HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), Win32.SuspectCrc!IK (Emsisoft), Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan, Worm, Virus, WormAutorun
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 3bf21690f6dedbb6fbda90a5ac4342e4
SHA1: fafefeb074d952638dc5af374db0ce3f844211f3
SHA256: 0987b6532ca2ea79ea38030da6c86c718b58da1ea61599a9c01fa19bdb61b09e
SSDeep: 6144:bOHpNJiFEd1G8B8DznLK9tzcHFc7YyTuAwFvHm3ni4NIb7zKZ7Ws14C2MCs/VrBj:DEd1G8B8DznLK9lCs/V9qiB3m8pu67IE
Size: 342016 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, NETexecutable, UPolyXv05_v6
Company: no certificate found
Created at: 2013-09-28 22:42:11
Summary: Virus. A program that recursively replicates a possibly evolved copy of itself.
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Virus creates the following process(es):
%original file name%.exe:2428
%original file name%.exe:1256
%original file name%.exe:3460
%original file name%.exe:3732
%original file name%.exe:3452
%original file name%.exe:2112
%original file name%.exe:2436
%original file name%.exe:1920
%original file name%.exe:3724
%original file name%.exe:2120
%original file name%.exe:3192
%original file name%.exe:2684
%original file name%.exe:2696
%original file name%.exe:504
%original file name%.exe:3208
%original file name%.exe:1412
The Virus injects its code into the following process(es):
%original file name%.exe:1972
ctfmon.exe:1224
File activity
The process %original file name%.exe:3460 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%System%\wmdrtc32.dl_ (26066 bytes)
The process %original file name%.exe:3732 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%System%\wmdrtc32.dl_ (26066 bytes)
The process %original file name%.exe:1972 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%WinDir%\system.ini (57 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\AdobeARM.exe (5568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\READER_SL.EXE (15280 bytes)
%System%\wmdrtc32.dll (49152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winygmlms.exe (146944 bytes)
%System%\Coffin Of Evil.exe (342016 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (6376 bytes)
%System%\drivers\lfprmn.sys (43816 bytes)
%System%\wmdrtc32.dl_ (26066 bytes)
The Virus deletes the following file(s):
D:\1a977e (0 bytes)
C:\KUKU400alpha (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winygmlms.exe (0 bytes)
D:\KUKU400alpha (0 bytes)
C:\1a9377 (0 bytes)
%System%\drivers\lfprmn.sys (0 bytes)
The process %original file name%.exe:2436 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%System%\wmdrtc32.dl_ (26066 bytes)
The process %original file name%.exe:2120 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%System%\wmdrtc32.dl_ (26066 bytes)
The process %original file name%.exe:2696 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%System%\wmdrtc32.dl_ (26066 bytes)
The process %original file name%.exe:3208 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%System%\wmdrtc32.dl_ (26066 bytes)
The process %original file name%.exe:1412 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%System%\wmdrtc32.dl_ (26066 bytes)
Registry activity
The process %original file name%.exe:2428 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 2B 37 59 F8 1F B9 8B 05 16 A0 D9 D6 BB 5A E3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The process %original file name%.exe:1256 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 67 D8 3A 87 FD C6 3C 2A 8E FE EC E7 0D 4A 6F"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The process %original file name%.exe:3460 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 19 75 DA B5 B9 B4 D4 DC 54 39 41 59 07 6D A6"
The process %original file name%.exe:3732 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 1A DA 12 80 0F 62 9D 1F 03 EF 05 CD 3B 15 F3"
The process %original file name%.exe:3452 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 D1 4E 4B 2C 12 A7 C9 04 C0 2D 11 69 DE 02 80"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The process %original file name%.exe:1972 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKCU\Software\Abfx]
"t2_566" = "1998740273"
"t2_567" = "3952448443"
"t2_564" = "2386272881"
"t2_565" = "45022243"
"t2_562" = "2773787887"
"t2_563" = "432539461"
"t2_560" = "3161323421"
"t2_561" = "820070603"
"t1_843" = "2212852434"
"t1_632" = "947109854"
"t2_568" = "1611202997"
"t2_569" = "3564921683"
"t4_959" = "1011420556"
"t4_958" = "3352668184"
"t3_623" = "1708167013"
"t4_951" = "2561532396"
"t4_950" = "607812728"
"t4_953" = "2174004436"
"t3_707" = "2612151669"
"t2_531" = "2338027284"
"t4_954" = "4127724104"
"t4_957" = "1398948516"
"t4_956" = "3740196144"
"t4_555" = "1982657148"
"t4_554" = "28937480"
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"
[HKCU\Software\Abfx]
"t4_556" = "3936376816"
"t4_551" = "2757713068"
"t4_550" = "803993400"
"t4_553" = "2370185108"
"t4_552" = "416465440"
"t3_840" = "463965833"
"t4_559" = "1207601228"
"t4_558" = "3548848856"
"t4_889" = "1689997268"
"t4_888" = "4031244896"
"t3_679" = "3742465157"
"t3_678" = "1755175697"
"t2_876" = "2061451151"
"t3_673" = "576643037"
"t3_672" = "2951297705"
"t2_530" = "384310373"
"t3_670" = "3338727345"
"t3_677" = "4096270829"
"t3_676" = "2176093305"
"t1_658" = "3706860948"
"t3_674" = "2530373953"
"t2_250" = "3098608695"
"t2_418" = "611040947"
"t2_419" = "2564757783"
"t1_520" = "1312630782"
"t2_412" = "1773624799"
"t2_413" = "3727339883"
"t2_410" = "2161141409"
"t2_411" = "4114825515"
"t2_416" = "998556859"
"t2_417" = "2952288619"
"t2_414" = "1386088279"
"t2_415" = "3339808571"
"t1_522" = "3475504309"
"t2_934" = "3708027677"
"t1_960" = "2539062621"
"t1_525" = "3636406953"
"t4_916" = "2900820752"
"t4_882" = "898861480"
"t1_524" = "1604812194"
"t1_610" = "2952392731"
"t4_611" = "4016776156"
"t4_647" = "1336240172"
"t1_527" = "1339425406"
"t4_811" = "3918685820"
"t4_658" = "1352320040"
"t1_526" = "255607014"
"t4_812" = "1577438192"
"t1_964" = "2157309292"
"t4_813" = "3531157860"
"t1_827" = "332921585"
"t4_814" = "1189910232"
"t4_881" = "3240109108"
"t1_617" = "1571440591"
"t4_646" = "3677487800"
"t1_78" = "1031027946"
"t1_79" = "2049769106"
"t1_74" = "1946918609"
"t1_75" = "974417472"
"t1_76" = "2590846814"
"t1_77" = "3314923450"
"t1_70" = "2510865901"
"t1_71" = "3845421462"
"t1_72" = "4254722923"
"t1_73" = "3456504900"
"t4_818" = "414854312"
"t4_945" = "3724116276"
"t4_819" = "2368573980"
"t4_880" = "1286389440"
"t1_616" = "3171284724"
"t1_840" = "1953213726"
"t4_641" = "2498824052"
"t1_477" = "2609735786"
"t1_476" = "3617866985"
"t1_475" = "929948294"
"t1_474" = "1141612703"
"t1_473" = "1768801034"
"t1_472" = "1081352757"
"t1_471" = "1718579252"
"t1_470" = "234983498"
"t4_955" = "1786476476"
"t1_479" = "1426766938"
"t1_478" = "229454037"
"t3_206" = "3050883441"
"t3_978" = "3789225729"
"t3_207" = "676094693"
"t1_615" = "1130600066"
"t3_204" = "3405230681"
"t3_841" = "2384142397"
"t4_887" = "2077525228"
"t3_205" = "1097553869"
"t4_886" = "123805560"
"t3_202" = "3792529313"
"t2_249" = "1144893523"
"t3_203" = "1451366613"
"t1_301" = "1433673778"
"t1_300" = "3570696126"
"t1_303" = "968384529"
"t2_248" = "3486148682"
"t1_305" = "856708763"
"t1_304" = "3725836526"
"t1_307" = "3672769952"
"t1_306" = "48131313"
"t1_309" = "1814958425"
"t1_308" = "2003812302"
"t1_655" = "2489313409"
"t4_167" = "4148637356"
"t1_653" = "1565728600"
"t1_652" = "3047955007"
"t1_651" = "3601456549"
"t1_650" = "429625920"
"t4_783" = "754142668"
"t1_279" = "3858692666"
"t1_278" = "1643912366"
"t1_275" = "2296203970"
"t1_274" = "1051830022"
"t1_277" = "3899206662"
"t1_276" = "1928331358"
"t1_271" = "1732359280"
"t1_270" = "824420385"
"t1_273" = "3259714553"
"t1_272" = "1006430082"
"t2_243" = "2307485283"
"t1_789" = "4152423230"
"t1_788" = "2462609326"
"t2_242" = "353748069"
"t1_785" = "2361687706"
"t1_784" = "474469742"
"t1_787" = "3014154697"
"t1_786" = "1505367445"
"t1_781" = "222263738"
"t4_250" = "3098612552"
"t1_783" = "1573319004"
"t1_782" = "190197761"
"t4_251" = "757364924"
"t4_256" = "1936028672"
"t4_257" = "3889748340"
"t1_801" = "3430213250"
"t4_254" = "2323556632"
"t4_255" = "4277276300"
"t3_886" = "107115857"
"t3_923" = "3708658453"
"t3_845" = "1642509773"
"t3_902" = "1335106705"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"
[HKCU\Software\Abfx]
"t3_887" = "2060971717"
"t3_747" = "3451544405"
"t1_695" = "1836129968"
"t3_842" = "42517921"
"t1_589" = "2402634021"
"t3_671" = "997556517"
"t2_878" = "1673914820"
"t1_425" = "2077777082"
"t1_899" = "3423438403"
"t1_898" = "3752560700"
"t3_675" = "222817013"
"t1_891" = "3130984071"
"t1_890" = "2849740817"
"t1_893" = "2290425237"
"t1_892" = "2957333132"
"t1_895" = "2708203475"
"t1_894" = "3932065384"
"t1_897" = "716953434"
"t1_896" = "3784319318"
"t2_837" = "3175787543"
"t1_587" = "3673871265"
"t4_39" = "3180623020"
"t4_38" = "1226903352"
"t4_37" = "3568150980"
"t4_36" = "1614431312"
"t4_35" = "3955678940"
"t4_34" = "2001959272"
"t4_33" = "48239604"
"t4_32" = "2389487232"
"t4_31" = "435767564"
"t4_30" = "2777015192"
"t1_586" = "3180452916"
"t1_746" = "2900044881"
"t2_760" = "3063228923"
"t2_889" = "1690004725"
"t2_888" = "4031247555"
"t2_885" = "2465049775"
"t2_884" = "511328343"
"t2_887" = "2077533409"
"t2_886" = "123797859"
"t2_881" = "3240100350"
"t2_880" = "1286383176"
"t2_883" = "2852582655"
"t2_882" = "898864359"
"t2_171" = "3373584871"
"t2_170" = "1419855629"
"t2_173" = "2986055191"
"t2_172" = "1032336023"
"t2_175" = "2598518951"
"t2_174" = "644797955"
"t2_177" = "2210989369"
"t2_176" = "257271420"
"t2_179" = "1823467579"
"t2_178" = "4164720511"
"t3_843" = "1996259029"
"t2_979" = "1431103307"
"t3_242" = "337022337"
"t3_243" = "2290755381"
"t3_240" = "757888745"
"t3_241" = "2711742493"
"t3_246" = "3890222929"
"t3_247" = "1515555013"
"t3_244" = "4244625593"
"t3_245" = "1936945709"
"t4_436" = "1418250640"
"t4_437" = "3371970308"
"t3_248" = "3469288009"
"t3_249" = "1161742333"
"t4_432" = "2193306560"
"t4_433" = "4147026228"
"t4_430" = "2580834520"
"t4_431" = "239586892"
"t1_731" = "3015821674"
"t2_315" = "1241369223"
"t2_314" = "3582619412"
"t2_317" = "853850823"
"t2_316" = "3195086195"
"t2_311" = "2016419183"
"t2_310" = "62703377"
"t2_313" = "1628904723"
"t2_312" = "3970154125"
"t3_884" = "528039609"
"t3_885" = "2481901613"
"t1_641" = "1573084878"
"t4_429" = "627114852"
"t2_319" = "466317996"
"t2_318" = "2807569575"
"t3_882" = "881910657"
"t3_883" = "2869265717"
"t4_722" = "1836327208"
"t4_723" = "3790046876"
"t4_720" = "2223855168"
"t4_721" = "4177574836"
"t4_614" = "1288000568"
"t4_727" = "3014990956"
"t4_724" = "1448799248"
"t4_725" = "3402518916"
"t2_957" = "1398954755"
"t2_956" = "3740190927"
"t4_728" = "673743328"
"t4_729" = "2627462996"
"t2_953" = "2173997049"
"t2_952" = "220290810"
"t2_951" = "2561538229"
"t4_772" = "738062800"
"t3_408" = "2531973833"
"t3_409" = "224296061"
"t4_627" = "916552476"
"t3_400" = "4115525481"
"t3_401" = "1774354589"
"t3_402" = "3694541313"
"t3_403" = "1353441205"
"t3_404" = "3340726585"
"t3_405" = "999090861"
"t3_406" = "2919337937"
"t3_407" = "578101573"
"t2_799" = "1948889287"
"t2_798" = "4290126171"
"t2_791" = "3498992968"
"t2_790" = "1545286169"
"t2_793" = "3111476664"
"t2_792" = "1157744311"
"t2_795" = "2723943846"
"t2_794" = "770224695"
"t2_797" = "2336409561"
"t2_796" = "382692726"
"t3_32" = "2406466729"
"t3_33" = "65239517"
"t3_30" = "2760280497"
"t3_31" = "419046181"
"t3_36" = "1631137401"
"t3_37" = "3585000429"
"t3_34" = "1984959297"
"t3_35" = "3938825461"
"t2_221" = "2275314435"
"t2_220" = "321598988"
"t3_38" = "1210213649"
"t3_39" = "3164020357"
"t2_225" = "1500262811"
"t2_224" = "3841512279"
"t2_227" = "1112727638"
"t2_226" = "3453978848"
"t4_546" = "1579049320"
"t4_547" = "3532768988"
"t4_544" = "1966577280"
"t4_545" = "3920296948"
"t4_542" = "2354105240"
"t4_543" = "12857612"
"t4_540" = "2741633200"
"t4_541" = "400385572"
"t4_548" = "1191521360"
"t4_549" = "3145241028"
"t4_898" = "2093605096"
"t4_899" = "4047324764"
"t4_830" = "2384653848"
"t3_668" = "3693072537"
"t3_669" = "1351830029"
"t3_664" = "172773065"
"t3_665" = "2126635133"
"t3_666" = "4113991137"
"t3_667" = "1772764949"
"t3_660" = "948102457"
"t3_661" = "2901909165"
"t3_662" = "594228177"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system]
"DisableTaskMgr" = "1"
[HKCU\Software\Abfx]
"t2_429" = "627120441"
"t2_428" = "2968356839"
"t2_427" = "1014637457"
"t2_426" = "3355888943"
"t2_425" = "1402172201"
"t2_424" = "3743421375"
"t2_423" = "1789706211"
"t2_422" = "4130939229"
"t2_421" = "2177224071"
"t2_420" = "223498762"
"t4_630" = "2482744184"
"t4_623" = "1691608396"
"t3_519" = "351388677"
"t4_884" = "511333520"
"t2_17" = "3148456209"
"t2_16" = "1194751085"
"t2_15" = "3535988935"
"t2_14" = "1582280513"
"t2_13" = "3923525574"
"t2_12" = "1969804968"
"t2_11" = "16088630"
"t2_10" = "2357324887"
"t2_19" = "2760941082"
"t2_18" = "807207671"
"t4_447" = "1434330508"
"t1_69" = "1696543032"
"t1_68" = "3318138252"
"t1_67" = "3951637261"
"t1_66" = "1285053588"
"t1_65" = "1379119145"
"t1_64" = "1299199574"
"t1_63" = "1787993313"
"t1_62" = "1373546310"
"t1_61" = "686533098"
"t1_60" = "1927499369"
"t4_444" = "4163106096"
"t4_443" = "2209386428"
"t4_442" = "255666760"
"t4_875" = "107725692"
"t4_441" = "2596914388"
"t4_621" = "2079136356"
"t4_440" = "643194720"
"t4_633" = "4048935892"
"t1_468" = "1385630029"
"t1_469" = "341787573"
"t1_460" = "4268665548"
"t1_461" = "3244660925"
"t1_462" = "3896354310"
"t1_463" = "1680289153"
"t1_464" = "2669447190"
"t1_465" = "2988113377"
"t1_466" = "4044683892"
"t1_467" = "2882740296"
"t3_736" = "3401631657"
"t4_620" = "125416688"
"t1_312" = "1020664959"
"t1_313" = "613281424"
"t1_310" = "314701089"
"t1_311" = "2842533761"
"t1_316" = "1276132238"
"t1_317" = "405068521"
"t1_314" = "10488349"
"t1_315" = "724346081"
"t1_648" = "2467094765"
"t1_649" = "3133230815"
"t1_318" = "1630088769"
"t1_319" = "1499107029"
