Analysis Date2015-01-25 05:34:47
MD5450bbd74ea75d01dfb7124b9a04f2e6c
SHA1cd0f5939cdb50218c38a251d20ec6cdacca4b0db

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f6ef82fbf3ae3d09200fc52a68822fb9 sha1: 80cfb7c081c6bb2ae1c0319d258577fca10a6cd2 size: 471040
Section.rdata md5: 16a495b92c93004dc6a0222ba650a1df sha1: eda16e6a4dcd65c86b81b8c7d25113a57966e08b size: 110592
Section.data md5: 99e866aec2c47e07e3337d4ac4c54418 sha1: c289d2c7f6dce68c6215abb208323f1e3b462019 size: 65536
Section.rsrc md5: 7606c95675a71abeba435697afbd51fd sha1: 610b7ca1d313d9bb7784661a2426bc397980a73f size: 24576
Timestamp2008-01-01 10:27:58
VersionLegalCopyright: 作者版权所有 请尊重并使用正版
FileVersion: 1.0.0.0
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
ProductName: 易语言程序
ProductVersion: 1.0.0.0
FileDescription: 易语言程序
PackerMicrosoft Visual C++ v6.0
PEhash6145061d20cf14de06efb999c17e4e85b204e9ce
IMPhash8b9b7e62891991bd5a06373ba93aca5b
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Agent.EW.gen!Eldorado
AVAvira (antivir)no_virus
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Win32.VirTool.DelfInject.gen!X.4.a
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)no_virus
AVFortinetno_virus
AVFrisk (f-prot)W32/Agent.EW.gen!Eldorado
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVK7Backdoor ( 04c53a901 )
AVKasperskyno_virus
AVMalwareBytesSpyware.OnlineGames
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\logo[1].gif
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015012520150126\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\rq.kjkl8[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Deletes FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013061320130614\index.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013052720130603\index.dat
Creates Mutex_!SHMSFTHISTORY!_
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!mshist012015012520150126!
Winsock DNSrq.kjkl8.com

Network Details:

DNSrq.kjkl8.com
Type: A
222.186.13.11
HTTP GEThttp://rq.kjkl8.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://rq.kjkl8.com/logo.gif
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 222.186.13.11:80
Flows TCP192.168.1.1:1033 ➝ 222.186.13.11:80

Raw Pcap
0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   41636365 70743a20 2a2f2a0d 0a416363   Accept: */*..Acc
0x00000020 (00032)   6570742d 4c616e67 75616765 3a20656e   ept-Language: en
0x00000030 (00048)   2d75730d 0a416363 6570742d 456e636f   -us..Accept-Enco
0x00000040 (00064)   64696e67 3a20677a 69702c20 6465666c   ding: gzip, defl
0x00000050 (00080)   6174650d 0a557365 722d4167 656e743a   ate..User-Agent:
0x00000060 (00096)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000070 (00112)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000080 (00128)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000090 (00144)   2e313b20 5356313b 202e4e45 5420434c   .1; SV1; .NET CL
0x000000a0 (00160)   5220322e 302e3530 37323729 0d0a486f   R 2.0.50727)..Ho
0x000000b0 (00176)   73743a20 72712e6b 6a6b6c38 2e636f6d   st: rq.kjkl8.com
0x000000c0 (00192)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000d0 (00208)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f6c6f67 6f2e6769 66204854   GET /logo.gif HT
0x00000010 (00016)   54502f31 2e310d0a 41636365 70743a20   TP/1.1..Accept: 
0x00000020 (00032)   2a2f2a0d 0a526566 65726572 3a206874   */*..Referer: ht
0x00000030 (00048)   74703a2f 2f72712e 6b6a6b6c 382e636f   tp://rq.kjkl8.co
0x00000040 (00064)   6d2f0d0a 41636365 70742d4c 616e6775   m/..Accept-Langu
0x00000050 (00080)   6167653a 20656e2d 75730d0a 41636365   age: en-us..Acce
0x00000060 (00096)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000070 (00112)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000080 (00128)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000090 (00144)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x000000a0 (00160)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x000000b0 (00176)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x000000c0 (00192)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000d0 (00208)   3237290d 0a486f73 743a2072 712e6b6a   27)..Host: rq.kj
0x000000e0 (00224)   6b6c382e 636f6d0d 0a436f6e 6e656374   kl8.com..Connect
0x000000f0 (00240)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x00000100 (00256)   0a0d0a                                ...


