Analysis Date2015-02-01 16:23:27
MD5040cbbcb09f5c784d7ffb3e5bb6e1f8b
SHA136080b2b7fe2e89a056da4f9949b676cfd69b94d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Language040904B0 
Section.text md5: 827a9134056cdb504bb6f3fe6a116c38 sha1: 4f3058eaf821edaac1c39502940b45ea349865b3 size: 319488
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 5b867f72f139c6e8496f10ab8f02ec67 sha1: 04de755101025746b31de83b74d06d4f7dcdf00e size: 4096
Timestamp2014-10-09 04:07:13
VersionInternalName: zpqzyp
FileVersion: 1.00
CompanyName: sony
ProductName: nqpwwy
ProductVersion: 1.00
OriginalFilename: xoqttt.exe
PackerMicrosoft Visual Basic v5.0
PEhashe21ec01ce3731f32fc8e597bf5ab2467d69dc6fe
IMPhash9c7d68ede0ed6276d4f642dd2e16e977
AV360 Safeno_virus
AVAd-AwareGen:Variant.Kazy.11155
AVAlwil (avast)VB-AIVR [Trj]
AVArcabit (arcavir)Gen:Variant.Kazy.11155
AVAuthentiumW32/S-89f55aff!Eldorado
AVAvira (antivir)BDS/Simda.aomenoa
AVBullGuardGen:Variant.Kazy.11155
AVCA (E-Trust Ino)Win32/Tnega.XAXV!suspicious
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Kazy.11155
AVEset (nod32)Win32/Spy.Bancos.ACM
AVFortinetW32/Bancos.ACMB!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.11155
AVGrisoft (avg)PSW.Banker6.BSEF
AVIkarusTrojan.Win32.Cossta
AVK7NetWorm ( 700000151 )
AVKasperskyTrojan.Win32.Cossta.aexd
AVMalwareBytesno_virus
AVMcafeePWS-FBXN!040CBBCB09F5
AVMicrosoft Security EssentialsTrojan:Win32/Dynamer!ac
AVMicroWorld (escan)Gen:Variant.Kazy.11155
AVRisingTrojan.VBInject!48DD
AVSophosTroj/VBSpy-P
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)TScope.Trojan.VB

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\36080b2b7fe2e89a056da4f9949b676cfd69b94d
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\strings.txt
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\~DFB652.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes FileC:\strings.txt
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.pcbonto.hu
Winsock DNScpl.yonsei.ac.kr
Winsock DNSwww.vubp.cz
Winsock DNSwww.aviafilm.com.ua
Winsock DNSgetmoresitetraffic.com
Winsock DNSwww.vulcanusalumni.net
Winsock DNSwww.artemon.cz
Winsock DNStamilcinemax.net
Winsock DNSdasan.sejong.ac.kr
Winsock DNSwww.unser-mittelhessen.de

Network Details:

DNSwww.unser-mittelhessen.de
Type: A
85.214.252.31
DNStamilcinemax.net
Type: A
54.72.9.51
DNSwww.aviafilm.com.ua
Type: A
91.203.4.62
DNSvubp.cz
Type: A
193.165.164.5
DNSartew.artemon.cz
Type: A
81.19.9.10
DNSvulcanusalumni.net
Type: A
213.186.33.16
DNSpcbonto.hu
Type: A
195.70.36.61
DNSdasan.sejong.ac.kr
Type: A
210.107.239.150
DNSgetmoresitetraffic.com
Type: A
204.197.246.18
DNScpl.yonsei.ac.kr
Type: A
165.132.228.113
DNSwww.vubp.cz
Type: A
DNSwww.artemon.cz
Type: A
DNSwww.vulcanusalumni.net
Type: A
DNSwww.pcbonto.hu
Type: A
