1.3
低危

15ed4e24119a3f90a42fb284e7ffa6595618bd1edfa7372927afa649cb3c32fa

15ed4e24119a3f90a42fb284e7ffa6595618bd1edfa7372927afa649cb3c32fa.exe

分析耗时

195s

最近分析

366天前

文件大小

385.8KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN DOWNLOADER ULISE
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.73
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:BHO-ACI [Trj] 20200311 18.4.3895.0
Baidu Win32.Trojan.BHO.n 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200311 2013.8.14.323
McAfee GenericRXHE-XQ!126BB49CA954 20200310 6.0.6.653
Tencent Malware.Win32.Gencirc.10b079c3 20200311 1.0.0.1
静态指标
此可执行文件具有 PDB 路径 (1 个事件)
pdb_path e:\JinZQ\Hook开机启动\CallWebDllLib\Release\CallDll.pdb
文件包含未知的 PE 资源名称,可能指示打包器 (1 个事件)
resource name None
行为判定
动态指标
在 PE 资源中识别到外语 (50 out of 54 个事件)
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c398 size 0x00000134
name RT_BITMAP language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c688 size 0x00000144
name RT_BITMAP language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c688 size 0x00000144
name RT_ICON language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ab10 size 0x00000128
name RT_DIALOG language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4e8 size 0x000000e8
name RT_DIALOG language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4e8 size 0x000000e8
name RT_DIALOG language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4e8 size 0x000000e8
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_STRING language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016ded0 size 0x00000042
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0016c4d0 size 0x00000014
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意 (50 out of 60 个事件)
ALYac Gen:Variant.Ulise.78725
APEX Malicious
AVG Win32:BHO-ACI [Trj]
Acronis suspicious
Ad-Aware Gen:Variant.Ulise.78725
AhnLab-V3 Win-Trojan/Onlinegamehack21.Gen
Antiy-AVL Trojan[Downloader]/Win32.Gamup
Arcabit Trojan.Ulise.D13385
Avast Win32:BHO-ACI [Trj]
Avira TR/BHO.efkmnb
Baidu Win32.Trojan.BHO.n
BitDefender Gen:Variant.Ulise.78725
BitDefenderTheta Gen:NN.ZexaF.34098.yq3@aCL0ccgb
Bkav W32.AIDetectVM.malware
CAT-QuickHeal Trojan.OnLineGames.xi5
CMC Trojan-Downloader.Win32.Gamup!O
ClamAV Win.Trojan.OnlineGames-65
Comodo TrojWare.Win32.BHO.EFKMNB@4ok0yf
CrowdStrike win/malicious_confidence_100% (D)
Cylance Unsafe
Cyren W32/FakeGame.B.gen!Eldorado
DrWeb Trojan.DownLoad2.34625
ESET-NOD32 Win32/Agent.RXZ
Emsisoft Gen:Variant.Ulise.78725 (B)
Endgame malicious (high confidence)
F-Prot W32/FakeGame.B.gen!Eldorado
F-Secure Trojan.TR/BHO.efkmnb
FireEye Generic.mg.126bb49ca954ba51
Fortinet W32/ZLob.AAAA!tr.dldr
GData Gen:Variant.Ulise.78725
Ikarus Trojan.Win32.StartPage
Invincea heuristic
Jiangmin Trojan/Generic.bkcdl
K7AntiVirus Trojan ( 001cac2a1 )
K7GW Trojan ( 001cac2a1 )
Kaspersky Trojan-Downloader.Win32.Gamup.qko
MAX malware (ai score=84)
MaxSecure Trojan.Malware.300983.susgen
McAfee GenericRXHE-XQ!126BB49CA954
McAfee-GW-Edition BehavesLike.Win32.Dropper.fm
MicroWorld-eScan Gen:Variant.Ulise.78725
Microsoft Trojan:Win32/BHO.EF
NANO-Antivirus Trojan.Win32.Gamup.fnqhik
Panda Trj/Lineage.LOE
Qihoo-360 HEUR/QVM08.0.CEB1.Malware.Gen
Rising Backdoor.Agent!1.69D8 (CLASSIC)
Sangfor Malware
SentinelOne DFI - Malicious PE
Sophos Troj/Darbyen-A
Tencent Malware.Win32.Gencirc.10b079c3
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2010-08-26 12:54:16

PDB Path

e:\JinZQ\Hook开机启动\CallWebDllLib\Release\CallDll.pdb

PE Imphash

c071ceaf8e790ceb410dff76a3d4685e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00040000 0x00040000 6.581471487951391
.rdata 0x00041000 0x0000d000 0x0000d000 4.890124326448487
.data 0x0004e000 0x0011c000 0x00006000 3.0402093465023414
.rsrc 0x0016a000 0x00003f18 0x00004000 3.4474213829650235

Resources

Name Offset Size Language Sub-language File type
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_CURSOR 0x0016c398 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_BITMAP 0x0016c688 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_BITMAP 0x0016c688 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_ICON 0x0016ab10 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_DIALOG 0x0016c4e8 0x000000e8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_DIALOG 0x0016c4e8 0x000000e8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_DIALOG 0x0016c4e8 0x000000e8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_STRING 0x0016ded0 0x00000042 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_CURSOR 0x0016c4d0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_GROUP_ICON 0x0016ac38 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
RT_VERSION 0x0016ae78 0x00000148 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None
None 0x0016afc0 0x000000aa LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None

