Susp_Dropper (Kaspersky), Trojan.Win32.FlyStudio.FD, mzpefinder_pcap_file.YR, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: aa6018bc373aac97e1857d0ca7f9aa1d
SHA1: 80d1e20f0730215412b58773af37b22fd17f9657
SHA256: fd15101457e865f476f1e46ccb27b1480ca4e74f0fed7ed109264dd8dac3c8e8
SSDeep: 49152:Fbb0Mbwzi3iwKMP9rk04AkWrC6vk04AkWRG:lYIwzi3iwKMPVWWrPWWc
Size: 2699264 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company:
Created at: 2017-01-24 08:31:11
Analyzed on: Windows7 SP1 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):
%original file name%.exe:2156
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:2156 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\AmandaUpdata.exe (929 bytes)
Registry activity
The process %original file name%.exe:2156 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\aa6018bc373aac97e1857d0ca7f9aa1d_RASAPI32]
"EnableFileTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
"WpadLastNetwork" = "{24C5EDBC-2851-452A-B521-5DA992F6C1B5}"
[HKLM\SOFTWARE\Microsoft\Tracing\aa6018bc373aac97e1857d0ca7f9aa1d_RASMANCS]
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadDecision" = "3"
"WpadDecisionTime" = "D0 F8 82 C3 28 8F D2 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings" = "46 00 00 00 09 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Tracing\aa6018bc373aac97e1857d0ca7f9aa1d_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecision" = "3"
[HKLM\SOFTWARE\Microsoft\Tracing\aa6018bc373aac97e1857d0ca7f9aa1d_RASMANCS]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\aa6018bc373aac97e1857d0ca7f9aa1d_RASAPI32]
"FileDirectory" = "%windir%\tracing"
"FileTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecisionReason" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\aa6018bc373aac97e1857d0ca7f9aa1d_RASAPI32]
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 36 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadNetworkName" = "Network 2"
[HKLM\SOFTWARE\Microsoft\Tracing\aa6018bc373aac97e1857d0ca7f9aa1d_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\aa6018bc373aac97e1857d0ca7f9aa1d_RASAPI32]
"MaxFileSize" = "1048576"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadDecisionReason" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\aa6018bc373aac97e1857d0ca7f9aa1d_RASMANCS]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\aa6018bc373aac97e1857d0ca7f9aa1d_RASAPI32]
"EnableConsoleTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecisionTime" = "D0 F8 82 C3 28 8F D2 01"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"
Dropped PE files
MD5 | File path |
---|---|
35e87b75f290dcbe39eecf52381d7459 | c:\AmandaUpdata.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:2156
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\AmandaUpdata.exe (929 bytes)
- Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Static Analysis
VersionInfo
Company Name: iporus QQ:1099490909
Product Name: WeChat Lite
Product Version: 3.0.0.0
Legal Copyright: WeChat lite??????????????
????????,????????????
?????(??/??/??);???????
?????????????????????
?,?????????,????!????
??????web??????,??????,
????????????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 3.0.0.0
File Description: ?????