HTTP GEThttp://www.unser-mittelhessen.de/eventbilder/gross/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://tamilcinemax.net/js/info/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.aviafilm.com.ua/forum/files/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vubp.cz/includes/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.artemon.cz/dov/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vulcanusalumni.net/templates/css/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.pcbonto.hu/portal/actions/admin/perm/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://dasan.sejong.ac.kr/~appmath/test/bbs/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.unser-mittelhessen.de/eventbilder/gross/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://getmoresitetraffic.com/cache/forums/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://cpl.yonsei.ac.kr/bbs/icon/private_icon/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.aviafilm.com.ua/forum/files/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://tamilcinemax.net/js/info/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.aviafilm.com.ua/forum/files/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vubp.cz/includes/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.artemon.cz/dov/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vulcanusalumni.net/templates/css/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.pcbonto.hu/portal/actions/admin/perm/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://dasan.sejong.ac.kr/~appmath/test/bbs/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.unser-mittelhessen.de/eventbilder/gross/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://getmoresitetraffic.com/cache/forums/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://cpl.yonsei.ac.kr/bbs/icon/private_icon/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Flows TCP192.168.1.1:1031 ➝ 85.214.252.31:80
Flows TCP192.168.1.1:1032 ➝ 54.72.9.51:80
Flows TCP192.168.1.1:1033 ➝ 91.203.4.62:80
Flows TCP192.168.1.1:1034 ➝ 193.165.164.5:80
Flows TCP192.168.1.1:1035 ➝ 81.19.9.10:80
Flows TCP192.168.1.1:1036 ➝ 213.186.33.16:80
Flows TCP192.168.1.1:1037 ➝ 195.70.36.61:80
Flows TCP192.168.1.1:1038 ➝ 210.107.239.150:80
Flows TCP192.168.1.1:1039 ➝ 85.214.252.31:80
Flows TCP192.168.1.1:1040 ➝ 204.197.246.18:80
Flows TCP192.168.1.1:1041 ➝ 165.132.228.113:80
Flows TCP192.168.1.1:1042 ➝ 91.203.4.62:80
Flows TCP192.168.1.1:1043 ➝ 54.72.9.51:80
Flows TCP192.168.1.1:1044 ➝ 91.203.4.62:80
Flows TCP192.168.1.1:1045 ➝ 193.165.164.5:80
Flows TCP192.168.1.1:1046 ➝ 81.19.9.10:80
Flows TCP192.168.1.1:1047 ➝ 213.186.33.16:80
Flows TCP192.168.1.1:1048 ➝ 195.70.36.61:80
Flows TCP192.168.1.1:1049 ➝ 210.107.239.150:80
Flows TCP192.168.1.1:1050 ➝ 85.214.252.31:80
Flows TCP192.168.1.1:1051 ➝ 204.197.246.18:80
Flows TCP192.168.1.1:1052 ➝ 165.132.228.113:80

Raw Pcap
0x00000000 (00000)   47455420 2f657665 6e746269 6c646572   GET /eventbilder
0x00000010 (00016)   2f67726f 73732f2e 2e2e2f73 7472696e   /gross/.../strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 20777777   0.0.2..Host: www
0x000000a0 (00160)   2e756e73 65722d6d 69747465 6c686573   .unser-mittelhes
0x000000b0 (00176)   73656e2e 64650d0a 43616368 652d436f   sen.de..Cache-Co
0x000000c0 (00192)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f6a732f 696e666f 2f737472   GET /js/info/str
0x00000010 (00016)   696e6773 2e747874 20485454 502f312e   ings.txt HTTP/1.
