FOR USERS

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Trojan.Siggen10.37042

Added to the Dr.Web virus database: 2020-10-13

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.kz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.055\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.055\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.056\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.056\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.057\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.057\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.058\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.058\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.059\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.059\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.060\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.045\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.060\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.061\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.062\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.062\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.063\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.063\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.064\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.064\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.065\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.065\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.066\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.066\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.067\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.053\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.061\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.054\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.054\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.053\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.052\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.039\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.039\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.040\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.040\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.041\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.041\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.042\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.042\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.043\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.043\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.044\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.067\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.044\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.037\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.045\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.046\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.047\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.047\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.048\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.048\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.049\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.049\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.050\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.050\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.051\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.051\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.038\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.052\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.046\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.038\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.068\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.070\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.086\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.086\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.087\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.087\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.088\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.088\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.089\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.089\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.090\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.090\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.091\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.091\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.084\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.092\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.093\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.093\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.094\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.094\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.095\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.095\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.096\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.096\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.097\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.097\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.098\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.098\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.085\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.085\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.084\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.083\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.013\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.070\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.071\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.071\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.072\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.072\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.073\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.073\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.074\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.074\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.075\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.075\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.068\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.069\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.069\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.076\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.078\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.078\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.079\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.079\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.080\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.080\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.081\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.081\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.082\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.082\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.083\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.076\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.077\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.077\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.037\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.036\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.036\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.tbz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.01\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.01\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.02\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.02\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.03\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.03\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.04\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.04\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.05\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.05\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.06\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.004\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.06\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.07\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.08\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.08\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.09\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.09\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.001\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.001\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.002\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.002\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.003\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.003\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.tgz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.gz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.tbz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.gz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.rpm\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.kz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.zip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.cab\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.cab\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.arj\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.arj\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.lzh\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.lzh\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.gzip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.gzip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.tar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.tar