Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 2e993dc30380f20b12218971eb8f61c2 --

Hashes
MD5: 2e993dc30380f20b12218971eb8f61c2
SHA1: 9eae161118dfb5b37d7a4516199a638b13dd8e44
SHA256: e03b32fbb68c5d0b5185d1e2b9d4c5bcba11bf2a3d3cd7e2a54729e7637ad22c
SSDEEP: 12288:tz2Ioicu1Pv3wQQfnKbjPXXK6bETpNoyc:tz2Ioicu1PvAQQfK/PXXK6b+Iyc
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/WMI_strings | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/antisb_threatExpert | YRP/create_com_service | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/MD5_Constants | YRP/Str_Win32_Http_API |
Parent Files
0146b14dea4e6241e2b42e933a712b18
Strings
		!This program cannot be run in DOS mode.
g+Rich
`.rdata
@.data
.pdata
@_ht_set_
gsh1are
@.reloc
L$0H9{
L$0H9o
|$ ATH
C`Hc8H
C H+8H
UWATAUAVH
A^A]A\_]
UATAUH
W L9"u
GXL9gHu
|$ ATH
@VWATH
f9+uJH
fffffff
t$ ATH
l$0rHH
@SVATH
SVWATH
HA\_^[
SVWATAUH
@A]A\_^[
@UVWATAUH
D$pHcH
D$pHcH
D$pHcH
D$pHcH
A]A\_^]
@UVWATAUAVAWH
D$PHcH
D$PHcH
D$PHcH
D$PHcH
D$PHcH
A_A^A]A\_^]
SVWATAUAVH
HA^A]A\_^[
@SUATH
SUVWATAUAVH
|$xffff
H;(u,A
0A^A]A\_^][
2333333
D$@L;D$Hu
@SVATH
D$@L;D$Hu
\$@r	H
|$ r	H
D$0HcH
D$0HcH
SUVWATAUAVH
|$xffff
L; u,A
0A^A]A\_^][
TUUUUUU
VWATAUAVH
@A^A]A\_^
VWATAUAVH
@A^A]A\_^
@UVWATAUH
A]A\_^]
CL$(I;
UWATAUAVH
A^A]A\_]
L$0H9w
Lc\$HM
|$ Hcq
VWATAUAVH
@A^A]A\_^
E0H9u u
D$PHcH
SVWATAUH
pA]A\_^[
VWATAUAVH
pA^A]A\_^
l$@fE;
C`Hc8H
M9Qpv)I9Ips
@USVWATAUAVAWH
A_A^A]A\_^[]
@SUVWATAUH
A]A\_^][
@SUVWATAUH
A]A\_^][
@USVWATAUAVAWH
CHL90t
C`D90~
CHH98t"H
A_A^A]A\_^[]
@USVWATAUAVAWH
<+t <-t
A_A^A]A\_^[]
@SUVWH
D$hL90t
A`D90~
SUVWATAUAVAWH
D$0L9(t
C`D9(~
xA_A^A]A\_^][
WATAUAVAWH
@A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
VWATAUAVH
@A^A]A\_^
VWATAUAVH
@A^A]A\_^
UVWATAUAVAWH
@A_A^A]A\_^]
@SVWATH
i(ffff
HA\_^[
t$ ATH
l$ VWATH
l$ VWAUH
L$0H9o
t$ ATH
UATAWH
D$@HcH
VWATAUAVH
pA^A]A\_^
@USVWATAUAVAWH
A_A^A]A\_^[]
@SUVWATAUH
