Analysis Date2014-08-28 04:42:22
MD50b17c4312eb5b79f1650bd14fea1ddc1
SHA18db64eaefa1568518ea17896e112592c261f84e9

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d317eeca45aa9095c2f2bdf715b5a34d sha1: 76cce2793ed106c3cd3fd9b1ea907685c0cc7fa5 size: 778240
Section.rdata md5: cb4e7ee15e2f1d31bc18e4d5b8d34888 sha1: 41118ebbc5fe10f0708c5a4b3e3bfc6bf2671fc8 size: 229376
Section.data md5: 6ff3185acb6a0c674a104e358fff6cdb sha1: f166accbccfd771a379c20afae7fcd3e3fc1b271 size: 69632
Section.rsrc md5: 050a6bc7679fcda1ee83293f2754c5d8 sha1: dfc9497fd334185c7d333e35d6c1b88aa2d5abda size: 24576
Timestamp2014-07-06 09:23:39
VersionLegalCopyright: 森森家族版权所有www.sensenjz.tk
FileVersion: 1.0.0.0
CompanyName: 森森Qq1041744404
Comments: 森森家族www.sensenjz.tk
ProductName: 最新猴岛不用登陆免费下载贴子内的所有附件
ProductVersion: 1.0.0.0
FileDescription: 免费下载猴岛附件
PackerMicrosoft Visual C++ v6.0
PEhashdf88db46de608b167ed476baebee4b5eb8a6adfc
IMPhash2d228e8d8844c2b2b94628714ee7a0a2

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.iqshw.com

Network Details:

DNS4b441817189c0103.cdn.fhldns.com
Type: A
222.216.190.60
DNS4b441817189c0103.cdn.fhldns.com
Type: A
222.216.190.61
DNSwww.iqshw.com
Type: A
HTTP GEThttp://www.iqshw.com/url/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 222.216.190.60:80

Raw Pcap
0x00000000 (00000)   47455420 2f75726c 2f204854 54502f31   GET /url/ HTTP/1
0x00000010 (00016)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000020 (00032)   0a416363 6570742d 4c616e67 75616765   .Accept-Language
0x00000030 (00048)   3a20656e 2d75730d 0a416363 6570742d   : en-us..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 69717368   ..Host: www.iqsh
0x000000c0 (00192)   772e636f 6d0d0a43 6f6e6e65 6374696f   w.com..Connectio
0x000000d0 (00208)   6e3a204b 6565702d 416c6976 650d0a0d   n: Keep-Alive...
0x000000e0 (00224)   0a                                    .


Strings
....  ................
"#
....
.........
10/.-,+*)('&%$#"! ..............
.....
..........
..
.........
-
..
x
.
.
.
.
..
-- \
.-E-0-0..
00-+ 
e
 
00
...........?-  
0
0 
0
.
.
.....
.
.
$
&
*
+
-
_
<
>(
[
{
)]
....
..
a
A
;
..
.
?
.|
.m.R
...
.
.A
 
...
ZZ
6...V
u
    
 ......
 (*.*)
#####
#######
080404B0
 %1 
1.0.0.0
	1uM
(&C)
Comments
CompanyName
	Ctrl+
	Ctrl+D
	Ctrl+End
	Ctrl+G
	Ctrl+Home
	Ctrl+N
	Ctrl+PageDown
	Ctrl+PageUp
	&D.
DEFAULT_ICON
 DLL 
(&E)
FileDescription
FileVersion
         (((((                  H
(&H)
(&I)
IEXT_IDB_STATEIMAGES
 INI 
jjjj
jjjjh
jjjjj
Kjjj
Kjjjh
Kjjjj
Kjjjjjjjj
LegalCopyright
L#L8LILcLoL~L
msctls_progress32
msctls_updown32
MS Shell Dlg
(&N)
(null)
(&O)
(&P)
	PageDown
	PageUp
ProductName
ProductVersion
Progress1
PxPpPhP`PXPLP@P4P(P
Qq1041744404
 %s 
(&S)
	Shift+Tab
Spin1
StringFileInfo
(&T)
	Tab/Enter
TEXTINCLUDE
Translation
VarFileInfo
VS_VERSION_INFO
www.sensenjz.tk
xxxx
^,_^][
^$|<!$
^$_^[]
 (*.*)|*.*||
(*^__^*) 
	!	!	!	!	
													
0123456789
@=05]vm
(&07-034/)7 '
0B=H4P
0dk:ghV
0<E*9Uu
0"gQPwFo
0.I%3s
0R>\W[
0-%@ `u!
