FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.Siggen12.25897

Added to the Dr.Web virus database: 2021-03-06

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKLM>\Software\Classes\Heinote.txt\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.049\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.050\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.050\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.051\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.051\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.052\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.052\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.053\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.053\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.054\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.054\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.055\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.055\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.056\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.057\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.064\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.057\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.058\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.058\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.059\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.059\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.060\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.060\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.061\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.061\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.062\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.062\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.063\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.063\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.064\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.049\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.056\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.048\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.039\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.032\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.033\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.033\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.034\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.034\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.035\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.035\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.036\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.036\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.037\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.037\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.038\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.038\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.039\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.040\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.047\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.040\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.041\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.041\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.042\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.042\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.043\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.043\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.044\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.044\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.045\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.045\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.046\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.046\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.047\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.048\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.065\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.065\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.066\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.084\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.085\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.085\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.086\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.086\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.087\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.087\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.088\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.088\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.089\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.089\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.090\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.090\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.083\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.084\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.091\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.091\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.098\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.098\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.097\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.097\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.096\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.099\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.096\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.095\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.094\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.094\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.093\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.093\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.092\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.092\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.083\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.082\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.082\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.067\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.067\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.068\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.068\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.069\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.069\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.070\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.070\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.071\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.071\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.072\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.072\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.073\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.073\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.066\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.074\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.081\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.074\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.075\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.075\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.076\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.076\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.077\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.078\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.077\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.032\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.079\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.079\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.080\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.080\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.081\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.078\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.095\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.031\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.027\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.7z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.7z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.bz2\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.bz2\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.jar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.jar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.z\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.mou\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.mou\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.rpm\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.rpm\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.gz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.gz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.tgz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.05\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.tbz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.tbz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.apk\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.apk\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.zipx\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.zipx\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.01\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.01\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.02\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.02\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.03\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.03\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.04\