A]A\_^][
@SUVWATAUH
A]A\_^][
UVWATAUAVAWH
CHL9(t"H
C`D9(~
CHH90t!H
A_A^A]A\_^]
@UVWATAUAVAWH
<+t <-t
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
SVWATAUAVAWH
PA_A^A]A\_^[
WATAUH
0A]A\_
@UVWATAUAVAWH
|$ H;|$0sFM
A_A^A]A\_^]
@UVWATAUAVAWH
L$ L;y
A_A^A]A\_^]
@UVWATAUAVAWH
gfffffffH
gfffffffH
gfffffffH
gfffffffH
D9l$Dv
gfffffffH
gfffffffH
A_A^A]A\_^]
D$`HcH
gfffffffH
\$ UVWH
UHH;U0
H9q t\f
gfffffffL+
fffffff
|$ ATH
H9A0w#H
KHH;K0r
@WATAUH
fffffff
gfffffffI
@A]A\_
HcT$0H
HcD$$H;C
HcL$,Hc
HcL$$H;K
HcT$0H
fffffff
@SUVATAUAVAWH
HcT$xH;S
Dl$pHc
0A_A^A]A\^][
SUWATH
8A\_][
8A\_][
8A\_][
SWATAWH
(A_A\_[
@UWAUH
t=</t9H
@VWATH
gfffffffH
@WATAUH
fffffff
gfffffffI
@A]A\_
D$@L;D$Hu
gfffffffL+
fffffff
@UWATAVAWH
@A_A^A\_]
@ A9A 
@A_A^A\_]
t$ WATAUH
A A9D$ A
H;8u'A
D$ 9C 
0A]A\_
effffff
@SUVWATAUAVH
A^A]A\_^][
UATAUH
:/t	L9
@SUVWH
<0|,<9
@USVWATAUAVH
A^A]A\_^[]
												
																																												
							
@SUVWATH
pA\_^][
H9C@w	H
C H9s r
UATAUAVAWH
L9{ tMH
A_A^A]A\]
gfffffffH
|$Pf9t$Pt+f
H9;u%L
ATAUAVH
A^A]A\
|$ ATH
s WATAUH
H9K@t'H
SWATAUAVH
0A^A]A\_[
VWATAUAVH
pA^A]A\_^
SVWATAUAVAWH
@A_A^A]A\_^[
fD;j0sVffffff
T$`92t"H
@SUVATAUAVH
hA^A]A\^][
@UVWATAUH
A]A\_^]
L$ ATAVH
|$ t[A
H9|$Ht6H
UATAUAVAWH
D$@HcH
D$@HcH
D$@HcH
D$@HcH
D$@HcH
D$@HcH
A_A^A]A\]
@USVWATH
D$PHcH
D$PHcH
D$PHcH
D$PHcH
D$PHcH
D$PHcH
D$PHcH
A\_^[]
UATAUH
H;L$@t?E3
D$@HcH
D$@HcH
D$@HcH
|$ ATH
|$ ATH
|$ ATI
|$ fff
H;T$Pu
																									
																			
																												
																												
tpL;L$ptpH
L;L$pu
|$ ATH
t*fffff
@SUVWATAUAVH
PA^A]A\_^][
UVWATAUH
0A]A\_^]
D;e }WL9n(u)
;M$}*f;
l$ ATH
D$@L;D$Hu
VWATAUAVH
0A^A]A\_^
VWATAUAVH
@A^A]A\_^
UATAUH
2333333
TUUUUUU
@WATAUH
@A]A\_
|$ r	H
\$@r	H
UVWATAUAVAWH
fffffff
H;(u-A
0A_A^A]A\_^]
@USVWATH
A\_^[]
D$@L;D$Hu
@SUVWH
D$@L;D$Hu
C$9C w:H
USVWATAUH
A]A\_^[]
UWATAUAVH
A^A]A\_]
|$PM9g8tU
fD92t	H
USVWATAUAVAWH
