Sample details: e5943fcfd57f52bd9ae5ddfed3fc1773 --

Hashes
MD5: e5943fcfd57f52bd9ae5ddfed3fc1773
SHA1: 97364168cf8a1d2b7b3e8c7f9d45a30021643bd2
SHA256: 1aed0d144b983a9b56706041b8ef15a109ee942e25df90e04b2740c0d09813ff
SSDEEP: 12288:2TC6wQWHySzck0qHYccZp2ylMg60vJd82fzpc:wC6pWSS70uYvHHK0vJd8O9c
Details
File Type: PE32
Added: 2018-06-22 17:54:34
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/with_images | YRP/without_attachments | YRP/with_urls | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/anti_dbg | YRP/network_http | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers1 | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/MD5_Constants | YRP/BASE64_table | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API |
Parent Files
939fc58de662515d6e7abc932f03e6a1
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
VMProtect begin
VMProtect end
T$Du	f
D$$~9+
F\_^][
L$$_^d
L$@^[d
D$PQRP
L$pPQR
D$hRQP
9L$x~k
L$T_^][d
L$lRVQ
D$hQRP
D$hQRP
T$pPQR
\$8UVW
L$DPQj
	9oTtc
L$ _^d
W9^du-
T$|h(lJ
D$|h$lJ
L$ PQh
L$L_^][d
L$D_^][d
L$@RUQ
L$|_^][d
L$|_^][d
L$|_^][d
T$0VRPSQ
L$4_^[d
V#D$,WPQ
D$@UPQ
T$XUSR
T$HQRP
L$x_^d
D$(SUV
T$8RWj
L$ _^][d
l$<VWj
L$(VQVj
L$(UUh
t$LUPh
o0SSSSU
D$dSUVW
D$@WPS
L$`_^][d
L$0h\mJ
D$,RVh,mJ
D$HUPQ
\$PVUUS
D$hSUV3
D$,Pj<j
L$h_^][d
L$X_^d
t$ 90t
L$4S+L$0Qj
D$LPUj
D$ PQR
D$89Vdu
FpHt&Ht
D$LUSWP
L$$_^][d
L$,_[3
L$,_[3
L$(WQR
QQUWSS
L$P_]^[d
D$8|3I
D$(|3I
T$hQRWW
D$(|3I
t]9|$<tW
L$x_^]
L$<SQR
T$<RVW
9|$8tt
T$<WRh
T$lPRh
T$ SRh
9l$xtU9
u29l$xu,
L$XSQh
D$,SPh
T$,SRh
T$,SRh
T$,SRh
t$(SSh
t$$RVP
|$,RPQ
L$H][d
tVSh4uJ
L$HSUVWP
D$XPQU
D$8VPQ
T$ SWRP
L$L_^]3
t%RSQP
XY[Z[]
~'PSQR
\$<VW3
L$4_^3
D$XQRWP
D$dQUWRP
D$0WPQ
T$$+D$4
L$L^[d
9^xu5j
L$X_^]3
h9n`u;
D$8RPj
T$DQRU
D$PRPQ
L$TSWQ
l$HQRVU
D$H_^][
\$lUV3
L$h_^]3
T$\jdSR
L$Hj&Q
;t$Xu";\$\u
L$DSVQ
L$,_^]3
L$$_^][d
L$0PQS
L$ ]_^
L$ QSR
D$TVPW
D$TRPW
WWVQRWWS
D$ d3I
D$$QRP