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.004\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.wim\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.07\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.rar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.7z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.7z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.bz2\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.bz2\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.jar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.jar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.mou\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.mou\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.rpm\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.wim\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.zip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.rar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.tgz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.005\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.022\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.023\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.023\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.024\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.024\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.025\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.025\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.026\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.026\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.027\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.027\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.028\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.021\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.005\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.022\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.028\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.030\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.031\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.031\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.032\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.032\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.033\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.033\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.034\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.034\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.035\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.035\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.029\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.029\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.030\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.092\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.099\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.020\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.006\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.007\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.007\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.008\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.008\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.009\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.009\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.010\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.010\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.011\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.011\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.012\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.020\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.021\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.012\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.014\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.014\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.015\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.015\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.016\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.016\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.017\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.017\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.018\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.018\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.019\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.019\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.006\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.013\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.099\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
Creates or modifies the following files
  • %WINDIR%\tasks\kuaizip_update.job
  • <SYSTEM32>\tasks\kuaizip_update
Sets the following service settings
  • [<HKLM>\System\CurrentControlSet\Services\KuaiZipDrive] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\KuaiZipDrive] 'ImagePath' = '%APPDATA%\快压\X64\KuaiZipDrive.sys'
  • [<HKLM>\System\CurrentControlSet\Services\KuaizipUpdateChecker] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\KuaizipUpdateChecker] 'ImagePath' = '<SYSTEM32>\svchost.exe -k kuaizipupdatesvc'
  • [<HKLM>\SYSTEM\CurrentControlSet\Services\KuaizipUpdateChecker\Parameters] 'ServiceDll' = '%APPDATA%\快压\X86\kuaizipUpdateChecker.dll'
  • [<HKLM>\System\CurrentControlSet\Services\DiCengJiaSu] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\DiCengJiaSu] 'ImagePath' = '<SYSTEM32>\svchost.exe -k DiCengJiaSu'
  • [<HKLM>\SYSTEM\CurrentControlSet\Services\DiCengJiaSu\Parameters] 'ServiceDll' = '%APPDATA%\Avatder\DiCengJiaSu64.dll'
Creates the following services
  • 'KuaiZipDrive' %APPDATA%\快压\X64\KuaiZipDrive.sys
  • 'KuaizipUpdateChecker' <SYSTEM32>\svchost.exe -k kuaizipupdatesvc
  • 'DiCengJiaSu' <SYSTEM32>\svchost.exe -k DiCengJiaSu
Malicious functions
Searches for windows to
detect programs and games:
  • ClassName: 'TXGuiFoundation', WindowName: '电脑管家 - 网络流量管理'
Modifies file system
Creates the following files
  • %TEMP%\kyzip_85000910_alin_001.exe
  • %TEMP%\funaccesetupfiles\funacce\gma.dll
  • %TEMP%\funaccesetupfiles\funacce\funworks64.dll
  • %TEMP%\funaccesetupfiles\funacce\funworks.dll
  • %TEMP%\funaccesetupfiles\funacce\fundodge.dll
  • %TEMP%\funaccesetupfiles\funacce\funaccelerator64.dll
  • %TEMP%\funaccesetupfiles\funacce\funaccelerator.dll
  • %TEMP%\funaccesetupfiles\funacce\fireman.dll
  • %TEMP%\funaccesetupfiles\funacce\dicengjiasu64.dll
  • %TEMP%\funaccesetupfiles\funacce\dicengjiasu.dll
  • %TEMP%\funaccesetupfiles\funacce\aptnail.dll
  • %TEMP%\funaccesetupfiles\funacce\sfunworks.daw
  • %TEMP%\funaccesetupfiles\funacce\aenvclear.daw
  • %TEMP%\funaccesetupfiles\funacce\acceclient.exe
  • %TEMP%\funaccesetupfiles\funacce\seedicon.ico
  • %TEMP%\funaccesetupfiles\setupfiles.7z
  • %TEMP%\fmpskin\configuration\installerdefault.skin
  • %TEMP%\fmpskin\configuration.7z
  • %TEMP%\funinstaller_ps_0107004.exe
  • %TEMP%\ldsgamemaster.exe
  • %TEMP%\{1a81cbe0-7abc-4f51-aa59-9b6aa1d9b3c9}.tf
  • %TEMP%\360net.dll
  • %TEMP%\lud6e1e.tmp
  • %TEMP%\funaccesetupfiles\funacce\风行视频加速器.exe
  • %APPDATA%\快压\x86\kzmodule.tmp
  • %TEMP%\funaccesetupfiles\funacce\ssdodge.daw
  • %TEMP%\{c3b6b6fa-f3bc-4334-b842-c97c9a102bdf}.tmp\netbridge.dll
  • %TEMP%\{c3b6b6fa-f3bc-4334-b842-c97c9a102bdf}.tmp\360netul.dll
  • %APPDATA%\avatder\风行视频加速器.exe
  • %TEMP%\{c3b6b6fa-f3bc-4334-b842-c97c9a102bdf}.tmp\360base.dll
  • %APPDATA%\avatder\uninst.exe
  • %APPDATA%\avatder\ssdodge.daw
  • %APPDATA%\avatder\sfunworks.daw
  • %APPDATA%\avatder\seedicon.ico
  • %TEMP%\{83c81e5f-2e49-44c0-855c-b24957884dd3}.tmp
  • %TEMP%\{bbf70066-c1d3-4812-9f20-bb6feac12f79}.tmp\7z.dll
  • %TEMP%\{617ff249-3aed-4ee3-8c2d-17ab9086aaa9}.tmp
  • %TEMP%\{5377c988-3194-460a-982f-6198a4c264c6}.tf
  • %APPDATA%\avatder\gma.dll
  • %APPDATA%\avatder\funworks64.dll
  • %APPDATA%\avatder\funworks.dll
  • %APPDATA%\avatder\fundodge.dll
  • %APPDATA%\avatder\funaccelerator64.dll
  • %APPDATA%\avatder\funaccelerator.dll
  • %APPDATA%\avatder\fireman.dll
  • %APPDATA%\avatder\dicengjiasu64.dll
  • %APPDATA%\avatder\dicengjiasu.dll
  • %APPDATA%\avatder\aptnail.dll
  • %APPDATA%\avatder\aenvclear.daw
  • %TEMP%\{81a18df6-91c2-40b2-a5f3-cc187231ec37}.tf
  • %TEMP%\funaccesetupfiles\funacce\uninst.exe
  • %TEMP%\360base.dll
  • %TEMP%\lud6d14.tmp
  • %TEMP%\{43d1e7d4-e770-44b9-a8f7-df3857e0d953}.tf
  • %APPDATA%\快压\x64\kzmodule.tmp
  • %APPDATA%\快压\x86\kuaizipshell.tmp
  • %APPDATA%\快压\x86\kuaizipdrive.tmp
  • %APPDATA%\快压\x86\kuaizip.tmp
  • %APPDATA%\快压\x86\feedback.tmp
  • %APPDATA%\快压\x86\duilib.tmp
  • %APPDATA%\快压\x86\7z.tmp
  • %APPDATA%\快压\x64\lang\chs_lang.tmp
  • %APPDATA%\快压\x64\mountcore.tmp
  • %APPDATA%\快压\x64\mount.tmp
  • %APPDATA%\快压\x64\kzmount2.tmp
  • %APPDATA%\快压\x64\kzformat.tmp
  • %APPDATA%\快压\x86\kuaizipupdatechecker.tmp
  • %APPDATA%\快压\x64\kuaizipshellprop.tmp
  • %APPDATA%\快压\x64\kuaizipshell.tmp
  • %APPDATA%\快压\x64\kuaizipdrive.tmp
  • %APPDATA%\快压\x64\7z.tmp
  • %APPDATA%\快压\zipnew.tmp
  • %APPDATA%\快压\sldefault.tmp
  • %APPDATA%\快压\readme.tmp
  • %APPDATA%\快压\kznew.tmp
  • %APPDATA%\快压\errormsg.tmp
  • %APPDATA%\快压\7znew.tmp
  • %TEMP%\{c3b6b6fa-f3bc-4334-b842-c97c9a102bdf}.tmp\utils\ldsbasic.dll
  • %APPDATA%\avatder\acceclient.exe
  • %APPDATA%\快压\x86\kzformat.tmp
  • %APPDATA%\快压\x86\kzreport.tmp
  • %APPDATA%\快压\x86\kuaizipshellprop.tmp
  • %APPDATA%\microsoft\windows\start menu\programs\快压\启动快压.lnk
  • %APPDATA%\microsoft\windows\start menu\programs\快压\卸载快压.lnk
  • %HOMEPATH%\desktop\快压.lnk
  • %TEMP%\ldsgamemasterinstroad_214001.exe
  • %WINDIR%\temp\udd50ce.tmp
  • %APPDATA%\快压\x86\updatechecker_dll.tmp
  • %APPDATA%\快压\x86\kzreport_dll.tmp
  • %APPDATA%\快压\x86\update_dll.tmp
  • %APPDATA%\快压\x86\kzupdatedownloader.tmp
  • %APPDATA%\快压\x86\sfx\kzsetup_chs.tmp
