Gen:Variant.Strictor.121831 (B) (Emsisoft), Gen:Variant.Strictor.121831 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 3d97790b1cf6e75b267fc279aba46069
SHA1: ed0cec99a8101b93ec017a4889a77b2e959a88d4
SHA256: 7c5f68c1ef0ed1b3b029b57f162985c14a34decfec00fae210d1a46ffba908d2
SSDeep: 49152:7Nk/yvgAbrR7kPOwuOrjfG7BbePGOnArDTiB1XnSa:hkUgAtkPlXG7BqPqDTuZnSa
Size: 1976424 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: MediaGet LLC
Created at: 2017-02-08 16:14:18
Analyzed on: Windows7 SP1 32-bit
Summary: Trojan-PSW. Trojan program intended for stealing users passwords.
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):
%original file name%.exe:2928
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:2928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0GWTUJW6.txt (103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\H2GS2F82.txt (301 bytes)
C:\UPDATA.dll (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C4UNTEDQ.txt (447 bytes)
C:\PCOMM.DLL (82 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0GWTUJW6.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\H2GS2F82.txt (0 bytes)
Registry activity
The process %original file name%.exe:2928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\3d97790b1cf6e75b267fc279aba46069_RASMANCS]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\3d97790b1cf6e75b267fc279aba46069_RASAPI32]
"FileTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Tracing\3d97790b1cf6e75b267fc279aba46069_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Tracing\3d97790b1cf6e75b267fc279aba46069_RASAPI32]
"ConsoleTracingMask" = "4294901760"
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Tracing\3d97790b1cf6e75b267fc279aba46069_RASMANCS]
"EnableFileTracing" = "0"
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\3d97790b1cf6e75b267fc279aba46069_RASAPI32]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\3d97790b1cf6e75b267fc279aba46069_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\3d97790b1cf6e75b267fc279aba46069_RASAPI32]
"EnableConsoleTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\3d97790b1cf6e75b267fc279aba46069_RASAPI32]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\3d97790b1cf6e75b267fc279aba46069_RASMANCS]
"FileTracingMask" = "4294901760"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"
Dropped PE files
MD5 | File path |
---|---|
bedfff9a8296392992a458d03ba69e08 | c:\PCOMM.DLL |
4c853c2dd8c43005149f20c7797a57ce | c:\UPDATA.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0GWTUJW6.txt (103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\H2GS2F82.txt (301 bytes)
C:\UPDATA.dll (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C4UNTEDQ.txt (447 bytes)
C:\PCOMM.DLL (82 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: JMD?????V2.9.6
Product Name: ???(JMD)?????
Product Version: 2.9.6.8
Legal Copyright: ??: ???????????????????,????????????????????,?????????????,?????????????????????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.9.6.8
File Description: ?????
Comments: JMD?????
Language: Language Neutral
Company Name: JMD?????V2.9.6Product Name: ???(JMD)?????Product Version: 2.9.6.8Legal Copyright: ??: ???????????????????,????????????????????,?????????????,?????????????????????Legal Trademarks: Original Filename: Internal Name: File Version: 2.9.6.8File Description: ?????Comments: JMD?????Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
UPX0 | 4096 | 4120576 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
UPX1 | 4124672 | 1966080 | 1964544 | 5.50853 | 7babfebbe15004126f4bba2bd24b9a77 |
.rsrc | 6090752 | 12288 | 9728 | 3.68427 | 1c335228c3040b8f25c61e1cb207824c |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://www.a.shifen.com/ | |
hxxp://www.baidu.com/ |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET / HTTP/1.1
User-Agent: test
Host: VVV.baidu.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 20 Feb 2017 12:12:57 GMT
Content-Type: text/html
Content-Length: 14613
Last-Modified: Thu, 16 Feb 2017 03:07:00 GMT
Connection: Keep-Alive
Vary: Accept-Encoding
Set-Cookie: BAIDUID=CB5A39094238AC99E3247ADA8B953CD6:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BIDUPSID=CB5A39094238AC99E3247ADA8B953CD6; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1487592777; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Server: BWS/1.1
X-UA-Compatible: IE=Edge,chrome=1
Pragma: no-cache
Cache-control: no-cache
Accept-Ranges: bytes
<!DOCTYPE html><!--STATUS OK-->..<html>..<head>...<meta http-equiv="content-type" content="text/html;charset=utf-8">...<meta http-equiv="X-UA-Compatible" content="IE=Edge">...<link rel="dns-prefetch" href="//s1.bdstatic.com"/>...<link rel="dns-prefetch" href="//t1.baidu.com"/>...<link rel="dns-prefetch" href="//t2.baidu.com"/>...<link rel="dns-prefetch" href="//t3.baidu.com"/>...<link rel="dns-prefetch" href="//t10.baidu.com"/>...<link rel="dns-prefetch" href="//t11.baidu.com"/>...<link rel="dns-prefetch" href="//t12.baidu.com"/>...<link rel="dns-prefetch" href="//b1.bdstatic.com"/>...<title>...........................</title>...<link href="hXXp://s1.bdstatic.com/r/www/cache/static/home/css/index.css" rel="stylesheet" type="text/css" />...<!--[if lte IE 8]><style index="index" >#content{height:480px\9}#m{top:260px\9}</style><![endif]-->...<!--[if IE 8]><style index="index" >#u1 a.mnav,#u1 a.mnav:visited{font-family:simsun}</style><![endif]-->...<script>var hashMatch = document.location.href.match(/# (.*wd=[^&]. )/);if (hashMatch && hashMatch[0] && hashMatch[1]) {document.location.replace("hXXp://" location.host "/s?" hashMatch[1]);}var ns_c = function(){};</script>...<script>function h(obj){obj.style.behavior='url(#default#homepage)';var a = obj.setHomePage('//VVV.baidu.com/');}</script>...<noscript><meta http-equiv="refresh" conte
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_2928:
`.rsrc
`.rsrc
t%SVh
t%SVh
t$(SSh
t$(SSh
|$D.tm
|$D.tm
~%UVW
~%UVW
u$SShe
u$SShe
Bv=kAv.SCv
Bv=kAv.SCv
shlwapi.dll
shlwapi.dll
kernel32.dll
kernel32.dll
advapi32.dll
advapi32.dll
user32.dll
user32.dll
gdi32.dll
gdi32.dll
User32.dll
User32.dll
msimg32.dll
msimg32.dll
comctl32.dll
comctl32.dll
COMCTL32.DLL
COMCTL32.DLL
Kernel32.dll
Kernel32.dll
PCOMM.dll
PCOMM.dll
wininet.dll
wininet.dll
UPDATA.dll
UPDATA.dll
ole32.dll
ole32.dll
gdiplus.dll
gdiplus.dll
GdiPlus.dll
GdiPlus.dll
Gdiplus.dll
Gdiplus.dll
dbghelp.dll
dbghelp.dll
oleaut32.dll
oleaut32.dll
OLEACC.DLL
OLEACC.DLL
Ole32.dll
Ole32.dll
ShellExecuteA
ShellExecuteA
RegOpenKeyA
RegOpenKeyA
RegCloseKey
RegCloseKey
CreatePipe
CreatePipe
PeekNamedPipe
PeekNamedPipe
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
EnumWindows
EnumWindows
InternetOpenUrlA
InternetOpenUrlA
HttpQueryInfoA
HttpQueryInfoA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
GdipSetPenLineJoin
GdipSetPenLineJoin
GdipGetPenLineJoin
GdipGetPenLineJoin
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatHotkeyPrefix
FtpCreateDirectoryA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpRemoveDirectoryA
FtpGetFileA
FtpGetFileA
FtpFindFirstFileA
FtpFindFirstFileA
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpDeleteFileA
FtpDeleteFileA
FtpRenameFileA
FtpRenameFileA
FtpPutFileA
FtpPutFileA
FtpOpenFileA
FtpOpenFileA
FtpGetFileSize
FtpGetFileSize
GdiplusShutdown
GdiplusShutdown
RegCreateKeyA
RegCreateKeyA
RegEnumKeyA
RegEnumKeyA
RegFlushKey
RegFlushKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyA
{B6F7542F-B8FE-46a8-9605-98856A687097}
{B6F7542F-B8FE-46a8-9605-98856A687097}
{A068799B-7551-46b9-8CA8-EEF8357AFEA4}
{A068799B-7551-46b9-8CA8-EEF8357AFEA4}
WebBrowser
WebBrowser
C:\Windows\config_display.ini
C:\Windows\config_display.ini
C:\Windows\uppack.zip
C:\Windows\uppack.zip
\TempWmicBatchFile.bat
\TempWmicBatchFile.bat
\JMD.ini
\JMD.ini
Speed.bat
Speed.bat
tem.vbs
tem.vbs
fso.DeleteFile("
fso.DeleteFile("
Set fso = CreateObject("Scripting.FileSystemObject")
Set fso = CreateObject("Scripting.FileSystemObject")
Wscript.Sleep(1000)
Wscript.Sleep(1000)
Serial port is occupied.