Imports

Library KERNEL32.dll:
0x4410d4 SetErrorMode
0x4410dc GetFileAttributesA
0x4410e0 GetFileTime
0x4410e4 RtlUnwind
0x4410e8 ExitProcess
0x4410f0 VirtualProtect
0x4410f4 VirtualAlloc
0x4410f8 GetSystemInfo
0x4410fc VirtualQuery
0x441100 GetStartupInfoA
0x441104 GetCommandLineA
0x441108 HeapReAlloc
0x44110c HeapSize
0x441114 GetCurrentProcessId
0x441118 HeapDestroy
0x44111c GetOEMCP
0x441120 VirtualFree
0x441124 IsBadWritePtr
0x441128 GetStdHandle
0x441140 SetHandleCount
0x441144 GetFileType
0x441150 GetStringTypeA
0x441154 GetStringTypeW
0x441158 LCMapStringA
0x44115c LCMapStringW
0x441160 IsBadReadPtr
0x441164 IsBadCodePtr
0x441168 SetStdHandle
0x441170 GetCPInfo
0x441174 CreateFileA
0x441178 GetFullPathNameA
0x441180 FindFirstFileA
0x441184 FindClose
0x441188 DuplicateHandle
0x44118c GetFileSize
0x441190 SetEndOfFile
0x441194 UnlockFile
0x441198 LockFile
0x44119c FlushFileBuffers
0x4411a0 SetFilePointer
0x4411a4 WriteFile
0x4411a8 ReadFile
0x4411ac TlsFree
0x4411b0 LocalReAlloc
0x4411b4 TlsSetValue
0x4411b8 TlsAlloc
0x4411bc TlsGetValue
0x4411c0 GlobalHandle
0x4411c4 GlobalReAlloc
0x4411c8 LocalAlloc
0x4411cc GlobalFlags
0x4411d0 SetLastError
0x4411d4 FormatMessageA
0x4411d8 GlobalFree
0x4411dc FreeResource
0x4411e0 GlobalGetAtomNameA
0x4411e4 GlobalFindAtomA
0x4411e8 lstrcatA
0x4411ec lstrcmpW
0x4411f0 GlobalAddAtomA
0x4411f4 GetCurrentThread
0x4411f8 GlobalDeleteAtom
0x4411fc GetProcAddress
0x441208 lstrcpyA
0x44120c LocalFree
0x441210 OutputDebugStringW
0x441214 TerminateProcess
0x441218 FindResourceExA
0x44121c LoadLibraryA
0x441220 MoveFileExA
0x441228 GetCurrentThreadId
0x44122c IsDBCSLeadByte
0x441230 lstrcpynA
0x441234 LoadLibraryExA
0x441238 FreeLibrary
0x44123c GetModuleHandleA
0x441240 lstrcmpA
0x441244 GlobalAlloc
0x441248 GlobalLock
0x44124c GlobalUnlock
0x441250 HeapAlloc
0x441254 GetCurrentProcess
0x44125c MulDiv
0x441268 GetTickCount
0x441270 GetProcessId
0x441274 Thread32First
0x441278 Thread32Next
0x441280 Process32First
0x441284 OpenProcess
0x441288 GetPriorityClass
0x44128c Process32Next
0x4412a0 RaiseException
0x4412a4 GetProcessHeap
0x4412a8 HeapFree
0x4412ac CompareStringW
0x4412b0 CompareStringA
0x4412b4 lstrlenA
0x4412b8 lstrlenW
0x4412bc lstrcmpiA
0x4412c0 GetVersion
0x4412c4 GetLastError
0x4412c8 MultiByteToWideChar
0x4412cc CreateThread
0x4412d0 CloseHandle
0x4412d8 CreateDirectoryA
0x4412dc GetModuleFileNameA
0x4412e0 CreateProcessA
0x4412e4 CopyFileA
0x4412e8 DeleteFileA
0x4412ec MoveFileA
0x4412f0 WideCharToMultiByte
0x4412f4 FindResourceA
0x4412f8 LoadResource
0x4412fc LockResource
0x441300 SizeofResource
0x441304 Sleep
0x441308 GetVersionExA
0x44130c GetThreadLocale
0x441310 GetLocaleInfoA
0x441314 GetACP
0x441318 HeapCreate
0x44131c InterlockedExchange
Library USER32.dll:
0x441390 MessageBeep
0x441394 GetNextDlgGroupItem
0x44139c SetRect
0x4413a0 IsRectEmpty
0x4413a4 GetSysColorBrush
0x4413a8 GetWindowDC
0x4413ac ClientToScreen
0x4413b0 GrayStringA
0x4413b4 DrawTextExA
0x4413b8 DrawTextA
0x4413bc TabbedTextOutA
0x4413c0 DestroyMenu
0x4413c4 MoveWindow
0x4413c8 IsDialogMessageA
0x4413d0 MapDialogRect
0x4413d8 GetNextDlgTabItem
0x4413dc EndDialog
0x4413e0 WinHelpA
0x4413e4 GetCapture
0x4413e8 GetClassLongA
0x4413ec SetPropA
0x4413f0 GetPropA
0x4413f4 RemovePropA
0x4413f8 SendDlgItemMessageA
0x4413fc GetForegroundWindow
0x441400 SetActiveWindow
0x441404 GetTopWindow
0x441408 GetMessageTime
0x44140c GetMessagePos
0x441410 MapWindowPoints
0x441414 SetForegroundWindow
0x441418 GetMenu
0x44141c GetSubMenu
0x441420 GetMenuItemID
0x441424 GetMenuItemCount
0x441428 AdjustWindowRectEx
0x44142c EqualRect
0x441430 GetClassInfoA
0x441434 SetWindowPlacement
0x441438 GetDlgCtrlID
0x44143c OffsetRect
0x441440 IntersectRect
0x441448 GetWindowPlacement
0x44144c GetWindowRect
0x441450 CopyRect
0x441454 PtInRect
0x441458 SetMenuItemBitmaps
0x44145c ModifyMenuA
0x441460 GetMenuState
0x441464 EnableMenuItem
0x441468 CheckMenuItem
0x441470 LoadBitmapA
0x441474 GetActiveWindow
0x441478 IsWindowVisible
0x44147c GetKeyState
0x441480 GetCursorPos
0x441484 ValidateRect
0x441488 GetLastActivePopup
0x44148c IsWindowEnabled
0x441490 SetCursor
0x441494 PostMessageA
0x441498 SetTimer
0x44149c PeekMessageA
0x4414a4 MessageBoxA
0x4414a8 RegisterClassA
0x4414ac ShowWindow
0x4414b0 UpdateWindow
0x4414b4 GetMessageA
0x4414b8 TranslateMessage
0x4414bc DispatchMessageA
0x4414c0 PostQuitMessage
0x4414cc GetWindowTextA
0x4414d0 SetWindowTextA
0x4414d4 GetClassInfoExA
0x4414d8 LoadCursorA
0x4414dc wsprintfA
0x4414e0 RegisterClassExA
0x4414e8 CharNextA
0x4414ec PostThreadMessageA
0x4414f4 GetParent
0x4414f8 GetClassNameA
0x4414fc SetWindowPos
0x441500 DestroyWindow
0x441504 RedrawWindow
0x441508 GetDlgItem
0x44150c SetFocus
0x441510 GetFocus
0x441514 IsChild
0x441518 GetWindow
0x441520 BeginPaint
0x441524 EndPaint
0x441528 CallWindowProcA
0x44152c GetDesktopWindow
0x441530 InvalidateRgn
0x441534 InvalidateRect
0x441538 ReleaseDC
0x44153c GetDC
0x441540 FillRect
0x441544 SetCapture
0x441548 ReleaseCapture
0x44154c GetSysColor
0x441550 DefWindowProcA
0x441554 UnregisterClassA
0x441558 CreateWindowExA
0x44155c SetWindowLongA
0x441560 UnhookWindowsHookEx
0x441564 SetWindowsHookExA
0x441568 CallNextHookEx
0x44156c IsWindow
0x441570 GetWindowLongA
0x441574 CharUpperA
0x441578 GetSystemMetrics
0x44157c LoadIconA
0x441580 EnableWindow
0x441584 GetClientRect
0x441588 IsIconic
0x44158c GetSystemMenu
0x441590 SendMessageA
0x441594 AppendMenuA
0x441598 DrawIcon
Library GDI32.dll:
0x441040 GetRgnBox
0x441044 GetMapMode
0x441048 GetWindowExtEx
0x44104c GetViewportExtEx
0x441050 ExtSelectClipRgn
0x441054 ScaleWindowExtEx
0x441058 SetWindowExtEx
0x44105c ScaleViewportExtEx
0x441060 SetViewportExtEx
0x441064 OffsetViewportOrgEx
0x441068 SetViewportOrgEx
0x44106c Escape
0x441070 TextOutA
0x441074 RectVisible
0x441078 PtVisible
0x44107c DeleteObject
0x441080 SetMapMode
0x441084 RestoreDC
0x441088 SaveDC
0x44108c ExtTextOutA
0x441090 GetTextColor
0x441094 GetBkColor
0x441098 SetBkColor
0x44109c SetTextColor
0x4410a0 GetClipBox
0x4410a4 CreateBitmap
0x4410a8 CreateSolidBrush
0x4410ac GetStockObject
0x4410b0 GetObjectA
0x4410b4 GetDeviceCaps
0x4410b8 BitBlt
0x4410bc CreateCompatibleDC
0x4410c4 DeleteDC
0x4410c8 SelectObject
Library comdlg32.dll:
0x4415cc GetFileTitleA
Library WINSPOOL.DRV:
0x4415a0 ClosePrinter
0x4415a4 OpenPrinterA
0x4415a8 DocumentPropertiesA
Library ADVAPI32.dll:
0x441000 RegCreateKeyExA
0x441004 RegDeleteValueA
0x441008 RegOpenKeyExA
0x44100c RegCloseKey
0x441010 RegQueryInfoKeyA
0x441014 RegEnumKeyExA
0x441018 RegSetValueExA
0x44101c RegQueryValueExA
0x441020 RegEnumKeyA
0x441024 RegDeleteKeyA
0x441028 RegQueryValueA
0x44102c RegOpenKeyA
Library SHELL32.dll:
0x441370 ShellExecuteA
Library COMCTL32.dll:
0x441034 None
Library SHLWAPI.dll:
0x441378 PathFindExtensionA
0x44137c PathFindFileNameA
0x441380 PathStripToRootA
0x441384 PathFileExistsA
0x441388 PathIsUNCA
Library oledlg.dll:
0x44162c None
Library ole32.dll:
0x4415d4 CoInitialize
0x4415d8 OleUninitialize
0x4415dc OleInitialize
0x4415e0 CoTaskMemRealloc
0x4415e8 CLSIDFromString
0x4415ec CLSIDFromProgID
0x4415f4 OleLockRunning
0x4415f8 CoTaskMemAlloc
0x4415fc StringFromGUID2
0x441600 CoCreateInstance
0x441614 CoGetClassObject
0x441618 OleFlushClipboard
0x441620 CoTaskMemFree
0x441624 CoRevokeClassObject
Library OLEAUT32.dll:
0x441324 SafeArrayDestroy
0x441330 VariantChangeType
0x441334 VariantCopy
0x441338 VarUI4FromStr
0x44133c LoadTypeLib
0x441340 LoadRegTypeLib
0x441344 VariantInit
0x44134c SysStringByteLen
0x441350 VariantClear
0x441354 SysStringLen
0x441358 SysFreeString
0x44135c SysAllocString
0x441360 SysAllocStringLen
Library PSAPI.DLL:
Library WS2_32.dll:
0x4415b0 bind
0x4415b4 socket
0x4415b8 closesocket
0x4415bc htons
0x4415c0 WSAStartup
0x4415c4 htonl

