Analysis Date2014-11-21 10:47:01
MD58e550cd03a262aafefaa0f2fb83d5435
SHA175839ca8900e8ffb725f8a2eac63a5be89c8a98c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f4b02fc847685f3326ab134cc702887c sha1: 738393f026a55937bda596767ca21416fce047b6 size: 638976
Section.rdata md5: c2b6f204944b0e45f4d1039aa9daaf3a sha1: 8c7c3ec7385c80f713d8afdd3b8f6b72ee86b1a0 size: 192512
Section.data md5: a1743a1ba8eb414ca0aa36883e3e0255 sha1: fee7958b447cbd326c7a73ab144131efba357bee size: 65536
Section.rsrc md5: 6eb5f502aac095298a6839c58c724ed2 sha1: 4586a642f9cea86544aca1334ee6760d2719ee4e size: 126976
Timestamp2012-07-13 13:43:08
VersionLegalCopyright: 作者版权所有 请尊重并使用正版
FileVersion: 1.0.0.0
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
ProductName: 易语言程序
ProductVersion: 1.0.0.0
FileDescription: 易语言程序
PEhash41bae9b32319e390ed7a75bc6690d2dac88ff106
IMPhash5f916c863f48452eb54d343f60d52841
AV360 SafeGen:Variant.Symmi.37202
AVAd-AwareGen:Variant.Symmi.37202
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Heur.W32
AVAuthentiumW32/A-8128ee96!Eldorado
AVAvira (antivir)TR/Symmi.1028096.1
AVBullGuardGen:Variant.Symmi.37202
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Symmi.37202
AVEset (nod32)no_virus
AVFortinetW32/Flyagent!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Symmi.37202
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVK7Trojan ( 0040f54a1 )
AVKasperskyno_virus
AVMalwareBytesSpyware.OnlineGames
AVMcafeeFlyagent
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Symmi.37202
AVRisingPacker.Win32.Agent.f
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.myrainbow.cn

Network Details:

DNSwww.ok8seo.com
Type: A
185.53.179.6
DNSdnspod-free.mydnspod.net
Type: A
119.28.48.229
DNSdnspod-free.mydnspod.net
Type: A
119.28.48.228
DNSwww.myrainbow.cn
Type: A
HTTP GEThttp://www.ok8seo.com/yanzheng.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://www.myrainbow.cn/Member/Register.do?returnUrl=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1033 ➝ 185.53.179.6:80
Flows TCP192.168.1.1:1034 ➝ 119.28.48.229:80

Raw Pcap
0x00000000 (00000)   47455420 2f79616e 7a68656e 672e6874   GET /yanzheng.ht
0x00000010 (00016)   6d6c2048 5454502f 312e310d 0a557365   ml HTTP/1.1..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   3b204d53 49452036 2e303b20 57696e64   ; MSIE 6.0; Wind
0x00000050 (00080)   6f777320 4e542035 2e30290d 0a416363   ows NT 5.0)..Acc
0x00000060 (00096)   6570743a 202a2f2a 0d0a486f 73743a20   ept: */*..Host: 
0x00000070 (00112)   7777772e 6f6b3873 656f2e63 6f6d0d0a   www.ok8seo.com..
0x00000080 (00128)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x00000090 (00144)   6f2d6361 6368650d 0a0d0a              o-cache....

0x00000000 (00000)   47455420 2f4d656d 6265722f 52656769   GET /Member/Regi
0x00000010 (00016)   73746572 2e646f3f 72657475 726e5572   ster.do?returnUr
0x00000020 (00032)   6c3d2048 5454502f 312e310d 0a416363   l= HTTP/1.1..Acc
0x00000030 (00048)   6570743a 202a2f2a 0d0a4163 63657074   ept: */*..Accept
0x00000040 (00064)   2d4c616e 67756167 653a2065 6e2d7573   -Language: en-us
0x00000050 (00080)   0d0a4163 63657074 2d456e63 6f64696e   ..Accept-Encodin
0x00000060 (00096)   673a2067 7a69702c 20646566 6c617465   g: gzip, deflate
0x00000070 (00112)   0d0a5573 65722d41 67656e74 3a204d6f   ..User-Agent: Mo
0x00000080 (00128)   7a696c6c 612f342e 30202863 6f6d7061   zilla/4.0 (compa
0x00000090 (00144)   7469626c 653b204d 53494520 362e303b   tible; MSIE 6.0;
0x000000a0 (00160)   2057696e 646f7773 204e5420 352e313b    Windows NT 5.1;
0x000000b0 (00176)   20535631 3b202e4e 45542043 4c522032    SV1; .NET CLR 2
0x000000c0 (00192)   2e302e35 30373237 290d0a48 6f73743a   .0.50727)..Host:
0x000000d0 (00208)   20777777 2e6d7972 61696e62 6f772e63    www.myrainbow.c
0x000000e0 (00224)   6e0d0a43 6f6e6e65 6374696f 6e3a204b   n..Connection: K
0x000000f0 (00240)   6565702d 416c6976 650d0a0d 0a         eep-Alive....


