Analysis Date2014-12-01 03:14:52
MD5ae5485afd1c324b35f8cc9fd6ddd0a48
SHA1b71f51f13dd03272b244c55e448d9793b648a632

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 12525eb1f9fce167689dea840e4ed7b1 sha1: 13940eede1ca9efd7cc23d9cdf627ea1068e906a size: 42496
Section.data~ md5: 9f0e1352cbeee9e051e0714f97295441 sha1: 11f04b01703441372487e2af01673c2b0d8ae90b size: 8192
Section.rdata md5: 1780f2203bc18b6d379d48eca18a29a2 sha1: a9066d8e058af3860b2b39240b5f3cba422753a1 size: 6144
Section.rsrc md5: 8ff594135580843f010d81b9ecfa5c42 sha1: c8e67c65914feb5873382b326749d1b0746ae495 size: 10752
Timestamp2011-02-02 12:30:18
VersionInternalName: Lager Kansas Plea Ebb Pip
ProductName: Andre Erupt Edith Icicle Pluck Cairo
FileVersion: 20628 26826 791921
ProductVersion: 20628 26826 4289
CompanyName: RoseCity Software
PackerMicrosoft Visual C++ v7.0
PEhash60ae66568f160f4079056772db7873ce3aedc9a3
IMPhash221f9b45c3d95c687d29d276c31629f4
AV360 SafeGen:Variant.Symmi.43240
AVAd-AwareGen:Variant.Symmi.43240
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.AMMU-3915
AVAvira (antivir)TR/Rogue.AD.6706
AVBullGuardGen:Variant.Symmi.43240
AVCA (E-Trust Ino)Win32/Upatre.CPOKQD
AVCAT (quickheal)no_virus
AVClamAVWin.Trojan.Downloader-61110
AVDr. WebTrojan.DownLoad3.33417
AVEmsisoftGen:Variant.Symmi.43240
AVEset (nod32)Win32/TrojanDownloader.Elenoocka.A
AVFortinetW32/Tiny.NKF!tr.dldr
AVFrisk (f-prot)W32/Trojan2.ODXA
AVF-SecureGen:Variant.Symmi.43240
AVGrisoft (avg)Crypt_s.GRR
AVIkarusTrojan-Spy.Zbot
AVK7no_virus
AVKasperskyTrojan-Downloader.Win32.Small.cytt
AVMalwareBytesSpyware.Zbot.VXGen
AVMcafeeDownloader-FSH!AE5485AFD1C3
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre
AVMicroWorld (escan)Gen:Variant.Symmi.43240
AVRisingno_virus
AVSophosTroj/Mdrop-FZV
AVSymantecDownloader.Ponik
AVTrend Microno_virus
AVVirusBlokAda (vba32)TrojanDownloader.Dapato

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\wkssvc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\b71f51f13dd03272b244c55e448d9793b648a632.doc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\temp_cab_74656.cab
Creates Process"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Documents and Settings\Administrator\Local Settings\Temp\b71f51f13dd03272b244c55e448d9793b648a632.doc"
Creates Mutex54348125
Winsock DNSwindowsupdate.microsoft.com

Process
↳ "C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Documents and Settings\Administrator\Local Settings\Temp\b71f51f13dd03272b244c55e448d9793b648a632.doc"

Creates FilePIPE\lsarpc
Creates MutexCTF.TimListCache.FMPDefaultS-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500MUTEX.DefaultS-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500

Network Details:

DNSwww.update.microsoft.com.nsatc.net
Type: A
157.56.96.55
DNSwww.update.microsoft.com.nsatc.net
Type: A
157.56.96.156
DNSwindowsupdate.microsoft.com
Type: A
HTTP GEThttp://windowsupdate.microsoft.com/
User-Agent: Opera/9.25 (Windows NT 6.0; U; cn)
Flows TCP192.168.1.1:1031 ➝ 157.56.96.55:80

Raw Pcap
0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   55736572 2d416765 6e743a20 4f706572   User-Agent: Oper
0x00000020 (00032)   612f392e 32352028 57696e64 6f777320   a/9.25 (Windows 
0x00000030 (00048)   4e542036 2e303b20 553b2063 6e290d0a   NT 6.0; U; cn)..
