Virus.Win32.Sality_28dd132bda

by malwarelabrobot on November 4th, 2013 in Malware Descriptions.

Virus:Win32/Sality.AM (Microsoft), Trojan.Win32.Agent.aec (Kaspersky), Virus.Win32.Sality.ah (v) (VIPRE), Trojan.Clive (DrWeb), Win32.Sality.OG (B) (Emsisoft), W32/Sality.gen (McAfee), W32.Sality.AE (Symantec), Virus.Win32.Sality (Ikarus), Win32.Sality.OG (FSecure), Worm/AutoRun.HL (AVG), Win32:Kukacka (Avast), PE_SALITY.BU (TrendMicro), Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, Virus, WormAutorun


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary
Technical Details
Removal Recommendations

MD5: 28dd132bdad8f9650ebc66ad1f55541c
SHA1: a13273b1f2f5b49fbe74e33a7d3dcbfd4305c697
SHA256: 204c2db346d7ff01582b7fd1d27072737b2357428cf3a4737dd77c0d643550de
SSDeep: 1536:3BtrpE4otJKBxMnzvFU4h0fHRMfrzBNivATPofGtGlc4RNSGpFysjY5:3rpddx8zTSHifrOI0G54ZQB
Size: 86528 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2006-12-13 15:15:04


Summary:

Virus. A program that recursively replicates a possibly evolved copy of itself.

Payload

Behaviour Description
WormAutorun A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer.


Process activity

The Virus creates the following process(es):

netsh.exe:2724
NOTEPAD.EXE:196
NOTEPAD.EXE:3484

The Virus injects its code into the following process(es):

soundmix.exe:2644

File activity

The process soundmix.exe:2644 makes changes in the file system.
The Virus creates and/or writes to the following file(s):

%WinDir%\system.ini (70 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (432 bytes)
%Program Files%\Wireshark\WinPcap_4_0_1.exe (4096 bytes)
%System%\dllcache\zipexr.dll (1137 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
%System%\drivers\etc\hosts.tmp (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bafj.exe (601 bytes)

The Virus deletes the following file(s):

C:\704ff (0 bytes)
D:\70906 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bafj.exe (0 bytes)
%System%\drivers\etc\hosts (0 bytes)

Registry activity

The process netsh.exe:2724 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 86 36 49 4C 1F AC 19 53 3B 48 E4 A5 86 98 8F"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

A firewall is disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"

The process NOTEPAD.EXE:196 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 0C 12 8A D1 F6 2B 4D A3 2D 1F 15 02 D4 0C 3E"

The process NOTEPAD.EXE:3484 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 60 0E CF 3D D5 B5 25 8F 38 0E F6 7D 6F EF 74"

The process soundmix.exe:2644 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:

[HKCU\Software\adm914]
"a2_15" = "107543680"
"a2_14" = "100363204"

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKCU\Software\adm914]
"a2_16" = "114709161"
"a2_11" = "78856979"
"a2_10" = "71693626"
"a2_13" = "93192873"
"a2_12" = "86031196"
"a2_19" = "136215779"
"a2_18" = "129047057"
"a4_119" = "853125399"
"a4_118" = "845956278"
"a4_117" = "838787157"
"a4_116" = "831618036"
"a4_115" = "824448915"
"a4_114" = "817279794"
"a4_113" = "810110673"
"a4_112" = "802941552"
"a4_111" = "795772431"
"a4_110" = "788603310"
"a2_160" = "1147055701"
"a2_161" = "1154235723"
"a2_162" = "1161404057"
"a2_163" = "1168571275"
"a2_164" = "1175738395"
"a2_165" = "1182900269"
"a2_166" = "1190081324"
"a2_167" = "1197239932"
"a2_168" = "1204406624"
"a2_169" = "1211586615"
"a2_17" = "121879033"
"a4_337" = "2415993777"
"a4_336" = "2408824656"
"a4_335" = "2401655535"
"a4_334" = "2394486414"
"a4_333" = "2387317293"
"a4_332" = "2380148172"
"a4_331" = "2372979051"
"a4_330" = "2365809930"
"a4_339" = "2430332019"
"a4_338" = "2423162898"
"a3_275" = "1954659866"
"a3_274" = "1947600379"
"a3_277" = "2002712284"
"a3_276" = "1962103485"
"a3_271" = "1926113414"
"a3_270" = "1918678119"
"a3_273" = "1974165848"
"a3_272" = "1966722361"
"a3_279" = "1983582110"
"a3_278" = "2009623423"
"a3_0" = "17001001"
"a3_1" = "23989832"
"a2_304" = "2179410742"
"a2_305" = "2186576145"
"a2_306" = "2193746418"
"a2_307" = "2200925747"
"a2_300" = "2150739768"
"a2_301" = "2157908193"
"a2_302" = "2165078081"
"a2_303" = "2172244762"
"a2_308" = "2208092316"
"a2_309" = "2215262357"
"a4_249" = "1785111129"
"a4_248" = "1777942008"
"a4_195" = "1397978595"
"a4_243" = "1742096403"
"a4_242" = "1734927282"
"a4_241" = "1727758161"
"a4_240" = "1720589040"
"a4_247" = "1770772887"
"a4_246" = "1763603766"
"a4_245" = "1756434645"
"a4_244" = "1749265524"
"a3_8" = "40388897"
"a3_9" = "47967552"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"

[HKCU\Software\adm914]
"a3_189" = "1371566516"
"a3_188" = "1364647189"
"a3_187" = "1324038386"
"a3_186" = "1316586579"
"a3_185" = "1309597744"
"a3_184" = "1336102801"
"a3_183" = "1328655230"
"a3_182" = "1288058591"
"a3_181" = "1280611004"
"a3_180" = "1307180573"
"a2_238" = "1706246190"
"a2_239" = "1713415751"
"a4_39" = "279595719"
"a4_38" = "272426598"
"a2_230" = "1648900670"
"a4_34" = "243750114"
"a4_37" = "265257477"
"a4_36" = "258088356"
"a2_234" = "1677583712"
"a4_30" = "215073630"
"a4_33" = "236580993"
"a4_32" = "229411872"
"a4_265" = "1899817065"
"a4_264" = "1892647944"
"a4_267" = "1914155307"
"a4_266" = "1906986186"
"a4_261" = "1871140581"
"a2_323" = "2315630667"
"a2_432" = "3097064464"
"a2_433" = "3104206751"
"a2_430" = "3082715334"
"a2_431" = "3089885400"
"a2_436" = "3125735246"
"a4_263" = "1885478823"
"a2_434" = "3111400474"
"a2_435" = "3118564204"
"a2_438" = "3140070388"
"a2_321" = "2301280276"
"a4_319" = "2286949599"
"a3_322" = "2291869739"
"a3_453" = "3230791052"
"a3_452" = "3223736685"
"a1_279" = "1213459950"
"a1_278" = "1319461155"
"a1_277" = "567409570"
"a1_276" = "1894085835"
"a1_275" = "2543995241"
"a1_274" = "259830192"
"a1_273" = "850994984"
"a1_272" = "1730966339"
"a1_271" = "1823566757"
"a1_270" = "4032277527"
"a3_457" = "3259718400"
"a3_456" = "3285821153"
"a3_459" = "3307312066"
"a1_69" = "65016695"
"a1_68" = "1762946982"
"a3_458" = "3266772899"
"a1_65" = "4279654648"
"a1_64" = "803446142"
"a1_67" = "1438243894"
"a1_66" = "901160030"
"a1_61" = "1584111300"
"a1_60" = "1012568677"
"a1_63" = "2199012498"
"a1_62" = "1508623408"
"a3_27" = "176880658"
"a3_26" = "169827315"
"a1_301" = "674524763"
"a3_24" = "188875569"
"a3_23" = "148336286"
"a3_22" = "140888703"
"a1_305" = "1855723098"
"a3_20" = "159956413"
"a1_309" = "2099405644"
"a1_308" = "1911614445"
"a3_29" = "224867540"
"a3_28" = "183865525"

[HKCU\Software\adm914\695404737]
"21507363" = "0"

[HKCU\Software\adm914]
"a2_28" = "200730274"
"a2_29" = "207897820"
"a2_20" = "143378515"
"a2_21" = "150547504"
"a2_22" = "157727701"
"a2_23" = "164896439"
"a2_24" = "172064607"
"a2_25" = "179229672"
"a2_26" = "186395610"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system]
"DisableTaskMgr" = "1"

