Trojan.Win32.Swrort.3_ad6e8740cc

by malwarelabrobot on April 18th, 2016 in Malware Descriptions.

Susp_Dropper (Kaspersky), Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: ad6e8740cca5c406a172dceeb1381890
SHA1: 125c1560459a3434788650f4b1d1d2c70f110201
SHA256: 41b8e8901987a7a6b64d874163c770be037d9c32fd3cb0e01e50fa1848b18a84
SSDeep: 196608:e3hjq7IjvcUTFEvmaYsxvD8vfPf0vT5FNrXz44ajEUQHVAcExka3yE:eVfjJFkLxvD8wXXsBaVA9fyE
Size: 10234872 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: ????????????
Created at: 2016-03-24 11:04:32
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:1832
regsvr32.exe:1472
regsvr32.exe:188
regsvr32.exe:1628
regsvr32.exe:816
rundll32.exe:244
rundll32.exe:1748
rundll32.exe:316
rundll32.exe:1584
rundll32.exe:552
AptShadow.exe:1340

The Trojan injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:

RasPbFile
1009
funshion_install_global_instance_event_name
WininetProxyRegistryMutex
WininetConnectionMutex
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
c:!documents and settings!adm!cookies!
_!MSFTHISTORY!_
ShimCacheMutex
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
ZonesLockedCacheCounterMutex
ZonesCacheCounterMutex
ZonesCounterMutex

File activity

The process %original file name%.exe:1832 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_game.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBarMiniVolume.png (648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionWeb.exe (6413 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\扑克王.jpg (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPause.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunWorks64.dll (3715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MobileTaskNum.png (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSliderBar.png (122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniMinView.png (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptShadow.exe (1832 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskListLastPlayStatIcons.png (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpErrorUI.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mttransferbtn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\BkTransferProgressForeground.png (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_close.png (444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\QRCodeBk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\中国梦之声 第二季.jpg (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_normal.png (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnSimple.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskDownLoad.png (766 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CheckBox.png (583 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ListScrollBarVerWidgetMid.png (427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DownloadJsonClose.png (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Expand.png (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\logo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MenuUpdateQQ.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\分手大师.jpg (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpQuestion.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\back_play.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskBarMobileIcon.png (698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\pncrt.dll (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VolumeNoMute.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ClearDisk.png (771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerBkgnd.png (133 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunNail.dll (6401 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mobileClose.png (884 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPreMini.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\WndCloseBtn.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TrayWndclose.png (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\icon\MP4.ico (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtcompeltebtn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\001_幻影车神:魔盗激情.fsv (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBK.png (93 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\经典电影\001_终结者.fsv (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\002_为奴十二年.fsv (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\tools.7z (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconngray.png (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ShowPlayInfoBtn.png (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Search.png (451 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\008_倒霉熊.fsv (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_close.png (429 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\new.png (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\09UPKJAB\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_qq.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_background.png (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\003_暴力街区.fsv (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\refresbtn.png (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (2340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DLNA_PC.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\pos.ini (593 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[2].txt (462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerBkgndOption.png (109 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\minibottombar_bg.png (93 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_min.png (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\images.xml (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnfailtip.png (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\奇葩一家亲.jpg (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\FullScreen.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpPrompt.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bk.png (94 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\005_马向阳下乡记.fsv (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnfail.png (590 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniVolumeMute.png (704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtdelhistory.png (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Normal.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\gma.dll (319 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\为奴十二年.jpg (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\connect.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PutDesktop.png (755 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\zlib1.dll (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_mall.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\007_爷们儿.fsv (486 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WWC1RTEY\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\deletetips.png (751 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\终结者.jpg (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\playtips.png (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\猫和老鼠.jpg (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionService.exe (39950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBar.png (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Scroll.gif (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpError.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnTop.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\探索.jpg (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\暴力街区.jpg (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\AdTimer.png (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl64.dll (274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_menu.png (400 bytes)
%System%\funshion.ini (331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\风行热播\001_分手大师.fsv (519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarBack.png (865 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\港台剧场\001_泡沫之夏.fsv (515 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\Default0.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\icon\RMVB.ico (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\综艺娱乐\001_超级先生.fsv (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar64.dll (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VolumeMute.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\GeneralButtonBk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\close.png (625 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionUpgrade.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\documents.ico (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\马向阳下乡记.jpg (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlMiniBtn.png (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Go.png (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptRegIns.dll (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayBarLength.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ShdaowWndBk.png (430 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\动漫卡通\001_猫和老鼠.fsv (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsLibrary.exe (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\爷们儿.jpg (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPre.png (423 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniVolumeNoMute.png (858 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptRelay.exe (146 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\GameHighlight.png (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarHomePage.png (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayLength.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\Inst.dll (1731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnStopMini.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\drvc.dll (271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\fundata.7z (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerWidgetMid.png (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunKoala.dll (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\select.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\CrashReport.exe (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\swscale-2.dll (1707 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptNail.dll (1787 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4PEF4DAN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunDodge.dll (1613 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\fpvddec.ax (6323 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpYellowQuestion.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avutil-52.dll (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSliderBarLeft.png (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt64.dll (1742 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnVolumeMute.png (733 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpError2.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\BkTransferProgressBkground.png (96 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\logoTray.png (556 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlayList.png (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionGame2.ico (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\009_探索.fsv (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniTopView.png (464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CompletelyPutDesktop.png (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl.dll (270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\谈判冤家.jpg (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_btn_close.png (777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_qqErrorUI.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AHORUPMD\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\006_谈判冤家.fsv (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\泡沫之夏.jpg (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtaddtasktips.png (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\NewLogo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VoiceBtn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\funshionplugin2.dll (20507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnred.png (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\StartPage.jpg (1613 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\atrc.dll (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\玻璃鞋.jpg (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlaySound.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar.dll (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ExitFullScreen.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniStandard.png (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DelListDescend.png (170 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBarMini.png (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avcodec-55.dll (20507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\内地剧场\001_奇葩一家亲.fsv (484 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\funshiontmp\setup.ini (282 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mttasktips.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayList.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAVC.ax (276 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_max.png (311 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IncCientNum.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlSetBtn.png (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Funshion.exe (39950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionBtnDownArrow.png (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBar.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnVolume.png (905 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlay.png (865 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_player.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskMobileIcon.png (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\最新电影\001_海神密码.fsv (537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniFullView.png (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayBufferLength.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\LeftBottomPrompt.png (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\SeedIcon.ico (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtheartsmall.png (445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Playerdlna.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\InstallBubble.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskDelete.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlIcon.png (589 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\超级先生.jpg (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\npFunshion.dll (1664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt.dll (1868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Funshop4.ico (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniRangeSound.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\scrollbar_dlna.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\tsk.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\update.ico (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNonTop.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskPaused.png (435 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSpliderThumb.png (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ClearFile.png (518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNextMini.png (445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunSeed.dll (305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\gma.dll (1776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Uninstall.exe (3912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAAC.ax (3684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPauseMini.png (351 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CleanFileBtn.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\海外剧场\001_玻璃鞋.fsv (459 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtheartbig.png (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniClose.png (383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\RadioBox.png (825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnStop.png (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_button.png (457 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnErCode.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mobilePopClose.png (747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlayMini.png (670 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CrashReport.exe (3885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskListStatIcons.png (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnectbtn.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\AddMore.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunKoala64.dll (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\SetupFiles.7z (53851 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\010_中国梦之声 第二季.fsv (647 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\LogoMini.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\ssdodge.daw (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunWorks.dll (1795 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlCloseBtn.png (612 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\海神密码.jpg (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\winusb.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarRefresh.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\幻影车神:魔盗激情.jpg (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CallbackBubble.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DelListAscend.png (169 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_library.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunSeed64.dll (1626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\uninst.exe (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\funshion.ini (993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\connectMobile.png (2 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[1].txt (450 bytes)
%Documents and Settings%\%current user%\funshion.ini (2073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtpcmobile.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\downtomobiletips.png (908 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\cook.dll (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_projection.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlCloseBtnAbnormal.png (918 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\desktop.ico (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\004_扑克王.fsv (481 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_help.png (988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\Default1.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNext.png (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniNonTopView.png (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\Turkey.dll (1747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\SimpleIE.dll (146 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\倒霉熊.jpg (13 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@funshion[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[2].txt (0 bytes)

The process rundll32.exe:244 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\FunUninst\uninstconfig.ini (122 bytes)

The process rundll32.exe:1748 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe (1281 bytes)
%Documents and Settings%\%current user%\Application Data\FunUninst\uninstconfig.ini (76 bytes)

The process rundll32.exe:552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\FunAcce\Uninstall_new.daw (308 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\CD9C747F40EEA288D73938D33144F716 (140 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B (176 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcceil_new.daw (324 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala64_new.daw (308 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\31294006CE0E30E9018936BD13494DF8 (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B (500 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\31294006CE0E30E9018936BD13494DF8 (172 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunBSS_new.dll (32816 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\config.ini (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (49 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Glede_new.dll (31584 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Turkey_new.daw (1 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Condor_new.daw (596 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\CD9C747F40EEA288D73938D33144F716 (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (2712 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunNest_new.daw (1 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcceil_new.dll (25080 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunBSS64_new.daw (2 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Firemanii_new.daw (308 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunNest64_new.daw (1 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Uninstall_new.exe (15904 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala_new.dll (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (49 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Glede_new.daw (12 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Condor_new.dll (16664 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcce_new.daw (308 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Cuckoo_new.dll (33720 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunNest_new.dll (28320 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Cuckoo_new.daw (308 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcce_new.dll (24248 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala_new.daw (308 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Firemanii_new.dll (31256 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala64_new.dll (13784 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunBSS_new.daw (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (2712 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (0 bytes)

The process AptShadow.exe:1340 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Adair\gma.dll (12769 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\fundata.7z (7726 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Inst.dll (17857 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunWorks64.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunNail.dll (7345 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\uninst.exe (10601 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Fireman.dll (13584 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunDodge.dll (14129 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunKoala.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunSeed64.dll (2105 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\sFunWorks.daw (172 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\ssdodge.daw (2 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptNail.dll (20017 bytes)
%Documents and Settings%\%current user%\Application Data\FunUninst\bugrecord.daw (252 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunKoala64.dll (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunWorks.dll (20921 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[1].txt (156 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Turkey.dll (19361 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptShadow.exe (3361 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\SeedIcon.ico (815 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (388 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\foamii.zip (98142 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptRegIns.dll (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunSeed.dll (16593 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptRelay.exe (673 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Adair\foamii.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptNail.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\gma.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunWorks.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Turkey.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunDodge.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\SeedIcon.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\ssdodge.daw (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Inst.dll (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[2].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunSeed.dll (0 bytes)

Registry activity

The process %original file name%.exe:1832 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 CC CB A7 5F 7F 97 D3 E7 89 36 43 B5 B0 DF A8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process regsvr32.exe:1472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 5F 93 7C 21 E1 82 E1 60 5B 7C 5F 31 F5 CE AB"

[HKCR\CLSID\{6103A727-4004-4374-8A34-D91BC40B3EF6}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\Adair\Alvin.dll"
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{6103A727-4004-4374-8A34-D91BC40B3EF6}]
"(Default)" = "Horizon Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Alvin]
"(Default)" = "{6103A727-4004-4374-8A34-D91BC40B3EF6}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{6103A727-4004-4374-8A34-D91BC40B3EF6}" = "FunSeed extension"

The process regsvr32.exe:188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}]
"(Default)" = "Audio Renderer Property Page"

[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "29"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FriendlyName" = "Video Renderer"

[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "QuickTime Movie Parser"

[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IMediaSeeking"

[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}]
"(Default)" = "IAMAudioRendererStats"

[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorCallbackTemp"

[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "8"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Video Decoder"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMPhysicalPinInfo"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"(Default)" = "Line 21 Decoder 2"

[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeReader"

[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}]
"(Default)" = "IAMOpenProgress"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"0" = "0,4,,3C53414d"

[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "IDVSplitter"

[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FriendlyName" = "Video Renderer"

[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Wave Parser"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FriendlyName" = "AVI Draw"

[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterGraph"

[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"(Default)" = "Video Renderer"

[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}]
"(Default)" = "IEncoderAPI"

[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}]
"(Default)" = "Full Screen Renderer Property Page"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"1" = "0, 10, FFFFFFFF000000000000, 494433030080808080"
"0" = "0, 2, FFE0, FFE0"

[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdInfo2"

[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A2-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoCompression"

[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"(Default)" = "Color Space Converter"

[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}]
"(Default)" = "IAMGraphStreams"

[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI/WAV File Source"

[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "7"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,57415645"

[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMBufferNegotiation"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FriendlyName" = "Internal Script Command Renderer"

[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMCopyCaptureFileProgress"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI Decompressor"

[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "26"

[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMDroppedFrames"

[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"CLSID" = "{D3588AB0-0781-11CE-B03A-0020AF0BA770}"

[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemInputPin"

[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 F2 3E 78 9D 13 C5 11 13 4B EF 06 04 75 D8 A2"

[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FilterData" = "02 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00"

[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"(Default)" = "VGA 16 color ditherer"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}]
"(Default)" = "IAMStreamSelect"

[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"

[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterMapper"

[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "18"

[HKCR\file]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "21"

[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"(Default)" = "AVI Splitter"

[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}]
"(Default)" = "Audio Renderer"

[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"CLSID" = "{70E102B0-5556-11CE-97C0-00AA0055595A}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A1-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}]
"(Default)" = "VMR ImageSync"

[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoEncoder"

[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\https]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryAllocator"

[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "System Clock"

[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{4A2286E0-7BEF-11CE-9BD9-0000E202599C}"

[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "8"

[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemAllocator"

[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"CLSID" = "{1643E180-90F5-11CE-97D5-00AA0055595A}"

[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"(Default)" = "Default Video Renderer"

[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}]
"(Default)" = "Performance Property Page"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A3-7548-11CF-A520-0080C77EF58A}"

[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}]
"(Default)" = "IDVEnc"

[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"CLSID" = "{6A08CF80-0E18-11CF-A24D-0020AFD79767}"

[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "File stream renderer"

[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "PSFactoryBuffer"

[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMStreamConfig"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"0" = "0,4,,3b4d554c"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"CLSID" = "{1B544C20-FD0B-11CE-8C63-00AA0044B51E}"

[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"CLSID" = "{301056D0-6DFF-11D2-9EEB-006008039E37}"

[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}]
"(Default)" = "IVideoFrameStep"

[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IFilterGraph2"

[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "31"

[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoDecoder"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeGenerator"

[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "42"

[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"CLSID" = "{336475D0-942A-11CE-A870-00AA002FEAB5}"

[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdControl2"

[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FriendlyName" = "QT Decompressor"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}]
"(Default)" = "IAMPushSource"

[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI Decompressor"

[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumRegFilters"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"1" = "4, 4, , 6d6f6f76"
"0" = "4, 4, , 6d646174"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FriendlyName" = "Line 21 Decoder 2"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"CLSID" = "{A888DF60-1E90-11CF-AC98-00AA004C0FA9}"

[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IBaseFilter"

[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]
"(Default)" = "DirectSound Audio Renderer"

[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "12"

[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (URL)"

[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"(Default)" = "Video Mixing Renderer 9"

[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}]
"(Default)" = "Video Mixing Renderer"

[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoControl"

[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}]
"(Default)" = "VMR Allocator Presenter"

[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}]
"(Default)" = "Seeking"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FriendlyName" = "Video Mixing Renderer 9"

[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Media Type\Extensions\.mp3]
"Media Type" = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\NumMethods]
"(Default)" = "5"

[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}]
"(Default)" = "IDVRGB219"

[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"(Default)" = "Video Port Manager"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "MIDI Parser"

[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}]
"(Default)" = "IConfigInterleaving"

[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A5-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\Extensions\.mp3]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FriendlyName" = "VGA 16 Color Ditherer"

[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IReferenceClock"

[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}]
"(Default)" = "Filter Mapper2"

[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}]
"(Default)" = "IFileSinkFilter"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 68 03 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FriendlyName" = "SAMI (CC) Parser"

[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"(Default)" = "QT Decompressor"

[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Video Decoder Property Page"

[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTunerNotification"

[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}]
"(Default)" = "ICreateDevEnum"

[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryControl"

[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph no thread"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Audio Decoder"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"CLSID" = "{51B4ABF3-748F-4E3B-A276-C828330E926A}"

[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\NumMethods]
"(Default)" = "5"

[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 16, FFFFFFFFF100010001800001FFFFFFFF, 000001BA2100010001800001000001BB"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"CLSID" = "{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}"

[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoProcAmp"

[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"CLSID" = "{07167665-5011-11CF-BF33-00AA0055595A}"

[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\NumMethods]
"(Default)" = "12"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\NumMethods]
"(Default)" = "5"

[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}]
"(Default)" = "IDvdCmd"

[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Audio Decoder Property Page"

[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IReferenceClock2"

[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}]
"(Default)" = "ICaptureGraphBuilder2"

[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper2"

[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "8"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FriendlyName" = "ACM Wrapper"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FriendlyName" = "MJPEG Decompressor"

[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTuner"

[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Mapper"

[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IAMStreamControl"

[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IDistributorNotify"

[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A0-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Audio Codec"

[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"(Default)" = "ACM Wrapper"

[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}]
"(Default)" = "VMR Mixer"

[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}]
"(Default)" = "IMediaPropertyBag"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphBuilder"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"CLSID" = "{48025243-2D39-11CE-875D-00608CB78066}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FriendlyName" = "Full Screen Renderer"

[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMAudioInputMixer"

[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}]
"(Default)" = "IVideoEncoder"

[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FriendlyName" = "MJPEG Compressor"

[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeDisplay"

[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumPins"

[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"(Default)" = "MPEG-I Stream Splitter"

[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}]
"(Default)" = "MIDI Renderer"

[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}]
"(Default)" = "ICaptureGraphBuilder"

[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}]
"(Default)" = "IAMDeviceRemoval"

[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FriendlyName" = "AVI Splitter"

[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}]
"(Default)" = "IAMLatency"

[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}]
"(Default)" = "Internal Text Renderer"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"CLSID" = "{E4206432-01A1-4BEE-B3E1-3702C8EDC574}"

[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\NumMethods]
"(Default)" = "18"

[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}]
"(Default)" = "DirectDraw Property Page"

[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}]
"(Default)" = "VMR Allocator Presenter DDXcl Mode"

[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}]
"(Default)" = "IConfigAviMux"

[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"CLSID" = "{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}"

[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "9"

[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IPin"

[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumFilters"

[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}]
"(Default)" = "XML Graphbuilder"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,2e736e64"

[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}]
"(Default)" = "IDvdState"

[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "14"

[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "43"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"CLSID" = "{CF49D4E0-1115-11CE-B03A-0020AF0BA770}"

[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"

[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "4"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FilterData" = "02 00 00 00 64 00 60 00 0A 00 00 00 00 00 00 00"

[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Video Codec"

[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}]
"(Default)" = "IEnumMediaTypes"

[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IAsyncReader"

[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}]
"(Default)" = "IPersistMediaPropertyBag"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "MIDI Parser"

[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdInfo"

[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorNotifyCallbackTemp"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Compressor"

[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI/WAV File Source"

[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "9"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FriendlyName" = "Color Space Converter"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 52494646, 8, 8, , 43445841666D7420, 36, 20, FFFFFFFF00000000FFFFFFFFFFFFFFFFFFFFFFFF, 646174610000000000FFFFFFFFFFFFFFFFFFFF00"

[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "20"

[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"0" = "0, 5, FFFFFFFFC0 ,000001BA40"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FilterData" = "02 00 00 00 02 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}]
"(Default)" = "IFileSinkFilter2"

[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"(Default)" = "AVI Draw Filter"

[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdControl"

[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"CLSID" = "{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}"

[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaEventSink"

[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"(Default)" = "SAMI (CC) Reader"

[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Multi-file Parser"

[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCrossbar"

[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}]
"(Default)" = "Memory Allocator"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FriendlyName" = "Video Port Manager"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"CLSID" = "{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}"

[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaFilter"

[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 00 40 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{FEB50740-7BEF-11CE-9BD9-0000E202599C}"

[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}]
"(Default)" = "VMR Allocator Presenter 9"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 000001B3"

[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "38"

[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}]
"(Default)" = "Audio Renderer Advanced Properties"

[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}]
"(Default)" = "ICodecAPI"

[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCameraControl"

[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"

[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "19"

[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Wave Parser"

[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceManager"

[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"CLSID" = "{B80AB0A0-7416-11D2-9EEB-006008039E37}"

[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}]
"(Default)" = "IAMClockSlave"

[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}]
"(Default)" = "Quality Management Property Page"

[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}]
"(Default)" = "VMR Mixer 9"

[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}]
"(Default)" = "IIPDVDec"

[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "QuickTime Movie Parser"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"

[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "ISeekingPassThru"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,464f524d,8,4,,41494646"
"1" = "0,4,,464f524d,8,4,,41494643"

[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTVTuner"

[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,41564920"

[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMExtTransport"

[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\HTTP]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "File stream renderer"

[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "15"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"

[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}]
"(Default)" = "IAMExtDevice"

[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"

[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphVersion"

[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}]
"(Default)" = "VMR ImageSync 9"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FilterData" = "02 00 00 00 01 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "8"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper3"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"

[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}]
"(Default)" = "Full Screen Renderer"

[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IQualityControl"

[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "8"

[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (Async.)"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Decompressor"

[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FriendlyName" = "MPEG-I Stream Splitter"

[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (URL)"

[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}]
"(Default)" = "IAMovieSetup"

[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFileSourceFilter"

[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceConsumer"

[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"CLSID" = "{33FACFE0-A9BE-11D0-A520-00A0D10129C0}"

[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}]
"(Default)" = "IKsPropertySet"

[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}]
"(Default)" = "CMediaPropertyBag"

[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "IPersistMoniker Plug In Distributor"

[HKCR\gopher]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Multi-file Parser"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}]
"(Default)" = "IAMOverlayFX"

[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "4"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"1" = "0,4,,4D546864"
"0" = "0,4,,52494646,8,4,,524D4944"

[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\ftp]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (Async.)"