Exports

Ordinal Address Name
1 0x404dc0 ?EngineProc@@YGJHIJ@Z
2 0x404ec0 ?process1@@YAHHHHPAD@Z
3 0x4059c0 ?process2@@YAHXZ
4 0x410ab0 ?process3@@YAHH@Z
5 0x415250 ?process5@@YAHH@Z
L!This program cannot be run in DOS mode.
EY$Y$Y$J,_$,U$
X$J,[$,L$Y$
&\(D$\($\($\(X$
/X$\(X$RichY$
`.rdata
@.data
1583902100
2812908
PD$ RT$ PD$ RPh$D
j"4VGm6
L$01L$$_^]3[F3
^_3[WS
#^_[Vt$
_^VPWt
VWPjft$
$D$x_L
SWVL$ j|
Vp++@R+
++@+PD$,P
_[^L$d.
AW8tLSX
+HWx@+
@u+_PV^
t>WP_^L$
@DPTTE
4SUVW@
_^[]Vt$
SVWe3uQ
_^[]S\$
D$4t8U
Eu+l$0l$0t
D$ D$$D$(i
T$0{yjD$0
_^]$D6
;}?5<V
@u[_^3]$D6
T$t+R5
L$pQ$t
9D$`PL$
W|$(W|$
+W+PD$4QL$4RT$4QRh D
9~$SU~(\$
|H;~$}CF
F$G;|3F ;t
]>[_3^
URht%D
[]SUV5
T$$RVP
PL$$Q\$
RPD$0PVQ
SVW|$ u
SVW|$ u
W3~ ~$~(
VWPVF 3;t
~ ~$~(_^V3N
A(Vq(W3u
SUVW|$
Yt*D$ t
D$(D$ t
VW3~P~
F ~<~T~`~d~h~l~p~t~x~|
RT$ RT$ RT$ RT$ RT$ RPQ(
K,7]^D$$
t_NWD$
W+RT$$+RPF,QP
F,N_PQ
VPD$ PQR
RQP$D$
I43t)D$
VPQR<^
N4t!T$
RUQPD|
SUl$$V3;Wu
t$,D$(;
unt$ G4
T$,RT$(VRPD$(
D$,|{twP
u<D$,P
EEMUE}
WVGh#D
~HWh#D
VlF8~HWh#D
$S\$0Ul$<Vt$4V
W|$@3QL$$L$,L$(L$<QUT$HWT$ SV
D$(\$,|$0l$4
N UWSPQ
D$HF RP
N D$8;
jP;D$<u
D$8_^][$
RT$4RT$4RT$4RPD$0
RT$4RT$4RT$4RPD$0
VW|$ u
T$ RT$ RPD$
QHD$ t
SVW|$$u
T$$RT$$RPD$
QTD$$t
KWChTiD
QI`V33
3h;HP|
3h7HP|3
QhAN3^
3h>HP|3
D$$SUVWD$
|$0\$,l$(u3Vp
QSUPD$
RSUPD$
L$4u:Np
D$4PD$
QR0D$$|$4
QSUPD$
RSUPD$
QSUPD$
RSUPD$
QSUPD$
RSUPD$
QSUPD$
RSUPD$
QSUPD$
RSUPD$
QSUPD$
RSUPD$
QSUPD$
RSUPD$
QSUPD$
w)D$$T$
RSUPD$
t-T$$L$
QSURD$
u1N`D$
D$$L$4
RSUPD$
PRDFtt
PRdD$ _^]
L$ _^]
jXVjZVVj
t?Itt8
RQP$D$
SVWD$dGpuuO
UT$(RP
]_^[L$X
L$d_^3[
RPQPFd
F`;t<|$
jPR,L$
WwjtdC
w?7t7/
L$ _^]
SPR$D$
I VRPQ
L$$tFd
jPR,L$$D$
SUVW|$
to9ot"Un
;u+F N
S\$(Vu
UWF`SPD$(
~dWh$D
P\$$QX
L$8Qh$D
L$8D$,
t%D$<t
QP L$8`\$<
D$<Php$D
L$8D$<D$,
L$8D$<D$,
L$8T$
L$8D$,
D$8D$,t
^pSh`$D
D$<D$,
L$$_]^[d
jXVjZVVj
,Ul$Pu
SVt$H^WE
L$ht$PQT$`RUh D
QD$LT$`
\$LpSPRQ
j73SSSSSQ
;|F\$TD$h
L$TQh$D
L$PD$T
D$T;D$D
D$P;D$D
l$h;D$Dt
L$LA<u8t$
L$<_^[]d
D$TPh D
D$T;teL$
VL$0D$H
RRRRT$<RP
D$T;D$D
VRWWPQ
_^[]SVt$
u_^3[V_^[Ujh C
j4;}}C
Pa^jhkC
U$XjhC
JvMQWURPuu
URQ3fV
VWeMQSuP
QSPLM_^3d
V3;Weu
tPWxh
SVWtn|$$
3t6D$(J
D$,L$$m
PD$$QPUR(_^[]
L$,_^[
UVt$$F
|)L$,V
V3;Weu
3M3_^d
Ul$(Vt$
WUPD$4PD$$SVPQR,=
WUPD$4PD$0SPD$4PVQR
V_^][$
QVSP#iu
fMQVSP,fu
FVu}}Y
}EtGEt@
VM1cMQVWPbU
QVRP{bt"u
tMPUT$ Rl
UD$ P
_^[VW=
SVt$H3;WD$8
l$PtB-
7>%uPV+PL$
H@PQD$$P
L$<_^d
3e_^[]
QWSP^YW
F;|_^][
D$ ];}
WL$ T$ r
SQL$ RW];
SSR\$(
SWV\$(;u!L$
SWV\$(;u
tHT$$RD$
SSSWV\$8
SWQ\$0
?{u?$P
H;tVL$
2L$(QL$
?=u-W|%)D$
QVVVT$ RL$4QV5
u>T$ RL$
WWWL$ QT$4RWPD$0
WLSVQPBLu
\u/80u*
r_^3[f
VMAIMQVWPHU
QVRPHt"t
EPb}|MMQh&D
;t10ux
;t10ux
F<n<Wu
L$(VQR
V3;Weu
3M3_^d
PQhl(D
V3;Weu
3M3_^d
P Q>m3
^1VW3N,~(oP
F ~D_^UjhC
V3;Weu
}uEt&V
SU3;VWu
SVWh<V
QRPW_^[
Ufl$ fVu
|$(\$ u
+V+PD$<QL$8RS
j|Sf}@
L$ QPj
T$ D$,0
T$ RPQ
]x_[^f3]L$pd
u(E(T$PR
PQffE@u(U
fE@_[^]L$pd
L$x^f3]d
E3;VWuNh
PN Qh8
uY3T$4D$
RT$4RT$4RT$
RT$0RT$0RVPQ(V
LD$$t1|'L$
u;}XL$4T$0D$,6SQL$0RT$0PD$0QRVPD$
QL$4QL$
QL$4QPD$4
;|+L$,;t
;MtA;t=P
URVWP3U
MQRSP0}*EE
HSVWtr-
Et=9Et8S
}3EUMQRE
SVWPZ1}MWj
QRP}4EE
0SUVWh<V
t$$t$(T$,t$0
t$8D$< D
t$$t$(D$,t$0
QD$0D$4
t$8D$< D
_^][0U4
T$<Rj3
L$8+Q5
WWWWL$(QP
D$8D$<RAi-L9V
ST$ +R
[_^3]H
L$(HtlHt
T$0D$,RPQV
W\$$|$(
_^]3[(
RA5D9V
Nu_^3[
$$Phx D
;tXf*D
0R\L9V
u:h,*D
u(hD*D
txh4*D
DHfL3{
<P<Q,-
<Pht)D
9EPMQh
UQRPx<V
@u+PQW
@u+PQVT
S+S+S.2
9dPtQh
+{yjl9V
^SUVW3W
Eu_^]3[_^][S
+Vt$4+
WT$8Rh$%D
T$8RPQ
PQ l$4
U+D$<R5
D$<Vt$
T$(RPQ
PSRL3_^][
_^][$t
SUVW$@
RD$<+P5
_^]3[S
AW8tNSX
_^[]Vt$
3;eu]u
+HWx@+
W3N$L$
~ ~(~,N
APQ][_^
SVF,WeuuBF$
PP+M_^d
<EP,Mj
u"F(F,
3PWK_^
AO t9G
uw(O _^
fD$$f=
'_^]3[
L$,QT$
t4WPM_^L$
|$<l$@7
D$LPD$LL$
T$ RT$H
PL$(aL$<
W4D$$D$4
T$<R.2
FP;t!L$L;
L$,_^]
Pl$(l$
T$ RT$
|$L|$
;}&ThD
D$$`hD
L$(T$,D$0
l$@t0T$HRT$(
VP\$LQ
T$ R+D$
_^][4Ujh7C
i+{yj-
@XP3Qf
eQVWPj
CP;uQRAi
w3MRAi-
e3E]uu
3~VWSM
u}]Euh
bt3Vt$
WEj$Y3l
tNhl5D
t=hX5D
t,hH5D
VWu*t$
3;t\;(rWVEPVj0
3;VWfUu
|Eu u@
uuuuSPX
SPL1u
SQlUt(
SP$M
UQS39]
@@fuf8u
@@fu3f
~juWoEE
VWS9fC
E~8uR}}
UC;]|EM
VW]]t;
W_^CH@@E
fUfE}M
zE)E E
Ef8{MQPu
Su lVE
EPu3f}
VPEP7ESPE
P9EfMf
GGfGG
tFMEPuWSVuu
t']t$}
MVE_^[
VFdW|$
QVPhF;t$
Ct%Vt$
39~ }u
9~,S^$v
G;~,r[Me
SVWsH39>e]u:
;t-9>u)}H
M39CH_^
EtB^<EEPo8G
t$^<DW
UQQA@EtVWy<EP
;t,9}u'>
u(u$u u
UQA@VWEt,y<EP50~
E]Ex>D
EMQj<p
uMVQPzbEfEfEf
MMEh>D
UQA@Et)Vq<EP|
UQA@EtBVWy<EP@0F
Pt3;t-9HLu
359HLu
3@M_^d
s[tVStQ
t93_^[]
tAl@XRu
qhuZA@E
UQQA@V3;
EutzS]
;tW9qptRu
VVVVPVVVjj
9uu_[E^
E39ut1EPO0~
E]M39u|
rME_^d
Wt3Ft(j
u,NHu(u$u u
u,Mu(Eu$Uu +u
EEPEPu
u(Mu$Eu Uu
EEPEPu
QVWu!\
LNXN\M~`~d~h~l~pFt\?D
3PPPPjt$
GjSVPB
UQQEPq
UQQEPq
Uu$u u
zFM_^d
H t&;M
HtMHt,H
EPw ;w
MQPEPj
4OYu_^[]UE
3B#p u0p
0u$H2M
H338M8H,H
G0;r2!:
@u) u$
eQ3SPuF
VN4+N,F8+F0WMj
PQD|1FL
u(Mu$Eu Uu
MMQMQu
UQVW39}
tLAh39U
U SVW}
CLR3hhD
E3f9x0
URVPQ$|
@0F;rYEURV}
PQ |DE
URuPQ8|0E
_^UQQSVfF|3f;
F|YPWvx
UQVFm@u
F$pL^VN$f
URh$iD
SVFhW39~peuEu
SVWejv
V#FhW|$
hPlM_^d
SVWY,}
SVWeURj
PlME_^d
M39E_^
YYu/h$iD
~4~8~<~@~D~H~L~P~T~X_^
UQQQHt
URhDhD
YY3@_^[
UQSVF Wt
E<P89w
tSVUFLR3hhD
EWEPE@
MQM0FD
EMQhCE
EMQh4E
EMQh?E
EMQhAE
]EURURE
^LSh$D
URhdiD
}tYEPj
|CEPWWj
F4N8+F,+N0
jP\_^VFm@t
VWEPT@
SV3uE8GD
MMEh>D
_^!dPu
