Skip to main content

Trojan.Win32.FlyStudio_73a55414a7


Gen:Variant.Symmi.25606 (B) (Emsisoft), Gen:Variant.Symmi.25606 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, GenericInjector.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 73a55414a7a0b52aef5705036754cf43

SHA1: 0ca70730ec54dee69b9dd7e79558325f1e8dce88

SHA256: fe52f767b9cae7b602894e3e785792f499b618f949e3320c8691d0ce391f0f12

SSDeep: 98304:yuVCBRwRDmTm9lhA6H30z iAhZft/HaUYK:y7BRwee3sOxtaUYK

Size: 7622656 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: no certificate found

Created at: 2014-02-23 17:21:16

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

Behaviour Description
EmailWormWorm can send e-mails.


Process activity

The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):

%original file name%.exe:1236

File activity

The process %original file name%.exe:1236 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\E_UIEngine\90afea1eeb37be7a93471c36152ab43a\90afea1eeb37be7a93471c36152ab43a.jpg.data (28 bytes)
%Documents and Settings%\%current user%\Application Data\E_UIEngine\90afea1eeb37be7a93471c36152ab43a\90afea1eeb37be7a93471c36152ab43a.jpg (676 bytes)
%System%\drivers\etc\hosts (8 bytes)

The Trojan deletes the following file(s):

%System%\drivers\etc\hosts (0 bytes)

Registry activity

The process %original file name%.exe:1236 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 8F 3D 31 A7 24 AF 88 AB CB D2 63 CD DE 1C 9A"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 8938 bytes in size. The following strings are added to the hosts file listed below:

127.0.0.1cfwudao.com
127.0.0.1cfwudao.cc
127.0.0.1cfwudao.net
127.0.0.1cfwudao.cn
127.0.0.1cfmimang.com
127.0.0.1cfmimang.cc
127.0.0.1cfmimang.net
127.0.0.1cfmimang.cn
127.0.0.1nz92.com
127.0.0.1nz92.cc
127.0.0.1nz92.net
127.0.0.1nz92.cn
127.0.0.175ts.com
127.0.0.175ts.net
127.0.0.175ts.cn
127.0.0.1cfyalan.com
127.0.0.1cfyalan.cc
127.0.0.1cfyalan.net
127.0.0.1cfyalan.cn
127.0.0.1cfjiuye.com
127.0.0.1cfjiuye.cc
127.0.0.1cfjiuye.tk
127.0.0.1cfjiuye.cn
127.0.0.1cfjiuye.net
127.0.0.1yimeiwg.cc
127.0.0.1yimeiwg.com
127.0.0.1yimeiwg.net
127.0.0.1yimeiwg.tk
127.0.0.1yimeiwg.cn
127.0.0.1cfhuofeng.com
127.0.0.1cfhuofeng.cc
127.0.0.1cfhuofeng.net
127.0.0.1cfhuofeng.tk
127.0.0.1cfhuofeng.cn
127.0.0.1cfmc.jobidc.com
127.0.0.1cfwc.jobidc.com
127.0.0.1xiaohufz.ml
127.0.0.1xiaohufz.com
127.0.0.1xiaohufz.tk
127.0.0.1xiaohufz.cc
127.0.0.1xiaohufz.cn
127.0.0.1xiaohufz.net
127.0.0.1cfxiaohu.ml
127.0.0.1cfxiaohu.com
127.0.0.1cfxiaohu.tk
127.0.0.1cfxiaohu.cc
127.0.0.1cfxiaohu.cn
127.0.0.1cfxiaohu.net
127.0.0.1cfdiye.com
127.0.0.1cfdiye.cc
127.0.0.1cfdiye.net
127.0.0.1cfdiye.tk
127.0.0.1cfdiye.cn
127.0.0.1cffeifan.com
127.0.0.1cffeifan.cc
127.0.0.1cffeifan.net
127.0.0.1cffeifan.cn
127.0.0.1cffeifan.tk
127.0.0.1cfyinghun.tk
127.0.0.1cfyinghun.com
127.0.0.1cfyinghun.net
127.0.0.1cfyinghun.cn
127.0.0.1cfyinghun.cc
127.0.0.1ximo.tk
127.0.0.1ximo.com
127.0.0.1ximo.cc
127.0.0.1ximo.net
127.0.0.1ximo.cn
127.0.0.1cfximo.tk
127.0.0.1cfximo.com
127.0.0.1cfximo.net
127.0.0.1cfximo.cc
127.0.0.1cfximo.cn
127.0.0.1k56.pw
127.0.0.1k56.cn
127.0.0.1k56.cc
127.0.0.1k56.com
127.0.0.1k56.net
127.0.0.1k56.tk
127.0.0.1cfduyao.cc
127.0.0.1cfduyao.com
127.0.0.1cfduyao.net
127.0.0.1cfduyao.cn
127.0.0.1cfduyao.tk
127.0.0.1kmy0823.com
127.0.0.1kmy0823.cc
127.0.0.1kmy0823.net
127.0.0.1kmy0823.tk
127.0.0.1kmy0823.cn
127.0.0.1aspddos.com
127.0.0.1aspddos.cn
127.0.0.1aspddos.tk
127.0.0.1aspddos.cc
127.0.0.1aspddos.net
127.0.0.1cffeifan.icoc.cc
127.0.0.1cffeifan.icoc.com
127.0.0.1cffeifan.icoc.cn
127.0.0.1cffeifan.icoc.net
127.0.0.1cffeifan.icoc.tk
127.0.0.1yeke.jobidc.cc
127.0.0.1yeke.jobidc.com
127.0.0.1yeke.jobidc.cn
127.0.0.1yeke.jobidc.net
127.0.0.1yeke.jobidc.tk
127.0.0.1www.cfwudao.com
127.0.0.1www.cfwudao.cc
127.0.0.1www.cfwudao.net
127.0.0.1www.cfwydai.cn
127.0.0.1www.cfmimang.com
127.0.0.1www.cfmimang.cc
127.0.0.1www.cfmimang.net
127.0.0.1www.cfmimang.cn
127.0.0.1www.nz92.com
127.0.0.1www.nz92.cc
127.0.0.1www.nz92.net
127.0.0.1www.nz92.cn
127.0.0.1www.75ts.com
127.0.0.1www.75ts.net
127.0.0.1www.75ts.cn
127.0.0.1www.cfyalan.com
127.0.0.1www.cfyalan.cc
127.0.0.1www.cfyalan.net
127.0.0.1www.cfyalan.cn
127.0.0.1www.cfjiuye.com
127.0.0.1www.cfjiuye.cc
127.0.0.1www.cfjiuye.tk
127.0.0.1www.cfjiuye.cn
127.0.0.1www.cfjiuye.net
127.0.0.1www.yimeiwg.cc
127.0.0.1www.yimeiwg.com
127.0.0.1www.yimeiwg.net
127.0.0.1www.yimeiwg.tk
127.0.0.1www.yimeiwg.cn
127.0.0.1www.cfhuofeng.com
127.0.0.1www.cfhuofeng.cc
127.0.0.1www.cfhuofeng.net
127.0.0.1www.cfhuofeng.tk
127.0.0.1www.cfhuofeng.cn
127.0.0.1www.cfmc.jobidc.com
127.0.0.1www.cfwc.jobidc.com
127.0.0.1www.xiaohufz.ml
127.0.0.1www.xiaohufz.com
127.0.0.1www.xiaohufz.tk
127.0.0.1www.xiaohufz.cc
127.0.0.1www.xiaohufz.cn
127.0.0.1www.xiaohufz.net
127.0.0.1www.cfxiaohu.ml
127.0.0.1www.cfxiaohu.com
127.0.0.1www.cfxiaohu.tk
127.0.0.1www.cfxiaohu.cc
127.0.0.1www.cfxiaohu.cn