A_A^A]A\_^[]
{`}t"H
UVWATAUH
A]A\_^]
L$`fD;
9w`t`H
}_f	s@
f9*t	H
@SUVWATAVAWH
A;l$(|
A_A^A\_^][
UATAUH
u4fffff
u4fffff
@UVWATAUH
u4fffff
u4fffff
A]A\_^]
@UVWATAUAVAWH
A_A^A]A\_^]
USVWATH
A\_^[]
{`^u\H
@USVWATAUAVH
gfffffffH
A^A]A\_^[]
@SUVWATH
gfffffffH
A\_^][
@USVWATAUAVH
A^A]A\_^[]
WATAUAVAWH
A_A^A]A\_
{^bugH
{^BupH
@UVWATAUAVAWH
^ H;^(
t$8H;^(t1
A_A^A]A\_^]
@UVWATAUAVAWH
_ I;_(
(I;_(t1
A_A^A]A\_^]
WATAUH
 A]A\_
VWATAUAVH
A^A]A\_^
@UVWATAUH
A]A\_^]
WATAUH
WATAUH
WATAUH
D$HxvH
L9AHu!H
D$@L;D$Hu
WATAUH
@UVWATAUAVAWH
A_A^A]A\_^]
D$@L;D$Hu
D$8HcD$8H;
HcL$8H
HcD$8L
HcD$8H
D$XHcD$XH;
HcL$XH
D$XHcD$XL
D$ HcD$ H;
HcL$XL
L$hH9H
H;D$ps
H+D$hH
H+D$pH
H9D$psUH
L$hH9H
H;D$xs
H+D$xH
H9D$ s
D$pH9D$`uuH
D$xH9D$hs
H9D$(s
L$0H9H
WHcE0H
EhHcM0H
H9D$`s
H9D$`s
H9D$ u
D$@Hc@<H
D$`9D$(
D$,9D$(
D$ HcD$ L
D$(HcD$(L
D$ 9D$X}_HcD$XH
D$lHcL$XH
IHcD$PL
H9D$Ps
H9D$ u
D$(H9D$`
H;D$`s
D$8H9D$
D$8H9D$
D$\HcD$XH
HcD$\H
9q@~%H
x_;{@}ZH
L$0H9_
L$0H9{
l$ VWATH
WATAUH
 A]A\_
WATAUAVAWH
D8:u(H
0A_A^A]A\_
E9<$th
WATAUAVAWH
0A_A^A]A\_
SVWATH
8A\_^[
t$ WATAUAVAWH
 A_A^A]A\_
p WATAUH
 A]A\_
WATAUH
A;1~	I
 A]A\_
@USVWATAUAVAWH
A_A^A]A\_^[]
ATAUAVH
 A^A]A\
fffffff
fffffff
UATAUH
WATAUH
0A]A\_
\$ E9c
D8d$8t
@UAUAVH
~`HcE H
HcE Hc
t$ WATAUAVAWH
 A_A^A]A\_
WATAUH
 A]A\_
ATAUAWH
0A_A]A\
@8l$8t
@8l$8t
|$ ATH
UVWATAUAVAWH
 A_A^A]A\_^]
\$ UVWATAUAVAWH
A_A^A]A\_^]
@UATAUAVAWH
!t$(H!t$ A
A_A^A]A\]
s WATAUAVAWH
~/8\$vt)H
9t$P~98\$vt3H
A_A^A]A\_
WATAUH
 A]A\_
L$ SUVWH
WATAUAVAWH
0A_A^A]A\_
@SUVWATAUAVAWH
?CuND8g
A_A^A]A\_^][
\$ UVWATAUAVAWH
A_A^A]A\_^]
H9L$Xt'H
@SUVWATAUAVH
A^A]A\_^][
!t$(H!t$ H
|$ ATAUAVH
0A^A]A\
SVWATAUAVAWH
0A_A^A]A\_^[
WATAUAVAWH
 A_A^A]A\_
@SVWATAUAVAWH
L!l$HL!l$@
D$PL9oXt
D$8HcH
A_A^A]A\_^[
ATAUAVH
0A^A]A\
VWATAUAVH
A^A]A\_^
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
E9,$~T3
G0Hc	H
A_A^A]A\_^]
WATAVH
@A^A\_
@USVWATAUAVAWH
e8A_A^A]A\_^[]
HcD$hH
UVWATAUAVAWH
9D$XufE