"t1_868" = "583653414"
"t1_869" = "3483967517"
"t3_737" = "1093957853"
"t3_444" = "4179664665"
"t1_268" = "3122234670"
"t1_269" = "3357260464"
"t1_266" = "4048533978"
"t1_267" = "640400800"
"t1_264" = "142407679"
"t1_265" = "1227631162"
"t1_262" = "3197614056"
"t1_263" = "2267132786"
"t1_260" = "3015374700"
"t1_261" = "2459312923"
"t3_447" = "1417498533"
"t1_798" = "884507586"
"t1_799" = "1987188050"
"t1_796" = "4203627934"
"t3_440" = "659895625"
"t1_794" = "1065230737"
"t1_795" = "2582905961"
"t1_792" = "3859968860"
"t1_793" = "2489230851"
"t1_790" = "3135236141"
"t3_441" = "2613751549"
"t3_442" = "238960737"
"t3_443" = "2192827797"
"t2_913" = "1334626397"
"t2_912" = "3675879138"
"t3_735" = "1448288805"
"t4_764" = "2288174640"
"t4_765" = "4241894308"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"
[HKCU\Software\Abfx]
"t4_762" = "2675702600"
"t4_763" = "334454972"
"t3_925" = "3321298445"
"t2_915" = "947093979"
"t2_747" = "3434683835"
"t3_933" = "1771296237"
"t2_914" = "3288344063"
"t2_759" = "1109515299"
"t2_943" = "4111642519"
"t1_888" = "1866307901"
"t1_889" = "333173642"
"t2_815" = "3143624275"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Abfx]
"t1_882" = "3859296453"
"t1_883" = "2452866885"
"t1_880" = "2039728643"
"t1_881" = "3991266023"
"t1_886" = "3734847434"
"t1_887" = "744605857"
"t1_884" = "914109118"
"t1_885" = "1772275275"
"t4_906" = "543493256"
"t3_976" = "4143030377"
"t4_907" = "2497212924"
"t2_597" = "2434499503"
"t4_937" = "979260820"
"t2_596" = "480776643"
"t4_701" = "3757887140"
"t2_595" = "2822034923"
"t2_594" = "868315207"
"t2_593" = "3209568531"
"t4_904" = "931021216"
"t2_592" = "1255834128"
"t4_393" = "3307650836"
"t4_392" = "1353931168"
"t4_391" = "3695178796"
"t4_390" = "1741459128"
"t4_397" = "2532594916"
"t4_396" = "578875248"
"t4_395" = "2920122876"
"t4_394" = "966403208"
"t2_896" = "2481130493"
"t2_897" = "139881827"
"t4_399" = "2145066956"
"t4_398" = "191347288"
"t2_892" = "3256194975"
"t2_893" = "914946330"
"t2_890" = "3643715412"
"t2_891" = "1302464504"
"t2_162" = "2969972556"
"t2_163" = "628720795"
"t2_160" = "3357507111"
"t2_161" = "1016257315"
"t2_166" = "2194920605"
"t2_167" = "4148629243"
"t2_164" = "2582438823"
"t2_165" = "241190414"
"t2_168" = "1807387083"
"t2_169" = "3761106485"
"t2_616" = "900464973"
"t1_740" = "3354890575"
"t2_617" = "2854197667"
"t4_703" = "3370359180"
"t2_610" = "2063048879"
"t4_878" = "1673917400"
"t2_611" = "4016767246"
"t4_151" = "2953893740"
"t4_150" = "1000174072"
"t3_275" = "385257909"
"t4_152" = "612646112"
"t3_273" = "772561565"
"t4_154" = "225118152"
"t4_157" = "1791309860"
"t4_156" = "4132557488"
"t4_159" = "1403781900"
"t4_158" = "3745029528"
"t4_409" = "207427156"
"t2_345" = "4018381733"
"t3_279" = "3904961349"
"t3_278" = "1951613393"
"t4_612" = "1675528528"
"t3_189" = "4164062349"
"t3_188" = "2243816217"
"t4_613" = "3629248196"
"t3_185" = "644299517"
"t3_184" = "3019080009"
"t3_187" = "289960341"
"t3_186" = "2597641313"
"t3_181" = "1419104557"
"t3_180" = "3760209849"
"t3_183" = "1065283525"
"t3_182" = "3406383697"
"t2_306" = "837770228"
"t2_307" = "2791487387"
"t2_304" = "1225285807"
"t2_305" = "3179019289"
"t2_302" = "1612823007"
"t2_303" = "3566548343"
"t2_300" = "2000339177"
"t2_301" = "3954072729"
"t3_879" = "3644470117"
"t4_616" = "900472608"
"t2_308" = "450237031"
"t2_309" = "2403952715"
"t4_717" = "657663460"
"t4_716" = "2998911088"
"t4_715" = "1045191420"
"t4_714" = "3386439048"
"t2_239" = "3082530806"
"t3_437" = "3388949805"
"t4_711" = "1820247340"
"t4_710" = "4161494968"
"t2_948" = "995338791"
"t2_949" = "2949057895"
"t3_436" = "1435214777"
"t2_768" = "1513111665"
"t2_769" = "3466843961"
"t4_719" = "270135500"
"t4_718" = "2611383128"
"t3_439" = "2967573445"
"t3_479" = "3806969381"
"t3_478" = "1853097137"
"t3_438" = "1013775953"
"t3_475" = "320754709"
"t3_474" = "2628432609"
"t3_477" = "4194788109"
"t3_476" = "2274609561"
"t3_361" = "934902461"
"t3_470" = "3403622609"
"t3_473" = "674568573"
"t3_472" = "3049285577"
"t2_788" = "1932809402"
"t2_688" = "4129340484"
"t2_782" = "3095393819"
"t2_724" = "1448802103"
"t2_780" = "3482912888"
"t2_781" = "1141677760"
"t2_786" = "2320327245"
"t2_787" = "4274058431"
"t2_784" = "2707857600"
"t3_382" = "3308390705"
"t3_25" = "1581744765"
"t3_24" = "3956467913"
"t2_238" = "1128811965"
"t3_26" = "3535480801"
"t3_21" = "2356426925"
"t3_20" = "402687801"
"t3_23" = "2002614085"
"t3_22" = "15326673"
"t2_232" = "2291394863"
"t2_233" = "4245110810"
"t2_230" = "2678931362"
"t2_231" = "337678475"
"t3_29" = "806425613"
"t3_28" = "3181146777"
"t2_234" = "1903861071"
"t2_235" = "3857594259"
"t4_379" = "1725379260"
"t4_378" = "4066626888"
"t3_503" = "3485416645"
"t3_502" = "1531681617"
"t3_505" = "3063958525"
"t3_504" = "1110234697"
"t3_507" = "2710210197"
"t3_506" = "756411745"
[HKCU\Software\Coffin Of Evil]
"HKCU" = "4VWPPD"
[HKCU\Software\Abfx]
"t4_370" = "1321771432"
"t4_373" = "2887963140"
"t4_372" = "934243472"
"t4_375" = "2500435180"
"t4_374" = "546715512"
"t4_377" = "2112907220"
"t4_376" = "159187552"
"t3_691" = "1383707189"
"t3_471" = "1095549509"
"t4_579" = "1627288924"
"t4_578" = "3968536552"
"t3_695" = "608896965"
"t3_694" = "2983617105"
"t3_697" = "254563069"
"t3_696" = "2562242889"
"t4_573" = "2789872804"
"t4_572" = "836153136"
"t4_571" = "3177400764"
"t4_570" = "1223681096"
"t4_577" = "2014816884"
"t4_446" = "3775578136"
"t4_575" = "2402344844"
"t4_574" = "448625176"
"t2_430" = "2580827046"
"t2_431" = "239587347"
"t2_28" = "3164537679"
"t2_29" = "823290164"
"t2_434" = "1805771751"
"t2_435" = "3759503684"
"t2_436" = "1418253421"
"t2_437" = "3371972439"
"t2_22" = "32156403"
"t2_23" = "1985873920"
"t2_20" = "419679743"
"t2_21" = "2373404010"
"t2_26" = "3552072871"
"t2_27" = "1210819647"
"t2_24" = "3939605045"
"t2_25" = "1598353537"
"t3_817" = "2772806941"
"t2_290" = "3937990362"
"t4_222" = "4229036696"
"t4_445" = "1821858468"
"t2_292" = "3550452492"
"t1_873" = "2320051172"
"t4_220" = "321597360"
"t1_872" = "1788207741"
"t4_227" = "1112733148"
"t1_871" = "302995450"
"t4_226" = "3453980776"
"t1_302" = "2834594922"
"t2_296" = "2775406283"
"t4_865" = "2045365492"
"t1_877" = "562708753"
"t4_224" = "3841508736"
"t1_876" = "403507881"
"t1_52" = "339470796"
"t1_53" = "2096902186"
"t1_50" = "871956465"
"t1_51" = "1423383877"
"t1_56" = "2424693458"
"t1_57" = "3952591240"
"t1_54" = "1794167218"
"t1_55" = "1875542193"
"t1_58" = "2783754513"
"t1_59" = "3878635266"
"t1_657" = "60397578"
"t4_864" = "91645824"
"t1_656" = "4188287486"
"t1_879" = "1709955312"
"t3_873" = "478646973"
"t1_654" = "740458261"
"t3_500" = "1885424825"
"t1_419" = "2881149682"
"t1_418" = "3042254141"
"t4_617" = "2854192276"
"t1_415" = "1950587426"
"t1_414" = "4254482113"
"t1_417" = "1015849381"
"t1_416" = "2491686047"
"t1_411" = "1173357649"
"t1_410" = "2860298358"
"t1_413" = "2801484905"
"t1_412" = "1994782702"
"t1_327" = "1131277947"
"t1_326" = "3458563818"
"t1_325" = "3701183742"
"t1_324" = "279490953"
"t1_323" = "1261593458"
"t1_322" = "31531697"
"t1_321" = "2760964121"
"t1_320" = "601945433"
"t4_453" = "271746628"
"t1_639" = "1926201080"
"t1_638" = "1599086440"
"t1_329" = "3975982948"
"t1_328" = "1959896827"
"t1_253" = "826489849"
"t1_252" = "3237982590"
"t1_251" = "919390433"
"t1_250" = "1634897914"
"t1_257" = "1105371598"
"t1_256" = "3980328281"
"t1_255" = "2363512002"
"t1_254" = "2490689349"
"t1_529" = "1679010044"
"t1_528" = "974716767"
"t1_259" = "60869635"
"t1_258" = "2512805542"
"t4_838" = "834542008"
"t4_861" = "2820421412"
"t4_615" = "3241720236"
"t4_166" = "2194917688"
"t3_343" = "127894597"
"t4_909" = "2109684964"
"t3_342" = "2469061329"
"t3_341" = "481642925"
"t4_860" = "866701744"
"t1_749" = "2655162683"
"t1_748" = "3295200076"
"t3_340" = "2822886457"
"t4_833" = "3950845556"
"t1_741" = "3751072890"
"t3_347" = "3647598101"
"t1_743" = "2519087601"
"t1_742" = "3320149869"
"t1_745" = "693331162"
"t1_744" = "2875136319"
"t1_747" = "4021586871"
"t3_346" = "1660187873"
"t4_831" = "43406220"
"t3_345" = "4001420157"
"t2_955" = "1786470706"
"t4_836" = "1222069968"
"t3_344" = "2048080329"
"t4_837" = "3175789636"
"t3_969" = "3385355837"
"t4_834" = "1609597928"
"t4_835" = "3563317596"
"t3_521" = "4292481853"
"t4_388" = "2128987088"
"t4_389" = "4082706756"
"t3_656" = "1722848105"
"t2_614" = "1287996927"
"t3_520" = "2338683273"
"t3_653" = "190489293"
"t3_652" = "2498038105"
"t1_780" = "503576350"
"t2_907" = "2497210887"
"t4_536" = "3516689120"
"t4_534" = "3904217080"
"t3_659" = "3289203637"
"t4_532" = "4291745040"
"t4_15" = "3535991244"
"t4_14" = "1582271576"
"t4_17" = "3148463284"
"t4_16" = "1194743616"
"t4_11" = "16079868"
"t4_10" = "2357327496"
"t4_13" = "3923519204"
"t4_12" = "1969799536"
"t4_530" = "384305704"
"t4_19" = "2760935324"
"t4_18" = "807215656"
"t3_870" = "3240731153"
"t3_927" = "2900309285"
"t4_915" = "947101084"
[HKCU\Software\Abfx\-1001785200]
"-387527960" = "0"
[HKCU\Software\Abfx]
"t3_268" = "3922550617"
"t3_269" = "1547890893"
"t4_386" = "2516515048"
"t4_387" = "175267420"
"t4_380" = "3679098928"
"t4_381" = "1337851300"
"t4_382" = "3291570968"
"t4_383" = "950323340"
"t3_260" = "1144022009"
"t3_261" = "3097822573"
"t3_262" = "790281873"
"t3_263" = "2744012805"
"t3_264" = "369358217"
"t3_265" = "2323083069"
"t3_266" = "4276355233"
"t3_267" = "1968809429"
"t2_157" = "1791302409"
"t2_156" = "4132556291"
"t2_155" = "2178840409"
"t2_154" = "225123691"
"t2_153" = "2566357747"
"t2_152" = "612639408"
"t2_151" = "2953887868"
"t2_150" = "1000166101"
"t2_159" = "1403788576"
"t2_158" = "3745037679"
"t4_869" = "1270309572"
"t2_941" = "204207427"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Abfx]
"t4_917" = "559573124"
"t4_142" = "2550285912"
"t4_143" = "209038284"
"t4_140" = "2937813872"
"t4_141" = "596566244"
"t4_146" = "1775229992"
"t4_147" = "3728949660"
"t4_144" = "2162757952"
"t4_145" = "4116477620"
"t2_229" = "725211695"
"t3_689" = "1805084445"
"t4_148" = "1387702032"
"t4_149" = "3341421700"
"t4_418" = "611034984"
"t4_419" = "2564754652"
"t4_868" = "3611557200"
"t3_198" = "272833937"
"t3_199" = "2226173701"
"t3_196" = "693815033"
"t3_197" = "2647554157"
"t3_194" = "1047628737"
"t3_195" = "3001363829"
"t3_192" = "1469021481"
"t3_193" = "3422295645"
"t3_190" = "1822828081"
"t3_191" = "3810253733"
"t3_862" = "495777457"
"t3_863" = "2415945765"
"t3_860" = "850115481"
"t3_861" = "2837404941"
"t3_866" = "4015937601"
"t3_867" = "1674837493"
"t2_228" = "3066445848"
"t3_865" = "2028644061"
"t3_868" = "3594557305"
"t3_869" = "1253312749"
"t2_935" = "1366793541"
"t4_414" = "1386090904"
"t2_937" = "979256277"
"t2_936" = "3320507066"
"t2_931" = "2141839755"
"t2_930" = "188132537"
"t2_933" = "1754310104"
"t4_415" = "3339810572"
"t2_939" = "591738475"
"t4_416" = "998562944"
"t4_883" = "2852581148"
"t4_708" = "254055632"
"t4_709" = "2207775300"
"t4_417" = "2952282612"
"t3_468" = "3824554553"
"t3_469" = "1449899949"
"t3_466" = "4211984129"
"t4_410" = "2161146824"
"t3_464" = "270829673"
"t3_465" = "2224565661"
"t3_462" = "692223345"
"t3_463" = "2646021861"
"t3_460" = "1046029913"
"t4_411" = "4114866492"
"t4_910" = "4063404632"
"t4_412" = "1773618864"
"t4_843" = "2013205756"
"t4_413" = "3727338532"
"t2_926" = "963176270"
"t4_960" = "2965140224"
"t3_528" = "788682089"
"t4_962" = "2577612264"
"t4_963" = "236364636"
"t4_964" = "2190084304"
"t4_965" = "4143803972"
"t2_209" = "305515663"
"t2_208" = "2646767295"
"t2_207" = "693047983"
"t2_206" = "3034297535"
"t2_205" = "1080567683"
"t2_204" = "3421816194"
"t2_203" = "1468100375"
"t2_202" = "3809352580"
"t2_201" = "1855631387"
"t2_200" = "4196881863"
"t3_512" = "3888742953"
"t3_513" = "1513957213"
"t2_339" = "886001347"
"t2_338" = "3227250039"
"t3_516" = "3113949177"
"t3_517" = "738756973"
"t3_514" = "3467827393"
"t3_515" = "1160147573"
"t2_333" = "2048582760"
"t2_332" = "94865561"
"t2_331" = "2436117765"
"t2_330" = "482398617"
"t2_337" = "1273540249"
"t2_336" = "3614785407"
"t2_335" = "1661064557"
"t2_334" = "4002302099"
"t3_682" = "980364577"
"t3_683" = "2933704277"
"t3_680" = "1401296393"
"t3_681" = "3355151293"
"t4_568" = "1611209056"
"t4_569" = "3564928724"
"t4_601" = "1659448660"
"t3_685" = "2579832141"
"t4_564" = "2386264976"
"t4_565" = "45017348"
"t4_566" = "1998737016"
"t4_567" = "3952456684"
"t4_560" = "3161320896"
"t4_561" = "820073268"
"t4_562" = "2773792936"
"t4_563" = "432545308"
"t2_445" = "1821852036"
"t2_444" = "4163103511"
"t2_447" = "1434356315"
"t2_446" = "3775584431"
"t2_39" = "3180614724"
"t2_38" = "1226905583"
"t2_443" = "2209394429"
"t2_442" = "255671463"
"t2_35" = "3955672067"
"t2_34" = "2001952842"
"t2_37" = "3568154253"
"t2_36" = "1614437483"
"t2_31" = "435769732"
"t2_30" = "2777021783"
"t2_33" = "48238111"
"t2_32" = "2389488791"
"t1_913" = "1216053000"
"t4_600" = "4000696288"
"t2_694" = "2966754577"
"t1_45" = "664598333"
"t1_44" = "1156622208"
"t1_47" = "312066306"
"t1_46" = "1633598308"
"t1_41" = "951913418"
"t1_40" = "1086558610"
"t1_43" = "103220802"
"t1_42" = "3617005149"
"t4_603" = "1271920700"
"t1_49" = "2210220058"
"t1_48" = "2515859826"
"t2_695" = "625504669"
"t2_927" = "2916896139"
"t4_810" = "1964966152"
"t2_703" = "3370356399"
"t4_602" = "3613168328"
"t2_696" = "2579220009"
"t1_408" = "3224882395"
"t1_409" = "600089466"
"t1_406" = "1849413796"
"t1_407" = "1664156079"
"t1_404" = "1621062470"
"t1_405" = "436823889"
"t1_402" = "1126563653"
"t1_403" = "560743456"
"t1_400" = "4054053661"
"t1_401" = "1857366991"
"t3_864" = "74780073"
"t4_605" = "884392740"
"t2_705" = "2982835011"
"t2_697" = "237967491"
"t1_612" = "880410633"
"t1_627" = "3401394388"
"t1_624" = "3715767455"
"t1_625" = "4073166957"
"t1_622" = "1569267606"
"t1_623" = "2193370866"
"t1_620" = "36350121"
"t1_621" = "1828917932"
"t3_746" = "1497812513"
"t1_628" = "1803655365"
"t1_629" = "396996542"
"t1_244" = "1672453321"
"t1_245" = "638864307"
"t1_246" = "471467822"
"t1_247" = "2284737112"
"t1_240" = "3682039446"
"t1_241" = "3300480923"
"t1_242" = "3138470013"