Strings
....  ................
"#
....
.....
..........
.........
10/.-,+*)('&%$#"! ..............
..
.........
-
..
x
..
-- \
.-E-0-0
..
00-+ 
e
 
00
...........?-  
0
0 
0
?
. .
0..
.
c.
u
    
 ......
 (*.*)
#####
#######
080404B0
 %1 
1.0.0.0
	1uM
B'C_C
(&C)
CECRC8CyClC
Comments
	Ctrl+
	Ctrl+D
	Ctrl+End
	Ctrl+G
	Ctrl+Home
	Ctrl+N
	Ctrl+PageDown
	Ctrl+PageUp
	&D.
DEFAULT_ICON
 DLL 
(&E)
FileDescription
FileVersion
Gjjj
Gjjjh
Gjjjj
Gjjjjjjjj
         (((((                  H
(&H)
(http://www.eyuyan.com)
(&I)
IEXT_IDB_STATEIMAGES
 INI 
jjjj
jjjjj
LegalCopyright
msctls_progress32
msctls_updown32
MS Shell Dlg
(&N)
(null)
(&O)
(&P)
	PageDown
	PageUp
ProductName
ProductVersion
Progress1
 %s 
(&S)
	Shift+Tab
Spin1
StringFileInfo
(&T)
	Tab/Enter
TEXTINCLUDE
Translation
VarFileInfo
VS_VERSION_INFO
xxxx
^,_^][
^$_^[]
 (*.*)|*.*||
	!	!	!	!	
(&07-034/)7 '
0dk:ghV
0R>\W[
(;=0UL
,1"52.*
1#QNAN
1#SNAN
	2	5	5	5	5	5
27bb20fdd3e145e4bee3db39ddd6e64c
%2\CLSID
%2\DocObject
%2\Insertable
%2\protocol\StdFileEditing\server
%2\protocol\StdFileEditing\verb\0
2<wQ(,d
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
\$4VWh
|?5^<@
5	!	!	!	!
5014D8FA6DCA40b68FA626D8183666EB
	5	5	5
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
	6	6	6	6
	6	6	6	6	6	6	6	6	6	6	,	,	,	,	,	,	,	,	+	+	+	+	+	/	/	/	'	'	'	'	'	'	'	'	'	'	(	(	(	(	(	(	(	(	(	(	(	(	(	
727037743
	7	7	7	7	7	7	7	7	7	7	7	*	*	-	-	-	-
8MThdu
\$8UVW
%9, %8
'9A`u"9
9D$$t+
9G4_^d
9^Ht}3
9L$x~e
9l$xtU9
9nPu	9^T
9o4u'V
	9oTtc
9~@St99~8~
9t$0v8
9^@t53
9u ^t	
9^xu5j
9x u	f
<A|2<Z
abcddefghijklmnoopqrrsstuvvwwxyyz;
abnormal program termination
AdjustWindowRectEx
Advapi32.dll
ADVAPI32.dll
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
Afx:%x:%x
Afx:%x:%x:%x:%x:%x
AppendMenuA
.?AUCThreadData@@
August
.?AUIBoundObjectSite@@
.?AUIDispatch@@
.?AUIEnumVOID@@
.?AUIMessageFilter@@
.?AUINotifyDBEvents@@
.?AUIOleClientSite@@
.?AUIOleContainer@@
.?AUIOleControlSite@@
.?AUIOleInPlaceFrame@@
.?AUIOleInPlaceSite@@
.?AUIOleInPlaceUIWindow@@
.?AUIOleWindow@@
.?AUIParseDisplayName@@
.?AUIPropertyNotifySink@@
.?AUIRowsetNotify@@
.?AUISequentialStream@@
.?AUIStream@@
.?AUIUnknown@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CHECKLIST_STATE@@
.?AV_AFX_COLOR_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_OLE_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVCArchiveException@@
.?AVCArchiveStream@@
.?AVCBitmap@@
.?AVCBrush@@
.?AVCButton@@
.?AVCByteArray@@
.?AVCClientDC@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCColorDialog@@
.?AVCComboBox@@
.?AVCCommonDialog@@
.?AVCDataSourceControl@@
.?AVCDC@@
.?AVCDialog@@
.?AVCDWordArray@@
.?AVCEdit@@
.?AVCEnumArray@@
.?AVCEnumUnknown@@
.?AVCException@@
.?AVCFile@@
.?AVCFileDialog@@
.?AVCFileException@@