Comments: ?????WeChat Lite
??:www.52chat.cc
Language: Language Neutral
Company Name: iporus QQ:1099490909Product Name: WeChat LiteProduct Version: 3.0.0.0Legal Copyright: WeChat lite??????????????????????,?????????????????(??/??/??);?????????????????????????????,?????????,????!??????????web??????,??????,????????????Legal Trademarks: Original Filename: Internal Name: File Version: 3.0.0.0File Description: ?????Comments: ?????WeChat Lite??:www.52chat.ccLanguage: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 1016486 | 1019904 | 4.49464 | 699939c5fdcbd9f5a70b486aabb925df |
.rdata | 1024000 | 1510660 | 1511424 | 5.10722 | 6da9cd672e7788d5efe253bf1e453967 |
.data | 2535424 | 424202 | 110592 | 3.72769 | 7a74bddb8f9c7bce1e0d5a60d2dfd259 |
.rsrc | 2961408 | 49688 | 53248 | 3.4213 | f0022ead53dd469f9233e923c22d4e65 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://u755.v.qingcdn.com/AmandaUpdata.exe | |
hxxp://u755.v.qingcdn.com/版本å·.txt | |
hxxp://o9fqva4p0.bkt.clouddn.com/版本å·.txt | 150.138.141.93 |
hxxp://o9fqva4p0.bkt.clouddn.com/AmandaUpdata.exe | 150.138.141.93 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /AmandaUpdata.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: o9fqva4p0.bkt.clouddn.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Feb 2017 05:34:04 GMT
Content-Type: application/x-msdownload
Content-Length: 929792
Connection: keep-alive
Server: openresty
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Cache-Control: public, max-age=31536000
Content-Disposition: inline; filename="AmandaUpdata.exe"
Content-Transfer-Encoding: binary
ETag: "FgE5TcjQwOmsz6cXQkw9RS5pkgyp"
Last-Modified: Wed, 18 Jan 2017 13:38:36 GMT
X-Log: mc.g;IO:1
X-M-Log: QNM:xs449;QNM2:9
X-M-Reqid: sw0AALJnSKVYn6EU
X-Qiniu-Zone: 0
X-Qnm-Cache: Hit
X-Reqid: mxgAANRfTb3nYZsU
X-Ser: BC15_dx-lt-yd-zhejiang-huzhou-2-cache-4, BC94_dx-shandong-qingdao-1-cache-4
X-Cache: HIT from BC94_dx-shandong-qingdao-1-cache-4(baishan)
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J...............u...........%...X...".......P...l.......8...P...8...........................C...........Rich............................PE..L...Co.X..........................................@..........................................................................:..,....p...`..............................................................................8............................text............................... ..`.rdata..............................@..@.data...H....`...`...`..............@....rsrc....`...p...p..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<< skipped >>>
GET /版本å·.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: o9fqva4p0.bkt.clouddn.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Feb 2017 05:34:11 GMT
Content-Type: text/plain
Content-Length: 5
Connection: keep-alive
Server: openresty
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Cache-Control: public, max-age=31536000
Content-Disposition: inline; filename="版本å·.txt"
Content-Transfer-Encoding: binary
ETag: "FgZ1LS-3_mX2GPQKmjPr5MyOIEMX"
Last-Modified: Tue, 24 Jan 2017 06:31:17 GMT
Vary: Accept-Encoding
X-Log: mc.g:1/404;mc.g;RS;mc.s;IO:132
X-M-Log: QNM:xs467;QNM2:161
X-M-Reqid: jAMAAPLnRhQLsKAU
X-Qiniu-Zone: 0
X-Qnm-Cache: Hit
X-Reqid: jAMAAPYWvNZ6oZwU
X-Ser: BC19_dx-lt-hebei-shijiazhuang-2-cache-5, BC98_dx-shandong-qingdao-1-cache-4
X-Cache: HIT from BC98_dx-shandong-qingdao-1-cache-4(baishan)
3.2.6HTTP/1.1 200 OK..Date: Sat, 25 Feb 2017 05:34:11 GMT..Content-Type: text/plain..Content-Length: 5..Connection: keep-alive..Server: openresty..Accept-Ranges: bytes..Access-Control-Allow-Origin: *..Access-Control-Expose-Headers: X-Log, X-Reqid..Access-Control-Max-Age: 2592000..Cache-Control: public, max-age=31536000..Content-Disposition: inline; filename="版本å·.txt"..Content-Transfer-Encoding: binary..ETag: "FgZ1LS-3_mX2GPQKmjPr5MyOIEMX"..Last-Modified: Tue, 24 Jan 2017 06:31:17 GMT..Vary: Accept-Encoding..X-Log: mc.g:1/404;mc.g;RS;mc.s;IO:132..X-M-Log: QNM:xs467;QNM2:161..X-M-Reqid: jAMAAPLnRhQLsKAU..X-Qiniu-Zone: 0..X-Qnm-Cache: Hit..X-Reqid: jAMAAPYWvNZ6oZwU..X-Ser: BC19_dx-lt-hebei-shijiazhuang-2-cache-5, BC98_dx-shandong-qingdao-1-cache-4..X-Cache: HIT from BC98_dx-shandong-qingdao-1-cache-4(baishan)..3.2.6..