Serial port is occupied.
Didn't find Handybaby device, Maybe the following cause:Didn't connect to Handybaby to your PC/laptop or didn't install the driver Please search the serial port manual
Didn't find Handybaby device, Maybe the following cause:Didn't connect to Handybaby to your PC/laptop or didn't install the driver Please search the serial port manual
wmic path Win32_SerialPort
wmic path Win32_SerialPort
command.com /c
command.com /c
cmd.exe /c
cmd.exe /c
Set WMI =GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf("Win32_SerialPort")
Set WMI =GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf("Win32_SerialPort")
GetTrait = GetTrait Obj.Caption ","
GetTrait = GetTrait Obj.Caption ","
hXXp://VVV.handy-baby.com/
hXXp://VVV.handy-baby.com/
*.jmd;*.jmd2
*.jmd;*.jmd2
|*.jmd;*.jmd2
|*.jmd;*.jmd2
*.jmd,*.jmd2
*.jmd,*.jmd2
|*.jmd*.jmd2
|*.jmd*.jmd2
\UPDATA.dll
\UPDATA.dll
.text
.text
.rdata
.rdata
.data
.data
.reloc
.reloc
.aspack
.aspack
.adata
.adata
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
serial.dll
serial.dll
The procedure entry point %s could not be located in the dynamic link library %s
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
\PCOMM.DLL
\PCOMM.DLL
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
\\.\COM%d
\\.\COM%d
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
USER32.dll
USER32.dll
PComm.dll
PComm.dll
%hXXp://VVV.globalsign.net/repository/03
%hXXp://VVV.globalsign.net/repository/03
"hXXp://crl.globalsign.net/root.crl0
"hXXp://crl.globalsign.net/root.crl0
hXXp://crl.globalsign.net/Timestamping1.crl0
hXXp://crl.globalsign.net/Timestamping1.crl0
%hXXp://VVV.globalsign.net/repository/0
%hXXp://VVV.globalsign.net/repository/0
2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.
2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.
3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0?
hXXp://ocsp.verisign.com0?
3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
.Class 3 Public Primary Certification Authority0
.Class 3 Public Primary Certification Authority0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
#hXXp://logo.verisign.com/vslogo.gif0
#hXXp://logo.verisign.com/vslogo.gif0
hXXp://ocsp.verisign.com01
hXXp://ocsp.verisign.com01
hXXp://crl.verisign.com/pca3.crl0)
hXXp://crl.verisign.com/pca3.crl0)
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
n.aAHu
c:\JMD.ini
c:\JMD.ini
2.9.6
2.9.6
KEY MAKER
KEY MAKER
website
website
JMD Client.lnk
JMD Client.lnk
JMD.lnk
JMD.lnk
bbs.125.la
bbs.125.la
Volkswagen={Beetle(HC912),Jetta(93C86),Gol(93C56),Passat,Santana(93C56),Bora(2002),FOX(93C56),pointer(93C56),anti-theft box(93C56),};
Volkswagen={Beetle(HC912),Jetta(93C86),Gol(93C56),Passat,Santana(93C56),Bora(2002),FOX(93C56),pointer(93C56),anti-theft box(93C56),};
Jeep={Compass,Patriot,Wrangler,};
Jeep={Compass,Patriot,Wrangler,};
Maserati={Quattroporte,};
Maserati={Quattroporte,};
)Quattroporte,};
)Quattroporte,};
hXXp://i.youku.com/i/UMzAzMzg1NTIwNA==
hXXp://i.youku.com/i/UMzAzMzg1NTIwNA==
Password input error ,please try again
Password input error ,please try again
Password length less than 6
Password length less than 6
C:\Windows\jmd_pic
C:\Windows\jmd_pic
C:\Windows\jmd_pic\1.jpg
C:\Windows\jmd_pic\1.jpg
C:\Windows\jmd_pic\2.jpg
C:\Windows\jmd_pic\2.jpg
C:\Windows\jmd_pic\3.jpg
C:\Windows\jmd_pic\3.jpg
120.76.132.181
120.76.132.181
/data.zip
/data.zip
Password can not be empty
Password can not be empty
B8.zCc
B8.zCc
.oUc;
.oUc;
Port
Port
*.jpg;*.jpeg;*.png;*.bmp
*.jpg;*.jpeg;*.png;*.bmp
|*.jpg;*.jpeg;*.png;*.bmp
|*.jpg;*.jpeg;*.png;*.bmp
Password
Password
1sLogin failed
1sLogin failed
audit of Result: does not pass
audit of Result: does not pass
Website DownLoad
Website DownLoad
@.tmp
@.tmp
User-Agent:Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
User-Agent:Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Version below V6.2.0, please update the latest version
Version below V6.2.0, please update the latest version
Passat={93C86,Megamos48,8200,2048,,0,,1};
Passat={93C86,Megamos48,8200,2048,,0,,1};
Compass={24C16,ID46,10200,2048,,0,,1};
Compass={24C16,ID46,10200,2048,,0,,1};
Quattroporte={9S12,Megamos48,10650,4096,,0,2004,1};
Quattroporte={9S12,Megamos48,10650,4096,,0,2004,1};
)Quattroporte={9S12,Megamos48,10650,4096,,0,2004,1};
)Quattroporte={9S12,Megamos48,10650,4096,,0,2004,1};
VVV.meitu.com
VVV.meitu.com
F.RnRj)(
F.RnRj)(
u%d$:
u%d$:
*.Bin
*.Bin
|*.Bin|
|*.Bin|
00000000
00000000
44444444
44444444
Click on the back of the key to generate the key to match the car
Click on the back of the key to generate the key to match the car
@@00102030
@@00102030
00000000000000
00000000000000
55555555
55555555
password
password
Honda password Calc(HDS)
Honda password Calc(HDS)
first password
first password
second password
second password
password
password
@ping 127.0.0.1 -n
@ping 127.0.0.1 -n
del Restart.bat
del Restart.bat
\Restart.bat
\Restart.bat
The key 1
The key 1
The key 2
The key 2
The key 3
The key 3
The key 4
The key 4
\CP210x_VCP_Windows\CP210xVCPInstaller.exe
\CP210x_VCP_Windows\CP210xVCPInstaller.exe
Serial port is occupied
Serial port is occupied
Please be patient and wait, to generate the key process, please do not take the chip
Please be patient and wait, to generate the key process, please do not take the chip
The current key can not start the car, you must then learn the key to the engine before they can start
The current key can not start the car, you must then learn the key to the engine before they can start
Successful operation
Successful operation
0000000000
0000000000
Operation is successful
Operation is successful
Operation is successful, you need to write the data can be started
Operation is successful, you need to write the data can be started
UM1 write failure, operation shall be terminated
UM1 write failure, operation shall be terminated
UM2 write failure, operation shall be terminated
UM2 write failure, operation shall be terminated
All chip information failure, operation terminated!
All chip information failure, operation terminated!
Chip to failure, operation shall be terminated
Chip to failure, operation shall be terminated
A serial port is not connected or not in the main interface!
A serial port is not connected or not in the main interface!
Operation is successful, you need to write the data can be started!
Operation is successful, you need to write the data can be started!
Chip operation fails!
Chip operation fails!
Read all chip error, termination of operations!
Read all chip error, termination of operations!
Write page2 failure, stop operation!
Write page2 failure, stop operation!
Write page1 failure, stop operation!
Write page1 failure, stop operation!
Chip information failure, stop operation!
Chip information failure, stop operation!
Page4 write failure, operation terminated!
Page4 write failure, operation terminated!
Operation is successful,Need to write the data can be started
Operation is successful,Need to write the data can be started
Write failure, stop operation!
Write failure, stop operation!
Read all chip information failure, stop operation
Read all chip information failure, stop operation
Page4 write failure, stop operation!
Page4 write failure, stop operation!
Page2 write failure, stop operation!