[HKCR\Media Type\Extensions\.mp3]
"SubType" = "{E436EB87-524F-11CE-9F53-0020AF0BA770}"

The Trojan deletes the following registry key(s):

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]

The process regsvr32.exe:1628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}]
"(Default)" = "Audio Renderer Property Page"

[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "29"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FriendlyName" = "Video Renderer"

[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "QuickTime Movie Parser"

[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IMediaSeeking"

[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}]
"(Default)" = "IAMAudioRendererStats"

[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorCallbackTemp"

[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "8"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Video Decoder"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMPhysicalPinInfo"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"(Default)" = "Line 21 Decoder 2"

[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeReader"

[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}]
"(Default)" = "IAMOpenProgress"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"0" = "0,4,,3C53414d"

[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "IDVSplitter"

[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FriendlyName" = "Video Renderer"

[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Wave Parser"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FriendlyName" = "AVI Draw"

[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterGraph"

[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"(Default)" = "Video Renderer"

[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}]
"(Default)" = "IEncoderAPI"

[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}]
"(Default)" = "Full Screen Renderer Property Page"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"1" = "0, 10, FFFFFFFF000000000000, 494433030080808080"
"0" = "0, 2, FFE0, FFE0"

[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdInfo2"

[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A2-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoCompression"

[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"(Default)" = "Color Space Converter"

[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}]
"(Default)" = "IAMGraphStreams"

[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI/WAV File Source"

[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "7"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,57415645"

[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMBufferNegotiation"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FriendlyName" = "Internal Script Command Renderer"

[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMCopyCaptureFileProgress"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI Decompressor"

[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "26"

[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMDroppedFrames"

[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"CLSID" = "{D3588AB0-0781-11CE-B03A-0020AF0BA770}"

[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemInputPin"

[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F B0 34 48 E2 EE 3D AD E5 E1 1D EB 9D AB 5D DF"

[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FilterData" = "02 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00"

[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"(Default)" = "VGA 16 color ditherer"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}]
"(Default)" = "IAMStreamSelect"

[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"

[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterMapper"

[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "18"

[HKCR\file]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "21"

[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"(Default)" = "AVI Splitter"

[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}]
"(Default)" = "Audio Renderer"

[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"CLSID" = "{70E102B0-5556-11CE-97C0-00AA0055595A}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A1-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}]
"(Default)" = "VMR ImageSync"

[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoEncoder"

[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\https]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryAllocator"

[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "System Clock"

[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{4A2286E0-7BEF-11CE-9BD9-0000E202599C}"

[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "8"

[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemAllocator"

[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"CLSID" = "{1643E180-90F5-11CE-97D5-00AA0055595A}"

[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"(Default)" = "Default Video Renderer"

[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}]
"(Default)" = "Performance Property Page"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A3-7548-11CF-A520-0080C77EF58A}"

[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}]
"(Default)" = "IDVEnc"

[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"CLSID" = "{6A08CF80-0E18-11CF-A24D-0020AFD79767}"

[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "File stream renderer"

[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "PSFactoryBuffer"

[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMStreamConfig"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"0" = "0,4,,3b4d554c"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"CLSID" = "{1B544C20-FD0B-11CE-8C63-00AA0044B51E}"

[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"CLSID" = "{301056D0-6DFF-11D2-9EEB-006008039E37}"

[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}]
"(Default)" = "IVideoFrameStep"

[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IFilterGraph2"

[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "31"

[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoDecoder"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeGenerator"

[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "42"

[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"CLSID" = "{336475D0-942A-11CE-A870-00AA002FEAB5}"

[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdControl2"

[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FriendlyName" = "QT Decompressor"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}]
"(Default)" = "IAMPushSource"

[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI Decompressor"

[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumRegFilters"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"1" = "4, 4, , 6d6f6f76"
"0" = "4, 4, , 6d646174"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FriendlyName" = "Line 21 Decoder 2"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"CLSID" = "{A888DF60-1E90-11CF-AC98-00AA004C0FA9}"

[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IBaseFilter"

[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]
"(Default)" = "DirectSound Audio Renderer"

[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "12"

[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (URL)"

[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"(Default)" = "Video Mixing Renderer 9"

[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}]
"(Default)" = "Video Mixing Renderer"

[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoControl"

[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}]
"(Default)" = "VMR Allocator Presenter"

[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}]
"(Default)" = "Seeking"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FriendlyName" = "Video Mixing Renderer 9"

[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Media Type\Extensions\.mp3]
"Media Type" = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\NumMethods]
"(Default)" = "5"

[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}]
"(Default)" = "IDVRGB219"

[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"(Default)" = "Video Port Manager"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "MIDI Parser"

[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}]
"(Default)" = "IConfigInterleaving"

[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A5-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\Extensions\.mp3]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FriendlyName" = "VGA 16 Color Ditherer"

[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IReferenceClock"

[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}]
"(Default)" = "Filter Mapper2"

[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}]
"(Default)" = "IFileSinkFilter"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 68 03 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FriendlyName" = "SAMI (CC) Parser"

[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"(Default)" = "QT Decompressor"

[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Video Decoder Property Page"

[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTunerNotification"

[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}]
"(Default)" = "ICreateDevEnum"

[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryControl"

[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph no thread"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Audio Decoder"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"CLSID" = "{51B4ABF3-748F-4E3B-A276-C828330E926A}"

[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\NumMethods]
"(Default)" = "5"

[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 16, FFFFFFFFF100010001800001FFFFFFFF, 000001BA2100010001800001000001BB"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"CLSID" = "{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}"

[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoProcAmp"

[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"CLSID" = "{07167665-5011-11CF-BF33-00AA0055595A}"

[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\NumMethods]
"(Default)" = "12"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\NumMethods]
"(Default)" = "5"

[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}]
"(Default)" = "IDvdCmd"

[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Audio Decoder Property Page"

[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IReferenceClock2"

[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}]
"(Default)" = "ICaptureGraphBuilder2"

[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper2"

[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "8"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FriendlyName" = "ACM Wrapper"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FriendlyName" = "MJPEG Decompressor"

[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTuner"

[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Mapper"

[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IAMStreamControl"

[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IDistributorNotify"

[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A0-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Audio Codec"

[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"(Default)" = "ACM Wrapper"

[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}]
"(Default)" = "VMR Mixer"

[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}]
"(Default)" = "IMediaPropertyBag"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphBuilder"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"CLSID" = "{48025243-2D39-11CE-875D-00608CB78066}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FriendlyName" = "Full Screen Renderer"

[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMAudioInputMixer"

[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}]
"(Default)" = "IVideoEncoder"

[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FriendlyName" = "MJPEG Compressor"

[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeDisplay"

[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumPins"

[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"(Default)" = "MPEG-I Stream Splitter"

[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}]
"(Default)" = "MIDI Renderer"

[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}]
"(Default)" = "ICaptureGraphBuilder"

[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}]
"(Default)" = "IAMDeviceRemoval"

[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FriendlyName" = "AVI Splitter"

[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}]
"(Default)" = "IAMLatency"

[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}]
"(Default)" = "Internal Text Renderer"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"CLSID" = "{E4206432-01A1-4BEE-B3E1-3702C8EDC574}"

[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\NumMethods]
"(Default)" = "18"

[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}]
"(Default)" = "DirectDraw Property Page"

[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}]
"(Default)" = "VMR Allocator Presenter DDXcl Mode"

[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}]
"(Default)" = "IConfigAviMux"

[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"CLSID" = "{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}"

[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "9"

[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IPin"

[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumFilters"

[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}]
"(Default)" = "XML Graphbuilder"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,2e736e64"

[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}]
"(Default)" = "IDvdState"

[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "14"

[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "43"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"CLSID" = "{CF49D4E0-1115-11CE-B03A-0020AF0BA770}"

[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"

[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "4"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FilterData" = "02 00 00 00 64 00 60 00 0A 00 00 00 00 00 00 00"

[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Video Codec"

[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}]
"(Default)" = "IEnumMediaTypes"

[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IAsyncReader"

[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}]
"(Default)" = "IPersistMediaPropertyBag"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "MIDI Parser"

[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdInfo"

[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorNotifyCallbackTemp"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Compressor"

[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI/WAV File Source"

[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "9"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FriendlyName" = "Color Space Converter"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 52494646, 8, 8, , 43445841666D7420, 36, 20, FFFFFFFF00000000FFFFFFFFFFFFFFFFFFFFFFFF, 646174610000000000FFFFFFFFFFFFFFFFFFFF00"

[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "20"

[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"0" = "0, 5, FFFFFFFFC0 ,000001BA40"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FilterData" = "02 00 00 00 02 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}]
"(Default)" = "IFileSinkFilter2"

[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"(Default)" = "AVI Draw Filter"

[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdControl"

[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"CLSID" = "{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}"

[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaEventSink"

[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"(Default)" = "SAMI (CC) Reader"

[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Multi-file Parser"

[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCrossbar"

[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}]
"(Default)" = "Memory Allocator"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FriendlyName" = "Video Port Manager"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"CLSID" = "{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}"

[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaFilter"

[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 00 40 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{FEB50740-7BEF-11CE-9BD9-0000E202599C}"

[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}]
"(Default)" = "VMR Allocator Presenter 9"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 000001B3"

[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "38"

[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}]
"(Default)" = "Audio Renderer Advanced Properties"

[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}]
"(Default)" = "ICodecAPI"

[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCameraControl"

[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"

[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "19"

[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Wave Parser"

[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceManager"

[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"CLSID" = "{B80AB0A0-7416-11D2-9EEB-006008039E37}"

[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}]
"(Default)" = "IAMClockSlave"

[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}]
"(Default)" = "Quality Management Property Page"

[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}]
"(Default)" = "VMR Mixer 9"

[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}]
"(Default)" = "IIPDVDec"

[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "QuickTime Movie Parser"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"

[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "ISeekingPassThru"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,464f524d,8,4,,41494646"
"1" = "0,4,,464f524d,8,4,,41494643"

[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTVTuner"

[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,41564920"

[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMExtTransport"

[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\HTTP]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "File stream renderer"

[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "15"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"

[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}]
"(Default)" = "IAMExtDevice"

[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"

[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphVersion"

[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}]
"(Default)" = "VMR ImageSync 9"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FilterData" = "02 00 00 00 01 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "8"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper3"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"

[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}]
"(Default)" = "Full Screen Renderer"

[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IQualityControl"

[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "8"

[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (Async.)"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Decompressor"

[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FriendlyName" = "MPEG-I Stream Splitter"

[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (URL)"

[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}]
"(Default)" = "IAMovieSetup"

[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFileSourceFilter"

[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceConsumer"

[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"CLSID" = "{33FACFE0-A9BE-11D0-A520-00A0D10129C0}"

[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}]
"(Default)" = "IKsPropertySet"

[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}]
"(Default)" = "CMediaPropertyBag"

[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "IPersistMoniker Plug In Distributor"

[HKCR\gopher]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Multi-file Parser"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}]
"(Default)" = "IAMOverlayFX"

[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "4"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"1" = "0,4,,4D546864"
"0" = "0,4,,52494646,8,4,,524D4944"

[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\ftp]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (Async.)"

[HKCR\Media Type\Extensions\.mp3]
"SubType" = "{E436EB87-524F-11CE-9F53-0020AF0BA770}"

The Trojan deletes the following registry key(s):

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]

The process regsvr32.exe:816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}]
"(Default)" = "Audio Renderer Property Page"

[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "29"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FriendlyName" = "Video Renderer"

[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "QuickTime Movie Parser"

[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IMediaSeeking"

[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}]
"(Default)" = "IAMAudioRendererStats"

[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorCallbackTemp"

[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "8"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Video Decoder"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMPhysicalPinInfo"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"(Default)" = "Line 21 Decoder 2"

[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeReader"

[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}]
"(Default)" = "IAMOpenProgress"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"0" = "0,4,,3C53414d"

[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "IDVSplitter"

[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FriendlyName" = "Video Renderer"

[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Wave Parser"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FriendlyName" = "AVI Draw"

[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterGraph"

[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"(Default)" = "Video Renderer"

[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}]
"(Default)" = "IEncoderAPI"

[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}]
"(Default)" = "Full Screen Renderer Property Page"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"1" = "0, 10, FFFFFFFF000000000000, 494433030080808080"
"0" = "0, 2, FFE0, FFE0"

[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdInfo2"

[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A2-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoCompression"

[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"(Default)" = "Color Space Converter"

[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}]
"(Default)" = "IAMGraphStreams"

[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI/WAV File Source"

[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "7"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,57415645"

[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMBufferNegotiation"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FriendlyName" = "Internal Script Command Renderer"

[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMCopyCaptureFileProgress"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI Decompressor"

[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "26"

[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMDroppedFrames"

[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"CLSID" = "{D3588AB0-0781-11CE-B03A-0020AF0BA770}"

[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemInputPin"

[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 31 80 8D 79 7A 55 64 BC 62 7F 00 20 95 4F 49"

[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FilterData" = "02 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00"

[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"(Default)" = "VGA 16 color ditherer"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}]
"(Default)" = "IAMStreamSelect"

[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"

[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterMapper"

[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "18"

[HKCR\file]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "21"

[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"(Default)" = "AVI Splitter"

[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}]
"(Default)" = "Audio Renderer"

[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"CLSID" = "{70E102B0-5556-11CE-97C0-00AA0055595A}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A1-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}]
"(Default)" = "VMR ImageSync"

[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoEncoder"

[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\https]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryAllocator"

[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "System Clock"

[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{4A2286E0-7BEF-11CE-9BD9-0000E202599C}"

[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "8"

[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemAllocator"

[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"CLSID" = "{1643E180-90F5-11CE-97D5-00AA0055595A}"

[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"(Default)" = "Default Video Renderer"

[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}]
"(Default)" = "Performance Property Page"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A3-7548-11CF-A520-0080C77EF58A}"

[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}]
"(Default)" = "IDVEnc"

[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"CLSID" = "{6A08CF80-0E18-11CF-A24D-0020AFD79767}"

[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "File stream renderer"

[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "PSFactoryBuffer"

[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMStreamConfig"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"0" = "0,4,,3b4d554c"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"CLSID" = "{1B544C20-FD0B-11CE-8C63-00AA0044B51E}"

[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"CLSID" = "{301056D0-6DFF-11D2-9EEB-006008039E37}"

[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}]
"(Default)" = "IVideoFrameStep"

[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IFilterGraph2"

[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "31"

[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoDecoder"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeGenerator"

[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "42"

[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"CLSID" = "{336475D0-942A-11CE-A870-00AA002FEAB5}"

[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdControl2"

[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FriendlyName" = "QT Decompressor"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}]
"(Default)" = "IAMPushSource"

[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI Decompressor"

[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumRegFilters"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"1" = "4, 4, , 6d6f6f76"
"0" = "4, 4, , 6d646174"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FriendlyName" = "Line 21 Decoder 2"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"CLSID" = "{A888DF60-1E90-11CF-AC98-00AA004C0FA9}"

[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IBaseFilter"

[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]
"(Default)" = "DirectSound Audio Renderer"

[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "12"

[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (URL)"

[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"(Default)" = "Video Mixing Renderer 9"

[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}]
"(Default)" = "Video Mixing Renderer"

[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoControl"

[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}]
"(Default)" = "VMR Allocator Presenter"

[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}]
"(Default)" = "Seeking"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FriendlyName" = "Video Mixing Renderer 9"

[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Media Type\Extensions\.mp3]
"Media Type" = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\NumMethods]
"(Default)" = "5"

[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}]
"(Default)" = "IDVRGB219"

[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"(Default)" = "Video Port Manager"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "MIDI Parser"

[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}]
"(Default)" = "IConfigInterleaving"

[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A5-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\Extensions\.mp3]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FriendlyName" = "VGA 16 Color Ditherer"

[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IReferenceClock"

[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}]
"(Default)" = "Filter Mapper2"

[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}]
"(Default)" = "IFileSinkFilter"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 68 03 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FriendlyName" = "SAMI (CC) Parser"

[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"(Default)" = "QT Decompressor"

[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Video Decoder Property Page"

[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTunerNotification"

[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}]
"(Default)" = "ICreateDevEnum"

[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryControl"

[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph no thread"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Audio Decoder"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"CLSID" = "{51B4ABF3-748F-4E3B-A276-C828330E926A}"

[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\NumMethods]
"(Default)" = "5"

[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 16, FFFFFFFFF100010001800001FFFFFFFF, 000001BA2100010001800001000001BB"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"CLSID" = "{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}"

[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoProcAmp"

[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"CLSID" = "{07167665-5011-11CF-BF33-00AA0055595A}"

[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\NumMethods]
"(Default)" = "12"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\NumMethods]
"(Default)" = "5"

[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}]
"(Default)" = "IDvdCmd"

[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Audio Decoder Property Page"

[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IReferenceClock2"

[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}]
"(Default)" = "ICaptureGraphBuilder2"

[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper2"

[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "8"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FriendlyName" = "ACM Wrapper"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FriendlyName" = "MJPEG Decompressor"

[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTuner"

[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Mapper"

[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IAMStreamControl"

[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IDistributorNotify"

[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A0-7548-11CF-A520-0080C77EF58A}"

[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Audio Codec"

[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"(Default)" = "ACM Wrapper"

[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}]
"(Default)" = "VMR Mixer"

[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}]
"(Default)" = "IMediaPropertyBag"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphBuilder"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"CLSID" = "{48025243-2D39-11CE-875D-00608CB78066}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FriendlyName" = "Full Screen Renderer"

[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMAudioInputMixer"

[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}]
"(Default)" = "IVideoEncoder"

[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FriendlyName" = "MJPEG Compressor"

[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeDisplay"

[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumPins"

[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"(Default)" = "MPEG-I Stream Splitter"

[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}]
"(Default)" = "MIDI Renderer"

[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}]
"(Default)" = "ICaptureGraphBuilder"

[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}]
"(Default)" = "IAMDeviceRemoval"

[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FriendlyName" = "AVI Splitter"

[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}]
"(Default)" = "IAMLatency"

[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}]
"(Default)" = "Internal Text Renderer"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"CLSID" = "{E4206432-01A1-4BEE-B3E1-3702C8EDC574}"

[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\NumMethods]
"(Default)" = "18"

[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}]
"(Default)" = "DirectDraw Property Page"

[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}]
"(Default)" = "VMR Allocator Presenter DDXcl Mode"

[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}]
"(Default)" = "IConfigAviMux"

[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"CLSID" = "{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}"

[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "9"

[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IPin"

[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumFilters"

[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}]
"(Default)" = "XML Graphbuilder"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,2e736e64"

[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}]
"(Default)" = "IDvdState"

[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "14"

[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "43"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"CLSID" = "{CF49D4E0-1115-11CE-B03A-0020AF0BA770}"

[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"

[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "4"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FilterData" = "02 00 00 00 64 00 60 00 0A 00 00 00 00 00 00 00"

[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Video Codec"

[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}]
"(Default)" = "IEnumMediaTypes"

[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IAsyncReader"

[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}]
"(Default)" = "IPersistMediaPropertyBag"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "MIDI Parser"

[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdInfo"

[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorNotifyCallbackTemp"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Compressor"

[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI/WAV File Source"

[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "9"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FriendlyName" = "Color Space Converter"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 52494646, 8, 8, , 43445841666D7420, 36, 20, FFFFFFFF00000000FFFFFFFFFFFFFFFFFFFFFFFF, 646174610000000000FFFFFFFFFFFFFFFFFFFF00"

[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "20"

[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"0" = "0, 5, FFFFFFFFC0 ,000001BA40"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FilterData" = "02 00 00 00 02 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}]
"(Default)" = "IFileSinkFilter2"

[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"(Default)" = "AVI Draw Filter"

[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdControl"

[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"CLSID" = "{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}"

[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaEventSink"

[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"(Default)" = "SAMI (CC) Reader"

[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Multi-file Parser"

[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCrossbar"

[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}]
"(Default)" = "Memory Allocator"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FriendlyName" = "Video Port Manager"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"CLSID" = "{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}"

[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaFilter"

[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 00 40 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{FEB50740-7BEF-11CE-9BD9-0000E202599C}"

[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}]
"(Default)" = "VMR Allocator Presenter 9"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 000001B3"

[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "38"

[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}]
"(Default)" = "Audio Renderer Advanced Properties"

[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}]
"(Default)" = "ICodecAPI"

[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"

[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCameraControl"

[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"

[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "19"

[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Wave Parser"

[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceManager"

[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"CLSID" = "{B80AB0A0-7416-11D2-9EEB-006008039E37}"

[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}]
"(Default)" = "IAMClockSlave"

[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}]
"(Default)" = "Quality Management Property Page"

[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}]
"(Default)" = "VMR Mixer 9"

[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}]
"(Default)" = "IIPDVDec"

[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "QuickTime Movie Parser"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"

[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "ISeekingPassThru"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,464f524d,8,4,,41494646"
"1" = "0,4,,464f524d,8,4,,41494643"

[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTVTuner"

[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,41564920"

[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMExtTransport"

[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\HTTP]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "File stream renderer"

[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "15"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"

[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}]
"(Default)" = "IAMExtDevice"

[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"

[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphVersion"

[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\NumMethods]
"(Default)" = "11"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}]
"(Default)" = "VMR ImageSync 9"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FilterData" = "02 00 00 00 01 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\NumMethods]
"(Default)" = "7"

[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "8"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper3"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"

[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}]
"(Default)" = "Full Screen Renderer"

[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IQualityControl"

[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "8"

[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (Async.)"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Decompressor"

[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FriendlyName" = "MPEG-I Stream Splitter"

[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (URL)"

[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}]
"(Default)" = "IAMovieSetup"

[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFileSourceFilter"

[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceConsumer"

[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"CLSID" = "{33FACFE0-A9BE-11D0-A520-00A0D10129C0}"

[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}]
"(Default)" = "IKsPropertySet"

[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}]
"(Default)" = "CMediaPropertyBag"

[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"

[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "IPersistMoniker Plug In Distributor"

[HKCR\gopher]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Multi-file Parser"

[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"

[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}]
"(Default)" = "IAMOverlayFX"

[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "4"

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"1" = "0,4,,4D546864"
"0" = "0,4,,52494646,8,4,,524D4944"

[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"

[HKCR\ftp]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"

[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (Async.)"