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_2156:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
t$(SSh
t$(SSh
|$D.tm
|$D.tm
~%UVW
~%UVW
u$SShe
u$SShe
ole32.dll
ole32.dll
kernel32.dll
kernel32.dll
Kernel32.dll
Kernel32.dll
GdiPlus.dll
GdiPlus.dll
user32.dll
user32.dll
message.dll
message.dll
Ole32.dll
Ole32.dll
{B6F7542F-B8FE-46a8-9605-98856A687097}
{B6F7542F-B8FE-46a8-9605-98856A687097}
\AmandaUpdata.exe
\AmandaUpdata.exe
hXXp://o9fqva4p0.bkt.clouddn.com/AmandaUpdata.exe
hXXp://o9fqva4p0.bkt.clouddn.com/AmandaUpdata.exe
3.2.6
3.2.6
\AmandaUpdata.exe -up
\AmandaUpdata.exe -up
\message.dll
\message.dll
hXXp://o9fqva4p0.bkt.clouddn.com/版本å·.txt
hXXp://o9fqva4p0.bkt.clouddn.com/版本å·.txt
\data\Set.ini
\data\Set.ini
pass_ticket
pass_ticket
skey
skey
synckey
synckey
NickName
NickName
&synckey=
&synckey=
&skey=
&skey=
/cgi-bin/mmwebwx-bin/synccheck?r=
/cgi-bin/mmwebwx-bin/synccheck?r=
hXXps://webpush.
hXXps://webpush.
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[deviceid]"},"SyncKey":[key],"rr":-1592985138}
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[deviceid]"},"SyncKey":[key],"rr":-1592985138}
[skey]
[skey]
[key]
[key]
return "e" ("" Math.random().toFixed(15)).substring(2, 17)
return "e" ("" Math.random().toFixed(15)).substring(2, 17)
function time(){return new Date().getTime()}
function time(){return new Date().getTime()}
WinHttp.WinHttpRequest.5.1
WinHttp.WinHttpRequest.5.1
MSXML2.ServerXMLHTTP.6.0
MSXML2.ServerXMLHTTP.6.0
hXXp://
hXXp://
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
hXXps://login.weixin.qq.com/jslogin?appid=wx782c26e4c19acffb&redirect_uri=https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxnewloginpage&fun=new&lang=zh_CN&_=
hXXps://login.weixin.qq.com/jslogin?appid=wx782c26e4c19acffb&redirect_uri=https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxnewloginpage&fun=new&lang=zh_CN&_=
hXXps://login.weixin.qq.com/qrcode/
hXXps://login.weixin.qq.com/qrcode/
hXXps://login.weixin.qq.com/cgi-bin/mmwebwx-bin/login?loginicon=true&uuid=
hXXps://login.weixin.qq.com/cgi-bin/mmwebwx-bin/login?loginicon=true&uuid=
window.code=201
window.code=201
window.code=200
window.code=200
/cgi-bin/mmwebwx-bin/webwxinit
/cgi-bin/mmwebwx-bin/webwxinit
hXXps://
hXXps://
Skey#
Skey#
"User": \{"Uin": (\d ),"UserName": "(.*?)","NickName": "(.*?)",
"User": \{"Uin": (\d ),"UserName": "(.*?)","NickName": "(.*?)",
/cgi-bin/mmwebwx-bin/webwxstatusnotify
/cgi-bin/mmwebwx-bin/webwxstatusnotify
ClientMsgId#
ClientMsgId#
@ping 127.0.0.1 -n
@ping 127.0.0.1 -n
del Restart.bat
del Restart.bat
\Restart.bat
\Restart.bat
Amanda Robot 3.2.6-
Amanda Robot 3.2.6-
.chat.dll
.chat.dll
hXXp://VVV.52chat.cc/forum.php?mod=forumdisplay&fid=39
hXXp://VVV.52chat.cc/forum.php?mod=forumdisplay&fid=39
, #&')*)
, #&')*)
-0-(0%()(
-0-(0%()(
.gM1x
.gM1x
.uK5n
.uK5n
/k|%D
/k|%D
5n%f(
5n%f(
4T.rn
4T.rn
l.au};e
l.au};e
t-f
t-f
.GJl;
.GJl;
=pw.VR
=pw.VR
.npga
.npga
b.iNc
b.iNc
.xEl>V
.xEl>V
E{%Sqb
E{%Sqb
LÂs
LÂs
%F"c!