T$,PQR
D$$RSSP
D$8WVRPQ
L$XRQP
l$@VW3
L$8_^][d
u"8D$yu
D$(_^][
8MThdu
~P9~Pun
t&9^$t
F(9V8tQ
F<_^][
F<_^][
|$@ Wu
|$D UV
L$8^]_3
@;l$\~Z
L$X;L$
uh9^8uX
F89^8u&j
N$~	WU
L$T_^][d
L$L_^][d
D$,;\$|
L$0PQR
PQj WUS
T$dPQR
L$l_^][d
L$8WPQR
T$DQSR
D$49D$$}
T$\;D$Xu
9nPu	9^T
L$(PQR
T$,RQP
T$(PQR
L$x_^][d
L$l_^][d
L$TPQR
L$dPQRV
L$4SUV
L$4WPQR
D$ |2;
L$@_^][d
u._^][
L$ WPQ
T$,RQP
L$\_^][d
L$@RQj
D$@RPQj
L$T_^]d
FD uy9D$$}s
FD@ul9L$(}f
L$P_^d
L$\_^][d
;D$xt&
9D$$t+
L$D_]d
L$ ^][d
D$$QUP
L$|_^][d
L$t][d
D$$SUV
D$DURP
RVPUSQ
L$$_^][d
j VUPWQ
T$(QVURWP
L$,_^][d
D$$_^[
D$$_^[
L$4VQUP
L$$_^][d
L$4UQWP
L$$_^][d
T$0SUV
L$(_^][d
T$8QRP
L$(_^][d
L$8_^][d
|$LtE;
t$PPVS
L$8_^][d
T$\WVR
jBWVSSQ
D$(_^]
\$ PQV
L$$_^][d
L$H_^][d
T$DWRh
D$,QRPS
L$$RPQS
L$<_^][d
L$(RPQ
NTRPQj
L$(RPQ
T$(PQR
D$(QRP
T$DPQRW
L$<RPQW
L$T_^]
Nh;NX|
Vh;VX|
Fxt_;FTu@
Nh;NX|
P$RWPh`+C
D$0QVRP
L$$PVh
D$4RPQ
D$ PQR
=pscat
=YARGtD= BGRt
h BGRUPV
hYARGUQV
=lcmnw_tQ=tsbat-=knilt	=rtnmto
hknilUPV
htsbaUQV
=rtrpt =rncst
=capst
= baLt = ZYXt
TADIut
tkPUSV
ETLPuF
Ex@u	U
T$8u	f9
D$8QVRPU
QRVWPU
D$$SPh
3;L$4s
T$8QRU
L$Xh`[
T$,SRW
T$0;t$
PPPQSG
D$ EJ;
D$4SUVW
L$$QWV
D$0Uhp
D$,Hx;@
D$(CM;
D$Hvm3
L$Lvj3
D$(FO;
SWVVVRPV
L$$^]d
L$D_^[d
D$ hT1J
L$t_^d
D$<|3I
D$ RPUhD
QUhP1J
L$l_^][d
L$$^[d
L$(WSR
T$0PQR
WjdjdPQh
|z;^<}uWS
L$D_^][d
L$\_^][d
It#Iu%
^l_^][
tI;Ftr
tL9~HvG;
~(9~$u
D/ VPS
L$<RWUQV
L$$j QV
L$(VQU
hPCCiU
L$(RPVQWU
l$,WuAS
|$ VurU
D$@QRPU
T$ PQW
Ht&HtcI
D$(SUW
=TADIt
TADIu"
hTADIV
Ht]Ht2Ht
HtfHt;Ht
t$,u%:D$<u
:L$<t;
\$$u9f;
\$@QUR
;=3333v
HtHHuz
V,_^[Y
D$ _^][
EHPWVS
u]9B uX
uR9BxuM
'9A`u"9
tq9~Dt
nd9~dt
u	9~@u
tS9~@uN
T$LPQR
|$HPWS
L$(RPQ
T$DPVS
T$LRWS
Fdf+Fh
D$(8D*
tRHt}H
NH_^][
T$LWUQVR
L$4WQUVS
;l$ }:
|$$}$WP
\$\}-j
O(_^][
T$H} VP
T$$PRV
D$(QPW
L$,SUV
L$0SUV@W
NX9NXu 
QPSWVR
T$PQRP
D$$SUV
D$(;l$ 
\$(UVW
D$,_^]
D$(CUSWP
9o4u'V
9t$0v8
T$,RWV
T$,RWV
T$,RWV
L$,QWV
T$,RWV
L$ RUPj
T+3x%A
;D$<s!