[HKCR\Media Type\Extensions\.mp3]
"SubType" = "{E436EB87-524F-11CE-9F53-0020AF0BA770}"

The Trojan deletes the following registry key(s):

[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]

The process rundll32.exe:244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"DisplayName" = "风行视频加速"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"UninstallString" = "%Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 52 35 46 F7 2F CD 94 02 C7 1A FC 51 7F C0 CE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"DisplayIcon" = "%Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process rundll32.exe:1748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"DisplayName" = "风行视频加速"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"UninstallString" = "%Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "24 FA DD 57 0C C4 0C 51 72 C4 B3 66 DD A4 7B D1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"DisplayIcon" = "%Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process rundll32.exe:316 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 F4 B2 46 53 99 E0 F2 79 8E E6 7B 27 28 7A 0B"

The process rundll32.exe:1584 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A C2 F0 5D 38 5E 22 C7 D9 A3 E0 AA FF 69 CD 48"

The process rundll32.exe:552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB]
"Blob" = "19 00 00 00 01 00 00 00 10 00 00 00 2E E0 C8 90"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\SystemSres]
"(Default)" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 8C CA DC 0B"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 57 BD 06 6A BB D8 B8 35 6D 50 E3 4A 23 04 5F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"B94294BF91EA8FB64BE61097C7FB001359B676CB"
"91C6D6EE3E8AC86384E548C299295C756C817B81"

The process AptShadow.exe:1340 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\SystemSres]
"mac" = "DFÒª8«áÆÐ^ªm"
"sioiname" = "Alvin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\SystemSres]
"aptid" = "109"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\SystemSres]
"accedirid" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\SystemSres]
"accedir" = "%Documents and Settings%\All Users\Application Data\FunAcce"

"seedname" = "Alvin"
"Guid" = "312B5EC4-1A2C-43c6-B94F-DDA626E3A741"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\SystemSres]
"(Default)" = "2"
"AppVersion" = "238"
"cid" = "1021001"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D4 7D 35 C3 13 30 D3 57 90 ED A8 0A 36 67 FE A7"

[HKCU\Software\SystemSres]
"aptdir" = "%Documents and Settings%\%current user%\Application Data\Adair"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\SystemSres]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5 File path
3b78f9f538de8f94629b8c7560fc0de7 c:\Documents and Settings\All Users\Application Data\FunAcce\Condor.dll
b91cf5b4272ebae70f42eeec1a2b87ba c:\Documents and Settings\All Users\Application Data\FunAcce\Cuckoo.dll
d72cab1c5d4bb4b6fb6a2abb65730ef1 c:\Documents and Settings\All Users\Application Data\FunAcce\Firemanii.dll
23ee72ede59340aec766884bee2f3975 c:\Documents and Settings\All Users\Application Data\FunAcce\FunAcce.dll
8504b31558378876142d64c4e5110e65 c:\Documents and Settings\All Users\Application Data\FunAcce\FunAcceil.dll
5e60ec89504922efb28acbf05b785c7e c:\Documents and Settings\All Users\Application Data\FunAcce\FunKoala.dll
f6bbd969ac1fde449b8848ad51037042 c:\Documents and Settings\All Users\Application Data\FunAcce\Glede.dll
b53077a3c0545e2367287c27db44fcce c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\Alvin.dll
a360fe7dc003d15eddbc8ff9d0583c6a c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\AptNail.dll
fed2535b35e5d3053cd7be43381fb760 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\AptRegIns.dll
2d10e94899fcd7e450489ab41c987428 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\AptRelay.exe
0599d0cc033dfd260ca84d4473cb2d5d c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\AptShadow.exe
a74c0cb58bf8f336e28a97e7482db0fd c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\Fireman.dll
cabb28abe5dcfb46e03a3d31d4707e1d c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunBSS.dll
251ad4b2b6de2c275b5b7d8eb61f1a39 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunDodge.dll
5e60ec89504922efb28acbf05b785c7e c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunKoala.dll
e911c1b9c3fdbc25510844f43589f9b9 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunKoala64.dll
042ace2a209f537bb9402a563894cf9e c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunNail.dll
88e4efe8e883474a36ad5d86cf7616aa c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunNest.dll
d35d8147c839b097ca52aafd9e090521 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunSeed64.dll
9761e27af2adb52e53d303f6b2a8c00f c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunWorks.dll
10219bbb20b4d6b8a29cea5fd4c847c2 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunWorks64.dll
faa6a0e2c54c289447e2608937036fe1 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\Inst.dll
17702ce6fde175df7b1604f8037eeae0 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\Turkey.dll
bdfef0087277ef071ab3aff6f1b50bb9 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\gma.dll
acbcc54caf60240a72bcaa02715d61a2 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\uninst.exe
acbcc54caf60240a72bcaa02715d61a2 c:\Documents and Settings\"%CurrentUserName%"\Application Data\FunUninst\uninst.exe
a360fe7dc003d15eddbc8ff9d0583c6a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\AptNail.dll
fed2535b35e5d3053cd7be43381fb760 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\AptRegIns.dll
2d10e94899fcd7e450489ab41c987428 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\AptRelay.exe
0599d0cc033dfd260ca84d4473cb2d5d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\AptShadow.exe
d3e01788ac1ba20d21a1553c9c4da9f4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunDodge.dll
5e60ec89504922efb28acbf05b785c7e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunKoala.dll
e911c1b9c3fdbc25510844f43589f9b9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunKoala64.dll
042ace2a209f537bb9402a563894cf9e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunNail.dll
a43578f82fabf00c6e28e70a21e2ce5a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunSeed.dll
d35d8147c839b097ca52aafd9e090521 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunSeed64.dll
75d8f292df140184e77c0df0cd3f2665 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunWorks.dll
10219bbb20b4d6b8a29cea5fd4c847c2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunWorks64.dll
faa6a0e2c54c289447e2608937036fe1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\Inst.dll
17702ce6fde175df7b1604f8037eeae0 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\Turkey.dll
bdfef0087277ef071ab3aff6f1b50bb9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\gma.dll
acbcc54caf60240a72bcaa02715d61a2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\uninst.exe
0560f8cbc1d458643de18b3b8adda50a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl.dll
9f8afa1e7da23ab551098cd9a33f5be7 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl64.dll
7d8492d8c97ee169f2ad9463c7e023e5 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\npFunshion.dll
21e9763b1fcbd36921eef7891cb51f25 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAAC.ax
f1f67cf59740660f92e24c73be43b173 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAVC.ax
c931afaf539eddb133de31fe25ef73d8 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CrashReport.exe
5498100d431300c83694349062db023f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsLibrary.exe
c33f008f3fac895871baa0f278b1faf0 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar.dll
0d2b18096687b18f74010988e0a6b5b7 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar64.dll
f14fa9fa26d5aad0d7eb22024833c8c9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt.dll
86ff7bfa6861cd2a54f4a37c0e4b5f77 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt64.dll
cd2bc634a7239ecf38e9b4796efc06c3 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Funshion.exe
4b98335b3099f3e833450364226fb84b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionService.exe
f0fe16bedbdda07242f12d4b3b9eb924 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionUpgrade.exe
5e661356f6b91542dd2de464720ba25a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionWeb.exe
0c14d0f673d3a6ceff5577d38b8e62a3 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\SimpleIE.dll
1c8e469db2c63bdd2a4d4ce0046f6292 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Uninstall.exe
9041760ae06df9f579910f31c57bf8ab c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\atrc.dll
22737440d1884f12fdd95b4646fe4fbd c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avcodec-55.dll
01442363c5421a57b0703710b6f4db5c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avutil-52.dll
470bbfd3daa0732a9a3b5e600d704893 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\cook.dll
8bd971111ced776d76c1612906f7bbcc c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\drvc.dll
ccf2c4e45e00550ea7ce25cd9793f6ae c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\fpvddec.ax
56e8aeeed46973f4f86881436432f4f4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\funshionplugin2.dll
c42812074fe40fea76d42786ff0ff0ff c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\pncrt.dll
671ff98a682467dc001aa5e9638f9140 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\swscale-2.dll
7b66ae6fc6279896858210b1d7c8b898 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\winusb.dll
27a3971273c3b8b5f2f60537ff4ae1a2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\tools\CrashReport.exe
0f35c14ffe3f0425e77099b618d6ebae c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\tools\gma.dll
0894009b88a805e5412be16338506525 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\tools\zlib1.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: ????????????
Product Name: Funshion
Product Version: 3.0.3.86
Legal Copyright: Copyright (C) 2005-2013 All Rights Reserved.
Legal Trademarks:
Original Filename: FunshionInstal.exe
Internal Name: Install.exe
File Version: 3.0.3.86
File Description: Funshion Installation
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 640270 640512 4.57535 6fdc660073ddffe36e9f8335e431de35
.rdata 647168 151726 152064 3.14527 d297f50ac05c0e1945c273aed7e55d47
.data 802816 50944 30208 3.51513 970eeff33d5e4063d57e941b74b8d3b4
.tls 856064 2 512 0 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 860160 9316636 9316864 5.54474 73920a874c62423d9044b980a453d97f
.reloc 10178560 88246 88576 2.936 949c88bd3e0e5a30005f2b49d136db8f

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://stat.funshion.net/client/tmp?rprotocol=2*_*fck=146084353780820*_*mac=DFC6D05EAA6D*_*guid=04DB7C48-3217-418d-8ED8-A8DB00DAA475*_*userid=*_*fpc=*_*version=3.0.3.86*_*sid=*_*vvid=6482112ef6bcac819aef3bec15548cd6*_*type=aptshadow*_*param=0_0_1340 120.131.127.52
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13888*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF3222528253341306320^252m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=1|-1 120.131.127.52
hxxp://stat.funshion.net/client/cinstall?rprotocol=1*_*mac=DFC6D05EAA6D*_*fck=146084353780820*_*guid=04DB7C48-3217-418d-8ED8-A8DB00DAA475*_*md5=7e6595c1a1e1fba033d52ddcaecf93d7*_*modifyhistory=2.13.1.2*_*os=1*_*over=*_*cver=3.0.3.86*_*cid=*_*cidn=*_*startmode=5*_*imode=normal*_*itype=first*_*cusinstall=*_*preparetime=*_*choosetime=*_*installtime=*_*installresult=*_*repairar=4 120.131.127.52
hxxp://fld.funshion.com/upgrade/is_upgrade?bid=52&app_version=0 114.66.198.9
hxxp://fld.funshion.com/upgrade/upgrade?bid=52 114.66.198.9
hxxp://u955.v.qingcdn.com/airport/files/foam1.zip
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=137.FunDodge*_*actionresult=13701*_*actionobjectver=635e31524451554246*_*channelid=*_*mac=*_*guid=45DC26AB-D697-4a1e-9479-5D27EFD7A7F4*_*name=FunDodge*_*version=3.0.0.3*_*actiontime=*_*pullupname=AptShadow.exe*_*pullupversion=3.0.3.0*_*cid=1002048*_*aptid=-1 120.131.127.52
hxxp://stat.funshion.net/tools/radarboot?rprotocol=2*_*bootmethod=100*_*mac=DF3222528253341306320^252m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*fck=146084353780820*_*stamp=1460843557*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*parentname=*_*parentversion=*_*info=*_*cid=1002048*_*aptid=-1*_*accedirid= 120.131.127.52
hxxp://fld.funshion.com/interface/platform?pid=3&ver= 114.66.198.9
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/43979.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/5764/43979/FunAcce.dll
hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt
hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab
hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt
hxxp://e6845.dscb1.akamaiedge.net/ThawtePCA.crl
hxxp://e6845.dscb1.akamaiedge.net/th.crl
hxxp://a177.d.akamai.net/ca1-tsa.cer
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/4666.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/190/190/FunAcceil.dll
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/64823.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/7286/64823/Condor.dll
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/68768.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/7526/68768/FunBSS.dll
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13891*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF3222528253341306320^252m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 120.131.127.52
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/68769.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/68770.daw
hxxp://u955.v.qingcdn.com/tools/priv/.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/7528/68770/FunNest.dll
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/68771.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/55338.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/6393/53625/Cuckoo.dll
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/68772.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/6957/61314/Glede.dll
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/64824.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/7287/64824/Firemanii.dll
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13810*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF3222528253341306320^252m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 120.131.127.52
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13874*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 120.131.127.52
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13874*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP|Alvin*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 120.131.127.52
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53001*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 120.131.127.52
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/166.daw
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13838*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP|Alvin*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 120.131.127.52
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53002*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 120.131.127.52
hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/166/166/FunKoala.dll
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/169.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/169/169/FunKoala64.dll
hxxp://u955.v.qingcdn.com/download/fairyland/files/app/173.daw
hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/173/173/Uninstall.exe
hxxp://stat.funshion.net/tools/radaraction?rprotocol=2*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*fck=146084353780820*_*stamp=1460843605*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*action=1*_*actionresult=100*_*actionobject=*_*actionobjectver=*_*info=T3:0;W9_43979:0;L9_43979:0;W10_4666:0;L10_4666:0;W11_64823:0;L11_64823:0;W12_68768:0;L12_68768:0;W13_68769:0;W14_68770:0;L14_68770:0;W15_68771:0;W20_55338:0;L20_55338:0;W23_68772:0;L23_68772:0;W25_64824:0;L25_64824:0;W27_166:0;L27_166:0;W28_169:0;L28_169:0;W31_173:0;L31_173:0*_*cid=1021001*_*aptid=109*_*accedirid=1 120.131.127.52
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=137.FunDodge*_*actionresult=13701*_*actionobjectver=635e31524451554246*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=B50C049A-D044-46ea-BDB1-6871B2DCEAF3*_*name=FunDodge*_*version=3.0.0.3*_*actiontime=*_*pullupname=turkey.dll*_*pullupversion=*_*cid=1021001*_*aptid=109 120.131.127.52
hxxp://stat.funshion.net/tools/radaraction?rprotocol=2*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*fck=146084353780820*_*stamp=1460843606*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*action=2*_*actionresult=-2*_*actionobject=*_*actionobjectver=*_*info=*_*cid=1021001*_*aptid=109*_*accedirid=1 120.131.127.52
hxxp://neirong.funshion.com/download/fairyland/files/tk/6957/61314/Glede.dll 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/tk/166/166/FunKoala.dll 14.152.58.13
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13891*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 120.131.127.52
hxxp://neirong.funshion.com/download/fairyland/files/app/68769.daw 14.152.58.13
hxxp://stat.funshion.net/tools/radarboot?rprotocol=2*_*bootmethod=100*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*fck=146084353780820*_*stamp=1460843557*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*parentname=*_*parentversion=*_*info=*_*cid=1002048*_*aptid=-1*_*accedirid= 120.131.127.52
hxxp://neirong.funshion.com/download/fairyland/files/app/64824.daw 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/tk/7287/64824/Firemanii.dll 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/tk/190/190/FunAcceil.dll 14.152.58.13
hxxp://th.symcb.com/th.crl 23.43.133.163
hxxp://aia1.wosign.com/ca1-tsa.cer 212.30.134.159
hxxp://neirong.funshion.com/download/fairyland/files/app/68770.daw 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/app/43979.daw 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/tk/5764/43979/FunAcce.dll 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/app/68768.daw 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/app/4666.daw 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/app/68771.daw 14.152.58.13
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 212.30.134.176
hxxp://neirong.funshion.com/download/fairyland/files/tk/7286/64823/Condor.dll 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/tk/6393/53625/Cuckoo.dll 14.152.58.13
hxxp://neirong.funshion.com/airport/files/foam1.zip 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/app/166.daw 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/app/68772.daw 14.152.58.13
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt 212.30.134.176
hxxp://crl.thawte.com/ThawtePCA.crl 23.43.133.163
hxxp://neirong.funshion.com/download/fairyland/files/tk/169/169/FunKoala64.dll 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/app/64823.daw 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/app/55338.daw 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/tk/7528/68770/FunNest.dll 14.152.58.13
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13888*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=1|-1 120.131.127.52
hxxp://neirong.funshion.com/download/fairyland/files/tk/7526/68768/FunBSS.dll 14.152.58.13
hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13810*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 120.131.127.52
hxxp://neirong.funshion.com/download/fairyland/files/app/169.daw 14.152.58.13
hxxp://neirong.funshion.com/tools/priv/.daw 14.152.58.13
hxxp://neirong.funshion.com/download/fairyland/files/app/173.daw 14.152.58.13
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt 212.30.134.176
hxxp://neirong.funshion.com/download/fairyland/files/tk/173/173/Uninstall.exe 14.152.58.13
neirong.funshion.net 87.245.198.84


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13888*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=1|-1 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:52:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:52:11 
GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-ali
ve..Expires: Sat, 16 Apr 2016 21:52:11 GMT..Cache-Control: max-age=0..
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0..



GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13891*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:52:44 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:44 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:52:44 
GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-ali
ve..Expires: Sat, 16 Apr 2016 21:52:44 GMT..Cache-Control: max-age=0..
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0..



GET /client/tmp?rprotocol=2*_*fck=146084353780820*_*mac=DFC6D05EAA6D*_*guid=04DB7C48-3217-418d-8ED8-A8DB00DAA475*_*userid=*_*fpc=*_*version=3.0.3.86*_*sid=*_*vvid=6482112ef6bcac819aef3bec15548cd6*_*type=aptshadow*_*param=0_0_1340 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:52:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:52:11 
GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-ali
ve..Expires: Sat, 16 Apr 2016 21:52:11 GMT..Cache-Control: max-age=0..
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0......


GET /client/cinstall?rprotocol=1*_*mac=DFC6D05EAA6D*_*fck=146084353780820*_*guid=04DB7C48-3217-418d-8ED8-A8DB00DAA475*_*md5=7e6595c1a1e1fba033d52ddcaecf93d7*_*modifyhistory=2.13.1.2*_*os=1*_*over=*_*cver=3.0.3.86*_*cid=*_*cidn=*_*startmode=5*_*imode=normal*_*itype=first*_*cusinstall=*_*preparetime=*_*choosetime=*_*installtime=*_*installresult=*_*repairar=4 HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:52:12 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:12 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:52:12 
GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-ali
ve..Expires: Sat, 16 Apr 2016 21:52:12 GMT..Cache-Control: max-age=0..
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0..



GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Thu, 28 Jan 2016 17:51:53 GMT
Accept-Ranges: bytes
ETag: "80823092f459d11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Date: Sat, 16 Apr 2016 21:52:35 GMT
Connection: keep-alive
X-CCC: RU
X-CID: 2
1401D159F4929680B9....


GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1


Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Thu, 28 Jan 2016 18:43:43 GMT
Accept-Ranges: bytes
ETag: "80d9e4cffb59d11:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Content-Length: 49661
Date: Sat, 16 Apr 2016 21:52:35 GMT
Connection: keep-alive
X-CCC: RU
X-CID: 2
MSCF............,...................I.......d.........<H.T .authroo
t.stl. ..-.8..CK...<Tk........./.........Z..e..P..D.&.BRTH...E..E.b
.["$qS)....-...[..}.o~g...q...Y...n...........aF\!.lI.4..0..ef.W.....C
`....Y..F.D5...Y.A....1.|..c.1...Nc.Y..x..D...NP[[email protected].....'.B.
......"(~3z-.@~..|}(.......g4.p.........h.n.dQz..t.V.......;.....Q...d
/../.pJ...6....E...A.@..]..T9..28..,..p...).....P:}.K...]=.7X.f..9..yB
.P....uP$$...Q.u..y..".=......7...........#.X..P.8....>U....v.[.$.e
...H.@~..........ea`.3...tLX...].-....<.........v.....M../..z6.t^..
...p....M...v(CP%F.......!eX..a...-..G.....S%..l.....Y..(.*.-....C.L0.
..G.....).rm8...(7.T{.Q...."...B`H.....3..9..-..Vv.5Q.e.W.../...RY.v.P
. .........l......8'.&z......3.;:...U4.."....yu... .."....d .e/7.;.XD*
tn%$.........];..fY.R...7.....o.=xh...]..4...\.:...v....t..9 .nO.i}.T.
./(uke..p.&.6.E#[email protected]...*.s....h......(/.s.%.3g...:*X.].7.IE....
E,.w.8......v...r4.qOh}~..E.5t...l...(*..2....`..F..".a:.t....9...W.kO
?5..=..HhYrI.Sf..[:...3..2..)DB...;......(...B.......U(...._F./#.k@...
.9c.Y..G'..]...p..;M_o..~.3?.}.1M.5.f5)._......t _.6...l..K....OsY.0..
....H...^..\$P;U....8..)...1........J...uE..#n.......h.......17.P=,P..
...}z.&..../..a.........p@.|KB..o.E..|..o.mr......m=.(v.:[email protected]
>4y....P........F...&... ....r$d..{B...)..A.`..x4E'~`V.."..(..(./G.
..@_Q`.....O...~`..~...x..KN~....Dko/A{..!...W..G,`)...*...#......q`..
H.........%m..G....5..4.....?.......F...{.%..2....l.L....."...Y.......
. ...].\........... D..Y...!1..*.....M?..G..A.|Ex......~...s.!.=..
<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt HTTP/1.1


Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Thu, 23 Jul 2015 23:16:35 GMT
Accept-Ranges: bytes
ETag: "80b4b9e9dc5d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1060
Date: Sat, 16 Apr 2016 21:52:36 GMT
Connection: keep-alive
X-CCC: RU
X-CID: 2
0.. 0..........4N.W ...I./.7. m0...*.H........0..1.0...U....US1.0...U.
...thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c
) 2006 thawte, Inc. - For authorized use only1.0...U....thawte Primary
 Root CA0...061117000000Z..360716235959Z0..1.0...U....US1.0...U....tha
wte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006
 thawte, Inc. - For authorized use only1.0...U....thawte Primary Root 
CA0.."0...*.H.............0.............Y.......Ys..E..,nh.l[HhIY7..3.
.w...-.4...M.......6....$_...D....bo.Z...(.\...z..tf/j8...TD......o...
N.).>........~.....qe..Q{..."`..[....Q[.........b.. ..N.Ld....X.JO.
h....J../..|qr...g.2...\......S} .......jR...6.w.{.PD.>n)i.9I&....{
@-..'...a.~.|[email protected]......
{[E....z.1..j..F.WHP0...*.H.............y..K......g..nE.U.....?..%..W.
.:v.L.Pv.dr...........2.A..w..`.....nDD....Ub.w.\.HI|.;W...s7./x\.hG.`
`...=" .......r..s|../..>.j'...Z.....Md....a..9.....{"[email protected]=..
yv..7.!...6..c ....3..A....Dc ...B..?,v.c.Y.......A...G...3...a~~. .G.
'0...]7.\9 ...{.V.hHTTP/1.1 200 OK..Content-Type: application/x-x509-c
a-cert..Last-Modified: Thu, 23 Jul 2015 23:16:35 GMT..Accept-Ranges: b
ytes..ETag: "80b4b9e9dc5d01:0"..Server: Microsoft-IIS/7.5..X-Powered-B
y: ASP.NET..Content-Length: 1060..Date: Sat, 16 Apr 2016 21:52:36 GMT.
.Connection: keep-alive..X-CCC: RU..X-CID: 2..0.. 0..........4N.W ...I
./.7. m0...*.H........0..1.0...U....US1.0...U....thawte, Inc.1(0&..U..
..Certification Services Division1806..U.../(c) 2006 thawte, Inc. 
<<< skipped >>>


GET /tools/radaraction?rprotocol=2*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*fck=146084353780820*_*stamp=1460843605*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*action=1*_*actionresult=100*_*actionobject=*_*actionobjectver=*_*info=T3:0;W9_43979:0;L9_43979:0;W10_4666:0;L10_4666:0;W11_64823:0;L11_64823:0;W12_68768:0;L12_68768:0;W13_68769:0;W14_68770:0;L14_68770:0;W15_68771:0;W20_55338:0;L20_55338:0;W23_68772:0;L23_68772:0;W25_64824:0;L25_64824:0;W27_166:0;L27_166:0;W28_169:0;L28_169:0;W31_173:0;L31_173:0*_*cid=1021001*_*aptid=109*_*accedirid=1 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.2
Date: Sat, 16 Apr 2016 21:53:17 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:17 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.2..Date: Sat, 16 Apr 2016 21:53:17 
GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-ali
ve..Expires: Sat, 16 Apr 2016 21:53:17 GMT..Cache-Control: max-age=0..
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0......


GET /tools/FsPlatformAction?rprotocol=3*_*action=137.FunDodge*_*actionresult=13701*_*actionobjectver=635e31524451554246*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=B50C049A-D044-46ea-BDB1-6871B2DCEAF3*_*name=FunDodge*_*version=3.0.0.3*_*actiontime=*_*pullupname=turkey.dll*_*pullupversion=*_*cid=1021001*_*aptid=109 HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.2
Date: Sat, 16 Apr 2016 21:53:17 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:17 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....



GET /airport/files/foam1.zip HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:15 GMT
Content-Type: application/zip
Content-Length: 1727647
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2016 06:06:57 GMT
Accept-Ranges: bytes
X-Ser: BC89_dx-henan-zhengzhou-1-cache-1, BC22_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC22_dx-guangdong-foshan-1-cache-1(baishan)
PK........(\\E0N...#..........gma.dll.[{t.U....!..BW....5>..f....z 
.Z#...l.......%....H.j.>[email protected]._.9Q.z...q..hK...[.
..$..N..T...~..}...[U.y..7!.....!.... #....>..G.-E.:m.0.O.]......eK
.X....[.,Y........Z.T.ZRy..s*.Zz......35..&....}R........v|..Fv\.0....
.5........g..p.Z..a7.{...v...v...._f..E.6".l...!..Q....9z[?q.V"....<
;S ....Q..s.-".s.!....)`G..T.......>.w..1....&...w{B...6....(.b....
$T.C&L..x.M&.._.Q7..c.Q.}[email protected].,....{...Bh..NSI....n[....x.f..8.v[.
P..jNF._....Fg....M.Q....p.....,q.[...VB.O.7D..f.].p.R .s.........Z...
./...2....[..y....9....?.U...O.....R....]...v.p....$T...H).......c....
:w.....<A.. ..x.....U..>....~.E.. =.Q ..=..65......pE.Q....B....
[email protected]..........._RCr....qFU@.}]TC....n9E..u....8...
...#z....-v.._U..~p...}..'.@ ..v..?ne.}..lp.yW./..?o`...v.......e0...z
...dd....j....Y>0.<32..h.Z.{?......n.....gl..~....v<^...k8.G.
.I......%.Em.=NZ.T. qz=`nD...v).<a. ....Q...K...4.Z.8.......2.:....
|'...t..\1.>z...g.q?...BI..."pZD..T...P..I1.J.;..8.XN....Jw.H....k.
.....).x.. .`M....#..)_..[..B.....2\$-.k.....3{}....b S>.9...s...u.
.OD.I5.....)..m.T......8z#....vf...o.O;....EO...._.P.......I)....$...`
.m)...'.B........n.i...en....r....nun<..q...A.'.0..7........>.4.
&......nN..`..8l.K.9D....!.s..r...Vi....W.....z,..S..g$B..%?.......DB4
...r.{....(./.i.D.)L....TB.....F.4..p.z`..N.....5..%...?....o]>.-.r
[email protected]"bn'.?2 ...X........q..O..[D..>K..t5o.`:a..
E.....80...EZ=.E...,x#..D...$i.&/..... =K..J.I..7@.."Bt.&.2.m.2&y.
<<< skipped >>>

GET /tools/priv/.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 404 Not Found
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:49 GMT
Content-Type: text/html
Content-Length: 570
Connection: keep-alive
X-Ser: BC75_dx-henan-zhengzhou-1-cache-1, BC14_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC75_dx-henan-zhengzhou-1-cache-1(baishan)
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx/1.2.
0</center>..</body>..</html>..<!-- a padding to d
isable MSIE and Chrome friendly error page -->..<!-- a padding t
o disable MSIE and Chrome friendly error page -->..<!-- a paddin
g to disable MSIE and Chrome friendly error page -->..<!-- a pad
ding to disable MSIE and Chrome friendly error page -->..<!-- a 
padding to disable MSIE and Chrome friendly error page -->..<!--
 a padding to disable MSIE and Chrome friendly error page -->..nt>....


GET /tools/priv/.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 404 Not Found
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:49 GMT
Content-Type: text/html
Content-Length: 570
Connection: keep-alive
X-Ser: BC75_dx-henan-zhengzhou-1-cache-1, BC14_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC14_dx-guangdong-foshan-1-cache-1(baishan)
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx/1.2.
0</center>..</body>..</html>..<!-- a padding to d
isable MSIE and Chrome friendly error page -->..<!-- a padding t
o disable MSIE and Chrome friendly error page -->..<!-- a paddin
g to disable MSIE and Chrome friendly error page -->..<!-- a pad
ding to disable MSIE and Chrome friendly error page -->..<!-- a 
padding to disable MSIE and Chrome friendly error page -->..<!--
 a padding to disable MSIE and Chrome friendly error page -->..nt>....


GET /tools/priv/.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 404 Not Found
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:50 GMT
Content-Type: text/html
Content-Length: 570
Connection: keep-alive
X-Ser: BC75_dx-henan-zhengzhou-1-cache-1, BC14_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC14_dx-guangdong-foshan-1-cache-1(baishan)
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx/1.2.
0</center>..</body>..</html>..<!-- a padding to d
isable MSIE and Chrome friendly error page -->..<!-- a padding t
o disable MSIE and Chrome friendly error page -->..<!-- a paddin
g to disable MSIE and Chrome friendly error page -->..<!-- a pad
ding to disable MSIE and Chrome friendly error page -->..<!-- a 
padding to disable MSIE and Chrome friendly error page -->..<!--
 a padding to disable MSIE and Chrome friendly error page -->..HTTP
/1.1 404 Not Found..Server: Tengine/2.1.1..Date: Sat, 16 Apr 2016 21:5
2:50 GMT..Content-Type: text/html..Content-Length: 570..Connection: ke
ep-alive..X-Ser: BC75_dx-henan-zhengzhou-1-cache-1, BC14_dx-guangdong-
foshan-1-cache-1..X-Cache: HIT from BC14_dx-guangdong-foshan-1-cache-1
(baishan)..<html>..<head><title>404 Not Found</ti
tle></head>..<body bgcolor="white">..<center><
h1>404 Not Found</h1></center>..<hr><center>
;nginx/1.2.0</center>..</body>..</html>..<!-- a p
adding to disable MSIE and Chrome friendly error page -->..<!-- 
a padding to disable MSIE and Chrome friendly error page -->..<!
-- a padding to disable MSIE and Chrome friendly error page -->..&l
t;!-- a padding to disable MSIE and Chrome friendly error page --&
<<< skipped >>>


GET /download/fairyland/files/app/43979.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:29 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Fri, 18 Dec 2015 04:00:44 GMT
Accept-Ranges: bytes
X-Ser: BC79_dx-henan-zhengzhou-1-cache-1, BC11_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC11_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$......vJ7$........:d.........d..`CG..W...S.....V......=-..
...\.G..k......//.`.........z*..g..05 ...A...]_.X....5.....5...2 ./U].
 ....~....s....].9 ..?>.[.d.&...y=g...sW.&.,......0....`...X(......
#7.,]'@T.J.........t[.t.....[.7X..x5"...e..........Io..}j.^.....h?U...
A...`~z.I.....LZ.....`....y#. .....


GET /download/fairyland/files/tk/5764/43979/FunAcce.dll HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:30 GMT
Content-Type: application/octet-stream
Content-Length: 371704
Connection: keep-alive
Last-Modified: Fri, 18 Dec 2015 03:06:03 GMT
Accept-Ranges: bytes
X-Ser: BC89_dx-henan-zhengzhou-1-cache-1, BC13_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC13_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........9.o.X.<.
X.<.X.<...<.X.<A.?<.X.<..9<.X.<...<.X.<.
..<.X.<. $<.X.<.X.<.Y.<. 4<.X.<...<.X.<.
.<<.X.<..=<.X.<..:<.X.<Rich.X.<........PE..L..
..%rV...........!.....&...n...............@...........................
...........@[email protected].........
.................pC...D..................................@............
@...............................text...\$.......&.................. ..
`.rdata.......@.......*..............@[email protected].......,...........
[email protected].......$..............@[email protected].
..*[email protected].................................................
......................................................................
......................................................................
......................................................................
.............................................................U...E.h..
...M.Q.E..!............U..S.][email protected]._[][email protected]'.M.S
[email protected].;.s.O....tV.u.;.r.^_3.[]........#.^_[]..........U..QS
.].VW3.W..<[email protected][email protected]..
........u .U.R..<....T...E.....u._^3.[..]._..^[..]......U.....u....
P..I.f.....f..u. [email protected][.......Pw"........$.x...h.........hW
........h.@.......]..I.s...U..._...i..............................
<<< skipped >>>

GET /download/fairyland/files/app/4666.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:35 GMT
Content-Type: application/octet-stream
Content-Length: 324
Connection: keep-alive
Last-Modified: Fri, 06 Nov 2015 07:48:20 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC17_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC17_dx-guangdong-foshan-1-cache-1(baishan)
..TKDSD....$.I.....U.=....d..............d..`CG..W...S.....V......=-..
...\.G........{.Z.J.*..Y...u.....E`.......%@.;..q...W...8y.M.....n...5
O..xps....U.1.y.y.;tP....D.q.).*[email protected].. & [email protected]{..Q.f-'..v..$
k...c. ....:/...<...xg..#OiMA...%L...R....Z~~._.O...o.h.:..t..M9...
$._f..^1;.z...y........E..C.......H..v........(....


GET /download/fairyland/files/tk/190/190/FunAcceil.dll HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:35 GMT
Content-Type: application/octet-stream
Content-Length: 383992
Connection: keep-alive
Last-Modified: Thu, 09 Apr 2015 07:34:41 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC13_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC13_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........f.........
............W...................x.....................................
......................Rich............................PE..L....c.U....
.......!.................".......0............................... ....
[email protected]...|...........................
.........C..04..................................@............0..d.....
.......................text............................... ..`.rdata..
'....0....... ..............@[email protected]... ......................@.
...rsrc................8..............@[email protected]...............>...
[email protected].......................................................
......................................................................
......................................................................
......................................................................
...............................................U...E.h.....M.Q.E......
.........U..S.].W.}.WS..x0....u._[].VP..l0......t)WS..p0...M......v...
.I.;.s.I....tV.u.;.r.^_3.[]........#.^_[]..........U..QSVW3.W..N...)..
....E.......tJ.]...uC.E......AP...Rj.V...0....t.SPV.E..........u .E.P.
.N........E.....u._^3.[..]._..^[..]....U...E.V.u....u....P.f.....f..u.
 [email protected]......^..Pw"........$.|...h.........hW........h.@....
...]...x...Z...d...n..................................................
.....................................U..j.h^...d.....P..!..3.P.E.d
<<< skipped >>>

GET /download/fairyland/files/app/64823.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:38 GMT
Content-Type: application/octet-stream
Content-Length: 596
Connection: keep-alive
Last-Modified: Mon, 29 Feb 2016 07:16:17 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC22_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC22_dx-guangdong-foshan-1-cache-1(baishan)
..TKDST....$...H.j...F.v..ei.k..Q........d..`CG..W...S.....V......=-..
...\.G..X0..{TuR#i.\........z*...R....b..=g..2../.1..k.Lw"N....e..n.kT
.Qh...N\........G..\b....oiE.....\..].Ar*C.......Z.....LM....%.....%."
.M..J.;.,....Xg.....Y..&..h",nUx/.B.@.[!z......W..>........#.v...AH
c.0..'......T.6...lL.x7N..q}..o..w&...].J.H........ej"Cf7^.. ....;..|2
r?W.D.....8K.Ms...#o..s..NU,...n....=b........L...fL ..J.?.v...V.).&..
.^.,...y=.n$.S..=m.....r...*.v <1..E..N *...(...E....tu..S.j)W.....
.Y.Ea..fd;qo.O.H:.kYS....;..T.\`..........i...xyK...].~..t.Q.5a..X.DQp
.....3.u^..I`.'.....2..."8..)"'=.U}...I..\....


GET /download/fairyland/files/tk/7286/64823/Condor.dll HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:39 GMT
Content-Type: application/octet-stream
Content-Length: 253432
Connection: keep-alive
Last-Modified: Mon, 29 Feb 2016 07:15:29 GMT
Accept-Ranges: bytes
X-Ser: BC79_dx-henan-zhengzhou-1-cache-1, BC11_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC11_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........=.}.\...\..
.\...$...\...*...\..~....\.......\...$...\.......].......\...\~..]...$
...\.......\.......\.......\.......\..Rich.\..........PE..L....C.V....
.......!.........P......?|............................................
[email protected]....{.......p..................
................................................H.....................
.......................text....`..............PEC2~O...... ....rsrc...
. ...p... .................. ....reloc..............................@.
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................&...1.....*..v...Rs..E#.~.
.).%...............q...$........,w...~ ....o-d.<.G...8...3.7\.....U
4.....`..1.....=.rZ.PqF0....L|>xQ..........~.......Z.j-B...@...,...
..r...$.........-....(.a........Z^...dl........../..M<.[o*S-..._Y.Y
6../..f...? ..J.=q t..w..O#m............D`....6..h......kn.>F..;.P.
..2....j.~GU..".b....q..8%..4.[.....NO.N..._SS..w0...aQ.....w...C.pw`.
.....Mx.E...............DC....$MV../...(.A9..........q9.Z.....o.O.T...
h....... (....... ..1Vw`..Q*;......;......;....8.../..\o..TkV...Z.
<<< skipped >>>

GET /download/fairyland/files/app/68768.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:40 GMT
Content-Type: application/octet-stream
Content-Length: 2388
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:35:46 GMT
Accept-Ranges: bytes
X-Ser: BC69_dx-henan-zhengzhou-1-cache-1, BC15_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC15_dx-guangdong-foshan-1-cache-1(baishan)
..TKDST....$..#.;..= ".5.B..]..k6........d..`CG..W...S.....V......=-..
...\.G..O.-_................z*..g..05 .q...t.<_.X....5.....5...2 ./
U]. ....~....s....].9 ..?>.[.d.&...y=g...sW.T....}n(....Aj.7E..s[s.
..H...w..@....|B.,.d...CZ.....`..Y...u...J..<a.tib....&..e..&P.|..8
'.....$._f..^1;.z...y........Rn?.e.n..M.....0..:Y.I0`.p.D......Q...C.u
)...B...2.w.v....Vm.ek...V.i...1.J.?...RM.....I.q.EJ...0-....d.....6..
[email protected])G8.%.s.;.....Q.....E.......q
...........[diCSe.......m.v...7!....N...Y....}.. ss....i4.D ..........
.E....H.\pI.....k..C.....6..?G<........t.L*....v..d.^..5..[K....7!.
..P..YD...c.......e.]....N......=.u."...,.......(...v..d.^..5..[K....7
!.....L.)..:3..k<.Q&.4..=..B......=. )d|.. *;p.2p..6j.?.....^......
2R.Q../qt.j....].H.._ ..Y.^....o...$FA...P*@.Cz)@.l*.LE...fW.P.,..\...
_.JMZ..N...........&....._.......Ty.,..'..d.$...sm.X.G04.mC:...6......
K6A..b5...C5crA.GD..s..vP..Z..~,.h.5.0......OuZ...6....;...0.....2.Ma.
[email protected]=.,%.K.O......g.rB.....{}V j..."..e.EB..z..J...AX.G04.m
[email protected].?]]...ef.$...B.c.|F..C.Q.:.[X....J[?...YB...p_?]' %....1!
.G'..X7G.A&P..l.......y...F..).....;..;.e.8.#=.2..RDw .&.).......>.
T..J}.K.^..4.... @....**..!...r..N.I.t..n!.g).6.].."...1....^Z.H.....j
K3.C....B..x.....v..'. VP..2/....3P..l....'.L..W1.k.2..:...[.L..o.<
C.2......@..'.......h=L..D...;0..P........d.v...I"}.A.....q..1.jY,'.Xg
...W=.9.h..(.^%....I..t.s....l5... .J.u1..c.[..NH.:r... .z......4%...{
S..M.e......8......:.{..........NX[.....7.\|.c...J\....:..I..v.K.u
<<< skipped >>>

GET /download/fairyland/files/tk/7526/68768/FunBSS.dll HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:41 GMT
Content-Type: application/octet-stream
Content-Length: 502264
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:35:10 GMT
Accept-Ranges: bytes
X-Ser: BC87_dx-henan-zhengzhou-1-cache-1, BC12_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC12_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......a.26%.\e%.\e
%.\e,..e$.\eJ..e .\e...e'.\e>!.e8.\e>!.e..\e,..e$.\e>!.ew.\e,
..e<.\e%.]e..\e>!.eq.\e>!.e$.\e>!.e$.\e>!.e$.\eRich%.\e
................PE..L......V...........!..............................
..................................!.....@.............................
S...0........`..h....................p...U..0.........................
[email protected]...........
.................... ..`.rdata..............................@[email protected].
[email protected]....`......................
@[email protected][email protected]..........................
......................................................................
......................................................................
......................................................................
....................................................................U.
...(.L...3..E..E.=l...}.h.@...|...S.][email protected]...._....[[email protected]
[email protected].....;[email protected]......}..M..E..E
......je....#.....V....u.hW.........M.3....._....]...................Q
............U..j.h.A..d.....PSV.L...3.P.E.d......].3..u....P.......u..
E.P.....2..M.d......Y^[..]....M..E. ......t .....P........u..M..E. .F.
..;.r..E.P........M.d......Y^[..]....U.R...........M.d......Y^[..]....
..........U..V.q.V......6..u....3.;....^]...W.}....x..|.VP.eh.....
<<< skipped >>>