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.04\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.rar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.tgz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.rar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\Software\Classes\Heinote.makefile\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.log\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.xml\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.pl\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.py\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.lua\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.md\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.markdown\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.yaml\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.json\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.nsh\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.nsi\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.iss\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.diff\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.sql\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\Software\Classes\Heinote.rc\shell\open\command] '' = '%APPDATA%\Heinote\hnote.exe %1'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.wim\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.kz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.kz\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.zip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.zip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.cab\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.cab\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.arj\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.arj\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.lzh\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.lzh\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.gzip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.gzip\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.tar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.tar\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.wim\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.05\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.06\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.06\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.016\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.016\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.017\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.017\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.018\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.018\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.019\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.019\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.020\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.020\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.021\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.021\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.022\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.015\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.015\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.022\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.023\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.030\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.029\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.029\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.028\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.028\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.030\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.027\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.026\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.026\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.025\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.025\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.024\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.024\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.023\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.014\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.014\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.013\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.07\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.08\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.08\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.09\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.09\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.001\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.001\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.002\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.002\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.003\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.003\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.004\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.004\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.005\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.07\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.005\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.013\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.006\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.006\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.007\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.007\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.008\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.008\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.009\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.009\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.031\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.010\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.011\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.011\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.012\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.012\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Kuaizip.010\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
  • [<HKCU>\SOFTWARE\Classes\Kuaizip.099\Shell\Open\Command] '' = '"%APPDATA%\快压\X86\KuaiZip.exe" "%1"'
Creates or modifies the following files
  • <SYSTEM32>\tasks\hn_repair
  • <SYSTEM32>\tasks\hn_update
  • %WINDIR%\tasks\kuaizip_update.job
  • <SYSTEM32>\tasks\kuaizip_update
Sets the following service settings
  • [<HKLM>\System\CurrentControlSet\Services\ECB849AA] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\ECB849AA] 'ImagePath' = '<DRIVERS>\ECB849AA.sys'
  • [<HKLM>\System\CurrentControlSet\Services\HEINOTEUPDATE] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\HEINOTEUPDATE] 'ImagePath' = '<SYSTEM32>\svchost.exe -k HEINOTEUPDATE'
  • [<HKLM>\SYSTEM\CurrentControlSet\Services\HEINOTEUPDATE\Parameters] 'ServiceDll' = '%APPDATA%\Heinote\HNChecker.dll'
  • [<HKLM>\System\CurrentControlSet\Services\UpdateService] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\UpdateService] 'ImagePath' = '%APPDATA%\Heinote\updateservice.exe'
  • [<HKLM>\System\CurrentControlSet\Services\KuaiZipDrive] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\KuaiZipDrive] 'ImagePath' = '%APPDATA%\快压\X64\KuaiZipDrive.sys'
  • [<HKLM>\System\CurrentControlSet\Services\KuaizipUpdateChecker] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\KuaizipUpdateChecker] 'ImagePath' = '<SYSTEM32>\svchost.exe -k kuaizipupdatesvc'
  • [<HKLM>\SYSTEM\CurrentControlSet\Services\KuaizipUpdateChecker\Parameters] 'ServiceDll' = '%APPDATA%\快压\X86\kuaizipUpdateChecker.dll'
Creates the following services
  • 'ECB849AA' <DRIVERS>\ECB849AA.sys
  • 'HEINOTEUPDATE' <SYSTEM32>\svchost.exe -k HEINOTEUPDATE
  • 'UpdateService' %APPDATA%\Heinote\updateservice.exe
  • 'KuaiZipDrive' %APPDATA%\快压\X64\KuaiZipDrive.sys
  • 'KuaizipUpdateChecker' <SYSTEM32>\svchost.exe -k kuaizipupdatesvc
Malicious functions
Injects code into
the following system processes:
  • %WINDIR%\syswow64\svchost.exe
Registers file system filter
  • [<HKLM>\System\CurrentControlSet\Services\ECB849AA] 'Group' = 'FSFilter Activity Monitor'
Modifies file system
Creates the following files
  • %TEMP%\juu008.exe
  • %APPDATA%\快压\x86\kzformat.tmp
  • %APPDATA%\快压\x86\kuaizipupdatechecker.tmp
  • %APPDATA%\快压\x86\kuaizipshellprop.tmp
  • %APPDATA%\快压\x86\kuaizipshell.tmp
  • %APPDATA%\快压\x86\kuaizipdrive.tmp
  • %APPDATA%\快压\x86\kuaizip.tmp
  • %APPDATA%\快压\x86\feedback.tmp
  • %APPDATA%\快压\x86\duilib.tmp
  • %APPDATA%\快压\x64\lang\chs_lang.tmp
  • %APPDATA%\快压\x86\kzmount2.tmp
  • %APPDATA%\快压\x64\mountcore.tmp
  • %APPDATA%\快压\x64\mount.tmp
  • %APPDATA%\快压\x64\kzmount2.tmp
  • %APPDATA%\快压\x64\kzmodule.tmp
  • %APPDATA%\快压\x64\kzformat.tmp
  • %APPDATA%\快压\x64\kuaizipshellprop.tmp
  • %APPDATA%\快压\x64\kuaizipshell.tmp
  • %APPDATA%\快压\x86\7z.tmp
  • %APPDATA%\heinote\userchoise.tmp
  • %APPDATA%\快压\x86\kzreport.tmp
  • %HOMEPATH%\desktop\快压.lnk
  • %WINDIR%\temp\udd7ea7.tmp
  • %APPDATA%\快压\x86\updatechecker_dll.tmp
  • %APPDATA%\快压\x86\kzreport_dll.tmp
  • %APPDATA%\快压\x86\update_dll.tmp
  • %APPDATA%\快压\x86\kzupdatedownloader.tmp
  • %APPDATA%\快压\x86\sfx\kzsetup_chs.tmp
  • %APPDATA%\快压\x86\lang\chs_lang.tmp
  • %APPDATA%\快压\x64\kuaizipdrive.tmp
  • %APPDATA%\快压\x86\kzmodule.tmp
  • %APPDATA%\快压\x86\verify.tmp
  • %APPDATA%\快压\x86\update.tmp
  • %APPDATA%\快压\x86\uninst.tmp
  • %APPDATA%\快压\x86\skinbox.tmp
  • %APPDATA%\快压\x86\service.tmp
  • %APPDATA%\快压\x86\repair.tmp
  • %APPDATA%\快压\x86\password.tmp
  • %APPDATA%\快压\x86\mountcore.tmp
  • %APPDATA%\快压\x86\vip.tmp
  • %APPDATA%\快压\x86\mount.tmp
