Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 604eaabe470acbe869250e8e08537ae8 --

Hashes
MD5: 604eaabe470acbe869250e8e08537ae8
SHA1: 6e7cd9569c132f412276cbc124ab3a1f4e1a363e
SHA256: 8a05f763f83259e76ca60e49c5ec3c6de3bae3dece7ad8e7685b658749fa2127
SSDEEP: 24576:RaIYhg73zNAusK1/oLFRIN6jOdnWDEwWzhT3UtqGQTnT:Ra3lFRIN6jOdnWDEwWzhTyQTnT
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/antisb_threatExpert | YRP/network_dropper | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/MD5_Constants | YRP/RIPEMD160_Constants | YRP/SHA1_Constants | YRP/BASE64_table | YRP/spyeye_plugins | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Http_API | YRP/GenerateTLSClientHelloPacket_Test |
Parent Files
04ad72cfc3cc5d02c355ed3b2627ec90
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
|$$h$DQ
|$ hdDQ
NpQhlEQ
RPh4EQ
NpQhlEQ
D$((^N
D$(4^N
D$(@^N
D$(L^N
D$(X^N
D$(d^N
QPh,FQ
D$ RPQ
PWhLFQ
L$ h@FQ
L$|_^][d
L$<PQUh
L$0PQh
D$$hlFQ
T$<QRUh
D$4RPh<GQ
PRhTFQ
L$<PQUh
L$4PQhTGQ
L$<PQUh
L$0PQh|GQ
D$$hlFQ
RPQh<HQ
RPQhLHQ
RPQh\HQ
RPQhlHQ
RPQh|HQ
SQh(EQ
SPh,IQ
L$4PQh
D$lSPh
|$ h$DQ
T$,QRh
SUSPh@LQ
SSh LQ
WPhLLQ
PQhpLQ
;:u$UW
j9X,uN
D$$_^]
t4;1u#SV
T$HQRSWV
D$@RPQ
T$HQRSWV
D$@RPQ
T$HQRSWV
D$@RPQ
T$HQRSWV
D$@RPQ
T$HQRSWV
D$@RPQ
T$HQRSWV
D$@RPQ
t5;:u$UW
t5;:u$UW
t5;:u$UW
t5;:u$UW
t5;:u$UW
t5;:u$UW
t5;:u$UW
t5;:u$UW
t5;:u$UW
t5;:u$UW
t4;1u#SV
L$<_^[d
D$tUPh
QSURPW
L$`hhMQ
PAQhPMQ
M PWhJ
E RWhQ
E WVhQ
U WVhQ
Q PVhJ
D$(WVhQ
T$ hPOQ
T$0SSh
T$WRPQ
PUh8FQ
L$@PQhhOQ
D$@RPWV
D$`WPQ
AQRhPPQ
PQh$PQ
D$`WPQ
AQRhPPQ
QRh`QQ
QPhPQQ
D$\WPQ
AQRhPPQ
D$\WPQ
AQRhPPQ
L$\WQR
BRPhPPQ
L$\WQR
BRPhPPQ
L$\WQR
BRPhPPQ
L$\WQR
BRPhPPQ
RPh RQ
L$\WQR
BRPhPPQ
RPh@RQ
QPh0RQ
;:u$UW
;:u$UW
j9X uN
D$$_^]
j9X uN
D$$_^]
Uj0hdSQ
L$ VQhpDQ
Sj0hxUQ
D$$lUQ
D$(`UQ
L$(_^[d
Uj0hdSQ
u2WWhTWQ
L$LWQh
T$ QRP
L$,PhPWQ
L$\_^][d
Uj0hdSQ
D$,RPQ
D$,RPQ
D$,RPQ
D$pPPh XQ
L$(PQR
Sj0hxUQ
D$$lUQ
D$(`UQ
L$(_^[d
L$,PQR
D$,RPQ
L$,PQR
D$,RPQ
D$,RPQ
UUh,ZQ
D$8RPQ
UUh,ZQ
D$8RPQ
L$ _^][d
SSh,ZQ
D$<RPQ
L$ _^][d
D$\p^N
D$,RPQ
D$\p^N
D$\p^N
D$Hp^N
D$Hp^N
t4;1u#SV
t4;1u#SV
SSh,ZQ
D$<RPQ
UUh,ZQ
D$8RPQ
SSh,ZQ
D$<RPQ
UUh,ZQ
D$8RPQ
UUh,ZQ
D$8RPQ
D$ RPh
RPh0\Q