Strings

 ......
 (*.*)
080404B0
 %1 
1.0.0.0
	1uM
(&C)
Comments
	Ctrl+
	Ctrl+D
	Ctrl+End
	Ctrl+G
	Ctrl+Home
	Ctrl+N
	Ctrl+PageDown
	Ctrl+PageUp
	&D.
DEFAULT_ICON
 DLL 
(&E)
FileDescription
FileVersion
(&H)
(http://www.eyuyan.com)
(&I)
IEXT2_IDC_HORZLINEMOVECURSOR
IEXT2_IDC_VERTLINEMOVECURSOR
IEXT2_IDR_WAVE1
 INI 
LegalCopyright
msctls_progress32
msctls_updown32
MS Shell Dlg
(&N)
(null)
(&O)
(&P)
	PageDown
	PageUp
ProductName
ProductVersion
Progress1
 %s 
(&S)
	Shift+Tab
Spin1
StringFileInfo
(&T)
	Tab/Enter
TEXTINCLUDE
Translation
VarFileInfo
VS_VERSION_INFO
WAVE
000?555E
&000?555E555E...<
''0c!n
0dk:ghV
0GI'F/
&0n nQ
!0r>B)
0R>\W[
]12';.
1#QNAN
1#SNAN
\1.s+p.#
1uEoS4
1<>Uf`]
/1Uw:o
1W7U,bbD
%2\CLSID
%2\DocObject
%2\Insertable
2\<oS.
%2\protocol\StdFileEditing\server
%2\protocol\StdFileEditing\verb\0
2SVBq6H[
3///{{{{
3WIF9_
/]4'F-
\4'F-0
<]4'F6
\4'F-7
\4&G-0
]4&L[{
\4&L[{
%4[qS-
4sOvUX
4;%$VY
4W.=*]
	4W.<0]vU=
4>W.<W]
|?5^<@
5014D8FA6DCA40b68FA626D8183666EB
]5&C11
\5'FU2
5<<Wm=s]
6D$]FS,
6GV'C01Xxb
6s'VH"
707ca37322474f6ca841f0e224f4b620
7_En,MH
7F54B9CE8887428dBA9CEEB94CEF4C72
7'F]pK
7<l0P{
8$'0n n
]{8n n
8n n08X
8n nk\X
<8#VP=
8W.<	(VH
8:]z`9
%9, %8
\9QkVn
A512548E76954B6E92C21055517615B0
abnormal program termination
action
AdjustWindowRectEx
advapi32.dll
ADVAPI32.dll
AF6AD80AA4244A59AFB3D83ECF5173CC
afterBegin
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
Afx:%x:%x
Afx:%x:%x:%x:%x:%x
alG[uSE
amsOZK
AppendMenuA
August
B+1'F/
backgroundColor
; BACKGROUND-COLOR: #
BeginPaint
BeginPath
BitBlt
BKbhTb~XBK!;
border
<B style='COLOR: #
BSV>q6D[
button
Button
BUTTON
button|submit|reset
~%C+1S>
%C+1S,
&C+1Xxb
%C+1Xxb
C+1Xxb
CallNextHookEx
CallWindowProcA
CArchiveException
CBitmap
CBrush
CButton
CByteArray
				CCCP
CClientDC
CCmdTarget
CColorDialog
CComboBox
CCriticalSection
CDialog
CDWordArray
CException
CFileDialog
CFileException
CGdiObject
cG|H'/
character
CharNextA
charset
CharUpperA
checkbox
checked
CheckMenuItem
ChildWindowFromPointEx
ChooseColorA
CImageList
ck(WSbpS
className
ClientToScreen
CloseClipboard
CloseHandle
ClosePrinter
CLSID\%1
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultExtension
CLSID\%1\DefaultIcon
CLSID\%1\DocObject
CLSID\%1\InprocHandler32
CLSID\%1\InProcServer32
CLSID\%1\Insertable
CLSID\%1\LocalServer32
CLSID\%1\MiscStatus
CLSID\%1\Printable
CLSID\%1\ProgID
CLSID\%1\Verb\0
CLSID\%1\Verb\1
CLSIDFromProgID
CLSIDFromString
CMapPtrToPtr
CMapStringToPtr
CMemFile
CMemoryException
CNotSupportedException
CObject
CoFreeUnusedLibraries
CoGetClassObject
CoInitialize
COleBusyDialog
COleDialog
COleDispatchException
COleException
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
commdlg_ColorOK
commdlg_FileNameOK
commdlg_help
commdlg_LBSelChangedNotify
commdlg_SetRGBColor
commdlg_ShareViolation
ComObject
CompareStringA
CompareStringW
CopyAcceleratorTableA
CopyRect
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CPaintDC
CPalette
CProgressCtrl
CPtrArray
CPtrList
CreateAcceleratorTableA
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
createControlRange
CreateDCA
CreateDialogIndirectParamA
CreateDIBitmap
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateEventA
CreateFileA
CreateFontIndirectA
CreateIconFromResource
