Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 57f7adf876c00157957b716e3eda984a
SHA1: 10f7fd4ba3053f64c1b382aef34c175e02df322f
SHA256: f48f05f93cecf88b59513e7f40d490952e9ab3cd223342f31255f1b706b66fe1
SSDeep: 98304:3ajiwyChKs/W0cODgCTU5wf lttxOtthh60QJYi jC ALyYOlYJSpK8cGI7v :3ajKChlcATU5wWlpy69D j5oOaWro
Size: 6072704 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: Elite Unzip
Created at: 2014-03-13 22:23:23
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
aabrmon.exe:1992
TPIManagerConsole.exe:212
aabarsvc.exe:1572
aabarsvc.exe:1060
aabarsvc.exe:1624
000004ccT8SETUP.EXE:1016
aasrchmn.exe:1644
aaHighIn.exe:2044
ngen.exe:1712
%original file name%.exe:1228
AppIntegrator.exe:320
AppIntegrator.exe:1636
irsetup.exe:1496
{52D5ECD1-09BC-4DF8-826D-D7FD4B307BFF}.exe:1624
The Trojan injects its code into the following process(es):
mscorsvw.exe:252
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process TPIManagerConsole.exe:212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (135 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\{52D5ECD1-09BC-4DF8-826D-D7FD4B307BFF}.exe (1300925 bytes)
The Trojan deletes the following file(s):
%Program Files%\EliteUnzip_aa\bar\1.bin\{52D5ECD1-09BC-4DF8-826D-D7FD4B307BFF}.exe (0 bytes)
The process 000004ccT8SETUP.EXE:1016 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\EliteUnzip_aa\bar\1.bin\aaskin.dll (202 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\BOOTSTRAP.JS (20 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aareghk.dll (75 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\CREXT.DLL (7386 bytes)
%System%\config\system (2812 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\installKeys.js (207 bytes)
%Program Files%\EliteUnzip_aa\bar\gen1\COMMON.T8S (1 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8EXTEX.DLL (98 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML (491 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\ASSISTMONITOR64.DLL (1633 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\VERIFY.DLL (66 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabrmon64.exe (71 bytes)
%Program Files%\EliteUnzip_aa\bar\IE9Mesg\COMMON.T8S (1727 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaieovr.dll (73 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
%Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8RES.DLL (196 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL (15 bytes)
%Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\INSTALL.RDF (2 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aamlbtn.dll (96 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aamedint.exe (12 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\Hpg64.dll (1719 bytes)
%Program Files%\EliteUnzip_aa\bar\Settings\s_pid.dat (8 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\EXEMANAGER.DLL (1767 bytes)
%System%\config\SOFTWARE.LOG (46153 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaSrchMn.exe (55 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaSrcAs.dll (139 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaidle.dll (61 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8EXTPEX.DLL (104 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aasrchmr.dll (83 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaskplay.exe (55 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (6408 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\ASSISTMONITOR.DLL (303 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aadlghk64.dll (119 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabrstub64.dll (74 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\LOGO.BMP (10 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\NPaaStub.dll (48 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\FF-NativeMessagingDispatcher.dll (250 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\CHROME.MANIFEST (1 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaauxstb64.dll (65 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8TICKER.DLL (168 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\APPINTEGRATOR.EXE (1702 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\UNIFIEDLOGGING.DLL (316 bytes)
%System%\config\SYSTEM.LOG (4793 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\AppIntegratorStub64.dll (290 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aadatact.dll (160 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabar.dll (6313 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aatpinst.dll (179 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\TPIMANAGERCONSOLE.EXE (78 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8HTML.DLL (188 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabrstub.dll (63 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaregfft.dll (81 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabarsvc.exe (88 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\DPNMNGR.DLL (289 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaradio.dll (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (1564 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabprtct.dll (115 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\chrome\aaffxtbr.jar (1829 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aahkstub.dll (59 bytes)
%System%\config (200 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\AppIntegrator64.exe (1766 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL (17 bytes)
%Program Files%\EliteUnzip_aa\bar\Message\COMMON.T8S (103 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE (206 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aahttpct.dll (144 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aafeedmg.dll (139 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabrmon.exe (61 bytes)
%System%\config\software (37236 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\APPINTEGRATORSTUB.DLL (250 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaauxstb.dll (55 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaregiet.dll (83 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1896 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (3544 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaPlugin.dll (108 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\CrExtPaa.exe (7972 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8EPMSUP.DLL (77 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aascript.dll (100 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aadlghk.dll (101 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aahighin.exe (12 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aahtmlmu.dll (202 bytes)
The process ngen.exe:1712 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Microsoft.NET\Framework\v4.0.30319\ngen.log (1314 bytes)
The process %original file name%.exe:1228 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\000004ccT8SETUP.EXE (212337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000004ccT8SETUP.EX_ (42363 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\000004ccT8SETUP.EXE (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000004ccT8SETUP.EX_ (0 bytes)
The process mscorsvw.exe:252 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Microsoft.NET\Framework\v4.0.30319\ngen_service.log (514 bytes)
The process irsetup.exe:1496 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\EliteUnzip\EliteUnzip.exe (11099 bytes)
%Program Files%\EliteUnzip\7z.dll (12594 bytes)
%Program Files%\EliteUnzip\Uninstall\uninstall.xml (1202 bytes)
%Program Files%\EliteUnzip\Uninstall\uni1.tmp (13069 bytes)
%Program Files%\EliteUnzip\RebootRequired.exe (1137 bytes)
%Program Files%\EliteUnzip\LogicNP.FolderView.WPF.dll (4440 bytes)
%Program Files%\EliteUnzip\IAC.Helpers.dll (1137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1209 bytes)
%Program Files%\EliteUnzip\Uninstall\IRIMG1.PNG (3 bytes)
%Program Files%\EliteUnzip\Resources.dll (22 bytes)
%Program Files%\EliteUnzip\LogicNP.ShComboBox.WPF.dll (1209 bytes)
%Program Files%\EliteUnzip\DesktopSdk.dll (1209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Elite Unzip Setup Log.txt (4229 bytes)
%Program Files%\EliteUnzip\Uninstall\EUZExt.cfg (1 bytes)
%Program Files%\EliteUnzip\EliteUnzip.exe.config (2 bytes)
%Program Files%\EliteUnzip\UnifiedLogging.dll (1137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.PNG (3 bytes)
%Program Files%\EliteUnzip\uninstall.exe (9213 bytes)
%Program Files%\EliteUnzip\Uninstall\uninstall.dat (2784 bytes)
%Program Files%\EliteUnzip\LogicNP.FileView.WPF.dll (4753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\EUZExt.cfg (1 bytes)
%Program Files%\EliteUnzip\SevenZipSharp.dll (1209 bytes)
%Program Files%\EliteUnzip\lua5.1.dll (2902 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Elite Unzip\Elite Unzip.lnk (1 bytes)
%Documents and Settings%\%current user%\Desktop\Elite Unzip.lnk (1 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IRW2.tmp (0 bytes)
%Program Files%\EliteUnzip\Uninstall\uni1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\EUZExt.cfg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.PNG (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (0 bytes)
The process {52D5ECD1-09BC-4DF8-826D-D7FD4B307BFF}.exe:1624 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7386 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (0 bytes)
Registry activity
The process aabrmon.exe:1992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B A9 29 03 E7 6B E8 B2 EC 48 3A 07 CF 77 00 AD"
The process TPIManagerConsole.exe:212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\EliteUnzip_aa\Dependencies\EliteUnzip]
"FriendlyName" = "Elite Unzip"
"is64bit" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\EliteUnzip_aa\Dependencies\EliteUnzip]
"UninstallString" = "${reg[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir]}\EliteUnzip\uninstall.exe /U:${reg[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir]}\EliteUnzip\Uninstall\uninstall.xml"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\EliteUnzip_aa\Dependencies]
"dependencymanagerpath" = "%Program Files%\EliteUnzip_aa\bar\1.bin\DPNMNGR.DLL"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\EliteUnzip_aa\Dependencies\EliteUnzip]
"uninstall" = "1"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1A 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C D9 C8 83 60 47 52 1E 0F 81 D4 B9 C8 27 AE 80"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process aabarsvc.exe:1572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 3B F7 17 85 FE 81 11 F0 EB 24 EB 21 5C 13 A3"
The process aabarsvc.exe:1060 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 24 44 B3 B9 56 93 6E F8 18 02 EF D9 05 DF 6E"
The process aabarsvc.exe:1624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 94 E6 2F 0D 23 7E FE 01 13 E5 5F 02 A2 50 D5"
The process 000004ccT8SETUP.EXE:1016 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{382929c8-bba2-4938-b5b6-8002016aee0f}]
"(Default)" = ""
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Integrators]
"AssistMonitor.dll" = ""
[HKCR\Interface\{A50F2CFA-D87A-4983-B2B3-9317E9110B71}\TypeLib]
"(Default)" = "{054FC50B-484A-4B35-AC4A-53CD154917B5}"
[HKCR\EliteUnzip_aa.HTMLMenu\CurVer]
"(Default)" = "EliteUnzip_aa.HTMLMenu.1"
[HKCR\Interface\{277BA79D-741F-4190-B573-BB963235A17F}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{DB6274DB-8FA7-4CD4-BC7F-35925689576C}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{97CE1707-67E1-4758-A14C-04CE2205D975}]
"(Default)" = "ITemplateBarSettings"
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Switches]
"ok" = "1"
"od" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\Interface\{4CC00B40-C831-4DE8-9D23-23F854A6393E}\TypeLib]
"(Default)" = "{8BA04565-22EE-4F92-935C-28F8BCF8F09A}"
[HKCR\Interface\{1A3F8C09-E6F9-41F6-91CE-9F16530F144B}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCR\CLSID\{38fe7706-88cf-4826-832f-034f94b8991c}\ProgID]
"(Default)" = "EliteUnzip_aa.RadioSettings.1"
[HKCR\CLSID\{3b4b7e67-b97e-4ac2-b67f-67f45a620e64}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\EliteUnzip_aa.RadioSettings\CLSID]
"(Default)" = "{38fe7706-88cf-4826-832f-034f94b8991c}"
[HKCR\Interface\{BAD67FD3-E2C8-4ED9-B280-F1606E542937}]
"(Default)" = "ITemplateBarControl"
[HKCR\Interface\{77177E2C-52FE-456A-8DA0-88A042B38CAA}]
"(Default)" = "BARFEED_INTERFACE"
[HKCR\EliteUnzip_aa.Radio\CurVer]
"(Default)" = "EliteUnzip_aa.Radio.1"