127.0.0.1www.cfxiaohu.net
127.0.0.1www.cfdiye.com
127.0.0.1www.cfdiye.cc
127.0.0.1www.cfdiye.net
127.0.0.1www.cfdiye.tk
127.0.0.1www.cfdiye.cn
127.0.0.1www.cffeifan.com
127.0.0.1www.cffeifan.cc
127.0.0.1www.cffeifan.net
127.0.0.1www.cffeifan.cn
127.0.0.1www.cffeifan.tk
127.0.0.1www.cfyinghun.tk
127.0.0.1www.cfyinghun.com
127.0.0.1www.cfyinghun.net
127.0.0.1www.cfyinghun.cn
127.0.0.1www.cfyinghun.cc
127.0.0.1www.ximo.tk
127.0.0.1www.ximo.com
127.0.0.1www.ximo.cc
127.0.0.1www.ximo.net
127.0.0.1www.ximo.cn
127.0.0.1www.cfximo.tk
127.0.0.1www.cfximo.com
127.0.0.1www.cfximo.net
127.0.0.1www.cfximo.cc
127.0.0.1www.cfximo.cn
127.0.0.1www.k56.pw
127.0.0.1www.k56.cn
127.0.0.1www.k56.cc
127.0.0.1www.k56.com
127.0.0.1www.k56.net
127.0.0.1www.k56.tk
127.0.0.1www.cfduyao.cc
127.0.0.1www.cfduyao.com
127.0.0.1www.cfduyao.net
127.0.0.1www.cfduyao.cn
127.0.0.1www.cfduyao.tk
127.0.0.1www.kmy0823.com
127.0.0.1www.kmy0823.cc
127.0.0.1www.kmy0823.net
127.0.0.1www.kmy0823.tk
127.0.0.1www.kmy0823.cn
127.0.0.1www.aspddos.com
127.0.0.1www.aspddos.cn
127.0.0.1www.aspddos.tk
127.0.0.1www.aspddos.cc
127.0.0.1www.aspddos.net
127.0.0.1www.cffeifan.icoc.cc
127.0.0.1www.cffeifan.icoc.com
127.0.0.1www.cffeifan.icoc.cn
127.0.0.1www.cffeifan.icoc.net
127.0.0.1www.cffeifan.icoc.tk
127.0.0.1www.yeke.jobidc.cc
127.0.0.1www.yeke.jobidc.com
127.0.0.1www.yeke.jobidc.cn
127.0.0.1www.yeke.jobidc.net
127.0.0.1www.yeke.jobidc.tk
127.0.0.1www.cfmogu.cn
127.0.0.1www.cfmogu.com
127.0.0.1www.cfmogu.net
127.0.0.1www.cfmogu.cc
127.0.0.1www.cfmogu.tk
127.0.0.1cfmogu.cn
127.0.0.1cfmogu.com
127.0.0.1cfmogu.net
127.0.0.1cfmogu.cc
127.0.0.1cfmogu.tk
127.0.0.1bbs.smjiayuan.cn
127.0.0.1bbs.smjiayuan.com
127.0.0.1bbs.smjiayuan.cc
127.0.0.1bbs.smjiayuan.tk
127.0.0.1bbs.smjiayuan.net
127.0.0.1smjiayuan.cn
127.0.0.1smjiayuan.com
127.0.0.1smjiayuan.cc
127.0.0.1smjiayuan.tk
127.0.0.1smjiayuan.net
127.0.0.1www.smjiayuan.cn
127.0.0.1www.smjiayuan.com
127.0.0.1www.smjiayuan.cc
127.0.0.1www.smjiayuan.tk
127.0.0.1www.smjiayuan.net
127.0.0.1cfnonglin.com
127.0.0.1cfnonglin.cc
127.0.0.1cfnonglin.net
127.0.0.1cfnonglin.tk
127.0.0.1cfnonglin.cn
127.0.0.1www.cfnonglin.com
127.0.0.1www.cfnonglin.cn
127.0.0.1www.cfnonglin.cc
127.0.0.1www.cfnonglin.net
127.0.0.1www.cfnonglin.tk
127.0.0.1www.cflaoa.com
127.0.0.1www.cflaoa.cc
127.0.0.1www.cflaoa.cn
127.0.0.1www.cflaoa.net
127.0.0.1www.cflaoa.tk
127.0.0.1cflaoa.com
127.0.0.1cflaoa.cc
127.0.0.1cflaoa.cn
127.0.0.1cflaoa.net
127.0.0.1cflaoa.tk
127.0.0.1www.xiaorouqing.com
127.0.0.1www.xiaorouqing.tk
127.0.0.1www.xiaorouqing.net
127.0.0.1www.xiaorouqing.cn
127.0.0.1www.xiaorouqing.cc
127.0.0.1xiaorouqing.com
127.0.0.1xiaorouqing.tk
127.0.0.1xiaorouqing.net
127.0.0.1xiaorouqing.cn
127.0.0.1xiaorouqing.cc
127.0.0.1www.cfdiye.com
127.0.0.1www.cfdiye.cc
127.0.0.1www.cfdiye.cn
127.0.0.1www.cfdiye.net
127.0.0.1www.cfdiye.tk
127.0.0.1cfdiye.com
127.0.0.1cfdiye.cc
127.0.0.1cfdiye.cn
127.0.0.1cfdiye.net
127.0.0.1cfdiye.tk
127.0.0.1www.cffefa.com
127.0.0.1www.cffefa.cc
127.0.0.1www.cffefa.cn
127.0.0.1www.cffefa.net
127.0.0.1www.cffefa.tk
127.0.0.1cffefa.com
127.0.0.1cffefa.cc
127.0.0.1cffefa.cn
127.0.0.1cffefa.net
127.0.0.1cffefa.tk
127.0.0.1www.fbfz.in
127.0.0.1www.fbfz.com
127.0.0.1www.fbfz.net
127.0.0.1www.fbfz.cn
127.0.0.1www.fbfz.cc
127.0.0.1www.fbfz.tk
127.0.0.1www.cfhuacai.in
127.0.0.1www.cfhuacai.com
127.0.0.1www.cfhuacai.cc
127.0.0.1www.cfhuacai.net
127.0.0.1www.cfhuacai.cn
127.0.0.1www.cfhuacai.tk
127.0.0.1fbfz.in
127.0.0.1fbfz.com
127.0.0.1fbfz.net
127.0.0.1fbfz.cn
127.0.0.1fbfz.cc
127.0.0.1fbfz.tk
127.0.0.1cfhuacai.in
127.0.0.1cfhuacai.com
127.0.0.1cfhuacai.cc
127.0.0.1cfhuacai.net
127.0.0.1cfhuacai.cn
127.0.0.1cfhuacai.tk
127.0.0.1www.cfmomi.com
127.0.0.1www.cfmomi.net
127.0.0.1www.cfmomi.cc
127.0.0.1www.cfmomi.cn
127.0.0.1www.cfmomi.tk
127.0.0.1cfmomi.com
127.0.0.1cfmomi.net
127.0.0.1cfmomi.cc
127.0.0.1cfmomi.cn
127.0.0.1cfmomi.tk
127.0.0.1cfdfsy.com
127.0.0.1cfdfsy.net
127.0.0.1cfdfsy.cc
127.0.0.1cfdfsy.tk
127.0.0.1cfdfsy.cn
127.0.0.1www.cfdfsy.com
127.0.0.1www.cfdfsy.net
127.0.0.1www.cfdfsy.cc
127.0.0.1www.cfdfsy.tk
127.0.0.1www.cfdfsy.cn
127.0.0.1cfshuye.com
127.0.0.1cfshuye.net
127.0.0.1cfshuye.cc
127.0.0.1cfshuye.tk
127.0.0.1cfshuye.cn
127.0.0.1www.cfshuye.com
127.0.0.1www.cfshuye.net
127.0.0.1www.cfshuye.cc
127.0.0.1www.cfshuye.tk
127.0.0.1www.cfshuye.cn
127.0.0.1www.cftianyue.com
127.0.0.1www.cftianyue.cn
127.0.0.1www.cftianyue.net
127.0.0.1www.cftianyue.cc
127.0.0.1www.cftianyue.tk
127.0.0.1cftianyue.com
127.0.0.1cftianyue.tk
127.0.0.1cftianyue.cn
127.0.0.1cftianyue.net
127.0.0.1cftianyue.cc
127.0.0.1www.tatplay.com
127.0.0.1www.tatplay.cn
127.0.0.1www.tatplay.tk
127.0.0.1www.tatplay.cc
127.0.0.1www.tatplay.net
127.0.0.1bbs.tatplay.com
127.0.0.1bbs.tatplay.cn
127.0.0.1bbs.tatplay.tk
127.0.0.1bbs.tatplay.cc
127.0.0.1bbs.tatplay.net
127.0.0.1tatplay.com
127.0.0.1tatplay.cn
127.0.0.1tatplay.tk
127.0.0.1tatplay.cc


Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Application Data\E_UIEngine\90afea1eeb37be7a93471c36152ab43a\90afea1eeb37be7a93471c36152ab43a.jpg.data (28 bytes)
    %System%\drivers\etc\hosts (8 bytes)

  4. Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
  5. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

No information is available.

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text40969559829584645.1525259ff8f820c8b7b2d0266f64ce896e5c4
.rdata962560655992865617924.88497f2c092a30a80debef01bcd32920d9190
.data7524352325802737284.26302030e87525b2f7f1369542d04a8cdcc6c
.rsrc785203223232245763.353629168f0145169842a778b50619577787a

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Map

Strings from Dumps

%original file name%.exe_1236:

.text

.text

.rdata

.rdata

@.data

@.data

.rsrc

.rsrc

t$(SSh

t$(SSh

~%UVW

~%UVW

u$SShe

u$SShe

kernel32.dll

kernel32.dll

user32.dll

user32.dll

shlwapi.dll

shlwapi.dll

gdiplus.dll

gdiplus.dll

gdi32.dll

gdi32.dll

ole32.dll

ole32.dll

GdiPlus.dll

GdiPlus.dll

Gdiplus.dll

Gdiplus.dll

winmm.dll

winmm.dll

EnumWindows

EnumWindows

ShellExecuteA

ShellExecuteA

GetAsyncKeyState

GetAsyncKeyState

GdipSetStringFormatHotkeyPrefix

GdipSetStringFormatHotkeyPrefix

GdipGetStringFormatHotkeyPrefix

GdipGetStringFormatHotkeyPrefix

EnumChildWindows

EnumChildWindows

UnloadKeyboardLayout

UnloadKeyboardLayout

GetKeyboardLayoutList

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyboardLayout

ActivateKeyboardLayout

ActivateKeyboardLayout

GetKeyboardLayoutNameA

GetKeyboardLayoutNameA

RegOpenKeyA

RegOpenKeyA

RegDeleteKeyA

RegDeleteKeyA

RegCloseKey

RegCloseKey

RegCreateKeyA

RegCreateKeyA

RegFlushKey

RegFlushKey

LoadKeyboardLayoutA

LoadKeyboardLayoutA

GdipSetImageAttributesColorKeys

GdipSetImageAttributesColorKeys

GdipSetPenLineJoin

GdipSetPenLineJoin

GdipGetPenLineJoin

GdipGetPenLineJoin

ctfmon.exe

ctfmon.exe

\CFJuhua.dll

\CFJuhua.dll

crossfire.exe

crossfire.exe

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\

$@.jpg

$@.jpg

.data

.data

{B96B3CAE-0728-11D3-9D7B-0000F81EF32E}

{B96B3CAE-0728-11D3-9D7B-0000F81EF32E}

@.tmp

@.tmp

drivers\etc\hosts127.0.0.1 cfwudao.com

drivers\etc\hosts127.0.0.1 cfwudao.com

127.0.0.1 cfwudao.cc

127.0.0.1 cfwudao.cc

127.0.0.1 cfwudao.net

127.0.0.1 cfwudao.net

127.0.0.1 cfwudao.cn

127.0.0.1 cfwudao.cn

127.0.0.1 cfmimang.com

127.0.0.1 cfmimang.com

127.0.0.1 cfmimang.cc

127.0.0.1 cfmimang.cc

127.0.0.1 cfmimang.net

127.0.0.1 cfmimang.net

127.0.0.1 cfmimang.cn

127.0.0.1 cfmimang.cn

127.0.0.1 nz92.com

127.0.0.1 nz92.com

127.0.0.1 nz92.cc

127.0.0.1 nz92.cc

127.0.0.1 nz92.net

127.0.0.1 nz92.net

127.0.0.1 nz92.cn

127.0.0.1 nz92.cn

127.0.0.1 75ts.com

127.0.0.1 75ts.com

127.0.0.1 75ts.net

127.0.0.1 75ts.net

127.0.0.1 75ts.cn

127.0.0.1 75ts.cn

127.0.0.1 cfyalan.com

127.0.0.1 cfyalan.com

127.0.0.1 cfyalan.cc

127.0.0.1 cfyalan.cc

127.0.0.1 cfyalan.net

127.0.0.1 cfyalan.net

127.0.0.1 cfyalan.cn

127.0.0.1 cfyalan.cn

127.0.0.1 cfjiuye.com

127.0.0.1 cfjiuye.com

127.0.0.1 cfjiuye.cc

127.0.0.1 cfjiuye.cc

127.0.0.1 cfjiuye.tk

127.0.0.1 cfjiuye.tk

127.0.0.1 cfjiuye.cn

127.0.0.1 cfjiuye.cn

127.0.0.1 cfjiuye.net

127.0.0.1 cfjiuye.net

127.0.0.1 yimeiwg.cc

127.0.0.1 yimeiwg.cc

127.0.0.1 yimeiwg.com

127.0.0.1 yimeiwg.com

127.0.0.1 yimeiwg.net

127.0.0.1 yimeiwg.net

127.0.0.1 yimeiwg.tk

127.0.0.1 yimeiwg.tk

127.0.0.1 yimeiwg.cn

127.0.0.1 yimeiwg.cn

127.0.0.1 cfhuofeng.com

127.0.0.1 cfhuofeng.com

127.0.0.1 cfhuofeng.cc

127.0.0.1 cfhuofeng.cc

127.0.0.1 cfhuofeng.net

127.0.0.1 cfhuofeng.net

127.0.0.1 cfhuofeng.tk

127.0.0.1 cfhuofeng.tk

127.0.0.1 cfhuofeng.cn

127.0.0.1 cfhuofeng.cn

127.0.0.1 cfmc.jobidc.com

127.0.0.1 cfmc.jobidc.com

127.0.0.1 cfwc.jobidc.com

127.0.0.1 cfwc.jobidc.com

127.0.0.1 xiaohufz.ml

127.0.0.1 xiaohufz.ml

127.0.0.1 xiaohufz.com

127.0.0.1 xiaohufz.com

127.0.0.1 xiaohufz.tk

127.0.0.1 xiaohufz.tk

127.0.0.1 xiaohufz.cc

127.0.0.1 xiaohufz.cc

127.0.0.1 xiaohufz.cn

127.0.0.1 xiaohufz.cn

127.0.0.1 xiaohufz.net

127.0.0.1 xiaohufz.net

127.0.0.1 cfxiaohu.ml

127.0.0.1 cfxiaohu.ml

127.0.0.1 cfxiaohu.com

127.0.0.1 cfxiaohu.com

127.0.0.1 cfxiaohu.tk

127.0.0.1 cfxiaohu.tk

127.0.0.1 cfxiaohu.cc

127.0.0.1 cfxiaohu.cc

127.0.0.1 cfxiaohu.cn

127.0.0.1 cfxiaohu.cn

127.0.0.1 cfxiaohu.net

127.0.0.1 cfxiaohu.net

127.0.0.1 cfdiye.com

127.0.0.1 cfdiye.com

127.0.0.1 cfdiye.cc

127.0.0.1 cfdiye.cc

127.0.0.1 cfdiye.net

127.0.0.1 cfdiye.net

127.0.0.1 cfdiye.tk

127.0.0.1 cfdiye.tk

127.0.0.1 cfdiye.cn

127.0.0.1 cfdiye.cn

127.0.0.1 cffeifan.com

127.0.0.1 cffeifan.com

127.0.0.1 cffeifan.cc

127.0.0.1 cffeifan.cc

127.0.0.1 cffeifan.net

127.0.0.1 cffeifan.net

127.0.0.1 cffeifan.cn

127.0.0.1 cffeifan.cn

127.0.0.1 cffeifan.tk

127.0.0.1 cffeifan.tk

127.0.0.1 cfyinghun.tk

127.0.0.1 cfyinghun.tk

127.0.0.1 cfyinghun.com

127.0.0.1 cfyinghun.com

127.0.0.1 cfyinghun.net

127.0.0.1 cfyinghun.net

127.0.0.1 cfyinghun.cn

127.0.0.1 cfyinghun.cn

127.0.0.1 cfyinghun.cc

127.0.0.1 cfyinghun.cc

127.0.0.1 ximo.tk

127.0.0.1 ximo.tk

127.0.0.1 ximo.com

127.0.0.1 ximo.com

127.0.0.1 ximo.cc

127.0.0.1 ximo.cc

127.0.0.1 ximo.net

127.0.0.1 ximo.net

127.0.0.1 ximo.cn

127.0.0.1 ximo.cn

127.0.0.1 cfximo.tk

127.0.0.1 cfximo.tk

127.0.0.1 cfximo.com

127.0.0.1 cfximo.com

127.0.0.1 cfximo.net

127.0.0.1 cfximo.net

127.0.0.1 cfximo.cc

127.0.0.1 cfximo.cc

127.0.0.1 cfximo.cn

127.0.0.1 cfximo.cn

127.0.0.1 k56.pw

127.0.0.1 k56.pw

127.0.0.1 k56.cn

127.0.0.1 k56.cn

127.0.0.1 k56.cc

127.0.0.1 k56.cc

127.0.0.1 k56.com

127.0.0.1 k56.com

127.0.0.1 k56.net

127.0.0.1 k56.net

127.0.0.1 k56.tk

127.0.0.1 k56.tk

127.0.0.1 cfduyao.cc

127.0.0.1 cfduyao.cc

127.0.0.1 cfduyao.com

127.0.0.1 cfduyao.com

127.0.0.1 cfduyao.net

127.0.0.1 cfduyao.net

127.0.0.1 cfduyao.cn

127.0.0.1 cfduyao.cn

127.0.0.1 cfduyao.tk

127.0.0.1 cfduyao.tk

127.0.0.1 kmy0823.com

127.0.0.1 kmy0823.com

127.0.0.1 kmy0823.cc

127.0.0.1 kmy0823.cc

127.0.0.1 kmy0823.net

127.0.0.1 kmy0823.net

127.0.0.1 kmy0823.tk

127.0.0.1 kmy0823.tk

127.0.0.1 kmy0823.cn

127.0.0.1 kmy0823.cn

127.0.0.1 aspddos.com

127.0.0.1 aspddos.com

127.0.0.1 aspddos.cn

127.0.0.1 aspddos.cn

127.0.0.1 aspddos.tk

127.0.0.1 aspddos.tk

127.0.0.1 aspddos.cc

127.0.0.1 aspddos.cc

127.0.0.1 aspddos.net

127.0.0.1 aspddos.net

127.0.0.1 cffeifan.icoc.cc

127.0.0.1 cffeifan.icoc.cc

127.0.0.1 cffeifan.icoc.com

127.0.0.1 cffeifan.icoc.com

