Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 103140 KB
File Type : Portable Executable 32
File Name

virussign.com_9d9d778dcf1416d8ee859302d3933c60.vir

MD5

9d9d778dcf1416d8ee859302d3933c60

SHA1

a00399fdf613feb705f7c9286cc5da371eda5b8c

SHA256

a3d0d7135fe4716e9cbfca2668062b2c8cbcd25877efbd3ad3

General information:

* File name: C:\Users\cognus\Desktop\Analyzed Viruses\8 June 2016\New folder\Sample\9d9d778dcf1416d8ee859302d3933c60.exe

Changes to registry :

* Creates value "AntiVirusOverride=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Creates value "AntiVirusDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Creates value "FirewallDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Creates value "FirewallOverride=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Creates value "UpdatesDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Creates value "UacDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Modifies value "AntiVirusOverride=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
old value empty
* Creates value "AntiVirusDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Creates value "FirewallDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Modifies value "FirewallOverride=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
old value empty
* Creates value "UpdatesDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Creates value "UacDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Modifies value "StoreLocation=C:\Users\cognus\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_explorer.exe_6192269a6283a15e6da7bbf46defb46f343a8b_cab_0d6bf305" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\Debug
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C00410070007000430072006100730068005F006500780070006C006F007200650072002E006500780065005F00360031003900320032003600390061003600320038003300610031003500650036006400610037006200620066003400360064006500660062003400360066003300340033006100380062005F006300610062005F00300064003600620066003300300035000000
old value "StoreLocation=C:\Users\cognus\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Revouninstaller._6a943e15864e38bbaaead9cbb69c28caa679c_cab_044a28a8"
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C004E006F006E0043007200690074006900630061006C005F005200650076006F0075006E0069006E007300740061006C006C00650072002E005F0036006100390034003300650031003500380036003400650033003800620062006100610065006100640039006300620062003600390063003200380063006100610036003700390063005F006300610062005F00300034003400610032003800610038000000
* Modifies value "ExceptionRecord=050000C0000000000000000056A298710200000000000000000000003F0001000000000000000000000000000000000000000000000000007F02000020000000FFFF00002EADB2730000000060A50C02" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\Debug
old value "ExceptionRecord=050000C000000000000000002F121D000200000000000000000000003F0001000000000000000000000000000000000000000000000000007F02000000000000FFFF0000000000000000000000000000"
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "DisableNotifications=00000001" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
old value empty
* Creates value "c1_0=3A113860" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_0=000017EE" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_0=01036A29" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_1=82613625" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_1=6E6772C9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_1=6F64054A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_1=6E676F63" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_2=9AAC900C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_2=DCCEC861" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_2=DDCDB4EF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_2=DCCEDEC6" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_3=DCD594F0" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_3=4B366A5C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_3=4A352400" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_3=4B364E29" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_4=5BB944B0" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_4=B99DAAAF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_4=B89ED7A5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_4=B99DBD8C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_5=D207F62B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_5=280535F7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_5=290646C6" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_5=28052CEF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_6=E4CAEA00" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_6=966C8A0D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_6=976FF67B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_6=966C9C52" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_7=BA3ED4C5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_7=04D42898" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_7=05D7619C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_7=04D40BB5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_8=400B05A5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_8=733B61EF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_8=72381131" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_8=733B7B18" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_9=B31539CF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_9=E1A2C956" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_9=E0A18052" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_9=E1A2EA7B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_10=10053487" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_10=500A4A91" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_10=510933F7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_10=500A59DE" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_11=5B7E9E1E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_11=BE71DF0C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_11=BF72A368" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_11=BE71C941" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_12=5666EB10" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_12=2CD9223E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_12=2DDA528D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_12=2CD938A4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_13=69375036" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_13=9B40BE4A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_13=9A43C22E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_13=9B40A807" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_14=ABEE9A64" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_14=09A83501" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_14=08AB7D43" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_14=09A8176A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_15=EF7F6492" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_15=780F99D3" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_15=790CECE4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_15=780F86CD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_16=49D670FA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_16=E676E929" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_16=E7759C19" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_16=E676F630" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_17=FFD2DCCA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_17=54DE7836" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_17=55DD0FBA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_17=54DE6593" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_18=8AA8D7CD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_18=C345CAA9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_18=C246BEDF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_18=C345D4F6" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_19=A2E33F0F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_19=31AD6452" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_19=30AE2E70" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_19=31AD4459" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_20=09F9CBE9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_20=A014A99C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_20=A117D995" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_20=A014B3BC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_21=48BE2CC7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_21=0E7C001B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_21=0F7F4936" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_21=0E7C231F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_22=77089539" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_22=7CE387E8" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_22=7DE0F8AB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_22=7CE39282" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_23=09775C5B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_23=EB4B14AC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_23=EA486BCC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_23=EB4B01E5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_24=42DF839B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_24=59B25482" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_24=58B11B61" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_24=59B27148" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_25=05109463" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_25=C819FEA6" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_25=C91A8A82" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_25=C819E0AB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_26=4B44AB32" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_26=3681472C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_26=37823A27" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_26=3681500E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_27=D8647C34" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_27=A4E89ABB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_27=A5EBD558" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_27=A4E8BF71" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_28=D522E5B9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_28=13503497" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_28=125344FD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_28=13502ED4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_29=D7822D6D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_29=81B7BBFD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_29=80B4F41E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_29=81B79E37" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_30=34B3D0A7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_30=F01F1527" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_30=F11C67B3" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_30=F01F0D9A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_31=DCB7FF4F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_31=5E8666A0" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_31=5F8516D4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_31=5E867CFD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_32=77D67F7B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_32=CCEDFB94" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_32=CDEE8649" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_32=CCEDEC60" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_33=2950DF1F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_33=3B554515" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_33=3A5631EA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_33=3B555BC3" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_34=97197A92" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_34=A9BCD5B5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_34=A8BFA10F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_34=A9BCCB26" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_35=0F518B3D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_35=182421A5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_35=192750A0" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_35=18243A89" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_36=F3DFE448" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_36=868BB3F0" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_36=8788C3C5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_36=868BA9EC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_37=EE504ACD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_37=F4F30CF7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_37=F5F07366" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_37=F4F3194F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_38=5F214168" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_38=635A9DC9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_38=6259E29B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_38=635A88B2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_39=1B85CDDF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_39=D1C1DCA2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_39=D0C2923C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_39=D1C1F815" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_40=C82534EB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_40=402978E4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_40=412A0D51" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_40=40296778" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_41=56E70DE6" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_41=AE90CCB8" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_41=AF93BCF2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_41=AE90D6DB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_42=4A520D88" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_42=1CF86513" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_42=1DFB2C17" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_42=1CF8463E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_43=690DA1DC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_43=8B5FA92C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_43=8A5CDF88" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_43=8B5FB5A1" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_44=ADE6D339" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_44=F9C73A22" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_44=F8C44F2D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_44=F9C72504" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_45=462A8A70" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_45=682E8A38" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_45=692DFE4E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_45=682E9467" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_46=D8522793" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_46=D69620BA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_46=D79569E3" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_46=D69603CA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_47=10D7018A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_47=44FD67DA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_47=45FE1904" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_47=44FD732D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_48=58A9D80E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_48=B364F5FB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_48=B26788B9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_48=B364E290" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_49=64028B2B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_49=21CC4B5F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_49=20CF3BDA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_49=21CC51F3" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_50=B5B4418A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_50=9033E2D6" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_50=9130AB7F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_50=9033C156" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_51=F938633B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_51=FE9B1D91" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_51=FF985A90" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_51=FE9B30B9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_52=1C92E6D5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_52=6D02BE4C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_52=6C01CA35" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_52=6D02A01C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