Gen:Variant.Symmi.25606 (B) (Emsisoft), Gen:Variant.Symmi.25606 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, GenericInjector.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 73a55414a7a0b52aef5705036754cf43
SHA1: 0ca70730ec54dee69b9dd7e79558325f1e8dce88
SHA256: fe52f767b9cae7b602894e3e785792f499b618f949e3320c8691d0ce391f0f12
SSDeep: 98304:yuVCBRwRDmTm9lhA6H30z iAhZft/HaUYK:y7BRwee3sOxtaUYK
Size: 7622656 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-02-23 17:21:16
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):
%original file name%.exe:1236
File activity
The process %original file name%.exe:1236 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\E_UIEngine\90afea1eeb37be7a93471c36152ab43a\90afea1eeb37be7a93471c36152ab43a.jpg.data (28 bytes)
%Documents and Settings%\%current user%\Application Data\E_UIEngine\90afea1eeb37be7a93471c36152ab43a\90afea1eeb37be7a93471c36152ab43a.jpg (676 bytes)
%System%\drivers\etc\hosts (8 bytes)
The Trojan deletes the following file(s):
%System%\drivers\etc\hosts (0 bytes)
Registry activity
The process %original file name%.exe:1236 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 8F 3D 31 A7 24 AF 88 AB CB D2 63 CD DE 1C 9A"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 8938 bytes in size. The following strings are added to the hosts file listed below:
127.0.0.1 | cfwudao.com |
127.0.0.1 | cfwudao.cc |
127.0.0.1 | cfwudao.net |
127.0.0.1 | cfwudao.cn |
127.0.0.1 | cfmimang.com |
127.0.0.1 | cfmimang.cc |
127.0.0.1 | cfmimang.net |
127.0.0.1 | cfmimang.cn |
127.0.0.1 | nz92.com |
127.0.0.1 | nz92.cc |
127.0.0.1 | nz92.net |
127.0.0.1 | nz92.cn |
127.0.0.1 | 75ts.com |
127.0.0.1 | 75ts.net |
127.0.0.1 | 75ts.cn |
127.0.0.1 | cfyalan.com |
127.0.0.1 | cfyalan.cc |
127.0.0.1 | cfyalan.net |
127.0.0.1 | cfyalan.cn |
127.0.0.1 | cfjiuye.com |
127.0.0.1 | cfjiuye.cc |
127.0.0.1 | cfjiuye.tk |
127.0.0.1 | cfjiuye.cn |
127.0.0.1 | cfjiuye.net |
127.0.0.1 | yimeiwg.cc |
127.0.0.1 | yimeiwg.com |
127.0.0.1 | yimeiwg.net |
127.0.0.1 | yimeiwg.tk |
127.0.0.1 | yimeiwg.cn |
127.0.0.1 | cfhuofeng.com |
127.0.0.1 | cfhuofeng.cc |
127.0.0.1 | cfhuofeng.net |
127.0.0.1 | cfhuofeng.tk |
127.0.0.1 | cfhuofeng.cn |
127.0.0.1 | cfmc.jobidc.com |
127.0.0.1 | cfwc.jobidc.com |
127.0.0.1 | xiaohufz.ml |
127.0.0.1 | xiaohufz.com |
127.0.0.1 | xiaohufz.tk |
127.0.0.1 | xiaohufz.cc |
127.0.0.1 | xiaohufz.cn |
127.0.0.1 | xiaohufz.net |
127.0.0.1 | cfxiaohu.ml |
127.0.0.1 | cfxiaohu.com |
127.0.0.1 | cfxiaohu.tk |
127.0.0.1 | cfxiaohu.cc |
127.0.0.1 | cfxiaohu.cn |
127.0.0.1 | cfxiaohu.net |
127.0.0.1 | cfdiye.com |
127.0.0.1 | cfdiye.cc |
127.0.0.1 | cfdiye.net |
127.0.0.1 | cfdiye.tk |
127.0.0.1 | cfdiye.cn |
127.0.0.1 | cffeifan.com |
127.0.0.1 | cffeifan.cc |
127.0.0.1 | cffeifan.net |
127.0.0.1 | cffeifan.cn |
127.0.0.1 | cffeifan.tk |
127.0.0.1 | cfyinghun.tk |
127.0.0.1 | cfyinghun.com |
127.0.0.1 | cfyinghun.net |
127.0.0.1 | cfyinghun.cn |
127.0.0.1 | cfyinghun.cc |
127.0.0.1 | ximo.tk |
127.0.0.1 | ximo.com |
127.0.0.1 | ximo.cc |
127.0.0.1 | ximo.net |
127.0.0.1 | ximo.cn |
127.0.0.1 | cfximo.tk |
127.0.0.1 | cfximo.com |
127.0.0.1 | cfximo.net |
127.0.0.1 | cfximo.cc |
127.0.0.1 | cfximo.cn |
127.0.0.1 | k56.pw |
127.0.0.1 | k56.cn |
127.0.0.1 | k56.cc |
127.0.0.1 | k56.com |
127.0.0.1 | k56.net |
127.0.0.1 | k56.tk |
127.0.0.1 | cfduyao.cc |
127.0.0.1 | cfduyao.com |
127.0.0.1 | cfduyao.net |
127.0.0.1 | cfduyao.cn |
127.0.0.1 | cfduyao.tk |
127.0.0.1 | kmy0823.com |
127.0.0.1 | kmy0823.cc |
127.0.0.1 | kmy0823.net |
127.0.0.1 | kmy0823.tk |
127.0.0.1 | kmy0823.cn |
127.0.0.1 | aspddos.com |
127.0.0.1 | aspddos.cn |
127.0.0.1 | aspddos.tk |
127.0.0.1 | aspddos.cc |
127.0.0.1 | aspddos.net |
127.0.0.1 | cffeifan.icoc.cc |
127.0.0.1 | cffeifan.icoc.com |
127.0.0.1 | cffeifan.icoc.cn |
127.0.0.1 | cffeifan.icoc.net |
127.0.0.1 | cffeifan.icoc.tk |
127.0.0.1 | yeke.jobidc.cc |
127.0.0.1 | yeke.jobidc.com |
127.0.0.1 | yeke.jobidc.cn |
127.0.0.1 | yeke.jobidc.net |
127.0.0.1 | yeke.jobidc.tk |
127.0.0.1 | www.cfwudao.com |
127.0.0.1 | www.cfwudao.cc |
127.0.0.1 | www.cfwudao.net |
127.0.0.1 | www.cfwydai.cn |
127.0.0.1 | www.cfmimang.com |
127.0.0.1 | www.cfmimang.cc |
127.0.0.1 | www.cfmimang.net |
127.0.0.1 | www.cfmimang.cn |
127.0.0.1 | www.nz92.com |
127.0.0.1 | www.nz92.cc |
127.0.0.1 | www.nz92.net |
127.0.0.1 | www.nz92.cn |
127.0.0.1 | www.75ts.com |
127.0.0.1 | www.75ts.net |
127.0.0.1 | www.75ts.cn |
127.0.0.1 | www.cfyalan.com |
127.0.0.1 | www.cfyalan.cc |
127.0.0.1 | www.cfyalan.net |
127.0.0.1 | www.cfyalan.cn |
127.0.0.1 | www.cfjiuye.com |
127.0.0.1 | www.cfjiuye.cc |
127.0.0.1 | www.cfjiuye.tk |
127.0.0.1 | www.cfjiuye.cn |
127.0.0.1 | www.cfjiuye.net |
127.0.0.1 | www.yimeiwg.cc |
127.0.0.1 | www.yimeiwg.com |
127.0.0.1 | www.yimeiwg.net |
127.0.0.1 | www.yimeiwg.tk |
127.0.0.1 | www.yimeiwg.cn |
127.0.0.1 | www.cfhuofeng.com |
127.0.0.1 | www.cfhuofeng.cc |
127.0.0.1 | www.cfhuofeng.net |
127.0.0.1 | www.cfhuofeng.tk |
127.0.0.1 | www.cfhuofeng.cn |
127.0.0.1 | www.cfmc.jobidc.com |
127.0.0.1 | www.cfwc.jobidc.com |
127.0.0.1 | www.xiaohufz.ml |
127.0.0.1 | www.xiaohufz.com |
127.0.0.1 | www.xiaohufz.tk |
127.0.0.1 | www.xiaohufz.cc |
127.0.0.1 | www.xiaohufz.cn |
127.0.0.1 | www.xiaohufz.net |
127.0.0.1 | www.cfxiaohu.ml |
127.0.0.1 | www.cfxiaohu.com |
127.0.0.1 | www.cfxiaohu.tk |
127.0.0.1 | www.cfxiaohu.cc |
127.0.0.1 | www.cfxiaohu.cn |
127.0.0.1 | www.cfxiaohu.net |
127.0.0.1 | www.cfdiye.com |
127.0.0.1 | www.cfdiye.cc |
127.0.0.1 | www.cfdiye.net |
127.0.0.1 | www.cfdiye.tk |
127.0.0.1 | www.cfdiye.cn |
127.0.0.1 | www.cffeifan.com |
127.0.0.1 | www.cffeifan.cc |
127.0.0.1 | www.cffeifan.net |
127.0.0.1 | www.cffeifan.cn |
127.0.0.1 | www.cffeifan.tk |
