"
"a3_296" = "2139060737"
"a3_291" = "2103079018"
"a3_290" = "2062081995"
"a3_293" = "2083555628"
"a3_292" = "2110067853"
"a3_634" = "266990099"
"a3_619" = "159571106"
"a3_618" = "152516611"
"a3_611" = "68549034"
"a3_610" = "95044875"
"a3_613" = "82982508"
"a3_612" = "75537869"
"a3_615" = "131026734"
"a3_614" = "123579023"
"a3_617" = "111511520"
"a3_616" = "104522561"
"a3_181" = "1280611004"
"a3_180" = "1307180573"
"a3_34" = "260325067"
"a3_182" = "1288058591"
"a3_185" = "1309597744"
"a3_33" = "253401768"
"a3_187" = "1324038386"
"a3_186" = "1316586579"
"a3_189" = "1371566516"
"a3_188" = "1364647189"
"a3_38" = "289377359"
"a3_39" = "296296686"
"a3_471" = "3359687774"
"a3_470" = "3386187839"
"a3_473" = "3407682832"
"a3_472" = "3367139569"
"a3_475" = "3422180818"
"a3_474" = "3414733235"
"a3_477" = "3403113108"
"a4_282" = "2021692122"
"a3_479" = "3450714966"
"a3_478" = "3443656503"
"a1_479" = "989137851"
"a1_478" = "1923481157"
"a3_509" = "3632529140"
"a3_508" = "3624950357"
"a1_473" = "3064694405"
"a1_472" = "123205254"
"a1_471" = "2696270412"
"a1_470" = "2358027425"
"a1_477" = "1230264816"
"a1_476" = "1387126538"
"a1_475" = "2017019053"
"a1_474" = "1733969999"
"a4_533" = "3821141493"
"a4_532" = "3813972372"
"a1_671" = "397650287"
"a4_531" = "3806803251"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_530" = "3799634130"
"a4_537" = "3849817977"
"a4_536" = "3842648856"
"a4_535" = "3835479735"
"a4_534" = "3828310614"
"a2_151" = "1082534045"
"a2_150" = "1075366586"
"a2_271" = "1942837391"
"a2_159" = "1139884266"
"a2_158" = "1132718389"
"a3_80" = "590099577"
"a4_649" = "357792233"
"a4_648" = "350623112"
"a4_641" = "300439265"
"a4_640" = "293270144"
"a4_643" = "314777507"
"a4_642" = "307608386"
"a4_645" = "329115749"
"a4_644" = "321946628"
"a4_647" = "343453991"
"a4_646" = "336284870"
"a4_429" = "3075552909"
"a4_428" = "3068383788"
"a4_425" = "3046876425"
"a4_424" = "3039707304"
"a4_427" = "3061214667"
"a4_426" = "3054045546"
"a4_421" = "3018199941"
"a4_420" = "3011030820"
"a4_423" = "3032538183"
"a4_422" = "3025369062"
"a4_357" = "2559376197"
"a4_356" = "2552207076"
"a4_355" = "2545037955"
"a4_354" = "2537868834"
"a4_353" = "2530699713"
"a4_352" = "2523530592"
"a4_351" = "2516361471"
"a4_350" = "2509192350"
"a4_359" = "2573714439"
"a4_358" = "2566545318"
"a4_511" = "3663420831"
"a4_510" = "3656251710"
"a4_513" = "3677759073"
"a4_512" = "3670589952"
"a4_515" = "3692097315"
"a4_514" = "3684928194"
"a4_517" = "3706435557"
"a4_516" = "3699266436"
"a4_519" = "3720773799"
"a4_518" = "3713604678"
[HKCU\Software\Aas\695404737]
"50183847" = "217C6E6579C9C90158DECAF66A4161D12380B175BF024F1C0AE81C292F9DC665098B64C2FBF3936ECEBF12EE07CFC5730EE20B6D51B43233001A05F11DA0A3DAD97E6FC85119485FE8C55A139BE44969329378DF681000C8C22B5043D315B71B98BEBC6FCEB6F632FB507C34A1275CF8E4C628AE527474384B464C1B7AE2AD5D"
[HKCU\Software\Aas]
"a1_312" = "3612894052"
"a1_313" = "2957557028"
"a1_310" = "3214901353"
"a1_311" = "2623033452"
"a1_316" = "2841482721"
"a1_317" = "1968949696"
"a1_314" = "965031843"
"a1_315" = "383137795"
"a3_620" = "166490309"
"a1_318" = "1240200640"
"a1_319" = "2238697713"
"a2_449" = "3218936325"
"a2_448" = "3211767843"
"a3_621" = "140449124"
"a2_441" = "3161584129"
"a2_440" = "3154419263"
"a2_443" = "3175911596"