%F"c!
y>;.mv
y>;.mv
Y%%xh
Y%%xh
KDSMÂl
KDSMÂl
"=.eJ~
"=.eJ~
1.DL
1.DL
we%X|
we%X|
.mUlQ
.mUlQ
?mSgm
?mSgm
<.jt>
<.jt>
f.yC0
f.yC0
Ea.zj
Ea.zj
>5.KX
>5.KX
.LUn
.LUn
j%.Ko
j%.Ko
TV8-r%S
TV8-r%S
wBKÅ“
wBKÅ“
t}&.aBp
t}&.aBp
.byv5wq
.byv5wq
.Vz&w
.Vz&w
qG%UQoU
qG%UQoU
[Ssh;}
[Ssh;}
%z.QB]
%z.QB]
/cgi-bin/mmwebwx-bin/webwxoplog?lang=zh_CN&pass_ticket=
/cgi-bin/mmwebwx-bin/webwxoplog?lang=zh_CN&pass_ticket=
CmdId#
CmdId#
/cgi-bin/mmwebwx-bin/webwxupdatechatroom?fun=modtopic
/cgi-bin/mmwebwx-bin/webwxupdatechatroom?fun=modtopic
Amanda Robot 3.2.6
Amanda Robot 3.2.6
\plugin\*.chat.dll
\plugin\*.chat.dll
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[deviceid]"},"Msg":{"Type":1,"Content":"[msg]","FromUserName":"[FromUserName]","ToUserName":"[ToUserName]","LocalID":"[time]","ClientMsgId":"[time]"}}
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[deviceid]"},"Msg":{"Type":1,"Content":"[msg]","FromUserName":"[FromUserName]","ToUserName":"[ToUserName]","LocalID":"[time]","ClientMsgId":"[time]"}}
[imageUrl=
[imageUrl=
[msg]
[msg]
/cgi-bin/mmwebwx-bin/webwxsendmsg?lang=zh_CN
/cgi-bin/mmwebwx-bin/webwxsendmsg?lang=zh_CN
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[deviceid]"},"Msg":{"Type":3,"MediaId":"[mediaid]","FromUserName":"[FromUserName]","ToUserName":"[ToUserName]","LocalID":"[time]","ClientMsgId":"[time]"}}
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[deviceid]"},"Msg":{"Type":3,"MediaId":"[mediaid]","FromUserName":"[FromUserName]","ToUserName":"[ToUserName]","LocalID":"[time]","ClientMsgId":"[time]"}}
/cgi-bin/mmwebwx-bin/webwxsendmsgimg?fun=async&f=json
/cgi-bin/mmwebwx-bin/webwxsendmsgimg?fun=async&f=json
/cgi-bin/mmwebwx-bin/webwxpreview?fun=upload
/cgi-bin/mmwebwx-bin/webwxpreview?fun=upload
--------------QMO.Package.Partition.6681144.1957164416.30505904
--------------QMO.Package.Partition.6681144.1957164416.30505904
Content-Disposition: form-data; name="msgimgrequest"
Content-Disposition: form-data; name="msgimgrequest"
{"MsgType":3,"Type":3,"FromUserName":"[FromUserName]","ToUserName":"[ToUserName]","MsgId":"[time]","LocalID":"[time]","ClientMsgId":"[time]","CreateTime":[time10],"MMStatus":0}
{"MsgType":3,"Type":3,"FromUserName":"[FromUserName]","ToUserName":"[ToUserName]","MsgId":"[time]","LocalID":"[time]","ClientMsgId":"[time]","CreateTime":[time10],"MMStatus":0}
Content-Disposition: form-data; name="filename"; filename="C:\Users\ADMINI~1\AppData\Local\Temp\{FA56FC32-EEC7-4A0D-861D-BD62481B7F83}.tmp"
Content-Disposition: form-data; name="filename"; filename="C:\Users\ADMINI~1\AppData\Local\Temp\{FA56FC32-EEC7-4A0D-861D-BD62481B7F83}.tmp"
--------------QMO.Package.Partition.6681144.1957164416.30505904--
--------------QMO.Package.Partition.6681144.1957164416.30505904--
