Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: f9a3b98b876f3f5926014c9d62a8e702 --

Hashes
MD5: f9a3b98b876f3f5926014c9d62a8e702
SHA1: 834a370eb9b533223c329d17c03d1b6477852abc
SHA256: 599e84800809773f97ee86b7bfa8dad9a24d27d901bfb7ef4620df86f45e70bf
SSDEEP: 6144:CF5QkAdzO+lrCZKKqB6CQnUDuCYZEgp6Gza0Fchvu113+kR0rTRE:O5lvZKJYCQnSGzj4a4S
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Browsers | YRP/Dropper_Strings | YRP/anti_dbg | YRP/create_com_service | YRP/screenshot | YRP/win_registry | YRP/win_files_operation |
Parent Files
03b86ff9156ef616341a0b28e32c415a
Strings
		!This program cannot be run in DOS mode.
LURich
`.rdata
@.data
.pdata
@.rsrc
@.reloc
D$8H9A
H;D$`s
H+D$`H
D$hH9D$ s
H;D$hv
D$PH;H
H;D$Pv
D$@H;H
H;D$8s
H;D$ s
H9D$ s
D$8H9A
@ H9D$8v
H;D$Ps
H+D$PH
D$ H9D$Xs
D$HH9D$@u1H
H;D$Pv
D$@H;H
D$XH9A
H;D$`s
H+t$`H
H;D$Hs
D$HH9A s
H9D$Hs
H;D$`s
H+D$`H
D$hH9D$ s
H;D$hv
D$PH;H
H;D$(s
D$`H9H w!3
H9D$8r!H
CH;D$8w
H9D$8r
H;D$8w
D$XH9A
H;D$`s
H+t$`H
H;D$(s
D$`H9H w!3
H;D$Hs
D$HH9A s
H9D$Hs
H;D$Ps
H+D$PH
D$ H9D$Xs
D$HH9D$@u1H
D$HH9A
D$HH9A t6H
D$HH9A
D$HH9A t6H
H9D$8w
H9D$`s
H9D$`s
H9D$ u
H9D$8w
H;D$Hw
H;D$Hw
(HcT$8D
D$X9D$$
D$(HcT$$
HcL$$H
H9D$8r
D$XH9A
H;D$`s
D$pH9D$`s
D$pH9D$`s
D$pH9D$`u
H;H8wGH
H9D$8u$H
H9D$8u$H
D$ H9D$0
H9D$0u
H9D$Hu
H9D$Hu
H9D$Hu
H9D$Hu
3333333
D$(H9D$ t%H
WATAUH
fD; tqH
fD;(u\H
fD;)u	
fD; t{fD
 A]A\_
UVWATAUAVAWH
f;1uDD:
H97t2H
A_A^A]A\_^]
SVWATAUAVAWH
`A_A^A]A\_^[
@SVWATAUAVAW
D$xH9D$ptFH
A_A^A]A\_^[
9T$ptYH
us9T$ttmH
l$h9T$ptTf
H9;u%L
@SUVWATAUAV
A^A]A\_^][
SVWATAUAVAWH
0A_A^A]A\_^[
D$xH9D$pt
D$xH9D$pt
UVWATAUH
A]A\_^]
L+\$0I
@UVWATAU
A]A\_^]
WATAUH
 A]A\_
f9D$HrA
WATAUH
 A]A\_
x ATAUAVH
 A^A]A\
WATAUH
 A]A\_
WATAUAVAWH
A_A^A]A\_
VWATAUAVAWH
L$0I!t$(
HA_A^A]A\_^
SVWATAUH
0A]A\_^[
t$ WATAUAVAWH
H9q(u	
t}H9s(tbA
 A_A^A]A\_
SVWATAUH
@A]A\_^[
f9)t&H
!\$@H!\$0H
\$0!D$@3
@SUVWATAUAVH
A^A]A\_^][
l$ VWATAUAWH
D9#tjH
t+D9+u
D9d$`u
D9d$`u
A_A]A\_^
WATAUH
H9^ u0H
 A]A\_
WATAUAVAWH
 A_A^A]A\_
UVWATAUH
w-H9S t'A
`A]A\_^]
VWATAUAVH
w.H9S t(A
A^A]A\_^
t$ WATAUAVAWH
VUUUHc
 A_A^A]A\_