_53=BE910703" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_53=DB6A16A2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_53=DA696556" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_53=DB6A0F7F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_54=155E00D9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_54=49D160EF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_54=48D214CB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_54=49D17EE2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_55=53277B8E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_55=B838F6C2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_55=B93B846C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_55=B838EE45" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_56=43DAAC14" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_56=26A07C3B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_56=27A33781" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_56=26A05DA8" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_57=B090AF50" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_57=9507D242" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_57=9404A722" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_57=9507CD0B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_58=F5C354BD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_58=036F1C59" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_58=026C5647" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_58=036F3C6E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_59=56245373" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_59=71D6BD58" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_59=70D5C1F8" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_59=71D6ABD1" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_60=C095571D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_60=E03E00AB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_60=E13D711D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_60=E03E1B34" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_61=EFC6DEDB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_61=4EA591F8" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_61=4FA6E0BE" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_61=4EA58A97" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_62=6398E788" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_62=BD0C6EED" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_62=BC0F93D3" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_62=BD0CF9FA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_63=99439192" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_63=2B7473FB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_63=2A770374" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_63=2B74695D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_64=227345E5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_64=99DBC2E0" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_64=98D8B2E9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_64=99DBD8C0" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_65=788B4912" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_65=08436DE9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_65=0940220A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_65=08434823" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_66=6433355A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_66=76AAADD4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_66=77A9DDAF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_66=76AAB786" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_67=D3A7EF21" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_67=E5123E93" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_67=E4114CC0" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_67=E51226E9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_68=BDCCF4FB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_68=5379B6D1" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_68=527AFC65" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_68=5379964C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_69=3AEB4274" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_69=C1E11219" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_69=C0E26F86" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_69=C1E105AF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_70=AEC1B8AC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_70=30486C88" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_70=314B1F3B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_70=30487512" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_71=569E4505" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_71=9EAFC1BF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_71=9FAC8E5C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_71=9EAFE475" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_72=FF8D2AF6" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_72=0D177084" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_72=0C1439F1" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_72=0D1753D8" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_73=055A5515" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_73=7B7EE3EF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_73=7A7DA912" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_73=7B7EC33B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_74=3B628420" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_74=E9E612FF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_74=E8E558B7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_74=E9E6329E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_75=7DBF5AA3" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_75=584DBA19" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_75=594EC828" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_75=584DA201" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_76=1C4E3A4A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_76=C6B5A1CD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_76=C7B67B4D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_76=C6B51164" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_77=C34D27F5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_77=351CA50D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_77=341FEAEE" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_77=351C80C7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_78=323B71BC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_78=A383E592" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_78=A2809A03" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_78=A383F02A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_79=31467D8C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_79=11EB46AA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_79=10E835A4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_79=11EB5F8D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_80=149E3267" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_80=8052DB3B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_80=8151A4D9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_80=8052CEF0" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_81=68F0726D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_81=EEBA1B70" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_81=EFB9547A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_81=EEBA3E53" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_82=A4B9D8CC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_82=5D21B360" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_82=5C22C79F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_82=5D21ADB6" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_83=03545DA5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_83=CB8902E0" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_83=CA8A7730" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_83=CB891D19" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_84=EE2BF347" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_84=39F09058" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_84=38F3E655" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_84=39F08C7C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_85=23B7DE61" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_85=A857E57C