Content-Type: multipart/form-data; boundary=------------QMO.Package.Partition.6681144.1957164416.30505904
Content-Type: multipart/form-data; boundary=------------QMO.Package.Partition.6681144.1957164416.30505904
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[deviceid]"},"Msg":{"Type":47,"EmojiFlag":[type],"EMoticonMd5":"[md5]","FromUserName":"[fromusername]","ToUserName":"[tousername]","LocalID":"[time]","ClientMsgId":"[time]"},"Scene":0}
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[deviceid]"},"Msg":{"Type":47,"EmojiFlag":[type],"EMoticonMd5":"[md5]","FromUserName":"[fromusername]","ToUserName":"[tousername]","LocalID":"[time]","ClientMsgId":"[time]"},"Scene":0}
/cgi-bin/mmwebwx-bin/webwxsendemoticon?fun=sys
/cgi-bin/mmwebwx-bin/webwxsendemoticon?fun=sys
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[deviceid]"},"Msg":{"FromUserName":"[fromusername]","ToUserName":"[tousername]","Type":42,"Content":"[xml]","ClientMsgId":[time],"LocalID":[time]}}
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[deviceid]"},"Msg":{"FromUserName":"[fromusername]","ToUserName":"[tousername]","Type":42,"Content":"[xml]","ClientMsgId":[time],"LocalID":[time]}}
' certflag='
' certflag='
' nickname='
' nickname='
/cgi-bin/mmwebwx-bin/webwxsendmsg?sid=
/cgi-bin/mmwebwx-bin/webwxsendmsg?sid=
skey#
skey#
/cgi-bin/mmwebwx-bin/webwxverifyuser?lang=zh_CN&pass_ticket=
/cgi-bin/mmwebwx-bin/webwxverifyuser?lang=zh_CN&pass_ticket=
&seq=0&skey=
&seq=0&skey=
/cgi-bin/mmwebwx-bin/webwxgetcontact?pass_ticket=
/cgi-bin/mmwebwx-bin/webwxgetcontact?pass_ticket=
","HeadImgUrl
","HeadImgUrl
NickName": "
NickName": "
HeadImgUrl": "
HeadImgUrl": "
&lang=zh_CN&pass_ticket=
&lang=zh_CN&pass_ticket=
/cgi-bin/mmwebwx-bin/webwxverifyuser?r=
/cgi-bin/mmwebwx-bin/webwxverifyuser?r=
{"AddMemberList":"[UserName]","ChatRoomName":"[RoomName]","BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[devideid]"}}
{"AddMemberList":"[UserName]","ChatRoomName":"[RoomName]","BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[devideid]"}}
/cgi-bin/mmwebwx-bin/webwxupdatechatroom?fun=addmember&pass_ticket=
/cgi-bin/mmwebwx-bin/webwxupdatechatroom?fun=addmember&pass_ticket=
/cgi-bin/mmwebwx-bin/webwxupdatechatroom?fun=invitemember
/cgi-bin/mmwebwx-bin/webwxupdatechatroom?fun=invitemember
{"DelMemberList":"[UserName]","ChatRoomName":"[RoomName]","BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[devideid]"}}
{"DelMemberList":"[UserName]","ChatRoomName":"[RoomName]","BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[skey]","DeviceID":"[devideid]"}}
/cgi-bin/mmwebwx-bin/webwxupdatechatroom?fun=delmember&pass_ticket=
/cgi-bin/mmwebwx-bin/webwxupdatechatroom?fun=delmember&pass_ticket=
"Uin": 0,"UserName": "@@(.*?)","NickName": "(.*?|)","HeadImgUrl": "/cgi-bin/mmwebwx-bin/webwxgetheadimg\?seq=(\d )&
