Susp_Dropper (Kaspersky), Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: ad6e8740cca5c406a172dceeb1381890
SHA1: 125c1560459a3434788650f4b1d1d2c70f110201
SHA256: 41b8e8901987a7a6b64d874163c770be037d9c32fd3cb0e01e50fa1848b18a84
SSDeep: 196608:e3hjq7IjvcUTFEvmaYsxvD8vfPf0vT5FNrXz44ajEUQHVAcExka3yE:eVfjJFkLxvD8wXXsBaVA9fyE
Size: 10234872 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: ????????????
Created at: 2016-03-24 11:04:32
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:1832
regsvr32.exe:1472
regsvr32.exe:188
regsvr32.exe:1628
regsvr32.exe:816
rundll32.exe:244
rundll32.exe:1748
rundll32.exe:316
rundll32.exe:1584
rundll32.exe:552
AptShadow.exe:1340
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:
RasPbFile1009funshion_install_global_instance_event_nameWininetProxyRegistryMutexWininetConnectionMutexWininetStartupMutexc:!documents and settings!adm!local settings!history!history.ie5!c:!documents and settings!adm!cookies!_!MSFTHISTORY!_ShimCacheMutexc:!documents and settings!adm!local settings!temporary internet files!content.ie5!ZonesLockedCacheCounterMutexZonesCacheCounterMutexZonesCounterMutex
File activity
The process %original file name%.exe:1832 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_game.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBarMiniVolume.png (648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionWeb.exe (6413 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\扑克王.jpg (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPause.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunWorks64.dll (3715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MobileTaskNum.png (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSliderBar.png (122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniMinView.png (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptShadow.exe (1832 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskListLastPlayStatIcons.png (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpErrorUI.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mttransferbtn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\BkTransferProgressForeground.png (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_close.png (444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\QRCodeBk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\ä¸ÂÂ国梦之声 第二å£.jpg (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_normal.png (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnSimple.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskDownLoad.png (766 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CheckBox.png (583 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ListScrollBarVerWidgetMid.png (427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DownloadJsonClose.png (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Expand.png (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\logo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MenuUpdateQQ.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\分手大师.jpg (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpQuestion.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\back_play.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskBarMobileIcon.png (698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\pncrt.dll (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VolumeNoMute.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ClearDisk.png (771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerBkgnd.png (133 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunNail.dll (6401 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mobileClose.png (884 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPreMini.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\WndCloseBtn.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TrayWndclose.png (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\icon\MP4.ico (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtcompeltebtn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\001_幻影车神:éÂÂâ€Âç›â€â€ÃƒÂ¦Ã‚¿â‚¬Ã¦Æ’….fsv (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBK.png (93 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\ç»ÂÂå…¸çâ€Âµå½±\001_终结者.fsv (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\002_为奴åÂÂÂÂ二年.fsv (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\tools.7z (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconngray.png (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ShowPlayInfoBtn.png (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Search.png (451 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\008_倒霉熊.fsv (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_close.png (429 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\new.png (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\09UPKJAB\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_qq.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_background.png (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\003_暴力è¡â€â€ÃƒÂ¥Ã…’º.fsv (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\refresbtn.png (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (2340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DLNA_PC.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\pos.ini (593 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[2].txt (462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerBkgndOption.png (109 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\minibottombar_bg.png (93 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_min.png (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\images.xml (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnfailtip.png (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\奇葩一家亲.jpg (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\FullScreen.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpPrompt.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bk.png (94 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\005_马å‘阳下乡记.fsv (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnfail.png (590 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniVolumeMute.png (704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtdelhistory.png (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Normal.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\gma.dll (319 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\为奴åÂÂÂÂ二年.jpg (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\connect.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PutDesktop.png (755 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\zlib1.dll (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_mall.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\007_爷们儿.fsv (486 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WWC1RTEY\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\deletetips.png (751 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\终结者.jpg (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\playtips.png (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\猫和è€ÂÂé¼ .jpg (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionService.exe (39950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBar.png (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Scroll.gif (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpError.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnTop.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\探索.jpg (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\暴力è¡â€â€ÃƒÂ¥Ã…’º.jpg (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\AdTimer.png (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl64.dll (274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_menu.png (400 bytes)
%System%\funshion.ini (331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\风行çƒÂÂæ’ÂÂ\001_分手大师.fsv (519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarBack.png (865 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\港å°剧场\001_泡沫之å¤ÂÂ.fsv (515 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\Default0.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\icon\RMVB.ico (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\综艺娱ä¹ÂÂ\001_超级先çâ€ÂŸ.fsv (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar64.dll (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VolumeMute.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\GeneralButtonBk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\close.png (625 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionUpgrade.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\documents.ico (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\马å‘阳下乡记.jpg (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlMiniBtn.png (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Go.png (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptRegIns.dll (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayBarLength.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ShdaowWndBk.png (430 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\动漫å¡通\001_猫和è€ÂÂé¼ .fsv (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsLibrary.exe (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\爷们儿.jpg (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPre.png (423 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniVolumeNoMute.png (858 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptRelay.exe (146 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\GameHighlight.png (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarHomePage.png (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayLength.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\Inst.dll (1731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnStopMini.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\drvc.dll (271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\fundata.7z (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerWidgetMid.png (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunKoala.dll (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\select.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\CrashReport.exe (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\swscale-2.dll (1707 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptNail.dll (1787 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4PEF4DAN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunDodge.dll (1613 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\fpvddec.ax (6323 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpYellowQuestion.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avutil-52.dll (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSliderBarLeft.png (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt64.dll (1742 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnVolumeMute.png (733 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpError2.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\BkTransferProgressBkground.png (96 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\logoTray.png (556 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlayList.png (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionGame2.ico (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\009_探索.fsv (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniTopView.png (464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CompletelyPutDesktop.png (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl.dll (270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\谈判冤家.jpg (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_btn_close.png (777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_qqErrorUI.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AHORUPMD\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\006_谈判冤家.fsv (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\泡沫之å¤ÂÂ.jpg (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtaddtasktips.png (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\NewLogo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VoiceBtn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\funshionplugin2.dll (20507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnred.png (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\StartPage.jpg (1613 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\atrc.dll (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\玻璃鞋.jpg (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlaySound.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar.dll (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ExitFullScreen.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniStandard.png (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DelListDescend.png (170 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBarMini.png (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avcodec-55.dll (20507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\内地剧场\001_奇葩一家亲.fsv (484 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\funshiontmp\setup.ini (282 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mttasktips.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayList.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAVC.ax (276 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_max.png (311 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IncCientNum.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlSetBtn.png (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Funshion.exe (39950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionBtnDownArrow.png (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBar.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnVolume.png (905 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlay.png (865 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_player.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskMobileIcon.png (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\最新çâ€Âµå½±\001_海神密ç ÂÂ.fsv (537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniFullView.png (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayBufferLength.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\LeftBottomPrompt.png (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\SeedIcon.ico (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtheartsmall.png (445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Playerdlna.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\InstallBubble.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskDelete.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlIcon.png (589 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\超级先çâ€ÂŸ.jpg (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\npFunshion.dll (1664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt.dll (1868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Funshop4.ico (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniRangeSound.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\scrollbar_dlna.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\tsk.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\update.ico (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNonTop.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskPaused.png (435 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSpliderThumb.png (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ClearFile.png (518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNextMini.png (445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunSeed.dll (305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\gma.dll (1776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Uninstall.exe (3912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAAC.ax (3684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPauseMini.png (351 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CleanFileBtn.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\海外剧场\001_玻璃鞋.fsv (459 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtheartbig.png (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniClose.png (383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\RadioBox.png (825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnStop.png (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_button.png (457 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnErCode.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mobilePopClose.png (747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlayMini.png (670 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CrashReport.exe (3885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskListStatIcons.png (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnectbtn.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\AddMore.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunKoala64.dll (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\SetupFiles.7z (53851 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\010_ä¸ÂÂ国梦之声 第二å£.fsv (647 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\LogoMini.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\ssdodge.daw (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunWorks.dll (1795 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlCloseBtn.png (612 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\海神密ç ÂÂ.jpg (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\winusb.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarRefresh.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\幻影车神:éÂÂâ€Âç›â€â€ÃƒÂ¦Ã‚¿â‚¬Ã¦Æ’….jpg (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CallbackBubble.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DelListAscend.png (169 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_library.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunSeed64.dll (1626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\uninst.exe (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\funshion.ini (993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\connectMobile.png (2 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[1].txt (450 bytes)
%Documents and Settings%\%current user%\funshion.ini (2073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtpcmobile.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\downtomobiletips.png (908 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\cook.dll (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_projection.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlCloseBtnAbnormal.png (918 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\desktop.ico (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\004_扑克王.fsv (481 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_help.png (988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\Default1.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNext.png (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniNonTopView.png (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\Turkey.dll (1747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\SimpleIE.dll (146 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\倒霉熊.jpg (13 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[2].txt (0 bytes)
The process rundll32.exe:244 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\FunUninst\uninstconfig.ini (122 bytes)
The process rundll32.exe:1748 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe (1281 bytes)
%Documents and Settings%\%current user%\Application Data\FunUninst\uninstconfig.ini (76 bytes)
The process rundll32.exe:552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\FunAcce\Uninstall_new.daw (308 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\CD9C747F40EEA288D73938D33144F716 (140 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B (176 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcceil_new.daw (324 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala64_new.daw (308 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\31294006CE0E30E9018936BD13494DF8 (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B (500 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\31294006CE0E30E9018936BD13494DF8 (172 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunBSS_new.dll (32816 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\config.ini (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (49 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Glede_new.dll (31584 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Turkey_new.daw (1 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Condor_new.daw (596 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\CD9C747F40EEA288D73938D33144F716 (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (2712 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunNest_new.daw (1 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcceil_new.dll (25080 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunBSS64_new.daw (2 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Firemanii_new.daw (308 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunNest64_new.daw (1 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Uninstall_new.exe (15904 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala_new.dll (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (49 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Glede_new.daw (12 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Condor_new.dll (16664 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcce_new.daw (308 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Cuckoo_new.dll (33720 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunNest_new.dll (28320 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Cuckoo_new.daw (308 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcce_new.dll (24248 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala_new.daw (308 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Firemanii_new.dll (31256 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala64_new.dll (13784 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunBSS_new.daw (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (2712 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (0 bytes)
The process AptShadow.exe:1340 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\Adair\gma.dll (12769 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\fundata.7z (7726 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Inst.dll (17857 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunWorks64.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunNail.dll (7345 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\uninst.exe (10601 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Fireman.dll (13584 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunDodge.dll (14129 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunKoala.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunSeed64.dll (2105 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\sFunWorks.daw (172 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\ssdodge.daw (2 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptNail.dll (20017 bytes)
%Documents and Settings%\%current user%\Application Data\FunUninst\bugrecord.daw (252 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunKoala64.dll (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunWorks.dll (20921 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[1].txt (156 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Turkey.dll (19361 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptShadow.exe (3361 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\SeedIcon.ico (815 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (388 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\foamii.zip (98142 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptRegIns.dll (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunSeed.dll (16593 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptRelay.exe (673 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Application Data\Adair\foamii.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptNail.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\gma.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunWorks.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Turkey.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunDodge.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\SeedIcon.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\ssdodge.daw (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Inst.dll (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[2].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunSeed.dll (0 bytes)
Registry activity
The process %original file name%.exe:1832 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 CC CB A7 5F 7F 97 D3 E7 89 36 43 B5 B0 DF A8"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process regsvr32.exe:1472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 5F 93 7C 21 E1 82 E1 60 5B 7C 5F 31 F5 CE AB"
[HKCR\CLSID\{6103A727-4004-4374-8A34-D91BC40B3EF6}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\Adair\Alvin.dll"
"ThreadingModel" = "Apartment"
[HKCR\CLSID\{6103A727-4004-4374-8A34-D91BC40B3EF6}]
"(Default)" = "Horizon Class"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Alvin]
"(Default)" = "{6103A727-4004-4374-8A34-D91BC40B3EF6}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{6103A727-4004-4374-8A34-D91BC40B3EF6}" = "FunSeed extension"
The process regsvr32.exe:188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}]
"(Default)" = "Audio Renderer Property Page"
[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "29"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FriendlyName" = "Video Renderer"
[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "QuickTime Movie Parser"
[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IMediaSeeking"
[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}]
"(Default)" = "IAMAudioRendererStats"
[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorCallbackTemp"
[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "8"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Video Decoder"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMPhysicalPinInfo"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"(Default)" = "Line 21 Decoder 2"
[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeReader"
[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}]
"(Default)" = "IAMOpenProgress"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"0" = "0,4,,3C53414d"
[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "IDVSplitter"
[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FriendlyName" = "Video Renderer"
[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Wave Parser"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FriendlyName" = "AVI Draw"
[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterGraph"
[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"(Default)" = "Video Renderer"
[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}]
"(Default)" = "IEncoderAPI"
[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}]
"(Default)" = "Full Screen Renderer Property Page"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"1" = "0, 10, FFFFFFFF000000000000, 494433030080808080"
"0" = "0, 2, FFE0, FFE0"
[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdInfo2"
[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A2-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoCompression"
[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"(Default)" = "Color Space Converter"
[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}]
"(Default)" = "IAMGraphStreams"
[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI/WAV File Source"
[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "7"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,57415645"
[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMBufferNegotiation"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FriendlyName" = "Internal Script Command Renderer"
[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMCopyCaptureFileProgress"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI Decompressor"
[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "26"
[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMDroppedFrames"
[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"CLSID" = "{D3588AB0-0781-11CE-B03A-0020AF0BA770}"
[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemInputPin"
[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 F2 3E 78 9D 13 C5 11 13 4B EF 06 04 75 D8 A2"
[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FilterData" = "02 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00"
[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"(Default)" = "VGA 16 color ditherer"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}]
"(Default)" = "IAMStreamSelect"
[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"
[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterMapper"
[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "18"
[HKCR\file]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "21"
[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"(Default)" = "AVI Splitter"
[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}]
"(Default)" = "Audio Renderer"
[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"CLSID" = "{70E102B0-5556-11CE-97C0-00AA0055595A}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A1-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}]
"(Default)" = "VMR ImageSync"
[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoEncoder"
[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\https]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryAllocator"
[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "System Clock"
[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{4A2286E0-7BEF-11CE-9BD9-0000E202599C}"
[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "8"
[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemAllocator"
[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"CLSID" = "{1643E180-90F5-11CE-97D5-00AA0055595A}"
[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"(Default)" = "Default Video Renderer"
[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}]
"(Default)" = "Performance Property Page"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A3-7548-11CF-A520-0080C77EF58A}"
[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}]
"(Default)" = "IDVEnc"
[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"CLSID" = "{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "File stream renderer"
[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "PSFactoryBuffer"
[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMStreamConfig"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"0" = "0,4,,3b4d554c"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"CLSID" = "{1B544C20-FD0B-11CE-8C63-00AA0044B51E}"
[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"CLSID" = "{301056D0-6DFF-11D2-9EEB-006008039E37}"
[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}]
"(Default)" = "IVideoFrameStep"
[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IFilterGraph2"
[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "31"
[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoDecoder"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeGenerator"
[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "42"
[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"CLSID" = "{336475D0-942A-11CE-A870-00AA002FEAB5}"
[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdControl2"
[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FriendlyName" = "QT Decompressor"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}]
"(Default)" = "IAMPushSource"
[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI Decompressor"
[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumRegFilters"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"1" = "4, 4, , 6d6f6f76"
"0" = "4, 4, , 6d646174"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FriendlyName" = "Line 21 Decoder 2"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"CLSID" = "{A888DF60-1E90-11CF-AC98-00AA004C0FA9}"
[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IBaseFilter"
[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]
"(Default)" = "DirectSound Audio Renderer"
[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "12"
[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (URL)"
[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"(Default)" = "Video Mixing Renderer 9"
[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}]
"(Default)" = "Video Mixing Renderer"
[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoControl"
[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}]
"(Default)" = "VMR Allocator Presenter"
[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}]
"(Default)" = "Seeking"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FriendlyName" = "Video Mixing Renderer 9"
[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Media Type\Extensions\.mp3]
"Media Type" = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\NumMethods]
"(Default)" = "5"
[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}]
"(Default)" = "IDVRGB219"
[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"(Default)" = "Video Port Manager"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "MIDI Parser"
[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}]
"(Default)" = "IConfigInterleaving"
[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A5-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\Extensions\.mp3]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FriendlyName" = "VGA 16 Color Ditherer"
[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IReferenceClock"
[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}]
"(Default)" = "Filter Mapper2"
[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}]
"(Default)" = "IFileSinkFilter"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 68 03 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FriendlyName" = "SAMI (CC) Parser"
[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"(Default)" = "QT Decompressor"
[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Video Decoder Property Page"
[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTunerNotification"
[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}]
"(Default)" = "ICreateDevEnum"
[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryControl"
[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "10"
[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph no thread"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Audio Decoder"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"CLSID" = "{51B4ABF3-748F-4E3B-A276-C828330E926A}"
[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\NumMethods]
"(Default)" = "5"
[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 16, FFFFFFFFF100010001800001FFFFFFFF, 000001BA2100010001800001000001BB"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"CLSID" = "{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}"
[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoProcAmp"
[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"CLSID" = "{07167665-5011-11CF-BF33-00AA0055595A}"
[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\NumMethods]
"(Default)" = "12"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\NumMethods]
"(Default)" = "5"
[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}]
"(Default)" = "IDvdCmd"
[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Audio Decoder Property Page"
[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IReferenceClock2"
[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}]
"(Default)" = "ICaptureGraphBuilder2"
[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper2"
[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "8"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FriendlyName" = "ACM Wrapper"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FriendlyName" = "MJPEG Decompressor"
[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTuner"
[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Mapper"
[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IAMStreamControl"
[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IDistributorNotify"
[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A0-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Audio Codec"
[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"(Default)" = "ACM Wrapper"
[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}]
"(Default)" = "VMR Mixer"
[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}]
"(Default)" = "IMediaPropertyBag"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphBuilder"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"CLSID" = "{48025243-2D39-11CE-875D-00608CB78066}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FriendlyName" = "Full Screen Renderer"
[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMAudioInputMixer"
[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}]
"(Default)" = "IVideoEncoder"
[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FriendlyName" = "MJPEG Compressor"
[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeDisplay"
[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumPins"
[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"(Default)" = "MPEG-I Stream Splitter"
[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}]
"(Default)" = "MIDI Renderer"
[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}]
"(Default)" = "ICaptureGraphBuilder"
[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}]
"(Default)" = "IAMDeviceRemoval"
[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FriendlyName" = "AVI Splitter"
[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}]
"(Default)" = "IAMLatency"
[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}]
"(Default)" = "Internal Text Renderer"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"CLSID" = "{E4206432-01A1-4BEE-B3E1-3702C8EDC574}"
[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\NumMethods]
"(Default)" = "18"
[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}]
"(Default)" = "DirectDraw Property Page"
[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}]
"(Default)" = "VMR Allocator Presenter DDXcl Mode"
[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}]
"(Default)" = "IConfigAviMux"
[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"CLSID" = "{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}"
[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "9"
[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IPin"
[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumFilters"
[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}]
"(Default)" = "XML Graphbuilder"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,2e736e64"
[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}]
"(Default)" = "IDvdState"
[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "14"
[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "43"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"CLSID" = "{CF49D4E0-1115-11CE-B03A-0020AF0BA770}"
[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"
[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "4"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FilterData" = "02 00 00 00 64 00 60 00 0A 00 00 00 00 00 00 00"
[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Video Codec"
[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}]
"(Default)" = "IEnumMediaTypes"
[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IAsyncReader"
[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}]
"(Default)" = "IPersistMediaPropertyBag"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "MIDI Parser"
[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdInfo"
[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorNotifyCallbackTemp"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Compressor"
[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI/WAV File Source"
[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "9"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FriendlyName" = "Color Space Converter"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 52494646, 8, 8, , 43445841666D7420, 36, 20, FFFFFFFF00000000FFFFFFFFFFFFFFFFFFFFFFFF, 646174610000000000FFFFFFFFFFFFFFFFFFFF00"
[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "20"
[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"0" = "0, 5, FFFFFFFFC0 ,000001BA40"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FilterData" = "02 00 00 00 02 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}]
"(Default)" = "IFileSinkFilter2"
[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"(Default)" = "AVI Draw Filter"
[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdControl"
[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"CLSID" = "{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}"
[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaEventSink"
[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"(Default)" = "SAMI (CC) Reader"
[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Multi-file Parser"
[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "11"
[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCrossbar"
[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}]
"(Default)" = "Memory Allocator"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FriendlyName" = "Video Port Manager"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"CLSID" = "{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}"
[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaFilter"
[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 00 40 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{FEB50740-7BEF-11CE-9BD9-0000E202599C}"
[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}]
"(Default)" = "VMR Allocator Presenter 9"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 000001B3"
[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "38"
[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}]
"(Default)" = "Audio Renderer Advanced Properties"
[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}]
"(Default)" = "ICodecAPI"
[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCameraControl"
[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"
[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "19"
[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Wave Parser"
[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceManager"
[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"CLSID" = "{B80AB0A0-7416-11D2-9EEB-006008039E37}"
[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}]
"(Default)" = "IAMClockSlave"
[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}]
"(Default)" = "Quality Management Property Page"
[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}]
"(Default)" = "VMR Mixer 9"
[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}]
"(Default)" = "IIPDVDec"
[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "QuickTime Movie Parser"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"
[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "ISeekingPassThru"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,464f524d,8,4,,41494646"
"1" = "0,4,,464f524d,8,4,,41494643"
[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTVTuner"
[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\NumMethods]
"(Default)" = "10"
[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,41564920"
[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMExtTransport"
[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\HTTP]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "File stream renderer"
[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "15"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"
[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}]
"(Default)" = "IAMExtDevice"
[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"
[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphVersion"
[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}]
"(Default)" = "VMR ImageSync 9"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FilterData" = "02 00 00 00 01 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "8"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper3"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"
[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}]
"(Default)" = "Full Screen Renderer"
[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IQualityControl"
[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "8"
[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (Async.)"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Decompressor"
[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FriendlyName" = "MPEG-I Stream Splitter"
[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (URL)"
[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}]
"(Default)" = "IAMovieSetup"
[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFileSourceFilter"
[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceConsumer"
[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"CLSID" = "{33FACFE0-A9BE-11D0-A520-00A0D10129C0}"
[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}]
"(Default)" = "IKsPropertySet"
[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}]
"(Default)" = "CMediaPropertyBag"
[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "IPersistMoniker Plug In Distributor"
[HKCR\gopher]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Multi-file Parser"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}]
"(Default)" = "IAMOverlayFX"
[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "4"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"1" = "0,4,,4D546864"
"0" = "0,4,,52494646,8,4,,524D4944"
[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\ftp]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (Async.)"