A_A^A]A\_^]
UATAUH
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
@A_A^A]A\_
t$ WATAUH
@SUVWATAUAVH
zux!l$ E3
A^A]A\_^][
UVWATAUAVAWH
D$HD9T$\
t$pD+d$HD+
9D$Tt^
A_A^A]A\_^]
x ATAUAWH
A_A]A\
D8d$Ht
@SUVWH
UATAUAVAWH
gfffffffH
A_A^A]A\]
@8|$8t
@8t$8t
@SUVWH
@SUVWATH
A\_^][
UVWATAUH
D$&8\$&t-8X
@A]A\_^]
ATAUAVH
fD9t$b
A^A]A\
x ATAUAVH
< tG<	tC
 A^A]A\
Hct$@H
s\HcL$HH
SVWATAUAVAWH
PA_A^A]A\_^[
p WATAUH
\$ UVWATAUAVAWH
!|$DHc
|$DD9d$X
f;D$@ug
f;D$@uD
H!\$ H
HcD$HH;
H!\$ H
HcD$HH;
H!|$ L
A_A^A]A\_^]
VWATAUAVH
 A^A]A\_^
t$ WATAUAVAW
A_A^A]A\_
VWATAUAVH
xv;=7	
 A^A]A\_^
VWATAUAWH
0A_A]A\_^
|$ ;=v
|$ UATAUAVAWH
A_A^A]A\]
H SVWH
WATAUAVAWH
0A_A^A]A\_
@SUVWATAUAVH
PA^A]A\_^][
UVWATAUAVAWH
D8D$0u9D
D9D$`t
D$<D9D$`t
D9D$`t
D)\$4A;
D9D$`t
t$\D9D$`t
t$\D8D$@t
D8D$0u
t$4D8D$8t
A_A^A]A\_^]
@UATAUAVAWH
A_A^A]A\]
UATAUH
@A]A\]
WATAUAVAWH
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
x ATAUAVH
 A^A]A\
7;|$0t,
VWATAUAVH
 A^A]A\_^
x ATAUAVH
 A^A]A\
L$ UVWH
l$ VWATH
9\$ ~>H
D8"u%H
UVWATAUAVAWH
A_A^A]A\_^]
LcA<E3
@UATAUAVAWH
A_A^A]A\]
@USVWH
ATAUAVH
@A^A]A\
USVWATAUAVAWH
XA_A^A]A\_^[]
WATAUAVAWH
 A_A^A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
x ATAUAWH
 A_A]A\
WATAVH
UVWATAUAVAWH
0A_A^A]A\_^]
(L9-SA
D9l$xttI
9D$P}~HcD$PHi
P HcD$<Hi
HcD$<Hi
P HcD$<Hi
P HcD$<Hi
P HcD$<Hi
P HcD$<Hi
D$0H9D$(v
HcD$0H;D$(v1H
?HcD$0H;D$(u)H
HcD$0H
D$$9D$ s.
D$HH9D$@u	H
D$HH9D$@t9H
HcD$$H
HcD$ H
HcD$ H
D$,HcD$$H
HcL$$H
*HcD$$
HcL$$H
*HcD$$
HcL$$H
uRHcD$$H
t#HcD$$H
HcD$$H
t\HcD$ H
tJHcD$ H
HcD$$H
HcD$$H
D$$9D$(}HHcD$(H
HcL$(H
D$$HcD$$H
t2HcD$$H
D$(9D$$
:HcD$$H
t(HcD$$
e A\_]
H(H9J(u
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegOpenKeyTransactedW
UPDATE
Updatedate
d:\devleop\yht-client\project\htproject\source\notewebhepler\../HTUpdate/HTUpdateMgr.h
CRLUpdateMgr::RunUpdatePro
InjectMainIE.cpp
CInjectMainIE::GetHEditAndHBrowser
CRLUpdateMgr::RunUpdate
()$^.*+?[]|\-{},:=!