|$@mu*
VWATAUAVH
A^A]A\_^
Af99u,M
WATAUAVAWH
D$pL9g
 A_A^A]A\_
x ATAUAVH
0A^A]A\
d$ AUH
s WATAUH
D$(H!|$ L
f;l$ u
gfffffffH+OxH
UVWATAUAVAWH
gfffffffH
H;|$8t
(H;|$8u
D$<!|$@!|$DD
gfffffffH
H;|$8t
(H;|$8u
A_A^A]A\_^]
H9D$htJH
WATAUAVAWH
gfffffffE
 A_A^A]A\_
UVWATAUAVAWH
gfffffffI
gfffffffH
gfffffff
A_A^A]A\_^]
gfffffffH
UVWATAUH
A]A\_^]
UVWATAUAVAWH
gfffffffH
gfffffffH
D9|$ t
A_A^A]A\_^]
SUVWATAUAVAWH
gfffffffI
gfffffffA
gfffffffH
XA_A^A]A\_^][
@UVWATAUAVAW
gfffffffH
FxL9h r
gfffffffH
NPH+NHH
NPH+NHH
L9l$pr
gfffffffH
FxL9h r
L9l$Hr
gfffffffH
FxL9h r
gfffffffH
FxL9h r
A_A^A]A\_^]
UVWATAUAVAWH
gfffffffH
gfffffffH
A_A^A]A\_^]
gfffffffH
NPH+NHH
gfffffffH
WATAUAVAWH
gfffffffE3
gfffffffI
gfffffffH
D9|$8t)H
D9|$(u)H
gfffffffH
gfffffff
gfffffffA
A_A^A]A\_
gfffffffH+
x ATAUAVH
 A^A]A\
gfffffffL+A
x ATAUAVH
H;D$0t
H+l$8H
D$0H9\$(t)H
H;D$0t
\$(H+\$8H
@A^A]A\
t$(H9s
D$ H;{ v
t$(H9s
D$ H;{ v
gfffffffL+
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
p WATAUH
\$8H9_
@A]A\_
WATAUH
,H;q v
0A]A\_
WATAUH
,H;q v
0A]A\_
D$ H;{ v
gfffffffH
@SVWATAUAVAWH
gfffffff
I(I+L$
gfffffffI
fffffff
L$ I+M
A_A^A]A\_^[
x ATAUAVH
gfffffffM
=L;a v
0A^A]A\
gfffffffM;
T$p9L$h
UVWATAUAVAWH
A_A^A]A\_^]
SVWATAUAVAWH
A_A^A]A\_^[
WATAUH
,H;q v
0A]A\_
\$`fD9\$Hv
D$bf9D$Jv
L$ff9L$N
UVWATAUH
A]A\_^]
SVWATAUH
0A]A\_^[
x:;^Xu
WATAUAVAWH
A_A^A]A\_
t$ WATAUAVAWH
 A_A^A]A\_
p WATAUH
 A]A\_
WATAUH
A;9~	I
 A]A\_
SVWATH
8A\_^[
@UAUAVH
H!|$ E3
ATAUAVH
 A^A]A\
@UAUAVH
H!\$ E3
WATAUH
0A]A\_
\$0E9c
D8d$Ht
fffffff
fffffff
@8l$Ht
@8l$Ht
H!\$ E3
t$ WATAUAVAWH
0A_A^A]A\_
WATAUH
GfD9.u"
@A]A\_
UVWATAUAVAWH
;:u+H;
0A_A^A]A\_^]
AUAVAWH
0A_A^A]
WATAUAVAWH
@A_A^A]A\_
l$ AVH
LcA<E3
SVWATAUAVAWH
0A_A^A]A\_^[
WATAUAVAWH
 A_A^A]A\_
@SWATAUAVAWH
L!t$HL!t$@
D$PL9wXt(
D$8HcH
A_A^A]A\_[
ATAUAVH
0A^A]A\
VWATAUAVH
A^A]A\_^
UVWATAUAVAWH
pA_A^A]A\_^]
UVWATAUAVAWH
G0Hc	H
A_A^A]A\_^]
WATAVH
@A^A\_
UVWATAUH
D$&8\$&t-8X
@A]A\_^]
@8l$Ht
WATAUH
 A]A\_
UVWATAUAVAWH
l$H~.A
A_A^A]A\_^]
UVWATAUAVAWH
T$@fE;
l$H~.A
A_A^A]A\_^]
~gHcD$PH
HcD$hH
9D$`t!H
HcD$PHc
SVWATAUAVAWH
fD95k!