[HKCR\Interface\{D1EF1547-79A0-43AB-8704-5D7426F79877}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{C649D7F3-4451-4406-8445-E8AE56E0D109}\1.0\0\win32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\t8res.dll\100"
[HKCR\CLSID\{4c1656b7-a839-4b6c-acbb-ca632d43d1f9}\VersionIndependentProgID]
"(Default)" = "EliteUnzip_aa.Radio"
[HKCR\TypeLib\{FF1BA25F-C7BB-4282-8887-4D9E040A08FC}\1.0\0\win32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\t8res.dll\1807"
[HKCR\Interface\{30EEAA8C-6918-4975-93C1-63949A16C77D}\TypeLib]
"(Default)" = "{F31A8B54-DC1B-4334-8585-9F8A269F5622}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteUnzip_aabar Uninstall Internet Explorer]
"Publisher" = "Mindspark Interactive Network"
[HKCR\CLSID\{c8372612-302d-4dee-9188-51f104040765}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\CLSID\{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}\MiscStatus]
"(Default)" = "0"
[HKCR\Interface\{5C3EDE4B-782F-4431-8F09-22819A15742D}\TypeLib]
"Version" = "1.0"
[HKCR\Interface\{8B7F149C-7573-4793-BE30-B03F3E591508}]
"(Default)" = "HTMLPANEL_INTERFACE"
[HKCR\Interface\{B95EB44F-5177-4A6E-AF98-300C2FBB27B0}\TypeLib]
"Version" = "1.0"
[HKCR\TypeLib\{CD47593D-1F30-4B75-9E86-85B90D499B83}\1.0]
"(Default)" = "TEMPLATEHTMLMenuLib"
[HKCR\EliteUnzip_aa.ToolbarProtector]
"(Default)" = "ProtectorControl Class"
[HKCR\TypeLib\{054FC50B-484A-4B35-AC4A-53CD154917B5}\1.0\HELPDIR]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\Interface\{77177E2C-52FE-456A-8DA0-88A042B38CAA}\TypeLib]
"Version" = "1.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCR\CLSID\{382929c8-bba2-4938-b5b6-8002016aee0f}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Interface\{FBFBD788-FAD3-437E-AAAB-3141D3F72001}]
"(Default)" = "BARFEEDMANAGER_INTERFACE"
[HKCR\Interface\{3D9B1790-63DA-464A-AB42-855398023504}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"Visible" = "1"
[HKCR\EliteUnzip_aa.MultipleButton]
"(Default)" = ""
[HKCR\Interface\{D9FE87DE-92E6-41FF-8DEE-8B6E99D8F86A}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"tiec" = "208976"
[HKCR\Interface\{5F3CADB7-0472-4198-890B-B159DCF600F5}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteUnzip_aabar Uninstall Internet Explorer]
"URLInfoAbout" = "http://support.mindspark.com/"
[HKCR\CLSID\{38fe7706-88cf-4826-832f-034f94b8991c}\TypeLib]
"(Default)" = "{054fc50b-484a-4b35-ac4a-53cd154917b5}"
[HKCR\CLSID\{2facf966-7eba-4300-a012-7ed28c52c428}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\EliteUnzip_aa.MultipleButton.1]
"(Default)" = ""
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52247f23-d798-4ad9-823b-b83fcfe2f74b}]
"AppPath" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteUnzip_aabar Uninstall Internet Explorer]
"HelpLink" = "http://support.mindspark.com/"
[HKCR\EliteUnzip_aa.FeedManager]
"(Default)" = ""
[HKCR\Interface\{BAD67FD3-E2C8-4ED9-B280-F1606E542937}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{8BA04565-22EE-4F92-935C-28F8BCF8F09A}\1.0]
"(Default)" = "Skin 1.0 Type Library"
[HKLM\SOFTWARE\EliteUnzip_aa\SkinTools]
"PlayerPath" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aaSkPlay.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\TypeLib\{AB884D81-E21B-4E8B-B883-3E74DAE6381E}\1.0\HELPDIR]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\Interface\{F229256B-4818-4FD0-9720-BC49C216EEB0}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCR\Interface\{4CC00B40-C831-4DE8-9D23-23F854A6393E}]
"(Default)" = "SKINWINDOW_INTERFACE"
[HKCR\CLSID\{ef55cb9f-2729-4bff-afe5-ee59593b16e8}]
"(Default)" = "Elite Unzip"
[HKCR\Interface\{77177E2C-52FE-456A-8DA0-88A042B38CAA}\TypeLib]
"(Default)" = "{BDA8D29D-FC82-4D3B-889E-AD5228FFABEF}"
[HKCR\Interface\{30EEAA8C-6918-4975-93C1-63949A16C77D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}\TypeLib]
"(Default)" = "{5beb51a1-9e60-4ecd-8621-54184927bd48}"
[HKCR\Interface\{277BA79D-741F-4190-B573-BB963235A17F}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{5F3CADB7-0472-4198-890B-B159DCF600F5}\TypeLib]
"(Default)" = "{F31A8B54-DC1B-4334-8585-9F8A269F5622}"
[HKCR\Interface\{77177E2C-52FE-456A-8DA0-88A042B38CAA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\EliteUnzip_aa.SettingsPlugin.1]
"(Default)" = ""
[HKCR\CLSID\{382929c8-bba2-4938-b5b6-8002016aee0f}\MiscStatus]
"(Default)" = "0"
[HKCR\Interface\{30EEAA8C-6918-4975-93C1-63949A16C77D}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{591D8476-DE4F-4804-8D2B-4501A45C9E85}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Integrators64]
"AssistMonitor64.dll" = ""
[HKCR\CLSID\{09498152-17e5-4100-9116-bc386231a44c}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{09498152-17e5-4100-9116-bc386231a44c}]
"(Default)" = ""
[HKCR\Interface\{3D9B1790-63DA-464A-AB42-855398023504}\TypeLib]
"(Default)" = "{481BC3A1-ECB6-48A9-BB89-54592815F42F}"
[HKCR\EliteUnzip_aa.RadioSettings.1]
"(Default)" = ""
[HKCR\CLSID\{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}\ProgID]
"(Default)" = "EliteUnzip_aa.HTMLPanel.1"
[HKCR\CLSID\{d68ae9dc-6103-4867-a205-a3a9e738fe86}]
"(Default)" = ""
[HKCR\Interface\{D9FE87DE-92E6-41FF-8DEE-8B6E99D8F86A}\TypeLib]
"Version" = "1.0"
[HKCR\Interface\{99054213-9DDB-4D98-A83D-BFB698659179}\TypeLib]
"(Default)" = "{C649D7F3-4451-4406-8445-E8AE56E0D109}"
[HKCR\CLSID\{a62ea21a-a6a0-4de1-8a93-adfc39c1e442}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Interface\{EEF2CA16-902A-46D0-9CCC-9F010C61D3F0}\TypeLib]
"Version" = "1.0"
[HKCR\Interface\{95969FA6-C35A-4552-A1FE-34C45FE13799}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCR\CLSID\{09498152-17e5-4100-9116-bc386231a44c}\TypeLib]
"(Default)" = "{8ba04565-22ee-4f92-935c-28f8bcf8f09a}"
[HKCR\TypeLib\{F31A8B54-DC1B-4334-8585-9F8A269F5622}\1.0]
"(Default)" = "Toolbar 1.0 Type Library"
[HKCR\CLSID\{4c1656b7-a839-4b6c-acbb-ca632d43d1f9}\ProgID]
"(Default)" = "EliteUnzip_aa.Radio.1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCR\CLSID\{da5d70b2-0a92-4b43-b068-a0dd02898c56}]
"(Default)" = "Toolbar BHO"
[HKCR\CLSID\{bbf72817-58fe-4372-a430-47a74ed49764}\VersionIndependentProgID]
"(Default)" = "EliteUnzip_aa.SettingsPlugin"
[HKCR\TypeLib\{CD47593D-1F30-4B75-9E86-85B90D499B83}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{8538002b-d91f-4242-9fea-b397ab3ee6f9}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aabprtct.dll"
[HKCR\Interface\{5F3CADB7-0472-4198-890B-B159DCF600F5}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{277BA79D-741F-4190-B573-BB963235A17F}\TypeLib]
"(Default)" = "{8BA04565-22EE-4F92-935C-28F8BCF8F09A}"
[HKCR\Interface\{B95EB44F-5177-4A6E-AF98-300C2FBB27B0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{382929c8-bba2-4938-b5b6-8002016aee0f}\ProgID]
"(Default)" = "EliteUnzip_aa.ThirdPartyInstaller.1"
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Switches]
"ua" = "0"
[HKCR\Interface\{439D8B19-B2CA-429D-93C3-08100A304387}\TypeLib]
"(Default)" = "{5BEB51A1-9E60-4ECD-8621-54184927BD48}"
[HKCR\CLSID\{ef55cb9f-2729-4bff-afe5-ee59593b16e8}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aabar.dll"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"UninstallString" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aahighin.exe aabar.dll,O uninstalltype=IE"
[HKCR\Interface\{233E4207-02F7-49F3-8EB1-2A9669EA69D4}\TypeLib]
"(Default)" = "{F31A8B54-DC1B-4334-8585-9F8A269F5622}"
[HKCR\Interface\{DB6274DB-8FA7-4CD4-BC7F-35925689576C}]
"(Default)" = "IIEInstalledToolbar"
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Switches]
"aaSrcAs.dll" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\Interface\{591D8476-DE4F-4804-8D2B-4501A45C9E85}\TypeLib]
"Version" = "1.0"
[HKCR\TypeLib\{4A82DADB-0D80-4E18-8A8F-69793B7E0CD4}\1.0]
"(Default)" = "HttpControl 1.0 Type Library"
[HKCR\CLSID\{382929c8-bba2-4938-b5b6-8002016aee0f}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aatpinst.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCR\CLSID\{38fe7706-88cf-4826-832f-034f94b8991c}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aaradio.dll"
[HKCR\Interface\{C7C95C40-05B2-45BA-8582-36B37CA592B0}]
"(Default)" = "ITemplatePopupMenu"
[HKCU\Software\Classes\CLSID\{8358a5f6-e352-4677-8386-9704aa8ad899}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Interface\{FBFBD788-FAD3-437E-AAAB-3141D3F72001}\TypeLib]
"(Default)" = "{BDA8D29D-FC82-4D3B-889E-AD5228FFABEF}"
[HKCR\TypeLib\{F31A8B54-DC1B-4334-8585-9F8A269F5622}\1.0\0\win32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\t8res.dll\626"
[HKCR\EliteUnzip_aa.HTMLMenu.1\CLSID]
"(Default)" = "{7EA7C8BD-DC70-42BE-8A0D-D9BAA8BBF342}"
[HKCR\EliteUnzip_aa.SettingsPlugin\CurVer]
"(Default)" = "EliteUnzip_aa.SettingsPlugin.1"
[HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin]
"Path" = "%Program Files%\EliteUnzip_aa\bar\1.bin\NPaaStub.dll"
[HKCR\CLSID\{7EA7C8BD-DC70-42BE-8A0D-D9BAA8BBF342}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\TypeLib\{BDA8D29D-FC82-4D3B-889E-AD5228FFABEF}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{96d6a54a-32fe-496f-87ab-7e08a39ff1bc}\MiscStatus]
"(Default)" = "0"
[HKCR\Interface\{D9FE87DE-92E6-41FF-8DEE-8B6E99D8F86A}\TypeLib]
"(Default)" = "{AB884D81-E21B-4E8B-B883-3E74DAE6381E}"
[HKCR\Interface\{C7C95C40-05B2-45BA-8582-36B37CA592B0}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{D9FE87DE-92E6-41FF-8DEE-8B6E99D8F86A}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{F229256B-4818-4FD0-9720-BC49C216EEB0}\TypeLib]
"(Default)" = "{AB884D81-E21B-4E8B-B883-3E74DAE6381E}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96d6a54a-32fe-496f-87ab-7e08a39ff1bc}]
"AppPath" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\TypeLib\{5BEB51A1-9E60-4ECD-8621-54184927BD48}\1.0\0\win32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\t8res.dll\1506"
[HKCR\Interface\{30EEAA8C-6918-4975-93C1-63949A16C77D}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{8704213b-8013-4f69-8e19-9ef25610128d}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"RegHookPath" = "C:\PROGRA~1\ELITEU~1\bar\1.bin\aareghk"
[HKCR\Interface\{B95EB44F-5177-4A6E-AF98-300C2FBB27B0}\TypeLib]
"(Default)" = "{FF1BA25F-C7BB-4282-8887-4D9E040A08FC}"
[HKCR\CLSID\{1af33c13-6c63-488c-9dea-17b0e7829de5}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\TypeLib\{FF1BA25F-C7BB-4282-8887-4D9E040A08FC}\1.0\HELPDIR]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97ce1707-67e1-4758-a14c-04ce2205d975}]
"Policy" = "3"
[HKCR\EliteUnzip_aa.HTMLMenu\CLSID]
"(Default)" = "{7EA7C8BD-DC70-42BE-8A0D-D9BAA8BBF342}"
[HKCR\CLSID\{c8372612-302d-4dee-9188-51f104040765}]
"(Default)" = ""
[HKCR\CLSID\{96d6a54a-32fe-496f-87ab-7e08a39ff1bc}\TypeLib]
"(Default)" = "{8ba04565-22ee-4f92-935c-28f8bcf8f09a}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7EA7C8BD-DC70-42BE-8A0D-D9BAA8BBF342}]
"(Default)" = ""
[HKCR\TypeLib\{BDA8D29D-FC82-4D3B-889E-AD5228FFABEF}\1.0\HELPDIR]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\CLSID\{96d6a54a-32fe-496f-87ab-7e08a39ff1bc}]
"(Default)" = "Skin Settings"
[HKCR\TypeLib\{C649D7F3-4451-4406-8445-E8AE56E0D109}\1.0]
"(Default)" = "TYPELIB_NAME"
[HKCR\Interface\{4CC00B40-C831-4DE8-9D23-23F854A6393E}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{382929c8-bba2-4938-b5b6-8002016aee0f}\TypeLib]
"(Default)" = "{c649d7f3-4451-4406-8445-e8ae56e0d109}"
[HKCR\Interface\{5C3EDE4B-782F-4431-8F09-22819A15742D}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\EliteUnzip_aa.PseudoTransparentPlugin.1]
"(Default)" = "Pseudo Transparent Plugin"
[HKCR\CLSID\{38fe7706-88cf-4826-832f-034f94b8991c}\Version]
"(Default)" = "1.0"
[HKCR\EliteUnzip_aa.Radio.1\CLSID]
"(Default)" = "{4c1656b7-a839-4b6c-acbb-ca632d43d1f9}"
[HKCR\EliteUnzip_aa.PseudoTransparentPlugin]
"(Default)" = "Pseudo Transparent Plugin"
[HKCR\CLSID\{d68ae9dc-6103-4867-a205-a3a9e738fe86}\MiscStatus\1]
"(Default)" = "131473"
[HKCR\Interface\{A50F2CFA-D87A-4983-B2B3-9317E9110B71}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{96d6a54a-32fe-496f-87ab-7e08a39ff1bc}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aaskin.dll"
[HKCR\CLSID\{4c1656b7-a839-4b6c-acbb-ca632d43d1f9}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\TypeLib\{C649D7F3-4451-4406-8445-E8AE56E0D109}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{bbf72817-58fe-4372-a430-47a74ed49764}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aabar.dll"
[HKCR\CLSID\{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\T8HTML.DLL"