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
urlCfgTime
urlCfg
corrupted regex pattern
D:\devleop\yht-client\project\HTProject\Common\LibCommon/ParseJson.h
CParseJson::GetValueByKeyJson
Parse failed! path:
whiteList
source
target
data.hp
data.un
"jsVersion":
IF0GFlwCXAMfRh85QANZWh4wByUGEQMIWRYBHh0Ed18SSkZZPAY
RLExtension.cpp
CRLExtension::NavigateComplete2
CRLExtension::InjectHtmlAElement
try...catch: 
CRLExtension::InjectJSCode
CRLExtension::OnAddingTimer
CRLExtension::DoInject
ChangeWindowMessageFilter
ChangeWindowMessageFilterEx
Catch exception, error msg: 
CAppString::GetSubString
AppString.cpp
CxMuOg5MGkJFFhg
LEwQEwEDBwtF
DEBUG@
l	g~b0R
CProcHelper::KillProcessByID
ProcHelper.cpp
CProcHelper::CreateProcessInherit
ProcHelper.cpp
CreateNormalToken failed
CProcHelper::ExecuteAsNormalEx
ProcHelper.cpp
CProcHelper::ExecuteAsNormalEx
ProcHelper.cpp
rff-ss1w
NULL Pointer Exception
divide by zero Exception
invalide handle exception
other SEH exception
CFileHelper::CopyDir
FileHelper.cpp
Catch Exception. Error message is: 
CFileHelper::GetParentDir
FileHelper.cpp
IsWow64Process
IsWow64Process
Server
GetNativeSystemInfo
Microsoft 
Windows Vista 
Windows Server 2008 
Windows 7 
Windows 8 
Windows Server 2008 R2 
GetProductInfo
Ultimate Edition
Professional
Home Premium Edition
Home Basic Edition
Enterprise Edition
Business Edition
Starter Edition
Cluster Server Edition
Datacenter Edition
Datacenter Edition (core installation)
Enterprise Edition
Enterprise Edition (core installation)
Enterprise Edition for Itanium-based Systems
Small Business Server
Small Business Server Premium Edition
Standard Edition
Standard Edition (core installation)
Web Server Edition
Unknown Product
Windows Server 2003 R2, 
Windows Storage Server 2003
Windows Home Server
Windows XP Professional x64 Edition
Windows Server 2003, 
Datacenter Edition for Itanium-based Systems
Enterprise Edition for Itanium-based Systems
Datacenter x64 Edition
Enterprise x64 Edition
Standard x64 Edition
Compute Cluster Edition
Datacenter Edition
Enterprise Edition
Web Edition
Standard Edition
Windows XP 
Home Edition
Professional
Windows 2000 
Professional
Datacenter Server
Advanced Server
 (build %d)
, 64-bit
, 32-bit
GetProcessHandleFromHwnd
oleacc.dll
0123456789abcdef"
generic
iostream
system
iostream stream error
bad allocation
regular expression error
Unknown exception
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Visual C++ CRT: Not enough memory to complete call to strerror.
bad exception
(null)
`h````
xpxxxx
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
UTF-16LE
UNICODE
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
Illegal byte sequence
Directory not empty
Function not implemented
No locks available
Filename too long
Resource deadlock avoided
Result too large
Domain error
Broken pipe
Too many links
Read-only file system
Invalid seek
No space left on device
File too large
Inappropriate I/O control operation
Too many open files
Too many open files in system
Invalid argument
Is a directory
Not a directory
No such device
Improper link
File exists
Resource device
Unknown error
Bad address
Permission denied
Not enough space
Resource temporarily unavailable
No child processes
Bad file descriptor
Exec format error
Arg list too long
No such device or address
Input/output error
Interrupted function call
No such process
No such file or directory
Operation not permitted
No error
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
1#QNAN
1#SNAN
CRegCommon::ModifyRegValue
RegCommon.cpp
CRegCommon::ModifyRegValue
RegCommon.cpp
CRegCommon::ModifyRegValue
RegCommon.cpp
CRegCommon::ModifyRegValue
RegCommon.cpp
CRegCommon::ReadRegValue
