Analysis Date2015-01-29 19:19:42
MD5972dd0ca2837e0e655a25a3d72cc6cc4
SHA17c299bee5f8aa09382c966aa23749a27af852095

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 3fa7976914c0c2caee585a5c010fda50 sha1: 5665dc2de1a33174bc48aa279ea8cfad8ad9a9a4 size: 499712
Section.rdata md5: 943823fa1309fa1bec67326255c14b97 sha1: ed17a17dee3a0161d0ecbb35e5bb5568d2a1591c size: 94208
Section.data md5: 90982d9021bdc74dd1846199184dcc2c sha1: 9979a6c4a421b558a922bc6ed5c4ae493682c9e3 size: 69632
Section.rsrc md5: bc3b1752812174cd9543ad432aa1df7c sha1: aed3f83aabc819c995471941ab269f460819b71a size: 32768
Timestamp2014-11-17 12:38:49
VersionLegalCopyright: 作者版权所有 请尊重并使用正版
FileVersion: 1.0.0.0
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
ProductName: 易语言程序
ProductVersion: 1.0.0.0
FileDescription: 易语言程序
PackerMicrosoft Visual C++ v6.0
PEhashceb0a5d6c1df9271d916df74ab3f584cebe2135c
IMPhash401f33c6b0615cdbd7412a169b3c3199
AV360 Safeno_virus
AVAd-AwareTrojan.GenericKD.2098246
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Trojan.GenericKD.2098246
AVAuthentiumW32/Agent.EW.gen!Eldorado
AVAvira (antivir)no_virus
AVBullGuardTrojan.GenericKD.2098246
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftTrojan.GenericKD.2098246
AVEset (nod32)no_virus
AVFortinetRiskware/FlyStudio
AVFrisk (f-prot)W32/Agent.EW.gen!Eldorado
AVF-SecureTrojan:W32/DelfInject.R
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVK7no_virus
AVKasperskyno_virus
AVMalwareBytesSpyware.OnlineGames
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings\JITDebug ➝
NULL
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Network Details:

DNSdnspod-free.mydnspod.net
Type: A
119.28.48.227
DNSdnspod-free.mydnspod.net
Type: A
119.28.48.229
DNSwww.56pu.com
Type: A
HTTP GEThttp://www.56pu.com/api?orderId=777961926938326&quantity=&line=tel&region=&regionEx=&beginWith=&ports=&vport=&speed=200&anonymity=&scheme=&duplicate=3&sarea=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Flows TCP192.168.1.1:1031 ➝ 119.28.48.227:80

Raw Pcap
0x00000000 (00000)   47455420 2f617069 3f6f7264 65724964   GET /api?orderId
0x00000010 (00016)   3d373737 39363139 32363933 38333236   =777961926938326
0x00000020 (00032)   26717561 6e746974 793d266c 696e653d   &quantity=&line=
0x00000030 (00048)   74656c26 72656769 6f6e3d26 72656769   tel&region=&regi
0x00000040 (00064)   6f6e4578 3d266265 67696e57 6974683d   onEx=&beginWith=
0x00000050 (00080)   26706f72 74733d26 76706f72 743d2673   &ports=&vport=&s
0x00000060 (00096)   70656564 3d323030 26616e6f 6e796d69   peed=200&anonymi
0x00000070 (00112)   74793d26 73636865 6d653d26 6475706c   ty=&scheme=&dupl
0x00000080 (00128)   69636174 653d3326 73617265 613d2048   icate=3&sarea= H
0x00000090 (00144)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x000000a0 (00160)   20696d61 67652f67 69662c20 696d6167    image/gif, imag
0x000000b0 (00176)   652f782d 78626974 6d61702c 20696d61   e/x-xbitmap, ima
0x000000c0 (00192)   67652f6a 7065672c 20696d61 67652f70   ge/jpeg, image/p
0x000000d0 (00208)   6a706567 2c206170 706c6963 6174696f   jpeg, applicatio
0x000000e0 (00224)   6e2f782d 73686f63 6b776176 652d666c   n/x-shockwave-fl
0x000000f0 (00240)   6173682c 20617070 6c696361 74696f6e   ash, application
0x00000100 (00256)   2f766e64 2e6d732d 65786365 6c2c2061   /vnd.ms-excel, a
0x00000110 (00272)   70706c69 63617469 6f6e2f76 6e642e6d   pplication/vnd.m
0x00000120 (00288)   732d706f 77657270 6f696e74 2c206170   s-powerpoint, ap
0x00000130 (00304)   706c6963 6174696f 6e2f6d73 776f7264   plication/msword
0x00000140 (00320)   2c202a2f 2a0d0a52 65666572 65723a20   , */*..Referer: 
0x00000150 (00336)   68747470 3a2f2f77 77772e35 3670752e   http://www.56pu.