0x00000040 (00064)   486f7374 3a207769 6e646f77 73757064   Host: windowsupd
0x00000050 (00080)   6174652e 6d696372 6f736f66 742e636f   ate.microsoft.co
0x00000060 (00096)   6d0d0a43 6f6e6e65 6374696f 6e3a2043   m..Connection: C
0x00000070 (00112)   6c6f7365 0d0a0d0a                     lose....


Strings
.
040904B0
"[=2
20628   26826  4289
20628  26826 791921
Afro Creep Man
Andre Erupt Edith Icicle Pluck Cairo
Aqua
Bees
Begs Fry Bane
Clean
CompanyName
Daze Jeff
Dream
Felice
FileVersion
Flux
Graft
( I9
InternalName
Janet
Lager Kansas Plea Ebb Pip
Lousy
Mark
Meadow
MS Sans Serif
Pint Karen Boa
Pools
ProductName
ProductVersion
Rice
RoseCity Software
Scorn
Siege
Slimy
Soil
Soils
Squad
StringFileInfo
Sways Said
Translation
Tutor
VarFileInfo
Verna Ceo Din
VS_VERSION_INFO
Wally Taps Ornery
Worth
^^^^^^^
]]]]]]]]]]]]]]]
0_BBn0)
###1MM
*222777
3cpxxxv5cd
4444444L
4444444L4
4444444LLL4
4444L4
4444L44
4444L44LL4LL4
4444LLLL
4444LLLLLLL
444L444L
444L4L
444L4L4LL
444L4L4LLL4LL
444L4LL
444L4LL4LLL
444L4LLL
444L4LLL4LL4
444L4LLL4LLL4
444L4LLLLL
444LL4
444LL44L44L4L
444LL44LL
444LL4LLL
444LLL
444LLL4
444LLL44
444LLL4L
444LLL4L4
444LLL4L44
444LLLL
444LLLLL
444LLLLLLL
44L444L4L4
44L44LL
44L44LLL
44L4L44
44L4L444
44L4L444L4L4
44L4L44L4L44LLL
44L4L4L
44L4L4L4
44L4L4L4LL4L4
44L4L4L4LLL44LL4LL4LLLL444
44L4LL
44L4LL4
44L4LL4L4
44L4LLL4
44LL44
44LL444LLLL44LLL
44LL44L4
44LL44LLL44L4L
44LL4L
44LL4L4
44LL4LL
44LL4LL44LL44
44LL4LLL44LL4LL444
44LL4LLLL4L
44LL4LLLLL
44LL4LLLLL4LL4LLLLL
44LLL4
44LLL44L
44LLL4L
44LLL4L4LLL4LLLL4L4L4LLLL
44LLL4L4LLLLLLLLL4LLLLL
44LLLL
44LLLL4
44LLLL44444444LLLL
44LLLL44L
44LLLL4L
44LLLL4L4LL
44LLLL4L4LL4LLL4L
44LLLL4L4LLL
44LLLLL
44LLLLL4L
44LLLLLL
44LLLLLL4LLL4LLLLLLLLLL
44LLLLLLL44LLL44
4$I>V\
4L4444
4L444L4
4L444L4LL4LLL
4L444LL
4L444LL4
4L444LL4L
4L444LLL4
4L444LLL444
4L444LLLLL
4L44L4
4L44L44L
4L44L4L44
4L44L4LLL4L
4L44LL
4L44LLLL4
4L44LLLLLL
4L4L44
4L4L44L
4L4L44L4
4L4L44LLLL
4L4L4L
4L4L4L4LL
4L4L4LL
4L4L4LLLL
4L4L4LLLLL4LLLL
4L4LL44LL
4L4LL44LL4L4LLLLL
4L4LLL
4L4LLL4
4L4LLL444
4L4LLLL
4L4LLLL4
4L4LLLL4LL44L4
4L4LLLLL
4L4LLLLL4
4L4LLLLL44L
4L4LLLLLL
4LL444
4LL444444L
4LL444LL4L4
4LL44LL444L
4LL44LLL4
4LL44LLLLL444L44L
4LL4L4
4LL4L44LL4LL
4LL4L4L
4LL4L4L4
4LL4L4L4LLL4
4LL4L4LLL4L4
4LL4L4LLLL4
4LL4LL
4LL4LL4
4LL4LL4LL4L4LLL4
4LL4LL4LLL
4LL4LL4LLL4
4LL4LL4LLL4L44LLLL4LL
4LL4LLL
4LL4LLLL
