Susp_Dropper (Kaspersky), Trojan.GenericKD.1939521 (AdAware), Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan, VirTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: ba3bb5f04cb5befb3842b5a3c1e70f09
SHA1: 4bc2fb10923d137038eb5077293c78c3d535c627
SHA256: 72bd6004fcce543051d36898a134c02cf08c4bf27ff010a623aca2656ce1f5aa
SSDeep: 98304:b2XpSXf4u188Aa2FLMHP5FY bKxtGzkVw2L7HcYO5/u7UkKeyiE/edfgUU//bmjy:bwHc2FLMxNbHaw 7Hc/WgkxbE/eqm9Q3
Size: 4082776 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-08-29 19:35:27
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:568
ZmPlatform.exe:1500
The Trojan injects its code into the following process(es):
ZmPlatform.exe:1748
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:568 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Common Files\ZMRL\config.dat (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%WinDir%\system\7z.dll (6391 bytes)
%Program Files%\Common Files\ZMRL\ZmPlatform.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ini001\setupres.7z (180 bytes)
%WinDir%\system\Client7z.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zmsetup\ires.7z (12288 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zmsetup\ires.7z (0 bytes)
%WinDir%\system\Client7z.dll (0 bytes)
%WinDir%\system\7z.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ini001\setupres.7z (0 bytes)
The process ZmPlatform.exe:1748 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Temp\~gm_1254\ZmPlatform.exe (631235 bytes)
%Program Files%\Common Files\ZMRL\config.dat (42 bytes)
%Documents and Settings%\%current user%\Application Data\Cache\Mini.exe (3849 bytes)
%System%\drivers\BootIME7.sys (51 bytes)
%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QLSNQ10Z\ZmPlatform1212[1].exe (631235 bytes)
Registry activity
The process %original file name%.exe:568 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 12 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\zmrili]
"SetupPath" = "%Program Files%\zmrili"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\zmrili]
"ChannelID" = "0828"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D CF 47 8C F7 6C 54 8C 4A F8 A2 51 A0 E2 C7 2D"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"calendar" = "%Program Files%\zmrili\zmrili.exe -start"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process ZmPlatform.exe:1500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 03 9B 20 D3 E4 0F 08 36 2E A2 DF 75 97 74 F9"
The process ZmPlatform.exe:1748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 3B DE 55 93 50 83 A4 C3 43 E4 2C 0A DE 8C ED"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%WinDir%\TEMP\ZmPlatform.exe,"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"
Dropped PE files
| MD5 | File path |
|---|---|
| 8415784ec3a900adf5e0894210b5f477 | c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QLSNQ10Z\ZmPlatform1212[1].exe |
| 1663648d20fcd1dc5899652a0a0fd893 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Cache\Mini.exe |
| 8415784ec3a900adf5e0894210b5f477 | c:\Program Files\Common Files\ZMRL\ZmPlatform.exe |
| 01cb0203531dd8fffab24f789b9b8219 | c:\WINDOWS\Temp\ZmPlatform.exe |
| a1141ab569f35866ffce24ceddd8aef3 | c:\WINDOWS\system32\drivers\BootIME7.sys |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
Using the driver "%System%\drivers\BootIME7.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:568
ZmPlatform.exe:1500 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Program Files%\Common Files\ZMRL\config.dat (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%WinDir%\system\7z.dll (6391 bytes)
%Program Files%\Common Files\ZMRL\ZmPlatform.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ini001\setupres.7z (180 bytes)
%WinDir%\system\Client7z.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zmsetup\ires.7z (12288 bytes)
%WinDir%\Temp\~gm_1254\ZmPlatform.exe (631235 bytes)
%Documents and Settings%\%current user%\Application Data\Cache\Mini.exe (3849 bytes)
%System%\drivers\BootIME7.sys (51 bytes)
%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QLSNQ10Z\ZmPlatform1212[1].exe (631235 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"calendar" = "%Program Files%\zmrili\zmrili.exe -start" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name: Setup Module
Product Version: 1, 0, 0, 1
Legal Copyright: Copyright 2014
Legal Trademarks:
Original Filename: Setup.exe
Internal Name: Setup
File Version: 1, 0, 0, 1
File Description: Setup Module
Comments:
Language: English (United States)
Company Name: Product Name: Setup ModuleProduct Version: 1, 0, 0, 1Legal Copyright: Copyright 2014Legal Trademarks: Original Filename: Setup.exeInternal Name: SetupFile Version: 1, 0, 0, 1File Description: Setup ModuleComments: Language: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| UPX0 | 4096 | 2748416 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| UPX1 | 2752512 | 4067328 | 4064768 | 5.40176 | 30e1ead31201a081de78403007011153 |
| .rsrc | 6819840 | 12288 | 10240 | 3.66047 | bd43ea0357a4debddf0eea5575bd0b4d |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://112.124.141.130/update/ZmPlatform1212.exe | |
| hxxp://h.811166.com/update/ZmPlatform1212.exe | 112.124.141.130 |
| yay.zmrili.com | 112.124.141.130 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /update/ZmPlatform1212.exe HTTP/1.0
Host: h.811166.com
HTTP/1.1 200 OK
Server: Tengine
Date: Wed, 31 Dec 2014 13:24:56 GMT
Content-Type: application/octet-stream
Content-Length: 1538048
Connection: close
Last-Modified: Tue, 16 Dec 2014 12:25:28 GMT
ETag: "549024b8-177800"
Expires: Thu, 01 Jan 2015 13:24:56 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h.%_,.K.,.K.,.K.7\..1.K.7\..l.K.7\....K.%...=.K.,.J...K.7\..4.K.....-.K.7\..-.K.Rich,.K.........PE..L...3..T.................p..........@.1.. ....1...@...........................1...........@...................................1. .....1.......................1.....................................$.1.H...........................................UPX0....................................UPX1.....p... ...j..................@....rsrc.........1......n..............@..............................................................................................................................................................................................................................................................................................................................................................................................................3.91.UPX!.......A.....j1.6f....-.&.......U....@........3..E.Vh.............j.P.............h.9.'...vQ..hP......R....:..>.-.....5.....u@..H.....H.@..u...2y4.Vy8...<.....P.!@.H#D........m..`.......h~.........P....t[....f......f`.t...u?.....rr9 $(,..#.0.>}.I.{.|.......Hm....P.HP.p.>.{PY.h.Hb^.._pd.V.M.3...h..]...4../... .W^. ..?S..}T....t|D...v......W/P....u..-.#...{L^_..E.PV5H.,.f.....j.=D.}..u./...!@V.LhWk ..n._e..=...$S..uVW..$.......E.X.._.......X.... ......h..7..:~..M..x....l..."...;.d._p.`AP..Sz.P...]..d./.u.3..]..}..G.3..F.....
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
ZmPlatform.exe_1748:
`.rsrc
`.rsrc
t.SSj
t.SSj
u$SShe
u$SShe
SSQSSSSh
SSQSSSSh
SSSSh
SSSSh
t%9x t
t%9x t
SSSShP
SSSShP
u SSh
u SSh
t.hAp
t.hAp
t6Ht.Ht&
t6Ht.Ht&
Lj.hLlX
Lj.hLlX
n%XpX
n%XpX
CHttpFile
CHttpFile
CNotSupportedException
CNotSupportedException
Kernel32.dll
Kernel32.dll
Comdlg32.dll
Comdlg32.dll
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
RegDeleteKeyExW
CCmdTarget
CCmdTarget
Comctl32.dll
Comctl32.dll
CMDIFrameWndEx
CMDIFrameWndEx
CMDITabProxyWnd
CMDITabProxyWnd
CMDIChildWndEx
CMDIChildWndEx
CMDIFrameWnd
CMDIFrameWnd
CMDIChildWnd
CMDIChildWnd
CMDIClientAreaWnd
CMDIClientAreaWnd
CMFCToolBarsKeyboardPropertyPage
CMFCToolBarsKeyboardPropertyPage
operator
operator
GetProcessWindowStation
GetProcessWindowStation
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
\SysWow64\drivers\BootIME7.sys
\SysWow64\drivers\BootIME7.sys
\system32\drivers\BootIME7.sys
\system32\drivers\BootIME7.sys
PortMoniterServices
PortMoniterServices
%s@%s@%s
%s@%s@%s
-run -minitips -url=%s -link="" -id=%d -width=%d -height=%d -mini=1
-run -minitips -url=%s -link="" -id=%d -width=%d -height=%d -mini=1
-run -minitips -url=%s -link="" -id=%d -width=%d -height=%d -mini=0
-run -minitips -url=%s -link="" -id=%d -width=%d -height=%d -mini=0
%s can't be opened
%s can't be opened
@#%&_123
@#%&_123
XXXXXX
XXXXXX
Error in GetFileVersionInfoSize: %d
Error in GetFileVersionInfoSize: %d
Error in GetFileVersionInfo: %d
Error in GetFileVersionInfo: %d