Page2 write failure, stop operation!
Page1 write failure, stop operation!
Page1 write failure, stop operation!
write failure, stop operation!
write failure, stop operation!
start the car for the KEY
start the car for the KEY
17|6|73|6|113|6|
17|6|73|6|113|6|
9|6|49|6|105|6|
9|6|49|6|105|6|
1|6|57|6|97|6|
1|6|57|6|97|6|
11|8|75|8|523|8|587|8|
11|8|75|8|523|8|587|8|
21|8|85|8|533|8|597|8|
21|8|85|8|533|8|597|8|
31|8|95|8|543|8|607|8|
31|8|95|8|543|8|607|8|
9|2|73|2|521|2|585|2|
9|2|73|2|521|2|585|2|
19|2|83|2|531|2|595|2|
19|2|83|2|531|2|595|2|
29|2|93|2|541|2|605|2|
29|2|93|2|541|2|605|2|
39|2|103|2|551|2|615|2|
39|2|103|2|551|2|615|2|
881|8|889|8|897|8|
881|8|889|8|897|8|
905|8|913|8|921|8|
905|8|913|8|921|8|
929|8|937|8|945|8|
929|8|937|8|945|8|
953|8|961|8|969|8|
953|8|961|8|969|8|
57|8|65|8|73|8|
57|8|65|8|73|8|
81|8|89|8|97|8|
81|8|89|8|97|8|
105|8|113|8|121|8|
105|8|113|8|121|8|
129|8|137|8|145|8|
129|8|137|8|145|8|
449|4|457|2|
449|4|457|2|
453|4|459|2|
453|4|459|2|
465|4|473|2|
465|4|473|2|
469|4|475|2|
469|4|475|2|
449|4|459|2|
449|4|459|2|
465|4|475|2|
465|4|475|2|
00010001
00010001
00030003
00030003
00070007
00070007
49|8|177|8|
49|8|177|8|
57|8|185|8|
57|8|185|8|
65|8|193|8|
65|8|193|8|
73|8|201|8|
73|8|201|8|
1|8|17|8|33|8|
1|8|17|8|33|8|
49|8|65|8|81|8|
49|8|65|8|81|8|
97|8|113|8|129|8|
97|8|113|8|129|8|
145|8|161|8|177|8|
145|8|161|8|177|8|
161|8|169|8|177|8|
161|8|169|8|177|8|
193|8|201|8|209|8|
193|8|201|8|209|8|
225|8|233|8|241|8|
225|8|233|8|241|8|
3|6|35|6|
3|6|35|6|
11|6|43|6|
11|6|43|6|
19|6|51|6|
19|6|51|6|
27|6|59|6|
27|6|59|6|
537|8|633|8|729|8|825|8|921|8|
537|8|633|8|729|8|825|8|921|8|
581|8|677|8|773|8|869|8|965|8|
581|8|677|8|773|8|869|8|965|8|
17|4|273|4|
17|4|273|4|
9|4|265|4|
9|4|265|4|
41|4|297|4|
41|4|297|4|
1|8|129|8|385|8|
1|8|129|8|385|8|
9|8|137|8|393|8|
9|8|137|8|393|8|
17|8|145|8|401|8|
17|8|145|8|401|8|
25|8|153|8|409|8|
25|8|153|8|409|8|
hXXp://nspin.3110110.com/
hXXp://nspin.3110110.com/
handy baby identification key after online decoding
handy baby identification key after online decoding
3|8|747|8|
3|8|747|8|
13|8|757|8|
13|8|757|8|
23|8|767|8|
23|8|767|8|
33|8|777|8|
33|8|777|8|
7|2|745|2|
7|2|745|2|
11|2|755|2|
11|2|755|2|
21|2|765|2|
21|2|765|2|
31|2|775|2|
31|2|775|2|
265|8|1033|8|
265|8|1033|8|
273|8|1041|8|
273|8|1041|8|
281|8|1049|8|
281|8|1049|8|
289|8|1057|8|
289|8|1057|8|
2219|8|3281|8|4333|8
2219|8|3281|8|4333|8
2227|8|3289|8|4341|8|
2227|8|3289|8|4341|8|
2235|8|3297|8|4349|8|
2235|8|3297|8|4349|8|
2243|8|3305|8|4357|8|
2243|8|3305|8|4357|8|
753|8|2525|8|
753|8|2525|8|
773|8|2545|8|
773|8|2545|8|
743|2|2515|2|
743|2|2515|2|
749|2|2521|2|
749|2|2521|2|
763|2|2535|2|
763|2|2535|2|
769|2|2541|2|
769|2|2541|2|
165|2|169|4|175|2|
165|2|169|4|175|2|
173|2|177|4|183|2|
173|2|177|4|183|2|
181|2|185|4|191|2|
181|2|185|4|191|2|
3|8|843|8|
3|8|843|8|
11|8|851|8|
11|8|851|8|
19|8|859|8|
19|8|859|8|
27|8|867|8|
27|8|867|8|
Serial port is not open!
Serial port is not open!
hXXp://lanniao.e4os.com/frombd/
hXXp://lanniao.e4os.com/frombd/
C:\Windows\data_up\Please make sure the connection JMD assistant,LOAD........
C:\Windows\data_up\Please make sure the connection JMD assistant,LOAD........
sm.bin
sm.bin
Scripting.FileSystemObject
Scripting.FileSystemObject
C:\Windows\data_up
C:\Windows\data_up
1.HandyBaby connect to computer
1.HandyBaby connect to computer
2.Only one HandyBaby connect to computer each time
2.Only one HandyBaby connect to computer each time
3.Do not disconnect during updating
3.Do not disconnect during updating
Support: Toyota 72G/Ford 4D83 80bit/Jetta ID42 (online)
Support: Toyota 72G/Ford 4D83 80bit/Jetta ID42 (online)
Steps: (1)Read the key (2)Press OK to decode
Steps: (1)Read the key (2)Press OK to decode
(3)waiting, until finish (4)put the new key into the coil to copy
(3)waiting, until finish (4)put the new key into the coil to copy
t move out the key!
t move out the key!
Serial operation
Serial operation
Checking serial number passed...
Checking serial number passed...
C:\Windows\data_up\
C:\Windows\data_up\
C:\Windows\data_up\*.*
C:\Windows\data_up\*.*
C:\Windows\data_up\4D\4d16.bin
C:\Windows\data_up\4D\4d16.bin
C:\Windows\data_up\4D\4d32.bin
C:\Windows\data_up\4D\4d32.bin
6.0.0
6.0.0
hXXp://VVV.handy-baby.com/download/
hXXp://VVV.handy-baby.com/download/
C:\Windows\System32
C:\Windows\System32
hXXp://VVV.handy-baby.com/aboutme.php
hXXp://VVV.handy-baby.com/aboutme.php
https
https
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
http=
http=
HTTP/1.1
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
hXXps://
hXXps://
hXXp://
hXXp://
=@{B96B3CAB-0728-11D3-9D7B-0000F81EF32E}
=@{B96B3CAB-0728-11D3-9D7B-0000F81EF32E}
MSScriptControl.ScriptControl
MSScriptControl.ScriptControl
if (typeof Date.prototype.toJSON !== 'function') {
if (typeof Date.prototype.toJSON !== 'function') {
Date.prototype.toJSON = function (key) {
Date.prototype.toJSON = function (key) {
return isFinite(this.valueOf()) ?
return isFinite(this.valueOf()) ?
this.getUTCFullYear() '-'
this.getUTCFullYear() '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCDate()) 'T'
f(this.getUTCDate()) 'T'
f(this.getUTCHours()) ':'
f(this.getUTCHours()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCSeconds()) 'Z' : null;
f(this.getUTCSeconds()) 'Z' : null;
String.prototype.toJSON =
String.prototype.toJSON =
Number.prototype.toJSON =
Number.prototype.toJSON =
Boolean.prototype.toJSON = function (key) {
Boolean.prototype.toJSON = function (key) {
return this.valueOf();
return this.valueOf();
'"' : '\\"',
'"' : '\\"',
'\\': '\\\\'
'\\': '\\\\'
escapable.lastIndex = 0;
escapable.lastIndex = 0;
return escapable.test(string) ? '"' string.replace(escapable, function (a) {
return escapable.test(string) ? '"' string.replace(escapable, function (a) {
'\\u' ('0000' a.charCodeAt(0).toString(16)).slice(-4);
'\\u' ('0000' a.charCodeAt(0).toString(16)).slice(-4);
function str(key, holder) {
function str(key, holder) {
// Produce a string from holder[key].