[HKCR\CLSID\{a62ea21a-a6a0-4de1-8a93-adfc39c1e442}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aascript.dll"
[HKCR\Interface\{439D8B19-B2CA-429D-93C3-08100A304387}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCR\CLSID\{bbf72817-58fe-4372-a430-47a74ed49764}\MiscStatus]
"(Default)" = "0"
[HKCR\CLSID\{8704213b-8013-4f69-8e19-9ef25610128d}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aaskin.dll"
[HKCR\CLSID\{bbf72817-58fe-4372-a430-47a74ed49764}\Version]
"(Default)" = "1.0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96d6a54a-32fe-496f-87ab-7e08a39ff1bc}]
"AppName" = "aaSkPlay.exe"
[HKCR\EliteUnzip_aa.FeedManager\CLSID]
"(Default)" = "{d68ae9dc-6103-4867-a205-a3a9e738fe86}"
[HKCR\TypeLib\{F31A8B54-DC1B-4334-8585-9F8A269F5622}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{96d6a54a-32fe-496f-87ab-7e08a39ff1bc}\Version]
"(Default)" = "1.0"
[HKCR\Interface\{439D8B19-B2CA-429D-93C3-08100A304387}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"CurInstall" = "1"
[HKCR\Interface\{439D8B19-B2CA-429D-93C3-08100A304387}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{d68ae9dc-6103-4867-a205-a3a9e738fe86}\Version]
"(Default)" = "1.0"
[HKCR\EliteUnzip_aa.HTMLPanel.1]
"(Default)" = "EliteUnzip_aa HTML Panel"
[HKCR\TypeLib\{481BC3A1-ECB6-48A9-BB89-54592815F42F}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{382929c8-bba2-4938-b5b6-8002016aee0f}\VersionIndependentProgID]
"(Default)" = "EliteUnzip_aa.ThirdPartyInstaller"
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8358a5f6-e352-4677-8386-9704aa8ad899}" = ""
[HKCR\Interface\{97CE1707-67E1-4758-A14C-04CE2205D975}\TypeLib]
"Version" = "1.0"
[HKCR\Interface\{473B0471-4A6B-4ED6-85EC-192FFDA754A1}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCR\EliteUnzip_aa.HTMLPanel.1\CLSID]
"(Default)" = "{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}"
[HKCR\TypeLib\{481BC3A1-ECB6-48A9-BB89-54592815F42F}\1.0\HELPDIR]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Integrators]
"AssistMonitor.dll" = "%Program Files%\EliteUnzip_aa\bar\1.bin\ASSISTMONITOR.DLL"
[HKCR\CLSID\{8538002b-d91f-4242-9fea-b397ab3ee6f9}\ProgID]
"(Default)" = "EliteUnzip_aa.ToolbarProtector.1"
[HKCR\Interface\{F469D53A-5818-47E1-90E5-0F262BB59258}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{99054213-9DDB-4D98-A83D-BFB698659179}]
"(Default)" = "IThirdPartyInstaller"
[HKCR\Interface\{C7C95C40-05B2-45BA-8582-36B37CA592B0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{95969FA6-C35A-4552-A1FE-34C45FE13799}]
"(Default)" = "_ITemplateBarSettingsEvents"
[HKCR\Interface\{EEF2CA16-902A-46D0-9CCC-9F010C61D3F0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{1af33c13-6c63-488c-9dea-17b0e7829de5}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aaSrcAs.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bbf72817-58fe-4372-a430-47a74ed49764}]
"(Default)" = ""
[HKCR\TypeLib\{8BA04565-22EE-4F92-935C-28F8BCF8F09A}\1.0\0\win32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\t8res.dll\405"
[HKCR\Interface\{99054213-9DDB-4D98-A83D-BFB698659179}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{95969FA6-C35A-4552-A1FE-34C45FE13799}\TypeLib]
"(Default)" = "{F31A8B54-DC1B-4334-8585-9F8A269F5622}"
[HKCR\CLSID\{7EA7C8BD-DC70-42BE-8A0D-D9BAA8BBF342}\VersionIndependentProgID]
"(Default)" = "EliteUnzip_aa.HTMLMenu"
[HKCR\Interface\{D1EF1547-79A0-43AB-8704-5D7426F79877}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{382929c8-bba2-4938-b5b6-8002016aee0f}\MiscStatus\1]
"(Default)" = "131473"
[HKCR\TypeLib\{BDA8D29D-FC82-4D3B-889E-AD5228FFABEF}\1.0\0\win32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\t8res.dll\1104"
[HKCR\Interface\{3D9B1790-63DA-464A-AB42-855398023504}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{4c1656b7-a839-4b6c-acbb-ca632d43d1f9}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aaradio.dll"
[HKCR\CLSID\{2facf966-7eba-4300-a012-7ed28c52c428}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aadlghk.dll"
[HKCR\CLSID\{4c1656b7-a839-4b6c-acbb-ca632d43d1f9}]
"(Default)" = ""
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"DeletedCustomizations" = "1"
[HKCR\Interface\{38FD445C-C802-4BED-9AC5-9EBC436D6620}\TypeLib]
"Version" = "1.0"
[HKCR\Interface\{591D8476-DE4F-4804-8D2B-4501A45C9E85}]
"(Default)" = "ITemplateHTMLMenu"
[HKCR\CLSID\{d68ae9dc-6103-4867-a205-a3a9e738fe86}\VersionIndependentProgID]
"(Default)" = "EliteUnzip_aa.FeedManager"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}]
"(Default)" = ""
[HKCR\CLSID\{38fe7706-88cf-4826-832f-034f94b8991c}\MiscStatus]
"(Default)" = "0"
[HKCR\Interface\{EEF2CA16-902A-46D0-9CCC-9F010C61D3F0}\TypeLib]
"(Default)" = "{8BA04565-22EE-4F92-935C-28F8BCF8F09A}"
[HKCR\Interface\{38FD445C-C802-4BED-9AC5-9EBC436D6620}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{38fe7706-88cf-4826-832f-034f94b8991c}\VersionIndependentProgID]
"(Default)" = "EliteUnzip_aa.RadioSettings"
[HKCR\EliteUnzip_aa.HTMLPanel\CLSID]
"(Default)" = "{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}"
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = ""
[HKCR\Interface\{1A3F8C09-E6F9-41F6-91CE-9F16530F144B}\TypeLib]
"(Default)" = "{4A82DADB-0D80-4E18-8A8F-69793B7E0CD4}"
[HKCR\CLSID\{bbf72817-58fe-4372-a430-47a74ed49764}\ProgID]
"(Default)" = "EliteUnzip_aa.SettingsPlugin.1"
[HKCR\CLSID\{09498152-17e5-4100-9116-bc386231a44c}\MiscStatus\1]
"(Default)" = "131473"
[HKCR\Interface\{233E4207-02F7-49F3-8EB1-2A9669EA69D4}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52247f23-d798-4ad9-823b-b83fcfe2f74b}]
"AppName" = "aamedint.exe"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ef55cb9f-2729-4bff-afe5-ee59593b16e8}" = ""
[HKCR\CLSID\{da5d70b2-0a92-4b43-b068-a0dd02898c56}\InprocServer32]
"(Default)" = "C:\PROGRA~1\ELITEU~1\bar\1.bin\aabar.dll"
[HKCR\CLSID\{bd4622da-5525-4235-8f9e-5a60cc276b83}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aahttpct.dll"
[HKCR\Interface\{A50F2CFA-D87A-4983-B2B3-9317E9110B71}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{bbf72817-58fe-4372-a430-47a74ed49764}]
"(Default)" = ""
[HKCR\Interface\{B95EB44F-5177-4A6E-AF98-300C2FBB27B0}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\EliteUnzip_aa.FeedManager.1\CLSID]
"(Default)" = "{d68ae9dc-6103-4867-a205-a3a9e738fe86}"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"dir" = "%Program Files%\EliteUnzip_aa\bar\"
[HKCR\TypeLib\{AB884D81-E21B-4E8B-B883-3E74DAE6381E}\1.0]
"(Default)" = "DataCtrl 1.0 Type Library"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"PartnerPixelNotSet" = ""
[HKCR\Interface\{5C3EDE4B-782F-4431-8F09-22819A15742D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{C649D7F3-4451-4406-8445-E8AE56E0D109}\1.0\HELPDIR]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\CLSID\{d68ae9dc-6103-4867-a205-a3a9e738fe86}\ProgID]
"(Default)" = "EliteUnzip_aa.FeedManager.1"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"sr" = "0"
[HKCR\EliteUnzip_aa.ToolbarProtector\CurVer]
"(Default)" = "EliteUnzip_aa.ToolbarProtector.1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCR\Interface\{233E4207-02F7-49F3-8EB1-2A9669EA69D4}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{da5d70b2-0a92-4b43-b068-a0dd02898c56}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\TypeLib\{5BEB51A1-9E60-4ECD-8621-54184927BD48}\1.0]
"(Default)" = "HTML 1.0 Type Library"
[HKCR\CLSID\{bd4622da-5525-4235-8f9e-5a60cc276b83}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\TypeLib\{AB884D81-E21B-4E8B-B883-3E74DAE6381E}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{8704213b-8013-4f69-8e19-9ef25610128d}\MiscStatus]
"(Default)" = "0"
[HKLM\SOFTWARE\EliteUnzip_aa\Settings\SmileyCentralBtn]
"HTMLMenuPosDeleted" = "1"
[HKCR\CLSID\{8538002b-d91f-4242-9fea-b397ab3ee6f9}]
"(Default)" = "ProtectorControl Class"
[HKCR\CLSID\{8538002b-d91f-4242-9fea-b397ab3ee6f9}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\TypeLib\{5BEB51A1-9E60-4ECD-8621-54184927BD48}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\CLSID\{7EA7C8BD-DC70-42BE-8A0D-D9BAA8BBF342}]
"(Default)" = "EliteUnzip_aa HTML Menu"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97ce1707-67e1-4758-a14c-04ce2205d975}]
"AppPath" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\Interface\{EEF2CA16-902A-46D0-9CCC-9F010C61D3F0}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{09498152-17e5-4100-9116-bc386231a44c}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aaskin.dll"
[HKCR\Interface\{38FD445C-C802-4BED-9AC5-9EBC436D6620}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin]
"Path" = "%Program Files%\EliteUnzip_aa\bar\1.bin\NPaaStub.dll"
[HKCR\EliteUnzip_aa.ScriptButton.1]
"(Default)" = ""
[HKCR\CLSID\{09498152-17e5-4100-9116-bc386231a44c}]
"(Default)" = "Pseudo Transparent Plugin"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cf8f750b-3fa0-4566-8b2c-19cfb50cf9c5}]
"AppName" = "aaSrchMn.exe"
[HKCR\Interface\{38FD445C-C802-4BED-9AC5-9EBC436D6620}\TypeLib]
"(Default)" = "{FF1BA25F-C7BB-4282-8887-4D9E040A08FC}"
[HKCR\CLSID\{96d6a54a-32fe-496f-87ab-7e08a39ff1bc}\MiscStatus\1]
"(Default)" = "131473"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\PROGRA~1\ELITEU~1\bar\1.bin]
"aabrmon.exe" = "VER_DESCRIPTION"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCR\Interface\{A50F2CFA-D87A-4983-B2B3-9317E9110B71}]
"(Default)" = "IRadioSettings"
[HKCR\CLSID\{bbf72817-58fe-4372-a430-47a74ed49764}\TypeLib]
"(Default)" = "{f31a8b54-dc1b-4334-8585-9f8a269f5622}"
[HKCR\CLSID\{09498152-17e5-4100-9116-bc386231a44c}\Version]
"(Default)" = "1.0"
[HKCR\Interface\{473B0471-4A6B-4ED6-85EC-192FFDA754A1}]
"(Default)" = "_IThirdPartyInstallerEvents"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95969fa6-c35a-4552-a1fe-34c45fe13799}]
"AppPath" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\CLSID\{bd4622da-5525-4235-8f9e-5a60cc276b83}\TypeLib]
"(Default)" = "{4a82dadb-0d80-4e18-8a8f-69793b7e0cd4}"
[HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin\MimeTypes\application/x-eliteunzip_aaplugin]
"Description" = "Elite Unzip Plugin"
[HKCR\Interface\{FBFBD788-FAD3-437E-AAAB-3141D3F72001}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{D1EF1547-79A0-43AB-8704-5D7426F79877}\TypeLib]
"Version" = "1.0"
[HKCR\Interface\{F469D53A-5818-47E1-90E5-0F262BB59258}]
"(Default)" = "IHttpControl"
[HKCR\Interface\{99054213-9DDB-4D98-A83D-BFB698659179}\TypeLib]
"Version" = "1.0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{db9efcee-b30c-4989-98cc-ee371fa5b355}]
"Policy" = "3"
[HKCR\CLSID\{3b4b7e67-b97e-4ac2-b67f-67f45a620e64}]
"(Default)" = "DataCtrl Class"
[HKCR\EliteUnzip_aa.HTMLMenu]
"(Default)" = "EliteUnzip_aa HTML Menu"
[HKCR\Interface\{233E4207-02F7-49F3-8EB1-2A9669EA69D4}]
"(Default)" = "ITemplateBarMenu"
[HKCR\CLSID\{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\CLSID\{8704213b-8013-4f69-8e19-9ef25610128d}\Version]
"(Default)" = "1.0"
[HKCR\TypeLib\{AB884D81-E21B-4E8B-B883-3E74DAE6381E}\1.0\0\win32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\t8res.dll\1406"
[HKCR\EliteUnzip_aa.Radio]
"(Default)" = ""
[HKCR\CLSID\{d68ae9dc-6103-4867-a205-a3a9e738fe86}\MiscStatus]
"(Default)" = "0"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"UninstallFFString" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aahighin.exe aabar.dll,O uninstalltype=FF"
"ID" = "D6F4A0FD-3C67-4DB1-B5FC-53D792D385E4"
[HKCR\TypeLib\{8BA04565-22EE-4F92-935C-28F8BCF8F09A}\1.0\HELPDIR]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\CLSID\{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}\Version]
"(Default)" = "1.0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteUnzip_aabar Uninstall Internet Explorer]
"UninstallString" = "rundll32 %Program Files%\EliteUnzip_aa\bar\1.bin\aaBar.dll,O mindsparktoolbarkey=EliteUnzip_aa uninstalltype=IE"
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Switches]
"au" = "1"
[HKCR\Interface\{8B7F149C-7573-4793-BE30-B03F3E591508}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96d6a54a-32fe-496f-87ab-7e08a39ff1bc}]
"Policy" = "3"
[HKCR\CLSID\{a62ea21a-a6a0-4de1-8a93-adfc39c1e442}]
"(Default)" = ""
[HKCR\CLSID\{1af33c13-6c63-488c-9dea-17b0e7829de5}]
"(Default)" = "Search Assistant BHO"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"lidate" = "2014-08-31T04:34:58Z"
[HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin]
"vendor" = "EliteUnzip_aa"
[HKCR\CLSID\{bbf72817-58fe-4372-a430-47a74ed49764}\MiscStatus\1]
"(Default)" = "131473"