PA_A^A]A\_^[
p WATAUH
x ATAUAWH
D8l$Ht
D8l$Ht
D8l$Ht
A_A]A\
@SVWATH
` AUAVAWH
D8t$Ht
D8t$Ht
7D8t$H
gfffffffH
A_A^A]
@8|$Ht
@8t$Ht
@SVWATH
xA\_^[
@SUVWATH
A\_^][
WATAUH
0A]A\_
\$ UVWATAUAVAW
H!|$ E3
|$@9l$L
f;D$Dux
H!\$ H
HcD$HH;
H!\$ H
HcD$HH;
H!|$ L
A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
t$ WATAUAVAWH
0A_A^A]A\_
` AUAVAWH
fD9|$b
A_A^A]
x ATAUAVH
< tG<	tC
 A^A]A\
Hct$@H
s\HcL$HH
@UATAUAVAWH
e A_A^A]A\]
x ATAUAVH
@8|$Ht
A^A]A\
UVWATAUAVAWH
D$DD9T$X
l$h+t$D+
9D$Ptu;
A_A^A]A\_^]
UVWATAUAVAWH
D$DD9T$X
l$h+t$D+
9D$Ptu;
A_A^A]A\_^]
H!|$ E3
WATAUAVAWH
0A_A^A]A\_
x ATAUAVH
H!\$ E3
0A^A]A\
WATAUAVAWH
H!t$ E3
A_A^A]A\_
VWATAUAVH
@A^A]A\_^
L$ UATAUAVAWH
A_A^A]A\]
WATAUAVAWH
0A_A^A]A\_
l$ VWATH
x9\$ ~?H
\$0A9k
@8l$Ht
@8l$Ht
D$x8L$Xt
AUAVAWH
@A_A^A]
L$@tfH
UVWATAUAVAWH
8@8|$Hu!@
A_A^A]A\_^]
@USVWATAUAVAWH
eHA_A^A]A\_^[]
L$ UVWH
\$@A9k
@8l$Xt
SUVWATAUAVAWH
HcT$0;
u{9|$0tuL
XA_A^A]A\_^][
WATAUAVAWH
0A_A^A]A\_
SVWATAUAVAWH
@A_A^A]A\_^[
SVWATAUAVAWH
@A_A^A]A\_^[
UVWATAUAVAWH
`9\$8u
fD92r&H
\$PfD3
\$TfE#
\$XfA;
\$VfA;
A_A^A]A\_^]
UVWATAUAVAWH
l$XfD9u
d$`fA#
|$2fA;
d$ffA;
d$dfD3
d$hfE#
fD9l$0
L$x};A
A_A^A]A\_^]
fD9l$0
x ATAUAWH
 A_A]A\
@USVWATAUAVAWH
e8A_A^A]A\_^[]
UVWATAUAVAWH
t9L9-AL
0A_A^A]A\_^]
@8t$Ht
@8t$Ht
@8t$Ht
d< sFL
H;E0u3H
tl<>tmH
$<&u9L
$<&u!L
PA8l$PuGA
t&</t"<>t
H SVWATH
8A\_^[
\$ UVWATAUAVAWH
0A_A^A]A\_^]
|$ ATH
VWATAUAWH
0A_A]A\_^
UVWATAUAVAWH
8@8|$Lu!@
A_A^A]A\_^]
@8l$Ht
@8l$Ht
@8l$Ht
\$8A9k
@8l$Ht
@8l$Ht
D$h9D$0}GH
~UHcT$`H
HcT$pH
]hH;]`t,3
(H;]`u
](H;] t,3
(H;] u
SUVWATAUH
eH9]4~EH
8A]A\_^][
]PH;]`t(H
]XH;]Pt(H
SUVWATAUH
8A]A\_^][
H(H9J(u
bad allocation
RegDeleteKeyExW
IDS_QZIP_TITLE
IDS_ARCH_FILE
..\X86\
kzipshell.run
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj2
KzShlobj2