  • %APPDATA%\快压\x64\7z.tmp
  • %APPDATA%\快压\zipnew.tmp
  • %APPDATA%\快压\sldefault.tmp
  • %WINDIR%\temp\uddef24.tmp
  • %APPDATA%\heinote\skinbox.tmp
  • %APPDATA%\heinote\updateservice.tmp
  • %APPDATA%\heinote\service.tmp
  • %APPDATA%\heinote\readmode.tmp
  • %APPDATA%\heinote\filerelated.tmp
  • %APPDATA%\heinote\feedback.tmp
  • %APPDATA%\heinote\autosave.tmp
  • %APPDATA%\microsoft\windows\start menu\programs\快压\卸载快压.lnk
  • %APPDATA%\heinote\notepaper.tmp
  • %WINDIR%\temp\udde737.tmp
  • %WINDIR%\temp\udddf59.tmp
  • %TEMP%\heinote_2974234250_xiuqi_001.exe
  • %WINDIR%\temp\uddd77c.tmp
  • %WINDIR%\temp\uddcf9e.tmp
  • %TEMP%\~1z23.tmp
  • %WINDIR%\temp\uddc783.tmp
  • <DRIVERS>\ecb849aa.sys
  • %TEMP%\kuaizip_setup_2974234250_xiuqi_001.exe
  • %APPDATA%\快压\x86\wizard.tmp
  • %APPDATA%\heinote\report.tmp
  • %APPDATA%\heinote\duilib.tmp
  • %APPDATA%\heinote\update.tmp
  • %APPDATA%\快压\readme.tmp
  • %APPDATA%\快压\kznew.tmp
  • %APPDATA%\快压\errormsg.tmp
  • %APPDATA%\快压\7znew.tmp
  • <Current directory>\_deleteme.bat
  • %APPDATA%\microsoft\windows\start menu\小黑记事本\卸载小黑记事本.lnk
  • %APPDATA%\microsoft\windows\start menu\小黑记事本\启动小黑记事本.lnk
  • %APPDATA%\heinote\upgrade.tmp
  • %HOMEPATH%\desktop\小黑记事本.lnk
  • %APPDATA%\heinote\hnote.tmp
  • %APPDATA%\heinote\unuserchoise.tmp
  • %APPDATA%\heinote\heinote.tmp
  • %APPDATA%\heinote\hnpreview64.tmp
  • %APPDATA%\heinote\hnpreview.tmp
  • %APPDATA%\heinote\hnshell64.tmp
  • %APPDATA%\heinote\hnshell.tmp
  • %APPDATA%\heinote\hnchecker.tmp
  • %APPDATA%\heinote\uninst.tmp
  • %APPDATA%\microsoft\windows\start menu\programs\快压\启动快压.lnk
Deletes the following files
  • %TEMP%\~1z23.tmp
  • %WINDIR%\temp\uddc783.tmp
  • %WINDIR%\temp\uddcf9e.tmp
  • %WINDIR%\temp\uddd77c.tmp
  • %WINDIR%\temp\udddf59.tmp
  • %WINDIR%\temp\udde737.tmp
  • %WINDIR%\temp\uddef24.tmp
  • %WINDIR%\temp\udd7ea7.tmp
Moves the following files
  • from %APPDATA%\heinote\autosave.tmp to %APPDATA%\heinote\autosave.exe
  • from %APPDATA%\快压\x64\lang\chs_lang.tmp to %APPDATA%\快压\x64\lang\chs_lang.dll
  • from %APPDATA%\快压\x86\7z.tmp to %APPDATA%\快压\x86\7z.dll
  • from %APPDATA%\快压\x86\duilib.tmp to %APPDATA%\快压\x86\duilib.dll
  • from %APPDATA%\快压\x86\feedback.tmp to %APPDATA%\快压\x86\feedback.exe
  • from %APPDATA%\快压\x86\kuaizip.tmp to %APPDATA%\快压\x86\kuaizip.exe
  • from %APPDATA%\快压\x86\kuaizipdrive.tmp to %APPDATA%\快压\x86\kuaizipdrive.sys
  • from %APPDATA%\快压\x86\kuaizipshell.tmp to %APPDATA%\快压\x86\kuaizipshell.dll
  • from %APPDATA%\快压\x86\kuaizipshellprop.tmp to %APPDATA%\快压\x86\kuaizipshellprop.dll
  • from %APPDATA%\快压\x86\kuaizipupdatechecker.tmp to %APPDATA%\快压\x86\kuaizipupdatechecker.dll
  • from %APPDATA%\快压\x86\kzformat.tmp to %APPDATA%\快压\x86\kzformat.dll
  • from %APPDATA%\快压\x86\kzmodule.tmp to %APPDATA%\快压\x86\kzmodule.dll
  • from %APPDATA%\快压\x86\kzmount2.tmp to %APPDATA%\快压\x86\kzmount2.exe
  • from %APPDATA%\快压\x86\kzreport.tmp to %APPDATA%\快压\x86\kzreport.exe
  • from %APPDATA%\快压\x64\mount.tmp to %APPDATA%\快压\x64\mount.dll
  • from %APPDATA%\快压\x64\mountcore.tmp to %APPDATA%\快压\x64\mountcore.dll
  • from %APPDATA%\快压\x86\mount.tmp to %APPDATA%\快压\x86\mount.dll
  • from %APPDATA%\快压\x86\mountcore.tmp to %APPDATA%\快压\x86\mountcore.dll
  • from %APPDATA%\快压\x86\update_dll.tmp to %APPDATA%\快压\x86\update_dll.dll
  • from %APPDATA%\快压\x86\kzupdatedownloader.tmp to %APPDATA%\快压\x86\kzupdatedownloader.exe
  • from %APPDATA%\快压\x86\uninst.exe to %TEMP%\uninst.exe
  • from %APPDATA%\快压\x86\sfx\kzsetup_chs.tmp to %APPDATA%\快压\x86\sfx\kzsetup_chs.sfx
  • from %APPDATA%\快压\x86\lang\chs_lang.tmp to %APPDATA%\快压\x86\lang\chs_lang.dll
  • from %APPDATA%\快压\kznew.tmp to %APPDATA%\快压\kznew.dat
  • from %APPDATA%\快压\x86\wizard.tmp to %APPDATA%\快压\x86\wizard.exe
  • from %APPDATA%\快压\x86\verify.tmp to %APPDATA%\快压\x86\verify.exe
  • from %APPDATA%\快压\x86\update.tmp to %APPDATA%\快压\x86\update.exe
  • from %APPDATA%\快压\x86\uninst.tmp to %APPDATA%\快压\x86\uninst.exe
  • from %APPDATA%\快压\x86\skinbox.tmp to %APPDATA%\快压\x86\skinbox.exe
  • from %APPDATA%\快压\x86\service.tmp to %APPDATA%\快压\x86\service.exe
  • from %APPDATA%\快压\x86\repair.tmp to %APPDATA%\快压\x86\repair.exe
  • from %APPDATA%\快压\x86\password.tmp to %APPDATA%\快压\x86\password.exe
  • from %APPDATA%\快压\x64\kzmount2.tmp to %APPDATA%\快压\x64\kzmount2.exe
  • from %APPDATA%\快压\x64\kzmodule.tmp to %APPDATA%\快压\x64\kzmodule.dll
  • from %APPDATA%\快压\x64\kzformat.tmp to %APPDATA%\快压\x64\kzformat.dll
  • from %APPDATA%\heinote\filerelated.tmp to %APPDATA%\heinote\filerelated.exe
  • from %APPDATA%\heinote\readmode.tmp to %APPDATA%\heinote\readmode.exe
  • from %APPDATA%\heinote\service.tmp to %APPDATA%\heinote\service.exe
  • from %APPDATA%\heinote\updateservice.tmp to %APPDATA%\heinote\updateservice.exe
  • from %APPDATA%\heinote\skinbox.tmp to %APPDATA%\heinote\skinbox.exe
  • from %APPDATA%\heinote\hnote.tmp to %APPDATA%\heinote\hnote.exe