[HKCR\Interface\{233E4207-02F7-49F3-8EB1-2A9669EA69D4}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{CD47593D-1F30-4B75-9E86-85B90D499B83}\1.0\HELPDIR]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\Interface\{BAD67FD3-E2C8-4ED9-B280-F1606E542937}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{d68ae9dc-6103-4867-a205-a3a9e738fe86}\TypeLib]
"(Default)" = "{bda8d29d-fc82-4d3b-889e-ad5228ffabef}"
[HKCR\Interface\{FBFBD788-FAD3-437E-AAAB-3141D3F72001}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{c8372612-302d-4dee-9188-51f104040765}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aamlbtn.dll"
[HKCR\CLSID\{2facf966-7eba-4300-a012-7ed28c52c428}]
"(Default)" = "Disable Addon Rebuttal Control"
[HKCR\Interface\{BAD67FD3-E2C8-4ED9-B280-F1606E542937}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\EliteUnzip_aa.ToolbarProtector.1]
"(Default)" = "ProtectorControl Class"
[HKCR\Interface\{30EEAA8C-6918-4975-93C1-63949A16C77D}]
"(Default)" = "SEARCHSCOPE_INTERFACE"
[HKCR\CLSID\{8538002b-d91f-4242-9fea-b397ab3ee6f9}\VersionIndependentProgID]
"(Default)" = "EliteUnzip_aa.ToolbarProtector"
[HKCR\Interface\{5C3EDE4B-782F-4431-8F09-22819A15742D}\TypeLib]
"(Default)" = "{8BA04565-22EE-4F92-935C-28F8BCF8F09A}"
[HKCR\EliteUnzip_aa.ThirdPartyInstaller\CurVer]
"(Default)" = "EliteUnzip_aa.ThirdPartyInstaller.1"
[HKCR\CLSID\{bbf72817-58fe-4372-a430-47a74ed49764}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Interface\{591D8476-DE4F-4804-8D2B-4501A45C9E85}\TypeLib]
"(Default)" = "{CD47593D-1F30-4B75-9E86-85B90D499B83}"
[HKCU\Software\Classes\CLSID\{8358a5f6-e352-4677-8386-9704aa8ad899}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aaSrcAs.dll"
[HKCR\Interface\{95969FA6-C35A-4552-A1FE-34C45FE13799}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCR\EliteUnzip_aa.PseudoTransparentPlugin\CLSID]
"(Default)" = "{09498152-17e5-4100-9116-bc386231a44c}"
[HKCR\CLSID\{38fe7706-88cf-4826-832f-034f94b8991c}]
"(Default)" = ""
[HKCR\CLSID\{7EA7C8BD-DC70-42BE-8A0D-D9BAA8BBF342}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aahtmlmu.dll"
[HKCR\EliteUnzip_aa.PseudoTransparentPlugin\CurVer]
"(Default)" = "EliteUnzip_aa.PseudoTransparentPlugin.1"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"RegisteredWithFirefox" = "1"
[HKCR\EliteUnzip_aa.HTMLMenu.1]
"(Default)" = "EliteUnzip_aa HTML Menu"
[HKCR\EliteUnzip_aa.ScriptButton\CLSID]
"(Default)" = "{a62ea21a-a6a0-4de1-8a93-adfc39c1e442}"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"pl" = "9"
[HKCR\CLSID\{09498152-17e5-4100-9116-bc386231a44c}\ProgID]
"(Default)" = "EliteUnzip_aa.PseudoTransparentPlugin.1"
[HKCR\Interface\{1A3F8C09-E6F9-41F6-91CE-9F16530F144B}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCR\Interface\{4CC00B40-C831-4DE8-9D23-23F854A6393E}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{439D8B19-B2CA-429D-93C3-08100A304387}]
"(Default)" = "HTMLPANELEVENTS_INTERFACE"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCR\Interface\{97CE1707-67E1-4758-A14C-04CE2205D975}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\EliteUnzip_aa.SettingsPlugin\CLSID]
"(Default)" = "{bbf72817-58fe-4372-a430-47a74ed49764}"
[HKCR\CLSID\{d68ae9dc-6103-4867-a205-a3a9e738fe86}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aafeedmg.dll"
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Integrators64]
"HPG64.DLL" = ""
[HKCU\Software\Classes\CLSID\{8358a5f6-e352-4677-8386-9704aa8ad899}]
"(Default)" = ""
[HKCR\Interface\{C7C95C40-05B2-45BA-8582-36B37CA592B0}\TypeLib]
"Version" = "1.0"
[HKCR\EliteUnzip_aa.ToolbarProtector.1\CLSID]
"(Default)" = "{8538002b-d91f-4242-9fea-b397ab3ee6f9}"
[HKCR\CLSID\{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}]
"(Default)" = "EliteUnzip_aa HTML"
[HKCR\EliteUnzip_aa.ToolbarProtector\CLSID]
"(Default)" = "{8538002b-d91f-4242-9fea-b397ab3ee6f9}"
[HKCR\Interface\{4CC00B40-C831-4DE8-9D23-23F854A6393E}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cf8f750b-3fa0-4566-8b2c-19cfb50cf9c5}]
"AppPath" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\Interface\{277BA79D-741F-4190-B573-BB963235A17F}\TypeLib]
"Version" = "1.0"
[HKCR\EliteUnzip_aa.MultipleButton\CurVer]
"(Default)" = "EliteUnzip_aa.MultipleButton.1"
[HKCR\Interface\{97CE1707-67E1-4758-A14C-04CE2205D975}\TypeLib]
"(Default)" = "{F31A8B54-DC1B-4334-8585-9F8A269F5622}"
[HKCR\Interface\{8B7F149C-7573-4793-BE30-B03F3E591508}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{ef55cb9f-2729-4bff-afe5-ee59593b16e8}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\EliteUnzip_aa.RadioSettings]
"(Default)" = ""
[HKCR\CLSID\{3b4b7e67-b97e-4ac2-b67f-67f45a620e64}\InprocServer32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\aadatact.dll"
[HKCR\TypeLib\{BDA8D29D-FC82-4D3B-889E-AD5228FFABEF}\1.0]
"(Default)" = "BARFEEDTYPELIB_NAME"
[HKCR\EliteUnzip_aa.PseudoTransparentPlugin.1\CLSID]
"(Default)" = "{09498152-17e5-4100-9116-bc386231a44c}"
[HKCR\Interface\{5F3CADB7-0472-4198-890B-B159DCF600F5}\TypeLib]
"Version" = "1.0"
[HKCR\Interface\{D9FE87DE-92E6-41FF-8DEE-8B6E99D8F86A}]
"(Default)" = "ISessionData"
[HKCR\TypeLib\{481BC3A1-ECB6-48A9-BB89-54592815F42F}\1.0]
"(Default)" = "DialogHook 1.0 Type Library"
[HKCR\CLSID\{d68ae9dc-6103-4867-a205-a3a9e738fe86}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"SettingsDir" = "%Program Files%\EliteUnzip_aa\bar\Settings\"
[HKCR\TypeLib\{054FC50B-484A-4B35-AC4A-53CD154917B5}\1.0\0\win32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\t8res.dll\1003"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"Maximized" = "1"
[HKCR\Interface\{1A3F8C09-E6F9-41F6-91CE-9F16530F144B}\TypeLib]
"Version" = "1.0"
[HKCR\Interface\{F229256B-4818-4FD0-9720-BC49C216EEB0}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{c8372612-302d-4dee-9188-51f104040765}\ProgID]
"(Default)" = "EliteUnzip_aa.MultipleButton.1"
[HKCR\Interface\{F469D53A-5818-47E1-90E5-0F262BB59258}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"hpwl" = ".mywebsearch.com,.google.com,.yahoo.com,.bing.com,.msn.com"
[HKCR\Interface\{DB6274DB-8FA7-4CD4-BC7F-35925689576C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\EliteUnzip_aa.MultipleButton\CLSID]
"(Default)" = "{c8372612-302d-4dee-9188-51f104040765}"
[HKCR\Interface\{3D9B1790-63DA-464A-AB42-855398023504}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"un" = "Elite Unzip"
[HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin]
"Version" = "1.1.1.1"
[HKCR\TypeLib\{054FC50B-484A-4B35-AC4A-53CD154917B5}\1.0]
"(Default)" = "RADIOLib"
[HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin]
"Description" = "Elite Unzip Plugin"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95969fa6-c35a-4552-a1fe-34c45fe13799}]
"AppName" = "AppIntegrator.exe"
[HKCR\Interface\{B95EB44F-5177-4A6E-AF98-300C2FBB27B0}]
"(Default)" = "IProtectorControl"
[HKCR\TypeLib\{FF1BA25F-C7BB-4282-8887-4D9E040A08FC}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Interface\{473B0471-4A6B-4ED6-85EC-192FFDA754A1}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97ce1707-67e1-4758-a14c-04ce2205d975}]
"AppName" = "aaSlSrch.exe"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"PluginPath" = "%Program Files%\EliteUnzip_aa\bar\1.bin\"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{db9efcee-b30c-4989-98cc-ee371fa5b355}]
"AppName" = "CrExtPaa.exe"
[HKCR\CLSID\{bd4622da-5525-4235-8f9e-5a60cc276b83}]
"(Default)" = "HttpControl Class"
[HKCR\Interface\{BAD67FD3-E2C8-4ED9-B280-F1606E542937}\TypeLib]
"(Default)" = "{F31A8B54-DC1B-4334-8585-9F8A269F5622}"
[HKCR\CLSID\{c8372612-302d-4dee-9188-51f104040765}\VersionIndependentProgID]
"(Default)" = "EliteUnzip_aa.MultipleButton"
[HKCR\Interface\{F229256B-4818-4FD0-9720-BC49C216EEB0}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCR\Interface\{473B0471-4A6B-4ED6-85EC-192FFDA754A1}\TypeLib]
"Version" = "1.0"
[HKCR\EliteUnzip_aa.MultipleButton.1\CLSID]
"(Default)" = "{c8372612-302d-4dee-9188-51f104040765}"
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Switches]
"nk" = "0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"CrExtPaa.exe" = "0"
[HKCR\EliteUnzip_aa.ScriptButton.1\CLSID]
"(Default)" = "{a62ea21a-a6a0-4de1-8a93-adfc39c1e442}"
[HKCR\EliteUnzip_aa.SettingsPlugin.1\CLSID]
"(Default)" = "{bbf72817-58fe-4372-a430-47a74ed49764}"
[HKCR\TypeLib\{4A82DADB-0D80-4E18-8A8F-69793B7E0CD4}\1.0\0\win32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\t8res.dll\905"
[HKCR\Interface\{8B7F149C-7573-4793-BE30-B03F3E591508}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\EliteUnzip_aa.ScriptButton\CurVer]
"(Default)" = "EliteUnzip_aa.ScriptButton.1"
[HKCR\EliteUnzip_aa.RadioSettings\CurVer]
"(Default)" = "EliteUnzip_aa.RadioSettings.1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteUnzip_aabar Uninstall Internet Explorer]
"DisplayName" = "Elite Unzip Internet Explorer Toolbar"
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Switches]
"nd" = "0"
[HKCR\EliteUnzip_aa.ScriptButton]
"(Default)" = ""
[HKCR\Interface\{99054213-9DDB-4D98-A83D-BFB698659179}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{5BEB51A1-9E60-4ECD-8621-54184927BD48}\1.0\HELPDIR]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCR\Interface\{473B0471-4A6B-4ED6-85EC-192FFDA754A1}\TypeLib]
"(Default)" = "{C649D7F3-4451-4406-8445-E8AE56E0D109}"
[HKCR\CLSID\{8704213b-8013-4f69-8e19-9ef25610128d}\MiscStatus\1]
"(Default)" = "131473"
[HKCR\Interface\{D1EF1547-79A0-43AB-8704-5D7426F79877}\TypeLib]
"(Default)" = "{AB884D81-E21B-4E8B-B883-3E74DAE6381E}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52247f23-d798-4ad9-823b-b83fcfe2f74b}]
"Policy" = "3"
[HKCR\CLSID\{8704213b-8013-4f69-8e19-9ef25610128d}]
"(Default)" = "Popup Menu Plugin"
[HKCR\Interface\{1A3F8C09-E6F9-41F6-91CE-9F16530F144B}]
"(Default)" = "IHttpControlEvents"
[HKCR\TypeLib\{054FC50B-484A-4B35-AC4A-53CD154917B5}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Interface\{D1EF1547-79A0-43AB-8704-5D7426F79877}]
"(Default)" = "IDataCtrl"
[HKCR\TypeLib\{FF1BA25F-C7BB-4282-8887-4D9E040A08FC}\1.0]
"(Default)" = "ToolbarProtector 1.0 Type Library"
[HKCR\TypeLib\{4A82DADB-0D80-4E18-8A8F-69793B7E0CD4}\1.0\HELPDIR]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\Interface\{277BA79D-741F-4190-B573-BB963235A17F}]
"(Default)" = "POPUPMENU_INTERFACE"
[HKCR\Interface\{97CE1707-67E1-4758-A14C-04CE2205D975}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 EF 2D E7 FC 12 1E E2 B7 CA F2 F5 BB 40 DD EB"
[HKCR\Interface\{F229256B-4818-4FD0-9720-BC49C216EEB0}]
"(Default)" = "_IDataCtrlEvents"
[HKCR\EliteUnzip_aa.FeedManager.1]
"(Default)" = ""
[HKCR\CLSID\{96d6a54a-32fe-496f-87ab-7e08a39ff1bc}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Interface\{A50F2CFA-D87A-4983-B2B3-9317E9110B71}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{a62ea21a-a6a0-4de1-8a93-adfc39c1e442}\VersionIndependentProgID]
"(Default)" = "EliteUnzip_aa.ScriptButton"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCR\Interface\{DB6274DB-8FA7-4CD4-BC7F-35925689576C}\TypeLib]
"Version" = "1.0"
[HKCR\TypeLib\{CD47593D-1F30-4B75-9E86-85B90D499B83}\1.0\0\win32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\t8res.dll\1604"
[HKCR\CLSID\{8704213b-8013-4f69-8e19-9ef25610128d}\TypeLib]
"(Default)" = "{8ba04565-22ee-4f92-935c-28f8bcf8f09a}"
[HKCR\Interface\{3D9B1790-63DA-464A-AB42-855398023504}]
"(Default)" = "IDisableAddonRebuttal"
[HKCR\EliteUnzip_aa.RadioSettings.1\CLSID]
"(Default)" = "{38fe7706-88cf-4826-832f-034f94b8991c}"
[HKCR\CLSID\{8538002b-d91f-4242-9fea-b397ab3ee6f9}\TypeLib]
"(Default)" = "{ff1ba25f-c7bb-4282-8887-4d9e040a08fc}"
[HKCR\EliteUnzip_aa.ThirdPartyInstaller]
"(Default)" = "Elite Unzip Third Party Installer"
[HKCR\CLSID\{38fe7706-88cf-4826-832f-034f94b8991c}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\CLSID\{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}\VersionIndependentProgID]
"(Default)" = "EliteUnzip_aa.HTMLPanel"
[HKCR\CLSID\{09498152-17e5-4100-9116-bc386231a44c}\VersionIndependentProgID]
"(Default)" = "EliteUnzip_aa.PseudoTransparentPlugin"
[HKCR\Interface\{EEF2CA16-902A-46D0-9CCC-9F010C61D3F0}]
"(Default)" = "PSEUDOTRANSPARENT_INTERFACE"
[HKCR\CLSID\{a62ea21a-a6a0-4de1-8a93-adfc39c1e442}\ProgID]
"(Default)" = "EliteUnzip_aa.ScriptButton.1"
[HKCR\CLSID\{3b4b7e67-b97e-4ac2-b67f-67f45a620e64}\TypeLib]
"(Default)" = "{ab884d81-e21b-4e8b-b883-3e74dae6381e}"
[HKCR\Interface\{5C3EDE4B-782F-4431-8F09-22819A15742D}]
"(Default)" = "SKINSETTINGS_INTERFACE"
[HKCR\Interface\{FBFBD788-FAD3-437E-AAAB-3141D3F72001}\TypeLib]
"Version" = "1.0"
[HKCR\EliteUnzip_aa.ThirdPartyInstaller.1]
"(Default)" = "Elite Unzip Third Party Installer"