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_85=A95491F6" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_85=A857FBDF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_86=0C3180F4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_86=16BF760D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_86=17BC016B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_86=16BF6B42" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_87=AED42207" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_87=8526C206" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_87=8425B08C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_87=8526DAA5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_88=315B31D8" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_88=F38E53E4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_88=F28D2021" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_88=F38E4A08" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_89=E3C84B26" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_89=61F5A0F1" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_89=60F6D342" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_89=61F5B96B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_90=AD79D8B5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_90=D05D33E2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_90=D15E42E7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_90=D05D28CE" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_91=143EC18B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_91=3EC483B5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_91=3FC7F218" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_91=3EC49831" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_92=890DF8A7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_92=AD2C1DF1" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_92=AC2F6DBD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_92=AD2C0794" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_93=869E0F8E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_93=1B936998" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_93=1A901CDE" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_93=1B9376F7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_94=15573D67" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_94=89FAFE86" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_94=88F98C73" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_94=89FAE65A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_95=76DAD42B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_95=F8624005" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_95=F9613F94" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_95=F86255BD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_96=6CE76268" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_96=66C9D9EE" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_96=67CAAF09" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_96=66C9C520" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_97=A71028DA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_97=D531283D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_97=D4325EAA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_97=D5313483" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_98=94A77855" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_98=439881D1" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_98=429BC9CF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_98=4398A3E6" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_99=0B835D25" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_99=B200044E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_99=B3037960" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_99=B2001349" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_100=99AAF892" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_100=2067A3ED" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_100=2164E885" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_100=206782AC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_101=FA3D8A21" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_101=8ECEEEB1" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_101=8FCD9826" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_101=8ECEF20F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_102=818CD322" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_102=FD367DCC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_102=FC350B5B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_102=FD366172" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_103=E6255143" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_103=6B9DC56D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_103=6A9EBAFC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_103=6B9DD0D5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_104=68912C6C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_104=DA055A9E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_104=DB062A11" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_104=DA054038" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_105=211FC3B5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_105=486CBA50" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_105=496FC5B2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_105=486CAF9B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_106=51AD3D8C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_106=B6D40870" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_106=B7D774D7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_106=B6D41EFE" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_107=2735AFD1" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_107=253BAD4C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_107=2438E448" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_107=253B8E61" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_108=5ECF396B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_108=93A2DE7B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_108=92A197ED" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_108=93A2FDC4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_109=2CEAF67A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_109=020A7541" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_109=0309070E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_109=020A6D27" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_110=D5D55956" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_110=7071C10D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_110=7172B6A3" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_110=7071DC8A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_111=B35DA757" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_111=DED9683C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_111=DFDA21C4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_111=DED94BED" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_112=1A96300E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_112=4D409BB8" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_112=4C43D179" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_112=4D40BB50" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_113=DFB150EA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_113=BBA835C0" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_113=BAAB409A" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_113=BBA82AB3" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_114=7616090D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_114=2A0F8673" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_114=2B0CF03F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_114=2A0F9A16" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_115=AB137AB2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_115=98771103" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_115=99746350" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_115=98770979" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_116=5344F4D2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_116=06DE6329" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_116=07DD12F5" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_116=06DE78DC" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_117=5B8E368C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_117=7545F567" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