"t1_243" = "1758182560"
"t1_538" = "549439889"
"t1_539" = "3057611556"
"t1_248" = "2248565817"
"t1_249" = "556442792"
"t1_427" = "3576619982"
"t4_918" = "2513292792"
"t2_902" = "1318540851"
"t3_745" = "3805369533"
"t1_420" = "2765702158"
"t1_421" = "1979347574"
"t4_461" = "3016602084"
"t4_607" = "496864780"
"t1_422" = "962565770"
"t4_460" = "1062882416"
"t2_691" = "1400553531"
"t1_423" = "407753713"
"t4_463" = "2629074124"
"t1_758" = "3296764195"
"t4_462" = "675354456"
"t3_744" = "1851634441"
"t3_511" = "1934944421"
"t1_752" = "1963087735"
"t4_465" = "2241546164"
"t1_750" = "258756239"
"t1_751" = "614842882"
"t1_756" = "1445187020"
"t1_757" = "204327038"
"t1_754" = "1273463932"
"t4_464" = "287826496"
"t1_338" = "614419094"
"t1_339" = "2695104708"
"t3_875" = "124299605"
"t4_467" = "1854018204"
"t2_692" = "3354273391"
"t1_330" = "1626186150"
"t1_331" = "1573348270"
"t1_332" = "1527308588"
"t1_333" = "1634176689"
"t1_334" = "984116342"
"t1_335" = "1263394328"
"t1_336" = "446256918"
"t1_337" = "1574735114"
"t2_839" = "2788254878"
"t3_743" = "4226292101"
"t4_815" = "3143629900"
"t4_609" = "109336820"
"t4_854" = "2029285624"
"t2_693" = "1013036387"
"t3_872" = "2819815689"
"t2_938" = "2932975266"
"t2_972" = "639967935"
"t3_742" = "2273010705"
"t3_748" = "1076823257"
"t4_608" = "2450584448"
"t4_855" = "3983005292"
"t1_908" = "396341086"
"t3_741" = "319275757"
"t4_817" = "2756101940"
"t2_838" = "834536759"
"t4_666" = "4097175496"
"t4_665" = "2143455828"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"
[HKCU\Software\Abfx]
"t4_664" = "189736160"
"t3_740" = "2626824569"
"t4_700" = "1804167472"
"t3_467" = "1870756021"
"t2_770" = "1125596421"
"t4_857" = "3595477332"
"t4_669" = "1368399908"
"t1_850" = "3707216892"
"t4_668" = "3709647536"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"
[HKCU\Software\Abfx]
"t4_704" = "1029111552"
"t4_705" = "2982831220"
"t2_932" = "4095557671"
"t4_706" = "641583592"
"t3_461" = "2999901133"
"t3_219" = "2679414805"
"t3_218" = "726077153"
"t2_637" = "3273877982"
"t3_215" = "3454623301"
"t3_214" = "1500882129"
"t3_217" = "3033765245"
"t3_216" = "1079964617"
"t3_211" = "4196398261"
"t3_210" = "2276086529"
"t3_213" = "3841983405"
"t3_212" = "1855155769"
"t2_950" = "607805269"
"t2_630" = "2482747145"
"t3_518" = "2692489873"
"t2_631" = "141494859"
"t1_952" = "814184766"
"t4_177" = "2210997556"
"t4_176" = "257277888"
"t4_175" = "2598525516"
"t4_174" = "644805848"
"t4_173" = "2986053476"
"t4_172" = "1032333808"
"t4_171" = "3373581436"
"t4_170" = "1419861768"
"t4_961" = "623892596"
"t4_735" = "1464879116"
"t4_179" = "1823469596"
"t4_178" = "4164717224"
"t1_451" = "2867125010"
"t2_830" = "2384657572"
"t4_289" = "1984268276"
"t4_288" = "30548608"
"t1_450" = "2125280678"
"t4_285" = "2759324196"
"t4_284" = "805604528"
"t4_287" = "2371796236"
"t4_286" = "418076568"
"t4_281" = "3534380116"
"t4_280" = "1580660448"
"t4_283" = "3146852156"
"t4_282" = "1193132488"
"t3_857" = "3612199805"
"t3_856" = "1624789449"
"t3_855" = "3966024773"
"t1_452" = "1334733967"
"t3_853" = "92430765"
"t3_852" = "2433666105"
"t3_851" = "446245557"
"t3_850" = "2787488001"
"t1_455" = "1434483320"
"t4_734" = "3806126744"
"t4_929" = "2529372660"
"t3_859" = "3191211541"
"t1_454" = "1816890358"
"t2_148" = "1387707394"
"t2_149" = "3341424360"
"t2_905" = "2884745266"
"t2_925" = "3304427007"
"t2_922" = "1738241071"
"t1_457" = "556736553"
"t2_920" = "2125759298"
"t2_921" = "4079477876"
"t2_140" = "2937807651"
"t2_141" = "596573140"
"t2_142" = "2550293651"
"t2_143" = "209041219"
"t2_144" = "2162755898"
"t2_145" = "4116475867"
"t2_146" = "1775223518"
"t2_147" = "3728954310"
"t3_321" = "95509597"
"t3_320" = "2436741929"
"t3_323" = "3969543029"
"t3_322" = "2015818177"
"t3_325" = "3615270509"
"t3_324" = "1661930745"
"t3_327" = "3194354949"
"t3_326" = "1274043281"
"t3_329" = "2840463421"
"t3_328" = "853186185"
"t3_459" = "3420818645"
"t3_458" = "1467018145"
"t4_771" = "3079310428"
"t4_770" = "1125590760"
"t4_773" = "2691782468"
"t2_761" = "721980971"
"t2_869" = "1270315537"
"t2_919" = "172042767"
"t4_966" = "1802556344"
"t1_959" = "1229107271"
"t2_908" = "155963126"
"t4_967" = "3756276012"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
[HKCU\Software\Abfx]
"t2_210" = "2259231561"
"t2_211" = "4212949187"
"t2_212" = "1871712736"
"t2_213" = "3825431153"
"t2_214" = "1484189359"
"t2_215" = "3437892006"
"t2_216" = "1096648275"
"t2_217" = "3050367320"
"t2_218" = "709131886"
"t2_219" = "2662849851"
"t4_919" = "172045164"
"t2_833" = "3950853853"
"t3_527" = "3096359909"
"t3_526" = "1142496881"
"t3_525" = "3517211853"
"t3_524" = "1563476825"
"t2_328" = "869917692"
"t2_329" = "2823635795"
"t4_359" = "1305691564"
"t4_358" = "3646939192"
"t2_324" = "1644984931"
"t2_325" = "3598707749"
"t2_326" = "1257448831"
"t2_327" = "3211169497"
"t2_320" = "2420032520"
"t2_321" = "78779614"
"t2_322" = "2032500871"
"t2_323" = "3986233395"
"t4_591" = "3597088460"
"t4_590" = "1643368792"
"t4_593" = "3209560500"
"t4_592" = "1255840832"
"t4_595" = "2822032540"
"t4_594" = "868312872"
"t4_597" = "2434504580"
"t4_596" = "480784912"
"t4_599" = "2046976620"
"t2_3" = "1566184742"
"t4_686" = "221895896"
"t1_696" = "4145701547"
"t2_456" = "1837929177"
"t2_457" = "3791665518"
"t2_454" = "2225470559"
"t2_455" = "4179184015"
"t2_452" = "2613001212"
"t2_453" = "271753075"
"t2_450" = "3000520391"
"t2_451" = "659265934"
"t1_604" = "3446323980"
"t1_694" = "2652346314"
"t4_368" = "1709299392"
"t2_458" = "1450418136"
"t2_459" = "3404135128"
"t4_829" = "430934180"
"t4_828" = "2772181808"
"t4_369" = "3663019060"
"t4_925" = "3304428580"
"t2_2" = "3907447031"
"t4_821" = "1981046020"
"t4_820" = "27326352"
"t4_823" = "1593518060"
"t4_822" = "3934765688"
"t4_825" = "1205990100"
"t4_824" = "3547237728"
"t4_827" = "818462140"
"t4_200" = "4196876960"
"t3_149" = "3324602029"
"t3_148" = "1404423481"
"t1_698" = "1367952630"
"t3_424" = "3726860809"
"t3_141" = "579701453"
"t3_140" = "2920812889"
"t3_143" = "225886693"
"t3_142" = "2566990961"
"t3_145" = "4099873949"
"t3_144" = "2179627881"
"t3_147" = "3745524661"
"t3_146" = "1758246401"
"t4_362" = "2871883272"
"t4_926" = "963180952"
"t2_591" = "3597086328"
"t3_920" = "2142761673"
"t4_363" = "530635644"
"t4_360" = "3259411232"
"t4_582" = "3193480632"
"t4_361" = "918163604"
"t3_759" = "1126342853"
"t4_696" = "2579223392"
"t4_366" = "2096827352"
"t4_968" = "1415028384"
"t4_367" = "4050547020"
"t4_927" = "2916900620"
"t1_521" = "3377574058"
"t4_364" = "2484355312"
"t4_365" = "143107684"
"t4_583" = "852233004"
"t2_683" = "2950672667"
"t4_969" = "3368748052"
"t4_920" = "2125764832"
"t1_433" = "1841804909"
"t1_432" = "227361180"
"t1_431" = "3150641682"
"t1_430" = "55785877"
"t1_437" = "3656142410"
"t1_436" = "811950014"
"t1_435" = "1538499145"
"t1_434" = "44880113"
"t3_686" = "205174513"
"t1_439" = "2394239574"
"t1_438" = "3963614262"
"t2_906" = "543497062"
"t2_682" = "996957115"
"t3_684" = "626031577"
"t1_834" = "568012372"
"t4_921" = "4079484500"
"t1_189" = "1390756861"
"t1_188" = "851290217"
"t1_183" = "3908053072"
"t1_182" = "2367615153"
"t1_181" = "2054572890"
"t1_180" = "3569147081"
"t1_187" = "2966682729"
"t1_186" = "984598"
"t1_185" = "745420538"
"t1_184" = "333044302"
"t1_507" = "3938848770"
"t1_506" = "593390182"
"t1_505" = "1406693005"
"t1_504" = "3280629554"
"t1_503" = "158669747"
"t1_502" = "781721796"
"t1_501" = "4126663771"
"t1_500" = "864868046"
"t3_501" = "3839288877"
"t1_509" = "501122042"
"t1_508" = "1384177146"
"t2_680" = "1384474177"
"t2_835" = "3563320802"
"t1_299" = "159367213"
"t1_298" = "496760156"
"t1_297" = "1452461096"
"t1_296" = "1262248569"
"t1_295" = "507469043"
"t1_294" = "473752438"
"t1_293" = "2612411037"
"t1_292" = "886704386"
"t1_291" = "679732097"
"t1_290" = "3471890486"
"t1_855" = "3385157170"
"t2_529" = "2725559599"
"t1_769" = "2161053896"
"t1_670" = "283643073"
"t1_767" = "3722092243"
"t2_441" = "2596920843"
"t1_765" = "1368690398"
"t1_764" = "1498993761"
"t1_763" = "1321914888"
"t1_762" = "3096209174"
"t1_761" = "533115533"
"t2_440" = "643188079"
"t1_619" = "2704812370"
"t1_618" = "4034140758"
"t1_349" = "3647020649"
"t1_348" = "37884640"
"t1_98" = "123346800"
"t1_99" = "476548749"
"t1_96" = "893528534"
"t1_97" = "726403257"
"t1_94" = "3091704262"
"t1_95" = "1026459733"
"t1_92" = "2982174185"
"t1_93" = "766093689"
"t1_90" = "3926319090"
"t1_91" = "238536210"
"t1_853" = "3120098525"
"t2_523" = "3888141330"
"t1_852" = "53817161"
"t2_520" = "2321941711"
"t2_521" = "4275662579"
"t2_449" = "1046801041"
"t4_466" = "4195265832"
"t3_716" = "3015486041"
"t2_448" = "3388054544"
"t2_903" = "3272261849"
"t2_685" = "2563137781"
"t2_816" = "802388012"
"t1_608" = "4089412318"
"t2_525" = "3500610756"
"t1_609" = "4000589730"
"t3_776" = "4241026441"
"t1_358" = "2019582194"
"t1_359" = "2442669562"
"t1_494" = "656899981"
"t1_356" = "3730162412"
"t2_684" = "609422107"
"t2_817" = "2756107035"
"t1_357" = "2539690643"
"t3_758" = "3433893713"
"t1_606" = "1467138286"
"t3_777" = "1933412157"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Abfx]
"t1_607" = "161900248"
"t1_600" = "639888825"
"t4_842" = "59486088"
"t1_601" = "1123343592"
"t2_814" = "1189906568"
"t1_602" = "3198873331"
"t4_897" = "139885428"
"t2_836" = "1222071807"
"t1_603" = "771148898"
"t3_926" = "946574257"
"t4_622" = "4032856024"
"t2_849" = "850619364"
"t4_841" = "2400733716"
"t4_588" = "2030896752"
"t1_969" = "3672137306"
"t3_365" = "159697997"
"t3_364" = "2501323481"
"t1_961" = "2556564682"
"t2_823" = "1593522695"
"t1_963" = "2889252906"
"t1_962" = "3847965621"
"t1_965" = "3563144033"
"t3_367" = "4033682277"
"t1_967" = "1799613423"
"t1_966" = "622600160"
"t4_168" = "1807389728"
"t4_169" = "3761109396"
"t3_366" = "2113430001"
"t4_807" = "398774444"
"t3_208" = "2629895273"
"t3_209" = "322353565"
"t4_160" = "3357501568"
"t4_161" = "1016253940"
"t4_162" = "2969973608"
"t4_163" = "628725980"
"t4_164" = "2582445648"
"t4_165" = "241198020"
"t3_200" = "4213450889"
"t3_201" = "1872347709"
"t3_878" = "1657182705"
"t2_518" = "2709479216"
"t3_363" = "514044245"
"t2_822" = "3934770229"
"t3_362" = "2855148577"
"t2_842" = "59486358"
"t4_847" = "1238149836"
"t4_879" = "3627637068"
"t2_813" = "3531156281"
"t3_637" = "3256884109"
"t2_963" = "236371923"
"t2_772" = "738055194"
"t3_636" = "1337157145"
"t3_508" = "368982041"
"t3_635" = "3678391445"
"t3_634" = "1690970977"
"t4_846" = "3579397464"
"t4_298" = "2387876104"
"t4_299" = "46628476"
"t4_296" = "2775404064"
"t4_297" = "434156436"
"t4_294" = "3162932024"
"t4_295" = "821684396"
"t4_292" = "3550459984"
"t4_293" = "1209212356"
"t4_290" = "3937987944"
"t4_291" = "1596740316"
"t4_606" = "2838112408"
"t2_771" = "3079311586"
"t3_631" = "158104261"
"t1_684" = "3030411181"
"t3_630" = "2465775953"
"t4_845" = "1625677796"
"t2_139" = "984102609"
"t2_138" = "3325339188"
"t4_781" = "1141670628"
"t2_135" = "1759156070"
"t2_134" = "4100392228"
"t2_137" = "1371625555"
"t2_136" = "3712873183"
"t2_131" = "2534208635"
"t2_130" = "580489999"
"t2_133" = "2146674997"
"t2_132" = "192958848"
"t3_332" = "77920345"
"t3_333" = "2065276365"
"t3_330" = "499363233"
"t3_331" = "2419541717"
"t3_336" = "3598074473"
"t3_337" = "1256974237"
"t3_334" = "4019009393"
"t3_335" = "1644341477"
"t4_766" = "1900646680"
"t4_767" = "3854366348"
"t3_338" = "3243809025"
"t3_339" = "902574773"
"t3_448" = "3371360553"
"t3_449" = "1063754333"
"t4_760" = "3063230560"
"t4_761" = "721982932"
"t4_844" = "3966925424"
"t2_499" = "4243511495"
"t4_782" = "3095390296"
"t2_777" = "1916728769"
"t2_265" = "2339641247"
"t2_264" = "385908995"
"t2_267" = "1952109688"
"t2_266" = "4293358436"
"t2_261" = "3114692661"
"t2_260" = "1160975013"
"t2_263" = "2727159766"
"t2_262" = "773441821"
"t2_918" = "2513293788"
"t4_802" = "3515077992"
"t4_656" = "1739848000"
"t2_269" = "1564573762"
"t2_268" = "3905826287"
"t2_599" = "2046982419"
"t2_598" = "93251986"
"t4_340" = "2839723536"
"t4_341" = "498475908"
"t4_342" = "2452195576"
"t4_343" = "110947948"
"t4_344" = "2064667616"
"t4_345" = "4018387284"
"t4_346" = "1677139656"
"t4_347" = "3630859324"
"t4_348" = "1289611696"
"t4_349" = "3243331364"
"t4_618" = "512944648"
"t4_619" = "2466664316"
"t3_844" = "3983609945"
"t2_825" = "1205988342"
"t3_846" = "3562680177"
"t3_847" = "1221574885"
"t3_538" = "3145752545"
"t3_539" = "804647189"
"t4_580" = "3581008592"
"t4_581" = "1239760964"
"t4_586" = "2418424712"
"t4_587" = "77177084"
"t4_584" = "2805952672"
"t4_585" = "464705044"
"t3_530" = "401301505"
"t3_531" = "2321024437"
"t3_532" = "4274896697"
"t3_533" = "1967214765"
"t3_534" = "3921081809"
"t3_535" = "1546284869"
"t3_536" = "3500081353"
"t3_537" = "1192016509"
"t2_669" = "1368406735"
"t2_668" = "3709644602"
"t2_661" = "2918508602"
"t2_660" = "964793574"
"t2_663" = "2530977037"
"t2_662" = "577258334"
"t2_665" = "2143458166"
"t2_664" = "189742718"
"t2_667" = "1755925729"
"t2_666" = "4097176725"
"t2_469" = "1466484147"
"t2_468" = "3807735379"
"t2_463" = "2629067600"
"t2_462" = "675348955"
"t2_461" = "3016601355"
"t2_460" = "1062883534"
"t2_467" = "1854016562"
"t2_466" = "4195269257"
"t2_465" = "2241551347"
"t2_464" = "287833607"
"t3_714" = "3369836449"
"t3_158" = "3728471985"
"t3_159" = "1387227429"
"t4_933" = "1754316740"
"t3_715" = "1062154453"
"t3_152" = "629626569"
"t3_153" = "2582956157"
"t3_150" = "983440337"
"t3_151" = "2970860869"
"t3_156" = "4149393561"
"t3_157" = "1808159245"
"t3_154" = "208170465"
"t3_155" = "2161968917"
"t3_717" = "640700365"
"t3_710" = "4178064785"
"t3_828" = "2755610905"
"t4_979" = "1431108252"
"t3_711" = "1836953349"
"t4_932" = "4095564368"
"t4_438" = "1030722680"
"t2_924" = "1350711556"
"t4_439" = "2984442348"
"t4_978" = "3772355880"
"t4_434" = "1805778600"
"t4_931" = "2141844700"
"t4_435" = "3759498268"
"t3_718" = "2594562417"
"t3_719" = "286956261"
"t3_94" = "3277597361"
"t3_95" = "936496165"
"t3_96" = "2856673705"
"t3_97" = "515513053"
"t3_90" = "4052926689"
"t3_91" = "1678146069"
"t3_92" = "3631947673"
"t3_93" = "1290318093"