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3}
DisplayName
SYSTEM\CurrentControlSet\services\KuaiZipDrive2
-InstallDriver
KZMount2.exe
KZReport.exe
Update.exe
UpdateChecker.exe
-fixassoc
KuaiZip.exe
FUnRegisterTypeLibForUser
RegisterTypeLibForUser
bad allocation
QueryInterface
GetFactory
IDS_OPEN_WITH_KUAIYA
IDS_EXTRACT
IDS_EXTRACT_HERE
IDS_EXTRACT_TO2
IDS_SMART_EXTRACT
IDS_SMART_EXTRACT_MORE
IDS_ADD_TO_NEW
IDS_SCOMPEMAIL
IDS_SCOMPTO
IDS_SEMIL
IDS_TEST_ARCHIVE
IDS_RAPIDSHARE
IDS_MOUNT_TO_NEW_DRIVE
IDS_QUICK_MOUNT
IDS_UNMOUNT
IDS_UNMOUNT
IDS_ADD_TO_DEST
IDS_QZIP_TITLE
IDS_QZIP_TITLE
Shell.CM_NEWCONFG_STRART
Shell.CM_SENDTO_EVERBOX
Shell.CM_ATTACH_UNMOUNT
Shell.CM_EJECT_IMG
Shell.CM_INSERT_IMG
Shell.CM_UNMOUNT
Shell.CM_QUICK_MOUNT
Shell.CM_MOUNT_TO
Shell.CM_MOUNT_TO_NEW_DRIVE
Shell.CM_COMPRESS_ZIP_ARC
Shell.CM_CONVERT_TO_MOU
Shell.CM_TEST_ARCHIVE
Shell.CM_COMPRESS_EMAIL
Shell.CM_COMPRESS_FILE_EMAIL
Shell.CM_COMPRESS_DESTFMT
Shell.CM_COMPRESS_TO
Shell.CM_SMART_EXTRACT
Shell.CM_EXTRACT_TO_FOLDER
Shell.CM_EXTRACT_HERE
Shell.CM_EXTRACT_TO
Shell.CM_BROWSE_ARCHIVE
KZMount2.exe
bad allocation
string too long
invalid string position
Unknown exception
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
bad exception
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
(null)
`h````
xpxxxx
`h`hhh
xppwpp
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
1#QNAN
1#SNAN
CONOUT$
<!--%s-->
standalone="%s" 
encoding="%s" 
version="%s" 
<?xml 
&#x%02X;
%s="%s"
%s='%s'
<![CDATA[
standalone="
encoding="
version="
&apos;
&quot;
standalone
encoding
version
Error parsing CDATA.
Error null (0) or unexpected EOF found in input stream.
Error document empty.
Error parsing Declaration.
Error parsing Comment.
Error parsing Unknown.