T$,PQh
|$ WUSV
D$$SUV
L$(SUV
N4_^]3
BRPj+S
@PVj,S
\$4t|Ht@H
T$ QRP
F$@;F(v
F$@@;F(v
t_h4uJ
QQSVWd
;t$,v-
UQPXY]Y[
B 02CV
C =02CVu
VC20XC00U
HYYtJHt9H
.;1s(N
twHHt,HHt
HtUHt*
SWVt<j
t]Ht@Ht$Hu
ty<%tA
^SSSSS
t$<"u	3
< tK<	tG
j@j ^V
F\=`LI
QQSVWj
tWItHIt9It 
	X 9} 
t*=RCC
;7|G;p
tR99u2
<+t"<-t
+t HHt
t"SS9] u
v	N+D$
HHtXHHt
?If90t
URPQQh 
PPPPPPPP
PPPPPPPP
PPPPPPPP
0Wh\kM
>:u8FV
VVVVVQRSSj
v	N+D$
tRHtCHt4Ht%HtFHHt
nt2Ht#Ht
F\jLSP
u$SShe
ue;=paM
z;=laM
M;=taM
(;=haM
Wj(_Wj
hWj@_;
tAhx'I
Yt&h\(I
PQQQQQ
t	9p$u
PPPPhd
tvWWWWU
F,_^][
tSh<-I
(wqt\HHtS
t>Ht Ht
u09=@_M
QSUVWj
n0SSSSU
_SSSSU
Ph_^][Y
tD9_Pt?
Ht#HHt
@t4Ht1Ht_Ht
^$_^[]
F(_+F$^[;E
<A|2<Z
<A|@<Z
+tJHt:Ht*
P<PuWSV
VWtp9E
HtTHtFHt8Ht*Ht
PWVWWW
9^0u/j
F09^4u*j
F49^8u&j
^,_^][
d09f2340818511d396f6aaf844c7e325
52F260023059454187AF826A3C07AF2A
707ca37322474f6ca841f0e224f4b620
5F99C1642A2F4e03850721B4F5D7C3F8
A512548E76954B6E92C21055517615B0
window
wp32@a3d115ae.exe
http://222.186.3.73:8591/op.exe
QQExternal.exe
http://222.186.3.73:8591/QQExternal.exe
aliwssv.exe
http://yunos.xueliwu.com/rcr/107.exe
cmd.exe /c del "
6545454
wwwwwwwxp
DDDDDO
DDDDDO
wwwwwwww
wxtDDOp
wtDDOp
""""""
""""""
""""""
""""""
""""""
""""""
""""""
""""""
&&#&&))
""""""
!!!!!!!!"
""""""
""""""
""""""
""""""
######
))))))
******
zz1111MMM
^zz1111MM
^zz1111M
^zz1111
^zz111
ozR1ML
oLLLLL
4i5U6B738%9
B#C0D?EQFeG|H
E=FZGrH
QyReSOT5U
qdZRMHD@=;86421/.-+*)(''&%$$#""!!  