"a2_442" = "3168753661"
"a2_445" = "3190253115"
"a2_444" = "3183084194"
"a2_447" = "3204600352"
"a2_446" = "3197433674"
"a1_587" = "871302194"
"a3_623" = "187965990"
"a2_629" = "214401400"
"a2_628" = "207232510"
"a2_625" = "185730550"
"a2_624" = "178565326"
"a2_627" = "200068756"
"a2_626" = "192899938"
"a2_621" = "157048994"
"a2_620" = "149881680"
"a2_623" = "171397448"
"a2_622" = "164216878"
"a1_266" = "2183165982"
"a1_267" = "4021228658"
"a1_264" = "62223199"
"a1_265" = "1249288535"
"a1_262" = "46517820"
"a1_263" = "3221925881"
"a1_260" = "2216760113"
"a1_261" = "38066874"
"a1_268" = "1874043190"
"a1_269" = "1139268035"
"a2_157" = "1125554254"
"a2_156" = "1118387797"
"a2_155" = "1111216555"
"a2_154" = "1104036141"
"a2_153" = "1096870688"
"a2_152" = "1089700965"
"a2_99" = "709740534"
"a2_98" = "702574793"
"a2_97" = "695412838"
"a2_96" = "688238858"
"a2_95" = "681057988"
"a2_94" = "673891656"
"a2_93" = "666722306"
"a2_92" = "659557316"
"a2_91" = "652392860"
"a2_90" = "645223493"
"a3_260" = "1847236781"
"a3_261" = "1854160076"
"a3_262" = "1861734767"
"a3_263" = "1902212494"
"a3_264" = "1909255713"
"a3_265" = "1883210304"
"a3_266" = "1890133731"
"a3_267" = "1930746626"
"a3_268" = "1938194341"
"a3_269" = "1945179076"
"a3_404" = "2913010493"
"a3_405" = "2886510428"
"a3_668" = "477267765"
"a3_669" = "484195156"
"a3_664" = "448737713"
"a3_665" = "489346512"
"a3_666" = "496258675"
"a3_667" = "470278802"
"a3_660" = "453353533"
"a3_661" = "460801116"
"a3_662" = "467859711"
"a3_663" = "441294110"
"a3_43" = "324843106"
"a3_42" = "284237251"
"a3_41" = "277248416"
"a3_40" = "269796609"
"a3_47" = "353765350"
"a3_46" = "313221959"
"a3_45" = "305778468"
"a3_44" = "332278405"
"a3_49" = "368270520"
"a3_48" = "360822809"
"a4_99" = "709742979"
"a4_98" = "702573858"
"a3_406" = "2893962239"
"a3_407" = "2901015582"
"a3_400" = "2884615609"
"a3_401" = "2857980376"
"a3_402" = "2865023611"
"a3_403" = "2906025626"
"a4_91" = "652390011"
"a4_90" = "645220890"
"a4_93" = "666728253"
"a4_92" = "659559132"
"a4_95" = "681066495"
"a4_94" = "673897374"
"a4_97" = "695404737"
"a4_96" = "688235616"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"
[HKCU\Software\Aas]
"a1_448" = "4054332830"
"a1_449" = "3885989244"
"a1_446" = "172087904"
"a3_408" = "2941554865"
"a1_444" = "1211435073"
"a1_445" = "215788211"
"a1_442" = "1596958476"
"a1_443" = "2645949035"
"a1_440" = "3603244803"
"a3_409" = "2949002448"
"a2_561" = "4021872520"
"a3_318" = "2262948439"
"a3_319" = "2303950582"
"a2_599" = "4294311472"
"a3_310" = "2239031135"
"a3_311" = "2246548478"
"a3_312" = "2219916305"
"a3_313" = "2226966704"
"a3_314" = "2267968723"
"a3_315" = "2275010930"
"a3_316" = "2248445333"
"a3_317" = "2255889972"
"a2_605" = "42343148"
"a3_476" = "3395669621"
"a1_447" = "4110105887"
"a2_603" = "28009969"
"a1_441" = "4288257110"
"a4_638" = "278931902"
"a4_639" = "286101023"
"a4_634" = "250255418"
"a4_635" = "257424539"
"a4_636" = "264593660"
"a4_637" = "271762781"
"a4_630" = "221578934"
"a4_631" = "228748055"
"a4_632" = "235917176"
"a4_633" = "243086297"
"a2_651" = "372136075"
[HKCU\Software\Aas\695404737]
"35845605" = "439"
[HKCU\Software\Aas]
"a4_182" = "1304780022"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_180" = "1290441780"
"a4_181" = "1297610901"
"a4_186" = "1333456506"