[HKCR\CLSID\{09498152-17e5-4100-9116-bc386231a44c}\MiscStatus]
"(Default)" = "0"
[HKCR\CLSID\{90fa0e29-aa8f-42f6-83ec-fddf0df144ff}\MiscStatus\1]
"(Default)" = "131473"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"Build" = "145.9024"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cf8f750b-3fa0-4566-8b2c-19cfb50cf9c5}]
"Policy" = "3"
[HKCR\TypeLib\{8BA04565-22EE-4F92-935C-28F8BCF8F09A}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Interface\{C7C95C40-05B2-45BA-8582-36B37CA592B0}\TypeLib]
"(Default)" = "{CD47593D-1F30-4B75-9E86-85B90D499B83}"
[HKCR\Interface\{591D8476-DE4F-4804-8D2B-4501A45C9E85}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{382929c8-bba2-4938-b5b6-8002016aee0f}]
"(Default)" = "Elite Unzip Third Party Installer"
[HKCR\Interface\{8B7F149C-7573-4793-BE30-B03F3E591508}\TypeLib]
"(Default)" = "{5BEB51A1-9E60-4ECD-8621-54184927BD48}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{db9efcee-b30c-4989-98cc-ee371fa5b355}]
"AppPath" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\EliteUnzip_aa.SettingsPlugin]
"(Default)" = ""
[HKCR\TypeLib\{F31A8B54-DC1B-4334-8585-9F8A269F5622}\1.0\HELPDIR]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin"
[HKCR\CLSID\{7EA7C8BD-DC70-42BE-8A0D-D9BAA8BBF342}\ProgID]
"(Default)" = "EliteUnzip_aa.HTMLMenu.1"
[HKCR\CLSID\{382929c8-bba2-4938-b5b6-8002016aee0f}\Version]
"(Default)" = "1.0"
[HKCR\EliteUnzip_aa.FeedManager\CurVer]
"(Default)" = "EliteUnzip_aa.FeedManager.1"
[HKCR\EliteUnzip_aa.ThirdPartyInstaller\CLSID]
"(Default)" = "{382929c8-bba2-4938-b5b6-8002016aee0f}"
[HKCR\TypeLib\{4A82DADB-0D80-4E18-8A8F-69793B7E0CD4}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\EliteUnzip_aa.HTMLPanel]
"(Default)" = "EliteUnzip_aa HTML Panel"
[HKCR\Interface\{F469D53A-5818-47E1-90E5-0F262BB59258}\TypeLib]
"(Default)" = "{4A82DADB-0D80-4E18-8A8F-69793B7E0CD4}"
[HKCR\EliteUnzip_aa.ThirdPartyInstaller.1\CLSID]
"(Default)" = "{382929c8-bba2-4938-b5b6-8002016aee0f}"
[HKCR\Interface\{5F3CADB7-0472-4198-890B-B159DCF600F5}]
"(Default)" = "ITemplateBarButtonRect"
[HKCR\Interface\{DB6274DB-8FA7-4CD4-BC7F-35925689576C}\TypeLib]
"(Default)" = "{FF1BA25F-C7BB-4282-8887-4D9E040A08FC}"
[HKCR\Interface\{F469D53A-5818-47E1-90E5-0F262BB59258}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{38fe7706-88cf-4826-832f-034f94b8991c}\MiscStatus\1]
"(Default)" = "131473"
[HKCR\Interface\{95969FA6-C35A-4552-A1FE-34C45FE13799}\TypeLib]
"Version" = "1.0"
[HKCR\CLSID\{2facf966-7eba-4300-a012-7ed28c52c428}\TypeLib]
"(Default)" = "{481bc3a1-ecb6-48a9-bb89-54592815f42f}"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"PID" = "^BDG"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95969fa6-c35a-4552-a1fe-34c45fe13799}]
"Policy" = "3"
[HKCR\TypeLib\{481BC3A1-ECB6-48A9-BB89-54592815F42F}\1.0\0\win32]
"(Default)" = "%Program Files%\EliteUnzip_aa\bar\1.bin\t8res.dll\625"
[HKCR\Interface\{77177E2C-52FE-456A-8DA0-88A042B38CAA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin\MimeTypes\application/x-eliteunzip_aaplugin]
"Suffixes" = "aa"
[HKCR\EliteUnzip_aa.HTMLPanel\CurVer]
"(Default)" = "EliteUnzip_aa.HTMLPanel.1"
[HKCR\EliteUnzip_aa.Radio.1]
"(Default)" = ""
[HKCR\EliteUnzip_aa.Radio\CLSID]
"(Default)" = "{4c1656b7-a839-4b6c-acbb-ca632d43d1f9}"
[HKCR\Interface\{38FD445C-C802-4BED-9AC5-9EBC436D6620}]
"(Default)" = "IIEInstalledToolbars"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteUnzip_aabar Uninstall Firefox]
"UninstallString" = "rundll32 %Program Files%\EliteUnzip_aa\bar\1.bin\aaBar.dll,O mindsparktoolbarkey=EliteUnzip_aa uninstalltype=FF"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1af33c13-6c63-488c-9dea-17b0e7829de5}]
"(Default)" = ""
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elite Unzip" = "rundll32 C:\PROGRA~1\ELITEU~1\bar\1.bin\aabar.dll,S"
It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da5d70b2-0a92-4b43-b068-a0dd02898c56}]
"(Default)" = ""
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elite Unzip Search Scope Monitor" = "C:\PROGRA~1\ELITEU~1\bar\1.bin\aasrchmn.exe /m=2 /w /h"
"Elite Unzip Home Page Guard 32 bit" = "C:\PROGRA~1\ELITEU~1\bar\1.bin\AppIntegrator.exe"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EliteUnzip_aa Browser Plugin Loader" = "C:\PROGRA~1\ELITEU~1\bar\1.bin\aabrmon.exe"
The Trojan deletes the following registry key(s):
[HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin]
[HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin\MimeTypes]
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Integrators]
[HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin\MimeTypes\application/x-eliteunzip_aaplugin]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1af33c13-6c63-488c-9dea-17b0e7829de5}]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"
[HKLM\SOFTWARE\EliteUnzip_aa\bar]
"pid2"
"ConfigDateStamp"
"un"
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elite Unzip Plugin"
"Elite Unzip Home Page Guard 32 bit"
"Elite Unzip Search Scope Monitor"
The process aasrchmn.exe:1644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 E6 8B 2E F1 8D B2 6C 36 A8 83 E5 B5 B2 7F 3D"
The process aaHighIn.exe:2044 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B F1 3E 36 44 E8 00 C9 56 3E 94 AB E1 2D C4 E3"
The process ngen.exe:1712 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C4 36 57 90 B6 C5 87 E6 31 DE 26 7E 4F C0 77 55"
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots]
"WorkPending" = "1"
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\C:/Program Files/EliteUnzip/EliteUnzip.exe\0]
"Scenario" = "0"
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\ListenedState]
"RootstoreDirty" = "1"
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\C:/Program Files/EliteUnzip/EliteUnzip.exe\0]
"Status" = "2"
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\C:/Program Files/EliteUnzip/EliteUnzip.exe]
"Status" = "3"
The process %original file name%.exe:1228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 47 9E 1B 79 85 0A A6 08 F3 5B BB B8 B1 6C DA"
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Switches]
"ie9disable" = "1"
"nodns" = "0"
[HKCU\Software\EliteUnzip_aa\Events\EventData]
"00000000_7" = "01 00 00 00 F6 A5 02 54 00 00 00 00 00 00 00 00"
"00000000_6" = "01 00 00 00 F6 A5 02 54 00 00 00 00 00 00 00 00"
"00000000_5" = "01 00 00 00 F6 A5 02 54 00 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\EliteUnzip_aa\bar\Switches]
"hpp" = "0"
"ffTabs" = "0"
The process mscorsvw.exe:252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 01 D4 51 79 11 39 E1 E3 2F 2D 80 DB ED C6 6A"
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\ListenedState]
"RootstoreDirty" = "0"
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "0"
The process AppIntegrator.exe:320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 B1 7B 8E A7 20 19 83 C3 D1 3D 5F 76 16 73 09"
The process AppIntegrator.exe:1636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 0C CC FB 03 4C 2A 37 EB 65 E5 10 02 4D A1 F0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
The process irsetup.exe:1496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\euz.zip\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elite Unzip]
"HelpLink" = "http://www.mindspark.com"
[HKCR\euz.udf\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCR\.udf]
"(Default)" = "euz.udf"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elite Unzip]
"InstallLocation" = "%Program Files%\EliteUnzip"
[HKCR\euz.rpm\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
[HKCR\.dmg]
"(Default)" = "euz.dmg"
[HKCR\euz.nsis\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elite Unzip]
"Publisher" = "Mindspark Interactive Network"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCR\euz.z\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCR\euz.squashfs\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCR\.hfs]
"(Default)" = "euz.hfs"
[HKCR\euz.iso\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCR\.rar]
"(Default)" = "euz.rar"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCR\.xz]
"(Default)" = "euz.xz"
[HKCR\.7z]
"(Default)" = "euz.7z"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCR\.squashfs]
"(Default)" = "euz.squashfs"
[HKCR\.iso]
"(Default)" = "euz.iso"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elite Unzip]
"DisplayIcon" = "%Program Files%\EliteUnzip\EliteUnzip.exe,0"
[HKCR\euz.cpio\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCR\.tar]
"(Default)" = "euz.tar"
[HKCR\euz.lzma\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCR\.xar]
"(Default)" = "euz.xar"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKCR\.cramfs]
"(Default)" = "euz.cramfs"
[HKCR\euz.cab\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCR\euz.lzh\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\euz.arj\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCR\euz.iso\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\.gzip]
"(Default)" = "euz.gzip"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCR\euz.tar\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\euz.cramfs\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKLM\SOFTWARE\Mindspark\EliteUnzip]
"InstallDir" = "%Program Files%\EliteUnzip\"
[HKCR\euz.lzh\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
[HKCR\euz.hfs\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\euz.udf\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\euz.hfs\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elite Unzip]
"Contact" = "Mindspark Interactive Network Support Department"
[HKCR\.bzip2]
"(Default)" = "euz.bzip2"
[HKCR\euz.rpm\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCR\euz.zip\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 BF 41 52 28 25 15 33 AD 5C 32 8D 53 05 E8 98"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\euz.cab\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\.zip]
"(Default)" = "euz.zip"
[HKCR\euz.cpio\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\euz.lzma\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elite Unzip]
"UninstallString" = "%Program Files%\EliteUnzip\uninstall.exe /U:%Program Files%\EliteUnzip\Uninstall\uninstall.xml"
[HKCR\euz.gzip\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\euz.wim\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elite Unzip]
"DisplayName" = "Elite Unzip"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elite Unzip]
"NoModify" = "1"
[HKCR\euz.deb\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCR\euz.bzip2\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\.nsis]
"(Default)" = "euz.nsis"
[HKCR\euz.dmg\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\.cab]
"(Default)" = "euz.cab"
[HKCR\euz.7z\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\.z]
"(Default)" = "euz.z"
[HKCR\.lzh]
"(Default)" = "euz.lzh"
[HKCR\euz.deb\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\euz.7z\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elite Unzip]
"DisplayVersion" = "1.1.7640.260"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKCR\euz.xz\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCR\.lzma]
"(Default)" = "euz.lzma"
[HKCR\euz.rar\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\euz.squashfs\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCR\.arj]
"(Default)" = "euz.arj"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCR\euz.nsis\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCR\euz.z\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\euz.cramfs\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"Fonts" = "%WinDir%\Fonts"
[HKCR\euz.wim\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\euz.xar\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\.rpm]
"(Default)" = "euz.rpm"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elite Unzip]
"URLInfoAbout" = "http://www.mindspark.com"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCR\euz.bzip2\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCR\euz.rar\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCR\euz.dmg\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCR\euz.xar\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCR\.deb]
"(Default)" = "euz.deb"
[HKCR\euz.tar\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKCR\euz.xz\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKCR\.cpio]
"(Default)" = "euz.cpio"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKCR\euz.arj\shell\open\command]