"t4_977" = "1818636212"
"t3_98" = "2502933569"
"t3_99" = "161698293"
"t4_930" = "188125032"
"t2_868" = "3611509402"
"t1_198" = "4124735749"
"t1_199" = "3443476915"
"t1_194" = "1965449975"
"t1_195" = "244859529"
"t1_196" = "41253630"
"t1_197" = "2837066525"
"t1_190" = "4077353030"
"t1_191" = "405581637"
"t1_192" = "2088654160"
"t1_193" = "173024314"
"t2_778" = "3870445280"
"t2_923" = "3691958355"
"t2_945" = "3724121343"
"t4_840" = "447014048"
"t2_911" = "1722162469"
[HKCU\Software\Abfx\-1001785200]
"-775055920" = "35"
[HKCU\Software\Abfx]
"t1_518" = "762057717"
"t1_519" = "1313855097"
"t2_824" = "3547241192"
"t4_975" = "2206164172"
"t1_510" = "1640064333"
"t1_511" = "2330751792"
"t1_512" = "1951833949"
"t1_513" = "4109369643"
"t1_514" = "3846029906"
"t1_515" = "232225042"
"t1_516" = "239078541"
"t1_517" = "2373358586"
"t1_280" = "1300716380"
"t1_281" = "2385381249"
"t1_282" = "2623743377"
"t1_283" = "137521763"
"t1_284" = "3302948589"
"t1_285" = "2653193579"
"t1_286" = "879452366"
"t1_287" = "2993786965"
"t1_288" = "2677604301"
"t1_289" = "3057897644"
"t1_770" = "3650430651"
"t1_771" = "791829253"
"t1_772" = "148070277"
"t1_773" = "3901961343"
"t1_774" = "1535844582"
"t1_775" = "2671975538"
"t1_776" = "1589911757"
"t1_777" = "1893502562"
"t1_778" = "3146441031"
"t1_779" = "3955351712"
"t2_831" = "43413851"
"t1_81" = "2253496168"
"t1_80" = "1875929237"
"t1_83" = "1890191398"
"t1_82" = "3689160294"
"t1_85" = "1851645657"
"t1_84" = "1475754829"
"t1_87" = "3896545199"
"t1_86" = "768553633"
"t1_89" = "2388856036"
"t1_88" = "1247080889"
"t1_354" = "508301522"
"t1_355" = "2411538309"
"t1_352" = "632297197"
"t1_353" = "3870573786"
"t1_350" = "594069445"
"t1_351" = "3435225178"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Abfx]
"t4_973" = "2593692132"
"t4_934" = "3708036408"
"t3_888" = "4047798345"
"t2_810" = "1964974908"
"t2_916" = "2900825425"
"t3_960" = "2982091049"
"t4_972" = "639972464"
"t1_8" = "1982223349"
"t1_9" = "689342685"
"t1_4" = "1182137990"
"t1_5" = "3591936522"
"t1_6" = "2084620519"
"t1_7" = "2907403269"
"t1_0" = "1925294431"
"t1_1" = "334753338"
"t1_2" = "2625879487"
"t1_3" = "4248415494"
"t4_794" = "770222536"
"t3_712" = "3790684297"
"t3_880" = "1303368937"
"t4_971" = "2981220092"
"t3_881" = "3223539229"
"t3_762" = "2658701665"
"t4_778" = "3870446216"
"t4_791" = "3498998124"
"t3_968" = "1431630985"
"t2_773" = "2691780101"
"t2_805" = "786310677"
"t3_760" = "3080084041"
"t4_970" = "1027500424"
"t3_763" = "317459093"
"t4_488" = "4227425568"
"t1_342" = "2722019798"
"t3_509" = "2289294733"
"t2_776" = "4257976321"
"t3_929" = "2545959901"
"t3_8" = "2727887241"
"t3_9" = "420346685"
"t2_775" = "2304261705"
"t3_2" = "3924140225"
"t3_3" = "1549359733"
"t3_0" = "17001001"
"t3_1" = "1970278237"
"t3_6" = "3149335185"
"t3_7" = "774155269"
"t3_4" = "3503226873"
"t3_5" = "1195610477"
"t3_769" = "3483413341"
"t1_978" = "1944771189"
"t3_687" = "2158897253"
"t3_768" = "1530082857"
"t1_972" = "176969822"
"t1_973" = "3102346286"
"t1_970" = "1828448308"
"t1_971" = "4209933986"
"t1_976" = "1537260317"
"t2_779" = "1529194877"
"t1_974" = "1389974390"
"t1_975" = "728402817"
"t3_233" = "4228136125"
"t3_232" = "2307955465"
"t3_231" = "354673029"
"t3_230" = "2662222865"
"t3_237" = "3487008333"
"t3_236" = "1533209817"
"t3_235" = "3840756565"
"t3_234" = "1887032865"
"t4_115" = "1339462428"
"t4_114" = "3680710056"
"t3_239" = "3065568613"
"t3_238" = "1112226801"
"t4_111" = "2114518348"
"t4_110" = "160798680"
"t4_113" = "1726990388"
"t4_112" = "4068238016"
"t2_818" = "414855308"
"t2_819" = "2368572035"
"t2_806" = "2740023887"
"t4_908" = "155965296"
"t3_561" = "836909341"
"t1_957" = "2547236595"
"t2_928" = "575659409"
"t4_832" = "1997125888"
"t3_560" = "3178137577"
"t4_649" = "948712212"
"t2_861" = "2820416723"
"t2_801" = "1561358661"
"t4_648" = "3289959840"
"t4_645" = "1723768132"
"t4_644" = "4065015760"
"t2_800" = "3902608470"
"t3_569" = "3581875453"
"t2_785" = "366609158"
"t4_9" = "403607828"
"t4_8" = "2744855456"
"t2_689" = "1788089615"
"t3_568" = "1628074825"
"t2_128" = "968011138"
"t2_129" = "2921726725"
"t2_126" = "1355544228"
"t2_127" = "3309257688"
"t2_124" = "1743074080"
"t2_125" = "3696795316"
"t2_122" = "2130592111"
"t2_123" = "4084312411"
"t2_120" = "2518128571"
"t2_121" = "176877017"
"t3_307" = "2808201269"
"t3_306" = "820784769"
"t3_305" = "3162027293"
"t3_304" = "1208685545"
"t3_303" = "3583409765"
"t3_302" = "1629668593"
"t3_301" = "3937215309"
"t3_300" = "1983482329"
"t2_904" = "931027907"
"t2_803" = "1173827510"
"t4_759" = "1109510892"
"t4_642" = "157576424"
"t2_900" = "1706080110"
"t2_901" = "3659795765"
"t3_309" = "2387222317"
"t3_308" = "466970041"
"t1_424" = "3642816924"
"t1_693" = "2146831030"
"t3_688" = "4146318825"
"t1_588" = "1347864782"
"t2_276" = "2355721975"
"t2_277" = "14476760"
"t2_274" = "2743242745"
"t2_275" = "401990427"
"t2_272" = "3130775550"
"t2_273" = "789523600"
"t2_270" = "3518308057"
"t2_271" = "1177059283"
"t3_497" = "352623645"
"t3_496" = "2660760297"
"t3_495" = "706888037"
"t3_494" = "3081678833"
"t3_493" = "1127811661"
"t3_492" = "3435499737"
"t2_278" = "1968192886"
"t2_279" = "3921916219"
"t4_335" = "1661059788"
"t4_334" = "4002307416"
"t4_337" = "1273531828"
"t4_336" = "3614779456"
"t4_331" = "2436115708"
"t4_330" = "482396040"
"t4_333" = "2048587748"
"t4_332" = "94868080"
"t3_783" = "770713573"
"t3_782" = "3111944817"
[HKCU\Software\Abfx\-1001785200]
"1953719668" = "211"
[HKCU\Software\Abfx]
"t3_780" = "3466229593"
"t4_339" = "886003868"
"t4_338" = "3227251496"
"t4_629" = "529024516"
"t4_628" = "2870272144"
"t4_652" = "2514903920"
"t3_549" = "3128687597"
"t3_548" = "1174816377"
"t3_545" = "3903427037"
"t3_544" = "1949629609"
"t3_547" = "3549605109"
"t3_546" = "1595738945"
"t3_541" = "383650829"
"t3_540" = "2724817561"
"t3_543" = "29842213"
"t3_542" = "2371068337"
"t1_426" = "2470048852"
"t2_678" = "1772006931"
"t2_679" = "3725725235"
"t1_533" = "3740736057"
"t2_672" = "2934588808"
"t2_673" = "593335715"
"t2_670" = "3322124727"
"t2_671" = "980876869"
"t2_676" = "2159538199"
"t1_530" = "3655714454"
"t2_674" = "2547057747"
"t2_675" = "205822341"
"t2_860" = "866710173"
"t1_531" = "555108293"
"t2_478" = "1870099515"
"t2_479" = "3823815386"
"t4_809" = "11246484"
"t4_808" = "2352494112"
"t2_474" = "2645147955"
"t2_475" = "303901032"
"t2_476" = "2257633075"
"t2_477" = "4211351047"
"t2_470" = "3420214735"
"t2_471" = "1078954381"
"t2_472" = "3032683831"
"t2_473" = "691431752"
"t4_249" = "1144892884"
"t4_248" = "3486140512"
"t4_939" = "591732860"
"t4_938" = "2932980488"
"t1_534" = "472723110"
"t3_169" = "3777926077"
"t3_168" = "1790574089"
"t4_241" = "2695004724"
"t4_240" = "741285056"
"t3_165" = "258148845"
"t4_242" = "353757096"
"t4_245" = "1919948804"
"t4_244" = "4261196432"
"t4_247" = "1532420844"
"t3_160" = "3374056105"
"t2_558" = "3548854323"
"t2_496" = "2677313027"
"t2_497" = "336064347"
"t4_863" = "2432893452"
"t4_862" = "479173784"
"t2_553" = "2370177013"
"t2_552" = "416473111"
"t4_119" = "564406508"
"t2_223" = "1887796067"
"t4_118" = "2905654136"
"t2_834" = "1609606079"
"t2_222" = "4229030895"
"t2_557" = "1595123011"
"t2_556" = "3936384035"
"t3_87" = "2452885573"
"t3_86" = "533167825"
"t3_85" = "2874394029"
"t3_84" = "886972473"
"t3_83" = "3228208821"
"t3_82" = "1307907329"
"t3_81" = "3649074077"
"t3_80" = "1695342185"
"t2_554" = "28940919"
"t4_117" = "951934468"
"t3_89" = "2099064701"
"t3_88" = "111785417"
"t4_116" = "3293182096"
"t2_910" = "4063411808"
"t2_808" = "2352485930"
"t1_161" = "204322722"
"t1_160" = "3020445134"
"t1_163" = "2091788418"
"t1_162" = "3049117189"
"t1_165" = "1229973149"
"t1_164" = "2752152301"
"t1_167" = "2769242242"
"t1_166" = "3814439524"
"t1_169" = "1744524730"
"t1_168" = "1385880958"
"t4_867" = "1657837532"
"t2_259" = "3502227194"
"t2_812" = "1577421895"
"t4_269" = "1564580580"
"t4_942" = "2157924568"
"t4_268" = "3905828208"
"t4_267" = "1952108540"
"t1_569" = "2318077833"
"t1_568" = "299079231"
"t2_255" = "4277284627"
"t1_565" = "356148650"
"t1_564" = "1601088969"
"t1_567" = "2664551874"
"t1_566" = "1232549925"
"t1_561" = "1219721325"
"t4_265" = "2339636500"
"t1_563" = "2634154181"
"t1_562" = "397463285"
"t4_264" = "385916832"
"t4_943" = "4111644236"
"t4_263" = "2727164460"
"t3_108" = "565028569"
"t1_705" = "2234494998"
"t1_704" = "2942677085"
"t1_707" = "547187682"
"t1_706" = "2079189169"
"t1_701" = "3390349681"
"t4_261" = "3114692420"
"t1_703" = "2788837424"
"t1_702" = "1656621173"
"t1_810" = "3539936950"
"t4_260" = "1160972752"
"t1_709" = "347221277"
"t1_708" = "3174366351"
"t1_363" = "3895232971"
"t1_362" = "2299152065"
"t1_361" = "2845951528"
"t1_360" = "3326642076"
"t1_367" = "2985525550"
"t1_366" = "1750679430"
"t1_365" = "3158251321"
"t1_364" = "315731339"
"t1_369" = "3671730841"
"t1_368" = "3125636507"
[HKLM\SOFTWARE\Coffin Of Evil]
"HKLM" = "4JWIXzP"
[HKCU\Software\Abfx]
"t3_596" = "497768505"
"t1_389" = "2066762602"
"t1_388" = "129562510"
"t4_941" = "204204900"
"t3_277" = "31435949"
"t1_381" = "1395902061"
"t1_380" = "1220274797"
"t1_383" = "3013535701"
"t1_382" = "135205975"
"t1_385" = "21327166"
"t1_384" = "3839902165"
"t1_387" = "2188089185"
"t1_386" = "412207558"
"t4_890" = "3643716936"
"t4_891" = "1302469308"
"t4_892" = "3256188976"
"t2_917" = "559565491"
"t4_650" = "2902431880"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 38 DC 15 17 44 05 B3 30 DE 4E 54 7F 83 60 B7"
[HKCU\Software\Abfx]
"t4_893" = "914941348"
"t3_829" = "413983373"
"t3_690" = "3724810369"
"t1_428" = "3109902558"
"t4_895" = "527413388"
"t1_759" = "163620153"
"t4_896" = "2481133056"
"t3_663" = "2547569989"
"t4_947" = "3336588316"
"t4_935" = "1366788780"
"t4_922" = "1738236872"
"t2_741" = "302297415"
"t1_429" = "409953610"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Abfx]
"t2_946" = "1382871953"
"t1_753" = "819461254"
"t4_944" = "1770396608"
"t2_859" = "3207952835"
"t3_692" = "3337443257"
"t2_966" = "1802555104"
"t2_870" = "3224037823"
"t1_949" = "2920858461"
"t1_948" = "2414332101"
"t1_947" = "2986965073"
"t1_946" = "460704753"
"t1_945" = "3265919593"
"t1_755" = "1826873925"
"t1_943" = "2987539742"
"t3_798" = "4273296817"
"t1_941" = "2574094899"
"t1_940" = "2036871597"
"t3_224" = "3858476969"
"t3_225" = "1483686109"
"t3_226" = "3437034049"
"t3_227" = "1129422837"
"t3_220" = "304629145"
"t3_221" = "2258501389"
"t4_108" = "548326640"
"t4_109" = "2502046308"
"t4_106" = "935854600"
"t4_107" = "2889574268"
"t4_104" = "1323382560"
"t4_105" = "3277102228"
"t3_228" = "3083153785"
"t3_229" = "708487917"
"t4_100" = "2098438480"
"t4_101" = "4052158148"
"t3_799" = "1965739813"
"t3_272" = "3147342185"
"t2_722" = "1836332248"
"t2_811" = "3918690348"
"t2_872" = "2836509559"
"t3_271" = "1194004453"
"t3_826" = "3176542817"
"t3_318" = "2791009329"
"t3_319" = "449315237"
"t3_310" = "46116945"
"t3_311" = "2033407429"
"t3_312" = "3986739017"
"t3_313" = "1611948285"
"t3_314" = "3565754977"
"t3_315" = "1224654741"
"t3_316" = "3211940121"
"t3_317" = "870828685"
"t4_692" = "3354279312"
"t2_113" = "1726996168"
"t2_112" = "4068244951"
"t2_111" = "2114512331"
"t2_110" = "160792697"
"t2_117" = "951928375"
"t2_116" = "3293176615"
"t2_115" = "1339460256"
"t2_114" = "3680710939"
"t2_119" = "564411939"
"t2_118" = "2905659915"
"t4_816" = "802382272"
"t4_744" = "1868486944"
"t4_745" = "3822206612"
"t4_746" = "1480958984"
"t4_747" = "3434678652"
"t4_740" = "2643542864"
"t4_741" = "302295236"
"t4_742" = "2256014904"
"t4_743" = "4209734572"
"t3_699" = "4128598421"
"t4_693" = "1013031684"
"t4_749" = "3047150692"
"t2_967" = "3756273355"
"t2_875" = "107732304"
"t4_779" = "1529198588"
"t2_690" = "3741806159"
"t3_480" = "1499288489"
"t3_481" = "3453154525"
"t3_482" = "1078357569"
"t3_483" = "3032155125"
"t3_484" = "724084089"
"t3_485" = "2677825261"
"t3_486" = "303165457"
"t3_487" = "2256967045"
"t3_488" = "4210691849"
"t3_489" = "1903141053"
"t4_690" = "3741807272"
"t3_959" = "1028286373"
"t3_807" = "382188165"
"t4_326" = "1257451960"
"t4_327" = "3211171628"
"t4_324" = "1644979920"
"t4_325" = "3598699588"
"t4_322" = "2032507880"
"t4_323" = "3986227548"
"t4_320" = "2420035840"
"t4_321" = "78788212"
"t3_794" = "753648609"
"t3_795" = "2740938005"
"t3_796" = "399253145"
"t3_797" = "2319560717"
"t3_790" = "1561885137"
"t3_791" = "3515683653"
"t4_328" = "869924000"
"t4_329" = "2823643668"
"t4_638" = "932632344"
"t4_639" = "2886352012"
"t3_558" = "3531884785"
"t3_559" = "1190781541"
"t3_556" = "3953343961"
"t3_557" = "1578161997"
"t3_554" = "12248865"
"t3_555" = "1999607893"
"t3_552" = "433170441"
"t3_553" = "2353352125"
"t3_550" = "786996497"
"t3_551" = "2774283909"
"t2_877" = "4015165973"
"t2_649" = "948703523"
"t2_648" = "3289967661"
"t2_647" = "1336243287"
"t2_646" = "3677493108"
"t2_645" = "1723761146"
"t2_644" = "4065006106"
"t2_643" = "2111292680"
"t2_642" = "157577482"
"t2_641" = "2498829073"
"t2_640" = "545096595"
"t2_481" = "3436284239"
"t2_480" = "1482564650"
"t2_483" = "3048764820"
"t2_482" = "1095046089"
"t2_485" = "2661229027"
"t2_484" = "707515058"
"t2_487" = "2273696358"
"t2_486" = "319981509"
"t2_489" = "1886179467"
"t2_488" = "4227430814"
"t3_170" = "1436693793"
"t3_171" = "3356995157"
"t3_172" = "1015759833"
"t3_173" = "2969101645"
"t3_174" = "661495537"
"t3_175" = "2615226469"
"t3_176" = "240571881"
"t3_177" = "2194296605"
"t3_178" = "4181713025"
"t3_179" = "1840028213"
"t2_241" = "2695009699"
"t2_240" = "741279456"
"t2_247" = "1532426316"
"t2_246" = "3873662994"
"t2_245" = "1919944283"
"t2_244" = "4261195533"
"t4_697" = "237975764"
"t2_879" = "3627631407"
"t2_758" = "3450764691"
"t1_906" = "2110410455"
"t4_694" = "2966751352"
"t2_964" = "2190089040"
"t2_712" = "3773958529"
"t3_792" = "1141028041"
"t4_695" = "625503724"
"t4_1" = "1953719668"
"t4_0" = "0"
"t4_3" = "1566191708"
"t2_548" = "1191523280"
"t4_2" = "3907439336"
"t3_793" = "3094752893"
"t4_5" = "1178663748"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKCU\Software\Abfx]
"t2_607" = "496867248"