  • from %APPDATA%\heinote\notepaper.tmp to %APPDATA%\heinote\notepaper.exe
  • from %APPDATA%\heinote\report.tmp to %APPDATA%\heinote\report.exe
  • from %APPDATA%\heinote\update.tmp to %APPDATA%\heinote\update.exe
  • from %APPDATA%\heinote\upgrade.tmp to %APPDATA%\heinote\upgrade.exe
  • from %APPDATA%\heinote\duilib.tmp to %APPDATA%\heinote\duilib.dll
  • from %APPDATA%\heinote\hnchecker.tmp to %APPDATA%\heinote\hnchecker.dll
  • from %APPDATA%\heinote\hnshell.tmp to %APPDATA%\heinote\hnshell.dll
  • from %APPDATA%\heinote\hnshell64.tmp to %APPDATA%\heinote\hnshell64.dll
  • from %APPDATA%\heinote\feedback.tmp to %APPDATA%\heinote\feedback.exe
  • from %APPDATA%\heinote\hnpreview.tmp to %APPDATA%\heinote\hnpreview.dll
  • from %APPDATA%\快压\x64\kuaizipshellprop.tmp to %APPDATA%\快压\x64\kuaizipshellprop.dll
  • from %APPDATA%\heinote\hnpreview64.tmp to %APPDATA%\heinote\hnpreview64.dll
  • from %APPDATA%\heinote\heinote.tmp to %APPDATA%\heinote\heinote.ini
  • from %APPDATA%\heinote\unuserchoise.tmp to %APPDATA%\heinote\unuserchoise.reg
  • from %APPDATA%\heinote\userchoise.tmp to %APPDATA%\heinote\userchoise.reg
  • from %APPDATA%\heinote\uninst.tmp to %APPDATA%\heinote\uninst.exe
  • from %APPDATA%\快压\7znew.tmp to %APPDATA%\快压\7znew.dat
  • from %APPDATA%\快压\x86\vip.tmp to %APPDATA%\快压\x86\vip.exe
  • from %APPDATA%\快压\errormsg.tmp to %APPDATA%\快压\errormsg.xml
  • from %APPDATA%\快压\x86\kzreport_dll.tmp to %APPDATA%\快压\x86\kzreport_dll.dll
  • from %APPDATA%\快压\sldefault.tmp to %APPDATA%\快压\sldefault.xml
  • from %APPDATA%\快压\zipnew.tmp to %APPDATA%\快压\zipnew.dat
  • from %APPDATA%\快压\x64\7z.tmp to %APPDATA%\快压\x64\7z.dll
  • from %APPDATA%\快压\x64\kuaizipdrive.tmp to %APPDATA%\快压\x64\kuaizipdrive.sys
  • from %APPDATA%\快压\x64\kuaizipshell.tmp to %APPDATA%\快压\x64\kuaizipshell.dll
  • from %APPDATA%\快压\readme.tmp to %APPDATA%\快压\readme.txt
  • from %APPDATA%\快压\x86\updatechecker_dll.tmp to %APPDATA%\快压\x86\updatechecker_dll.dll
Substitutes the following files
  • %APPDATA%\快压\x86\uninst.tmp
  • %APPDATA%\快压\x86\uninst.exe
Deletes itself.
Network activity
Connects to
  • 'do####ad.xp666.com':80
  • 'go###021.xyz':80
  • 't.##ote.com':80
  • 'ba##u.com':443
  • 'tj.##go2021.xyz':80
  • 'do###.##llpaper.muxin.fun':80
  • 'tj#.#654.com':80
  • 'tj.##zip.com':80
  • 'do###.7654.com':80
  • 'ap#.#p666.com':80
  • 'i.##zip.com':80
TCP
HTTP GET requests
  • http://tj#.#654.com/heinote/common_action?co#####################################################################################################################################################...
  • http://do###.7654.com/n/heinote2.json
  • http://tj.##zip.com/kuaizipreport/kuaizipreport/common_action?co#################################################################################################################################...
HTTP POST requests
  • http://t.##ote.com/duote/index.php
  • 'ba##u.com':443
    • UDP
    • DNS ASK do####ad.xp666.com
    • DNS ASK go###021.xyz
    • DNS ASK t.##ote.com
    • DNS ASK ba##u.com
    • DNS ASK tj.##go2021.xyz
    • DNS ASK do###.##llpaper.muxin.fun
    • DNS ASK tj#.#654.com
    • DNS ASK tj.##zip.com
    • DNS ASK do###.7654.com
    • DNS ASK ap#.#p666.com
    • DNS ASK ky######on.dftoutiao.com
    • DNS ASK i.##zip.com
    Miscellaneous
    Searches for the following windows
    • ClassName: 'RegEdit_RegEdit' WindowName: ''
    Creates and executes the following
    • '%TEMP%\juu008.exe'
    • '%APPDATA%\heinote\skinbox.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvBsLoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\skinbox.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVpwoBoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\readmode.exe' -param=eDLeEO7WpbvmB2m0F4X+sXBg0VxBpcbdDN+BHvdMU+SlooOFbdptBzYiF1YCrj0JiBCL829mAx7u+pEishBKDXYA
    • '%APPDATA%\heinote\skinbox.exe' -param=J0Z6kgD1zknZAicYsqHVd8fzx6Ss2F5TuzzqeMSgKA6YPU6Xt6zXO0MrAQ45ya2aNIjfr2zLkCy2uObLyM0jXJ5b2Jdy
    • '%APPDATA%\heinote\feedback.exe' -param=eDLeEO7WpbvmB2m0F4X+sXBg0VxBpcbdDN+BHvdMU+SlooOFbdptBzYiF1YCrj0JiBCL829mAx7u+pEishBKDXYA
    • '%APPDATA%\heinote\feedback.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvBsLoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\readmode.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvBsLoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\skinbox.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvhUCoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\feedback.exe' -param=UyHMS8M5Tqo1P7by74nKxImB66tWWqsPLcByb/6jqW76ozONW75q9ToNpmuLtbgnjx1EM1+znraeK1YgQbDh
    • '%APPDATA%\heinote\readmode.exe' -param=J0Z6kgD1zknZAicYsqHVd8fzx6Ss2F5TuzzqeMSgKA6YPU6Xt6zXO0MrAQ45ya2aNIjfr2zLkCy2uObLyM0jXJ5b2Jdy
    • '%APPDATA%\heinote\readmode.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvhUCoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\readmode.exe' -param=UyHMS8M5Tqo1P7by74nKxImB66tWWqsPLcByb/6jqW76ozONW75q9ToNpmuLtbgnjx1EM1+znraeK1YgQbDh