  • %APPDATA%\快压\x86\lang\chs_lang.tmp
  • %APPDATA%\快压\x86\wizard.tmp
  • %APPDATA%\快压\x86\vip.tmp
  • %APPDATA%\快压\x86\verify.tmp
  • %APPDATA%\快压\x86\update.tmp
  • %APPDATA%\快压\x86\uninst.tmp
  • %APPDATA%\快压\x86\skinbox.tmp
  • %APPDATA%\快压\x86\service.tmp
  • %APPDATA%\快压\x86\repair.tmp
  • %APPDATA%\快压\x86\password.tmp
  • %APPDATA%\快压\x86\mountcore.tmp
  • %APPDATA%\快压\x86\mount.tmp
  • %APPDATA%\快压\x86\kzmount2.tmp
  • %TEMP%\setup_wnktwkb011.exe
Deletes the following files
  • %WINDIR%\temp\udd50ce.tmp
  • %TEMP%\{43d1e7d4-e770-44b9-a8f7-df3857e0d953}.tf
  • %TEMP%\lud6d14.tmp
  • %TEMP%\360base.dll
  • %TEMP%\{81a18df6-91c2-40b2-a5f3-cc187231ec37}.tf
  • %TEMP%\lud6e1e.tmp
  • %TEMP%\360net.dll
  • %TEMP%\{1a81cbe0-7abc-4f51-aa59-9b6aa1d9b3c9}.tf
  • %TEMP%\{5377c988-3194-460a-982f-6198a4c264c6}.tf
  • %TEMP%\{617ff249-3aed-4ee3-8c2d-17ab9086aaa9}.tmp
  • %TEMP%\{83c81e5f-2e49-44c0-855c-b24957884dd3}.tmp
  • %APPDATA%\avatder\aenvclear.daw
Moves the following files
  • from %APPDATA%\快压\7znew.tmp to %APPDATA%\快压\7znew.dat
  • from %APPDATA%\快压\x86\kzmount2.tmp to %APPDATA%\快压\x86\kzmount2.exe
  • from %APPDATA%\快压\x86\kzreport.tmp to %APPDATA%\快压\x86\kzreport.exe
  • from %APPDATA%\快压\x86\mount.tmp to %APPDATA%\快压\x86\mount.dll
  • from %APPDATA%\快压\x86\mountcore.tmp to %APPDATA%\快压\x86\mountcore.dll
  • from %APPDATA%\快压\x86\password.tmp to %APPDATA%\快压\x86\password.exe
  • from %APPDATA%\快压\x86\repair.tmp to %APPDATA%\快压\x86\repair.exe
  • from %APPDATA%\快压\x86\service.tmp to %APPDATA%\快压\x86\service.exe
  • from %APPDATA%\快压\x86\skinbox.tmp to %APPDATA%\快压\x86\skinbox.exe
  • from %APPDATA%\快压\x64\kzmodule.tmp to %APPDATA%\快压\x64\kzmodule.dll
  • from %APPDATA%\快压\x86\uninst.tmp to %APPDATA%\快压\x86\uninst.exe
  • from %APPDATA%\快压\x86\verify.tmp to %APPDATA%\快压\x86\verify.exe
  • from %APPDATA%\快压\x86\vip.tmp to %APPDATA%\快压\x86\vip.exe
  • from %APPDATA%\快压\x86\wizard.tmp to %APPDATA%\快压\x86\wizard.exe
  • from %APPDATA%\快压\x86\lang\chs_lang.tmp to %APPDATA%\快压\x86\lang\chs_lang.dll
  • from %APPDATA%\快压\x86\sfx\kzsetup_chs.tmp to %APPDATA%\快压\x86\sfx\kzsetup_chs.sfx
  • from %APPDATA%\快压\x86\uninst.exe to %TEMP%\uninst.exe
  • from %APPDATA%\快压\x86\kzupdatedownloader.tmp to %APPDATA%\快压\x86\kzupdatedownloader.exe
  • from %APPDATA%\快压\x86\update_dll.tmp to %APPDATA%\快压\x86\update_dll.dll
  • from %APPDATA%\快压\x86\kzformat.tmp to %APPDATA%\快压\x86\kzformat.dll
  • from %APPDATA%\快压\x86\kzmodule.tmp to %APPDATA%\快压\x86\kzmodule.dll
  • from %APPDATA%\快压\x86\kuaizipupdatechecker.tmp to %APPDATA%\快压\x86\kuaizipupdatechecker.dll
  • from %APPDATA%\快压\x86\kuaizipshellprop.tmp to %APPDATA%\快压\x86\kuaizipshellprop.dll
  • from %APPDATA%\快压\x86\kuaizipshell.tmp to %APPDATA%\快压\x86\kuaizipshell.dll
  • from %APPDATA%\快压\kznew.tmp to %APPDATA%\快压\kznew.dat
  • from %APPDATA%\快压\readme.tmp to %APPDATA%\快压\readme.txt
  • from %APPDATA%\快压\sldefault.tmp to %APPDATA%\快压\sldefault.xml
  • from %APPDATA%\快压\zipnew.tmp to %APPDATA%\快压\zipnew.dat
  • from %APPDATA%\快压\x64\7z.tmp to %APPDATA%\快压\x64\7z.dll
  • from %APPDATA%\快压\x64\kuaizipdrive.tmp to %APPDATA%\快压\x64\kuaizipdrive.sys
  • from %APPDATA%\快压\x64\kuaizipshell.tmp to %APPDATA%\快压\x64\kuaizipshell.dll
  • from %APPDATA%\快压\x64\kuaizipshellprop.tmp to %APPDATA%\快压\x64\kuaizipshellprop.dll
  • from %APPDATA%\快压\x86\kzreport_dll.tmp to %APPDATA%\快压\x86\kzreport_dll.dll
  • from %APPDATA%\快压\x86\update.tmp to %APPDATA%\快压\x86\update.exe
  • from %APPDATA%\快压\x64\kzformat.tmp to %APPDATA%\快压\x64\kzformat.dll
  • from %APPDATA%\快压\x64\mount.tmp to %APPDATA%\快压\x64\mount.dll
  • from %APPDATA%\快压\x64\mountcore.tmp to %APPDATA%\快压\x64\mountcore.dll
  • from %APPDATA%\快压\x64\lang\chs_lang.tmp to %APPDATA%\快压\x64\lang\chs_lang.dll
  • from %APPDATA%\快压\x86\7z.tmp to %APPDATA%\快压\x86\7z.dll
  • from %APPDATA%\快压\x86\duilib.tmp to %APPDATA%\快压\x86\duilib.dll
  • from %APPDATA%\快压\x86\feedback.tmp to %APPDATA%\快压\x86\feedback.exe
  • from %APPDATA%\快压\x86\kuaizip.tmp to %APPDATA%\快压\x86\kuaizip.exe
  • from %APPDATA%\快压\x86\kuaizipdrive.tmp to %APPDATA%\快压\x86\kuaizipdrive.sys
  • from %APPDATA%\快压\errormsg.tmp to %APPDATA%\快压\errormsg.xml
  • from %APPDATA%\快压\x64\kzmount2.tmp to %APPDATA%\快压\x64\kzmount2.exe
  • from %APPDATA%\快压\x86\updatechecker_dll.tmp to %APPDATA%\快压\x86\updatechecker_dll.dll
Substitutes the following files
  • %APPDATA%\快压\x86\uninst.tmp
  • %APPDATA%\快压\x86\uninst.exe
Network activity
TCP
HTTP GET requests
  • http://dl.###ownload.com/alin_1/kyzip_85000910_alin_001.exe
  • http://dl.##dashi.com/gamemaster/LDSGameMasterInstRoad_214001.exe
  • http://do#####ds.funshion.net/tools/cloudinstall_signature/7004/FunInstaller_PS_0107004.exe
  • http://dl.##dashi.com/gamemaster/buychannelFull.exe
  • http://tj.##zip.com/kuaizipreport/kuaizipreport/common_action?co#################################################################################################################################...
