Analysis Date2014-04-23 01:40:57
MD5d573b0936d5ac5ee67feff5fed828486
SHA147ba1b3f70f2c38aa50169769cf4f875e743e877

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: a2759c4ccab229ef8a2dafc9827bbd2a sha1: 3b0d50cfd285e16cfe7e8ff96a906632a382d159 size: 155648
Section.rdata md5: 1371e66f75bc3e77e459c6480f23dd8e sha1: 23b58e43df6fb1061fc34194f94603fefa7cc66d size: 32768
Section.data md5: c4a00361fdc2027846ec2f74453558b4 sha1: c47cdbfdc98977127ab33c5a3556de34eee622ff size: 8192
Timestamp2009-09-02 20:29:02
Pdb pathC:\Source\Heap1\Release\Heap1.pdb
PackerMicrosoft Visual C++ 7.0
PEhash698e40cb51b602af4a2f827b5bfa8b3c512b89c2
IMPhash91a228116486aaccaf57f5743444c57e
AVaviraBDS/Emegrab.A
AVmsseSpammer:Win32/Emegrab.A
AVavgCrypt_c.VQ

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint

Network Details:

DNSwww.moyip.com
Type: A
82.146.47.212
DNSwww.moyip.com
Type: A
82.146.47.212
DNSgetip.com
Type: A
66.28.139.176
DNSyoip.ru
Type: A
90.156.201.19
DNSyoip.ru
Type: A
90.156.201.94
DNSyoip.ru
Type: A
90.156.201.48
DNSyoip.ru
Type: A
90.156.201.98
DNSwww.getip.com
Type: A
HTTP GEThttp://www.moyip.com/
User-Agent:
HTTP GEThttp://www.moyip.com/
User-Agent:
HTTP GEThttp://www.getip.com/
User-Agent:
HTTP GEThttp://yoip.ru/
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 82.146.47.212:80
Flows TCP192.168.1.1:1032 ➝ 82.146.47.212:80
Flows TCP192.168.1.1:1033 ➝ 66.28.139.176:80
Flows TCP192.168.1.1:1034 ➝ 90.156.201.19:80

Raw Pcap
0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   486f7374 3a207777 772e6d6f 7969702e   Host: www.moyip.
0x00000020 (00032)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   486f7374 3a207777 772e6d6f 7969702e   Host: www.moyip.
0x00000020 (00032)   636f6d0d 0a0d0a37 2e300d0a 436f6e6e   com....7.0..Conn
0x00000030 (00048)   65637469 6f6e3a20 436c6f73 650d0a43   ection: Close..C
0x00000040 (00064)   6f6e7465 6e742d4c 656e6774 683a2039   ontent-Length: 9
0x00000050 (00080)   330d0a43 6f6e7465 6e742d54 7970653a   3..Content-Type:
0x00000060 (00096)   20746578 742f6874 6d6c0d0a 44617465    text/html..Date
0x00000070 (00112)   3a205765 642c2032 33204170 72203230   : Wed, 23 Apr 20
0x00000080 (00128)   31342030 303a3330 3a303220 474d540d   14 00:30:02 GMT.
0x00000090 (00144)   0a0d0a3c 68746d6c 3e0a2020 3c686561   ...<html>.  <hea
0x000000a0 (00160)   643e0a20 2020203c 7469746c 653e0a09   d>.    <title>..
0x000000b0 (00176)   34303420 4e6f7420 466f756e 640a2020   404 Not Found.  
0x000000c0 (00192)   20203c2f 7469746c 653e0a20 203c2f68     </title>.  </h
0x000000d0 (00208)   6561643e 0a20203c 626f6479 3e0a2020   ead>.  <body>.  
0x000000e0 (00224)   3c2f626f 64793e0a 3c2f6874 6d6c3e0a   </body>.</html>.
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   486f7374 3a207777 772e6765 7469702e   Host: www.getip.