13:`cK&VM
,1"52.*
1#QNAN
1$RichB
1#SNAN
1$t#;$
1$t#:$,
	2	5	5	5	5	5
27bb20fdd3e145e4bee3db39ddd6e64c
29	hg%fpM
%2\CLSID
%2\DocObject
%2\Insertable
2mFyf:
%2\protocol\StdFileEditing\server
%2\protocol\StdFileEditing\verb\0
2+uGer
;2u-SV
2	,(z 
3;a~l(I
3^FeL*/Y
3OyMbc
3Pyz{#
'`3V>UR
3X)4nYg
|^;\$4
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
[,45ZA:Q
;|$4uG;|$DuA
\$4UVWS
}&-4}v
\$4VWh
|?5^<@
5	!	!	!	!
5014D8FA6DCA40b68FA626D8183666EB
	5	5	5
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
#5H	h"
65JSSe
	6	6	6	6
	6	6	6	6	6	6	6	6	6	6	,	,	,	,	,	,	,	,	+	+	+	+	+	/	/	/	'	'	'	'	'	'	'	'	'	'	(	(	(	(	(	(	(	(	(	(	(	(	(	
684944CB04624eb7BD5412A519421D34
6]on<X<
6 #@SdP]OI
	7	7	7	7	7	7	7	7	7	7	7	*	*	-	-	-	-
;=77WE
_7hE]m
7i`xaX
7,QM1A
7`RKqM
8G)mHFd
8MThdu
\$8UVW
8wI%4%
%9, %8
'9A`u"9
9D$$t+
9F.cLe
9G4_^d
9^Ht}3
|$$9l$
9l$\w_
9L$x~e
9l$xtU9
^**9;LY
9nPu	9^T
9o4u'V
	9oTtc
9~@St99~8~
9t$0v8
9^@t53
9u ^t	
9^xu5j
9x u	f
A0 tD_2
<A|2<Z
#A3*Vs
A6_&Zv
abcddefghijklmnoopqrrsstuvvwwxyyz;
abnormal program termination
Accept:
Accept: */*
Accept-Language:
Accept-Language: zh-cn
action
ad5S@)
AdjustWindowRectEx
advapi32.dll
Advapi32.dll
ADVAPI32.dll
afterBegin
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
Afx:%x:%x
Afx:%x:%x:%x:%x:%x
aiUy'%34xu
A{JZ%{
alnumalphablankcntrldigitgraphlowerprintpunctspaceunicodeupperwordxdigit
ampersand
apostrophe
AppendMenuA
asterisk
.?AUCThreadData@@
August
.?AUIBoundObjectSite@@
.?AUIDispatch@@
.?AUIEnumVOID@@
.?AUIMessageFilter@@
.?AUINotifyDBEvents@@
.?AUIOleClientSite@@
.?AUIOleContainer@@
.?AUIOleControlSite@@
.?AUIOleInPlaceFrame@@
.?AUIOleInPlaceSite@@
.?AUIOleInPlaceUIWindow@@
.?AUIOleWindow@@
.?AUIParseDisplayName@@
.?AUIPropertyNotifySink@@
.?AUIRowsetNotify@@
.?AUISequentialStream@@
.?AUIStream@@
.?AUIUnknown@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CHECKLIST_STATE@@
.?AV_AFX_COLOR_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_OLE_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVbad_exception@std@@
.?AVCArchiveException@@
.?AVCArchiveStream@@
.?AVCBitmap@@
.?AVCBrush@@
.?AVCButton@@
.?AVCByteArray@@
.?AVCClientDC@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCColorDialog@@
.?AVCComboBox@@
.?AVCCommonDialog@@
.?AVCDataSourceControl@@
.?AVCDC@@
.?AVCDialog@@
.?AVCDWordArray@@
.?AVCEdit@@
.?AVCEnumArray@@
.?AVCEnumUnknown@@
.?AVCException@@
.?AVCFile@@
.?AVCFileDialog@@
.?AVCFileException@@
.?AVCFont@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCImageList@@
.?AVCListCtrl@@
.?AVCMapPtrToPtr@@
.?AVCMapStringToPtr@@
.?AVCMemFile@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCOccManager@@
.?AVCOleBusyDialog@@
.?AVCOleControlContainer@@
.?AVCOleControlSite@@
.?AVCOleDialog@@
.?AVCOleDispatchException@@
.?AVCOleException@@
.?AVCOleMessageFilter@@
.?AVCPaintDC@@
.?AVCPen@@
.?AVCProgressCtrl@@
.?AVCPtrArray@@
.?AVCPtrList@@
.?AVCResourceException@@
.?AVCRgn@@
.?AVCSharedFile@@
.?AVCSimpleException@@
.?AVCSpinButtonCtrl@@
.?AVCStatic@@
.?AVCStringArray@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempImageList@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCToolTipCtrl@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWindowDC@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVCWordArray@@
.?AVexception@@
.?AVinvalid_argument@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVregex_error@boost@@
.?AVruntime_error@std@@
.?AVsp_counted_base@detail@boost@@
.?AV?$sp_counted_impl_pd@PAUHINSTANCE__@@P6AXPAX@Z@detail@boost@@