0x00000020 (00032)   310d0a55 7365722d 4167656e 743a2055   1..User-Agent: U
0x00000030 (00048)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000040 (00064)   6c612f35 2e302028 57696e64 6f777320   la/5.0 (Windows 
0x00000050 (00080)   4e542036 2e313b20 574f5736 343b2072   NT 6.1; WOW64; r
0x00000060 (00096)   763a3130 2e302e32 29204765 636b6f2f   v:10.0.2) Gecko/
0x00000070 (00112)   32303130 30313031 20466972 65666f78   20100101 Firefox
0x00000080 (00128)   2f31302e 302e320d 0a486f73 743a2074   /10.0.2..Host: t
0x00000090 (00144)   616d696c 63696e65 6d61782e 6e65740d   amilcinemax.net.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 652d436f   no-cache....e-Co
0x000000c0 (00192)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f66 696c6573   GET /forum/files
0x00000010 (00016)   2f2e2e2e 2f737472 696e6773 2e747874   /.../strings.txt
0x00000020 (00032)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000030 (00048)   4167656e 743a2055 7365722d 4167656e   Agent: User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f35 2e302028   t: Mozilla/5.0 (
0x00000050 (00080)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x00000060 (00096)   574f5736 343b2072 763a3130 2e302e32   WOW64; rv:10.0.2
0x00000070 (00112)   29204765 636b6f2f 32303130 30313031   ) Gecko/20100101
0x00000080 (00128)   20466972 65666f78 2f31302e 302e320d    Firefox/10.0.2.
0x00000090 (00144)   0a486f73 743a2077 77772e61 76696166   .Host: www.aviaf
0x000000a0 (00160)   696c6d2e 636f6d2e 75610d0a 43616368   ilm.com.ua..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a6e 6f2d6361 6368650d   che....no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e63 6c756465 732f2e2e   GET /includes/..
0x00000010 (00016)   2e2f7374 72696e67 732e7478 74204854   ./strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 7777772e 76756270 2e637a0d   st: www.vubp.cz.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 6f2d6361   no-cache....o-ca
0x000000c0 (00192)   6368650d 0a0d0a6e 6f2d6361 6368650d   che....no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f646f76 2f737472 696e6773   GET /dov/strings
0x00000010 (00016)   2e747874 20485454 502f312e 310d0a55   .txt HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a2055 7365722d   ser-Agent: User-
0x00000030 (00048)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x00000040 (00064)   2e302028 57696e64 6f777320 4e542036   .0 (Windows NT 6
0x00000050 (00080)   2e313b20 574f5736 343b2072 763a3130   .1; WOW64; rv:10
0x00000060 (00096)   2e302e32 29204765 636b6f2f 32303130   .0.2) Gecko/2010
0x00000070 (00112)   30313031 20466972 65666f78 2f31302e   0101 Firefox/10.
0x00000080 (00128)   302e320d 0a486f73 743a2077 77772e61   0.2..Host: www.a
0x00000090 (00144)   7274656d 6f6e2e63 7a0d0a43 61636865   rtemon.cz..Cache
0x000000a0 (00160)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000b0 (00176)   68650d0a 0d0a6865 0d0a0d0a 6f2d6361   he....he....o-ca
0x000000c0 (00192)   6368650d 0a0d0a6e 6f2d6361 6368650d   che....no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f74656d 706c6174 65732f63   GET /templates/c
0x00000010 (00016)   73732f73 7472696e 67732e74 78742048   ss/strings.txt H
0x00000020 (00032)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000030 (00048)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000050 (00080)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000060 (00096)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000070 (00112)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000080 (00128)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x00000090 (00144)   6f73743a 20777777 2e76756c 63616e75   ost: www.vulcanu
0x000000a0 (00160)   73616c75 6d6e692e 6e65740d 0a436163   salumni.net..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 6f2d6361 6368650d   ache....o-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f706f72 74616c2f 61637469   GET /portal/acti
0x00000010 (00016)   6f6e732f 61646d69 6e2f7065 726d2f2e   ons/admin/perm/.