~`hX\Q
Q$RhP]Q
L$ _^[d
D$$h,FQ
L$,PQh`]Q
D$$SUVW
9t$ ~RW
T$@Sj(
L$,RPWQ
L$ _^[
9t$ ~RW
L$$RUQ
T$4WRC
L$ _^[
~`hX\Q
L$$_^][d
L$$_^][d
L$$_^][d
L$ _^][d
L$$_^][d
L$$_^][d
L$$_^][d
L$$_^][d
L$$_^][d
L$$_^][d
Pj	ht`Q
L$4_^]
j$h0aQ
D$$SUVW
D$0QRP
D$(RPQ
6;t$ u
D$$SUVW
D$0QRP
D$(RPQ
6;t$ u
D$ SUVW
T$(PQR
T$(QRP
D$ SUVW
T$(PQR
T$(QRP
D$ SUVW
T$(PQR
T$(QRP
D$ hDEQ
L$8_^][d
D$@QPV
D$(QRP
D$<QPV
D$<QPV
D$@QPV
D$ X^N
R`_^][
L$@_^]d
j0h(hQ
T$(QRh
D$(RPh<hQ
L$4_^[d
D$(RPhLhQ
L$4_^[d
B$Pj	V
L$H_^]d
j0h(hQ
T$(QRh
D$(RPh
L$4_^[d
D$(RPh
L$4_^[d
B$Pj	V
L$H_^]d
j0h(hQ
T$(QRhPiQ
D$(RPh`iQ
L$4_^[d
D$(RPhpiQ
L$4_^[d
L$H_^]d
j0h(hQ
T$(QRh
D$(RPh
L$4_^[d
D$(RPh
L$4_^[d
B Pj	V
L$D_^]d
j0h(hQ
T$(QRhXjQ
D$(RPhhjQ
L$4_^[d
D$(RPhxjQ
L$4_^[d
SShXKQ
SShPKQ
SShHKQ
SSh@KQ
SSh4KQ
SSh KQ
SSh,KQ
T$@QRh
L$@_^]d
j0h(hQ
T$(QRh<lQ
D$(RPhPlQ
L$4_^[d
D$(RPh`lQ
L$4_^[d
B Pj	V
L$D_^]d
j0h(hQ
T$(QRh
D$(RPh
L$4_^[d
D$(RPh
L$4_^[d
RPh(nQ
L$ Ph\]Q
D$ h0tQ
L$L_^[d
B0Pj	V
uOSj0h
L$LPQV
uOSj0h
L$LPQV
|$(hXwQ
uOSj0h
L$LPQV
uOSj0h
L$LPQV
|$(hdxQ
uOSj0h
L$LPQV
T$ QRh
T$ QRP
RQh,FQ
D$4RhdyQ
PSVh(yQ
L$@_^][d
D$1RPQ
T$DVRW
L$$_^d
L$@_^]d
j0h(hQ
T$(QRh
D$(RPh
L$4_^[d
D$(RPh,zQ
L$4_^[d
L$@_^]d
j0h(hQ
T$(QRh
D$(RPh
L$4_^[d
D$(RPh
L$4_^[d
L$0j{Q
VVh@`Q
L$ RPQ
T$$QRP
T$$HIJ
D$4SUV3
D$8SUV
L$,RPSQ
D$lSUV3
|$ j8h
T$<j/R
@ QRj{P
L$(RPQS
L$LRPQ
T$PPQR
T$PPQR
T$(QRP
L$ _^][d
L$@_^3
;D$ tXPQ
t4;1u#SV
L$HSUV
t$PWj@
.Phh}Q
D$ QRP
L$(WQR
L$$_^][d
L$x_^][d
t4;1u#SV
L$tPVQ
L$$_^][d
tM9^0~
L$<_^][d
L$0_^]d
D$$_^]
@ QRjNP
D$0SUV
P WSjNR
|$ WSP
D$hhLFQ
L$ _^][d
T$0Rj<P
\$ j$SQP
L$l_^[d
L$0_^d
l$ VWj
T$ RPV
j<j<j<
L$ _^2
</tp<\tl
L$PWRPUQ
D$`RPUQ
D$dUPj
L$<_^][d
RPhLFQ
L$$_^]
T$@WRP
T$PRWUP
L$(_^][d
L$<RPWQj
L$$_^][d
|$ Pj1
D$$_^]
L$@RQP
T$,URh4FQ
D$lSUVW
T$4SRhP
L$l_^][d
T$,9V<
L$H_^][d
>|u	9n
>)u	9n
F(9F | 
F(9F | 
L$0WWj
7<0|a<9
u%;}4} 
t(9^<u
t(9^<u
t(9^<u
uZ<.t<<wt8<Wt4<st0<St,<dt(<Dt$<[u:j
A|_<A}
a|_<a}
<!t	<=t
7<0|O<9
<0|u<9
t'<)t#j
1<0|h<9
L$,_^][d
|$0;G0
k<_^][
L$ _^][d
~"WSSSSj
t 9Y t
L$,^[d
L$@PSQ
L$,PQW
D$,RPW
L$,PQW
D$$_^]
L$ _^]
D$ SUV
D$8_^]
L$,PVQ
u0_^][Y
T$0RWV
T$0RWV
T$0RWV
L$0QWV
T$0RWV
L$PRPQ
L$(RPQ
T$PRVS
T+3x%A
;D$<s!