0x00000020 (00032)   636f6d0d 0a0d0a37 2e300d0a 436f6e6e   com....7.0..Conn
0x00000030 (00048)   65637469 6f6e3a20 436c6f73 650d0a43   ection: Close..C
0x00000040 (00064)   6f6e7465 6e742d4c 656e6774 683a2039   ontent-Length: 9
0x00000050 (00080)   330d0a43 6f6e7465 6e742d54 7970653a   3..Content-Type:
0x00000060 (00096)   20746578 742f6874 6d6c0d0a 44617465    text/html..Date
0x00000070 (00112)   3a205765 642c2032 33204170 72203230   : Wed, 23 Apr 20
0x00000080 (00128)   31342030 303a3330 3a303420 474d540d   14 00:30:04 GMT.
0x00000090 (00144)   0a0d0a3c 68746d6c 3e0a2020 3c686561   ...<html>.  <hea
0x000000a0 (00160)   643e0a20 2020203c 7469746c 653e0a09   d>.    <title>..
0x000000b0 (00176)   34303420 4e6f7420 466f756e 640a2020   404 Not Found.  
0x000000c0 (00192)   20203c2f 7469746c 653e0a20 203c2f68     </title>.  </h
0x000000d0 (00208)   6561643e 0a20203c 626f6479 3e0a2020   ead>.  <body>.  
0x000000e0 (00224)   3c2f626f 64793e0a 3c2f6874 6d6c3e0a   </body>.</html>.
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f204854 54502f31 2e300d0a   GET / HTTP/1.0..
0x00000010 (00016)   486f7374 3a20796f 69702e72 750d0a0d   Host: yoip.ru...
0x00000020 (00032)   0a742d49 49532f37 2e300d0a 436f6e6e   .t-IIS/7.0..Conn
0x00000030 (00048)   65637469 6f6e3a20 436c6f73 650d0a43   ection: Close..C
0x00000040 (00064)   6f6e7465 6e742d4c 656e6774 683a2039   ontent-Length: 9
0x00000050 (00080)   330d0a43 6f6e7465 6e742d54 7970653a   3..Content-Type:
0x00000060 (00096)   20746578 742f6874 6d6c0d0a 44617465    text/html..Date
0x00000070 (00112)   3a205765 642c2032 33204170 72203230   : Wed, 23 Apr 20
0x00000080 (00128)   31342030 303a3330 3a303620 474d540d   14 00:30:06 GMT.
0x00000090 (00144)   0a0d0a3c 68746d6c 3e0a2020 3c686561   ...<html>.  <hea
0x000000a0 (00160)   643e0a20 2020203c 7469746c 653e0a09   d>.    <title>..
0x000000b0 (00176)   34303420 4e6f7420 466f756e 640a2020   404 Not Found.  
0x000000c0 (00192)   20203c2f 7469746c 653e0a20 203c2f68     </title>.  </h
0x000000d0 (00208)   6561643e 0a20203c 626f6479 3e0a2020   ead>.  <body>.  
0x000000e0 (00224)   3c2f626f 64793e0a 3c2f6874 6d6c3e0a   </body>.</html>.
0x000000f0 (00240)                                         


Strings
\
.
 
: 
=
=??B?
?= ?= =??Q?=?=
A
S.
S.
...o^
^U()*+BCDE5678]UdeefmS
.^
U
]
RU
Q
.\
TU.^^
:
00-+ -E-0
-0
0
0
...........?- 
0
0
0 
?
...p...