"Uin": 0,"UserName": "@@(.*?)","NickName": "(.*?|)","HeadImgUrl": "/cgi-bin/mmwebwx-bin/webwxgetheadimg\?seq=(\d )&
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[sid]","DeviceID":"[deviceid]"},"Count":[num],"List":[[msg]]}
{"BaseRequest":{"Uin":[uin],"Sid":"[sid]","Skey":"[sid]","DeviceID":"[deviceid]"},"Count":[num],"List":[[msg]]}
/cgi-bin/mmwebwx-bin/webwxbatchgetcontact?type=ex&r=
/cgi-bin/mmwebwx-bin/webwxbatchgetcontact?type=ex&r=
"Uin": 0,"UserName": "@(.*?)","NickName": "(.*?|)","AttrStatus"
"Uin": 0,"UserName": "@(.*?)","NickName": "(.*?|)","AttrStatus"
window.synccheck={retcode:#
window.synccheck={retcode:#
/cgi-bin/mmwebwx-bin/webwxsync?sid=
/cgi-bin/mmwebwx-bin/webwxsync?sid=
hXXp://wx.qq.com/
hXXp://wx.qq.com/
res.wx.qq.com
res.wx.qq.com
\{"UserName": "(.*?)","NickName": "(.*?|)","Sex": (\d ),"HeadImgUpdateFlag": \d ,"ContactType": \d ,"Alias": "(.*?|)","ChatRoomOwner": "(.*?|)","HeadImgUrl": "(.*?)","ContactFlag":.*?"VerifyFlag": (\d ),"RemarkName": "(.*?|)","Statues": \d ,"AttrStatus": \d ,"Province": "(.*?|)","City": "(.*?|)","SnsFlag": \d ,"KeyWord": "(.*?|)"\}
\{"UserName": "(.*?)","NickName": "(.*?|)","Sex": (\d ),"HeadImgUpdateFlag": \d ,"ContactType": \d ,"Alias": "(.*?|)","ChatRoomOwner": "(.*?|)","HeadImgUrl": "(.*?)","ContactFlag":.*?"VerifyFlag": (\d ),"RemarkName": "(.*?|)","Statues": \d ,"AttrStatus": \d ,"Province": "(.*?|)","City": "(.*?|)","SnsFlag": \d ,"KeyWord": "(.*?|)"\}
\{"MsgId".*?NewMsgId": \d ,#
\{"MsgId".*?NewMsgId": \d ,#
MsgType":
MsgType":
"MsgId": "
"MsgId": "
_EventGroupMsg
_EventGroupMsg
_EventFrinendMsg
_EventFrinendMsg
/cgi-bin/mmwebwx-bin/webwxgetmsgimg?MsgID=
/cgi-bin/mmwebwx-bin/webwxgetmsgimg?MsgID=
[imageUrl=hXXps://
[imageUrl=hXXps://
"clientmsgid="
"clientmsgid="
[voiceUrl=hXXps://
[voiceUrl=hXXps://
nickname="
nickname="
certflag="24"
certflag="24"
[videoUrl=hXXps://
[videoUrl=hXXps://
oldmsgid>
oldmsgid>
[Remove:MsgID=
[Remove:MsgID=
fromnickname="
fromnickname="
3.2.2
3.2.2
\reply.ini
\reply.ini
VVV.52chat.cc
VVV.52chat.cc
WeChat Lite 3.2.6
WeChat Lite 3.2.6
_EventOpenWindows
_EventOpenWindows
/cgi-bin/mmwebwx-bin/webwxlogout?redirect=1&type=0&skey=
/cgi-bin/mmwebwx-bin/webwxlogout?redirect=1&type=0&skey=
Y@hXXp://jq.qq.com/?_wv=1027&k=2AM3CGO
Y@hXXp://jq.qq.com/?_wv=1027&k=2AM3CGO
.zF7;
.zF7;
%%%sv
%%%sv
nwz%f
nwz%f
l.itX
l.itX
.YXWR
.YXWR
3.2.6
3.2.6
VBScript.RegExp
VBScript.RegExp
regsvr32 vbscript.dll
regsvr32 vbscript.dll
song2388959@163.com (
song2388959@163.com (
1099490909
1099490909
%d&&'
%d&&'
123456789
123456789
00003333
00003333
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.2.18
1.2.18
%*.*f
%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
iphlpapi.dll
iphlpapi.dll
SHLWAPI.dll
SHLWAPI.dll
MPR.dll
MPR.dll
WINMM.dll
WINMM.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