Error in VerQueryValue: %d
Error in VerQueryValue: %d
%d.%d.%d.%d
%d.%d.%d.%d
udo.exe
udo.exe
iprotect.exe
iprotect.exe
clsmn.exe
clsmn.exe
wxcltaidex.exe
wxcltaidex.exe
rsclient.exe
rsclient.exe
winscript.exe
winscript.exe
sendcmd.exe
sendcmd.exe
BarClient.exe
BarClient.exe
wwm.exe
wwm.exe
shortcut.exe
shortcut.exe
HClient.exe
HClient.exe
entry.exe
entry.exe
ssp.exe
ssp.exe
NSdominated.exe
NSdominated.exe
PubwinClient.exe
PubwinClient.exe
partyclient.exe
partyclient.exe
wxGlw2CltPlg.wxe
wxGlw2CltPlg.wxe
WxCultureCli.exe
WxCultureCli.exe
BarClientView.exe
BarClientView.exe
BarClientSafeCenter.exe
BarClientSafeCenter.exe
Recreation.exe
Recreation.exe
DrvDefender.exe
DrvDefender.exe
BarOnline.exe
BarOnline.exe
KHLauncher.exe
KHLauncher.exe
rwyNCM.exe
rwyNCM.exe
HintSafe.exe
HintSafe.exe
wxprolife.wxe
wxprolife.wxe
mainpro.exe
mainpro.exe
VVV.baidu.com
VVV.baidu.com
\Mini.exe
\Mini.exe
\nStatic.dll
\nStatic.dll
\ZMRL\config.dat
\ZMRL\config.dat
\ZMRL\ZmPlatform.exe
\ZMRL\ZmPlatform.exe
hXXp://yay.zmrili.com/api/z.php?cn=%s&id=%s&os=%s&ver=%s&md=%s&c=%s
hXXp://yay.zmrili.com/api/z.php?cn=%s&id=%s&os=%s&ver=%s&md=%s&c=%s
url:%s
url:%s
FhXXp://update.zmrili.com/update/update.php?version=%s
FhXXp://update.zmrili.com/update/update.php?version=%s
ZmPlatform.exe
ZmPlatform.exe
%s%s_%x\
%s%s_%x\
E:\2013_project\des\service\Release\ZmPlatform.pdb
E:\2013_project\des\service\Release\ZmPlatform.pdb
zcÃ
zcÃ
VVV.tao123.com
VVV.tao123.com
HTTP/1.1
HTTP/1.1
hao.360.cn
hao.360.cn
.PAVCException@@
.PAVCException@@
.PAVCInternetException@@
.PAVCInternetException@@
.PAVCObject@@
.PAVCObject@@
.PAVCOleException@@
.PAVCOleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AVCMFCColorBarCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCAcceleratorKey@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMDIFrameWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIChildWnd@@
.?AVCMDITabProxyWnd@@
.?AVCMDITabProxyWnd@@
.?AVCMFCCmdUsageCount@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCRibbonCmdUI@@
.?AV?$CArray@PAVCMFCRibbonKeyTip@@PAV1@@@
.?AV?$CArray@PAVCMFCRibbonKeyTip@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMDIClientAreaWnd@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
.PAVCFileException@@
.PAVCFileException@@
.?AVCHttpFile@@
.?AVCHttpFile@@
baidubrowser.exe
baidubrowser.exe
hao123.com
hao123.com
VVV.sogou.com
VVV.sogou.com
VVV.hao123.com
VVV.hao123.com
union.click.jd.com
union.click.jd.com
VVV.jd.com
VVV.jd.com
%Documents and Settings%\%current user%\Application Data\Cache\Mini.exe
%Documents and Settings%\%current user%\Application Data\Cache\Mini.exe
%Program Files%\Common Files\ZMRL\ZmPlatform.exe
%Program Files%\Common Files\ZMRL\ZmPlatform.exe
1.0.14.1015
1.0.14.1015
%Program Files%\Common Files\ZMRL\config.dat
%Program Files%\Common Files\ZMRL\config.dat
GET / HTTP/1.1
GET / HTTP/1.1
VVV.duba.com
VVV.duba.com
123.sogou.com
123.sogou.com
cn.msn.com
cn.msn.com
VVV.2345.com
VVV.2345.com
VVV.apple.com
VVV.apple.com
hao.160.com
hao.160.com
VVV.25298.com
VVV.25298.com
VVV.z7755.com
VVV.z7755.com
VVV.wz58.com
VVV.wz58.com
VVV.3600.com
VVV.3600.com
VVV.91ni.com
VVV.91ni.com
hao.qq.com
hao.qq.com
VVV.baiduso.com
VVV.baiduso.com
1.huo99.com
1.huo99.com
GET HTTP/1.1
GET HTTP/1.1
hao.rising.cn
hao.rising.cn
123.duba.net
123.duba.net
VVV.kd1000.com
VVV.kd1000.com
hao.360.cn/src
hao.360.cn/src
VVV.qq.net
VVV.qq.net
VVV.114la.com
VVV.114la.com
VVV.1616.net
VVV.1616.net
.idata
.idata
.edata
.edata
P.reloc
P.reloc
P.rsrc
P.rsrc
kernel32.dll
kernel32.dll
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
%Program Files%\Borland\Delphi7\Source\Rtl\sys\SysUtils.pas
%Program Files%\Borland\Delphi7\Source\Rtl\sys\SysUtils.pas
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
TWinHTTPLib
TWinHTTPLib
rpcrt4.dll
rpcrt4.dll
TAsyncWinHTTPThread
TAsyncWinHTTPThread
hXXp://h.811166.com/api/s.php?mid=%s&type=%s&id=%s
hXXp://h.811166.com/api/s.php?mid=%s&type=%s&id=%s
hXXp://h.811166.com/api/s.php?mid=%s&type=%s
hXXp://h.811166.com/api/s.php?mid=%s&type=%s
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
GetCPInfo
GetCPInfo
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
wininet.dll
wininet.dll
InternetCombineUrlA
InternetCombineUrlA
winhttp.dll
winhttp.dll
WinHttpCloseHandle
WinHttpCloseHandle
WinHttpReadData
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSendRequest
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpConnect
WinHttpOpen
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpSetOption
netapi32.dll
netapi32.dll
nStatic.dll
nStatic.dll
getURL
getURL
> >$>(>,>
> >$>(>,>
5&5.565>5
5&5.565>5
;!;%;);-;1;
;!;%;);-;1;
KWindows
KWindows
WinHTTPLibUnit
WinHTTPLibUnit
ALWinHttpWrapper
ALWinHttpWrapper
UrlMon
UrlMon
UAsyncWinHTTPThread
UAsyncWinHTTPThread
N2ogm@N2ogm.com1 0
N2ogm@N2ogm.com1 0
'hXXp://ocsp1.wosign.com/class3/code/ca106
'hXXp://ocsp1.wosign.com/class3/code/ca106
*hXXp://aia1.wosign.com/class3.code.ca1.cer07
*hXXp://aia1.wosign.com/class3.code.ca1.cer07
&hXXp://crls1.wosign.com/ca1-code-3.crl0Q
&hXXp://crls1.wosign.com/ca1-code-3.crl0Q
hXXp://VVV.wosign.com/policy/0
hXXp://VVV.wosign.com/policy/0
!Certification Authority of WoSign0
!Certification Authority of WoSign0
hXXp://crls1.wosign.com/ca1.crl0g
hXXp://crls1.wosign.com/ca1.crl0g
hXXp://ocsp1.wosign.com/ca10.
hXXp://ocsp1.wosign.com/ca10.
"hXXp://aia1.wosign.com/ca1-tsa.cer0
"hXXp://aia1.wosign.com/ca1-tsa.cer0
hXXp://VVV.usertrust.com1
hXXp://VVV.usertrust.com1
6hXXp://crl.trust-provider.com/UTN-USERFirst-Object.crl0:
6hXXp://crl.trust-provider.com/UTN-USERFirst-Object.crl0:
hXXp://ocsp.trust-provider.com0
hXXp://ocsp.trust-provider.com0
Þe3F
Þe3F
hXXp://crls1.wosign.com/ca1.crl0o
hXXp://crls1.wosign.com/ca1.crl0o
hXXp://ocsp1.wosign.com/ca106
hXXp://ocsp1.wosign.com/ca106
*hXXp://aia1.wosign.com/ca1-class3-code.cer0
*hXXp://aia1.wosign.com/ca1-class3-code.cer0
!Certification Authority of WoSign
!Certification Authority of WoSign
.rdata
.rdata
Windows
Windows
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
%Program Files%\Borland\Delphi7\Source\Rtl\common\TypInfo.pas
%Program Files%\Borland\Delphi7\Source\Rtl\common\TypInfo.pas
ssShift
ssShift
htKeyword
htKeyword
EInvalidOperation
EInvalidOperation
u%CNu
u%CNu
%s_%d
%s_%d
%Program Files%\Borland\Delphi7\Source\Rtl\common\Classes.pas
%Program Files%\Borland\Delphi7\Source\Rtl\common\Classes.pas
EInvalidGraphicOperation
EInvalidGraphicOperation
USER32.DLL
USER32.DLL
comctl32.dll
comctl32.dll
uxtheme.dll
uxtheme.dll
MAPI32.DLL
MAPI32.DLL
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
JumpID("","%s")
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
HelpKeyword
HelpKeyword
crSQLWait
crSQLWait
%s (%s)
%s (%s)
imm32.dll
imm32.dll
Uhc%D
Uhc%D
AutoHotkeys
AutoHotkeys
Uh.vD
Uh.vD
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
KeyPreviewx:D
KeyPreviewx:D
WindowState
WindowState
OnKeyDown
OnKeyDown
OnKeyPress8
OnKeyPress8
OnKeyUp\
OnKeyUp\
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
vcltest3.dll
User32.dll
User32.dll
%s, ClassID: %s
%s, ClassID: %s
ole32.dll
ole32.dll
olepro32.dll
olepro32.dll
grfKeyState
grfKeyState
TComTargetExecEvent
TComTargetExecEvent
CmdGroup
CmdGroup
nCmdID
nCmdID
nCmdexecopt
nCmdexecopt
hhctrl.ocx
hhctrl.ocx
URLMON.DLL
URLMON.DLL
SHDOCLC.DLL
SHDOCLC.DLL
IWebBrowser
IWebBrowser
IWebBrowserApp
IWebBrowserApp
IWebBrowser2
IWebBrowser2
TEWBWindowSetResizable
TEWBWindowSetResizable
TEWBWindowSetLeft
TEWBWindowSetLeft
TEWBWindowSetTop
TEWBWindowSetTop
TEWBWindowSetWidth
TEWBWindowSetWidth
TEWBWindowSetHeight
TEWBWindowSetHeight
bstrUrlContext
bstrUrlContext
bstrUrl
bstrUrl
OnWindowSetResizable0
OnWindowSetResizable0
OnWindowSetLeftt
OnWindowSetLeftt
OnWindowSetTop
OnWindowSetTop
OnWindowSetWidth
OnWindowSetWidth
OnWindowSetHeight@
OnWindowSetHeight@
rcmDefault
rcmDefault
rcmDebug
rcmDebug
DontExecuteScripts
DontExecuteScripts
DontExecuteJava
DontExecuteJava
DontExecuteActiveX
DontExecuteActiveX
DisableUrlIfEncodingUTF8
DisableUrlIfEncodingUTF8
EnableUrlIfEncodingUTF8
EnableUrlIfEncodingUTF8
CheckFontSupportsCodePage
CheckFontSupportsCodePage
DisableSubmitUrlInUTF8
DisableSubmitUrlInUTF8
EnableSubmitUrlInUTF8
EnableSubmitUrlInUTF8
lpMsg
lpMsg
PMsg
PMsg
pguidCmdGroup
pguidCmdGroup
TTranslateUrlEvent
TTranslateUrlEvent
pchURLIn
pchURLIn
ppchURLOut
ppchURLOut
CmdID
CmdID
pszUrl
pszUrl
pszUrlContext
pszUrlContext
szPassWord
szPassWord
ErrorUrl
ErrorUrl
OptionKeyPath
OptionKeyPath
OverrideOptionKeyPath`
OverrideOptionKeyPath`
OnTranslateUrl
OnTranslateUrl
OnCommandExec
OnCommandExec
'%s' is not supported.