[HKCR\Media Type\Extensions\.mp3]
"SubType" = "{E436EB87-524F-11CE-9F53-0020AF0BA770}"
The Trojan deletes the following registry key(s):
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
The process regsvr32.exe:1628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}]
"(Default)" = "Audio Renderer Property Page"
[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "29"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FriendlyName" = "Video Renderer"
[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "QuickTime Movie Parser"
[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IMediaSeeking"
[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}]
"(Default)" = "IAMAudioRendererStats"
[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorCallbackTemp"
[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "8"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Video Decoder"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMPhysicalPinInfo"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"(Default)" = "Line 21 Decoder 2"
[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeReader"
[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}]
"(Default)" = "IAMOpenProgress"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"0" = "0,4,,3C53414d"
[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "IDVSplitter"
[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FriendlyName" = "Video Renderer"
[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Wave Parser"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FriendlyName" = "AVI Draw"
[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterGraph"
[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"(Default)" = "Video Renderer"
[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}]
"(Default)" = "IEncoderAPI"
[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}]
"(Default)" = "Full Screen Renderer Property Page"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"1" = "0, 10, FFFFFFFF000000000000, 494433030080808080"
"0" = "0, 2, FFE0, FFE0"
[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdInfo2"
[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A2-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoCompression"
[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"(Default)" = "Color Space Converter"
[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}]
"(Default)" = "IAMGraphStreams"
[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI/WAV File Source"
[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "7"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,57415645"
[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMBufferNegotiation"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FriendlyName" = "Internal Script Command Renderer"
[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMCopyCaptureFileProgress"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI Decompressor"
[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "26"
[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMDroppedFrames"
[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"CLSID" = "{D3588AB0-0781-11CE-B03A-0020AF0BA770}"
[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemInputPin"
[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F B0 34 48 E2 EE 3D AD E5 E1 1D EB 9D AB 5D DF"
[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FilterData" = "02 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00"
[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"(Default)" = "VGA 16 color ditherer"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}]
"(Default)" = "IAMStreamSelect"
[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"
[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterMapper"
[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "18"
[HKCR\file]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "21"
[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"(Default)" = "AVI Splitter"
[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}]
"(Default)" = "Audio Renderer"
[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"CLSID" = "{70E102B0-5556-11CE-97C0-00AA0055595A}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A1-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}]
"(Default)" = "VMR ImageSync"
[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoEncoder"
[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\https]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryAllocator"
[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "System Clock"
[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{4A2286E0-7BEF-11CE-9BD9-0000E202599C}"
[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "8"
[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemAllocator"
[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"CLSID" = "{1643E180-90F5-11CE-97D5-00AA0055595A}"
[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"(Default)" = "Default Video Renderer"
[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}]
"(Default)" = "Performance Property Page"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A3-7548-11CF-A520-0080C77EF58A}"
[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}]
"(Default)" = "IDVEnc"
[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"CLSID" = "{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "File stream renderer"
[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "PSFactoryBuffer"
[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMStreamConfig"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"0" = "0,4,,3b4d554c"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"CLSID" = "{1B544C20-FD0B-11CE-8C63-00AA0044B51E}"
[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"CLSID" = "{301056D0-6DFF-11D2-9EEB-006008039E37}"
[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}]
"(Default)" = "IVideoFrameStep"
[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IFilterGraph2"
[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "31"
[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoDecoder"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeGenerator"
[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "42"
[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"CLSID" = "{336475D0-942A-11CE-A870-00AA002FEAB5}"
[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdControl2"
[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FriendlyName" = "QT Decompressor"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}]
"(Default)" = "IAMPushSource"
[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI Decompressor"
[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumRegFilters"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"1" = "4, 4, , 6d6f6f76"
"0" = "4, 4, , 6d646174"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FriendlyName" = "Line 21 Decoder 2"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"CLSID" = "{A888DF60-1E90-11CF-AC98-00AA004C0FA9}"
[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IBaseFilter"
[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]
"(Default)" = "DirectSound Audio Renderer"
[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "12"
[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (URL)"
[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"(Default)" = "Video Mixing Renderer 9"
[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}]
"(Default)" = "Video Mixing Renderer"
[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoControl"
[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}]
"(Default)" = "VMR Allocator Presenter"
[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}]
"(Default)" = "Seeking"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FriendlyName" = "Video Mixing Renderer 9"
[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Media Type\Extensions\.mp3]
"Media Type" = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\NumMethods]
"(Default)" = "5"
[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}]
"(Default)" = "IDVRGB219"
[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"(Default)" = "Video Port Manager"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "MIDI Parser"
[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}]
"(Default)" = "IConfigInterleaving"
[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A5-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\Extensions\.mp3]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FriendlyName" = "VGA 16 Color Ditherer"
[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IReferenceClock"
[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}]
"(Default)" = "Filter Mapper2"
[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}]
"(Default)" = "IFileSinkFilter"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 68 03 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FriendlyName" = "SAMI (CC) Parser"
[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"(Default)" = "QT Decompressor"
[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Video Decoder Property Page"
[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTunerNotification"
[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}]
"(Default)" = "ICreateDevEnum"
[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryControl"
[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "10"
[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph no thread"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Audio Decoder"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"CLSID" = "{51B4ABF3-748F-4E3B-A276-C828330E926A}"
[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\NumMethods]
"(Default)" = "5"
[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 16, FFFFFFFFF100010001800001FFFFFFFF, 000001BA2100010001800001000001BB"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"CLSID" = "{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}"
[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoProcAmp"
[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"CLSID" = "{07167665-5011-11CF-BF33-00AA0055595A}"
[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\NumMethods]
"(Default)" = "12"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\NumMethods]
"(Default)" = "5"
[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}]
"(Default)" = "IDvdCmd"
[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Audio Decoder Property Page"
[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IReferenceClock2"
[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}]
"(Default)" = "ICaptureGraphBuilder2"
[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper2"
[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "8"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FriendlyName" = "ACM Wrapper"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FriendlyName" = "MJPEG Decompressor"
[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTuner"
[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Mapper"
[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IAMStreamControl"
[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IDistributorNotify"
[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A0-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Audio Codec"
[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"(Default)" = "ACM Wrapper"
[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}]
"(Default)" = "VMR Mixer"
[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}]
"(Default)" = "IMediaPropertyBag"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphBuilder"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"CLSID" = "{48025243-2D39-11CE-875D-00608CB78066}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FriendlyName" = "Full Screen Renderer"
[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMAudioInputMixer"
[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}]
"(Default)" = "IVideoEncoder"
[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FriendlyName" = "MJPEG Compressor"
[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeDisplay"
[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumPins"
[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"(Default)" = "MPEG-I Stream Splitter"
[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}]
"(Default)" = "MIDI Renderer"
[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}]
"(Default)" = "ICaptureGraphBuilder"
[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}]
"(Default)" = "IAMDeviceRemoval"
[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FriendlyName" = "AVI Splitter"
[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}]
"(Default)" = "IAMLatency"
[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}]
"(Default)" = "Internal Text Renderer"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"CLSID" = "{E4206432-01A1-4BEE-B3E1-3702C8EDC574}"
[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\NumMethods]
"(Default)" = "18"
[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}]
"(Default)" = "DirectDraw Property Page"
[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}]
"(Default)" = "VMR Allocator Presenter DDXcl Mode"
[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}]
"(Default)" = "IConfigAviMux"
[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"CLSID" = "{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}"
[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "9"
[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IPin"
[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumFilters"
[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}]
"(Default)" = "XML Graphbuilder"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,2e736e64"
[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}]
"(Default)" = "IDvdState"
[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "14"
[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "43"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"CLSID" = "{CF49D4E0-1115-11CE-B03A-0020AF0BA770}"
[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"
[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "4"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FilterData" = "02 00 00 00 64 00 60 00 0A 00 00 00 00 00 00 00"
[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Video Codec"
[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}]
"(Default)" = "IEnumMediaTypes"
[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IAsyncReader"
[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}]
"(Default)" = "IPersistMediaPropertyBag"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "MIDI Parser"
[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdInfo"
[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorNotifyCallbackTemp"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Compressor"
[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI/WAV File Source"
[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "9"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FriendlyName" = "Color Space Converter"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 52494646, 8, 8, , 43445841666D7420, 36, 20, FFFFFFFF00000000FFFFFFFFFFFFFFFFFFFFFFFF, 646174610000000000FFFFFFFFFFFFFFFFFFFF00"
[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "20"
[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"0" = "0, 5, FFFFFFFFC0 ,000001BA40"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FilterData" = "02 00 00 00 02 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}]
"(Default)" = "IFileSinkFilter2"
[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"(Default)" = "AVI Draw Filter"
[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdControl"
[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"CLSID" = "{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}"
[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaEventSink"
[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"(Default)" = "SAMI (CC) Reader"
[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Multi-file Parser"
[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "11"
[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCrossbar"
[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}]
"(Default)" = "Memory Allocator"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FriendlyName" = "Video Port Manager"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"CLSID" = "{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}"
[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaFilter"
[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 00 40 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{FEB50740-7BEF-11CE-9BD9-0000E202599C}"
[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}]
"(Default)" = "VMR Allocator Presenter 9"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 000001B3"
[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "38"
[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}]
"(Default)" = "Audio Renderer Advanced Properties"
[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}]
"(Default)" = "ICodecAPI"
[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCameraControl"
[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"
[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "19"
[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Wave Parser"
[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceManager"
[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"CLSID" = "{B80AB0A0-7416-11D2-9EEB-006008039E37}"
[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}]
"(Default)" = "IAMClockSlave"
[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}]
"(Default)" = "Quality Management Property Page"
[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}]
"(Default)" = "VMR Mixer 9"
[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}]
"(Default)" = "IIPDVDec"
[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "QuickTime Movie Parser"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"
[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "ISeekingPassThru"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,464f524d,8,4,,41494646"
"1" = "0,4,,464f524d,8,4,,41494643"
[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTVTuner"
[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\NumMethods]
"(Default)" = "10"
[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,41564920"
[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMExtTransport"
[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\HTTP]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "File stream renderer"
[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "15"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"
[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}]
"(Default)" = "IAMExtDevice"
[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"
[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphVersion"
[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}]
"(Default)" = "VMR ImageSync 9"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FilterData" = "02 00 00 00 01 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "8"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper3"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"
[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}]
"(Default)" = "Full Screen Renderer"
[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IQualityControl"
[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "8"
[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (Async.)"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Decompressor"
[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FriendlyName" = "MPEG-I Stream Splitter"
[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (URL)"
[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}]
"(Default)" = "IAMovieSetup"
[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFileSourceFilter"
[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceConsumer"
[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"CLSID" = "{33FACFE0-A9BE-11D0-A520-00A0D10129C0}"
[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}]
"(Default)" = "IKsPropertySet"
[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}]
"(Default)" = "CMediaPropertyBag"
[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "IPersistMoniker Plug In Distributor"
[HKCR\gopher]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Multi-file Parser"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}]
"(Default)" = "IAMOverlayFX"
[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "4"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"1" = "0,4,,4D546864"
"0" = "0,4,,52494646,8,4,,524D4944"
[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\ftp]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (Async.)"
[HKCR\Media Type\Extensions\.mp3]
"SubType" = "{E436EB87-524F-11CE-9F53-0020AF0BA770}"
The Trojan deletes the following registry key(s):
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
The process regsvr32.exe:816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}]
"(Default)" = "Audio Renderer Property Page"
[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "29"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FriendlyName" = "Video Renderer"
[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "QuickTime Movie Parser"
[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IMediaSeeking"
[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}]
"(Default)" = "IAMAudioRendererStats"
[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorCallbackTemp"
[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "8"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Video Decoder"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMPhysicalPinInfo"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"(Default)" = "Line 21 Decoder 2"
[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeReader"
[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}]
"(Default)" = "IAMOpenProgress"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"0" = "0,4,,3C53414d"
[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "IDVSplitter"
[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FriendlyName" = "Video Renderer"
[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Wave Parser"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FriendlyName" = "AVI Draw"
[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterGraph"
[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"(Default)" = "Video Renderer"
[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}]
"(Default)" = "IEncoderAPI"
[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}]
"(Default)" = "Full Screen Renderer Property Page"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"1" = "0, 10, FFFFFFFF000000000000, 494433030080808080"
"0" = "0, 2, FFE0, FFE0"
[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdInfo2"
[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A2-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoCompression"
[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{8E1C39A1-DE53-11CF-AA63-0080C744528D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"(Default)" = "Color Space Converter"
[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}]
"(Default)" = "IAMGraphStreams"
[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI/WAV File Source"
[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "7"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,57415645"
[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMBufferNegotiation"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FriendlyName" = "Internal Script Command Renderer"
[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMCopyCaptureFileProgress"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI Decompressor"
[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "26"
[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMDroppedFrames"
[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"CLSID" = "{D3588AB0-0781-11CE-B03A-0020AF0BA770}"
[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemInputPin"
[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 31 80 8D 79 7A 55 64 BC 62 7F 00 20 95 4F 49"
[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FilterData" = "02 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00"
[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"(Default)" = "VGA 16 color ditherer"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}]
"(Default)" = "IAMStreamSelect"
[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"
[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFilterMapper"
[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "18"
[HKCR\file]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "21"
[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"(Default)" = "AVI Splitter"
[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}]
"(Default)" = "Audio Renderer"
[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"CLSID" = "{70E102B0-5556-11CE-97C0-00AA0055595A}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A1-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}]
"(Default)" = "VMR ImageSync"
[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoEncoder"
[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\https]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryAllocator"
[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "System Clock"
[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{4A2286E0-7BEF-11CE-9BD9-0000E202599C}"
[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "8"
[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMemAllocator"
[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"CLSID" = "{1643E180-90F5-11CE-97D5-00AA0055595A}"
[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"(Default)" = "Default Video Renderer"
[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}]
"(Default)" = "Performance Property Page"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A3-7548-11CF-A520-0080C77EF58A}"
[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}]
"(Default)" = "IDVEnc"
[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"CLSID" = "{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "File stream renderer"
[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}]
"(Default)" = "PSFactoryBuffer"
[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMStreamConfig"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"0" = "0,4,,3b4d554c"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"CLSID" = "{1B544C20-FD0B-11CE-8C63-00AA0044B51E}"
[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"CLSID" = "{301056D0-6DFF-11D2-9EEB-006008039E37}"
[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}]
"(Default)" = "IVideoFrameStep"
[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IFilterGraph2"
[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\NumMethods]
"(Default)" = "31"
[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMAnalogVideoDecoder"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeGenerator"
[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "42"
[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"CLSID" = "{336475D0-942A-11CE-A870-00AA002FEAB5}"
[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}]
"(Default)" = "IDvdControl2"
[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FriendlyName" = "QT Decompressor"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}]
"(Default)" = "IAMPushSource"
[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"(Default)" = "AVI Decompressor"
[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumRegFilters"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"1" = "4, 4, , 6d6f6f76"
"0" = "4, 4, , 6d646174"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FriendlyName" = "Line 21 Decoder 2"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"CLSID" = "{A888DF60-1E90-11CF-AC98-00AA004C0FA9}"
[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IBaseFilter"
[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]
"(Default)" = "DirectSound Audio Renderer"
[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "12"
[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (URL)"
[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"(Default)" = "Video Mixing Renderer 9"
[HKCR\Interface\{36B73882-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}]
"(Default)" = "Video Mixing Renderer"
[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoControl"
[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}]
"(Default)" = "VMR Allocator Presenter"
[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}]
"(Default)" = "Seeking"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"FriendlyName" = "Video Mixing Renderer 9"
[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Media Type\Extensions\.mp3]
"Media Type" = "{E436EB83-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}\NumMethods]
"(Default)" = "5"
[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}]
"(Default)" = "IDVRGB219"
[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"(Default)" = "Video Port Manager"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "MIDI Parser"
[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}]
"(Default)" = "IConfigInterleaving"
[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A5-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{56A868A3-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\Extensions\.mp3]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"FriendlyName" = "VGA 16 Color Ditherer"
[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IReferenceClock"
[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}]
"(Default)" = "Filter Mapper2"
[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}]
"(Default)" = "IFileSinkFilter"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{34151510-EEC0-11D2-8201-00A0C9D74842}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 68 03 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FriendlyName" = "SAMI (CC) Parser"
[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"(Default)" = "QT Decompressor"
[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Video Decoder Property Page"
[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTunerNotification"
[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}]
"(Default)" = "ICreateDevEnum"
[HKCR\Interface\{C6545BF1-E76B-11D0-BD52-00A0C911CE86}]
"(Default)" = "IAMDevMemoryControl"
[HKCR\Interface\{C6E133B0-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "10"
[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Graph no thread"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"FriendlyName" = "MPEG Audio Decoder"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
"CLSID" = "{51B4ABF3-748F-4E3B-A276-C828330E926A}"
[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}\NumMethods]
"(Default)" = "5"
[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 16, FFFFFFFFF100010001800001FFFFFFFF, 000001BA2100010001800001000001BB"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"CLSID" = "{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}"
[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMVideoProcAmp"
[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"CLSID" = "{07167665-5011-11CF-BF33-00AA0055595A}"
[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}\NumMethods]
"(Default)" = "12"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\NumMethods]
"(Default)" = "5"
[HKCR\Interface\{5A4A97E4-94EE-4A55-9751-74B5643AA27D}]
"(Default)" = "IDvdCmd"
[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}]
"(Default)" = "MPEG Audio Decoder Property Page"
[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IReferenceClock2"
[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{93E5A4E0-2D50-11D2-ABFA-00A0C9C6E38D}]
"(Default)" = "ICaptureGraphBuilder2"
[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper2"
[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "8"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FriendlyName" = "ACM Wrapper"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FriendlyName" = "MJPEG Decompressor"
[HKCR\Interface\{211A8761-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTuner"
[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "Filter Mapper"
[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "IAMStreamControl"
[HKCR\Interface\{56A868AF-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IDistributorNotify"
[HKCR\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A8689C-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"CLSID" = "{D51BD5A0-7548-11CF-A520-0080C77EF58A}"
[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Audio Codec"
[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"(Default)" = "ACM Wrapper"
[HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\Interface\{C6545BF0-E76B-11D0-BD52-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}]
"(Default)" = "VMR Mixer"
[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}]
"(Default)" = "IMediaPropertyBag"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"CLSID" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 40 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FilterData" = "02 00 00 00 00 00 20 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphBuilder"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"CLSID" = "{48025243-2D39-11CE-875D-00608CB78066}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
"FriendlyName" = "Full Screen Renderer"
[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}]
"(Default)" = "IAMAudioInputMixer"
[HKCR\Interface\{58473A19-2BC8-4663-8012-25F81BABDDD1}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}]
"(Default)" = "IVideoEncoder"
[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"FriendlyName" = "MJPEG Compressor"
[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}]
"(Default)" = "IAMTimecodeDisplay"
[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86892-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumPins"
[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"(Default)" = "MPEG-I Stream Splitter"
[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}]
"(Default)" = "MIDI Renderer"
[HKCR\Interface\{BF87B6E0-8C27-11D0-B3F0-00AA003761C5}]
"(Default)" = "ICaptureGraphBuilder"
[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{36B73885-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}]
"(Default)" = "IAMDeviceRemoval"
[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FriendlyName" = "AVI Splitter"
[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}]
"(Default)" = "IAMLatency"
[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{48025243-2D39-11CE-875D-00608CB78066}]
"(Default)" = "Internal Text Renderer"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"CLSID" = "{E4206432-01A1-4BEE-B3E1-3702C8EDC574}"
[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}\NumMethods]
"(Default)" = "18"
[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}]
"(Default)" = "DirectDraw Property Page"
[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}]
"(Default)" = "VMR Allocator Presenter DDXcl Mode"
[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}]
"(Default)" = "IConfigAviMux"
[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"CLSID" = "{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}"
[HKCR\Interface\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "9"
[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IPin"
[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IEnumFilters"
[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A4-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1BB05961-5FBF-11D2-A521-44DF07C10000}]
"(Default)" = "XML Graphbuilder"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,2e736e64"
[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{86303D6D-1C4A-4087-AB42-F711167048EF}]
"(Default)" = "IDvdState"
[HKCR\Interface\{C6E13343-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "14"
[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{33BC7430-EEC0-11D2-8201-00A0C9D74842}\NumMethods]
"(Default)" = "43"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
"CLSID" = "{CF49D4E0-1115-11CE-B03A-0020AF0BA770}"
[HKCR\Interface\{C6E13350-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"
[HKCR\CLSID\{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}\InProcServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{670D1D20-A068-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "4"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"FilterData" = "02 00 00 00 64 00 60 00 0A 00 00 00 00 00 00 00"
[HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"(Default)" = "MPEG Video Codec"
[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A868A9-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}]
"(Default)" = "IEnumMediaTypes"
[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IAsyncReader"
[HKCR\Interface\{5738E040-B67F-11D0-BD4D-00A0C911CE86}]
"(Default)" = "IPersistMediaPropertyBag"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "MIDI Parser"
[HKCR\Interface\{B79BB0B0-33C1-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{A70EFE60-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdInfo"
[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}]
"(Default)" = "IMemAllocatorNotifyCallbackTemp"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Compressor"
[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
"FriendlyName" = "AVI/WAV File Source"
[HKCR\Interface\{9B496CE0-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "9"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FriendlyName" = "Color Space Converter"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 52494646, 8, 8, , 43445841666D7420, 36, 20, FFFFFFFF00000000FFFFFFFFFFFFFFFFFFFFFFFF, 646174610000000000FFFFFFFFFFFFFFFFFFFF00"
[HKCR\Interface\{36B73880-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "20"
[HKCR\Interface\{56A8689F-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A86897-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"0" = "0, 5, FFFFFFFFC0 ,000001BA40"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
"FilterData" = "02 00 00 00 02 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{00855B90-CE1B-11D0-BD4F-00A0C911CE86}]
"(Default)" = "IFileSinkFilter2"
[HKCR\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
"(Default)" = "AVI Draw Filter"
[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}]
"(Default)" = "IDvdControl"
[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
"CLSID" = "{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}"
[HKCR\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaEventSink"
[HKCR\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"(Default)" = "SAMI (CC) Reader"
[HKCR\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "Multi-file Parser"
[HKCR\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{379A0CF0-C1DE-11D2-ABF5-00A0C905F375}\NumMethods]
"(Default)" = "11"
[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCrossbar"
[HKCR\Interface\{22320CB2-D41A-11D2-BF7C-D7CB9DF0BF93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}]
"(Default)" = "Memory Allocator"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FriendlyName" = "Video Port Manager"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"CLSID" = "{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}"
[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A86899-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IMediaFilter"
[HKCR\Interface\{9B496CE2-811B-11CF-8C77-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"FilterData" = "02 00 00 00 01 00 00 40 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
"CLSID" = "{FEB50740-7BEF-11CE-9BD9-0000E202599C}"
[HKCR\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}]
"(Default)" = "VMR Allocator Presenter 9"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"0" = "0, 4, , 000001B3"
[HKCR\Interface\{C6E13344-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{A70EFE61-E2A3-11D0-A9BE-00AA0061BE93}\NumMethods]
"(Default)" = "38"
[HKCR\Interface\{D18E17A0-AACB-11D0-AFB0-00AA00B67A42}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}]
"(Default)" = "Audio Renderer Advanced Properties"
[HKCR\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{901DB4C7-31CE-41A2-85DC-8FA0BF41B8DA}]
"(Default)" = "ICodecAPI"
[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "11"
[HKCR\Interface\{C6E13370-30AC-11D0-A18C-00A0C9118956}]
"(Default)" = "IAMCameraControl"
[HKCR\Interface\{56A86891-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "18"
[HKCR\Interface\{54C39221-8380-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "19"
[HKCR\CLSID\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56ED71A0-AF5F-11D0-B3F0-00AA003761C5}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Wave Parser"
[HKCR\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{56A868AC-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceManager"
[HKCR\Interface\{92980B30-C1DE-11D2-ABF5-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MJPEG Compressor]
"CLSID" = "{B80AB0A0-7416-11D2-9EEB-006008039E37}"
[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{9FD52741-176D-4B36-8F51-CA8F933223BE}]
"(Default)" = "IAMClockSlave"
[HKCR\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}]
"(Default)" = "Quality Management Property Page"
[HKCR\CLSID\{0618AA30-6BC4-11CF-BF36-00AA0055595A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}]
"(Default)" = "VMR Mixer 9"
[HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{B8E8BD60-0BFE-11D0-AF91-00AA00B67A42}]
"(Default)" = "IIPDVDec"
[HKCR\Interface\{56A868AA-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "QuickTime Movie Parser"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"
[HKCR\Interface\{36B73883-C2C8-11CF-8B46-00805F6CEF60}]
"(Default)" = "ISeekingPassThru"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,464f524d,8,4,,41494646"
"1" = "0,4,,464f524d,8,4,,41494643"
[HKCR\Interface\{02997C3B-8E1B-460E-9270-545E0DE9563E}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{211A8766-03AC-11D1-8D13-00AA00BD8339}]
"(Default)" = "IAMTVTuner"
[HKCR\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\NumMethods]
"(Default)" = "10"
[HKCR\CLSID\{CDA42200-BD88-11d0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"0" = "0,4,,52494646,8,4,,41564920"
[HKCR\Interface\{A03CD5F0-3045-11CF-8C44-00AA006B6814}]
"(Default)" = "IAMExtTransport"
[HKCR\Interface\{C6E13340-30AC-11D0-A18C-00A0C9118956}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\HTTP]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
"(Default)" = "File stream renderer"
[HKCR\Interface\{36B73881-C2C8-11CF-8B46-00805F6CEF60}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C6E13360-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{56A86895-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "15"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
"FilterData" = "02 00 00 00 00 00 60 00 03 00 00 00 00 00 00 00"
[HKCR\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}]
"(Default)" = "IAMExtDevice"
[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{56A8689D-0AD4-11CE-B03A-0020AF0BA770}\NumMethods]
"(Default)" = "9"
[HKCR\Interface\{56A868AB-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IGraphVersion"
[HKCR\Interface\{F938C991-3029-11CF-8C44-00AA006B6814}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\NumMethods]
"(Default)" = "11"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}]
"(Default)" = "VMR ImageSync 9"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
"FilterData" = "02 00 00 00 01 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{BEE3D220-157B-11D0-BD23-00A0C911CE86}\NumMethods]
"(Default)" = "7"
[HKCR\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"FilterData" = "02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{9B496CE1-811B-11CF-8C77-00AA006B6814}\NumMethods]
"(Default)" = "8"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"Source Filter" = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{A2104830-7C70-11CF-8BCE-00AA00A3F1A6}\NumMethods]
"(Default)" = "5"
[HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{B79BB0B1-33C1-11D1-ABE1-00A0C905F375}]
"(Default)" = "IFilterMapper3"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
"FilterData" = "02 00 00 00 01 00 80 00 01 00 00 00 00 00 00 00"
[HKCR\CLSID\{07167665-5011-11CF-BF33-00AA0055595A}]
"(Default)" = "Full Screen Renderer"
[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IQualityControl"
[HKCR\Interface\{C6E13380-30AC-11D0-A18C-00A0C9118956}\NumMethods]
"(Default)" = "8"
[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (Async.)"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}]
"(Default)" = "MJPEG Decompressor"
[HKCR\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A86893-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
"FriendlyName" = "MPEG-I Stream Splitter"
[HKCR\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
"FriendlyName" = "File Source (URL)"
[HKCR\Interface\{A3D8CEC0-7E5A-11CF-BBC5-00805F6CEF20}]
"(Default)" = "IAMovieSetup"
[HKCR\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\Interface\{56A868A6-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IFileSourceFilter"
[HKCR\Interface\{6025A880-C0D5-11D0-BD4E-00A0C911CE86}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{5ACD6AA0-F482-11CE-8B67-00AA00A3F1A6}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{632105FA-072E-11D3-8AF9-00C04FB6BD3D}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868AD-0AD4-11CE-B03A-0020AF0BA770}]
"(Default)" = "IResourceConsumer"
[HKCR\Interface\{29840822-5B84-11D0-BD3B-00A0C911CE86}\NumMethods]
"(Default)" = "4"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"CLSID" = "{33FACFE0-A9BE-11D0-A520-00A0D10129C0}"
[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}]
"(Default)" = "IKsPropertySet"
[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}]
"(Default)" = "CMediaPropertyBag"
[HKCR\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32]
"(Default)" = "%System%\quartz.dll"
[HKCR\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "IPersistMoniker Plug In Distributor"
[HKCR\gopher]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"FriendlyName" = "Multi-file Parser"
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"FilterData" = "02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00"
[HKCR\Interface\{56A868A5-0AD4-11CE-B03A-0020AF0BA770}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{F185FE76-E64E-11D2-B76E-00C04FB6BD3D}\NumMethods]
"(Default)" = "10"
[HKCR\Interface\{89C31040-846B-11CE-97D3-00AA0055595A}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{31EFAC30-515C-11D0-A9AA-00AA0061BE93}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\Interface\{62FAE250-7E65-4460-BFC9-6398B322073C}]
"(Default)" = "IAMOverlayFX"
[HKCR\Interface\{62EA93BA-EC62-11D2-B770-00C04FB6BD3D}\NumMethods]
"(Default)" = "4"
[HKCR\Interface\{211A8760-03AC-11D1-8D13-00AA00BD8339}\NumMethods]
"(Default)" = "4"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"1" = "0,4,,4D546864"
"0" = "0,4,,52494646,8,4,,524D4944"
[HKCR\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32]
"ThreadingModel" = "Both"
[HKCR\Interface\{C1960960-17F5-11D1-ABE1-00A0C905F375}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{F90A6130-B658-11D2-AE49-0000F8754B99}\NumMethods]
"(Default)" = "6"
[HKCR\Interface\{70423839-6ACC-4B23-B079-21DBF08156A5}\ProxyStubClsid32]
"(Default)" = "{92A3A302-DA7C-4A1F-BA7E-1802BB5D2D02}"
[HKCR\ftp]
"Source Filter" = "{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKCR\Interface\{E46A9787-2B71-444D-A4B5-1FAB7B708D6A}\NumMethods]
"(Default)" = "6"
[HKCR\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
"(Default)" = "File Source (Async.)"