																																																																
|?5^<@
0123456789ABCDEF
123456789
0123456789ABCDEF
Qkkbal
DDDDUUUU
00003333
""""UUUU
 0@P`p
!1AQaq
"2BRbr
#3CScs
$4DTdt
%5EUeu
&6FVfv
'7GWgw
(8HXhx
)9IYiy
*:JZjz
+;K[k{
,<L\l|
-=M]m}
.>N^n~
 deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly 
BKbhTb~XBK!;
 inflate 1.1.3 Copyright 1995-1998 Mark Adler 
								
?u='@^
F%*.*f
CNotSupportedException
CMemoryException
CException
CMemFile
CTempGdiObject
CTempDC
CPalette
CBitmap
CBrush
CGdiObject
CPaintDC
CWindowDC
CClientDC
CUserException
CResourceException
CDialog
MS Sans Serif
MS Shell Dlg
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
GetSystemMetrics
USER32
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
InitCommonControlsEx
COMCTL32.DLL
CPtrArray
CComboBox
CButton
CStatic
CFileDialog
CStringArray
CWinApp
PreviewPages
Settings
CTempImageList
CImageList
CProgressCtrl
CArchiveException
CSharedFile
CCmdTarget
CWinThread
CTempMenu
combobox
CDWordArray
CWordArray
CFileException
CMapPtrToPtr
CToolTipCtrl
tooltips_class32
CColorDialog
UNLINK
DELETE
CObject
System
commdlg_SetRGBColor
commdlg_help
commdlg_ColorOK
commdlg_FileNameOK
commdlg_ShareViolation
commdlg_LBSelChangedNotify
CPtrList
software
CSyncObject
CCriticalSection
CMapStringToPtr
CorExitProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
]vQ<)8
|)P!?Ua0
Eb2]A=
u?^p?o4
y1~?|"
?|I7Z#
>,'1D=
?g)([|X>=
:h"?bC
@H#?43
Ax#?uN}*
r7Yr7=
F0$?3=1
H`$?h|
&?~YK|
sU0&?W
<8bunz8
?#%X.y
F||<##
<@En[vP
_nextafter
_hypot
bad exception
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
Illegal byte sequence
Directory not empty
Function not implemented
No locks available
Filename too long
Resource deadlock avoided
Result too large
Domain error
Broken pipe
Too many links
Read-only file system
Invalid seek
No space left on device
File too large
Inappropriate I/O control operation
Too many open files
Too many open files in system
Invalid argument
Is a directory
Not a directory
No such device
Improper link
File exists
Resource device
Unknown error
Bad address
Permission denied
Not enough space
Resource temporarily unavailable
No child processes
Bad file descriptor
Exec format error
Arg list too long
No such device or address
Input/output error
Interrupted function call
No such process
No such file or directory
Operation not permitted
No error
UTF-16LE
UNICODE
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
Unknown exception
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
`h`hhh
xppwpp
1#QNAN
1#SNAN
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
comdlg32.dll
GDI32.dll
ole32.dll
OLEAUT32.dll
RASAPI32.dll
SHELL32.dll
USER32.dll
WININET.dll
WINMM.dll
WINSPOOL.DRV
WS2_32.dll
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
SetLastError
GetTimeZoneInformation
FileTimeToSystemTime
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
CreateFileW
WriteConsoleW
CompareStringW
LoadLibraryW
GetStringTypeW
VirtualQuery
GetConsoleMode
GetConsoleCP
InterlockedIncrement
LCMapStringW
SetEnvironmentVariableA
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
IsValidCodePage
GetACP
HeapSize
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
WritePrivateProfileStringA
CreateThread
CreateEventA
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
HeapQueryInformation
GetModuleHandleW
GetDateFormatA
GetTimeFormatA
RaiseException
DecodePointer
EncodePointer
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
LocalFree
InterlockedDecrement
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
RegQueryValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
ImageList_Destroy
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateRectRgnIndirect
Ellipse
StretchBlt
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
Rectangle
SetBkColor
CreateCompatibleDC
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
CLSIDFromString
OleUninitialize
OleInitialize
RasHangUpA
RasGetConnectStatusA
ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
GetSystemMetrics
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
SetCursor
LoadCursorA
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
SetCursorPos
DrawTextA
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSysColorBrush
LoadStringA
GetDesktopWindow
GetClassNameA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
SetWindowTextA
GetForegroundWindow
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
UnregisterClassA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
midiStreamRestart
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiOutReset
midiStreamClose
OpenPrinterA
DocumentPropertiesA
ClosePrinter
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
 (*.prn)|*.prn|
 (*.*)|*.*||
Shell32.dll
Mpr.dll
Advapi32.dll
User32.dll
Gdi32.dll
Kernel32.dll
\shell\open\command
mailto:
DISPLAY
OpenDatabase
CloseDatabase
GetConnectString
GetTabList
DllUnregisterServer
DllRegisterServer
DEFAULT_ICON
RemovePlayer
	WG!2S(
Nyt2S	W	w	w
L23fff&ff
?fff&ff23
CWinFormUnit
WTWindow
GetMonitorInfoA
MonitorFromWindow
bcdfghijklmnpqrstuvwxyz
abcddefghijklmnoopqrrsstuvvwwxyyz;
,1"52.*
(&07-034/)7 '
hgjlkbrfzaoe
5	!	!	!	!