'%s' is not supported.
!THTMLDocumentEventsonkeydownEvent
!THTMLDocumentEventsonkeydownEvent
THTMLDocumentEventsonkeyupEvent
THTMLDocumentEventsonkeyupEvent
"THTMLDocumentEventsonkeypressEvent
"THTMLDocumentEventsonkeypressEvent
onkeydown
onkeydown
onkeyup
onkeyup
onkeypressL5F
onkeypressL5F
%s only supports sinking of method calls!
%s only supports sinking of method calls!
WebocPopupManagement
WebocPopupManagement
ValidateNavigateUrl
ValidateNavigateUrl
HttpUsernamePasswordDisable
HttpUsernamePasswordDisable
GetUrlDomFilePathUnencoded
GetUrlDomFilePathUnencoded
XmlHttp
XmlHttp
PTF://
PTF://
hXXp://
hXXp://
hXXps://
hXXps://
AppEvents\Schemes\Apps\Explorer\Navigating\.Current
AppEvents\Schemes\Apps\Explorer\Navigating\.Current
.Current
.Current
\ieframe.dll
\ieframe.dll
\shdocvw.dll
\shdocvw.dll
\StringFileInfo\%0.4x%0.4x\%s
\StringFileInfo\%0.4x%0.4x\%s
TMsgEvent
TMsgEvent
TKeyEventEx
TKeyEventEx
Port
Port
Password
Password
poPortrait
poPortrait
OnKeyDown4
OnKeyDown4
0.750000
0.750000
3333333
3333333
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(
EmbeddedWB hXXp://bsalsa.com/
EmbeddedWB hXXp://bsalsa.com/
1.2.3
1.2.3
Portable Network Graphics
Portable Network Graphics
-url=
-url=
Internet Explorer\iexplore.exe
Internet Explorer\iexplore.exe
RunCMDTimer
RunCMDTimer
RunCMDTimerTimer
RunCMDTimerTimer
52BB8691-C40A-4801-AFAA-D04DD37E9D3E
52BB8691-C40A-4801-AFAA-D04DD37E9D3E
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
RegQueryInfoKeyA
RegQueryInfoKeyA
RegFlushKey
RegFlushKey
RegEnumKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExA
version.dll
version.dll
gdi32.dll
gdi32.dll
SetViewportOrgEx
SetViewportOrgEx
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
MapVirtualKeyA
MapVirtualKeyA
LoadKeyboardLayoutA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
GetKeyNameTextA
GetKeyNameTextA
EnumWindows
EnumWindows
EnumThreadWindows
EnumThreadWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
shell32.dll
shell32.dll
ShellExecuteExA
ShellExecuteExA
ShellExecuteA
ShellExecuteA
gdiplus.dll
gdiplus.dll
GdiplusShutdown
GdiplusShutdown
6)7.7
6)7.7
6|7`7r7
6|7`7r7
2 2$2(2,2024282
2 2$2(2,2024282
2 2$2(2,2024282
2 2$2(2,2024282
8 8%8s8
8 8%8s8
9 9$9(9,9094989
9 9$9(9,9094989
1$2(2,202
1$2(2,202
0 0$0(0,0
0 0$0(0,0
3 4A4D4I4V4
3 4A4D4I4V4
6-6}6
6-6}6
3/43474
3/43474
: ;/;3;7;
: ;/;3;7;
3,41484{4
3,41484{4
>$?(?,?0?4?8?
>$?(?,?0?4?8?
333333333333333333
333333333333333333
33333833
33333833
3333339
3333339
3333333333333338
3333333333333338
:*"*"$3338
:*"*"$3338
33333333
33333333
33333333333
33333333333
3333333333338
3333333333338
33338?383
33338?383
333333333333
333333333333
:*3:"$3338
:*3:"$3338
333333333333333
333333333333333
Font.Charset
Font.Charset
Font.Color
Font.Color
Font.Height
Font.Height
Font.Name
Font.Name
Font.Style
Font.Style
DialogBoxes.DisableAll
DialogBoxes.DisableAll
PrintOptions.Margins.Left
PrintOptions.Margins.Left
PrintOptions.Margins.Right
PrintOptions.Margins.Right
PrintOptions.Margins.Top
PrintOptions.Margins.Top
PrintOptions.Margins.Bottom
PrintOptions.Margins.Bottom
PrintOptions.HTMLHeader.Strings
PrintOptions.HTMLHeader.Strings
PrintOptions.Orientation
PrintOptions.Orientation
Picture.Data
Picture.Data
!iTXtXML:com.adobe.xmp
!iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> v(
" id="W5M0MpCehiHzreSzNTczkc9d"?> v(
" id="W5M0MpCehiHzreSzNTczkc9d"?> .5
" id="W5M0MpCehiHzreSzNTczkc9d"?> .5
VisualEffects.DisableSounds
VisualEffects.DisableSounds
iTXtXML:com.adobe.xmp
iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
.text
.text
h.rdata
h.rdata
H.data
H.data
.reloc
.reloc
TransportAddress
TransportAddress
irpStack:%x
irpStack:%x
HTTP/1.1 302 Moved Permanently
HTTP/1.1 302 Moved Permanently
Location: %s
Location: %s
HTTP/1.1 302 Found
HTTP/1.1 302 Found
hXXp://VVV.baidu.com/
hXXp://VVV.baidu.com/
Host: VVV.baidu.com
Host: VVV.baidu.com
HTTP/1.1
HTTP/1.1
find refer len:%d
find refer len:%d
Now %d, Old: %d, Now : %d, Old %d,%s,%s
Now %d, Old: %d, Now : %d, Old %d,%s,%s
Extern called :%d, %s
Extern called :%d, %s
explorer.exe
explorer.exe
this :%d, %s %d, %s
this :%d, %s %d, %s
hXXp://VVV.hao123.com/?tn=90189843_hao_pg
hXXp://VVV.hao123.com/?tn=90189843_hao_pg
find the mylink:%s
find the mylink:%s
In the white list :%s
In the white list :%s
aaa :%s,%s
aaa :%s,%s
DWJ Error: PsLookupProcessByProcessId Failed: x
DWJ Error: PsLookupProcessByProcessId Failed: x
Error: ObOpenObjectByPointer Failed: x
Error: ObOpenObjectByPointer Failed: x
GetParentProcessId PsLookupProcessByProcessId failed pid:%u , x
GetParentProcessId PsLookupProcessByProcessId failed pid:%u , x
ZwQueryInformationProcess info failed :x
ZwQueryInformationProcess info failed :x
PsLookupProcessByProcessId() faild x
PsLookupProcessByProcessId() faild x
Writeof of service failed: x
Writeof of service failed: x
Proctect of service failed: x
Proctect of service failed: x
ZwReadFile failed with:x
ZwReadFile failed with:x
..Host:Connection:
..Host:Connection:
HTTP/1.1 200 OK
HTTP/1.1 200 OK
GET /index.html?pid=
GET /index.html?pid=
Host: VVV.sogou.com
Host: VVV.sogou.com
Host: VVV.hao123.com
Host: VVV.hao123.com
fwchrome.exe
fwchrome.exe
360chrome.exe
360chrome.exe
flyie.exe
flyie.exe
jsy.exe
jsy.exe
caiyun.exe
caiyun.exe
xttbrowser.exe
xttbrowser.exe
zbrowser.exe
zbrowser.exe
aegis.exe
aegis.exe
miniie_2.exe
miniie_2.exe
krbrowser.exe
krbrowser.exe
myiq.exe
myiq.exe
vu.exe
vu.exe
tfybrowser.exe
tfybrowser.exe
coral.exe
coral.exe
roamb.exe
roamb.exe
rsbrowser.exe
rsbrowser.exe
alibrowser.exe
alibrowser.exe
cell.exe
cell.exe
cyie.exe
cyie.exe
hxbrowser.exe
hxbrowser.exe
piluo.exe
piluo.exe
cheerbrowser.exe
cheerbrowser.exe
gesearch.exe
gesearch.exe
webstrip.exe
webstrip.exe
ttraveler.exe
ttraveler.exe
scheduler.exe
scheduler.exe
iron.exe
iron.exe
s3browser-win32.exe
s3browser-win32.exe
qqbrowser.exe
qqbrowser.exe
xplorer.exe
xplorer.exe
crazy browser.exe
crazy browser.exe
barsmedia.exe
barsmedia.exe
avant.exe
avant.exe
8uexplorer.exe
8uexplorer.exe
114ie.exe
114ie.exe
gamesbrowser.exe
gamesbrowser.exe
languang.exe
languang.exe
ucbrowser.exe
ucbrowser.exe
myie9.exe
myie9.exe
2291browser.exe
2291browser.exe
pbbrowser.exe
pbbrowser.exe
browser.exe
browser.exe
qtweb.exe
qtweb.exe
yyexplorer.exe
yyexplorer.exe
seemao.exe
seemao.exe
jx.exe
jx.exe
jwbrowser.exe
jwbrowser.exe
caimao.exe
caimao.exe
se.exe
se.exe
huaer.exe
huaer.exe
airview.exe
airview.exe
seamonkey.exe
seamonkey.exe
palemoon.exe
palemoon.exe
luna.exe
luna.exe
webgamegt.exe
webgamegt.exe
gosurf.exe
gosurf.exe
dragon.exe
dragon.exe
acoobrowser.exe
acoobrowser.exe
saayaa.exe
saayaa.exe
srie.exe
srie.exe
ftbr.exe
ftbr.exe
sbframe.exe
sbframe.exe
dybrowser.exe
dybrowser.exe
ruiying.exe
ruiying.exe
taomeebrowser.exe
taomeebrowser.exe
taobrowser.exe
taobrowser.exe
kchrome.exe
kchrome.exe
cometbrowser.exe
cometbrowser.exe
chgreenbrowser.exe
chgreenbrowser.exe
duoping.exe
duoping.exe
greenbrowser.exe
greenbrowser.exe
2345explorer.exe
2345explorer.exe
xbrowser.exe
xbrowser.exe