.?AV?$sp_counted_impl_p@U?$regex_traits_wrapper@U?$regex_traits@DV?$w32_regex_traits@D@boost@@@boost@@@boost@@@detail@boost@@
.?AV?$sp_counted_impl_p@V?$basic_regex_implementation@DU?$regex_traits@DV?$w32_regex_traits@D@boost@@@boost@@@re_detail@boost@@@detail@boost@@
.?AV?$sp_counted_impl_p@V?$w32_regex_traits_implementation@D@re_detail@boost@@@detail@boost@@
.?AVtype_info@@
.?AVXAmbientProps@COleControlSite@@
.?AVXBoundObjectSite@COleControlSite@@
.?AVXEnumVOID@CEnumArray@@
.?AVXEventSink@COleControlSite@@
.?AVXMessageFilter@COleMessageFilter@@
.?AVXNotifyDBEvents@COleControlSite@@
.?AVXOleClientSite@COleControlSite@@
.?AVXOleContainer@COleControlContainer@@
.?AVXOleControlSite@COleControlSite@@
.?AVXOleIPFrame@COleControlContainer@@
.?AVXOleIPSite@COleControlSite@@
.?AVXPropertyNotifySink@COleControlSite@@
.?AVXRowsetNotify@COleControlSite@@
axZ!7}h
<A|@<Z
B 02CV
&b4*~r
backgroundColor
; BACKGROUND-COLOR: #
backslash
backspace
bad exception
bcdfghijklmnpqrstuvwxyz
BCM8]|/
BeginPaint
BeginPath
b)?i^/
BitBlt
BKbhTb~XBK!;
 (*.BMP)|*.BMP|GIF
B]ne>`6q
BOEi	H
Bogus message code %d
border
bpPG0+
bq|w1U
<B style='COLOR: #
button
Button
BUTTON
button|submit|reset
B+X!>'
bz49N.
< (_'=]C
C =02CVu
%=^c1$
CallNextHookEx
CallWindowProcA
Caption
CArchiveException
carriage-return
CBitmap
CBrush
CButton
CByteArray
CClientDC
CCmdTarget
CColorDialog
CColourPicker
CComboBox
CDialog
CDWordArray
CE*P)$
CException
CFileDialog
CFileException
CGdiObject
c.(!>gM
character
CharNextA
charset
CharUpperA
checkbox
checked
CheckMenuItem
ChildWindowFromPointEx
ChooseColorA
CImageList
circumflex
|CkD -
ck(WSbpS
className
ClientToScreen
CListCtrl
CloseClipboard
CloseDatabase
CloseHandle
ClosePrinter
CLSID\%1
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultExtension
CLSID\%1\DefaultIcon
CLSID\%1\DocObject
CLSID\%1\InprocHandler32
CLSID\%1\InProcServer32
CLSID\%1\Insertable
CLSID\%1\LocalServer32
CLSID\%1\MiscStatus
CLSID\%1\Printable
CLSID\%1\ProgID
CLSID\%1\Verb\0
CLSID\%1\Verb\1
CLSIDFromProgID
CLSIDFromString
CMapPtrToPtr
CMapStringToPtr
CMemFile
CMemoryException
C*m#ysv
CNotSupportedException
CObject
CoFreeUnusedLibraries
CoGetClassObject
CoInitialize
COleBusyDialog
COleDialog
COleDispatchException
COleException
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
commdlg_ColorOK
commdlg_FileNameOK
commdlg_help
commdlg_LBSelChangedNotify
commdlg_SetRGBColor
commdlg_ShareViolation
commercial-at
ComObject
CompareStringA
CompareStringW
Complexity requirements exceeded
Content-Type:
Content-Type: application/x-www-form-urlencoded
ConvertURL2FG('
Cookie: 
CopyAcceleratorTableA
CopyRect
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CPaintDC
CPalette
CProgressCtrl
CPtrArray
CPtrList
CreateAcceleratorTableA
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
createControlRange
CreateDCA
CreateDialogIndirectParamA
CreateDIBitmap
CreateEllipticRgn
CreateEventA
CreateFileA
CreateFontIndirectA
CreateIconFromResource
CreateIconFromResourceEx
CreateILockBytesOnHGlobal
CreateMenu
CreatePalette
CreatePen
CreatePolygonRgn
createPopup
CreatePopupMenu
createRange
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSemaphoreA
CreateSolidBrush
CreateStreamOnHGlobal
createTextRange
CreateThread
CreateWaitableTimerA
CreateWindowExA
CResourceException
CSharedFile
CSpinButtonCtrl
CStatic
CStringArray
CTempDC
CTempGdiObject
CTempImageList
CTempMenu
CTempWnd
CToolTipCtrl
Ctrl+A
Ctrl+B
Ctrl+C
Ctrl+D
Ctrl+E
Ctrl+F
Ctrl+F1
Ctrl+F10
Ctrl+F11
Ctrl+F12
Ctrl+F2
Ctrl+F3
Ctrl+F4