[HKCR\Media Type\Extensions\.mp3]
"SubType" = "{E436EB87-524F-11CE-9F53-0020AF0BA770}"
The Trojan deletes the following registry key(s):
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48025243-2D39-11CE-875D-00608CB78066}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}]
[HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}]
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
The process rundll32.exe:244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"DisplayName" = "风行视频加速"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"UninstallString" = "%Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 52 35 46 F7 2F CD 94 02 C7 1A FC 51 7F C0 CE"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"DisplayIcon" = "%Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process rundll32.exe:1748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"DisplayName" = "风行视频加速"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"UninstallString" = "%Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "24 FA DD 57 0C C4 0C 51 72 C4 B3 66 DD A4 7B D1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FunAccelerator]
"DisplayIcon" = "%Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process rundll32.exe:316 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 F4 B2 46 53 99 E0 F2 79 8E E6 7B 27 28 7A 0B"
The process rundll32.exe:1584 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A C2 F0 5D 38 5E 22 C7 D9 A3 E0 AA FF 69 CD 48"
The process rundll32.exe:552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB]
"Blob" = "19 00 00 00 01 00 00 00 10 00 00 00 2E E0 C8 90"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\SystemSres]
"(Default)" = "2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 8C CA DC 0B"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 57 BD 06 6A BB D8 B8 35 6D 50 E3 4A 23 04 5F"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"B94294BF91EA8FB64BE61097C7FB001359B676CB"
"91C6D6EE3E8AC86384E548C299295C756C817B81"
The process AptShadow.exe:1340 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"
[HKCU\Software\SystemSres]
"mac" = "DFÒª8«áÆÃÂÂ^ªm"
"sioiname" = "Alvin"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\SystemSres]
"aptid" = "109"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\SystemSres]
"accedirid" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\SystemSres]
"accedir" = "%Documents and Settings%\All Users\Application Data\FunAcce"
"seedname" = "Alvin"
"Guid" = "312B5EC4-1A2C-43c6-B94F-DDA626E3A741"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\SystemSres]
"(Default)" = "2"
"AppVersion" = "238"
"cid" = "1021001"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D4 7D 35 C3 13 30 D3 57 90 ED A8 0A 36 67 FE A7"
[HKCU\Software\SystemSres]
"aptdir" = "%Documents and Settings%\%current user%\Application Data\Adair"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\SystemSres]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
| MD5 | File path |
|---|---|
| 3b78f9f538de8f94629b8c7560fc0de7 | c:\Documents and Settings\All Users\Application Data\FunAcce\Condor.dll |
| b91cf5b4272ebae70f42eeec1a2b87ba | c:\Documents and Settings\All Users\Application Data\FunAcce\Cuckoo.dll |
| d72cab1c5d4bb4b6fb6a2abb65730ef1 | c:\Documents and Settings\All Users\Application Data\FunAcce\Firemanii.dll |
| 23ee72ede59340aec766884bee2f3975 | c:\Documents and Settings\All Users\Application Data\FunAcce\FunAcce.dll |
| 8504b31558378876142d64c4e5110e65 | c:\Documents and Settings\All Users\Application Data\FunAcce\FunAcceil.dll |
| 5e60ec89504922efb28acbf05b785c7e | c:\Documents and Settings\All Users\Application Data\FunAcce\FunKoala.dll |
| f6bbd969ac1fde449b8848ad51037042 | c:\Documents and Settings\All Users\Application Data\FunAcce\Glede.dll |
| b53077a3c0545e2367287c27db44fcce | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\Alvin.dll |
| a360fe7dc003d15eddbc8ff9d0583c6a | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\AptNail.dll |
| fed2535b35e5d3053cd7be43381fb760 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\AptRegIns.dll |
| 2d10e94899fcd7e450489ab41c987428 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\AptRelay.exe |
| 0599d0cc033dfd260ca84d4473cb2d5d | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\AptShadow.exe |
| a74c0cb58bf8f336e28a97e7482db0fd | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\Fireman.dll |
| cabb28abe5dcfb46e03a3d31d4707e1d | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunBSS.dll |
| 251ad4b2b6de2c275b5b7d8eb61f1a39 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunDodge.dll |
| 5e60ec89504922efb28acbf05b785c7e | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunKoala.dll |
| e911c1b9c3fdbc25510844f43589f9b9 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunKoala64.dll |
| 042ace2a209f537bb9402a563894cf9e | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunNail.dll |
| 88e4efe8e883474a36ad5d86cf7616aa | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunNest.dll |
| d35d8147c839b097ca52aafd9e090521 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunSeed64.dll |
| 9761e27af2adb52e53d303f6b2a8c00f | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunWorks.dll |
| 10219bbb20b4d6b8a29cea5fd4c847c2 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\FunWorks64.dll |
| faa6a0e2c54c289447e2608937036fe1 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\Inst.dll |
| 17702ce6fde175df7b1604f8037eeae0 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\Turkey.dll |
| bdfef0087277ef071ab3aff6f1b50bb9 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\gma.dll |
| acbcc54caf60240a72bcaa02715d61a2 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adair\uninst.exe |
| acbcc54caf60240a72bcaa02715d61a2 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\FunUninst\uninst.exe |
| a360fe7dc003d15eddbc8ff9d0583c6a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\AptNail.dll |
| fed2535b35e5d3053cd7be43381fb760 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\AptRegIns.dll |
| 2d10e94899fcd7e450489ab41c987428 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\AptRelay.exe |
| 0599d0cc033dfd260ca84d4473cb2d5d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\AptShadow.exe |
| d3e01788ac1ba20d21a1553c9c4da9f4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunDodge.dll |
| 5e60ec89504922efb28acbf05b785c7e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunKoala.dll |
| e911c1b9c3fdbc25510844f43589f9b9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunKoala64.dll |
| 042ace2a209f537bb9402a563894cf9e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunNail.dll |
| a43578f82fabf00c6e28e70a21e2ce5a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunSeed.dll |
| d35d8147c839b097ca52aafd9e090521 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunSeed64.dll |
| 75d8f292df140184e77c0df0cd3f2665 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunWorks.dll |
| 10219bbb20b4d6b8a29cea5fd4c847c2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\FunWorks64.dll |
| faa6a0e2c54c289447e2608937036fe1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\Inst.dll |
| 17702ce6fde175df7b1604f8037eeae0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\Turkey.dll |
| bdfef0087277ef071ab3aff6f1b50bb9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\gma.dll |
| acbcc54caf60240a72bcaa02715d61a2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1460843537AptShadow\uninst.exe |
| 0560f8cbc1d458643de18b3b8adda50a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl.dll |
| 9f8afa1e7da23ab551098cd9a33f5be7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl64.dll |
| 7d8492d8c97ee169f2ad9463c7e023e5 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\npFunshion.dll |
| 21e9763b1fcbd36921eef7891cb51f25 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAAC.ax |
| f1f67cf59740660f92e24c73be43b173 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAVC.ax |
| c931afaf539eddb133de31fe25ef73d8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CrashReport.exe |
| 5498100d431300c83694349062db023f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsLibrary.exe |
| c33f008f3fac895871baa0f278b1faf0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar.dll |
| 0d2b18096687b18f74010988e0a6b5b7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar64.dll |
| f14fa9fa26d5aad0d7eb22024833c8c9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt.dll |
| 86ff7bfa6861cd2a54f4a37c0e4b5f77 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt64.dll |
| cd2bc634a7239ecf38e9b4796efc06c3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Funshion.exe |
| 4b98335b3099f3e833450364226fb84b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionService.exe |
| f0fe16bedbdda07242f12d4b3b9eb924 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionUpgrade.exe |
| 5e661356f6b91542dd2de464720ba25a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionWeb.exe |
| 0c14d0f673d3a6ceff5577d38b8e62a3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\SimpleIE.dll |
| 1c8e469db2c63bdd2a4d4ce0046f6292 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Uninstall.exe |
| 9041760ae06df9f579910f31c57bf8ab | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\atrc.dll |
| 22737440d1884f12fdd95b4646fe4fbd | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avcodec-55.dll |
| 01442363c5421a57b0703710b6f4db5c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avutil-52.dll |
| 470bbfd3daa0732a9a3b5e600d704893 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\cook.dll |
| 8bd971111ced776d76c1612906f7bbcc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\drvc.dll |
| ccf2c4e45e00550ea7ce25cd9793f6ae | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\fpvddec.ax |
| 56e8aeeed46973f4f86881436432f4f4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\funshionplugin2.dll |
| c42812074fe40fea76d42786ff0ff0ff | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\pncrt.dll |
| 671ff98a682467dc001aa5e9638f9140 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\swscale-2.dll |
| 7b66ae6fc6279896858210b1d7c8b898 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SetupFiles\3.0.3.86\winusb.dll |
| 27a3971273c3b8b5f2f60537ff4ae1a2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\tools\CrashReport.exe |
| 0f35c14ffe3f0425e77099b618d6ebae | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\tools\gma.dll |
| 0894009b88a805e5412be16338506525 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\tools\zlib1.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1832
regsvr32.exe:1472
regsvr32.exe:188
regsvr32.exe:1628
regsvr32.exe:816
rundll32.exe:244
rundll32.exe:1748
rundll32.exe:316
rundll32.exe:1584
rundll32.exe:552
AptShadow.exe:1340 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_game.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBarMiniVolume.png (648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionWeb.exe (6413 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\扑克王.jpg (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPause.png (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunWorks64.dll (3715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MobileTaskNum.png (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSliderBar.png (122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniMinView.png (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptShadow.exe (1832 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskListLastPlayStatIcons.png (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpErrorUI.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mttransferbtn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\BkTransferProgressForeground.png (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_close.png (444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\QRCodeBk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\ä¸ÂÂ国梦之声 第二å£.jpg (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_normal.png (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnSimple.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskDownLoad.png (766 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CheckBox.png (583 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ListScrollBarVerWidgetMid.png (427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DownloadJsonClose.png (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Expand.png (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\logo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MenuUpdateQQ.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\分手大师.jpg (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpQuestion.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\back_play.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskBarMobileIcon.png (698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\pncrt.dll (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VolumeNoMute.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ClearDisk.png (771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerBkgnd.png (133 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunNail.dll (6401 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mobileClose.png (884 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPreMini.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\WndCloseBtn.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TrayWndclose.png (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\icon\MP4.ico (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtcompeltebtn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\001_幻影车神:éÂÂâ€Âç›â€â€ÃƒÂ¦Ã‚¿â‚¬Ã¦Æ’….fsv (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBK.png (93 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\ç»ÂÂå…¸çâ€Âµå½±\001_终结者.fsv (492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\002_为奴åÂÂÂÂ二年.fsv (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\tools.7z (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconngray.png (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ShowPlayInfoBtn.png (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Search.png (451 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\008_倒霉熊.fsv (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_close.png (429 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\new.png (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\09UPKJAB\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_qq.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_background.png (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\003_暴力è¡â€â€ÃƒÂ¥Ã…’º.fsv (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\refresbtn.png (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (2340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DLNA_PC.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\pos.ini (593 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[2].txt (462 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerBkgndOption.png (109 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\minibottombar_bg.png (93 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_min.png (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\images.xml (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnfailtip.png (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\奇葩一家亲.jpg (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\FullScreen.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpPrompt.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bk.png (94 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\005_马å‘阳下乡记.fsv (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnfail.png (590 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniVolumeMute.png (704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtdelhistory.png (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Normal.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\gma.dll (319 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\为奴åÂÂÂÂ二年.jpg (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\connect.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PutDesktop.png (755 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\zlib1.dll (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_mall.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\007_爷们儿.fsv (486 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WWC1RTEY\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\deletetips.png (751 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\终结者.jpg (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\playtips.png (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\猫和è€ÂÂé¼ .jpg (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionService.exe (39950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBar.png (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Scroll.gif (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpError.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnTop.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\探索.jpg (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\暴力è¡â€â€ÃƒÂ¥Ã…’º.jpg (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\AdTimer.png (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl64.dll (274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_menu.png (400 bytes)
%System%\funshion.ini (331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\风行çƒÂÂæ’ÂÂ\001_分手大师.fsv (519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarBack.png (865 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\港å°剧场\001_泡沫之å¤ÂÂ.fsv (515 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\Default0.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\icon\RMVB.ico (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\综艺娱ä¹ÂÂ\001_超级先çâ€ÂŸ.fsv (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar64.dll (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VolumeMute.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\GeneralButtonBk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\close.png (625 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionUpgrade.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\documents.ico (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\马å‘阳下乡记.jpg (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlMiniBtn.png (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Go.png (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptRegIns.dll (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayBarLength.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ShdaowWndBk.png (430 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\动漫å¡通\001_猫和è€ÂÂé¼ .fsv (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsLibrary.exe (9606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\爷们儿.jpg (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPre.png (423 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniVolumeNoMute.png (858 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptRelay.exe (146 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\GameHighlight.png (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarHomePage.png (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayLength.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\Inst.dll (1731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnStopMini.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\drvc.dll (271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\fundata.7z (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ScrollBarVerWidgetMid.png (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunKoala.dll (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\select.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\CrashReport.exe (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\swscale-2.dll (1707 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\AptNail.dll (1787 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4PEF4DAN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunDodge.dll (1613 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\fpvddec.ax (6323 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpYellowQuestion.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avutil-52.dll (321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSliderBarLeft.png (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt64.dll (1742 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnVolumeMute.png (733 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\bmpError2.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\BkTransferProgressBkground.png (96 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\logoTray.png (556 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlayList.png (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FunshionGame2.ico (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\009_探索.fsv (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniTopView.png (464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CompletelyPutDesktop.png (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\funoictl.dll (270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\谈判冤家.jpg (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_btn_close.png (777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_qqErrorUI.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AHORUPMD\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\006_谈判冤家.fsv (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\泡沫之å¤ÂÂ.jpg (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtaddtasktips.png (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\NewLogo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\VoiceBtn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\funshionplugin2.dll (20507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnred.png (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\StartPage.jpg (1613 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\atrc.dll (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\玻璃鞋.jpg (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlaySound.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsMediaBar.dll (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ExitFullScreen.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniStandard.png (529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DelListDescend.png (170 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBarMini.png (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\avcodec-55.dll (20507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\内地剧场\001_奇葩一家亲.fsv (484 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\funshiontmp\setup.ini (282 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mttasktips.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayList.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAVC.ax (276 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_max.png (311 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IncCientNum.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlSetBtn.png (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Funshion.exe (39950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionBtnDownArrow.png (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayTrackBar.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnVolume.png (905 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlay.png (865 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_player.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskMobileIcon.png (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\最新çâ€Âµå½±\001_海神密ç ÂÂ.fsv (537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniFullView.png (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniPlayBufferLength.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\LeftBottomPrompt.png (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\SeedIcon.ico (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtheartsmall.png (445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\Playerdlna.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\InstallBubble.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskDelete.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlIcon.png (589 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\超级先çâ€ÂŸ.jpg (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FunshionTools\npFunshion.dll (1664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\FsShlExt.dll (1868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Funshop4.ico (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniRangeSound.png (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\scrollbar_dlna.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\tsk.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\update.ico (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNonTop.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskPaused.png (435 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\OptionSpliderThumb.png (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\ClearFile.png (518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNextMini.png (445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunSeed.dll (305 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tools\gma.dll (1776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\Uninstall.exe (3912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CoreAAC.ax (3684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPauseMini.png (351 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CleanFileBtn.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\海外剧场\001_玻璃鞋.fsv (459 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtheartbig.png (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniClose.png (383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\RadioBox.png (825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnStop.png (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_button.png (457 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnErCode.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mobilePopClose.png (747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnPlayMini.png (670 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\CrashReport.exe (3885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\TaskListStatIcons.png (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtconnectbtn.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\AddMore.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunKoala64.dll (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\SetupFiles.7z (53851 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\010_ä¸ÂÂ国梦之声 第二å£.fsv (647 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\LogoMini.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\ssdodge.daw (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunWorks.dll (1795 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlCloseBtn.png (612 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\海神密ç ÂÂ.jpg (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\winusb.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\IeToolBarRefresh.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\幻影车神:éÂÂâ€Âç›â€â€ÃƒÂ¦Ã‚¿â‚¬Ã¦Æ’….jpg (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\CallbackBubble.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\DelListAscend.png (169 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\btn_library.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\FunSeed64.dll (1626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\uninst.exe (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\funshion.ini (993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\connectMobile.png (2 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@funshion[1].txt (450 bytes)
%Documents and Settings%\%current user%\funshion.ini (2073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\mtpcmobile.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\downtomobiletips.png (908 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\cook.dll (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\updater_projection.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PopUrlCloseBtnAbnormal.png (918 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\desktop.ico (1649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\fsv\004_扑克王.fsv (481 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\sys_help.png (988 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\Default1.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\PlayerBarBtnNext.png (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\skin2\default\MiniNonTopView.png (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1460843537AptShadow\Turkey.dll (1747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\Funshion\SimpleIE.dll (146 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SetupFiles\3.0.3.86\FsLibrary\poster\倒霉熊.jpg (13 bytes)
%Documents and Settings%\%current user%\Application Data\FunUninst\uninstconfig.ini (122 bytes)
%Documents and Settings%\%current user%\Application Data\FunUninst\uninst.exe (1281 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Uninstall_new.daw (308 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\CD9C747F40EEA288D73938D33144F716 (140 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B (176 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcceil_new.daw (324 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala64_new.daw (308 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\31294006CE0E30E9018936BD13494DF8 (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B (500 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\31294006CE0E30E9018936BD13494DF8 (172 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunBSS_new.dll (32816 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\config.ini (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (49 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Glede_new.dll (31584 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Turkey_new.daw (1 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Condor_new.daw (596 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\CD9C747F40EEA288D73938D33144F716 (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (2712 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunNest_new.daw (1 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcceil_new.dll (25080 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunBSS64_new.daw (2 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Firemanii_new.daw (308 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunNest64_new.daw (1 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Uninstall_new.exe (15904 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala_new.dll (11704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (49 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Glede_new.daw (12 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Condor_new.dll (16664 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcce_new.daw (308 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Cuckoo_new.dll (33720 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunNest_new.dll (28320 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Cuckoo_new.daw (308 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunAcce_new.dll (24248 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala_new.daw (308 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\Firemanii_new.dll (31256 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunKoala64_new.dll (13784 bytes)
%Documents and Settings%\All Users\Application Data\FunAcce\FunBSS_new.daw (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\gma.dll (12769 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\fundata.7z (7726 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Inst.dll (17857 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunWorks64.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunNail.dll (7345 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\uninst.exe (10601 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Fireman.dll (13584 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunDodge.dll (14129 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunKoala.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunSeed64.dll (2105 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\sFunWorks.daw (172 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\ssdodge.daw (2 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptNail.dll (20017 bytes)
%Documents and Settings%\%current user%\Application Data\FunUninst\bugrecord.daw (252 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunKoala64.dll (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunWorks.dll (20921 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\Turkey.dll (19361 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptShadow.exe (3361 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\SeedIcon.ico (815 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\foamii.zip (98142 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptRegIns.dll (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\FunSeed.dll (16593 bytes)
%Documents and Settings%\%current user%\Application Data\Adair\AptRelay.exe (673 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Static Analysis
VersionInfo
Company Name: ????????????
Product Name: Funshion
Product Version: 3.0.3.86
Legal Copyright: Copyright (C) 2005-2013 All Rights Reserved.