_117=74468216" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_117=7545E83F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_118=8E8DA9D8" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_118=E3AD4C57" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_118=E2AE3D8B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_118=E3AD57A2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_119=032DA55E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_119=5214E4C2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_119=5317AD2C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_119=5214C705" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_120=3246B1DA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_120=C07C2991" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_120=C17F5C41" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_120=C07C3668" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_121=8D557699" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_121=2EE3BC27" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_121=2FE0CFE2" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_121=2EE3A5CB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_122=77C354E4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_122=9D4B0884" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_122=9C487F07" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_122=9D4B152E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_123=BEE2E92B" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_123=0BB29C5C" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_123=0AB1EEB8" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_123=0BB28491" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_124=A44156AD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_124=7A19EDAB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_124=7B1A99DD" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_124=7A19F3F4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_125=367EF569" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_125=E8817C52" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_125=E982097E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_125=E8816357" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_126=5B80FCF4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_126=56E8F6CF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_126=57EBB893" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_126=56E8D2BA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_127=191FE3C7" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_127=C5505CCB" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_127=C4532834" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_127=C550421D" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_128=0129DA5E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_128=33B79065" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_128=32B4DBA9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_128=33B7B180" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_129=CEC84EB4" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_129=A21F01D8" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_129=A31C4ACA" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_129=A21F20E3" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_130=93230202" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_130=10868D09" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_130=1185FA6F" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_130=10869046" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_131=5B3FAD75" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_131=7EEDE27E" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c3_131=7FEE9580" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c4_131=7EEDFFA9" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c1_132=CDC4BD99" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "c2_132=ED554CDF" in key HKEY_CURRENT_USER\software\Algfsa
* Creates value "1852272483=0000017C" in key HKEY_CURRENT_USER\software\Algfsa\-1308617911
* Creates value "-1180844660=00000023" in key HKEY_CURRENT_USER\software\Algfsa\-1308617911
* Creates value "671427823=00000098" in key HKEY_CURRENT_USER\software\Algfsa\-1308617911
* Creates value "-1771266990=0400687474703A2F2F7777772E6665756572776568722D616D656C6974682E64652F626F74746F6D2E67696600687474703A2F2F6A6C736861682E636F2E696E2F696D616765732F626F74746F6D2E67696600687474703A2F2F636173616A656E73656E2E636F6D2F696D616765732F626F74746F6D2E67696600687474703A2F2F36312E31392E3235352E362F696D6167652E676966" in key HKEY_CURRENT_USER\software\Algfsa\-1308617911
binary data=300034003000300036003800370034003700340037003000330041003200460032004600370037003700370037003700320045003600360036003500370035003600350037003200370037003600350036003800370032003200440036003100360044003600350036004300360039003700340036003800320045003600340036003500320046003600320036004600370034003700340036004600360044003200450036003700360039003600360030003000360038003700340037003400370030003300410032004600320046003600410036004300370033003600380036003100360038003200450036003300360046003200450036003900360045003200460036003900360044003600310036003700360035003700330032004600360032003600460037003400370034003600460036004400320045003600370036003900360036003000300036003800370034003700340037003000330041003200460032004600360033003600310037003300360031003600410036003500360045003700330036003500360045003200450036003300360046003600440032004600360039003600440036003100360037003600350037003300320046003600320036004600370034003700340036004600360044003200450036003700360039003600360030003000360038003700340037003400370030003300410032004600320046003300360033003100320045003300310033003900320045003300320033003500330035003200450033003600320046003600390036004400360031003600370036003500320045003600370036003900360036000000
* Creates value "81005493=1155C9E751204964A650FC1268A48E994F2CE60D53461AA72DB149B328BCDF94E783C77A9C678A58834E4B25A16FCE4A7CD57D848A965718CFD383B8A80F71B59A5DF35CDB06B8258E5C4533D203F74CE61044C457FB0E659DE08B39A113F4B865793CBF25E938F884D0A2B1F6A4487B470EB4EB4490D12E92A9B96261BC4D47" in key HKEY_CURRENT_USER\software\Algfsa\-1308617911
binary data=31003100350035004300390045003700350031003200300034003900360034004100360035003000460043003100320036003800410034003800450039003900340046003200430045003600300044003500330034003600310041004100370032004400420031003400390042003300320038004200430044004600390034004500370038003300430037003700410039004300360037003800410035003800380033003400450034004200320035004100310036004600430045003400410037004300440035003700440038003400380041003900360035003700310038004300460044003300380033004200380041003800300046003700310042003500390041003500440046003300350043004400420030003600420038003200350038004500350043003400350033003300440032003000330046003700340043004500360031003000340034004300340035003700460042003000450036003500390044004500300038004200330039004100310031003300460034004200380036003500370039003300430042004600320035004500390033003800460038003800340044003000410032004200310046003600410034003400380037004200340037003000450042003400450042003400340039003000440031003200450039003200410039004200390036003200360031004200430034004400340037000000
* Modifies value "Hidden=00000002" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
old value "Hidden=00000001"
* Creates value "ShellViewReentered=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{c9d04f3b-1c7e-11e6-979c-806e6f6e6963}
old value empty
* Creates value "ertrqvg.rkr=000000000300000008000000979D0600000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF70CDE08F3FC1D10100000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}