(S3V]E8GD
SVPd_Wu
dPEPEP
W>3_MMEh>D
uuuNE;
j EVPBc
uuuuuu@E;u
U$u(Mu$u
_^U$ E
31VW339}
}}}}UE
G;r_^[
VURUR38U
PPt!D$
P~t!D$
UQQSV3
]vSMHE
^UQVME
u,u(u$u
;WuTVM7
PuQHEPM
0TM{,MI
PC<P>C\
{PWh#D
VjP\S5<
C,PPQR
7s\C<Ps`hhD
CLs\s`
sL|19u
SVW]SRE3V3@hnD
PUUEU9QW _^[
|,vt#E
U$E SVW}
t<Ht0Ht$Ht
/E_^[
Zt(Ht Ht
t5MM3EEEEE
Vu^Vt$
C;r_^[3UVu
t.Ht4{uHu
[^]UQVW39~
SV39^Ht
9^@Wt;39^8~1]F@
G;~8|9^8~
YY^@39^
V8A(;N
YF<39^
u}3EEE(;F
Wv<QPR
YF@9^8]~(3F@j
hSV3W39^H}]
FDNTEPu3
]]]]]]]]]NTA
HtyHtWHtOHt&H
NTEPua
NTEPu]9]t
HHtjHtHHt&H
NTEPuu
NTEPu,
NTEPuA
NTEEPu
NTEPuxSj
uPjuSS
f\xFPMH
NPFTNPu
M]MEP9]
{EEE(E0;F
^D3M_^[d
MM}WMN
MEPEE09]
}EEE(;F
9XLth@L
u:E3G9}u/F
^MoME_[0
SVWlHD
9>}u}}
U3RRu3Q3
U3RRRuQ3
uup9ut
4OYu^uyfH
4OYuuI
u_0E4C
E}M39s
|BEURhjD
3NPFT1
URURhDhD
EPMhnD
EMWj(URj
E`R3R`E3Q
x;t{9}~jMjX$+xME
ptaFP0NTNT
FP0NTFT@
^U4SVF
E+ES+SSPE+E
~HWhFD
9]t&E+EMSPE+EPuuM
R9]t&E+EMSPE+EPuuL
QSVWus
~$~L~P~T~X~\~`~l~p
f;_^[d
39^X]tRFP;tK
|7EURhjD
9^@t839^8~
G;~8|9^8t
FP0PNT
YFL;_t
UQQSVW39}
9~Ht]9~
StPMtPE
SVEWE3P]C
HtvHt@H
MEEPME
USSSPQRM]
E]EPME
t0E@PEP6PME
URh$iD
Yv\F<P`v`hhD
^XFP;t
^PFT;t
^TFL;t
3@3Vt$
tFm t3@^
@u';t$
PUlth;tdF
u"SVU!l$
V1[_^]
t.H@VM
PWgt+PW E
tYtUtQ}
t;u3_^[]
PK<.0>
mtWW'Yt
tbV3WxHu
_^[Vt$
u;Vd3t
P`_^W|$
;u3^[_
;Vu3E
tKSsPSft8;t4V}
W(S#PS
VMYY^_[
u4t0vLt)E
EE3!u+E
Pu$YYu
WyWusYY
@H3WXl
F(@@;F,v
EE EVEP02
U VEPu
_^UQSE
$UQQSVWd5
SVWE3PPPuu
E_^[E]D$
E[UQSE
k 3@[UQ}
USVWUj
t.;t$$t(4v
UV3PPPPPPPPU
B8t6t8t't
B^_[25
DDDDDDDDDDDDDD
;ru,h%B
;r3_^j
Y3}3F95DnV
u79=,V
u!5DnV
YY_^VW.
xd;=|,E
sUQQEP
Yu35oV
ULSVWj
MQ@Puu
e_^[VC20XC00U
33333]^]
]_^[]UL$
AABBfuD$
\YYj`hUD
f8MZuH<
PfYuEP
XPuVVP
EE8csmt
8t3^[_G^[_
3EEEE;E
wLVWP6>
YE;t*GHE;r
9]uK;u
E;t#GHE;r
9]u";u
EE;u`9
3FVWS5
[^_UWVSM
[^_U E
YY^U u
@@fu+D$
EEPuuu
r)$LaB
DDDDDDDDDDDDDD
tAt2t$
t+t'NW8u
fu3[_^]
HUQSVW]
pd;5|,E
u,9uv'x
SY[UQS]
-AV3t$
F;r^U3}
#^[]3D$
t6SUW
VPVPV5V
@;rD3Ar
@;rM^9j
}w`u;5V
@;vAAy
M_^[:j
Y3}=`nV
YE;uo>
+SVWEePEEEEd
GGBBft
WVS3D$
r$$w<
;YtBO ;
}*9X ~%80E
YUQQSW}
M}Sj<WQLc
USj<uu;
j<WQM}
USj<uu
F3}we=V
Y!}S-%
u%9=oV
^j@hVD
EE8csmu1Ex
EPQ3VW
>csmu>~
VPK]UQQVu
tu$u u
WEPEPVu u
;EsVS;7|B;w
;Er[_^U$E
;csmVW
uEPEPVu u
UM~$E8s
(u$}u Mu
ShYY_^[
u u$u uu
tP8csmu,9x
U$Ru u
Pd 3@_^]
MYYt-V5
PZYF,;t
PLYF4;t
P>YF<;t
P0YFD;t
P"YFH;t
YFT=/E
Y}F`E;t
FdE;tM
3VWh-D
YYt+V5
m:VW_^]M
=N@uNVEP
E3E35D)E
3;tMu
NeWV2J
tc;t_F,98uXF4;t
YYF0;t
PYYFP;
vPYYVY_^VNd;
3;t/A,
QuYFd^j
YVW3nV
F$|3@_^
YYu#W(
^[U$,T
3MEEEEE
It.ht lt
HHt`HHt\
@PEPdT
YYE}[E
@@@u3@t
t$ERPWSW@
~DE]EM3f
CYCY~-
uMEFYE
W3;u4DP
^_UQQM
MOI;|9M
3@_^[U
WI <}}
MLD3#um
#Mj _^{
;]r;]u&
]#\D\D
3@3U SVu
EtVMf9MZ
_^[U$t
YY}PP@<Yv"PAE;j
u*=T)E
RYUQSVW
_^[VW39=0V
t.t$<"u
u_^S39
P;Y=$nV
U*V!E>=Yt
3Y]_^[5$nV
@B8\t8"u&
_[UQQSVW39=0V
3_^[QQ8qV
SUVW=<
SSS+S@PVSSD$4
t#SSUPt$$VSS
u+@Uh;Yu
_^][YY
;rUVWD$
3_^][Hj
;t!PV&
P>Y=qV
EPWj?50E
EPWj?50E
jEP3YY
>:u>FVbYk<
UQQSVW}
jd[ul
_^[V39540E
3^U3W{
$f95qV
PVVWVVVVVVUWUUj
XIVVVVVj
_]^3;|;
u395qV
Yu95qV
PBYYsV
uMSW< rV
_3[@^3^
PCC>Yt
^[U$(X
j ^f;r
3MEEEEE
It-ht lt
@@E9U|
@3FE uEtk5
EEPEPE
}NuIZtR
/EQfE0
@@@u3@t
]+]+]E
WSj0EE
MEWPq+
uH80t8
3@3UQQ}
A80t.F
^]U,D)E
SEVEPEPE
EVM(^[.USVF
_^[]U,D)E
EVEPEPE
(^0U,D)E
SVEWEPEPE
]EuMm]E
E3D(Plk|HE
YtG||U
xV`Yut
TdtOitJotExt@Xu
9r1ht lt
> @nt3c
g~_it<n
l|jd_l-
+u t|}
.ttt)d
ubtttR|
F(ttt)d
F|SlYu
+uFttu!!t.ttt)d
lS{Yu|t
_Du]!]j Xze
j :YDu
M0Dj j
@{uw?]ur]GC
oG<-uKtG
]t@G:s
F,u2h
lxtOXtJ
xtfptaS`
XTTXCS9
TXS~Yu
xt6pt1S
~YtKou
u>HP`8
D@YHlu
Mz[W|$
395,rV
u5EP3GWh
u8SS3FVh
?P~YE;t@E
t!SS9]
uo~Y9]t
E;tSSu
|e}VSW
~33M;u#u}Y;t1uSW
EPWu u
u9]t#W+}Y
eCUV3PPPPPPPPU
$r ^UV3PPPPPPPPU
VW8}]?
j${YFDu
Uj<uW-F
k<+>^
3_^[SW3D$
VWumhKD
t|h\eD
_^[Vt$
w6wv wv$wv(wv,wv0wv4wv
wv8wv<w@v@|wvDtwvHlwvLdwvP\wvTTwvXLwv\Dwv`<wvd4wvh,wvl$wvp
v,^Vt$
V'vY^Vt$
PjuYv$
VNuY^t$
^]T@d;
uH5$nV
W>+~'WPv
Y}3u;5V
tVPVYY3BUsV
D=VP&YYtG;|fE
YYM_^[AcUSVW}
;F(r(8_
t#F(39]
s9~(~
R t$;u
j YjY+
VWj Y|$
PjY+3BR0r
}_^UQe
Yj^+3B
QPIYYu
<+3E_^[
Ju^3L$
SVWj ^]
EPEPEWPv
@PEP 3;>v
|!3}MEP^
oYY3jY+N
E3PPPPu
E3PPPPu
EP}M$]UU
Wv@PWV<_
_^[]UQU
_^[U,D)E
PEP)YYEPj
EPWM ~
EP`YM0Yj8h(gD
WWWWVSWu
YYE;t2WWVPVSWu
3j h8gD
HHtjHHtF
u9S\UC\
}]39Mt
C\3Q|UWVSu
[^_UQS
;t_+^[
u6=T)E
t78t2=T)E
jEPQYY3,F
jEPPYY
E}u]G#
WVEe;Yu
EU_^UI@`;
]UQQSV3W=,nV
VVVVjPVV;
EtZPY;YEtLVVuPj7VV
t1EVPr
;u3_^[ujYYVt$
t1S.YP
YuUQSVu
V|YMfF
;VWEN@
}ShSbEPSSRE
tfEM_^fC
[KU\D)E
SVE3W}
+t"HHt
X3@1E|
+t5-t00
uFQ3@}
G0t1|
HHu&Mj
PIYuuO
M^[GEB
#fWEEEEEEEEEEEE?E
PEPfU}
EPNYuO
EPEPEPEP6EPEM
0H;s;s
M_^[LE
tXSNYe
1iUWVSM
+Hj@hgD
E33F9=
}}9} u
M]3F3E;u
PsIYE;
e|I3M]uu
6PHYt@E
3};tIj
WGuGYY
eM>#eV5$nV
VPKGYuu
S3;W]u
aV0;utSj=V
];YYEtB;t>38X
t?^_[9]t
F;Y$nV
lF;Y,nV
}+}u5$nV
tB46IF9]Yu
M;YYtC<9]
tPuU@@PE;YYt8uV+EY
MV|EY9]t
unEYEu]EE
^U(D)E
EEEEfF
EEPGKYu}
u5}u,e
M_^[8U
^YY39M
3F0F4F8^VF
N0^UQQVF
Mt^g6x
j/VY3@
t@ t20t$@t
/t(;t$;t
8EPuuu
uWrY?j
EPEPj@Y
YYH}Fj
^SVW|$
3;t99\$
EPEhhV
{BUQh4D
SVq$Weu
Yu^USVW}
+u_^][
0P2:3@S\$
V3tiWu
;r!3D>u*F
^UQVW}
PW7u/9F
UQVFpW3;
udWEPu
(tSFl;t
~lu[_^
VWP3PPhj
QQSUVW
0UUUUW
SUVWL$
P(3;tV\$
;UUsPv
;u6;u3_^][Y
3@_V@t
3@%t7
PXyVt$
3@^3^SW
CT3@_[^
3PPPw0V
VPp!hC
+WtuHHt
tD9wdt?
uuE9p tmC
Y}uN E
F,^SU39l$
U3FVSw
VVUVSw