Legal Trademarks:
Original Filename: FunshionInstal.exe
Internal Name: Install.exe
File Version: 3.0.3.86
File Description: Funshion Installation
Comments:
Language: English (United States)
Company Name: ????????????Product Name: FunshionProduct Version: 3.0.3.86Legal Copyright: Copyright (C) 2005-2013 All Rights Reserved.Legal Trademarks: Original Filename: FunshionInstal.exeInternal Name: Install.exeFile Version: 3.0.3.86File Description: Funshion InstallationComments: Language: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 640270 | 640512 | 4.57535 | 6fdc660073ddffe36e9f8335e431de35 |
| .rdata | 647168 | 151726 | 152064 | 3.14527 | d297f50ac05c0e1945c273aed7e55d47 |
| .data | 802816 | 50944 | 30208 | 3.51513 | 970eeff33d5e4063d57e941b74b8d3b4 |
| .tls | 856064 | 2 | 512 | 0 | bf619eac0cdf3f68d496ea9344137e8b |
| .rsrc | 860160 | 9316636 | 9316864 | 5.54474 | 73920a874c62423d9044b980a453d97f |
| .reloc | 10178560 | 88246 | 88576 | 2.936 | 949c88bd3e0e5a30005f2b49d136db8f |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://stat.funshion.net/client/tmp?rprotocol=2*_*fck=146084353780820*_*mac=DFC6D05EAA6D*_*guid=04DB7C48-3217-418d-8ED8-A8DB00DAA475*_*userid=*_*fpc=*_*version=3.0.3.86*_*sid=*_*vvid=6482112ef6bcac819aef3bec15548cd6*_*type=aptshadow*_*param=0_0_1340 | 120.131.127.52 |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13888*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF3222528253341306320^252m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=1|-1 | 120.131.127.52 |
| hxxp://stat.funshion.net/client/cinstall?rprotocol=1*_*mac=DFC6D05EAA6D*_*fck=146084353780820*_*guid=04DB7C48-3217-418d-8ED8-A8DB00DAA475*_*md5=7e6595c1a1e1fba033d52ddcaecf93d7*_*modifyhistory=2.13.1.2*_*os=1*_*over=*_*cver=3.0.3.86*_*cid=*_*cidn=*_*startmode=5*_*imode=normal*_*itype=first*_*cusinstall=*_*preparetime=*_*choosetime=*_*installtime=*_*installresult=*_*repairar=4 | 120.131.127.52 |
| hxxp://fld.funshion.com/upgrade/is_upgrade?bid=52&app_version=0 | 114.66.198.9 |
| hxxp://fld.funshion.com/upgrade/upgrade?bid=52 | 114.66.198.9 |
| hxxp://u955.v.qingcdn.com/airport/files/foam1.zip | |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=137.FunDodge*_*actionresult=13701*_*actionobjectver=635e31524451554246*_*channelid=*_*mac=*_*guid=45DC26AB-D697-4a1e-9479-5D27EFD7A7F4*_*name=FunDodge*_*version=3.0.0.3*_*actiontime=*_*pullupname=AptShadow.exe*_*pullupversion=3.0.3.0*_*cid=1002048*_*aptid=-1 | 120.131.127.52 |
| hxxp://stat.funshion.net/tools/radarboot?rprotocol=2*_*bootmethod=100*_*mac=DF3222528253341306320^252m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*fck=146084353780820*_*stamp=1460843557*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*parentname=*_*parentversion=*_*info=*_*cid=1002048*_*aptid=-1*_*accedirid= | 120.131.127.52 |
| hxxp://fld.funshion.com/interface/platform?pid=3&ver= | 114.66.198.9 |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/43979.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/5764/43979/FunAcce.dll | |
| hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt | |
| hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab | |
| hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt | |
| hxxp://e6845.dscb1.akamaiedge.net/ThawtePCA.crl | |
| hxxp://e6845.dscb1.akamaiedge.net/th.crl | |
| hxxp://a177.d.akamai.net/ca1-tsa.cer | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/4666.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/190/190/FunAcceil.dll | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/64823.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/7286/64823/Condor.dll | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/68768.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/7526/68768/FunBSS.dll | |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13891*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF3222528253341306320^252m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 | 120.131.127.52 |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/68769.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/68770.daw | |
| hxxp://u955.v.qingcdn.com/tools/priv/.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/7528/68770/FunNest.dll | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/68771.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/55338.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/6393/53625/Cuckoo.dll | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/68772.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/6957/61314/Glede.dll | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/64824.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/7287/64824/Firemanii.dll | |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13810*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF3222528253341306320^252m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 | 120.131.127.52 |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13874*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 | 120.131.127.52 |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13874*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP|Alvin*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 | 120.131.127.52 |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53001*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 | 120.131.127.52 |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/166.daw | |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13838*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP|Alvin*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 | 120.131.127.52 |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53002*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 | 120.131.127.52 |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/166/166/FunKoala.dll | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/169.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/169/169/FunKoala64.dll | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/app/173.daw | |
| hxxp://u955.v.qingcdn.com/download/fairyland/files/tk/173/173/Uninstall.exe | |
| hxxp://stat.funshion.net/tools/radaraction?rprotocol=2*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*fck=146084353780820*_*stamp=1460843605*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*action=1*_*actionresult=100*_*actionobject=*_*actionobjectver=*_*info=T3:0;W9_43979:0;L9_43979:0;W10_4666:0;L10_4666:0;W11_64823:0;L11_64823:0;W12_68768:0;L12_68768:0;W13_68769:0;W14_68770:0;L14_68770:0;W15_68771:0;W20_55338:0;L20_55338:0;W23_68772:0;L23_68772:0;W25_64824:0;L25_64824:0;W27_166:0;L27_166:0;W28_169:0;L28_169:0;W31_173:0;L31_173:0*_*cid=1021001*_*aptid=109*_*accedirid=1 | 120.131.127.52 |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=137.FunDodge*_*actionresult=13701*_*actionobjectver=635e31524451554246*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=B50C049A-D044-46ea-BDB1-6871B2DCEAF3*_*name=FunDodge*_*version=3.0.0.3*_*actiontime=*_*pullupname=turkey.dll*_*pullupversion=*_*cid=1021001*_*aptid=109 | 120.131.127.52 |
| hxxp://stat.funshion.net/tools/radaraction?rprotocol=2*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*fck=146084353780820*_*stamp=1460843606*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*action=2*_*actionresult=-2*_*actionobject=*_*actionobjectver=*_*info=*_*cid=1021001*_*aptid=109*_*accedirid=1 | 120.131.127.52 |
| hxxp://neirong.funshion.com/download/fairyland/files/tk/6957/61314/Glede.dll | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/tk/166/166/FunKoala.dll | 14.152.58.13 |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13891*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 | 120.131.127.52 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/68769.daw | 14.152.58.13 |
| hxxp://stat.funshion.net/tools/radarboot?rprotocol=2*_*bootmethod=100*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*fck=146084353780820*_*stamp=1460843557*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*parentname=*_*parentversion=*_*info=*_*cid=1002048*_*aptid=-1*_*accedirid= | 120.131.127.52 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/64824.daw | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/tk/7287/64824/Firemanii.dll | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/tk/190/190/FunAcceil.dll | 14.152.58.13 |
| hxxp://th.symcb.com/th.crl | 23.43.133.163 |
| hxxp://aia1.wosign.com/ca1-tsa.cer | 212.30.134.159 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/68770.daw | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/43979.daw | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/tk/5764/43979/FunAcce.dll | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/68768.daw | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/4666.daw | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/68771.daw | 14.152.58.13 |
| hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | 212.30.134.176 |
| hxxp://neirong.funshion.com/download/fairyland/files/tk/7286/64823/Condor.dll | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/tk/6393/53625/Cuckoo.dll | 14.152.58.13 |
| hxxp://neirong.funshion.com/airport/files/foam1.zip | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/166.daw | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/68772.daw | 14.152.58.13 |
| hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt | 212.30.134.176 |
| hxxp://crl.thawte.com/ThawtePCA.crl | 23.43.133.163 |
| hxxp://neirong.funshion.com/download/fairyland/files/tk/169/169/FunKoala64.dll | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/64823.daw | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/55338.daw | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/tk/7528/68770/FunNest.dll | 14.152.58.13 |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13888*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=1|-1 | 120.131.127.52 |
| hxxp://neirong.funshion.com/download/fairyland/files/tk/7526/68768/FunBSS.dll | 14.152.58.13 |
| hxxp://stat.funshion.net/tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13810*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 | 120.131.127.52 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/169.daw | 14.152.58.13 |
| hxxp://neirong.funshion.com/tools/priv/.daw | 14.152.58.13 |
| hxxp://neirong.funshion.com/download/fairyland/files/app/173.daw | 14.152.58.13 |
| hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt | 212.30.134.176 |
| hxxp://neirong.funshion.com/download/fairyland/files/tk/173/173/Uninstall.exe | 14.152.58.13 |
| neirong.funshion.net | 87.245.198.84 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13888*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=1|-1 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:52:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:52:11 GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-alive..Expires: Sat, 16 Apr 2016 21:52:11 GMT..Cache-Control: max-age=0..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..
GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13891*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:52:44 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:44 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:52:44 GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-alive..Expires: Sat, 16 Apr 2016 21:52:44 GMT..Cache-Control: max-age=0..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..
GET /client/tmp?rprotocol=2*_*fck=146084353780820*_*mac=DFC6D05EAA6D*_*guid=04DB7C48-3217-418d-8ED8-A8DB00DAA475*_*userid=*_*fpc=*_*version=3.0.3.86*_*sid=*_*vvid=6482112ef6bcac819aef3bec15548cd6*_*type=aptshadow*_*param=0_0_1340 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:52:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:52:11 GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-alive..Expires: Sat, 16 Apr 2016 21:52:11 GMT..Cache-Control: max-age=0..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0......
GET /client/cinstall?rprotocol=1*_*mac=DFC6D05EAA6D*_*fck=146084353780820*_*guid=04DB7C48-3217-418d-8ED8-A8DB00DAA475*_*md5=7e6595c1a1e1fba033d52ddcaecf93d7*_*modifyhistory=2.13.1.2*_*os=1*_*over=*_*cver=3.0.3.86*_*cid=*_*cidn=*_*startmode=5*_*imode=normal*_*itype=first*_*cusinstall=*_*preparetime=*_*choosetime=*_*installtime=*_*installresult=*_*repairar=4 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:52:12 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:12 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:52:12 GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-alive..Expires: Sat, 16 Apr 2016 21:52:12 GMT..Cache-Control: max-age=0..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Thu, 28 Jan 2016 17:51:53 GMT
Accept-Ranges: bytes
ETag: "80823092f459d11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Date: Sat, 16 Apr 2016 21:52:35 GMT
Connection: keep-alive
X-CCC: RU
X-CID: 2
1401D159F4929680B9....
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Thu, 28 Jan 2016 18:43:43 GMT
Accept-Ranges: bytes
ETag: "80d9e4cffb59d11:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Content-Length: 49661
Date: Sat, 16 Apr 2016 21:52:35 GMT
Connection: keep-alive
X-CCC: RU
X-CID: 2
MSCF............,...................I.......d.........<H.T .authroot.stl. ..-.8..CK...<Tk........./.........Z..e..P..D.&.BRTH...E..E.b.["$qS)....-...[..}.o~g...q...Y...n...........aF\!.lI.4..0..ef.W.....C`....Y..F.D5...Y.A....1.|..c.1...Nc.Y..x..D...NP[FX...O.s@.aN.....'.B......."(~3z-.@~..|}(.......g4.p.........h.n.dQz..t.V.......;.....Q...d/../.pJ...6....E...A.@..]..T9..28..,..p...).....P:}.K...]=.7X.f..9..yB.P....uP$$...Q.u..y..".=......7...........#.X..P.8....>U....v.[.$.e...H.@~..........ea`.3...tLX...].-....<.........v.....M../..z6.t^.....p....M...v(CP%F.......!eX..a...-..G.....S%..l.....Y..(.*.-....C.L0...G.....).rm8...(7.T{.Q...."...B`H.....3..9..-..Vv.5Q.e.W.../...RY.v.P. .........l......8'.&z......3.;:...U4.."....yu... .."....d .e/7.;.XD*tn%$.........];..fY.R...7.....o.=xh...]..4...\.:...v....t..9 .nO.i}.T../(uke..p.&.6.E#.=b...@.R.P...*.s....h......(/.s.%.3g...:*X.].7.IE....E,.w.8......v...r4.qOh}~..E.5t...l...(*..2....`..F..".a:.t....9...W.kO?5..=..HhYrI.Sf..[:...3..2..)DB...;......(...B.......U(...._F./#.k@....9c.Y..G'..]...p..;M_o..~.3?.}.1M.5.f5)._......t _.6...l..K....OsY.0......H...^..\$P;U....8..)...1........J...uE..#n.......h.......17.P=,P.....}z.&..../..a.........p@.|KB..o.E..|..o.mr......m=.(v.:.i....@..I..w>4y....P........F...&... ....r$d..{B...)..A.`..x4E'~`V.."..(..(./G...@_Q`.....O...~`..~...x..KN~....Dko/A{..!...W..G,`)...*...#......q`..H.........%m..G....5..4.....?.......F...{.%..2....l.L....."...Y........ ...].\........... D..Y...!1..*.....M?..G..A.|Ex......~...s.!.=..
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Thu, 23 Jul 2015 23:16:35 GMT
Accept-Ranges: bytes
ETag: "80b4b9e9dc5d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1060
Date: Sat, 16 Apr 2016 21:52:36 GMT
Connection: keep-alive
X-CCC: RU
X-CID: 2
0.. 0..........4N.W ...I./.7. m0...*.H........0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006 thawte, Inc. - For authorized use only1.0...U....thawte Primary Root CA0...061117000000Z..360716235959Z0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006 thawte, Inc. - For authorized use only1.0...U....thawte Primary Root CA0.."0...*.H.............0.............Y.......Ys..E..,nh.l[HhIY7..3..w...-.4...M.......6....$_...D....bo.Z...(.\...z..tf/j8...TD......o...N.).>........~.....qe..Q{..."`..[....Q[.........b.. ..N.Ld....X.JO.h....J../..|qr...g.2...\......S} .......jR...6.w.{.PD.>n)i.9I&....{@-..'...a.~.|..........B0@0...U.......0....0...U...........0...U......{[E....z.1..j..F.WHP0...*.H.............y..K......g..nE.U.....?..%..W..:v.L.Pv.dr...........2.A..w..`.....nDD....Ub.w.\.HI|.;W...s7./x\.hG.``...=" .......r..s|../..>.j'...Z.....Md....a..9.....{"....@y...o=..yv..7.!...6..c ....3..A....Dc ...B..?,v.c.Y.......A...G...3...a~~. .G.'0...]7.\9 ...{.V.hHTTP/1.1 200 OK..Content-Type: application/x-x509-ca-cert..Last-Modified: Thu, 23 Jul 2015 23:16:35 GMT..Accept-Ranges: bytes..ETag: "80b4b9e9dc5d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 1060..Date: Sat, 16 Apr 2016 21:52:36 GMT..Connection: keep-alive..X-CCC: RU..X-CID: 2..0.. 0..........4N.W ...I./.7. m0...*.H........0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006 thawte, Inc.
<<< skipped >>>
GET /tools/radaraction?rprotocol=2*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*fck=146084353780820*_*stamp=1460843605*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*action=1*_*actionresult=100*_*actionobject=*_*actionobjectver=*_*info=T3:0;W9_43979:0;L9_43979:0;W10_4666:0;L10_4666:0;W11_64823:0;L11_64823:0;W12_68768:0;L12_68768:0;W13_68769:0;W14_68770:0;L14_68770:0;W15_68771:0;W20_55338:0;L20_55338:0;W23_68772:0;L23_68772:0;W25_64824:0;L25_64824:0;W27_166:0;L27_166:0;W28_169:0;L28_169:0;W31_173:0;L31_173:0*_*cid=1021001*_*aptid=109*_*accedirid=1 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.2
Date: Sat, 16 Apr 2016 21:53:17 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:17 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.2..Date: Sat, 16 Apr 2016 21:53:17 GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-alive..Expires: Sat, 16 Apr 2016 21:53:17 GMT..Cache-Control: max-age=0..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0......
GET /tools/FsPlatformAction?rprotocol=3*_*action=137.FunDodge*_*actionresult=13701*_*actionobjectver=635e31524451554246*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=B50C049A-D044-46ea-BDB1-6871B2DCEAF3*_*name=FunDodge*_*version=3.0.0.3*_*actiontime=*_*pullupname=turkey.dll*_*pullupversion=*_*cid=1021001*_*aptid=109 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.2
Date: Sat, 16 Apr 2016 21:53:17 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:17 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....
GET /airport/files/foam1.zip HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:15 GMT
Content-Type: application/zip
Content-Length: 1727647
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2016 06:06:57 GMT
Accept-Ranges: bytes
X-Ser: BC89_dx-henan-zhengzhou-1-cache-1, BC22_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC22_dx-guangdong-foshan-1-cache-1(baishan)
PK........(\\E0N...#..........gma.dll.[{t.U....!..BW....5>..f....z .Z#...l.......%....H.j.>G...@P...QV.W.......3.9._.9Q.z...q..hK...[...$..N..T...~..}...[U.y..7!.....!.... #....>..G.-E.:m.0.O.]......eK.X....[.,Y........Z.T.ZRy..s*.Zz......35..&....}R........v|..Fv\.0.....5........g..p.Z..a7.{...v...v...._f..E.6".l...!..Q....9z[?q.V"....<S ....Q..s.-".s.!....)`G..T.......>.w..1....&...w{B...6....(.b....$T.C&L..x.M&.._.Q7..c.Q.}.@.....U.,....{...Bh..NSI....n[....x.f..8.v[.P..jNF._....Fg....M.Q....p.....,q.[...VB.O.7D..f.].p.R .s.........Z..../...2....[..y....9....?.U...O.....R....]...v.p....$T...H).......c....:w.....<A.. ..x.....U..>....~.E.. =.Q ..=..65......pE.Q....B......r5$z_wy_.K5...@......a..........._RCr....qFU@.}]TC....n9E..u....8......#z....-v.._U..~p...}..'.@ ..v..?ne.}..lp.yW./..?o`...v.......e0...z...dd....j....Y>0.<32..h.Z.{?......n.....gl..~....v<^...k8.G..I......%.Em.=NZ.T. qz=`nD...v).<a. ....Q...K...4.Z.8.......2.:....|'...t..\1.>z...g.q?...BI..."pZD..T...P..I1.J.;..8.XN....Jw.H....k......).x.. .`M....#..)_..[..B.....2\$-.k.....3{}....b S>.9...s...u..OD.I5.....)..m.T......8z#....vf...o.O;....EO...._.P.......I)....$...`.m)...'.B........n.i...en....r....nun<..q...A.'.0..7........>.4.&......nN..`..8l.K.9D....!.s..r...Vi....W.....z,..S..g$B..%?.......DB4...r.{....(./.i.D.)L....TB.....F.4..p.z`..N.....5..%...?....o]>.-.r.~.y..@.3..Z..g...c....w"bn'.?2 ...X........q..O..[D..>K..t5o.`:a..E.....80...EZ=.E...,x#..D...$i.&/..... =K..J.I..7@.."Bt.&.2.m.2&y.
<<< skipped >>>
GET /tools/priv/.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 404 Not Found
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:49 GMT
Content-Type: text/html
Content-Length: 570
Connection: keep-alive
X-Ser: BC75_dx-henan-zhengzhou-1-cache-1, BC14_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC75_dx-henan-zhengzhou-1-cache-1(baishan)
<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.2.0</center>..</body>..</html>..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..nt>....
GET /tools/priv/.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 404 Not Found
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:49 GMT
Content-Type: text/html
Content-Length: 570
Connection: keep-alive
X-Ser: BC75_dx-henan-zhengzhou-1-cache-1, BC14_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC14_dx-guangdong-foshan-1-cache-1(baishan)
<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.2.0</center>..</body>..</html>..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..nt>....
GET /tools/priv/.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 404 Not Found
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:50 GMT
Content-Type: text/html
Content-Length: 570
Connection: keep-alive
X-Ser: BC75_dx-henan-zhengzhou-1-cache-1, BC14_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC14_dx-guangdong-foshan-1-cache-1(baishan)
<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.2.0</center>..</body>..</html>..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..HTTP/1.1 404 Not Found..Server: Tengine/2.1.1..Date: Sat, 16 Apr 2016 21:52:50 GMT..Content-Type: text/html..Content-Length: 570..Connection: keep-alive..X-Ser: BC75_dx-henan-zhengzhou-1-cache-1, BC14_dx-guangdong-foshan-1-cache-1..X-Cache: HIT from BC14_dx-guangdong-foshan-1-cache-1(baishan)..<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.2.0</center>..</body>..</html>..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page -->..<!-- a padding to disable MSIE and Chrome friendly error page --&
<<< skipped >>>
GET /download/fairyland/files/app/43979.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:29 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Fri, 18 Dec 2015 04:00:44 GMT
Accept-Ranges: bytes
X-Ser: BC79_dx-henan-zhengzhou-1-cache-1, BC11_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC11_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$......vJ7$........:d.........d..`CG..W...S.....V......=-.....\.G..k......//.`.........z*..g..05 ...A...]_.X....5.....5...2 ./U]. ....~....s....].9 ..?>.[.d.&...y=g...sW.&.,......0....`...X(......#7.,]'@T.J.........t[.t.....[.7X..x5"...e..........Io..}j.^.....h?U...A...`~z.I.....LZ.....`....y#. .....
GET /download/fairyland/files/tk/5764/43979/FunAcce.dll HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:30 GMT
Content-Type: application/octet-stream
Content-Length: 371704
Connection: keep-alive
Last-Modified: Fri, 18 Dec 2015 03:06:03 GMT
Accept-Ranges: bytes
X-Ser: BC89_dx-henan-zhengzhou-1-cache-1, BC13_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC13_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.o.X.<.X.<.X.<...<.X.<A.?<.X.<..9<.X.<...<.X.<...<.X.<. $<.X.<.X.<.Y.<. 4<.X.<...<.X.<..<<.X.<..=<.X.<..:<.X.<Rich.X.<........PE..L....%rV...........!.....&...n...............@......................................@M....@.............................K............p..........................pC...D..................................@............@...............................text...\$.......&.................. ..`.rdata.......@.......*..............@..@.data...HQ.......,..................@....rsrc........p.......$..............@..@.reloc...m.......n...*..............@..B................................................................................................................................................................................................................................................................................................................................U...E.h.....M.Q.E..!............U..S.].W...E.SP...@....u._[].VP...@......t'.M.SQ...@.......v..I.;.s.O....tV.u.;.r.^_3.[]........#.^_[]..........U..QS.].VW3.W..<....T.....E.......tE..uA.....@W...Qj.V...@....t.PV...G..........u .U.R..<....T...E.....u._^3.[..]._..^[..]......U.....u....P..I.f.....f..u. ...@.M.P.E.VPQ.S[.......Pw"........$.x...h.........hW........h.@.......]..I.s...U..._...i..............................
<<< skipped >>>
GET /download/fairyland/files/app/4666.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:35 GMT
Content-Type: application/octet-stream
Content-Length: 324
Connection: keep-alive
Last-Modified: Fri, 06 Nov 2015 07:48:20 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC17_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC17_dx-guangdong-foshan-1-cache-1(baishan)
..TKDSD....$.I.....U.=....d..............d..`CG..W...S.....V......=-.....\.G........{.Z.J.*..Y...u.....E`.......%@.;..q...W...8y.M.....n...5O..xps....U.1.y.y.;tP....D.q.).*.@...H5.KlL.. & .@.d5.z9{..Q.f-'..v..$k...c. ....:/...<...xg..#OiMA...%L...R....Z~~._.O...o.h.:..t..M9...$._f..^1;.z...y........E..C.......H..v........(....
GET /download/fairyland/files/tk/190/190/FunAcceil.dll HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:35 GMT
Content-Type: application/octet-stream
Content-Length: 383992
Connection: keep-alive
Last-Modified: Thu, 09 Apr 2015 07:34:41 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC13_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC13_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f.....................W...................x...........................................................Rich............................PE..L....c.U...........!.................".......0............................... ......s.....@.............................g...|....................................C..04..................................@............0..d............................text............................... ..`.rdata..'....0....... ..............@..@.data...hQ... ......................@....rsrc................8..............@..@.reloc...............>..............@..B........................................................................................................................................................................................................................................................................................................................U...E.h.....M.Q.E...............U..S.].W.}.WS..x0....u._[].VP..l0......t)WS..p0...M......v....I.;.s.I....tV.u.;.r.^_3.[]........#.^_[]..........U..QSVW3.W..N...)......E.......tJ.]...uC.E......AP...Rj.V...0....t.SPV.E..........u .E.P..N........E.....u._^3.[..]._..^[..]....U...E.V.u....u....P.f.....f..u. ...@.M.P.E.VPQ.P......^..Pw"........$.|...h.........hW........h.@.......]...x...Z...d...n.......................................................................................U..j.h^...d.....P..!..3.P.E.d
<<< skipped >>>
GET /download/fairyland/files/app/64823.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:38 GMT
Content-Type: application/octet-stream
Content-Length: 596
Connection: keep-alive
Last-Modified: Mon, 29 Feb 2016 07:16:17 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC22_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC22_dx-guangdong-foshan-1-cache-1(baishan)
..TKDST....$...H.j...F.v..ei.k..Q........d..`CG..W...S.....V......=-.....\.G..X0..{TuR#i.\........z*...R....b..=g..2../.1..k.Lw"N....e..n.kT.Qh...N\........G..\b....oiE.....\..].Ar*C.......Z.....LM....%.....%.".M..J.;.,....Xg.....Y..&..h",nUx/.B.@.[!z......W..>........#.v...AHc.0..'......T.6...lL.x7N..q}..o..w&...].J.H........ej"Cf7^.. ....;..|2r?W.D.....8K.Ms...#o..s..NU,...n....=b........L...fL ..J.?.v...V.).&...^.,...y=.n$.S..=m.....r...*.v <1..E..N *...(...E....tu..S.j)W......Y.Ea..fd;qo.O.H:.kYS....;..T.\`..........i...xyK...].~..t.Q.5a..X.DQp.....3.u^..I`.'.....2..."8..)"'=.U}...I..\....