127.0.0.1 | www.cfyinghun.tk |
127.0.0.1 | www.cfyinghun.com |
127.0.0.1 | www.cfyinghun.net |
127.0.0.1 | www.cfyinghun.cn |
127.0.0.1 | www.cfyinghun.cc |
127.0.0.1 | www.ximo.tk |
127.0.0.1 | www.ximo.com |
127.0.0.1 | www.ximo.cc |
127.0.0.1 | www.ximo.net |
127.0.0.1 | www.ximo.cn |
127.0.0.1 | www.cfximo.tk |
127.0.0.1 | www.cfximo.com |
127.0.0.1 | www.cfximo.net |
127.0.0.1 | www.cfximo.cc |
127.0.0.1 | www.cfximo.cn |
127.0.0.1 | www.k56.pw |
127.0.0.1 | www.k56.cn |
127.0.0.1 | www.k56.cc |
127.0.0.1 | www.k56.com |
127.0.0.1 | www.k56.net |
127.0.0.1 | www.k56.tk |
127.0.0.1 | www.cfduyao.cc |
127.0.0.1 | www.cfduyao.com |
127.0.0.1 | www.cfduyao.net |
127.0.0.1 | www.cfduyao.cn |
127.0.0.1 | www.cfduyao.tk |
127.0.0.1 | www.kmy0823.com |
127.0.0.1 | www.kmy0823.cc |
127.0.0.1 | www.kmy0823.net |
127.0.0.1 | www.kmy0823.tk |
127.0.0.1 | www.kmy0823.cn |
127.0.0.1 | www.aspddos.com |
127.0.0.1 | www.aspddos.cn |
127.0.0.1 | www.aspddos.tk |
127.0.0.1 | www.aspddos.cc |
127.0.0.1 | www.aspddos.net |
127.0.0.1 | www.cffeifan.icoc.cc |
127.0.0.1 | www.cffeifan.icoc.com |
127.0.0.1 | www.cffeifan.icoc.cn |
127.0.0.1 | www.cffeifan.icoc.net |
127.0.0.1 | www.cffeifan.icoc.tk |
127.0.0.1 | www.yeke.jobidc.cc |
127.0.0.1 | www.yeke.jobidc.com |
127.0.0.1 | www.yeke.jobidc.cn |
127.0.0.1 | www.yeke.jobidc.net |
127.0.0.1 | www.yeke.jobidc.tk |
127.0.0.1 | www.cfmogu.cn |
127.0.0.1 | www.cfmogu.com |
127.0.0.1 | www.cfmogu.net |
127.0.0.1 | www.cfmogu.cc |
127.0.0.1 | www.cfmogu.tk |
127.0.0.1 | cfmogu.cn |
127.0.0.1 | cfmogu.com |
127.0.0.1 | cfmogu.net |
127.0.0.1 | cfmogu.cc |
127.0.0.1 | cfmogu.tk |
127.0.0.1 | bbs.smjiayuan.cn |
127.0.0.1 | bbs.smjiayuan.com |
127.0.0.1 | bbs.smjiayuan.cc |
127.0.0.1 | bbs.smjiayuan.tk |
127.0.0.1 | bbs.smjiayuan.net |
127.0.0.1 | smjiayuan.cn |
127.0.0.1 | smjiayuan.com |
127.0.0.1 | smjiayuan.cc |
127.0.0.1 | smjiayuan.tk |
127.0.0.1 | smjiayuan.net |
127.0.0.1 | www.smjiayuan.cn |
127.0.0.1 | www.smjiayuan.com |
127.0.0.1 | www.smjiayuan.cc |
127.0.0.1 | www.smjiayuan.tk |
127.0.0.1 | www.smjiayuan.net |
127.0.0.1 | cfnonglin.com |
127.0.0.1 | cfnonglin.cc |
127.0.0.1 | cfnonglin.net |
127.0.0.1 | cfnonglin.tk |
127.0.0.1 | cfnonglin.cn |
127.0.0.1 | www.cfnonglin.com |
127.0.0.1 | www.cfnonglin.cn |
127.0.0.1 | www.cfnonglin.cc |
127.0.0.1 | www.cfnonglin.net |
127.0.0.1 | www.cfnonglin.tk |
127.0.0.1 | www.cflaoa.com |
127.0.0.1 | www.cflaoa.cc |
127.0.0.1 | www.cflaoa.cn |
127.0.0.1 | www.cflaoa.net |
127.0.0.1 | www.cflaoa.tk |
127.0.0.1 | cflaoa.com |
127.0.0.1 | cflaoa.cc |
127.0.0.1 | cflaoa.cn |
127.0.0.1 | cflaoa.net |
127.0.0.1 | cflaoa.tk |
127.0.0.1 | www.xiaorouqing.com |
127.0.0.1 | www.xiaorouqing.tk |
127.0.0.1 | www.xiaorouqing.net |
127.0.0.1 | www.xiaorouqing.cn |
127.0.0.1 | www.xiaorouqing.cc |
127.0.0.1 | xiaorouqing.com |
127.0.0.1 | xiaorouqing.tk |
127.0.0.1 | xiaorouqing.net |
127.0.0.1 | xiaorouqing.cn |
127.0.0.1 | xiaorouqing.cc |
127.0.0.1 | www.cfdiye.com |
127.0.0.1 | www.cfdiye.cc |
127.0.0.1 | www.cfdiye.cn |
127.0.0.1 | www.cfdiye.net |
127.0.0.1 | www.cfdiye.tk |
127.0.0.1 | cfdiye.com |
127.0.0.1 | cfdiye.cc |
127.0.0.1 | cfdiye.cn |
127.0.0.1 | cfdiye.net |
127.0.0.1 | cfdiye.tk |
127.0.0.1 | www.cffefa.com |
127.0.0.1 | www.cffefa.cc |
127.0.0.1 | www.cffefa.cn |
127.0.0.1 | www.cffefa.net |
127.0.0.1 | www.cffefa.tk |
127.0.0.1 | cffefa.com |
127.0.0.1 | cffefa.cc |
127.0.0.1 | cffefa.cn |
127.0.0.1 | cffefa.net |
127.0.0.1 | cffefa.tk |
127.0.0.1 | www.fbfz.in |
127.0.0.1 | www.fbfz.com |
127.0.0.1 | www.fbfz.net |
127.0.0.1 | www.fbfz.cn |
127.0.0.1 | www.fbfz.cc |
127.0.0.1 | www.fbfz.tk |
127.0.0.1 | www.cfhuacai.in |
127.0.0.1 | www.cfhuacai.com |
127.0.0.1 | www.cfhuacai.cc |
127.0.0.1 | www.cfhuacai.net |
127.0.0.1 | www.cfhuacai.cn |
127.0.0.1 | www.cfhuacai.tk |
127.0.0.1 | fbfz.in |
127.0.0.1 | fbfz.com |
127.0.0.1 | fbfz.net |
127.0.0.1 | fbfz.cn |
127.0.0.1 | fbfz.cc |
127.0.0.1 | fbfz.tk |
127.0.0.1 | cfhuacai.in |
127.0.0.1 | cfhuacai.com |
127.0.0.1 | cfhuacai.cc |
127.0.0.1 | cfhuacai.net |
127.0.0.1 | cfhuacai.cn |
127.0.0.1 | cfhuacai.tk |
127.0.0.1 | www.cfmomi.com |
127.0.0.1 | www.cfmomi.net |
127.0.0.1 | www.cfmomi.cc |
127.0.0.1 | www.cfmomi.cn |
127.0.0.1 | www.cfmomi.tk |
127.0.0.1 | cfmomi.com |
127.0.0.1 | cfmomi.net |
127.0.0.1 | cfmomi.cc |
127.0.0.1 | cfmomi.cn |
127.0.0.1 | cfmomi.tk |
127.0.0.1 | cfdfsy.com |
127.0.0.1 | cfdfsy.net |
127.0.0.1 | cfdfsy.cc |
127.0.0.1 | cfdfsy.tk |
127.0.0.1 | cfdfsy.cn |
127.0.0.1 | www.cfdfsy.com |
127.0.0.1 | www.cfdfsy.net |
127.0.0.1 | www.cfdfsy.cc |
127.0.0.1 | www.cfdfsy.tk |
127.0.0.1 | www.cfdfsy.cn |
127.0.0.1 | cfshuye.com |
127.0.0.1 | cfshuye.net |
127.0.0.1 | cfshuye.cc |
127.0.0.1 | cfshuye.tk |
127.0.0.1 | cfshuye.cn |
127.0.0.1 | www.cfshuye.com |
127.0.0.1 | www.cfshuye.net |
127.0.0.1 | www.cfshuye.cc |
127.0.0.1 | www.cfshuye.tk |
127.0.0.1 | www.cfshuye.cn |
127.0.0.1 | www.cftianyue.com |
127.0.0.1 | www.cftianyue.cn |
127.0.0.1 | www.cftianyue.net |
127.0.0.1 | www.cftianyue.cc |
127.0.0.1 | www.cftianyue.tk |
127.0.0.1 | cftianyue.com |
127.0.0.1 | cftianyue.tk |
127.0.0.1 | cftianyue.cn |
127.0.0.1 | cftianyue.net |
127.0.0.1 | cftianyue.cc |
127.0.0.1 | www.tatplay.com |
127.0.0.1 | www.tatplay.cn |
127.0.0.1 | www.tatplay.tk |
127.0.0.1 | www.tatplay.cc |
127.0.0.1 | www.tatplay.net |
127.0.0.1 | bbs.tatplay.com |
127.0.0.1 | bbs.tatplay.cn |
127.0.0.1 | bbs.tatplay.tk |
127.0.0.1 | bbs.tatplay.cc |
127.0.0.1 | bbs.tatplay.net |
127.0.0.1 | tatplay.com |
127.0.0.1 | tatplay.cn |
127.0.0.1 | tatplay.tk |
127.0.0.1 | tatplay.cc |
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Application Data\E_UIEngine\90afea1eeb37be7a93471c36152ab43a\90afea1eeb37be7a93471c36152ab43a.jpg.data (28 bytes)