"t4_4" = "3519911376"
"t1_172" = "2022527909"
"t1_173" = "4173308592"
"t1_170" = "1840584773"
"t1_171" = "394097187"
"t1_176" = "2397491989"
"t1_177" = "25138253"
"t1_174" = "4210893558"
"t1_175" = "4200538649"
"t1_178" = "2733085206"
"t1_179" = "2422383531"
"t4_928" = "575652992"
"t3_781" = "1158670541"
"t2_549" = "3145238756"
"t4_753" = "2272094772"
"t2_580" = "3581016899"
"t2_590" = "1643367627"
"t4_751" = "2659622732"
"t4_750" = "705903064"
"t1_578" = "3759570357"
"t1_579" = "736167680"
"t1_576" = "3802469700"
"t1_577" = "712796174"
"t1_574" = "1442782262"
"t1_575" = "924495312"
"t1_572" = "2706338274"
"t1_573" = "1706058489"
"t1_570" = "3998108148"
"t1_571" = "4278543333"
"t2_581" = "1239769094"
"t4_755" = "1884566812"
"t4_754" = "4225814440"
"t3_889" = "1706567165"
"t1_716" = "1522479564"
"t1_717" = "2013506749"
"t1_714" = "1356054740"
"t1_715" = "554101410"
"t1_712" = "2861926629"
"t1_713" = "3531728457"
"t1_710" = "3753929702"
"t1_711" = "1902014994"
"t3_734" = "3823077553"
"t1_700" = "3693066254"
"t1_719" = "1554899319"
"t1_374" = "3493112608"
"t1_375" = "79042487"
"t1_376" = "1174521114"
"t1_377" = "2055555981"
"t1_370" = "3871428628"
"t1_371" = "2281244127"
"t1_372" = "717678025"
"t1_373" = "3089769400"
"t3_732" = "4176838041"
"t2_965" = "4143806339"
"t1_378" = "1973647639"
"t1_379" = "3476968434"
"t3_733" = "1869223693"
"t1_496" = "3736485756"
"t3_730" = "269231841"
"t1_491" = "45802273"
"t2_544" = "1966572424"
"t3_731" = "2223101973"
"t1_490" = "1934326710"
"t1_398" = "731896342"
"t1_399" = "3144611952"
"t1_493" = "3700091102"
"t3_499" = "4260211509"
"t1_392" = "549853695"
"t1_393" = "3876647078"
"t1_390" = "3364353765"
"t1_391" = "3782444690"
"t1_396" = "3888144174"
"t1_397" = "2111175000"
"t1_394" = "1894755537"
"t1_395" = "1558169159"
"t2_584" = "2805949998"
"t3_498" = "2306355585"
"t4_952" = "220284768"
"t2_546" = "1579055999"
"t2_585" = "464699891"
"t4_155" = "2178837820"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Abfx]
"t4_866" = "3999085160"
"t2_586" = "2418416028"
"t3_941" = "220758349"
"t3_940" = "2528899033"
"t3_943" = "4094811237"
"t3_789" = "3869557933"
"t1_950" = "3172646966"
"t1_951" = "3423327666"
"t2_540" = "2741640385"
"t3_942" = "2174499569"
"t1_954" = "642289174"
"t1_955" = "2944221330"
"t1_956" = "813104489"
"t2_587" = "77182747"
"t1_958" = "1361105486"
"t3_945" = "3707431709"
"t3_944" = "1753575913"
"t4_133" = "2146678084"
"t4_132" = "192958416"
"t4_131" = "2534206044"
"t4_130" = "580486376"
"t4_137" = "1371622164"
"t4_136" = "3712869792"
"t4_135" = "1759150124"
"t4_134" = "4100397752"
"t4_139" = "984094204"
"t4_138" = "3325341832"
"t3_788" = "1916216121"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Abfx]
"t2_541" = "400391358"
"t3_949" = "2932112685"
"t3_948" = "978377657"
"t1_613" = "1297612061"
"t3_491" = "1481703253"
"t3_510" = "4243027761"
"t3_490" = "3856882209"
"t2_726" = "1061262130"
"t3_422" = "4147795729"
"t4_88" = "128638944"
"t4_89" = "2082358612"
"t3_369" = "3679868445"
"t3_368" = "1692581097"
"t3_423" = "1806682245"
"t4_82" = "1291222824"
"t4_83" = "3244942492"
"t4_80" = "1678750784"
"t4_81" = "3632470452"
"t4_86" = "516166904"
"t4_87" = "2469886572"
"t4_84" = "903694864"
"t4_85" = "2857414532"
"t3_421" = "2160508397"
"t3_822" = "3951339601"
"t2_619" = "2466666491"
"t1_870" = "2392396266"
"t3_426" = "3372595489"
"t3_427" = "1031361109"
"t2_104" = "1323377639"
"t2_105" = "3277097372"
"t2_106" = "935861869"
"t2_107" = "2889579852"
"t2_100" = "2098443482"
"t2_101" = "4052163375"
"t2_102" = "1710913048"
"t2_103" = "3664629547"
"t3_425" = "1385170877"
"t2_108" = "548330335"
"t2_109" = "2502045248"
"t2_866" = "3999082404"
"t2_755" = "1884557633"
"t4_923" = "3691956540"
"t2_754" = "4225815738"
"t2_757" = "1497046813"
"t2_947" = "3336596715"
"t2_756" = "3838280791"
"t2_698" = "2191703397"
"t2_699" = "4145422232"
"t3_967" = "3739702021"
"t3_966" = "1785969041"
"t3_965" = "4160619629"
"t3_964" = "2206819065"
"t3_963" = "253086069"
"t3_785" = "349794973"
"t4_799" = "1948886284"
"t4_798" = "4290133912"
"t4_797" = "2336414244"
"t4_796" = "382694576"
"t4_795" = "2723942204"
"t3_784" = "2691029353"
"t4_793" = "3111470164"
"t4_792" = "1157750496"
"t2_740" = "2643549727"
"t4_790" = "1545278456"
"t3_761" = "705429501"
"t2_728" = "673746967"
"t4_489" = "1886177940"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Abfx]
"t3_765" = "4258611597"
"t3_764" = "2304879641"
"t3_767" = "3837762725"
"t3_766" = "1883962161"
"t4_483" = "3048761820"
"t4_482" = "1095042152"
"t4_481" = "3436289780"
"t4_480" = "1482570112"
"t4_487" = "2273705900"
"t4_486" = "319986232"
"t4_485" = "2661233860"
"t4_484" = "707514192"
"t3_563" = "415986741"
"t3_562" = "2757218945"
"t4_319" = "466316172"
"t4_318" = "2807563800"
"t3_567" = "3935754693"
"t3_566" = "1981883473"
"t3_565" = "61702957"
"t3_564" = "2402871737"
"t4_313" = "1628900052"
"t4_312" = "3970147680"
"t4_311" = "2016428012"
"t4_310" = "62708344"
"t4_317" = "853844132"
"t4_316" = "3195091760"
"t4_315" = "1241372092"
"t4_314" = "3582619720"
"t2_650" = "2902429337"
"t2_651" = "561179627"
"t2_652" = "2514895831"
"t2_653" = "173662054"
"t2_654" = "2127378219"
"t2_655" = "4081093401"
"t2_656" = "1739839649"
"t2_657" = "3693561395"
"t2_658" = "1352325132"
"t2_659" = "3306041955"
"t2_615" = "3241716934"
"t2_492" = "3452361649"
"t2_493" = "1111114422"
"t2_490" = "3839896573"
"t2_491" = "1498644502"
"t2_88" = "128633223"
"t2_89" = "2082361899"
"t2_494" = "3064848327"
"t2_495" = "723597030"
"t2_84" = "903696806"
"t2_85" = "2857416088"
"t2_86" = "516164431"
"t2_87" = "2469880907"
"t2_80" = "1678749621"
"t2_81" = "3632464019"
"t2_82" = "1291216323"
"t2_83" = "3244948357"
"t3_105" = "3260544701"
"t3_104" = "1340235017"
"t3_107" = "2906131797"
"t3_106" = "919300129"
"t3_101" = "4035210477"
"t3_100" = "2081475449"
"t3_103" = "3681467269"
"t3_102" = "1694041617"
"t2_254" = "2323548495"
"t4_266" = "4293356168"
"t2_256" = "1936027099"
"t2_257" = "3889742049"
"t3_109" = "2485213261"
"t2_251" = "757358705"
"t2_252" = "2711077759"
"t2_253" = "369841392"
"t1_643" = "934236202"
"t1_644" = "1726252685"
"t3_592" = "1272575593"
"t1_645" = "3975675146"
"t1_646" = "4075704822"
"t1_647" = "2757874066"
"t2_867" = "1657835015"
"t3_593" = "3192744861"
"t3_787" = "4291004853"
"t3_619" = "2449810773"
"t3_618" = "529629217"
"t3_611" = "3999812085"
"t3_610" = "2079642689"
"t3_613" = "3646063853"
"t3_612" = "1658708857"
"t3_615" = "3225146245"
"t3_614" = "1304837649"
"t3_617" = "2870800061"
"t3_616" = "883913993"
"t2_559" = "1207604011"
"t3_590" = "1626389361"
"t3_786" = "2337149953"
"t1_611" = "3706819202"
"t1_535" = "2598030391"
"t2_865" = "2045368734"
"t2_677" = "4113262660"
"t1_147" = "337076462"
"t1_146" = "461601641"
"t1_145" = "947763417"
"t1_144" = "202880010"
"t1_143" = "2948357008"
"t1_142" = "2587007885"
"t1_141" = "3389017432"
"t1_140" = "3013935142"
"t1_499" = "2114449510"
"t1_498" = "2512988661"
"t1_149" = "2099478232"
"t1_148" = "1912918343"
"t2_612" = "1675530636"
"t2_864" = "91648573"
"t2_821" = "1981040081"
"t1_543" = "1040467318"
"t1_542" = "1925326284"
"t1_541" = "1717628396"
"t1_540" = "1801633292"
"t1_547" = "3454299246"
"t1_546" = "3498872636"
"t1_545" = "341877582"
"t1_544" = "1246821846"
"t1_549" = "1615867514"
"t1_548" = "4291461246"
"t3_354" = "110174273"
"t2_613" = "3629248949"
"t3_355" = "2097595893"
"t2_863" = "2432900049"
"t3_356" = "4051337081"
"t3_597" = "2417556909"
"t2_720" = "2223852517"
"t3_357" = "1710166253"
"t4_806" = "2740022072"
"t3_350" = "885513905"
"t4_805" = "786302404"
"t3_351" = "2872799269"
"t4_804" = "3127550032"
"t3_352" = "531109289"
"t2_862" = "479168839"
"t4_803" = "1173830364"
"t3_353" = "2451410653"
"t3_594" = "851578113"
"t2_721" = "4177568571"
"t4_801" = "1561358324"
"t4_800" = "3902605952"
"t1_811" = "739384002"
"t2_588" = "2030902815"
"t1_813" = "473298229"
"t1_812" = "427584675"
"t1_815" = "3534289186"
"t1_814" = "3517377175"
"t1_817" = "949515364"
"t2_589" = "3984621166"
"t1_819" = "1063343693"
"t1_818" = "2439840753"
"t3_595" = "2838996661"
"t3_644" = "4081606137"
"t3_645" = "1740502893"
"t1_797" = "2115196831"
"t3_642" = "140969665"
"t3_643" = "2094315637"
"t4_211" = "4212956828"
"t1_729" = "1854926329"
"t1_728" = "1645912761"
"t3_640" = "561956905"
"t1_723" = "548336321"
"t1_722" = "3353086065"
"t1_721" = "2146224617"
"t3_641" = "2515692893"
"t1_727" = "3068071746"
"t1_726" = "606880811"
"t1_725" = "185543992"
"t1_724" = "2596045253"
"t3_167" = "4131669125"
"t3_166" = "2211488529"
"t1_791" = "1028529116"
"t4_243" = "2307476764"
"t3_164" = "2565837945"
"t2_820" = "27323611"
"t2_498" = "2289779511"
"t3_163" = "612037365"
"t2_959" = "1011423771"
"t3_162" = "2953140545"
"t3_161" = "1032955869"
"t3_821" = "1998010157"
"t1_875" = "1530021312"
"t4_246" = "3873668472"
[HKCU\Software\Abfx\-1001785200]
"-1162583880" = "0B00687474703A2F2F686176757A6C61726B6572657374652E636F6D2F6C6F676F2E67696600687474703A2F2F697373616D6E616868616C692E636F6D2F6C6F676F2E67696600687474703A2F2F6A6173736F66612E636F6D2F696D616765732F627574746F6E2E67696600687474703A2F2F697465676974696D692E636F6D2F696D6167652F6C6F676F2E67696600687474703A2F2F6C6573746570696E74757261732E636F6D2E62722F627574746F6E2E67696600687474703A2F2F6B696477616465652E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F6B69766D616368696E657269652E636F6D2F696D6167652F6C6F676F2E67696600687474703A2F2F7777772E616362726161692E636F2E7A612F627574746F6E2E67696600687474703A2F2F6B756D62616B6F6E616D2E3130303862697A2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F6D63676565656E7465727461696E6D656E742E636F6D2F696D616765732F6C6F676F732E67696600687474703A2F2F6D6164757261692E3130303862697A2E636F6D2F696D616765732F6C6F676F2E676966"
[HKCU\Software\Abfx]
"t2_551" = "2757707127"
"t2_725" = "3402518311"
"t2_958" = "3352661458"
"t1_816" = "1674230192"
"t1_925" = "2659564669"
"t1_924" = "2928156901"
"t1_927" = "3572984402"
"t1_926" = "1250148295"
"t1_921" = "3015603725"
"t1_920" = "3959240895"
"t1_923" = "3547385087"
"t1_922" = "2377277963"
"t1_929" = "2507569544"
"t1_928" = "845817417"
"t4_124" = "1743070256"
"t4_125" = "3696789924"
"t4_126" = "1355542296"
"t4_127" = "3309261964"
"t4_120" = "2518126176"
"t4_121" = "176878548"
"t4_122" = "2130598216"
"t4_123" = "4084317884"
"t4_128" = "968014336"
"t4_129" = "2921734004"
"t2_802" = "3515073031"
"t2_851" = "463101211"
"t2_727" = "3014985023"
"t3_589" = "3968008653"
"t4_557" = "1595129188"
"t4_99" = "144718812"
"t4_98" = "2485966440"
"t3_378" = "4083197793"
"t3_379" = "1741969557"
"t4_95" = "919774732"
"t4_94" = "3261022360"
"t4_97" = "532246772"
"t4_96" = "2873494400"
"t4_91" = "1694830652"
"t4_90" = "4036078280"
"t4_93" = "1307302692"
"t4_92" = "3648550320"
"t2_774" = "350529236"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"shell" = "Explorer.exe"
[HKCU\Software\Abfx]
"t3_588" = "2014211161"
"t2_827" = "818457246"
"t2_555" = "1982654840"
"t2_954" = "4127731836"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system]
"DisableRegistryTools" = "1"
[HKCU\Software\Abfx]
"t3_646" = "3660671121"
"t1_692" = "4283959595"
"t2_858" = "1254234277"
"t2_711" = "1820250811"
"t2_710" = "4161488483"
"t2_713" = "1432718132"
"t3_647" = "1319502341"
"t2_715" = "1045186390"
"t2_714" = "3386436529"
"t2_717" = "657655451"
"t2_716" = "2998917807"
"t2_719" = "270132853"
"t2_718" = "2611385231"
"t3_772" = "721329145"
"t3_773" = "2708618605"
"t3_770" = "1108626625"
"t3_771" = "3062490741"
"t4_498" = "2289785768"
"t4_499" = "4243505436"
"t3_774" = "367515281"
"t3_775" = "2287683589"
"t4_494" = "3064841688"
"t4_495" = "723594060"
"t4_496" = "2677313728"
"t4_497" = "336066100"
"t4_490" = "3839897608"
"t4_491" = "1498649980"
"t4_492" = "3452369648"
"t4_493" = "1111122020"
"t3_574" = "465440817"
"t3_575" = "2385753509"
"t3_576" = "44511017"
"t3_577" = "2031403101"
"t4_308" = "450236304"
"t4_309" = "2403955972"
"t3_572" = "819315993"
"t3_573" = "2806611597"
"t4_304" = "1225292224"
"t4_305" = "3179011892"
"t4_306" = "837764264"
"t4_307" = "2791483932"
"t4_300" = "2000348144"
"t4_301" = "3954067812"
"t4_302" = "1612820184"
"t4_303" = "3566539852"
"t2_625" = "1304077823"
"t2_624" = "3645332797"
"t2_627" = "916547319"
"t2_626" = "3257809599"
"t2_621" = "2079131526"
"t2_620" = "125414736"
"t2_623" = "1691615017"
"t2_622" = "4032847587"
"t4_976" = "4159883840"
"t2_629" = "529032489"
"t2_628" = "2870279703"
"t4_876" = "2061445360"
"t4_877" = "4015165028"
"t3_598" = "76388049"
"t3_599" = "2063665221"
"t4_872" = "2836501280"
"t4_873" = "495253652"
"t2_99" = "144714846"
"t2_98" = "2485964439"
"t2_97" = "532244087"
"t2_96" = "2873496216"
"t2_95" = "919780955"
"t2_94" = "3261027793"
"t2_93" = "1307296511"
"t2_92" = "3648546907"
"t2_91" = "1694828724"
"t2_90" = "4036070057"
"t3_116" = "3309998777"
"t3_117" = "968766509"
"t3_114" = "3663742849"
"t4_273" = "789524660"
"t4_274" = "2743244328"
"t4_275" = "401996700"
"t4_276" = "2355716368"
"t4_277" = "14468740"
"t4_278" = "1968188408"
"t4_279" = "3921908076"
"t3_972" = "656825945"
"t3_973" = "2610688973"
"t3_974" = "235443569"
"t3_975" = "2189168357"
"t3_118" = "2889066833"
"t3_119" = "547832517"
"t2_826" = "3159707499"
"t3_934" = "3691466513"
"t3_50" = "3213539969"
"t3_51" = "872307765"
"t3_52" = "2792616377"
"t3_53" = "451373869"
"t3_54" = "2438204497"
"t3_55" = "97100229"
"t3_56" = "2017286985"
"t3_57" = "3971153149"
"t3_58" = "1663538785"
"t3_59" = "3617262485"
"t2_533" = "1950491422"
"t2_532" = "4291753399"
"t2_535" = "1562977595"
"t2_534" = "3904211143"
"t2_537" = "1175438276"
"t2_536" = "3516693940"
"t2_909" = "2109678911"
"t3_608" = "2467535273"
"t3_609" = "126300893"
"t3_581" = "1223043693"
"t3_603" = "1254920725"
[HKCU\Software\Coffin Of Evil]
"FileNameAtual" = "c:\%original file name%.exe"
[HKCU\Software\Abfx]
"t3_601" = "1676298109"
"t3_606" = "2821276337"
"t3_607" = "480175141"
"t3_604" = "3242211225"
"t3_605" = "901097741"
"t2_804" = "3127556983"
"t2_600" = "4000701065"
"t1_864" = "2363419867"