GET /download/fairyland/files/tk/7286/64823/Condor.dll HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:39 GMT
Content-Type: application/octet-stream
Content-Length: 253432
Connection: keep-alive
Last-Modified: Mon, 29 Feb 2016 07:15:29 GMT
Accept-Ranges: bytes
X-Ser: BC79_dx-henan-zhengzhou-1-cache-1, BC11_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC11_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.}.\...\...\...$...\...*...\..~....\.......\...$...\.......].......\...\~..]...$...\.......\.......\.......\.......\..Rich.\..........PE..L....C.V...........!.........P......?|....................................................@..........................t..7....{.......p..................................................................H............................................text....`..............PEC2~O...... ....rsrc.... ...p... .................. ....reloc..............................@...........................................................................................................................................................................................................................................................................................................................................................................................................&...1.....*..v...Rs..E#.~..).%...............q...$........,w...~ ....o-d.<.G...8...3.7\.....U4.....`..1.....=.rZ.PqF0....L|>xQ..........~.......Z.j-B...@...,.....r...$.........-....(.a........Z^...dl........../..M<.[o*S-..._Y.Y6../..f...? ..J.=q t..w..O#m............D`....6..h......kn.>F..;.P...2....j.~GU..".b....q..8%..4.[.....NO.N..._SS..w0...aQ.....w...C.pw`......Mx.E...............DC....$MV../...(.A9..........q9.Z.....o.O.T...h....... (....... ..1Vw`..Q*;......;......;....8.../..\o..TkV...Z.
<<< skipped >>>
GET /download/fairyland/files/app/68768.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:40 GMT
Content-Type: application/octet-stream
Content-Length: 2388
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:35:46 GMT
Accept-Ranges: bytes
X-Ser: BC69_dx-henan-zhengzhou-1-cache-1, BC15_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC15_dx-guangdong-foshan-1-cache-1(baishan)
..TKDST....$..#.;..= ".5.B..]..k6........d..`CG..W...S.....V......=-.....\.G..O.-_................z*..g..05 .q...t.<_.X....5.....5...2 ./U]. ....~....s....].9 ..?>.[.d.&...y=g...sW.T....}n(....Aj.7E..s[s...H...w..@....|B.,.d...CZ.....`..Y...u...J..<a.tib....&..e..&P.|..8'.....$._f..^1;.z...y........Rn?.e.n..M.....0..:Y.I0`.p.D......Q...C.u)...B...2.w.v....Vm.ek...V.i...1.J.?...RM.....I.q.EJ...0-....d.....6....Rd6.8.O....E.......q.............$..@.x)G8.%.s.;.....Q.....E.......q...........[diCSe.......m.v...7!....N...Y....}.. ss....i4.D ...........E....H.\pI.....k..C.....6..?G<........t.L*....v..d.^..5..[K....7!...P..YD...c.......e.]....N......=.u."...,.......(...v..d.^..5..[K....7!.....L.)..:3..k<.Q&.4..=..B......=. )d|.. *;p.2p..6j.?.....^......2R.Q../qt.j....].H.._ ..Y.^....o...$FA...P*@.Cz)@.l*.LE...fW.P.,..\..._.JMZ..N...........&....._.......Ty.,..'..d.$...sm.X.G04.mC:...6......K6A..b5...C5crA.GD..s..vP..Z..~,.h.5.0......OuZ...6....;...0.....2.Ma..~..@9..d.....m=.,%.K.O......g.rB.....{}V j..."..e.EB..z..J...AX.G04.mC@.R..6z...0.?]]...ef.$...B.c.|F..C.Q.:.[X....J[?...YB...p_?]' %....1!.G'..X7G.A&P..l.......y...F..).....;..;.e.8.#=.2..RDw .&.).......>.T..J}.K.^..4.... @....**..!...r..N.I.t..n!.g).6.].."...1....^Z.H.....jK3.C....B..x.....v..'. VP..2/....3P..l....'.L..W1.k.2..:...[.L..o.<C.2......@..'.......h=L..D...;0..P........d.v...I"}.A.....q..1.jY,'.Xg...W=.9.h..(.^%....I..t.s....l5... .J.u1..c.[..NH.:r... .z......4%...{S..M.e......8......:.{..........NX[.....7.\|.c...J\....:..I..v.K.u
<<< skipped >>>
GET /download/fairyland/files/tk/7526/68768/FunBSS.dll HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:41 GMT
Content-Type: application/octet-stream
Content-Length: 502264
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:35:10 GMT
Accept-Ranges: bytes
X-Ser: BC87_dx-henan-zhengzhou-1-cache-1, BC12_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC12_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a.26%.\e%.\e%.\e,..e$.\eJ..e .\e...e'.\e>!.e8.\e>!.e..\e,..e$.\e>!.ew.\e,..e<.\e%.]e..\e>!.eq.\e>!.e$.\e>!.e$.\e>!.e$.\eRich%.\e................PE..L......V...........!................................................................!.....@.............................S...0........`..h....................p...U..0................................A..@............................................text............................... ..`.rdata..............................@..@.data....f.......2..................@....rsrc...h....`......................@..@.reloc..T....p......................@..B................................................................................................................................................................................................................................................................................................................U....(.L...3..E..E.=l...}.h.@...|...S.].K...v.h.@...h...._....[v.h.@...U......v.h.@...F.....;v.h.@...7....M..M..U..U.I.....R.E......}..M..E..E......je....#.....V....u.hW.........M.3....._....]...................Q............U..j.h.A..d.....PSV.L...3.P.E.d......].3..u....P.......u..E.P.....2..M.d......Y^[..]....M..E. ......t .....P........u..M..E. .F...;.r..E.P........M.d......Y^[..]....U.R...........M.d......Y^[..]..............U..V.q.V......6..u....3.;....^]...W.}....x..|.VP.eh.....
<<< skipped >>>
GET /download/fairyland/files/app/68769.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:47 GMT
Content-Type: application/octet-stream
Content-Length: 2396
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:37:22 GMT
Accept-Ranges: bytes
X-Ser: BC69_dx-henan-zhengzhou-1-cache-1, BC13_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC13_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS\....$._..Y.....F<....O.YF.........d..`CG..W...S.....V......=-.....\.G..O.-_..}.............z*..g..05 .q...t.<_.X....5.....5...2 ./U]. ....~....s....].9 ..?>.[.d.&...y=g...sW..G...}>*.X........1C|^.~.>..[....2N;p.I..r....")9..e.ADH.Z.>.1..Q.6:.Ss.....`...ln.8..X..\.D....ZY...<.P.{@M.A>2t..N..B.MQX.c..W..].....M.}..D1..\....;...u....$..$...b#C.^/..e.j...".L.........,.RY...`....J...Glj.L.S.r..*.\..4.U-...W....t....]..!XX.*.s.L|.I.Mr..z..<.D.5..'..S..A..v.....n..]..!XX.*.s.L|.I.Mr..z.V..M.....Zk5E..F.Z......./-.M.,&.....~.......f7}....Z...jR....d.&....._......6o@K.?.}..?.$..l.g.8*.%..u".........Fz..sM..Z.........g`L.{rb_.*y....0.,.....y....0./...._.}................Fz..sM..Z.........g`L.{.....3.m...{y.N|.{.x.*.../...._..a...z.Qb5...C5crA.GD..s..vP..Z..~,.h.5.'.c.,o|...w#....]2.N...7....2.Ma..s...........@..F'.A.&...ef.$..Y.....q.....E....<..\...YYLg^1.....?.ut....._...9/.{..!....R...x.x.'41Tvj.?.....^......2R.Q../qt%M......n..&...t.>q...t.....X^.8P*@.Cz)@..:T.|. P.P.,..G2...........r.(.|.[....K.......2...1..F....._...9/.{..!..Ra.<.$..\..._.JMZ..N.....V..:.p^%]...<q........Z..s[.....$..e3..h.N........X.n. ....E...ns...=Iuu..1...Q..S...V.......D...;..g.$..;....8.JDv...6..{...G.x.....vz..K.l..eL.` ._......?A9;..;.e.8N....'........OM."....c...!...r..,Q.GH\A....X.n.....O.Xf.....) p.@.n[............!z...9............|H.8Hq(.v.....4....d...Q...-..Xa..o._....d...V..5X.....[.Qb...6.@...QYFiK.a.6.W.....|/..74ZZ.......[..h.N......:...F....c.2b..b..{%..u..D.......2...i..#>[...'.
<<< skipped >>>
GET /download/fairyland/files/app/68770.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:48 GMT
Content-Type: application/octet-stream
Content-Length: 1380
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:42:20 GMT
Accept-Ranges: bytes
X-Ser: BC69_dx-henan-zhengzhou-1-cache-1, BC22_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC22_dx-guangdong-foshan-1-cache-1(baishan)
..TKDSd....$.....y 0,....j.]....:........d..`CG..W...S.....V......=-.....\.G..O.-_..b{?...........z*..g..05 }(..W...../.1..k.Lw"N....e..n.kT.Qh...N\........G..\b....oiE.....\..].Arv.a]p.8|...4."...U.{..Kw..H...w..@....|B.q:vQ.....xg..#OiMA...%L..g..05 ...N..*...H.'/Kz. .......$._f..^1;.z...y.........8M>J.f.......(^9.......!.P.U|2.`dt..K.Y.pM.....D.......&Pz,....W.M.6e..<.W.H.......L..a...k...E...E..P.wW.d.....a.:][.9.B(J.V...\.......pM.....D.......>..4......}.P.&oi.AQ#...l...\.6.L,o[..V....N.)."...e..Wlp..x..8....t...3.6L.E(..=..s'..F...".)F.1. .fl..Q.*.C&..Xz.v...X....L..a...k...E...E..P.wW.d.....a.:][.9.B(J.V....p.....w.KL.Z.o...\7...'...O...........P>.a....B..K....]..B\[W...."......5.u..c!B.,...C.....Rr.....J.P.t........J.!..J}...G.T..`(...'.). .;4t...1....7...}.P.&o..FI...=.......]......*#.../W...L..>.E..~~:..hk..z1.Kw.M..c..Qu...-8.....X..Ay.`X../....>.P...&>(..nR..Gp..............h..tIw.....r..e..Q.h...v...8.....43.'O.....8.....E-`m............o...R.....9......O..K....y ...^..6)J..<~..)...Z.w...o[..gJ..Yb..>...xG2.Z'.......XbvD.....8.....2;y.....'..TO.n.I.EZ.c....8..........w....8...... Cx.5^.'..TO.n...mO...H3......a......b.......L.Ax......Ikc......tts.A".qc..,.....1."...@..{8.F2rh|......<.....Mh.}.2l.S...T..v.L;k...~... [F...L0...NL.......;.W.}......9X..gr.........n2.....t..e.;.v.fB7.#FoG).u.DN....XTo..O.m.|.|6...*L=[.. Z..L...oc.S.......3...k9z-(C.......
<<< skipped >>>
GET /download/fairyland/files/tk/7528/68770/FunNest.dll HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:48 GMT
Content-Type: application/octet-stream
Content-Length: 427512
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:39:01 GMT
Accept-Ranges: bytes
X-Ser: BC73_dx-henan-zhengzhou-1-cache-1, BC21_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC21_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$...$...$...K...!...?. .8...?.......?...k...-.6.%...-.&.9...$.......?...n...?...%...?./.%...?.(.%...Rich$...........PE..L......V...........!.................................................................\....@......................... ...T............@...............r.......P...J..................................0K..@...............\............................text............................... ..`.rdata..t...........................@..@.data...hS.......0..................@....rsrc........@......................@..@.reloc..(....P......................@..B..........................................................................................................................................................................................................................................................................................................................................Q...............D.............U..V....D.........E..t.V.i........^]............V.7..t(....t.P.........F.P......V.0.............G.....H........J^........P.B....G.....H........J........P.B.....U..j.h....d.....P..4. ...3..E.SVWP.E.d..........@.3...;.t:.....9^.t7.F.P........t..F..M.QSP..........#E.;F.r....L...2.. ..........B............E..]........3..Y..A.....f.....e..Z.f.:...f..u. ...R.)....E.P....... ......E..9X.r...Ph.....}..........E..9].r..M.Q.........E..x...X..E......E......E..~.S.E.P......E..6.>.t9.~
<<< skipped >>>
GET /download/fairyland/files/app/68771.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:54 GMT
Content-Type: application/octet-stream
Content-Length: 1388
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:42:00 GMT
Accept-Ranges: bytes
X-Ser: BC83_dx-henan-zhengzhou-1-cache-1, BC13_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC13_dx-guangdong-foshan-1-cache-1(baishan)
..TKDSl....$.fP...21x.....cq.5...........d..`CG..W...S.....V......=-.....\.G..O.-_....-..LX.......z*..g..05 }(..W...../.1..k.Lw"N....e..n.kT.Qh...N\........G..\b....oiE.....\..].Ar..#.3....}[!........\..]~.>..[....2N;p.I.=.....@vZQ.d.Li.]...]#........yom.....x.ln.8..X.L..g..I.ZY...<.P.{@M.A>2t..N..BUq?s...=.RQ....W.<O......(..._X....%......k.{.c...`?zS/ ...ML.eG..,.g...#t}.....$*.7.N....v.%....T...&.9.....vK.U%.t...B. 2..d1....%.....1..*.sY..`?zS/ .Q.hV.w.h......?.....g.m.......N.U.%......}}-......O.k.g4.S...)........S.g..gw.ZQ.T...vEb......Hs^...X.3..........U...C..W.....m..v.%....T...&.9.....vK.U%.t...B. 2..d1....%....}6.................".)F.O|M.J...\......../.r.3.V'F ...;W:K.3......Y...&..Y.T.....Q.....qoP;"..j;....Eb....(...u.&.-..$N.c..>.....".\TlF...~......tr.l...........B...|....b...c._..F.{.,3E.....de;...8c..!...8..).T.&"T.W(..nR..G..4...&TS.....A..S..R.....r..e..uM.3..y..u..{.aV.T...*j..."...6J(..nR..G,G1..a...6)J..<~../.N5.S.6)J..<~..'..PK..3N..qx..e[J.zYm.$..S\...*.h=..d`....}.o.........a%..`...O..K...-.Z.........'J-Z).u.DN........Y..6)J..<~......T......<.....x.W...6)J..<~....M....6)J..<~"N.lEp.......<..W.r...VZ..il.(..X../.....b.\U.Z.n2.....t!.w0.pB.h.}.2l.S..g..r^hAn.P.t.be....!.._;j....G.,.W.....Vro.......B..'.(..nR..G....A.B!.C n............3......y.&..8....<F.... ...-.........l.L@..{8.F2K_.M$3.<.....6}W.....8n.!9.....,...iV...y.8.z.....;X....2.Z..@;'....
<<< skipped >>>
GET /download/fairyland/files/app/55338.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:55 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Fri, 15 Jan 2016 06:18:32 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC11_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC11_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$...6..WfwP..|.e..2n.x........d..`CG..W...S.....V......=-.....\.G....6~.2..G.\nQ.......z*...R.....u.~....../.1..k.Lw"N....e..n.kT.Qh...N\........G..\b....oiE.....\..].Ar,..KQ...._k.fZI^..FI...=...%.".M........B...|.....Y..&..h",nUx/.B.@.[!z.C.....D.W......g.#.v...AHc.0..'......T.6....6.}.q..D.@......
GET /download/fairyland/files/tk/6393/53625/Cuckoo.dll HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:55 GMT
Content-Type: application/octet-stream
Content-Length: 509432
Connection: keep-alive
Last-Modified: Mon, 11 Jan 2016 03:28:43 GMT
Accept-Ranges: bytes
X-Ser: BC71_dx-henan-zhengzhou-1-cache-1, BC13_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC13_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Dx..%...%...%...]...%...S...%.......%.......%.......%...]...%...]...%...%...$.......%.......%.......%.......%..Rich.%..................PE..L......V...........!.........*.......................................................i....@.............................F...l........`..p....................p...`..`...............................8&..@............................................text............................... ..`.rdata..&@.......B..................@..@.data...(l.......H..................@....rsrc...p....`......................@..@.reloc.......p......................@..B................................................................................................................................................................................................................................................................................................................................G..u....G..h.}.....G....qs.......G......U..j.hH...h@...d.....P...SVW.l...1E.3.P.E.d......e..E......E.P.=...................M..F.....e..E......M.d......Y_^[..]..........U..j.hHc..d.....PQV.l...3.P.E.d.....h....j.j.j...$.......t}..P...=....u.V.. ....M.d......Y^..].j........T....E.P.M..8....u..E......I....E......E.....H........J........P.B....n..........M.d......Y^..].........U.....j.h.l..d.....P..4....l...3...$,....l...3.P..$8...d........@...u4.L$.Q.`....L$...$@.............L$...$@.............<.T$
<<< skipped >>>
GET /download/fairyland/files/app/68772.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:59 GMT
Content-Type: application/octet-stream
Content-Length: 12356
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2016 06:52:57 GMT
Accept-Ranges: bytes
X-Ser: BC85_dx-henan-zhengzhou-1-cache-1, BC15_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC15_dx-guangdong-foshan-1-cache-1(baishan)
..TKDSD0...$........H".n....."|)G........d..`CG..W...S.....V......=-.....\.G..O.-_........k.......z*...R....)y.....R../.1..k.Lw"N....e..n.kT.Qh...N\........G..\b....oiE.....\..].Ar......~;....&...i.AQ#.....v..$k......ZS)vZQ.d.Li.]...]#........y*.do.....ln.8..X\We.z.}..ZY...<.P.{@M.A>2t..N..B.MQX.c...|..g...g,w..H@.r.f.gq...:....<..<....................R........x.u&....:.vX./....Y!]...t.;.....c.t..."....b..:SM-...}.fh$.>A.B6.A........V.k.....t*^.....H.C.;_9.W...h..^/.....nC.Nc..1D.*.X..X.2.j^.M.2.s...3.6.......x.u&....:.vX./.....v.{e0v.a..&.........X..M...Ho............\.<.sA........V.k.....t*^....z..G.....q......v.v..M..s..}....D5Y.Y..m..........3.(V..I.C...........Z.[.....Kw,... M..S....^..(..*....t.R.3'..f...TL.. ...y.).w.....e6...h.z..(^...4.. .7\j.S..Zk5E..FD2...]{..q.C.....t..."..)...o...-...}.fh......X.I.C...........Z.[.....Kw,... M.....G..,...W.....n]/.....Ur..&6.....{....'.\..:YI.S.>..G!*90noB..D.?.=j.a..f.....l.!.Dq.u..W.....n]/......Q...a\._6...;...D..z.yH(^...4.. .7\j.S......8n..qR....Nm........t..."..I1.?e`K.-...}.fh...4L?..A........V.k.....t*^.....\-s...c......W...CA....4tN@...U ...y.)...:...X.I.C...........Z.[.....Kw,... M..ep.J.a..t.R.3'.....$...l.Ro.h*n.Wi......#I..u.......3...$o3......p..'L9.?...,...U...... .d.g.j....J`<......%i.....j.NwG..S.>..G!*90noB..D.?.=j.a..`.fi...W.Mo..*..W.....d...../O....I:M.{e}..Xn.p=.......J..\R..g.$.....E.....de..8U. !..a..&.........X....l............N......x.o.)8...(^...4.. .7\j.S..Zk5E..FN......xS.V...\f.t..."..t.}h./..-...}.fh.^...C...
<<< skipped >>>
GET /download/fairyland/files/tk/6957/61314/Glede.dll HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:52:59 GMT
Content-Type: application/octet-stream
Content-Length: 487928
Connection: keep-alive
Last-Modified: Thu, 28 Jan 2016 07:31:46 GMT
Accept-Ranges: bytes
X-Ser: BC89_dx-henan-zhengzhou-1-cache-1, BC17_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC17_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..|5../5../5../<.>/4../Z../0../.k$/(../.k./.../.k./z../<.9/4../<.)/"../5../.../.k./r../.k!/4../.k /4../.k'/4../Rich5../........................PE..L......V...........!................Sg..............................................;.....@.............................E............ ...............^.......0...Q..P................................&..@...............H............................text............................... ..`.rdata..E...........................@..@.data....T.......2..................@....rsrc........ ......................@..@.reloc...~...0......................@..B................................................................................................................................................................................................................................................................................................................U...E.h`\...M.Q.E..aw...........U..S.].W.}.WS........u._[].VP..@.......t)WS.......M......v....I.;.s.I....tV.u.;.r.^_3.[]........#.^_[]..........U..QSVW3.W......Z .....E.......tJ.]...uC.E......AP...Rj.V........t.SPV.E..........u .E.P....... ...E.....u._^3.[..]._..^[..]....U...E.V.u....u....P.f.....f..u. ...@.M.P.E.VPQ..9.....^..Pw"........$.|...h.........hW........h.@.......]...x...Z...d...n.......................................................................................U..j.h N..d.....P...
<<< skipped >>>
GET /download/fairyland/files/app/64824.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:03 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Mon, 29 Feb 2016 07:18:53 GMT
Accept-Ranges: bytes
X-Ser: BC85_dx-henan-zhengzhou-1-cache-1, BC14_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC14_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$..._.J2.R..{R....R...........d..`CG..W...S.....V......=-.....\.G..X0..{T.!_M.l........z*a...{....../.$..../.1..k.Lw"N....e..n.kT.Qh...N\........G..\b....oiE.....\..].ArN...U. H...!%x.....UWhF6r....$....2N;p.I[.p3`..kvZQ.d.Li.]...]#........y.!.^PvQ .ln.8..X.....;.".ZY...<.P.{@M.A>2t..N..B>..._pk.....
GET /download/fairyland/files/tk/7287/64824/Firemanii.dll HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:03 GMT
Content-Type: application/octet-stream
Content-Length: 477176
Connection: keep-alive
Last-Modified: Mon, 29 Feb 2016 07:18:06 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC22_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC22_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............o...o...o...."..o..x!...o.......o....#./o...."..o.......o.......o...o...n....&..o.......o.......o.......o..Rich.o..........................PE..L......V...........!.....~...........E...............................................@....@.........................p...........,....................4...........J..................................8...@............................................text...\}.......~.................. ..`.rdata..6...........................@..@.data....S.......2..................@....rsrc...............................@..@.reloc...p.......r..................@..B................................................................................................................................................................................................................................................................................................................U.....j.h?...d.....P.......l...3...$....SVW.l...3.P..$(...d......E..]...$....Q.D$0.yH...T$@R.......$4.............D$PP..$4.....M_....$0...........B............D$..L$PQ.t$<..$4.....(g...D$H.|$0..$0......a...D$<..$0......d....u...d....h.....E)......T$(R..C...D$$...t$ ..$0......?..P.t$ ..$4......s......D$L..$0......d....u...d....h......(......D$.P.../A.....L$4Q.T$TR..$8.....Vd....S.D$HP.L$XQ..$<......a...T$H..$0.......T$<Q...T$(Q...T$TQ....Q..R...D$@Q..RQj(h.....|$<.x.....$X.....D$l.....(.P.....