GET /download/fairyland/files/app/68769.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:47 GMT
Content-Type: application/octet-stream
Content-Length: 2396
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:37:22 GMT
Accept-Ranges: bytes
X-Ser: BC69_dx-henan-zhengzhou-1-cache-1, BC13_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC13_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS\....$._..Y.....F<....O.YF.........d..`CG..W...S.....V......=
-.....\.G..O.-_..}.............z*..g..05 .q...t.<_.X....5.....5...2
 ./U]. ....~....s....].9 ..?>.[.d.&...y=g...sW..G...}>*.X.......
.1C|^.~.>..[....2N;p.I..r....")9..e.ADH.Z.>.1..Q.6:.Ss.....`...l
n.8..X..\.D....ZY...<.P.{@M.A>2t..N..B.MQX.c..W..].....M.}..D1..
\....;...u....$..$...b#C.^/..e.j...".L.........,.RY...`....J...Glj.L.S
.r..*.\..4.U-...W....t....]..!XX.*.s.L|.I.Mr..z..<.D.5..'..S..A..v.
....n..]..!XX.*.s.L|.I.Mr..z.V..M.....Zk5E..F.Z......./-.M.,&.....~...
....f7}....Z...jR....d.&....._......6o@K.?.}..?.$..l.g.8*.%..u".......
..Fz..sM..Z.........g`L.{rb_.*y....0.,.....y....0./...._.}............
....Fz..sM..Z.........g`L.{.....3.m...{y.N|.{.x.*.../...._..a...z.Qb5.
..C5crA.GD..s..vP..Z..~,.h.5.'.c.,o|...w#....]2.N...7....2.Ma..s......
[email protected]'.A.&...ef.$..Y.....q.....E....<..\...YYLg^1.....?.ut.....
_...9/.{..!....R...x.x.'41Tvj.?.....^......2R.Q../qt%M......n..&...t.&
gt;q...t.....X^.8P*@.Cz)@..:T.|. P.P.,..G2...........r.(.|.[....K.....
..2...1..F....._...9/.{..!..Ra.<.$..\..._.JMZ..N.....V..:.p^%]...&l
t;q........Z..s[.....$..e3..h.N........X.n. ....E...ns...=Iuu..1...Q..
S...V.......D...;..g.$..;....8.JDv...6..{...G.x.....vz..K.l..eL.` ._..
....?A9;..;.e.8N....'........OM."....c...!...r..,Q.GH\A....X.n.....O.X
f.....) [email protected][............!z...9............|H.8Hq(.v.....4....d...Q..
.-..Xa..o._....d...V..5X.....[[email protected].....|/..74ZZ....
...[..h.N......:...F....c.2b..b..{%..u..D.......2...i..#>[...'.
<<< skipped >>>

GET /download/fairyland/files/app/68770.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:48 GMT
Content-Type: application/octet-stream
Content-Length: 1380
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:42:20 GMT
Accept-Ranges: bytes
X-Ser: BC69_dx-henan-zhengzhou-1-cache-1, BC22_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC22_dx-guangdong-foshan-1-cache-1(baishan)
..TKDSd....$.....y 0,....j.]....:........d..`CG..W...S.....V......=-..
...\.G..O.-_..b{?...........z*..g..05 }(..W...../.1..k.Lw"N....e..n.kT
.Qh...N\........G..\b....oiE.....\..].Arv.a]p.8|...4."...U.{..Kw..H...
w..@....|B.q:vQ.....xg..#OiMA...%L..g..05 ...N..*...H.'/Kz. .......$._
f..^1;.z...y.........8M>J.f.......(^9.......!.P.U|2.`dt..K.Y.pM....
.D.......&Pz,....W.M.6e..<.W.H.......L..a...k...E...E..P.wW.d.....a
.:][.9.B(J.V...\.......pM.....D.......>..4......}.P.&oi.AQ#...l...\
.6.L,o[..V....N.)."...e..Wlp..x..8....t...3.6L.E(..=..s'..F...".)F.1. 
.fl..Q.*.C&..Xz.v...X....L..a...k...E...E..P.wW.d.....a.:][.9.B(J.V...
.p.....w.KL.Z.o...\7...'...O...........P>.a....B..K....]..B\[W...."
......5.u..c!B.,...C.....Rr.....J.P.t........J.!..J}...G.T..`(...'.). 
.;4t...1....7...}.P.&o..FI...=.......]......*#.../W...L..>.E..~~:..
hk..z1.Kw.M..c..Qu...-8.....X..Ay.`X../....>.P...&>(..nR..Gp....
..........h..tIw.....r..e..Q.h...v...8.....43.'O.....8.....E-`m.......
.....o...R.....9......O..K....y ...^..6)J..<~..)...Z.w...o[..gJ..Yb
..>...xG2.Z'.......XbvD.....8.....2;y.....'..TO.n.I.EZ.c....8......
....w....8...... Cx.5^.'..TO.n...mO...H3......a......b.......L.Ax.....
.Ikc......tts.A".qc..,.....1."...@..{8.F2rh|......<.....Mh.}.2l.S..
.T..v.L;k...~... [F...L0...NL.......;.W.}......9X..gr.........n2.....t
..e.;.v.fB7.#FoG).u.DN....XTo..O.m.|.|6...*L=[.. Z..L...oc.S.......3..
.k9z-(C.......
<<< skipped >>>

GET /download/fairyland/files/tk/7528/68770/FunNest.dll HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:48 GMT
Content-Type: application/octet-stream
Content-Length: 427512
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:39:01 GMT
Accept-Ranges: bytes
X-Ser: BC73_dx-henan-zhengzhou-1-cache-1, BC21_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC21_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......`...$...$...
$...K...!...?. .8...?.......?...k...-.6.%...-.&.9...$.......?...n...?.
..%...?./.%...?.(.%...Rich$...........PE..L......V...........!........
.........................................................\....@.......
.................. [email protected]......
............................0K..@...............\.....................
.......text............................... ..`.rdata..t...............
............@[email protected][email protected]........@
......................@[email protected]..([email protected]....
......................................................................
......................................................................
......................................................................
......................................................................
..............................................Q...............D.......
......U..V....D.........E..t.V.i........^]............V.7..t(....t.P..
.......F.P......V.0.............G.....H........J^........P.B....G.....
H........J........P.B.....U..j.h....d.....P..4. ...3..E.SVWP.E.d......
[email protected]...;.t:.....9^.t7.F.P........t..F..M.QSP..........#E.;F.r....L.
..2.. ..........B............E..]........3..Y..A.....f.....e..Z.f.:...
f..u. ...R.)....E.P....... ......E..9X.r...Ph.....}..........E..9].r..
M.Q.........E..x...X..E......E......E..~.S.E.P......E..6.>.t9.~
<<< skipped >>>

GET /download/fairyland/files/app/68771.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:54 GMT
Content-Type: application/octet-stream
Content-Length: 1388
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:42:00 GMT
Accept-Ranges: bytes
X-Ser: BC83_dx-henan-zhengzhou-1-cache-1, BC13_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC13_dx-guangdong-foshan-1-cache-1(baishan)
..TKDSl....$.fP...21x.....cq.5...........d..`CG..W...S.....V......=-..
...\.G..O.-_....-..LX.......z*..g..05 }(..W...../.1..k.Lw"N....e..n.kT
.Qh...N\........G..\b....oiE.....\..].Ar..#.3....}[!........\..]~.>
..[....2N;[email protected].]...]#........yom.....x.ln.8..X.L..g..I.
ZY...<.P.{@M.A>2t..N..BUq?s...=.RQ....W.<O......(..._X....%..
....k.{.c...`?zS/ ...ML.eG..,.g...#t}.....$*.7.N....v.%....T...&.9....
.vK.U%.t...B. 2..d1....%.....1..*.sY..`?zS/ .Q.hV.w.h......?.....g.m..
.....N.U.%......}}-......O.k.g4.S...)........S.g..gw.ZQ.T...vEb......H
s^...X.3..........U...C..W.....m..v.%....T...&.9.....vK.U%.t...B. 2..d
1....%....}6.................".)F.O|M.J...\......../.r.3.V'F ...;W:K.3
......Y...&..Y.T.....Q.....qoP;"..j;....Eb....(...u.&.-..$N.c..>...
..".\TlF...~......tr.l...........B...|....b...c._..F.{.,3E.....de;...8
c..!...8..).T.&"T.W(..nR..G..4...&TS.....A..S..R.....r..e..uM.3..y..u.
.{.aV.T...*j..."...6J(..nR..G,G1..a...6)J..<~../.N5.S.6)J..<~..'
..PK..3N..qx..e[J.zYm.$..S\...*.h=..d`....}.o.........a%..`...O..K...-
.Z.........'J-Z).u.DN........Y..6)J..<~......T......<.....x.W...
6)J..<~....M....6)J..<~"N.lEp.......<..W.r...VZ..il.(..X../..
...b.\U.Z.n2.....t!.w0.pB.h.}.2l.S..g..r^hAn.P.t.be....!.._;j....G.,.W
.....Vro.......B..'.(..nR..G....A.B!.C n............3......y.&..8....&
lt;F.... ...-.........l.L@..{8.F2K_.M$3.<.....6}W.....8n.!9.....,..
.iV...y.8.z.....;X....2.Z..@;'....
<<< skipped >>>

GET /download/fairyland/files/app/55338.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:55 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Fri, 15 Jan 2016 06:18:32 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC11_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC11_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$...6..WfwP..|.e..2n.x........d..`CG..W...S.....V......=-..
...\.G....6~.2..G.\nQ.......z*...R.....u.~....../.1..k.Lw"N....e..n.kT
.Qh...N\........G..\b....oiE.....\..].Ar,..KQ...._k.fZI^..FI...=...%."
.M........B...|.....Y..&..h",nUx/.B.@.[!z.C.....D.W......g.#.v...AHc.0
..'......T.6....6.}.q..D.@......


GET /download/fairyland/files/tk/6393/53625/Cuckoo.dll HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:55 GMT
Content-Type: application/octet-stream
Content-Length: 509432
Connection: keep-alive
Last-Modified: Mon, 11 Jan 2016 03:28:43 GMT
Accept-Ranges: bytes
X-Ser: BC71_dx-henan-zhengzhou-1-cache-1, BC13_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC13_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........Dx..%...%..
.%...]...%...S...%.......%.......%.......%...]...%...]...%...%...$....
...%.......%.......%.......%..Rich.%..................PE..L......V....
.......!.........*....................................................
[email protected]........`..p...............
.....p...`..`...............................8&..@.....................
.......................text............................... ..`.rdata..
[email protected]..................@[email protected]...(l.......H..................@.
...rsrc...p....`......................@[email protected]..............
[email protected]..........................................................
......................................................................
......................................................................
......................................................................
....................................................G..u....G..h.}....
.G....qs.......G......U..j.hH...h@...d.....P...SVW.l...1E.3.P.E.d.....
.e..E......E.P.=...................M..F.....e..E......M.d......Y_^[..]
..........U..j.hHc..d.....PQV.l...3.P.E.d.....h....j.j.j...$.......t}.
.P...=....u.V.. ....M.d......Y^..].j........T....E.P.M..8....u..E.....
.I....E......E.....H........J........P.B....n..........M.d......Y^..].
........U.....j.h.l..d.....P..4....l...3...$,....l...3.P..$8...d......
[email protected]$.Q.`[email protected]$...$@.............<.T$
<<< skipped >>>

GET /download/fairyland/files/app/68772.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:59 GMT
Content-Type: application/octet-stream
Content-Length: 12356
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:52:57 GMT
Accept-Ranges: bytes
X-Ser: BC85_dx-henan-zhengzhou-1-cache-1, BC15_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC15_dx-guangdong-foshan-1-cache-1(baishan)
..TKDSD0...$........H".n....."|)G........d..`CG..W...S.....V......=-..
...\.G..O.-_........k.......z*...R....)y.....R../.1..k.Lw"N....e..n.kT
.Qh...N\........G..\b....oiE.....\..].Ar......~;....&...i.AQ#.....v..$
k......ZS)vZQ.d.Li.]...]#........y*.do.....ln.8..X\We.z.}..ZY...<.P
.{@M.A>2t..N..B.MQX.c...|..g...g,[email protected]...:....<..<....
................R........x.u&....:.vX./....Y!]...t.;.....c.t..."....b.
.:SM-...}.fh$.>A.B6.A........V.k.....t*^.....H.C.;_9.W...h..^/.....
nC.Nc..1D.*.X..X.2.j^.M.2.s...3.6.......x.u&....:.vX./.....v.{e0v.a..&
.........X..M...Ho............\.<.sA........V.k.....t*^....z..G....
.q......v.v..M..s..}....D5Y.Y..m..........3.(V..I.C...........Z.[.....
Kw,... M..S....^..(..*....t.R.3'..f...TL.. ...y.).w.....e6...h.z..(^..
.4.. .7\j.S..Zk5E..FD2...]{..q.C.....t..."..)...o...-...}.fh......X.I.
C...........Z.[.....Kw,... M.....G..,...W.....n]/.....Ur..&6.....{....
'.\..:YI.S.>..G!*90noB..D.?.=j.a..f.....l.!.Dq.u..W.....n]/......Q.
..a\._6...;...D..z.yH(^...4.. .7\j.S......8n..qR....Nm........t..."..I
1.?e`K.-...}.fh...4L?..A........V.k.....t*^.....\-s...c......W...CA...
[email protected] ...y.)...:...X.I.C...........Z.[.....Kw,... M..ep.J.a..t.R.3
'.....$...l.Ro.h*n.Wi......#I..u.......3...$o3......p..'L9.?...,...U..
.... .d.g.j....J`<......%i.....j.NwG..S.>..G!*90noB..D.?.=j.a..`
.fi...W.Mo..*..W.....d...../O....I:M.{e}..Xn.p=.......J..\R..g.$.....E
.....de..8U. !..a..&.........X....l............N......x.o.)8...(^...4.
. .7\j.S..Zk5E..FN......xS.V...\f.t..."..t.}h./..-...}.fh.^...C...
<<< skipped >>>

GET /download/fairyland/files/tk/6957/61314/Glede.dll HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:59 GMT
Content-Type: application/octet-stream
Content-Length: 487928
Connection: keep-alive
Last-Modified: Thu, 28 Jan 2016 07:31:46 GMT
Accept-Ranges: bytes
X-Ser: BC89_dx-henan-zhengzhou-1-cache-1, BC17_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC17_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......q..|5../5../
5../<.>/4../Z../0../.k$/(../.k./.../.k./z../<.9/4../<.)/".
./5../.../.k./r../.k!/4../.k /4../.k'/4../Rich5../....................
....PE..L......V...........!................Sg........................
......................;[email protected]...........
. ...............^.......0...Q..P................................&..@.
..............H............................text.......................
........ ..`.rdata..E...........................@[email protected]
[email protected]........ ......................@[email protected]..
[email protected]......................................
......................................................................
......................................................................
......................................................................
........................................................U...E.h`\...M.
Q.E..aw...........U..S.].W.}.WS........u._[][email protected])WS.......M.
.....v....I.;.s.I....tV.u.;.r.^_3.[]........#.^_[]..........U..QSVW3.W
......Z .....E.......tJ.]...uC.E......AP...Rj.V........t.SPV.E........
..u .E.P....... ...E.....u._^3.[..]._..^[..]....U...E.V.u....u....P.f.
....f..u. [email protected].....^..Pw"........$.|...h.........hW......
..h.@.......]...x...Z...d...n.........................................
..............................................U..j.h N..d.....P...
<<< skipped >>>

GET /download/fairyland/files/app/64824.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:03 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Mon, 29 Feb 2016 07:18:53 GMT
Accept-Ranges: bytes
X-Ser: BC85_dx-henan-zhengzhou-1-cache-1, BC14_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC14_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$..._.J2.R..{R....R...........d..`CG..W...S.....V......=-..
...\.G..X0..{T.!_M.l........z*a...{....../.$..../.1..k.Lw"N....e..n.kT
.Qh...N\........G..\b....oiE.....\..].ArN...U. H...!%x.....UWhF6r....$
....2N;p.I[.p3`..kvZQ.d.Li.]...]#........y.!.^PvQ .ln.8..X.....;.".ZY.
..<.P.{@M.A>2t..N..B>..._pk.....


GET /download/fairyland/files/tk/7287/64824/Firemanii.dll HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:03 GMT
Content-Type: application/octet-stream
Content-Length: 477176
Connection: keep-alive
Last-Modified: Mon, 29 Feb 2016 07:18:06 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC22_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC22_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$............o...o..
.o...."..o..x!...o.......o....#./o...."..o.......o.......o...o...n....
&..o.......o.......o.......o..Rich.o..........................PE..L...
...V...........!.....~...........E....................................
...........@[email protected]...........,...............
.....4...........J..................................8...@.............
...............................text...\}.......~.................. ..`
.rdata..6...........................@[email protected]............
[email protected]...............................@[email protected]..
[email protected]..................................................
......................................................................
......................................................................
......................................................................
............................................U.....j.h?...d.....P......
.l...3...$....SVW.l...3.P..$(...d......E..]...$....Q.D$0.yH...T$@R....
...$4.............D$PP..$4.....M_....$0...........B............D$..L$P
Q.t$<..$4.....(g...D$H.|$0..$0......a...D$<..$0......d....u...d.
...h.....E)......T$(R..C...D$$...t$ ..$0......?..P.t$ ..$4......s.....
.D$L..$0......d....u...d....h......(......D$.P.../A.....L$4Q.T$TR..$8.
....Vd....S.D$HP.L$XQ..$<......a...T$H..$0.......T$<Q...T$(Q...T
[email protected](h.....|$<.x.....$X.....D$l.....(.P.....
<<< skipped >>>

GET /download/fairyland/files/app/166.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:08 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Fri, 06 Nov 2015 07:48:14 GMT
Accept-Ranges: bytes
X-Ser: BC91_dx-henan-zhengzhou-1-cache-1, BC22_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC22_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$..z)q.........w5....%........d..`CG..W...S.....V......=-..
...\.Gc.jMU..O...V..u8h",nUx/.m....m.o.D...$..>.....JP.{......~,..]
.;....U0.....([email protected].\.Y...g*J.Qv...f.WL..G.1R.h...!.|
 .B.5zA...."....la.Z...b."..O.du...]5.0.i<[.Zq..a.....)V...........
.....g..n#&.....;A8...2p.2}...I..\....


GET /download/fairyland/files/tk/166/166/FunKoala.dll HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:09 GMT
Content-Type: application/octet-stream
Content-Length: 165712
Connection: keep-alive
Last-Modified: Wed, 07 Jan 2015 07:47:00 GMT
Accept-Ranges: bytes
X-Ser: BC69_dx-henan-zhengzhou-1-cache-1, BC17_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC17_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........s..........
......|.......H.i.....I......ja......jq...............M.......y.......
x.............Rich............PE..L...l..T...........!................
.M..............................................iv....@...............
.........../..H....!.......p...............p..P.......................
........................@...............T............................t
ext...u........................... ..`.rdata..._.......`..............
....@[email protected]...|[email protected]........
..............@[email protected]...:.......<[email protected].........
......................................................................
......................................................................
......................................................................
......................................................................
.......................................................1.......U..V...
.......1...E..t.V..0.......^]............U.....j.h....d.....P........0
..3...$....SVW..0..3.P..$....d......E..5.X...L$\.D$(......L$...$......
...&...h`....L$8..$...........L$.Q.L$ ..$............$........0...B...
0........D$...$.......,X...u...,X....(X....$......a...h......7.......$
......L$,Q.(X..........T$$VR..$..........P.D$HP..$..............D$0..$
.......,X...u...,X....(X....$..........h.....$7.......$.....V.L$$Q.(X.
..........$.......,X...u...,X....(X....$..........h......6.......$
<<< skipped >>>

GET /download/fairyland/files/app/169.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:10 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Fri, 06 Nov 2015 07:48:14 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC12_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC12_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$.Jq.....sem|..!?tE...........d..`CG..W...S.....V......=-..
...\.Gc.jMU..O..Q-....h",nUx/.m....m.o.D...$..>.....JP.{......~,..]
.;....U0.....([email protected].\.Y....S.a......*c .0..l.....1..v
..$k....Q...S.l.....1.t.....[.7X..x5".P..=.}.r......p.....lW6..... bV:
!H..n..7..N..A(.H...)..............


GET /download/fairyland/files/tk/169/169/FunKoala64.dll HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:10 GMT
Content-Type: application/octet-stream
Content-Length: 210768
Connection: keep-alive
Last-Modified: Wed, 07 Jan 2015 07:48:23 GMT
Accept-Ranges: bytes
X-Ser: BC87_dx-henan-zhengzhou-1-cache-1, BC11_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC11_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$...........V...V...
V...MZ?.Z...MZ......MZ......_.".W..._.2.M...V.......MZ..S...MZ:.W...MZ
;.W...MZ<.W...RichV...........................PE..d......T.........
." ................ U...............................................@.
[email protected].......
@...#... ..P...........06.............................................
..0...............................text............................... 
..`.rdata.......0......................@[email protected]....... .........
[email protected]...#...@...$..................@[email protected]...
...................@[email protected][email protected].......
......................................................................
......................................................................
......................................................................
...............................................H.T$.SH.. H.T$8H....8..
L..j'..H..L..H.. [.......H..Q'..H....9...H.\$.WH.. H..7'....H..H....8.
....t.H...}7..H..H.\$0H.. _........H.|$.H..3.H...f..H.|$.H..H.A....@SH
.. M..H....9..H..H.. [[email protected]$ ............u*
.........H......H....9..H..8....O?...H....H......H..0[.H..UATAUH..X...
H......H.E.....H.X.H.p.H.x H......H3.H......L..H..3...H.M.......H.L$h.
.....H......H..x....P.H...H.D$PH......H......u#...3........H..t D..H..
H.L$P.......E3.H.L$P.\....H.T$`H.L$h......H......H.......P.H...H.D
<<< skipped >>>

GET /download/fairyland/files/app/173.daw HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:12 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Fri, 06 Nov 2015 07:48:14 GMT
Accept-Ranges: bytes
X-Ser: BC75_dx-henan-zhengzhou-1-cache-1, BC19_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC19_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$.W)z....x.....d..............d..`CG..W...S.....V......=-..
...\.Gz3.si._..V>.Y.D.h",nUx/.aOd.6........LR.>.....JP.{......~,
..].;....U0.....([email protected].\.Y....4k.......Ww^.G.7.....@.
o.).l O)..T`[...........Z.....`..Y...u.... \.....Q.x$.o.J.....m,.d..-.
......`\.o...s....A..'..X.A.eQ.[.[....