* Modifies value "HRZR_PGYFRFFVBA=0000000022020000261B000046E65708660000002C0100009F914E007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C004E004F00540045005000410044002E0045005800450000006A040000000058948B7513000000B03152D6F1B25748A4CEA8E7C6EA7D2743003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C004E004F00540045005000410044002E0045005800450000004000440050CB6A040000000140CC6A04000000000000000000000000030000002000000040000000020000000305E67628289B72641B0F04541B0F040000000000000000200000006C0000006872D30B9888400A10CB6A04946CE974385B4C0AA488400A641B0F04541B0F0430CB6A04CE86E9746872D30B385B4C0A50CB6A04000000004000420050CB6A0448CB6A040786E97450CB6A0444CB6A044000000000000000CCCB6A047E0E0000E42CF70070CB6A048DC5E976E494FC5EEC0B00001027000007000000B6500200A4CB6A0452C5E976B6500200E42CF700C4CB6A04F883850244CC6A0400000000A0010000740300003A0000001D0000000A000000CCCB6A0441AE0475E0070000C4CB6A04E0070600080004001D003A0074033A00400A786A3EC1D101F4CB6A04F7708E75E0CB6A0444CC6A0402718E75E0070600030008000100000084060000CBBDC7017B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E006500780065000000D4E87E02966A0475B4ED7E02A0EE7E02000000000CE97E02273BE976020000000000000020C2FE033800000060ED7E023FF73E752881550A20C2FE0351F73E751F9C655720C2FE03E0924475000000007E000000A0EE7E0294ED7E02A17B04750E7D0475F0959A57A0EE7E0210000000040101004E005000A0EE7E02B4ED7E020000000000000000000000000000080270EB7E020000080268E97E02350100C00000000000001F0090935A0120EA7E0208005A00B721F70060625A01686D5A0163050000D8E97E0209005201B721F70000000000B069200A20681F00B0E97E0238000000000000000000000040AD200A10651F003C661F00B0D7C40B106B1F00000000005CE97E02FFFFFFFFB4EE7E024DD7E576E4F11800FEFFFFFFAE22E9764921E976380000009876000400000000080000002E006C0011000000D0D72000C8D720002B002E006C006E006B000000BC098F7488EA00003499655738EA7E022F968B7588EA7E023CEA7E02D3998B75000000008488850264EA7E0279998B758488850210EB7E02F88385028D998B7500000000F883850210EB7E026CEA7E025600000042040000508363024300680072006F006D00650000004200530041005C004200530041002E004500580045000000786A3EC1D101F4CB6A04F7708E75E0CB6A0444CC6A0402718E75E007060003000800000000000D0200007D0812017B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006E006F00740065007000610064002E00650078006500000000000000000000000000FEFFFFFF18615A0160605A01001000005CE97E024CC6E97660605A0100000000686D5A0160625A0170E97E02E0CBE9766305000060625A01AE22E976C40A8F7438000000C4011F0000001F0090935A0120EA7E0208005A00B721F70060625A01686D5A0163050000D8E97E0209005201B721F70000000000B069200A20681F00B0E97E0238000000000000000000000040AD200A10651F003C661F00B0D7C40B106B1F00000000005CE97E02FFFFFFFFB4EE7E024DD7E576E4F11800FEFFFFFFAE22E9764921E976380000009876000400000000080000002E006C0011000000D0D72000C8D720002B002E006C006E006B000000BC098F7488EA00003499655738EA7E022F968B7588EA7E023CEA7E02D3998B75000000008488850264EA7E0279998B758488850210EB7E02F88385028D998B7500000000F883850210EB7E026CEA7E02" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
old value "HRZR_PGYFRFFVBA=00000000210200002D1B0000B2605808660000002C0100009F914E007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C004E004F00540045005000410044002E0045005800450000006A040000000058948B7513000000B03152D6F1B25748A4CEA8E7C6EA7D2743003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C004E004F00540045005000410044002E0045005800450000004000440050CB6A040000000140CC6A04000000000000000000000000030000002000000040000000020000000305E67628289B72641B0F04541B0F040000000000000000200000006C0000006872D30B9888400A10CB6A04946CE974385B4C0AA488400A641B0F04541B0F0430CB6A04CE86E9746872D30B385B4C0A50CB6A04000000004000420050CB6A0448CB6A040786E97450CB6A0444CB6A044000000000000000CCCB6A047E0E0000E42CF70070CB6A048DC5E976E494FC5EEC0B00001027000007000000B6500200A4CB6A0452C5E976B6500200E42CF700C4CB6A04F883850244CC6A0400000000A0010000740300003A0000001D0000000A000000CCCB6A0441AE0475E0070000C4CB6A04E0070600080004001D003A0074033A00400A786A3EC1D101F4CB6A04F7708E75E0CB6A0444CC6A0402718E75E0070600030008000100000084060000CBBDC7017B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E006500780065000000D4E87E02966A0475B4ED7E02A0EE7E02000000000CE97E02273BE976020000000000000020C2FE033800000060ED7E023FF73E752881550A20C2FE0351F73E751F9C655720C2FE03E0924475000000007E000000A0EE7E0294ED7E02A17B04750E7D0475F0959A57A0EE7E0210000000040101004E005000A0EE7E02B4ED7E020000000000000000000000000000080270EB7E020000080268E97E02350100C00000000000001F0090935A0120EA7E0208005A00B721F70060625A01686D5A0163050000D8E97E0209005201B721F70000000000B069200A20681F00B0E97E0238000000000000000000000040AD200A10651F003C661F00B0D7C40B106B1F00000000005CE97E02FFFFFFFFB4EE7E024DD7E576E4F11800FEFFFFFFAE22E9764921E976380000009876000400000000080000002E006C0011000000D0D72000C8D720002B002E006C006E006B000000BC098F7488EA00003499655738EA7E022F968B7588EA7E023CEA7E02D3998B75000000008488850264EA7E0279998B758488850210EB7E02F88385028D998B7500000000F883850210EB7E026CEA7E025600000042040000508363024300680072006F006D00650000004200530041005C004200530041002E004500580045000000786A3EC1D101F4CB6A04F7708E75E0CB6A0444CC6A0402718E75E007060003000800000000000D0200007D0812017B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006E006F00740065007000610064002E00650078006500000000000000000000000000FEFFFFFF18615A0160605A01001000005CE97E024CC6E97660605A0100000000686D5A0160625A0170E97E02E0CBE9766305000060625A01AE22E976C40A8F7438000000C4011F0000001F0090935A0120EA7E0208005A00B721F70060625A01686D5A0163050000D8E97E0209005201B721F70000000000B069200A20681F00B0E97E0238000000000000000000000040AD200A10651F003C661F00B0D7C40B106B1F00000000005CE97E02FFFFFFFFB4EE7E024DD7E576E4F11800FEFFFFFFAE22E9764921E976380000009876000400000000080000002E006C0011000000D0D72000C8D720002B002E006C006E006B000000BC098F7488EA00003499655738EA7E022F968B7588EA7E023CEA7E02D3998B75000000008488850264EA7E0279998B758488850210EB7E02F88385028D998B7500000000F883850210EB7E026CEA7E02"
* Modifies value "StoreLocation=C:\Users\cognus\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_explorer.exe_6192269a6283a15e6da7bbf46defb46f343a8b_cab_0d6bf305" in key HKEY_CURRENT_USER\software\Microsoft\Windows\Windows Error Reporting\Debug
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C00410070007000430072006100730068005F006500780070006C006F007200650072002E006500780065005F00360031003900320032003600390061003600320038003300610031003500650036006400610037006200620066003400360064006500660062003400360066003300340033006100380062005F006300610062005F00300064003600620066003300300035000000
old value "StoreLocation=C:\Users\cognus\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Revouninstaller._6a943e15864e38bbaaead9cbb69c28caa679c_cab_044a28a8"
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C004E006F006E0043007200690074006900630061006C005F005200650076006F0075006E0069006E007300740061006C006C00650072002E005F0036006100390034003300650031003500380036003400650033003800620062006100610065006100640039006300620062003600390063003200380063006100610036003700390063005F006300610062005F00300034003400610032003800610038000000
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Modifies value "NodeSlots=0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
old value "NodeSlots=02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202"
* Modifies value "MRUListEx=02000000160000001E0000000E0000000800000009000000050000001A000000060000000C000000170000001D000000100000000A0000000F0000001B000000110000000D0000001500000018000000130000000000000014000000010000001C0000000700000019000000120000000B0000000400000003000000FFFFFFFF" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
old value "MRUListEx=16000000020000001E0000000E0000000800000009000000050000001A000000060000000C000000170000001D000000100000000A0000000F0000001B000000110000000D0000001500000018000000130000000000000014000000010000001C0000000700000019000000120000000B0000000400000003000000FFFFFFFF"
* Creates value "7=L1e-S8*Ken-US" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0
binary data=4C00310000000000EE3A19271000656E2D555300380008000400EFBEEE3A1927EE3A19272A0000004B05000000000100000000000000000000000000000065006E002D0055005300000014000000
* Modifies value "MRUListEx=0700000006000000010000000500000004000000030000000200000000000000FFFFFFFF" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0
old value "MRUListEx=06000000010000000500000004000000030000000200000000000000FFFFFFFF"
* Creates value "NodeSlot=0000038F" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\7
* Creates value "MRUListEx=FFFFFFFF" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\7
* Creates value "KnownFolderDerivedFolderType={57807898-8C4F-4462-BB63-71042380B109}" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\911\Shell
binary data=7B00350037003800300037003800390038002D0038004300340046002D0034003400360032002D0042004200360033002D003700310030003400320033003800300042003100300039007D000000
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "explorer.exe=Windows Explorer" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows
binary data=570069006E0064006F007700730020004500780070006C006F007200650072000000
* Creates value "regedit.exe=Registry Editor" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows
binary data=52006500670069007300740072007900200045006400690074006F0072000000