RegCommon.cpp
CRegCommon::ReadRegValue
RegCommon.cpp
CRegCommon::ReadRegValue
RegCommon.cpp
CRegCommon::ReadRegValue
RegCommon.cpp
CRegCommon::WriteRegValue
RegCommon.cpp
CRegCommon::WriteRegValue
RegCommon.cpp
CRegCommon::WriteRegValueEx
RegCommon.cpp
CRegCommon::WriteRegValueEx
RegCommon.cpp
CRegCommon::WriteRegValue
RegCommon.cpp
CRegCommon::WriteRegValue
RegCommon.cpp
CRegCommon::WriteRegValueEx
RegCommon.cpp
CRegCommon::WriteRegValueEx
RegCommon.cpp
CRegCommon::DeleteRegValue
RegCommon.cpp
CRegCommon::DeleteRegValue
RegCommon.cpp
CRegCommon::DeleteRegValue
RegCommon.cpp
CRegCommon::DeleteRegValueEx
RegCommon.cpp
CRegCommon::DeleteRegValueEx
RegCommon.cpp
CRegCommon::DeleteRegValueEx
RegCommon.cpp
CRegCommon::DeleteSubKey
RegCommon.cpp
IdManager::IdManager
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::Init
IdManager.cpp
IdManager::GetUuid
IdManager.cpp
IdManager::GetUuid
IdManager.cpp
IdManager::GetUuid
IdManager.cpp
SELECT PNPDeviceID FROM Win32_NetworkAdapter WHERE (MACAddress IS NOT NULL) AND (NOT (PNPDeviceID LIKE 'ROOT%'))
SELECT SerialNumber FROM Win32_DiskDrive WHERE (SerialNumber IS NOT NULL) AND (MediaType LIKE 'Fixed hard disk%')
SELECT SerialNumber FROM Win32_BaseBoard WHERE (SerialNumber IS NOT NULL)
SELECT ProcessorId FROM Win32_Processor WHERE (ProcessorId IS NOT NULL)
SELECT SerialNumber FROM Win32_BIOS WHERE (SerialNumber IS NOT NULL)
WMI_DeviceQuery_Init :
SELECT Product FROM Win32_BaseBoard WHERE (Product IS NOT NULL)
SELECT MACAddress FROM Win32_NetworkAdapter WHERE (MACAddress IS NOT NULL) AND (NOT (PNPDeviceID LIKE 'ROOT%'))
SELECT Manufacturer,Name,ProcessorId FROM Win32_Processor
SELECT SerialNumber,Product FROM Win32_BaseBoard WHERE (SerialNumber IS NOT NULL)
WMI_DeviceQuery_Init
WMI_DeviceQuery.cpp
WMI_DeviceQuery_Init :
WMI_DeviceQuery_Init
WMI_DeviceQuery.cpp
WMI_DeviceQuery_Init :
WMI_DeviceQuery_Init
WMI_DeviceQuery.cpp
WMI_DeviceQuery_Init :
WMI_DeviceQuery_Init
WMI_DeviceQuery.cpp
WMI_DeviceQuery_Init :
WMI_DeviceQuery_Init
WMI_DeviceQuery.cpp
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\IDE21201.VXD
DiskId32
ERROR: Could not open IDE21201.VXD file
\\.\Scsi%d:
SCSIDISK
GetHardDriveComputerID
diskid32.cpp
GetHardDriveComputerID
diskid32.cpp
GetHardDriveComputerID
diskid32.cpp
GetHardDriveComputerID
diskid32.cpp
GetHardDriveComputerID
diskid32.cpp
GetHardDriveComputerID
diskid32.cpp
GetHardDriveComputerID
diskid32.cpp
GetHardDriveComputerID
diskid32.cpp
%02X%02X%02X%02X%02X%02X
 bad locale name
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
invalid string position
string too long
bad cast
map/set<T> too long
invalid map/set<T> iterator
haitao
\baseData.ini
SERVER
UserID
Version
2.1.0.0
instPath
CLIENT
LatestDate
LocalDay
ACTIVE
%04d%02d%02d
\htbusiness.ini
ED8FgdFFcFHv3CK8lvx
s-rr1403
SHGetKnownFolderPath
PathHelper.cpp
CPathHelper::GetPathFromCSIDL
ActiveDate
&uuid=
&channel=
HttpReport.cpp
http://
client/activate
&activateType=
CHttpReport::ActivateReport
vector<T> too long
CHttpHelper::RequestData
HttpHelper.cpp
/center/
?version=
CHttpHelper::SendReport
Comments must start with /
Type is not convertible to string
A valid JSON document must be either an array or an object value.
Syntax error: value, object or array expected.
Missing ':' after object member name
Missing ',' or '}' in object declaration
Missing '}' or object member name
Missing ',' or ']' in array declaration
' is not a number.
Empty escape sequence in string
Bad escape sequence in string
additional six characters expected to parse unicode surrogate pair.
expecting another \u token to begin the second half of a unicode surrogate pair
Bad unicode escape sequence in string: four digits expected.