[HKCU\Software\adm914]
"a4_17" = "121875057"
"a1_349" = "1715588452"
"a4_16" = "114705936"
"a1_348" = "3379037843"
"a4_15" = "107536815"
"a4_14" = "100367694"
"a4_13" = "93198573"
"a1_345" = "929263584"
"a4_12" = "86029452"
"a1_344" = "3836906253"
"a4_11" = "78860331"
"a4_10" = "71691210"
"a4_108" = "774265068"
"a4_109" = "781434189"
"a4_104" = "745588584"
"a4_105" = "752757705"
"a4_106" = "759926826"
"a4_107" = "767095947"
"a4_100" = "716912100"
"a4_101" = "724081221"
"a4_102" = "731250342"
"a4_103" = "738419463"
"a2_155" = "1111216411"
"a2_154" = "1104050961"
"a2_157" = "1125553455"
"a2_156" = "1118387808"
"a2_151" = "1082532531"
"a2_150" = "1075365750"
"a2_153" = "1096868967"
"a2_152" = "1089702747"
"a2_159" = "1139884494"
"a2_158" = "1132719276"
"a4_324" = "2322795204"
"a4_325" = "2329964325"
"a4_326" = "2337133446"
"a4_327" = "2344302567"
"a4_320" = "2294118720"
"a4_321" = "2301287841"
"a4_322" = "2308456962"
"a4_323" = "2315626083"
"a4_328" = "2351471688"
"a4_329" = "2358640809"
"a3_392" = "2793594529"
"a3_268" = "1938194341"
"a3_269" = "1945179076"
"a3_262" = "1861734767"
"a3_263" = "1902212494"
"a3_260" = "1847236781"
"a3_261" = "1854160076"
"a3_266" = "1890133731"
"a3_267" = "1930746626"
"a3_264" = "1909255713"
"a3_265" = "1883210304"
"a4_258" = "1849633218"
"a4_259" = "1856802339"
"a4_250" = "1792280250"
"a4_251" = "1799449371"
"a4_252" = "1806618492"
"a2_332" = "2380151368"
"a4_254" = "1820956734"
"a4_255" = "1828125855"
"a4_256" = "1835294976"
"a4_257" = "1842464097"
"a3_464" = "3343287801"
"a3_460" = "3314758757"
"a3_461" = "3321800836"
"a3_462" = "3295169831"
"a3_463" = "3302744390"
"a3_198" = "1436076335"
"a3_199" = "1409969486"
"a3_194" = "1407548331"
"a3_195" = "1380982730"
"a3_196" = "1388556397"
"a3_197" = "1429034124"
"a3_190" = "1345525207"
"a3_191" = "1352568438"
"a3_192" = "1393042153"
"a3_193" = "1400620808"
"a2_209" = "1498342730"
"a2_208" = "1491181416"
"a2_205" = "1469675246"
"a2_204" = "1462493397"
"a2_207" = "1484010657"
"a2_206" = "1476842069"
"a2_201" = "1440991149"
"a2_200" = "1433825331"
"a2_203" = "1455326217"
"a2_202" = "1448157396"
"a3_393" = "2800513728"
"a2_447" = "3204604053"
"a2_446" = "3197434458"
"a2_445" = "3190255550"
"a2_444" = "3183084203"
"a2_443" = "3175916795"
"a2_442" = "3168753532"
"a2_441" = "3161587038"
"a2_440" = "3154416656"
"a2_449" = "3218936808"
"a2_448" = "3211768764"
"a1_268" = "1462823378"
"a1_269" = "809783988"
"a1_264" = "887437398"
"a1_265" = "1387875839"
"a1_266" = "37499292"
"a1_267" = "2166488953"
"a1_260" = "3977632989"
"a1_261" = "2209886128"
"a1_262" = "4263047986"
"a1_263" = "3916077009"
"a1_462" = "1230506583"
"a1_463" = "4001358386"
"a1_460" = "2054366512"
"a1_461" = "3387046547"
"a1_464" = "4163682697"
"a1_50" = "3279968952"
"a1_51" = "393509660"
"a1_52" = "2509499114"
"a1_53" = "983502658"
"a1_54" = "4181079458"
"a1_55" = "3258129305"
"a1_56" = "862501100"
"a1_57" = "956164292"
"a1_58" = "2675848356"
"a1_59" = "1605212659"
"a4_312" = "2236765752"
"a1_310" = "3076151368"
"a1_311" = "720125715"
"a1_312" = "1908833633"
"a1_313" = "1787347685"
"a1_314" = "2525313192"
"a1_315" = "3916292615"
"a1_316" = "1602538725"
"a1_317" = "3068607314"
"a1_318" = "46240183"
"a1_319" = "2045761674"

"a2_39" = "279601148"
"a2_38" = "272430350"
"a2_37" = "265263868"
"a2_36" = "258083235"
"a2_35" = "250913717"
"a2_34" = "243746986"
"a2_33" = "236578936"
"a2_32" = "229414332"
"a2_31" = "222248003"
"a2_30" = "215079398"
"a4_131" = "939154851"
"a4_130" = "931985730"
"a4_133" = "953493093"
"a4_132" = "946323972"
"a4_135" = "967831335"
"a4_134" = "960662214"
"a4_137" = "982169577"
"a4_136" = "975000456"
"a4_139" = "996507819"
"a4_138" = "989338698"
"a2_148" = "1061035370"
"a2_149" = "1068202341"
"a2_142" = "1018017178"
"a2_143" = "1025182025"
"a2_140" = "1003681584"
"a2_141" = "1010849115"
"a2_146" = "1046686686"
"a2_147" = "1053865842"
"a2_144" = "1032348036"
"a2_145" = "1039518085"
"a3_219" = "1553446098"
"a3_218" = "1545867443"
"a3_217" = "1572437008"
"a3_216" = "1565514737"
"a3_215" = "1524377438"
"a3_214" = "1517454143"
"a3_213" = "1510469276"
"a3_212" = "1536445053"
"a3_211" = "1529532890"
"a3_210" = "1488928187"
"a4_269" = "1928493549"
"a4_268" = "1921324428"
"a2_328" = "2351466832"
"a2_329" = "2358648797"
"a2_326" = "2337132036"
"a2_327" = "2344298220"
"a2_324" = "2322796828"
"a2_325" = "2329966473"
"a2_322" = "2308462826"
"a4_260" = "1863971460"
"a2_320" = "2294114552"
"a4_262" = "1878309702"
"a3_323" = "2332478538"
"a4_318" = "2279780478"
"a3_321" = "2284435336"
"a3_320" = "2310935401"
"a3_327" = "2327338446"
"a3_326" = "2320415151"
"a3_325" = "2346910988"
"a3_324" = "2339397869"
"a4_311" = "2229596631"
"a4_310" = "2222427510"
"a4_313" = "2243934873"
"a3_328" = "2368468577"
"a4_315" = "2258273115"
"a4_314" = "2251103994"
"a4_317" = "2272611357"
"a4_316" = "2265442236"
"a2_212" = "1519860932"
"a2_213" = "1527025838"
"a2_210" = "1505512304"
"a2_211" = "1512679767"
"a2_216" = "1548528559"
"a2_217" = "1555697215"
"a2_214" = "1534197178"
"a2_215" = "1541362783"
"a2_218" = "1562861960"
"a2_219" = "1570032883"
"a4_19" = "136213299"
"a4_18" = "129044178"
"a3_149" = "1051199068"
"a3_148" = "1044210237"
"a3_143" = "1008236550"
"a3_142" = "1034864615"
"a3_141" = "1027810116"
"a3_140" = "986812197"
"a3_147" = "1070844314"
"a3_146" = "1063277947"
"a3_145" = "1022800088"
"a3_144" = "1015749817"
"a3_377" = "2686171376"
"a2_454" = "3254784308"
"a2_455" = "3261943213"
"a2_456" = "3269124078"
"a2_457" = "3276284993"
"a2_450" = "3226101758"
"a2_451" = "3233268696"
"a2_452" = "3240439340"
"a2_453" = "3247606170"
"a2_458" = "3283455384"
"a2_459" = "3290620397"
"a1_251" = "2097477441"
"a1_250" = "966005236"
"a1_253" = "3421389970"
"a1_252" = "466274861"
"a1_255" = "4226860497"
"a1_254" = "1706733671"
"a1_257" = "2326064440"
"a1_256" = "936373185"
"a1_259" = "3875997565"
"a1_258" = "100874931"
"a1_419" = "3985832862"
"a1_418" = "2999585561"
"a1_417" = "911274072"
"a1_416" = "2415461403"
"a1_415" = "4048020866"
"a1_414" = "1942096613"
"a1_413" = "2613337376"
"a1_412" = "1765660751"
"a1_411" = "280197355"
"a1_410" = "3298914823"
"a1_47" = "981084091"
"a1_46" = "3626671372"
"a1_45" = "704506707"
"a1_44" = "2438022068"
"a1_43" = "205885446"
"a1_42" = "1821906596"
"a1_41" = "168884442"
"a1_40" = "2486886626"
"a1_49" = "4037985779"
"a1_48" = "3445293538"
"a1_325" = "3769910140"
"a1_324" = "325727882"
"a1_327" = "1689445422"
"a1_326" = "3480170450"
"a1_321" = "1821651162"
"a1_320" = "1287871001"
"a1_323" = "1289440939"
"a1_322" = "3528714075"
"a1_329" = "651915516"
"a1_328" = "682014582"
"a2_242" = "1734930663"
"a2_399" = "2860476310"
"a2_398" = "2853313683"
"a2_397" = "2846145159"
"a2_396" = "2838976304"
"a2_395" = "2831807692"
"a2_394" = "2824628071"
"a2_393" = "2817461997"
"a2_392" = "2810292908"
"a2_391" = "2803129978"
"a2_390" = "2795958763"