L$ RUPj
T$,PQh
L$(SUV
N4_^]3
~(9~$u
D$ _^]
T$ _^]
9_|t	W
w|_^][
D$DRPQ
L$PPQR
D$$SUV
@APBQRV
QWSRPh
L$$SQV
D$$=MZ
L$$RQP
V<_^]3
QSUVW3
od_^]3
f9|$>t
L$<_^]d
}	_^]2
L$ RPVQ
L$,^[d
L$l_^][d
L$X_^][d
T$XSUV
L$X_^][d
D$ WVRP
L$l_^][d
L$\PRQ
												
																																												
							
D$(SVWj
|$HPWU
L$0_^][d
T$ QVR
\$<UVW
<A|*<F
L$4_^][d
L$<PSQ
L$,_^2
L$$_^][d
L$XQUR
L$t_^]d
L$Ht?R
t$0;t$(u
L$$Wj0
\$(UVW
T$@VW3
Flf+Fp
D$(8D*
Nxf+Fd
L$\t8;
;T$0sN;t$4sH
n(9n$u
S@;Q s
S@;Q(s
TKpPRj
D$0_^][
C4u	^]
S,_^]3
f98u	M
D$Nf98u
D$48EO
D$0xEO
L\Lf9T\L
|$ WUSV
D$$SUV
L$ PQh
L$(SUQ
D$@RPh
L$8Qh0
PUVWhp
D$\_^][d
T$HQRPW
T$hSUV
D$pUhl
T$0URh
L$4Uh0
L$`^][d
L$pSVW
T$XQRh
L$PRPQ
T$ QRP
L$TRPQ
;:u$UW
j9X4uN
D$$_^]
L$,PQh
L$X_^]
T$XPQR
L$XRPQ
D$L_^][d
T$(QRhd
L$<Ph|
L$<Ph`
L$HPQh
T$,QPhX
D$ Phd
T$ WRS
T$PPQhh
L$4RPQ
D$ Phd
D$LRW%
T$X9\$|
T$(9\$L
T$PSUV
L$(SWQ
D$TRSWP
L$$PQh
L$hVSQ
L$DRPVQS
D$$RPh
D$<_^][d
l$8VWU
L$HPRQ
T$$Qh$
T$DPQhh
L$DUUj
T$$UUj
D$ UUj
T$0QRh
D$(Ph0
L$HUQS
L$$Ph$
L$TPh|
D$$Rh$
L$ WWj
T$$WWj
T$4Qh0
D$$RPh
L$ Ph$
L$TSQh
T$xSSj
L$8PVQ
L$ ^[d
D$X^[d
T$pSUV
D$|Uhl
T$<URh
L$l_^][d
L$(_^][d
t$,RPV
D$0SVP
T$@QRP
L$\VQh
T$TRh0
D$hRPh
\$hUVW
T$(Qh$
T$$PQhh
D$`_^][d
L$\WQh
T$TRh0
L$pSUV
T$(Qh$
D$4Rht
D$h_^][d
<4,$?7/'
(3-!0,1'8"5.*2$
0123456789ABCDEF
\$(?:[$&`'+_\d]|\{.*?\})
Qkkbal
Qkkbal
Qkkbal
[-&LMb#{'
w+OQvr
)\ZEo^m/
H*0"ZOW
l!;b	F
mj>zjZ
IiGM>nw
ewh/?y
OZw3(?
V_:X1:
 deflate 1.2.7 Copyright 1995-2012 Jean-loup Gailly and Mark Adler 
 inflate 1.2.7 Copyright 1995-2012 Mark Adler 
								
MFC42.DLL
__CxxFrameHandler
_mbsicmp
_mbscmp
memmove
_mbsrchr
_access
memchr
isalnum
_mbsnbicmp
sprintf
fclose
_beginthreadex
_stricmp
rename
_vsnprintf
strncpy
isupper
islower
isdigit
isxdigit
_snprintf
_splitpath
realloc
toupper
_purecall
tolower
isspace
ispunct
isprint
isgraph
iscntrl
__isascii
isalpha
strncmp
malloc
calloc
gmtime
_mbsnbcpy
_mbsstr
mktime
sscanf
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
_strdup
MSVCRT.dll
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
GetPrivateProfileStringA
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
lstrlenA
GlobalAddAtomA
GlobalDeleteAtom
WaitForSingleObject
WinExec
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
SetErrorMode
GetLastError
CreateSemaphoreA
CloseHandle
ResumeThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentProcess
CreateFileA
GetLocalTime
MultiByteToWideChar
GetSystemTime
CreateEventA
GlobalFree
MulDiv
LockResource
SizeofResource
LoadResource
FindResourceA
ResetEvent
SetEvent
TerminateProcess
OpenProcess
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
WideCharToMultiByte
lstrcpyA
CreateDirectoryA
GetModuleHandleA
LocalFree
DeleteFileA
SetFileAttributesA
GetFileAttributesA
GetExitCodeProcess
CreateProcessA
GetStartupInfoA
WriteFile
SetFilePointer
GetFileSize
GetFileType
DuplicateHandle
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryA
DosDateTimeToFileTime
SetFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
GetFileInformationByHandle
KERNEL32.dll
SendMessageA
PostMessageA
EnableWindow
SetTimer
PostQuitMessage
KillTimer
LoadIconA
RegisterHotKey
UnregisterHotKey
IsWindowVisible
SetForegroundWindow
GetCursorPos
SetMenuDefaultItem
GetSubMenu
LoadMenuA
RegisterWindowMessageA
UpdateWindow
CloseClipboard
OpenClipboard
SetClipboardData
EmptyClipboard
GetSysColor
RedrawWindow
GetKeyState
GetAsyncKeyState
AdjustWindowRectEx
GetClientRect
IsWindow
GetWindowRect
GetParent
GetClassNameA
InflateRect
ReleaseDC
PtInRect
SetRect
InvalidateRect
FillRect
CopyRect
DrawTextA
SetFocus
GetFocus
GetTopWindow
SetParent
LoadCursorA
SetCursor
DrawFocusRect
GetWindowTextA
DrawEdge
SetPropA
GetPropA
USER32.dll
CreateSolidBrush
GetTextExtentPoint32A