0x00000160 (00352)   636f6d2f 6170693f 6f726465 7249643d   com/api?orderId=
0x00000170 (00368)   37373739 36313932 36393338 33323626   777961926938326&
0x00000180 (00384)   7175616e 74697479 3d266c69 6e653d74   quantity=&line=t
0x00000190 (00400)   656c2672 6567696f 6e3d2672 6567696f   el&region=&regio
0x000001a0 (00416)   6e45783d 26626567 696e5769 74683d26   nEx=&beginWith=&
0x000001b0 (00432)   706f7274 733d2676 706f7274 3d267370   ports=&vport=&sp
0x000001c0 (00448)   6565643d 32303026 616e6f6e 796d6974   eed=200&anonymit
0x000001d0 (00464)   793d2673 6368656d 653d2664 75706c69   y=&scheme=&dupli
0x000001e0 (00480)   63617465 3d332673 61726561 3d0d0a41   cate=3&sarea=..A
0x000001f0 (00496)   63636570 742d4c61 6e677561 67653a20   ccept-Language: 
0x00000200 (00512)   7a682d63 6e0d0a55 7365722d 4167656e   zh-cn..User-Agen
0x00000210 (00528)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000220 (00544)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000230 (00560)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000240 (00576)   20352e30 290d0a48 6f73743a 20777777    5.0)..Host: www
0x00000250 (00592)   2e353670 752e636f 6d0d0a43 61636865   .56pu.com..Cache
0x00000260 (00608)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000270 (00624)   68650d0a 0d0a                         he....


Strings
....  ................
"#
..
....
.........
10/.-,+*)('&%$#"! ..............
.....
..........
..
.........
-
..
x
==
...
.
 
-% BbmHpAadYySMI \
.-E-0-0..
00-+ 
e
 
00...........?-  
0
0 
0
?
.
u
    
 ......
 (*.*)
#####
#######
080404B0
 %1 
1.0.0.0
	1uM
A+B+B
(&C)
Comments
	Ctrl+
	Ctrl+D
	Ctrl+End
	Ctrl+G
	Ctrl+Home
	Ctrl+N
	Ctrl+PageDown
	Ctrl+PageUp
	&D.
DEFAULT_ICON
 DLL 
(&E)
FileDescription
FileVersion
Gjjj
Gjjjj
Gjjjjjjjj
         (((((                  H
(&H)
(http://www.eyuyan.com)
(&I)
 INI 
jjjj
jjjjh
LegalCopyright
msctls_progress32
msctls_updown32
MS Shell Dlg
(&N)
(null)
(&O)
(&P)
	PageDown
	PageUp
@	P	d	v	
ProductName
ProductVersion
Progress1
 %s 
(&S)
	Shift+Tab
Spin1
StringFileInfo
(&T)
	Tab/Enter
TEXTINCLUDE
Translation
VarFileInfo
VS_VERSION_INFO
xxxx
^,_^][
^$_^[]
 (*.*)|*.*||
	!	!	!	!	
								
(&07-034/)7 '
0dk:ghV
0R>\W[
,1"52.*
1#QNAN
1#SNAN
'2, /+0&7!4-)1#
	2	5	5	5	5	5
%+.2d%.2d
306AA9E31B5940399723021A0D782077
;3+#>6.&
4BB4003860154917BC7D8230BF4FA58A
\$4t|Ht@H
|?5^<@
5	!	!	!	!