"a4_187" = "1340625627"
"a4_184" = "1319118264"
"a4_185" = "1326287385"
"a4_188" = "1347794748"
"a4_189" = "1354963869"
"a4_168" = "1204412328"
"a1_194" = "607412447"
"a1_195" = "3605710014"
"a4_160" = "1147059360"
"a4_161" = "1154228481"
"a4_162" = "1161397602"
"a4_163" = "1168566723"
"a4_164" = "1175735844"
"a4_165" = "1182904965"
"a4_166" = "1190074086"
"a4_167" = "1197243207"
"a4_296" = "2122059816"
"a4_297" = "2129228937"
"a4_294" = "2107721574"
"a4_295" = "2114890695"
"a4_292" = "2093383332"
"a4_293" = "2100552453"
"a4_290" = "2079045090"
"a4_291" = "2086214211"
"a4_142" = "1018015182"
"a4_568" = "4072060728"
"a4_569" = "4079229849"
"a4_298" = "2136398058"
"a4_299" = "2143567179"
"a2_598" = "4287129128"
"a1_192" = "1709949337"
"a1_193" = "823386739"
"a4_368" = "2638236528"
"a4_369" = "2645405649"
"a4_362" = "2595221802"
"a4_363" = "2602390923"
"a4_360" = "2580883560"
"a4_361" = "2588052681"
"a4_366" = "2623898286"
"a4_367" = "2631067407"
"a4_364" = "2609560044"
"a4_365" = "2616729165"
"a1_305" = "3661746396"
"a1_304" = "1224494975"
"a1_307" = "1841978383"
"a1_306" = "2155783868"
"a1_301" = "3373358007"
"a1_300" = "3714605783"
"a1_303" = "4070239259"
"a1_302" = "4191957972"
"a1_309" = "2750797998"
"a1_308" = "2319694735"
"a2_540" = "3871317015"
"a2_541" = "3878501194"
"a2_542" = "3885672079"
"a1_481" = "3838471165"
"a2_544" = "3900004599"
"a2_545" = "3907168982"
"a2_546" = "3914336269"
"a2_547" = "3921505528"
"a2_548" = "3928670708"
"a2_549" = "3935854018"
"a2_438" = "3140068265"
"a2_439" = "3147250696"
"a2_434" = "3111390727"
"a2_435" = "3118565452"
"a2_436" = "3125727731"
"a2_437" = "3132899946"
"a2_430" = "3082716752"
"a2_431" = "3089882964"
"a2_432" = "3097065178"
"a2_433" = "3104237596"
"a1_488" = "3949248033"
"a1_279" = "1778404590"
"a1_278" = "2512036627"
"a1_489" = "3594469854"
"a1_271" = "2429357565"
"a1_270" = "223854080"
"a1_273" = "1181350072"
"a1_272" = "4223083337"
"a1_275" = "1905249139"
"a1_274" = "2563444380"
"a1_277" = "1691598151"
"a1_276" = "1423026986"
"a2_382" = "2738607063"
"a2_383" = "2745774866"
"a2_380" = "2724256947"
"a2_381" = "2731427696"
"a2_386" = "2767277539"
"a2_387" = "2774442608"
"a2_384" = "2752940905"
"a2_385" = "2760106138"
"a2_388" = "2781625247"
"a2_389" = "2788794234"
"a1_613" = "4091159059"
"a1_612" = "376054989"
"a1_611" = "4236762844"
"a2_368" = "2638238060"
"a2_369" = "2645407433"
"a1_610" = "2633715308"
"a2_88" = "630886607"
"a2_89" = "638057449"
"a2_84" = "602206933"
"a2_85" = "609372044"
"a2_86" = "616539457"
"a2_87" = "623706400"
"a2_80" = "573524794"
"a2_81" = "580706092"
"a2_82" = "587874085"
"a2_83" = "595038348"
"a3_273" = "1974165848"
"a3_272" = "1966722361"
"a3_271" = "1926113414"
"a3_270" = "1918678119"
"a3_277" = "2002712284"
"a3_276" = "1962103485"
"a3_275" = "1954659866"
"a3_274" = "1947600379"
"a2_162" = "1161404299"
"a2_163" = "1168569479"
"a3_279" = "1983582110"
"a3_278" = "2009623423"
"a2_166" = "1190071434"
"a2_167" = "1197238176"
"a2_164" = "1175737505"
"a2_165" = "1182902974"
"a1_666" = "245298150"
"a3_671" = "532246550"
"a3_670" = "525328375"
"a3_50" = "341766363"
"a3_51" = "348755322"
"a3_52" = "389745053"
"a3_53" = "396796476"
"a3_54" = "370165343"
"a3_55" = "377748222"
"a3_56" = "384737041"
"a3_57" = "425210800"
"a3_58" = "432789459"