GET /download/fairyland/files/tk/173/173/Uninstall.exe HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:12 GMT
Content-Type: application/octet-stream
Content-Length: 243192
Connection: keep-alive
Last-Modified: Tue, 03 Feb 2015 03:32:58 GMT
Accept-Ranges: bytes
X-Ser: BC79_dx-henan-zhengzhou-1-cache-1, BC12_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC12_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........ ...A...A..
.A...9}..A....a..A...7g..A...7S.*[email protected]
V..A...7c..A...7d..A..Rich.A..................PE..L...PE.T............
................. ............@.......................................
@.....................................@...............................
.&..@...................................@...............|.............
...............text............................... ..`.rdata..........
....................@[email protected]...@[email protected].
...............8..............@[email protected]..............
@..B..................................................................
......................................................................
......................................................................
......................................................................
............................................U..QV.E..............]....
......U..j.h.pB.d.....P.4BC.3.P.E.d.............nC.u....nC..E.......`.
.h..B...........nC..M.d......Y..].................nC.....H........J...
.....P.B.....nC.....H........J........P.B.....nC.....H........J.......
.P.B.....................j.....B....U.....j.h.vB.d.....P..8SVW.4BC.3.P
.D$Hd.......z....tF.vz...........).....nC...z....t&P............nC....
..t.P....B............nC.......u(.5.nC..D$P......_..h..B..........D$P.
...j...nC...d.....nC..u).5.nC...nC..t$P.....h..B..v.......D$P....h
<<< skipped >>>


GET /th.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: th.symcb.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "8f075e7fa4ca94ce151caabacd13cb0d:1460799201"
Last-Modified: Sat, 16 Apr 2016 09:00:47 GMT
Date: Sat, 16 Apr 2016 21:52:36 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0....0.......0...*.H........0J1.0...U....US1.0...U....Thawte
, Inc.1$0"..U....Thawte Code Signing CA - G2..160416090046Z..160430090
046Z0....0!.....]yQ..$p!.......120820074210Z0!.....[;.....].r.s...1008
18102251Z0!....#^W...;"...g....110330165612Z0!....o....._..4F..7..1203
18152218Z0!....{..... <.A..^"..140404155306Z0!.....)..2%bS..SO....1
30614102859Z0!....>/.-....J..V....110224200338Z0!.... ..<q......
.S...100824004207Z0!.......P.|...ku8....120512130856Z0!......\..TI..].
.g...101019154320Z0!....2....ig..F......140324110226Z0!...)A..VZW.v.-v
.L][email protected]!...;[..d .:.9.1
b....141118003554Z0!...<.....t.Lx.......111007164659Z0!...K..]0.../
........121207172205Z0!...T....&T.9.n...`..101006143536Z0!...[k..:^...
..4.....130510121747Z0!...p.J... N.y\.g.i..120307200211Z0!...t.X.DB...
..}x.d..110810202131Z0!...z ....}...:.v....130715201555Z0!...ziW......
.kH..>..100824073211Z0!...~....%.<.&.Q^U...121016162753Z0!......
...........3..120628081021Z0!....*6.C..T..M......130925083709Z0!....03
l.3...M.m.s...110615232611Z0!.....u..;...|L.3....101012173011Z0!......
K.b...U....I..120106095217Z0!.....#c.W.....&.t;..111216235955Z0!......
 0J.......B...110210193721Z0!.....k-.h~?\..z..Y..110325203133Z0!.....M
[email protected]!.......Sj';.k.l .c..120307222327Z0!....B.
....xk....~...131226195639Z0!.....5l.2.%.6].p.3..140907122117Z0!....v.
.p.F..O.......110211141507Z0!......."[email protected]!....77
.....J[.U.N...121204134404Z0!......B.`.9...k.]?..111221212009Z0!..
<<< skipped >>>


GET /upgrade/upgrade?bid=52 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: fld.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: nginx/1.2.0
Date: Sat, 16 Apr 2016 21:52:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
1bc....TKDS.....$...E.o...wW.m.......l........d..`CG..W...S.....V.....
.=-.....\.G.........l.F6_.n.{".F[.zMZ9..U.r....[m.A...ag{&.\.f........
..LA......9a..p.1-..N!2....>N....1UN...^J....].....#.......ZM.YG..A
....E....).J.H.....@.../[email protected].:..s...z.T.B........ .R..t ,7...
......6.ZG.r.......9j {[email protected]<aQ.aU.|......YH.RQ.v....%E.
..6a..R{.l.... [..n...|a.I....P02.N......a..Ww*....\._.|!...oO.....v..
e4Xz..*..5.di.t..q;........A.eQ.[.[..0..



GET /interface/platform?pid=3&ver= HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: fld.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: nginx/1.2.0
Date: Sat, 16 Apr 2016 21:52:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
5f4....TKDS.....$...X../.%.eYc.<.]............d..`CG..W...S.....V..
....=-.....\.Gh",nUx/.!.yW..A.....UC...q..p:...-O........;....v....(%t
z.}.....o.).l O)....~s.........N........U.|......a.7.LQ...Y..&..h",nUx
/.E.1......h.7....g..`73..~y)..e.......v.3.....Rh...2N;p.I.V.....=v..!
....`..F._@^.k...U.c.........]...]#........yF.. ...v2D.....!....MW..RQ
x.-h....X0..{T..>..d...G*.....$*.7.N..p.p..X.........y*.do....Z....
.`..Y...u.....E`...MG.#T.....?6....~y)..e.......v.3..{...ej......X.i.U
.C]....YE..f..Y...u...J..<a.t$...R...H.Z.>.1..Q.6:.Ss.....`..2D.
....!..f..?I.RQx.-h....O.-_.....L.....@....|B......_..p.I...\h",nUx/.E
.1......O........-H....U.|.............<=....?j..a.Q.].v.0.&.H..N.q
]..q...JT....Sb...z.8./.#z..p.p..X.........y.....d..Z.....`..Y...u...J
..<a.ta.p... ......x..~y)..e.......v.3Q.G..?1'......X.....\..]~.>
;..[..........U.|......n].......b."..O.du...]5..x~...........M...MT..P
.X\..I..3....m..g.{Vk._y}-.b.f.../.r.3.V.7..QQ'..du...]5_..e.4....xg..
#OiMA...%L...R.....y.|.P..X....8.Vb..q..$..o.. .a..XM.R...!.| .B.5....
......YE..f..Y...u.....E`...:..TH.....-H.....k..,.U|.B.......-O.....Bi
...t6bY$......7.>RP.@[email protected].<E^....)_.8R.7.7..QQ'..du...]5..
.(.-....xg..#OiMA...%La...{...=.D.ECFH}*.....1b..q..$..o.. .a.........
..2N;p.Ij.uY3..._.J*E_........z*........w.......H.Z.>.1...V.q.M....
OG.v.<=....?jS._.K...v.0.&.H.3D...u..o.).l O)6.....].6....I...7..QQ
'..du...]5.....}.c..xg..#OiMA...%La.. ..K)..T2G'K.........b..q..$..o..
 .a.........!D .n..j:.v...u$p..2.5j-`..F._@^H...<Q..1D0u..g..].
<<< skipped >>>


GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13810*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:10 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:10 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....


GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13874*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:10 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:10 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....


GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13874*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP|Alvin*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....


GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13838*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP|Alvin*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0



GET /tools/FsPlatformAction?rprotocol=3*_*action=137.FunDodge*_*actionresult=13701*_*actionobjectver=635e31524451554246*_*channelid=*_*mac=*_*guid=45DC26AB-D697-4a1e-9479-5D27EFD7A7F4*_*name=FunDodge*_*version=3.0.0.3*_*actiontime=*_*pullupname=AptShadow.exe*_*pullupversion=3.0.3.0*_*cid=1002048*_*aptid=-1 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:52:29 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:29 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:52:29 
GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-ali
ve..Expires: Sat, 16 Apr 2016 21:52:29 GMT..Cache-Control: max-age=0..
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0..



GET /upgrade/is_upgrade?bid=52&app_version=0 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: fld.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820


HTTP/1.1 200 OK
Server: nginx/1.2.0
Date: Sat, 16 Apr 2016 21:52:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
29..{"retCode":"200","retMsg":"ok","data":[]}..0..



GET /tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53001*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....


GET /tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53002*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:53:11 
GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-ali
ve..Expires: Sat, 16 Apr 2016 21:53:11 GMT..Cache-Control: max-age=0..
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0..



GET /tools/radarboot?rprotocol=2*_*bootmethod=100*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*fck=146084353780820*_*stamp=1460843557*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*parentname=*_*parentversion=*_*info=*_*cid=1002048*_*aptid=-1*_*accedirid= HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.2
Date: Sat, 16 Apr 2016 21:52:30 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:30 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.2..Date: Sat, 16 Apr 2016 21:52:30 
GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-ali
ve..Expires: Sat, 16 Apr 2016 21:52:30 GMT..Cache-Control: max-age=0..
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0..



GET /tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53001*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....


GET /tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53002*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 HTTP/1.1


Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0



GET /ThawtePCA.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.thawte.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "03eb1086b874f87b4fe77c22182f9ca3:1458779588"
Last-Modified: Thu, 24 Mar 2016 00:15:58 GMT
Date: Sat, 16 Apr 2016 21:52:36 GMT
Content-Length: 500
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....thawte, Inc.1(0&..U..
..Certification Services Division1806..U.../(c) 2006 thawte, Inc. - Fo
r authorized use only1.0...U....thawte Primary Root CA..160322000000Z.
.160630235959Z0...*.H................-.mO.h.$....r\..^..U..=D-H<..@
...&$.k.3.?o.J...F....47...*I..g ..d.H...SQ...W.....Mr^}&..|.Z0...OzN.
.......6.#M..^..J.B....f9;...M..Z.NV.a:....^&..^..G..5.oS..E.R...N..E.
n...M.R..v.@j5.\.n........z._Q.vb...lQ........xA...Z.v.(A....F(.=[.2..
.M_..j..w....HTTP/1.1 200 OK..Server: Apache..ETag: "03eb1086b874f87b4
fe77c22182f9ca3:1458779588"..Last-Modified: Thu, 24 Mar 2016 00:15:58 
GMT..Date: Sat, 16 Apr 2016 21:52:36 GMT..Content-Length: 500..Connect
ion: keep-alive..Content-Type: application/pkix-crl..0...0..0...*.H...
.....0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification S
ervices Division1806..U.../(c) 2006 thawte, Inc. - For authorized use 
only1.0...U....thawte Primary Root CA..160322000000Z..160630235959Z0..
.*.H................-.mO.h.$....r\..^..U..=D-H<..@...&$.k.3.?o.J...
F....47...*I..g ..d.H...SQ...W.....Mr^}&..|.Z0...OzN........6.#M..^..J
.B....f9;...M..Z.NV.a:....^&..^..G..5.oS..E.R...N..E.n...M.R..v.@j5.\.
n........z._Q.vb...lQ........xA...Z.v.(A....F(.=[.2...M_..j..w......



GET /ca1-tsa.cer HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: aia1.wosign.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.7.2
Content-Type: application/pkix-cert
Content-Length: 1402
Last-Modified: Fri, 18 Dec 2015 08:12:09 GMT
ETag: "5673bfd9-57a"
Accept-Ranges: bytes
Date: Sat, 16 Apr 2016 21:52:36 GMT
Connection: keep-alive
0..v0..^.......^h..q.cPV.h.>...0...*.H........0U1.0...U....CN1.0...
U....WoSign CA Limited1*0(..U...!Certification Authority of WoSign0...
090808010001Z..390808010001Z0U1.0...U....CN1.0...U....WoSign CA Limite
d1*0(..U...!Certification Authority of WoSign0.."0...*.H.............0
...............V.{k\z..k.....#.....1.>..)o.=.k..@_.9..z..MT}."x....
......Kt..~......I(D...2.%.S.........q'......gh..]..]p.....SA.....6fz~
V.._..h 6..$,,G.Yvf0..........0.....,.....(..T....v..h..Jl.........\..
~.2.^..*B..N..Y..z~...Z....i..'.{..T..{..TzQhnw...RJfF..g...Ow..]..V.C
rw.....9........./0B7!.0p.....XM..}...7...2..:cq$..7..t.7....F`...?P6.
.z..bjn..j!Zi....p9...n......;q..R.....w..o.B.mJ..4H......"..1.?.>.
. y...dd.1...R..Ei..*.U...FK.J..[9(.......HK&.0L.X..D.O...3..........q
).vO.%...../..../'.J....|[email protected]....
...0....0...U.......f.....K.. ........>0...*[email protected].~
{..d.2{.<.]F..,.p]....}...!..Y$.....}.#.4..|r....T..Rp....;.:.2.!9.
....Oj...?/|.X...9.>.=Js.@z. a.g..$..mU,Z..%r.....Ub...c.aD#.......
.M..#N!.[9[W./].^.y.|..M......y.3....0.>...C?.Z..D..|.H.3.......>
;.]q....t.aY...Z..r..]6....<[email protected]{,.V.G......!..f
..%0.\...g..m....O...'........H......>LQ:.......&.:...i...)dQoh....
A.........=..h..g..`.U.a.W|...aI:.u....?g...(.1..W...|..~.....6|[~'.z.
....R...Tp1.C....>..~0dP....3gMhO..........%:..Y..\F.g,.F..H..[...Q
......7"... t.-..k....!..y.D.........
<<< skipped >>>






The Trojan connects to the servers at the folowing location(s):







%original file name%.exe_1832:




.text
`.rdata
@.data
.rsrc
@.reloc
RSSSSSSh`EJ
QSSSSSSh`EJ
xSSSh
FTPjKS
FtPj;S
C.PjRV
Visual C   CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
boost thread: trying joining itself
WinMain.cpp
()$^.* ?[]|\-{},:=!
inflate 1.2.3 Copyright 1995-2005 Mark Adler
operation failed
unsupported file feature
.lzma
.sitx
unsupported file feature; compression method
operation failed; problem unzipping data
unsupported file feature; gzip larger than 2GB
FELogInit
I:\build3.0.3\Library\includes\boost_1_51_0\boost/exception/detail/exception_ptr.hpp
Fp_RegeditFun.cpp
FpInstall::fpSHDeleteKeyW
Fp_Logic.cpp
regkey
homepage_url
shield_url
downloadurl
%s Process ID: %d -- Thread ID: %d --
binding_config.xml
&#xX;
</%s>
%s="%s"
%s='%s'
<!--%s-->
<![CDATA[%s]]>
version="%s"
encoding="%s"
standalone="%s"
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
I:\build3.0.3\Funshion\Rel\src\toolkits\bin_inst\Release\Install.pdb
GdiplusShutdown
gdiplus.dll
SHLWAPI.dll
dbghelp.dll
VERSION.dll
PSAPI.DLL
GetProcessHeap
KERNEL32.dll
MsgWaitForMultipleObjectsEx
CallMsgFilterW
USER32.dll
GDI32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
ShellExecuteExW
ShellExecuteW
SHELL32.dll
ole32.dll
OLEAUT32.dll
WININET.dll
SHDeleteKeyW
PathIsURLW
GetCPInfo
UrlMkGetSessionOption
urlmon.dll
InternetOpenUrlW
HttpQueryInfoW
HttpQueryInfoA
Install.exe
zcÁ
.?AVCFpReportBase@@
.?AVAptShadowReport@@
.?AVCFpInstallStartReport@@
.?AVCFpInstallReport@@
.?AVCFpBindReport@@
.?AVCFpComInstallingReport@@
.?AVCFpComInstallingReport2@@
.?AVCFpFunStartReport@@
.?AVCFpPCMReport@@
.?AVCMD5@@
?6{.jxH
.dykTD
(mHK%c
.jxqr
%fX*KdrOB
w2&$.IJh
oV.jm`
.qrN;
m%Ue4
k-f7}
dB.ZQ
q*uDVF.PN
WF:%du
.yqw\u
L.ysa
4%s|M
)u.nK
.FHA_
E.Yr'
s%DS]
yv.Gc
'3.bN/
*5.DtW
NL|%S\
qu@@%xB
zUrL
]%cGO
-/.Uk
E%X1[
O.ne$
q€X
5U%u@`<
i.HJh]
^%S8&9
.ro R
[email protected]
%S pYi
o.cKvS
$du%c
%c/Ni
LQ.VL|
]{.dw
J%siP
5%s03
hP@?%c
.YeJ[
vKEY
k.tRAN)
%XMycv
et.fB
.yz!~
 %sA_
t.fU0
~2q.Hkc
%d?vM
.KRWx
Z[.RM
'V$%u
\-0C}
vj.Atu
)yu\-XWO}
^.Ji8m[<
5X.Zw
XùO
,3kG%U
 a.pFH~
b6M;%U
.mBtsq%
0o.ay{%
!UZte%U_
F/?I.wr
!e%FRr
:*.yNF
.kfzq n
V.Xj:
(.MRX.
%Fgk|{#
NWEbK}|_
9.sC1
.Xv!x:
%Ste_
.ew(K
%U.C[wL
kp.TZl>Ko
1WLw%D
.gHeZ
XX!÷
%fVa2
K\.XP
%dHgg<
9].afW
.Yef0e
.KmtS
2U.Di6
7^.wv
p$GU%c
CV.AT
R.JsV
.SY(VQH
:7K.5.Jy
.Tp!<0
webv}
>U/|%D
.jWq_
5(Md.Xo
*0%f(
.abuw
.LxM*
0G.XNd]
.aslnP=.
×T/q
i|.Ai
/.ykR
%x?k`
^b)Ø )
%fQ~[
|:%u}
8.orqT
.wK{(D
[email protected]
.!.BdqQ#
aeu\{W%u
.XVQ)
.BptY
.zW?<
.SY>4
-ð,
.EU="F
w.zoS
msg(49
.Oh~ZG
V2b?.YE!P
.YCz,h
qBCrT
Ivo
d<%Uy
.rV4w
Z7{.mB
%.jF/
#%dLc"U
wI.Vx
PQ.yJ
a{%Cz=
Rnp.hX
.BE,w
F%U[O;
ELþ
pQ.lx
O.nRmZ
"4E.mT
.xFA~A2/*
rF.ft
WEbx_
@B^%UI3
F.ih"Xi
'.GWN
5|.JTG;
x3y%f
wCO
T5@D%Cl#
ZPg%.f
IM.twA:
.OBAR
\r.pGhC
xj^B%F
M-%XF
.AN?-H
.oMQ8
%..nI
8("U-Y}
LU,V.tg#
g.DU~a
7H.dO
".FzK
>>%e<.sc
.Fg)d>
G:tM%C
`y.HU{ai^
|@.NM4 
{6.zI
a.SAZ
%9u^a
>7.fsW/h
.kKe~$k
1%f]t
G.APl
C-U%x%
.Yky9
j.TKM
[.aJ7
4%sZ[&
8^_ws>|%u
6dY.io
..DJl
H(.pH
.KZhH
^.qs`
%F!Zx
B.LoE
}*~%S
H Q%X
p[.us
J.iWK
[email protected];*
.vy"B/
.pcLO
.siV<f
(Vi%X
%x`wGMX
z.FCE
..DZa
.POvIl
VD@%xf-0~q
.Gzc)
KL%xX3;
uDPly
 %sL| 
"Z%S,
.Cy vu
2Y
.tlF2
2a.fV
.ZMT%
.bO)[t
R.DRUa
poj.Aq
.lQ'k
.gex*
4.iF#(
nudp
M'%CN%
.KG4S
QrD.jeI
XsQLwU
.OB?c
,F%8xo f
|},V%d
/zsxqit%f
6%sX5
(U(8%X
.fAgA
5 TodU[NGZ%x}
R%f=(X
#Sj%D
pu.Wc
X%%UA
0.bFHR
|8l.vj
xUP@Æ
B;^.Px
v&.Ng
.oj>?
s'2&%FK8
@2'T%DI
.FF({s
9K/%D
[6%x"
duDp
%CTK*^
-w5}g
.NEH.
.wSkk
i8%dP
.BYx,
.RY}"
A,.ThP
$-9w}
R|.ibA
]P0f.TY
~F%SD
UÞ7
F.HAK
&.Ekq
P"$W.jM0
.UlaAa8yO
(q%S*
2×E
-j}{[
.HU7N
U%f`H
p'.wI
b].dBo
p?)c%.CZ
J|.WU
|..tt
Cu%x|
.kjYW
'.OOd?
.Wk"C
 .RII
.jj1%4
>V;.Un7@
mR\.Wg
!%xQp
u^.im
F9.RA
.RSKl
|Xb.mh
X#%D'
f%D!GB
&P]%Uk
bnm.WFj
û s
XRybF.pp7
vR^%x
Q~Û
CH~a&%d]
.gnlu
PExE!
.fxs>
17.Qty
/%S]s
K=v(h%ftw
jOhyu
Vin#s.DS
oI%S.J8
,.Go$
&b%u!h
Z.Px,n7
%[email protected])
A7{%D
)%3X%
].zBt
m^.Zx
[%x'r
V.hYC
\b.IKe
't1.wx=KQk_f(
!T&%d
.el&^
.pp,R
B&>%X=
.WO*R
!.aw}e*
q.CcH
Y:N%C
/Y.NW
G4}.vN
xW%UM}
TK%Xu
m&C&Y%S
L&@%x
=sN.ks
k"A%F
)2*FtP
^Q.OH%
.klQY
.DC<&
Fn.iq
]%uvz
0.Qb]
&%sX%x
8%UuS
/.lDt$
%U]aS
Lh@U
40%U]
2q.Ru@R$
.xllx
w.ZAJ
[email protected]
/.LPS
;qr.DB
;L>\.DN
\%0x3
r,Lj.ij
S|m
r%f}6
T-4a}_O
)B/%x
bw%Sx
%D }C
%x_Q 
B"%S*
P%9UR
c.qX2
-'.ZF
?E.GP'=
=V&F%Un
tR.Kd
-t}^$
.YGp'
.ILea
%fvL7m
X~-.Sg|}L|
V.BFjkhc
.GpPW
m%fw/
?|0%U
n.qS*x
%u,B;
! .Vq
L2.Ca
Q.lg~
(kc%cm
~.CNn
P.ATX
5%u]yx
;"%UJ
hE%U;y4
=`G%u
n3%cX
R.Eb1=
p{.pC
us 5r%F
0".Xt
E.qUBQ
0#œ
%5|M%U
".Rn(!M
S.NiB
CISQl
(8=>#9]}
,'``N%F
V.PJ"
9D)%s
^*.tj
.VbCh
|uDPM;
} .nx
.XK[#1
5.XeEL
Z%U,T
O7.fw
0Ad`%F
3.NQp
#.yU3sMG
kvA.R%x
81d%d
uGk,%XX
(4.ma
"WEB 
.QzgH.
.Zpz@|SJ
Y=.Kd
.tg"R9
v1.Cn
TQh.En
.qZQ`
 %s'9J
"E;%Fs
k.WM|
fO-3}
.WSsk
.ZG<5]
Sk.oe
3.JO1{
%xzbE
b4!%u
[}K%X
Zsc%S
_ES.po
&z.YB
7&'A.JV
 s7%f
a<};N.Lr
1'.lS
kURL
\I.CFE
Ao.Cr
r5.dOg
.mvn3
=l%X=3
key!7
l<.Kg
9I%X&
]@<%u/
>5TCPCH
V.mV>1
BO%8S
jgb%U
^zKE.kXjq
$a.zz?
s.Bk4@?
zT.pZ
R`ssH/
.gH>h
<.gRHyH
'.OYy
t.TaDJYy
uJ.We
n.ACn1
&S!F.MDR>
.xc1)
's%DQ
z.JVC
mN.NG
Us^.ST1
I.VC6 
>6[%XV
8l.vyo
.rlj`^QA|
Rd"%C>
@G%foY
=<tÊ
u.YwP
J.Fq<=N
%x`50
%fUrN
A.IEu
y.Sfy
FPW%S
.qUgE
%UW/?
TsQL
.Og_d
zl;%X
Yo.Sv
U%/%f
B%.Pu
.ls;I
Y 5%u
cmD:Q
>a.Qz
[.fTG'
^Q{t%u
;[email protected]
.Ogu?
T.Hw8
4(X9%dI
x.lu\
B.Wai
 bS.Vj
FH`FG.%U
:.mlw' q
].kQ6
G7{%cM
%UC'[E
@.Vf?
g{uE%sC
=.Fl(O<m`
|.UDE
.Ksc^
:.xB]
.FTIL
*Y%CN)&n|
OI~i%c
".Qj}
rP
x.dk[
 4'($$!=
Me%uh
&wq7%f
'3 i.kE;
=q.cI$
z^ZL)%Cj
 ]o.xt
7ÞXi
lg.RU
-vy}b
'.HUZ
q5;%s
8&.ppT8
V%.nAt
8".no
.dZ`u
p.PM=
G/;}%X[
%sQ\q.
g''%u
LT.lZ
R%Fi<D
~Gt.uN
I.FU'
-0`.ZA
4l.gU
'.Bm0/
e?%dr|
.yA`1
}[H%xs
.Tnpa
.KX|P
j.SuE
.KZwz
.oC3h
%UI.y
V#W`j
Sg Q.Iy
%d(GK
..RI%
xEXe0
<.Oe9
s9 1%D
x.Cnv
}df%X
MBO.AlE
.MLWr
oP.cF!
jT,3%c
g.Rx=
1n.Qn
qc%Sm
$s1.LJ
.vOi*Z
%[h%x
0.HG9
g7.xI
T.Au_)_9
jKcrt
ka.UEd
V.nKf
%sA$>
f.Jx_V
2G%Xf5
v.NV,
W4%SA
%c#j~
.WAQ*
.Xy7|
-;\_*
{f.zr
iu.Iy
.adX$ 
xDLpZ.DP
yo0.Ux
[.EoS
%uQzv
bH[%CU&
gw?Bk}L%2U
%sVi>#8x
,b.xL4
;(z<%C
:m%Ub
Pi.ui
.Oo0o
uE.XZxw
%DoK.IT
CL%f]
c.PaJ
.mNA}
Hx.mL
U F[%s
O|t
#.UO=
.EqZ}@
gJr%X
v(%d&
E.MW(
L.%x#N
%f^<\
wEBx
.wp[v
g]d.iRqg-"`
Kx,~.cr
.ZuAl[
.xj|6
l.IR.
wx!%X
.EA[H
/>%l%Fn
99n.yFZ
|]%FK
2..oB
>.tl%
.id&n
ZLX %x
s#.Qi
.Mf@v
8F.qt!
 .ldE
.uObu
Fwy<%X
P*%d~
.XlXTw
-k}7C
.eNK$
VXUDp\1
%DW%Xe
QE.jp
(%u;U
>.Ep,
.aOs|S
@d-.oj
.Vq(D=
CO.Lr
y.gD=
0ú<B
BR.eZ6
a%x e
J0m%%C
[a.%d
5w %S
*)udp
J.TT/
qzTU}.PU
>[.Cg
 ro.tD
%Dreg)_*
Ks%Sn
.zm1Ol
-n&e%S2
>`p%xq
.Sr:<~
G/.ac
%G.gi
eFm%C
L6"%Ua
>.nUF|g:x
%m%X><(
&6.hy
,7.oTGP}
9  %X;
]O?
Y<s%U
4eQ!%Sn
;.FeS
.OwV2
T%F-.
[F.TI <
M.JOTG
=.Zhc
nV.VA
1.sI9I:
D|^%cOw
w h%D
%X};|l
",.bH)
G-0x}
Y.sR3(
.BX)//i
1 B.zN
)O.Ik
%U{dyT
|S.lf
NXu-es}
%cH 6d
%C*&8
%cwNG
Lv.sV
A.dxP
wXI%s
y%f?jO
3R6S.lx
C%C:|_
-.Ak?
7°ðW
.ixr5?tk
,%4s{
M-jt.Tt]
F.tf>u
}I%xy
.lpt2
.Pf^DBr
.JhO]
I,c_.zk4M
gH%7S
2yIp%XlA
YIb.PnC
Vd%uG
~B%X'
:].oz2i
.Med;l0-
_ÀY
I.iT3
9/a%f
:R.qY
u.goc
.Fj#f
_'%ue
;.UA.
w{M,-.Wi
h.ALK3
UL.Pm
%S-@F
.sM#V
R;.bhkT
$O1fEeúe
LISTEN_PORT=0
[SITE_URL]
DOMIAN=hXXp://funshion.com
$iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:4326A2FD8A4C11E38FD09017F5C0F67E" xmpMM:DocumentID="xmp.did:4326A2FE8A4C11E38FD09017F5C0F67E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4326A2FB8A4C11E38FD09017F5C0F67E" stRef:documentID="xmp.did:4326A2FC8A4C11E38FD09017F5C0F67E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
"iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:85FD6B38AF0C11E3BEE688B5E17B447B" xmpMM:DocumentID="xmp.did:85FD6B39AF0C11E3BEE688B5E17B447B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:85FD6B36AF0C11E3BEE688B5E17B447B" stRef:documentID="xmp.did:85FD6B37AF0C11E3BEE688B5E17B447B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
.MtOW
R%SuS
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:9594B829A02611E3B487B67C44944BDC" xmpMM:DocumentID="xmp.did:9594B82AA02611E3B487B67C44944BDC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9594B827A02611E3B487B67C44944BDC" stRef:documentID="xmp.did:9594B828A02611E3B487B67C44944BDC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>M
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:AD6AF684AB5511E39B9CBBA938453D4A" xmpMM:DocumentID="xmp.did:AD6AF685AB5511E39B9CBBA938453D4A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:AD6AF682AB5511E39B9CBBA938453D4A" stRef:documentID="xmp.did:AD6AF683AB5511E39B9CBBA938453D4A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:1164CAB28A4E11E38FD09017F5C0F67E" xmpMM:DocumentID="xmp.did:1164CAB38A4E11E38FD09017F5C0F67E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1164CAB08A4E11E38FD09017F5C0F67E" stRef:documentID="xmp.did:1164CAB18A4E11E38FD09017F5C0F67E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:BE936089A02A11E3B487B67C44944BDC" xmpMM:DocumentID="xmp.did:BE93608AA02A11E3B487B67C44944BDC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BE936087A02A11E3B487B67C44944BDC" stRef:documentID="xmp.did:BE936088A02A11E3B487B67C44944BDC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>O?
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:9B917984AE4F11E3B9BCEB1470D51092" xmpMM:DocumentID="xmp.did:9B917985AE4F11E3B9BCEB1470D51092"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9B917982AE4F11E3B9BCEB1470D51092" stRef:documentID="xmp.did:9B917983AE4F11E3B9BCEB1470D51092"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>0
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:BE93608DA02A11E3B487B67C44944BDC" xmpMM:DocumentID="xmp.did:BE93608EA02A11E3B487B67C44944BDC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BE93608BA02A11E3B487B67C44944BDC" stRef:documentID="xmp.did:BE93608CA02A11E3B487B67C44944BDC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
fiTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:84806C0880AEE3119355F28482443A0F" xmpMM:DocumentID="xmp.did:E873A96DAE8411E398C9EF43D2AB7DB3" xmpMM:InstanceID="xmp.iid:E873A96CAE8411E398C9EF43D2AB7DB3" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:86806C0880AEE3119355F28482443A0F" stRef:documentID="xmp.did:84806C0880AEE3119355F28482443A0F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>9.
.nw#|AY#
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:F0AAC642AB5611E3BB3EB53F06F5A78B" xmpMM:DocumentID="xmp.did:F0AAC643AB5611E3BB3EB53F06F5A78B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F0AAC640AB5611E3BB3EB53F06F5A78B" stRef:documentID="xmp.did:F0AAC641AB5611E3BB3EB53F06F5A78B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>j
q*[email protected]
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:3BE64D67AE4A11E3A18DE92664D7FF1D" xmpMM:DocumentID="xmp.did:3BE64D68AE4A11E3A18DE92664D7FF1D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3BE64D65AE4A11E3A18DE92664D7FF1D" stRef:documentID="xmp.did:3BE64D66AE4A11E3A18DE92664D7FF1D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:3BEA29DCAE4011E3A9329372A0EF3793" xmpMM:DocumentID="xmp.did:3BEA29DDAE4011E3A9329372A0EF3793"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3BEA29DAAE4011E3A9329372A0EF3793" stRef:documentID="xmp.did:3BEA29DBAE4011E3A9329372A0EF3793"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:DF1D1305AB2111E3BC3A94431827040D" xmpMM:DocumentID="xmp.did:DF1D1306AB2111E3BC3A94431827040D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DF1D1303AB2111E3BC3A94431827040D" stRef:documentID="xmp.did:DF1D1304AB2111E3BC3A94431827040D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:BE46CE2BAB5711E396C1D5C6D4303A31" xmpMM:DocumentID="xmp.did:BE46CE2CAB5711E396C1D5C6D4303A31"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BE46CE29AB5711E396C1D5C6D4303A31" stRef:documentID="xmp.did:BE46CE2AAB5711E396C1D5C6D4303A31"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>H%!
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:21B1C8C9AB3A11E39958EAF8AAA3A373" xmpMM:DocumentID="xmp.did:21B1C8CAAB3A11E39958EAF8AAA3A373"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:21B1C8C7AB3A11E39958EAF8AAA3A373" stRef:documentID="xmp.did:21B1C8C8AB3A11E39958EAF8AAA3A373"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>)NW
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:70C8F2FFAD7C11E3BF78B4C85FE09EC4" xmpMM:DocumentID="xmp.did:70C8F300AD7C11E3BF78B4C85FE09EC4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:70C8F2FDAD7C11E3BF78B4C85FE09EC4" stRef:documentID="xmp.did:70C8F2FEAD7C11E3BF78B4C85FE09EC4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:758EFFE1AB2911E38FA3DC2B8850C1A3" xmpMM:DocumentID="xmp.did:758EFFE2AB2911E38FA3DC2B8850C1A3"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:758EFFDFAB2911E38FA3DC2B8850C1A3" stRef:documentID="xmp.did:758EFFE0AB2911E38FA3DC2B8850C1A3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>N
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:0B31FC66BC2411E5B634C9E1E2900E13" xmpMM:InstanceID="xmp.iid:0B31FC65BC2411E5B634C9E1E2900E13" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D0501720BC2311E5B634C9E1E2900E13" stRef:documentID="xmp.did:D0501721BC2311E5B634C9E1E2900E13"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
kiTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:D050171DBC2311E5B634C9E1E2900E13" xmpMM:DocumentID="xmp.did:3AE286BCBCE011E5B634C9E1E2900E13" xmpMM:InstanceID="xmp.iid:3AE286BBBCE011E5B634C9E1E2900E13" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2a86c9ce-e7b9-465b-b160-4885245e87f9" stRef:documentID="xmp.did:D050171DBC2311E5B634C9E1E2900E13"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>N
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:3321B6DDB0BA11E38173CDF6CA732BAA" xmpMM:DocumentID="xmp.did:3321B6DEB0BA11E38173CDF6CA732BAA"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3321B6DBB0BA11E38173CDF6CA732BAA" stRef:documentID="xmp.did:3321B6DCB0BA11E38173CDF6CA732BAA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>D
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C90A3E0C649B11E4963E9A780A5DBC65" xmpMM:InstanceID="xmp.iid:C90A3E0B649B11E4963E9A780A5DBC65" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3F9238BAA02E11E3B487B67C44944BDC" stRef:documentID="xmp.did:FBF447D0A03F11E3B487B67C44944BDC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:3F9238B6A02E11E3B487B67C44944BDC" xmpMM:DocumentID="xmp.did:3F9238B7A02E11E3B487B67C44944BDC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3F9238B4A02E11E3B487B67C44944BDC" stRef:documentID="xmp.did:3F9238B5A02E11E3B487B67C44944BDC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>"
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:BE859574AB5411E387C5851D6ACB6CE8" xmpMM:DocumentID="xmp.did:BE859575AB5411E387C5851D6ACB6CE8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BE859572AB5411E387C5851D6ACB6CE8" stRef:documentID="xmp.did:BE859573AB5411E387C5851D6ACB6CE8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:1164CAAE8A4E11E38FD09017F5C0F67E" xmpMM:DocumentID="xmp.did:1164CAAF8A4E11E38FD09017F5C0F67E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1164CAAC8A4E11E38FD09017F5C0F67E" stRef:documentID="xmp.did:1164CAAD8A4E11E38FD09017F5C0F67E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>i
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:803E7AB4AB5511E3A568E93CFD0914AA" xmpMM:DocumentID="xmp.did:803E7AB5AB5511E3A568E93CFD0914AA"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:803E7AB2AB5511E3A568E93CFD0914AA" stRef:documentID="xmp.did:803E7AB3AB5511E3A568E93CFD0914AA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
qOuE%f
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:12556675AF4511E3A93AF63B1D9011FE" xmpMM:DocumentID="xmp.did:12556676AF4511E3A93AF63B1D9011FE"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:12556673AF4511E3A93AF63B1D9011FE" stRef:documentID="xmp.did:12556674AF4511E3A93AF63B1D9011FE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
Mi%FX
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:3F9238B2A02E11E3B487B67C44944BDC" xmpMM:DocumentID="xmp.did:3F9238B3A02E11E3B487B67C44944BDC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3F9238B0A02E11E3B487B67C44944BDC" stRef:documentID="xmp.did:3F9238B1A02E11E3B487B67C44944BDC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:77C70EBFA05411E3A9A6B5CF35F8DDEE" xmpMM:DocumentID="xmp.did:77C70EC0A05411E3A9A6B5CF35F8DDEE"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:77C70EBDA05411E3A9A6B5CF35F8DDEE" stRef:documentID="xmp.did:77C70EBEA05411E3A9A6B5CF35F8DDEE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
2wJ.BJ
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:8D8CCF64AB5411E3BE8FBB4F92219BAE" xmpMM:DocumentID="xmp.did:8D8CCF65AB5411E3BE8FBB4F92219BAE"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8D8CCF62AB5411E3BE8FBB4F92219BAE" stRef:documentID="xmp.did:8D8CCF63AB5411E3BE8FBB4F92219BAE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:EFE939DB8A4D11E38FD09017F5C0F67E" xmpMM:DocumentID="xmp.did:EFE939DC8A4D11E38FD09017F5C0F67E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:723C5BAC8A4D11E38FD09017F5C0F67E" stRef:documentID="xmp.did:EFE939DA8A4D11E38FD09017F5C0F67E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:9FA34697AB5611E39D62FC22C5677759" xmpMM:DocumentID="xmp.did:9FA34698AB5611E39D62FC22C5677759"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9FA34695AB5611E39D62FC22C5677759" stRef:documentID="xmp.did:9FA34696AB5611E39D62FC22C5677759"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>*
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:1164CAB68A4E11E38FD09017F5C0F67E" xmpMM:DocumentID="xmp.did:49F41B3E8A4E11E38FD09017F5C0F67E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1164CAB48A4E11E38FD09017F5C0F67E" stRef:documentID="xmp.did:1164CAB58A4E11E38FD09017F5C0F67E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:F736AEC8A11C11E3A9A6B5CF35F8DDEE" xmpMM:DocumentID="xmp.did:F736AEC9A11C11E3A9A6B5CF35F8DDEE"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F736AEC6A11C11E3A9A6B5CF35F8DDEE" stRef:documentID="xmp.did:F736AEC7A11C11E3A9A6B5CF35F8DDEE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:519BAB84A04411E3B487B67C44944BDC" xmpMM:DocumentID="xmp.did:519BAB85A04411E3B487B67C44944BDC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FBF447D9A03F11E3B487B67C44944BDC" stRef:documentID="xmp.did:FBF447DAA03F11E3B487B67C44944BDC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>!<
hiTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:7490FFEC2A206811822A86B921C09410" xmpMM:DocumentID="xmp.did:57AA8AFAA04C11E3A9A6B5CF35F8DDEE" xmpMM:InstanceID="xmp.iid:57AA8AF9A04C11E3A9A6B5CF35F8DDEE" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7490FFEC2A206811822A86B921C09410" stRef:documentID="xmp.did:7490FFEC2A206811822A86B921C09410"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>f
N.cSd
@n%F.
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:7490FFEC2A206811822A86B921C09410" xmpMM:DocumentID="xmp.did:57AA8AFEA04C11E3A9A6B5CF35F8DDEE" xmpMM:InstanceID="xmp.iid:57AA8AFDA04C11E3A9A6B5CF35F8DDEE" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7490FFEC2A206811822A86B921C09410" stRef:documentID="xmp.did:7490FFEC2A206811822A86B921C09410"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:7490FFEC2A206811822A86B921C09410" xmpMM:DocumentID="xmp.did:31C73D95A05011E3A9A6B5CF35F8DDEE" xmpMM:InstanceID="xmp.iid:31C73D94A05011E3A9A6B5CF35F8DDEE" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7490FFEC2A206811822A86B921C09410" stRef:documentID="xmp.did:7490FFEC2A206811822A86B921C09410"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:7490FFEC2A206811822A86B921C09410" xmpMM:DocumentID="xmp.did:31C73D99A05011E3A9A6B5CF35F8DDEE" xmpMM:InstanceID="xmp.iid:31C73D98A05011E3A9A6B5CF35F8DDEE" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7490FFEC2A206811822A86B921C09410" stRef:documentID="xmp.did:7490FFEC2A206811822A86B921C09410"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:E790B5BBAB5711E39531EA8E867F622B" xmpMM:DocumentID="xmp.did:E790B5BCAB5711E39531EA8E867F622B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E790B5B9AB5711E39531EA8E867F622B" stRef:documentID="xmp.did:E790B5BAAB5711E39531EA8E867F622B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>La&
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:3B97ABC3AB2811E3939694FB8C5FBF77" xmpMM:DocumentID="xmp.did:3B97ABC4AB2811E3939694FB8C5FBF77"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3B97ABC1AB2811E3939694FB8C5FBF77" stRef:documentID="xmp.did:3B97ABC2AB2811E3939694FB8C5FBF77"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:2A3A1024AB5511E3AC32D35652480289" xmpMM:DocumentID="xmp.did:2A3A1025AB5511E3AC32D35652480289"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2A3A1022AB5511E3AC32D35652480289" stRef:documentID="xmp.did:2A3A1023AB5511E3AC32D35652480289"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>N
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:EFE939E38A4D11E38FD09017F5C0F67E" xmpMM:DocumentID="xmp.did:EFE939E48A4D11E38FD09017F5C0F67E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EFE939E18A4D11E38FD09017F5C0F67E" stRef:documentID="xmp.did:EFE939E28A4D11E38FD09017F5C0F67E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:5B3FC13FAD7B11E39439EB12CD2B0BCC" xmpMM:DocumentID="xmp.did:5B3FC140AD7B11E39439EB12CD2B0BCC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5B3FC13DAD7B11E39439EB12CD2B0BCC" stRef:documentID="xmp.did:5B3FC13EAD7B11E39439EB12CD2B0BCC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>8
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:C334F3FCAB5611E3A263F2C845C227A7" xmpMM:DocumentID="xmp.did:C334F3FDAB5611E3A263F2C845C227A7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C334F3FAAB5611E3A263F2C845C227A7" stRef:documentID="xmp.did:C334F3FBAB5611E3A263F2C845C227A7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>V
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:15275397AE4A11E3AAF0984506E898F0" xmpMM:DocumentID="xmp.did:15275398AE4A11E3AAF0984506E898F0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:15275395AE4A11E3AAF0984506E898F0" stRef:documentID="xmp.did:15275396AE4A11E3AAF0984506E898F0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
?&&(**=****(&(.
%'***  **'%%4
'** 0 0.. . 0
 6429==?=,
662248::=@@0
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
7!7/7;7@7
5$565<5^5
88W8f8m8y8
9$9*9/959
3#323@3]3
;%; ;1;<;
="=(=0=6=>=[=
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
KERNEL32.DLL
WUSER32.DLL
\Funshion.exe
\FunshionService.exe
Funshion.exe
FunshionService.exe
\FsLibrary.exe
FsLibrary.exe
2.13.1.2
1.0.0.1
3.0.3.86
hXXp://VVV.Funshion.com/
setup.ini
\AptShadow.exe"
LOG %u:%u %s(%s:%u) test in InstallCoreMain
Chrome_MessagePumpWindow
ASSOCIATORS OF {Win32_DiskPartition.DeviceID='
ASSOCIATORS OF {Win32_DiskDrive.DeviceID='
Tmp%I64d_%s
\funshion.ini
ntdll.dll
IEXPLORE.EXE
id_%s
%a, %d-%b-%Y, %H:%M:%S GMT
IDC_CHECK_NORMAL_START_WITH_WINDOWS
Software\MicroSoft\windows\CurrentVersion\Run
\Funshion.lnk
\gma.dll
\StringFileInfo\lx\%s
X-X-x-XX-XXXXXX
\rundll32.exe
rundll32.exe
2014-01-01Td:d:d
AhXXp://stat.funshion.net/client/tmp?
rprotocol=%u*_*
fck=%s*_*
mac=%s*_*
guid=%s*_*
userid=%s*_*
fpc=%s*_*
version=%s*_*
sid=%s*_*
vvid=%s*_*
type=%s*_*
param=%d_%u_%u
\quartz.dll
regsvr32.exe /s "%s"
kernel32.dll
felog.dll
hXXp://partner.funshion.com/partner/query_binding_config.php
hXXp://partner.funshion.com/partner/get_partner_list.php
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_TEXT
EHKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
LOG %u:%u %s(%s:%u) SHGetValueW string value call: ret=%ld, 0x%x %s %s %s %lu
LOG %u:%u %s(%s:%u) SHGetValueW dword value call: ret=%ld, 0x%x %s %s %lu %lu
LOG %u:%u %s(%s:%u) SHSetValueW string value call: ret=%ld, 0x%x %s %s %s %lu
LOG %u:%u %s(%s:%u) SHSetValueW dword value call: ret=%ld, 0x%x %s %s %lu %lu
LOG %u:%u %s(%s:%u) SHDeleteKeyW call: ret=%ld, 0x%x %s
WLOG %u:%u %s(%s:%u) SHDeleteValueW call: ret=%ld, 0x%x %s %s
funshion.ini
hXXp://funshion.com
ClientURL
\FunShion.ini
explorer.exe
funshionupgrade.exe
BhXXp://stat.funshion.net/client/cinstall?
md5=%s*_*
modifyhistory=%s*_*
os=%s*_*
over=%s*_*
cver=%s*_*
cid=%s*_*
cidn=%s*_*
startmode=%s*_*
imode=%s*_*
itype=%s*_*
cusinstall=%s*_*
preparetime=%s*_*
choosetime=%s*_*
installtime=%s*_*
installresult=%s*_*
repairar=%d
Bpreparetime=%u*_*
choosetime=%u*_*
installtime=%u*_*
installresult=%d*_*
repairar=%d*_*
airportinstall=%s*_*
airportcondition=%s*_*
othersoft=%s;%s
BhXXp://partner.funshion.com/partner/query_banding_stat.php?
s=%s&
v=%s&
id=%s&
m=%s&
qr=%s&
ps=%s&
bid=%s&
cidt=%s&
cidc=%s&
cidd=%s&
cidr=%s&
isb=%s&
ob=%s&
nb=%s&
cidi=%s
BhXXp://partner.funshion.com/partner/install_statistic.php?
idn=%s&
c=%s&
t=%s&
u=%s&
ov=%s&
mh=%s&
guid=%s&
im=%s&
os=%s&
%s,%s,%s,%s,%s,%s,%ld,%s,%s
BhXXp://stat.funshion.net/client/cinstall_news?
install_type=%s*_*
coochannelid=%s*_*
channelid=%s*_*
auto_flag=%d*_*
old_version=%s*_*
version_history=%s*_*
install_mode=%s*_*
competitive_product=%s*_*
position_code=%s
BhXXp://partner.funshion.com/partner/uninstall_stat.php?
FhXXp://stat.funshion.net/client/cuninstall?
hXXp://stat.funshion.net/ecom-vas/desktop?group=desktopreport&iconname=game&type=install&date=
hXXp://stat.funshion.net/ecom-vas/desktop?group=desktopreport&iconname=shop&type=install&date=
%Y%m%d
hXXp://stat.funshion.net/client/upgradecomplete?
hXXp://stat.funshion.net/client/tmp_startbyinstall?
start=%s
hXXp://stat.funshion.net/client/green2formal?
FunPop.exe
useid=%s*_*
ver=%s*_*
type=%d*_*
B%d%d%d%d%d
\FunshionGame1.ico
\FunshionGame2.ico
\FunshionGame3.ico
\Funshop1.ico
\Funshop2.ico
\Funshop3.ico
\Funshop4.ico
\agentd.dll
\atrc.dlL
\cook.dlL
\CoreAAC.ax
\coreavc.ax
\CrashReport.exe
\drvc.dlL
\dump.dlL
\Fptassrv.dlL
\funoictl.dlL
\Funshion-install.ico
\funshionplugin2.dlL
\FunshionService.diagnose
\FunshionService.log
\FunshionUpgrade.exe
\gma.dlL
\InnerWeb.exe
\LangResEnAmerican.dll
\lsv.dll
\nicdescr.dat
\pncrt.dll
\pndx5016.dll
\pndx5032.dll
\pos.ini
\ptv.dll
\quality.dll
\rmoc3260.dll
\ttv.dll
\Uninstall.exe
FunShion.ini
Lack of space.Please change the installation path.
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPStream.exe
\PPStream\PPStream.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPLive.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPTV.exe
\PPLive\PPTV\PPLive.exe
InstallExe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\StormPlayer.exe
\Baofeng\StormPlayer\StormPlayer.exe
5.lnk
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QvodPlayer.exe
\QvodPlayer\QvodPlayer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\XMP.exe
\Thunder Network\Xmp\Program\XMP.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QiyiClient.exe
\iQIYI\QiyiClient.exe
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PIPI_is1
\PIPIPlayer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PIPI_is1
C:\pipi\PIPIPlayer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\LmpAp_u.exe
\QQLive.exe
\Tencent\QQLive\QQLive.exe
\SHPlayer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iUserTracker
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iUserTracker
C:\iResearch\DYT\DYT.exe
C:\iResearch\YJT\YJT.exe
hXXp://
Win32_Process.Handle="%d"
Shell32.dll
FunshionService_Lite.exe
FSPServer.exe
InnerWeb.exe
Updater.exe
FunshionUpdate.exe
FunshionUpgrade.exe
SimpleIE.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%s\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%s
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%s\OpenWithList
Funshion%s.backup
BRST%s_UsrProgid.backup
BRST%s_Progid.backup
"%s",0
"%s" "%%1"
Funshion%s
Funshion%s\shell
Funshion%s\shell\open\ddeexec
recover fileAssociate : %s;
\icon\RMVB.ico
\icon\MP4.ico
"%s" "%%1" /dummy
"%s",1
URL Protocol
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList
[email protected]
FSP\shell\open\ddeexec
Funshion Task\shell\open\ddeexec
Funshion Task\shell\open\ddeexec\Application
Funshion Task\shell\open\ddeexec\Topic
FSP\shell\open\ddeexec\Application
FSP\shell\open\ddeexec\Topic
SOFTWARE\Classes\Applications\Funshion.exe
.torrent
qvodplayer.fsp
SOFTWARE\Classes\.fsp
bittorrent\shell\open\ddeexec\Application
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fsp
%s\Funshion.scr
/f /im "funshion.scr"
taskkill.exe
\FunScr\funshion.scr
SCRNSAVE.EXE
\Titan\TitanUninstaller.exe
Software\Microsoft\Windows\CurrentVersion\Run
"%s" startbywindows tray
SOFTWARE\Classes\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA}\InprocServer32
SOFTWARE\Classes\CLSID\{1CF25200-FD42-45F6-ABBD-6C0C9C89B77A}\InprocServer32
v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=%d|Profile=Private|App=%s\%s.exe|Name=%s|
%s\SimpleIE.dll
"%s",loadSimpleIE -url=%s -time=%u
Software\Microsoft\Windows\CurrentVersion\Uninstall\
URLInfoAbout
\Titan64.dll
\Titan.ini
Titan64.dll
regsvr32.exe /s "%s"
\TitanCore64.dll
\Titan.dll
Titan.dll
\TitanCore.dll
\TitanDownloader.exe
\TitanUninstaller.exe
donghuanew_18.swf
funshion_onlineInstwnd-nick
\Default.fskin
LOG %u:%u %s(%s:%u) startupFsProcess call: startup param = %s
%s;%s;%s;%s;%s;%s
\funshion\funshiontools\LoadIE.log
hXXp://neirong.funshion.com/tools/tactics/LoadIE.log
%s;expires = %s
\FunShortcut.ini
ICON_URL
hXXp://game.funshion.com/door.php?source=desktop
\tao.ico
hXXp://shop.funshion.com/door.php?source=desktop1
\winusb.dll
\funshion\update\updatexmlfile.txt
\uninstall.exe
%s,%s,%s,%s,%s
\FsShlExt64.dll
/s "%s%s"
\FsShlExt.dll
regsvr32.exe
\FsMediaBar64.dll
\FsMediaBar.dll
.library-ms
Root directory is not suitable for media path, a more suitable path %s has chosen for you
channel_id=%s&
cli_ver=%s&
oid=%s&
insttype=%s
lswid=%s
Funshion.scr
%H:%M:%S --
\FunshionHelper.dll
\FunshionSvr.dll
FSPlatform.exe
FSLauncher.exe
FsSvr.exe
FSPAP.exe
FSProcess.exe
\FSPlatform.exe
\FSLauncher.exe
\FsSvr.exe
\FSPAP.exe
\npFunshion.dll
%I64d.dll
\FunshionBHO.dll
SOFTWARE\MozillaPlugins\@funshion.com/npFunshion
\funshion\funshiontools\npFunshion.dll
FunshionHelper.dll
npFunshion.dll
funoictl.dll
funoictl64.dll
{80A7D4B9-D2B8-48DE-B835-0407CEBEDEC0}
\funoictl64.dll
\funoictl.dll
FunSeed.dll
FunSeed64.dll
FunWorks.dll
FunWorks64.dll
"%s" startup
a%s\FunShadow.dll
CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}\InprocServer32
hXXp://VVV.funshion.com/help/
hXXp://VVV.funshion.com/download/history
hXXp://VVV.funshion.com/download?alliance_id=1024&f=client
&idate=%s&udate=%s
hao123.com
baidu.com
\Giraffe.ini
D\crashreport.exe
\crash_dump.dmp
Funshion %s Installer
LOGO.png
btn_close.png
-EN.png
_en.png
VVV.fun.tv/agreement/
VVV.fun.tv/agreement/en/
AVVV.funshion.com
openUrl
QuickInstProxy.exe
1.png
2.png
3.png
4.png
5.png
6.png
FFunshionInstall.CFpEditWindow
FunshionInstall.CFpEditCtrl
c:\%original file name%.exe
FunshionInstal.exe