[HKCU\Software\adm914\695404737]
"50183847" = "220A81EA28C8D70C64445F713A395654C84D216EA98B265AA822CCBBDE12ADE56556C9151905C41258C63D9010AC28C9030195DE280B3CAD5952268B9B9DF4EFF6376B4262A188277B7D749B43F4F32F999F426F6ABCB3DB12919F34B0B202EFBB1241E233CFBDB66D98C9F65B2147F9A7537D32C0FC6EE07853A4C836F61207"

[HKCU\Software\adm914]
"a4_126" = "903309246"
"a4_127" = "910478367"
"a4_124" = "888971004"
"a4_125" = "896140125"
"a4_122" = "874632762"
"a4_123" = "881801883"
"a4_120" = "860294520"
"a4_121" = "867463641"
"a4_128" = "917647488"
"a4_129" = "924816609"
"a2_139" = "996511843"
"a2_138" = "989333476"
"a2_137" = "982163769"
"a2_136" = "974996257"
"a2_135" = "967832155"
"a2_134" = "960666631"
"a2_133" = "953496075"
"a2_132" = "946329529"
"a2_131" = "939149727"
"a2_130" = "931982874"
"a4_35" = "250919235"
"a3_208" = "1508041977"
"a3_209" = "1481480472"
"a2_231" = "1656064960"
"a3_204" = "1445500773"
"a3_205" = "1452936068"
"a3_206" = "1493543975"
"a3_207" = "1500987462"
"a3_200" = "1416954337"
"a2_232" = "1663233428"
"a3_202" = "1465015971"
"a3_203" = "1472066242"
"a2_233" = "1670401753"
"a4_31" = "222242751"
"a2_235" = "1684749461"
"a4_272" = "1950000912"
"a4_273" = "1957170033"
"a4_270" = "1935662670"
"a4_271" = "1942831791"
"a4_276" = "1978677396"
"a4_277" = "1985846517"
"a4_274" = "1964339154"
"a4_275" = "1971508275"
"a4_278" = "1993015638"
"a4_279" = "2000184759"
"a3_330" = "2348814115"
"a3_331" = "2356388674"
"a3_332" = "2363312101"
"a3_333" = "2403923972"
"a3_334" = "2411437223"
"a3_335" = "2384801990"
"a4_308" = "2208089268"
"a4_309" = "2215258389"
"a4_306" = "2193751026"
"a4_307" = "2200920147"
"a4_304" = "2179412784"
"a4_305" = "2186581905"
"a4_302" = "2165074542"
"a4_303" = "2172243663"
"a4_300" = "2150736300"
"a4_301" = "2157905421"
"a2_267" = "1914152338"
"a2_266" = "1906989383"
"a2_265" = "1899822309"
"a2_264" = "1892651916"
"a2_263" = "1885472673"
"a2_262" = "1878306794"
"a2_261" = "1871138450"
"a2_260" = "1863966964"
"a2_269" = "1928490501"
"a2_268" = "1921320532"
"a3_158" = "1115724279"
"a3_159" = "1123168790"
"a3_150" = "1092336383"
"a3_151" = "1099259678"
"a3_152" = "1106310065"
"a3_153" = "1080268752"
"a3_154" = "1087178867"
"a3_155" = "1127787666"
"a3_156" = "1135231285"
"a3_157" = "1108731220"
"a3_440" = "3171413137"
"a2_461" = "3304970473"
"a2_460" = "3297791362"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"

[HKCU\Software\adm914]
"a2_462" = "3312136646"
"a2_464" = "3326475617"
"a3_441" = "3178398000"
"a4_7" = "50183847"
"a4_6" = "43014726"
"a4_5" = "35845605"
"a4_4" = "28676484"
"a2_115" = "824446783"
"a4_2" = "14338242"
"a4_1" = "7169121"
"a4_0" = "0"
"a1_246" = "1545859177"
"a1_247" = "3901787594"
"a1_244" = "519236783"
"a1_245" = "934896268"
"a1_242" = "1125021068"
"a1_243" = "3867594792"
"a1_240" = "608152493"
"a1_241" = "219906859"
"a1_248" = "3420475044"
"a1_249" = "659696384"
"a1_408" = "3194659491"
"a1_409" = "215328455"
"a1_404" = "222824538"
"a1_405" = "874287694"
"a1_406" = "3490923146"
"a1_407" = "1283784330"
"a1_400" = "3114844745"
"a1_401" = "3144685992"
"a1_402" = "898138348"
"a1_403" = "1330768614"
"a1_338" = "223601883"
"a1_339" = "712926509"
"a1_98" = "4005917942"
"a1_99" = "2389569223"
"a1_94" = "2780035290"
"a1_95" = "1602099366"
"a1_96" = "2999997502"
"a1_97" = "371996047"
"a1_90" = "1762100289"
"a1_91" = "2798835764"
"a1_92" = "2634377875"
"a1_93" = "419953779"
"a3_448" = "3194799081"

[HKCU\Software\adm914\695404737]
"28676484" = "35"