"a3_59" = "406145138"
"a3_417" = "3006523432"
"a3_416" = "2965403529"
"a3_415" = "2958480150"
"a3_414" = "2984984311"
"a3_413" = "2977536596"
"a3_412" = "2970543669"
"a3_411" = "2929937810"
"a3_410" = "2922490227"
"a3_419" = "2986877162"
"a3_418" = "3013512267"
"a1_451" = "3410581958"
"a1_450" = "1992072515"
"a1_453" = "3076709370"
"a1_452" = "2483047179"
"a1_455" = "221136713"
"a1_454" = "2290582970"
"a1_457" = "964350276"
"a1_456" = "3840993052"
"a1_459" = "1844200538"
"a1_458" = "3550728132"
"a3_309" = "2231976764"
"a3_308" = "2191503005"
"a3_303" = "2155521254"
"a3_302" = "2148466759"
"a3_301" = "2174512164"
"a3_300" = "2167589765"
"a3_307" = "2183924346"
"a3_306" = "2210566619"
"a3_305" = "2203581880"
"a3_304" = "2162448665"
"a4_86" = "616544406"
"a4_87" = "623713527"
"a4_84" = "602206164"
"a4_85" = "609375285"
"a4_82" = "587867922"
"a4_83" = "595037043"
"a4_80" = "573529680"
"a4_81" = "580698801"
"a4_88" = "630882648"
"a4_89" = "638051769"
[HKCU\Software\Aas\695404737]
"14338242" = "0"
[HKCU\Software\Aas]
"a4_387" = "2774449827"
"a4_629" = "214409813"
"a4_628" = "207240692"
"a4_627" = "200071571"
"a4_626" = "192902450"
"a4_625" = "185733329"
"a4_624" = "178564208"
"a4_623" = "171395087"
"a4_622" = "164225966"
"a4_621" = "157056845"
"a4_620" = "149887724"
"a2_75" = "537687332"
"a2_74" = "530518710"
"a2_77" = "552015079"
"a2_76" = "544862901"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"
[HKCU\Software\Aas]
"a2_71" = "509005544"
"a2_70" = "501836821"
"a2_73" = "523338366"
"a2_72" = "516170623"
"a4_195" = "1397978595"
"a4_194" = "1390809474"
"a4_197" = "1412316837"
"a4_196" = "1405147716"
"a4_191" = "1369302111"
"a4_190" = "1362132990"
"a4_193" = "1383640353"
"a4_192" = "1376471232"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"
[HKCU\Software\Aas]
"a4_198" = "1419485958"
"a4_179" = "1283272659"
"a4_178" = "1276103538"
"a4_173" = "1240257933"
"a4_172" = "1233088812"
"a4_171" = "1225919691"
"a4_170" = "1218750570"
"a4_177" = "1268934417"
"a4_176" = "1261765296"
"a4_175" = "1254596175"
"a4_174" = "1247427054"
"a4_577" = "4136582817"
"a3_123" = "898388146"
"a4_575" = "4122244575"
"a4_574" = "4115075454"
"a4_573" = "4107906333"
"a4_572" = "4100737212"
"a4_571" = "4093568091"
"a3_122" = "891468819"
"a3_121" = "850861040"
"a4_579" = "4150921059"
"a4_578" = "4143751938"
"a4_289" = "2071875969"
"a4_288" = "2064706848"
"a3_636" = "247859925"
"a3_120" = "843343697"
"a4_281" = "2014523001"
"a4_280" = "2007353880"
"a4_283" = "2028861243"
"a1_108" = "3777916336"
"a4_285" = "2043199485"
"a4_284" = "2036030364"
"a4_287" = "2057537727"
"a3_126" = "886312343"
"a3_125" = "879323508"
"a3_124" = "905966805"
"a4_379" = "2717096859"
"a4_378" = "2709927738"
"a4_375" = "2688420375"
"a4_374" = "2681251254"
"a4_377" = "2702758617"
"a4_376" = "2695589496"
"a4_371" = "2659743891"
"a4_370" = "2652574770"
"a4_373" = "2674082133"
"a4_372" = "2666913012"
"a1_437" = "1072076587"
"a2_553" = "3964521433"
"a2_552" = "3957352693"
"a2_551" = "3950188942"
"a2_550" = "3943021729"
"a2_557" = "3993202972"
"a2_556" = "3986038831"
"a2_555" = "3978870300"
"a2_554" = "3971690493"
"a2_559" = "4007529698"
"a2_558" = "4000377829"
"a2_429" = "3075550063"
"a2_428" = "3068381152"
"a2_427" = "3061217191"
"a2_426" = "3054047893"