4LL4LLLL44
4LL4LLLL444
4LL4LLLLL
4LL4LLLLL4L
4LL4LLLLL4LL
4LL4LLLLLLLLLLLLL
4LLL44
4LLL444
4LLL44L4
4LLL44LL
4LLL44LL44L
4LLL4L
4LLL4L4
4LLL4L44
4LLL4L4L4LL44L
4LLL4LL444L
4LLL4LLL
4LLL4LLLLLL
4LLLL4
4LLLL444L4L4L
4LLLL44LLL
4LLLL4L
4LLLL4LL
4LLLL4LL44444L
4LLLL4LLL
4LLLL4LLL4LLLL
4LLLLL
4LLLLL4
4LLLLL44
4LLLLL44444
4LLLLL4L
4LLLLL4LL
4LLLLL4LLL
4LLLLL4LLL4L4LLL4LLL
4LLLLL4LLLL4LL
4LLLLLL
4LLLLLL44444LLLLLLL4LLL4
4LLLLLL4L444LL
4LLLLLL4LL
4LLLLLL4LLLL
4LLLLLLL
4LLLLLLLLLL
4LLLLLLLLLLLLL4LL44L4
54584312322281
638163317665838
707)/_S
77222**||||
[7M))0B/n
7n7nSM
/7S)[B
8460l`t
8@H t@@
@a@ 8H
AAAAUA
~AA*fr(]
Abukubu
ACizicyx
Acurade
AddClusterResourceDependency
 a  HH@
AlUAAAAA
Aqypadi
Atyfoni
BackupClusterDatabase
bbDr^D(
 BIAQ@H^e
B)MBnM0
Bokunus
B/_/S0
_BS[/7
Byhivy
}cagekiomSQWU[Y_]CAGEKIOM
CertAddSerializedElementToStore
CertAddStoreToCollection
CertCloseStore
CertCompareCertificateName
CertCreateCertificateChainEngine
CertCreateCRLContext
CertDuplicateStore
CertEnumCertificateContextProperties
CertEnumCTLsInStore
CertEnumSubjectInSortedCTL
CertFindCertificateInCRL
CertFindCTLInStore
CertFindRDNAttr
CertFreeCRLContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CertGetNameStringW
CertGetPublicKeyLength
CertUnregisterSystemStore
ChangeClusterResourceGroup
CloseClusterGroup
CloseClusterNetInterface
CloseClusterNotifyPort
CloseClusterResource
CLUSAPI.DLL
ClusterControl
ClusterEnum
ClusterGroupControl
ClusterGroupEnum
ClusterGroupOpenEnum
ClusterNetInterfaceControl
ClusterNetworkCloseEnum
ClusterNetworkControl
ClusterNetworkOpenEnum
ClusterNodeCloseEnum
ClusterNodeOpenEnum
ClusterOpenEnum
ClusterRegDeleteValue
ClusterRegEnumKey
ClusterRegOpenKey
ClusterRegQueryInfoKey
ClusterRegQueryValue
ClusterResourceCloseEnum
ClusterResourceEnum
ClusterResourceTypeCloseEnum
ClusterResourceTypeControl
ClusterResourceTypeOpenEnum
cneO1MD3
CreateClusterNotifyPort
CreateClusterResource
CRYPT32.DLL
CryptCATAdminAcquireContext
CryptCATAdminAddCatalog
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATCDFClose
CryptCATCDFEnumMembers
CryptCATEnumerateCatAttr
CryptCATEnumerateMember
CryptCATGetAttrInfo
CryptCATGetCatAttrInfo
CryptCATGetMemberInfo
CryptCATHandleFromStore
CryptCATOpen
CryptCATPutAttrInfo
CryptCATPutCatAttrInfo
CryptEnumKeyIdentifierProperties
CryptEnumOIDInfo
CryptExportPKCS8