SelectObject
CreateFontIndirectA
GetObjectA
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateRectRgnIndirect
GDI32.dll
RegDeleteKeyA
RegCreateKeyA
ADVAPI32.dll
ShellExecuteA
Shell_NotifyIconA
SHELL32.dll
_TrackMouseEvent
COMCTL32.dll
CoTaskMemAlloc
CreateStreamOnHGlobal
CoUninitialize
CoCreateGuid
CoInitialize
ole32.dll
OLEPRO32.DLL
OLEAUT32.dll
URLDownloadToFileA
ObtainUserAgentString
urlmon.dll
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??_7runtime_error@std@@6B@
MSVCP60.dll
DBGHELP.dll
Netbios
NETAPI32.dll
DeleteUrlCacheEntry
HttpQueryInfoA
WININET.dll
VERSION.dll
MapFileAndCheckSumA
IMAGEHLP.dll
_tzset
_setmbcp
?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B
CChildFrame
http://xiaohao2.kus.cc/cmd.asp
http://xiaohao1.kus.cc/cmd.asp
http://scdown4.kus.cc/cmd.asp
http://like.kus.cc/cmd.asp
http://flow4.kus.cc/cmd.asp
http://flow3.kus.cc/cmd.asp
http://flow2.kus.cc/cmd.asp
http://flow1.kus.cc/cmd.asp
http://flow.kus.cc/cmd.asp
http://coll4.kus.cc/cmd.asp
http://coll3.kus.cc/cmd.asp
http://coll2.kus.cc/cmd.asp
http://coll1.kus.cc/cmd.asp
http://coll.kus.cc/cmd.asp
http://alicoll.kus.cc/cmd.asp
{$end$}
{$begin$}%s=
starttime
oncenum
spanhour
plannum
targetnum
initnum
bossid
shopid
itemtitle
itemid
itemurl
isshop
logonpwd
numaccount
addalicolltask
http://scdown2.kus.cc/cmd.asp
shopurl
collshop
addcollecttask
addflowtask
staytime
randnavi
referrer
addliketask
addsharetask
addtmflwtask
addaitaotask
addremindtask
adduzhantask
{$next$}
%s%s=%s
{$next$}
verifystr={
getalicolltask
pubtime
adminflag
settings
itemtype
gettask
tbaccount
getcollecttask
getflowtask
getliketask
getsharetask
http://scdown6.kus.cc/cmd.asp
getapplytask
gettmflwtask
getaitaotask
getremindtask
getuzhantask
getmyuzhantask
getmyremindtask
getmyaitaotask
getmytmflwtask
getmysharetask
getmyliketask
getmyflowtask
getmycollecttask
getmyalicolltask
gettbaccount
otheracc
collflag
nostop
status
user_id
getchildmember
c_bFlowUseProxy
c_bCanDeleteColl
c_nPointsOfOneVIPDay
c_nUZhanNeedPoints
c_nRemindNeedPoints
c_nAiTaoNeedPoints
c_sDamaAppKey
c_nDamaAppID
c_sDamaPassword
c_sDamaUsername
c_nDamaTryTimes
c_nAutoDamaTimes
c_nDamaTimeout
c_nDamaPoints
nowtime
22cc5376925e9387a23cf797cb9ba745
http://dama.kus.cc/getcodetext.asp
http://scdown3.kus.cc/cmd.asp
account
chgpwd&from=client
newpwd
oldpwd
getmember
http://scdown5.kus.cc/cmd.asp
getmemberpoints
gettbaccountnum
search
%Y-%m-%d
%d:%d:%s
admin.ini
IPRecord
http://sss12.banjia.la/ServerAPI.ashx?ation=ip&key=eGhkZmVlZGJhY2sInste&num=100
%d/%d[%d]
%s -URL{%s} -REF{%s} -NAV{%d} -STY{%d} -PXY{%s}
tbviewer.exe
localhost
http://item.taobao.com/item.htm?id=%s
http://store.taobao.com/?shop_id=%s
http://www.6299.cc/vip.html
password
savepwd
Settings
username
addtbaccount
collecteditem
collectedshop
authstatus
buyercredit
tbaccpwd
%s(userId=%s) 
chgtbaccountstatus
markcollnull
markcollected
marktodayfull
markscjfull
%s %d/%d 
m_bTaskNoYZM
%d/%d 
markalicollnull
markalicollected
markalitodayfull
markaliscjfull
marklikenull
markliked
marksharenull
markshared
marktmflwnull
marktmfollowed
markaitaonull
markatfollowed
markremindnull
marktgreminded
markuzhannull
markuzhanliked
http://www.6299.cc/bangzhuzhongxin/3715.html
http://www.6299.cc/jfgm.html
%04d-%02d-%02d %02d:%02d:%02d
: %d, 
http://www.6299.cc/bangzhuzhongxin/3768.html
: %d, 
http://www.6299.cc/bangzhuzhongxin/3791.html
http://www.6299.cc/bangzhuzhongxin/3792.html
: %d, 
.tmall.com
.taobao.com
: %d, 
: %d, 
: %d, 
http://www.6299.cc/bangzhuzhongxin/3721.html
http://www.6299.cc/bangzhuzhongxin/3812.html
appendaitaotask
spanflag
appendnum
appendalicolltask
http://detail.1688.com/offer/%s.html
http://%s.cn.1688.com/
appendcollecttask
appendflowtask
appendliketask