t_;t[9
UE W3Gt
6u3^[_]
W339|$
u09=mV
3F F(F4F8F<F@FDFHFL^
PQQQQQu
UVF<u"
t2>(r-C
+8SVW}
eEPw$w
ftG3Fu
3Wuw$E
;s!w$5
U]7zUu
VWt$ t$
VWt$ t$
VWt$ t$
VWt$ t$
VWt$ t$
VWt$ t$
VWt$ t$
VWt$$t$
VWt$ t$
VWt$ t$
t$ t$(
VWt$$t$
VWt$ t$
VWt$ t$
A$VWt$
t$ t$(PQ@_^
t$$PQT_^
PQX_^]
A$VWt$
t$ t$(PQ\_^
F F(F$F4F8F<F@FDFHFL^Vt$
+W+PRVu
S\_^[]
S\_^[]
3~1Wwt
G;|3_^[
U`SVWuy0
PnPn5P
EPEPVEPW
WdnPnEPEP
jjVQMj
SUV3WC3D$$
rWWWWt$(
te;t%D$
WWWWt$(
f8F@_^][
A83PPPq
SVWj(3EWP3
EPE 5D
t!EP}E4D
FpNlFX^VhC
3^3@^Vt$
3;t39w
_ ND;t
PP^DNH3Ct
^8tI5~
t7j0Ej
@\MQ-2
pdp`p\
@uFUat;=|
PuVEPv
4SVWehC
PEPW)u
EPW#EXPu
Y{XuM_^d
u^UVWu
PtN@HtGWH t8WMau
u:;tfM
3@;u3U
3PPPPhd
@uESW}
W(EPEPVu
uEEPV?ME_^d
EEPuME
EP3fG(E
u;j0^Vj
YYtVju
EE EE$EE(E
E,VECl
3NWV:uuuuuuuuuuuu
3SSjv
[zSSjv
SSjP_^[
GHtRxp
3M_^[d
;VwltB+
/vq9tlNu}u
uE3VEP
WEEP3Vh
F(ujEP
V0RV,RF(
SUVW339|$
2QVWzb
3@^]{heC
WYt_^|$
VW8j ~Pj
tAh4=D
WSWuWt
_^V{vh
t2Flt+V`Pt
j35t&F9
3=VkB;
MQWWVR
MQWWVR
^_VF`t
3@^UQSVW
GXw\Et
3Ct2f~
_^[Vt$
<SVW39}
EEPEPVE
t6;u6j*
tih<=D
;YYtMf}
};t?VM
EH@\mC
SVFX^\WeuE0Y
VuWPS)3;tRF8
SSSSS#
F@M_^d
UQQSWGH3;u
OH;Alt
P<U0l;t
SVFH3;u
3N@DWE>NHEE<PmN9]
NH;Alt
E;u3_^[
9]t;t]
EuGtCENHE
SVFH3;u
3N@@WE>NHEE<PM9]
NH;Alt
E;u3_^[
9]t;t]
NHE<P2M8}
EuGtCENHE
umhUQQSV39sH
KHVP<KHEE
P<]L:KHE
P<K8KHE
^3^ViL
F$_F ^SVW=x
jXWjZWF
_EU^VF
UQQWEPw
_[V>D$
SSPPSSSu
tG0t=@t
3M_^[+
)QSVW}
~TF\_^[d
QQSVW}
LuN8W?t
Et7W~8EPEPEP
9K$1WjB
@@fuf8u
@@fuUSVW}
4FVYtF
@@fuf8u
@@fu3f
u+_^[]UTD)E
E3E39]Y
j EPju
YY39Mt
3@_^M[
tGMQj<P
MW9M_^[
WIYPW_^
FkwItCGwt@tHtHt^Ht
uw%tltl
{tHtHt
+QV39u
MQMQMQP
N jEPM>
PPu#PP#C
PPuWPPzj
3EEEEEEEEP
EPEPjV
SVWEPAEPAutuj=\
OuEYYPSv
SVWEPAEPcAu
uYYPSv
\Q3VuF
[F M^d
SVP3_^[
PVP_^[
Ej EPu
;w)PPu
t5PYL$
(YY3@^U
Y~0~(N<;t
~8_^UQQS]
F(W~,+;s
]F0EuN$u
F,P~0Wv j
RPW(F,IS39^
+PRS8';t
N$U)SS+Pj
V,RWv j
[_F(^UQQSVF
EuiF0;
WQP$F0
S~0Wv j
F(F,+F(_;E^[s
F(W~,+;s
F,P~0Wv j
^(_^[]
UQVEPf}t
\QSVWN
3A"SSN
N 9^0~ u(N$
v YF0^
MF(_^[d
N7vM,v3@
EPW/;]]t
VN$rM_^d
W3r_^[]
QSUVWL$
upW&;u
_^][YVF`t =
;rF Wu
VF W3;
PR`~ _^
`LqqU}
39~ }t
<A|2<Z
<A|@<Z
UQSVWtJv
UQSVWtJv
uAht-D
t';s#P
E]3h-D
PMuEh-D
EPEPEPSSuE
uJEPEh-D
;tHMQh=C
G;|3M_^[
LMQMQMQWPu
tK;tGVWP
P Fp;t
vL`vPXv\Pv`Hvd@M
~@~x~`~d~P~\
uo!EPgPE
VW3E8;
pfvP}h/D
M@^cVW3~
~ ~(~,
x4xTLP
~<~8_F$
F0F4EM^d
_j X;~
SUVW3UUt$ t$ U
SWt$ t$ U
pPCYYu
t$$PQ$_^
t$$PQ(_^
t$$PQ,_^
t$$PQ0_^
t$$PQ4_^
t$$PQ8_^
t$$PQ<_^
PQ@_^]
t$$PQD_^
t$$PQP_^
t$ t$(PQT_^
PQX_^]$
PQ\_^]
t$ PQd_^
VvP+t$
SVWEP3
VWhL=D
u7EPEPWVWWWsP
EPEPEWVWWWpdu9}5
E_^[UQQV3Wu^;u
3%EPEPVh
P4PTHLPPVF,W=`
P P$P(<
UQQSVF
_^[SVW^
tQQSVW39>eu
3t3Vt$
UQSVWw
UQS3Vu
W6M_^d
u)UtkV
_^P^D^[
VVVVUSVVPVD$
VVt$ D$
3VVVVUSVV
VVt$ PUSVV_^][
^39~\u
PlYF\9~Lu)h
v\>YFLFLC
9~`u1~h
9~du"hlKD
F$hlMD
QSVQZ38X
R9^<F8pC
3MF<RH<B
3@M^[d
F$F(N F4
u?;u<W
?u3_^[
VWMP8G
UQVFdWt
MQP,VF|
X;t8uu
3@_^V]D$
YM-SM^d
VN(;N,r
A(Q,;r
QVj8(Y
Pv,v$v
N(H(M^d
W39xu7}
3;F8ve9^,ue
MQP\tQ9^(tLW=
Pd^,_(9^,t
MQPX3@^[
SVWe3VVVu
SVWe3VVj
~`SVWu
PSVuOE
.ouuuP=JP
EP3K\f9]
uj ESPYE
URURVURu
uuU39]
EPUj YE
3M9]=X
t#VSEPP
PBYtBs
U]uWVu,
39Ctp;t'S
duWSP?
39Et+u
duWuP)?
cuWSP>
cuVSP>P
qQSVWu
SUVWUj
V)yYY0p
^,F(;t
^(_^][V~F
SMQuMt
MM(7dD
M8MdM(XD
EPMQS[
MH#MPM#lD
u#j#_#mcM
`IMm8D
NIMI!M
HM(2M ()M<
VHM1M (\D
'M8'TD
_FM%MDM
=FM<M4
EM{0pMhp]@R G<M4
dEYhHsV
http://stat.wamme.cn/C8C/gl/cnzz60.html?page=http://www.WebDllx.com/NewRun
http://stat.wamme.cn/C8C/gl/cnzz60.html?page=http://www.WebDllx.com/NoDllx
%s.bak
GameType1
ConfigL0
C:\WINDOWS\system32\drivers\etc\service5.ini
C:\WINDOWS\system32\drivers\etc\service2.ini
C:\WINDOWS\system32\drivers\etc\service1.ini
http://stat.wamme.cn/C8C/gl/cnzz61.html?page=http://www.WebDllx.com/RunExeFail
%s "33201"
C:\Program Files\%s\%s.exe
C:\Program Files\%s
C:\WINDOWS\system32\drivers\etc\service3.ini
CExplorer1
TypeLib
Software
SYSTEM
SECURITY
Hardware
Interface
FileType
Component Categories
Delete
NoRemove
ForceRemove
GetPriorityClass
OpenProcess
CreateToolhelp32Snapshot (of processes)
ConfigL3
ConfigL2
ConfigL1
ConfigL4x
ConfigL4
explorer.exe
%s\explorer.exe
c:\windows\KB978978.log
AtlAxWin71
AtlAxWinLic71
Fabout:blank
/C8C/gl/
On%D,3&
F#32770
59N\IPK
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
AXWIN Frame Window
ATL:%8.8X
AXWIN UI Window
WM_ATLGETCONTROL
WM_ATLGETHOST
Error!
ConfigL5
ConfigL6
C:\WINDOWS\system\sdax.txt
HTTP://
http://
fdfdadsafdfghfjkt
.2345.COM
.2345.com
Start Page
Software\Microsoft\Internet Explorer\Main
sfdafsdafdsfdsfa
startup.exe
-----error
-----OK
Filtrate
FiltraEx
CWinApp
PreviewPages
Settings
ntdll.dll
Control Panel\Desktop\ResourceLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
kernel32.dll
NoFileMru
NoBackButton
NoPlacesBar
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
NoEntireNetwork
Software\Microsoft\Windows\CurrentVersion\Policies\Network
NoClose
NoRecentDocsHistory
NoNetConnectDisconnect
RestrictRun
NoDrives
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
%s.dll
Software\
CWinThread
CCmdTarget
AfxOldWndProc423
AfxWnd70s
AfxControlBar70s
AfxMDIFrame70s
AfxFrameOrView70s
AfxOleControl70s
EnumDisplayDevicesA
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