0x00000020 (00032)   2e2e2f73 7472696e 67732e74 78742048   ../strings.txt H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000060 (00096)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000070 (00112)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000080 (00128)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000090 (00144)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x000000a0 (00160)   6f73743a 20777777 2e706362 6f6e746f   ost: www.pcbonto
0x000000b0 (00176)   2e68750d 0a436163 68652d43 6f6e7472   .hu..Cache-Contr
0x000000c0 (00192)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f7e6170 706d6174 682f7465   GET /~appmath/te
0x00000010 (00016)   73742f62 62732f73 7472696e 67732e74   st/bbs/strings.t
0x00000020 (00032)   78742048 5454502f 312e310d 0a557365   xt HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 20557365 722d4167   r-Agent: User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f352e30   ent: Mozilla/5.0
0x00000050 (00080)   20285769 6e646f77 73204e54 20362e31    (Windows NT 6.1
0x00000060 (00096)   3b20574f 5736343b 2072763a 31302e30   ; WOW64; rv:10.0
0x00000070 (00112)   2e322920 4765636b 6f2f3230 31303031   .2) Gecko/201001
0x00000080 (00128)   30312046 69726566 6f782f31 302e302e   01 Firefox/10.0.
0x00000090 (00144)   320d0a48 6f73743a 20646173 616e2e73   2..Host: dasan.s
0x000000a0 (00160)   656a6f6e 672e6163 2e6b720d 0a436163   ejong.ac.kr..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 61636865 0d0a0d0a   ache....ache....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f657665 6e746269 6c646572   GET /eventbilder
0x00000010 (00016)   2f67726f 73732f2e 2e2e2f73 7472696e   /gross/.../strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 20777777   0.0.2..Host: www
0x000000a0 (00160)   2e756e73 65722d6d 69747465 6c686573   .unser-mittelhes
0x000000b0 (00176)   73656e2e 64650d0a 43616368 652d436f   sen.de..Cache-Co
0x000000c0 (00192)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f636163 68652f66 6f72756d   GET /cache/forum
0x00000010 (00016)   732f7374 72696e67 732e7478 74204854   s/strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 6765746d 6f726573 69746574   st: getmoresitet
0x000000a0 (00160)   72616666 69632e63 6f6d0d0a 43616368   raffic.com..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a6e 6f2d6361 6368650d   che....no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f626273 2f69636f 6e2f7072   GET /bbs/icon/pr
0x00000010 (00016)   69766174 655f6963 6f6e2f73 7472696e   ivate_icon/strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 2063706c   0.0.2..Host: cpl
0x000000a0 (00160)   2e796f6e 7365692e 61632e6b 720d0a43   .yonsei.ac.kr..C
0x000000b0 (00176)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000c0 (00192)   2d636163 68650d0a 0d0a6361 6368650d   -cache....cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f66 696c6573   GET /forum/files
0x00000010 (00016)   2f2e2e2e 2f737472 696e6773 2e747874   /.../strings.txt
0x00000020 (00032)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000030 (00048)   4167656e 743a2055 7365722d 4167656e   Agent: User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f35 2e302028   t: Mozilla/5.0 (
0x00000050 (00080)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x00000060 (00096)   574f5736 343b2072 763a3130 2e302e32   WOW64; rv:10.0.2
0x00000070 (00112)   29204765 636b6f2f 32303130 30313031   ) Gecko/20100101
0x00000080 (00128)   20466972 65666f78 2f31302e 302e320d    Firefox/10.0.2.
0x00000090 (00144)   0a486f73 743a2077 77772e61 76696166   .Host: www.aviaf
0x000000a0 (00160)   696c6d2e 636f6d2e 75610d0a 43616368   ilm.com.ua..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a0a 0d0a6361 6368650d   che.......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f6a732f 696e666f 2f737472   GET /js/info/str
0x00000010 (00016)   696e6773 2e747874 20485454 502f312e   ings.txt HTTP/1.