.?AVCFont@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCImageList@@
.?AVCMapPtrToPtr@@
.?AVCMapStringToPtr@@
.?AVCMemFile@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCOccManager@@
.?AVCOleBusyDialog@@
.?AVCOleControlContainer@@
.?AVCOleControlSite@@
.?AVCOleDialog@@
.?AVCOleDispatchException@@
.?AVCOleException@@
.?AVCOleMessageFilter@@
.?AVCPaintDC@@
.?AVCPen@@
.?AVCProgressCtrl@@
.?AVCPtrArray@@
.?AVCPtrList@@
.?AVCResourceException@@
.?AVCRgn@@
.?AVCSharedFile@@
.?AVCSimpleException@@
.?AVCStatic@@
.?AVCStringArray@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempImageList@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCToolTipCtrl@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWindowDC@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVCWordArray@@
.?AVtype_info@@
.?AVXAmbientProps@COleControlSite@@
.?AVXBoundObjectSite@COleControlSite@@
.?AVXEnumVOID@CEnumArray@@
.?AVXEventSink@COleControlSite@@
.?AVXMessageFilter@COleMessageFilter@@
.?AVXNotifyDBEvents@COleControlSite@@
.?AVXOleClientSite@COleControlSite@@
.?AVXOleContainer@COleControlContainer@@
.?AVXOleControlSite@COleControlSite@@
.?AVXOleIPFrame@COleControlContainer@@
.?AVXOleIPSite@COleControlSite@@
.?AVXPropertyNotifySink@COleControlSite@@
.?AVXRowsetNotify@COleControlSite@@
<A|@<Z
B 02CV
bcdfghijklmnpqrstuvwxyz
BeginPaint
BeginPath
bI$l*.
BitBlt
BKbhTb~XBK!;
 (*.BMP)|*.BMP|GIF
Bogus message code %d
Button
BUTTON
C =02CVu
c9F+ww
CallNextHookEx
CallWindowProcA
Caption
CArchiveException
CBitmap
CBrush
CButton
CByteArray
CClientDC
CCmdTarget
CColorDialog
CColourPicker
CComboBox
CDialog
CDWordArray
\C+E$N
CException
CFileDialog
CFileException
CGdiObject
CharNextA
CharUpperA
CheckMenuItem
ChildWindowFromPointEx
ChooseColorA
CImageList
C{kqi2
ck(WSbpS
ClientToScreen
CloseClipboard
CloseDatabase
CloseHandle
ClosePrinter
CLSID\%1
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultExtension
CLSID\%1\DefaultIcon
CLSID\%1\DocObject
CLSID\%1\InprocHandler32
CLSID\%1\InProcServer32
CLSID\%1\Insertable
CLSID\%1\LocalServer32
CLSID\%1\MiscStatus
CLSID\%1\Printable
CLSID\%1\ProgID
CLSID\%1\Verb\0
CLSID\%1\Verb\1
CLSIDFromProgID
CLSIDFromString
CMapPtrToPtr
CMapStringToPtr
CMemFile
CMemoryException
CNotSupportedException
CObject
CoFreeUnusedLibraries
CoGetClassObject
COleBusyDialog
COleDialog
COleDispatchException
COleException
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
commdlg_ColorOK
commdlg_FileNameOK
commdlg_help
commdlg_LBSelChangedNotify
commdlg_SetRGBColor
commdlg_ShareViolation
CompareStringA
CompareStringW
CopyAcceleratorTableA
CopyRect
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CPaintDC
CPalette
CProgressCtrl
CPtrArray
CPtrList
^CrCAop