%System%\drivers\etc\hosts (8 bytes) - Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 955982 | 958464 | 5.15252 | 59ff8f820c8b7b2d0266f64ce896e5c4 |
.rdata | 962560 | 6559928 | 6561792 | 4.88497 | f2c092a30a80debef01bcd32920d9190 |
.data | 7524352 | 325802 | 73728 | 4.26302 | 030e87525b2f7f1369542d04a8cdcc6c |
.rsrc | 7852032 | 23232 | 24576 | 3.35362 | 9168f0145169842a778b50619577787a |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
Strings from Dumps
%original file name%.exe_1236:
.text
.text
.rdata
.rdata
@.data
@.data
.rsrc
.rsrc
t$(SSh
t$(SSh
~%UVW
~%UVW
u$SShe
u$SShe
kernel32.dll
kernel32.dll
user32.dll
user32.dll
shlwapi.dll
shlwapi.dll
gdiplus.dll
gdiplus.dll
gdi32.dll
gdi32.dll
ole32.dll
ole32.dll
GdiPlus.dll
GdiPlus.dll
Gdiplus.dll
Gdiplus.dll
winmm.dll
winmm.dll
EnumWindows
EnumWindows
ShellExecuteA
ShellExecuteA
GetAsyncKeyState
GetAsyncKeyState
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatHotkeyPrefix
EnumChildWindows
EnumChildWindows
UnloadKeyboardLayout
UnloadKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyboardLayout
ActivateKeyboardLayout
ActivateKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardLayoutNameA
RegOpenKeyA
RegOpenKeyA
RegDeleteKeyA
RegDeleteKeyA
RegCloseKey
RegCloseKey
RegCreateKeyA
RegCreateKeyA
RegFlushKey
RegFlushKey
LoadKeyboardLayoutA
LoadKeyboardLayoutA
GdipSetImageAttributesColorKeys
GdipSetImageAttributesColorKeys
GdipSetPenLineJoin
GdipSetPenLineJoin
GdipGetPenLineJoin
GdipGetPenLineJoin
ctfmon.exe
ctfmon.exe
\CFJuhua.dll
\CFJuhua.dll
crossfire.exe
crossfire.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
$@.jpg
$@.jpg
.data
.data
{B96B3CAE-0728-11D3-9D7B-0000F81EF32E}
{B96B3CAE-0728-11D3-9D7B-0000F81EF32E}
@.tmp
@.tmp
drivers\etc\hosts127.0.0.1 cfwudao.com
drivers\etc\hosts127.0.0.1 cfwudao.com
127.0.0.1 cfwudao.cc
127.0.0.1 cfwudao.cc
127.0.0.1 cfwudao.net
127.0.0.1 cfwudao.net
127.0.0.1 cfwudao.cn
127.0.0.1 cfwudao.cn
127.0.0.1 cfmimang.com
127.0.0.1 cfmimang.com
127.0.0.1 cfmimang.cc
127.0.0.1 cfmimang.cc
127.0.0.1 cfmimang.net
127.0.0.1 cfmimang.net
127.0.0.1 cfmimang.cn
127.0.0.1 cfmimang.cn
127.0.0.1 nz92.com
127.0.0.1 nz92.com
127.0.0.1 nz92.cc
127.0.0.1 nz92.cc
127.0.0.1 nz92.net
127.0.0.1 nz92.net
127.0.0.1 nz92.cn
127.0.0.1 nz92.cn
127.0.0.1 75ts.com
127.0.0.1 75ts.com
127.0.0.1 75ts.net
127.0.0.1 75ts.net
127.0.0.1 75ts.cn
127.0.0.1 75ts.cn
127.0.0.1 cfyalan.com
127.0.0.1 cfyalan.com
127.0.0.1 cfyalan.cc
127.0.0.1 cfyalan.cc
127.0.0.1 cfyalan.net
127.0.0.1 cfyalan.net
127.0.0.1 cfyalan.cn
127.0.0.1 cfyalan.cn
127.0.0.1 cfjiuye.com
127.0.0.1 cfjiuye.com
127.0.0.1 cfjiuye.cc
127.0.0.1 cfjiuye.cc
127.0.0.1 cfjiuye.tk
127.0.0.1 cfjiuye.tk
127.0.0.1 cfjiuye.cn
127.0.0.1 cfjiuye.cn
127.0.0.1 cfjiuye.net
127.0.0.1 cfjiuye.net
127.0.0.1 yimeiwg.cc
127.0.0.1 yimeiwg.cc
127.0.0.1 yimeiwg.com
127.0.0.1 yimeiwg.com
127.0.0.1 yimeiwg.net
127.0.0.1 yimeiwg.net
127.0.0.1 yimeiwg.tk
127.0.0.1 yimeiwg.tk
127.0.0.1 yimeiwg.cn
127.0.0.1 yimeiwg.cn
127.0.0.1 cfhuofeng.com
127.0.0.1 cfhuofeng.com
127.0.0.1 cfhuofeng.cc
127.0.0.1 cfhuofeng.cc
127.0.0.1 cfhuofeng.net
127.0.0.1 cfhuofeng.net
127.0.0.1 cfhuofeng.tk
127.0.0.1 cfhuofeng.tk
127.0.0.1 cfhuofeng.cn
127.0.0.1 cfhuofeng.cn
127.0.0.1 cfmc.jobidc.com
127.0.0.1 cfmc.jobidc.com
127.0.0.1 cfwc.jobidc.com
127.0.0.1 cfwc.jobidc.com
127.0.0.1 xiaohufz.ml
127.0.0.1 xiaohufz.ml
127.0.0.1 xiaohufz.com
127.0.0.1 xiaohufz.com
127.0.0.1 xiaohufz.tk
127.0.0.1 xiaohufz.tk
127.0.0.1 xiaohufz.cc
127.0.0.1 xiaohufz.cc
127.0.0.1 xiaohufz.cn
127.0.0.1 xiaohufz.cn
127.0.0.1 xiaohufz.net
127.0.0.1 xiaohufz.net
127.0.0.1 cfxiaohu.ml
127.0.0.1 cfxiaohu.ml
127.0.0.1 cfxiaohu.com
127.0.0.1 cfxiaohu.com
127.0.0.1 cfxiaohu.tk
127.0.0.1 cfxiaohu.tk
127.0.0.1 cfxiaohu.cc
127.0.0.1 cfxiaohu.cc
127.0.0.1 cfxiaohu.cn
127.0.0.1 cfxiaohu.cn
127.0.0.1 cfxiaohu.net
127.0.0.1 cfxiaohu.net
127.0.0.1 cfdiye.com
127.0.0.1 cfdiye.com
127.0.0.1 cfdiye.cc
127.0.0.1 cfdiye.cc
127.0.0.1 cfdiye.net
127.0.0.1 cfdiye.net
127.0.0.1 cfdiye.tk
127.0.0.1 cfdiye.tk
127.0.0.1 cfdiye.cn
127.0.0.1 cfdiye.cn
127.0.0.1 cffeifan.com
127.0.0.1 cffeifan.com
127.0.0.1 cffeifan.cc
127.0.0.1 cffeifan.cc
127.0.0.1 cffeifan.net
127.0.0.1 cffeifan.net
127.0.0.1 cffeifan.cn
127.0.0.1 cffeifan.cn
127.0.0.1 cffeifan.tk
127.0.0.1 cffeifan.tk
127.0.0.1 cfyinghun.tk
127.0.0.1 cfyinghun.tk
127.0.0.1 cfyinghun.com
127.0.0.1 cfyinghun.com
127.0.0.1 cfyinghun.net
127.0.0.1 cfyinghun.net
127.0.0.1 cfyinghun.cn
127.0.0.1 cfyinghun.cn
127.0.0.1 cfyinghun.cc
127.0.0.1 cfyinghun.cc
127.0.0.1 ximo.tk
127.0.0.1 ximo.tk
127.0.0.1 ximo.com
127.0.0.1 ximo.com
127.0.0.1 ximo.cc
127.0.0.1 ximo.cc
127.0.0.1 ximo.net
127.0.0.1 ximo.net
127.0.0.1 ximo.cn
127.0.0.1 ximo.cn
127.0.0.1 cfximo.tk
127.0.0.1 cfximo.tk
127.0.0.1 cfximo.com
127.0.0.1 cfximo.com
127.0.0.1 cfximo.net
127.0.0.1 cfximo.net
127.0.0.1 cfximo.cc
127.0.0.1 cfximo.cc
127.0.0.1 cfximo.cn
127.0.0.1 cfximo.cn
127.0.0.1 k56.pw
127.0.0.1 k56.pw
127.0.0.1 k56.cn
127.0.0.1 k56.cn
127.0.0.1 k56.cc
127.0.0.1 k56.cc
127.0.0.1 k56.com
127.0.0.1 k56.com
127.0.0.1 k56.net
127.0.0.1 k56.net
127.0.0.1 k56.tk
127.0.0.1 k56.tk
127.0.0.1 cfduyao.cc
127.0.0.1 cfduyao.cc
127.0.0.1 cfduyao.com
127.0.0.1 cfduyao.com
127.0.0.1 cfduyao.net
127.0.0.1 cfduyao.net
127.0.0.1 cfduyao.cn
127.0.0.1 cfduyao.cn
127.0.0.1 cfduyao.tk
127.0.0.1 cfduyao.tk
127.0.0.1 kmy0823.com
127.0.0.1 kmy0823.com
127.0.0.1 kmy0823.cc
127.0.0.1 kmy0823.cc
127.0.0.1 kmy0823.net
127.0.0.1 kmy0823.net
127.0.0.1 kmy0823.tk
127.0.0.1 kmy0823.tk
127.0.0.1 kmy0823.cn
127.0.0.1 kmy0823.cn
127.0.0.1 aspddos.com
127.0.0.1 aspddos.com
127.0.0.1 aspddos.cn
127.0.0.1 aspddos.cn
127.0.0.1 aspddos.tk
127.0.0.1 aspddos.tk
127.0.0.1 aspddos.cc
127.0.0.1 aspddos.cc
127.0.0.1 aspddos.net
127.0.0.1 aspddos.net