07073ge.exe
07073ge.exe
netscape.exe
netscape.exe
maxthon.exe
maxthon.exe
safari.exe
safari.exe
chrome.exe
chrome.exe
opera.exe
opera.exe
firefox.exe
firefox.exe
the world .exe
the world .exe
sogouexplorer.exe
sogouexplorer.exe
iexplore.exe
iexplore.exe
tango3.exe
tango3.exe
juzi.exe
juzi.exe
2345chrome.exe
2345chrome.exe
theworld.exe
theworld.exe
360se.exe
360se.exe
e:\code\rili_8_29\win7_fw_sys\winxp_fw_sys\objfre_wxp_x86\i386\tdi_sys.pdb
e:\code\rili_8_29\win7_fw_sys\winxp_fw_sys\objfre_wxp_x86\i386\tdi_sys.pdb
ZwOpenKey
ZwOpenKey
RtlCreateRegistryKey
RtlCreateRegistryKey
ZwQueryValueKey
ZwQueryValueKey
ntoskrnl.exe
ntoskrnl.exe
HAL.dll
HAL.dll
TDI.SYS
TDI.SYS
Thawte Certification1
Thawte Certification1
hXXp://ocsp.thawte.com0
hXXp://ocsp.thawte.com0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
haloshare@foxmail.com1(0&
haloshare@foxmail.com1(0&
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
whilte list item: %s,%s,%d
whilte list item: %s,%s,%d
setRulesNode: %s,%s,%s
setRulesNode: %s,%s,%s
RegistryMonitor: ERROR CmRegisterCallback - x
RegistryMonitor: ERROR CmRegisterCallback - x
HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
hXXp://VVV.sogou.com/index.html?pid=sogou-netb-5481b2f34a74e427-8780
hXXp://VVV.sogou.com/index.html?pid=sogou-netb-5481b2f34a74e427-8780
twchrome.exe
twchrome.exe
The document has moved here.
The document has moved here.
GET /?tn=93550978_hao_pg HTTP/1.1
GET /?tn=93550978_hao_pg HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
GET /index.php?tn=
GET /index.php?tn=
GET /index.html HTTP/1.1
GET /index.html HTTP/1.1
f:\codejd\rinimeirili\win7_fw_sys\objfre_win7_x86\i386\fw_win7_.pdb
f:\codejd\rinimeirili\win7_fw_sys\objfre_win7_x86\i386\fw_win7_.pdb
ZwSetValueKey
ZwSetValueKey
ZwEnumerateKey
ZwEnumerateKey
ZwQueryKey
ZwQueryKey
fwpkclnt.sys
fwpkclnt.sys
2 2(2,282
2 2(2,282
.pdata
.pdata
f:\codejd\rinimeirili\win7_fw_sys\objfre_win7_amd64\amd64\fw_win7_.pdb
f:\codejd\rinimeirili\win7_fw_sys\objfre_win7_amd64\amd64\fw_win7_.pdb
GetWindowsDirectoryW
GetWindowsDirectoryW
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryA
GetWindowsDirectoryA
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
ScaleViewportExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
GetViewportExtEx
GetViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
ShellExecuteW
ShellExecuteW
UrlUnescapeW
UrlUnescapeW
CreateDialogIndirectParamW
CreateDialogIndirectParamW
GetAsyncKeyState
GetAsyncKeyState
MapVirtualKeyW
MapVirtualKeyW
GetKeyNameTextW
GetKeyNameTextW
MapVirtualKeyExW
MapVirtualKeyExW
SetWindowsHookExW
SetWindowsHookExW
InternetOpenUrlW
InternetOpenUrlW
HttpQueryInfoW
HttpQueryInfoW
InternetCanonicalizeUrlW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetCrackUrlW
%%c("
%%c("
%F?=Kj/99
%F?=Kj/99
9IO%X8.
9IO%X8.
`7P0.HD
`7P0.HD
0u.Hn
0u.Hn
&%S j
&%S j
.Fa[@
.Fa[@
3#->33I-#--I33?Q [-3#;.#3I;--##0 .AG?L
3#->33I-#--I33?Q [-3#;.#3I;--##0 .AG?L
.CA1# [M,# I?11?Y435#S#.Z-##-3?H3W-3-7w #M$--50>6-#
.CA1# [M,# I?11?Y435#S#.Z-##-3?H3W-3-7w #M$--50>6-#
($ ($ ( (
($ ($ ( (
\ $$$$,$$(,(4
\ $$$$,$$(,(4
800 $ ($$
800 $ ($$
$ ,$$(0,, $00($
$ ,$$(0,, $00($
(0,0,(,($$,$,
(0,0,(,($$,$,
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.dll
ADVAPI32.dll
GDI32.dll
GDI32.dll
IMM32.dll
IMM32.dll
MSIMG32.dll
MSIMG32.dll
NETAPI32.dll
NETAPI32.dll
OLEACC.dll
OLEACC.dll
OLEAUT32.dll
OLEAUT32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
USER32.dll
USER32.dll
UxTheme.dll
UxTheme.dll
VERSION.dll
VERSION.dll
WININET.dll
WININET.dll
WINMM.dll
WINMM.dll
WINSPOOL.DRV
WINSPOOL.DRV
WS2_32.dll
WS2_32.dll
WTSAPI32.dll
WTSAPI32.dll
@WININET.DLL
@WININET.DLL
@.CHM
@.CHM
UKernel32.dll
UKernel32.dll
UComdlg32.dll
UComdlg32.dll
%s (%s:%d)
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
Advapi32.dll
Advapi32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
xuser32.dll
xuser32.dll
dwmapi.dll
dwmapi.dll
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
accKeyboardShortcut
accKeyboardShortcut
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%p:%x
Afx:%p:%x
Afx:%p:%x:%p:%p:%p
Afx:%p:%x:%p:%p:%p
AD2D1.dll
AD2D1.dll
DWrite.dll
DWrite.dll
UMFCLink_Url
UMFCLink_Url
MFCLink_UrlPrefix
MFCLink_UrlPrefix
%s:%x:%x:%x:%x
%s:%x:%x:%x:%x
D%d%%
D%d%%
&%d %s
&%d %s
Uf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Uf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
EHex={X,X,X}
EHex={X,X,X}
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
TOOLBAR_RESETKEYBAORD
TOOLBAR_RESETKEYBAORD
%sMFCToolBar-%d
%sMFCToolBar-%d
%sMFCToolBar-%d%x
%sMFCToolBar-%d%x
%sMFCToolBarParameters
%sMFCToolBarParameters
KEYTIP
KEYTIP
IDB_OFFICE2007_RIBBON_KEYTIP_BACK
IDB_OFFICE2007_RIBBON_KEYTIP_BACK
GMSG_CHECKEMPTYMINIFRAME
GMSG_CHECKEMPTYMINIFRAME
%sDockingManager-%d
%sDockingManager-%d
%sPane-%d
%sPane-%d
%sPane-%d%x
%sPane-%d%x
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
%c%d%c%s
%c%d%c%s
%sBasePane-%d
%sBasePane-%d
%sBasePane-%d%x
%sBasePane-%d%x
VRGB(%d, %d, %d)
VRGB(%d, %d, %d)
Lwindows
Lwindows
H1&0 %s
H1&0 %s
%sMFCOutlookBar-%d
%sMFCOutlookBar-%d
%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d%x
Wf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
Wf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
%sMDIClientArea-%d
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
W%sDockablePaneAdapter-%d
W%sDockablePaneAdapter-%d
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d%x
Pwindows
Pwindows
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
PMSFTEDIT.DLL
PMSFTEDIT.DLL
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
%sMFCTasksPane-%d
%sMFCTasksPane-%d
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d%x
KEYS
KEYS
KEYS_MENU
KEYS_MENU
ENABLE_KEYS
ENABLE_KEYS
Rmscoree.dll
Rmscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
\\.\CsTracker
\\.\CsTracker
hXXp://int.dpool.sina.com.cn/iplookup/iplookup.php?format=json
hXXp://int.dpool.sina.com.cn/iplookup/iplookup.php?format=json
urls:%s
urls:%s
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 2.0.50727)
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
List capacity out of bounds (%d)
List capacity out of bounds (%d)
List count out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
List index out of bounds (%d) Out of memory while expanding memory stream
%s.Seek not implemented$Operation not allowed on sorted list
%s.Seek not implemented$Operation not allowed on sorted list
Thread creation error: %s
Thread creation error: %s
Thread Error: %s (%d)
Thread Error: %s (%d)
Cannot assign a %s to a %sECheckSynchronize called from thread $%x, which is NOT the main thread%String list does not allow duplicates
Cannot assign a %s to a %sECheckSynchronize called from thread $%x, which is NOT the main thread%String list does not allow duplicates
Cannot create file "%s". %s
Cannot create file "%s". %s
Cannot open file "%s". %s
Cannot open file "%s". %s
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
System Error. Code: %d.