Bad unicode escape sequence in string: hexadecimal digit expected.
deque<T> too long
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
GetLocalTime
lstrlenW
GetModuleFileNameW
GetCurrentProcessId
CreateMutexW
OutputDebugStringW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetThreadLocale
GetThreadLocale
GetTickCount
Process32NextW
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
FlushInstructionCache
GetCurrentProcess
SetLastError
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
DeleteFileA
WTSGetActiveConsoleSessionId
CreateFileA
OutputDebugStringA
WaitForSingleObject
TerminateProcess
GetModuleHandleExW
CreateFileW
GetCurrentThreadId
GetTempPathW
FindClose
FindFirstFileW
CreateDirectoryW
GetVersionExW
SetEvent
CreateEventW
LoadLibraryW
FreeLibrary
GlobalFree
KERNEL32.dll
CharNextW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetParent
DefWindowProcW
KillTimer
CallWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
IsWindow
GetWindow
IsWindowVisible
GetClassNameW
EnumChildWindows
GetWindowThreadProcessId
SendMessageW
SetTimer
CreateWindowExW
DestroyWindow
SetWindowTextW
ShowWindow
wsprintfW
USER32.dll
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ADVAPI32.dll
ShellExecuteExW
SHGetPathFromIDListW
SHGetFolderLocation
SHELL32.dll
CoCreateInstance
CoTaskMemFree
ole32.dll
OLEAUT32.dll
ATL100.DLL
StrStrIW
PathFileExistsW
SHLWAPI.dll
GetModuleBaseNameA
PSAPI.DLL
MiniDumpWriteDump
dbghelp.dll
WTSQueryUserToken
WTSAPI32.dll
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WINHTTP.dll
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetStringTypeW
InitializeCriticalSection
EncodePointer
DecodePointer
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
FlsSetValue
GetCommandLineA
GetSystemTimeAsFileTime
WriteConsoleW
GetFileType
GetStdHandle
LCMapStringW
GetCPInfo
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
HeapSize
FlsGetValue
FlsFree
FlsAlloc
ExitProcess
WriteFile
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
SetEndOfFile
SetEnvironmentVariableA
LocalFree
DeviceIoControl
SetPriorityClass
UnregisterClassA
MessageBoxA
RegSetValueExW
RegCreateKeyExW
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CoUninitialize
GetAdaptersInfo
IPHLPAPI.DLL
HTDataView64.dll
ProcessAddressControl
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
.?AVCNoteWebHeplerModule@@
.?AV?$CAtlDllModuleT@VCNoteWebHeplerModule@@@ATL@@
.?AV?$CAtlModuleT@VCNoteWebHeplerModule@@@ATL@@
.?AVCAtlModule@ATL@@
.?AU_ATL_MODULE70@ATL@@
.?AVCComClassFactory@ATL@@
.?AUIClassFactory@@
.?AUIUnknown@@
.?AV?$CComObjectRootEx@VCComMultiThreadModel@ATL@@@ATL@@
.?AVCComObjectRootBase@ATL@@
.?AV?$CComObjectCached@VCComClassFactory@ATL@@@ATL@@
.?AV?$CTimerWnd@VCRLExtension@@@@
.?AV?$CWindowImpl@V?$CTimerWnd@VCRLExtension@@@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AV?$CWindowImplBaseT@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@
.?AV?$CWindowImplRoot@VCWindow@ATL@@@ATL@@
.?AVCWindow@ATL@@
.?AVCMessageMap@ATL@@
.?AV?$CComObject@VCRLExtension@@@ATL@@
.?AVCRLExtension@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AV?$CComCoClass@VCRLExtension@@$1?CLSID_RLExtension@@3U_GUID@@B@ATL@@
.?AV?$IObjectWithSiteImpl@VCRLExtension@@@ATL@@
.?AUIObjectWithSite@@
.?AV?$IDispatchImpl@UIRLExtension@@$1?IID_IRLExtension@@3U_GUID@@B$1?LIBID_NoteWebHeplerLib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AUIRLExtension@@
.?AUIDispatch@@
.?AV?$IDispEventImpl@$00VCRLExtension@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$IDispEventSimpleImpl@$00VCRLExtension@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$_IDispEventLocator@$00$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV_IDispEvent@ATL@@