CryptGetMessageCertificates
CryptGetMessageSignerCount
CryptImportPublicKeyInfo
CryptInstallOIDFunctionAddress
CryptMemAlloc
CryptMsgClose
CryptMsgVerifyCountersignatureEncodedEx
CryptQueryObject
CryptSetOIDFunctionValue
CryptSignAndEncodeCertificate
CryptSIPAddProvider
CryptSIPCreateIndirectData
CryptSIPGetSignedDataMsg
CryptSIPPutSignedDataMsg
CryptSIPRemoveSignedDataMsg
CryptSIPVerifyIndirectData
CryptUninstallDefaultContext
CryptUnprotectData
CryptUnregisterOIDInfo
CryptVerifyCertificateSignature
CryptVerifyDetachedMessageSignature
@@D(@@
D9^Lrp
`.data
Davecav
DeleteClusterGroup
  dH @
DialogBoxParamA
DriverInitializePolicy
Dylede
Ebisivo
Edagoq
^EEEEE
EndDialog
Eneqoco
Exumec
Exuwybe
FileTimeToLocalFileTime
*FU4\K>
Fyqyru
GetClusterFromNetwork
GetClusterFromNode
GetClusterFromResource
GetClusterGroupKey
GetClusterGroupState
GetClusterNetInterfaceState
GetClusterNetworkId
GetClusterNetworkKey
GetClusterNodeId
GetClusterNodeKey
GetClusterNotify
GetClusterResourceKey
GetNodeClusterState
GetProcAddress
/Gi@ w
gSwHYRngLI
   H  
( (H0pU
H3&p!H@
Hanokew
 HcHH:@
 @ HH|
@ )HH 
`) @HHH
HH:H@	
H HHH@ 
{|H|HHH|H|*{
@HHmHHH H
Hn @  
HNATTB
@Ho @@
H   p@
HTTPSFinalProv
@@HU `HH
H*VW 0
 @HYHQ&
Ikedon
=iLyli
Iwinyx
kd6b6h
kdjgs6
KERNEL32.DLL
'K<HHP
KIvHCuudXgNc
kmkmhrf
L4444444
L44444L
L44444L44
L4444L
L4444L4
L444L4
L444L44
L444L44L
L444L44LLL4L44L
L444L4LL
L444LL
L444LLL
L444LLL4L4L4L4L4LL44L444LLLL
L444LLL4LL4
L444LLLL
L44L44444LLL
L44L44L
L44L4L
L44L4L4
L44L4L4LLLLL
L44L4LL4
L44LL4
L44LL444L44
L44LL4L
L44LL4L4L4LL
L44LL4L4LLL4LLL4LLLLL4LL4
L44LL4LL
L44LL4LL44LL4L
L44LL4LLLL
L44LLL
L44LLL4
L44LLL4444
L44LLL44LL
L44LLLL
L44LLLL4L
L44LLLLL444L44
L44LLLLL44L44
L44LLLLLLL
L4L444
L4L444L
L4L444L44L4LL
L4L444L4LLLL44LL44L
L4L444LLL
L4L44L
L4L44L4
L4L44LL
L4L44LL4
L4L44LL444LLL44LLL
L4L44LLLL
L4L44LLLL4L4LL
L4L4L4
L4L4L444LLLL
L4L4L4L4LL
L4L4L4LLLL4
L4L4L4LLLL4LL44
L4L4LL
L4L4LL4
L4L4LL4LLL
L4L4LLL4
L4L4LLL4LLL4LLL
L4L4LLLL4
L4L4LLLL44L
L4L4LLLL4LLLLL
L4L4LLLLL4L
L4L4LLLLLLL
L4L4LLLLLLL4L44LL
L4LL44L
L4LL44L4
L4LL44LLL
L4LL4L
L4LL4L4
L4LL4L4L
L4LL4LL
L4LL4LL44LL
L4LL4LL4LL
L4LL4LLL
L4LL4LLL44LLL
L4LL4LLLL44
L4LL4LLLL44LL
L4LL4LLLL4L4
L4LLL4
L4LLL44LL4LLL
L4LLL44LLL4LL
L4LLL4L
L4LLL4LL
L4LLL4LLL
L4LLL4LLLLLL
L4LLL4LLLLLL4LLLL4LL
L4LLL4LLLLLL4LLLLL4L
L4LLLL
L4LLLL4
L4LLLL44
L4LLLL444LL
L4LLLL4L
L4LLLLL
L4LLLLL4