Invalid variant operation%Invalid variant operation (%s%.8x)
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
Operation not supported
External exception %x
External exception %x
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
No argument for format '%s'"Variant method calls not supported
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
errorUrl
errorUrl
jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.
jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.
JPEG error #%d
JPEG error #%d
JPEG Image FilejThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.
JPEG Image FilejThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.
Description: BThe "Portable Network Graphics" image contains an invalid palette.
Description: BThe "Portable Network Graphics" image contains an invalid palette.
The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.
The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.
This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.
This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.
There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.
There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.
No help keyword specified.
No help keyword specified.
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
No help found for %s#No context-sensitive help installed$No topic-based help system installed
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Alt Clipboard does not support Icons/Menu '%s' is already being used by another form
Alt Clipboard does not support Icons/Menu '%s' is already being used by another form
Cannot focus a disabled or invisible window!Control '%s' has no parent window
Cannot focus a disabled or invisible window!Control '%s' has no parent window
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic
Unsupported clipboard format
Unsupported clipboard format
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Failed to create key %s
Failed to create key %s
Failed to get data for '%s'
Failed to get data for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
Resource %s not found
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Property %s does not exist
ECheckSynchronize called from thread $%x, which is NOT the main thread
ECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Invalid stream format$''%s'' is not a valid component name
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
Invalid data type for '%s' List capacity out of bounds (%d)
List index out of bounds (%d)
List index out of bounds (%d)
Ancestor for '%s' not found
Ancestor for '%s' not found
Cannot assign a %s to a %s
Cannot assign a %s to a %s
!'%s' is not a valid integer value('%s' is not a valid floating point value
!'%s' is not a valid integer value('%s' is not a valid floating point value
1.0.14.1001
1.0.14.1001
1.0.0.0
1.0.0.0
\Device\Udp
\Device\Udp
\Device\Tcp
\Device\Tcp
\ZMRL\configtn.dat
\ZMRL\configtn.dat
%s%s%s
%s%s%s
\Registry\Machine\Software\Microsoft\Windows\CurrentVersion
\Registry\Machine\Software\Microsoft\Windows\CurrentVersion
Filter that finds and replaces a token from a TCP stream
Filter that finds and replaces a token from a TCP stream
Callout that finds and replaces a token from a TCP stream
Callout that finds and replaces a token from a TCP stream
VVV.hao123.com/?tn=90189843_hao_pg
VVV.hao123.com/?tn=90189843_hao_pg
\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\
\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\
zmplatform.exe
zmplatform.exe
ZmPlatform.exe_1748_rwx_00401000_0030C000:
t.SSj
t.SSj
u$SShe
u$SShe
SSQSSSSh
SSQSSSSh
SSSSh
SSSSh
t%9x t
t%9x t
SSSShP
SSSShP
u SSh
u SSh
t.hAp
t.hAp
t6Ht.Ht&
t6Ht.Ht&
Lj.hLlX
Lj.hLlX
n%XpX
n%XpX
CHttpFile
CHttpFile
CNotSupportedException
CNotSupportedException
Kernel32.dll
Kernel32.dll
Comdlg32.dll
Comdlg32.dll
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
RegDeleteKeyExW
CCmdTarget
CCmdTarget
Comctl32.dll
Comctl32.dll
CMDIFrameWndEx
CMDIFrameWndEx
CMDITabProxyWnd
CMDITabProxyWnd
CMDIChildWndEx
CMDIChildWndEx
CMDIFrameWnd
CMDIFrameWnd
CMDIChildWnd
CMDIChildWnd
CMDIClientAreaWnd
CMDIClientAreaWnd
CMFCToolBarsKeyboardPropertyPage
CMFCToolBarsKeyboardPropertyPage
operator
operator
GetProcessWindowStation
GetProcessWindowStation
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
\SysWow64\drivers\BootIME7.sys
\SysWow64\drivers\BootIME7.sys
\system32\drivers\BootIME7.sys
\system32\drivers\BootIME7.sys
PortMoniterServices
PortMoniterServices
%s@%s@%s
%s@%s@%s
-run -minitips -url=%s -link="" -id=%d -width=%d -height=%d -mini=1
-run -minitips -url=%s -link="" -id=%d -width=%d -height=%d -mini=1
-run -minitips -url=%s -link="" -id=%d -width=%d -height=%d -mini=0
-run -minitips -url=%s -link="" -id=%d -width=%d -height=%d -mini=0
%s can't be opened
%s can't be opened
@#%&_123
@#%&_123
XXXXXX
XXXXXX
Error in GetFileVersionInfoSize: %d
Error in GetFileVersionInfoSize: %d
Error in GetFileVersionInfo: %d
Error in GetFileVersionInfo: %d
Error in VerQueryValue: %d
Error in VerQueryValue: %d
%d.%d.%d.%d
%d.%d.%d.%d
udo.exe
udo.exe
iprotect.exe
iprotect.exe
clsmn.exe
clsmn.exe
wxcltaidex.exe
wxcltaidex.exe
rsclient.exe
rsclient.exe
winscript.exe
winscript.exe
sendcmd.exe
sendcmd.exe
BarClient.exe
BarClient.exe
wwm.exe
wwm.exe
shortcut.exe
shortcut.exe
HClient.exe
HClient.exe
entry.exe
entry.exe
ssp.exe
ssp.exe
NSdominated.exe
NSdominated.exe
PubwinClient.exe
PubwinClient.exe
partyclient.exe
partyclient.exe
wxGlw2CltPlg.wxe
wxGlw2CltPlg.wxe
WxCultureCli.exe
WxCultureCli.exe
BarClientView.exe
BarClientView.exe
BarClientSafeCenter.exe
BarClientSafeCenter.exe
Recreation.exe
Recreation.exe
DrvDefender.exe
DrvDefender.exe
BarOnline.exe
BarOnline.exe
KHLauncher.exe
KHLauncher.exe
rwyNCM.exe
rwyNCM.exe
HintSafe.exe
HintSafe.exe
wxprolife.wxe
wxprolife.wxe
mainpro.exe
mainpro.exe
VVV.baidu.com
VVV.baidu.com
\Mini.exe
\Mini.exe
\nStatic.dll
\nStatic.dll
\ZMRL\config.dat
\ZMRL\config.dat
\ZMRL\ZmPlatform.exe
\ZMRL\ZmPlatform.exe
hXXp://yay.zmrili.com/api/z.php?cn=%s&id=%s&os=%s&ver=%s&md=%s&c=%s
hXXp://yay.zmrili.com/api/z.php?cn=%s&id=%s&os=%s&ver=%s&md=%s&c=%s
url:%s
url:%s
FhXXp://update.zmrili.com/update/update.php?version=%s
FhXXp://update.zmrili.com/update/update.php?version=%s
ZmPlatform.exe
ZmPlatform.exe
%s%s_%x\
%s%s_%x\
E:\2013_project\des\service\Release\ZmPlatform.pdb
E:\2013_project\des\service\Release\ZmPlatform.pdb
zcÃ
zcÃ
VVV.tao123.com
VVV.tao123.com
HTTP/1.1
HTTP/1.1
hao.360.cn
hao.360.cn
.PAVCException@@
.PAVCException@@
.PAVCInternetException@@
.PAVCInternetException@@
.PAVCObject@@
.PAVCObject@@
.PAVCOleException@@
.PAVCOleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AVCMFCColorBarCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCToolBarCmdUI@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCAcceleratorKey@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMDIFrameWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIChildWnd@@
.?AVCMDITabProxyWnd@@
.?AVCMDITabProxyWnd@@