8qInitCommonControlsEx
COMCTL32.DLL
@1%hisD
HtmlHelpA
hhctrl.ocx
#32768
commctrl_DragListMsg
CDialog
MS Shell Dlg
software
COleException
CInvalidArgException
CNotSupportedException
CMemoryException
CException
CGdiObject
CPaintDC
CWindowDC
CClientDC
CUserException
CResourceException
CObject
CMapPtrToPtr
System
Dw=U:s
CPtrList
CMemFile
CArchiveException
NotifyWinEvent
user32.dll
MSWHEEL_ROLLMSG
CFileException
COleDispatchException
RichEdit Text and Objects
Rich Text Format
FileNameW
FileName
Link Source Descriptor
Object Descriptor
Link Source
Embed Source
Embedded Object
ObjectLink
OwnerLink
Native
CByteArray
%2\CLSID
%2\Insertable
%2\protocol\StdFileEditing\verb\0
%2\protocol\StdFileEditing\server
CLSID\%1
CLSID\%1\ProgID
CLSID\%1\InprocHandler32
ole32.dll
CLSID\%1\LocalServer32
CLSID\%1\Verb\0
&Edit,0,2
CLSID\%1\Verb\1
&Open,0,2
CLSID\%1\Insertable
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultIcon
CLSID\%1\MiscStatus
CLSID\%1\InProcServer32
CLSID\%1\DocObject
%2\DocObject
CLSID\%1\Printable
CLSID\%1\DefaultExtension
%9, %8
COleBusyDialog
COleDialog
commdlg_FindReplace
KERNEL32
CorExitProcess
mscoree.dll
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
A buffer overrun has been detected which has corrupted the program's
internal state. The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state. The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h````
ppxxxx
(null)
runtime error
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Runtime Error!
Program:
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GAIsProcessorFeaturePresent
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
InitializeCriticalSectionAndSpinCount
1#QNAN
1#SNAN
Dw=|:s
Dw=U:s
Dw=}:s
Dw=~:s
Dw=m:s
Dw=c:s
Dw=&:s
Dw=y:s
Dw=':s
Dw=d:s
Dw=]:s
Dw=z:s
Dw=h:s
Dw=i:s
Dw={:s
Dw=g:s
Dw=f:s
Dw=t:s
Dw=u:s
Dw=_:s
Dw=^:s
Dw=`:s
OLEACC.dll
RSDSct=(aN
e:\JinZQ\Hook
\CallWebDllLib\Release\CallDll.pdb
CreateStdAccessibleObject
LresultFromObject
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
MoveFileA
DeleteFileA
CopyFileA
CreateProcessA
GetModuleFileNameA
CreateDirectoryA
GetPrivateProfileStringA
CloseHandle
CreateThread
MultiByteToWideChar
GetLastError
GetVersion
lstrcmpiA
lstrlenW
lstrlenA
CompareStringA
CompareStringW
HeapFree
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
Process32Next
GetPriorityClass
OpenProcess
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
GetProcessId
GetWindowsDirectoryA
GetTickCount
InterlockedIncrement
InterlockedDecrement
MulDiv
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
GetModuleHandleA
FreeLibrary
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
GetCurrentThreadId
WritePrivateProfileStringA
MoveFileExA
LoadLibraryA
FindResourceExA
TerminateProcess
OutputDebugStringW
LocalFree
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
GetProcAddress
GlobalDeleteAtom
GetCurrentThread
GlobalAddAtomA
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
FreeResource
GlobalFree
FormatMessageA
SetLastError
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTimeZoneInformation
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
KERNEL32.dll
DrawIcon
AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
CharUpperA
GetWindowLongA
IsWindow
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
SetWindowLongA
CreateWindowExA
UnregisterClassA
DefWindowProcA
GetSysColor
ReleaseCapture
SetCapture
FillRect
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
CallWindowProcA
EndPaint
BeginPaint
DestroyAcceleratorTable
GetWindow
IsChild
GetFocus
SetFocus
GetDlgItem
RedrawWindow
DestroyWindow
SetWindowPos
GetClassNameA
GetParent
CharNextA
CreateAcceleratorTableA
RegisterClassExA
wsprintfA
LoadCursorA
GetClassInfoExA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
RegisterClassA
MessageBoxA
GetWindowThreadProcessId
PeekMessageA
SetTimer
PostMessageA
SetCursor
IsWindowEnabled
GetLastActivePopup
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetActiveWindow
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
PtInRect
CopyRect
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
GetDlgCtrlID
SetWindowPlacement
GetClassInfoA
EqualRect
AdjustWindowRectEx
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenu
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
SetActiveWindow
GetForegroundWindow
SendDlgItemMessageA
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetCapture
WinHelpA
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
MapDialogRect
SetWindowContextHelpId
IsDialogMessageA
MoveWindow
DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetWindowDC
GetSysColorBrush
IsRectEmpty
SetRect
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
USER32.dll
DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
CreateSolidBrush
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetBkColor
GetTextColor
ExtTextOutA
SaveDC
RestoreDC
SetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GDI32.dll
GetFileTitleA