127.0.0.1 cffeifan.icoc.cn

127.0.0.1 cffeifan.icoc.cn

127.0.0.1 cffeifan.icoc.net

127.0.0.1 cffeifan.icoc.net

127.0.0.1 cffeifan.icoc.tk

127.0.0.1 cffeifan.icoc.tk

127.0.0.1 yeke.jobidc.cc

127.0.0.1 yeke.jobidc.cc

127.0.0.1 yeke.jobidc.com

127.0.0.1 yeke.jobidc.com

127.0.0.1 yeke.jobidc.cn

127.0.0.1 yeke.jobidc.cn

127.0.0.1 yeke.jobidc.net

127.0.0.1 yeke.jobidc.net

127.0.0.1 yeke.jobidc.tk

127.0.0.1 yeke.jobidc.tk

127.0.0.1 www.cfwudao.com

127.0.0.1 www.cfwudao.com

127.0.0.1 www.cfwudao.cc

127.0.0.1 www.cfwudao.cc

127.0.0.1 www.cfwudao.net

127.0.0.1 www.cfwudao.net

127.0.0.1 www.cfwydai.cn

127.0.0.1 www.cfwydai.cn

127.0.0.1 www.cfmimang.com

127.0.0.1 www.cfmimang.com

127.0.0.1 www.cfmimang.cc

127.0.0.1 www.cfmimang.cc

127.0.0.1 www.cfmimang.net

127.0.0.1 www.cfmimang.net

127.0.0.1 www.cfmimang.cn

127.0.0.1 www.cfmimang.cn

127.0.0.1 www.nz92.com

127.0.0.1 www.nz92.com

127.0.0.1 www.nz92.cc

127.0.0.1 www.nz92.cc

127.0.0.1 www.nz92.net

127.0.0.1 www.nz92.net

127.0.0.1 www.nz92.cn

127.0.0.1 www.nz92.cn

127.0.0.1 www.75ts.com

127.0.0.1 www.75ts.com

127.0.0.1 www.75ts.net

127.0.0.1 www.75ts.net

127.0.0.1 www.75ts.cn

127.0.0.1 www.75ts.cn

127.0.0.1 www.cfyalan.com

127.0.0.1 www.cfyalan.com

127.0.0.1 www.cfyalan.cc

127.0.0.1 www.cfyalan.cc

127.0.0.1 www.cfyalan.net

127.0.0.1 www.cfyalan.net

127.0.0.1 www.cfyalan.cn

127.0.0.1 www.cfyalan.cn

127.0.0.1 www.cfjiuye.com

127.0.0.1 www.cfjiuye.com

127.0.0.1 www.cfjiuye.cc

127.0.0.1 www.cfjiuye.cc

127.0.0.1 www.cfjiuye.tk

127.0.0.1 www.cfjiuye.tk

127.0.0.1 www.cfjiuye.cn

127.0.0.1 www.cfjiuye.cn

127.0.0.1 www.cfjiuye.net

127.0.0.1 www.cfjiuye.net

127.0.0.1 www.yimeiwg.cc

127.0.0.1 www.yimeiwg.cc

127.0.0.1 www.yimeiwg.com

127.0.0.1 www.yimeiwg.com

127.0.0.1 www.yimeiwg.net

127.0.0.1 www.yimeiwg.net

127.0.0.1 www.yimeiwg.tk

127.0.0.1 www.yimeiwg.tk

127.0.0.1 www.yimeiwg.cn

127.0.0.1 www.yimeiwg.cn

127.0.0.1 www.cfhuofeng.com

127.0.0.1 www.cfhuofeng.com

127.0.0.1 www.cfhuofeng.cc

127.0.0.1 www.cfhuofeng.cc

127.0.0.1 www.cfhuofeng.net

127.0.0.1 www.cfhuofeng.net

127.0.0.1 www.cfhuofeng.tk

127.0.0.1 www.cfhuofeng.tk

127.0.0.1 www.cfhuofeng.cn

127.0.0.1 www.cfhuofeng.cn

127.0.0.1 www.cfmc.jobidc.com

127.0.0.1 www.cfmc.jobidc.com

127.0.0.1 www.cfwc.jobidc.com

127.0.0.1 www.cfwc.jobidc.com

127.0.0.1 www.xiaohufz.ml

127.0.0.1 www.xiaohufz.ml

127.0.0.1 www.xiaohufz.com

127.0.0.1 www.xiaohufz.com

127.0.0.1 www.xiaohufz.tk

127.0.0.1 www.xiaohufz.tk

127.0.0.1 www.xiaohufz.cc

127.0.0.1 www.xiaohufz.cc

127.0.0.1 www.xiaohufz.cn

127.0.0.1 www.xiaohufz.cn

127.0.0.1 www.xiaohufz.net

127.0.0.1 www.xiaohufz.net

127.0.0.1 www.cfxiaohu.ml

127.0.0.1 www.cfxiaohu.ml

127.0.0.1 www.cfxiaohu.com

127.0.0.1 www.cfxiaohu.com

127.0.0.1 www.cfxiaohu.tk

127.0.0.1 www.cfxiaohu.tk

127.0.0.1 www.cfxiaohu.cc

127.0.0.1 www.cfxiaohu.cc

127.0.0.1 www.cfxiaohu.cn

127.0.0.1 www.cfxiaohu.cn

127.0.0.1 www.cfxiaohu.net

127.0.0.1 www.cfxiaohu.net

127.0.0.1 www.cfdiye.com

127.0.0.1 www.cfdiye.com

127.0.0.1 www.cfdiye.cc

127.0.0.1 www.cfdiye.cc

127.0.0.1 www.cfdiye.net

127.0.0.1 www.cfdiye.net

127.0.0.1 www.cfdiye.tk

127.0.0.1 www.cfdiye.tk

127.0.0.1 www.cfdiye.cn

127.0.0.1 www.cfdiye.cn

127.0.0.1 www.cffeifan.com

127.0.0.1 www.cffeifan.com

127.0.0.1 www.cffeifan.cc

127.0.0.1 www.cffeifan.cc

127.0.0.1 www.cffeifan.net

127.0.0.1 www.cffeifan.net

127.0.0.1 www.cffeifan.cn

127.0.0.1 www.cffeifan.cn

127.0.0.1 www.cffeifan.tk

127.0.0.1 www.cffeifan.tk

127.0.0.1 www.cfyinghun.tk

127.0.0.1 www.cfyinghun.tk

127.0.0.1 www.cfyinghun.com

127.0.0.1 www.cfyinghun.com

127.0.0.1 www.cfyinghun.net

127.0.0.1 www.cfyinghun.net

127.0.0.1 www.cfyinghun.cn

127.0.0.1 www.cfyinghun.cn

127.0.0.1 www.cfyinghun.cc

127.0.0.1 www.cfyinghun.cc

127.0.0.1 www.ximo.tk

127.0.0.1 www.ximo.tk

127.0.0.1 www.ximo.com

127.0.0.1 www.ximo.com

127.0.0.1 www.ximo.cc

127.0.0.1 www.ximo.cc

127.0.0.1 www.ximo.net

127.0.0.1 www.ximo.net

127.0.0.1 www.ximo.cn

127.0.0.1 www.ximo.cn

127.0.0.1 www.cfximo.tk

127.0.0.1 www.cfximo.tk

127.0.0.1 www.cfximo.com

127.0.0.1 www.cfximo.com

127.0.0.1 www.cfximo.net

127.0.0.1 www.cfximo.net

127.0.0.1 www.cfximo.cc

127.0.0.1 www.cfximo.cc

127.0.0.1 www.cfximo.cn

127.0.0.1 www.cfximo.cn

127.0.0.1 www.k56.pw

127.0.0.1 www.k56.pw

127.0.0.1 www.k56.cn

127.0.0.1 www.k56.cn

127.0.0.1 www.k56.cc

127.0.0.1 www.k56.cc

127.0.0.1 www.k56.com

127.0.0.1 www.k56.com

127.0.0.1 www.k56.net

127.0.0.1 www.k56.net

127.0.0.1 www.k56.tk

127.0.0.1 www.k56.tk

127.0.0.1 www.cfduyao.cc

127.0.0.1 www.cfduyao.cc

127.0.0.1 www.cfduyao.com

127.0.0.1 www.cfduyao.com

127.0.0.1 www.cfduyao.net

127.0.0.1 www.cfduyao.net

127.0.0.1 www.cfduyao.cn

127.0.0.1 www.cfduyao.cn

127.0.0.1 www.cfduyao.tk

127.0.0.1 www.cfduyao.tk

127.0.0.1 www.kmy0823.com

127.0.0.1 www.kmy0823.com

127.0.0.1 www.kmy0823.cc

127.0.0.1 www.kmy0823.cc

127.0.0.1 www.kmy0823.net

127.0.0.1 www.kmy0823.net

127.0.0.1 www.kmy0823.tk

127.0.0.1 www.kmy0823.tk

127.0.0.1 www.kmy0823.cn

127.0.0.1 www.kmy0823.cn

127.0.0.1 www.aspddos.com

127.0.0.1 www.aspddos.com

127.0.0.1 www.aspddos.cn

127.0.0.1 www.aspddos.cn

127.0.0.1 www.aspddos.tk

127.0.0.1 www.aspddos.tk

127.0.0.1 www.aspddos.cc

127.0.0.1 www.aspddos.cc

127.0.0.1 www.aspddos.net

127.0.0.1 www.aspddos.net

127.0.0.1 www.cffeifan.icoc.cc

127.0.0.1 www.cffeifan.icoc.cc

127.0.0.1 www.cffeifan.icoc.com

127.0.0.1 www.cffeifan.icoc.com

127.0.0.1 www.cffeifan.icoc.cn

127.0.0.1 www.cffeifan.icoc.cn

127.0.0.1 www.cffeifan.icoc.net

127.0.0.1 www.cffeifan.icoc.net

127.0.0.1 www.cffeifan.icoc.tk

127.0.0.1 www.cffeifan.icoc.tk

127.0.0.1 www.yeke.jobidc.cc

127.0.0.1 www.yeke.jobidc.cc

127.0.0.1 www.yeke.jobidc.com

127.0.0.1 www.yeke.jobidc.com

127.0.0.1 www.yeke.jobidc.cn

127.0.0.1 www.yeke.jobidc.cn

127.0.0.1 www.yeke.jobidc.net

127.0.0.1 www.yeke.jobidc.net

127.0.0.1 www.yeke.jobidc.tk

127.0.0.1 www.yeke.jobidc.tk

127.0.0.1 www.cfmogu.cn

127.0.0.1 www.cfmogu.cn

127.0.0.1 www.cfmogu.com

127.0.0.1 www.cfmogu.com

127.0.0.1 www.cfmogu.net

127.0.0.1 www.cfmogu.net

127.0.0.1 www.cfmogu.cc

127.0.0.1 www.cfmogu.cc

127.0.0.1 www.cfmogu.tk

127.0.0.1 www.cfmogu.tk

127.0.0.1 cfmogu.cn

127.0.0.1 cfmogu.cn

127.0.0.1 cfmogu.com

127.0.0.1 cfmogu.com

127.0.0.1 cfmogu.net

127.0.0.1 cfmogu.net

127.0.0.1 cfmogu.cc

127.0.0.1 cfmogu.cc

127.0.0.1 cfmogu.tk

127.0.0.1 cfmogu.tk

127.0.0.1 bbs.smjiayuan.cn