"a2_425" = "3046868398"
"a2_424" = "3039716706"
"a2_423" = "3032534960"
"a2_422" = "3025365633"
"a2_421" = "3018196134"
"a2_420" = "3011031412"
"a2_565" = "4050555946"
"a1_208" = "2657600354"
"a1_209" = "1044873581"
"a1_204" = "826856979"
"a1_205" = "3601328383"
"a1_206" = "301243445"
"a1_207" = "3044053690"
"a1_200" = "4228029042"
"a1_201" = "418851296"
"a1_202" = "153799126"
"a1_203" = "525588513"
"a2_395" = "2831810555"
"a2_394" = "2824628009"
"a2_397" = "2846142474"
"a2_396" = "2838977446"
"a2_391" = "2803134972"
"a2_390" = "2795958919"
"a2_393" = "2817459302"
"a2_392" = "2810287606"
"a2_399" = "2860477823"
"a2_398" = "2853310925"
"a2_568" = "4072057259"
"a2_569" = "4079226611"
"a2_379" = "2717091747"
"a2_378" = "2709922013"
"a2_373" = "2674088726"
"a2_372" = "2666921844"
"a2_371" = "2659739026"
"a2_370" = "2652617869"
"a2_377" = "2702754942"
"a2_376" = "2695590688"
"a2_375" = "2688422892"
"a2_374" = "2681243501"
"a3_246" = "1746738975"
"a3_247" = "1753789374"
"a3_244" = "1765852765"
"a3_245" = "1773304572"
"a2_179" = "1283273220"
"a2_178" = "1276104789"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"
[HKCU\Software\Aas]
"a3_241" = "1744311672"
"a2_175" = "1254590388"
"a2_174" = "1247420761"
"a2_177" = "1268925147"
"a2_176" = "1261772932"
"a2_171" = "1225923472"
"a2_170" = "1218754283"
"a2_173" = "1240256299"
"a3_249" = "1801832560"
"a1_510" = "2623099745"
"a1_511" = "1380004561"
"a1_512" = "878229370"
"a1_513" = "306525659"
"a1_514" = "2808508926"
"a1_515" = "1042775832"
"a1_516" = "426209342"
"a1_517" = "1880719051"
"a1_518" = "4294566965"
"a1_519" = "426189021"
"a3_648" = "367361953"
"a3_649" = "340792256"
"a3_69" = "478110732"
"a3_68" = "470664173"
"a3_65" = "449123976"
"a3_64" = "442135145"
"a3_67" = "497168202"
"a3_66" = "489720619"
"a3_61" = "454263092"
"a3_60" = "413199509"
"a3_63" = "468244982"
"a3_62" = "461186391"
"a3_514" = "3667976427"
"a2_543" = "3892834680"
"a1_424" = "2403283552"
"a1_425" = "263780423"
"a1_426" = "3392021043"
"a1_427" = "1347381529"
"a1_420" = "3395169686"
"a1_421" = "2632556480"
"a1_422" = "1298963792"
"a1_423" = "2845022842"
"a3_199" = "1409969486"
"a1_428" = "1627049874"
"a1_429" = "2329666628"
"a3_515" = "3709043978"
"a3_338" = "2439897659"
"a3_339" = "2446886490"
"a3_336" = "2391856505"
"a3_337" = "2432846232"
"a3_334" = "2411437223"
"a3_335" = "2384801990"
"a3_332" = "2363312101"
"a3_333" = "2403923972"
"a3_330" = "2348814115"
"a3_331" = "2356388674"
"a3_428" = "3084957701"
"a3_429" = "3058850980"
"a3_422" = "3041926607"
"a3_423" = "3049502318"
"a3_420" = "2994455821"
"a3_421" = "3001383340"
"a3_426" = "3070911299"
"a3_427" = "3077900258"
"a3_424" = "3022858881"
"a3_425" = "3029913376"
"a3_87" = "607024862"
"a3_86" = "633131711"
"a3_85" = "626081308"
"a3_84" = "585598461"
"a3_83" = "578085210"
"a3_82" = "571034939"
"a3_81" = "597665944"
"a4_183" = "1311949143"
"a3_89" = "654610320"
"a3_88" = "614067057"
"a4_612" = "92534756"
"a4_613" = "99703877"
"a4_610" = "78196514"
"a4_611" = "85365635"
"a4_616" = "121211240"
"a4_617" = "128380361"
"a4_614" = "106872998"
"a4_615" = "114042119"
"a4_618" = "135549482"
"a4_619" = "142718603"
"a1_439" = "2730725412"
"a3_512" = "3687557161"
"a2_662" = "450998521"
"a3_513" = "3660926024"
"a3_510" = "3639513879"
"a3_511" = "3679991734"