"t2_852" = "2416820171"
"t3_580" = "3564286201"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"
[HKCU\Software\Abfx]
"t4_401" = "1757538996"
"t1_953" = "198420591"
"t3_937" = "995966909"
"t1_486" = "3318197614"
"t1_487" = "1685795833"
"t1_484" = "260288030"
"t1_485" = "724507805"
"t1_482" = "3669067220"
"t1_483" = "56839045"
"t1_480" = "1118072543"
"t1_481" = "2481191130"
"t1_865" = "1457527624"
"t2_853" = "75568498"
"t1_488" = "1557206141"
"t1_489" = "385924041"
"t3_583" = "869228805"
"t2_971" = "2981222246"
"t3_930" = "171304257"
"t1_554" = "2378022997"
"t1_555" = "2683611844"
"t1_556" = "4051699380"
"t2_550" = "803985117"
"t1_550" = "1644554994"
"t1_551" = "2407411441"
"t1_552" = "3027572345"
"t1_553" = "3014684458"
"t1_866" = "680334550"
"t2_850" = "2804336159"
"t1_558" = "882317190"
"t1_559" = "3633497886"
"t3_970" = "1010631585"
"t4_472" = "3032681952"
"t3_582" = "3210465169"
"t4_473" = "691434324"
"t3_931" = "2125111029"
"t4_470" = "3420209912"
"t4_471" = "1078962284"
"t1_867" = "1269067744"
"t4_476" = "2257626032"
"t4_477" = "4211345700"
"t1_158" = "1781895885"
"t1_159" = "84096850"
"t4_474" = "2645153992"
"t3_932" = "4112396409"
"t1_150" = "1718160004"
"t1_151" = "2847995957"
"t1_152" = "3711261790"
"t1_153" = "397341753"
"t1_154" = "3944983156"
"t1_155" = "2724418674"
"t1_156" = "1882198952"
"t1_157" = "952491379"
"t2_604" = "3225635511"
"t1_860" = "1709804798"
"t2_856" = "1641753831"
"t3_839" = "2805077253"
"t3_584" = "2788956809"
"t1_802" = "1223024950"
"t1_803" = "1558419091"
"t1_800" = "1207575982"
"t4_6" = "3132383416"
"t1_806" = "2843079489"
"t1_807" = "1299340258"
"t1_804" = "4136456684"
"t1_805" = "3717910448"
"t2_807" = "398772034"
"t1_808" = "2254336591"
"t1_691" = "1542060654"
"t2_854" = "2029278514"
"t1_861" = "527657366"
"t2_857" = "3595470167"
"t2_929" = "2529376249"
"t3_587" = "94030549"
"t2_969" = "3368756627"
"t3_453" = "288484461"
"t4_936" = "3320508448"
"t1_738" = "477714081"
"t1_739" = "1603883138"
"t3_452" = "2596031225"
"t1_734" = "2930546667"
"t1_735" = "2256910000"
"t1_736" = "3520059869"
"t1_737" = "1140342445"
"t1_730" = "367302801"
"t3_451" = "642306421"
"t1_732" = "3410512835"
"t1_733" = "807278064"
"t1_862" = "42003878"
"t3_450" = "3017490369"
"t4_974" = "252444504"
"t1_614" = "3695052687"
"t3_457" = "3808654909"
"t3_586" = "2435142049"
"t3_456" = "1821367433"
"t3_455" = "4162468613"
"t3_454" = "2242281873"
"t1_863" = "3894788627"
"t4_775" = "2304254508"
"t4_774" = "350534840"
"t4_777" = "1916726548"
"t4_776" = "4257974176"
"t1_456" = "3849854719"
"t3_754" = "4209223041"
"t3_755" = "1901551413"
"t1_936" = "2932346805"
"t1_937" = "283453385"
"t1_934" = "3748552838"
"t1_935" = "1768433"
"t1_932" = "3006363145"
"t1_933" = "79416473"
"t1_930" = "56139825"
"t1_931" = "516464001"
"t1_697" = "550194825"
"t1_938" = "990944849"
"t1_939" = "186218511"
"t3_805" = "803041261"
"t3_938" = "2949828897"
"t3_806" = "2723283217"
"t2_855" = "3983013887"
"t1_979" = "3604776482"
"t2_962" = "2577606403"
"t3_939" = "575031893"
"t3_523" = "3871549909"
"t4_60" = "1259063088"
"t4_61" = "3212782756"
"t4_62" = "871535128"
"t4_63" = "2825254796"
"t4_64" = "484007168"
"t4_65" = "2437726836"
"t4_66" = "96479208"
"t4_67" = "2050198876"
"t4_68" = "4003918544"
"t4_69" = "1662670916"
"t3_349" = "3226608909"
"t3_348" = "1306428313"
"t2_1" = "1953726091"
"t2_0" = "6087"
"t2_7" = "791141453"
"t1_111" = "2937434354"
"t3_800" = "3919470761"
"t1_112" = "3225724932"
"t4_914" = "3288348712"
"t3_591" = "3613678821"
"t2_4" = "3519919827"
"t4_698" = "2191695432"
"t2_968" = "1415023579"
"t2_960" = "2965137933"
"t4_699" = "4145415100"
"t4_911" = "1722157004"
"t1_448" = "471718477"
"t4_894" = "2868661016"
"t3_801" = "1544750557"
"t1_449" = "638697818"
"t4_913" = "1334629044"
"t1_878" = "4052911493"
"t3_571" = "3160417173"
"t4_912" = "3675876672"
"t2_961" = "623890263"
"t2_702" = "1416635212"
"t2_603" = "1271915162"
"t2_700" = "1804170638"
"t2_701" = "3757895411"
"t2_706" = "641585759"
"t2_707" = "2595304838"
"t2_704" = "1029106144"
"t2_602" = "3613177582"
"t2_708" = "254053085"
"t2_709" = "2207762091"
"t2_601" = "1659450201"
"t4_640" = "545104384"
"t3_295" = "838500997"
"t3_294" = "3179669777"
"t3_297" = "417585597"
"t3_296" = "2758681609"
"t3_291" = "1580153077"
"t3_290" = "3954935617"
"t3_293" = "1225816045"
"t3_292" = "3533492857"
"t4_469" = "1466490244"
"t4_468" = "3807737872"
"t3_299" = "63181909"
"t3_298" = "2404872993"
"t3_749" = "3030171213"
"t2_606" = "2838114951"
"t4_663" = "2530983788"
"t4_662" = "577264120"
"t4_661" = "2918511748"
"t4_660" = "964792080"
"t4_667" = "1755927868"
"t2_605" = "884397763"
"t2_388" = "2128994808"
"t2_389" = "4082709856"
"t2_386" = "2516509105"
"t2_387" = "175275601"
"t2_384" = "2904045115"
"t2_385" = "562793764"
"t2_382" = "3291577223"
"t2_383" = "950328834"
"t2_380" = "3679094419"
"t2_381" = "1337844724"
"t2_636" = "1320163927"
"t2_287" = "2371789785"
"t2_634" = "1707694869"
"t2_635" = "3661412588"
"t2_632" = "2095214079"
"t2_633" = "4048929161"
"t3_446" = "3758729777"
"t4_217" = "3050372948"
"t4_406" = "2936202744"
"t2_285" = "2759321583"
"t2_638" = "932627058"
"t2_639" = "2886344691"
"t4_689" = "1788087604"
"t4_688" = "4129335232"
"t1_809" = "4264809694"
"t2_284" = "805608063"
"t3_522" = "1917826209"
"t4_681" = "3338199444"
"t2_283" = "3146857518"
"t4_683" = "2950671484"
"t4_682" = "996951816"
"t4_685" = "2563143524"
"t4_684" = "609423856"
"t4_687" = "2175615564"
"t2_282" = "1193138739"
"t4_205" = "1080573412"
"t4_204" = "3421821040"
"t4_207" = "693045452"
"t4_206" = "3034293080"
"t4_201" = "1855629332"
"t2_281" = "3534375723"
"t4_203" = "1468101372"
"t4_202" = "3809349000"
"t3_905" = "2868038973"
"t3_904" = "914172809"
"t3_907" = "2514164693"
"t2_280" = "1580658680"
"t4_209" = "305517492"
"t4_208" = "2646765120"
"t3_903" = "3255416325"
"t1_560" = "3638140829"
"t4_357" = "1693219524"
"t3_129" = "2938467677"
"t3_128" = "951177257"
"t2_681" = "3338191431"
"t4_356" = "4034467152"
"t3_123" = "4067611797"
"t3_122" = "2147300193"
"t3_121" = "193567229"
"t3_120" = "2534728777"
"t3_127" = "3292282533"
"t3_126" = "1372095793"
"t3_125" = "3713786765"
"t3_124" = "1726369305"
"t3_43" = "2388746325"
"t3_42" = "468569889"
"t3_41" = "2809681341"
"t3_40" = "855945225"
"t3_47" = "1613548133"
"t3_46" = "3988738289"
"t3_45" = "2035007309"
"t3_44" = "47580633"
"t2_522" = "1934411823"
"t4_353" = "2468275444"
"t3_49" = "1259667741"
"t3_48" = "3567284201"
"t2_526" = "1159358748"
"t2_527" = "3113074720"
"t2_524" = "1546893049"
"t4_352" = "514555776"
"t2_289" = "1984276398"
"t4_219" = "2662844988"
"t4_519" = "368225836"
"t4_518" = "2709473464"
"t4_849" = "850621876"
"t4_848" = "3191869504"
"t3_639" = "2903070373"
"t3_638" = "915782961"
"t4_511" = "1918337676"
"t4_510" = "4259585304"
"t4_513" = "1530809716"
"t4_512" = "3872057344"
"t4_515" = "1143281756"
"t4_514" = "3484529384"
"t4_517" = "755753796"
"t4_516" = "3097001424"
"t4_643" = "2111296092"
"t3_650" = "2919035553"
"t3_922" = "1721240033"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"
[HKCU\Software\Coffin Of Evil]
"FileName" = "Dlzcs1JtFiFdifAOxfQDRfRiNiFe7mZYws1o7ph9dNlo8r/YsgJ"
[HKCU\Software\Abfx]
"t3_962" = "2560645057"
"t4_598" = "93256952"
"t3_921" = "4062483581"
"t2_841" = "2400735243"
"t2_973" = "2593687400"
"t2_48" = "3584233721"
"t2_49" = "1242984850"
"t4_625" = "1304080436"
"t2_40" = "839372023"
"t2_41" = "2793087707"
"t2_42" = "451854187"
"t2_43" = "2405569255"
"t2_44" = "64319904"
"t2_45" = "2018036611"
"t2_46" = "3971753323"
"t2_47" = "1630518195"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Abfx]
"t2_840" = "447020943"
"t1_231" = "2346476536"
"t1_230" = "862279031"
"t1_233" = "2609367590"
"t1_232" = "3000801398"
"t1_235" = "117403185"
"t1_234" = "2274102613"
"t1_237" = "528915769"
"t1_236" = "2837555678"
"t1_239" = "167270191"
"t1_238" = "473375620"
"t1_585" = "633650498"
"t1_584" = "2335507196"
"t1_583" = "2817154419"
"t1_582" = "2459963910"
"t1_581" = "264958014"
"t1_580" = "1873693713"
"t1_845" = "1749085114"
"t1_129" = "2136272935"
"t1_128" = "717062866"
"t1_125" = "176668154"
"t1_124" = "2326545534"
"t1_127" = "37391922"
"t1_126" = "3376160219"
"t1_121" = "1128193421"
"t1_120" = "1620048957"
"t1_123" = "4260457966"
"t1_122" = "2000712209"
"t1_30" = "1450661814"
"t1_31" = "3704110417"
"t1_32" = "2226116702"
"t1_33" = "1086832200"
"t1_34" = "1718735322"
"t1_35" = "3820108427"
"t1_36" = "3427138062"
"t1_37" = "2259210387"
"t1_38" = "2674410221"
"t1_39" = "3044965404"
"t1_841" = "1582117721"
"t2_940" = "2545460567"
"t1_837" = "2650078202"
"t1_836" = "1889410198"
"t1_835" = "19862018"
"t2_514" = "3484520559"
"t1_833" = "1571672822"
"t1_832" = "2044696153"
"t1_831" = "3946735710"
"t1_830" = "3372765785"
"t4_946" = "1382868648"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\Abfx]
"t1_839" = "3926063479"
"t1_838" = "2583191791"
"t2_978" = "3772353546"
"t2_511" = "1918341455"
"t4_385" = "562795380"
"t2_510" = "4259579511"
"t2_845" = "1625672082"
"t3_708" = "237502201"
[HKCU\Software\Abfx\-1001785200]
"1566191708" = "0"
[HKCU\Software\Abfx]
"t3_924" = "1367426201"
"t4_702" = "1416639512"
"t3_898" = "2110425793"
"t4_404" = "3323730704"
"t1_909" = "2224748180"
"t2_844" = "3966922569"
"t4_905" = "2884740884"
"t1_903" = "2815491189"
"t1_902" = "2144218243"
"t1_901" = "1393336346"
"t1_900" = "3610776765"
"t1_907" = "862837824"
"t4_624" = "3645328064"
"t1_905" = "425982843"
"t1_904" = "3837586460"
"t2_974" = "252438118"
"t2_687" = "2175623889"
"t2_847" = "1238151651"
"t1_626" = "310453627"
"t2_898" = "2093611523"
"t3_658" = "1369026049"
"t3_961" = "606909021"
"t3_420" = "206641273"
"t3_376" = "142501961"
"t3_377" = "2096303613"
"t4_826" = "3159709768"
"t3_374" = "563436881"
"t1_874" = "3117972305"
"t2_846" = "3579401215"
"t4_475" = "303906364"
"t3_375" = "2483746501"
"t3_372" = "917243577"
"t3_622" = "4049802737"
"t3_373" = "2904668205"
"t4_509" = "2305865636"
"t3_370" = "1338755969"
"t3_813" = "3548011341"
"t4_858" = "1254229704"
"t3_371" = "3258936629"
"t4_859" = "3207949372"
"t1_944" = "3801857650"
"t3_928" = "592228009"
"t3_628" = "2853669561"
"t3_812" = "1594270169"
"t3_360" = "3276128521"
"t1_690" = "2661372913"
"t4_856" = "1641757664"
"t4_73" = "887614996"
"t4_72" = "3228862624"
"t4_71" = "1275142956"
"t4_70" = "3616390584"
"t4_77" = "112559076"
"t4_76" = "2453806704"
"t4_75" = "500087036"
"t4_74" = "2841334664"
"t4_850" = "2804341544"
"t4_79" = "4019998412"
"t4_78" = "2066278744"
"t3_358" = "3629943313"
"t3_359" = "1288712069"
"t4_851" = "463093916"
"t1_718" = "4115765761"
"t3_811" = "3901819989"
"t3_706" = "658416577"
"t4_852" = "2416813584"
"t4_853" = "75565956"
"t2_942" = "2157922283"
"t1_942" = "3719409603"
"t3_802" = "3498098497"
"t3_810" = "1948019489"
"t2_686" = "221891567"
"t2_970" = "1027503536"
"t4_948" = "995340688"
"t4_691" = "1400559644"
"t2_737" = "1077347355"
"t2_736" = "3418602297"
"t2_735" = "1464882905"
"t2_734" = "3806118405"
"t2_733" = "1852400615"
"t2_732" = "4193651239"
"t2_731" = "2239932246"
"t2_730" = "286217899"
"t2_739" = "689817389"
"t2_738" = "3031065099"
"t3_286" = "434650545"
"t3_287" = "2354960165"
"t3_284" = "822601369"
"t3_285" = "2775881741"
"t3_282" = "1176415201"
"t3_283" = "3130150165"
"t3_280" = "1597349065"
"t3_281" = "3551082109"
"t4_478" = "1870098072"
"t4_479" = "3823817740"
"t3_816" = "785386473"
"t3_288" = "13715625"
"t3_289" = "2001137117"
"t4_674" = "2547063656"
"t4_675" = "205816028"
"t4_676" = "2159535696"
"t4_677" = "4113255364"
"t4_670" = "3322119576"
"t4_671" = "980871948"
"t4_672" = "2934591616"
"t4_673" = "593343988"
"t3_750" = "722490353"
"t3_751" = "2676356453"
"t3_752" = "335113961"
"t3_753" = "2255355933"
"t4_678" = "1772007736"
"t4_679" = "3725727404"
"t3_756" = "3854889145"
"t3_757" = "1480092205"
"t1_532" = "4114609070"
"t3_854" = "2046237393"
"t3_815" = "3126629989"
"t2_359" = "1305696499"
"t2_358" = "3646945017"
"t2_609" = "109334351"
"t2_608" = "2450580497"
"t2_351" = "2855811639"
"t2_350" = "902080883"
"t2_353" = "2468281624"
"t2_352" = "514550076"
"t2_355" = "2080748436"
"t2_354" = "127029855"
"t2_357" = "1693213439"
"t2_356" = "4034464651"
"t4_216" = "1096653280"
"t2_286" = "418072909"
"t4_214" = "1484181240"
"t4_215" = "3437900908"
"t4_212" = "1871709200"
"t4_213" = "3825428868"
"t4_210" = "2259237160"
"t3_276" = "2372537145"
"t3_916" = "2917427513"
"t3_814" = "1206910193"
"t3_914" = "3305329153"
"t3_915" = "963704757"
"t3_912" = "3659138921"
"t4_153" = "2566365780"
"t4_218" = "709125320"
"t2_288" = "30555207"
"t4_903" = "3272268844"
"t3_274" = "2726427649"
"t3_138" = "3342326433"
"t3_139" = "1001095125"
"t3_134" = "4117000337"
"t3_135" = "1775888901"
"t3_136" = "3696136073"
"t3_137" = "1354899773"
"t3_130" = "597356225"
"t3_131" = "2517598325"
"t3_132" = "176367097"
"t3_133" = "2129715053"
"t3_76" = "2470540377"
"t3_77" = "129427917"
"t3_74" = "2824354209"
"t3_75" = "483250901"
"t3_72" = "3245859465"
"t3_73" = "904168509"
"t3_70" = "3599685521"
"t3_71" = "1291995397"
"t2_517" = "755760640"
"t2_516" = "3096994539"
"t2_515" = "1143275911"
"t3_270" = "3501615729"
"t2_513" = "1530813003"
"t2_512" = "3872062999"
"t3_78" = "2049672049"
"t3_79" = "4003407077"
"t2_977" = "1818627741"
"t4_949" = "2949060356"
"t3_620" = "108715737"
"t3_621" = "2062446669"
"t4_508" = "352145968"
"t4_408" = "2548674784"
"t3_624" = "3628343529"
"t3_625" = "1287248413"
"t3_626" = "3274538881"
"t3_627" = "933368117"
"t4_502" = "1514729848"
"t4_503" = "3468449516"
"t4_500" = "1902257808"
"t4_501" = "3855977476"
"t4_506" = "739673928"
"t4_507" = "2693393596"
"t4_504" = "1127201888"
"t4_505" = "3080921556"
"t2_976" = "4159885995"
"t1_536" = "3260460624"
"t3_819" = "2351888437"
"t4_707" = "2595303260"
"t3_836" = "1238639865"
"t1_537" = "4254901787"
"t3_818" = "431572609"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"
[HKCU\Software\Abfx]
"t4_752" = "318375104"
"t2_59" = "3600302215"
"t2_58" = "1646584054"
"t2_53" = "467934783"
"t2_52" = "2809168359"