127.0.0.1 bbs.smjiayuan.cn

127.0.0.1 bbs.smjiayuan.com

127.0.0.1 bbs.smjiayuan.com

127.0.0.1 bbs.smjiayuan.cc

127.0.0.1 bbs.smjiayuan.cc

127.0.0.1 bbs.smjiayuan.tk

127.0.0.1 bbs.smjiayuan.tk

127.0.0.1 bbs.smjiayuan.net

127.0.0.1 bbs.smjiayuan.net

127.0.0.1 smjiayuan.cn

127.0.0.1 smjiayuan.cn

127.0.0.1 smjiayuan.com

127.0.0.1 smjiayuan.com

127.0.0.1 smjiayuan.cc

127.0.0.1 smjiayuan.cc

127.0.0.1 smjiayuan.tk

127.0.0.1 smjiayuan.tk

127.0.0.1 smjiayuan.net

127.0.0.1 smjiayuan.net

127.0.0.1 www.smjiayuan.cn

127.0.0.1 www.smjiayuan.cn

127.0.0.1 www.smjiayuan.com

127.0.0.1 www.smjiayuan.com

127.0.0.1 www.smjiayuan.cc

127.0.0.1 www.smjiayuan.cc

127.0.0.1 www.smjiayuan.tk

127.0.0.1 www.smjiayuan.tk

127.0.0.1 www.smjiayuan.net

127.0.0.1 www.smjiayuan.net

127.0.0.1 cfnonglin.com

127.0.0.1 cfnonglin.com

127.0.0.1 cfnonglin.cc

127.0.0.1 cfnonglin.cc

127.0.0.1 cfnonglin.net

127.0.0.1 cfnonglin.net

127.0.0.1 cfnonglin.tk

127.0.0.1 cfnonglin.tk

127.0.0.1 cfnonglin.cn

127.0.0.1 cfnonglin.cn

127.0.0.1 www.cfnonglin.com

127.0.0.1 www.cfnonglin.com

127.0.0.1 www.cfnonglin.cn

127.0.0.1 www.cfnonglin.cn

127.0.0.1 www.cfnonglin.cc

127.0.0.1 www.cfnonglin.cc

127.0.0.1 www.cfnonglin.net

127.0.0.1 www.cfnonglin.net

127.0.0.1 www.cfnonglin.tk

127.0.0.1 www.cfnonglin.tk

127.0.0.1 www.cflaoa.com

127.0.0.1 www.cflaoa.com

127.0.0.1 www.cflaoa.cc

127.0.0.1 www.cflaoa.cc

127.0.0.1 www.cflaoa.cn

127.0.0.1 www.cflaoa.cn

127.0.0.1 www.cflaoa.net

127.0.0.1 www.cflaoa.net

127.0.0.1 www.cflaoa.tk

127.0.0.1 www.cflaoa.tk

127.0.0.1 cflaoa.com

127.0.0.1 cflaoa.com

127.0.0.1 cflaoa.cc

127.0.0.1 cflaoa.cc

127.0.0.1 cflaoa.cn

127.0.0.1 cflaoa.cn

127.0.0.1 cflaoa.net

127.0.0.1 cflaoa.net

127.0.0.1 cflaoa.tk

127.0.0.1 cflaoa.tk

127.0.0.1 www.xiaorouqing.com

127.0.0.1 www.xiaorouqing.com

127.0.0.1 www.xiaorouqing.tk

127.0.0.1 www.xiaorouqing.tk

127.0.0.1 www.xiaorouqing.net

127.0.0.1 www.xiaorouqing.net

127.0.0.1 www.xiaorouqing.cn

127.0.0.1 www.xiaorouqing.cn

127.0.0.1 www.xiaorouqing.cc

127.0.0.1 www.xiaorouqing.cc

127.0.0.1 xiaorouqing.com

127.0.0.1 xiaorouqing.com

127.0.0.1 xiaorouqing.tk

127.0.0.1 xiaorouqing.tk

127.0.0.1 xiaorouqing.net

127.0.0.1 xiaorouqing.net

127.0.0.1 xiaorouqing.cn

127.0.0.1 xiaorouqing.cn

127.0.0.1 xiaorouqing.cc

127.0.0.1 xiaorouqing.cc

127.0.0.1 www.cffefa.com

127.0.0.1 www.cffefa.com

127.0.0.1 www.cffefa.cc

127.0.0.1 www.cffefa.cc

127.0.0.1 www.cffefa.cn

127.0.0.1 www.cffefa.cn

127.0.0.1 www.cffefa.net

127.0.0.1 www.cffefa.net

127.0.0.1 www.cffefa.tk

127.0.0.1 www.cffefa.tk

127.0.0.1 cffefa.com

127.0.0.1 cffefa.com

127.0.0.1 cffefa.cc

127.0.0.1 cffefa.cc

127.0.0.1 cffefa.cn

127.0.0.1 cffefa.cn

127.0.0.1 cffefa.net

127.0.0.1 cffefa.net

127.0.0.1 cffefa.tk

127.0.0.1 cffefa.tk

127.0.0.1 www.fbfz.in

127.0.0.1 www.fbfz.in

127.0.0.1 www.fbfz.com

127.0.0.1 www.fbfz.com

127.0.0.1 www.fbfz.net

127.0.0.1 www.fbfz.net

127.0.0.1 www.fbfz.cn

127.0.0.1 www.fbfz.cn

127.0.0.1 www.fbfz.cc

127.0.0.1 www.fbfz.cc

127.0.0.1 www.fbfz.tk

127.0.0.1 www.fbfz.tk

127.0.0.1 www.cfhuacai.in

127.0.0.1 www.cfhuacai.in

127.0.0.1 www.cfhuacai.com

127.0.0.1 www.cfhuacai.com

127.0.0.1 www.cfhuacai.cc

127.0.0.1 www.cfhuacai.cc

127.0.0.1 www.cfhuacai.net

127.0.0.1 www.cfhuacai.net

127.0.0.1 www.cfhuacai.cn

127.0.0.1 www.cfhuacai.cn

127.0.0.1 www.cfhuacai.tk

127.0.0.1 www.cfhuacai.tk

127.0.0.1 fbfz.in

127.0.0.1 fbfz.in

127.0.0.1 fbfz.com

127.0.0.1 fbfz.com

127.0.0.1 fbfz.net

127.0.0.1 fbfz.net

127.0.0.1 fbfz.cn

127.0.0.1 fbfz.cn

127.0.0.1 fbfz.cc

127.0.0.1 fbfz.cc

127.0.0.1 fbfz.tk

127.0.0.1 fbfz.tk

127.0.0.1 cfhuacai.in

127.0.0.1 cfhuacai.in

127.0.0.1 cfhuacai.com

127.0.0.1 cfhuacai.com

127.0.0.1 cfhuacai.cc

127.0.0.1 cfhuacai.cc

127.0.0.1 cfhuacai.net

127.0.0.1 cfhuacai.net

127.0.0.1 cfhuacai.cn

127.0.0.1 cfhuacai.cn

127.0.0.1 cfhuacai.tk

127.0.0.1 cfhuacai.tk

127.0.0.1 www.cfmomi.com

127.0.0.1 www.cfmomi.com

127.0.0.1 www.cfmomi.net

127.0.0.1 www.cfmomi.net

127.0.0.1 www.cfmomi.cc

127.0.0.1 www.cfmomi.cc

127.0.0.1 www.cfmomi.cn

127.0.0.1 www.cfmomi.cn

127.0.0.1 www.cfmomi.tk

127.0.0.1 www.cfmomi.tk

127.0.0.1 cfmomi.com

127.0.0.1 cfmomi.com

127.0.0.1 cfmomi.net

127.0.0.1 cfmomi.net

127.0.0.1 cfmomi.cc

127.0.0.1 cfmomi.cc

127.0.0.1 cfmomi.cn

127.0.0.1 cfmomi.cn

127.0.0.1 cfmomi.tk

127.0.0.1 cfmomi.tk

127.0.0.1 cfdfsy.com

127.0.0.1 cfdfsy.com

127.0.0.1 cfdfsy.net

127.0.0.1 cfdfsy.net

127.0.0.1 cfdfsy.cc

127.0.0.1 cfdfsy.cc

127.0.0.1 cfdfsy.tk

127.0.0.1 cfdfsy.tk

127.0.0.1 cfdfsy.cn

127.0.0.1 cfdfsy.cn

127.0.0.1 www.cfdfsy.com

127.0.0.1 www.cfdfsy.com

127.0.0.1 www.cfdfsy.net

127.0.0.1 www.cfdfsy.net

127.0.0.1 www.cfdfsy.cc

127.0.0.1 www.cfdfsy.cc

127.0.0.1 www.cfdfsy.tk

127.0.0.1 www.cfdfsy.tk

127.0.0.1 www.cfdfsy.cn

127.0.0.1 www.cfdfsy.cn

127.0.0.1 cfshuye.com

127.0.0.1 cfshuye.com

127.0.0.1 cfshuye.net

127.0.0.1 cfshuye.net

127.0.0.1 cfshuye.cc

127.0.0.1 cfshuye.cc

127.0.0.1 cfshuye.tk

127.0.0.1 cfshuye.tk

127.0.0.1 cfshuye.cn

127.0.0.1 cfshuye.cn

127.0.0.1 www.cfshuye.com

127.0.0.1 www.cfshuye.com

127.0.0.1 www.cfshuye.net

127.0.0.1 www.cfshuye.net

127.0.0.1 www.cfshuye.cc

127.0.0.1 www.cfshuye.cc

127.0.0.1 www.cfshuye.tk

127.0.0.1 www.cfshuye.tk

127.0.0.1 www.cfshuye.cn

127.0.0.1 www.cfshuye.cn

127.0.0.1 www.cftianyue.com

127.0.0.1 www.cftianyue.com

127.0.0.1 www.cftianyue.cn

127.0.0.1 www.cftianyue.cn

127.0.0.1 www.cftianyue.net

127.0.0.1 www.cftianyue.net

127.0.0.1 www.cftianyue.cc

127.0.0.1 www.cftianyue.cc

127.0.0.1 www.cftianyue.tk

127.0.0.1 www.cftianyue.tk

127.0.0.1 cftianyue.com

127.0.0.1 cftianyue.com

127.0.0.1 cftianyue.tk

127.0.0.1 cftianyue.tk

127.0.0.1 cftianyue.cn

127.0.0.1 cftianyue.cn

127.0.0.1 cftianyue.net

127.0.0.1 cftianyue.net

127.0.0.1 cftianyue.cc

127.0.0.1 cftianyue.cc

127.0.0.1 www.tatplay.com

127.0.0.1 www.tatplay.com

127.0.0.1 www.tatplay.cn

127.0.0.1 www.tatplay.cn

127.0.0.1 www.tatplay.tk

127.0.0.1 www.tatplay.tk

127.0.0.1 www.tatplay.cc

127.0.0.1 www.tatplay.cc

127.0.0.1 www.tatplay.net

127.0.0.1 www.tatplay.net

127.0.0.1 bbs.tatplay.com

127.0.0.1 bbs.tatplay.com

127.0.0.1 bbs.tatplay.cn

127.0.0.1 bbs.tatplay.cn

127.0.0.1 bbs.tatplay.tk

127.0.0.1 bbs.tatplay.tk

127.0.0.1 bbs.tatplay.cc

127.0.0.1 bbs.tatplay.cc

127.0.0.1 bbs.tatplay.net

127.0.0.1 bbs.tatplay.net

127.0.0.1 tatplay.com

127.0.0.1 tatplay.com

127.0.0.1 tatplay.cn

127.0.0.1 tatplay.cn