[HKCU\Software\adm914]
"a3_96" = "671534665"
"a3_97" = "678453992"
"a3_94" = "690598327"
"a3_95" = "698045910"
"a3_92" = "643004661"
"a3_93" = "649993492"
"a3_90" = "662052915"
"a3_91" = "669107282"
"a3_98" = "685967115"
"a3_99" = "726580138"
"a4_463" = "3319303023"
"a4_462" = "3312133902"
"a4_461" = "3304964781"
"a4_460" = "3297795660"
"a2_128" = "917645668"
"a2_129" = "924813625"
"a4_464" = "3326472144"
"a2_124" = "888964516"
"a2_125" = "896146835"
"a2_126" = "903309863"
"a2_127" = "910480895"
"a2_120" = "860298928"
"a2_121" = "867462935"
"a2_122" = "874628530"
"a2_123" = "881796645"
"a3_231" = "1672935854"
"a3_230" = "1665877263"
"a3_233" = "1653814880"
"a3_232" = "1646370241"
"a3_235" = "1701334818"
"a3_234" = "1660856963"
"a3_237" = "1682343908"
"a3_236" = "1708909381"
"a3_239" = "1730403494"
"a3_238" = "1689270279"
"a4_211" = "1512684531"
"a4_207" = "1484008047"
"a4_206" = "1476838926"
"a4_205" = "1469669805"
"a4_204" = "1462500684"
"a4_203" = "1455331563"
"a4_202" = "1448162442"
"a4_201" = "1440993321"
"a4_200" = "1433824200"
"a4_209" = "1498346289"
"a4_208" = "1491177168"
"a3_305" = "2203581880"
"a3_304" = "2162448665"
"a3_307" = "2183924346"
"a3_306" = "2210566619"
"a3_301" = "2174512164"
"a3_300" = "2167589765"
"a3_303" = "2155521254"
"a3_302" = "2148466759"
"a2_1" = "7172256"
"a3_309" = "2231976764"
"a3_308" = "2191503005"
"a2_0" = "5634"
"a4_417" = "2989523457"
"a2_437" = "3132900651"
"a2_274" = "1964340416"
"a2_275" = "1971509867"
"a2_276" = "1978675148"
"a2_277" = "1985840007"
"a2_270" = "1935659106"
"a2_271" = "1942838051"
"a2_272" = "1950005242"
"a2_273" = "1957174306"
"a2_278" = "1993022126"
"a2_279" = "2000191386"
"a4_414" = "2968016094"
"a3_169" = "1228156448"
"a3_168" = "1187689857"
"a3_165" = "1199757484"
"a3_164" = "1192698893"
"a3_167" = "1180635502"
"a3_166" = "1206680783"
"a3_161" = "1171213096"
"a3_160" = "1163777673"
"a3_163" = "1151697898"
"a3_162" = "1144713035"
"a2_439" = "3147248967"
"a3_455" = "3278766670"
"a3_454" = "3271781935"
"a3_411" = "2929937810"
"a3_410" = "2922490227"
"a1_431" = "1830375168"
"a1_430" = "2886592440"
"a1_433" = "2155654220"
"a1_432" = "2526973899"
"a1_435" = "3837293706"
"a1_434" = "799408427"
"a1_437" = "1185904076"
"a1_436" = "2937879874"
"a1_439" = "589540105"
"a1_438" = "2585744328"
"a1_189" = "91384256"
"a1_188" = "3284854143"
"a1_181" = "2189919465"
"a1_180" = "77106541"
"a1_183" = "2480519723"
"a1_182" = "2824727979"
"a1_185" = "4023330850"
"a1_184" = "655584227"
"a1_187" = "507603096"
"a1_186" = "1570936623"
"a1_83" = "3453813293"
"a1_82" = "2605338954"
"a1_81" = "3359288588"
"a1_80" = "892278813"
"a1_87" = "2385051822"
"a1_86" = "650984643"
"a1_85" = "2916278139"
"a1_84" = "703901828"
"a1_347" = "2354116655"
"a1_346" = "3591366216"
"a1_89" = "1683780074"
"a1_88" = "185444892"
"a1_343" = "750262689"
"a1_342" = "1066545871"
"a1_341" = "3533626730"
"a1_340" = "3235479181"
"a2_249" = "1785115793"
"a2_248" = "1777938106"
"a1_299" = "4132920886"
"a1_298" = "2811439284"
"a1_295" = "526244250"
"a1_294" = "2844422968"
"a1_297" = "442484180"
"a1_296" = "1399641083"
"a1_291" = "4227411221"
"a1_290" = "892241831"
"a1_293" = "1248904028"
"a1_292" = "3667001840"
"a3_178" = "1292673371"
"a3_85" = "626081308"
"a3_84" = "585598461"
"a3_87" = "607024862"
"a3_86" = "633131711"
"a3_81" = "597665944"
"a3_80" = "590099577"
"a3_83" = "578085210"
"a3_82" = "571034939"
"a3_89" = "654610320"
"a3_88" = "614067057"
"a3_419" = "2986877162"
"a3_418" = "3013512267"
"a1_392" = "2612471350"
"a1_303" = "2748859777"
"a1_302" = "3567311290"
"a3_25" = "195929936"
"a2_111" = "795776987"
"a2_110" = "788610561"
"a2_113" = "810112637"
"a2_112" = "802944314"
"a4_3" = "21507363"
"a2_114" = "817276180"
"a2_117" = "838794907"
"a2_116" = "831614501"
"a2_119" = "853127916"
"a2_118" = "845962567"
"a4_9" = "64522089"
"a4_8" = "57352968"
"a3_21" = "167399900"
"a1_304" = "1090407013"
"a3_226" = "1636956043"
"a3_227" = "1610836010"
"a3_224" = "1588903625"
"a3_225" = "1629901672"
"a3_222" = "1608410679"
"a3_223" = "1581849174"
"a3_220" = "1593911669"
"a3_221" = "1600966036"
"a3_228" = "1617824845"
"a3_229" = "1624875244"
"a4_214" = "1534191894"
"a4_215" = "1541361015"
"a4_216" = "1548530136"
"a4_217" = "1555699257"
"a4_210" = "1505515410"
"a2_8" = "57358364"
"a4_212" = "1519853652"
"a4_213" = "1527022773"
"a2_5" = "35840512"
"a2_4" = "28675514"
"a2_7" = "50178311"
"a2_6" = "43013147"
"a4_218" = "1562868378"
"a4_219" = "1570037499"
"a2_3" = "21510456"
"a2_2" = "14343704"
"a3_318" = "2262948439"
"a3_319" = "2303950582"
"a3_312" = "2219916305"
"a3_313" = "2226966704"
"a3_310" = "2239031135"
"a3_311" = "2246548478"
"a3_316" = "2248445333"
"a3_317" = "2255889972"
"a3_314" = "2267968723"
"a3_315" = "2275010930"
"a3_172" = "1216092933"
"a3_173" = "1223671716"
"a3_170" = "1235731011"
"a3_171" = "1209100002"
"a3_176" = "1245079705"
"a3_177" = "1252068664"
"a3_174" = "1264145351"
"a3_175" = "1271198822"
"a2_241" = "1727752715"
"a2_240" = "1720583784"
"a2_243" = "1742099403"
"a3_179" = "1300121082"
"a2_245" = "1756432729"
"a2_244" = "1749267152"
"a2_247" = "1770769889"
"a2_246" = "1763601700"
"a3_420" = "2994455821"
"a3_421" = "3001383340"
"a4_445" = "3190258845"
"a4_444" = "3183089724"
"a4_447" = "3204597087"
"a1_426" = "1919119638"
"a1_427" = "2708785329"
"a1_424" = "1707993442"
"a1_425" = "4127301339"
"a1_422" = "1193787087"
"a1_423" = "1982197395"
"a1_420" = "1844939901"
"a1_421" = "105795570"
"a3_424" = "3022858881"
"a1_429" = "2606284755"
"a4_446" = "3197427966"
"a1_198" = "4164472270"
"a1_199" = "2487939370"
"a1_196" = "1439724701"
"a1_197" = "786043900"
"a1_194" = "1851799259"
"a1_195" = "557207469"
"a1_192" = "20407449"
"a1_193" = "872908152"
"a1_190" = "4152948391"
"a1_191" = "521727259"
"a4_441" = "3161582361"
"a1_358" = "635385849"
"a1_359" = "350524346"
"a1_354" = "1422935404"
"a1_355" = "189230580"
"a1_356" = "1780921689"
"a1_357" = "530558237"
"a1_350" = "2005695182"
"a1_351" = "2334578858"
"a1_352" = "2796954681"
"a1_353" = "473800632"
"a3_426" = "3070911299"
"a4_440" = "3154413240"
"a3_427" = "3077900258"
"a4_443" = "3175920603"
"a4_442" = "3168751482"
"a1_282" = "3894155668"
"a1_283" = "1787769934"
"a1_280" = "480719398"
"a1_281" = "1064075060"
"a1_286" = "344221831"
"a1_287" = "2731781862"
"a1_284" = "1888061892"
"a1_285" = "1601458350"
"a1_288" = "2884623998"
"a1_289" = "609288396"
"a4_401" = "2874817521"
"a3_429" = "3058850980"
"a4_400" = "2867648400"
"a4_403" = "2889155763"
"a4_402" = "2881986642"
"a4_405" = "2903494005"
"a4_404" = "2896324884"
"a4_407" = "2917832247"
"a4_406" = "2910663126"
"a4_390" = "2795957190"
"a4_197" = "1412316837"
"a4_196" = "1405147716"
"a2_104" = "745594826"
"a4_194" = "1390809474"
"a4_193" = "1383640353"
"a4_192" = "1376471232"
"a4_191" = "1369302111"
"a4_190" = "1362132990"
"a4_449" = "3218935329"
"a4_448" = "3211766208"
"a4_199" = "1426655079"
"a4_198" = "1419485958"
"a1_453" = "1555408236"
"a1_452" = "3374601744"
"a1_451" = "1460125621"
"a3_201" = "1424013824"
"a3_425" = "3029913376"
"a1_457" = "1479135712"
"a1_456" = "3513337734"
"a1_455" = "3337884977"
"a1_454" = "237860425"

"a1_398" = "3979030170"
"a1_399" = "4252055899"
"a3_369" = "2628699640"
"a3_368" = "2621645145"
"a3_367" = "2647756070"
"a3_366" = "2640767111"
"a3_365" = "2600170596"
"a3_364" = "2592723909"
"a3_363" = "2585673634"
"a3_362" = "2611780355"
"a3_361" = "2604787424"
"a3_360" = "2564178497"
"a3_107" = "750493346"
"a3_106" = "742980099"
"a3_105" = "769475040"
"a3_104" = "762555713"
"a3_103" = "754977070"
"a3_102" = "714511503"
"a2_258" = "1849635050"
"a2_259" = "1856805874"
"a2_256" = "1835302206"
"a2_257" = "1842468849"
"a2_254" = "1820950928"
"a2_255" = "1828120955"
"a2_252" = "1806619988"
"a2_253" = "1813783677"
"a2_250" = "1792286640"
"a2_251" = "1799451658"
"a4_229" = "1641728709"
"a4_228" = "1634559588"
"a1_393" = "4282137008"
"a4_221" = "1584375741"
"a4_220" = "1577206620"
"a4_223" = "1598713983"
"a4_222" = "1591544862"
"a4_225" = "1613052225"
"a4_224" = "1605883104"
"a4_227" = "1627390467"
"a4_226" = "1620221346"
"a3_430" = "3065901255"
"a2_107" = "767094463"
"a3_437" = "3149870012"
"a2_27" = "193561043"
"a3_436" = "3142426397"
"a3_385" = "2776670152"
"a1_428" = "185207784"
"a3_384" = "2769681321"
"a3_387" = "2757612682"
"a3_386" = "2784112747"
"a3_381" = "2748124788"
"a3_380" = "2741212629"
"a3_383" = "2729068342"
"a3_382" = "2721620631"
"a3_446" = "3214379735"
"a3_447" = "3187748726"
"a3_444" = "3166269973"
"a3_445" = "3206813364"
"a3_442" = "3185321299"
"a3_443" = "3159349746"