"t2_51" = "855453315"
"t2_50" = "3196700565"
"t2_57" = "3987833820"
"t2_56" = "2034116148"
"t2_55" = "80402027"
"t2_54" = "2421653203"
"t3_827" = "835442581"
"t4_900" = "1706077136"
"t2_944" = "1770391335"
"t1_222" = "86822852"
"t1_223" = "398134106"
"t1_220" = "470500875"
"t1_221" = "3444161917"
"t1_226" = "3990664408"
"t1_227" = "1914784945"
"t1_224" = "1422494258"
"t1_225" = "4012136616"
"t1_598" = "2859205188"
"t1_599" = "1574125621"
"t1_228" = "3561790219"
"t1_229" = "2313740432"
"t2_582" = "3193484212"
"t3_936" = "3303643657"
"t1_138" = "2425041204"
"t1_139" = "3558372530"
"t1_136" = "1949346813"
"t1_137" = "1837059887"
"t1_134" = "778968582"
"t1_135" = "484347443"
"t1_132" = "2116274057"
"t1_133" = "3340237050"
"t1_130" = "2192664965"
"t1_131" = "201249792"
"t1_23" = "1864845111"
"t1_22" = "2262746789"
"t1_21" = "2520357343"
"t1_20" = "4276288728"
"t1_27" = "1609381262"
"t1_26" = "541312391"
"t1_25" = "110630630"
"t1_24" = "2239560109"
"t4_784" = "2707862336"
"t1_29" = "4048424825"
"t1_28" = "3221531117"
"t4_785" = "366614708"
"t4_786" = "2320334376"
"t4_787" = "4274054044"
"t1_828" = "1142181997"
"t4_788" = "1932806416"
"t4_789" = "3886526084"
"t1_820" = "2149821017"
"t1_821" = "3615900102"
"t1_822" = "1670808359"
"t1_823" = "3719257530"
"t1_824" = "1744517181"
"t1_825" = "228111243"
"t1_826" = "2510994324"
"t3_629" = "512437293"
"t3_950" = "624498257"
"t3_804" = "3144272505"
"t4_902" = "1318549176"
"t3_831" = "60111269"
"t1_442" = "2616026903"
"t3_951" = "2578353093"
"t2_764" = "2288178010"
"t3_918" = "2496571345"
"t1_918" = "1914760249"
"t1_919" = "927290146"
"t2_765" = "4241886115"
"t1_914" = "2979095186"
"t1_915" = "2326230481"
"t1_916" = "3319602270"
"t1_917" = "3764060479"
"t1_910" = "2911441479"
"t3_585" = "447855677"
"t1_912" = "3536196219"
"t1_659" = "2717209546"
"t2_767" = "3854364131"
"t1_443" = "4277296878"
"t4_713" = "1432719380"
"t4_901" = "3659796804"
"t4_712" = "3773967008"
"t3_919" = "188897605"
"t2_762" = "2675697654"
"t2_763" = "334461189"
"t3_858" = "1270967521"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Abfx]
"t1_440" = "3586053689"
"t2_583" = "852235077"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Abfx]
"t3_778" = "3887151265"
"t3_779" = "1512496597"
"t3_935" = "1349836933"
"t3_808" = "2369477641"
"t3_809" = "27849149"
"t1_635" = "3325584076"
"t4_604" = "3225640368"
"t1_441" = "1118518664"
"t3_917" = "542704301"
"t3_578" = "3985139137"
"t1_849" = "4058234122"
"t2_829" = "430937311"
"t1_634" = "2350844951"
"t1_446" = "943363911"
"t2_899" = "4047330661"
"t2_828" = "2772186398"
"t3_955" = "1803034005"
"t2_399" = "2145059476"
"t2_398" = "191342115"
"t4_46" = "3971758808"
"t4_47" = "1630511180"
"t4_44" = "64319472"
"t4_45" = "2018039140"
"t4_42" = "451847432"
"t4_43" = "2405567100"
"t4_40" = "839375392"
"t4_41" = "2793095060"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"
[HKCU\Software\Abfx]
"t1_846" = "2682307213"
"t4_659" = "3306039708"
"t4_48" = "3584230848"
"t4_49" = "1242983220"
"t2_395" = "2920131281"
"t2_394" = "966409153"
"t2_397" = "2532592060"
"t1_590" = "800484118"
"t2_396" = "578877559"
"t1_591" = "4019329685"
"t1_847" = "722721937"
"t2_391" = "3695176187"
"t2_848" = "3191879013"
"t1_444" = "1198765423"
"t2_390" = "1741460941"
"t1_593" = "419720698"
"t2_393" = "3307644086"
"t1_594" = "383910150"
"t2_392" = "1353924779"
"t1_595" = "39903429"
"t2_519" = "368227571"
"t1_596" = "1438730057"
"t1_844" = "4258318894"
"t1_445" = "1512559613"
"t2_789" = "3886526601"
"t3_913" = "1318041757"
"t4_195" = "3018213212"
"t4_194" = "1064493544"
"t4_197" = "2630685252"
"t4_196" = "676965584"
"t4_191" = "3793269132"
"t4_190" = "1839549464"
"t4_193" = "3405741172"
"t4_192" = "1452021504"
"t4_199" = "2243157292"
"t4_198" = "289437624"
"t4_449" = "1046802548"
"t4_448" = "3388050176"
"t3_910" = "4080126065"
"t3_729" = "2644020605"
"t3_728" = "690744265"
"t2_783" = "754144539"
"t3_725" = "3419225005"
"t3_724" = "1465484857"
"t3_727" = "2998302277"
"t3_726" = "1044569297"
"t3_721" = "4160999837"
"t3_720" = "2240691305"
"t3_723" = "3773099189"
"t3_722" = "1819757313"
"t3_570" = "1240239713"
"t1_842" = "210297948"
"t1_633" = "3712451716"
"t3_908" = "138984793"
"t3_911" = "1738894821"
"t2_348" = "1289616193"
"t2_349" = "3243334915"
"t2_618" = "512947643"
"t4_7" = "791135788"
"t2_342" = "2452204329"
[HKCU\Software\Coffin Of Evil]
"FirstExecution" = "08/11/2013 -- 05:10"
[HKCU\Software\Abfx]
"t2_340" = "2839717895"
"t2_341" = "498481519"
"t2_346" = "1677147680"
"t2_347" = "3630865004"
"t2_344" = "2064666407"
"t4_262" = "773444792"
"t3_431" = "256156773"
"t3_430" = "2564227825"
"t3_433" = "4130206493"
"t3_432" = "2209896937"
"t3_435" = "3776319029"
"t3_434" = "1789039745"
"t3_389" = "4066001773"
"t3_388" = "2145823225"
"t3_387" = "191968373"
"t3_386" = "2499646145"
"t3_385" = "545847645"
"t3_384" = "2887468073"
"t3_383" = "967287461"
"t3_27" = "1227413781"
"t3_381" = "1321113485"
"t3_380" = "3662279193"
"t2_298" = "2387884561"
"t2_299" = "46620960"
"t4_229" = "725205188"
"t4_228" = "3066452816"
"t4_223" = "1887789068"
"t2_291" = "1596738167"
"t4_221" = "2275317028"
"t2_293" = "1209220451"
"t2_294" = "3162941238"
"t2_295" = "821677511"
"t4_225" = "1500261108"
"t2_297" = "434153606"
"t2_500" = "1902263350"
"t2_501" = "3855978844"
"t2_502" = "1514729027"
"t2_503" = "3468446359"
"t2_504" = "1127195452"
"t2_505" = "3080913950"
"t2_506" = "739679575"
"t2_507" = "2693394836"
"t2_508" = "352145279"
"t2_509" = "2305863111"
"t4_871" = "882781612"
"t2_843" = "2013200443"
"t3_69" = "1645818477"
"t3_68" = "4020607225"
"t2_545" = "3920290077"
"t3_61" = "3195815565"
"t3_60" = "1242082585"
"t3_63" = "2842074533"
"t3_62" = "854718513"
"t3_65" = "2421139549"
"t3_64" = "500840233"
"t3_67" = "2066802549"
"t3_66" = "79908289"
"t3_655" = "4064541157"
"t3_654" = "2144224369"
"t3_657" = "3710137501"
"t2_547" = "3532772486"
"t3_651" = "544315349"
"t3_222" = "4245852337"
"t4_539" = "787913532"
"t4_538" = "3129161160"
"t4_537" = "1175441492"
"t2_236" = "1516347242"
"t4_535" = "1562969452"
"t3_223" = "1904609829"
"t4_533" = "1950497412"
"t1_523" = "872082217"
"t4_531" = "2338025372"
"t2_237" = "3470062909"
"t2_542" = "2354107915"
"t2_543" = "12854887"
"t4_726" = "1061271288"
"t4_626" = "3257800104"
"t4_270" = "3518300248"
"t4_271" = "1177052620"
"t4_102" = "1710910520"
"t4_272" = "3130772288"
"t4_103" = "3664630188"
"t3_115" = "1322645813"
"t3_112" = "4085188841"
"t3_113" = "1743561245"
"t2_766" = "1900655305"
"t3_110" = "144113137"
"t3_111" = "2131466085"
"t4_371" = "3275491100"
"t2_68" = "4003916317"
"t2_69" = "1662664989"
"t2_66" = "96484419"
"t2_67" = "2050201027"
"t2_64" = "484000922"
"t2_65" = "2437733936"
"t2_62" = "871543691"
"t2_63" = "2825252754"
"t2_60" = "1259065946"
"t2_61" = "3212785017"
"t4_756" = "3838286480"
"t4_757" = "1497038852"
"t1_977" = "3193078280"
"t3_849" = "867180445"
"t1_217" = "2286703336"
"t1_216" = "198684094"
"t1_215" = "3751184435"
"t1_214" = "3897627590"
"t1_213" = "972249034"
"t1_212" = "4268264777"
"t1_211" = "3503358658"
"t1_210" = "3068643141"
"t1_968" = "1168093689"
"t3_529" = "2742537885"
"t3_977" = "1835353501"
"t3_445" = "1838428301"
"t1_219" = "458748992"
"t1_218" = "184197750"
"t1_103" = "2352505330"
"t1_102" = "4037037561"
"t1_101" = "3492707465"
"t1_100" = "358533382"
"t1_107" = "2348882993"
"t1_106" = "2550558805"
"t1_105" = "17651909"
"t1_104" = "2787238812"
"t1_459" = "204108342"
"t1_458" = "3927221302"
"t1_109" = "2156116266"
"t1_108" = "3248808943"
"t3_693" = "1029884205"
"t1_16" = "11812630"
"t1_17" = "1063835113"
"t1_14" = "3083521426"
"t1_15" = "2746007198"
"t1_12" = "2491617721"
"t1_13" = "1574242749"
"t1_10" = "1181064540"
"t1_11" = "2662808239"
"t1_699" = "3358548370"
"t4_355" = "2080747484"
"t1_18" = "3297461086"
"t1_19" = "492568096"
"t3_823" = "1610108357"
"t3_579" = "1643978613"
"t1_679" = "3632357522"
"t1_678" = "403445898"
"t1_859" = "3039379813"
"t1_858" = "2722494102"
"t3_698" = "2208429153"
"t1_671" = "9295682"
"t4_354" = "127027816"
"t1_673" = "261917337"
"t1_672" = "930676041"
"t1_675" = "1376153952"
"t1_674" = "3414505521"
"t1_677" = "4068599416"
"t1_676" = "1825630208"
"t2_748" = "1093433533"
"t1_829" = "1056084071"
"t3_820" = "10722745"
"t2_723" = "3790049691"
"t4_576" = "61097216"
"t2_894" = "2868670162"
"t3_909" = "2092717773"
"t4_780" = "3482918256"
"t2_539" = "787921757"
"t4_258" = "1548500712"
"t2_538" = "3129152927"
"t1_768" = "2953450939"
"t2_432" = "2193304227"
"t2_433" = "4147023672"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"
[HKCU\Software\Abfx]
"t4_631" = "141496556"
"t4_259" = "3502220380"
"t4_874" = "2448973320"
"t2_438" = "1030717714"
"t4_351" = "2855803404"
"t2_439" = "2984434494"
"t1_760" = "111019324"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"
[HKCU\Software\Abfx]
"t4_403" = "1370011036"
"t4_350" = "902083736"
"t4_758" = "3450758520"
"t1_453" = "1741943833"
"t4_402" = "3711258664"
"t3_633" = "4032213501"
"t1_345" = "3260565770"
"t1_344" = "4101355449"
"t2_528" = "771826491"
"t2_749" = "3047147969"
"t1_495" = "1838376723"
"t1_347" = "80465282"
"t1_640" = "498439278"
"t1_346" = "1031938950"
"t3_632" = "2111904841"
"t3_947" = "3353552437"
"t1_341" = "899132381"
"t2_895" = "527406067"
"t1_340" = "4041684814"
"t4_59" = "3600310716"
"t4_58" = "1646591048"
"t1_343" = "4217773776"
"t4_51" = "855455260"
"t4_50" = "3196702888"
"t4_53" = "467927300"
"t4_52" = "2809174928"
"t4_55" = "80399340"
"t4_54" = "2421646968"
"t4_57" = "3987838676"
"t4_56" = "2034119008"
"t4_400" = "4098786624"
"t3_946" = "1399819393"
"t4_252" = "2711084592"
"t1_497" = "1979554914"
"t1_642" = "2305895333"
"t2_832" = "1997120237"
"t4_407" = "594955116"
"t3_906" = "560359073"
"t2_871" = "882782949"
"t2_975" = "2206167917"
"t2_199" = "2243150226"
"t2_198" = "289435099"
"t4_253" = "369836964"
"t1_854" = "2879402541"
"t2_193" = "3405735213"
"t2_192" = "1452018134"
"t2_191" = "3793261217"
"t2_190" = "1839553095"
"t2_197" = "2630683067"
"t2_196" = "676969261"
"t2_195" = "3018221323"
"t2_194" = "1064499552"
"t4_186" = "2614605384"
"t4_187" = "273357756"
"t4_184" = "3002133344"
"t4_185" = "660885716"
"t4_182" = "3389661304"
"t4_183" = "1048413676"
"t4_180" = "3777189264"
"t4_181" = "1435941636"
"t4_188" = "2227077424"
"t4_189" = "4180797092"
"t4_458" = "1450410376"
"t4_459" = "3404130044"
"t4_924" = "1350708912"
"t1_857" = "2472828160"
"t4_940" = "2545452528"
"t3_738" = "3047756353"
"t3_739" = "673101813"
"t4_450" = "3000522216"
"t4_451" = "659274588"
"t4_452" = "2612994256"
"t4_405" = "982483076"
"t4_454" = "2225466296"
"t4_455" = "4179185964"
"t4_456" = "1837938336"
"t4_457" = "3791658004"
"t3_900" = "1689502201"
"t3_871" = "899499909"
"t1_856" = "646870608"
"t2_379" = "1725375916"
"t2_378" = "4066629303"
"t2_377" = "2112898053"
"t2_376" = "159193274"
"t2_375" = "2500430377"
"t2_374" = "546713525"
"t2_373" = "2887961751"
"t2_372" = "934247075"
"t2_371" = "3275493517"
"t2_370" = "1321778835"
"t3_390" = "1724900497"
"t3_391" = "3711737349"
"t3_392" = "1370502025"
"t3_393" = "3290813757"
"t3_394" = "949571233"
"t3_395" = "2936988629"
"t3_396" = "595821913"
"t3_397" = "2549563085"
"t3_398" = "174379121"
"t3_399" = "2128115173"
"t3_428" = "2985228249"
"t3_429" = "610429261"
"t2_751" = "2659631083"
"t2_750" = "705898375"
"t2_753" = "2272096643"
"t2_752" = "318381999"
"t1_851" = "2548481570"
"t4_238" = "1128813016"
"t4_239" = "3082532684"
"t1_605" = "1864970904"
"t4_234" = "1903868936"
"t4_235" = "3857588604"
"t4_236" = "1516340976"
"t4_237" = "3470060644"
"t4_230" = "2678924856"
"t4_231" = "337677228"
"t4_232" = "2291396896"
"t4_233" = "4245116564"
"t2_575" = "2402337153"
"t2_574" = "448619264"
"t2_577" = "2014821563"
"t2_576" = "61102105"
"t2_571" = "3177402894"
"t2_570" = "1223687573"
"t2_573" = "2789870087"
"t2_572" = "836155803"
"t3_838" = "817722257"
"t2_579" = "1627285597"
"t2_578" = "3968544703"
"t1_492" = "1777145757"
"t1_911" = "2733733521"
"t3_18" = "824068097"
"t3_19" = "2777935285"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"
[HKCU\Software\Abfx]
"t4_657" = "3693567668"
"t3_14" = "1598875249"
"t3_15" = "3552680933"
"t3_16" = "1177894249"
"t3_17" = "3131758237"
"t3_10" = "2374147233"
"t3_11" = "32911829"
"t3_12" = "1953213273"
"t3_13" = "3906948301"
"t4_520" = "2321945504"
"t4_521" = "4275665172"
"t4_522" = "1934417544"
"t4_523" = "3888137212"
"t4_524" = "1546889584"
"t4_525" = "3500609252"
"t4_526" = "1159361624"
"t4_527" = "3113081292"
"t4_528" = "771833664"
"t4_529" = "2725553332"
"t3_648" = "3306923913"
"t3_649" = "965695805"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKCU\Software\Abfx]
"t4_654" = "2127375960"
"t2_409" = "207467143"
"t2_408" = "2548674102"
"t3_713" = "1416034877"
"t2_401" = "1757540841"
"t2_400" = "4098793830"
"t2_403" = "1370006290"
"t2_402" = "3711256945"
"t2_405" = "982487044"
"t2_404" = "3323725463"
"t2_407" = "594956633"
"t2_406" = "2936208235"
"t4_655" = "4081095628"
"t2_343" = "110950197"
"t3_874" = "2432381985"
"t3_703" = "3386962853"
"t1_447" = "2203829463"
"t3_835" = "3579872117"
"t3_702" = "1433624113"
"t3_701" = "3741295757"
"t2_71" = "1275148603"
"t2_70" = "3616384101"
"t2_73" = "887617634"
"t2_72" = "3228871553"
"t2_75" = "500084539"
"t2_74" = "2841330979"
"t2_77" = "112564546"
"t2_76" = "2453800000"
"t2_79" = "4019999859"
"t2_78" = "2066283667"
"t3_877" = "3998344269"
"t3_803" = "1156862197"
"t4_428" = "2968362480"
"t3_834" = "1593043393"
"t3_705" = "2965966429"
"t3_704" = "1012241705"
"t4_653" = "173656292"
"t4_425" = "1402170772"
"t4_424" = "3743418400"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2F 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Abfx]
"t3_876" = "2078032601"
"t3_709" = "2190774381"
"t3_837" = "3158957677"
"t1_114" = "3603080934"
"t1_115" = "3151014962"
"t1_116" = "108892870"
"t1_117" = "676204886"
"t1_110" = "2332165771"
"t2_6" = "3132375913"
"t2_5" = "1178655507"
"t1_113" = "3843088493"
"t4_748" = "1093431024"
"t2_9" = "403616547"