	!	!	!	!	
	6	6	6	6
	6	6	6	6	6	6	6	6	6	6	,	,	,	,	,	,	,	,	+	+	+	+	+	/	/	/	'	'	'	'	'	'	'	'	'	'	(	(	(	(	(	(	(	(	(	(	(	(	(	
	7	7	7	7	7	7	7	7	7	7	7	*	*	-	-	-	-
	2	5	5	5	5	5
	5	5	5
?? / %d]
%d / %d]
 (*.*)|*.*||
 (*.WAV;*.MID)|*.WAV;*.MID|WAV
 (*.WAV)|*.WAV|MIDI
 (*.MID)|*.MID|
 (*.txt)|*.txt|
 (*.*)|*.*||
Ctrl+Shift+F12
Ctrl+Shift+F11
Ctrl+Shift+F10
Ctrl+Shift+F9
Ctrl+Shift+F8
Ctrl+Shift+F7
Ctrl+Shift+F6
Ctrl+Shift+F5
Ctrl+Shift+F4
Ctrl+Shift+F3
Ctrl+Shift+F2
Ctrl+Shift+F1
Shift+F12
Shift+F11
Shift+F10
Shift+F9
Shift+F8
Shift+F7
Shift+F6
Shift+F5
Shift+F4
Shift+F3
Shift+F2
Shift+F1
Ctrl+F12
Ctrl+F11
Ctrl+F10
Ctrl+F9
Ctrl+F8
Ctrl+F7
Ctrl+F6
Ctrl+F5
Ctrl+F4
Ctrl+F3
Ctrl+F2
Ctrl+F1
Ctrl+Z
Ctrl+Y
Ctrl+X
Ctrl+W
Ctrl+V
Ctrl+U
Ctrl+T
Ctrl+S
Ctrl+R
Ctrl+Q
Ctrl+P
Ctrl+O
Ctrl+N
Ctrl+M
Ctrl+L
Ctrl+K
Ctrl+J
Ctrl+I
Ctrl+H
Ctrl+G
Ctrl+F
Ctrl+E
Ctrl+D
Ctrl+C
Ctrl+B
Ctrl+A
 (*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
 (*.JPG)|*.JPG|PNG
 (*.PNG)|*.PNG|BMP
 (*.BMP)|*.BMP|GIF
 (*.GIF)|*.GIF|
 (*.ICO)|*.ICO|
 (*.CUR)|*.CUR|
 (*.*)|*.*||
devices
windows
device
MGridCells
CColourPicker
_EL_HideOwner
Potential overflow in png_zalloc()
 but running with 
Application built with libpng-
Ignoring invalid time value
unexpected zlib return code
unexpected zlib return
unsupported zlib version
truncated
insufficient memory
damaged LZ stream
bad parameters to zlib
zlib IO error
missing LZ dictionary
unexpected end of LZ stream
gamma value out of range
duplicate
gamma value does not match sRGB
gamma value does not match libpng estimate
invalid chromaticities
internal error checking chromaticities
inconsistent chromaticities
invalid sRGB rendering intent
cHRM chunk does not match sRGB
duplicate sRGB information ignored
inconsistent rendering intents
profile '
invalid length
too short
tag count too large
unexpected ICC PCS encoding
unrecognized ICC profile class
unexpected NamedColor ICC profile class
invalid embedded Abstract ICC profile
unexpected DeviceLink ICC profile class
Gray color space not permitted on RGB PNG
RGB color space not permitted on grayscale PNG
invalid ICC profile color space
PCS illuminant is not D50
invalid signature
intent outside defined range
invalid rendering intent
length does not match profile
ICC profile tag outside profile
ICC profile tag start not a multiple of 4
out-of-date sRGB profile with no signature
known incorrect sRGB profile
copyright violation: edited ICC profile ignored
internal error handling cHRM->XYZ
internal error handling cHRM coefficients
Invalid IHDR data
Invalid filter method in IHDR
Unknown filter method in IHDR
MNG features are not allowed in a PNG datastream
Unknown compression method in IHDR
Unknown interlace method in IHDR
Invalid color type/bit depth combination in IHDR
Invalid color type in IHDR
Invalid bit depth in IHDR
Invalid image height in IHDR
Invalid image width in IHDR
Image height exceeds user limit in IHDR
Image width exceeds user limit in IHDR
Image height is zero in IHDR
Image width is zero in IHDR
gamma table being rebuilt