<<< skipped >>>
GET /download/fairyland/files/app/166.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:08 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Fri, 06 Nov 2015 07:48:14 GMT
Accept-Ranges: bytes
X-Ser: BC91_dx-henan-zhengzhou-1-cache-1, BC22_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC22_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$..z)q.........w5....%........d..`CG..W...S.....V......=-.....\.Gc.jMU..O...V..u8h",nUx/.m....m.o.D...$..>.....JP.{......~,..].;....U0.....(..x...r......0...@...y.\.Y...g*J.Qv...f.WL..G.1R.h...!.| .B.5zA...."....la.Z...b."..O.du...]5.0.i<[.Zq..a.....)V................g..n#&.....;A8...2p.2}...I..\....
GET /download/fairyland/files/tk/166/166/FunKoala.dll HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:09 GMT
Content-Type: application/octet-stream
Content-Length: 165712
Connection: keep-alive
Last-Modified: Wed, 07 Jan 2015 07:47:00 GMT
Accept-Ranges: bytes
X-Ser: BC69_dx-henan-zhengzhou-1-cache-1, BC17_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC17_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s................|.......H.i.....I......ja......jq...............M.......y.......x.............Rich............PE..L...l..T...........!.................M..............................................iv....@........................../..H....!.......p...............p..P...............................................@...............T............................text...u........................... ..`.rdata..._.......`..................@..@.data...|9...0......................@....rsrc........p......................@..@.reloc...:.......<...4..............@..B........................................................................................................................................................................................................................................................................................................................................................1.......U..V..........1...E..t.V..0.......^]............U.....j.h....d.....P........0..3...$....SVW..0..3.P..$....d......E..5.X...L$\.D$(......L$...$.........&...h`....L$8..$...........L$.Q.L$ ..$............$........0...B...0........D$...$.......,X...u...,X....(X....$......a...h......7.......$......L$,Q.(X..........T$$VR..$..........P.D$HP..$..............D$0..$.......,X...u...,X....(X....$..........h.....$7.......$.....V.L$$Q.(X...........$.......,X...u...,X....(X....$..........h......6.......$
<<< skipped >>>
GET /download/fairyland/files/app/169.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:10 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Fri, 06 Nov 2015 07:48:14 GMT
Accept-Ranges: bytes
X-Ser: BC81_dx-henan-zhengzhou-1-cache-1, BC12_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC12_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$.Jq.....sem|..!?tE...........d..`CG..W...S.....V......=-.....\.Gc.jMU..O..Q-....h",nUx/.m....m.o.D...$..>.....JP.{......~,..].;....U0.....(..x...r......0...@...y.\.Y....S.a......*c .0..l.....1..v..$k....Q...S.l.....1.t.....[.7X..x5".P..=.}.r......p.....lW6..... bV:!H..n..7..N..A(.H...)..............
GET /download/fairyland/files/tk/169/169/FunKoala64.dll HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:10 GMT
Content-Type: application/octet-stream
Content-Length: 210768
Connection: keep-alive
Last-Modified: Wed, 07 Jan 2015 07:48:23 GMT
Accept-Ranges: bytes
X-Ser: BC87_dx-henan-zhengzhou-1-cache-1, BC11_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC11_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V...MZ?.Z...MZ......MZ......_.".W..._.2.M...V.......MZ..S...MZ:.W...MZ;.W...MZ<.W...RichV...........................PE..d......T.........." ................ U...............................................@....@.........................................P...J............p.......@...#... ..P...........06...............................................0...............................text............................... ..`.rdata.......0......................@..@.data...0H....... ..................@....pdata...#...@...$..................@..@.rsrc........p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................H.T$.SH.. H.T$8H....8..L..j'..H..L..H.. [.......H..Q'..H....9...H.\$.WH.. H..7'....H..H....8.....t.H...}7..H..H.\$0H.. _........H.|$.H..3.H...f..H.|$.H..H.A....@SH.. M..H....9..H..H.. [.......M....9..........@SH..0H.D$ ............u*.........H......H....9..H..8....O?...H....H......H..0[.H..UATAUH..X...H......H.E.....H.X.H.p.H.x H......H3.H......L..H..3...H.M.......H.L$h......H......H..x....P.H...H.D$PH......H......u#...3........H..t D..H..H.L$P.......E3.H.L$P.\....H.T$`H.L$h......H......H.......P.H...H.D
<<< skipped >>>
GET /download/fairyland/files/app/173.daw HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:12 GMT
Content-Type: application/octet-stream
Content-Length: 308
Connection: keep-alive
Last-Modified: Fri, 06 Nov 2015 07:48:14 GMT
Accept-Ranges: bytes
X-Ser: BC75_dx-henan-zhengzhou-1-cache-1, BC19_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC19_dx-guangdong-foshan-1-cache-1(baishan)
..TKDS4....$.W)z....x.....d..............d..`CG..W...S.....V......=-.....\.Gz3.si._..V>.Y.D.h",nUx/.aOd.6........LR.>.....JP.{......~,..].;....U0.....(..x...r......0...@...y.\.Y....4k.......Ww^.G.7.....@.o.).l O)..T`[...........Z.....`..Y...u.... \.....Q.x$.o.J.....m,.d..-.......`\.o...s....A..'..X.A.eQ.[.[....
GET /download/fairyland/files/tk/173/173/Uninstall.exe HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: neirong.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: Tengine/2.1.1
Date: Sat, 16 Apr 2016 21:53:12 GMT
Content-Type: application/octet-stream
Content-Length: 243192
Connection: keep-alive
Last-Modified: Tue, 03 Feb 2015 03:32:58 GMT
Accept-Ranges: bytes
X-Ser: BC79_dx-henan-zhengzhou-1-cache-1, BC12_dx-guangdong-foshan-1-cache-1
X-Cache: HIT from BC12_dx-guangdong-foshan-1-cache-1(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A...9}..A....a..A...7g..A...7S.*A...7R..A...9z..A...9j..A...A...@...7V..A...7c..A...7d..A..Rich.A..................PE..L...PE.T............................. ............@.......................................@.....................................@................................&..@...................................@...............|............................text............................... ..`.rdata..............................@..@.data....A...@......................@....rsrc................8..............@..@.reloc..tO.......P...R..............@..B................................................................................................................................................................................................................................................................................................................................U..QV.E..............]..........U..j.h.pB.d.....P.4BC.3.P.E.d.............nC.u....nC..E.......`..h..B...........nC..M.d......Y..].................nC.....H........J........P.B.....nC.....H........J........P.B.....nC.....H........J........P.B.....................j.....B....U.....j.h.vB.d.....P..8SVW.4BC.3.P.D$Hd.......z....tF.vz...........).....nC...z....t&P............nC......t.P....B............nC.......u(.5.nC..D$P......_..h..B..........D$P....j...nC...d.....nC..u).5.nC...nC..t$P.....h..B..v.......D$P....h
<<< skipped >>>
GET /th.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: th.symcb.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "8f075e7fa4ca94ce151caabacd13cb0d:1460799201"
Last-Modified: Sat, 16 Apr 2016 09:00:47 GMT
Date: Sat, 16 Apr 2016 21:52:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0....0.......0...*.H........0J1.0...U....US1.0...U....Thawte, Inc.1$0"..U....Thawte Code Signing CA - G2..160416090046Z..160430090046Z0....0!.....]yQ..$p!.......120820074210Z0!.....[;.....].r.s...100818102251Z0!....#^W...;"...g....110330165612Z0!....o....._..4F..7..120318152218Z0!....{..... <.A..^"..140404155306Z0!.....)..2%bS..SO....130614102859Z0!....>/.-....J..V....110224200338Z0!.... ..<q.......S...100824004207Z0!.......P.|...ku8....120512130856Z0!......\..TI..]..g...101019154320Z0!....2....ig..F......140324110226Z0!...)A..VZW.v.-v.L]..140314051612Z0!...3.bY..@9......D..120508132801Z0!...;[..d .:.9.1b....141118003554Z0!...<.....t.Lx.......111007164659Z0!...K..]0.../........121207172205Z0!...T....&T.9.n...`..101006143536Z0!...[k..:^.....4.....130510121747Z0!...p.J... N.y\.g.i..120307200211Z0!...t.X.DB.....}x.d..110810202131Z0!...z ....}...:.v....130715201555Z0!...ziW.......kH..>..100824073211Z0!...~....%.<.&.Q^U...121016162753Z0!.................3..120628081021Z0!....*6.C..T..M......130925083709Z0!....03l.3...M.m.s...110615232611Z0!.....u..;...|L.3....101012173011Z0!......K.b...U....I..120106095217Z0!.....#c.W.....&.t;..111216235955Z0!...... 0J.......B...110210193721Z0!.....k-.h~?\..z..Y..110325203133Z0!.....MQ5u...@p.X....130307074212Z0!.......Sj';.k.l .c..120307222327Z0!....B.....xk....~...131226195639Z0!.....5l.2.%.6].p.3..140907122117Z0!....v..p.F..O.......110211141507Z0!.......".C...@......120626183500Z0!....77.....J[.U.N...121204134404Z0!......B.`.9...k.]?..111221212009Z0!..
<<< skipped >>>
GET /upgrade/upgrade?bid=52 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: fld.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: nginx/1.2.0
Date: Sat, 16 Apr 2016 21:52:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
1bc....TKDS.....$...E.o...wW.m.......l........d..`CG..W...S.....V......=-.....\.G.........l.F6_.n.{".F[.zMZ9..U.r....[m.A...ag{&.\.f..........LA......9a..p.1-..N!2....>N....1UN...^J....].....#.......ZM.YG..A....E....).J.H.....@.../IJ.Ch.@.....8.:..s...z.T.B........ .R..t ,7.........6.ZG.r.......9j {......P.@.AL..8W<aQ.aU.|......YH.RQ.v....%E...6a..R{.l.... [..n...|a.I....P02.N......a..Ww*....\._.|!...oO.....v..e4Xz..*..5.di.t..q;........A.eQ.[.[..0..
GET /interface/platform?pid=3&ver= HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: fld.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: nginx/1.2.0
Date: Sat, 16 Apr 2016 21:52:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
5f4....TKDS.....$...X../.%.eYc.<.]............d..`CG..W...S.....V......=-.....\.Gh",nUx/.!.yW..A.....UC...q..p:...-O........;....v....(%tz.}.....o.).l O)....~s.........N........U.|......a.7.LQ...Y..&..h",nUx/.E.1......h.7....g..`73..~y)..e.......v.3.....Rh...2N;p.I.V.....=v..!....`..F._@^.k...U.c.........]...]#........yF.. ...v2D.....!....MW..RQx.-h....X0..{T..>..d...G*.....$*.7.N..p.p..X.........y*.do....Z.....`..Y...u.....E`...MG.#T.....?6....~y)..e.......v.3..{...ej......X.i.U.C]....YE..f..Y...u...J..<a.t$...R...H.Z.>.1..Q.6:.Ss.....`..2D.....!..f..?I.RQx.-h....O.-_.....L.....@....|B......_..p.I...\h",nUx/.E.1......O........-H....U.|.............<=....?j..a.Q.].v.0.&.H..N.q]..q...JT....Sb...z.8./.#z..p.p..X.........y.....d..Z.....`..Y...u...J..<a.ta.p... ......x..~y)..e.......v.3Q.G..?1'......X.....\..]~.>..[..........U.|......n].......b."..O.du...]5..x~...........M...MT..P.X\..I..3....m..g.{Vk._y}-.b.f.../.r.3.V.7..QQ'..du...]5_..e.4....xg..#OiMA...%L...R.....y.|.P..X....8.Vb..q..$..o.. .a..XM.R...!.| .B.5..........YE..f..Y...u.....E`...:..TH.....-H.....k..,.U|.B.......-O.....Bi...t6bY$......7.>RP.@..@..2.N.i.<E^....)_.8R.7.7..QQ'..du...]5...(.-....xg..#OiMA...%La...{...=.D.ECFH}*.....1b..q..$..o.. .a...........2N;p.Ij.uY3..._.J*E_........z*........w.......H.Z.>.1...V.q.M....OG.v.<=....?jS._.K...v.0.&.H.3D...u..o.).l O)6.....].6....I...7..QQ'..du...]5.....}.c..xg..#OiMA...%La.. ..K)..T2G'K.........b..q..$..o.. .a.........!D .n..j:.v...u$p..2.5j-`..F._@^H...<Q..1D0u..g..].
<<< skipped >>>
GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13810*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|-1 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:10 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:10 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....
GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13874*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:10 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:10 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....
GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13874*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP|Alvin*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....
GET /tools/FsPlatformAction?rprotocol=3*_*action=162.AptShadow*_*actionresult=13838*_*actionobjectver=1*_*channelid=SG8TBgc=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=AptShadow*_*version=3.0.3.0*_*actiontime=|0|XP|Alvin*_*pullupname=FunWorks*_*pullupversion=3.0.5.5*_*cid=1001*_*aptid=109|109 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
GET /tools/FsPlatformAction?rprotocol=3*_*action=137.FunDodge*_*actionresult=13701*_*actionobjectver=635e31524451554246*_*channelid=*_*mac=*_*guid=45DC26AB-D697-4a1e-9479-5D27EFD7A7F4*_*name=FunDodge*_*version=3.0.0.3*_*actiontime=*_*pullupname=AptShadow.exe*_*pullupversion=3.0.3.0*_*cid=1002048*_*aptid=-1 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:52:29 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:29 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:52:29 GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-alive..Expires: Sat, 16 Apr 2016 21:52:29 GMT..Cache-Control: max-age=0..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..
GET /upgrade/is_upgrade?bid=52&app_version=0 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: fld.funshion.com
Connection: Keep-Alive
Cookie: fck=146084353780820
HTTP/1.1 200 OK
Server: nginx/1.2.0
Date: Sat, 16 Apr 2016 21:52:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
29..{"retCode":"200","retMsg":"ok","data":[]}..0..
GET /tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53001*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....
GET /tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53002*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.9..Date: Sat, 16 Apr 2016 21:53:11 GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-alive..Expires: Sat, 16 Apr 2016 21:53:11 GMT..Cache-Control: max-age=0..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..
GET /tools/radarboot?rprotocol=2*_*bootmethod=100*_*mac=DF..8....^.m*_*guid=312B5EC4-1A2C-43c6-B94F-DDA626E3A741*_*fck=146084353780820*_*stamp=1460843557*_*name=turkey*_*version=3.0.1.2*_*os=XP-0*_*parentname=*_*parentversion=*_*info=*_*cid=1002048*_*aptid=-1*_*accedirid= HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.2
Date: Sat, 16 Apr 2016 21:52:30 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:52:30 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
HTTP/1.1 200 OK..Server: nginx/1.2.2..Date: Sat, 16 Apr 2016 21:52:30 GMT..Content-Type: text/plain..Content-Length: 0..Connection: keep-alive..Expires: Sat, 16 Apr 2016 21:52:30 GMT..Cache-Control: max-age=0..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..
GET /tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53001*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
....
GET /tools/FsPlatformAction?rprotocol=3*_*action=530.inst*_*actionresult=53002*_*actionobjectver=*_*channelid=*_*mac=DFC6D05EAA6D*_*guid=0F72899E-3958-4387-A9B2-6F8BF9A91173*_*name=Inst*_*version=3.0.1.3*_*actiontime=*_*pullupname=AptWorks*_*pullupversion=3.0.5.7*_*cid=1021001*_*aptid=109 HTTP/1.1
Cache-Control: max-age=43200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C) Funshion/1.0.0.1
Host: stat.funshion.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.9
Date: Sat, 16 Apr 2016 21:53:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Expires: Sat, 16 Apr 2016 21:53:11 GMT
Cache-Control: max-age=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
GET /ThawtePCA.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.thawte.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "03eb1086b874f87b4fe77c22182f9ca3:1458779588"
Last-Modified: Thu, 24 Mar 2016 00:15:58 GMT
Date: Sat, 16 Apr 2016 21:52:36 GMT
Content-Length: 500
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006 thawte, Inc. - For authorized use only1.0...U....thawte Primary Root CA..160322000000Z..160630235959Z0...*.H................-.mO.h.$....r\..^..U..=D-H<..@...&$.k.3.?o.J...F....47...*I..g ..d.H...SQ...W.....Mr^}&..|.Z0...OzN........6.#M..^..J.B....f9;...M..Z.NV.a:....^&..^..G..5.oS..E.R...N..E.n...M.R..v.@j5.\.n........z._Q.vb...lQ........xA...Z.v.(A....F(.=[.2...M_..j..w....HTTP/1.1 200 OK..Server: Apache..ETag: "03eb1086b874f87b4fe77c22182f9ca3:1458779588"..Last-Modified: Thu, 24 Mar 2016 00:15:58 GMT..Date: Sat, 16 Apr 2016 21:52:36 GMT..Content-Length: 500..Connection: keep-alive..Content-Type: application/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006 thawte, Inc. - For authorized use only1.0...U....thawte Primary Root CA..160322000000Z..160630235959Z0...*.H................-.mO.h.$....r\..^..U..=D-H<..@...&$.k.3.?o.J...F....47...*I..g ..d.H...SQ...W.....Mr^}&..|.Z0...OzN........6.#M..^..J.B....f9;...M..Z.NV.a:....^&..^..G..5.oS..E.R...N..E.n...M.R..v.@j5.\.n........z._Q.vb...lQ........xA...Z.v.(A....F(.=[.2...M_..j..w......
GET /ca1-tsa.cer HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: aia1.wosign.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.7.2
Content-Type: application/pkix-cert
Content-Length: 1402
Last-Modified: Fri, 18 Dec 2015 08:12:09 GMT
ETag: "5673bfd9-57a"
Accept-Ranges: bytes
Date: Sat, 16 Apr 2016 21:52:36 GMT
Connection: keep-alive
0..v0..^.......^h..q.cPV.h.>...0...*.H........0U1.0...U....CN1.0...U....WoSign CA Limited1*0(..U...!Certification Authority of WoSign0...090808010001Z..390808010001Z0U1.0...U....CN1.0...U....WoSign CA Limited1*0(..U...!Certification Authority of WoSign0.."0...*.H.............0...............V.{k\z..k.....#.....1.>..)o.=.k..@_.9..z..MT}."x..........Kt..~......I(D...2.%.S.........q'......gh..]..]p.....SA.....6fz~V.._..h 6..$,,G.Yvf0..........0.....,.....(..T....v..h..Jl.........\..~.2.^..*B..N..Y..z~...Z....i..'.{..T..{..TzQhnw...RJfF..g...Ow..]..V.Crw.....9........./0B7!.0p.....XM..}...7...2..:cq$..7..t.7....F`...?P6..z..bjn..j!Zi....p9...n......;q..R.....w..o.B.mJ..4H......"..1.?.>.. y...dd.1...R..Ei..*.U...FK.J..[9(.......HK&.0L.X..D.O...3..........q).vO.%...../..../'.J....|.E....E...=......B0@0...U...........0...U.......0....0...U.......f.....K.. ........>0...*.H...............r@.v.~{..d.2{.<.]F..,.p]....}...!..Y$.....}.#.4..|r....T..Rp....;.:.2.!9.....Oj...?/|.X...9.>.=Js.@z. a.g..$..mU,Z..%r.....Ub...c.aD#........M..#N!.[9[W./].^.y.|..M......y.3....0.>...C?.Z..D..|.H.3.......>.]q....t.aY...Z..r..]6....<....D&....p.......@Z..l{,.V.G......!..f..%0.\...g..m....O...'........H......>LQ:.......&.:...i...)dQoh....A.........=..h..g..`.U.a.W|...aI:.u....?g...(.1..W...|..~.....6|[~'.z.....R...Tp1.C....>..~0dP....3gMhO..........%:..Y..\F.g,.F..H..[...Q......7"... t.-..k....!..y.D.........
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1832:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
RSSSSSSh`EJ
RSSSSSSh`EJ
QSSSSSSh`EJ
QSSSSSSh`EJ
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
portuguese-brazilian
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
operator
operator
GetProcessWindowStation
GetProcessWindowStation
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
boost thread: trying joining itself
boost thread: trying joining itself
WinMain.cpp
WinMain.cpp
()$^.* ?[]|\-{},:=!
()$^.* ?[]|\-{},:=!
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
operation failed
operation failed
unsupported file feature
unsupported file feature
.lzma
.lzma
.sitx
.sitx
unsupported file feature; compression method
unsupported file feature; compression method
operation failed; problem unzipping data
operation failed; problem unzipping data
unsupported file feature; gzip larger than 2GB
unsupported file feature; gzip larger than 2GB
FELogInit
FELogInit
I:\build3.0.3\Library\includes\boost_1_51_0\boost/exception/detail/exception_ptr.hpp
I:\build3.0.3\Library\includes\boost_1_51_0\boost/exception/detail/exception_ptr.hpp
Fp_RegeditFun.cpp
Fp_RegeditFun.cpp
FpInstall::fpSHDeleteKeyW
FpInstall::fpSHDeleteKeyW
Fp_Logic.cpp
Fp_Logic.cpp
regkey
regkey
homepage_url
homepage_url
shield_url
shield_url
downloadurl
downloadurl
%s Process ID: %d -- Thread ID: %d --
%s Process ID: %d -- Thread ID: %d --
binding_config.xml
binding_config.xml
X;
X;
%s>
%s>
%s="%s"
%s="%s"
%s='%s'
%s='%s'
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
I:\build3.0.3\Funshion\Rel\src\toolkits\bin_inst\Release\Install.pdb
I:\build3.0.3\Funshion\Rel\src\toolkits\bin_inst\Release\Install.pdb
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
SHLWAPI.dll
SHLWAPI.dll
dbghelp.dll
dbghelp.dll
VERSION.dll
VERSION.dll
PSAPI.DLL
PSAPI.DLL
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
CallMsgFilterW
CallMsgFilterW
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
WININET.dll
WININET.dll
SHDeleteKeyW
SHDeleteKeyW
PathIsURLW
PathIsURLW
GetCPInfo
GetCPInfo
UrlMkGetSessionOption
UrlMkGetSessionOption
urlmon.dll
urlmon.dll
InternetOpenUrlW
InternetOpenUrlW
HttpQueryInfoW
HttpQueryInfoW
HttpQueryInfoA
HttpQueryInfoA
Install.exe
Install.exe
zcÃ
zcÃ
.?AVCFpReportBase@@
.?AVCFpReportBase@@
.?AVAptShadowReport@@
.?AVAptShadowReport@@
.?AVCFpInstallStartReport@@
.?AVCFpInstallStartReport@@
.?AVCFpInstallReport@@
.?AVCFpInstallReport@@
.?AVCFpBindReport@@
.?AVCFpBindReport@@
.?AVCFpComInstallingReport@@
.?AVCFpComInstallingReport@@
.?AVCFpComInstallingReport2@@
.?AVCFpComInstallingReport2@@
.?AVCFpFunStartReport@@
.?AVCFpFunStartReport@@
.?AVCFpPCMReport@@
.?AVCFpPCMReport@@
.?AVCMD5@@
.?AVCMD5@@
?6{.jxH
?6{.jxH
.dykTD
.dykTD
(mHK%c
(mHK%c
.jxqr
.jxqr
%fX*KdrOB
%fX*KdrOB
w2&$.IJh
w2&$.IJh
oV.jm`
oV.jm`
.qrN;
.qrN;
m%Ue4
m%Ue4
k-f7}
k-f7}
dB.ZQ
dB.ZQ
q*uDVF.PN
q*uDVF.PN
WF:%du
WF:%du
.yqw\u
.yqw\u
L.ysa
L.ysa
4%s|M
4%s|M
)u.nK
)u.nK
.FHA_
.FHA_
E.Yr'
E.Yr'
s%DS]
s%DS]
yv.Gc
yv.Gc
'3.bN/
'3.bN/
*5.DtW
*5.DtW
NL|%S\
NL|%S\
qu@@%xB
qu@@%xB
zUrL
zUrL
]%cGO
]%cGO
-/.Uk
-/.Uk
E%X1[
E%X1[
O.ne$
O.ne$
q€X
q€X
5U%u@`
5U%u@`
i.HJh]
i.HJh]
^%S8&9
^%S8&9
.ro R
.ro R
d@.ISa
d@.ISa
%S pYi
%S pYi
o.cKvS
o.cKvS
$du%c
$du%c
%c/Ni
%c/Ni
LQ.VL|
LQ.VL|
]{.dw
]{.dw
J%siP
J%siP
5%s03
5%s03
hP@?%c
hP@?%c
.YeJ[
.YeJ[
vKEY
vKEY
k.tRAN)
k.tRAN)
%XMycv
%XMycv
et.fB
et.fB
.yz!~
.yz!~
%sA_
%sA_
t.fU0
t.fU0
~2q.Hkc
~2q.Hkc
%d?vM
%d?vM
.KRWx
.KRWx
Z[.RM
Z[.RM
'V$%u
'V$%u
\-0C}
\-0C}
vj.Atu
vj.Atu
)yu\-XWO}
)yu\-XWO}
^.Ji8m[
^.Ji8m[
5X.Zw
5X.Zw
XùO
XùO
,3kG%U
,3kG%U
a.pFH~
a.pFH~
b6M;%U
b6M;%U
.mBtsq%
.mBtsq%
0o.ay{%
0o.ay{%
!UZte%U_
!UZte%U_
F/?I.wr
F/?I.wr
!e%FRr
!e%FRr
:*.yNF
:*.yNF
.kfzq n
.kfzq n
V.Xj:
V.Xj:
(.MRX.