Error reading end tag.
Error: empty tag.
Error reading Attributes.
Error reading Element value.
Failed to read Element name
Error parsing Element.
Memory allocation failed.
Failed to open file
No error
UTF-16LE
UNICODE
bad allocation
language
Software\Kuaizip2
\language\
language
Software\Kuaizip2
language\
bad allocation
bad allocation
ADVAPI32.DLL
RegDeleteKeyExA
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
(UNKNOWN)
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
Error. Filename is null.
Error. Open failed. %s
Error. Buffer is null.
Error. Open write failed.
Software\KuaiZip2\Install
Software\KuaiZip2\Install
InstallDate
Software\KuaiZip2\Install
Version
Software\KuaiZip2\Install
InstallCount
Software\KuaiZip2\Install
Software\KuaiZip2\Install
\X86\KuaiZip.exe
%04d/%02d/%02d %02d:%02d:%02d.%03d
%04d/%02d/%02d
%02d:%02d:%02d.%03d
WorkerW
chrome.exe
firefox.exe
iexplore.exe
360chrome.exe
sogouexplorer.exe
qqbrowser.exe
liebao.exe
baidubrowser.exe
2345chrome.exe
Juzi.exe
theworld.exe
360SE.exe
safari.exe
maxthon.exe
opera.exe
rccb.exe
bad allocation
Software\KuaiZip2\Report\offline\
/kuaizipreport/online?code=
online
/kuaizipreport/install?code=
install
/kuaizipreport/uninstall?code=
uninstall
/kuaizipreport/updateinstall?code=
install
/kuaizipreport/active?code=
active
userclick.
/kuaizipreport/userclick?code=
/kuaizipreport/fileoperate?code=
fileoperate.
/kuaizipreport/kunbang?code=
/kuaizipreport/kunbang?code=
/kuaizipreport/stat?code=
vector<T> too long
map/set<T> too long
invalid map/set<T> iterator
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
LockResource
FindResourceExW
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcatW
lstrcpyW
lstrcmpW
CloseHandle
TerminateThread
EnterCriticalSection
LeaveCriticalSection
ResumeThread
CreateThread
SetThreadLocale
GetThreadLocale
GetVersion
lstrcpynW
LocalFree
WideCharToMultiByte
GetFileAttributesW
GetTickCount
SetFilePointer
ReadFile
CreateFileW
CreateEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
SetEvent
WaitForSingleObject
GlobalUnlock
GlobalLock
GetDriveTypeW
LoadLibraryW
GetTempFileNameW
CreateDirectoryW
GetTempPathW
GetLocalTime
OutputDebugStringW
KERNEL32.dll
CharNextW
wsprintfW
CharLowerW
CharLowerBuffW
LoadBitmapW
LoadImageW
ReleaseDC
SetMenuItemInfoW
DestroyIcon
SetMenuItemBitmaps
InsertMenuItemW
InsertMenuW
CreateMenu
USER32.dll
SetBitmapBits
GetBitmapBits
GetObjectW
DeleteObject
CreateDIBSection
GDI32.dll
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegQueryValueW
RegSetValueW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
ADVAPI32.dll
ShellExecuteExW
SHGetPathFromIDListW
DragQueryFileW
SHELL32.dll
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
ReleaseStgMedium
ole32.dll
OLEAUT32.dll
PathFindFileNameW
PathAppendW
PathCombineW
PathFileExistsW
PathRemoveFileSpecW
StrCmpNIW
PathFindExtensionW
PathRemoveBackslashW