MSVFW32.dll
MSVFW32.dll
AVIFIL32.dll
AVIFIL32.dll
RASAPI32.dll
RASAPI32.dll
GetProcessHeap
GetProcessHeap
WinExec
WinExec
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
EnumChildWindows
EnumChildWindows
CreateDialogIndirectParamA
CreateDialogIndirectParamA
USER32.dll
USER32.dll
GetViewportOrgEx
GetViewportOrgEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
WINSPOOL.DRV
WINSPOOL.DRV
comdlg32.dll
comdlg32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
COMCTL32.dll
COMCTL32.dll
WSOCK32.dll
WSOCK32.dll
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
WININET.dll
WININET.dll
.PAVCException@@
.PAVCException@@
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
User32.dll
User32.dll
Gdi32.dll
Gdi32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
.PAVCFileException@@
.PAVCFileException@@
: %d]
: %d]
(*.*)|*.*||
(*.*)|*.*||
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|PNG
(*.JPG)|*.JPG|PNG
(*.PNG)|*.PNG|BMP
(*.PNG)|*.PNG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
out.prn
out.prn
(*.prn)|*.prn|
(*.prn)|*.prn|
%d.%d
%d.%d
%d/%d
%d/%d
1.6.9
1.6.9
unsupported zlib version
unsupported zlib version
png_read_image: unsupported transformation
png_read_image: unsupported transformation
%d / %d
%d / %d
Bogus message code %d
Bogus message code %d
libpng error: %s
libpng error: %s
libpng warning: %s
libpng warning: %s
1.1.3
1.1.3
bad keyword
bad keyword
libpng does not support gamma background rgb_to_gray
libpng does not support gamma background rgb_to_gray
Palette is NULL in indexed image
Palette is NULL in indexed image
(%d-%d):
(%d-%d):
%ld%c
%ld%c
VVV.dywt.com.cn
VVV.dywt.com.cn
(*.avi)|*.avi
(*.avi)|*.avi
RICHED32.DLL
RICHED32.DLL
RICHED20.DLL
RICHED20.DLL
WPFT532.CNV
WPFT532.CNV
WPFT632.CNV
WPFT632.CNV
EXCEL32.CNV
EXCEL32.CNV
write32.wpc
write32.wpc
Windows Write
Windows Write
mswrd632.wpc
mswrd632.wpc
Word for Windows 6.0
Word for Windows 6.0
wword5.cnv
wword5.cnv
Word for Windows 5.0
Word for Windows 5.0
mswrd832.cnv
mswrd832.cnv
mswrd632.cnv
mswrd632.cnv
Word 6.0/95 for Windows & Macintosh
Word 6.0/95 for Windows & Macintosh
html32.cnv
html32.cnv
operator
operator
keywords
keywords
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.0
HTTP/1.0
%s
%s
Reply-To: %s
Reply-To: %s
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
Cc: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
%a, %d %b %Y %H:%M:%S
SMTP
SMTP
;3 #>6.&
;3 #>6.&
'2, / 0&7!4-)1#
'2, / 0&7!4-)1#
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÃ
zcÃ
c:\%original file name%.exe
c:\%original file name%.exe
#include "l.chs\afxres.rc" // Standard components
#include "l.chs\afxres.rc" // Standard components
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
(*.*)
(*.*)
3.0.0.0
3.0.0.0
1099490909
1099490909