CreateAcceleratorTableA
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDialogIndirectParamA
CreateDIBitmap
CreateEllipticRgn
CreateEventA
CreateFileA
CreateFontIndirectA
CreateIconFromResource
CreateIconFromResourceEx
CreateILockBytesOnHGlobal
CreateMenu
CreatePalette
CreatePen
CreatePolygonRgn
CreatePopupMenu
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSemaphoreA
CreateSolidBrush
CreateThread
CreateWindowExA
CResourceException
CSharedFile
CStatic
CStringArray
CTempDC
CTempGdiObject
CTempImageList
CTempMenu
CTempWnd
CToolTipCtrl
Ctrl+A
Ctrl+B
Ctrl+C
Ctrl+D
Ctrl+E
Ctrl+F
Ctrl+F1
Ctrl+F10
Ctrl+F11
Ctrl+F12
Ctrl+F2
Ctrl+F3
Ctrl+F4
Ctrl+F5
Ctrl+F6
Ctrl+F7
Ctrl+F8
Ctrl+F9
Ctrl+G
Ctrl+H
Ctrl+I
Ctrl+J
Ctrl+K
Ctrl+L
Ctrl+M
Ctrl+N
Ctrl+O
Ctrl+P
Ctrl+Q
Ctrl+R
Ctrl+S
Ctrl+Shift+F1
Ctrl+Shift+F10
Ctrl+Shift+F11
Ctrl+Shift+F12
Ctrl+Shift+F2
Ctrl+Shift+F3
Ctrl+Shift+F4
Ctrl+Shift+F5
Ctrl+Shift+F6
Ctrl+Shift+F7
Ctrl+Shift+F8
Ctrl+Shift+F9
Ctrl+T
Ctrl+U
Ctrl+V
Ctrl+W
Ctrl+X
Ctrl+Y
Ctrl+Z
 (*.CUR)|*.CUR|
CUserException
CWinApp
CWindowDC
CWinFormUnit
CWinThread
CWordArray
?? / %d]
D$ _^][
D$,_^]
D$,;\$|
D$(_^]
D$(_^][
D$$_^[
d09f2340818511d396f6aaf844c7e325
D$0SUV
D$0WPQ
D$ |2;
D$49D$$}
D$89Vdu
D$8FtdW
D$8QRPh
D$8RPj
D$8VPQ
D$$~9+
@.data
D$(CUSWP
 %d/%d 
(%d-%d):
%d / %d
%d / %d]
dddd, MMMM dd, yyyy
D$dPQV
D$dQUWRP
D$dSUVW
D$DSWRPQ
D$DURP
December
DEFAULT_ICON
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
DefWindowProcA
DeleteCriticalSection
DeleteDC
DeleteMenu
DeleteObject
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
device
devices
D$H_^][
D$hQRP
D$hRPQ
D$hSUV3
D$hUPQ
D$HUPQ
D$HUSj
disable
DispatchMessageA
DISPLAY
D$(;l$ 
D$<l	H
D$ l	H
D$Ll	H
DllRegisterServer
DllUnregisterServer
D$LPUj
D$LUSWP
DocumentPropertiesA
DOMAIN error
D$,Pj<j
D$ PQR
D$PQRP
D$PRPQ
DPtoLP
D$(QPW
D$(QRP
D$$QUP
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawTextA
D$@RPQj
D$ RPUhD
D$,RVh
D$,SPh
D$(SUV
D$$SUV
D$TRPW
D$TVPW
DuplicateHandle
D$@UPQ
|$D UV
Dw=h3H
D$@WPS
Dw=|:s
D$XPQU
D$XQRWP
D$XSUV
;D$xt&
ech1Y%
&Edit,0,2
EE~l|,
EHPWVS
Ellipse
Embedded Object
Embed Source
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndDoc
#endif
#endif //_WIN32
EndPage
EndPaint
EndPath
EnterCriticalSection
EnumDisplayMonitors
EnumDisplaySettingsA
eQpenc
EqualRect
Escape
/:e_S_K|*
ExcludeClipRect
ExitProcess
ExtSelectClipRgn
ExtTextOutA
F<_^][
F,_^][
F\_^][
F7FC1AE45C5C4758AF03EF19F18A395D
F89^8u&j
f8e^Pq
F8+N,+F0
F(9V8tQ
,f9=,XL
FD@ul9L$(}f
FD uy9D$$}s
February
F(_+F$^[;E
?fff&ff23
F$@;F(v
F$@@;F(v
%%fgR*qi
FileName
FileNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRect
FillRgn
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FindWindowExA
F\jLSP
- floating point not loaded
FlushFileBuffers