PathRenameExtensionW
SHLWAPI.dll
timeKillEvent
timeSetEvent
WINMM.dll
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetModuleFileNameA
GetModuleHandleExA
TerminateProcess
GetNativeSystemInfo
LoadLibraryA
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
ExitProcess
WriteFile
GetStdHandle
HeapSetInformation
HeapCreate
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
ShellExecuteA
PathFindFileNameA
KZipShell.DLL
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
.?AVCAtlException@ATL@@
.?AV?$CComObject@VCContextMenuExt@@@ATL@@
.?AVCContextMenuExt@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AVCComObjectRootBase@ATL@@
.?AV?$CComCoClass@VCContextMenuExt@@$1?CLSID_ContextMenuExt@@3U_GUID@@B@ATL@@
.?AUIContextMenuExt@@
.?AUIUnknown@@
.?AUIShellExtInit@@
.?AUIContextMenu@@
.?AVCRegObject@ATL@@
.?AUIRegistrarBase@@
.?AVCComClassFactory@ATL@@
.?AUIClassFactory@@
.?AV?$CComObjectRootEx@VCComMultiThreadModel@ATL@@@ATL@@
.?AVCQZipShellModule@@
.?AV?$CAtlDllModuleT@VCQZipShellModule@@@ATL@@
.?AV?$CAtlModuleT@VCQZipShellModule@@@ATL@@
.?AVCAtlModule@ATL@@
.?AU_ATL_MODULE70@ATL@@
.?AV?$CComObjectCached@VCComClassFactory@ATL@@@ATL@@
.?AV?$CComObject@VCKzShlobj@@@ATL@@
.?AVCKzShlobj@@
.?AV?$CComCoClass@VCKzShlobj@@$1?CLSID_KzShlobj@@3U_GUID@@B@ATL@@
.?AV?$IDispatchImpl@UIKzShlobj@@$1?IID_IKzShlobj@@3U_GUID@@B$1?LIBID_QZipShellLib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AUIKzShlobj@@
.?AUIDispatch@@
.?AUIShellIconOverlayIdentifier@@
.?AV?$CComContainedObject@VCKzShlobj@@@ATL@@
.?AV?$CComAggObject@VCKzShlobj@@@ATL@@
.?AV?$CComObject@VCDragDropMenu@@@ATL@@
.?AVCDragDropMenu@@
.?AV?$CComCoClass@VCDragDropMenu@@$1?CLSID_DragDropMenu@@3U_GUID@@B@ATL@@
.?AUIDragDropMenu@@
.?AVCExplorerMenu@@
.?AV?$CComObject@VCKYDropHandler@@@ATL@@
.?AVCKYDropHandler@@
.?AV?$CComCoClass@VCKYDropHandler@@$1?CLSID_KYDropHandler@@3U_GUID@@B@ATL@@
.?AUIKYDropHandler@@
.?AUIPersistFile@@
.?AUIPersist@@
.?AUIDropTarget@@
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVTiXmlAttribute@@
.?AVTiXmlComment@@
.?AVTiXmlDeclaration@@
.?AVTiXmlText@@
.?AVTiXmlUnknown@@
.?AVTiXmlElement@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
.?AVTiXmlBase@@
.?AVTiXmlNode@@
.?AVTiXmlDocument@@
.?AVout_of_range@std@@
	NoRemove AppID
		'%APPID%' = s 'QZipShell2'
		'QZipShell2.DLL'
			val AppID = s '%APPID%'
PADHKCR
	QZipShell2.ContextMenuExt.1 = s 'ContextMenuExt Class'
		CLSID = s '{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F}'
	QZipShell2.ContextMenuExt = s 'ContextMenuExt Class'
		CLSID = s '{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F}'
		CurVer = s 'QZipShell2.ContextMenuExt.1'
	NoRemove CLSID
		ForceRemove {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F} = s 'ContextMenuExt Class'
			ProgID = s 'QZipShell2.ContextMenuExt.1'
			VersionIndependentProgID = s 'QZipShell2.ContextMenuExt'