127.0.0.1 cffeifan.icoc.cc
127.0.0.1 cffeifan.icoc.cc
127.0.0.1 cffeifan.icoc.com
127.0.0.1 cffeifan.icoc.com
127.0.0.1 cffeifan.icoc.cn
127.0.0.1 cffeifan.icoc.cn
127.0.0.1 cffeifan.icoc.net
127.0.0.1 cffeifan.icoc.net
127.0.0.1 cffeifan.icoc.tk
127.0.0.1 cffeifan.icoc.tk
127.0.0.1 yeke.jobidc.cc
127.0.0.1 yeke.jobidc.cc
127.0.0.1 yeke.jobidc.com
127.0.0.1 yeke.jobidc.com
127.0.0.1 yeke.jobidc.cn
127.0.0.1 yeke.jobidc.cn
127.0.0.1 yeke.jobidc.net
127.0.0.1 yeke.jobidc.net
127.0.0.1 yeke.jobidc.tk
127.0.0.1 yeke.jobidc.tk
127.0.0.1 www.cfwudao.com
127.0.0.1 www.cfwudao.com
127.0.0.1 www.cfwudao.cc
127.0.0.1 www.cfwudao.cc
127.0.0.1 www.cfwudao.net
127.0.0.1 www.cfwudao.net
127.0.0.1 www.cfwydai.cn
127.0.0.1 www.cfwydai.cn
127.0.0.1 www.cfmimang.com
127.0.0.1 www.cfmimang.com
127.0.0.1 www.cfmimang.cc
127.0.0.1 www.cfmimang.cc
127.0.0.1 www.cfmimang.net
127.0.0.1 www.cfmimang.net
127.0.0.1 www.cfmimang.cn
127.0.0.1 www.cfmimang.cn
127.0.0.1 www.nz92.com
127.0.0.1 www.nz92.com
127.0.0.1 www.nz92.cc
127.0.0.1 www.nz92.cc
127.0.0.1 www.nz92.net
127.0.0.1 www.nz92.net
127.0.0.1 www.nz92.cn
127.0.0.1 www.nz92.cn
127.0.0.1 www.75ts.com
127.0.0.1 www.75ts.com
127.0.0.1 www.75ts.net
127.0.0.1 www.75ts.net
127.0.0.1 www.75ts.cn
127.0.0.1 www.75ts.cn
127.0.0.1 www.cfyalan.com
127.0.0.1 www.cfyalan.com
127.0.0.1 www.cfyalan.cc
127.0.0.1 www.cfyalan.cc
127.0.0.1 www.cfyalan.net
127.0.0.1 www.cfyalan.net
127.0.0.1 www.cfyalan.cn
127.0.0.1 www.cfyalan.cn
127.0.0.1 www.cfjiuye.com
127.0.0.1 www.cfjiuye.com
127.0.0.1 www.cfjiuye.cc
127.0.0.1 www.cfjiuye.cc
127.0.0.1 www.cfjiuye.tk
127.0.0.1 www.cfjiuye.tk
127.0.0.1 www.cfjiuye.cn
127.0.0.1 www.cfjiuye.cn
127.0.0.1 www.cfjiuye.net
127.0.0.1 www.cfjiuye.net
127.0.0.1 www.yimeiwg.cc
127.0.0.1 www.yimeiwg.cc
127.0.0.1 www.yimeiwg.com
127.0.0.1 www.yimeiwg.com
127.0.0.1 www.yimeiwg.net
127.0.0.1 www.yimeiwg.net
127.0.0.1 www.yimeiwg.tk
127.0.0.1 www.yimeiwg.tk
127.0.0.1 www.yimeiwg.cn
127.0.0.1 www.yimeiwg.cn
127.0.0.1 www.cfhuofeng.com
127.0.0.1 www.cfhuofeng.com
127.0.0.1 www.cfhuofeng.cc
127.0.0.1 www.cfhuofeng.cc
127.0.0.1 www.cfhuofeng.net
127.0.0.1 www.cfhuofeng.net
127.0.0.1 www.cfhuofeng.tk
127.0.0.1 www.cfhuofeng.tk
127.0.0.1 www.cfhuofeng.cn
127.0.0.1 www.cfhuofeng.cn
127.0.0.1 www.cfmc.jobidc.com
127.0.0.1 www.cfmc.jobidc.com
127.0.0.1 www.cfwc.jobidc.com
127.0.0.1 www.cfwc.jobidc.com
127.0.0.1 www.xiaohufz.ml
127.0.0.1 www.xiaohufz.ml
127.0.0.1 www.xiaohufz.com
127.0.0.1 www.xiaohufz.com
127.0.0.1 www.xiaohufz.tk
127.0.0.1 www.xiaohufz.tk
127.0.0.1 www.xiaohufz.cc
127.0.0.1 www.xiaohufz.cc
127.0.0.1 www.xiaohufz.cn
127.0.0.1 www.xiaohufz.cn
127.0.0.1 www.xiaohufz.net
127.0.0.1 www.xiaohufz.net
127.0.0.1 www.cfxiaohu.ml
127.0.0.1 www.cfxiaohu.ml
127.0.0.1 www.cfxiaohu.com
127.0.0.1 www.cfxiaohu.com
127.0.0.1 www.cfxiaohu.tk
127.0.0.1 www.cfxiaohu.tk
127.0.0.1 www.cfxiaohu.cc
127.0.0.1 www.cfxiaohu.cc
127.0.0.1 www.cfxiaohu.cn
127.0.0.1 www.cfxiaohu.cn
127.0.0.1 www.cfxiaohu.net
127.0.0.1 www.cfxiaohu.net
127.0.0.1 www.cfdiye.com
127.0.0.1 www.cfdiye.com
127.0.0.1 www.cfdiye.cc
127.0.0.1 www.cfdiye.cc
127.0.0.1 www.cfdiye.net
127.0.0.1 www.cfdiye.net
127.0.0.1 www.cfdiye.tk
127.0.0.1 www.cfdiye.tk
127.0.0.1 www.cfdiye.cn
127.0.0.1 www.cfdiye.cn
127.0.0.1 www.cffeifan.com
127.0.0.1 www.cffeifan.com
127.0.0.1 www.cffeifan.cc
127.0.0.1 www.cffeifan.cc
127.0.0.1 www.cffeifan.net
127.0.0.1 www.cffeifan.net
127.0.0.1 www.cffeifan.cn
127.0.0.1 www.cffeifan.cn
127.0.0.1 www.cffeifan.tk
127.0.0.1 www.cffeifan.tk
127.0.0.1 www.cfyinghun.tk
127.0.0.1 www.cfyinghun.tk
127.0.0.1 www.cfyinghun.com
127.0.0.1 www.cfyinghun.com
127.0.0.1 www.cfyinghun.net
127.0.0.1 www.cfyinghun.net
127.0.0.1 www.cfyinghun.cn
127.0.0.1 www.cfyinghun.cn
127.0.0.1 www.cfyinghun.cc
127.0.0.1 www.cfyinghun.cc
127.0.0.1 www.ximo.tk
127.0.0.1 www.ximo.tk
127.0.0.1 www.ximo.com
127.0.0.1 www.ximo.com
127.0.0.1 www.ximo.cc
127.0.0.1 www.ximo.cc
127.0.0.1 www.ximo.net
127.0.0.1 www.ximo.net
127.0.0.1 www.ximo.cn
127.0.0.1 www.ximo.cn
127.0.0.1 www.cfximo.tk
127.0.0.1 www.cfximo.tk
127.0.0.1 www.cfximo.com
127.0.0.1 www.cfximo.com
127.0.0.1 www.cfximo.net
127.0.0.1 www.cfximo.net
127.0.0.1 www.cfximo.cc
127.0.0.1 www.cfximo.cc
127.0.0.1 www.cfximo.cn
127.0.0.1 www.cfximo.cn
127.0.0.1 www.k56.pw
127.0.0.1 www.k56.pw
127.0.0.1 www.k56.cn
127.0.0.1 www.k56.cn
127.0.0.1 www.k56.cc
127.0.0.1 www.k56.cc
127.0.0.1 www.k56.com
127.0.0.1 www.k56.com
127.0.0.1 www.k56.net
127.0.0.1 www.k56.net
127.0.0.1 www.k56.tk
127.0.0.1 www.k56.tk
127.0.0.1 www.cfduyao.cc
127.0.0.1 www.cfduyao.cc
127.0.0.1 www.cfduyao.com
127.0.0.1 www.cfduyao.com
127.0.0.1 www.cfduyao.net
127.0.0.1 www.cfduyao.net
127.0.0.1 www.cfduyao.cn
127.0.0.1 www.cfduyao.cn
127.0.0.1 www.cfduyao.tk
127.0.0.1 www.cfduyao.tk
127.0.0.1 www.kmy0823.com
127.0.0.1 www.kmy0823.com
127.0.0.1 www.kmy0823.cc
127.0.0.1 www.kmy0823.cc
127.0.0.1 www.kmy0823.net
127.0.0.1 www.kmy0823.net
127.0.0.1 www.kmy0823.tk
127.0.0.1 www.kmy0823.tk
127.0.0.1 www.kmy0823.cn
127.0.0.1 www.kmy0823.cn
127.0.0.1 www.aspddos.com
127.0.0.1 www.aspddos.com
127.0.0.1 www.aspddos.cn
127.0.0.1 www.aspddos.cn
127.0.0.1 www.aspddos.tk
127.0.0.1 www.aspddos.tk
127.0.0.1 www.aspddos.cc
127.0.0.1 www.aspddos.cc
127.0.0.1 www.aspddos.net
127.0.0.1 www.aspddos.net
127.0.0.1 www.cffeifan.icoc.cc
127.0.0.1 www.cffeifan.icoc.cc
127.0.0.1 www.cffeifan.icoc.com
127.0.0.1 www.cffeifan.icoc.com
127.0.0.1 www.cffeifan.icoc.cn
127.0.0.1 www.cffeifan.icoc.cn
127.0.0.1 www.cffeifan.icoc.net
127.0.0.1 www.cffeifan.icoc.net
127.0.0.1 www.cffeifan.icoc.tk
127.0.0.1 www.cffeifan.icoc.tk
127.0.0.1 www.yeke.jobidc.cc
127.0.0.1 www.yeke.jobidc.cc
127.0.0.1 www.yeke.jobidc.com
127.0.0.1 www.yeke.jobidc.com
127.0.0.1 www.yeke.jobidc.cn
127.0.0.1 www.yeke.jobidc.cn