Ctrl+F5
Ctrl+F6
Ctrl+F7
Ctrl+F8
Ctrl+F9
Ctrl+G
Ctrl+H
Ctrl+I
Ctrl+J
Ctrl+K
Ctrl+L
Ctrl+M
Ctrl+N
Ctrl+O
Ctrl+P
Ctrl+Q
Ctrl+R
Ctrl+S
Ctrl+Shift+F1
Ctrl+Shift+F10
Ctrl+Shift+F11
Ctrl+Shift+F12
Ctrl+Shift+F2
Ctrl+Shift+F3
Ctrl+Shift+F4
Ctrl+Shift+F5
Ctrl+Shift+F6
Ctrl+Shift+F7
Ctrl+Shift+F8
Ctrl+Shift+F9
Ctrl+T
Ctrl+U
Ctrl+V
Ctrl+W
Ctrl+X
Ctrl+Y
Ctrl+Z
|Cu	{M
 (*.CUR)|*.CUR|
CUserException
CWinApp
CWindowDC
CWinFormUnit
CWinThread
CWordArray
cx;9OMq`
?? / %d]
D$ _^][
D$,_^]
D$,;\$|
D$(_^]
D$(_^][
D$$_^[
D$$_^]
d09f2340818511d396f6aaf844c7e325
D$0(rO
D$0RVP
D$0SUV
D$0UVW
D$0WPQ
D$ |2;
d 3Z|v
D$49D$$}
D$4`kN
D$4\nP
D$4pkN
D$4SUV
D6F20D
D$89Vdu
D$8FtdW
D$8QRPhd>Q
D$8RPj
D$8VPQ
D$$~9+
(DA/Rv
@.data
@'dBbY
D$(CUSWP
 %d/%d 
(%d-%d):
%d / %d
%d / %d]
D$d8nP
dddd, MMMM dd, yyyy
D$DHnP
D$(dnP
D$dPQV
D$dQUWRP
D$dSUVW
D$DSWRPQ
D$DURP
D$<dyN
D$ dyN
December
DEFAULT_ICON
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
DefWindowProcA
DeleteCriticalSection
?=deleted
DeleteDC
DeleteMenu
DeleteObject
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
device
devices
.)D$H)
D$H_^][
D$h4nP
D$$hnP
D$hQRP
D$hRPQ
D$hSUV3
D$hUPQ
D$HUPQ
D$HUSj
?~\dikh
disable
DispatchMessageA
display
DISPLAY
D$(;l$ 
D$LdyN
DllRegisterServer
DllUnregisterServer
D$ lnP
D$LpkN
D$LPUj
D$LUSWP
D$ LyN
D$($^N
D$`<nP
D$,`nP
document
DocumentPropertiesA
dO!&_(L
dollar-sign
domain
DOMAIN error
D$PDnP
D$,Pj<j
D$<pkN
D$ pkN
D$(pkN
D$$pkN
D$ PQR
D$PQRP
D$PRPQ
DPtoLP
D$(QPW
D$(QRP
D$$QUP
DrawDibOpen
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawTextA
D$ RPQ
D$@RPQj
D$ RPUhD
D$,RVh
D$,SPh
D$(SUV
D$$SUV
D$\SUV
D$(t,;
D$t+D$\
D$t#D$h
d+Tg`V
D$@TnP
D$T@nP
D$TRPW
D$TVPW
DuplicateHandle
D$@UPQ
|$D UV
d<VC*AN
D$@WPS
Dw=|:s
D$<XnP
D$XPQU
D$xPUR
D$XQRWP
D$XSUV
;D$xt&
[^dYz[
D,ZaG5[
)e=0z[5
E4"0$(
e^4eds
E:51xz
ech1Y%
&Edit,0,2
EditBox
^>E<&f	
EHPWVS
eHrCg@b	gw
elementFromPoint
Ellipse
E	m9d5N~
Embedded Object
Embed Source
EmptyClipboard
Empty expression
EnableMenuItem
EnableWindow
EndDialog
EndDoc
#endif
#endif //_WIN32
EndPage
EndPaint
EndPath
EnterCriticalSection
EnumDisplayMonitors
EnumDisplaySettingsA
]E\qA:\>
eQpenc
EqualRect
equals-sign
Error in thread safety code: could not acquire a lock
Escape
<EV#/'
&eW?Ua}V%
exclamation-mark
ExcludeClipRect
execCommand
execScript
ExitProcess
ExtSelectClipRgn
ExtTextOutA
eYmJxXFU
EzOWEA
F<_^][
F,_^][
F\_^][
=f%4ho
F89^8u&j
F8+N,+F0
|F#9{J
F(9V8tQ
+FDPj	
FD@ul9L$(}f
FD uy9D$$}s
February
ff0000
F(_+F$^[;E
fF^E	s
?fff&ff23
F$@;F(v
F$@@;F(v
FileName
FileNameW
fileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRect
FillRgn
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FindText
FindWindowExA
fireEvent
FireEvent
F\jLSP
Flashget://W0ZMQVNIR0VUXWh0dHA6Ly9kLmhvdWRhby5jb20vZDg1LnBocD9haWQ9ODEzNjMyOSZhPTM0NDdjZTZmNGJjMDRhNTk4ZmFiZmNkNDExNzU1NGUxJmF0dGFjaG1lbnQ9YXR0YWNobWVudCZ0aWQ9OTU1NzM0NiZuYW1lPUNGUEwlRDIlQkIlQkMlRkMlQjMlRTklQkQlQjElRDAlRDIlRDQlQ0IlQzIlRUIxMDclQjglRjYuemlwJnU9QUZWTFV3NGJVZ3hOVUFNQmFBUUVWUVFPQjFKVFBBRUNVbHBUQWxJSEJRTlhWd2RhQkU4ZUNrayUzRFtGTEFTSEdFVF0=&2828
F;l=cv
- floating point not loaded
FlushFileBuffers
</font>
]</font>
<font color=red>
<font color=red>[
<font color=red>Div
<font color=red>Span
<font color=red>ULli
FontSize
<font style='COLOR: #
FormatMessageA
form-feed
FpHt&Ht
frames
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
[/fS_MR
function alert(){return;}
function confirm(){return;}
function prompt(){return;}
function showModalDialog(){return;}
Fv1?r@
F^Vp}!;
Fxt_;FTu@
fZnF)M
g|^;#|
g4GO&>?