.?AV_Node_base@tr1@std@@
.?AV_Root_node@tr1@std@@
.?AV_Node_end_group@tr1@std@@
.?AV_Node_assert@tr1@std@@
.?AV_Node_capture@tr1@std@@
.?AV_Node_back@tr1@std@@
.?AV_Node_endif@tr1@std@@
.?AV_Node_if@tr1@std@@
.?AV_Node_end_rep@tr1@std@@
.?AV_Node_rep@tr1@std@@
.?AVlogic_error@std@@
.?AV?$_Node_class@_WV?$regex_traits@_W@tr1@std@@@tr1@std@@
.?AV?$collate@_W@std@@
.?AV?$_Node_str@_W@tr1@std@@
.?AVseh_exception_access_violation@@
.?AVseh_exception_divide_by_zero@@
.?AVseh_exception_invalid_handle@@
.?AVseh_exception_base@@
.?AVUrlAddressEdit@@
.?AV?$CWindowImpl@VUrlAddressEdit@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AV_Locimp@locale@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVregex_error@tr1@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AV_com_error@@
.?AVCHTConfigBase@@
.?AV?$codecvt@DDH@std@@
.?AV?$ctype@D@std@@
.?AUctype_base@std@@
.?AVcodecvt_base@std@@
.?AVfacet@locale@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVfailure@ios_base@std@@
.?AVsystem_error@std@@
.?AVbad_cast@std@@
.?AVbad_alloc@std@@
.?AVCBaseInfoConfig@@
.?AVCHTConfig@@
.?AV?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$ctype@_W@std@@
.?AV?$numpunct@_W@std@@
.?AV?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$basic_ios@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
.?AV?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVCAtlException@ATL@@
.?AVDefaultValueAllocator@Json@@
.?AVValueAllocator@Json@@
    NoRemove SOFTWARE
        NoRemove Microsoft
        {
            NoRemove Windows
            {
                NoRemove CurrentVersion
                {
                    NoRemove Explorer
                    {
                        NoRemove 'Browser Helper Objects'
                        {
                            ForceRemove {97510FAC-ED50-46BF-B2A1-25F434BF1030} = s '
                            {
                                val NoExplorer = d '1'
                            }
                        }
                    }
                }
            }
        }
}PHKCR
	NoRemove CLSID
		ForceRemove {97510FAC-ED50-46BF-B2A1-25F434BF1030} = s '
			ForceRemove Programmable
			InprocServer32 = s '%MODULE%'
				val ThreadingModel = s 'Apartment'
			TypeLib = s '{7237A7B9-A57A-47F7-AA32-542848F408E1}'
			Version = s '1.0'
PAMSFT
stdole2.tlbWWW
NoteWebHeplerLib
RLExtensionWd
8lOIRLExtension
Created by MIDL version 7.00.0555 at Thu Mar 31 16:08:09 2016
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
WoSign CA Limited1'0%
WoSign Class 3 Code Signing CA0
160214060639Z
170314060639Z0
Shanghai1
Shanghai1<0:
3Shanghai  Zichou Liuhe Network Technology Co., Ltd.1<0:
3Shanghai  Zichou Liuhe Network Technology Co., Ltd.0
'http://ocsp1.wosign.com/class3/code/ca106
*http://aia1.wosign.com/class3.code.ca1.cer07
&http://crls1.wosign.com/ca1-code-3.crl0O
http://www.wosign.com/policy/0
\V	'-"
WoSign CA Limited1*0(
!Certification Authority of WoSign0
090808010005Z
240808010005Z0R1
WoSign CA Limited1'0%
WoSign Class 3 Code Signing CA0
%DEe3F
http://crls1.wosign.com/ca1.crl0o
http://ocsp1.wosign.com/ca106
*http://aia1.wosign.com/ca1-class3-code.cer0
http://www.wosign.com/policy/0
cbf^W	
>'H7G^
StartCom Ltd.1+0)
"Secure Digital Certificate Signing1)0'
 StartCom Certification Authority0
060917224636Z
191231235959Z0U1
WoSign CA Limited1*0(
!Certification Authority of WoSign0
TzQhnw
http://ocsp.startssl.com/ca00
$http://aia.startssl.com/certs/ca.crt02
!http://crl.startssl.com/sfsca.crl0
7CE[2.E
WoSign CA Limited1'0%
WoSign Class 3 Code Signing CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
160331102552Z0#
mc?so*