appendremindtask
appendsharetask
appendtmflwtask
appenduzhantask
%Y-%m-%d %H:%M:%S
getsalenum
http://www.6299.cc/rj/xiaohaoshuoming.html
http://www.6299.cc/bangzhuzhongxin/3824.html
buytbaccount&from=client
http://www.6299.cc/bangzhuzhongxin/3820.html
[1-%d]
convertvip
http://www.6299.cc/bangzhuzhongxin/3802.html
 - ID:%d
sethourpara
daymaxcnt
hourrate
m_nImgCodeWait
http://www.6299.cc/bangzhuzhongxin/3798.html
ForbidImgCode
hotkeep_desc
price_asc
newOn_desc
hotsell_desc
coefp_desc
 %d/%d 
priceup
pricedown
timeup
timedown
tradenumdown
http://www.6299.cc/getpwd.html
http://www.6299.cc/bangzhuzhongxin/3817.html
http://www.6299.cc/
%d.00 RMB
http://reg.6299.cc/?r=%d
config.dat
http://detail.1688.com/offer/
register&from=client
parentnum
confirmlogonpwd
m_dwHotKey
m_bHotKey
m_bHideTray
m_bAutoDama
SOFTWARE\Local AppWizard-Generated Applications\
http://item.taobao.com/item.htm?id=3055088768
kjhjkkk
xiepai102
ji929823
CMainFrame
TaobaoCollect_HOTKEY
http://flow2.2466.cc/cmd.asp
http://flow1.2466.cc/cmd.asp
kus.cc/
2466.cc/
WM_LINK_CLICKED
http://www.6299.cc/rj/weitao.html
http://www.6299.cc/bangzhuzhongxin/2.html
http://www.6299.cc/bangzhuzhongxin/3813.html
setcurve
deleteaitaotask
pauseaitaotask
startaitaotask
http://www.6299.cc/rj/alishoucang.html
http://www.6299.cc/bangzhuzhongxin/3805.html
deletealicolltask
pausealicolltask
startalicolltask
http://www.6299.cc/rj/shoucang.html
http://www.6299.cc/bangzhuzhongxin/1.html
deletecolltask
pausecolltask
startcolltask
deleteflowtask
pauseflowtask
startflowtask
http://www.6299.cc/rj/index.html
http://www.6299.cc/bangzhuzhongxin/3799.html
http://www.6299.cc/rj/xihuan.html
deleteliketask
pauseliketask
startliketask
http://u.6299.cc/
[1-%d]
convertgolds
%s?numaccount=%d&logonpwd=%s
http://scdown2.kus.cc/pointrec.asp
http://www.6299.cc/rj/kaituan.html
http://www.6299.cc/bangzhuzhongxin/3815.html
deleteremindtask
pauseremindtask
startremindtask
http://www.6299.cc/rj/fenxiang.html
deletesharetask
pausesharetask
startsharetask
http://www.6299.cc/bangzhuzhongxin/3656.html
http://www.6299.cc/bangzhuzhongxin/3729.html
receiveaward
[1-%d]
convertmoney
explorer.exe /select,%s
[%s]%s
%s_%d.zip
TbViewer.exe
xupdate.dll
xupdate.exe
http://scdown2.kus.cc/toppoint.asp
http://scdown2.kus.cc/topmoney.asp
http://www.6299.cc/bangzhuzhongxin/3655.html
http://www.6299.cc/bangzhuzhongxin/3654.html
http://www.6299.cc/bangzhuzhongxin/5.html
http://www.6299.cc/rj/zhuangtai.html
http://www.6299.cc/bangzhuzhongxin/110.html
http://www.6299.cc/bangzhuzhongxin/4.html
http://detail.1688.com/offer/1179959572.html
6319181jw
jiaweidee
http://detail.tmall.com/item.htm?id=15821947079&spm=a1z02.1.5864409.d4908637.wfnd4q
http://aitao.taobao.com/tzh/home.htm?spm=a2143.3068161.0.0.RrvoSM&tzhUserId=836427682&wsnsUid=2060499140
550712liuyxuan
mrlhy115
http://ju.taobao.com/tg/home.htm?spm=608.6815473.0.d66.NAg6Wq&item_id=22535583740&id=10000001037467
missyouff520
19910524
http://vipdacu.uz.taobao.com/?spm=a2116.3041269.6805133.2.I2e6VV
stoptbaccount
repairtbaccount
enabletbaccount
disabletbaccount
lisanli123
beijina02387053
http://www.6299.cc/rj/guanzhu.html
http://www.6299.cc/bangzhuzhongxin/3810.html
deletetmflwtask
pausetmflwtask
starttmflwtask
http://www.6299.cc/rj/uzhan.html
http://www.6299.cc/bangzhuzhongxin/3818.html
deleteuzhantask
pauseuzhantask
startuzhantask
Local AppWizard-Generated Applications
spring.msstyles
USkinExit
USkinInit
USkin.dll
'abc123'
2012-6-1
OnlyOneTaobaoCollect
CTbCollectDoc
CTbCollectView
?act=%s&ver=%d
CUIWorkThread
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
ocean\ocean
CFixHtmlView
CFixHtmlViewBase
%02x%02x%02x%02x%02x%02x
CHtmlCtrl
Internet Explorer_Server
CLinkListCtrl
tfosanit