127.0.0.1 tatplay.tk

127.0.0.1 tatplay.tk

127.0.0.1 tatplay.cc

127.0.0.1 tatplay.cc

127.0.0.1 tatplay.net

127.0.0.1 tatplay.net

'YY.exe

'YY.exe

Adobe Photoshop CS3 Windows

Adobe Photoshop CS3 Windows

2013:09:26 20:56:27

2013:09:26 20:56:27

urlTEXT

urlTEXT

MsgeTEXT

MsgeTEXT

http://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.276720, Mon Feb 19 2007 22:40:08 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xap="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xap:CreateDate="2013-09-26T20:56:27 08:00" xap:ModifyDate="2013-09-26T20:56:27 08:00" xap:MetadataDate="2013-09-26T20:56:27 08:00" xap:CreatorTool="Adobe Photoshop CS3 Windows" dc:format="image/jpeg" photoshop:ColorMode="3" photoshop:History="" xapMM:InstanceID="uuid:0A144EB3AA26E3118262B844B94F4813" xapMM:DocumentID="uuid:09144EB3AA26E3118262B844B94F4813" tiff:Orientation="1" tiff:XResolution="720000/10000" tiff:YResolution="720000/10000" tiff:ResolutionUnit="2" tiff:NativeDigest="256,257,258,259,262,274,277,284,530,531,282,283,296,301,318,319,529,532,306,270,271,272,305,315,33432;F3F29DA335145A2570D291A0B6F362F1" exif:PixelXDimension="400" exif:PixelYDimension="250" exif:ColorSpace="-1" exif:NativeDigest="36864,40960,40961,37121,37122,40962,40963,37510,40964,36867,36868,33434,33437,34850,34852,34855,34856,37377,37378,37379,37380,37381,37382,37383,37384,37385,37386,37396,41483,41484,41486,41487,41488,41492,41493,41495,41728,41729,41730,41985,41986,41987,41988,41989,41990,41991,41992,41993,41994,41995,41996,42016,0,2,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,20,22,23,24,25,26,27,28,30;EAFD8F8AB8C441B45500F336A809FC7C"> <xapMM:DerivedFrom rdf:parseType="Resource" /> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.276720, Mon Feb 19 2007 22:40:08 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xap="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xap:CreateDate="2013-09-26T20:56:27 08:00" xap:ModifyDate="2013-09-26T20:56:27 08:00" xap:MetadataDate="2013-09-26T20:56:27 08:00" xap:CreatorTool="Adobe Photoshop CS3 Windows" dc:format="image/jpeg" photoshop:ColorMode="3" photoshop:History="" xapMM:InstanceID="uuid:0A144EB3AA26E3118262B844B94F4813" xapMM:DocumentID="uuid:09144EB3AA26E3118262B844B94F4813" tiff:Orientation="1" tiff:XResolution="720000/10000" tiff:YResolution="720000/10000" tiff:ResolutionUnit="2" tiff:NativeDigest="256,257,258,259,262,274,277,284,530,531,282,283,296,301,318,319,529,532,306,270,271,272,305,315,33432;F3F29DA335145A2570D291A0B6F362F1" exif:PixelXDimension="400" exif:PixelYDimension="250" exif:ColorSpace="-1" exif:NativeDigest="36864,40960,40961,37121,37122,40962,40963,37510,40964,36867,36868,33434,33437,34850,34852,34855,34856,37377,37378,37379,37380,37381,37382,37383,37384,37385,37386,37396,41483,41484,41486,41487,41488,41492,41493,41495,41728,41729,41730,41985,41986,41987,41988,41989,41990,41991,41992,41993,41994,41995,41996,42016,0,2,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,20,22,23,24,25,26,27,28,30;EAFD8F8AB8C441B45500F336A809FC7C"> <xapMM:DerivedFrom rdf:parseType="Resource" /> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>

l%c$j

l%c$j

c~HHO%s2

c~HHO%s2

%U%2L

%U%2L

o%U]5:

o%U]5:

ej*%Xi4/

ej*%Xi4/

%8um6

%8um6

#w .Xq

#w .Xq

\cksougou.ime

\cksougou.ime

cksougou.ime

cksougou.ime

tenox.dll

tenox.dll

\tenox.dll

\tenox.dll

iexplore.exe

iexplore.exe

.Affffff

.Affffff

'9)%x

'9)%x

1092582854@qq.com

1092582854@qq.com

_(S.eh^

_(S.eh^

_(S.eh

_(S.eh

_(S.eh^r

_(S.eh^r

_(S.eh^ZJ

_(S.eh^ZJ

_(S.eh^t_

_(S.eh^t_

_(S.eh^r8

_(S.eh^r8

_(S.eh^r`

_(S.eh^r`

_(S.eh^r_

_(S.eh^r_

`).xO

`).xO

`U.xO

`U.xO

_(S.eh^rg

_(S.eh^rg

``.xO

``.xO

_(S.eh^r=

_(S.eh^r=

_(S.eh^ZX

_(S.eh^ZX

Z.jH}`

Z.jH}`

UH}`_G~`_.xO

UH}`_G~`_.xO

_(S.eh^ro

_(S.eh^ro

`-H}`4,Pg

`-H}`4,Pg

_(S.eh^ZW

_(S.eh^ZW

`-H}`

`-H}`

G~`-H}`a

G~`-H}`a

`-H}`*

`-H}`*

`c.xO

`c.xO

H}`3.xO

H}`3.xO

`/.xO

`/.xO

F~`ZH}`$.xO

F~`ZH}`$.xO

_(S.eh^t`

_(S.eh^t`

g.Ph"5

g.Ph"5

.glUr

.glUr

g]/%d

g]/%d

Pk.mE".

Pk.mE".

s.Gat

s.Gat

.ovMFH$UE

.ovMFH$UE

s.VlO&_

s.VlO&_

h".Vi

h".Vi

OC].Rf

OC].Rf

.w.wg

.w.wg

0`fI

0`fI

!s.bg

!s.bg

.wFwy

.wFwy

p`G%U

p`G%U

ð"Z

ð"Z

.wv46T2{

.wv46T2{

.klV&

.klV&

.glUR

.glUR

.gY^y

.gY^y

t%DMoY^

t%DMoY^

/Y^y|%DMo

/Y^y|%DMo

k.GBL

k.GBL

%F"HK

%F"HK

%F"HW

%F"HW

gW.Rn

gW.Rn

Ro.mi

Ro.mi

M.GfO

M.GfO

Oo.lz

Oo.lz

bc.gp

bc.gp

.clO>

.clO>

Zt`.Pb

Zt`.Pb

Oo.Uh"

Oo.Uh"

e%sB_

e%sB_

e%sB_0Ui

e%sB_0Ui

a.Pt`

a.Pt`

.glUB

.glUB

>a.Ph!

>a.Ph!

M[c.lz

M[c.lz

%ubH7

%ubH7

Kernel32.dll

Kernel32.dll

ntdll.dll

ntdll.dll

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

MapVirtualKeyA

MapVirtualKeyA

@\\.\\MemWrite

@\\.\\MemWrite

PV-AXE.LTB

PV-AXE.LTB

z?.py

z?.py

@PV-AXE_BL.LTB

@PV-AXE_BL.LTB

.Yy?#M<<[[ ?r5

.Yy?#M<<[[ ?r5

'?%XP?:

'?%XP?:

'?%XP?

'?%XP?

K.?%u

K.?%u

pv-axe.ltb

pv-axe.ltb

PV-AXE_GR.LTB

PV-AXE_GR.LTB

>.tA?

>.tA?

PV-AXE_WOMAN_BL.LTB

PV-AXE_WOMAN_BL.LTB

>r.OA

>r.OA

PV-AXE_WOMAN_GR.LTB

PV-AXE_WOMAN_GR.LTB

EX?%x

EX?%x

PV-KNIFE.LTB

PV-KNIFE.LTB

A%uN?

A%uN?

.py=h

.py=h

S.PHx^

S.PHx^

PV-KNIFE_BL.LTB

PV-KNIFE_BL.LTB

pv-Knife.ltb

pv-Knife.ltb

PV-KNIFE_GR.LTB

PV-KNIFE_GR.LTB

@0/ ?'3"?

@0/ ?'3"?

PV-KNIFE_WOMAN_BL.LTB

PV-KNIFE_WOMAN_BL.LTB

?.TK@

?.TK@

]=(-(?`9-@

]=(-(?`9-@

PV-KNIFE_WOMAN_GR.LTB

PV-KNIFE_WOMAN_GR.LTB

PV-MI_KERIS.LTB

PV-MI_KERIS.LTB

@PV-MI_KERIS_BL.LTB

@PV-MI_KERIS_BL.LTB

PV-MI_Keris.ltb

PV-MI_Keris.ltb

PV-MI_KERIS_GR.LTB

PV-MI_KERIS_GR.LTB

PV-MI_KERIS_WOMAN_BL.LTB

PV-MI_KERIS_WOMAN_BL.LTB

PV-MI_KERIS_WOMAN_GR.LTB

PV-MI_KERIS_WOMAN_GR.LTB

PV-MI_KUCRI.LTB

PV-MI_KUCRI.LTB

<02@`"~>

<02@`"~>

PV-MI_KUCRI_BL.LTB

PV-MI_KUCRI_BL.LTB

PV-MI_kucri.ltb

PV-MI_kucri.ltb

PV-MI_KUCRI_GR.LTB

PV-MI_KUCRI_GR.LTB

PV-MI_KUCRI_WOMAN_BL.LTB

PV-MI_KUCRI_WOMAN_BL.LTB

PV-MI_KUCRI_WOMAN_GR.LTB

PV-MI_KUCRI_WOMAN_GR.LTB

PV-SHOVEL.LTB

PV-SHOVEL.LTB

PV-SHOVEL_BL.LTB

PV-SHOVEL_BL.LTB

pv-shovel.ltb

pv-shovel.ltb

PV-SHOVEL_GR.LTB

PV-SHOVEL_GR.LTB

PV-SHOVEL_WOMAN_BL.LTB

PV-SHOVEL_WOMAN_BL.LTB

PV-SHOVEL_WOMAN_GR.LTB

PV-SHOVEL_WOMAN_GR.LTB

PV-BROKENKUKRI_REDCRYSTAL.LTB

PV-BROKENKUKRI_REDCRYSTAL.LTB

@1026072572

@1026072572

1026072572

1026072572

(v1.0).txt

(v1.0).txt

ZwReadVirtualMemorykernel32.dll

ZwReadVirtualMemorykernel32.dll

-1957298293

-1957298293

?\lpk.dll0@

?\lpk.dll0@

s %d. (0x%Xh

s %d. (0x%Xh

%fI64d

%fI64d

bB%U.a

bB%U.a

a`y|'".nT

a`y|'".nT

_d.vy'