			InprocServer32 = s '%MODULE%'
				val ThreadingModel = s 'Apartment'
			'TypeLib' = s '{86C4C3BA-4EA4-4CF8-98B9-6B07B477B836}'
    NoRemove *
        NoRemove ShellEx
        {
            NoRemove ContextMenuHandlers
            {
                ForceRemove KZipShell2Ext = s '{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F}'
            }
        }
    }	
    NoRemove lnkfile
        NoRemove ShellEx
        {
            NoRemove ContextMenuHandlers
            {
                ForceRemove KZipShell2Ext = s '{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F}'
            }
        }
    }	
	QZipShell2.DragDropMenu.1 = s 'DragDropMenu Class'
		CLSID = s '{3DCCD550-7586-40D2-A51D-D2F98EC06B3D}'
	QZipShell2.DragDropMenu = s 'DragDropMenu Class'
		CLSID = s '{3DCCD550-7586-40D2-A51D-D2F98EC06B3D}'
		CurVer = s 'QZipShell2.DragDropMenu.1'
	NoRemove CLSID
		ForceRemove {3DCCD550-7586-40D2-A51D-D2F98EC06B3D} = s 'DragDropMenu Class'
			ProgID = s 'QZipShell2.DragDropMenu.1'
			VersionIndependentProgID = s 'QZipShell2.DragDropMenu'
			InprocServer32 = s '%MODULE%'
				val ThreadingModel = s 'Apartment'
			'TypeLib' = s '{86C4C3BA-4EA4-4CF8-98B9-6B07B477B836}'
	NoRemove Directory
		NoRemove shellex
			NoRemove DragDropHandlers
				ForceRemove HardLink2ShlExt = s '{3DCCD550-7586-40D2-A51D-D2F98EC06B3D}'
	NoRemove Folder
		NoRemove shellex
			NoRemove DragDropHandlers
				ForceRemove HardLink2ShlExt = s '{3DCCD550-7586-40D2-A51D-D2F98EC06B3D}'
	NoRemove Drive
		NoRemove shellex
			NoRemove DragDropHandlers
				ForceRemove HardLink2ShlExt = s '{3DCCD550-7586-40D2-A51D-D2F98EC06B3D}'
PADHKCR
	QZipShell2.PropertyExt.1 = s 'PropertyExt Class'
		CLSID = s '{2FB831EA-DA68-4A66-8E31-A2D976A6296D}'
	QZipShell2.PropertyExt = s 'PropertyExt Class'
		CLSID = s '{2FB831EA-DA68-4A66-8E31-A2D976A6296D}'
		CurVer = s 'QZipShell2.PropertyExt.1'
	NoRemove CLSID
		ForceRemove {2FB831EA-DA68-4A66-8E31-A2D976A6296D} = s 'PropertyExt Class'
			ProgID = s 'QZipShell2.PropertyExt.1'
			VersionIndependentProgID = s 'QZipShell2.PropertyExt'
			InprocServer32 = s '%MODULE%'
				val ThreadingModel = s 'Apartment'
			'TypeLib' = s '{86C4C3BA-4EA4-4CF8-98B9-6B07B477B836}'
	NoRemove *
		NoRemove shellex
			NoRemove PropertySheetHandlers
				{2FB831EA-DA68-4A66-8E31-A2D976A6296D}
	QZipShell2.KYDropHandler.1 = s 'KYDropHandler Class'
		CLSID = s '{C9487131-EF4C-40D9-BA70-E85356CAF67F}'
	QZipShell2.KYDropHandler = s 'KYDropHandler Class'
		CLSID = s '{C9487131-EF4C-40D9-BA70-E85356CAF67F}'
		CurVer = s 'QZipShell2.KYDropHandler.1'
	NoRemove CLSID
		ForceRemove {C9487131-EF4C-40D9-BA70-E85356CAF67F} = s 'KYDropHandler Class'
			ProgID = s 'QZipShell2.KYDropHandler.1'
			VersionIndependentProgID = s 'QZipShell2.KYDropHandler'
			InprocServer32 = s '%MODULE%'
				val ThreadingModel = s 'Apartment'
			'TypeLib' = s '{86C4C3BA-4EA4-4CF8-98B9-6B07B477B836}'