StartWithoutUpdate
"%s" %s %s %s %d %d
http://scdown2.kus.cc/update/
update_v2.txt
"%s" "%s" "wait=%d"
%s.exe
\u%04X
http://www.taobao.com/webww
http://amos1.taobao.com
http://sighttp.qq.com
http://wpa.qq.com
update.txt
%s_old
rnd=%d
Cookie
Accept-Encoding: gzip, deflate
http://
https://
charset=utf-8
deflate
Content-Type: 
%%.%df
(?<day>expires=[A-Za-z]{3}),(?<date>\s\d{2}-[A-Za-z]{3}-\d{4}\s\d{2}:\d{2}:\d{2}\sGMT)
${day}${date}
{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
; charset=
Content-Type: application/x-www-form-urlencoded
Content-Type: multipart/form-data; boundary=%s
---------------------------%s
%s: %s
--%s--
application/octet-stream
; filename="%s"
Content-Disposition: form-data; name="%s"
.PAVCInternetException@@
There was an exception.
blank:
xdigit:
upper:
space:
punct:
print:
lower:
graph:
digit:
cntrl:
ascii:
alpha:
alnum:
XSortListCtrl
MYSORT_ASC
MYSORT_COL
%s\%s\%s
.PAVCException@@
%d%03d
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
need dictionary
invalid distance code
invalid literal/length code
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
incorrect data check
incorrect header check
invalid window size
unknown compression method
ct_init: 256+dist != 512
ct_init: dist != 256
ct_init: length != 256
code %d bits %d->%d
bit length overflow
gen_codes: max_code %d 
inconsistent bit counts
dyn trees: dyn %ld, stat %ld
dist tree: sent %ld
lit tree: sent %ld
bl tree: sent %ld
bl code %2d 
bl counts: 
too many codes
not enough codes
bad compressed size
opt %lu(%lu) stat %lu(%lu) stored %lu lit %u dist %u 
dist data: dyn %ld, stat %ld
lit data: dyn %ld, stat %ld
last_lit %u, last_dist %u, in %ld, out ~%ld(%ld%%) 
ct_tally: bad match
bad d_code
invalid length
output buffer too small for in-memory compression
bad pack level
wild scan
no future
insufficient lookahead
Code too clever
more < 2
Call UPDATE_HASH() MIN_MATCH-3 more times
A valid JSON document must be either an array or an object value.
Syntax error: value, object or array expected.
Missing '}' or object member name
Missing ':' after object member name
Missing ',' or '}' in object declaration
Missing ',' or ']' in array declaration
' is not a number.
Bad escape sequence in string
Empty escape sequence in string
expecting another \u token to begin the second half of a unicode surrogate pair
additional six characters expected to parse unicode surrogate pair.
Bad unicode escape sequence in string: hexadecimal digit expected.
Bad unicode escape sequence in string: four digits expected.
.?AVexception@@
.?AVruntime_error@std@@
Comments must start with /
Type is not convertible to string
Type is not convertible to int
Real out of signed integer range
integer out of signed integer range
Type is not convertible to uint
Real out of unsigned integer range
Negative integer can not be converted to unsigned integer
Type is not convertible to double
invalid distance too far back
invalid distances set
invalid literal/lengths set
invalid code -- missing end-of-block
invalid code lengths set
incorrect length check
header crc mismatch
unknown header flags set
http://count.tbcdn.cn/counter3?keys=%s&callback=%s
TShop.mods.SKU.CounterCenter.saveCounts
ICCP_1_%s
SCCP_2_%s
ZAN_27_2_%s
DFX_200_1_%s
ICVT_7_%s
ZAN_27_1100036:1_%s_%s
<p><strong>
</strong></p>
id="feedbackInfoId"
value="
id="feedbackUid"
offer_id:"
member_id:"
acookieAdditional:
content_id=
<div class="unit-detail-fav">
</div>
http://purchase.1688.com/favorites/add_to_favorites.htm?content_id=
content_type=COMPANY
.cn.1688.com
data-page-name="index">
<title>
</title>
http://purchase.1688.com/favorites/add_to_favorites.htm?content_type=OFFER_SALE&content_id=%s