    • '%APPDATA%\heinote\readmode.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVpwoBoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\feedback.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVpwoBoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%APPDATA%\heinote\skinbox.exe' -param=eDLeEO7WpbvmB2m0F4X+sXBg0VxBpcbdDN+BHvdMU+SlooOFbdptBzYiF1YCrj0JiBCL829mAx7u+pEishBKDXYA
    • '%APPDATA%\heinote\hnote.exe' -fix
    • '%APPDATA%\heinote\skinbox.exe' -param=UyHMS8M5Tqo1P7by74nKxImB66tWWqsPLcByb/6jqW76ozONW75q9ToNpmuLtbgnjx1EM1+znraeK1YgQbDh
    • '%APPDATA%\heinote\notepaper.exe' -install
    • '%APPDATA%\heinote\upgrade.exe' -param=2HQ9sxfXzleBicXpT3jVJdvTT+s=
    • '%APPDATA%\heinote\report.exe' -param=dfCYNNpba0T2g3DwxQ==
    • '%TEMP%\kuaizip_setup_2974234250_xiuqi_001.exe'
    • '%APPDATA%\heinote\feedback.exe' -param=J0Z6kgD1zknZAicYsqHVd8fzx6Ss2F5TuzzqeMSgKA6YPU6Xt6zXO0MrAQ45ya2aNIjfr2zLkCy2uObLyM0jXJ5b2Jdy
    • '%APPDATA%\heinote\hnote.exe' -install
    • '%APPDATA%\heinote\hnote.exe' -schedule
    • '%APPDATA%\heinote\feedback.exe' -param=OXVRw+SMTwb/opEpTejFGM43N8gtRLQEoYzVvhUCoeOoTOlh6R5ZEEjGY2Pw7SFHY4mOVvkDvQ3dVjtmjVQ=
    • '%TEMP%\heinote_2974234250_xiuqi_001.exe' -wjm
    • '%APPDATA%\heinote\updateservice.exe'
    • '%APPDATA%\heinote\report.exe'
    • '%APPDATA%\heinote\update.exe' -param=dfCYNNpbbFHijXbhxQ==
    • '%APPDATA%\快压\x86\kuaizip.exe' -instsvr
    • '%APPDATA%\快压\x86\kuaizip.exe' -AssociateAll
    • '%APPDATA%\快压\x86\kzreport.exe'
    • '%APPDATA%\heinote\updateservice.exe' -install
    • '%APPDATA%\heinote\report.exe' ' (with hidden window)
    • '%WINDIR%\syswow64\cmd.exe' /c <Current directory>\_deleteme.bat' (with hidden window)
    • '%APPDATA%\heinote\notepaper.exe' -install' (with hidden window)
    • '%APPDATA%\快压\x86\kzreport.exe' ' (with hidden window)
    • '%APPDATA%\快压\x86\kuaizip.exe' -AssociateAll' (with hidden window)
    • '%WINDIR%\syswow64\regedit.exe' /s "%APPDATA%\Heinote\UserChoise.reg"' (with hidden window)
    • '%WINDIR%\syswow64\cmd.exe' /c del %WINDIR%\SysWOW64\svchost.exe > nul' (with hidden window)
    • '%APPDATA%\heinote\updateservice.exe' -install' (with hidden window)
    • '%APPDATA%\快压\x86\kuaizip.exe' -instsvr' (with hidden window)
    • '%APPDATA%\heinote\hnote.exe' -fix' (with hidden window)
    Executes the following
    • '%WINDIR%\syswow64\svchost.exe'
    • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShellProp.dll
    • '<SYSTEM32>\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShell.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShell.dll
    • '%WINDIR%\syswow64\cmd.exe' /c <Current directory>\_deleteme.bat
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\快压\X86\kuaizipUpdateChecker.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\快压\X64\KuaiZipShellProp.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\快压\X64\KuaiZipShell.dll
    • '%WINDIR%\syswow64\svchost.exe' -k HEINOTEUPDATE
    • '<SYSTEM32>\regsvr32.exe' /s %APPDATA%\快压\X64\KuaiZipShellProp.dll
    • '<SYSTEM32>\regsvr32.exe' /s %APPDATA%\Heinote\HNPreview64.dll
    • '%WINDIR%\syswow64\regedit.exe' /s "%APPDATA%\Heinote\UserChoise.reg"
    • '<SYSTEM32>\regsvr32.exe' /s %APPDATA%\Heinote\HNShell64.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\Heinote\HNShell64.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\Heinote\UserChoise.reg
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\Heinote\hnchecker.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\Heinote\HNPreview64.dll
    • '%WINDIR%\syswow64\regsvr32.exe' /s /u %APPDATA%\Heinote\HNShell64.dll
    • '%WINDIR%\syswow64\cmd.exe' /c del %WINDIR%\SysWOW64\svchost.exe > nul
    • '%WINDIR%\syswow64\regsvr32.exe' /s %APPDATA%\Heinote\HNPreview64.dll
    • '%WINDIR%\syswow64\svchost.exe' -k kuaizipupdatesvc

    Curing recommendations

    1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
    2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
    Free trial

     

    Download Dr.Web

    Download by serial number

    Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

    Free trial

     

    Download Dr.Web

    Download by serial number

    Download on App Store

    After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

    Free trial

     

    Download Dr.Web

    Download by serial number

    1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
    2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
      • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
      • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
      • Switch off your device and turn it on as normal.

    Find out more about Dr.Web for Android

    Free trial

    14 days

    Download now
    Get it on Google Play