g5rb\]
GAIsProcessorFeaturePresent
g~b1Y%
G:CvfV
gdi32.dll
Gdi32.dll
GDI32.dll
GdipCreateBitmapFromStream
GdipDisposeImage
gdiplus.dll
GdiplusShutdown
GdiplusStartup
GdipSaveImageToStream
GetACP
GetActiveWindow
GetBkColor
GetBkMode
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipBox
GetClipRgn
GetCommandLineA
GetConnectString
GetCPInfo
GetCurrentObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDesktopWindow
GetDeviceCaps
GetDIBits
GetDlgCtrlID
GetDlgItem
getElementsByTagName
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetFileTitleA
GetFileType
GetFocus
GetForegroundWindow
GetFullPathNameA
GetHGlobalFromStream
GetKeyState
GetLastActivePopup
GetLastError
GetLocalTime
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleHandleA
GetMonitorInfoA
GetNextDlgGroupItem
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetOpenFileNameA
GetOpenFileNameW
GetParent
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProfileStringA
GetPropA
GetROP2
GetSaveFileNameA
GetScrollPos
GetScrollRange
GetStartupInfoA
GetStdHandle
GetStockObject
GetStretchBltMode
GetStringTypeA
GetStringTypeExA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemInfo
GetSystemMenu
GetSystemMetrics
GetSystemPaletteEntries
GetSystemTime
GetTabList
GetTextColor
GetTextExtentPoint32A
GetTextMetricsA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetTopWindow
GetUserDefaultLCID
GetVersion
GetVersionExA
GetViewportExtEx
GetViewportOrgEx
GetVolumeInformationA
GetWindow
GetWindowDC
GetWindowExtEx
GetWindowLongA
GetWindowOrgEx
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
 (*.GIF)|*.GIF|
GL_^][
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
Gnvax/
GqW/zI
grave-accent
GrayStringA
greater-than-sign
;'+GTz
:~GyXq
`h````
#H3	_pw.
h9n`u;
'>h.B'
h+c"gf
Hdhzk[8
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
height
hgjlkbrfzaoe
HHtpHHtl
hidden
hJK.ZH
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_USERS
H:mm:ss
	HN~\i
host(.*?)host' target='_blank'><FONT color=red><B>(.*?)</B></FONT>
HpO9'+
HQ[1AH
HSVHWtgHHtF
Ht#HHt
HtHHuz
 (*.htm;*.html)|*.htm;*.html
htmlText
HtmlViewer
http://
HTTP/1.1
http://bbs.houdao.com/host
HttpOpenRequestA
HttpQueryInfoA
https://
HttpSendRequestA
http://www.iqshw.com/url/
HtYHt6H
!H\`wf/[;
hWj@_;
hyphen
_hypot
(@`"i5
 (*.ICO)|*.ICO|
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
ImageList_Destroy
ImageList_Draw
ImageList_Duplicate
ImageList_GetImageCount
ImageList_Read
ImageList_SetBkColor
#include "l.chs\afxres.rc"          // Standard components
InflateRect
InitCommonControlsEx
InitializeCriticalSection
innerHTML
innertext
innerText
insertAdjacentHTML
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
InternetCloseHandle
InternetConnectA
 @Internet Explorer_Server
InternetOpenA
InternetReadFile
IntersectRect
I%nUOE1!93
InvalidateRect
Invalid back reference
Invalid character class name
Invalid collation character
Invalid content of repeat range
Invalid or trailing backslash
Invalid preceding regular expression
Invalid range end
Invalid regular expression
Invalid regular expression object
invalid string position
IQhhcP
,]Iqq/
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
It#Iu%
'	I vi
\$\}-j
<J5e]D
j9X uN
j9X,uN