.?AVCMFCCmdUsageCount@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCRibbonCmdUI@@
.?AV?$CArray@PAVCMFCRibbonKeyTip@@PAV1@@@
.?AV?$CArray@PAVCMFCRibbonKeyTip@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMDIClientAreaWnd@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
.PAVCFileException@@
.PAVCFileException@@
.?AVCHttpFile@@
.?AVCHttpFile@@
baidubrowser.exe
baidubrowser.exe
hao123.com
hao123.com
VVV.sogou.com
VVV.sogou.com
VVV.hao123.com
VVV.hao123.com
union.click.jd.com
union.click.jd.com
VVV.jd.com
VVV.jd.com
%Documents and Settings%\%current user%\Application Data\Cache\Mini.exe
%Documents and Settings%\%current user%\Application Data\Cache\Mini.exe
%Program Files%\Common Files\ZMRL\ZmPlatform.exe
%Program Files%\Common Files\ZMRL\ZmPlatform.exe
1.0.14.1015
1.0.14.1015
%Program Files%\Common Files\ZMRL\config.dat
%Program Files%\Common Files\ZMRL\config.dat
GET / HTTP/1.1
GET / HTTP/1.1
VVV.duba.com
VVV.duba.com
123.sogou.com
123.sogou.com
cn.msn.com
cn.msn.com
VVV.2345.com
VVV.2345.com
VVV.apple.com
VVV.apple.com
hao.160.com
hao.160.com
VVV.25298.com
VVV.25298.com
VVV.z7755.com
VVV.z7755.com
VVV.wz58.com
VVV.wz58.com
VVV.3600.com
VVV.3600.com
VVV.91ni.com
VVV.91ni.com
hao.qq.com
hao.qq.com
VVV.baiduso.com
VVV.baiduso.com
1.huo99.com
1.huo99.com
GET HTTP/1.1
GET HTTP/1.1
hao.rising.cn
hao.rising.cn
123.duba.net
123.duba.net
VVV.kd1000.com
VVV.kd1000.com
hao.360.cn/src
hao.360.cn/src
VVV.qq.net
VVV.qq.net
VVV.114la.com
VVV.114la.com
VVV.1616.net
VVV.1616.net
.idata
.idata
.edata
.edata
P.reloc
P.reloc
P.rsrc
P.rsrc
kernel32.dll
kernel32.dll
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
%Program Files%\Borland\Delphi7\Source\Rtl\sys\SysUtils.pas
%Program Files%\Borland\Delphi7\Source\Rtl\sys\SysUtils.pas
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
TWinHTTPLib
TWinHTTPLib
rpcrt4.dll
rpcrt4.dll
TAsyncWinHTTPThread
TAsyncWinHTTPThread
hXXp://h.811166.com/api/s.php?mid=%s&type=%s&id=%s
hXXp://h.811166.com/api/s.php?mid=%s&type=%s&id=%s
hXXp://h.811166.com/api/s.php?mid=%s&type=%s
hXXp://h.811166.com/api/s.php?mid=%s&type=%s
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
GetCPInfo
GetCPInfo
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
wininet.dll
wininet.dll
InternetCombineUrlA
InternetCombineUrlA
winhttp.dll
winhttp.dll
WinHttpCloseHandle
WinHttpCloseHandle
WinHttpReadData
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSendRequest
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpConnect
WinHttpOpen
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpSetOption
netapi32.dll
netapi32.dll
nStatic.dll
nStatic.dll
getURL
getURL
> >$>(>,>
> >$>(>,>
5&5.565>5
5&5.565>5
;!;%;);-;1;
;!;%;);-;1;
KWindows
KWindows
WinHTTPLibUnit
WinHTTPLibUnit
ALWinHttpWrapper
ALWinHttpWrapper
UrlMon
UrlMon
UAsyncWinHTTPThread
UAsyncWinHTTPThread
N2ogm@N2ogm.com1 0
N2ogm@N2ogm.com1 0
'hXXp://ocsp1.wosign.com/class3/code/ca106
'hXXp://ocsp1.wosign.com/class3/code/ca106
*hXXp://aia1.wosign.com/class3.code.ca1.cer07
*hXXp://aia1.wosign.com/class3.code.ca1.cer07
&hXXp://crls1.wosign.com/ca1-code-3.crl0Q
&hXXp://crls1.wosign.com/ca1-code-3.crl0Q
hXXp://VVV.wosign.com/policy/0
hXXp://VVV.wosign.com/policy/0
!Certification Authority of WoSign0
!Certification Authority of WoSign0
hXXp://crls1.wosign.com/ca1.crl0g
hXXp://crls1.wosign.com/ca1.crl0g
hXXp://ocsp1.wosign.com/ca10.
hXXp://ocsp1.wosign.com/ca10.
"hXXp://aia1.wosign.com/ca1-tsa.cer0
"hXXp://aia1.wosign.com/ca1-tsa.cer0
hXXp://VVV.usertrust.com1
hXXp://VVV.usertrust.com1
6hXXp://crl.trust-provider.com/UTN-USERFirst-Object.crl0:
6hXXp://crl.trust-provider.com/UTN-USERFirst-Object.crl0:
hXXp://ocsp.trust-provider.com0
hXXp://ocsp.trust-provider.com0
Þe3F
Þe3F
hXXp://crls1.wosign.com/ca1.crl0o
hXXp://crls1.wosign.com/ca1.crl0o
hXXp://ocsp1.wosign.com/ca106
hXXp://ocsp1.wosign.com/ca106
*hXXp://aia1.wosign.com/ca1-class3-code.cer0
*hXXp://aia1.wosign.com/ca1-class3-code.cer0
!Certification Authority of WoSign
!Certification Authority of WoSign
.rdata
.rdata
Windows
Windows
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
%Program Files%\Borland\Delphi7\Source\Rtl\common\TypInfo.pas
%Program Files%\Borland\Delphi7\Source\Rtl\common\TypInfo.pas
ssShift
ssShift
htKeyword
htKeyword
EInvalidOperation
EInvalidOperation
u%CNu
u%CNu
%s_%d
%s_%d
%Program Files%\Borland\Delphi7\Source\Rtl\common\Classes.pas
%Program Files%\Borland\Delphi7\Source\Rtl\common\Classes.pas
EInvalidGraphicOperation
EInvalidGraphicOperation
USER32.DLL
USER32.DLL
comctl32.dll
comctl32.dll
uxtheme.dll
uxtheme.dll
MAPI32.DLL
MAPI32.DLL
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
JumpID("","%s")
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
HelpKeyword
HelpKeyword
crSQLWait
crSQLWait
%s (%s)
%s (%s)
imm32.dll
imm32.dll
Uhc%D
Uhc%D
AutoHotkeys
AutoHotkeys
Uh.vD
Uh.vD
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
KeyPreviewx:D
KeyPreviewx:D
WindowState
WindowState
OnKeyDown
OnKeyDown
OnKeyPress8
OnKeyPress8
OnKeyUp\
OnKeyUp\
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
vcltest3.dll
User32.dll
User32.dll
%s, ClassID: %s
%s, ClassID: %s
ole32.dll
ole32.dll
olepro32.dll
olepro32.dll
grfKeyState
grfKeyState
TComTargetExecEvent
TComTargetExecEvent
CmdGroup
CmdGroup
nCmdID
nCmdID
nCmdexecopt
nCmdexecopt
hhctrl.ocx
hhctrl.ocx
URLMON.DLL
URLMON.DLL
SHDOCLC.DLL
SHDOCLC.DLL
IWebBrowser
IWebBrowser
IWebBrowserApp
IWebBrowserApp
IWebBrowser2
IWebBrowser2
TEWBWindowSetResizable
TEWBWindowSetResizable
TEWBWindowSetLeft
TEWBWindowSetLeft
TEWBWindowSetTop
TEWBWindowSetTop
TEWBWindowSetWidth
TEWBWindowSetWidth
TEWBWindowSetHeight
TEWBWindowSetHeight
bstrUrlContext
bstrUrlContext
bstrUrl
bstrUrl
OnWindowSetResizable0
OnWindowSetResizable0
OnWindowSetLeftt
OnWindowSetLeftt
OnWindowSetTop
OnWindowSetTop
OnWindowSetWidth
OnWindowSetWidth
OnWindowSetHeight@
OnWindowSetHeight@
rcmDefault
rcmDefault
rcmDebug
rcmDebug
DontExecuteScripts
DontExecuteScripts
DontExecuteJava
DontExecuteJava
DontExecuteActiveX
DontExecuteActiveX
DisableUrlIfEncodingUTF8
DisableUrlIfEncodingUTF8
EnableUrlIfEncodingUTF8
EnableUrlIfEncodingUTF8
CheckFontSupportsCodePage
CheckFontSupportsCodePage
DisableSubmitUrlInUTF8
DisableSubmitUrlInUTF8
EnableSubmitUrlInUTF8
EnableSubmitUrlInUTF8
lpMsg
lpMsg
PMsg
PMsg
pguidCmdGroup
pguidCmdGroup
TTranslateUrlEvent
TTranslateUrlEvent
pchURLIn
pchURLIn
ppchURLOut
ppchURLOut
CmdID
CmdID
pszUrl
pszUrl
pszUrlContext
pszUrlContext
szPassWord
szPassWord
ErrorUrl
ErrorUrl
OptionKeyPath
OptionKeyPath
OverrideOptionKeyPath`
OverrideOptionKeyPath`
OnTranslateUrl
OnTranslateUrl
OnCommandExec
OnCommandExec
'%s' is not supported.
'%s' is not supported.
!THTMLDocumentEventsonkeydownEvent
!THTMLDocumentEventsonkeydownEvent
THTMLDocumentEventsonkeyupEvent
THTMLDocumentEventsonkeyupEvent
"THTMLDocumentEventsonkeypressEvent
"THTMLDocumentEventsonkeypressEvent
onkeydown
onkeydown
onkeyup
onkeyup
onkeypressL5F
onkeypressL5F
%s only supports sinking of method calls!
%s only supports sinking of method calls!