Too many IDATs found
Missing PLTE before IDAT
Missing IHDR before IDAT
png_read_update_info/png_start_read_image: duplicate call
internal sequential row size calculation error
sequential row overflow
bad adaptive filter value
Invalid attempt to read row data
png_image_read: opaque pointer not NULL
png_image_read: out of memory
png_image_begin_read_from_memory: incorrect PNG_IMAGE_VERSION
png_image_begin_read_from_memory: invalid argument
invalid memory read
read beyond end of data
png_image_finish_read: damaged PNG_IMAGE_VERSION
png_image_finish_read: invalid argument
png_image_finish_read[color-map]: no color-map
bad background index (internal error)
bad processing option (internal error)
color map overflow (BAD internal error)
bad data option (internal error)
invalid PNG color type
palette color-map: too few entries
rgb-alpha color-map: too few entries
rgb+alpha color-map: too few entries
rgb color-map: too few entries
rgb[gray] color-map: too few entries
rgb[ga] color-map: too few entries
gray-alpha color-map: too few entries
ga-alpha color-map: too few entries
gray+alpha color-map: too few entries
gray[16] color-map: too few entries
gray[8] color-map: too few entries
a background color must be supplied to remove alpha/transparency
unexpected encoding (internal error)
bad encoding (internal error)
color-map index out of range
bad color-map processing (internal error)
unknown interlace type
png_read_image: invalid transformations
unexpected alpha swap transformation
png_image_read: alpha channel lost
png_read_image: unsupported transformation
unexpected bit depth
unexpected 8-bit transformation
lost/gained channels
unexpected compose
lost rgb to gray
out.prn
%d / %d
 %d/%d 
 %d/%d 
_EL_ColourPopup
Bogus message code %d
libpng error: %s
undefined
libpng warning: %s
bad longjmp: 
internal error: array alloc
internal error: array realloc
Out of memory
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
Call to NULL read function
Read Error
Can't set both read_data_fn and write_data_fn in the same structure
PNG unsigned integer out of range
PNG file corrupted by ASCII conversion
Not a PNG file
CRC error
invalid
out of place
bKGD must be after
hIST must be after
tRNS must be after
ignored in grayscale PNG
missing IHDR
PNG fixed point integer out of range
invalid values
too many profiles
bad keyword
bad compression method
out of memory
extra compressed data
insufficient memory to read chunk
 using zstream
zstream unclaimed
sPLT chunk requires too much memory
sPLT chunk too long
sPLT chunk has bad length
malformed sPLT chunk
No space in chunk cache for sPLT
invalid with alpha channel
invalid index
invalid data
unrecognized equation type
invalid parameter count
bad width format
bad height format
non-positive height
non-positive width
invalid unit
Insufficient memory to process text chunk
no space in chunk cache
unknown compression type
bad compression info
unhandled critical chunk
forcing save of an unhandled chunk; please call png_set_keep_unknown_chunks