Changes to filesystem:

* Modifies file C:\Windows\SYSTEM.INI
* Creates file C:\Users\cognus\AppData\Local\CrashDumps\explorer.exe.4028.dmp
* Modifies file C:\Users\cognus\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
* Modifies file C:\Users\cognus\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
* Modifies file C:\Users\cognus\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
* Modifies file C:\Users\cognus\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
* Creates file C:\Users\cognus\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_explorer.exe_6192269a6283a15e6da7bbf46defb46f343a8b_cab_0d6bf305\Report.wer
* Creates file C:\Users\cognus\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_explorer.exe_6192269a6283a15e6da7bbf46defb46f343a8b_cab_0d6bf305\WERDA48.tmp.appcompat.txt
* Creates file C:\Users\cognus\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_explorer.exe_6192269a6283a15e6da7bbf46defb46f343a8b_cab_0d6bf305\WERDB71.tmp.WERInternalMetadata.xml
* Creates file C:\Users\cognus\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_explorer.exe_6192269a6283a15e6da7bbf46defb46f343a8b_cab_0d6bf305\WERDBD0.tmp.hdmp
* Creates file C:\Users\cognus\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_explorer.exe_6192269a6283a15e6da7bbf46defb46f343a8b_cab_0d6bf305\WERE8CC.tmp.mdmp
* Creates file C:\Users\cognus\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_explorer.exe_e2fdc73b975271e3a63fa55d18c274da334eb742_cab_0da9dd44\Report.wer
* Creates file C:\Users\cognus\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_explorer.exe_e2fdc73b975271e3a63fa55d18c274da334eb742_cab_0da9dd44\WERCCE0.tmp.mdmp