"a3_336" = "2391856505"
"a3_337" = "2432846232"
"a3_338" = "2439897659"
"a3_339" = "2446886490"
"a1_163" = "3544877453"
"a1_162" = "697061468"
"a1_161" = "3065842008"
"a1_160" = "1720009720"
"a1_167" = "1028019486"
"a1_166" = "72654248"
"a1_165" = "3780498123"
"a1_164" = "490302845"
"a1_169" = "300720720"
"a1_168" = "767421025"
"a1_361" = "2482505607"
"a1_360" = "2832746552"
"a1_363" = "1508249849"
"a1_362" = "200247447"
"a1_365" = "3923796785"
"a1_364" = "3370578840"
"a1_367" = "4125246004"
"a1_366" = "1825235936"
"a1_369" = "3090917636"
"a1_368" = "695349541"
"a3_449" = "3202245640"

[HKCU\Software\adm914\695404737]
"7169121" = "66"

[HKCU\Software\adm914]
"a2_88" = "630889017"
"a2_89" = "638055422"
"a2_86" = "616540132"
"a2_87" = "623707615"
"a2_84" = "602206374"
"a2_85" = "609370571"
"a2_82" = "587870358"
"a2_83" = "595038558"
"a2_80" = "573525487"
"a2_81" = "580702443"
"a1_389" = "2899591952"
"a1_388" = "1645123391"
"a1_383" = "2169071211"
"a1_382" = "4201540849"
"a1_381" = "1418528523"
"a1_380" = "4255371950"
"a1_387" = "813863162"
"a1_386" = "3189973654"
"a1_385" = "2847380925"
"a1_384" = "3860650996"
"a3_439" = "3130280062"
"a3_438" = "3123369951"
"a2_108" = "774259760"
"a4_184" = "1319118264"
"a4_185" = "1326287385"
"a4_186" = "1333456506"
"a4_187" = "1340625627"
"a4_180" = "1290441780"
"a4_181" = "1297610901"
"a4_182" = "1304780022"
"a4_183" = "1311949143"
"a2_109" = "781429040"
"a4_188" = "1347794748"
"a4_189" = "1354963869"
"a3_451" = "3249847498"
"a4_458" = "3283457418"
"a4_459" = "3290626539"
"a4_452" = "3240442692"
"a4_453" = "3247611813"
"a4_450" = "3226104450"
"a4_451" = "3233273571"
"a4_456" = "3269119176"
"a4_457" = "3276288297"
"a4_454" = "3254780934"
"a4_455" = "3261950055"
"a3_378" = "2693094675"
"a3_379" = "2700145074"
"a3_374" = "2664681375"
"a3_375" = "2705154110"
"a3_376" = "2712142929"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue" = "0"

[HKCU\Software\adm914]
"a3_370" = "2669182491"
"a3_371" = "2676691642"
"a3_372" = "2683746013"
"a3_373" = "2657102716"
"a3_114" = "834001179"
"a3_115" = "807894458"
"a3_116" = "814879197"
"a3_117" = "821922428"
"a3_110" = "771902343"
"a3_111" = "778955814"
"a3_112" = "785940569"
"a3_113" = "826942712"
"a3_118" = "862924447"
"a3_119" = "869974846"
"a4_238" = "1706250798"
"a4_239" = "1713419919"
"a4_236" = "1691912556"
"a4_237" = "1699081677"
"a4_234" = "1677574314"
"a4_235" = "1684743435"
"a4_232" = "1663236072"
"a4_233" = "1670405193"
"a4_230" = "1648897830"
"a4_231" = "1656066951"
"a2_236" = "1691917328"
"a2_9" = "64526409"
"a2_237" = "1699084509"
"a3_450" = "3242793131"
"a4_88" = "630882648"
"a4_89" = "638051769"
"a4_80" = "573529680"
"a4_81" = "580698801"
"a4_82" = "587867922"
"a4_83" = "595037043"
"a4_84" = "602206164"
"a4_85" = "609375285"
"a4_86" = "616544406"
"a4_87" = "623713527"
"a1_170" = "2874631231"
"a1_171" = "3880994450"
"a1_172" = "2212363492"
"a1_173" = "3103588703"
"a1_174" = "1456460477"
"a1_175" = "3900253581"
"a1_176" = "3647285737"
"a1_177" = "2105993807"
"a1_178" = "3490518847"
"a1_179" = "734829226"
"a1_376" = "2657829409"
"a1_377" = "297294231"
"a1_374" = "2696241838"
"a1_375" = "45886932"
"a1_372" = "3967401033"
"a1_373" = "1118750987"
"a1_370" = "1480024701"
"a1_371" = "2416106205"
"a1_378" = "1505191543"
"a1_379" = "635350727"
"a2_99" = "709740326"
"a2_98" = "702575706"
"a2_95" = "681060575"
"a2_94" = "673893892"
"a2_97" = "695409793"
"a2_96" = "688241077"
"a2_91" = "652393707"
"a2_90" = "645223870"
"a2_93" = "666726340"
"a2_92" = "659568406"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"

[HKCU\Software\adm914]
"a3_52" = "389745053"
"a3_53" = "396796476"
"a3_50" = "341766363"
"a3_51" = "348755322"
"a3_56" = "384737041"
"a3_57" = "425210800"
"a3_54" = "370165343"
"a3_55" = "377748222"
"a1_390" = "817807519"
"a1_391" = "700127641"
"a3_58" = "432789459"
"a3_59" = "406145138"
"a1_394" = "2604577891"
"a1_395" = "162795472"
"a1_396" = "1269894104"
"a1_397" = "2350241840"
"a4_421" = "3018199941"
"a3_297" = "2146049696"
"a3_296" = "2139060737"
"a3_295" = "2131608046"
"a3_294" = "2091003215"
"a3_293" = "2083555628"
"a3_292" = "2110067853"
"a3_291" = "2103079018"
"a3_290" = "2062081995"
"a3_299" = "2126993250"
"a3_298" = "2119545539"
"a4_429" = "3075552909"
"a4_428" = "3068383788"
"a4_427" = "3061214667"
"a4_426" = "3054045546"
"a4_425" = "3046876425"
"a4_424" = "3039707304"
"a4_423" = "3032538183"
"a4_422" = "3025369062"

[HKCR\exefile\shell\open\command]
"(Default)" = "soundmix %1 %*"

[HKCU\Software\adm914]
"a4_420" = "3011030820"
"a3_341" = "2427838236"
"a3_340" = "2420783869"
"a3_343" = "2475825118"
"a3_342" = "2468836287"
"a3_345" = "2456759440"
"a3_344" = "2482866289"
"a3_347" = "2504287570"
"a3_346" = "2463809843"
"a3_349" = "2485301780"
"a3_348" = "2511804917"
"a2_388" = "2781624058"
"a2_389" = "2788791485"
"a2_384" = "2752941136"
"a2_385" = "2760106396"
"a2_386" = "2767276446"
"a2_387" = "2774443883"
"a2_380" = "2724259860"
"a2_381" = "2731441824"
"a2_382" = "2738603588"
"a2_383" = "2745775933"
"a3_129" = "907869896"
"a3_128" = "934369961"
"a3_121" = "850861040"
"a3_120" = "843343697"
"a3_123" = "898388146"
"a3_122" = "891468819"
"a3_125" = "879323508"
"a3_124" = "905966805"
"a3_127" = "927442486"
"a3_126" = "886312343"
"a2_339" = "2430334445"
"a2_338" = "2423165342"
"a4_99" = "709742979"
"a4_98" = "702573858"
"a4_97" = "695404737"
"a4_96" = "688235616"
"a4_95" = "681066495"
"a4_94" = "673897374"
"a4_93" = "666728253"
"a4_92" = "659559132"
"a4_91" = "652390011"
"a4_90" = "645220890"
"a1_145" = "3545935014"
"a1_144" = "2362463433"
"a1_147" = "3504556257"
"a1_146" = "4081145613"
"a1_141" = "2039593267"
"a1_140" = "3050704728"
"a1_143" = "2160502889"
"a1_142" = "3276078211"
"a1_149" = "2154339371"
"a1_148" = "17924422"
"a2_331" = "2372982447"
"a2_330" = "2365815922"
"a2_333" = "2387314501"
"a4_253" = "1813787613"
"a2_335" = "2401652270"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system]
"DisableRegistryTools" = "1"