FontSize
FormatMessageA
FpHt&Ht
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
[/fS_MR
Fxt_;FTu@
GAIsProcessorFeaturePresent
g~b1Y%
Gdi32.dll
GDI32.dll
GetACP
GetActiveWindow
GetBkColor
GetBkMode
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipBox
GetClipRgn
GetCommandLineA
GetConnectString
GetCPInfo
GetCurrentObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDesktopWindow
GetDeviceCaps
GetDIBits
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetFileTitleA
GetFileType
GetFocus
GetForegroundWindow
GetFullPathNameA
GetKeyState
GetLastActivePopup
GetLastError
GetLocalTime
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleHandleA
GetMonitorInfoA
GetNextDlgGroupItem
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetOpenFileNameA
GetParent
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProfileStringA
GetPropA
GetROP2
GetSaveFileNameA
GetScrollPos
GetScrollRange
GetStartupInfoA
GetStdHandle
GetStockObject
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetSystemPaletteEntries
GetSystemTime
GetTabList
GetTextColor
GetTextExtentPoint32A
GetTextMetricsA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetTopWindow
GetVersion
GetVersionExA
GetViewportExtEx
GetViewportOrgEx
GetVolumeInformationA
GetWindow
GetWindowDC
GetWindowExtEx
GetWindowLongA
GetWindowOrgEx
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
 (*.GIF)|*.GIF|
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
GrayStringA
`h````
h9n`u;
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
height
hgjlkbrfzaoe
HHtpHHtl
H:mm:ss
HrCg@b	g 
hS~Mh}
HSVHWtgHHtF
Ht#HHt
HtHHuz
 (*.htm;*.html)|*.htm;*.html
HtmlViewer
http://rq.kjkl8.com/
HtYHt6H
hWj@_;
_hypot
 (*.ICO)|*.ICO|
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
ImageList_Destroy
#include "l.chs\afxres.rc"          // Standard components
InflateRect
InitCommonControlsEx
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IntersectRect
InvalidateRect
iphlpapi.dll
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
It#Iu%
\$\}-j
JanFebMarAprMayJunJulAugSepOctNovDec
January
jBWVSSQ
JPEGMEM
 (*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
 (*.JPG)|*.JPG|BMP
\:jRv^
j VUPWQ
KERNEL32
Kernel32.dll
KERNEL32.dll
KillTimer
Kky[_=
kXEQ>\u
^l_^][
;l$ }:
L$ ]_^
L$0PQR
L$0PQS
L$0SUV@W
L23fff&ff
L$,_^]3
L$,_[3
L$4_^3
L$4_^[d
L$4S+L$0Qj
L$4UQWP
L$4VQUP
L$4WPQR
L$4WQUVS
L$8^]_3
L$8_^[d
L$8_^][d
L$8WPQR
LANGUAGE 4, 2
LCMapStringA
LCMapStringW
L$`_^][d
L$<^[_]d
L$|_^][d
L$ ^][d
L$ _^d
L$ _^][d
L$,_^][d
L$(_^][d
L$@^[d
L$@^]d
L$@_^][d
L$$^[d
L$$^]d
L$$_^d
L$$_^][d
L$\_^][d
L$D_^[d
L$D_^][d
L$D_]d
L$DPQj
L$DSVQ
LeaveCriticalSection
l	g~b0R 
l	g~b0Rdk
L$h_^]3
L$h_^][d
L$H_^][d
L$H][d
L$Hj&Q
l$HQRVU
L$HSUVWP
L$$ht?I