(.MRX.
%Fgk|{#
%Fgk|{#
NWEbK}|_
NWEbK}|_
9.sC1
9.sC1
.Xv!x:
.Xv!x:
%Ste_
%Ste_
.ew(K
.ew(K
%U.C[wL
%U.C[wL
kp.TZl>Ko
kp.TZl>Ko
1WLw%D
1WLw%D
.gHeZ
.gHeZ
XX!÷
XX!÷
%fVa2
%fVa2
K\.XP
K\.XP
%dHgg
%dHgg
9].afW
9].afW
.Yef0e
.Yef0e
.KmtS
.KmtS
2U.Di6
2U.Di6
7^.wv
7^.wv
p$GU%c
p$GU%c
CV.AT
CV.AT
R.JsV
R.JsV
.SY(VQH
.SY(VQH
:7K.5.Jy
:7K.5.Jy
.Tp!
.Tp!
webv}
webv}
>U/|%D
>U/|%D
.jWq_
.jWq_
5(Md.Xo
5(Md.Xo
*0%f(
*0%f(
.abuw
.abuw
.LxM*
.LxM*
0G.XNd]
0G.XNd]
.aslnP=.
.aslnP=.
×T/q
×T/q
i|.Ai
i|.Ai
/.ykR
/.ykR
%x?k`
%x?k`
^b)Ø )
^b)Ø )
%fQ~[
%fQ~[
|:%u}
|:%u}
8.orqT
8.orqT
.wK{(D
.wK{(D
7@.Ss
7@.Ss
.!.BdqQ#
.!.BdqQ#
aeu\{W%u
aeu\{W%u
.XVQ)
.XVQ)
.BptY
.BptY
.zW?
.zW?
.SY>4
.SY>4
-ð,
-ð,
.EU="F
.EU="F
w.zoS
w.zoS
msg(49
msg(49
.Oh~ZG
.Oh~ZG
V2b?.YE!P
V2b?.YE!P
.YCz,h
.YCz,h
qBCrT
qBCrT
Ivo
Ivo
d
d
.rV4w
.rV4w
Z7{.mB
Z7{.mB
%.jF/
%.jF/
#%dLc"U
#%dLc"U
wI.Vx
wI.Vx
PQ.yJ
PQ.yJ
a{%Cz=
a{%Cz=
Rnp.hX
Rnp.hX
.BE,w
.BE,w
F%U[O;
F%U[O;
ELþ
ELþ
pQ.lx
pQ.lx
O.nRmZ
O.nRmZ
"4E.mT
"4E.mT
.xFA~A2/*
.xFA~A2/*
rF.ft
rF.ft
WEbx_
WEbx_
@B^%UI3
@B^%UI3
F.ih"Xi
F.ih"Xi
'.GWN
'.GWN
5|.JTG;
5|.JTG;
x3y%f
x3y%f
wCO
wCO
T5@D%Cl#
T5@D%Cl#
ZPg%.f
ZPg%.f
IM.twA:
IM.twA:
.OBAR
.OBAR
\r.pGhC
\r.pGhC
xj^B%F
xj^B%F
M-%XF
M-%XF
.AN?-H
.AN?-H
.oMQ8
.oMQ8
%..nI
%..nI
8("U-Y}
8("U-Y}
LU,V.tg#
LU,V.tg#
g.DU~a
g.DU~a
7H.dO
7H.dO
".FzK
".FzK
>>%e<.sc>
>>%e<.sc>
.Fg)d>
.Fg)d>
G:tM%C
G:tM%C
`y.HU{ai^
`y.HU{ai^
|@.NM4
|@.NM4
{6.zI
{6.zI
a.SAZ
a.SAZ
%9u^a
%9u^a
>7.fsW/h
>7.fsW/h
.kKe~$k
.kKe~$k
1%f]t
1%f]t
G.APl
G.APl
C-U%x%
C-U%x%
.Yky9
.Yky9
j.TKM
j.TKM
[.aJ7
[.aJ7
4%sZ[&
4%sZ[&
8^_ws>|%u
8^_ws>|%u
6dY.io
6dY.io
..DJl
..DJl
H(.pH
H(.pH
.KZhH
.KZhH
^.qs`
^.qs`
%F!Zx
%F!Zx
B.LoE
B.LoE
}*~%S
}*~%S
H Q%X
H Q%X
p[.us
p[.us
J.iWK
J.iWK
k@.or;*
k@.or;*
.vy"B/
.vy"B/
.pcLO
.pcLO
.siV
.siV
(Vi%X
(Vi%X
%x`wGMX
%x`wGMX
z.FCE
z.FCE
..DZa
..DZa
.POvIl
.POvIl
VD@%xf-0~q
VD@%xf-0~q
.Gzc)
.Gzc)
KL%xX3;
KL%xX3;
uDPly
uDPly
%sL|
%sL|
"Z%S,
"Z%S,
.Cy vu
.Cy vu
Â2Y
Â2Y
.tlF2
.tlF2
2a.fV
2a.fV
.ZMT%
.ZMT%
.bO)[t
.bO)[t
R.DRUa
R.DRUa
poj.Aq
poj.Aq
.lQ'k
.lQ'k
.gex*
.gex*
4.iF#(
4.iF#(
nudp
nudp
M'%CN%
M'%CN%
.KG4S
.KG4S
QrD.jeI
QrD.jeI
XsQLwU
XsQLwU
.OB?c
.OB?c
,F%8xo f
,F%8xo f
|},V%d
|},V%d
/zsxqit%f
/zsxqit%f
6%sX5
6%sX5
(U(8%X
(U(8%X
.fAgA
.fAgA
5 TodU[NGZ%x}
5 TodU[NGZ%x}
R%f=(X
R%f=(X
#Sj%D
#Sj%D
pu.Wc
pu.Wc
X%%UA
X%%UA
0.bFHR
0.bFHR
|8l.vj
|8l.vj
xUP@Æ
xUP@Æ
B;^.Px
B;^.Px
v&.Ng
v&.Ng
.oj>?
.oj>?
s'2&%FK8
s'2&%FK8
@2'T%DI
@2'T%DI
.FF({s
.FF({s
9K/%D
9K/%D
[6%x"
[6%x"
duDp
duDp
%CTK*^
%CTK*^
-w5}g
-w5}g
.NEH.
.NEH.
.wSkk
.wSkk
i8%dP
i8%dP
.BYx,
.BYx,
.RY}"
.RY}"
A,.ThP
A,.ThP
$-9w}
$-9w}
R|.ibA
R|.ibA
]P0f.TY
]P0f.TY
~F%SD
~F%SD
UÞ7
UÞ7
F.HAK
F.HAK
&.Ekq
&.Ekq
P"$W.jM0
P"$W.jM0
.UlaAa8yO
.UlaAa8yO
(q%S*
(q%S*
2×E
2×E
-j}{[
-j}{[
.HU7N
.HU7N
U%f`H
U%f`H
p'.wI
p'.wI
b].dBo
b].dBo
p?)c%.CZ
p?)c%.CZ
J|.WU
J|.WU
|..tt
|..tt
Cu%x|
Cu%x|
.kjYW
.kjYW
'.OOd?
'.OOd?
.Wk"C
.Wk"C
.RII
.RII
.jj1%4
.jj1%4
>V;.Un7@
>V;.Un7@
mR\.Wg
mR\.Wg
!%xQp
!%xQp
u^.im
u^.im
F9.RA
F9.RA
.RSKl
.RSKl
|Xb.mh
|Xb.mh
X#%D'
X#%D'
f%D!GB
f%D!GB
&P]%Uk
&P]%Uk
bnm.WFj
bnm.WFj
û s
û s
XRybF.pp7
XRybF.pp7
vR^%x
vR^%x
Q~Û
Q~Û
CH~a&%d]
CH~a&%d]
.gnlu
.gnlu
PExE!
PExE!
.fxs>
.fxs>
17.Qty
17.Qty
/%S]s
/%S]s
K=v(h%ftw
K=v(h%ftw
jOhyu
jOhyu
Vin#s.DS
Vin#s.DS
oI%S.J8
oI%S.J8
,.Go$
,.Go$
&b%u!h
&b%u!h
Z.Px,n7
Z.Px,n7
%CW@.j)
%CW@.j)
A7{%D
A7{%D
)%3X%
)%3X%
].zBt
].zBt
m^.Zx
m^.Zx
[%x'r
[%x'r
V.hYC
V.hYC
\b.IKe
\b.IKe
't1.wx=KQk_f(
't1.wx=KQk_f(
!T&%d
!T&%d
.el&^
.el&^
.pp,R
.pp,R
B&>%X=
B&>%X=
.WO*R
.WO*R
!.aw}e*
!.aw}e*
q.CcH
q.CcH
Y:N%C
Y:N%C
/Y.NW
/Y.NW
G4}.vN
G4}.vN
xW%UM}
xW%UM}
TK%Xu
TK%Xu
m&C&Y%S
m&C&Y%S
L&@%x
L&@%x
=sN.ks
=sN.ks
k"A%F
k"A%F
)2*FtP
)2*FtP
^Q.OH%
^Q.OH%
.klQY
.klQY
.DC
.DC
Fn.iq
Fn.iq
]%uvz
]%uvz
0.Qb]
0.Qb]
&%sX%x
&%sX%x
8%UuS
8%UuS
/.lDt$
/.lDt$
%U]aS
%U]aS
Lh@U
Lh@U
40%U]
40%U]
2q.Ru@R$
2q.Ru@R$
.xllx
.xllx
w.ZAJ
w.ZAJ
b@.gw
b@.gw
/.LPS
/.LPS
;qr.DB
;qr.DB
;L>\.DN
;L>\.DN
\%0x3
\%0x3
r,Lj.ij
r,Lj.ij
S|m
S|m
r%f}6
r%f}6
T-4a}_O
T-4a}_O
)B/%x
)B/%x
bw%Sx
bw%Sx
%D }C
%D }C
%x_Q
%x_Q
B"%S*
B"%S*
P%9UR
P%9UR
c.qX2
c.qX2
-'.ZF
-'.ZF
?E.GP'=
?E.GP'=
=V&F%Un
=V&F%Un
tR.Kd
tR.Kd
-t}^$
-t}^$
.YGp'
.YGp'
.ILea
.ILea
%fvL7m
%fvL7m
X~-.Sg|}L|
X~-.Sg|}L|
V.BFjkhc
V.BFjkhc
.GpPW
.GpPW
m%fw/
m%fw/
?|0%U
?|0%U
n.qS*x
n.qS*x
%u,B;
%u,B;
! .Vq
! .Vq
L2.Ca
L2.Ca
Q.lg~
Q.lg~
(kc%cm
(kc%cm
~.CNn
~.CNn
P.ATX
P.ATX
5%u]yx
5%u]yx
;"%UJ
;"%UJ
hE%U;y4
hE%U;y4
=`G%u
=`G%u
n3%cX
n3%cX
R.Eb1=
R.Eb1=
p{.pC
p{.pC
us 5r%F
us 5r%F
0".Xt
0".Xt
E.qUBQ
E.qUBQ
0#Å“
0#Å“
%5|M%U
%5|M%U
".Rn(!M
".Rn(!M
S.NiB
S.NiB
CISQl
CISQl
(8=>#9]}
(8=>#9]}
,'``N%F
,'``N%F
V.PJ"
V.PJ"
9D)%s
9D)%s
^*.tj
^*.tj
.VbCh
.VbCh
|uDPM;
|uDPM;
} .nx
} .nx
.XK[#1
.XK[#1
5.XeEL
5.XeEL
Z%U,T
Z%U,T
O7.fw
O7.fw
0Ad`%F
0Ad`%F
3.NQp
3.NQp
#.yU3sMG
#.yU3sMG
kvA.R%x
kvA.R%x
81d%d
81d%d
uGk,%XX
uGk,%XX
(4.ma
(4.ma
"WEB
"WEB
.QzgH.
.QzgH.
.Zpz@|SJ
.Zpz@|SJ
Y=.Kd
Y=.Kd
.tg"R9
.tg"R9
v1.Cn
v1.Cn
TQh.En
TQh.En
.qZQ`
.qZQ`
%s'9J
%s'9J
"E;%Fs
"E;%Fs
k.WM|
k.WM|
fO-3}
fO-3}
.WSsk
.WSsk
.ZG
.ZG
Sk.oe
Sk.oe
3.JO1{
3.JO1{
%xzbE
%xzbE
b4!%u
b4!%u
[}K%X
[}K%X
Zsc%S
Zsc%S
_ES.po
_ES.po
&z.YB
&z.YB
7&'A.JV
7&'A.JV
s7%f
s7%f
a
a
1'.lS
1'.lS
kURL
kURL
\I.CFE
\I.CFE
Ao.Cr
Ao.Cr
r5.dOg
r5.dOg
.mvn3
.mvn3
=l%X=3
=l%X=3
key!7
key!7
l<.kg>
l<.kg>
9I%X&
9I%X&
]@
]@
>5TCPCH
>5TCPCH
V.mV>1
V.mV>1
BO%8S
BO%8S
jgb%U
jgb%U
^zKE.kXjq
^zKE.kXjq
$a.zz?
$a.zz?
s.Bk4@?
s.Bk4@?
zT.pZ
zT.pZ
R`ssH/
R`ssH/
.gH>h
.gH>h
<.grhyh>
<.grhyh>
'.OYy
'.OYy
t.TaDJYy
t.TaDJYy
uJ.We
uJ.We
n.ACn1
n.ACn1
&S!F.MDR>
&S!F.MDR>
.xc1)
.xc1)
's%DQ
's%DQ
z.JVC
z.JVC
mN.NG
mN.NG
Us^.ST1
Us^.ST1
I.VC6
I.VC6
>6[%XV
>6[%XV
8l.vyo
8l.vyo
.rlj`^QA|
.rlj`^QA|
Rd"%C>
Rd"%C>
@G%foY
@G%foY
=
=
u.YwP
u.YwP
J.Fq
J.Fq
%x`50
%x`50
%fUrN
%fUrN
A.IEu
A.IEu
y.Sfy
y.Sfy
FPW%S
FPW%S
.qUgE
.qUgE
%UW/?
%UW/?
TsQL
TsQL
.Og_d
.Og_d
zl;%X
zl;%X
Yo.Sv
Yo.Sv
U%/%f
U%/%f
B%.Pu
B%.Pu
.ls;I
.ls;I
Y 5%u
Y 5%u
cmD:Q
cmD:Q
>a.Qz
>a.Qz
[.fTG'
[.fTG'
^Q{t%u
^Q{t%u
;8Cr@.wy
;8Cr@.wy
.Ogu?
.Ogu?
T.Hw8
T.Hw8
4(X9%dI
4(X9%dI
x.lu\
x.lu\
B.Wai
B.Wai
bS.Vj
bS.Vj
FH`FG.%U
FH`FG.%U
:.mlw' q
:.mlw' q
].kQ6
].kQ6
G7{%cM
G7{%cM
%UC'[E
%UC'[E
@.Vf?
@.Vf?
g{uE%sC
g{uE%sC
=.Fl(O
=.Fl(O
|.UDE
|.UDE
.Ksc^
.Ksc^
:.xB]
:.xB]
.FTIL
.FTIL
*Y%CN)&n|
*Y%CN)&n|
OI~i%c
OI~i%c
".Qj}
".Qj}
rP
rP
x.dk[
x.dk[
4'($$!=
4'($$!=
Me%uh
Me%uh
&wq7%f
&wq7%f
'3 i.kE;
'3 i.kE;
=q.cI$
=q.cI$
z^ZL)%Cj
z^ZL)%Cj
]o.xt
]o.xt
7ÞXi
7ÞXi
lg.RU
lg.RU
-vy}b
-vy}b
'.HUZ
'.HUZ
q5;%s
q5;%s
8&.ppT8
8&.ppT8
V%.nAt
V%.nAt
8".no
8".no
.dZ`u
.dZ`u
p.PM=
p.PM=
G/;}%X[
G/;}%X[
%sQ\q.
%sQ\q.
g''%u
g''%u
LT.lZ
LT.lZ
R%Fi
R%Fi
~Gt.uN
~Gt.uN
I.FU'
I.FU'
-0`.ZA
-0`.ZA
4l.gU
4l.gU
'.Bm0/
'.Bm0/
e?%dr|
e?%dr|
.yA`1
.yA`1
}[H%xs
}[H%xs
.Tnpa
.Tnpa
.KX|P
.KX|P
j.SuE
j.SuE
.KZwz
.KZwz
.oC3h
.oC3h
%UI.y
%UI.y
VÂ#W`j
VÂ#W`j
Sg Q.Iy
Sg Q.Iy
%d(GK
%d(GK
..RI%
..RI%
xEXe0
xEXe0
<.oe9>
<.oe9>
s9 1%D
s9 1%D
x.Cnv
x.Cnv
}df%X
}df%X
MBO.AlE
MBO.AlE
.MLWr
.MLWr
oP.cF!
oP.cF!
jT,3%c
jT,3%c
g.Rx=
g.Rx=
1n.Qn
1n.Qn
qc%Sm
qc%Sm
$s1.LJ
$s1.LJ
.vOi*Z
.vOi*Z
%[h%x
%[h%x
0.HG9
0.HG9
g7.xI
g7.xI
T.Au_)_9
T.Au_)_9
jKcrt
jKcrt
ka.UEd
ka.UEd
V.nKf
V.nKf
%sA$>
%sA$>
f.Jx_V
f.Jx_V
2G%Xf5
2G%Xf5
v.NV,
v.NV,
W4%SA
W4%SA
%c#j~
%c#j~
.WAQ*
.WAQ*
.Xy7|
.Xy7|
-;\_*
-;\_*
{f.zr
{f.zr
iu.Iy
iu.Iy
.adX$
.adX$
xDLpZ.DP
xDLpZ.DP
yo0.Ux
yo0.Ux
[.EoS
[.EoS
%uQzv
%uQzv
bH[%CU&
bH[%CU&
gw?Bk}L%2U
gw?Bk}L%2U
%sVi>#8x
%sVi>#8x
,b.xL4
,b.xL4
;(z
;(z
:m%Ub
:m%Ub
Pi.ui
Pi.ui
.Oo0o
.Oo0o
uE.XZxw
uE.XZxw
%DoK.IT
%DoK.IT
CL%f]
CL%f]
c.PaJ
c.PaJ
.mNA}
.mNA}
Hx.mL
Hx.mL
U F[%s
U F[%s
O|t
O|t
#.UO=
#.UO=
.EqZ}@
.EqZ}@
gJr%X
gJr%X
v(%d&
v(%d&
E.MW(
E.MW(
L.%x#N
L.%x#N
%f^
%f^
wEBx
wEBx
.wp[v
.wp[v
g]d.iRqg-"`
g]d.iRqg-"`
Kx,~.cr
Kx,~.cr
.ZuAl[
.ZuAl[
.xj|6
.xj|6
l.IR.
l.IR.
wx!%X
wx!%X
.EA[H
.EA[H
/>%l%Fn
/>%l%Fn
99n.yFZ
99n.yFZ
|]%FK
|]%FK
2..oB
2..oB
>.tl%
>.tl%
.id&n
.id&n
ZLX %x
ZLX %x
s#.Qi
s#.Qi
.Mf@v
.Mf@v
8F.qt!
8F.qt!
.ldE
.ldE
.uObu
.uObu
Fwy
Fwy
P*%d~
P*%d~
.XlXTw
.XlXTw
-k}7C
-k}7C
.eNK$
.eNK$
VXUDp\1
VXUDp\1
%DW%Xe
%DW%Xe
QE.jp
QE.jp
(%u;U
(%u;U
>.Ep,
>.Ep,
.aOs|S
.aOs|S
@d-.oj
@d-.oj
.Vq(D=
.Vq(D=
CO.Lr
CO.Lr
y.gD=
y.gD=
0ú
0ú
BR.eZ6
BR.eZ6
a%x e
a%x e
J0m%%C
J0m%%C
[a.%d
[a.%d
5w %S
5w %S
*)udp
*)udp
J.TT/
J.TT/
qzTU}.PU
qzTU}.PU
>[.Cg
>[.Cg
ro.tD
ro.tD
%Dreg)_*
%Dreg)_*
Ks%Sn
Ks%Sn
.zm1Ol
.zm1Ol
-n&e%S2
-n&e%S2
>`p%xq
>`p%xq
.Sr:
.Sr:
G/.ac
G/.ac
%G.gi
%G.gi
eFm%C
eFm%C
L6"%Ua
L6"%Ua
>.nUF|g:x
>.nUF|g:x
%m%X>
%m%X>
&6.hy
&6.hy
,7.oTGP}
,7.oTGP}
9 %X;
9 %X;
]O?
]O?
Y
Y
4eQ!%Sn
4eQ!%Sn
;.FeS
;.FeS
.OwV2
.OwV2
T%F-.
T%F-.
[F.TI
[F.TI
M.JOTG
M.JOTG
=.Zhc
=.Zhc
nV.VA
nV.VA
1.sI9I:
1.sI9I:
D|^%cOw
D|^%cOw
w h%D
w h%D
%X};|l
%X};|l
",.bH)
",.bH)
G-0x}
G-0x}
Y.sR3(
Y.sR3(
.BX)//i
.BX)//i
1 B.zN
1 B.zN
)O.Ik
)O.Ik
%U{dyT
%U{dyT
|S.lf
|S.lf
NXu-es}
NXu-es}
%cH 6d
%cH 6d
%C*&8
%C*&8
%cwNG
%cwNG
Lv.sV
Lv.sV
A.dxP
A.dxP
wXI%s
wXI%s
y%f?jO
y%f?jO
3R6S.lx
3R6S.lx
C%C:|_
C%C:|_
-.Ak?
-.Ak?
7°ðW
7°ðW
.ixr5?tk
.ixr5?tk
,%4s{
,%4s{
M-jt.Tt]
M-jt.Tt]
F.tf>u
F.tf>u
}I%xy
}I%xy
.lpt2
.lpt2
.Pf^DBr
.Pf^DBr
.JhO]
.JhO]
I,c_.zk4M
I,c_.zk4M
gH%7S
gH%7S
2yIp%XlA
2yIp%XlA
YIb.PnC
YIb.PnC
Vd%uG
Vd%uG
~B%X'
~B%X'
:].oz2i
:].oz2i
.Med;l0-
.Med;l0-
_ÀY
_ÀY
I.iT3
I.iT3
9/a%f
9/a%f
:R.qY
:R.qY
u.goc
u.goc
.Fj#f
.Fj#f
_'%ue
_'%ue
;.UA.
;.UA.
w{M,-.Wi
w{M,-.Wi
h.ALK3
h.ALK3
UL.Pm
UL.Pm
%S-@F
%S-@F
.sM#V
.sM#V
R;.bhkT
R;.bhkT
$O1fEeúe
$O1fEeúe
LISTEN_PORT=0
LISTEN_PORT=0
[SITE_URL]
[SITE_URL]
DOMIAN=hXXp://funshion.com
DOMIAN=hXXp://funshion.com
$iTXtXML:com.adobe.xmp
$iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
"iTXtXML:com.adobe.xmp
"iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
.MtOW
.MtOW
R%SuS
R%SuS
" id="W5M0MpCehiHzreSzNTczkc9d"?> M
" id="W5M0MpCehiHzreSzNTczkc9d"?> M
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> O?
" id="W5M0MpCehiHzreSzNTczkc9d"?> O?
" id="W5M0MpCehiHzreSzNTczkc9d"?> 0
" id="W5M0MpCehiHzreSzNTczkc9d"?> 0
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
fiTXtXML:com.adobe.xmp
fiTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> 9.
" id="W5M0MpCehiHzreSzNTczkc9d"?> 9.