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    %original file name%.exe:1832
    regsvr32.exe:1472
    regsvr32.exe:188
    regsvr32.exe:1628
    regsvr32.exe:816
    rundll32.exe:244
    rundll32.exe:1748
    rundll32.exe:316
    rundll32.exe:1584
    rundll32.exe:552
    AptShadow.exe:1340
    

    2. 

  2. Delete the original Trojan file.
    3. 

  3. Delete or disinfect the following files created/modified by the Trojan:
    

    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_game.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBarMiniVolume.png (648 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionWeb.exe (6413 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\扑克王.jpg (35 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPause.png (367 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunWorks64.dll (3715 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MobileTaskNum.png (212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSliderBar.png (122 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniMinView.png (183 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptShadow.exe (1832 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskListLastPlayStatIcons.png (549 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpErrorUI.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mttransferbtn.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\BkTransferProgressForeground.png (97 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_close.png (444 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\QRCodeBk.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\中国梦之声 第二季.jpg (37 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_normal.png (366 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnSimple.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskDownLoad.png (766 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CheckBox.png (583 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ListScrollBarVerWidgetMid.png (427 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DownloadJsonClose.png (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Expand.png (195 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\logo.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MenuUpdateQQ.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\分手大师.jpg (30 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpQuestion.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\back_play.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskBarMobileIcon.png (698 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\pncrt.dll (283 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VolumeNoMute.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ClearDisk.png (771 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerBkgnd.png (133 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunNail.dll (6401 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mobileClose.png (884 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPreMini.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\WndCloseBtn.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TrayWndclose.png (183 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\icon\MP4.ico (57 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtcompeltebtn.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\001_幻影车神:魔盗激情.fsv (715 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBK.png (93 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\经典电影\001_终结者.fsv (492 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\002_为奴十二年.fsv (685 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\tools\tools.7z (265 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconngray.png (112 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ShowPlayInfoBtn.png (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Search.png (451 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\008_倒霉熊.fsv (410 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_close.png (429 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\new.png (277 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\09UPKJAB\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_qq.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_background.png (61 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\003_暴力街区.fsv (535 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\refresbtn.png (2 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (2340 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DLNA_PC.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\pos.ini (593 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@funshion[2].txt (462 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerBkgndOption.png (109 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\minibottombar_bg.png (93 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_min.png (265 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\images.xml (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnfailtip.png (338 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\奇葩一家亲.jpg (39 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\FullScreen.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpPrompt.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bk.png (94 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\005_马向阳下乡记.fsv (527 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnfail.png (590 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniVolumeMute.png (704 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtdelhistory.png (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Normal.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\gma.dll (319 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\为奴十二年.jpg (39 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\connect.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PutDesktop.png (755 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\tools\zlib1.dll (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_mall.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\007_爷们儿.fsv (486 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WWC1RTEY\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\deletetips.png (751 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\终结者.jpg (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\playtips.png (723 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\猫和老鼠.jpg (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionService.exe (39950 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBar.png (92 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Scroll.gif (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpError.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnTop.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\探索.jpg (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\暴力街区.jpg (37 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\AdTimer.png (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl64.dll (274 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_menu.png (400 bytes)
    %System%\funshion.ini (331 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\风行热播\001_分手大师.fsv (519 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarBack.png (865 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\港台剧场\001_泡沫之夏.fsv (515 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\Default0.jpg (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\icon\RMVB.ico (58 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\综艺娱乐\001_超级先生.fsv (563 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar64.dll (195 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VolumeMute.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\GeneralButtonBk.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\close.png (625 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionUpgrade.exe (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\documents.ico (1649 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\马向阳下乡记.jpg (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlMiniBtn.png (141 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Go.png (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptRegIns.dll (242 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayBarLength.png (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ShdaowWndBk.png (430 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\动漫卡通\001_猫和老鼠.fsv (527 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsLibrary.exe (9606 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\爷们儿.jpg (31 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPre.png (423 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniVolumeNoMute.png (858 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptRelay.exe (146 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\GameHighlight.png (266 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarHomePage.png (684 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayLength.png (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\Inst.dll (1731 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnStopMini.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\drvc.dll (271 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\fundata.7z (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerWidgetMid.png (244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunKoala.dll (165 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\select.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\tools\CrashReport.exe (177 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\swscale-2.dll (1707 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptNail.dll (1787 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4PEF4DAN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunDodge.dll (1613 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\fpvddec.ax (6323 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpYellowQuestion.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avutil-52.dll (321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSliderBarLeft.png (138 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt64.dll (1742 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnVolumeMute.png (733 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpError2.png (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\BkTransferProgressBkground.png (96 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\logoTray.png (556 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlayList.png (384 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionGame2.ico (26 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\009_探索.fsv (472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniTopView.png (464 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CompletelyPutDesktop.png (312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl.dll (270 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\谈判冤家.jpg (34 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_btn_close.png (777 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_qqErrorUI.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AHORUPMD\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\006_谈判冤家.fsv (468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\泡沫之夏.jpg (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtaddtasktips.png (23 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\NewLogo.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VoiceBtn.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\funshionplugin2.dll (20507 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnred.png (112 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\StartPage.jpg (1613 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\atrc.dll (95 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\玻璃鞋.jpg (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlaySound.png (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar.dll (163 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ExitFullScreen.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniStandard.png (529 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DelListDescend.png (170 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBarMini.png (627 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avcodec-55.dll (20507 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\内地剧场\001_奇葩一家亲.fsv (484 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\funshiontmp\setup.ini (282 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mttasktips.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayList.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAVC.ax (276 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_max.png (311 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IncCientNum.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlSetBtn.png (834 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Funshion.exe (39950 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionBtnDownArrow.png (299 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBar.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnVolume.png (905 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlay.png (865 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_player.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskMobileIcon.png (229 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\最新电影\001_海神密码.fsv (537 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniFullView.png (491 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayBufferLength.png (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\LeftBottomPrompt.png (111 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\SeedIcon.ico (31 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtheartsmall.png (445 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Playerdlna.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\InstallBubble.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskDelete.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlIcon.png (589 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\超级先生.jpg (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\npFunshion.dll (1664 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt.dll (1868 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Funshop4.ico (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniRangeSound.png (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\scrollbar_dlna.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\tsk.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\update.ico (1649 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNonTop.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskPaused.png (435 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSpliderThumb.png (522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ClearFile.png (518 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNextMini.png (445 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunSeed.dll (305 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\tools\gma.dll (1776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Uninstall.exe (3912 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAAC.ax (3684 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPauseMini.png (351 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CleanFileBtn.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\海外剧场\001_玻璃鞋.fsv (459 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtheartbig.png (410 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniClose.png (383 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\RadioBox.png (825 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnStop.png (337 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_button.png (457 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnErCode.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mobilePopClose.png (747 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlayMini.png (670 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CrashReport.exe (3885 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskListStatIcons.png (557 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnectbtn.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\AddMore.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunKoala64.dll (210 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\SetupFiles.7z (53851 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\010_中国梦之声 第二季.fsv (647 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\LogoMini.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\ssdodge.daw (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunWorks.dll (1795 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlCloseBtn.png (612 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\海神密码.jpg (37 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\winusb.dll (22 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarRefresh.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\幻影车神:魔盗激情.jpg (39 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CallbackBubble.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DelListAscend.png (169 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_library.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunSeed64.dll (1626 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\uninst.exe (246 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\funshion.ini (993 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\connectMobile.png (2 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@funshion[1].txt (450 bytes)
    %Documents and Settings%\%current user%\funshion.ini (2073 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtpcmobile.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\downtomobiletips.png (908 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\cook.dll (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_projection.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlCloseBtnAbnormal.png (918 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\desktop.ico (1649 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\004_扑克王.fsv (481 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_help.png (988 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\Default1.jpg (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNext.png (477 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniNonTopView.png (567 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\Turkey.dll (1747 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\SimpleIE.dll (146 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\倒霉熊.jpg (13 bytes)
    %Documents and Settings%\%current user%\Application Data\FunUninst\uninstconfig.ini (122 bytes)
    %Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe (1281 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\Uninstall_new.daw (308 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\CD9C747F40EEA288D73938D33144F716 (140 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B (176 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunAcceil_new.daw (324 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunKoala64_new.daw (308 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (54 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\31294006CE0E30E9018936BD13494DF8 (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B (500 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\31294006CE0E30E9018936BD13494DF8 (172 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\FunBSS_new.dll (32816 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\config.ini (39 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (54 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (49 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\Glede_new.dll (31584 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\Turkey_new.daw (1 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\Condor_new.daw (596 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\CD9C747F40EEA288D73938D33144F716 (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (2712 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunNest_new.daw (1 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunAcceil_new.dll (25080 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunBSS64_new.daw (2 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\Firemanii_new.daw (308 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunNest64_new.daw (1 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\Uninstall_new.exe (15904 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunKoala_new.dll (11704 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (49 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\Glede_new.daw (12 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\Condor_new.dll (16664 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunAcce_new.daw (308 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\Cuckoo_new.dll (33720 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\FunNest_new.dll (28320 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\Cuckoo_new.daw (308 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunAcce_new.dll (24248 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunKoala_new.daw (308 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\Firemanii_new.dll (31256 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunKoala64_new.dll (13784 bytes)
    %Documents and Settings%\All Users\Application Data\FunAcce\FunBSS_new.daw (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\gma.dll (12769 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\fundata.7z (7726 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\Inst.dll (17857 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\FunWorks64.dll (4185 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\FunNail.dll (7345 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\uninst.exe (10601 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\Fireman.dll (13584 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\FunDodge.dll (14129 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\FunKoala.dll (673 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\FunSeed64.dll (2105 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\sFunWorks.daw (172 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\ssdodge.daw (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\AptNail.dll (20017 bytes)
    %Documents and Settings%\%current user%\Application Data\FunUninst\bugrecord.daw (252 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\FunKoala64.dll (1281 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\FunWorks.dll (20921 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\Turkey.dll (19361 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\AptShadow.exe (3361 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\SeedIcon.ico (815 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\foamii.zip (98142 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\AptRegIns.dll (1281 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\FunSeed.dll (16593 bytes)
    %Documents and Settings%\%current user%\Application Data\Adair\AptRelay.exe (673 bytes)
    

    4. 

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    5. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now