[HKCU\Software\adm914]
"a2_334" = "2394481862"
"a2_337" = "2415998350"
"a2_336" = "2408820284"
"a1_300" = "2607833081"
"a1_307" = "1164342254"
"a1_306" = "4165503663"
"a3_41" = "277248416"
"a3_40" = "269796609"
"a3_43" = "324843106"
"a3_42" = "284237251"
"a3_45" = "305778468"
"a3_44" = "332278405"
"a3_47" = "353765350"
"a3_46" = "313221959"
"a3_49" = "368270520"
"a3_48" = "360822809"
"a2_48" = "344117023"
"a2_49" = "351281263"
"a2_42" = "301097137"
"a2_43" = "308267107"
"a2_40" = "286765542"
"a2_41" = "293929070"
"a2_46" = "329782840"
"a2_47" = "336950359"
"a2_44" = "315446556"
"a2_45" = "322613627"
"a3_431" = "3106444646"
"a1_332" = "4163636122"
"a1_333" = "278283539"
"a1_330" = "2188483779"
"a1_331" = "2143393215"
"a1_336" = "302975745"
"a1_337" = "1828867813"
"a1_334" = "2072618947"
"a1_335" = "3950796961"
"a3_284" = "2019045813"
"a3_285" = "2026624468"
"a3_286" = "2067091063"
"a3_287" = "2074141334"
"a3_280" = "1990631473"
"a3_281" = "2031109200"
"a3_282" = "2038692083"
"a3_283" = "2045680914"
"a3_288" = "2048100105"
"a3_289" = "2055027624"
"a4_438" = "3140074998"
"a4_439" = "3147244119"
"a4_434" = "3111398514"
"a4_435" = "3118567635"
"a4_436" = "3125736756"
"a4_437" = "3132905877"
"a4_430" = "3082722030"
"a4_431" = "3089891151"
"a4_432" = "3097060272"
"a4_433" = "3104229393"
"a3_356" = "2568813773"
"a3_357" = "2576322924"
"a3_354" = "2521277451"
"a3_355" = "2528204970"
"a3_352" = "2540269385"
"a3_353" = "2547254248"
"a3_350" = "2492225207"
"a3_351" = "2499791574"
"a3_358" = "2583246223"
"a3_359" = "2556735022"
"a2_285" = "2043193365"
"a2_284" = "2036024905"
"a2_287" = "2057542662"
"a2_286" = "2050372982"
"a2_281" = "2014526313"
"a2_280" = "2007363538"
"a2_283" = "2028859197"
"a2_282" = "2021688466"
"a2_289" = "2071872767"
"a2_288" = "2064697578"
"a2_359" = "2573719217"
"a2_358" = "2566540710"
"a2_353" = "2530703027"
"a2_352" = "2523537048"
"a2_351" = "2516367983"
"a2_350" = "2509187148"
"a2_357" = "2559371597"
"a2_356" = "2552204435"
"a2_355" = "2545033459"
"a2_354" = "2537871389"
"a2_106" = "759925089"
"a3_138" = "1006335587"
"a3_139" = "979823234"
"a3_136" = "991836577"
"a3_137" = "998890944"
"a3_134" = "943841519"
"a3_135" = "950830350"
"a3_132" = "962897965"
"a3_133" = "970345548"
"a3_130" = "915379051"
"a3_131" = "922302346"
"a2_105" = "752759702"
"a2_102" = "731243655"
"a2_103" = "738425231"
"a2_100" = "716907020"
"a2_101" = "724076557"
"a4_62" = "444485502"
"a4_63" = "451654623"
"a4_60" = "430147260"
"a4_61" = "437316381"
"a4_66" = "473161986"
"a4_67" = "480331107"
"a4_64" = "458823744"
"a4_65" = "465992865"
"a4_68" = "487500228"
"a4_69" = "494669349"
"a1_158" = "3241245608"
"a1_159" = "960047714"
"a1_152" = "3585077454"
"a1_153" = "1940174244"
"a1_150" = "616209796"
"a1_151" = "1140471639"
"a1_156" = "285017413"
"a1_157" = "2388117257"
"a1_154" = "672000771"
"a1_155" = "3260803554"
"a1_32" = "2228506142"
"a1_33" = "3327188440"
"a1_30" = "1824821011"
"a1_31" = "523727079"
"a1_36" = "2512634876"
"a1_37" = "1781323860"
"a1_34" = "475164859"
"a1_35" = "2777715850"
"a1_38" = "1637663039"
"a1_39" = "3635438750"
"a3_74" = "513568291"
"a3_75" = "554631746"
"a3_76" = "561686245"
"a3_77" = "568613636"
"a3_70" = "485103791"
"a3_71" = "525712590"
"a3_72" = "533156193"
"a3_73" = "506656128"
"a3_78" = "542637991"
"a3_79" = "549622726"
"a2_59" = "422983283"
"a2_58" = "415804138"
"a2_51" = "365620202"
"a2_50" = "358450596"
"a2_53" = "379972060"
"a2_52" = "372800255"
"a2_55" = "394299601"
"a2_54" = "387137390"
"a2_57" = "408635325"
"a2_56" = "401468582"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"

[HKCU\Software\adm914]
"a4_153" = "1096875513"
"a4_152" = "1089706392"
"a4_151" = "1082537271"
"a4_150" = "1075368150"
"a4_157" = "1125551997"
"a4_156" = "1118382876"
"a4_155" = "1111213755"
"a4_154" = "1104044634"
"a4_409" = "2932170489"
"a4_408" = "2925001368"
"a4_159" = "1139890239"
"a4_158" = "1132721118"
"a4_391" = "2803126311"

[HKCU\Software\adm914\695404737]
"14338242" = "0"

[HKCU\Software\adm914]
"a4_393" = "2817464553"
"a4_392" = "2810295432"
"a4_395" = "2831802795"
"a4_394" = "2824633674"
"a4_397" = "2846141037"
"a4_396" = "2838971916"
"a4_399" = "2860479279"
"a4_398" = "2853310158"
"a3_433" = "3087376952"
"a3_432" = "3113879961"
"a4_379" = "2717096859"
"a4_378" = "2709927738"
"a3_389" = "2805656908"
"a3_388" = "2765048109"
"a3_435" = "3101883130"
"a3_434" = "3094824539"
"a4_373" = "2674082133"
"a4_372" = "2666913012"
"a4_371" = "2659743891"
"a4_370" = "2652574770"
"a4_377" = "2702758617"
"a4_376" = "2695589496"
"a4_375" = "2688420375"
"a4_374" = "2681251254"
"a2_348" = "2494849602"
"a2_349" = "2502020253"
"a2_340" = "2437497804"
"a2_341" = "2444666789"
"a2_342" = "2451832888"
"a2_343" = "2459003857"
"a2_344" = "2466184044"
"a2_345" = "2473352399"
"a2_346" = "2480520592"
"a2_347" = "2487687523"
"a2_298" = "2136395630"
"a2_299" = "2143562566"
"a2_292" = "2093378936"
"a2_293" = "2100557213"
"a2_290" = "2079042670"
"a2_291" = "2086207595"
"a2_296" = "2122056822"
"a2_297" = "2129227013"
"a2_294" = "2107724767"
"a2_295" = "2114894167"
"a4_71" = "509007591"
"a4_70" = "501838470"
"a4_73" = "523345833"
"a4_72" = "516176712"
"a4_75" = "537684075"
"a4_74" = "530514954"
"a4_77" = "552022317"
"a4_76" = "544853196"
"a4_79" = "566360559"
"a4_78" = "559191438"
"a1_129" = "3666882377"
"a1_128" = "4163338717"
"a1_127" = "216264262"
"a1_126" = "1014323328"
"a1_125" = "3732004624"
"a1_124" = "617426617"
"a1_123" = "3239407855"
"a1_122" = "3642542691"
"a1_121" = "25900169"
"a1_120" = "1282888115"
"a1_233" = "3936515088"
"a1_232" = "1216767675"
"a1_231" = "3322207566"
"a1_230" = "3961067112"
"a1_237" = "679175611"
"a1_236" = "2160583226"
"a1_235" = "835818582"
"a1_234" = "2630263774"
"a1_239" = "1511006042"
"a1_238" = "3831997040"
"a1_21" = "115156908"
"a1_20" = "257650511"
"a1_23" = "3508139252"
"a1_22" = "1069110314"
"a1_25" = "1240776484"
"a1_24" = "501932102"
"a1_27" = "2426647650"
"a1_26" = "2437404388"
"a1_29" = "1182994352"
"a1_28" = "271911618"
"a3_69" = "478110732"
"a3_68" = "470664173"
"a3_101" = "707522668"
"a3_63" = "468244982"
"a3_62" = "461186391"
"a3_61" = "454263092"
"a3_60" = "413199509"
"a3_67" = "497168202"
"a3_66" = "489720619"
"a3_65" = "449123976"
"a3_64" = "442135145"
"a3_109" = "798021476"
"a3_108" = "790966981"