"t2_8" = "2744856711"
"t1_118" = "1370242500"
"t1_119" = "1426194114"
"t1_592" = "2189241226"
"t1_685" = "1397400630"
"t1_686" = "2704587510"
"t1_687" = "2703002651"
"t1_680" = "1016143214"
"t1_681" = "3427120476"
"t1_682" = "1795492695"
"t1_683" = "2230432716"
"t1_688" = "478751899"
"t1_689" = "2939185541"
"t3_979" = "1414500533"
"t4_589" = "3984616420"
"t4_651" = "561184252"
"t1_668" = "3173042413"
"t1_669" = "3366161816"
"t1_848" = "4152968991"
"t4_839" = "2788261676"
"t1_662" = "4187759278"
"t1_663" = "3548746293"
"t1_660" = "1627801921"
"t1_661" = "1309511378"
"t1_666" = "3784146579"
"t1_667" = "4150950245"
"t1_664" = "3432383673"
"t1_665" = "2627691545"
"t1_208" = "258126875"
"t1_209" = "4237031149"
"t1_200" = "4259662435"
"t1_201" = "2541999441"
"t1_202" = "3363216182"
"t1_203" = "3369677475"
"t1_204" = "761147175"
"t1_205" = "3789937703"
"t1_206" = "3022570006"
"t1_207" = "2914004629"
"t4_768" = "1513118720"
"t2_873" = "495248426"
"t3_830" = "2401338417"
[HKCU\Software\Abfx\-1001785200]
"791135788" = "90F58CE5C32F7BA07A580245971C155A8FF499CF1087B087B0AA7344CAC70C646A2321742BAEA2DC23E08C487683273BCEAACF828435A2D190864E998CB6C55092E485B159DB63BB7BC24732E63D8E577E8494A59103F55C5F8A04C4DAFBBF2AB0C5AE3A124749C0ABC082712FA68FCACF98A1836D170A2BDE572E083E793D2E"
[HKCU\Software\Abfx]
"t4_769" = "3466838388"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Abfx]
"t3_833" = "3934155869"
"t3_602" = "3596613857"
"t3_952" = "203566409"
"t3_953" = "2157430525"
"t3_899" = "4030606453"
"t4_635" = "3661407932"
"t3_832" = "1980420905"
"t3_956" = "3756898073"
"t3_957" = "1382099085"
"t4_870" = "3224029240"
"t3_954" = "4144724065"
"t1_597" = "901726429"
"t2_874" = "2448966273"
"t3_893" = "931893133"
"t3_892" = "3273058841"
"t3_600" = "4017532361"
"t3_958" = "3335963185"
"t2_729" = "2627454663"
"t1_720" = "278393966"
"t3_896" = "2464185385"
"t1_557" = "626865213"
"t4_731" = "2239935036"
"t1_766" = "3290094919"
"t4_730" = "286215368"
"t4_733" = "1852407076"
"t2_258" = "1548494706"
"t4_732" = "4193654704"
"t4_28" = "3164543152"
"t4_29" = "823295524"
"t4_24" = "3939599072"
"t4_25" = "1598351444"
"t4_26" = "3552071112"
"t4_27" = "1210823484"
"t4_20" = "419687696"
"t4_21" = "2373407364"
"t4_22" = "32159736"
"t4_23" = "1985879404"
"t4_737" = "1077351156"
"t3_901" = "3676797805"
"t4_736" = "3418598784"
"t2_746" = "1480964415"
"t4_738" = "3031070824"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"
[HKCU\Software\Abfx]
"t3_971" = "2964497621"
"t4_384" = "2904043008"
"t3_824" = "3530417993"
"t3_825" = "1189255421"
"t2_809" = "11239878"
"t2_743" = "4209755247"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"
[HKCU\Software\Abfx]
"t2_188" = "2227082491"
"t2_189" = "4180803451"
"t2_184" = "3002134687"
"t2_185" = "660884151"
"t2_186" = "2614602722"
"t2_187" = "273351397"
"t2_180" = "3777183961"
"t2_181" = "1435935516"
"t2_182" = "3389653796"
"t2_183" = "1048416288"
"t3_848" = "3208870505"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3G4L2686-J4L1-X5MV-12RE-JFH5V38F5030}]
"StubPath" = "%System%\Coffin Of Evil.exe Restart"
[HKCU\Software\Abfx\-1001785200]
"1178663748" = "431"
[HKCU\Software\Abfx]
"t3_251" = "740758165"
"t3_250" = "3115481441"
"t3_253" = "386410893"
"t3_252" = "2694099993"
"t3_255" = "4294010021"
"t3_254" = "2340274993"
"t3_257" = "3873157981"
"t3_256" = "1919295017"
"t3_259" = "3518811765"
"t3_258" = "1565480129"
"t4_427" = "1014642812"
"t4_426" = "3355890440"
"t4_421" = "2177226692"
"t4_420" = "223507024"
"t4_423" = "1789698732"
"t4_422" = "4130946360"
"t4_885" = "2465053188"
"t4_610" = "2063056488"
"t2_360" = "3259415639"
"t2_361" = "918162059"
"t2_362" = "2871877876"
"t2_363" = "530630111"
"t2_364" = "2484362649"
"t2_365" = "143113466"
"t2_366" = "2096835269"
"t2_367" = "4050545169"
"t2_368" = "1709294407"
"t2_369" = "3663011978"
"t3_891" = "1285648533"
"t3_890" = "3626884961"
"t3_897" = "156569949"
"t4_632" = "2095216224"
"t3_895" = "510450341"
"t3_894" = "2885624113"
"t3_417" = "2935696349"
"t3_416" = "981972649"
"t3_415" = "3323075877"
"t3_414" = "1402829745"
"t3_413" = "3744056845"
"t3_412" = "1756638361"
"t3_411" = "4097870613"
"t3_410" = "2178093537"
"t4_739" = "689823196"
"t4_634" = "1707688264"
"t2_744" = "1868481154"
"t2_745" = "3822201251"
"t2_742" = "2256022771"
"t1_637" = "537095908"
"t3_419" = "2581358325"
"t3_418" = "627625281"
"t1_636" = "3398991468"
"t4_636" = "1320160304"
"t4_680" = "1384479776"
"t1_631" = "587734713"
"t4_637" = "3273879972"
"t3_700" = "1787429657"
"t1_630" = "390667046"
The Virus modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
A firewall is disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"
To automatically run itself each time Windows is booted, the Virus adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xdocx" = "%System%\Coffin Of Evil.exe"
The Virus modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
To automatically run itself each time Windows is booted, the Virus adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"xcrx" = "%System%\Coffin Of Evil.exe"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"
The Virus modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Firewall notifications are disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"
The Virus deletes the following registry key(s):
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\termservice]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vds]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7390f3d8-0439-4c05-91e3-cf5cb290c3d0}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7390f3d8-0439-4c05-91e3-cf5cb290c3d0}\iexplore]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7584c670-2274-4efb-b00b-d6aaba6d3850}]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmserver]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}\iexplore]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4EDCB26C-D24C-4e72-AF07-B576699AC0DE}\iexplore]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44627E97-789B-40D4-B5C2-58BD171129A1}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7584c670-2274-4efb-b00b-d6aaba6d3850}\iexplore]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2}\iexplore]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SRService]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44627E97-789B-40D4-B5C2-58BD171129A1}\iexplore]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4EDCB26C-D24C-4e72-AF07-B576699AC0DE}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
The Virus deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7584c670-2274-4efb-b00b-d6aaba6d3850}\iexplore]
"Flags"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vds]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4EDCB26C-D24C-4e72-AF07-B576699AC0DE}\iexplore]
"Flags"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\File system]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot]
"AlternateShell"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Count"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBT]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Time"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Time"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Network]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44627E97-789B-40D4-B5C2-58BD171129A1}\iexplore]
"Type"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44627E97-789B-40D4-B5C2-58BD171129A1}\iexplore]
"Count"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44627E97-789B-40D4-B5C2-58BD171129A1}\iexplore]
"Time"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Type"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmserver]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
"NoExplorer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore]
"Type"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
"NoExplorer"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Base]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore]
"Count"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKCU\Software\Coffin Of Evil]
"FileNameAtual"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Count"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\EventLog]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\File system]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Browser]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Base]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Type"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SRService]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore]
"Time"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Count"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Type"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetMan]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AFD]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}\iexplore]
"Flags"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Messenger]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Time"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
"(Default)"
[HKCU\Software\Coffin Of Evil]
"ByPersist"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2}\iexplore]
"Flags"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Filter]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TDI]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\termservice]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
"(Default)"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
"(Default)"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7390f3d8-0439-4c05-91e3-cf5cb290c3d0}\iexplore]
"Flags"
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
"(Default)"
The Virus disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"
"xdocx"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware Tools"
"VMware User Process"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"
"(Default)"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"java"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"xcrx"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
"(Default)"
The process %original file name%.exe:2436 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F4 DF C8 BD 03 E6 14 8C 37 B1 E1 70 7B BB DC 40"
The process %original file name%.exe:1920 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F 68 B2 79 B4 63 6A 4A 8D 16 FB 53 71 B9 06 9E"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The process %original file name%.exe:3724 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 E4 16 21 3E 5E C0 3B 6A C7 D9 58 7A 1B 30 3A"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The process %original file name%.exe:2120 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FB B2 89 FB F9 4D 32 E5 2B CB C6 53 32 DE 89 5C"
The process %original file name%.exe:3192 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF E5 77 A5 2E 6A 07 96 9A 57 2A 12 B1 8B B6 28"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The process %original file name%.exe:2684 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 64 FC 66 55 2C BA 71 F8 BD 5F 9E C8 85 F1 AE"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The process %original file name%.exe:2696 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 C8 B6 3F 14 DC 03 4A 4C 9D 1D 70 5A 49 2C 81"
The process %original file name%.exe:504 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C E8 2E 2A 82 D7 7B 88 87 62 76 16 C2 4D 9A 2E"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The process %original file name%.exe:3208 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5E AD 35 79 5E 81 62 6F 66 CA 56 59 05 23 1D 58"
The process %original file name%.exe:1412 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FB 9D 21 BA CE C3 75 89 4B E0 F2 10 D7 8C A2 B7"
The process ctfmon.exe:1224 makes changes in the system registry.
The Virus deletes the following value(s) in system registry:
The Virus disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"
Network activity (URLs)
| URL | IP |
|---|---|
| hxxp://www.inform1ongung.info/t_100_v400/?rnd=1748859&id=17205786097 | 87.106.24.200 |
| hxxp://www.inform1ongung.info/t_100_v400/?rnd=1753468&id=17205786097 | |
| hxxp://www.f5ds1jkkk4d.info/t_100_v400/?rnd=1759250&id=17205786097 | 166.78.144.80 |
| hxxp://www.inform1ongung.info/t_100_v400/?rnd=1763796&id=17205786097 | |
| www.g1ikddcvns3sdsal.info | 74.208.164.166 |
| www.lukki6dnd2kdnc.info | 87.106.250.34 |
| www.h7smcnr1wlsdn34fgv.info | 87.106.250.34 |
| www.microsoft.com | 1.103.192.54 |
| www.bpfq02.com |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:2428
%original file name%.exe:1256
%original file name%.exe:3460
%original file name%.exe:3732
%original file name%.exe:3452
%original file name%.exe:2112
%original file name%.exe:2436
%original file name%.exe:1920
%original file name%.exe:3724
%original file name%.exe:2120
%original file name%.exe:3192
%original file name%.exe:2684
%original file name%.exe:2696
%original file name%.exe:504
%original file name%.exe:3208
%original file name%.exe:1412 - Delete the original Virus file.
- Delete or disinfect the following files created/modified by the Virus:
%System%\wmdrtc32.dl_ (26066 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%WinDir%\system.ini (57 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\AdobeARM.exe (5568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\READER_SL.EXE (15280 bytes)
%System%\wmdrtc32.dll (49152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winygmlms.exe (146944 bytes)
%System%\Coffin Of Evil.exe (342016 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (6376 bytes)
%System%\drivers\lfprmn.sys (43816 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xdocx" = "%System%\Coffin Of Evil.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"xcrx" = "%System%\Coffin Of Evil.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.