50.7.69.10
	5	5	5
5F99C1642A2F4e03850721B4F5D7C3F8
	6	6	6	6
	6	6	6	6	6	6	6	6	6	6	,	,	,	,	,	,	,	,	+	+	+	+	+	/	/	/	'	'	'	'	'	'	'	'	'	'	(	(	(	(	(	(	(	(	(	(	(	(	(	
707ca37322474f6ca841f0e224f4b620
	7	7	7	7	7	7	7	7	7	7	7	*	*	-	-	-	-
8MThdu
\$8UVW
9^0u/j
'9A`u"9
9D$$t+
9L$x~e
9l$xtU9
9nPu	9^T
9o4u'V
	9oTtc
9t$0v8
9^xu5j
<A|2<Z
A512548E76954B6E92C21055517615B0
abcddefghijklmnoopqrrsstuvvwwxyyz;
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
abnormal program termination
Accept:
Accept: 
Accept: */*
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language:
Accept-Language: 
Accept-Language: zh-cn
%a, %d %b %Y %H:%M:%S 
AdjustWindowRectEx
Advapi32.dll
ADVAPI32.dll
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
Afx:%x:%x
Afx:%x:%x:%x:%x:%x
AppendMenuA
.?AUCThreadData@@
August
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CHECKLIST_STATE@@
.?AV_AFX_COLOR_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_SOCK_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVCArchiveException@@
.?AVCBitmap@@
.?AVCBrush@@
.?AVCButton@@
.?AVCClientDC@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCColorDialog@@
.?AVCComboBox@@
.?AVCCommonDialog@@
.?AVCCriticalSection@@
.?AVCDC@@
.?AVCDialog@@
.?AVCDWordArray@@
.?AVCEdit@@
.?AVCException@@
.?AVCFile@@
.?AVCFileDialog@@
.?AVCFileException@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCImageList@@
.?AVCMapPtrToPtr@@
.?AVCMapStringToPtr@@
.?AVCMemFile@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCPaintDC@@
.?AVCPen@@
.?AVCProgressCtrl@@
.?AVCPtrArray@@
.?AVCPtrList@@
.?AVCResourceException@@
.?AVCRgn@@
.?AVCSessionMapPtrToPtr@@
.?AVCSharedFile@@
.?AVCSimpleException@@
.?AVCSpinButtonCtrl@@
.?AVCStatic@@
.?AVCStringArray@@
.?AVCSyncObject@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempImageList@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCToolTipCtrl@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWindowDC@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVCWordArray@@
.?AVtype_info@@
<A|@<Z
B 02CV
bcdfghijklmnpqrstuvwxyz
BeginPaint
BeginPath
BitBlt
BKbhTb~XBK!;
 (*.BMP)|*.BMP|GIF
Bogus message code %d
buffer error
Button
BUTTON
C =02CVu
CallNextHookEx
CallWindowProcA
CArchiveException
CBitmap
CBrush
CButton
CClientDC
CCmdTarget
CColorDialog
CColourPicker
CComboBox
CCriticalSection
Cc: %s
CDialog
C:\Documents and Settings\IBM\Cookies\*.txt
CDWordArray
CException
CFileDialog
CFileException
CGdiObject
CharUpperA
CheckMenuItem
ChildWindowFromPointEx
ChooseColorA
CImageList
ck(WSbpS
ClientToScreen
CloseClipboard
CloseDatabase
CloseHandle
ClosePrinter
CLSIDFromProgID
CLSIDFromString
CMapPtrToPtr
CMapStringToPtr
CMemFile
CMemoryException
CNotSupportedException
CObject
CoCreateInstance
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
commdlg_ColorOK
commdlg_FileNameOK
commdlg_help
commdlg_LBSelChangedNotify
commdlg_SetRGBColor
commdlg_ShareViolation
ComObject
CompareStringA
CompareStringW
Content-Length: 
Content-Transfer-Encoding: base64
Content-Type:
Content-Type: 
Content-Type: application/x-www-form-urlencoded
Content-type: multipart/mixed; boundary="#BOUNDARY#"
Content-type: text/plain; charset="
Cookie: 
CopyAcceleratorTableA
CopyRect
CPaintDC