  • http://s.###ashi.com/mgame?ty#################################################################################################################################
  • http://s.###ashi.com/mgame?ty##########################################################################################################################
  • http://i.##zip.com/n/kuaizip/shell.json
  • http://i.##zip.com/n/logo/v1.0.0.2/ShellExtStrategyDllNew64.gif
  • http://do####f.eastday.com/wnkt/qdb/setup_wnktwkb011.exe
  • http://st##.#unshion.net/tools/FsPlatformAction?rp###############################################################################################################################################...
  • http://s.###ashi.com/mgame?ty###################################################################################################################################
  • http://s.###ashi.com/mgame?ty################################################################################################################################
HTTP POST requests
  • http://ap#.#58pan.com/upgrape.php
  • http://tj.##zip.com/kuaizipreport/common_action?co###############################################################################################################################################...
  • http://tj.##zip.com/kuaizipreport/kuaizipreport/install?co#######################################################################################################################################...
  • http://tj.##zip.com/kuaizipreport/kuaizipreport/rl_service?co####################################################################################################################################...
UDP
  • DNS ASK ap#.#58pan.com
  • DNS ASK dl.###ownload.com
  • DNS ASK dl.##dashi.com
  • DNS ASK tj.##zip.com
  • DNS ASK do#####ds.funshion.net
  • DNS ASK ky######on.dftoutiao.com
  • DNS ASK s.###ashi.com
  • DNS ASK i.##zip.com
  • DNS ASK do####f.eastday.com
  • DNS ASK ne#####.funshion.com
  • DNS ASK st##.#unshion.net
Miscellaneous
Searches for the following windows
  • ClassName: 'Q360NetmonClassInfo' WindowName: ''
  • ClassName: 'BDMSusDetailFrame' WindowName: ''
Creates and executes the following
  • '%TEMP%\kyzip_85000910_alin_001.exe'
  • '%TEMP%\ldsgamemasterinstroad_214001.exe'
  • '%APPDATA%\快压\x86\kuaizip.exe' -instsvr
  • '%APPDATA%\快压\x86\kuaizip.exe' -AssociateAll
  • '%APPDATA%\快压\x86\kzreport.exe'
  • '%TEMP%\funinstaller_ps_0107004.exe'
  • '%TEMP%\ldsgamemaster.exe' /PID="214001" /S /FROM=inst
  • '%TEMP%\setup_wnktwkb011.exe' /7d5
  • '%APPDATA%\快压\x86\kuaizip.exe' -instsvr' (with hidden window)
  • '%APPDATA%\快压\x86\kuaizip.exe' -AssociateAll' (with hidden window)
  • '%APPDATA%\快压\x86\kzreport.exe' ' (with hidden window)
  • '%WINDIR%\syswow64\rundll32.exe' ' (with hidden window)
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%APPDATA%\Avatder\funaccelerator64.dll"' (with hidden window)
  • '%WINDIR%\syswow64\rundll32.exe' "%APPDATA%\Avatder\DiCengJiaSu64.dll" install' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\快压\X64\KuaiZipShell.dll
  • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\快压\X64\KuaiZipShellProp.dll
  • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\快压\X86\kuaizipUpdateChecker.dll
  • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShell.dll
  • '<SYSTEM32>\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShell.dll
  • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShellProp.dll
  • '<SYSTEM32>\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShellProp.dll
  • '%WINDIR%\syswow64\svchost.exe' -k kuaizipupdatesvc
  • '%WINDIR%\syswow64\rundll32.exe'
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%APPDATA%\Avatder\funaccelerator64.dll"
  • '%WINDIR%\syswow64\rundll32.exe' "%APPDATA%\Avatder\DiCengJiaSu64.dll" install
  • '<SYSTEM32>\rundll32.exe' "%APPDATA%\Avatder\DiCengJiaSu64.dll" install
  • '<SYSTEM32>\regsvr32.exe' /s "%APPDATA%\Avatder\funaccelerator64.dll"

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124