Network services:

* Queries DNS "clients2.google.com".
* Queries DNS "wpad.localdomain".
* Queries DNS "redirector.gvt1.com".
* Queries DNS "r3---sn-ci5gup-cvhs.gvt1.com".

Process/window/string information:

* Keylogger functionality.
* Gets user name information.
* Gets system default language ID.
* Gets input locale identifiers.
* Gets volume information.
* Gets computer name.
* Checks for debuggers.
* Creates process "null, "C:\Windows\explorer.exe" "C:", null".
* Injects code into process "C:\Windows\explorer.exe".
* Enumerates running processes.
* Opens a service named "Csc".
* Opens a service named "CscService".
* Creates a mutex "Local\Shell.CMruPidlList".
* Creates a mutex "Global\C::Users:cognus:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex".
* Creates an event named "Global\C::Users:cognus:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent".
* Creates a mutex "Global\C::Users:cognus:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer".
* Creates a mutex "Global\C::Users:cognus:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer".
* Creates a mutex "Global\C::Users:cognus:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer".
* Creates a mutex "Global\C::Users:cognus:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer".
* Creates a mutex "Global\C::Users:cognus:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer".
* Creates a mutex "Global\C::Users:cognus:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit".
* Creates a mutex "Global\C::Users:cognus:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs".
* Creates a mutex "Local\HGFSMUTEX".
* Creates an event named "Global\OtherUsersNotifySource_{F4C92555-5FEB-44B7-8996-39E1E280C41C}".
* Opens a service named "HomeGroupProvider".
* Opens a service named "AudioSrv".
* Creates a mutex "Local\MidiMapper_modLongMessage_RefCnt".
* Opens a service named "MMCSS".
* Starts a service.
* Creates a mutex "Global\854c76cd-2d32-11e6-9e0f-000c29ba35ca".
* Creates process "C:\Windows\system32\wermgr.exe, "C:\Windows\system32\wermgr.exe" "-outproc" "4028" "1972" , null".
* Injects code into process "C:\Windows\System32\wermgr.exe".
* Enables privilege SeShutdownPrivilege.
* Creates process "C:\Windows\regedit.exe, "C:\Windows\regedit.exe" , C:\Windows".
* Injects code into process "C:\Windows\regedit.exe".
* Creates a mutex "_SHuassist.mtx".
* Creates a mutex "{C20CD437-BA6D-4ebb-B190-70B43DE3B0F3}".
* Creates a mutex "Local\WERReportingForProcess4028".
* Enables privilege SeDebugPrivilege.
* Creates a mutex "Global\d49d467d-2d32-11e6-9e0f-000c29ba35ca".
* Enables process privileges.
* Sleeps 9831 seconds.

Additional Information:

How To Remove virussign.com_9d9d778dcf1416d8ee859302d3933c60.vir

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where virussign.com_9d9d778dcf1416d8ee859302d3933c60.vir located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top