"a3_516" = "3715971501"
"a3_517" = "3723025868"
"a1_198" = "851363920"
"a1_199" = "463108781"
"a4_148" = "1061029908"
"a4_149" = "1068199029"
"a4_146" = "1046691666"
"a4_147" = "1053860787"
"a1_196" = "3349907996"
"a4_145" = "1039522545"
"a1_190" = "1797343134"
"a4_143" = "1025184303"
"a4_140" = "1003676940"
"a4_141" = "1010846061"
"a4_548" = "3928678308"
"a4_549" = "3935847429"
"a4_542" = "3885663582"
"a4_543" = "3892832703"
"a4_540" = "3871325340"
"a4_541" = "3878494461"
"a4_546" = "3914340066"
"a4_547" = "3921509187"
"a4_544" = "3900001824"
"a4_545" = "3907170945"
"a1_662" = "1337636495"
"a1_663" = "1235214953"
"a1_660" = "3534323275"
"a4_380" = "2724265980"
"a4_381" = "2731435101"
"a4_382" = "2738604222"
"a4_383" = "2745773343"
"a4_384" = "2752942464"
"a4_385" = "2760111585"
"a4_386" = "2767280706"
"a4_169" = "1211581449"
"a4_388" = "2781618948"
"a4_389" = "2788788069"
"a1_667" = "2378233701"
"a1_664" = "293014572"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"
[HKCU\Software\Aas]
"a1_665" = "58998188"
"a1_0" = "3126152658"
"a1_1" = "899560982"
"a1_2" = "3683077662"
"a1_3" = "3459645169"
"a1_4" = "941926098"
"a1_5" = "2951385020"
"a1_6" = "2358751792"
"a1_7" = "843291302"
"a1_8" = "2986200189"
"a1_9" = "26550312"
"a2_566" = "4057723773"
"a2_567" = "4064889272"
"a2_564" = "4043389109"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"
[HKCU\Software\Aas]
"a2_562" = "4029040275"
"a2_563" = "4036222634"
"a3_8" = "40388897"
"a3_9" = "47967552"
"a3_6" = "59977839"
"a3_7" = "67032206"
"a3_4" = "11991981"
"a3_5" = "52535244"
"a3_2" = "31040235"
"a3_3" = "4933386"
"a3_0" = "17001001"
"a3_1" = "23989832"
"a2_412" = "2953680110"
"a2_413" = "2960845022"
"a2_410" = "2939348886"
"a2_411" = "2946513424"
"a2_416" = "2982349596"
"a2_417" = "2989530802"
"a2_414" = "2968011681"
"a2_415" = "2975179405"
"a2_418" = "2996696379"
"a2_419" = "3003866506"
"a1_631" = "1880199849"
"a4_564" = "4043384244"
"a1_219" = "1334062919"
"a1_218" = "1211422502"
"a1_217" = "3305154404"
"a1_216" = "1484973700"
"a1_215" = "2008139054"
"a1_214" = "1443352399"
"a1_213" = "589243232"
"a1_212" = "1462184553"
"a1_211" = "3686725292"
"a1_210" = "2084265001"
"a4_567" = "4064891607"
"a1_630" = "251812734"
"a4_560" = "4014707760"
"a4_561" = "4021876881"
"a4_562" = "4029046002"
"a4_563" = "4036215123"
"a4_443" = "3175920603"
"a1_633" = "4149702796"
"a4_442" = "3168751482"
"a4_441" = "3161582361"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"
A firewall is disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"
Firewall notifications are disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"
The Virus deletes the following registry key(s):
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\termservice]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmserver]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SRService]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
The Virus deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Control\SafeBoot]
"AlternateShell"
The process %original file name%.exe:47272 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 CB D3 19 8B 85 D5 89 FE 37 43 7B E6 7D BB 4D"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