CreateIconFromResourceEx
CreateILockBytesOnHGlobal
CreateMenu
CreatePalette
CreatePen
CreatePolygonRgn
createPopup
CreatePopupMenu
CreateProcessA
createRange
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSemaphoreA
CreateSolidBrush
createTextRange
CreateThread
CreateWaitableTimerA
CreateWindowExA
CResourceException
CSharedFile
CStatic
CStringArray
CSyncObject
CTempDC
CTempGdiObject
CTempImageList
CTempMenu
CTempWnd
CToolTipCtrl
C|Uo^n
CUserException
"Cv=(Ui
CWinApp
CWindowDC
C:\WINDOWS\system32\Macromed\Flash\Flash10q.ocx
C:\WINDOWS\system32\Macromed\Flash\Flash10s.ocx
CWinThread
CWordArray
d09f2340818511d396f6aaf844c7e325
D6F20D
D8)m>`
]D9]=Sd
@.data
DC'F/0
dddd, MMMM dd, yyyy
				dddy
December
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
DefWindowProcA
DELETE
DeleteCriticalSection
DeleteDC
DeleteMenu
DeleteObject
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
display
document
DocumentPropertiesA
domain
DOMAIN error
DPtoLP
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawTextA
DuplicateHandle
Dw=|:s
?]_DYUf
;&E-}]
&E-1'F/
&E-1S/
&E-1Xxb
ech1Y%
&Edit,0,2
E'F_rbE-1SD
elementFromPoint
Ellipse
Embedded Object
Embed Source
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndDoc
#endif
#endif //_WIN32
EndPage
EndPaint
EndPath
EnterCriticalSection
EnumChildWindows
EnumDisplayMonitors
EnumDisplaySettingsA
EnumThreadWindows
eQpenc
e.q'pS<
EqualRect
Escape
\eU5r/
Ev2W0W
&E[vQ<
ExcludeClipRect
execCommand
execScript
ExitProcess
Ex.%Jq
&E[x#k
ExtSelectClipRgn
ExtTextOutA
F01S.J
F01Xxb
]/#F17
'F-1'F
'F-1.k
F-1Xxb
F4F|Sn
February
ff0000
f'F]S%
FileName
FileNameW
fileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRect
FillRgn
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FindText
FindWindowExA
fireEvent
FireEvent
- floating point not loaded
FlushFileBuffers
F NYKf
</font>
]</font>
<font color=red>
<font color=red>[
<font color=red>Div
<font color=red>Span
<font color=red>ULli
<font style='COLOR: #
FormatMessageA
\F!q/Z
\F!q/ZK
FrameRect
frames
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
FrK.:rK
FrK.:vK
FrS)B1S)
<]fS.*
F~S~jo
[/fS_MR
F}Sn~n
FsQfNY
FsS.*Y
Ft'F+0
function alert(){return;}
function confirm(){return;}
function prompt(){return;}
function showModalDialog(){return;}
Fz'F/&
G01Xxb
G]1&C]
%G-1Xxb
GAIsProcessorFeaturePresent
g~b1Y%
gdi32.dll
GDI32.dll
GetACP
GetActiveWindow
GetBkColor
GetBkMode
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipBox
GetClipRgn
GetCommandLineA
GetCPInfo
GetCurrentObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDesktopWindow
GetDeviceCaps
GetDIBits
GetDlgCtrlID
GetDlgItem
getElementsByTagName
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetFileTitleA
GetFileType
GetFocus
GetForegroundWindow
GetFullPathNameA
GetKeyState
GetLastActivePopup
GetLastError
GetLocalTime
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleHandleA
GetMonitorInfoA
GetNextDlgGroupItem
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetOpenFileNameA
GetOpenFileNameW
GetParent
GetPixel
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProfileStringA
GetPropA
GetROP2
GetSaveFileNameA
GetScrollPos
GetScrollRange
GetStartupInfoA
GetStdHandle
GetStockObject