_d.vy'

}>.tex

}>.tex

.UPX0

.UPX0

KERNEL32.DLL

KERNEL32.DLL

MSVCRT.dll

MSVCRT.dll

USER32.dll

USER32.dll

lpk.dll

lpk.dll

%WinDir%\rwts.dll

%WinDir%\rwts.dll

C:WINDOWS\rwts.dll

C:WINDOWS\rwts.dll

Www.cfyuanji.Cc YY14268

Www.cfyuanji.Cc YY14268

Super-EChttp://www.super-ec.cnhttp://www.eyybc.com/forum-17-1.html/forum-12-1.html/memcp.php/ip.asp/time.asp/gonggao.txt/ec-user6.php/ec-bd.php/ec-jh.php

Super-EChttp://www.super-ec.cnhttp://www.eyybc.com/forum-17-1.html/forum-12-1.html/memcp.php/ip.asp/time.asp/gonggao.txt/ec-user6.php/ec-bd.php/ec-jh.php

http://www.super-ec.cn

http://www.super-ec.cn

<input type="text" name="field_2new" size="25" value="" disabled class="txt" />" class="txt" />Function Getcpuid()

<input type="text" name="field_2new" size="25" value="" disabled class="txt" />" class="txt" />Function Getcpuid()

Set cpuSet = GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf("Win32_Processor")

Set cpuSet = GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf("Win32_Processor")

getcpuid=cpu.ProcessorId

getcpuid=cpu.ProcessorId

psapi.dll

psapi.dll

@winmm.dll

@winmm.dll

W:Www.Cfyuanji.Cc

W:Www.Cfyuanji.Cc

vs.3.sw

vs.3.sw

vs.2.sw

vs.2.sw

ps.3.sw

ps.3.sw

ps.2.sw

ps.2.sw

Corrupt JPEG data: found marker 0xx instead of RST%d

Corrupt JPEG data: found marker 0xx instead of RST%d

Warning: unknown JFIF revision number %d.d

Warning: unknown JFIF revision number %d.d

Corrupt JPEG data: %u extraneous bytes before marker 0xx

Corrupt JPEG data: %u extraneous bytes before marker 0xx

Inconsistent progression sequence for component %d coefficient %d

Inconsistent progression sequence for component %d coefficient %d

Unknown Adobe color transform code %d

Unknown Adobe color transform code %d

Obtained XMS handle %u

Obtained XMS handle %u

Freed XMS handle %u

Freed XMS handle %u

Unrecognized component IDs %d %d %d, assuming YCbCr

Unrecognized component IDs %d %d %d, assuming YCbCr

JFIF extension marker: RGB thumbnail image, length %u

JFIF extension marker: RGB thumbnail image, length %u

JFIF extension marker: palette thumbnail image, length %u

JFIF extension marker: palette thumbnail image, length %u

JFIF extension marker: JPEG-compressed thumbnail image, length %u

JFIF extension marker: JPEG-compressed thumbnail image, length %u

Opened temporary file %s

Opened temporary file %s

Closed temporary file %s

Closed temporary file %s

Ss=%d, Se=%d, Ah=%d, Al=%d

Ss=%d, Se=%d, Ah=%d, Al=%d

Component %d: dc=%d ac=%d

Component %d: dc=%d ac=%d

Start Of Scan: %d components

Start Of Scan: %d components

Component %d: %dhx%dv q=%d

Component %d: %dhx%dv q=%d

Start Of Frame 0xx: width=%u, height=%u, components=%d

Start Of Frame 0xx: width=%u, height=%u, components=%d

Smoothing not supported with nonstandard sampling ratios

Smoothing not supported with nonstandard sampling ratios

RST%d

RST%d

At marker 0xx, recovery action %d

At marker 0xx, recovery action %d

Selected %d colors for quantization

Selected %d colors for quantization

Quantizing to %d colors

Quantizing to %d colors

Quantizing to %d = %d*%d*%d colors

Quantizing to %d = %d*%d*%d colors

%4u %4u %4u %4u %4u %4u %4u %4u

%4u %4u %4u %4u %4u %4u %4u %4u

Unexpected marker 0xx

Unexpected marker 0xx

Miscellaneous marker 0xx, length %u

Miscellaneous marker 0xx, length %u

with %d x %d thumbnail image

with %d x %d thumbnail image

JFIF extension marker: type 0xx, length %u

JFIF extension marker: type 0xx, length %u

Warning: thumbnail image size does not match data length %u

Warning: thumbnail image size does not match data length %u

JFIF APP0 marker: version %d.d, density %dx%d %d

JFIF APP0 marker: version %d.d, density %dx%d %d

= = = = = = = =

= = = = = = = =

Obtained EMS handle %u

Obtained EMS handle %u

Freed EMS handle %u

Freed EMS handle %u

Define Restart Interval %u

Define Restart Interval %u

Define Quantization Table %d precision %d

Define Quantization Table %d precision %d

Define Huffman Table 0xx

Define Huffman Table 0xx

Define Arithmetic Table 0xx: 0xx

Define Arithmetic Table 0xx: 0xx

Unknown APP14 marker (not Adobe), length %u

Unknown APP14 marker (not Adobe), length %u

Unknown APP0 marker (not JFIF), length %u

Unknown APP0 marker (not JFIF), length %u

Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d

Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d

Unsupported marker type 0xx

Unsupported marker type 0xx

Failed to create temporary file %s

Failed to create temporary file %s

Unsupported JPEG process: SOF type 0xx

Unsupported JPEG process: SOF type 0xx

Cannot quantize to more than %d colors

Cannot quantize to more than %d colors

Cannot quantize to fewer than %d colors

Cannot quantize to fewer than %d colors

Cannot quantize more than %d color components

Cannot quantize more than %d color components

Insufficient memory (case %d)

Insufficient memory (case %d)

Not a JPEG file: starts with 0xx 0xx

Not a JPEG file: starts with 0xx 0xx

Quantization table 0xx was not defined

Quantization table 0xx was not defined

Huffman table 0xx was not defined

Huffman table 0xx was not defined

Backing store not supported

Backing store not supported

Cannot transcode due to multiple use of quantization table %d

Cannot transcode due to multiple use of quantization table %d

Maximum supported image dimension is %u pixels

Maximum supported image dimension is %u pixels

Empty JPEG image (DNL not supported)

Empty JPEG image (DNL not supported)

Bogus DQT index %d

Bogus DQT index %d

Bogus DHT index %d

Bogus DHT index %d

Bogus DAC value 0x%x

Bogus DAC value 0x%x

Bogus DAC index %d

Bogus DAC index %d

Unsupported color conversion request

Unsupported color conversion request

Too many color components: %d, max %d

Too many color components: %d, max %d

Buffer passed to JPEG library is too small

Buffer passed to JPEG library is too small

JPEG parameter struct mismatch: library thinks size is %u, caller expects %u

JPEG parameter struct mismatch: library thinks size is %u, caller expects %u

Improper call to JPEG library in state %d

Improper call to JPEG library in state %d

Invalid scan script at entry %d

Invalid scan script at entry %d

Invalid progressive parameters at scan script entry %d

Invalid progressive parameters at scan script entry %d

Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d

Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d

Unsupported JPEG data precision %d

Unsupported JPEG data precision %d

Invalid memory pool code %d

Invalid memory pool code %d

Wrong JPEG library version: library is %d, caller expects %d

Wrong JPEG library version: library is %d, caller expects %d

IDCT output block size %d not supported

IDCT output block size %d not supported

Invalid component ID %d in SOS

Invalid component ID %d in SOS

Bogus message code %d

Bogus message code %d

0123456789ABCDEF1.0.5

0123456789ABCDEF1.0.5

inflate 1.1.4 Copyright 1995-2002 Mark Adler

inflate 1.1.4 Copyright 1995-2002 Mark Adler

F%*.*f

F%*.*f

CNotSupportedException

CNotSupportedException

commctrl_DragListMsg

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

Afx:%x:%x

COMCTL32.DLL

COMCTL32.DLL

CCmdTarget

CCmdTarget

__MSVCRT_HEAP_SELECT

__MSVCRT_HEAP_SELECT

iphlpapi.dll

iphlpapi.dll

SHLWAPI.dll

SHLWAPI.dll

MPR.dll

MPR.dll

WINMM.dll

WINMM.dll

WS2_32.dll

WS2_32.dll

VERSION.dll

VERSION.dll

GetProcessHeap

GetProcessHeap

WinExec

WinExec

KERNEL32.dll

KERNEL32.dll

GetKeyState

GetKeyState

RegisterHotKey

RegisterHotKey

UnregisterHotKey

UnregisterHotKey

GetViewportOrgEx

GetViewportOrgEx

GDI32.dll

GDI32.dll

WINSPOOL.DRV

WINSPOOL.DRV

RegOpenKeyExA

RegOpenKeyExA

RegCreateKeyExA

RegCreateKeyExA

ADVAPI32.dll

ADVAPI32.dll

SHELL32.dll

SHELL32.dll

OLEAUT32.dll

OLEAUT32.dll

COMCTL32.dll

COMCTL32.dll

WININET.dll

WININET.dll

GetCPInfo

GetCPInfo

CreateDialogIndirectParamA

CreateDialogIndirectParamA

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExA

SetWindowsHookExA

SetViewportOrgEx

SetViewportOrgEx

OffsetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

SetViewportExtEx

ScaleViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

GetViewportExtEx

comdlg32.dll

comdlg32.dll

DLL.dll

DLL.dll

N>_.Pe_

N>_.Pe_

_!.Mo

_!.Mo

_%xMo

_%xMo

yMo5.Mo

yMo5.Mo

yMo!.Mo

yMo!.Mo

-Mo).Mo

-Mo).Mo

-Mo!.Mo

-Mo!.Mo

`.rdata

`.rdata

@.reloc

@.reloc

^}•D

^}•D

IMM32.dll

IMM32.dll

imehost.dll

imehost.dll

ImeProcessKey

ImeProcessKey

Windows

Windows

:):3:9:|:

:):3:9:|:

= =$=(=,=0=4=8=

= =$=(=,=0=4=8=

? ?$?(?,?