L4LLLLL4L4LL
L4LLLLLL
L4LLLLLL4L
L4LLLLLLL
L4LLLLLLL4
L4LLLLLLL44LL
L4LLLLLLL4L
L4LLLLLLLL4LLLL44LL
lAlloc
LL4444
LL44444
LL4444LL44LLL
LL444L
LL444L44LLLLL4LL4
LL444L4L
LL444L4LL44
LL444LL
LL444LLL4
LL444LLL4LL
LL444LLLL4L
LL444LLLL4LLLL4
LL44L4
LL44L4444
LL44L44L
LL44L44LL
LL44L44LLL4
LL44L4L
LL44L4L4L
LL44L4LL4LL4
LL44L4LLL4LLL4L444LL
LL44L4LLLLLLL44LLLLL
LL44LL
LL44LL4444LL4LL
LL44LL44L
LL44LL4L44L
LL44LLL
LL44LLL4
LL44LLLL
LL44LLLLL
LL44LLLLL444L4L
LL4L44
LL4L44L4
LL4L44L4L
LL4L44L4L4
LL4L4L
LL4L4L4
LL4L4L44
LL4L4L4L4L4LL4L
LL4L4LL
LL4L4LL44
LL4L4LL44LLL
LL4L4LL4L4L4L
LL4L4LLLL4
LL4L4LLLLLLL
LL4LL4
LL4LL44444L
LL4LL44L4LLL
LL4LL44LLL44L
LL4LL44LLLL4LLL
LL4LL4L
LL4LL4L4
LL4LL4L4L
LL4LL4LLL
LL4LL4LLLL
LL4LL4LLLLL
LL4LLL
LL4LLL444LLL4LL44
LL4LLL44LL4LL4
LL4LLL44LLLL4L
LL4LLL4L
LL4LLL4L4
LL4LLL4LLL4L
LL4LLLL
LL4LLLL4
LL4LLLL4L4L
LL4LLLL4LL4LLL
LL4LLLL4LL4LLLL
LL4LLLL4LLL
LL4LLLLL
LL4LLLLL4
LL4LLLLL4L4LL
LL4LLLLL4LL
LL4LLLLLL4
LL4LLLLLLLL
LLL444
LLL4444L
LLL444L
LLL444LL4L444LL4LL
LLL444LL4L44L4L4444LLLLL
LLL44L
LLL44L4
LLL44L4L4L
LLL44L4LLLLL
LLL44LL4LLL4L
LLL44LLL
LLL44LLL44
LLL44LLL44LL
LLL44LLLL
LLL44LLLLL
LLL44LLLLL4
LLL4L4
LLL4L44
LLL4L44L
LLL4L4L
LLL4L4L4L44LLLLLLLL4LLL
LLL4L4LL44LLL4
LLL4LL
LLL4LL4
LLL4LL4L
LLL4LL4L44
LLL4LL4LL4L
LLL4LLL
LLL4LLL4
LLL4LLL4LL44LLLLLLL
LLL4LLL4LLLL4L
LLL4LLL4LLLLL
LLL4LLLL
LLL4LLLL44LLL
LLL4LLLL4L4L
LLL4LLLLL
LLL4LLLLL444
LLL4LLLLLL
LLL4LLLLLL4
LLL4LLLLLL44L4
LLL4LLLLLLL
LLLL44
LLLL4444
LLLL4444L4LLLLLL
LLLL44L
LLLL44L4
LLLL44L4LLLLL4L
LLLL44LL
LLLL44LLLLL
LLLL4L
LLLL4L4
LLLL4L44
LLLL4L44LLLL4LLL
LLLL4L4L
LLLL4L4L4
LLLL4L4LL
LLLL4L4LLL4LL
LLLL4L4LLLLLL4
LLLL4LL
LLLL4LL444LL
LLLL4LL44L
LLLL4LL44LLLL
LLLL4LL4L
LLLL4LL4L44
LLLL4LL4L4L
LLLL4LLL
LLLL4LLL44L
LLLL4LLL44LLLLLLLL4
LLLL4LLL4LLL
LLLL4LLL4LLL4
LLLL4LLLL44
LLLL4LLLL4LL
LLLL4LLLLL4
LLLL4LLLLLL4LLL4L4LLLL4444L4
LLLLL4
LLLLL44
LLLLL44L
LLLLL44LL4L4L
LLLLL44LLLL4LLLL
LLLLL4L
LLLLL4L4L
LLLLL4L4LL44
LLLLL4L4LL44L4L4
LLLLL4LL
LLLLL4LL4LL
LLLLL4LLL
LLLLL4LLL44LLLLL
LLLLL4LLLLL
LLLLL4LLLLLL
LLLLL4LLLLLLL
LLLLLL
LLLLLL4
LLLLLL44
LLLLLL444L4L4LLL4
LLLLLL444LL4LL44L
LLLLLL44L
LLLLLL44L4
LLLLLL44L4L
LLLLLL44LLL
LLLLLL44LLLL
LLLLLL4L4L4LL4L4
LLLLLL4LL44L
LLLLLL4LL4LL
LLLLLL4LL4LL4L4
LLLLLL4LLLL4LL4LL
LLLLLLL
LLLLLLL44L4
LLLLLLL44LL
LLLLLLL44LLL4
LLLLLLL4LL444L44
LLLLLLL4LL4LLL4L4L
LLLLLLLL
LLLLLLLL4
LLLLLLLL444L