[HKCU\Software\adm914\695404737]
"35845605" = "358"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1B 1B 65 FD 86 3C B0 9E C5 2D 23 D1 09 6D 86 7D"

[HKCU\Software\adm914]
"a2_68" = "487504990"
"a2_69" = "494673253"
"a2_64" = "458818014"
"a2_65" = "465987629"
"a2_66" = "473121274"
"a2_67" = "480334952"
"a2_60" = "430151872"
"a2_61" = "437321313"
"a2_62" = "444488127"
"a2_63" = "451652343"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"

[HKCU\Software\adm914]
"a4_140" = "1003676940"
"a4_141" = "1010846061"
"a4_142" = "1018015182"
"a4_143" = "1025184303"
"a4_144" = "1032353424"
"a4_145" = "1039522545"
"a4_146" = "1046691666"
"a4_147" = "1053860787"
"a4_148" = "1061029908"
"a4_149" = "1068199029"
"a4_418" = "2996692578"
"a4_419" = "3003861699"
"a4_386" = "2767280706"
"a4_387" = "2774449827"
"a4_384" = "2752942464"
"a4_385" = "2760111585"
"a4_382" = "2738604222"
"a4_383" = "2745773343"
"a4_380" = "2724265980"
"a4_381" = "2731435101"
"a4_388" = "2781618948"
"a4_389" = "2788788069"
"a2_199" = "1426659753"
"a2_198" = "1419491769"
"a2_191" = "1369305850"
"a2_190" = "1362126387"
"a2_193" = "1383644009"
"a2_192" = "1376474389"
"a2_195" = "1397973273"
"a2_194" = "1390808246"
"a2_197" = "1412311477"
"a2_196" = "1405142572"
"a4_368" = "2638236528"
"a4_369" = "2645405649"
"a3_390" = "2812641775"
"a3_391" = "2786540046"
"a3_396" = "2821991461"
"a3_397" = "2829566020"
"a3_394" = "2841581411"
"a3_395" = "2848623490"
"a4_360" = "2580883560"
"a4_361" = "2588052681"
"a4_362" = "2595221802"
"a4_363" = "2602390923"
"a4_364" = "2609560044"
"a4_365" = "2616729165"
"a4_366" = "2623898286"
"a4_367" = "2631067407"
"a4_26" = "186397146"
"a4_27" = "193566267"
"a4_24" = "172058904"
"a4_25" = "179228025"
"a2_379" = "2717092331"
"a2_378" = "2709922554"
"a2_375" = "2688422879"
"a4_22" = "157720662"
"a2_377" = "2702757117"
"a2_376" = "2695591144"
"a2_371" = "2659738069"
"a2_370" = "2652570514"
"a2_373" = "2674087493"
"a4_23" = "164889783"
"a4_20" = "143382420"
"a4_21" = "150551541"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"

[HKCU\Software\adm914]
"a4_44" = "315441324"
"a4_45" = "322610445"
"a4_46" = "329779566"
"a4_47" = "336948687"
"a4_40" = "286764840"
"a4_41" = "293933961"
"a4_42" = "301103082"
"a4_43" = "308272203"
"a4_48" = "344117808"
"a4_49" = "351286929"
"a1_2" = "485230736"
"a1_3" = "3853444982"
"a1_0" = "460512196"
"a1_1" = "60554659"
"a1_6" = "2967568760"
"a1_7" = "2364008730"
"a1_4" = "1097652720"
"a1_5" = "2542617784"
"a1_8" = "3389598041"
"a1_9" = "2448148539"
"a3_4" = "11991981"
"a3_5" = "52535244"
"a3_6" = "59977839"
"a3_7" = "67032206"
"a1_138" = "3864224278"
"a1_139" = "1805766389"
"a3_2" = "31040235"
"a3_3" = "4933386"
"a1_134" = "1619415955"
"a1_135" = "3385546623"
"a1_136" = "2424108530"
"a1_137" = "1886836647"
"a1_130" = "693803020"
"a1_131" = "397782768"
"a1_132" = "933620573"
"a1_133" = "3268612401"
"a2_409" = "2932177715"
"a2_408" = "2924997100"
"a2_403" = "2889160219"
"a2_402" = "2881993002"
"a2_401" = "2874814442"
"a2_400" = "2867644766"
"a2_407" = "2917827947"
"a2_406" = "2910660049"
"a2_405" = "2903497317"
"a2_404" = "2896329380"
"a1_220" = "1830315013"
"a1_221" = "4154585829"
"a1_222" = "1259089735"
"a1_223" = "1232909834"
"a1_224" = "2375990463"
"a1_225" = "200334114"
"a1_226" = "427263985"
"a1_227" = "3536242887"
"a1_228" = "1171576633"
"a1_229" = "1280459420"
"a1_14" = "1631113015"
"a1_15" = "1029269750"
"a1_16" = "3902277189"
"a1_17" = "3843152420"
"a1_10" = "487342623"
"a1_11" = "2929143928"
"a1_12" = "3870660821"
"a1_13" = "1882445557"
"a1_18" = "1071966849"
"a1_19" = "1168242813"
"a4_416" = "2982354336"
"a3_18" = "112354555"
"a3_19" = "152901914"
"a3_16" = "131411001"
"a3_17" = "104906840"
"a3_14" = "83367783"
"a3_15" = "124488582"
"a3_12" = "69459621"
"a3_13" = "76378820"
"a3_10" = "88506851"
"a3_11" = "95435266"
"a4_415" = "2975185215"
"a4_412" = "2953677852"
"a4_413" = "2960846973"
"a4_410" = "2939339610"
"a4_411" = "2946508731"
"a2_73" = "523340437"
"a2_72" = "516170124"
"a2_71" = "509004854"
"a2_70" = "501835046"
"a2_77" = "552020099"
"a2_76" = "544857368"
"a2_75" = "537686928"
"a2_74" = "530523414"
"a2_79" = "566354549"
"a2_78" = "559187478"
"a1_440" = "3781848003"
"a1_441" = "2235274063"
"a1_442" = "3135614374"
"a1_443" = "2668534146"
"a1_444" = "814238081"
"a1_445" = "2558236365"
"a1_446" = "3207226032"
"a1_447" = "2728617416"
"a4_175" = "1254596175"
"a4_174" = "1247427054"
"a4_177" = "1268934417"
"a4_176" = "1261765296"
"a4_171" = "1225919691"
"a4_170" = "1218750570"
"a4_173" = "1240257933"
"a4_172" = "1233088812"
"a4_179" = "1283272659"
"a4_178" = "1276103538"
"a2_188" = "1347790336"
"a2_189" = "1354960743"
"a2_186" = "1333460280"
"a2_187" = "1340621950"
"a2_184" = "1319108722"
"a2_185" = "1326292900"
"a2_182" = "1304775638"
"a2_183" = "1311955856"
"a2_180" = "1290440514"
"a2_181" = "1297607174"
"a3_415" = "2958480150"
"a3_414" = "2984984311"
"a3_417" = "3006523432"
"a3_416" = "2965403529"
"a4_359" = "2573714439"
"a4_358" = "2566545318"
"a3_413" = "2977536596"
"a3_412" = "2970543669"
"a4_355" = "2545037955"
"a4_354" = "2537868834"
"a4_357" = "2559376197"
"a4_356" = "2552207076"
"a4_351" = "2516361471"
"a4_350" = "2509192350"
"a4_353" = "2530699713"
"a4_352" = "2523530592"
"a3_253" = "1830771188"
"a3_252" = "1789764949"
"a3_251" = "1782710578"
"a3_250" = "1809280147"
"a3_257" = "1825746760"
"a3_256" = "1818692393"
"a3_255" = "1844811446"
"a3_254" = "1837822487"
"a3_259" = "1873798154"
"a3_258" = "1866220523"
"a3_422" = "3041926607"
"a3_423" = "3049502318"
"a4_289" = "2071875969"
"a4_288" = "2064706848"
"a4_287" = "2057537727"
"a4_286" = "2050368606"
"a4_285" = "2043199485"
"a4_284" = "2036030364"
"a4_283" = "2028861243"
"a4_282" = "2021692122"
"a4_281" = "2014523001"
"a4_280" = "2007353880"
"a2_362" = "2595218306"
"a2_363" = "2602385655"
"a2_360" = "2580887682"
"a2_361" = "2588054871"
"a2_366" = "2623905690"
"a2_367" = "2631072193"
"a2_364" = "2609554804"
"a2_365" = "2616724805"
"a2_368" = "2638239493"
"a2_369" = "2645407205"
"a3_428" = "3084957701"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"