// Produce a string from holder[key].
k, // The member key.
k, // The member key.
value = holder[key];
value = holder[key];
typeof value.toJSON === 'function') {
typeof value.toJSON === 'function') {
value = value.toJSON(key);
value = value.toJSON(key);
value = rep.call(holder, key, value);
value = rep.call(holder, key, value);
if (Object.prototype.toString.apply(value) === '[object Array]') {
if (Object.prototype.toString.apply(value) === '[object Array]') {
length = value.length;
length = value.length;
// Join all of the elements together, separated with commas, and wrap them in
// Join all of the elements together, separated with commas, and wrap them in
v = partial.length === 0 ? '[]' : gap ?
v = partial.length === 0 ? '[]' : gap ?
'[\n' gap partial.join(',\n' gap) '\n' mind ']' :
'[\n' gap partial.join(',\n' gap) '\n' mind ']' :
'[' partial.join(',') ']';
'[' partial.join(',') ']';
length = rep.length;
length = rep.length;
partial.push(quote(k) (gap ? ': ' : ':') v);
partial.push(quote(k) (gap ? ': ' : ':') v);
// Otherwise, iterate through all of the keys in the object.
// Otherwise, iterate through all of the keys in the object.
if (Object.prototype.hasOwnProperty.call(value, k)) {
if (Object.prototype.hasOwnProperty.call(value, k)) {
// Join all of the member texts together, separated with commas,
// Join all of the member texts together, separated with commas,
v = partial.length === 0 ? '{}' : gap ?
v = partial.length === 0 ? '{}' : gap ?
'{\n' gap partial.join(',\n' gap) '\n' mind '}' :
'{\n' gap partial.join(',\n' gap) '\n' mind '}' :
'{' partial.join(',') '}';
'{' partial.join(',') '}';
if (typeof JSON.stringify !== 'function') {
if (typeof JSON.stringify !== 'function') {
JSON.stringify = function (value, replacer, space) {
JSON.stringify = function (value, replacer, space) {
// that can replace values, or an array of strings that will select the keys.
// that can replace values, or an array of strings that will select the keys.
typeof replacer.length !== 'number')) {
typeof replacer.length !== 'number')) {
throw new Error('JSON.stringify');
throw new Error('JSON.stringify');
// Make a fake root object containing our value under the key of ''.
// Make a fake root object containing our value under the key of ''.
if (typeof JSON.parse !== 'function') {
if (typeof JSON.parse !== 'function') {
JSON.parse = function (text, reviver) {
JSON.parse = function (text, reviver) {
function walk(holder, key) {
function walk(holder, key) {
var k, v, value = holder[key];
var k, v, value = holder[key];
if (Object.prototype.hasOwnProperty.call(value, k)) {
if (Object.prototype.hasOwnProperty.call(value, k)) {
return reviver.call(holder, key, value);
return reviver.call(holder, key, value);
// Parsing happens in four stages. In the first stage, we replace certain
// Parsing happens in four stages. In the first stage, we replace certain
cx.lastIndex = 0;
cx.lastIndex = 0;
if (cx.test(text)) {
if (cx.test(text)) {
text = text.replace(cx, function (a) {
text = text.replace(cx, function (a) {
('0000' a.charCodeAt(0).toString(16)).slice(-4);
('0000' a.charCodeAt(0).toString(16)).slice(-4);
// We split the second stage into 4 regexp operations in order to work around
// We split the second stage into 4 regexp operations in order to work around
.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
.replace(/"[^"\\\n\r]*"|true|false|null|-?\d (?:\.\d*)?(?:[eE][ \-]?\d )?/g, ']')
.replace(/"[^"\\\n\r]*"|true|false|null|-?\d (?:\.\d*)?(?:[eE][ \-]?\d )?/g, ']')
.replace(/(?:^|:|,)(?:\s*\[) /g, ''))) {
.replace(/(?:^|:|,)(?:\s*\[) /g, ''))) {
// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
// In the optional fourth stage, we recursively walk the new structure, passing
// In the optional fourth stage, we recursively walk the new structure, passing
throw new SyntaxError('JSON.parse');
throw new SyntaxError('JSON.parse');
// These forms are obsolete. It is recommended that JSON.stringify and
// These forms are obsolete. It is recommended that JSON.stringify and
// JSON.parse be used instead.
// JSON.parse be used instead.
if (!Object.prototype.toJSONString) {
if (!Object.prototype.toJSONString) {
Object.prototype.toJSONString = function (filter) {
Object.prototype.toJSONString = function (filter) {
return JSON.stringify(this, filter);
return JSON.stringify(this, filter);
Object.prototype.parseJSON = function (filter) {
Object.prototype.parseJSON = function (filter) {
return JSON.parse(this, filter);
return JSON.parse(this, filter);
JSON.stringify(
JSON.stringify(
.push(
.push(
.map)'){
.map)'){
.splice(
.splice(
) {ary=ary key ','; }
) {ary=ary key ','; }
var ary=''; for (var key in
var ary=''; for (var key in
\empty.exe
\empty.exe
`.data
`.data
could not empty working set for process #%d [%s]
could not empty working set for process #%d [%s]
could not empty working set for process #%d
could not empty working set for process #%d
USAGE: empty.exe {pid | task-name}
USAGE: empty.exe {pid | task-name}
AdjustTokenPrivileges failed with %d
AdjustTokenPrivileges failed with %d
LookupPrivilegeValue failed with %d
LookupPrivilegeValue failed with %d
OpenProcessToken failed with %d
OpenProcessToken failed with %d
empty.pdb
empty.pdb
msvcrt.dll
msvcrt.dll
ADVAPI32.dll
ADVAPI32.dll
CloseWindowStation
CloseWindowStation
SetProcessWindowStation
SetProcessWindowStation
OpenWindowStationA
OpenWindowStationA
EnumWindowStationsA
EnumWindowStationsA
ntdll.dll
ntdll.dll
OLEAUT32.dll
OLEAUT32.dll
?{B96B3CAF-0728-11D3-9D7B-0000F81EF32E}
?{B96B3CAF-0728-11D3-9D7B-0000F81EF32E}
\\.\COM
\\.\COM
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
window.location.reload()
window.location.reload()
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
text|password|file
text|password|file
comdlg32.dll
comdlg32.dll
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
WarnOnHTTPSToHTTPRedirect
WarnOnHTTPSToHTTPRedirect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
2016:08:04 18:08:10
2016:08:04 18:08:10
-6k}k
-6k}k
o.Sl@
o.Sl@
.ou&j
.ou&j
r.umV
r.umV
h.XhtR|
h.XhtR|
PfBCMd![p
PfBCMd![p
.iKVy
.iKVy
.WcGV
.WcGV
LN->kEy
LN->kEy
^u.wY'
^u.wY'
)Y$}u.wR
)Y$}u.wR
mSgQ
mSgQ
]EÞh`
]EÞh`
1999-2003
1999-2003
%d&&'
%d&&'
123456789
123456789
00003333
00003333
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.2.18
1.2.18
%*.*f
%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
CCmdTarget
CCmdTarget
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
iphlpapi.dll
iphlpapi.dll
SHLWAPI.dll
SHLWAPI.dll
MPR.dll
MPR.dll
VERSION.dll
VERSION.dll
WSOCK32.dll
WSOCK32.dll
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
Gdi32.dll
Gdi32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|PNG
(*.JPG)|*.JPG|PNG
(*.PNG)|*.PNG|BMP
(*.PNG)|*.PNG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
1.6.9
1.6.9
unsupported zlib version
unsupported zlib version
png_read_image: unsupported transformation
png_read_image: unsupported transformation
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