u
:;<=>?@
[\]^_`
accChild
accChildCount
accDefaultAction
accDescription
accDoDefaultAction
accFocus
accHelp
accHelpTopic
accHitTest
accKeyboardShortcut
accLocation
accName
accNavigate
accParent
accRole
accSelect
accSelection
accState
accValue
                                 H
         (((((                  H
         h((((                  H
        h((((                  H
jjjjj
(null)
^(_^[]
0123456789ABCDEF
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
0DDDDDD
1#QNAN
1#SNAN
210.51.166.242
#32768
<4u,<Au
919287391273
9|$8u&
9C0t	;kX
9~Lu	P
9\$puO
9Rar!u
9t$$ws
}*9X ~%
<A|2<Z
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
ABSR_UNICODE)
A buffer overrun has been detected which has corrupted the program's
ACCEPT
AdjustWindowRectEx
ADVAPI32.dll
AfxControlBar70s
AfxFrameOrView70s
AfxMDIFrame70s
AfxOldWndProc423
AfxOleControl70s
AfxWnd70s
AllocateAndGetTcpExTableFromStack
AllocateAndGetUdpExTableFromStack
a numbered reference must not be zero
ANYCRLF)
application
A security error of unknown cause has been detected which has
assertion expected after (?(
A,+T$(
\ at end of pattern
.?AUCThreadData@@
August
.?AUIAccessible@@
.?AUIAccessibleProxy@@
.?AUIAtlStringMgr@ATL@@
.?AUIDispatch@@
.?AUIOleWindow@@
.?AUIUnknown@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_HTMLHELP_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AVCAccessibleProxy@ATL@@
.?AVCAfxStringMgr@@
.?AVCArchiveException@@
.?AVCByteArray@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCComObjectRootBase@ATL@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AVCDC@@
.?AVCException@@
.?AVCFile@@
.?AVCFileException@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCInvalidArgException@@
.?AVCMapPtrToPtr@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AV?$CMFCComObject@VCAccessibleProxy@ATL@@@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCOleException@@
.?AVCResourceException@@
.?AVCSimpleException@@
.?AVCStringArray@@
.?AVCTestCmdUI@@
.?AVCUserException@@
.?AVCWnd@@
.?AVexception@@
.?AV?$IAccessibleProxyImpl@VCAccessibleProxy@ATL@@@ATL@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVXAccessible@CWnd@@
.?AVXAccessibleServer@CWnd@@
<A|@<Z
([a-z._0-9-]{1,})(?:<br>|<pre>|<i>| )*@(?:<br>|<pre>|<i>| )*([a-z.0-9-]{1,}.(?:info|ru|net|biz|com|su|org))
([-_a-z.0-9]+)(?:<[a-z]>)*@(?:</[a-z]>)*([-_a-z.0-9]{2,}.[a-z]{2,4})
([a-z][a-z_0-9-]*)(?:<br>|<pre>|<i>| )*@(?:<br>|<pre>|<i>| )*([a-z][a-z.0-9]{1,}.(?:w+))
base64
BG<=u@;
bind() failed: %d
Binding to: 
boundary
BSR_ANYCRLF)
Buffer overrun detected!
CallNextHookEx
CallWindowProcA
CArchiveException
\c at end of pattern
CByteArray
CCmdTarget
CException
CFileException
CGdiObject
character value in \x{...} sequence is too large
CharUpperA
CheckMenuItem
CInvalidArgException
ClientToScreen
CLOSED
CloseHandle
ClosePrinter
CLOSE_WAIT
CLOSING
closing ) for (?C expected
CMapPtrToPtr
CMemoryException
\C not allowed in lookbehind assertion
CNotSupportedException
CObject
COleException
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
Comments
COMMIT
CompareStringA
CompareStringW
conditional group contains more than two branches
ConnectNamedPipe
Content-Description
Content-Disposition
Content-Transfer-Encoding
Content-Type
continue execution and must now be terminated.
CopyRect
CorExitProcess
corrupted the program's internal state.  The program cannot safely
Could not able to resolve host address
CreateBitmap
CreateFileA
CreateNamedPipeA
CreatePipe
CreateStdAccessibleObject
CreateThread
CreateToolhelp32Snapshot
CreateWindowExA
CResourceException
CStringArray
CUserException
D$(;A(}
@.data
DDDDDDDDDD00000
dddd, MMMM dd, yyyy
December
DEFINE
DEFINE group contains more than one branch
DefWindowProcA
Delete
DeleteCriticalSection
DeleteDC
DeleteObject
DELETE_TCB
Destination address filter: 
DestroyMenu
DestroyWindow
digit expected after (?+
DisconnectNamedPipe
DispatchMessageA
DISPLAY
DocumentPropertiesA
DOMAIN error
DrawTextA
DrawTextExA
D$T_^]
DuplicateHandle
 !""""""##$%&'())))))**+,-./EEEEEEEE00E1234555676789:;<:;<EEE=>?@ABC
EmailGrabber1
EMAIL_GRABBER2
EMAIL_GRABBER3
EnableMenuItem
EnableWindow
EnterCriticalSection
EnumDisplayDevicesA
EnumDisplayMonitors
ERCPtR
erroffset passed as NULL
Escape
e:\Source\Heap1\Release\Heap1.pdb
ESTABLISHED
EXCEPT!!!