"(Default)" = "%Program Files%\EliteUnzip\EliteUnzip.exe %1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCR\euz.gzip\DefaultIcon]
"(Default)" = "%Program Files%\EliteUnzip\Resources.dll,-101"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKCR\.wim]
"(Default)" = "euz.wim"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elite Unzip]
"NoRepair" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan deletes the following registry key(s):
[HKCR\.zip\CompressedFolder\ShellNew]
[HKCR\.zip\CompressedFolder]
[HKCR\.cab]
[HKCR\.tar\PersistentHandler]
[HKCR\.tar]
[HKCR\.zip\PersistentHandler]
[HKCR\.zip\OpenWithProgids]
[HKCR\.cab\PersistentHandler]
[HKCR\.z\PersistentHandler]
[HKCR\.zip]
[HKCR\.z]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process {52D5ECD1-09BC-4DF8-826D-D7FD4B307BFF}.exe:1624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 99 4A C1 15 66 1A 0F 7F C9 AE 14 E1 CD D2 9C"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0]
"irsetup.exe" = "Setup Application"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Dropped PE files
MD5 | File path |
---|---|
d58926bc8dc9867f8ccb339012fd8e9e | c:\Program Files\EliteUnzip\7z.dll |
ebe9840f13eb7beaca54c3463a6fa3d6 | c:\Program Files\EliteUnzip\DesktopSdk.dll |
5bbdc8efd3c2b3fec24317b3db200942 | c:\Program Files\EliteUnzip\EliteUnzip.exe |
fe11043c7d2cfbfcfa6b2a1f697784e8 | c:\Program Files\EliteUnzip\IAC.Helpers.dll |
c1817f00d0e9d90073a7162e512a26d5 | c:\Program Files\EliteUnzip\LogicNP.FileView.WPF.dll |
033c36ebc80b0e6567b4b81e4582da5b | c:\Program Files\EliteUnzip\LogicNP.FolderView.WPF.dll |
6feb5aaafbebdd5e6945efed7efc29c6 | c:\Program Files\EliteUnzip\LogicNP.ShComboBox.WPF.dll |
b7faf22d20228a13c7833987b8f982c1 | c:\Program Files\EliteUnzip\RebootRequired.exe |
d1f10bc96bb8a5fd0cf825d10612d52b | c:\Program Files\EliteUnzip\Resources.dll |
7e6f84df0ed1f27fa76f0351ad6576b4 | c:\Program Files\EliteUnzip\SevenZipSharp.dll |
99f9f0717836b20ca5a79373e8302489 | c:\Program Files\EliteUnzip\UnifiedLogging.dll |
8c0b6838878f3dd76135f999ddb1c900 | c:\Program Files\EliteUnzip\lua5.1.dll |
6f21a65b40fba1beae08a597cf23935c | c:\Program Files\EliteUnzip\uninstall.exe |
660d435be4a48b8d941e5dcf30ac1974 | c:\Program Files\EliteUnzip_aa\bar\1.bin\APPINTEGRATOR.EXE |
d5d454ca320d6f9128c1e8231d8118c1 | c:\Program Files\EliteUnzip_aa\bar\1.bin\APPINTEGRATORSTUB.DLL |
e5d70d21eb26491111de57256319e340 | c:\Program Files\EliteUnzip_aa\bar\1.bin\ASSISTMONITOR.DLL |
8584203f010ab90bfde264a7c0879413 | c:\Program Files\EliteUnzip_aa\bar\1.bin\ASSISTMONITOR64.DLL |
f68778b356218f4cbfd5c2c19419c0a0 | c:\Program Files\EliteUnzip_aa\bar\1.bin\AppIntegrator64.exe |
755ef214e8e5c2b5736c2e0fac4fe561 | c:\Program Files\EliteUnzip_aa\bar\1.bin\AppIntegratorStub64.dll |
adc32dbe2fa1caae9c213bbfb6b02a9b | c:\Program Files\EliteUnzip_aa\bar\1.bin\CREXT.DLL |
c9fecbc3ec683b4b60cf45ebae9abfcd | c:\Program Files\EliteUnzip_aa\bar\1.bin\CrExtPaa.exe |
5fe1c74f008496c30bbaf7689cd2fb74 | c:\Program Files\EliteUnzip_aa\bar\1.bin\DPNMNGR.DLL |
eb09437e0e2ddd52045904fa59e2b545 | c:\Program Files\EliteUnzip_aa\bar\1.bin\EXEMANAGER.DLL |
196a5d0149f1fb1aa393d4850d46f0c5 | c:\Program Files\EliteUnzip_aa\bar\1.bin\FF-NativeMessagingDispatcher.dll |
629badd33fbba164acff36bc5a932460 | c:\Program Files\EliteUnzip_aa\bar\1.bin\Hpg64.dll |
0bbf7fe7aadec2e303d52f1874a6bf9e | c:\Program Files\EliteUnzip_aa\bar\1.bin\NPaaStub.dll |
fd7ee723718078825bc79e360e4f04d3 | c:\Program Files\EliteUnzip_aa\bar\1.bin\T8EPMSUP.DLL |
5db285aa198bf18c4974c36308cac1d4 | c:\Program Files\EliteUnzip_aa\bar\1.bin\T8EXTEX.DLL |
929d9ac6f8685c3d4a7124d8ec1aa485 | c:\Program Files\EliteUnzip_aa\bar\1.bin\T8EXTPEX.DLL |
edf1686c822889284c49fceaf35f55ec | c:\Program Files\EliteUnzip_aa\bar\1.bin\T8HTML.DLL |
bc195d2ab748b7da8fb86710ef65dc32 | c:\Program Files\EliteUnzip_aa\bar\1.bin\T8RES.DLL |
888774ec0b5329e16b1d525c2a855801 | c:\Program Files\EliteUnzip_aa\bar\1.bin\T8TICKER.DLL |
215b59978f0ba9f33906b11b50ec231f | c:\Program Files\EliteUnzip_aa\bar\1.bin\TPIMANAGERCONSOLE.EXE |
738237d7f25abb8874ab383e04cc8d61 | c:\Program Files\EliteUnzip_aa\bar\1.bin\UNIFIEDLOGGING.DLL |
2cd291d761752e1abf80f05e0199a907 | c:\Program Files\EliteUnzip_aa\bar\1.bin\VERIFY.DLL |
bf28f98daf8826b65923273d3e406930 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaPlugin.dll |
31f0fd888f41c6e4b05a8a26a6257bbb | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaSrcAs.dll |
466af3fbfdd028b3d90238425c367b7e | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaSrchMn.exe |
bef81913920b66f99cce1b8b94d2335d | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaauxstb.dll |
a842b26aee3d1312bda37096c8490b39 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaauxstb64.dll |
96a060cf33a2c42617cf13224a47db07 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aabar.dll |
54d6bc524f1fb026d6eb569581e38885 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aabarsvc.exe |
eb8ced3dac43ca1bf66d78481df2a8f1 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aabprtct.dll |
2c0a45683112082493b1fb3c09c60184 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aabrmon.exe |
4ba7d9e73d47039bd34396ceb679318f | c:\Program Files\EliteUnzip_aa\bar\1.bin\aabrmon64.exe |
e46963ec2bc3d0ed27a61f0697544196 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aabrstub.dll |
f04c0efeafa8302e5b52d13cb0916ed3 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aabrstub64.dll |
5fea0081f2bf39ac0bef44e86b52c4dc | c:\Program Files\EliteUnzip_aa\bar\1.bin\aadatact.dll |
9c59c1140075060c08e93b39c0ed94b4 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aadlghk.dll |
b8efb8d32dc96ed0d473dcd3a5e58ed8 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aadlghk64.dll |
a738286620be77bec9ca13b389864d96 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aafeedmg.dll |
aa82a2d20c3525f0b850ec67dab2a448 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aahighin.exe |
e0d399dfb42ca6a24c40b4d38d0db3a3 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aahkstub.dll |
4c7b28b8ae8013d8359f2d0a316e5d3e | c:\Program Files\EliteUnzip_aa\bar\1.bin\aahtmlmu.dll |
ebbf5d6394bed262727f72dc321789c2 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aahttpct.dll |
97190b606220d99b1f2c1dc8be34ad90 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaidle.dll |
aedf3f97b88562ce2d5128c9422718c1 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaieovr.dll |
bb601f008cda03b0cdc8188d084d9960 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aamedint.exe |
212f000542b3526744f6444cddf66c33 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aamlbtn.dll |
99314afe1aa7f154766c7b10b1b7e90d | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaradio.dll |
05e7f2c19ae83dd990a6960a19755752 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaregfft.dll |
b92c71d0ba7098f565520266e6b987d9 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aareghk.dll |
b927852e2e860edbc4d2ec2b436cfaba | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaregiet.dll |
74376b99e024766343eb5c18dd06040a | c:\Program Files\EliteUnzip_aa\bar\1.bin\aascript.dll |
2fd72a0a4fc75b4371f22252e443b245 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaskin.dll |
f59ea63eaa060998c359fcbfdbc8c7d7 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aaskplay.exe |
9f1f27aaedca28c35f7ec1484c53b6e5 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aasrchmr.dll |
cf0646bb879911192c833e314e0afc57 | c:\Program Files\EliteUnzip_aa\bar\1.bin\aatpinst.dll |
0e57218f3c13b9cc91a0869a064176e8 | c:\Program Files\EliteUnzip_aa\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL |
c895957b79fbd05f9c580666c4def142 | c:\Program Files\EliteUnzip_aa\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL |
fe0e9832decb6f345555837972eb244b | c:\Program Files\EliteUnzip_aa\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
aabrmon.exe:1992
TPIManagerConsole.exe:212
aabarsvc.exe:1572
aabarsvc.exe:1060
aabarsvc.exe:1624
000004ccT8SETUP.EXE:1016
aasrchmn.exe:1644
aaHighIn.exe:2044
ngen.exe:1712
%original file name%.exe:1228
AppIntegrator.exe:320
AppIntegrator.exe:1636
irsetup.exe:1496
{52D5ECD1-09BC-4DF8-826D-D7FD4B307BFF}.exe:1624 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (135 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\{52D5ECD1-09BC-4DF8-826D-D7FD4B307BFF}.exe (1300925 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaskin.dll (202 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\BOOTSTRAP.JS (20 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aareghk.dll (75 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\CREXT.DLL (7386 bytes)
%System%\config\system (2812 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\installKeys.js (207 bytes)
%Program Files%\EliteUnzip_aa\bar\gen1\COMMON.T8S (1 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8EXTEX.DLL (98 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML (491 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\ASSISTMONITOR64.DLL (1633 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\VERIFY.DLL (66 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabrmon64.exe (71 bytes)
%Program Files%\EliteUnzip_aa\bar\IE9Mesg\COMMON.T8S (1727 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaieovr.dll (73 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
%Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (20 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8RES.DLL (196 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL (15 bytes)
%Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\INSTALL.RDF (2 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aamlbtn.dll (96 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aamedint.exe (12 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\Hpg64.dll (1719 bytes)
%Program Files%\EliteUnzip_aa\bar\Settings\s_pid.dat (8 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\EXEMANAGER.DLL (1767 bytes)
%System%\config\SOFTWARE.LOG (46153 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaSrchMn.exe (55 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaSrcAs.dll (139 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaidle.dll (61 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8EXTPEX.DLL (104 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aasrchmr.dll (83 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaskplay.exe (55 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (6408 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\ASSISTMONITOR.DLL (303 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aadlghk64.dll (119 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabrstub64.dll (74 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\LOGO.BMP (10 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\NPaaStub.dll (48 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\FF-NativeMessagingDispatcher.dll (250 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\CHROME.MANIFEST (1 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaauxstb64.dll (65 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8TICKER.DLL (168 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\APPINTEGRATOR.EXE (1702 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\UNIFIEDLOGGING.DLL (316 bytes)
%System%\config\SYSTEM.LOG (4793 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\AppIntegratorStub64.dll (290 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aadatact.dll (160 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabar.dll (6313 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aatpinst.dll (179 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\TPIMANAGERCONSOLE.EXE (78 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8HTML.DLL (188 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabrstub.dll (63 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaregfft.dll (81 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabarsvc.exe (88 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\DPNMNGR.DLL (289 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaradio.dll (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (1564 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabprtct.dll (115 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\chrome\aaffxtbr.jar (1829 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aahkstub.dll (59 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\AppIntegrator64.exe (1766 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL (17 bytes)