CPalette
CProgressCtrl
CPtrArray
CPtrList
CreateAcceleratorTableA
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDialogIndirectParamA
CreateDIBitmap
CreateEllipticRgn
CreateEventA
CreateFileA
CreateFontIndirectA
CreateIconFromResource
CreateIconFromResourceEx
CreateMenu
CreatePalette
CreatePen
CreatePolygonRgn
CreatePopupMenu
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSemaphoreA
CreateSolidBrush
CreateThread
CreateWaitableTimerA
CreateWindowExA
CResourceException
CSharedFile
CSpinButtonCtrl
CStatic
CStringArray
CSyncObject
CTempDC
CTempGdiObject
CTempImageList
CTempMenu
CTempWnd
CToolTipCtrl
Ctrl+A
Ctrl+B
Ctrl+C
Ctrl+D
Ctrl+E
Ctrl+F
Ctrl+F1
Ctrl+F10
Ctrl+F11
Ctrl+F12
Ctrl+F2
Ctrl+F3
Ctrl+F4
Ctrl+F5
Ctrl+F6
Ctrl+F7
Ctrl+F8
Ctrl+F9
Ctrl+G
Ctrl+H
Ctrl+I
Ctrl+J
Ctrl+K
Ctrl+L
Ctrl+M
Ctrl+N
Ctrl+O
Ctrl+P
Ctrl+Q
Ctrl+R
Ctrl+S
Ctrl+Shift+F1
Ctrl+Shift+F10
Ctrl+Shift+F11
Ctrl+Shift+F12
Ctrl+Shift+F2
Ctrl+Shift+F3
Ctrl+Shift+F4
Ctrl+Shift+F5
Ctrl+Shift+F6
Ctrl+Shift+F7
Ctrl+Shift+F8
Ctrl+Shift+F9
Ctrl+T
Ctrl+U
Ctrl+V
Ctrl+W
Ctrl+X
Ctrl+Y
Ctrl+Z
 (*.CUR)|*.CUR|
CUserException
CWinApp
CWindowDC
C:\Windows\System32\panduan.txt
CWinFormUnit
CWinThread
CWordArray
?? / %d]
D$ _^][
D$,_^]
D$,;\$|
D$(_^]
D$(_^][
D$$_^[
D$$_^]
d09f2340818511d396f6aaf844c7e325
D$0UVW
D$0WPQ
D$ |2;
D$49D$$}
D$4`\H
D$4p\H
D$4SUV
D$89Vdu
D$(8D*
D$8RPj
D$8VPQ
D$$~9+
@.data
data error
Date: %s
D$(CUSWP
 %d/%d 
(%d-%d):
%d / %d
%d / %d]
dddd, MMMM dd, yyyy
D$<djH
D$ djH
D$dPQV
D$dQUWRP
D$dSUVW
D$DSWRPQ
D$DURP
December
DEFAULT_ICON
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
DefWindowProcA
DELETE
DeleteCriticalSection
?=deleted
DeleteDC
DeleteFile
DeleteFileA
DeleteMenu
DeleteObject
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
device
devices
D$H_^][
D$|hl]I
D$hQRP
D$hRPQ
D$hSUV3
D$hUPQ
D$HUPQ
D$HUSj
D$ hx"I
Dim mc,mo
DispatchMessageA
DISPLAY
D$(\!J
D$(;l$ 
D$LdjH
D$ LjH
DllRegisterServer
DllUnregisterServer
D$Lp\H
D$LPUj
D$LUSWP
DocumentPropertiesA
DOMAIN error
&domainUr
D$<p\H
D$ p\H
D$(p\H
D$$p\H
D$,Pj<j
D$ PQR
D$PQRP
D$PRPQ
DPtoLP
D$(QPW
D$(QRP
D$$QUP
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawTextA
D$@RPQj
D$ RPUhD
DRQPh\]I
D$,RVht^I
D$,SPh
D$(SUV
D$$SUV
D$(t,;
D$TRPW
D$TVPW
DuplicateHandle
D$@UPQ
|$D UV
D$@WPS
D$XPQU
D$XQRWP
;D$xt&
ech1Y%
EditBox
EHPWVS
Ellipse
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndDoc
End Function
#endif
        End If
#endif //_WIN32
EndPage
EndPaint
EndPath
EnterCriticalSection
EnumDisplayMonitors
EnumDisplaySettingsA
eQpenc
EqualRect
Escape
ExcludeClipRect
ExecuteStatement
           Exit For
ExitProcess
ExpandEnvironmentStringsA
ExtSelectClipRgn
ExtTextOutA
F<_^][
F,_^][
F\_^][
F09^4u*j
F49^8u&j
F89^8u&j
F(9V8tQ
Fdf+Fh
FD@ul9L$(}f
FD uy9D$$}s
February
F%*.*f
F(_+F$^[;E
?fff&ff23
F$@;F(v
F$@@;F(v
file error
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRect
FillRgn
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
F\jLSP
- floating point not loaded
FlushFileBuffers
    For Each mo In mc
FpHt&Ht
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
From: %s
[/fS_MR
Function MACAddress() 
function time(){return new Date().getTime()}
Fxt_;FTu@
GAIsProcessorFeaturePresent
g~b1Y%
gb2312
=?gb2312?B?