http://purchase.1688.com/favorites/add_to_favorites.htm?content_type=COMPANY&content_id=%s
[alicoll]
 %s(%s)
<p><strong>
</strong></p>
<p><strong>
</strong></p>
 %s(%s)
 %s(%s) 
http://%s.cn.1688.com/page/offerlist.htm?%s
pageNum
priceEnd
priceStart
keywords
sortType
showType
catalog
href="
<div class="title">
<ul class="part-offer-list-main-catalogs">
<a  class="current"
<em class="page-count">
<em class="offer-count">
<strong>
</strong>
</span>
tzhUserId=
<div class="num">
<div class="shop-title">
<div class="mob-right shop-info">
[aitao]
 %s(%s)
 %s(%s)
 %s(%s) 
"status":"
"isLogin":"
"isSuccess":"
http://jianghu.taobao.com/admin/follow/follow_taozihao.htm?_input_charset=utf8&t=%s
_tb_token_
fromtbindex
role_id
1100044
http://jianghu.taobao.com/crossdomain.htm
SK1f37ca075fa0d0221a321536744be208
52cab5c3236ea05e5de809c1
womendemima123
img_countall_%s
img_countok_%s
img_time_%s
img_countall
img_countok
img_time
checkcode
%s%s%s
cookie_tlogon_%s
cookie_time_%s
cookie_value_%s
cookie_tlogon
cookie_time
cookie_value
"remindNum":
http://skip.ju.taobao.com/json/d/itemDynamic.htm?item_id=%s&id=%s&_ksTS=%s&callback=myjsonp1
item_id=
ITEM_ID=
[remind]
 %s(%s)
 %s(%s)
REMINDED_WW
 %s(%s) 
WW_SUCCESSFULLY
"type":"
http://dskip.ju.taobao.com/json/remind_action.htm?=1&userPhone=&checkcode=&remindType=2&_tb_token_=%s&_input_charset=utf-8&itemId=%s&id=%s&tgType=0&_ksTS=%s&callback=myjsonp7
http://dskip.ju.taobao.com/json/message_remind.htm?_tb_token_=%s&_input_charset=utf-8&itemId=%s&id=%s&tgType=0&_ksTS=%s&callback=myjsonp6
<p class="msg">
<p class="msg">
<p class="msg">
<p class="msg">
%s(%s) 
<input name="_tb_token_"
/login_unusual.htm?
http://i.taobao.com/
"url":"
https://login.taobao.com/member/vst.htm?st=%s&params=%s&_ksTS=%s&callback=%s
style=default&sub=&TPL_username=%s&loginsite=0&from_encoding=&not_duplite_str=&guf=&full_redirect=&isIgnore=&need_sign=&sign=&from=tb&TPL_redirect_url=&css_style=&allp=
jsonp%s
get vstCallback_st failed
"st":"
https://passport.alipay.com/mini_apply_st.js?site=0&token=%s&callback=%s
vstCallback%s
message
{$NewLoginMode$}
{$needcode$}
{$checkcode$}
{$token$}
{$umto$}
{$pwd$}
{$usr$}
TPL_username={$usr$}&TPL_password={$pwd$}&TPL_checkcode={$checkcode$}&need_check_code={$needcode$}&action=Authenticator&event_submit_do_login=anything&loginsite=0&newlogin={$NewLoginMode$}&TPL_redirect_url=&from=tb&fc=default&style=default&css_style=&tid=XOR_1_000000000000000000000000000000_63584054400B0F717B750379&support=000001&CtrlVersion=1%2C0%2C0%2C7&loginType=3&minititle=&minipara=&umto={$umto$}&pstrong=1&llnick=&sign=&need_sign=&isIgnore=&full_redirect=&popid=&callback={$NewLoginMode$}&guf=&not_duplite_str=&need_user_id=&poy=&gvfdcname=10&gvfdcre=&from_encoding=&sub=&allp=&oslanguage=
https://regcheckcode.%s
https://regcheckcode.
codeURL:"
%2C200
elumto.value += '
name="umto" value="
https://login.taobao.com/member/login.jhtml
_tb_token_=
mtx_tblogon_%s
userId=
class="hCard fn"
<h3 class="shop-title">
<div class="shop-info-simple">
<div class="main-info">
userid=
<meta name="microscope-data"
SCCP_2_(\d+)
ICCP_1_(\d+)
shopid="
itemid="
<div id="LineZing"
http://favorite.taobao.com/json/deploy_collection.htm
 %s(%s) 
[coll]
http://favorite.taobao.com/popup/add_collection.htm
 %s(%s)
 %s(%s) 
"status"
favor_type
favor_target_key
comment
result
"title":
callback
client_id
 %s(%s)
[like2]
msgCode
http://like.sns.taobao.com/like/create_like.htm?%s
domain
recUserId
targetKey
likeType
subType
privacy
content
property
picUrl
1100102
 %s(%s) 
 %s(%s) 
"content"
[share]
http://t.taobao.com/cooperate/publish_share.do?%s
{"shareSites":["0"]}
isShowFriend
_input_charset
http://t.taobao.com/cooperate/preload.htm?%s
http://yingyong.taobao.com/json/app/count.do?_tb_token_=%s&app_id=%s