Saving unknown chunk:
error in user chunk
unknown chunk exceeds memory limits
invalid chunk type
invalid user transform pixel depth
internal row width error
internal row size calculation error
internal row logic error
Too much image data
Extra compressed data
Not enough image data
Row has too many bytes to allocate in memory
Application must supply a known background gamma
invalid before the PNG header has been read
invalid after png_start_read_image or png_read_update_info
conflicting calls to set alpha mode and background
invalid alpha mode
output gamma out of expected range
ignoring out of range rgb_to_gray coefficients
invalid error action to rgb_to_gray
invalid background gamma type
libpng does not support gamma+background+rgb_to_gray
Palette is NULL in indexed image
png_do_quantize returned rowbytes=0
png_do_rgb_to_gray found nongray pixel
Uninitialized row
NULL row buffer
png_do_encode_alpha: unexpected call
png_set_filler is invalid for low bit depth gray output
png_set_filler: inappropriate color type
Invalid palette size, hIST allocation skipped
Insufficient memory for hIST chunk data
Insufficient memory for pCAL parameter
Insufficient memory for pCAL params
Insufficient memory for pCAL units
Insufficient memory for pCAL purpose
Invalid format for pCAL parameter
Invalid pCAL parameter count
Invalid pCAL equation type
Memory allocation failed while processing sCAL
Invalid sCAL height
Invalid sCAL width
Invalid sCAL unit
Invalid palette
Invalid palette length
text chunk: out of memory
text compression mode is out of range
too many text chunks
tRNS chunk has out-of-range samples for bit_depth
sPLT out of memory
png_set_sPLT: invalid sPLT
too many sPLT chunks
unknown chunk: out of memory
too many unknown chunks
invalid location in png_set_unknown_chunks
png_set_unknown_chunks now expects a valid location
png_set_keep_unknown_chunks: invalid keep
png_set_keep_unknown_chunks: too many chunks
png_set_keep_unknown_chunks: no chunk list
(%d-%d):
JPEGMEM
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
incompatible version
buffer error
data error
stream error
file error
stream end
invalid distance code
invalid literal/length code
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
.PAVCException@@
Accept: */*
Accept: */* 
HTTP/1.0
gb2312
us-ascii
=?gb2312?B?
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
%s <%s>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Content-type: text/plain; charset="
MIME-Version: 1.0
Content-type: multipart/mixed; boundary="#BOUNDARY#"
Reply-To: %s
From: %s
To: %s
Subject: %s
Date: %s
From: %s
To: %s
Cc: %s
Subject: %s
Date: %s
%a, %d %b %Y %H:%M:%S 
%+.2d%.2d
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCObject@@
.?AVCException@@
.?AVCSimpleException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCFile@@
.?AVCFileException@@
.?AVCMemFile@@
.?AVCDC@@
.?AVCClientDC@@
.?AVCWindowDC@@
.?AVCPaintDC@@
.?AVCGdiObject@@
.?AVCPen@@
.?AVCBrush@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCResourceException@@