LineTo
Link Source
Link Source Descriptor
L$L_^]3
L$l_^][d
L$L^[d
L$L_^][d
	LLLLLK
L$LPQR
L$lRVQ
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadLibraryA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
+ LOOP 
L$P_^d
L$P_]^[d
L$ PQh
L$<PQR
L$(PQR
L$@PQR
L$<PQVV
L$pRPQ
LPtoDP
L$(PVQ
L$ QSR
L$,RPQ
L$(RPQ
L$<RPQW
L$@RQj
L$@RUQ
L$<SQR
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
L$,SUV
L$(SUV
L$T_^]
L$t_^d
L$t][d
L$T_^]d
L$T_^][d
|$LtE;
L$TSWQ
l=U/Fr
L$(UUh
\$lUV3
L$(VQRSP
L$(VQVj
l$@VW3
l$<VWj
L$ WPQ
L$(WQR
L$(WSR
L$X_^]3
L$x_^d
L$x_^][d
L$X_^d
L$X;L$
L$XSQh
@;l$\~Z
m2M>vF\`
mailto:
MapDialogRect
MapWindowPoints
M/d/yy
MessageBeep
MessageBoxA
MGridCells
Microsoft Internet Explorer
Microsoft Visual C++ Runtime Library
midiOutPrepareHeader
midiOutReset
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamProperty
midiStreamRestart
midiStreamStop
 (*.MID)|*.MID|
ModifyMenuA
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MousePointer
MoveToEx
MoveWindow
Mpr.dll
MPR.dll
MS Sans Serif
MS Shell Dlg
__MSVCRT_HEAP_SELECT
M;=<UL
MulDiv
MultiByteToWideChar
n0SSSSU
N8+F,+N0
Native
-NbkSbpS
-NbkSbpS(
nd9~dt
N/f@b	g
NH_^][
Nh;NX|
-N"N1Y
N*Ncktepe
N(;N,r
N*Ntepe
N*N(W%
N*N(W0
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
nt2Ht#Ht
NTRPQj
(null)
N$~	WU
NX9NXu 
Nyt2S	W	w	w
nzzpenc
O(_^][
o0SSSSU
Object Descriptor
ObjectLink
October
Offline
OffsetRect
OffsetViewportOrgEx
ole32.dll
OLEAUT32.dll
oledlg.dll
OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OleUninitialize
&Open,0,2
OpenClipboard
OpenDatabase
OpenPrinterA
O(uckHr
out.prn
OwnerLink
OX[0R 
~P9~Pun
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
PA#define _AFX_NO_SPLITTER_RESOURCES
PatBlt
PathToRegion
.PAVCArchiveException@@
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCObject@@
.PAVCOleDispatchException@@
.PAVCOleException@@
.PAVCResourceException@@
.PAVCSimpleException@@
.PAVCUserException@@
PeekMessageA
Ph_^][Y
PicBox
P#include "afxres.h"
PostMessageA
PostQuitMessage
PostThreadMessageA
PPPPhd
PPPPPPPP
P<PuWSV
ppxxxx
PQj WUS
PQQQQQ
\$ PQV
#pragma code_page(936)
PreviewPages
 (*.prn)|*.prn|
Program: 
<program name unknown>
P$RWPh0
~'PSQR
PtInRect
PtVisible
- pure virtual function call
\$PVUUS
{PWhx=H
PWVWWW
QPSWVR
    QQ
QQSVW3
QQSVWd
QQSVWj
QQUWSS
QSUVWj
qUjX`i[
QX[gbL
RaiseException
`.rdata
ReadFile
RealizePalette
Rectangle
RectVisible
RedrawWindow
RegCloseKey
RegCreateKeyExA
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
RegOpenKeyExA
RegQueryValueA
RegSetValueExA
ReleaseCapture
ReleaseDC
ReleaseSemaphore
RemovePlayer
RemovePropA
resource.h
RestoreDC
ResumeThread
RichEdit Text and Objects
Rich Text Format
RoundRect
|$,RPQ
RSbpS\O
RtlUnwind
runtime error 
Runtime Error!