JanFebMarAprMayJunJulAugSepOctNovDec
January
JavaScript
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
jBWVSSQ
j*mI~1
JPEGMEM
 (*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
 (*.JPG)|*.JPG|BMP
JScript
j VUPWQ
jYI&oh
kernel32
KERNEL32
kernel32.dll
Kernel32.dll
KERNEL32.dll
KERNEL32.DLL
KillTimer
k%jPJo
kkJ^/f`
K/k]-kD
K|Ky\@V
k`,l~MK3
kXEQ>\u
^l_^][
;l$ }:
L$ ]_^
L$$_^]
L$0PQR
L$0PQS
L$0SUV@W
L$,_^]2
L23fff&ff
L$,_^]3
L$,_[3
L$3QhhcP
L$4_^3
L$4^[d
L$4_^[d
L$4_^][d
L$4S+L$0Qj
L$4UQWP
L$4VQUP
L$4WPQR
L$4WQUVS
L$8^]_3
L$89l$8}
L$8_^[d
L$8_^][d
L$8WPQR
`	|la:
LANGUAGE 4, 2
LCMapStringA
LCMapStringW
L$`_^][d
L$<^[_]d
L$|_^][d
L$ ^][d
L$ _^d
L$ _^][d
L$,_^][d
L$(_^][d
L$@^[d
L$@^]d
L$@_^][d
L$$^[d
L$$^]d
L$$_^d
L$$_^]d
L$$_^][d
L$\_^][d
L$d_^][d
L$D_^[d
L$D_^][d
L$D_]d
L$DPQj
L$DSVQ
LeaveCriticalSection
left-curly-bracket
left-parenthesis
left-square-bracket
length
less-than-sign
L$`F@;
l	g~b0R 
l	g~b0Rdk
L$h_^]3
L$h_^][d
L$H_^][d
L$H][d
L$Hj&Q
l$HQRVU
L$HSUVWP
LineTo
Link Source
Link Source Descriptor
ListView
L$L_^]
L$L_^]3
L$l_^][d
L$L^[d
L$L_^][d
	LLLLLK
L$LPQR
L$lRVQ
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadLibraryA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LocalReAlloc
location
Location:
LockFile
LockResource
+ LOOP 
L$p_^][d
L$P_^d
L$P_]^[d
LpO1z5=
L$ PQh
L$<PQR
L$(PQR
L$@PQR
L$<PQVV
L$pRPQ
LPtoDP
L$(PVQ
L$ QRh
L$ QSR
L$ QUS
L$,RPQ
L$(RPQ
L$<RPQW
L$@RQj
L$@RUQ
lRZm?P
L$<SQR
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpyn
lstrcpynA
lstrlenA
lstrlenW
L$,SUV
L$(SUV
L$T_^]
L$t_^d
L$t][d
L$T_^]d
L$T_^][d
|$LtE;
L$TSWQ
L$(t/;:u
L$(UUh
\$lUV3
L$(VQRSP
L$(VQVj
l$@VW3
l$<VWj
L$ WPQ
L$(WQR
L$(WSR
L$X_^]3
L$x_^d
L$x_^][d
L$X_^d
L$X;L$
L$XSQh
@;l$\~Z
mailto:
MapDialogRect
MapWindowPoints
+Mc[}<
mC]pF~
M/d/yy
Memory exhausted
MessageBeep
MessageBoxA
method
MGridCells
Microsoft Visual C++ Runtime Library
midiOutPrepareHeader
midiOutReset
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamProperty
midiStreamRestart
midiStreamStop
 (*.MID)|*.MID|
+mirhj
?MN*~6
ModifyMenuA
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MousePointer
MoveStart
MoveToEx
MoveWindow
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 2Pac; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Mpr.dll
msctls_updown32
MsgWaitForMultipleObjects
MSIMG32.dll
MS Sans Serif
MS Shell Dlg
MSVCRT.dll
__MSVCRT_HEAP_SELECT
MSVFW32.dll
MulDiv
MultiByteToWideChar
MVB9Y@x
M\WJZZ
n0SSSSU
N8+F,+N0
Native
navigate
-NbkSbpS
-NbkSbpS(
%`#nD'
nd9~dt
newline
newurl
N/f@b	g
NH_^][
Nh;NX|
-'`N*I
NjK	_8
NkR9-ln+
-N"N1Y
N*Ncktepe
N(;N,r
N*Ntepe
N*N(W%
N*N(W0
No match
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
NOW=\y
nt2Ht#Ht
NTRPQj
(null)
number-sign
N'Uth='z
N(u{vF
N$~	WU
NX9NXu 
Nx(cq\
NyLM+@q
Nyt2S	W	w	w
nzzpenc
O/";_)
O(_^][
O]-`]_
o0SSSSU
	O2y|p
Object Descriptor
ObjectFromLresult
ObjectLink
October
Offline
offsetLeft
offsetParent
OffsetRect
offsetTop
OffsetViewportOrgEx
:+OG&X/f
oldurl
ole32.dll
OLEACC.DLL
OLEAUT32.dll
oledlg.dll
OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OleUninitialize
*omj Y
onchange
onmousedown
&Open,0,2
OpenClipboard
OpenDatabase
OpenPrinterA
outerHTML
outerText
Out of stack space
Out of stack space, while attempting to match a regular expression.