%Program Files%\EliteUnzip_aa\bar\Message\COMMON.T8S (103 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE (206 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aahttpct.dll (144 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aafeedmg.dll (139 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aabrmon.exe (61 bytes)
%System%\config\software (37236 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\APPINTEGRATORSTUB.DLL (250 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaauxstb.dll (55 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaregiet.dll (83 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1896 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aaPlugin.dll (108 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\CrExtPaa.exe (7972 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\T8EPMSUP.DLL (77 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aascript.dll (100 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aadlghk.dll (101 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aahighin.exe (12 bytes)
%Program Files%\EliteUnzip_aa\bar\1.bin\aahtmlmu.dll (202 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\ngen.log (1314 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000004ccT8SETUP.EXE (212337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000004ccT8SETUP.EX_ (42363 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\ngen_service.log (514 bytes)
%Program Files%\EliteUnzip\EliteUnzip.exe (11099 bytes)
%Program Files%\EliteUnzip\7z.dll (12594 bytes)
%Program Files%\EliteUnzip\Uninstall\uninstall.xml (1202 bytes)
%Program Files%\EliteUnzip\Uninstall\uni1.tmp (13069 bytes)
%Program Files%\EliteUnzip\RebootRequired.exe (1137 bytes)
%Program Files%\EliteUnzip\LogicNP.FolderView.WPF.dll (4440 bytes)
%Program Files%\EliteUnzip\IAC.Helpers.dll (1137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1209 bytes)
%Program Files%\EliteUnzip\Uninstall\IRIMG1.PNG (3 bytes)
%Program Files%\EliteUnzip\Resources.dll (22 bytes)
%Program Files%\EliteUnzip\LogicNP.ShComboBox.WPF.dll (1209 bytes)
%Program Files%\EliteUnzip\DesktopSdk.dll (1209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Elite Unzip Setup Log.txt (4229 bytes)
%Program Files%\EliteUnzip\Uninstall\EUZExt.cfg (1 bytes)
%Program Files%\EliteUnzip\EliteUnzip.exe.config (2 bytes)
%Program Files%\EliteUnzip\UnifiedLogging.dll (1137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.PNG (3 bytes)
%Program Files%\EliteUnzip\uninstall.exe (9213 bytes)
%Program Files%\EliteUnzip\Uninstall\uninstall.dat (2784 bytes)
%Program Files%\EliteUnzip\LogicNP.FileView.WPF.dll (4753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\EUZExt.cfg (1 bytes)
%Program Files%\EliteUnzip\SevenZipSharp.dll (1209 bytes)
%Program Files%\EliteUnzip\lua5.1.dll (2902 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Elite Unzip\Elite Unzip.lnk (1 bytes)
%Documents and Settings%\%current user%\Desktop\Elite Unzip.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7386 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elite Unzip" = "rundll32 C:\PROGRA~1\ELITEU~1\bar\1.bin\aabar.dll,S"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elite Unzip Search Scope Monitor" = "C:\PROGRA~1\ELITEU~1\bar\1.bin\aasrchmn.exe /m=2 /w /h"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elite Unzip Home Page Guard 32 bit" = "C:\PROGRA~1\ELITEU~1\bar\1.bin\AppIntegrator.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EliteUnzip_aa Browser Plugin Loader" = "C:\PROGRA~1\ELITEU~1\bar\1.bin\aabrmon.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: Elite Unzip
Product Name: Elite Unzip
Product Version: 2, 0, 5, 6
Legal Copyright: Copyright (c) 2009 - 2014
Legal Trademarks:
Original Filename: aaSetup.exe
Internal Name: aaSetup
File Version: 2, 0, 5, 6
File Description: Elite Unzip
Comments:
Language: Language Neutral
Company Name: Elite UnzipProduct Name: Elite UnzipProduct Version: 2, 0, 5, 6Legal Copyright: Copyright (c) 2009 - 2014Legal Trademarks: Original Filename: aaSetup.exeInternal Name: aaSetupFile Version: 2, 0, 5, 6File Description: Elite UnzipComments: Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 9526 | 12288 | 3.73248 | 23e1e31f199faca739ebf0e2fc51fc03 |
.rdata | 16384 | 8916 | 12288 | 1.87031 | e026d6ddde6c7f486113980b2ae1393d |
.data | 28672 | 3166 | 4096 | 1.64687 | 4fa0c8b713328c72f3e9996beacda798 |
.rsrc | 32768 | 6031864 | 6033408 | 5.54386 | 05251210d46b1ea24a9d23cd715cad22 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://a1711.g2.akamai.net/images/nocache/vicinio/executable-packages/EliteUnzip/1404743677501/EliteUnzipSetup.exe | |
hxxp://e6845.ce.akamaiedge.net/pca3-g5.crl | |
hxxp://e6845.ce.akamaiedge.net/CSC3-2010.crl | |
hxxp://e6845.ce.akamaiedge.net/ThawteTimestampingCA.crl | |
hxxp://e6845.ce.akamaiedge.net/tss-ca-g2.crl | |
hxxp://www187.mindspark.com/xt8a.gif?installationResult=Success&dotNetVersionInstalled=&dotNetExistingVersion=4.0.30319&product=Elite Unzip&anxe=Install&osDetail=5.1&defaultBrowser=IEXPLORE.EXE&anxd=2014-06-26&anxv=1.0.7640.260&anxa=ProductInstaller&osArchitecture=32 | |
hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl | 23.7.69.163 |
hxxp://ts-crl.ws.symantec.com/tss-ca-g2.crl | 23.7.69.163 |
hxxp://crl.verisign.com/pca3-g5.crl | 23.7.69.163 |
hxxp://anx.mindspark.com/xt8a.gif?installationResult=Success&dotNetVersionInstalled=&dotNetExistingVersion=4.0.30319&product=Elite Unzip&anxe=Install&osDetail=5.1&defaultBrowser=IEXPLORE.EXE&anxd=2014-06-26&anxv=1.0.7640.260&anxa=ProductInstaller&osArchitecture=32 | 74.113.233.187 |
hxxp://ak.dl.eliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1404743677501/EliteUnzipSetup.exe | 205.237.69.83 |
hxxp://crl.thawte.com/ThawteTimestampingCA.crl | 23.7.69.163 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /tss-ca-g2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: ts-crl.ws.symantec.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "947a82ee087ddc8b7aa42ce05ddc4af0:1409433393"
Last-Modified: Sat, 30 Aug 2014 21:16:33 GMT
Date: Sun, 31 Aug 2014 04:35:06 GMT
Content-Length: 477
Connection: keep-alive
Content-Type: application/pkix-crl
0...0.....0...*.H........0^1.0...U....US1.0...U....Symantec Corporation100...U...'Symantec Time Stamping Services CA - G2..140830210109Z..140909210109Z.00.0...U.#..0..._..n\..t...}.?..L...0...U.......$0...*.H.............X=[d|.W0....;.n..#...B..9d...".Bb..[..g....>B.ZV.......^...?.....5.r..u ..}}.bs5~r.>..O.Zn..dO.4...O2S.6H.P#....l9.%T;}.R...<.$Fx.\|........~..53..~cE.... E..2......zT../..)(..x.*..t..B0.7..)..^6h]B....T..&..fYQ.X..%...r.....o.5V.a}.H.8./..YT.B..V `K....s.HTTP/1.1 200 OK..Server: Apache..ETag: "947a82ee087ddc8b7aa42ce05ddc4af0:1409433393"..Last-Modified: Sat, 30 Aug 2014 21:16:33 GMT..Date: Sun, 31 Aug 2014 04:35:06 GMT..Content-Length: 477..Connection: keep-alive..Content-Type: application/pkix-crl..0...0.....0...*.H........0^1.0...U....US1.0...U....Symantec Corporation100...U...'Symantec Time Stamping Services CA - G2..140830210109Z..140909210109Z.00.0...U.#..0..._..n\..t...}.?..L...0...U.......$0...*.H.............X=[d|.W0....;.n..#...B..9d...".Bb..[..g....>B.ZV.......^...?.....5.r..u ..}}.bs5~r.>..O.Zn..dO.4...O2S.6H.P#....l9.%T;}.R...<.$Fx.\|........~..53..~cE.... E..2......zT../..)(..x.*..t..B0.7..)..^6h]B....T..&..fYQ.X..%...r.....o.5V.a}.H.8./..YT.B..V `K....s...
GET /images/nocache/vicinio/executable-packages/EliteUnzip/1404743677501/EliteUnzipSetup.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ak.dl.eliteunzip.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 07 Jul 2014 14:34:41 GMT
ETag: "9ac77c-3f7720-4fd9b602519b5"
Accept-Ranges: bytes
Content-Length: 4159264
Cache-Control: max-age=310643986
Expires: Sat 02 Apr 1977 17:15:00 GMT
Pragma: no-cache
Content-Type: application/x-msdownload
Date: Sun, 31 Aug 2014 04:34:55 GMT
Connection: keep-alive
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2...\...\...\..'....\..'....\.......\...]...\..'....\..'....\..'....\.Rich..\.........PE..L......R.................X...........).......p....@..........................P.......i@...@.................................<...d........n...........]?.`....0..........................................@............p..x............................text....W.......X.................. ..`.rdata.......p...0...\..............@..@.data...h...........................@....rsrc....n.......p..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................................................U...X......... .@.3..E.SVW.}.3.h....S....@...dq@.P..hq@........`........V......SP.......Pp@....W..;.}.W......P...p@.3.h..........WP..............9=..@.......3.F...@..4.......P...p@......./ub......<Tt"<Wt.<tt.<wuL......P.....u>.......6......P.....~(......:u....~....P......P......P........j.h.q@.j.......PVj....p@....u..5..@.G;=..@...O.................F...1w........u.j.h.q@.......Pj...lq@........u....M._..^3.[.........V..W3.h..........WP...q@...0.....8.....<.....@.....D....A..............H
<<< skipped >>>
GET /xt8a.gif?installationResult=Success&dotNetVersionInstalled=&dotNetExistingVersion=4.0.30319&product=Elite Unzip&anxe=Install&osDetail=5.1&defaultBrowser=IEXPLORE.EXE&anxd=2014-06-26&anxv=1.0.7640.260&anxa=ProductInstaller&osArchitecture=32 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Setup Factory 8.0
Host: anx.mindspark.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.0.10
Date: Sun, 31 Aug 2014 04:35:08 GMT
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Cache-Control: max-age=0
GET /CSC3-2010.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2010-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "a67638498e601f230154178c8a28c7ec:1409432713"
Last-Modified: Sat, 30 Aug 2014 21:05:13 GMT
Date: Sun, 31 Aug 2014 04:35:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0....0.......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA..140830210004Z..140913210004Z0....0!.....S.@.k....6..c..140730092631Z0!....c..k....D.k.....120708062201Z0!... _...u.t.=.<.&...130218061114Z0!...&..].....P.k.:...120125130117Z0!...7P.x....8.Q...s..130227010252Z0!...J.....Q..Y.[.....110404153956Z0!...d...=..q!_...g9..130729145216Z0!...d....Y.......o...140711083257Z0!...l.....h2<.H......120329152211Z0!...q.9...`H.*.Y.C...120525202212Z0!...s...TM.......0...121221080842Z0!...t..,.. ...eL.....130314222305Z0!...y..r.HW.v.....w..140423054643Z0!..../u.......A..5...101214165045Z0!.....0.Xc...%...iM..121102230226Z0!.......S.a&.X5t.E]..111206083350Z0!....c.(....B.[M83...140108164517Z0!....A.Sv.....f,.....110609003155Z0!.....z......!.ID{]..101228182208Z0!....b^......{d.J'...130102154110Z0!.......n........'u..140521222808Z0!......0..........I..130912181631Z0!....6e...~..T.......130131012247Z0!.....|.....t.l.o....140827175301Z0!.........bD#*u......130226223939Z0!.......@..'$.).;}\..130121172259Z0!....7.v..........n..120724160733Z0!....P;.Y..d...c.(...120209181451Z0!.....].bb[.....!....140328205453Z0!.....a...L`..IV.....130402103508Z0!......fFW.z.....@T..130117000242Z0!...........].{7.....120730000000Z0!...".......Z.V.,.e..121031192224Z0!...'....[.1......g..130318195659Z0!...,GI.jH.|...J.....120518121623Z0!...<%a.=.d.......O..120424164254Z0!...@.....
<<< skipped >>>
GET /pca3-g5.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "dad74562eea63e24f12699a6f02c517d:1403752510"
Last-Modified: Thu, 26 Jun 2014 03:15:10 GMT
Accept-Ranges: bytes
Content-Length: 533
Date: Sun, 31 Aug 2014 04:35:04 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..140617000000Z..140930235959Z0...*.H.............Z.....{.......iV}.pm@..]...q....MT.....c.......[....?....zZ.....,. P.~........*.'.....,......Y..!..s$..;.v..y<.................gf.? ...9#...........O"5u....q1`.H....3...>.....l9g.X..i7.b.N]..<....@....j.IO..V.oU_v2X....kf.q.......oq.j.e?v..o.l..Y.......!..HTTP/1.1 200 OK..Server: Apache..ETag: "dad74562eea63e24f12699a6f02c517d:1403752510"..Last-Modified: Thu, 26 Jun 2014 03:15:10 GMT..Accept-Ranges: bytes..Content-Length: 533..Date: Sun, 31 Aug 2014 04:35:04 GMT..Connection: keep-alive..Content-Type: application/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..140617000000Z..140930235959Z0...*.H.............Z.....{.......iV}.pm@..]...q....MT.....c.......[....?....zZ.....,. P.~........*.'.....,......Y..!..s$..;.v..y<.................gf.? ...9#...........O"5u....q1`.H....3...>.....l9g.X..i7.b.N]..<....@....j.IO..V.oU_v2X....kf.q.......oq.j.e?v..o.l..Y.......!....