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetSystemPaletteEntries
GetSystemTime
GetTextColor
GetTextExtentPoint32A
GetTextMetricsA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetTopWindow
GetUserDefaultLCID
GetVersion
GetVersionExA
GetViewportExtEx
GetViewportOrgEx
GetVolumeInformationA
GetWindow
GetWindowDC
GetWindowExtEx
GetWindowLongA
GetWindowOrgEx
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
 GF<W<
\G.iQp
GjShnn
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
>;G<oUm
GradientFill
GrayStringA
	 GrKI
G{So6o
G{Stb2
Gt&CU2
Gt&E-0
G[Um6l
 G[uSE
G[v&q"r%k
GvUu.m
,GW.&]
GY'F-1S,
`h````
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
height
hidden
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_USERS
H:mm:ss
>hOs)]B
'Hq2'0d
'Hq2'1
HrCg@b	g 
hsOzS]
htmlText
HtmlViewer
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
@http://toupiao.myrainbow.cn/images/showBaby/votebtn.png
http://toupiao.myrainbow.cn/web/images/a16.jpg
http://toupiao.myrainbow.cn/webVoteAction.do?method=getOneVoteInfo&voteInfoId=4028ebe63832592401384144df570144
http://www.myrainbow.cn/Member/Register.do?returnUrl=
http://www.ok8seo.com/yanzheng.html
HvS!#m
_hypot
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
ImageList_Destroy
#include "l.chs\afxres.rc"          // Standard components
InflateRect
InitCommonControlsEx
InitializeCriticalSection
innerHTML
innertext
innerText
				:::Innn
insertAdjacentHTML
InterlockedDecrement
InterlockedIncrement
InternetCanonicalizeUrlA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
Internet Explorer_Server
InternetOpenA
InternetReadFile
InternetSetOptionA
IntersectRect
InvalidateRect
I.q+p.q
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
JanFebMarAprMayJunJulAugSepOctNovDec
January
JavaScript
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
JN'F-7
JrUlb2
JScript
Kc2y=KU
kernel32
KERNEL32
kernel32.dll
KERNEL32.dll
KF\]1Q,
Kf"l=P]
=]_KfNn<
KillTimer
				kkk
kXEQ>\u
 L~<+]
l2L]^S
LANGUAGE 4, 2
LCMapStringA
LCMapStringW
LeaveCriticalSection
length
l	g~b0R 
l	g~b0Rdk
LineTo
Link Source
Link Source Descriptor
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadLibraryA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LocalReAlloc
location
LockFile
LockResource
loginId
+ LOOP 
LPtoDP
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpyn
lstrcpynA
lstrlenA
lstrlenW
lS^&YW
m1I@n1IAn=I@n=I;n7V9n1V9n1W@
m8Z@n|
m!A<o"
MapDialogRect
MapWindowPoints
mBM@nBP7
m C+W>
m C+W#
m&CW.=
M/d/yy
+MEn?Q@
MessageBeep
MessageBoxA
method
m'F]1%CU2
m'F-1Xxb
mH_B}L
m<I9ny
'm\ibj
Microsoft Visual C++ Runtime Library
midiOutPrepareHeader
midiOutReset
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamProperty
midiStreamRestart
midiStreamStop
m=JWI=
mK6.mS
mKe^n<
mKf"o=
mKf*p=
mK$jn=
!m>((m
m<*<n2
moblie
ModifyMenuA
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveStart
MoveToEx
MoveWindow
mQ0.1Xxb
m'q v&
mS6&V	
MsgWaitForMultipleObjects
MSIMG32.dll
~msOzS
MS Sans Serif
MS Shell Dlg
__MSVCRT_HEAP_SELECT
mU5bWH!
mU5bWhY
mU5fWH0
mU5jW@?
mU5jWP
mU5rW`
mU5rWH?
mU5rWI
mU5^W4o
mU5^Wc
mU5~WH
mU5^WS
mU5~Wx
mU5ZW@
mU5zW6I
mU5ZWh<
mU5ZWHu
mU5ZWHY
mU5zW&t
mU5zWx
mU5ZWxY
MulDiv
MultiByteToWideChar
m=+<uUe
m-V9n)V9n?