127.0.0.1 www.yeke.jobidc.net
127.0.0.1 www.yeke.jobidc.net
127.0.0.1 www.yeke.jobidc.tk
127.0.0.1 www.yeke.jobidc.tk
127.0.0.1 www.cfmogu.cn
127.0.0.1 www.cfmogu.cn
127.0.0.1 www.cfmogu.com
127.0.0.1 www.cfmogu.com
127.0.0.1 www.cfmogu.net
127.0.0.1 www.cfmogu.net
127.0.0.1 www.cfmogu.cc
127.0.0.1 www.cfmogu.cc
127.0.0.1 www.cfmogu.tk
127.0.0.1 www.cfmogu.tk
127.0.0.1 cfmogu.cn
127.0.0.1 cfmogu.cn
127.0.0.1 cfmogu.com
127.0.0.1 cfmogu.com
127.0.0.1 cfmogu.net
127.0.0.1 cfmogu.net
127.0.0.1 cfmogu.cc
127.0.0.1 cfmogu.cc
127.0.0.1 cfmogu.tk
127.0.0.1 cfmogu.tk
127.0.0.1 bbs.smjiayuan.cn
127.0.0.1 bbs.smjiayuan.cn
127.0.0.1 bbs.smjiayuan.com
127.0.0.1 bbs.smjiayuan.com
127.0.0.1 bbs.smjiayuan.cc
127.0.0.1 bbs.smjiayuan.cc
127.0.0.1 bbs.smjiayuan.tk
127.0.0.1 bbs.smjiayuan.tk
127.0.0.1 bbs.smjiayuan.net
127.0.0.1 bbs.smjiayuan.net
127.0.0.1 smjiayuan.cn
127.0.0.1 smjiayuan.cn
127.0.0.1 smjiayuan.com
127.0.0.1 smjiayuan.com
127.0.0.1 smjiayuan.cc
127.0.0.1 smjiayuan.cc
127.0.0.1 smjiayuan.tk
127.0.0.1 smjiayuan.tk
127.0.0.1 smjiayuan.net
127.0.0.1 smjiayuan.net
127.0.0.1 www.smjiayuan.cn
127.0.0.1 www.smjiayuan.cn
127.0.0.1 www.smjiayuan.com
127.0.0.1 www.smjiayuan.com
127.0.0.1 www.smjiayuan.cc
127.0.0.1 www.smjiayuan.cc
127.0.0.1 www.smjiayuan.tk
127.0.0.1 www.smjiayuan.tk
127.0.0.1 www.smjiayuan.net
127.0.0.1 www.smjiayuan.net
127.0.0.1 cfnonglin.com
127.0.0.1 cfnonglin.com
127.0.0.1 cfnonglin.cc
127.0.0.1 cfnonglin.cc
127.0.0.1 cfnonglin.net
127.0.0.1 cfnonglin.net
127.0.0.1 cfnonglin.tk
127.0.0.1 cfnonglin.tk
127.0.0.1 cfnonglin.cn
127.0.0.1 cfnonglin.cn
127.0.0.1 www.cfnonglin.com
127.0.0.1 www.cfnonglin.com
127.0.0.1 www.cfnonglin.cn
127.0.0.1 www.cfnonglin.cn
127.0.0.1 www.cfnonglin.cc
127.0.0.1 www.cfnonglin.cc
127.0.0.1 www.cfnonglin.net
127.0.0.1 www.cfnonglin.net
127.0.0.1 www.cfnonglin.tk
127.0.0.1 www.cfnonglin.tk
127.0.0.1 www.cflaoa.com
127.0.0.1 www.cflaoa.com
127.0.0.1 www.cflaoa.cc
127.0.0.1 www.cflaoa.cc
127.0.0.1 www.cflaoa.cn
127.0.0.1 www.cflaoa.cn
127.0.0.1 www.cflaoa.net
127.0.0.1 www.cflaoa.net
127.0.0.1 www.cflaoa.tk
127.0.0.1 www.cflaoa.tk
127.0.0.1 cflaoa.com
127.0.0.1 cflaoa.com
127.0.0.1 cflaoa.cc
127.0.0.1 cflaoa.cc
127.0.0.1 cflaoa.cn
127.0.0.1 cflaoa.cn
127.0.0.1 cflaoa.net
127.0.0.1 cflaoa.net
127.0.0.1 cflaoa.tk
127.0.0.1 cflaoa.tk
127.0.0.1 www.xiaorouqing.com
127.0.0.1 www.xiaorouqing.com
127.0.0.1 www.xiaorouqing.tk
127.0.0.1 www.xiaorouqing.tk
127.0.0.1 www.xiaorouqing.net
127.0.0.1 www.xiaorouqing.net
127.0.0.1 www.xiaorouqing.cn
127.0.0.1 www.xiaorouqing.cn
127.0.0.1 www.xiaorouqing.cc
127.0.0.1 www.xiaorouqing.cc
127.0.0.1 xiaorouqing.com
127.0.0.1 xiaorouqing.com
127.0.0.1 xiaorouqing.tk
127.0.0.1 xiaorouqing.tk
127.0.0.1 xiaorouqing.net
127.0.0.1 xiaorouqing.net
127.0.0.1 xiaorouqing.cn
127.0.0.1 xiaorouqing.cn
127.0.0.1 xiaorouqing.cc
127.0.0.1 xiaorouqing.cc
127.0.0.1 www.cffefa.com
127.0.0.1 www.cffefa.com
127.0.0.1 www.cffefa.cc
127.0.0.1 www.cffefa.cc
127.0.0.1 www.cffefa.cn
127.0.0.1 www.cffefa.cn
127.0.0.1 www.cffefa.net
127.0.0.1 www.cffefa.net
127.0.0.1 www.cffefa.tk
127.0.0.1 www.cffefa.tk
127.0.0.1 cffefa.com
127.0.0.1 cffefa.com
127.0.0.1 cffefa.cc
127.0.0.1 cffefa.cc
127.0.0.1 cffefa.cn
127.0.0.1 cffefa.cn
127.0.0.1 cffefa.net
127.0.0.1 cffefa.net
127.0.0.1 cffefa.tk
127.0.0.1 cffefa.tk
127.0.0.1 www.fbfz.in
127.0.0.1 www.fbfz.in
127.0.0.1 www.fbfz.com
127.0.0.1 www.fbfz.com
127.0.0.1 www.fbfz.net
127.0.0.1 www.fbfz.net
127.0.0.1 www.fbfz.cn
127.0.0.1 www.fbfz.cn
127.0.0.1 www.fbfz.cc
127.0.0.1 www.fbfz.cc
127.0.0.1 www.fbfz.tk
127.0.0.1 www.fbfz.tk
127.0.0.1 www.cfhuacai.in
127.0.0.1 www.cfhuacai.in
127.0.0.1 www.cfhuacai.com
127.0.0.1 www.cfhuacai.com
127.0.0.1 www.cfhuacai.cc
127.0.0.1 www.cfhuacai.cc
127.0.0.1 www.cfhuacai.net
127.0.0.1 www.cfhuacai.net
127.0.0.1 www.cfhuacai.cn
127.0.0.1 www.cfhuacai.cn
127.0.0.1 www.cfhuacai.tk
127.0.0.1 www.cfhuacai.tk
127.0.0.1 fbfz.in
127.0.0.1 fbfz.in
127.0.0.1 fbfz.com
127.0.0.1 fbfz.com
127.0.0.1 fbfz.net
127.0.0.1 fbfz.net
127.0.0.1 fbfz.cn
127.0.0.1 fbfz.cn
127.0.0.1 fbfz.cc
127.0.0.1 fbfz.cc
127.0.0.1 fbfz.tk
127.0.0.1 fbfz.tk
127.0.0.1 cfhuacai.in
127.0.0.1 cfhuacai.in
127.0.0.1 cfhuacai.com
127.0.0.1 cfhuacai.com
127.0.0.1 cfhuacai.cc
127.0.0.1 cfhuacai.cc
127.0.0.1 cfhuacai.net
127.0.0.1 cfhuacai.net
127.0.0.1 cfhuacai.cn
127.0.0.1 cfhuacai.cn
127.0.0.1 cfhuacai.tk
127.0.0.1 cfhuacai.tk
127.0.0.1 www.cfmomi.com
127.0.0.1 www.cfmomi.com
127.0.0.1 www.cfmomi.net
127.0.0.1 www.cfmomi.net
127.0.0.1 www.cfmomi.cc
127.0.0.1 www.cfmomi.cc
127.0.0.1 www.cfmomi.cn
127.0.0.1 www.cfmomi.cn
127.0.0.1 www.cfmomi.tk
127.0.0.1 www.cfmomi.tk
127.0.0.1 cfmomi.com
127.0.0.1 cfmomi.com
127.0.0.1 cfmomi.net
127.0.0.1 cfmomi.net
127.0.0.1 cfmomi.cc
127.0.0.1 cfmomi.cc
127.0.0.1 cfmomi.cn
127.0.0.1 cfmomi.cn
127.0.0.1 cfmomi.tk
127.0.0.1 cfmomi.tk
127.0.0.1 cfdfsy.com
127.0.0.1 cfdfsy.com
127.0.0.1 cfdfsy.net
127.0.0.1 cfdfsy.net
127.0.0.1 cfdfsy.cc
127.0.0.1 cfdfsy.cc
127.0.0.1 cfdfsy.tk
127.0.0.1 cfdfsy.tk
127.0.0.1 cfdfsy.cn
127.0.0.1 cfdfsy.cn
127.0.0.1 www.cfdfsy.com
127.0.0.1 www.cfdfsy.com
127.0.0.1 www.cfdfsy.net
127.0.0.1 www.cfdfsy.net
127.0.0.1 www.cfdfsy.cc
127.0.0.1 www.cfdfsy.cc
127.0.0.1 www.cfdfsy.tk
127.0.0.1 www.cfdfsy.tk
127.0.0.1 www.cfdfsy.cn
127.0.0.1 www.cfdfsy.cn
127.0.0.1 cfshuye.com
127.0.0.1 cfshuye.com
127.0.0.1 cfshuye.net
127.0.0.1 cfshuye.net
127.0.0.1 cfshuye.cc
127.0.0.1 cfshuye.cc
127.0.0.1 cfshuye.tk
127.0.0.1 cfshuye.tk
127.0.0.1 cfshuye.cn
127.0.0.1 cfshuye.cn
127.0.0.1 www.cfshuye.com
127.0.0.1 www.cfshuye.com
127.0.0.1 www.cfshuye.net
127.0.0.1 www.cfshuye.net
127.0.0.1 www.cfshuye.cc
127.0.0.1 www.cfshuye.cc
127.0.0.1 www.cfshuye.tk
127.0.0.1 www.cfshuye.tk
127.0.0.1 www.cfshuye.cn
127.0.0.1 www.cfshuye.cn