Bogus message code %d
Bogus message code %d
libpng error: %s
libpng error: %s
libpng warning: %s
libpng warning: %s
1.1.3
1.1.3
bad keyword
bad keyword
libpng does not support gamma background rgb_to_gray
libpng does not support gamma background rgb_to_gray
Palette is NULL in indexed image
Palette is NULL in indexed image
(%d-%d):
(%d-%d):
%ld%c
%ld%c
VVV.dywt.com.cn
VVV.dywt.com.cn
hXXp://VVV.baidu.com
hXXp://VVV.baidu.com
(*.avi)|*.avi
(*.avi)|*.avi
WPFT532.CNV
WPFT532.CNV
WPFT632.CNV
WPFT632.CNV
EXCEL32.CNV
EXCEL32.CNV
write32.wpc
write32.wpc
Windows Write
Windows Write
mswrd632.wpc
mswrd632.wpc
Word for Windows 6.0
Word for Windows 6.0
wword5.cnv
wword5.cnv
Word for Windows 5.0
Word for Windows 5.0
mswrd832.cnv
mswrd832.cnv
mswrd632.cnv
mswrd632.cnv
Word 6.0/95 for Windows & Macintosh
Word 6.0/95 for Windows & Macintosh
html32.cnv
html32.cnv
;3 #>6.&
;3 #>6.&
'2, / 0&7!4-)1#
'2, / 0&7!4-)1#
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.0
HTTP/1.0
%s
%s
Reply-To: %s
Reply-To: %s
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
Cc: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
%a, %d %b %Y %H:%M:%S
SMTP
SMTP
code %d bits %d->%d
code %d bits %d->%d
gen_codes: max_code %d
gen_codes: max_code %d
bl code -
bl code -
opt %lu(%lu) stat %lu(%lu) stored %lu lit %u dist %u
opt %lu(%lu) stat %lu(%lu) stored %lu lit %u dist %u
last_lit %u, last_dist %u, in %ld, out ~%ld(%ld%%)
last_lit %u, last_dist %u, in %ld, out ~%ld(%ld%%)
%d%d%d
%d%d%d
rundll32.exe shell32.dll,
rundll32.exe shell32.dll,
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÃ
zcÃ
right-curly-bracket
right-curly-bracket
left-curly-bracket
left-curly-bracket
c:\%original file name%.exe
c:\%original file name%.exe
GetWindowsDirectoryA
GetWindowsDirectoryA
WinExec
WinExec
GetProcessHeap
GetProcessHeap
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
CreateDialogIndirectParamA
CreateDialogIndirectParamA
UnregisterHotKey
UnregisterHotKey
RegisterHotKey
RegisterHotKey
EnumChildWindows
EnumChildWindows
GetKeyState
GetKeyState
InternetCrackUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
%fpoj
%fpoj
i-%c/-Q
i-%c/-Q
KERNEL32.DLL
KERNEL32.DLL
AVIFIL32.dll
AVIFIL32.dll
COMCTL32.dll
COMCTL32.dll
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
MSVFW32.dll
MSVFW32.dll
oledlg.dll
oledlg.dll
RASAPI32.dll
RASAPI32.dll
SHELL32.dll
SHELL32.dll
WININET.dll
WININET.dll
WINMM.dll
WINMM.dll
WINSPOOL.DRV
WINSPOOL.DRV
WS2_32.dll
WS2_32.dll
mscoree.dll
mscoree.dll
*%$#"! '&):(91/638
*%$#"! '&):(91/638
2, 7, 0, 0
2, 7, 0, 0
10080216
10080216
5.2.3790.0 built by: dnsrv_dev(v-smgum)
5.2.3790.0 built by: dnsrv_dev(v-smgum)
empty.exe
empty.exe
Windows
Windows
Operating System
Operating System
5.2.3790.0
5.2.3790.0
(*.*)
(*.*)
2.9.6.8
2.9.6.8
V2.9.6
V2.9.6
%original file name%.exe_2928_rwx_00401000_005CD000:
t%SVh
t%SVh
t$(SSh
t$(SSh
|$D.tm
|$D.tm
~%UVW
~%UVW
u$SShe
u$SShe
Bv=kAv.SCv
Bv=kAv.SCv
shlwapi.dll
shlwapi.dll
kernel32.dll
kernel32.dll
advapi32.dll
advapi32.dll
user32.dll
user32.dll
gdi32.dll
gdi32.dll
User32.dll
User32.dll
msimg32.dll
msimg32.dll
comctl32.dll
comctl32.dll
COMCTL32.DLL
COMCTL32.DLL
Kernel32.dll
Kernel32.dll
PCOMM.dll
PCOMM.dll
wininet.dll
wininet.dll
UPDATA.dll
UPDATA.dll
ole32.dll
ole32.dll
gdiplus.dll
gdiplus.dll
GdiPlus.dll
GdiPlus.dll
Gdiplus.dll
Gdiplus.dll
dbghelp.dll
dbghelp.dll
oleaut32.dll
oleaut32.dll
OLEACC.DLL
OLEACC.DLL
Ole32.dll
Ole32.dll
ShellExecuteA
ShellExecuteA
RegOpenKeyA
RegOpenKeyA
RegCloseKey
RegCloseKey
CreatePipe
CreatePipe
PeekNamedPipe
PeekNamedPipe
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
EnumWindows
EnumWindows
InternetOpenUrlA
InternetOpenUrlA
HttpQueryInfoA
HttpQueryInfoA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
GdipSetPenLineJoin
GdipSetPenLineJoin
GdipGetPenLineJoin
GdipGetPenLineJoin
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatHotkeyPrefix
FtpCreateDirectoryA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpRemoveDirectoryA
FtpGetFileA
FtpGetFileA
FtpFindFirstFileA
FtpFindFirstFileA
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpDeleteFileA
FtpDeleteFileA
FtpRenameFileA
FtpRenameFileA
FtpPutFileA
FtpPutFileA
FtpOpenFileA
FtpOpenFileA
FtpGetFileSize
FtpGetFileSize
GdiplusShutdown
GdiplusShutdown
RegCreateKeyA
RegCreateKeyA
RegEnumKeyA
RegEnumKeyA
RegFlushKey
RegFlushKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyA
{B6F7542F-B8FE-46a8-9605-98856A687097}
{B6F7542F-B8FE-46a8-9605-98856A687097}
{A068799B-7551-46b9-8CA8-EEF8357AFEA4}
{A068799B-7551-46b9-8CA8-EEF8357AFEA4}
WebBrowser
WebBrowser
C:\Windows\config_display.ini
C:\Windows\config_display.ini
C:\Windows\uppack.zip
C:\Windows\uppack.zip
\TempWmicBatchFile.bat
\TempWmicBatchFile.bat
\JMD.ini
\JMD.ini
Speed.bat
Speed.bat
tem.vbs
tem.vbs
fso.DeleteFile("
fso.DeleteFile("
Set fso = CreateObject("Scripting.FileSystemObject")
Set fso = CreateObject("Scripting.FileSystemObject")
Wscript.Sleep(1000)
Wscript.Sleep(1000)
Serial port is occupied.
Serial port is occupied.
Didn't find Handybaby device, Maybe the following cause:Didn't connect to Handybaby to your PC/laptop or didn't install the driver Please search the serial port manual
Didn't find Handybaby device, Maybe the following cause:Didn't connect to Handybaby to your PC/laptop or didn't install the driver Please search the serial port manual
wmic path Win32_SerialPort
wmic path Win32_SerialPort
command.com /c
command.com /c
cmd.exe /c
cmd.exe /c
Set WMI =GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf("Win32_SerialPort")
Set WMI =GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf("Win32_SerialPort")
GetTrait = GetTrait Obj.Caption ","
GetTrait = GetTrait Obj.Caption ","
hXXp://VVV.handy-baby.com/
hXXp://VVV.handy-baby.com/
*.jmd;*.jmd2
*.jmd;*.jmd2
|*.jmd;*.jmd2
|*.jmd;*.jmd2
*.jmd,*.jmd2
*.jmd,*.jmd2
|*.jmd*.jmd2
|*.jmd*.jmd2
\UPDATA.dll
\UPDATA.dll
.text
.text
.rdata
.rdata
.data
.data
.reloc
.reloc
.aspack
.aspack
.adata
.adata
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
serial.dll
serial.dll
The procedure entry point %s could not be located in the dynamic link library %s
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
\PCOMM.DLL
\PCOMM.DLL
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
\\.\COM%d
\\.\COM%d
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
USER32.dll
USER32.dll
PComm.dll
PComm.dll
%hXXp://VVV.globalsign.net/repository/03
%hXXp://VVV.globalsign.net/repository/03
"hXXp://crl.globalsign.net/root.crl0
"hXXp://crl.globalsign.net/root.crl0
hXXp://crl.globalsign.net/Timestamping1.crl0
hXXp://crl.globalsign.net/Timestamping1.crl0
%hXXp://VVV.globalsign.net/repository/0
%hXXp://VVV.globalsign.net/repository/0
2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.
2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100.
3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
3hXXp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
hXXp://ocsp.verisign.com0?
hXXp://ocsp.verisign.com0?