.nw#|AY#
.nw#|AY#
" id="W5M0MpCehiHzreSzNTczkc9d"?> j
" id="W5M0MpCehiHzreSzNTczkc9d"?> j
q*8@.Sz
q*8@.Sz
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> H%!
" id="W5M0MpCehiHzreSzNTczkc9d"?> H%!
" id="W5M0MpCehiHzreSzNTczkc9d"?> )NW
" id="W5M0MpCehiHzreSzNTczkc9d"?> )NW
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> N
" id="W5M0MpCehiHzreSzNTczkc9d"?> N
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
kiTXtXML:com.adobe.xmp
kiTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> N
" id="W5M0MpCehiHzreSzNTczkc9d"?> N
" id="W5M0MpCehiHzreSzNTczkc9d"?> D
" id="W5M0MpCehiHzreSzNTczkc9d"?> D
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> "
" id="W5M0MpCehiHzreSzNTczkc9d"?> "
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> i
" id="W5M0MpCehiHzreSzNTczkc9d"?> i
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
qOuE%f
qOuE%f
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
Mi%FX
Mi%FX
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
2wJ.BJ
2wJ.BJ
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> *
" id="W5M0MpCehiHzreSzNTczkc9d"?> *
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> !
" id="W5M0MpCehiHzreSzNTczkc9d"?> !
hiTXtXML:com.adobe.xmp
hiTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> f
" id="W5M0MpCehiHzreSzNTczkc9d"?> f
N.cSd
N.cSd
@n%F.
@n%F.
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> La&
" id="W5M0MpCehiHzreSzNTczkc9d"?> La&
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> N
" id="W5M0MpCehiHzreSzNTczkc9d"?> N
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> 8
" id="W5M0MpCehiHzreSzNTczkc9d"?> 8
" id="W5M0MpCehiHzreSzNTczkc9d"?> V
" id="W5M0MpCehiHzreSzNTczkc9d"?> V
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
?&&(**=****(&(.
?&&(**=****(&(.
%'*** **'%%4
%'*** **'%%4
'** 0 0.. . 0
'** 0 0.. . 0
6429==?=,
6429==?=,
662248::=@@0
662248::=@@0
7!7/7;7@7
7!7/7;7@7
5$565
5$565
8Â8W8f8m8y8
8Â8W8f8m8y8
9$9*9/959
9$9*9/959
3#323@3]3
3#323@3]3
;%; ;1;
;%; ;1;
="=(=0=6=>=[=
="=(=0=6=>=[=
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
KERNEL32.DLL
KERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
\Funshion.exe
\Funshion.exe
\FunshionService.exe
\FunshionService.exe
Funshion.exe
Funshion.exe
FunshionService.exe
FunshionService.exe
\FsLibrary.exe
\FsLibrary.exe
FsLibrary.exe
FsLibrary.exe
2.13.1.2
2.13.1.2
1.0.0.1
1.0.0.1
3.0.3.86
3.0.3.86
hXXp://VVV.Funshion.com/
hXXp://VVV.Funshion.com/
setup.ini
setup.ini
\AptShadow.exe"
\AptShadow.exe"
LOG %u:%u %s(%s:%u) test in InstallCoreMain
LOG %u:%u %s(%s:%u) test in InstallCoreMain
Chrome_MessagePumpWindow
Chrome_MessagePumpWindow
ASSOCIATORS OF {Win32_DiskPartition.DeviceID='
ASSOCIATORS OF {Win32_DiskPartition.DeviceID='
ASSOCIATORS OF {Win32_DiskDrive.DeviceID='
ASSOCIATORS OF {Win32_DiskDrive.DeviceID='
Tmp%I64d_%s
Tmp%I64d_%s
\funshion.ini
\funshion.ini
ntdll.dll
ntdll.dll
IEXPLORE.EXE
IEXPLORE.EXE
id_%s
id_%s
%a, %d-%b-%Y, %H:%M:%S GMT
%a, %d-%b-%Y, %H:%M:%S GMT
IDC_CHECK_NORMAL_START_WITH_WINDOWS
IDC_CHECK_NORMAL_START_WITH_WINDOWS
Software\MicroSoft\windows\CurrentVersion\Run
Software\MicroSoft\windows\CurrentVersion\Run
\Funshion.lnk
\Funshion.lnk
\gma.dll
\gma.dll
\StringFileInfo\lx\%s
\StringFileInfo\lx\%s
X-X-x-XX-XXXXXX
X-X-x-XX-XXXXXX
\rundll32.exe
\rundll32.exe
rundll32.exe
rundll32.exe
2014-01-01Td:d:d
2014-01-01Td:d:d
AhXXp://stat.funshion.net/client/tmp?
AhXXp://stat.funshion.net/client/tmp?
rprotocol=%u*_*
rprotocol=%u*_*
fck=%s*_*
fck=%s*_*
mac=%s*_*
mac=%s*_*
guid=%s*_*
guid=%s*_*
userid=%s*_*
userid=%s*_*
fpc=%s*_*
fpc=%s*_*
version=%s*_*
version=%s*_*
sid=%s*_*
sid=%s*_*
vvid=%s*_*
vvid=%s*_*
type=%s*_*
type=%s*_*
param=%d_%u_%u
param=%d_%u_%u
\quartz.dll
\quartz.dll
regsvr32.exe /s "%s"
regsvr32.exe /s "%s"
kernel32.dll
kernel32.dll
felog.dll
felog.dll
hXXp://partner.funshion.com/partner/query_binding_config.php
hXXp://partner.funshion.com/partner/query_binding_config.php
hXXp://partner.funshion.com/partner/get_partner_list.php
hXXp://partner.funshion.com/partner/get_partner_list.php
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_TEXT
EHKEY_PERFORMANCE_DATA
EHKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
LOG %u:%u %s(%s:%u) SHGetValueW string value call: ret=%ld, 0x%x %s %s %s %lu
LOG %u:%u %s(%s:%u) SHGetValueW string value call: ret=%ld, 0x%x %s %s %s %lu
LOG %u:%u %s(%s:%u) SHGetValueW dword value call: ret=%ld, 0x%x %s %s %lu %lu
LOG %u:%u %s(%s:%u) SHGetValueW dword value call: ret=%ld, 0x%x %s %s %lu %lu
LOG %u:%u %s(%s:%u) SHSetValueW string value call: ret=%ld, 0x%x %s %s %s %lu
LOG %u:%u %s(%s:%u) SHSetValueW string value call: ret=%ld, 0x%x %s %s %s %lu
LOG %u:%u %s(%s:%u) SHSetValueW dword value call: ret=%ld, 0x%x %s %s %lu %lu
LOG %u:%u %s(%s:%u) SHSetValueW dword value call: ret=%ld, 0x%x %s %s %lu %lu
LOG %u:%u %s(%s:%u) SHDeleteKeyW call: ret=%ld, 0x%x %s
LOG %u:%u %s(%s:%u) SHDeleteKeyW call: ret=%ld, 0x%x %s
WLOG %u:%u %s(%s:%u) SHDeleteValueW call: ret=%ld, 0x%x %s %s
WLOG %u:%u %s(%s:%u) SHDeleteValueW call: ret=%ld, 0x%x %s %s
funshion.ini
funshion.ini
hXXp://funshion.com
hXXp://funshion.com
ClientURL
ClientURL
\FunShion.ini
\FunShion.ini
explorer.exe
explorer.exe
funshionupgrade.exe
funshionupgrade.exe
BhXXp://stat.funshion.net/client/cinstall?
BhXXp://stat.funshion.net/client/cinstall?
md5=%s*_*
md5=%s*_*
modifyhistory=%s*_*
modifyhistory=%s*_*
os=%s*_*
os=%s*_*
over=%s*_*
over=%s*_*
cver=%s*_*
cver=%s*_*
cid=%s*_*
cid=%s*_*
cidn=%s*_*
cidn=%s*_*
startmode=%s*_*
startmode=%s*_*
imode=%s*_*
imode=%s*_*
itype=%s*_*
itype=%s*_*
cusinstall=%s*_*
cusinstall=%s*_*
preparetime=%s*_*
preparetime=%s*_*
choosetime=%s*_*
choosetime=%s*_*
installtime=%s*_*
installtime=%s*_*
installresult=%s*_*
installresult=%s*_*
repairar=%d
repairar=%d
Bpreparetime=%u*_*
Bpreparetime=%u*_*
choosetime=%u*_*
choosetime=%u*_*
installtime=%u*_*
installtime=%u*_*
installresult=%d*_*
installresult=%d*_*
repairar=%d*_*
repairar=%d*_*
airportinstall=%s*_*
airportinstall=%s*_*
airportcondition=%s*_*
airportcondition=%s*_*
othersoft=%s;%s
othersoft=%s;%s
BhXXp://partner.funshion.com/partner/query_banding_stat.php?
BhXXp://partner.funshion.com/partner/query_banding_stat.php?
s=%s&
s=%s&
v=%s&
v=%s&
id=%s&
id=%s&
m=%s&
m=%s&
qr=%s&
qr=%s&
ps=%s&
ps=%s&
bid=%s&
bid=%s&
cidt=%s&
cidt=%s&
cidc=%s&
cidc=%s&
cidd=%s&
cidd=%s&
cidr=%s&
cidr=%s&
isb=%s&
isb=%s&
ob=%s&
ob=%s&
nb=%s&
nb=%s&
cidi=%s
cidi=%s
BhXXp://partner.funshion.com/partner/install_statistic.php?
BhXXp://partner.funshion.com/partner/install_statistic.php?
idn=%s&
idn=%s&
c=%s&
c=%s&
t=%s&
t=%s&
u=%s&
u=%s&
ov=%s&
ov=%s&
mh=%s&
mh=%s&
guid=%s&
guid=%s&
im=%s&
im=%s&
os=%s&
os=%s&
%s,%s,%s,%s,%s,%s,%ld,%s,%s
%s,%s,%s,%s,%s,%s,%ld,%s,%s
BhXXp://stat.funshion.net/client/cinstall_news?
BhXXp://stat.funshion.net/client/cinstall_news?
install_type=%s*_*
install_type=%s*_*
coochannelid=%s*_*
coochannelid=%s*_*
channelid=%s*_*
channelid=%s*_*
auto_flag=%d*_*
auto_flag=%d*_*
old_version=%s*_*
old_version=%s*_*
version_history=%s*_*
version_history=%s*_*
install_mode=%s*_*
install_mode=%s*_*
competitive_product=%s*_*
competitive_product=%s*_*
position_code=%s
position_code=%s
BhXXp://partner.funshion.com/partner/uninstall_stat.php?
BhXXp://partner.funshion.com/partner/uninstall_stat.php?
FhXXp://stat.funshion.net/client/cuninstall?
FhXXp://stat.funshion.net/client/cuninstall?
hXXp://stat.funshion.net/ecom-vas/desktop?group=desktopreport&iconname=game&type=install&date=
hXXp://stat.funshion.net/ecom-vas/desktop?group=desktopreport&iconname=game&type=install&date=
hXXp://stat.funshion.net/ecom-vas/desktop?group=desktopreport&iconname=shop&type=install&date=
hXXp://stat.funshion.net/ecom-vas/desktop?group=desktopreport&iconname=shop&type=install&date=
%Y%m%d
%Y%m%d
hXXp://stat.funshion.net/client/upgradecomplete?
hXXp://stat.funshion.net/client/upgradecomplete?
hXXp://stat.funshion.net/client/tmp_startbyinstall?
hXXp://stat.funshion.net/client/tmp_startbyinstall?
start=%s
start=%s
hXXp://stat.funshion.net/client/green2formal?
hXXp://stat.funshion.net/client/green2formal?
FunPop.exe
FunPop.exe
useid=%s*_*
useid=%s*_*
ver=%s*_*
ver=%s*_*
type=%d*_*
type=%d*_*
B%d%d%d%d%d
B%d%d%d%d%d
\FunshionGame1.ico
\FunshionGame1.ico
\FunshionGame2.ico
\FunshionGame2.ico
\FunshionGame3.ico
\FunshionGame3.ico
\Funshop1.ico
\Funshop1.ico
\Funshop2.ico
\Funshop2.ico
\Funshop3.ico
\Funshop3.ico
\Funshop4.ico
\Funshop4.ico
\agentd.dll
\agentd.dll
\atrc.dlL
\atrc.dlL
\cook.dlL
\cook.dlL
\CoreAAC.ax
\CoreAAC.ax
\coreavc.ax
\coreavc.ax
\CrashReport.exe
\CrashReport.exe
\drvc.dlL
\drvc.dlL
\dump.dlL
\dump.dlL
\Fptassrv.dlL
\Fptassrv.dlL
\funoictl.dlL
\funoictl.dlL
\Funshion-install.ico
\Funshion-install.ico
\funshionplugin2.dlL
\funshionplugin2.dlL
\FunshionService.diagnose
\FunshionService.diagnose
\FunshionService.log
\FunshionService.log
\FunshionUpgrade.exe
\FunshionUpgrade.exe
\gma.dlL
\gma.dlL
\InnerWeb.exe
\InnerWeb.exe
\LangResEnAmerican.dll
\LangResEnAmerican.dll
\lsv.dll
\lsv.dll
\nicdescr.dat
\nicdescr.dat
\pncrt.dll
\pncrt.dll
\pndx5016.dll
\pndx5016.dll
\pndx5032.dll
\pndx5032.dll
\pos.ini
\pos.ini
\ptv.dll
\ptv.dll
\quality.dll
\quality.dll
\rmoc3260.dll
\rmoc3260.dll
\ttv.dll
\ttv.dll
\Uninstall.exe
\Uninstall.exe
FunShion.ini
FunShion.ini
Lack of space.Please change the installation path.
Lack of space.Please change the installation path.
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPStream.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPStream.exe
\PPStream\PPStream.exe
\PPStream\PPStream.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPLive.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPLive.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPTV.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPTV.exe
\PPLive\PPTV\PPLive.exe
\PPLive\PPTV\PPLive.exe
InstallExe
InstallExe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\StormPlayer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\StormPlayer.exe
\Baofeng\StormPlayer\StormPlayer.exe
\Baofeng\StormPlayer\StormPlayer.exe
5.lnk
5.lnk
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QvodPlayer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QvodPlayer.exe
\QvodPlayer\QvodPlayer.exe
\QvodPlayer\QvodPlayer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\XMP.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\XMP.exe
\Thunder Network\Xmp\Program\XMP.exe
\Thunder Network\Xmp\Program\XMP.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QiyiClient.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QiyiClient.exe
\iQIYI\QiyiClient.exe
\iQIYI\QiyiClient.exe
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PIPI_is1
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PIPI_is1
\PIPIPlayer.exe
\PIPIPlayer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PIPI_is1
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PIPI_is1
C:\pipi\PIPIPlayer.exe
C:\pipi\PIPIPlayer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\LmpAp_u.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\LmpAp_u.exe
\QQLive.exe
\QQLive.exe
\Tencent\QQLive\QQLive.exe
\Tencent\QQLive\QQLive.exe
\SHPlayer.exe
\SHPlayer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iUserTracker
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iUserTracker
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iUserTracker
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iUserTracker
C:\iResearch\DYT\DYT.exe
C:\iResearch\DYT\DYT.exe
C:\iResearch\YJT\YJT.exe
C:\iResearch\YJT\YJT.exe
hXXp://
hXXp://
Win32_Process.Handle="%d"
Win32_Process.Handle="%d"
Shell32.dll
Shell32.dll
FunshionService_Lite.exe
FunshionService_Lite.exe
FSPServer.exe
FSPServer.exe
InnerWeb.exe
InnerWeb.exe
Updater.exe
Updater.exe
FunshionUpdate.exe
FunshionUpdate.exe
FunshionUpgrade.exe
FunshionUpgrade.exe
SimpleIE.dll
SimpleIE.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%s\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%s\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%s
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%s
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%s\OpenWithList
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%s\OpenWithList
Funshion%s.backup
Funshion%s.backup
BRST%s_UsrProgid.backup
BRST%s_UsrProgid.backup
BRST%s_Progid.backup
BRST%s_Progid.backup
"%s",0
"%s",0
"%s" "%%1"
"%s" "%%1"
Funshion%s
Funshion%s
Funshion%s\shell
Funshion%s\shell
Funshion%s\shell\open\ddeexec
Funshion%s\shell\open\ddeexec
recover fileAssociate : %s;
recover fileAssociate : %s;
\icon\RMVB.ico
\icon\RMVB.ico
\icon\MP4.ico
\icon\MP4.ico
"%s" "%%1" /dummy
"%s" "%%1" /dummy
"%s",1
"%s",1
URL Protocol
URL Protocol
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList
ryomikai33@gundam.eu
ryomikai33@gundam.eu
FSP\shell\open\ddeexec
FSP\shell\open\ddeexec
Funshion Task\shell\open\ddeexec
Funshion Task\shell\open\ddeexec
Funshion Task\shell\open\ddeexec\Application
Funshion Task\shell\open\ddeexec\Application
Funshion Task\shell\open\ddeexec\Topic
Funshion Task\shell\open\ddeexec\Topic
FSP\shell\open\ddeexec\Application
FSP\shell\open\ddeexec\Application
FSP\shell\open\ddeexec\Topic
FSP\shell\open\ddeexec\Topic
SOFTWARE\Classes\Applications\Funshion.exe
SOFTWARE\Classes\Applications\Funshion.exe
.torrent
.torrent
qvodplayer.fsp
qvodplayer.fsp
SOFTWARE\Classes\.fsp
SOFTWARE\Classes\.fsp
bittorrent\shell\open\ddeexec\Application
bittorrent\shell\open\ddeexec\Application
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fsp
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fsp
%s\Funshion.scr
%s\Funshion.scr
/f /im "funshion.scr"
/f /im "funshion.scr"
taskkill.exe
taskkill.exe
\FunScr\funshion.scr
\FunScr\funshion.scr
SCRNSAVE.EXE
SCRNSAVE.EXE
\Titan\TitanUninstaller.exe
\Titan\TitanUninstaller.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
"%s" startbywindows tray
"%s" startbywindows tray
SOFTWARE\Classes\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA}\InprocServer32
SOFTWARE\Classes\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA}\InprocServer32
SOFTWARE\Classes\CLSID\{1CF25200-FD42-45F6-ABBD-6C0C9C89B77A}\InprocServer32
SOFTWARE\Classes\CLSID\{1CF25200-FD42-45F6-ABBD-6C0C9C89B77A}\InprocServer32
v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=%d|Profile=Private|App=%s\%s.exe|Name=%s|
v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=%d|Profile=Private|App=%s\%s.exe|Name=%s|
%s\SimpleIE.dll
%s\SimpleIE.dll
"%s",loadSimpleIE -url=%s -time=%u
"%s",loadSimpleIE -url=%s -time=%u
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
URLInfoAbout
URLInfoAbout
\Titan64.dll
\Titan64.dll
\Titan.ini
\Titan.ini
Titan64.dll
Titan64.dll
regsvr32.exe /s "%s"
regsvr32.exe /s "%s"
\TitanCore64.dll
\TitanCore64.dll
\Titan.dll
\Titan.dll
Titan.dll
Titan.dll
\TitanCore.dll
\TitanCore.dll
\TitanDownloader.exe
\TitanDownloader.exe
\TitanUninstaller.exe
\TitanUninstaller.exe
donghuanew_18.swf
donghuanew_18.swf
funshion_onlineInstwnd-nick
funshion_onlineInstwnd-nick
\Default.fskin
\Default.fskin
LOG %u:%u %s(%s:%u) startupFsProcess call: startup param = %s
LOG %u:%u %s(%s:%u) startupFsProcess call: startup param = %s
%s;%s;%s;%s;%s;%s
%s;%s;%s;%s;%s;%s
\funshion\funshiontools\LoadIE.log
\funshion\funshiontools\LoadIE.log
hXXp://neirong.funshion.com/tools/tactics/LoadIE.log
hXXp://neirong.funshion.com/tools/tactics/LoadIE.log
%s;expires = %s
%s;expires = %s
\FunShortcut.ini
\FunShortcut.ini
ICON_URL
ICON_URL
hXXp://game.funshion.com/door.php?source=desktop
hXXp://game.funshion.com/door.php?source=desktop
\tao.ico
\tao.ico
hXXp://shop.funshion.com/door.php?source=desktop1
hXXp://shop.funshion.com/door.php?source=desktop1
\winusb.dll
\winusb.dll
\funshion\update\updatexmlfile.txt
\funshion\update\updatexmlfile.txt
\uninstall.exe
\uninstall.exe
%s,%s,%s,%s,%s
%s,%s,%s,%s,%s
\FsShlExt64.dll
\FsShlExt64.dll
/s "%s%s"
/s "%s%s"
\FsShlExt.dll
\FsShlExt.dll
regsvr32.exe
regsvr32.exe
\FsMediaBar64.dll
\FsMediaBar64.dll
\FsMediaBar.dll
\FsMediaBar.dll
.library-ms
.library-ms
Root directory is not suitable for media path, a more suitable path %s has chosen for you
Root directory is not suitable for media path, a more suitable path %s has chosen for you
channel_id=%s&
channel_id=%s&
cli_ver=%s&
cli_ver=%s&
oid=%s&
oid=%s&
insttype=%s
insttype=%s
lswid=%s
lswid=%s
Funshion.scr
Funshion.scr
%H:%M:%S --
%H:%M:%S --
\FunshionHelper.dll
\FunshionHelper.dll
\FunshionSvr.dll
\FunshionSvr.dll
FSPlatform.exe
FSPlatform.exe
FSLauncher.exe
FSLauncher.exe
FsSvr.exe
FsSvr.exe
FSPAP.exe
FSPAP.exe
FSProcess.exe
FSProcess.exe
\FSPlatform.exe
\FSPlatform.exe
\FSLauncher.exe
\FSLauncher.exe
\FsSvr.exe
\FsSvr.exe
\FSPAP.exe
\FSPAP.exe
\npFunshion.dll
\npFunshion.dll
%I64d.dll
%I64d.dll
\FunshionBHO.dll
\FunshionBHO.dll
SOFTWARE\MozillaPlugins\@funshion.com/npFunshion
SOFTWARE\MozillaPlugins\@funshion.com/npFunshion
\funshion\funshiontools\npFunshion.dll
\funshion\funshiontools\npFunshion.dll
FunshionHelper.dll
FunshionHelper.dll
npFunshion.dll
npFunshion.dll
funoictl.dll
funoictl.dll
funoictl64.dll
funoictl64.dll
{80A7D4B9-D2B8-48DE-B835-0407CEBEDEC0}
{80A7D4B9-D2B8-48DE-B835-0407CEBEDEC0}
\funoictl64.dll
\funoictl64.dll
\funoictl.dll
\funoictl.dll
FunSeed.dll
FunSeed.dll
FunSeed64.dll
FunSeed64.dll
FunWorks.dll
FunWorks.dll
FunWorks64.dll
FunWorks64.dll
"%s" startup
"%s" startup
a%s\FunShadow.dll
a%s\FunShadow.dll
CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}\InprocServer32
CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}\InprocServer32
hXXp://VVV.funshion.com/help/
hXXp://VVV.funshion.com/help/
hXXp://VVV.funshion.com/download/history
hXXp://VVV.funshion.com/download/history
hXXp://VVV.funshion.com/download?alliance_id=1024&f=client
hXXp://VVV.funshion.com/download?alliance_id=1024&f=client
&idate=%s&udate=%s
&idate=%s&udate=%s
hao123.com
hao123.com
baidu.com
baidu.com
\Giraffe.ini
\Giraffe.ini
D\crashreport.exe
D\crashreport.exe
\crash_dump.dmp
\crash_dump.dmp
Funshion %s Installer
Funshion %s Installer
LOGO.png
LOGO.png
btn_close.png
btn_close.png
-EN.png
-EN.png
_en.png
_en.png
VVV.fun.tv/agreement/
VVV.fun.tv/agreement/
VVV.fun.tv/agreement/en/
VVV.fun.tv/agreement/en/
AVVV.funshion.com
AVVV.funshion.com
openUrl
openUrl
QuickInstProxy.exe
QuickInstProxy.exe
1.png
1.png
2.png
2.png
3.png
3.png
4.png
4.png
5.png
5.png
6.png
6.png
FFunshionInstall.CFpEditWindow
FFunshionInstall.CFpEditWindow
FunshionInstall.CFpEditCtrl
FunshionInstall.CFpEditCtrl
c:\%original file name%.exe
c:\%original file name%.exe
FunshionInstal.exe
FunshionInstal.exe