Gdi32.dll
GDI32.dll
GetACP
GetActiveWindow
GetBkColor
GetBkMode
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipBox
GetClipRgn
GetCommandLineA
GetConnectString
GetCPInfo
GetCurrentObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDesktopWindow
GetDeviceCaps
GetDIBits
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetFileTitleA
GetFileType
GetFocus
GetForegroundWindow
GetFullPathNameA
GetKeyState
GetLastActivePopup
GetLastError
GetLocalTime
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleHandleA
GetMonitorInfoA
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetOpenFileNameA
GetParent
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProfileStringA
GetPropA
GetROP2
GetSaveFileNameA
GetScrollPos
GetScrollRange
GetStartupInfoA
GetStdHandle
GetStockObject
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetSystemPaletteEntries
GetSystemTime
GetTabList
GetTextColor
GetTextExtentPoint32A
GetTextMetricsA
GetTickCount
GetTimeZoneInformation
GetTopWindow
GetUserDefaultLCID
GetVersion
GetVersionExA
GetViewportExtEx
GetViewportOrgEx
GetVolumeInformationA
GetWindow
GetWindowDC
GetWindowExtEx
GetWindowLongA
GetWindowOrgEx
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
 (*.GIF)|*.GIF|
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
GrayStringA
`h````
h9n`u;
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
hgjlkbrfzaoe
HHtiHtGH
HHtpHHtl
H:mm:ss
HrCg@b	g 
HSVHWtgHHtF
Ht#HHt
HtHHt(
HtHHuz
HtOHt)H
http://
HTTP/1.1
http://91.cf.gs/getfile.php?VID=
http://91.cg.gs  
HttpOpenRequestA
HttpQueryInfoA
https://
HttpSendRequestA
http://www.56pu.com/api?orderId=777961926938326&quantity=&line=tel&region=&regionEx=&beginWith=&ports=&vport=&speed=200&anonymity=&scheme=&duplicate=3&sarea=
@hUUUUh
hWj@_;
_hypot
IcmpCloseHandle
IcmpCreateFile
icmp.dll
IcmpSendEcho
 (*.ICO)|*.ICO|
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
        If mo.IPEnabled=True Then
ImageList_Destroy
#include "l.chs\afxres.rc"          // Standard components
incompatible version
inet_addr
InflateRect
InitCommonControlsEx
InitializeCriticalSection
insufficient memory
InterlockedDecrement
InterlockedIncrement
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile
InternetSetCookieA
InternetSetOptionA
IntersectRect
InvalidateRect
IPHLPAPI.DLL
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
It#Iu%
\$\}-j
JanFebMarAprMayJunJulAugSepOctNovDec
January
jBWVSSQ
JPEGMEM
 (*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
 (*.JPG)|*.JPG|BMP
JScript
j VUPWQ
kernel32
KERNEL32
kernel32.dll
Kernel32.dll
KERNEL32.dll
KillTimer
kXEQ>\u
^l_^][
;l$ }:
L$ ]_^
L$$_^]
L$0PQR
L$0PQS
L$0SUV@W
L23fff&ff
L$,_^]3
L$,_[3
L$4_^3
L$4_^[d
L$4S+L$0Qj
L$4UQWP
L$4VQUP
L$4WPQR
L$4WQUVS
L$8^]_3
L$89l$8}
L$8_^][d
L$8WPQR
Language
LANGUAGE 4, 2
LCMapStringA
LCMapStringW
L$`_^][d
L$|_^][d
L$ ^][d
L$ _^d
L$ _^][d
L$,_^][d
L$(_^][d
L$@^[d
L$@_^][d
L$$^[d