127.0.0.1 www.cftianyue.com
127.0.0.1 www.cftianyue.com
127.0.0.1 www.cftianyue.cn
127.0.0.1 www.cftianyue.cn
127.0.0.1 www.cftianyue.net
127.0.0.1 www.cftianyue.net
127.0.0.1 www.cftianyue.cc
127.0.0.1 www.cftianyue.cc
127.0.0.1 www.cftianyue.tk
127.0.0.1 www.cftianyue.tk
127.0.0.1 cftianyue.com
127.0.0.1 cftianyue.com
127.0.0.1 cftianyue.tk
127.0.0.1 cftianyue.tk
127.0.0.1 cftianyue.cn
127.0.0.1 cftianyue.cn
127.0.0.1 cftianyue.net
127.0.0.1 cftianyue.net
127.0.0.1 cftianyue.cc
127.0.0.1 cftianyue.cc
127.0.0.1 www.tatplay.com
127.0.0.1 www.tatplay.com
127.0.0.1 www.tatplay.cn
127.0.0.1 www.tatplay.cn
127.0.0.1 www.tatplay.tk
127.0.0.1 www.tatplay.tk
127.0.0.1 www.tatplay.cc
127.0.0.1 www.tatplay.cc
127.0.0.1 www.tatplay.net
127.0.0.1 www.tatplay.net
127.0.0.1 bbs.tatplay.com
127.0.0.1 bbs.tatplay.com
127.0.0.1 bbs.tatplay.cn
127.0.0.1 bbs.tatplay.cn
127.0.0.1 bbs.tatplay.tk
127.0.0.1 bbs.tatplay.tk
127.0.0.1 bbs.tatplay.cc
127.0.0.1 bbs.tatplay.cc
127.0.0.1 bbs.tatplay.net
127.0.0.1 bbs.tatplay.net
127.0.0.1 tatplay.com
127.0.0.1 tatplay.com
127.0.0.1 tatplay.cn
127.0.0.1 tatplay.cn
127.0.0.1 tatplay.tk
127.0.0.1 tatplay.tk
127.0.0.1 tatplay.cc
127.0.0.1 tatplay.cc
127.0.0.1 tatplay.net
127.0.0.1 tatplay.net
'YY.exe
'YY.exe
Adobe Photoshop CS3 Windows
Adobe Photoshop CS3 Windows
2013:09:26 20:56:27
2013:09:26 20:56:27
urlTEXT
urlTEXT
MsgeTEXT
MsgeTEXT
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.276720, Mon Feb 19 2007 22:40:08 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xap="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xap:CreateDate="2013-09-26T20:56:27 08:00" xap:ModifyDate="2013-09-26T20:56:27 08:00" xap:MetadataDate="2013-09-26T20:56:27 08:00" xap:CreatorTool="Adobe Photoshop CS3 Windows" dc:format="image/jpeg" photoshop:ColorMode="3" photoshop:History="" xapMM:InstanceID="uuid:0A144EB3AA26E3118262B844B94F4813" xapMM:DocumentID="uuid:09144EB3AA26E3118262B844B94F4813" tiff:Orientation="1" tiff:XResolution="720000/10000" tiff:YResolution="720000/10000" tiff:ResolutionUnit="2" tiff:NativeDigest="256,257,258,259,262,274,277,284,530,531,282,283,296,301,318,319,529,532,306,270,271,272,305,315,33432;F3F29DA335145A2570D291A0B6F362F1" exif:PixelXDimension="400" exif:PixelYDimension="250" exif:ColorSpace="-1" exif:NativeDigest="36864,40960,40961,37121,37122,40962,40963,37510,40964,36867,36868,33434,33437,34850,34852,34855,34856,37377,37378,37379,37380,37381,37382,37383,37384,37385,37386,37396,41483,41484,41486,41487,41488,41492,41493,41495,41728,41729,41730,41985,41986,41987,41988,41989,41990,41991,41992,41993,41994,41995,41996,42016,0,2,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,20,22,23,24,25,26,27,28,30;EAFD8F8AB8C441B45500F336A809FC7C"> <xapMM:DerivedFrom rdf:parseType="Resource" /> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.276720, Mon Feb 19 2007 22:40:08 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xap="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xap:CreateDate="2013-09-26T20:56:27 08:00" xap:ModifyDate="2013-09-26T20:56:27 08:00" xap:MetadataDate="2013-09-26T20:56:27 08:00" xap:CreatorTool="Adobe Photoshop CS3 Windows" dc:format="image/jpeg" photoshop:ColorMode="3" photoshop:History="" xapMM:InstanceID="uuid:0A144EB3AA26E3118262B844B94F4813" xapMM:DocumentID="uuid:09144EB3AA26E3118262B844B94F4813" tiff:Orientation="1" tiff:XResolution="720000/10000" tiff:YResolution="720000/10000" tiff:ResolutionUnit="2" tiff:NativeDigest="256,257,258,259,262,274,277,284,530,531,282,283,296,301,318,319,529,532,306,270,271,272,305,315,33432;F3F29DA335145A2570D291A0B6F362F1" exif:PixelXDimension="400" exif:PixelYDimension="250" exif:ColorSpace="-1" exif:NativeDigest="36864,40960,40961,37121,37122,40962,40963,37510,40964,36867,36868,33434,33437,34850,34852,34855,34856,37377,37378,37379,37380,37381,37382,37383,37384,37385,37386,37396,41483,41484,41486,41487,41488,41492,41493,41495,41728,41729,41730,41985,41986,41987,41988,41989,41990,41991,41992,41993,41994,41995,41996,42016,0,2,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,20,22,23,24,25,26,27,28,30;EAFD8F8AB8C441B45500F336A809FC7C"> <xapMM:DerivedFrom rdf:parseType="Resource" /> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>
l%c$j
l%c$j
c~HHO%s2
c~HHO%s2
%U%2L
%U%2L
o%U]5:
o%U]5:
ej*%Xi4/
ej*%Xi4/
%8um6
%8um6
#w .Xq
#w .Xq
\cksougou.ime
\cksougou.ime
cksougou.ime
cksougou.ime
tenox.dll
tenox.dll
\tenox.dll
\tenox.dll
iexplore.exe
iexplore.exe
.Affffff
.Affffff
'9)%x
'9)%x
1092582854@qq.com
1092582854@qq.com
_(S.eh^
_(S.eh^
_(S.eh
_(S.eh
_(S.eh^r
_(S.eh^r
_(S.eh^ZJ
_(S.eh^ZJ
_(S.eh^t_
_(S.eh^t_
_(S.eh^r8
_(S.eh^r8
_(S.eh^r`
_(S.eh^r`
_(S.eh^r_
_(S.eh^r_
`).xO
`).xO
`U.xO
`U.xO
_(S.eh^rg
_(S.eh^rg
``.xO
``.xO
_(S.eh^r=
_(S.eh^r=
_(S.eh^ZX
_(S.eh^ZX
Z.jH}`
Z.jH}`
UH}`_G~`_.xO
UH}`_G~`_.xO
_(S.eh^ro
_(S.eh^ro
`-H}`4,Pg
`-H}`4,Pg
_(S.eh^ZW
_(S.eh^ZW
`-H}`
`-H}`
G~`-H}`a
G~`-H}`a
`-H}`*
`-H}`*
`c.xO
`c.xO
H}`3.xO
H}`3.xO
`/.xO
`/.xO
F~`ZH}`$.xO
F~`ZH}`$.xO
_(S.eh^t`
_(S.eh^t`
g.Ph"5
g.Ph"5
.glUr
.glUr
g]/%d
g]/%d
Pk.mE".
Pk.mE".
s.Gat
s.Gat
.ovMFH$UE
.ovMFH$UE
s.VlO&_
s.VlO&_
h".Vi
h".Vi
OC].Rf
OC].Rf
.w.wg
.w.wg
0`fI
0`fI
!s.bg
!s.bg
.wFwy
.wFwy
p`G%U
p`G%U
ð"Z
ð"Z
.wv46T2{
.wv46T2{
.klV&
.klV&
.glUR
.glUR
.gY^y
.gY^y
t%DMoY^
t%DMoY^
/Y^y|%DMo
/Y^y|%DMo
k.GBL
k.GBL
%F"HK
%F"HK
%F"HW
%F"HW
gW.Rn
gW.Rn
Ro.mi
Ro.mi
M.GfO
M.GfO
Oo.lz
Oo.lz
bc.gp
bc.gp
.clO>
.clO>
Zt`.Pb
Zt`.Pb
Oo.Uh"
Oo.Uh"
e%sB_
e%sB_
e%sB_0Ui
e%sB_0Ui
a.Pt`
a.Pt`
.glUB
.glUB
>a.Ph!
>a.Ph!
M[c.lz
M[c.lz
%ubH7
%ubH7
Kernel32.dll
Kernel32.dll
ntdll.dll
ntdll.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
MapVirtualKeyA
MapVirtualKeyA
@\\.\\MemWrite
@\\.\\MemWrite
PV-AXE.LTB
PV-AXE.LTB
z?.py
z?.py
@PV-AXE_BL.LTB
@PV-AXE_BL.LTB
.Yy?#M<<[[ ?r5
.Yy?#M<<[[ ?r5
'?%XP?:
'?%XP?:
'?%XP?