	NoRemove KuaiZip.kz
		shellex
			DropHandler = s '{C9487131-EF4C-40D9-BA70-E85356CAF67F}'
	NoRemove KuaiZip.zip
		shellex
			DropHandler = s '{C9487131-EF4C-40D9-BA70-E85356CAF67F}'
PAHKCR
	QZipShell2.KzShlobj.1 = s 'KzShlobj Class'
		CLSID = s '{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3}'
	QZipShell2.KzShlobj = s 'KzShlobj Class'
		CLSID = s '{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3}'
		CurVer = s 'QZipShell2.KzShlobj.1'
	NoRemove CLSID
		ForceRemove {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} = s 'KzShlobj Class'
			ProgID = s 'QZipShell2.KzShlobj.1'
			VersionIndependentProgID = s 'QZipShell2.KzShlobj'
			ForceRemove 'Programmable'
			InprocServer32 = s '%MODULE%'
				val ThreadingModel = s 'Apartment'
			'TypeLib' = s '{86C4C3BA-4EA4-4CF8-98B9-6B07B477B836}'
  SOFTWARE
    Microsoft
       Windows
      {
        CurrentVersion
        {
          Explorer
          {
            ShellIconOverlayIdentifiers
            {
             ForceRemove KzShlobj2 = s '{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3}'       
            }
          }
        }
      }
stdole2.tlbWWW
QZipShellLib
ContextMenuExtWWd
^IContextMenuExtW
DragDropMenu,
IDragDropMenuWWW
PropertyExtW
VIPropertyExtX
8N)KYDropHandlerWWW
IKYDropHandlerWW 
KzShlobj
qIKzShlobjWWW
QZipShell22 1.0 Type LibraryWW
ContextMenuExt ClassWW
IContextMenuExt InterfaceW
DragDropMenu Class
IDragDropMenu InterfaceWWW
PropertyExt ClassW
IPropertyExt Interface
KYDropHandler ClassWWW
IKYDropHandler InterfaceWW
KzShlobj Class
IKzShlobj 
Created by MIDL version 7.00.0500 at Tue Jul 26 11:09:33 2016
H~ZVU"
Wg~a$?
k|0sH6=?
^Rt"zo
J}?`Gu
F|yq&m
nz}v?re
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="amd64" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
WoSign CA Limited1'0%
WoSign Class 3 Code Signing CA0
160713091251Z
170713091251Z0
Shanghai1
Shanghai1604
-Shanghai Guangle Network Technology Co., Ltd.1604
-Shanghai Guangle Network Technology Co., Ltd.0
Ph!\i@N.
'http://ocsp1.wosign.com/class3/code/ca106
*http://aia1.wosign.com/class3.code.ca1.cer07
&http://crls1.wosign.com/ca1-code-3.crl0O
http://www.wosign.com/policy/0
WoSign CA Limited1*0(
!Certification Authority of WoSign0
090808010005Z
240808010005Z0O1
WoSign CA Limited1$0"
WoSign Time Stamping Signer0
dS`Q4H
http://crls1.wosign.com/ca1.crl0g
http://ocsp1.wosign.com/ca10.
"http://aia1.wosign.com/ca1-tsa.cer0
=].'KF
WoSign CA Limited1*0(
!Certification Authority of WoSign0
090808010005Z
240808010005Z0R1
WoSign CA Limited1'0%
WoSign Class 3 Code Signing CA0
%DEe3F
http://crls1.wosign.com/ca1.crl0o
http://ocsp1.wosign.com/ca106
*http://aia1.wosign.com/ca1-class3-code.cer0
http://www.wosign.com/policy/0
cbf^W	
>'H7G^
WoSign CA Limited1'0%
WoSign Class 3 Code Signing CA
WoSign CA Limited1*0(
!Certification Authority of WoSign
160727063502Z0#
c!r{3kwI