ExitProcess
ExitThread
ExtTextOutA
F,98uX
failed to get memory
Failed to snapshot TCP endpoints.
Failed to take process snapshot. Process names will not be shown.
February
F,+F(_;E
F(@;F,v
F(@@;F,v
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FIN_WAIT1
FIN_WAIT2
- floating point not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
FormatMessageA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
GAIsProcessorFeaturePresent
 { Gap < 0 }
 { Gap > 10 MB }
GDI32.dll
GetACP
GetActiveWindow
GetCapture
GetClassInfoA
GetClassInfoExA
GetClassLongA
GetClassNameA
GetClientRect
GetClipBox
GetCommandLineA
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDeviceCaps
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetFileTitleA
GetFileType
GetFocus
GetForegroundWindow
GetFullPathNameA
GET / HTTP/1.0
GetKeyState
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleHandleA
GetMonitorInfoA
GetOEMCP
GetParent
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropA
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemInfo
GetSystemMetrics
GetSystemTimeAsFileTime
GetTcpTable
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetTopWindow
GetUserObjectInformationA
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
GrayStringA
`h````
Heap1.exe
HeapAlloc
HeapAlloc failed: %d
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
hhctrl.ocx
HH:mm:ss
HHt`HHt\
HHtjHHtF
Host: %s
HtmlHelpA
 HTTP/1.0
HTTP_PROXY1
inconsistent NEWLINE options
/index.php
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
internal error: code overflow
internal error: overran compiling workspace
internal error: previously-checked referenced subpattern not found
internal error: unexpected repeat
internal state.  The program cannot safely continue execution and must
invalid condition (?(0)
invalid escape sequence in character class
invalid string position
invalid UTF-8 string
iphlpapi.dll
] is an invalid data character in JavaScript compatibility mode
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsIconic
IsWindowEnabled
JanFebMarAprMayJunJulAugSepOctNovDec
January
j`h uB
KERNEL32
kernel32.dll
KERNEL32.dll
L$ [^_+
L$,_^[
L$0_^d
L$0QEUR
L$0QEURR
L$4_^]
L$4_^d
L$8PQU
LAST_ACK
LCMapStringA
LCMapStringW
LeaveCriticalSection
L$$GF;
LISTENING
list<T> too long
LoadBitmapA
LoadCursorA
LoadIconA
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
lookbehind assertion is not fixed length
L$P_^]
L$p_^]d
L$,Pt	
L$ QRWP
L$,QSf
LresultFromObject
lstrcatA
lstrcmpA
lstrcmpiA
lstrcmpW
lstrcpyA
lstrcpynA
lstrlenA
\$Ltb;
L$t_^]d
L|X;|$
malformed number or name after (?(
malformed \P or \p sequence
MapWindowPoints
message
MessageBoxA
Microsoft Visual C++ Runtime Library
missing )
missing ) after comment
missing terminating ] for character class
MM/dd/yy
ModifyMenuA
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
mscoree.dll
msword
MultiByteToWideChar
multipart
name="cc"
name="to"
name="To"
name="TO"
 /*New session*/ 
no error
NoRemove
Not able to connect to server
NOTE: IPv6 does not currently support the SIO_RCVALL* ioctls
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
nothing to repeat
November
now be terminated.
NtQueryInformationProcess
(null)
number after (?C is > 255
number is too big
numbers out of order in {} quantifier
number too big in {} quantifier
octal value is greater than \377 (not in UTF-8 mode)
October
OffsetViewportOrgEx
ole32.dll
OLEACC.dll
OLEAUT32.dll
OpenMutexA
OpenPrinterA
operand of unlimited repeat could match the empty string
|$ ;O r%
OutputDebugStringA
p`;54EC
parentheses nested too deeply
PathFindFileNameA
PathIsUNCA
PathStripToRootA
.PAVCArchiveException@@
.PAVCException@@
.PAVCFileException@@
.PAVCInvalidArgException@@
.PAVCMemoryException@@
.PAVCObject@@
.PAVCOleException@@
.PAVCSimpleException@@
pcre_callout
pcre_compile
pcre_compile2
PCRE does not support \L, \l, \N, \U, or \u
pcre_exec
pcre_free
pcre_malloc
pcre_stack_free
pcre_stack_malloc
PeekMessageA
\\.\pipe\%s
\\.\Pipe\%s
Please contact the application's support team for more information.