WebocPopupManagement
WebocPopupManagement
ValidateNavigateUrl
ValidateNavigateUrl
HttpUsernamePasswordDisable
HttpUsernamePasswordDisable
GetUrlDomFilePathUnencoded
GetUrlDomFilePathUnencoded
XmlHttp
XmlHttp
PTF://
PTF://
hXXp://
hXXp://
hXXps://
hXXps://
AppEvents\Schemes\Apps\Explorer\Navigating\.Current
AppEvents\Schemes\Apps\Explorer\Navigating\.Current
.Current
.Current
\ieframe.dll
\ieframe.dll
\shdocvw.dll
\shdocvw.dll
\StringFileInfo\%0.4x%0.4x\%s
\StringFileInfo\%0.4x%0.4x\%s
TMsgEvent
TMsgEvent
TKeyEventEx
TKeyEventEx
Port
Port
Password
Password
poPortrait
poPortrait
OnKeyDown4
OnKeyDown4
0.750000
0.750000
3333333
3333333
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(
EmbeddedWB hXXp://bsalsa.com/
EmbeddedWB hXXp://bsalsa.com/
1.2.3
1.2.3
Portable Network Graphics
Portable Network Graphics
-url=
-url=
Internet Explorer\iexplore.exe
Internet Explorer\iexplore.exe
RunCMDTimer
RunCMDTimer
RunCMDTimerTimer
RunCMDTimerTimer
52BB8691-C40A-4801-AFAA-D04DD37E9D3E
52BB8691-C40A-4801-AFAA-D04DD37E9D3E
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
RegQueryInfoKeyA
RegQueryInfoKeyA
RegFlushKey
RegFlushKey
RegEnumKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExA
version.dll
version.dll
gdi32.dll
gdi32.dll
SetViewportOrgEx
SetViewportOrgEx
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
MapVirtualKeyA
MapVirtualKeyA
LoadKeyboardLayoutA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
GetKeyNameTextA
GetKeyNameTextA
EnumWindows
EnumWindows
EnumThreadWindows
EnumThreadWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
shell32.dll
shell32.dll
ShellExecuteExA
ShellExecuteExA
ShellExecuteA
ShellExecuteA
gdiplus.dll
gdiplus.dll
GdiplusShutdown
GdiplusShutdown
6)7.7
6)7.7
6|7`7r7
6|7`7r7
2 2$2(2,2024282
2 2$2(2,2024282
2 2$2(2,2024282
2 2$2(2,2024282
8 8%8s8
8 8%8s8
9 9$9(9,9094989
9 9$9(9,9094989
1$2(2,202
1$2(2,202
0 0$0(0,0
0 0$0(0,0
3 4A4D4I4V4
3 4A4D4I4V4
6-6}6
6-6}6
3/43474
3/43474
: ;/;3;7;
: ;/;3;7;
3,41484{4
3,41484{4
>$?(?,?0?4?8?
>$?(?,?0?4?8?
333333333333333333
333333333333333333
33333833
33333833
3333339
3333339
3333333333333338
3333333333333338
:*"*"$3338
:*"*"$3338
33333333
33333333
33333333333
33333333333
3333333333338
3333333333338
33338?383
33338?383
333333333333
333333333333
:*3:"$3338
:*3:"$3338
333333333333333
333333333333333
Font.Charset
Font.Charset
Font.Color
Font.Color
Font.Height
Font.Height
Font.Name
Font.Name
Font.Style
Font.Style
DialogBoxes.DisableAll
DialogBoxes.DisableAll
PrintOptions.Margins.Left
PrintOptions.Margins.Left
PrintOptions.Margins.Right
PrintOptions.Margins.Right
PrintOptions.Margins.Top
PrintOptions.Margins.Top
PrintOptions.Margins.Bottom
PrintOptions.Margins.Bottom
PrintOptions.HTMLHeader.Strings
PrintOptions.HTMLHeader.Strings
PrintOptions.Orientation
PrintOptions.Orientation
Picture.Data
Picture.Data
!iTXtXML:com.adobe.xmp
!iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> v(
" id="W5M0MpCehiHzreSzNTczkc9d"?> v(
" id="W5M0MpCehiHzreSzNTczkc9d"?> .5
" id="W5M0MpCehiHzreSzNTczkc9d"?> .5
VisualEffects.DisableSounds
VisualEffects.DisableSounds
iTXtXML:com.adobe.xmp
iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
.text
.text
h.rdata
h.rdata
H.data
H.data
.reloc
.reloc
TransportAddress
TransportAddress
irpStack:%x
irpStack:%x
HTTP/1.1 302 Moved Permanently
HTTP/1.1 302 Moved Permanently
Location: %s
Location: %s
HTTP/1.1 302 Found
HTTP/1.1 302 Found
hXXp://VVV.baidu.com/
hXXp://VVV.baidu.com/
Host: VVV.baidu.com
Host: VVV.baidu.com
HTTP/1.1
HTTP/1.1
find refer len:%d
find refer len:%d
Now %d, Old: %d, Now : %d, Old %d,%s,%s
Now %d, Old: %d, Now : %d, Old %d,%s,%s
Extern called :%d, %s
Extern called :%d, %s
explorer.exe
explorer.exe
this :%d, %s %d, %s
this :%d, %s %d, %s
hXXp://VVV.hao123.com/?tn=90189843_hao_pg
hXXp://VVV.hao123.com/?tn=90189843_hao_pg
find the mylink:%s
find the mylink:%s
In the white list :%s
In the white list :%s
aaa :%s,%s
aaa :%s,%s
DWJ Error: PsLookupProcessByProcessId Failed: x
DWJ Error: PsLookupProcessByProcessId Failed: x
Error: ObOpenObjectByPointer Failed: x
Error: ObOpenObjectByPointer Failed: x
GetParentProcessId PsLookupProcessByProcessId failed pid:%u , x
GetParentProcessId PsLookupProcessByProcessId failed pid:%u , x
ZwQueryInformationProcess info failed :x
ZwQueryInformationProcess info failed :x
PsLookupProcessByProcessId() faild x
PsLookupProcessByProcessId() faild x
Writeof of service failed: x
Writeof of service failed: x
Proctect of service failed: x
Proctect of service failed: x
ZwReadFile failed with:x
ZwReadFile failed with:x
..Host:Connection:
..Host:Connection:
HTTP/1.1 200 OK
HTTP/1.1 200 OK
GET /index.html?pid=
GET /index.html?pid=
Host: VVV.sogou.com
Host: VVV.sogou.com
Host: VVV.hao123.com
Host: VVV.hao123.com
fwchrome.exe
fwchrome.exe
360chrome.exe
360chrome.exe
flyie.exe
flyie.exe
jsy.exe
jsy.exe
caiyun.exe
caiyun.exe
xttbrowser.exe
xttbrowser.exe
zbrowser.exe
zbrowser.exe
aegis.exe
aegis.exe
miniie_2.exe
miniie_2.exe
krbrowser.exe
krbrowser.exe
myiq.exe
myiq.exe
vu.exe
vu.exe
tfybrowser.exe
tfybrowser.exe
coral.exe
coral.exe
roamb.exe
roamb.exe
rsbrowser.exe
rsbrowser.exe
alibrowser.exe
alibrowser.exe
cell.exe
cell.exe
cyie.exe
cyie.exe
hxbrowser.exe
hxbrowser.exe
piluo.exe
piluo.exe
cheerbrowser.exe
cheerbrowser.exe
gesearch.exe
gesearch.exe
webstrip.exe
webstrip.exe
ttraveler.exe
ttraveler.exe
scheduler.exe
scheduler.exe
iron.exe
iron.exe
s3browser-win32.exe
s3browser-win32.exe
qqbrowser.exe
qqbrowser.exe
xplorer.exe
xplorer.exe
crazy browser.exe
crazy browser.exe
barsmedia.exe
barsmedia.exe
avant.exe
avant.exe
8uexplorer.exe
8uexplorer.exe
114ie.exe
114ie.exe
gamesbrowser.exe
gamesbrowser.exe
languang.exe
languang.exe
ucbrowser.exe
ucbrowser.exe
myie9.exe
myie9.exe
2291browser.exe
2291browser.exe
pbbrowser.exe
pbbrowser.exe
browser.exe
browser.exe
qtweb.exe
qtweb.exe
yyexplorer.exe
yyexplorer.exe
seemao.exe
seemao.exe
jx.exe
jx.exe
jwbrowser.exe
jwbrowser.exe
caimao.exe
caimao.exe
se.exe
se.exe
huaer.exe
huaer.exe
airview.exe
airview.exe
seamonkey.exe
seamonkey.exe
palemoon.exe
palemoon.exe
luna.exe
luna.exe
webgamegt.exe
webgamegt.exe
gosurf.exe
gosurf.exe
dragon.exe
dragon.exe
acoobrowser.exe
acoobrowser.exe
saayaa.exe
saayaa.exe
srie.exe
srie.exe
ftbr.exe
ftbr.exe
sbframe.exe
sbframe.exe
dybrowser.exe
dybrowser.exe
ruiying.exe
ruiying.exe
taomeebrowser.exe
taomeebrowser.exe
taobrowser.exe
taobrowser.exe
kchrome.exe
kchrome.exe
cometbrowser.exe
cometbrowser.exe
chgreenbrowser.exe
chgreenbrowser.exe
duoping.exe
duoping.exe
greenbrowser.exe
greenbrowser.exe
2345explorer.exe
2345explorer.exe
xbrowser.exe
xbrowser.exe
07073ge.exe
07073ge.exe
netscape.exe
netscape.exe
maxthon.exe
maxthon.exe
safari.exe
safari.exe
chrome.exe
chrome.exe
opera.exe
opera.exe
firefox.exe
firefox.exe
the world .exe
the world .exe
sogouexplorer.exe
sogouexplorer.exe
iexplore.exe
iexplore.exe
tango3.exe
tango3.exe
juzi.exe
juzi.exe
2345chrome.exe
2345chrome.exe
theworld.exe
theworld.exe
360se.exe
360se.exe
e:\code\rili_8_29\win7_fw_sys\winxp_fw_sys\objfre_wxp_x86\i386\tdi_sys.pdb
e:\code\rili_8_29\win7_fw_sys\winxp_fw_sys\objfre_wxp_x86\i386\tdi_sys.pdb
ZwOpenKey
ZwOpenKey
RtlCreateRegistryKey
RtlCreateRegistryKey
ZwQueryValueKey
ZwQueryValueKey
ntoskrnl.exe
ntoskrnl.exe
HAL.dll
HAL.dll
TDI.SYS
TDI.SYS
Thawte Certification1
Thawte Certification1
hXXp://ocsp.thawte.com0
hXXp://ocsp.thawte.com0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
haloshare@foxmail.com1(0&
haloshare@foxmail.com1(0&
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
whilte list item: %s,%s,%d
whilte list item: %s,%s,%d
setRulesNode: %s,%s,%s
setRulesNode: %s,%s,%s
RegistryMonitor: ERROR CmRegisterCallback - x
RegistryMonitor: ERROR CmRegisterCallback - x
HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
hXXp://VVV.sogou.com/index.html?pid=sogou-netb-5481b2f34a74e427-8780
hXXp://VVV.sogou.com/index.html?pid=sogou-netb-5481b2f34a74e427-8780
twchrome.exe
twchrome.exe
The document has moved here.