'?%XP?
K.?%u
K.?%u
pv-axe.ltb
pv-axe.ltb
PV-AXE_GR.LTB
PV-AXE_GR.LTB
>.tA?
>.tA?
PV-AXE_WOMAN_BL.LTB
PV-AXE_WOMAN_BL.LTB
>r.OA
>r.OA
PV-AXE_WOMAN_GR.LTB
PV-AXE_WOMAN_GR.LTB
EX?%x
EX?%x
PV-KNIFE.LTB
PV-KNIFE.LTB
A%uN?
A%uN?
.py=h
.py=h
S.PHx^
S.PHx^
PV-KNIFE_BL.LTB
PV-KNIFE_BL.LTB
pv-Knife.ltb
pv-Knife.ltb
PV-KNIFE_GR.LTB
PV-KNIFE_GR.LTB
@0/ ?'3"?
@0/ ?'3"?
PV-KNIFE_WOMAN_BL.LTB
PV-KNIFE_WOMAN_BL.LTB
?.TK@
?.TK@
]=(-(?`9-@
]=(-(?`9-@
PV-KNIFE_WOMAN_GR.LTB
PV-KNIFE_WOMAN_GR.LTB
PV-MI_KERIS.LTB
PV-MI_KERIS.LTB
@PV-MI_KERIS_BL.LTB
@PV-MI_KERIS_BL.LTB
PV-MI_Keris.ltb
PV-MI_Keris.ltb
PV-MI_KERIS_GR.LTB
PV-MI_KERIS_GR.LTB
PV-MI_KERIS_WOMAN_BL.LTB
PV-MI_KERIS_WOMAN_BL.LTB
PV-MI_KERIS_WOMAN_GR.LTB
PV-MI_KERIS_WOMAN_GR.LTB
PV-MI_KUCRI.LTB
PV-MI_KUCRI.LTB
<02@`"~>
<02@`"~>
PV-MI_KUCRI_BL.LTB
PV-MI_KUCRI_BL.LTB
PV-MI_kucri.ltb
PV-MI_kucri.ltb
PV-MI_KUCRI_GR.LTB
PV-MI_KUCRI_GR.LTB
PV-MI_KUCRI_WOMAN_BL.LTB
PV-MI_KUCRI_WOMAN_BL.LTB
PV-MI_KUCRI_WOMAN_GR.LTB
PV-MI_KUCRI_WOMAN_GR.LTB
PV-SHOVEL.LTB
PV-SHOVEL.LTB
PV-SHOVEL_BL.LTB
PV-SHOVEL_BL.LTB
pv-shovel.ltb
pv-shovel.ltb
PV-SHOVEL_GR.LTB
PV-SHOVEL_GR.LTB
PV-SHOVEL_WOMAN_BL.LTB
PV-SHOVEL_WOMAN_BL.LTB
PV-SHOVEL_WOMAN_GR.LTB
PV-SHOVEL_WOMAN_GR.LTB
PV-BROKENKUKRI_REDCRYSTAL.LTB
PV-BROKENKUKRI_REDCRYSTAL.LTB
@1026072572
@1026072572
1026072572
1026072572
(v1.0).txt
(v1.0).txt
ZwReadVirtualMemorykernel32.dll
ZwReadVirtualMemorykernel32.dll
-1957298293
-1957298293
?\lpk.dll0@
?\lpk.dll0@
s %d. (0x%Xh
s %d. (0x%Xh
%fI64d
%fI64d
bB%U.a
bB%U.a
a`y|'".nT
a`y|'".nT
_d.vy'
_d.vy'
}>.tex
}>.tex
.UPX0
.UPX0
KERNEL32.DLL
KERNEL32.DLL
MSVCRT.dll
MSVCRT.dll
USER32.dll
USER32.dll
lpk.dll
lpk.dll
%WinDir%\rwts.dll
%WinDir%\rwts.dll
C:WINDOWS\rwts.dll
C:WINDOWS\rwts.dll
Www.cfyuanji.Cc YY14268
Www.cfyuanji.Cc YY14268
Super-EChttp://www.super-ec.cnhttp://www.eyybc.com/forum-17-1.html/forum-12-1.html/memcp.php/ip.asp/time.asp/gonggao.txt/ec-user6.php/ec-bd.php/ec-jh.php
Super-EChttp://www.super-ec.cnhttp://www.eyybc.com/forum-17-1.html/forum-12-1.html/memcp.php/ip.asp/time.asp/gonggao.txt/ec-user6.php/ec-bd.php/ec-jh.php
http://www.super-ec.cn
http://www.super-ec.cn
<input type="text" name="field_2new" size="25" value="" disabled class="txt" />" class="txt" />Function Getcpuid()
<input type="text" name="field_2new" size="25" value="" disabled class="txt" />" class="txt" />Function Getcpuid()
Set cpuSet = GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf("Win32_Processor")
Set cpuSet = GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf("Win32_Processor")
getcpuid=cpu.ProcessorId
getcpuid=cpu.ProcessorId
psapi.dll
psapi.dll
@winmm.dll
@winmm.dll
W:Www.Cfyuanji.Cc
W:Www.Cfyuanji.Cc
vs.3.sw
vs.3.sw
vs.2.sw
vs.2.sw
ps.3.sw
ps.3.sw
ps.2.sw
ps.2.sw
Corrupt JPEG data: found marker 0xx instead of RST%d
Corrupt JPEG data: found marker 0xx instead of RST%d
Warning: unknown JFIF revision number %d.d
Warning: unknown JFIF revision number %d.d
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Inconsistent progression sequence for component %d coefficient %d
Inconsistent progression sequence for component %d coefficient %d
Unknown Adobe color transform code %d
Unknown Adobe color transform code %d
Obtained XMS handle %u
Obtained XMS handle %u
Freed XMS handle %u
Freed XMS handle %u
Unrecognized component IDs %d %d %d, assuming YCbCr
Unrecognized component IDs %d %d %d, assuming YCbCr
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
Opened temporary file %s
Opened temporary file %s
Closed temporary file %s
Closed temporary file %s
Ss=%d, Se=%d, Ah=%d, Al=%d
Ss=%d, Se=%d, Ah=%d, Al=%d
Component %d: dc=%d ac=%d
Component %d: dc=%d ac=%d
Start Of Scan: %d components
Start Of Scan: %d components
Component %d: %dhx%dv q=%d
Component %d: %dhx%dv q=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Smoothing not supported with nonstandard sampling ratios
Smoothing not supported with nonstandard sampling ratios
RST%d
RST%d
At marker 0xx, recovery action %d
At marker 0xx, recovery action %d
Selected %d colors for quantization
Selected %d colors for quantization
Quantizing to %d colors
Quantizing to %d colors
Quantizing to %d = %d*%d*%d colors
Quantizing to %d = %d*%d*%d colors
%4u %4u %4u %4u %4u %4u %4u %4u
%4u %4u %4u %4u %4u %4u %4u %4u
Unexpected marker 0xx
Unexpected marker 0xx
Miscellaneous marker 0xx, length %u
Miscellaneous marker 0xx, length %u
with %d x %d thumbnail image
with %d x %d thumbnail image
JFIF extension marker: type 0xx, length %u
JFIF extension marker: type 0xx, length %u
Warning: thumbnail image size does not match data length %u
Warning: thumbnail image size does not match data length %u
JFIF APP0 marker: version %d.d, density %dx%d %d
JFIF APP0 marker: version %d.d, density %dx%d %d
= = = = = = = =
= = = = = = = =
Obtained EMS handle %u
Obtained EMS handle %u
Freed EMS handle %u
Freed EMS handle %u
Define Restart Interval %u
Define Restart Interval %u
Define Quantization Table %d precision %d
Define Quantization Table %d precision %d
Define Huffman Table 0xx
Define Huffman Table 0xx
Define Arithmetic Table 0xx: 0xx
Define Arithmetic Table 0xx: 0xx
Unknown APP14 marker (not Adobe), length %u
Unknown APP14 marker (not Adobe), length %u
Unknown APP0 marker (not JFIF), length %u
Unknown APP0 marker (not JFIF), length %u
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Unsupported marker type 0xx
Unsupported marker type 0xx
Failed to create temporary file %s
Failed to create temporary file %s
Unsupported JPEG process: SOF type 0xx
Unsupported JPEG process: SOF type 0xx
Cannot quantize to more than %d colors
Cannot quantize to more than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize more than %d color components
Cannot quantize more than %d color components
Insufficient memory (case %d)
Insufficient memory (case %d)
Not a JPEG file: starts with 0xx 0xx
Not a JPEG file: starts with 0xx 0xx
Quantization table 0xx was not defined
Quantization table 0xx was not defined
Huffman table 0xx was not defined
Huffman table 0xx was not defined
Backing store not supported
Backing store not supported
Cannot transcode due to multiple use of quantization table %d
Cannot transcode due to multiple use of quantization table %d
Maximum supported image dimension is %u pixels
Maximum supported image dimension is %u pixels
Empty JPEG image (DNL not supported)
Empty JPEG image (DNL not supported)
Bogus DQT index %d
Bogus DQT index %d
Bogus DHT index %d
Bogus DHT index %d
Bogus DAC value 0x%x
Bogus DAC value 0x%x
Bogus DAC index %d
Bogus DAC index %d
Unsupported color conversion request
Unsupported color conversion request
Too many color components: %d, max %d
Too many color components: %d, max %d
Buffer passed to JPEG library is too small
Buffer passed to JPEG library is too small
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
Improper call to JPEG library in state %d
Improper call to JPEG library in state %d
Invalid scan script at entry %d
Invalid scan script at entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Unsupported JPEG data precision %d
Unsupported JPEG data precision %d
Invalid memory pool code %d
Invalid memory pool code %d
Wrong JPEG library version: library is %d, caller expects %d
Wrong JPEG library version: library is %d, caller expects %d
IDCT output block size %d not supported
IDCT output block size %d not supported
Invalid component ID %d in SOS
Invalid component ID %d in SOS
Bogus message code %d
Bogus message code %d
0123456789ABCDEF1.0.5
0123456789ABCDEF1.0.5
inflate 1.1.4 Copyright 1995-2002 Mark Adler
inflate 1.1.4 Copyright 1995-2002 Mark Adler
F%*.*f
F%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
iphlpapi.dll
iphlpapi.dll
SHLWAPI.dll
SHLWAPI.dll
MPR.dll
MPR.dll
WINMM.dll
WINMM.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
GetProcessHeap
GetProcessHeap
WinExec
WinExec
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
RegisterHotKey
RegisterHotKey
UnregisterHotKey
UnregisterHotKey
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
COMCTL32.dll
COMCTL32.dll
WININET.dll
WININET.dll
GetCPInfo
GetCPInfo
CreateDialogIndirectParamA
CreateDialogIndirectParamA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
comdlg32.dll
comdlg32.dll
DLL.dll
DLL.dll
N>_.Pe_
N>_.Pe_
_!.Mo
_!.Mo
_%xMo
_%xMo
yMo5.Mo
yMo5.Mo
yMo!.Mo
yMo!.Mo
-Mo).Mo
-Mo).Mo
-Mo!.Mo
-Mo!.Mo
`.rdata
`.rdata
@.reloc
@.reloc
^}•D
^}•D
IMM32.dll
IMM32.dll
imehost.dll
imehost.dll
ImeProcessKey
ImeProcessKey
Windows
Windows
:):3:9:|:
:):3:9:|:
= =$=(=,=0=4=8=
= =$=(=,=0=4=8=
? ?$?(?,?