0x00000020 (00032)   310d0a55 7365722d 4167656e 743a2055   1..User-Agent: U
0x00000030 (00048)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000040 (00064)   6c612f35 2e302028 57696e64 6f777320   la/5.0 (Windows 
0x00000050 (00080)   4e542036 2e313b20 574f5736 343b2072   NT 6.1; WOW64; r
0x00000060 (00096)   763a3130 2e302e32 29204765 636b6f2f   v:10.0.2) Gecko/
0x00000070 (00112)   32303130 30313031 20466972 65666f78   20100101 Firefox
0x00000080 (00128)   2f31302e 302e320d 0a486f73 743a2074   /10.0.2..Host: t
0x00000090 (00144)   616d696c 63696e65 6d61782e 6e65740d   amilcinemax.net.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 6f2d6361   no-cache....o-ca
0x000000c0 (00192)   6368650d 0a0d0a0a 0d0a6361 6368650d   che.......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f66 696c6573   GET /forum/files
0x00000010 (00016)   2f2e2e2e 2f737472 696e6773 2e747874   /.../strings.txt
0x00000020 (00032)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000030 (00048)   4167656e 743a2055 7365722d 4167656e   Agent: User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f35 2e302028   t: Mozilla/5.0 (
0x00000050 (00080)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x00000060 (00096)   574f5736 343b2072 763a3130 2e302e32   WOW64; rv:10.0.2
0x00000070 (00112)   29204765 636b6f2f 32303130 30313031   ) Gecko/20100101
0x00000080 (00128)   20466972 65666f78 2f31302e 302e320d    Firefox/10.0.2.
0x00000090 (00144)   0a486f73 743a2077 77772e61 76696166   .Host: www.aviaf
0x000000a0 (00160)   696c6d2e 636f6d2e 75610d0a 43616368   ilm.com.ua..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a0a 0d0a6361 6368650d   che.......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e63 6c756465 732f2e2e   GET /includes/..
0x00000010 (00016)   2e2f7374 72696e67 732e7478 74204854   ./strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 7777772e 76756270 2e637a0d   st: www.vubp.cz.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 6f2d6361   no-cache....o-ca
0x000000c0 (00192)   6368650d 0a0d0a0a 0d0a6361 6368650d   che.......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f646f76 2f737472 696e6773   GET /dov/strings
0x00000010 (00016)   2e747874 20485454 502f312e 310d0a55   .txt HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a2055 7365722d   ser-Agent: User-
0x00000030 (00048)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x00000040 (00064)   2e302028 57696e64 6f777320 4e542036   .0 (Windows NT 6
0x00000050 (00080)   2e313b20 574f5736 343b2072 763a3130   .1; WOW64; rv:10
0x00000060 (00096)   2e302e32 29204765 636b6f2f 32303130   .0.2) Gecko/2010
0x00000070 (00112)   30313031 20466972 65666f78 2f31302e   0101 Firefox/10.
0x00000080 (00128)   302e320d 0a486f73 743a2077 77772e61   0.2..Host: www.a
0x00000090 (00144)   7274656d 6f6e2e63 7a0d0a43 61636865   rtemon.cz..Cache
0x000000a0 (00160)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000b0 (00176)   68650d0a 0d0a6865 0d0a0d0a 6f2d6361   he....he....o-ca
0x000000c0 (00192)   6368650d 0a0d0a0a 0d0a6361 6368650d   che.......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f74656d 706c6174 65732f63   GET /templates/c
0x00000010 (00016)   73732f73 7472696e 67732e74 78742048   ss/strings.txt H
0x00000020 (00032)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000030 (00048)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000050 (00080)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000060 (00096)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000070 (00112)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000080 (00128)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x00000090 (00144)   6f73743a 20777777 2e76756c 63616e75   ost: www.vulcanu
0x000000a0 (00160)   73616c75 6d6e692e 6e65740d 0a436163   salumni.net..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 0d0a6361 6368650d   ache......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f706f72 74616c2f 61637469   GET /portal/acti
0x00000010 (00016)   6f6e732f 61646d69 6e2f7065 726d2f2e   ons/admin/perm/.