To automatically run itself each time Windows is booted, the Virus adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Screen Saver Pro 3.1" = "%Documents and Settings%\%current user%\Application Data\ScreenSaverPro.scr"
The process %original file name%.exe:47540 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "47 25 DC 4D CD 2B EC 4C 60 25 94 EB E3 F0 0A 41"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
The process mspaint.exe:47608 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 71 88 A1 98 5A 53 D9 FE A4 85 83 87 ED A7 76"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Virus modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Virus modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
"ProxyBypass" = "1"
To automatically run itself each time Windows is booted, the Virus adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Cukmko" = "%Documents and Settings%\%current user%\Application Data\Microsoft\Cukmko.exe"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Virus modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Virus deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Network activity (URLs)
No activity has been detected.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
The Virus installs the following user-mode hooks in WININET.dll:
HttpSendRequestW
InternetWriteFile
HttpSendRequestA
The Virus installs the following user-mode hooks in dnsapi.dll:
DnsQuery_A
DnsQuery_W
The Virus installs the following user-mode hooks in WS2_32.dll:
send
GetAddrInfoW
The Virus installs the following user-mode hooks in kernel32.dll:
MoveFileA
CopyFileW
CopyFileA
MoveFileW
CreateFileW
CreateFileA
The Virus installs the following user-mode hooks in ntdll.dll:
LdrLoadDll
NtResumeThread
NtQueryDirectoryFile
NtEnumerateValueKey
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer.A program can register a device notification with the help of RegisterDeviceNotification. So it is notified when a USB device is plugged and then the worm copies itself to the USB device plugged into the affected computer.A worm can spread its copies through the MSN Messanger.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:47540
- Delete the original Virus file.
- Delete or disinfect the following files created/modified by the Virus:
%System%\drivers\omguh.sys (5 bytes)
%WinDir%\system.ini (70 bytes)
D:\disablejavawarnsec.exe (888 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (840 bytes)
D:\autorun.inf (341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\riubep.exe (741 bytes)
C:\blsp.exe (103 bytes)
C:\autorun.inf (239 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (272 bytes)
D:\jholpp.pif (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ryrrbn.exe (15019 bytes)
%Documents and Settings%\%current user%\Application Data\ScreenSaverPro.scr (2105 bytes)
%Documents and Settings%\%current user%\Application Data\temp.bin (2105 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Cukmko.exe (2105 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Screen Saver Pro 3.1" = "%Documents and Settings%\%current user%\Application Data\ScreenSaverPro.scr"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Cukmko" = "%Documents and Settings%\%current user%\Application Data\Microsoft\Cukmko.exe" - Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.