RVPUSQ
Saturday
SaveDC
SbpS0R
SbpS@b	gu
SbpS:g:
SbpS\O
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
ScrollWindowEx
SelectClipRgn
SelectObject
SelectPalette
SendDlgItemMessageA
SendMessageA
September
SetActiveWindow
SetBkColor
SetBkMode
SetCapture
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetCursorPos
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuItemBitmaps
SetParent
SetPolyFillMode
SetPropA
SetRect
SetRectEmpty
SetROP2
SetScrollPos
SetScrollRange
SetStdHandle
SetStretchBltMode
SetTextColor
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWindowContextHelpId
SetWindowExtEx
SetWindowLongA
SetWindowOrgEx
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
Shell32.dll
SHELL32.dll
ShellExecuteA
Shell_NotifyIconA
\shell\open\command
Shift+F1
Shift+F10
Shift+F11
Shift+F12
Shift+F2
Shift+F3
Shift+F4
Shift+F5
Shift+F6
Shift+F7
Shift+F8
Shift+F9
SHLWAPI.dll
ShowWindow
Silent
SING error
sO;>|C;~
software
SS@SSPVSS
_SSSSU
StartDocA
StartPage
StatusText
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
StretchBlt
Sunday
SunMonTueWedThuFriSat
SWVVVRPV
System
SystemParametersInfoA
T$0h ?I
T$0PjdR
T$0PQR
T$0SUV
@t4Ht1Ht_Ht
T$8QRP
T$8RWj
t$ 90t
t	9A8u
t	9p$u
t&9^$t
TabbedTextOutA
T$$+D$4
tD9_Pt?
T$dPQR
T$DPQRW
T$DQRU
T$DQSR
T$DWRh
T$\;D$Xu
tencent://message/?uin=727037743
TerminateProcess
TextOutA
T/f&Tcknx
<]t_G<-uA
t<hd,I
t*h\.I
!This program cannot be run in DOS mode.
t>Ht Ht
t*Ht"Ht
t+Ht$Ht
Thursday
T$H} VP
tI;Ftr
T$\jdSR
+tJHt:Ht*
TLOSS error
T$lPRh
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t$LUPh
T$LWUQVR
tooltips_class32
tPhd;H
T$pPQR
t$PPVS
T$(PQR
T$\PQR
T$PQRP
T$ PQWWR
T$$PRV
t$ PUSVV
tq9~Dt
tq9w(tlSj
$\(TqO{i
T$(QVURWP
TransLabel
TranslateAcceleratorA
TranslateMessage
tRHt}H
T$$Rhx
T$,RQP
t%RSQP
t$$RVP
T$<RVW
tS9~@uN
T$ SRh
T$,SRh
t$(SSh
t#SSUP
T$ SWRP
+ttHHtd
t.;t$$t(
Tuesday
T$\URP
t$$VSS
tvWWWWU
T$\WVR
t/WWUPj
 (*.txt)|*.txt|
T$XUSR
;t$Xu";\$\u
t$XWVS
?u='@^
u._^][
u29l$xu,
u"8D$yu
u]9B uX
u	9~@u
ue;=8UL
>:u#FV
uh9^8uX
u#hT-I
ujhD?I
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
>:uNFV
UnhandledExceptionFilter
UnhookWindowsHookEx
UnlockFile
UnregisterClassA
UpdateWindow
uR9BxuM
uRFGHt
USER32
user32.dll
User32.dll
USER32.dll
u$SShe
@u+;t$
\$(UVW
ValidateRect
VC20XC00U
V#D$,WPQ
VERSION.dll
Vh;VX|
VirtualAlloc
VirtualFree
visible
Vk9!$2
VVUSVV
VVVPQR
\$<VW3
V@W@PQ
V,_^[Y
vy7O	'&
W9^du-
WaitForMultipleObjects
WaitForSingleObject
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite
 (*.WAV;*.MID)|*.WAV;*.MID|WAV
 (*.WAV)|*.WAV|MIDI
Wednesday
	WG!2S(
WideCharToMultiByte
window
WindowFromPoint
windows
WinExec
WinHelpA
WININET.dll
WINMM.dll
WINSPOOL.DRV
WjdjdPQh
Wj(_Wj
|$$}$WP
(wqt\HHtS
WriteFile
WritePrivateProfileStringA
WS2_32.dll
wsprintfA
WTWindow
|$@ Wu
www.dywt.com.cn
wwwwww
XY[Z[]
YHYtLHt9
YX[(W	
_^][YY
z;=4UL
Zt(Ht Ht
|z;^<}uWS