3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
3hXXp://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
.Class 3 Public Primary Certification Authority0
.Class 3 Public Primary Certification Authority0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
#hXXp://logo.verisign.com/vslogo.gif0
#hXXp://logo.verisign.com/vslogo.gif0
hXXp://ocsp.verisign.com01
hXXp://ocsp.verisign.com01
hXXp://crl.verisign.com/pca3.crl0)
hXXp://crl.verisign.com/pca3.crl0)
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
n.aAHu
c:\JMD.ini
c:\JMD.ini
2.9.6
2.9.6
KEY MAKER
KEY MAKER
website
website
JMD Client.lnk
JMD Client.lnk
JMD.lnk
JMD.lnk
bbs.125.la
bbs.125.la
Volkswagen={Beetle(HC912),Jetta(93C86),Gol(93C56),Passat,Santana(93C56),Bora(2002),FOX(93C56),pointer(93C56),anti-theft box(93C56),};
Volkswagen={Beetle(HC912),Jetta(93C86),Gol(93C56),Passat,Santana(93C56),Bora(2002),FOX(93C56),pointer(93C56),anti-theft box(93C56),};
Jeep={Compass,Patriot,Wrangler,};
Jeep={Compass,Patriot,Wrangler,};
Maserati={Quattroporte,};
Maserati={Quattroporte,};
)Quattroporte,};
)Quattroporte,};
hXXp://i.youku.com/i/UMzAzMzg1NTIwNA==
hXXp://i.youku.com/i/UMzAzMzg1NTIwNA==
Password input error ,please try again
Password input error ,please try again
Password length less than 6
Password length less than 6
C:\Windows\jmd_pic
C:\Windows\jmd_pic
C:\Windows\jmd_pic\1.jpg
C:\Windows\jmd_pic\1.jpg
C:\Windows\jmd_pic\2.jpg
C:\Windows\jmd_pic\2.jpg
C:\Windows\jmd_pic\3.jpg
C:\Windows\jmd_pic\3.jpg
120.76.132.181
120.76.132.181
/data.zip
/data.zip
Password can not be empty
Password can not be empty
B8.zCc
B8.zCc
.oUc;
.oUc;
Port
Port
*.jpg;*.jpeg;*.png;*.bmp
*.jpg;*.jpeg;*.png;*.bmp
|*.jpg;*.jpeg;*.png;*.bmp
|*.jpg;*.jpeg;*.png;*.bmp
Password
Password
1sLogin failed
1sLogin failed
audit of Result: does not pass
audit of Result: does not pass
Website DownLoad
Website DownLoad
@.tmp
@.tmp
User-Agent:Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
User-Agent:Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Version below V6.2.0, please update the latest version
Version below V6.2.0, please update the latest version
Passat={93C86,Megamos48,8200,2048,,0,,1};
Passat={93C86,Megamos48,8200,2048,,0,,1};
Compass={24C16,ID46,10200,2048,,0,,1};
Compass={24C16,ID46,10200,2048,,0,,1};
Quattroporte={9S12,Megamos48,10650,4096,,0,2004,1};
Quattroporte={9S12,Megamos48,10650,4096,,0,2004,1};
)Quattroporte={9S12,Megamos48,10650,4096,,0,2004,1};
)Quattroporte={9S12,Megamos48,10650,4096,,0,2004,1};
VVV.meitu.com
VVV.meitu.com
F.RnRj)(
F.RnRj)(
u%d$:
u%d$:
*.Bin
*.Bin
|*.Bin|
|*.Bin|
00000000
00000000
44444444
44444444
Click on the back of the key to generate the key to match the car
Click on the back of the key to generate the key to match the car
@@00102030
@@00102030
00000000000000
00000000000000
55555555
55555555
password
password
Honda password Calc(HDS)
Honda password Calc(HDS)
first password
first password
second password
second password
password
password
@ping 127.0.0.1 -n
@ping 127.0.0.1 -n
del Restart.bat
del Restart.bat
\Restart.bat
\Restart.bat
The key 1
The key 1
The key 2
The key 2
The key 3
The key 3
The key 4
The key 4
\CP210x_VCP_Windows\CP210xVCPInstaller.exe
\CP210x_VCP_Windows\CP210xVCPInstaller.exe
Serial port is occupied
Serial port is occupied
Please be patient and wait, to generate the key process, please do not take the chip
Please be patient and wait, to generate the key process, please do not take the chip
The current key can not start the car, you must then learn the key to the engine before they can start
The current key can not start the car, you must then learn the key to the engine before they can start
Successful operation
Successful operation
0000000000
0000000000
Operation is successful
Operation is successful
Operation is successful, you need to write the data can be started
Operation is successful, you need to write the data can be started
UM1 write failure, operation shall be terminated
UM1 write failure, operation shall be terminated
UM2 write failure, operation shall be terminated
UM2 write failure, operation shall be terminated
All chip information failure, operation terminated!
All chip information failure, operation terminated!
Chip to failure, operation shall be terminated
Chip to failure, operation shall be terminated
A serial port is not connected or not in the main interface!
A serial port is not connected or not in the main interface!
Operation is successful, you need to write the data can be started!
Operation is successful, you need to write the data can be started!
Chip operation fails!
Chip operation fails!
Read all chip error, termination of operations!
Read all chip error, termination of operations!
Write page2 failure, stop operation!
Write page2 failure, stop operation!
Write page1 failure, stop operation!
Write page1 failure, stop operation!
Chip information failure, stop operation!
Chip information failure, stop operation!
Page4 write failure, operation terminated!
Page4 write failure, operation terminated!
Operation is successful,Need to write the data can be started
Operation is successful,Need to write the data can be started
Write failure, stop operation!
Write failure, stop operation!
Read all chip information failure, stop operation
Read all chip information failure, stop operation
Page4 write failure, stop operation!
Page4 write failure, stop operation!
Page2 write failure, stop operation!
Page2 write failure, stop operation!
Page1 write failure, stop operation!
Page1 write failure, stop operation!
write failure, stop operation!
write failure, stop operation!