out.prn
OwnerLink
OX[0R 
%oY4;F
P2"Tby"
.P6AXPAX@Z
^P8QfWj
~P9~Pun
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
PA#define _AFX_NO_SPLITTER_RESOURCES
parentWindow
pasteHTML
PatBlt
PathToRegion
.PAVCArchiveException@@
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCObject@@
.PAVCOleDispatchException@@
.PAVCOleException@@
.PAVCResourceException@@
.PAVCSimpleException@@
.PAVCUserException@@
PEa-dP1
PeekMessageA
percent-sign
period
pgp3 ~~~
Ph_^][Y
PicBox
P#include "afxres.h"
PlEaM0T
plus-sign
PostMessageA
PostQuitMessage
PostThreadMessageA
PPPPhd
PPPPPPPP
P<PuWSV
ppxxxx
PQj WUS
PQQQQQ
\$ PQV
#pragma code_page(936)
Premature end of regular expression
PreviewPages
 (*.prn)|*.prn|
Program: 
<program name unknown>
P$RWPh
pS>Q2C
~'PSQR
PtInRect
PTMSrj
PtVisible
- pure virtual function call
\$PVUUS
PWVWWW
q^8AVaz7
_[Qdte
qE`iLG
QPSWVR
QQSVW3
QQSVWd
QQSVWj
QQUWSS
QqZmLz
QSUVWj
question-mark
quotation-mark
qVbv=K
QX[gbL
QypmUH
R?~?&_&
RaiseException
`.rdata
ReadFile
RealizePalette
Rectangle
RectVisible
RedrawWindow
Referer:
Referer: 
REG_BINARY - 
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
REG_DWORD - DWORD
RegEnumKeyA
RegEnumValueA
RegFlushKey
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
REG_MULTI_SZ - 
REG_NONE - 
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
REG_REG_EXPAND_SZ - 
RegSetValueExA
REG_SZ - 
Regular expression too big
ReleaseCapture
ReleaseDC
ReleaseSemaphore
RemovePlayer
RemovePropA
resource.h
RestoreDC
ResumeThread
RichEdit Text and Objects
Rich Text Format
right-curly-bracket
right-parenthesis
right-square-bracket
RoundRect
|$,RPQ
RSbpS\O
RtlMoveMemory
RtlUnwind
runtime error 
Runtime Error!
RVPUSQ
\r\W_N.
S3`8P%~
S.Ac9SR
Saturday
SaveDC
SbpS0R
SbpS@b	gu
SbpS:g:
SbpS\O
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
scrollHeight
scrollLeft
scrollTop
scrollWidth
ScrollWindowEx
SearchResult
select
SelectClipRgn
selectedIndex
selection
SelectObject
select-one|select
SelectPalette
semicolon
SendDlgItemMessageA
SendMessageA
SendMessageTimeoutA
September
SetActiveWindow
SetBkColor
SetBkMode
SetCapture
SetClipboardData
Set-Cookie
Set-Cookie:
SetCurrentDirectoryA
SetCursor
SetCursorPos
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuItemBitmaps
SetParent
SetPolyFillMode
SetPropA
SetRect
SetRectEmpty
SetROP2
SetScrollPos
SetScrollRange
SetStdHandle
SetStretchBltMode
SetTextColor
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWaitableTimer
SetWindowContextHelpId
SetWindowExtEx
SetWindowLongA
SetWindowOrgEx
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
s.f}db
Shell32.dll
SHELL32.dll
ShellExecuteA
Shell_NotifyIconA
\shell\open\command
Shift+F1
Shift+F10
Shift+F11
Shift+F12
Shift+F2
Shift+F3
Shift+F4
Shift+F5
Shift+F6
Shift+F7
Shift+F8
Shift+F9
ShowWindow
Silent
SING error
SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_EL.dll
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign
SkP&\5NfQ
s`)L$4
s+Lhn@[0/
sO;>|C;~
software
solid 
(?sQW^
SS@SSPVSS
_SSSSU
StartDocA
StartPage
StatusText
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
StretchBlt
string too long
<@style
submit
Success
Sunday
SunMonTueWedThuFriSat
s*ur|E8f
SUVWhH
SWVVVRPV
SxvOhqu
SysListView32
System
SystemParametersInfoA
T$<_^]
T$$_^]
T$0A@;
T$0PjdR
T$0PQR
T$0SUV
t>;1u-SV
T2|U9O
@t4Ht1Ht_Ht
T$8QRP
T$8RWj
t8VQ2\
t$ 90t
t	9A8u
t	9p$u
t&9^$t
TabbedTextOutA
tagname
tagName
tAh8mN
tAKNE'
target
tBShC9K
,~:tcC
T$$+D$4
tD9_Pt?