[HKCU\Software\adm914]
"a3_398" = "2870043879"
"a3_399" = "2877036806"
"a3_100" = "733503437"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"

[HKCU\Software\adm914]
"a4_59" = "422978139"
"a4_58" = "415809018"
"a4_53" = "379963413"
"a4_52" = "372794292"
"a4_51" = "365625171"
"a4_50" = "358456050"
"a4_57" = "408639897"
"a4_56" = "401470776"
"a4_55" = "394301655"
"a4_54" = "387132534"
"a2_425" = "3046879329"
"a1_101" = "3604921372"
"a1_100" = "1811524026"
"a1_103" = "1341474398"
"a1_102" = "1720031995"
"a1_105" = "2707069588"
"a1_104" = "1710810929"
"a1_107" = "3711540977"
"a1_106" = "4198127270"
"a1_109" = "3689605918"
"a1_108" = "247794081"
"a1_459" = "2872319410"
"a1_458" = "1980876352"
"a2_418" = "2996698186"
"a2_419" = "3003866341"
"a2_410" = "2939343306"
"a2_411" = "2946513469"
"a2_412" = "2953682792"
"a2_413" = "2960843025"
"a2_414" = "2968012700"
"a2_415" = "2975182151"
"a2_416" = "2982348486"
"a2_417" = "2989528341"
"a1_215" = "1840188844"
"a1_214" = "4286419562"
"a1_217" = "2109566277"
"a1_216" = "2851871382"
"a1_211" = "2280047270"
"a1_210" = "1411965379"
"a1_213" = "3591161804"
"a1_212" = "2971169049"
"a1_219" = "90040997"
"a1_218" = "4203369411"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKCU\Software\adm914]
"a2_374" = "2681254420"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"

[HKCU\Software\adm914]
"a2_372" = "2666920254"
"a2_463" = "3319304581"
"a1_450" = "2562532042"

[HKCU\Software\adm914\695404737]
"43014726" = "0800687474703A2F2F73617367726F7774682E636F6D2F696D616765732F6C6F676F732E67696600687474703A2F2F7777772E61626173736965686D756E69636970616C6974792E636F6D2F696D616765732F6C6F676F732E67696600687474703A2F2F726567616C2D6D6F6E742E706F6E64692E68722F696D616765732F6C6F676F732E67696600687474703A2F2F726164696F2E697269622E69722F66617268616E672F696D616765732F6C6F676F732E67696600687474703A2F2F6D61656C6C6973726F6D616E63652E636F6D2F696D616765732F6D61696E682E67696600687474703A2F2F75733531363735372E62697A686F73746E65742E636F6D2F696D616765732F6C6F676F732E67696600687474703A2F2F70696E67616B73682E636F6D2F696D616765732F6D61696E662E67696600687474703A2F2F7777772E7261696C77617973657276696365732E62652F696D616765732F6C6F676F732E676966"

[HKCU\Software\adm914]
"a4_168" = "1204412328"
"a4_169" = "1211581449"
"a4_162" = "1161397602"
"a4_163" = "1168566723"
"a4_160" = "1147059360"
"a4_161" = "1154228481"
"a4_166" = "1190074086"
"a4_167" = "1197243207"
"a4_164" = "1175735844"
"a4_165" = "1182904965"
"a2_173" = "1240253327"
"a2_172" = "1233085701"
"a2_171" = "1225922979"
"a2_170" = "1218756200"
"a2_177" = "1268957557"
"a2_176" = "1261770509"
"a2_175" = "1254589968"
"a2_174" = "1247423966"
"a2_179" = "1283302270"
"a2_178" = "1276104936"
"a4_342" = "2451839382"
"a4_343" = "2459008503"
"a4_340" = "2437501140"
"a4_341" = "2444670261"
"a4_346" = "2480515866"
"a4_347" = "2487684987"
"a4_344" = "2466177624"
"a4_345" = "2473346745"
"a4_348" = "2494854108"
"a4_349" = "2502023229"
"a3_240" = "1737322713"
"a3_241" = "1744311672"
"a3_242" = "1718323611"
"a3_243" = "1725243962"
"a3_244" = "1765852765"
"a3_245" = "1773304572"
"a3_246" = "1746738975"
"a3_247" = "1753789374"
"a3_248" = "1761236945"
"a3_249" = "1801832560"
"a4_298" = "2136398058"
"a4_299" = "2143567179"
"a4_294" = "2107721574"
"a4_295" = "2114890695"
"a4_296" = "2122059816"
"a4_297" = "2129228937"
"a4_290" = "2079045090"
"a4_291" = "2086214211"
"a4_292" = "2093383332"
"a4_293" = "2100552453"
"a2_317" = "2272614493"
"a2_316" = "2265433775"
"a2_315" = "2258280377"
"a2_314" = "2251099430"
"a2_313" = "2243931298"
"a2_312" = "2236763848"
"a2_311" = "2229595271"
"a2_310" = "2222430072"
"a2_319" = "2286945105"
"a2_318" = "2279773620"
"a3_408" = "2941554865"
"a3_409" = "2949002448"
"a3_402" = "2865023611"
"a3_403" = "2906025626"
"a3_400" = "2884615609"
"a3_401" = "2857980376"
"a3_406" = "2893962239"
"a3_407" = "2901015582"
"a3_404" = "2913010493"
"a3_405" = "2886510428"
"a2_229" = "1641733408"
"a2_228" = "1634563716"
"a4_28" = "200735388"
"a4_29" = "207904509"
"a2_223" = "1598710589"
"a2_222" = "1591547994"
"a2_221" = "1584371539"
"a2_220" = "1577211424"
"a2_227" = "1627395896"
"a2_226" = "1620215986"
"a2_225" = "1613048361"
"a2_224" = "1605878754"
"a3_329" = "2375379584"
"a1_116" = "1233687469"
"a1_117" = "3187162136"
"a1_114" = "150117483"
"a1_115" = "1248377542"
"a1_112" = "2401533224"
"a1_113" = "459513874"
"a1_110" = "2625521915"
"a1_111" = "2506614593"
"a1_448" = "3316040598"
"a1_449" = "1752719989"
"a1_118" = "1678871422"
"a1_119" = "4094908745"

"a2_429" = "3075553441"
"a2_428" = "3068382180"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"

[HKCU\Software\adm914]
"a2_424" = "3039711684"
"a2_427" = "3061215554"
"a2_426" = "3054047819"
"a2_421" = "3018195267"
"a2_420" = "3011031568"
"a2_423" = "3032532225"
"a2_422" = "3025364477"
"a1_208" = "3358958473"
"a1_209" = "2943912719"
"a1_202" = "466885342"
"a1_203" = "2420495030"
"a1_200" = "3622058753"
"a1_201" = "3332137830"
"a1_206" = "1236170579"
"a1_207" = "628968123"
"a1_204" = "3574324245"
"a1_205" = "2362521059"
"a1_78" = "2173509112"
"a1_79" = "3697491492"
"a1_76" = "4039680408"
"a1_77" = "3516078452"
"a1_74" = "410722899"
"a1_75" = "1186257825"
"a1_72" = "1931224856"
"a1_73" = "3744450023"
"a1_70" = "4176835643"
"a1_71" = "3000039870"
"a3_30" = "231909751"
"a3_31" = "205278614"
"a3_32" = "212854281"
"a3_33" = "253401768"
"a3_34" = "260325067"
"a3_35" = "267899754"
"a3_36" = "241268621"
"a3_37" = "248309804"
"a3_38" = "289377359"
"a3_39" = "296296686"

To automatically run itself each time Windows is booted, the Virus adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"soundmix" = "%System%\soundmix.exe"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%System%]
"soundmix.exe" = "%System%\soundmix.exe:*:Enabled:ipsec"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"

Network activity (URLs)

No activity has been detected.

HOSTS file anomalies

The Virus modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses.
The modified file is 858 bytes in size. The following strings are added to the hosts file listed below:

61.129.115.198 www.xldd.com
61.129.115.198 www.ojiang.com
61.129.115.198 www.shuixian.net
61.129.115.198 www.xlarea.com


Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer.


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    netsh.exe:2724
    NOTEPAD.EXE:196
    NOTEPAD.EXE:3484

  2. Delete the original Virus file.
  3. Delete or disinfect the following files created/modified by the Virus:

    %WinDir%\system.ini (70 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (432 bytes)
    %Program Files%\Wireshark\WinPcap_4_0_1.exe (4096 bytes)
    %System%\dllcache\zipexr.dll (1137 bytes)
    %Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
    %System%\drivers\etc\hosts.tmp (1592 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\bafj.exe (601 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "soundmix" = "%System%\soundmix.exe"

  5. Restore the original content of the HOSTS file (%System%\drivers\etc\hosts):
    127.0.0.1 localhost
  6. Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
  7. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.