POSIX collating elements are not supported
POSIX named classes are supported only within a class
PostMessageA
PostQuitMessage
PPPPPPPP
ppxxxx
PQSRWVU
Process32First
Process32Next
Program: 
<program name unknown>
PSQRVU
PSQRWU
PtInRect
PtVisible
- pure virtual function call
qInitCommonControlsEx
QQSVW3
QQSVWd
QRSPWVU
QSRPVU
QSRPWU
QueryPerformanceCounter
quoted-printable
RaiseException
range out of order in character class
`.rdata
ReadFile
RectVisible
recursive call could loop indefinitely
reference to non-existent subpattern
RegisterClassA
RegisterWindowMessageA
regular expression is too large
ReleaseDC
RemovePropA
repeated subpattern is too long
repeating a DEFINE group is not allowed
Reply-To
Resent-Bcc
Resent-Cc
Resent-Reply-To
Resent-To
RestoreDC
(?R or (?[+-]digits must be followed by )
RSPQVU
RSQWPU
RtlUnwind
runtime error 
Runtime Error!
--%s--
S\_^[]
Saturday
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectObject
SendMessageA
September
SetBkColor
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetForegroundWindow
SetHandleCount
SetHandleInformation
SetLastError
SetMapMode
SetMenuItemBitmaps
SetPropA
SetStdHandle
SetTextColor
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowLongA
SetWindowPos
SetWindowsHookExA
SetWindowTextA
SHELL32.dll
SHLWAPI.dll
SING error
SizeofResource
Source address filter     : 
spare error
%s:%s:%s
->Start of parent execution.
string too long
Subject
subpattern name expected
subpattern name is too long (maximum 32 characters)
Sunday
SunMonTueWedThuFriSat
support for \P, \p, and \X has not been compiled
 SUVWj;P
sVS;7|B;w
SVWj ^
SVWj(3
SYN_RCVD
SYN_SENT
syntax error in subpattern name (missing terminator)
SystemParametersInfoA
t1_^]3
t2WWVPVSW
T$4RPPP
T$4RQQQ
t6;|$$s0
t	9p$u
TabbedTextOutA
taJtOJt=
tA;|$$w;
TerminateProcess
TextOutA
t|h$|B
+t"HHt
- This application cannot run using the active version of the Microsoft .NET Runtime
This application has requested the Runtime to terminate it in an unusual way.
!This program cannot be run in DOS mode.
this version of PCRE is not compiled with PCRE_UTF8 support
Thursday
TIME_WAIT
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
tLShC;B
TlsSetValue
too many named subpatterns (maximum 10000)
T$$RPU
;t$ sd
t!SS9]
t#SSUP
T$ SUV
<,t	<:t
<^t&<_t"<]t
t.;t$$t(
t$<"u	3
Tuesday
tU<\u$
t$$VSS
two named subpatterns have the same name
>:u>FV
u;j0^V
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UnhookWindowsHookEx
Unknown exception
unknown option bit(s) set
unknown POSIX class name
unknown property name after \P or \p
Unknown security failure detected!
UnlockFile
unmatched parentheses
unrecognized character after (?<
unrecognized character after (? or (?-
unrecognized character after (?P
unrecognized character follows \
UnregisterClassA
USER32
user32.dll
USER32.dll
ValidateRect
VC20XC00U
(*VERB) not recognized
(*VERB) with an argument is not supported
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
v	N+D$
vnd.ms-excel
vnd.ms-powerpoint
VTRPQU
VVVVVj
VVVVVUWUUj
VWumh@|B
(((?:w|.){1,})@((?:w|.){1,}.[a-z]{2,4}))
Wednesday
WideCharToMultiByte
WinHelpA
WINSPOOL.DRV
wljs903111mutaga
WriteFile
WS2_32.dll
WSAIoctl
WSAIotcl(0x%x) failed: %d
WSARecv
WSARecv() failed: %d
WSASocketA
WSASocket() failed: %d
WSAStartup() failed: %d
wsprintfA
WTRPQV
(w+)@(w+)
www.getip.com
www.moyip.com
WWWWVSW
x`;=4EC
xdigit
yoip.ru
_^][YY
<z~x<@uX