start the car for the KEY
start the car for the KEY
17|6|73|6|113|6|
17|6|73|6|113|6|
9|6|49|6|105|6|
9|6|49|6|105|6|
1|6|57|6|97|6|
1|6|57|6|97|6|
11|8|75|8|523|8|587|8|
11|8|75|8|523|8|587|8|
21|8|85|8|533|8|597|8|
21|8|85|8|533|8|597|8|
31|8|95|8|543|8|607|8|
31|8|95|8|543|8|607|8|
9|2|73|2|521|2|585|2|
9|2|73|2|521|2|585|2|
19|2|83|2|531|2|595|2|
19|2|83|2|531|2|595|2|
29|2|93|2|541|2|605|2|
29|2|93|2|541|2|605|2|
39|2|103|2|551|2|615|2|
39|2|103|2|551|2|615|2|
881|8|889|8|897|8|
881|8|889|8|897|8|
905|8|913|8|921|8|
905|8|913|8|921|8|
929|8|937|8|945|8|
929|8|937|8|945|8|
953|8|961|8|969|8|
953|8|961|8|969|8|
57|8|65|8|73|8|
57|8|65|8|73|8|
81|8|89|8|97|8|
81|8|89|8|97|8|
105|8|113|8|121|8|
105|8|113|8|121|8|
129|8|137|8|145|8|
129|8|137|8|145|8|
449|4|457|2|
449|4|457|2|
453|4|459|2|
453|4|459|2|
465|4|473|2|
465|4|473|2|
469|4|475|2|
469|4|475|2|
449|4|459|2|
449|4|459|2|
465|4|475|2|
465|4|475|2|
00010001
00010001
00030003
00030003
00070007
00070007
49|8|177|8|
49|8|177|8|
57|8|185|8|
57|8|185|8|
65|8|193|8|
65|8|193|8|
73|8|201|8|
73|8|201|8|
1|8|17|8|33|8|
1|8|17|8|33|8|
49|8|65|8|81|8|
49|8|65|8|81|8|
97|8|113|8|129|8|
97|8|113|8|129|8|
145|8|161|8|177|8|
145|8|161|8|177|8|
161|8|169|8|177|8|
161|8|169|8|177|8|
193|8|201|8|209|8|
193|8|201|8|209|8|
225|8|233|8|241|8|
225|8|233|8|241|8|
3|6|35|6|
3|6|35|6|
11|6|43|6|
11|6|43|6|
19|6|51|6|
19|6|51|6|
27|6|59|6|
27|6|59|6|
537|8|633|8|729|8|825|8|921|8|
537|8|633|8|729|8|825|8|921|8|
581|8|677|8|773|8|869|8|965|8|
581|8|677|8|773|8|869|8|965|8|
17|4|273|4|
17|4|273|4|
9|4|265|4|
9|4|265|4|
41|4|297|4|
41|4|297|4|
1|8|129|8|385|8|
1|8|129|8|385|8|
9|8|137|8|393|8|
9|8|137|8|393|8|
17|8|145|8|401|8|
17|8|145|8|401|8|
25|8|153|8|409|8|
25|8|153|8|409|8|
hXXp://nspin.3110110.com/
hXXp://nspin.3110110.com/
handy baby identification key after online decoding
handy baby identification key after online decoding
3|8|747|8|
3|8|747|8|
13|8|757|8|
13|8|757|8|
23|8|767|8|
23|8|767|8|
33|8|777|8|
33|8|777|8|
7|2|745|2|
7|2|745|2|
11|2|755|2|
11|2|755|2|
21|2|765|2|
21|2|765|2|
31|2|775|2|
31|2|775|2|
265|8|1033|8|
265|8|1033|8|
273|8|1041|8|
273|8|1041|8|
281|8|1049|8|
281|8|1049|8|
289|8|1057|8|
289|8|1057|8|
2219|8|3281|8|4333|8
2219|8|3281|8|4333|8
2227|8|3289|8|4341|8|
2227|8|3289|8|4341|8|
2235|8|3297|8|4349|8|
2235|8|3297|8|4349|8|
2243|8|3305|8|4357|8|
2243|8|3305|8|4357|8|
753|8|2525|8|
753|8|2525|8|
773|8|2545|8|
773|8|2545|8|
743|2|2515|2|
743|2|2515|2|
749|2|2521|2|
749|2|2521|2|
763|2|2535|2|
763|2|2535|2|
769|2|2541|2|
769|2|2541|2|
165|2|169|4|175|2|
165|2|169|4|175|2|
173|2|177|4|183|2|
173|2|177|4|183|2|
181|2|185|4|191|2|
181|2|185|4|191|2|
3|8|843|8|
3|8|843|8|
11|8|851|8|
11|8|851|8|
19|8|859|8|
19|8|859|8|
27|8|867|8|
27|8|867|8|
Serial port is not open!
Serial port is not open!
hXXp://lanniao.e4os.com/frombd/
hXXp://lanniao.e4os.com/frombd/
C:\Windows\data_up\Please make sure the connection JMD assistant,LOAD........
C:\Windows\data_up\Please make sure the connection JMD assistant,LOAD........
sm.bin
sm.bin
Scripting.FileSystemObject
Scripting.FileSystemObject
C:\Windows\data_up
C:\Windows\data_up
1.HandyBaby connect to computer
1.HandyBaby connect to computer
2.Only one HandyBaby connect to computer each time
2.Only one HandyBaby connect to computer each time
3.Do not disconnect during updating
3.Do not disconnect during updating
Support: Toyota 72G/Ford 4D83 80bit/Jetta ID42 (online)
Support: Toyota 72G/Ford 4D83 80bit/Jetta ID42 (online)
Steps: (1)Read the key (2)Press OK to decode
Steps: (1)Read the key (2)Press OK to decode
(3)waiting, until finish (4)put the new key into the coil to copy
(3)waiting, until finish (4)put the new key into the coil to copy
t move out the key!
t move out the key!
Serial operation
Serial operation
Checking serial number passed...
Checking serial number passed...
C:\Windows\data_up\
C:\Windows\data_up\
C:\Windows\data_up\*.*
C:\Windows\data_up\*.*
C:\Windows\data_up\4D\4d16.bin
C:\Windows\data_up\4D\4d16.bin
C:\Windows\data_up\4D\4d32.bin
C:\Windows\data_up\4D\4d32.bin
6.0.0
6.0.0
hXXp://VVV.handy-baby.com/download/
hXXp://VVV.handy-baby.com/download/
C:\Windows\System32
C:\Windows\System32
hXXp://VVV.handy-baby.com/aboutme.php
hXXp://VVV.handy-baby.com/aboutme.php
https
https
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
http=
http=
HTTP/1.1
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
hXXps://
hXXps://
hXXp://
hXXp://
=@{B96B3CAB-0728-11D3-9D7B-0000F81EF32E}
=@{B96B3CAB-0728-11D3-9D7B-0000F81EF32E}
MSScriptControl.ScriptControl
MSScriptControl.ScriptControl
if (typeof Date.prototype.toJSON !== 'function') {
if (typeof Date.prototype.toJSON !== 'function') {
Date.prototype.toJSON = function (key) {
Date.prototype.toJSON = function (key) {
return isFinite(this.valueOf()) ?
return isFinite(this.valueOf()) ?
this.getUTCFullYear() '-'
this.getUTCFullYear() '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCDate()) 'T'
f(this.getUTCDate()) 'T'
f(this.getUTCHours()) ':'
f(this.getUTCHours()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCSeconds()) 'Z' : null;
f(this.getUTCSeconds()) 'Z' : null;
String.prototype.toJSON =
String.prototype.toJSON =
Number.prototype.toJSON =
Number.prototype.toJSON =
Boolean.prototype.toJSON = function (key) {
Boolean.prototype.toJSON = function (key) {
return this.valueOf();
return this.valueOf();
'"' : '\\"',
'"' : '\\"',
'\\': '\\\\'
'\\': '\\\\'
escapable.lastIndex = 0;
escapable.lastIndex = 0;
return escapable.test(string) ? '"' string.replace(escapable, function (a) {
return escapable.test(string) ? '"' string.replace(escapable, function (a) {
'\\u' ('0000' a.charCodeAt(0).toString(16)).slice(-4);
'\\u' ('0000' a.charCodeAt(0).toString(16)).slice(-4);
function str(key, holder) {
function str(key, holder) {
// Produce a string from holder[key].
// Produce a string from holder[key].
k, // The member key.
k, // The member key.
value = holder[key];
value = holder[key];
typeof value.toJSON === 'function') {
typeof value.toJSON === 'function') {
value = value.toJSON(key);
value = value.toJSON(key);
value = rep.call(holder, key, value);
value = rep.call(holder, key, value);
if (Object.prototype.toString.apply(value) === '[object Array]') {
if (Object.prototype.toString.apply(value) === '[object Array]') {
length = value.length;
length = value.length;
// Join all of the elements together, separated with commas, and wrap them in
// Join all of the elements together, separated with commas, and wrap them in
v = partial.length === 0 ? '[]' : gap ?
v = partial.length === 0 ? '[]' : gap ?
'[\n' gap partial.join(',\n' gap) '\n' mind ']' :
'[\n' gap partial.join(',\n' gap) '\n' mind ']' :
'[' partial.join(',') ']';
'[' partial.join(',') ']';
length = rep.length;
length = rep.length;
partial.push(quote(k) (gap ? ': ' : ':') v);
partial.push(quote(k) (gap ? ': ' : ':') v);
// Otherwise, iterate through all of the keys in the object.
// Otherwise, iterate through all of the keys in the object.
if (Object.prototype.hasOwnProperty.call(value, k)) {
if (Object.prototype.hasOwnProperty.call(value, k)) {
// Join all of the member texts together, separated with commas,
// Join all of the member texts together, separated with commas,
v = partial.length === 0 ? '{}' : gap ?
v = partial.length === 0 ? '{}' : gap ?
'{\n' gap partial.join(',\n' gap) '\n' mind '}' :
'{\n' gap partial.join(',\n' gap) '\n' mind '}' :
'{' partial.join(',') '}';
'{' partial.join(',') '}';
if (typeof JSON.stringify !== 'function') {
if (typeof JSON.stringify !== 'function') {
JSON.stringify = function (value, replacer, space) {
JSON.stringify = function (value, replacer, space) {
// that can replace values, or an array of strings that will select the keys.
// that can replace values, or an array of strings that will select the keys.
typeof replacer.length !== 'number')) {
typeof replacer.length !== 'number')) {
throw new Error('JSON.stringify');
throw new Error('JSON.stringify');
// Make a fake root object containing our value under the key of ''.