http://yingyong.taobao.com/show.htm?app_id=%s
http://yingyong.taobao.com/detail.htm?app_id=%s
multiple
collectinfoid[]
infoId%s;itemType1;itemId%s
http://favorite.taobao.com/json/delete_collection.htm
data-item-id=\"
http://favorite.taobao.com/json/collect_list_chunk.htm?itemtype=1&invalid=true&classicList=true&orderby=time&startrow=%d&chunkSize=40&chunkNum=1&deleNum=0&callback=
http://favorite.taobao.com/collect_list.htm?itemtype=1&invalid=true&classicList=true&orderby=time&startrow=%d
http://bangpai.taobao.com/user/groups/
<div class="info">
<li class="item">
http://bangpai.taobao.com/su/search_user.htm?q=%s
title="
tagTail2
tagHead2
http://rate.taobao.com/rate.htm?userId=
tagTail1
USERID
tagHead1
tbconfig.dat
tagTail3
tagHead3
http://store.taobao.com/shop/view_shop-
tagHead
BuyerRate
J_BuyerRate
"sellerNickName"
sellerNick
data-nick="
<span class="J_WangWang
http://tradecardseller.wangwang.taobao.com/tradecard/nameCard.htm?jumpFrom=wwpartner&loginId=&uid=cntaobao%s
http://shop%s.taobao.com/search.htm?%s
highPrice
lowPrice
keyword
orderType
viewType
<p class="title">
<ul class="items">
<div class="desc">
<ul class="shop-list">
<b class="ui-page-s-len">
<span class="page-info">
<span>
method
itemtype=%d&isTmall=&isLp=&isTaohua=&id=%s&_tb_token_=%s
http://favorite.taobao.com/popup/add_collection_2.htm?id=%s&itemtype=%d&is_tmall=&is_lp=&is_taohua=
tags=%s&shareOption=true&withshop=true&remark=&ownerId=%s&infoId=0&itemType=1&itemId=%s&_tb_token_=%s
tags=%s&shareOption=1&withshop=undefined&remark=&ownerId=%s&infoId=0&itemType=0&itemId=%s&_tb_token_=%s
"popularity":
"brandName":"
http://brand.tmall.com/ajax/getBrandStatusBatch.htm?brandId=%s
data-brandid="
[tmall]
"is_success":"
http://brand.tmall.com/ajax/brandAddToFav.htm?%s
brandId
siteDomain: "
siteName: "
siteId: "
developerId: "
[uzhan]
"code":"
http://t.taobao.com/cooperate/publish_favor.do?%s
http://uz.taobao.com/
webpage
170193
favor_sub_type
1100036
FastVerCode.dll
RecYZM_A
%s?act=1&cid=%d
image/unknown
sitekey
http://api.yundama.com/api.php?cid=%d&method=result
upload
timeout
appkey
codetype
http://api.yundama.com/api.php
http://www.yundama.com/download/ydmhttp.html
postErrorCode
getResult
recognizeByBytes
recognizeByPath
providerLogin
setSoftInfo
Zhengma.dll
recognizeByPath
getResult
.?AVtype_info@@
.?AV_com_error@@
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwtGwwwwwwwwwwwwwwwtDDDDw
wwGtwDwwwwwtDDDDw
pwwwwppwwww
wwGttwGwwwwt
33330wp3
wwGttwGwwwwt
wwtDtwGwp
33330p333333
wwwttDwwp
wwwwpppwww
wwp0wwww
wwp0wwww
OGp888888
wwp0wwww
wwwppwwwp
p0wwww
DDGwp8
wwwwwwww
p0wwww
wwwwwwpwppp0wwww
wwwwwww
wwwwwww
wwwwwp
wwwwwwwww
wwwwwwwww
{{{{{x
{{{{{p
{{{{{x
Wwwwyw
{{{{{x
{{{{{{
wwwwwx
""""" 
""""" 
wwwwwwww
HrCg@b	g 
pdk{vU_
O(uKb:g
{{|{vU_
1YHe6e
)Y+ssQ
YUO7R6e
hKm0R	g Rd
b:N	gHe(u7b
\O:NVY
~`O&^eg1
k)Y{vU_
N O0RQ
d"}sQ.
d"}sQ.
d"}@b	g
OXT{vU_
hKm0R	g Rd
NQQbc 
k!kcbd
NHN/f?
d"}@b	g
`HN7R)Y+ssQ
NHN)Y+ssQ
R)Y+ssQ
TLr0W@W
d"}sQ.
NHN/fZ
RQQbcV
NQQbc 
NHN/fU
HrCg@b	g 
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
Csk"7!
/|B~ xmu4
vS\xWI
LeW?02p6
fRWh)4k1
Cdd`(_
iV$D?j
/[tKw'
']x.R]OA
i4}+Ow
9\ @Dk&
_ac*is
JR]Os(
F2N};R
AF*)Y#
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity 
	processorArchitecture="x86" 
	version="5.1.0.0"
	type="win32"
	name="OceanSoftApplication"
<description>OceanSoft Application</description>
<dependency>
	<dependentAssembly>
		<assemblyIdentity
			type="win32"
			name="Microsoft.Windows.Common-Controls"
			version="6.0.0.0"
			publicKeyToken="6595b64144ccf1df"
			language="*"
			processorArchitecture="x86"
	</dependentAssembly>
</dependency>
</assembly>
SSbpS	
SSbpS:g
SSbpS	
SbpS;m
ceQjR4
S>e'Y0R
Rbc0RHQMR
OX[@b	g
Y0Rck8^'Y