M]v.q v
m<+W.=
m<WBn~
m=Z>n}
m&=]ZS-
\{$}!n
n<9]tS8
Native
navigate
-NbkSbpS
-NbkSbpS(
n%C+1Xxb
n'F-1M
!n'F-7
N/f@b	g
nHhRn0I
~!ni<h
n>k3n>k3n>k3n>k3n>k3n>k3n>k3n>k3nV
-N"N1Y
N*Ncktepe
n#N(n#N(n#N(n#N(n\}tn\}tn\}tn\}tn
N*Ntepe
N*N(W%
N*N(W0
n?!<oP
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
nQ5~1SE
!n!q/v=
;nSE>m
nS.F4L
?<nS%FD
n!sGzR
nS{InS{InS{InS{Inj
N}	s(~Q
nS,`RQ,aRS,`VQ,aVS,`ZQ,aZS,`^Q,a^S,`bQ,abS,`fQ,afS,`jQ,ajU
n=']|U,
(null)
!nU$_ne7
NUUvBo
><nUwVo
|!n<%:v
n<V\|H
NYUv~o
nzzpenc
?<o#;:
o=B]}2
Object Descriptor
ObjectFromLresult
ObjectLink
October
;o&!E~Q]
offsetLeft
offsetParent
OffsetRect
offsetTop
OffsetViewportOrgEx
;o'!/J
ole32.dll
OLEACC.DLL
OLEAUT32.dll
oledlg.dll
OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OleUninitialize
o#l.s"p.q
onchange
onmousedown
&Open,0,2
OpenClipboard
OpenPrinterA
]<oS,av
.<o#sF
O(uckHr
outerHTML
outerText
!Ov<=<
o<=W.<9Uf
OwnerLink
OX[0R 
p/~:	]
p7^U}Nm
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
PA#define _AFX_NO_SPLITTER_RESOURCES
PADRIFF@
parentWindow
pAr'F/&
password
password2
pasteHTML
PatBlt
PathToRegion
PeekMessageA
p@~'F/&
PFrK6BoS5
pG>U-v
pGZ=g_
P#include "afxres.h"
*p~!nS
pOjF*]
PostMessageA
PostQuitMessage
PostThreadMessageA
PP.kOv
pPv'q z&E-
ppxxxx
'Pq2'0
pqOBQe
#pragma code_page(936)
p=r&E-0
PreviewPages
#PrG&]
Program: 
<program name unknown>
PsGVSB
PtInRect
PtVisible
- pure virtual function call
!PvF(]
q7Vi<m
qEr'F/&
\=QF.V
]^!qG^KM
qG^Q&[
qGz==]{<w
q/jF.]
Q,ljS1
Q{l|!n
QP'F-1S,
&q/^Q-
q"vS']
QX[gbL
q'yQ;B
RaiseException
RASAPI32.dll
RasGetConnectStatusA
RasHangUpA
?]rbs&
$r'C+1Xxb
r C+W:
.rdata
ReadFile
RealizePalette
Rectangle
RectVisible
RedrawWindow
REG_BINARY - 
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
REG_DWORD - DWORD
RegEnumKeyA
RegEnumValueA
RegFlushKey
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
REG_MULTI_SZ - 
REG_NONE - 
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
REG_REG_EXPAND_SZ - 
RegSetValueExA
regsvr32 
REG_SZ - 
ReleaseCapture
ReleaseDC
ReleaseSemaphore
RemovePropA
resource.h
RestoreDC
ResumeThread
^rI8%m
!_rI8_rY8
RichEdit Text and Objects
Rich Text Format
_rI:"V_
rKfJq<
rKf*p=.]
RoundRect
r"rSnno
RSbpS\O
r'&Sjbn
r s/~Q
"rSvzn
r s/ZQ
RtlUnwind
runtime error 
Runtime Error!