// Make a fake root object containing our value under the key of ''.
if (typeof JSON.parse !== 'function') {
if (typeof JSON.parse !== 'function') {
JSON.parse = function (text, reviver) {
JSON.parse = function (text, reviver) {
function walk(holder, key) {
function walk(holder, key) {
var k, v, value = holder[key];
var k, v, value = holder[key];
if (Object.prototype.hasOwnProperty.call(value, k)) {
if (Object.prototype.hasOwnProperty.call(value, k)) {
return reviver.call(holder, key, value);
return reviver.call(holder, key, value);
// Parsing happens in four stages. In the first stage, we replace certain
// Parsing happens in four stages. In the first stage, we replace certain
cx.lastIndex = 0;
cx.lastIndex = 0;
if (cx.test(text)) {
if (cx.test(text)) {
text = text.replace(cx, function (a) {
text = text.replace(cx, function (a) {
('0000' a.charCodeAt(0).toString(16)).slice(-4);
('0000' a.charCodeAt(0).toString(16)).slice(-4);
// We split the second stage into 4 regexp operations in order to work around
// We split the second stage into 4 regexp operations in order to work around
.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
.replace(/"[^"\\\n\r]*"|true|false|null|-?\d (?:\.\d*)?(?:[eE][ \-]?\d )?/g, ']')
.replace(/"[^"\\\n\r]*"|true|false|null|-?\d (?:\.\d*)?(?:[eE][ \-]?\d )?/g, ']')
.replace(/(?:^|:|,)(?:\s*\[) /g, ''))) {
.replace(/(?:^|:|,)(?:\s*\[) /g, ''))) {
// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
// In the optional fourth stage, we recursively walk the new structure, passing
// In the optional fourth stage, we recursively walk the new structure, passing
throw new SyntaxError('JSON.parse');
throw new SyntaxError('JSON.parse');
// These forms are obsolete. It is recommended that JSON.stringify and
// These forms are obsolete. It is recommended that JSON.stringify and
// JSON.parse be used instead.
// JSON.parse be used instead.
if (!Object.prototype.toJSONString) {
if (!Object.prototype.toJSONString) {
Object.prototype.toJSONString = function (filter) {
Object.prototype.toJSONString = function (filter) {
return JSON.stringify(this, filter);
return JSON.stringify(this, filter);
Object.prototype.parseJSON = function (filter) {
Object.prototype.parseJSON = function (filter) {
return JSON.parse(this, filter);
return JSON.parse(this, filter);
JSON.stringify(
JSON.stringify(
.push(
.push(
.map)'){
.map)'){
.splice(
.splice(
) {ary=ary key ','; }
) {ary=ary key ','; }
var ary=''; for (var key in
var ary=''; for (var key in
\empty.exe
\empty.exe
`.data
`.data
could not empty working set for process #%d [%s]
could not empty working set for process #%d [%s]
could not empty working set for process #%d
could not empty working set for process #%d
USAGE: empty.exe {pid | task-name}
USAGE: empty.exe {pid | task-name}
AdjustTokenPrivileges failed with %d
AdjustTokenPrivileges failed with %d
LookupPrivilegeValue failed with %d
LookupPrivilegeValue failed with %d
OpenProcessToken failed with %d
OpenProcessToken failed with %d
empty.pdb
empty.pdb
msvcrt.dll
msvcrt.dll
ADVAPI32.dll
ADVAPI32.dll
CloseWindowStation
CloseWindowStation
SetProcessWindowStation
SetProcessWindowStation
OpenWindowStationA
OpenWindowStationA
EnumWindowStationsA
EnumWindowStationsA
ntdll.dll
ntdll.dll
OLEAUT32.dll
OLEAUT32.dll
?{B96B3CAF-0728-11D3-9D7B-0000F81EF32E}
?{B96B3CAF-0728-11D3-9D7B-0000F81EF32E}
\\.\COM
\\.\COM
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
window.location.reload()
window.location.reload()
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
text|password|file
text|password|file
comdlg32.dll
comdlg32.dll
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
WarnOnHTTPSToHTTPRedirect
WarnOnHTTPSToHTTPRedirect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
2016:08:04 18:08:10
2016:08:04 18:08:10
-6k}k
-6k}k
o.Sl@
o.Sl@
.ou&j
.ou&j
r.umV
r.umV
h.XhtR|
h.XhtR|
PfBCMd![p
PfBCMd![p
.iKVy
.iKVy
.WcGV
.WcGV
LN->kEy
LN->kEy
^u.wY'
^u.wY'
)Y$}u.wR
)Y$}u.wR
mSgQ
mSgQ
]EÞh`
]EÞh`
1999-2003
1999-2003
%d&&'
%d&&'
123456789
123456789
00003333
00003333
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.2.18
1.2.18
%*.*f
%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
CCmdTarget
CCmdTarget
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
iphlpapi.dll
iphlpapi.dll
SHLWAPI.dll
SHLWAPI.dll
MPR.dll
MPR.dll
VERSION.dll
VERSION.dll
WSOCK32.dll
WSOCK32.dll
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
Gdi32.dll
Gdi32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|PNG
(*.JPG)|*.JPG|PNG
(*.PNG)|*.PNG|BMP
(*.PNG)|*.PNG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
1.6.9
1.6.9
unsupported zlib version
unsupported zlib version
png_read_image: unsupported transformation
png_read_image: unsupported transformation
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
Bogus message code %d
Bogus message code %d
libpng error: %s
libpng error: %s
libpng warning: %s
libpng warning: %s
1.1.3
1.1.3
bad keyword
bad keyword
libpng does not support gamma background rgb_to_gray
libpng does not support gamma background rgb_to_gray
Palette is NULL in indexed image
Palette is NULL in indexed image
(%d-%d):
(%d-%d):
%ld%c
%ld%c
VVV.dywt.com.cn
VVV.dywt.com.cn
hXXp://VVV.baidu.com
hXXp://VVV.baidu.com
(*.avi)|*.avi
(*.avi)|*.avi
WPFT532.CNV
WPFT532.CNV
WPFT632.CNV
WPFT632.CNV
EXCEL32.CNV
EXCEL32.CNV
write32.wpc
write32.wpc
Windows Write
Windows Write
mswrd632.wpc
mswrd632.wpc
Word for Windows 6.0
Word for Windows 6.0
wword5.cnv
wword5.cnv
Word for Windows 5.0
Word for Windows 5.0
mswrd832.cnv
mswrd832.cnv
mswrd632.cnv
mswrd632.cnv
Word 6.0/95 for Windows & Macintosh
Word 6.0/95 for Windows & Macintosh
html32.cnv
html32.cnv
;3 #>6.&
;3 #>6.&
'2, / 0&7!4-)1#
'2, / 0&7!4-)1#
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.0
HTTP/1.0
%s
%s
Reply-To: %s
Reply-To: %s
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
Cc: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
%a, %d %b %Y %H:%M:%S
SMTP
SMTP
code %d bits %d->%d
code %d bits %d->%d
gen_codes: max_code %d
gen_codes: max_code %d
bl code -
bl code -
opt %lu(%lu) stat %lu(%lu) stored %lu lit %u dist %u
opt %lu(%lu) stat %lu(%lu) stored %lu lit %u dist %u
last_lit %u, last_dist %u, in %ld, out ~%ld(%ld%%)
last_lit %u, last_dist %u, in %ld, out ~%ld(%ld%%)
%d%d%d
%d%d%d
rundll32.exe shell32.dll,
rundll32.exe shell32.dll,
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÃ
zcÃ
right-curly-bracket
right-curly-bracket
left-curly-bracket
left-curly-bracket
c:\%original file name%.exe
c:\%original file name%.exe
GetWindowsDirectoryA
GetWindowsDirectoryA
WinExec
WinExec
GetProcessHeap
GetProcessHeap
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
CreateDialogIndirectParamA
CreateDialogIndirectParamA
UnregisterHotKey
UnregisterHotKey
RegisterHotKey
RegisterHotKey
EnumChildWindows
EnumChildWindows
GetKeyState
GetKeyState
InternetCrackUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
%fpoj
%fpoj
i-%c/-Q
i-%c/-Q
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
*%$#"! '&):(91/638
*%$#"! '&):(91/638
2, 7, 0, 0
2, 7, 0, 0
10080216
10080216
5.2.3790.0 built by: dnsrv_dev(v-smgum)
5.2.3790.0 built by: dnsrv_dev(v-smgum)
empty.exe
empty.exe
Windows
Windows
Operating System
Operating System
5.2.3790.0
5.2.3790.0