L$$^]d
L$$_^d
L$$_^]d
L$$_^][d
L$\_^][d
L$d_^][d
L$D_^[d
L$D_^][d
L$D_]d
L$DPQj
L$DSVQ
LeaveCriticalSection
l	g~b0R 
l	g~b0Rdk
L$h_^]3
L$h_^][d
L$H_^][d
L$H][d
L$@hH]I
L$Hj&Q
L$,hL]I
l$HQRVU
L$HSUVWP
LineTo
L$L_^]3
L$l_^][d
L$L^[d
L$L_^][d
L$LPQR
L$lRVQ
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadLibraryA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LocalReAlloc
Location:
LockFile
LockResource
L$P_^d
L$P_]^[d
L$ PQh
L$(PQR
L$@PQR
L$<PQVV
L$pRPQ
LPtoDP
L$(PVQ
L$ QRh
L$ QSR
L$,RPQ
L$(RPQ
L$<RPQW
L$@RQj
L$@RUQ
L$<SQR
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
lstrlenW
L$,SUV
L$(SUV
L$T_^]
L$t_^d
L$t][d
L$T_^]d
L$T_^][d
|$LtE;
L$TSWQ
L$(UUh
\$lUV3
L$(VQRSP
L$(VQVj
l$@VW3
l$<VWj
L$ WPQ
L$(WQR
L$(WSR
L$X_^]3
L$x_^d
L$x_^][d
L$X_^d
L$X;L$
L$XSQh
@;l$\~Z
MACAddress
           MACAddress= mo.MacAddress
mailto:
MapWindowPoints
&max_vid=
M/d/yy
MessageBoxA
MGridCells
Microsoft Visual C++ Runtime Library
midiOutPrepareHeader
midiOutReset
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamProperty
midiStreamRestart
midiStreamStop
 (*.MID)|*.MID|
MIME-Version: 1.0
MissWho
MissWho_OK
ModifyMenuA
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveToEx
MoveWindow
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
&mp4=0&seccode=
Mpr.dll
msctls_updown32
MsgWaitForMultipleObjects
MS Sans Serif
MS Shell Dlg
__MSVCRT_HEAP_SELECT
MulDiv
MultiByteToWideChar
n0SSSSU
-NbkSbpS
-NbkSbpS(
nd9~dt
need dictionary
    Next 
N/f@b	g
NH_^][
Nh;NX|
-N"N1Y
N*Ncktepe
N*Ntepe
N*N(W%
N*N(W0
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
nt2Ht#Ht
NTRPQj
(null)
N$~	WU
NX9NXu 
Nyt2S	W	w	w
nzzpenc
O(_^][
o0SSSSU
October
OffsetRect
OffsetViewportOrgEx
ole32.dll
OLEAUT32.dll
OleInitialize
OleRun
OleUninitialize
OpenClipboard
OpenDatabase
OpenPrinterA
O(uckHr
out.prn
OX[0R 
~P9~Pun
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
PA#define _AFX_NO_SPLITTER_RESOURCES
PatBlt
PathToRegion
.PAVCArchiveException@@
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCObject@@
.PAVCResourceException@@
.PAVCSimpleException@@
.PAVCUserException@@
PeekMessageA
Ph_^][Y
P#include "afxres.h"
PostMessageA
PostQuitMessage
PPPPhd
PPPPPPPP
P<PuWSV
ppxxxx
PQj WUS
PQQQQQ
\$ PQV
#pragma code_page(936)
PreviewPages
 (*.prn)|*.prn|
Program: 
<program name unknown>
P$RWPh`-D
~'PSQR
PtInRect
PtVisible
- pure virtual function call
\$PVUUS
PWh<_I
PWVWWW
QPSWVR
QQ80478784
QQSVW3
QQSVWd
QQSVWj
QQUWSS
QSUVWj
QUht"I
QVWWRP
QX[gbL
RaiseException
RASAPI32.dll
RasGetConnectStatusA
RasHangUpA
`.rdata
ReadFile
RealizePalette
Rectangle
RectVisible
RedrawWindow
Referer:
Referer: 
RegCloseKey
RegCreateKeyExA
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegSetValueExA
ReleaseCapture
ReleaseDC
ReleaseSemaphore
RemovePlayer
RemovePropA
Reply-To: %s
resource.h
RestoreDC
ResumeThread
RoundRect
|$,RPQ
RQPh@]I
RSbpS\O
RtlUnwind
runtime error 
Runtime Error!