comdlg32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
COMCTL32.dll
PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
SHLWAPI.dll
oledlg.dll
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
OleInitialize
OleUninitialize
CoInitialize
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
ole32.dll
OLEAUT32.dll
GetModuleFileNameExA
PSAPI.DLL
WS2_32.dll
CallDll.exe
?EngineProc@@YGJHIJ@Z
?process1@@YAHHHHPAD@Z
?process2@@YAHXZ
?process3@@YAHH@Z
?process5@@YAHH@Z
Installing
reqwerwr
DirectX
turtyrtw
eyrtrgfh
DirectSetup
jhgsggfh
Applications
trgfhsdg
reqwerwr
turtyrtw
eyrtrgfh
depend
jhgsggfh
function
trgfhsdg
necessary
reqwerwr
system
turtyrtw
components
eyrtrgfh
existing
jhgsggfh
Windows
trgfhsdg
installation
reqwerwr
Checking
turtyrtw
Installed
eyrtrgfh
Version
jhgsggfh
Standard
trgfhsdg
Custom
reqwerwr
Enabling
turtyrtw
AutoPlay
eyrtrgfh
Naming
jhgsggfh
Reducing
trgfhsdg
theHelp
reqwerwr
turtyrtw
Dependency
eyrtrgfh
released
jhgsggfh
optional
trgfhsdg
Before
reqwerwr
waysto
turtyrtw
findout
eyrtrgfh
Diagnostic
jhgsggfh
trgfhsdg
GetDXVer
reqwerwr
Sample
turtyrtw
GetVersion
eyrtrgfh
application
jhgsggfh
trgfhsdg
reqwerwr
headers
turtyrtw
eyrtrgfh
jhgsggfh
library
trgfhsdg
thatcomes
reqwerwr
withthe
turtyrtw
provides
eyrtrgfh
without
jhgsggfh
having
trgfhsdg
towrite
reqwerwr
following
turtyrtw
Redist
eyrtrgfh
license
jhgsggfh
agreement
trgfhsdg
progress
reqwerwr
reporting
turtyrtw
message
eyrtrgfh
handling
jhgsggfh
interface
trgfhsdg
during
reqwerwr
click-through
turtyrtw
eyrtrgfh
requires
jhgsggfh
managed
trgfhsdg
reqwerwr
verify
turtyrtw
Framework
eyrtrgfh
skipto
jhgsggfh
trgfhsdg
command
reqwerwr
perating
turtyrtw
systems
eyrtrgfh
supports
jhgsggfh
languages
trgfhsdg
Chinese
reqwerwr
Traditional
turtyrtw
eyrtrgfh
jhgsggfh
English
trgfhsdg
American
reqwerwr
French
turtyrtw
German
eyrtrgfh
Italian
jhgsggfh
Japanese
trgfhsdg
Korean
reqwerwr
Polish
turtyrtw
ortuguese
eyrtrgfh
Brazil
jhgsggfh
Russian
trgfhsdg
Spanish
reqwerwr
Swedish
turtyrtw
commandline
eyrtrgfh
option
jhgsggfh
silent
trgfhsdg
Performs
reqwerwr
facilitates
turtyrtw
Reference
eyrtrgfh
several
jhgsggfh
structures
trgfhsdg
callback
reqwerwr
customizing
turtyrtw
demonstrates
eyrtrgfh
Dinstall
jhgsggfh
Follow
trgfhsdg
instructions
reqwerwr
Redistributable
turtyrtw
contained
eyrtrgfh
agreements
jhgsggfh
within
trgfhsdg
Documentation
reqwerwr
parameter
turtyrtw
lpszRootPath
eyrtrgfh
points
jhgsggfh
trgfhsdg
directory
reqwerwr
indicate
turtyrtw
contain
eyrtrgfh
Dsetup1
jhgsggfh
Dsetup2
jhgsggfh
proper
reqwerwr
structure
turtyrtw
locations
eyrtrgfh
download
jhgsggfh
Extracted
trgfhsdg
obtained
reqwerwr
Employ
turtyrtw
eyrtrgfh
integrate
jhgsggfh
Update
trgfhsdg
indicator
reqwerwr
Suppress
turtyrtw
status
eyrtrgfh
novice
jhgsggfh
errors
trgfhsdg
upgrade
reqwerwr
choices
turtyrtw
silently
eyrtrgfh
approach
jhgsggfh
development
trgfhsdg
appropriate
reqwerwr
audience
turtyrtw
provided
eyrtrgfh
obtains
jhgsggfh
MessageBox
trgfhsdg
upgraded.
reqwerwr
conforms
turtyrtw
prototype
eyrtrgfh
declaration
jhgsggfh
entirely
trgfhsdg
Typically
reqwerwr
present
turtyrtw
alternatives
eyrtrgfh
accordingly
jhgsggfh
trgfhsdg
Autorun
reqwerwr
compact
turtyrtw
runtime
eyrtrgfh
redistribution
jhgsggfh
purposes
trgfhsdg
available
reqwerwr
platforms
turtyrtw
distribution
eyrtrgfh
dependant
jhgsggfh
shipped
trgfhsdg
against
reqwerwr
folder
turtyrtw
convention
eyrtrgfh
Platform
jhgsggfh
December
trgfhsdg
future
reqwerwr
instead
turtyrtw
previous
eyrtrgfh
behavioral
jhgsggfh
recommend
trgfhsdg
footprint
reqwerwr
require
turtyrtw
customer
eyrtrgfh
component
jhgsggfh
Graphics
trgfhsdg
Security
reqwerwr
topics
turtyrtw
Morgan
eyrtrgfh
Kaufmann
jhgsggfh
Publishers
trgfhsdg
reqwerwr
Multimedia
turtyrtw
Synthesis
eyrtrgfh
Composition
jhgsggfh
Performance
trgfhsdg
Schirmer
reqwerwr
Addison
turtyrtw
Wesley
eyrtrgfh
Brockschmidt
jhgsggfh
Inside
trgfhsdg
Education
reqwerwr
Debugging
turtyrtw
Internals
eyrtrgfh
privileges
jhgsggfh
install
trgfhsdg
http://www.baiduo.org/
http://i.maxthon.cn/
http://stat.wamme.cn/C8C/gl/cnzz60.html
http://stat.wamme.cn/C8C/gl/cnzz61.html?page=%s
http://stat.wamme.cn/C8C/gl/cnzz60.html?RunCount=%d,NoActiveCount=%d,NoActiveFlag=%d,NoActiveThree=%d
C:\WINDOWS\system32\drivers\etc\service5.ini
http://stat.wamme.cn/C8C/gl/cnzz60.html?HomePage=%s
C:\Program Files\NewGameUpdate\GameUpdate1.exe
C:\Program Files\NewGameUpdate\bak.exe
C:\Program Files\GameVersionUpdate1\GameUpdate1.exe
C:\Program Files\GameVersionUpdate1\bak.exe
C:\Program Files\UpdateTool\GameUpdate2.exe
C:\Program Files\UpdateTool\bak.exe
C:\Program Files\RealInfo\startup.exe
C:\Program Files\RealInfo
.PAVCException@@
WebBrowser
WebBrowser
Web Browser
Web Browser
.?AV_com_error@@
.?AVCObject@@
.?AVCCmdTarget@@
.?AVCWinThread@@
.?AVCWinApp@@
.PAVCMemoryException@@
.?AVCCmdUI@@
xwvutsrqponmlkjihgf
.?AVXAccessible@CWnd@@
.?AVXAccessibleServer@CWnd@@
.?AVCWnd@@
.?AVCNoTrackObject@@
.?AV_AFX_HTMLHELP_STATE@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.?AUIAccessibleProxy@@