.?AVCUserException@@
.?AVCCmdTarget@@
.?AVCWnd@@
.?AVCDialog@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTempWnd@@
.?AVCNoTrackObject@@
.?AV_AFX_CTL3D_STATE@@
.?AVCPtrArray@@
.?AVCStatic@@
.?AVCButton@@
.?AVCComboBox@@
.?AVCEdit@@
.?AV_AFX_CHECKLIST_STATE@@
.?AVCBitmap@@
.?AVCRgn@@
.?AVCCommonDialog@@
.?AVCFileDialog@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AVCStringArray@@
.?AUCThreadData@@
.?AV_AFX_WIN_STATE@@
.?AVCWinThread@@
.?AVCWinApp@@
.?AVCProgressCtrl@@
.?AVCImageList@@
.?AVCTempImageList@@
.PAVCArchiveException@@
.?AVCArchiveException@@
.?AVCSharedFile@@
.?AV_AFX_CTL3D_THREAD@@
.?AVCMenu@@
.?AVCTempMenu@@
.?AVCDWordArray@@
.?AVCWordArray@@
.?AVCSyncObject@@
.?AVCMapPtrToPtr@@
.?AVCToolTipCtrl@@
.?AV_AFX_COLOR_STATE@@
.?AVCColorDialog@@
.?AV_AFX_SOCK_STATE@@
.?AVCCriticalSection@@
.?AVCSessionMapPtrToPtr@@
.?AVCHandleMap@@
.?AVCPtrList@@
.?AVCMapStringToPtr@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
resource.h
#include "afxres.h"
#define _AFX_NO_SPLITTER_RESOURCES
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
LANGUAGE 4, 2
#pragma code_page(936)
#endif //_WIN32
#include "l.chs\afxres.rc"          // Standard components
#endif
SbpS:g:
SbpS0R
SbpS@b	gu
SbpS0R
kXEQ>\u
ck(WSbpS
-NbkSbpS(
SbpS\O
-NbkSbpS
eQpenc
0R>\W[
nzzpenc
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
ech1Y%
ech1Y%
OX[0R 
ech1Y%
RSbpS\O
QX[gbL
YX[(W	
N/f@b	g
l	g~b0Rdk
-N"N1Y
0dk:ghV
T/f&Tcknx
N*Ntepe
N*N(W%
N*N(W%
N*N(W0
N*Ncktepe
l	g~b0R 
[/fS_MR
g~b1Y%
WE>EE>E>E>E>E>E>E>W
>LEEEEEEEEEE
ILLLEEL
  $$$%%%$-.
()'&[[]]]i
$$'%%00222333_0
0\[[[[[\]ccg|
)[^_\``ddjttj_n
1[^)'[[[]bbcgg|
0_`dtv~
i\][[[[['[\abccgg{mblkyyeq
xbb]['^)^['2\abccccgz4
5_]]]]]'^^[)%0[\abbcc\fl
5a]]]a\2&^^%%'2\aabbbc0]`
3aaa\a\%4_)$''2[aaabbc2^
agiaa\\0&^^$$''2\\aaaab_
of"Ywa\\2
$%%'2\\\\\\\\
 $'023\3\\3\
 %%'2333333[
1\\b3%
$%'0223221
$%'02220`o
# $%'0220
- $%'000%
$$%00%)
 $%00$
 $%%%0
<C<C<C<C<C<C<C<
ZX_bdV
g%26WYd
$%''2237Z9
3268_`do02[almoool
\%'+938_``do[nnoo
pa333*Z'23X```cm
u/388%hZ%28^_`^YV
/`8^3+
1(2X^^_^[
/'38^8^^
/'38X88Z
.'23833
.$'322
.$'2'[
/v0)%2%
#355.+('6
690103('@
::VVMd
NNNNUM
350995
:XXXX:
#?````CCBBE`@
gd_pllm1
ao3wc4+
3.%oH1
xO.NA(
'695%The$g
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
070615000000Z
120614235959Z0\1
VeriSign, Inc.1402
+VeriSign Time Stamping Services Signer - G20
6^bMRQ4q
JcEG.k
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA1-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
100316000000Z
130315235959Z0
Beijing1
Beijing1
360.cn1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
360.cn0
3http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
090521000000Z
190520235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
'tag'Mj
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif0
http://ocsp.verisign.com01
 http://crl.verisign.com/pca3.crl0)
Class3CA2048-1-550
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA
U0Rw0	
http://www.360.cn 0
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
111229084653Z0#