;rU$Wn
r!vSn~o
]rXsB~M
S)>1Xxb
>]_S.2
S)21Xxb
S4brU,brU\
S6J}w.>q
Saturday
SaveDC
SbpS0R
SbpS@b	gu
SbpS:g:
SbpS\O
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
scrollHeight
scrollLeft
scrollTop
scrollWidth
ScrollWindowEx
select
SelectClipRgn
selectedIndex
selection
SelectObject
select-one|select
SelectPalette
SendDlgItemMessageA
SendMessageA
SendMessageTimeoutA
sendYz
September
SetActiveWindow
SetBkColor
SetBkMode
SetCapture
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetCursorPos
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuItemBitmaps
SetParent
SetPixel
SetPolyFillMode
SetPropA
SetRect
SetRectEmpty
SetROP2
SetScrollPos
SetScrollRange
SetStdHandle
SetStretchBltMode
SetTextColor
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWaitableTimer
SetWindowContextHelpId
SetWindowExtEx
SetWindowLongA
SetWindowOrgEx
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
sGvK%R
SHELL32.dll
ShellExecuteA
Shell_NotifyIconA
ShowWindow
@sina.com
SING error
s/JS7:
S>J}w.:
S>J}w6>q
Sl0|!n<
Slp|!n<
.s"lQ>*
>]_SnRn
software
solid 
;sOnS]
sOzS6&
.s)~.q
S,`~Q,a~S,`zQ,azS,`vQ,avS,`rQ,arU
s"rSono
s%rU5r
StartDocA
StartPage
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
StretchBlt
@style
submit
Sunday
SunMonTueWedThuFriSat
sU$Wne7
,s:vKd
System
SystemParametersInfoA
S<ZrU,ZrUT
s/zSurl
t7R'F-
TabbedTextOutA
tagname
tagName
target
TaskbarCreated
tc nSv^n
TerminateProcess
textarea
TextOutA
text|password|file
Tfa]M5
T/f&Tcknx
tGR<X8
!This program cannot be run in DOS mode.
Thursday
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t,mD!<n
,T>n	LH
tooltips_class32
_TrackMouseEvent
TranslateAcceleratorA
TranslateMessage
Tuesday
t"v<)]
?u='@^
U1=	\>
:U5bWHG
:U5jW[
:U5jWP
:U5rW:}
:U5rW:\
:U5rWj}
:U5rWJX
:U5rW*V
:U5rWz]
:U5rWZ
:U5rWZp
:U5vWp
:U5ZW 
:U5ZWDa
:U5ZWK
:U5ZWt
:U5ZWZr
u7^'F-7
UG]3&E-
(uIoS)*
<'Ul8\
<U>n0\?
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UnhookWindowsHookEx
UNLINK
UnlockFile
UnregisterClassA
U,/nSD
UpdateWindow
user32
USER32
user32.dll
USER32.dll
V.<0U-
V.<3%V.
V7<-V@S
V7<-Wm=
V.<#]8S
validateCode
ValidateRect
Variant
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
VBScript
V.<d],
V.<EUl7]
v'F[o#k
V.<fS4
v%G01S>J
VirtualAlloc
VirtualFree
VirtualProtectEx
VirtualQueryEx
V[>"]k
]vKa:pD
VmFf_rG
V.<P<n0
;]vQ ]
V.Q&Gr
V.Qmbk
]vQsfn
<W.<>]
<W.<,]
(W.="]
(W.=#_%
@W.<	]
W7<3Wd=
W7<;"V
WaitForInputIdle
WaitForMultipleObjects
WaitForSingleObject
WarnOnHTTPSToHTTPRedirect
WAVEfmt 
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite
 W.%d=
Wd<-(m
Wd<[(m
W.=d]uM
Wednesday
@W.!f!
W@F0U/
W.F3W@</]
				wfU
?WI<6]1
WideCharToMultiByte
WI<I%m
window
WindowFromPoint
WinExec
WinHelpA
WININET.dll
WINMM.dll
WINSPOOL.DRV
WI=	<o
WI<'Wd<#W[>
WM_HTML_GETOBJECT
Wm<'%V(
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
WS2_32.dll
wsprintfA
wwwwww
X0_rXq
('Xc!n
				xfV
xq/JU\
Y@documentElement
YnqEvS5
yr<Izp=E:e
YX[(W	
!'z>J]
'_zJ9)
z<KO~S-
Zq&E-0
Zq'F-0
ZrYGU.