? ?$?(?,?

FucK_Tp.sys

FucK_Tp.sys

ntoskrnl.lib

ntoskrnl.lib

hal.lib

hal.lib

%*.*f

%*.*f

MemoryDriver.sys

MemoryDriver.sys

.PAVCException@@

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.prn)|*.prn|

(*.*)|*.*||

(*.*)|*.*||

Shell32.dll

Shell32.dll

Mpr.dll

Mpr.dll

Advapi32.dll

Advapi32.dll

User32.dll

User32.dll

Gdi32.dll

Gdi32.dll

(&07-034/)7 '

(&07-034/)7 '

?? / %d]

?? / %d]

%d / %d]

%d / %d]

: %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

(*.CUR)|*.CUR|

%s:%d

%s:%d

windows

windows

out.prn

out.prn

%d.%d

%d.%d

%d / %d

%d / %d

%d/%d

%d/%d

(%d-%d):

(%d-%d):

%ld%c

%ld%c

.PAVCObject@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCResourceException@@

.PAVCUserException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

.PAVCArchiveException@@

zcÁ

zcÁ

#include "l.chs\afxres.rc" // Standard components

#include "l.chs\afxres.rc" // Standard components

7!8 808:8

7!8 808:8

5 5$5(5,50545

5 5$5(5,50545

8 8$8(8,8084888<8

8 8$8(8,8084888<8

7 7$7(7,707

7 7$7(7,707

/ctfmon.exe

/ctfmon.exe

/CFJuhua.dll

/CFJuhua.dll

@.vmp0

@.vmp0

`.vmp1

`.vmp1

`.tls

`.tls

.vmp2

.vmp2

.reloc

.reloc

1:OLEAUT32.dll

1:OLEAUT32.dll

$Iw.PFY?

$Iw.PFY?

()|x%4U

()|x%4U

i9?.lv

i9?.lv

X%cqt(

X%cqt(

<cFO><pre>ai.mBs</pre><pre>w6.Ue</pre><pre>?HWINSPOOL.DRV</pre><pre>|As.ol</pre><pre>TW1G%C</pre><pre>{.bd7V</pre><pre>The procedure entry point %c could not be located in the dynamic link library %s</pre><pre>PSAPI.DLL</pre><pre>Wood.dll</pre><pre>.jKl&/</pre><pre>.bc#l</pre><pre>]P.zO5</pre><pre>%9xjD</pre><pre>.DmrG</pre><pre>~pP%d</pre><pre>vT%C)i</pre><pre>Aa%X/</pre><pre>0.GAi</pre><pre>~G.BY</pre><pre>M.hWwY</pre><pre>.MHxl</pre><pre>Y%dr^i</pre><pre>%c~ F</pre><pre>m.ddd</pre><pre>]%4uj</pre><pre>l.fmd</pre><pre>W:\PDv@m</pre><pre>_%SDg</pre><pre>?.sY=</pre><pre>sMv%f</pre><pre>Wi1!.hb"</pre><pre>5I.Ww</pre><pre>b%S((</pre><pre>Vsql(y</pre><pre>].ZVfj;</pre><pre>:_E%Cv9</pre><pre>TR.UatF<</pre><pre>.HJPPO</pre><pre>B.gjs</pre><pre>lWU%S;</pre><pre>k.Ohg(|</pre><pre>ks!.KM.</pre><pre>F.Nt^;</pre><pre>%fXb<O><pre>.zIqv|</pre><pre>O.ld,</pre><pre>T'È'</pre><pre>T%uE*</pre><pre>y|w%D</pre><pre>%6s"[</pre><pre>6 .sFe</pre><pre>s%ckvH*</pre><pre>l.Qi9</pre><pre>BØt</pre><pre>%UjU^</pre><pre>!.xr[</pre><pre>‘sSw</pre><pre>^GDI32.dll</pre><pre>j.BmJS</pre><pre>The ordinal %u could not be located in the dynamic link library %s</pre><pre>{S.BV0</pre><pre>`.data</pre><pre>MSVBVM60.DLL</pre><pre>VB5!6&vb6chs.dll</pre><pre>D:\VB</pre><pre>Visual Basic 6.0\VB6.OLB</pre><pre>\1.jpg</pre><pre>smtp.163.com</pre><pre>cfyuanji@163.com</pre><pre>title windows</pre><pre>del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"</pre><pre>del /f /s /q "%userprofile%\Local Settings\Temp\*.*"</pre><pre>*.tmp *._tmp *.log *.chk *.old</pre><pre>del /f /s /q %systemdrive%\*.tmp</pre><pre>del /f /s /q %systemdrive%\*._mp</pre><pre>del /f /s /q %systemdrive%\*.log</pre><pre>del /f /s /q %systemdrive%\*.gid</pre><pre>del /f /s /q %systemdrive%\*.chk</pre><pre>del /f /s /q %systemdrive%\*.old</pre><pre>del /f /s /q %systemdrive%\recycled\*.*</pre><pre>del /f /s /q %windir%\*.bak</pre><pre>del /f /s /q %windir%\prefetch\*.*</pre><pre>rem del /f /q %userprofile%\COOKIES s\*.*</pre><pre>rem del /f /q %userprofile%\recent\*.*</pre><pre>%windir%\system32\sfc.exe /purgecache</pre><pre>%windir%\system32\defrag.exe %systemdrive% -b</pre><pre>echo. & pause %WinDir%\windows</pre><pre>http://www.789pan.com/16277</pre><pre>{B96B3CAB-0728-11D3-9D7B-0000F81EF32E}</pre><pre>imm32.dll</pre><pre>Keyboard Layout</pre><pre>Keyboard Layout\Preload</pre><pre>RASAPI32.dll</pre><pre>GetWindowsDirectoryA</pre><pre>oledlg.dll</pre><pre>WSOCK32.dll</pre><pre>HttpQueryInfoA</pre><pre>HttpSendRequestA</pre><pre>HttpOpenRequestA</pre><pre>InternetCrackUrlA</pre><pre>InternetCanonicalizeUrlA</pre><pre>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)</pre><pre>HTTP/1.0</pre><pre>%s <%s></pre><pre>Reply-To: %s</pre><pre>From: %s</pre><pre>To: %s</pre><pre>Subject: %s</pre><pre>Date: %s</pre><pre>Cc: %s</pre><pre>%a, %d %b %Y %H:%M:%S</pre><pre>HELO %s</pre><pre>SMTP</pre><pre>AUTH LOGIN</pre><pre>LOGIN</pre><pre>AUTH=LOGIN</pre><pre>EHLO %s</pre><pre>Content-Type: application/octet-stream; name=%s</pre><pre>Content-Disposition: attachment; filename=%s</pre><pre>MAIL FROM:<%s></pre><pre>RCPT TO:<%s></pre><pre>1.1.3</pre><pre>;3 #>6.&</pre><pre>'2, / 0&7!4-)1#</pre><pre>www.dywt.com.cn</pre><pre>(*.htm;*.html)|*.htm;*.html</pre><pre>.PAVCOleException@@</pre><pre>.PAVCOleDispatchException@@</pre><pre>2aef5705036754cf43.exe</pre><pre>c:\%original file name%.exe</pre><pre>!("'($"(%$(&</pre><pre>.- -, *)</pre><pre>,(-(, /.0./)0</pre><pre>/ .0)-.)43<2</pre><pre>* >>J*,*K,LM,N.-.OPA-1QBB012RST12UVWX2Y3Z[\D34]^_345`ab45c566Cd60BBC6GEef2G<G221> )=h-AAijkl??Hm?=))H?I/@@FIpqnnoprsqqpr</G221></pre><pre>0 .HI. -/</pre><pre>./0!1 %%</pre><pre>6.-.7 ,8</pre><pre><?>9873.?3/.321/310/1<</pre><pre>PRSSQPR@CCSRABCC@ADEBBADFGEEDFHIGGFHJKIIHJLMKKJLNOMMLNPQOONP,-AA@,-DA-FD-%F%HF%JH*LJJ%**NL*PN,@RP*,P,R:9IIK:<QS><pre>T?.TY?Tfed?YV>?Vj</pre><pre>!%&&"!"&''#"</pre><pre>%)**&%&*</pre><pre>1;<<212<</pre><pre>0 .GH. -/</pre><pre>2 ,,02"#$ !" "$012()* </pre><pre>(* ( &'($%&$&($( 5</pre><pre>5.-.6 ,7</pre><pre>#>&! ?@/!</pre><pre>4/005472//476122763.1163</pre><pre>>%&&=>=&</pre><pre> * *) 6,wxy6z{443|-/55.-.617/4/-334/.5,,6.7055/70,512--.123-B}~</pre><pre>90/0:-.;</pre><pre>1, 0, 0, 1</pre><pre>imedllhost09.ime</pre><pre>(*.*)</pre><pre>1.exe</pre><b>%original file name%.exe_1236_rwx_00401000_000EA000:</b><pre>t$(SSh</pre><pre>~%UVW</pre><pre>u$SShe</pre></pre></QS></pre></pre></O></pre></pre></cFO>