<<< skipped >>>
GET /ThawteTimestampingCA.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.thawte.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "67d0ac3389aba998bf71f5ac72d60648:1403244909"
Last-Modified: Fri, 20 Jun 2014 06:15:09 GMT
Accept-Ranges: bytes
Content-Length: 341
Date: Sun, 31 Aug 2014 04:35:05 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0..Q0..0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA..140617000000Z..140930235959Z0...*.H...............pe..y.....$.{_... .}["....`4..>p}.........e..*?AC..kVA..$..l.j}......Z.&.]V.7.G}..=.G.xm'M.{......;...~...... ^.....caK.Hq..kHTTP/1.1 200 OK..Server: Apache..ETag: "67d0ac3389aba998bf71f5ac72d60648:1403244909"..Last-Modified: Fri, 20 Jun 2014 06:15:09 GMT..Accept-Ranges: bytes..Content-Length: 341..Date: Sun, 31 Aug 2014 04:35:05 GMT..Connection: keep-alive..Content-Type: application/pkix-crl..0..Q0..0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA..140617000000Z..140930235959Z0...*.H...............pe..y.....$.{_... .}["....`4..>p}.........e..*?AC..kVA..$..l.j}......Z.&.]V.7.G}..=.G.xm'M.{......;...~...... ^.....caK.Hq..k..
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
AppIntegrator.exe_1636:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
QWQj.QPQh
QWQj.QPQh
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
portuguese-brazilian
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
operator
operator
GetProcessWindowStation
GetProcessWindowStation
SHELL32.dll
SHELL32.dll
MaxPolicyElementKey
MaxPolicyElementKey
AppIntegrator.cpp
AppIntegrator.cpp
IAC::AppIntegrator::Application::SetupWindowsHook
IAC::AppIntegrator::Application::SetupWindowsHook
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\SDKs\boost1.46.1\boost/exception/detail/exception_ptr.hpp
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\SDKs\boost1.46.1\boost/exception/detail/exception_ptr.hpp
()$^.* ?[]|\-{},:=!
()$^.* ?[]|\-{},:=!
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\AppIntegrator.pdb
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\AppIntegrator.pdb
KERNEL32.dll
KERNEL32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
SetWindowsHookExW
SetWindowsHookExW
UnhookWindowsHookEx
UnhookWindowsHookEx
USER32.dll
USER32.dll
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
USERENV.dll
USERENV.dll
VERSION.dll
VERSION.dll
GetCPInfo
GetCPInfo
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
SHLWAPI.dll
SHLWAPI.dll
.?AV?$bind_t@V?$vector@V?$basic_option@D@program_options@boost@@V?$allocator@V?$basic_option@D@program_options@boost@@@std@@@std@@V?$mf1@V?$vector@V?$basic_option@D@program_options@boost@@V?$allocator@V?$basic_option@D@program_options@boost@@@std@@@std@@Vcmdline@detail@program_options@boost@@AAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@_mfi@boost@@V?$list2@V?$value@PAVcmdline@detail@program_options@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@5@@_bi@boost@@
.?AV?$bind_t@V?$vector@V?$basic_option@D@program_options@boost@@V?$allocator@V?$basic_option@D@program_options@boost@@@std@@@std@@V?$mf1@V?$vector@V?$basic_option@D@program_options@boost@@V?$allocator@V?$basic_option@D@program_options@boost@@@std@@@std@@Vcmdline@detail@program_options@boost@@AAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@_mfi@boost@@V?$list2@V?$value@PAVcmdline@detail@program_options@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@5@@_bi@boost@@
zcÃ
zcÃ
.?AV?$_Impl_no_alloc2@U?$_Callable_obj@V@?A0x74a94c0a@AppIntegrator@IAC@@$0A@@tr1@std@@_NABVCRegKey@ATL@@PB_W@tr1@std@@
.?AV?$_Impl_no_alloc2@U?$_Callable_obj@V@?A0x74a94c0a@AppIntegrator@IAC@@$0A@@tr1@std@@_NABVCRegKey@ATL@@PB_W@tr1@std@@
.?AV?$_Impl_base2@_NABVCRegKey@ATL@@PB_W@tr1@std@@
.?AV?$_Impl_base2@_NABVCRegKey@ATL@@PB_W@tr1@std@@
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
5(5,50545
5(5,50545
;#
;#
3%4X4
3%4X4
3&4.464>4~4
3&4.464>4~4
0%1U1z1
0%1U1z1
4%5S5
4%5S5
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
nKERNEL32.DLL
nKERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
e\AppIntegratorStub.dll
e\AppIntegratorStub.dll
Error calling SetWindowsHookEx
Error calling SetWindowsHookEx
Error: %S
Error: %S
Error: 0x%0x
Error: 0x%0x
\StringFileInfo\XX\OriginalFilename
\StringFileInfo\XX\OriginalFilename
TraceLog.cfg
TraceLog.cfg
@^(. ?)\=(. ?)$
@^(. ?)\=(. ?)$
).csv
).csv
t8res.dll
t8res.dll
.ExecutableToIntegratorSharedMemory
.ExecutableToIntegratorSharedMemory
C:\PROGRA~1\ELITEU~1\bar\1.bin\AppIntegrator.exe
C:\PROGRA~1\ELITEU~1\bar\1.bin\AppIntegrator.exe
C:\PROGRA~1\ELITEU~1\bar\1.bin
C:\PROGRA~1\ELITEU~1\bar\1.bin
1.0.7.183
1.0.7.183
AppIntegrator64.exe
AppIntegrator64.exe
aabrmon.exe_1992:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
operator
operator
GetProcessWindowStation
GetProcessWindowStation
SetProcessShutdownParameters
SetProcessShutdownParameters
t8res.dll
t8res.dll
brstub.dll
brstub.dll
9E107788-A2C8-4ff7-A5E6-8052455B4AED
9E107788-A2C8-4ff7-A5E6-8052455B4AED
19D1D781-6DA9-4781-BC16-9017E355E2F9
19D1D781-6DA9-4781-BC16-9017E355E2F9
67DE0C3F-8D3D-4347-808F-D4CE05C7A6B8
67DE0C3F-8D3D-4347-808F-D4CE05C7A6B8
advapi32.dll
advapi32.dll
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\t8brmon.pdb
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\t8brmon.pdb
KERNEL32.dll
KERNEL32.dll
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
GetCPInfo
GetCPInfo
C:\PROGRA~1\ELITEU~1\bar\1.bin\aabrmon.exe
C:\PROGRA~1\ELITEU~1\bar\1.bin\aabrmon.exe
C:\PROGRA~1\ELITEU~1\bar\1.bin\t8res.dll
C:\PROGRA~1\ELITEU~1\bar\1.bin\t8res.dll
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
KERNEL32.DLL
KERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
kernel32.dll
kernel32.dll
VER_EXE_FILENAME
VER_EXE_FILENAME
VER_EXE_FILENAME.exe
VER_EXE_FILENAME.exe
aaHighIn.exe_2044:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SHLWAPI.dll
SHLWAPI.dll
KERNEL32.dll
KERNEL32.dll
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\t8HighIn.pdb
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\t8HighIn.pdb
t8HighIn.exe
t8HighIn.exe
mscorsvw.exe_252:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
EX_CATCH line %d
EX_CATCH line %d
CACHE_S_FORMATETC_NOTSUPPORTED
CACHE_S_FORMATETC_NOTSUPPORTED
CTL_E_GETNOTSUPPORTEDATRUNTIME
CTL_E_GETNOTSUPPORTEDATRUNTIME
CTL_E_GETNOTSUPPORTED
CTL_E_GETNOTSUPPORTED
CTL_E_SETNOTSUPPORTEDATRUNTIME
CTL_E_SETNOTSUPPORTEDATRUNTIME
CTL_E_SETNOTSUPPORTED
CTL_E_SETNOTSUPPORTED
CO_E_SERVER_EXEC_FAILURE
CO_E_SERVER_EXEC_FAILURE
MK_E_INTERMEDIATEINTERFACENOTSUPPORTED
MK_E_INTERMEDIATEINTERFACENOTSUPPORTED
REGDB_E_KEYMISSING
REGDB_E_KEYMISSING
OLE_E_ADVISENOTSUPPORTED
OLE_E_ADVISENOTSUPPORTED
CO_E_INIT_SCM_EXEC_FAILURE
CO_E_INIT_SCM_EXEC_FAILURE
EX_THROW Type = 0x%x HR = 0x%x, line %d
EX_THROW Type = 0x%x HR = 0x%x, line %d
ThrowHR: HR = %x
ThrowHR: HR = %x
mscorsvw.pdb
mscorsvw.pdb
_amsg_exit
_amsg_exit
_acmdln
_acmdln
MSVCR100_CLR0400.dll
MSVCR100_CLR0400.dll
_crt_debugger_hook
_crt_debugger_hook
RegCloseKey
RegCloseKey
RegQueryInfoKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExW
ADVAPI32.dll
ADVAPI32.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
GetCPInfo
GetCPInfo
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
USER32.dll
USER32.dll
mscoree.dll
mscoree.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
.PAVException@@
.PAVException@@
v1.0.3705
v1.0.3705
.PAVOutOfMemoryException@@
.PAVOutOfMemoryException@@
.PAVHRException@@
.PAVHRException@@
7 7$7(7,7074787
7 7$7(7,7074787
6$6,686\6|6
6$6,686\6|6
advapi32.dll
advapi32.dll
Wtsapi32.dll
Wtsapi32.dll
kernel32.dll
kernel32.dll
mscorsvc.dll
mscorsvc.dll
Microsoft .NET Runtime Optimization Service
Microsoft .NET Runtime Optimization Service
Microsoft .NET Runtime Optimization Service has been uninstalled
Microsoft .NET Runtime Optimization Service has been uninstalled
Failed to uninstall Microsoft .NET Runtime Optimization Service
Failed to uninstall Microsoft .NET Runtime Optimization Service
Microsoft .NET Runtime Optimization Service has been installed
Microsoft .NET Runtime Optimization Service has been installed
Failed to install Microsoft .NET Runtime Optimization Service
Failed to install Microsoft .NET Runtime Optimization Service
Failed to retrieve Microsoft .NET Runtime Optimization Service interface
Failed to retrieve Microsoft .NET Runtime Optimization Service interface
Set service status to %d
Set service status to %d
Service control handler op %u, event type %u
Service control handler op %u, event type %u
\ndpsetup.bat
\ndpsetup.bat
Created repair process in session %d, process ID %d
Created repair process in session %d, process ID %d
Unable to create repair process, error %d
Unable to create repair process, error %d
Microsoft.NET\NETFXRepair.exe
Microsoft.NET\NETFXRepair.exe
Error changing token session ID, error %d
Error changing token session ID, error %d
Error duplicating current process token, error %d
Error duplicating current process token, error %d
Error getting current process token, error %d
Error getting current process token, error %d
Session %u has become active.
Session %u has become active.
Aborting repair due to unexpected wait status %u
Aborting repair due to unexpected wait status %u
Found active session %u
Found active session %u
Aborting repair due to error %u from WTSEnumerateSessions
Aborting repair due to error %u from WTSEnumerateSessions
StartServiceCtrlDispatcher failed with error %d. Will try slow path
StartServiceCtrlDispatcher failed with error %d. Will try slow path
\fusion.localgac
\fusion.localgac
\v2.0.50727
\v2.0.50727
SOFTWARE\Microsoft\.NetFramework
SOFTWARE\Microsoft\.NetFramework
v4.0.0
v4.0.0
SOFTWARE\Microsoft\.NETFramework\NGenQueueMSI\WIN32\Default
SOFTWARE\Microsoft\.NETFramework\NGenQueueMSI\WIN32\Default
SOFTWARE\Microsoft\.NETFramework\NGenQueue\WIN32\Default
SOFTWARE\Microsoft\.NETFramework\NGenQueue\WIN32\Default
ngenrootstorelock.dat
ngenrootstorelock.dat
ngenservicelock.dat
ngenservicelock.dat
FastStartupCheck(isPrivateRuntime=%d)
FastStartupCheck(isPrivateRuntime=%d)
yKERNEL32.DLL
yKERNEL32.DLL
Software\Microsoft\.NETFramework
Software\Microsoft\.NETFramework
RestrictedGCStressExe
RestrictedGCStressExe
EnableInternetHREFexes
EnableInternetHREFexes
NGENServiceWaitPassiveWork
NGENServiceWaitPassiveWork
NGENServicePassiveWorkWaitTimeout
NGENServicePassiveWorkWaitTimeout
NGENServicePassiveHardDiskIdleTimeout
NGENServicePassiveHardDiskIdleTimeout
NGENServicePassiveExceptInputTimeout
NGENServicePassiveExceptInputTimeout
MD_ForceNoColDesSharing
MD_ForceNoColDesSharing
UNSUPPORTED_DbgDontResumeThreadsOnUnhandledException
UNSUPPORTED_DbgDontResumeThreadsOnUnhandledException
DbgTransportProxyAddress
DbgTransportProxyAddress
DbgRedirectCreateCmd
DbgRedirectCreateCmd
DbgRedirectCommonCmd
DbgRedirectCommonCmd
DbgRedirectAttachCmd
DbgRedirectAttachCmd
mscorrc.dll
mscorrc.dll
v4.0.30319
v4.0.30319
.NET Runtime Optimization Service
.NET Runtime Optimization Service
4.0.30319.1 (RTMRel.030319-0100)
4.0.30319.1 (RTMRel.030319-0100)
mscorsvw.exe
mscorsvw.exe
.NET Framework
.NET Framework
4.0.30319.1
4.0.30319.1