0x00000020 (00032)   2e2e2f73 7472696e 67732e74 78742048   ../strings.txt H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000060 (00096)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000070 (00112)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000080 (00128)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000090 (00144)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x000000a0 (00160)   6f73743a 20777777 2e706362 6f6e746f   ost: www.pcbonto
0x000000b0 (00176)   2e68750d 0a436163 68652d43 6f6e7472   .hu..Cache-Contr
0x000000c0 (00192)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f7e6170 706d6174 682f7465   GET /~appmath/te
0x00000010 (00016)   73742f62 62732f73 7472696e 67732e74   st/bbs/strings.t
0x00000020 (00032)   78742048 5454502f 312e310d 0a557365   xt HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 20557365 722d4167   r-Agent: User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f352e30   ent: Mozilla/5.0
0x00000050 (00080)   20285769 6e646f77 73204e54 20362e31    (Windows NT 6.1
0x00000060 (00096)   3b20574f 5736343b 2072763a 31302e30   ; WOW64; rv:10.0
0x00000070 (00112)   2e322920 4765636b 6f2f3230 31303031   .2) Gecko/201001
0x00000080 (00128)   30312046 69726566 6f782f31 302e302e   01 Firefox/10.0.
0x00000090 (00144)   320d0a48 6f73743a 20646173 616e2e73   2..Host: dasan.s
0x000000a0 (00160)   656a6f6e 672e6163 2e6b720d 0a436163   ejong.ac.kr..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 61636865 0d0a0d0a   ache....ache....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f657665 6e746269 6c646572   GET /eventbilder
0x00000010 (00016)   2f67726f 73732f2e 2e2e2f73 7472696e   /gross/.../strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 20777777   0.0.2..Host: www
0x000000a0 (00160)   2e756e73 65722d6d 69747465 6c686573   .unser-mittelhes
0x000000b0 (00176)   73656e2e 64650d0a 43616368 652d436f   sen.de..Cache-Co
0x000000c0 (00192)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f636163 68652f66 6f72756d   GET /cache/forum
0x00000010 (00016)   732f7374 72696e67 732e7478 74204854   s/strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 6765746d 6f726573 69746574   st: getmoresitet
0x000000a0 (00160)   72616666 69632e63 6f6d0d0a 43616368   raffic.com..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a6e 6f2d6361 6368650d   che....no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f626273 2f69636f 6e2f7072   GET /bbs/icon/pr
0x00000010 (00016)   69766174 655f6963 6f6e2f73 7472696e   ivate_icon/strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 2063706c   0.0.2..Host: cpl
0x000000a0 (00160)   2e796f6e 7365692e 61632e6b 720d0a43   .yonsei.ac.kr..C
0x000000b0 (00176)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000c0 (00192)   2d636163 68650d0a 0d0a6361 6368650d   -cache....cache.
0x000000d0 (00208)   0a0d0a                                ...


Strings
b.TY^..
.

, , 
040904B0
1.00
9.64;
9.74;
CompanyName
DGDVD
FileVersion
InternalName
nqpwwy
OriginalFilename
ProductName
ProductVersion
sony
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
Xir3o
xoqttt.exe
zpqzyp
9~4tkWWj
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
advapi32.dll
_allmul
an6008
Bchsj8
Bdeam7
Bwrye7
C:\Arquivos de programas\Microsoft Visual Studio\VB98\VB6.OLB
cdes6u77
Checks for subkeys in some key...
Checks if given binary data is in valid hex format (used for writting binary)
Checks if some key exists...
Checks if some value exists in registry
Ci6fof
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
Cjoy2fys
CloseHandle
Converts binary data into string...
Converts hex (string) into it's binary value...
CreateMutexA
Creates key in registry...
Cscu1wj
C:\WINDOWS\system32\msvbvm60.dll\3
Czgh2oza
`.data
Ded5fqux
Deletes key from registry...
Deletes value from registry...
Dhncl0
DISKSPACEFREE
DllFunctionCall
Dxnrsr2t
Dzu5ko
Emcfo7
Enabled
Enumerates all values from specified key...
Enumerates subkeys of some key...