RVPUSQ
Saturday
SaveDC
SbpS0R
SbpS@b	gu
SbpS:g:
SbpS\O
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
ScriptControl
scripting.FileSystemObject
ScrollWindowEx
SelectClipRgn
SelectObject
SelectPalette
SendARP
SendDlgItemMessageA
SendMessageA
September
SetActiveWindow
SetBkColor
SetBkMode
SetCapture
SetClipboardData
Set-Cookie
Set-Cookie:
Set-Cookie: 
SetCurrentDirectoryA
SetCursor
SetCursorPos
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
    Set mc=GetObject("Winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")
SetMenu
SetMenuItemBitmaps
SetParent
SetPolyFillMode
SetPropA
SetRect
SetRectEmpty
SetROP2
SetScrollPos
SetScrollRange
SetStdHandle
SetStretchBltMode
SetTextColor
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWaitableTimer
SetWindowExtEx
SetWindowLongA
SetWindowOrgEx
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
Shell32.dll
SHELL32.dll
ShellExecuteA
Shell_NotifyIconA
\shell\open\command
Shift+F1
Shift+F10
Shift+F11
Shift+F12
Shift+F2
Shift+F3
Shift+F4
Shift+F5
Shift+F6
Shift+F7
Shift+F8
Shift+F9
ShowWindow
SING error
so.addVariable('file','
so.addVariable('max_vid','
so.addVariable('seccode','
sO;>|C;~
software
Software\
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
@Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
%s <%s>
SS@SSPVSS
_SSSSU
StartDocA
StartPage
stream end
stream error
StretchBlt
Subject: %s
Sunday
SunMonTueWedThuFriSat
SWVVVRPV
System
SystemParametersInfoA
T$$_^]
T$0PQR
T$0SUV
@t4Ht1Ht_Ht
T$8QRP
T$8RWj
t$ 90t
t	9p$u
t&9^$t
TabbedTextOutA
tAh8^H
tBShF2G
T$$+D$4
tD9_Pt?
T$dPQR
T$DPQRW
T$DQRU
T$DQSR
T$DWRh
T$\;D$Xu
t(ENEN;
TerminateProcess
TerminateThread
TextOutA
T/f&Tcknx
<]t_G<-uA
T$HhL]I
t$ h`"I
!This program cannot be run in DOS mode.
T$,hL]I
T$|hp]I
t>Ht Ht
t+Ht$Ht
Thursday
T$H} VP
tI;Ftr
T$\jdSR
+tJHt:Ht*
tkSUVW
TLOSS error
T$lPRh
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t$LUPh
T$LWUQVR
tn<%t2
tooltips_class32
To: %s
T$pPQR
t$PPVS
T$(PQR
T$\PQR
T$PQRP
T$ PQWWR
T$$PRV
tq9~Dt
T$(QhL]I
T$ QRh
T$ QRP
T$(QVURWP
TranslateAcceleratorA
TranslateMessage
T$$Rh0VH
tRHt}H
T$,RQP
t%RSQP
t$$RVP
T$<RVW
tS9~@uN
tSh dH
T$ SRh
T$,SRh
t$(SSh
t#SSUP
T$ SWRP
t!< t	<
+ttHHtd
t.;t$$t(
Tuesday
T$\URP
t$$VSS
tvWWWWU
T$\WVR
t/WWUPj
\*.txt
 (*.txt)|*.txt|
T$XUSR
;t$Xu";\$\u
t$XWVS
?u='@^
u._^][
u29l$xu,
u"8D$yu
u]9B uX
u	9~@u
>:u#FV
u-h4NG
uh9^8uX
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
>:uNFV
UnhandledExceptionFilter
UnhookWindowsHookEx
UNLINK
UnlockFile
UnregisterClassA
UpdateWindow
uR9BxuM
uRFGHt
us-ascii
USER32
user32.dll
User32.dll
USER32.dll
User-Agent:
u$SShe
u(Uh`_I
UUUUUU
\$(UVW
ValidateRect
Variant
VBScript
VC20XC00U
V#D$,WPQ
Vh;VX|
VirtualAlloc
VirtualFree
\$<VW3
V,_^[Y
W9^du-
WaitForMultipleObjects
WaitForSingleObject
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite
 (*.WAV;*.MID)|*.WAV;*.MID|WAV
 (*.WAV)|*.WAV|MIDI
Wednesday
	WG!2S(
WideCharToMultiByte
window
WindowFromPoint
windows
WinExec
WinHelpA
wininet.dll
WinINet.dll
WININET.dll
WINMM.dll
WINSPOOL.DRV
WjdjdPQh
Wj(_Wj
|$$}$WP
(wqt\HHtS
WriteFile
WritePrivateProfileStringA
ws2_32.dll
WS2_32.dll
wsprintfA
WTWindow
|$@ Wu
|$ WUSV
wwwwww
XY[Z[]
YHYtLHt9
YX[(W	
_^][YY
|z;^<}uWS