The document has moved here.
GET /?tn=93550978_hao_pg HTTP/1.1
GET /?tn=93550978_hao_pg HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
GET /index.php?tn=
GET /index.php?tn=
GET /index.html HTTP/1.1
GET /index.html HTTP/1.1
f:\codejd\rinimeirili\win7_fw_sys\objfre_win7_x86\i386\fw_win7_.pdb
f:\codejd\rinimeirili\win7_fw_sys\objfre_win7_x86\i386\fw_win7_.pdb
ZwSetValueKey
ZwSetValueKey
ZwEnumerateKey
ZwEnumerateKey
ZwQueryKey
ZwQueryKey
fwpkclnt.sys
fwpkclnt.sys
2 2(2,282
2 2(2,282
.pdata
.pdata
f:\codejd\rinimeirili\win7_fw_sys\objfre_win7_amd64\amd64\fw_win7_.pdb
f:\codejd\rinimeirili\win7_fw_sys\objfre_win7_amd64\amd64\fw_win7_.pdb
GetWindowsDirectoryW
GetWindowsDirectoryW
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryA
GetWindowsDirectoryA
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
ScaleViewportExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
GetViewportExtEx
GetViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
ShellExecuteW
ShellExecuteW
UrlUnescapeW
UrlUnescapeW
CreateDialogIndirectParamW
CreateDialogIndirectParamW
GetAsyncKeyState
GetAsyncKeyState
MapVirtualKeyW
MapVirtualKeyW
GetKeyNameTextW
GetKeyNameTextW
MapVirtualKeyExW
MapVirtualKeyExW
SetWindowsHookExW
SetWindowsHookExW
InternetOpenUrlW
InternetOpenUrlW
HttpQueryInfoW
HttpQueryInfoW
InternetCanonicalizeUrlW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetCrackUrlW
%%c("
%%c("
%F?=Kj/99
%F?=Kj/99
9IO%X8.
9IO%X8.
`7P0.HD
`7P0.HD
0u.Hn
0u.Hn
&%S j
&%S j
.Fa[@
.Fa[@
3#->33I-#--I33?Q [-3#;.#3I;--##0 .AG?L
3#->33I-#--I33?Q [-3#;.#3I;--##0 .AG?L
.CA1# [M,# I?11?Y435#S#.Z-##-3?H3W-3-7w #M$--50>6-#
.CA1# [M,# I?11?Y435#S#.Z-##-3?H3W-3-7w #M$--50>6-#
($ ($ ( (
($ ($ ( (
\ $$$$,$$(,(4
\ $$$$,$$(,(4
800 $ ($$
800 $ ($$
$ ,$$(0,, $00($
$ ,$$(0,, $00($
(0,0,(,($$,$,
(0,0,(,($$,$,
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
@WININET.DLL
@WININET.DLL
@.CHM
@.CHM
UKernel32.dll
UKernel32.dll
UComdlg32.dll
UComdlg32.dll
%s (%s:%d)
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
Advapi32.dll
Advapi32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
xuser32.dll
xuser32.dll
dwmapi.dll
dwmapi.dll
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
accKeyboardShortcut
accKeyboardShortcut
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%p:%x
Afx:%p:%x
Afx:%p:%x:%p:%p:%p
Afx:%p:%x:%p:%p:%p
AD2D1.dll
AD2D1.dll
DWrite.dll
DWrite.dll
UMFCLink_Url
UMFCLink_Url
MFCLink_UrlPrefix
MFCLink_UrlPrefix
%s:%x:%x:%x:%x
%s:%x:%x:%x:%x
D%d%%
D%d%%
&%d %s
&%d %s
Uf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
Uf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
EHex={X,X,X}
EHex={X,X,X}
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
TOOLBAR_RESETKEYBAORD
TOOLBAR_RESETKEYBAORD
%sMFCToolBar-%d
%sMFCToolBar-%d
%sMFCToolBar-%d%x
%sMFCToolBar-%d%x
%sMFCToolBarParameters
%sMFCToolBarParameters
KEYTIP
KEYTIP
IDB_OFFICE2007_RIBBON_KEYTIP_BACK
IDB_OFFICE2007_RIBBON_KEYTIP_BACK
GMSG_CHECKEMPTYMINIFRAME
GMSG_CHECKEMPTYMINIFRAME
%sDockingManager-%d
%sDockingManager-%d
%sPane-%d
%sPane-%d
%sPane-%d%x
%sPane-%d%x
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
%c%d%c%s
%c%d%c%s
%sBasePane-%d
%sBasePane-%d
%sBasePane-%d%x
%sBasePane-%d%x
VRGB(%d, %d, %d)
VRGB(%d, %d, %d)
Lwindows
Lwindows
H1&0 %s
H1&0 %s
%sMFCOutlookBar-%d
%sMFCOutlookBar-%d
%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d%x
Wf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
Wf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
%sMDIClientArea-%d
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
W%sDockablePaneAdapter-%d
W%sDockablePaneAdapter-%d
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d%x
Pwindows
Pwindows
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
PMSFTEDIT.DLL
PMSFTEDIT.DLL
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
%sMFCTasksPane-%d
%sMFCTasksPane-%d
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d%x
KEYS
KEYS
KEYS_MENU
KEYS_MENU
ENABLE_KEYS
ENABLE_KEYS
Rmscoree.dll
Rmscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
\\.\CsTracker
\\.\CsTracker
hXXp://int.dpool.sina.com.cn/iplookup/iplookup.php?format=json
hXXp://int.dpool.sina.com.cn/iplookup/iplookup.php?format=json
urls:%s
urls:%s
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 2.0.50727)
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
List capacity out of bounds (%d)
List capacity out of bounds (%d)
List count out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
List index out of bounds (%d) Out of memory while expanding memory stream
%s.Seek not implemented$Operation not allowed on sorted list
%s.Seek not implemented$Operation not allowed on sorted list
Thread creation error: %s
Thread creation error: %s
Thread Error: %s (%d)
Thread Error: %s (%d)
Cannot assign a %s to a %sECheckSynchronize called from thread $%x, which is NOT the main thread%String list does not allow duplicates
Cannot assign a %s to a %sECheckSynchronize called from thread $%x, which is NOT the main thread%String list does not allow duplicates
Cannot create file "%s". %s
Cannot create file "%s". %s
Cannot open file "%s". %s
Cannot open file "%s". %s
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
System Error. Code: %d.
Invalid variant operation%Invalid variant operation (%s%.8x)
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
Operation not supported
External exception %x
External exception %x
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
No argument for format '%s'"Variant method calls not supported
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
errorUrl
errorUrl
jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.
jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.
JPEG error #%d
JPEG error #%d
JPEG Image FilejThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.
JPEG Image FilejThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.
Description: BThe "Portable Network Graphics" image contains an invalid palette.
Description: BThe "Portable Network Graphics" image contains an invalid palette.
The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.
The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.
This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.
This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.
There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.
There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.
No help keyword specified.
No help keyword specified.
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
No help found for %s#No context-sensitive help installed$No topic-based help system installed
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Alt Clipboard does not support Icons/Menu '%s' is already being used by another form
Alt Clipboard does not support Icons/Menu '%s' is already being used by another form
Cannot focus a disabled or invisible window!Control '%s' has no parent window
Cannot focus a disabled or invisible window!Control '%s' has no parent window
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic
Unsupported clipboard format
Unsupported clipboard format
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Failed to create key %s
Failed to create key %s
Failed to get data for '%s'
Failed to get data for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
Resource %s not found
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Property %s does not exist
ECheckSynchronize called from thread $%x, which is NOT the main thread
ECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Invalid stream format$''%s'' is not a valid component name
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
Invalid data type for '%s' List capacity out of bounds (%d)
List index out of bounds (%d)
List index out of bounds (%d)
Ancestor for '%s' not found
Ancestor for '%s' not found
Cannot assign a %s to a %s
Cannot assign a %s to a %s
!'%s' is not a valid integer value('%s' is not a valid floating point value
!'%s' is not a valid integer value('%s' is not a valid floating point value
1.0.14.1001
1.0.14.1001
1.0.0.0
1.0.0.0
\Device\Udp
\Device\Udp
\Device\Tcp
\Device\Tcp
\ZMRL\configtn.dat
\ZMRL\configtn.dat
%s%s%s
%s%s%s
\Registry\Machine\Software\Microsoft\Windows\CurrentVersion
\Registry\Machine\Software\Microsoft\Windows\CurrentVersion
Filter that finds and replaces a token from a TCP stream
Filter that finds and replaces a token from a TCP stream
Callout that finds and replaces a token from a TCP stream
Callout that finds and replaces a token from a TCP stream
VVV.hao123.com/?tn=90189843_hao_pg
VVV.hao123.com/?tn=90189843_hao_pg
\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\
\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\