T$dPQR
T$DPQRW
TdQB[>
T$DQRU
T$DQSR
T$DWRh
T$\;D$Xu
t(ENEN;
TerminateProcess
textarea
TextOutA
text|password|file
T/f&Tcknx
TGkcnJ
<]t_G<-uA
ThG1sE
!This program cannot be run in DOS mode.
T$hQPRj
T$HQPRj
t>Ht Ht
t*Ht"Ht
t+Ht$Ht
Thursday
T$H} VP
tI;Ftr
T$\jdSR
+tJHt:Ht*
T`Ju#r)6^J
tkSUVW
TLOSS error
T$lPRh
t$lRPV
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t$LUPh
T$LWUQVR
TogslH
tooltips_class32
T$pPQR
t$PPVS
T$(PQR
T$\PQR
T$PQRP
T$ PQWWR
T$$PRV
t$ PUSVV
tq9~Dt
tq9w(tlSj
T$(Qh|
tQPH,/
T$ QRh
T$,QSR
T$(QVURWP
TranslateAcceleratorA
TranslateMessage
TransparentBlt
tRHt}H
T$,RQP
t%RSQP
t$$RVP
T$<RVW
tS9~@uN
tSh sN
T*spwd
T$ SRh
T$,SRh
t$(SSh
t#SSUP
T$ SWRP
t!< t	<
+ttHHtd
t.;t$$t(
t$t#t$l
Tuesday
T$\URP
tuZ=d&
t$$VSS
*tVU[T#
tvWWWWU
T$\WVR
t/WWUPj
 (*.txt)|*.txt|
T$XUSR
;t$Xu";\$\u
t$XWVS
?u='@^
u._^][
u29l$xu,
^u2>*}q
u"8D$yu
u]9B uX
u	9~@u
\Uc4~_
%u	d,P
u	+FDP
>:u#FV
uh9^8uX
u@hVRK
_uk;q u
- unable to initialize heap
- unable to open console device
Unable to open message catalog: 
underscore
- unexpected heap error
- unexpected multithread lock error
>:uNFV
UnhandledExceptionFilter
UnhookWindowsHookEx
Unknown error
Unknown exception
UnlockFile
Unmatched ( or \(
Unmatched ) or \)
Unmatched [ or [^
Unmatched { or \{
UnregisterClassA
UpdateWindow
uR9BxuM
uRFGHt
Usage Error: Can't mix regular expression captures with POSIX matching rules
user32
USER32
user32.dll
User32.dll
USER32.dll
User-Agent:
u$SShe
@u+;t$
\$ UVW
\$(UVW
UxigU8
.,v%,<
V0+zN=-i
ValidateRect
Variant
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
v@b	gD
VBScript
VC20XC00U
v$/_cR
V#D$,WPQ
vertical-line
vertical-tab
Vh;VX|
VI$:jg|
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
visible
Vj@>$R
vn2}sp
\,VTbm
V;vGWR
VVUSVV
VVVPQR
\$<VW3
VWhVRK
V@W@PQ
VWQPh 
VWQPh(
V,_^[Y
(V`yr(8
W9^du-
,wAe.kI
WaitForMultipleObjects
WaitForSingleObject
WarnOnHTTPSToHTTPRedirect
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite
 (*.WAV;*.MID)|*.WAV;*.MID|WAV
 (*.WAV)|*.WAV|MIDI
Wednesday
	WG!2S(
w]hVRK
WideCharToMultiByte
window
WindowFromPoint
windows
WinExec
WinHelpA
wininet.dll
WINMM.dll
WINSPOOL.DRV
WjdjdPQh
Wj(_Wj
WM_HTML_GETOBJECT
|$$}$WP
\<wp]w
(wqt\HHtS
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
WS2_32.dll
wsprintfA
WTWindow
|$@ Wu
;|wvQ|Y?4
"WWShX
wwwwww
X3:c@J
;x#3:K_
x7(8D#
xe%CNs
x:I*8j
x>K7GZ
XPTPSW
xx0H>>
XY[Z[]
)?:X`Z
Y4~mrO
.>+[y9NI
Y@documentElement
}yg11qTp
YHYtLHt9
y'+xq?
YX[(W	
_^][YY
YYF;5`
z&^0nZ^
Z~'<5d
Z6w}oz
zg}ey2
Zk_'2=
ZL3aS5A^
,zQbyO
zqol#6#0L
Zt(Ht Ht
ZuU5*48z
|z;^<}uWS
zW9#g&