EnumMonitorsA
EnumThreadWindows
Et5gouo
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
Exports contents of some key (and it's subkeys) to .reg file...
FD~>f;
Fem2hi
FindWindowA
GetComputerNameA
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetKeyboardType
GetLogicalDriveStringsA
GetParent
GetSystemDirectoryA
GetSystemInfo
GetTempPathA
GetUserNameA
GetVersionExA
GetVolumeInformationA
GetWindow
GetWindowLongA
GetWindowsDirectoryA
GetWindowTextA
GetWindowTextLengthA
Ghxhk5
GlobalMemoryStatus
Go7uonk
Hcdylap5
Hevm5nxm
Hga6th
HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
Hxgyb5
h + "\zpvopz
ihy145wa
Imports .reg file into registry...
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetQueryOptionA
InternetReadFile
InternetSetOptionA
Interval
}#j\hL
Jjdd7q
Jvcy4iz
Jxg3vy
k16067g
Kaefe2
kernel32
Kgkym2
KillTimer
Kmy5sr
l0gkny5
Let/Get. Should key will be created if no exists (when writting data to registry)
lf730r1
Lilbo2
l$$PUV
L$ PUV
Lrffsw1
Lrow8oar
lz32.dll
LZClose
LZCopy
LZOpenFileA
Mfsek6
Mocv0ur
MSVBVM60.DLL
Ns5srumj
Onv8_Timer
Output
p3fro4
Pbsx5byf
p]f;\$
poquov
Psehl0
ptznvn
q3s0io
Qot5dku
QT_^]3
rd2rqgow
Reads data of binary type...
Reads data of dword type...
Reads data of string type...
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
+'rh/[
Rnao8e
RtlMoveMemory
s4x6clr2
SerialNumber
SetTimer
Sev3bec
shell32.dll
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShowWindow
STKIT432.DLL
Sv0lyqy
!This program cannot be run in DOS mode.
Tiy5hac
Trxg8nys
tsxykf
u4le7ob
Uqdrh9
user32
user32.dll
uwvyty
V0bkrcv
VB5!6&*
VBA6.DLL
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryUnlock
__vbaAryVar
__vbaBoolVarNull
__vbaChkstk
__vbaEnd
__vbaErase
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitProc
__vbaFileClose
__vbaFileOpen
__vbaFixstrConstruct
__vbaFPException
__vbaFpI2
__vbaFpI4
__vbaFPInt
__vbaFpR8
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGenerateBoundsError
__vbaGet3
__vbaGetOwner3
__vbaHresultCheckObj
__vbaI2I4
__vbaI2Var
__vbaI4Var
__vbaInStr
__vbaInStrVar
__vbaLateMemCall
__vbaLbound
__vbaLenBstr
__vbaLenBstrB
__vbaLsetFixstr
__vbaNew
__vbaNew2
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaPrintFile
__vbaPut3
__vbaPutOwner3
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Str
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaSetSystemError
__vbaStr2Vec
__vbaStrCat
__vbaStrCmp
__vbaStrCopy
__vbaStrErrVarCopy
__vbaStrI2
__vbaStrI4
__vbaStrMove
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUbound
__vbaUI1I2
__vbaUI1I4
__vbaVar2Vec
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDup
__vbaVarForInit
__vbaVarForNext
__vbaVarInt
__vbaVarMove
__vbaVarMul
__vbaVarOr
__vbaVarSub
__vbaVarTstEq
__vbaVarTstGt
__vbaVarTstNe
voonc3a2
Vshp3y
w84p4b
WaitForSingleObject
wininet.dll
winspool.drv
Wkbk6df
Writes data of binary type...
Writes data of dword type...
Writes data of string type...
Wt8ctf
Wuaj7qt
wwwwwww
x2mqeh8
Xi8wygl
Xnttcd2
Xx5xzs
Xx5xzs_Timer
y8w6sc
Ykkpu6
Youuce2
Ywcll8v
Zeqncd8t
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
zopppq