? ?$?(?,?
FucK_Tp.sys
FucK_Tp.sys
ntoskrnl.lib
ntoskrnl.lib
hal.lib
hal.lib
%*.*f
%*.*f
MemoryDriver.sys
MemoryDriver.sys
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
User32.dll
User32.dll
Gdi32.dll
Gdi32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
(%d-%d):
(%d-%d):
%ld%c
%ld%c
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÁ
zcÁ
#include "l.chs\afxres.rc" // Standard components
#include "l.chs\afxres.rc" // Standard components
7!8 808:8
7!8 808:8
5 5$5(5,50545
5 5$5(5,50545
8 8$8(8,8084888<8
8 8$8(8,8084888<8
7 7$7(7,707
7 7$7(7,707
/ctfmon.exe
/ctfmon.exe
/CFJuhua.dll
/CFJuhua.dll
@.vmp0
@.vmp0
`.vmp1
`.vmp1
`.tls
`.tls
.vmp2
.vmp2
.reloc
.reloc
1:OLEAUT32.dll
1:OLEAUT32.dll
$Iw.PFY?
$Iw.PFY?
()|x%4U
()|x%4U
i9?.lv
i9?.lv
X%cqt(
X%cqt(
<cFO><pre>ai.mBs</pre><pre>w6.Ue</pre><pre>?HWINSPOOL.DRV</pre><pre>|As.ol</pre><pre>TW1G%C</pre><pre>{.bd7V</pre><pre>The procedure entry point %c could not be located in the dynamic link library %s</pre><pre>PSAPI.DLL</pre><pre>Wood.dll</pre><pre>.jKl&/</pre><pre>.bc#l</pre><pre>]P.zO5</pre><pre>%9xjD</pre><pre>.DmrG</pre><pre>~pP%d</pre><pre>vT%C)i</pre><pre>Aa%X/</pre><pre>0.GAi</pre><pre>~G.BY</pre><pre>M.hWwY</pre><pre>.MHxl</pre><pre>Y%dr^i</pre><pre>%c~ F</pre><pre>m.ddd</pre><pre>]%4uj</pre><pre>l.fmd</pre><pre>W:\PDv@m</pre><pre>_%SDg</pre><pre>?.sY=</pre><pre>sMv%f</pre><pre>Wi1!.hb"</pre><pre>5I.Ww</pre><pre>b%S((</pre><pre>Vsql(y</pre><pre>].ZVfj;</pre><pre>:_E%Cv9</pre><pre>TR.UatF<</pre><pre>.HJPPO</pre><pre>B.gjs</pre><pre>lWU%S;</pre><pre>k.Ohg(|</pre><pre>ks!.KM.</pre><pre>F.Nt^;</pre><pre>%fXb<O><pre>.zIqv|</pre><pre>O.ld,</pre><pre>T'È'</pre><pre>T%uE*</pre><pre>y|w%D</pre><pre>%6s"[</pre><pre>6 .sFe</pre><pre>s%ckvH*</pre><pre>l.Qi9</pre><pre>BØt</pre><pre>%UjU^</pre><pre>!.xr[</pre><pre>‘sSw</pre><pre>^GDI32.dll</pre><pre>j.BmJS</pre><pre>The ordinal %u could not be located in the dynamic link library %s</pre><pre>{S.BV0</pre><pre>`.data</pre><pre>MSVBVM60.DLL</pre><pre>VB5!6&vb6chs.dll</pre><pre>D:\VB</pre><pre>Visual Basic 6.0\VB6.OLB</pre><pre>\1.jpg</pre><pre>smtp.163.com</pre><pre>cfyuanji@163.com</pre><pre>title windows</pre><pre>del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"</pre><pre>del /f /s /q "%userprofile%\Local Settings\Temp\*.*"</pre><pre>*.tmp *._tmp *.log *.chk *.old</pre><pre>del /f /s /q %systemdrive%\*.tmp</pre><pre>del /f /s /q %systemdrive%\*._mp</pre><pre>del /f /s /q %systemdrive%\*.log</pre><pre>del /f /s /q %systemdrive%\*.gid</pre><pre>del /f /s /q %systemdrive%\*.chk</pre><pre>del /f /s /q %systemdrive%\*.old</pre><pre>del /f /s /q %systemdrive%\recycled\*.*</pre><pre>del /f /s /q %windir%\*.bak</pre><pre>del /f /s /q %windir%\prefetch\*.*</pre><pre>rem del /f /q %userprofile%\COOKIES s\*.*</pre><pre>rem del /f /q %userprofile%\recent\*.*</pre><pre>%windir%\system32\sfc.exe /purgecache</pre><pre>%windir%\system32\defrag.exe %systemdrive% -b</pre><pre>echo. & pause %WinDir%\windows</pre><pre>http://www.789pan.com/16277</pre><pre>{B96B3CAB-0728-11D3-9D7B-0000F81EF32E}</pre><pre>imm32.dll</pre><pre>Keyboard Layout</pre><pre>Keyboard Layout\Preload</pre><pre>RASAPI32.dll</pre><pre>GetWindowsDirectoryA</pre><pre>oledlg.dll</pre><pre>WSOCK32.dll</pre><pre>HttpQueryInfoA</pre><pre>HttpSendRequestA</pre><pre>HttpOpenRequestA</pre><pre>InternetCrackUrlA</pre><pre>InternetCanonicalizeUrlA</pre><pre>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)</pre><pre>HTTP/1.0</pre><pre>%s <%s></pre><pre>Reply-To: %s</pre><pre>From: %s</pre><pre>To: %s</pre><pre>Subject: %s</pre><pre>Date: %s</pre><pre>Cc: %s</pre><pre>%a, %d %b %Y %H:%M:%S</pre><pre>HELO %s</pre><pre>SMTP</pre><pre>AUTH LOGIN</pre><pre>LOGIN</pre><pre>AUTH=LOGIN</pre><pre>EHLO %s</pre><pre>Content-Type: application/octet-stream; name=%s</pre><pre>Content-Disposition: attachment; filename=%s</pre><pre>MAIL FROM:<%s></pre><pre>RCPT TO:<%s></pre><pre>1.1.3</pre><pre>;3 #>6.&</pre><pre>'2, / 0&7!4-)1#</pre><pre>www.dywt.com.cn</pre><pre>(*.htm;*.html)|*.htm;*.html</pre><pre>.PAVCOleException@@</pre><pre>.PAVCOleDispatchException@@</pre><pre>2aef5705036754cf43.exe</pre><pre>c:\%original file name%.exe</pre><pre>!("'($"(%$(&</pre><pre>.- -, *)</pre><pre>,(-(, /.0./)0</pre><pre>/ .0)-.)43<2</pre><pre>* >>J*,*K,LM,N.-.OPA-1QBB012RST12UVWX2Y3Z[\D34]^_345`ab45c566Cd60BBC6GEef2G<G221> )=h-AAijkl??Hm?=))H?I/@@FIpqnnoprsqqpr</G221></pre><pre>0 .HI. -/</pre><pre>./0!1 %%</pre><pre>6.-.7 ,8</pre><pre><?>9873.?3/.321/310/1<</pre><pre>PRSSQPR@CCSRABCC@ADEBBADFGEEDFHIGGFHJKIIHJLMKKJLNOMMLNPQOONP,-AA@,-DA-FD-%F%HF%JH*LJJ%**NL*PN,@RP*,P,R:9IIK:<QS><pre>T?.TY?Tfed?YV>?Vj</pre><pre>!%&&"!"&''#"</pre><pre>%)**&%&*</pre><pre>1;<<212<</pre><pre>0 .GH. -/</pre><pre>2 ,,02"#$ !" "$012()* </pre><pre>(* ( &'($%&$&($( 5</pre><pre>5.-.6 ,7</pre><pre>#>&! ?@/!</pre><pre>4/005472//476122763.1163</pre><pre>>%&&=>=&</pre><pre> * *) 6,wxy6z{443|-/55.-.617/4/-334/.5,,6.7055/70,512--.123-B}~</pre><pre>90/0:-.;</pre><pre>1, 0, 0, 1</pre><pre>imedllhost09.ime</pre><pre>(*.*)</pre><pre>1.exe</pre><b>%original file name%.exe_1236_rwx_00401000_000EA000:</b><pre>t$(SSh</pre><pre>~%UVW</pre><pre>u$SShe</pre></pre></QS></pre></pre></O></pre></pre></cFO>