LLLLLLLL4L
LLLLLLLL4L4LL
LLLLLLLL4LLLL4LLL44L44LL
LLLLLLLLL4
LLLLLLLLL4L
LLLLLLLLL4L4
LLLLLLLLLL
LLLLLLLLLLL4
LLLLLLLLLLLL4
LLLLLLLLLLLL44LLLLLL
LLLLLLLLLLLLL4
@@{m*@@ 
//_M0MB
MAQNFTIXERMU
mbbaswypbjj
MBn_S[
Mehota
MKEpr3
M/Mn/M/
[MMSMS
Moryhin
mrtdsykorb8j
mscat32DllRegisterServer
MsCatConstructHashTag
MsCatFreeHashTag
Myjaluf
Mykoke
Nafeqed
niertfe
"N@Mucace
NOAEHYMJKIUDPKT
Nyryto
Obaseza
Odokos
OfficeCleanupPolicy
Ogimyd
OnlineClusterResource
Onuxob
OpenCluster
Ovuhyv
p" @` 
p0HHHP
p4yhy6t85mfq5k
PauseClusterNode
PFXExportCertStore
PFXImportCertStore
 @p HH
-pO[iom^
 Pp0P0@
pQFuupIxBSMU
p`r'K|
PSQxgdVIQK5k1ul
Purefi
Puxyket
pwwup6l
Qazuqa
Qefuxur
qqnwsbtjvofveti
\ R@ @
@! R%5
rB@FC6H
.rdata
RemoveClusterResourceDependency
RemoveClusterResourceNode
Repasyg
ResumeClusterNode
rfE<Er
Rotaho
&_$RPV
rrffEEEEE
rrfffE
Rt;Ivukiti
rWCGiK
))S/0M
SendMessageW
SetClusterGroupName
SetClusterGroupNodeList
SetClusterNetworkName
SetClusterNetworkPriorityOrder
SetClusterQuorumResource
SetSystemTimeAdjustment
Sewuzot
Sixibe
_SMMBS/
S_n7n0
SoftpubAuthenticode
SoftpubCheckCert
SoftpubDumpStructure
SoftpubInitialize
SoftpubLoadSignature
@s Sm@
SWQLOYYOY
@ ,@T@
Tefahym
Tegiha
!This program cannot be run in DOS mode.
T H r@ u
TrustFreeDecode
TrustOpenStores
t/<U%27
Typeha
Tywery
u	 @ 0
Ubufiq
Ucidic
Ufobutu
Ugegyvi
Ujirifa
ums5HieOOyvh
Umybas
UQCJOQP
USER32.DLL
Vadivyq
Vonuzu
VrFNBryU
w5|k>za`^
WHHJQ@
WintrustAddActionID
WintrustAddDefaultForUsage
WINTRUST.DLL
WintrustGetDefaultForUsage
WintrustGetRegPolicyFlags
WintrustLoadFunctionPointers
WintrustSetRegPolicyFlags
WinVerifyTrust
WinVerifyTrustEx
WTHelperCertIsSelfSigned
WTHelperCheckCertUsage
WTHelperGetAgencyInfo
WTHelperGetFileHandle
WTHelperGetFileName
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperIsInRootStore
WTHelperOpenKnownStores
wupoumhjdtjoryl
WVTAsn1CatMemberInfoDecode
WVTAsn1CatMemberInfoEncode
WVTAsn1CatNameValueEncode
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1SpcIndirectDataContentDecode
WVTAsn1SpcLinkDecode
WVTAsn1SpcLinkEncode
WVTAsn1SpcSigInfoDecode
WVTAsn1SpcSigInfoEncode
WVTAsn1SpcSpAgencyInfoEncode
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcStatementTypeDecode
WXDGBKAHJEHTMIY
Wymelyb
   x~ 
x4F3rdB3DGy
@ x5HH@
Xehavi
@:xH` @
XkKdt3PU5mTmOY
XXDNQKBVAYHTD
Xyfoha
Xyroda
"!Y?=#2
Ymuqin
yurmukrsw
Yvesobo
Yxerob