.?AUIUnknown@@
.?AUIDispatch@@
.?AUIAccessible@@
.?AV?$IAccessibleProxyImpl@VCAccessibleProxy@ATL@@@ATL@@
.?AUIOleWindow@@
.?AVCComObjectRootBase@ATL@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AVCAccessibleProxy@ATL@@
.?AV?$CMFCComObject@VCAccessibleProxy@ATL@@@@
.?AVCDialog@@
.?AVCOccManager@@
.?AVCEnumArray@@
.?AVCEnumUnknown@@
.?AVCPtrList@@
.?AV?$_CTypedPtrList@VCPtrList@@PAUCOleControlSiteOrWnd@@@@
.?AVCGdiObject@@
.?AVCFont@@
.?AVCOleControlContainer@@
.?AV?$CTypedPtrList@VCPtrList@@PAUCOleControlSiteOrWnd@@@@
.?AUIParseDisplayName@@
.?AUIOleContainer@@
.?AVXOleContainer@COleControlContainer@@
.?AUIOleInPlaceUIWindow@@
.?AUIOleInPlaceFrame@@
.?AVXOleIPFrame@COleControlContainer@@
.?AVCException@@
.?AVCOleException@@
.PAVCObject@@
.PAVCOleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCSimpleException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCInvalidArgException@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AVCMenu@@
.?AUIAtlStringMgr@ATL@@
.?AVCAfxStringMgr@@
.PAVCResourceException@@
.?AVCResourceException@@
.?AVCUserException@@
.?AVCDC@@
.?AVCClientDC@@
.?AVCWindowDC@@
.?AVCPaintDC@@
.?AUCThreadData@@
.?AVCFile@@
.?AVCFileException@@
.?AVCHandleMap@@
.?AVCMapPtrToPtr@@
.?AVCDataSourceControl@@
.?AVCRgn@@
.?AUINotifyDBEvents@@
.?AUIOleClientSite@@
.?AVXOleClientSite@COleControlSite@@
.?AUIOleControlSite@@
.?AVXOleControlSite@COleControlSite@@
.?AVXAmbientProps@COleControlSite@@
.?AUIPropertyNotifySink@@
.?AVXPropertyNotifySink@COleControlSite@@
.?AVXEventSink@COleControlSite@@
.?AUIBoundObjectSite@@
.?AVXBoundObjectSite@COleControlSite@@
.?AVXNotifyDBEvents@COleControlSite@@
.?AUIRowsetNotify@@
.?AVXRowsetNotify@COleControlSite@@
.?AUIOleInPlaceSite@@
.?AUIOleInPlaceSiteEx@@
.?AUIOleInPlaceSiteWindowless@@
.?AVXOleIPSite@COleControlSite@@
.?AVCOleControlSite@@
.?AVCMemFile@@
.?AUIEnumVOID@@
.?AVXEnumVOID@CEnumArray@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
.?AVCArchiveException@@
.PAVCFileException@@
.?AVCCommonDialog@@
.?AVCOleDispatchException@@
.?AUISequentialStream@@
.?AUIStream@@
.?AVCArchiveStream@@
.?AVCByteArray@@
.?AVCOleMessageFilter@@
.?AUIMessageFilter@@
.?AVXMessageFilter@COleMessageFilter@@
Apartment
.?AV_AFX_OLE_STATE@@
.?AVCOleDialog@@
.?AVCOleBusyDialog@@
.?AVtype_info@@
Ix@oGAkU'9p|B
~QCv)/&D(
uuvHMXB
9;5SM]=];Z] T7aZ%]g']
?Zd;On
7?3=Bz
;1az?aUY~S|
D?$?9'
*?}d|FU>c{
zc%C1<!8G
u7.:3q
#2IZ9W
,%I-64OSk%Y
zwwwxwwp
??>|<<
>|???
>|?<<<<>|??
jjjjjjj
AAAAAAAAAAAAAAAAAAAA
REGISTRY
Module_Raw
Module
Shell.Explorer.2
<Unknown:%d>
<NULL>
<EMPTY>
OnEvent:%s(%s)
YaccDoDefaultAction
accHitTest
accNavigate
accLocation
accSelect
accDefaultAction
accSelection
accFocus
accKeyboardShortcut
accHelpTopic
accHelp
accState
accRole
accDescription
accValue
accName
accChild
accChildCount
accParent
AAAAAAAA
AAAAAA
CCCCCD
h(((( H
(null)
((((( H
h(((( H
H
BBBBBB
CallDll
MS Shell Dlg
CallDll Version 1.0
Copyright (C) 2009
MS Shell Dlg
{8856F961-340A-11D0-A96B-00C04FD705A2}
VS_VERSION_INFO
StringFileInfo
080403a8
FileVersion
1.0.0.21
ProductVersion
1.0.0.21
VarFileInfo
Translation
MS Shell Dlg
Cancel
F&Help
CallDll(&A)...
Save As
All Files (*.*)
Untitled
an unnamed file
No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.
Out of memory.
An unknown error has occurred.$An invalid argument was encountered.
Invalid filename.
Failed to open document.
Failed to save document.
Save changes to %1? Failed to create empty document.
The file is too large to open.
Could not start print job.
Failed to launch help.
Internal application error.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
#Unable to read write-only property.#Unable to write read-only property.
Unexpected file format.V%1
Cannot find this file.
Please verify that the correct path and file name are given.Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
Please enter an integer.
Please enter a number.*Please enter an integer between %1 and %2.(Please enter a number between %1 and %2.(Please enter no more than %1 characters.
Please select a button.*Please enter an integer between 0 and 255. Please enter a positive integer. Please enter a date and/or time.
Please enter a currency.
Please enter a GUID.
Please enter a time.
Please enter a date.
No error occurred.-An unknown error occurred while accessing %1.
%1 was not found.
%1 contains an invalid path.=%1 could not be opened because there are too many open files.
Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.
Seek failed on %15A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.
Disk full while accessing %1..An attempt was made to access %1 past its end.
No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.
%1 has a bad format."%1 contained an unexpected object. %1 contains an incorrect schema.
#Unable to load mail system support.
Mail system DLL is invalid.!Send Mail failed to send message.
pixels
%1: %2
Continue running script?
Dispatch exception: %1
Uncheck

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.