Analysis Date2017-06-26 04:00:10
MD5d47f069cd335095c3c2e1ee3d165dd33
SHA1bc06e31739b7604e80f541203104045cc202da10

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 4d45cea78f3ab9f4fead024bd33ce5a1 sha1: 4f574f1ea1198062053208332d2fbfd95fb1563d size: 59392
Section.data md5: b6f626c36f35902475f8149097675376 sha1: 23de5ae8c94087d3d33b45310aba913eba34d067 size: 20992
Section.xcpad md5: sha1: size:
Section.idata md5: sha1: size:
Section.reloc md5: sha1: size:
Section.rsrc md5: a0a5477372f95d1c1551b8a0a0396ef5 sha1: 21a04518635140f4169189c54fda69374ff0a7ce size: 186880
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhashb2498eed3c3aa5befc085379b8319a74
AV360 SafeNo Virus
AVAd-AwareTrojan.Gamarue.AP
AVAlwil (avast)Trojan-gen
AVAlwil (avast)Win32:Trojan-gen
AVArcabit (arcavir)Trojan.Gamarue.AP
AVAuthentiumW32/Trojan.NETF-7216
AVAvira (antivir)BDS/Androm.EB.103
AVBitDefenderTrojan.Gamarue.AP
AVBullGuardTrojan.Gamarue.AP
AVCA (E-Trust Ino)Trojan.Gamarue.AP
AVCAT (quickheal)Worm.Gamarue.HK4
AVClamAVWin.Trojan.Gamarue-112
AVDr. WebBackDoor.Andromeda.178
AVEmsisoftTrojan.Gamarue.AP
AVEset (nod32)Win32/TrojanDownloader.Wauchos.L
AVF-SecureTrojan.Gamarue.AP
AVFortinetW32/Zbot.PKJO!tr
AVFrisk (f-prot)W32/Trojan2.NWYN
AVGrisoft (avg)Downloader.Generic13.APRF
AVIkarusTrojan-Downloader.Win32.Andromeda
AVK7Trojan-Downloader ( 0043f6bc1 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Downloader
AVMcafeePWSZbot-FDN!D47F069CD335
AVMicroWorld (escan)Trojan.Gamarue.AP
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVNANOTrojan.Win32.Androm.bxorxo
AVPadvishDownloader.Win32.Gamarue.AA
AVRisingWorm.Win32.Gamarue.x
AVSUPERAntiSpywareTrojan.Agent/Gen-Winlock
AVSymantecDownloader.Dromedan
AVTrend MicroNo Virus
AVTwisterSuspicious.2525@2FF0000@.mg
AVVirusBlokAda (vba32)BScope.Worm.Gamarue.2413
AVWindows DefenderWorm:Win32/Gamarue
AVZillya!Downloader.Andromeda.Win32.2944

Runtime Details:

Screenshot

Process
↳ C:\bc06e31739b7604e80f541203104045cc202da10.exe

Creates FileC:\WINDOWS\system32\wuauclt.exe

Process
↳ C:\WINDOWS\system32\wuauclt.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\BC06E3~1.EXE
Creates FileC:\DOCUME~1\All Users\Local Settings\Temp\ccaamigpa.pif
Creates FileC:\WINDOWS\system32\wuauclt.exe
Creates FileC:\DOCUME~1\All Users\Local Settings\Temp\ccaamigpa.pif
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile ➝
C:\WINDOWS\system32\ESENT.dll\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile ➝
C:\WINDOWS\system32\ESENT.dll\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryCount ➝
16
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\6409 ➝
C:\DOCUME~1\All Users\Local Settings\Temp\ccaamigpa.pif\\x00
Creates Mutex
Creates Mutex1423186185

Process
↳ C:\DOCUME~1\All Users\Local Settings\Temp\ccaamigpa.pif

Creates FileC:\WINDOWS\system32\wuauclt.exe

Process
↳ C:\WINDOWS\system32\wuauclt.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile ➝
C:\WINDOWS\system32\ESENT.dll\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile ➝
C:\WINDOWS\system32\ESENT.dll\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryCount ➝
16
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\TypesSupported ➝
7
Creates Mutex
Creates Mutex1423186185

Process
↳ C:\WINDOWS\system32\wuauclt.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\WindowsUpdate.log
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\Logs\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.stm\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb\
Creates FileC:\WINDOWS\SoftwareDistribution\DataStore\
Creates FileC:\WINDOWS\SoftwareDistribution\
Creates FileC:\WINDOWS\
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile ➝
C:\WINDOWS\system32\ESENT.dll\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile ➝
C:\WINDOWS\system32\ESENT.dll\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryCount ➝
16
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\TypesSupported ➝
7
Creates Mutex
Creates MutexGlobal\WindowsUpdateTracingMutex
Creates MutexGlobal\WindowsUpdateTracingMutex
Creates MutexGlobal\Instance0: ESENT Performance Data Schema Version 40

Network Details:


Raw Pcap

Strings
=||H
L$,d
E8E%`
%%$3$M
bE8E
UE%%
E4EL
EEuu
&3Z3;3
iI3uu
uuEE
V$$$$
uu$$;$Q$
3T3EE
t"ty
yE?E
$i$$$
'$8$
[2EwE"
?$Z$
3UEE$$M
$$%%E
E4uu
EpEVu
EEEEt
$Ec\
4EE33g
jt[t
33EE
1yEE$$
;;WP
0/$ $Z
	%%tt
E<E$$
%8G%
3333%
3W_J3
ttEE
3Q3L
$%;$
$.$c%
tX%%EE
%%EE
%EEEE
33uu
%*%`
3EEEEE
JuKu
.E?E
Euuuu3M
E[E33
33n3
$$EE
$$%%3
}~%8%<
5353
WtWt
$$EE3
%U%_
S$Z$
EEEE
<393
$O$$$EE
OL)E
$$EE
EEEEB
}tWt
ttuu
9E<E
O3K3
$$$G$
$`$S
$3$33
3Y	3
t tc
t$$%%]
3333
E(e.
U[$=$33
uu$$
3K3tt
tta3
33%%c
33EE
%%uuE
a?33$$
YNl=
H3[3t
3q35
ttuu
$$%%N
%w%%%
$G$C
33EE
ttECEa
$%%$$
E|EE
33E3
+7EE
EEuu
V1@V
<$f$
$d$EE
c]3z3
$$EE9
%,343
3N3	EE
_tt333
$$33
$$EE
W%^%
33EE
QEDE
33EE
VE;El
w3>3uu
REEEE{S
EEEEE
|Em/vE%%
E5E8E
3EdiE
EEH^
"E;E
%%/E
uu$$
EEuu
C3?uTu
*a$/
E2Ej
P=w$
5|pA
SUVW
=|pA
_^][
h`JA
cv!f
SUVW3
L>Gf
u39l$
T$$u
D$$u
_^]3
h`EA
SSSSS
SSSSS
SSSSS
VVVVV
SVW3
t$9}
WWWWW
YYt)
t)9u
VVVVV
SSSSS
VVVVV
WWWWW
WWWWW
~,WPV
98t^
tVPV
t/9U
h(FA
hHFA
u$9]
SSSSS
SSSSS
MZu3
j`hhFA
YQPj
=hbA
<at9<rt,<wt
SSSSS
tVHtG
tDHt0
uD	}
u%	}
SSSSS
Y__^[
\$ UV
_^][
9csm
T$(j
D$,9h
URPQQh(\@
L$,3
UVWS
[_^]
SVWj
_^[]
j@j ^V
[j@j
VVVVV
SSSSS
Yt.V
Yt"V
Yt.V
Yt"V
jdX;
jF<-uH
]t=F:
YYj0[
Yt>V
?%u?
VVVVV
VVVVV
WWWWW
WWWWW
t	VP
h0GA
WWWWW
hPGA
SSSSS
hpGA
WWWWW
Yt.V
Yt"V
8csm
5`eA
VVVVV
VVVVV
YYuTVWh*
VVVVV
u&hp
PPPPP
<Yv8V
VVVVV
VVVVV
VVVVV
]_^[Y
S99t
~du
t$<"u	3
>=Yt/j
tJVUP
SSSSS
Y]_^[
>"u&
< tK<	tG
SUVW
SSS+
@PVSS
t#SSUP
t$$VSS
_^][YY
QQSV3
v#Wh
F\ fA
YYt:V
F\= fA
tehe
YYt4V
VVVVV
VVVVV
Yu'9
YYu-9D$
u-9D$
SSSSS
SSSSS
tGHt.Ht&
^SSSSS
;t0;
tySSS
8VVVVV
t(9u
VVVVV
VVVVV
SSSSS
SSSSS
t,9]
u!f;
t	9]
h8HA
WWWWW
t!h0
9MZt
hXHA
Y_^[
Y_^[
SVWUj
]_^[
;t$,v-
UQPXY]Y[
SUVW
_^][
hxHA
0A@@Ju
Wto=
t^9(uZ
tD9(u@
=(nA
Y_^][
_^][
Fpt"
Yt"V
Yt.V
Yt"V
WWWWW
_^][
YYt}
~%9M
QVj
r 8^
WWWWW
WWWWW
VVVVV
=4oA
VW|Z;
VW|[;
VVVVV
j@j
oV f
o^0f
of@f
onPf
ov`f
o~pf
ueSj
@_^[
 VW}
j?^;
SSSSS
SSSSS
tl9]
tC9]
Ht$C
CC@@
Ht'f
CC+]
h@IA
VVVVV
h`IA
QSUVW
YYt3
_^][Y
t+Ht
PPPPP
 SVW
h$	A
SSSSS
SSSSS
0SSSSS
_^[]
0SSSSS
0SSSSS
VVVVV
t&:a
WWWWW
uaVj
uL9=
wIVSP
FVSj
SSSSS
_^[]
SVW3
_^[]
VVVVV
u8SS3
GWh0	A
9]$SS
t)9]
t"9]
9] u
SSSSS
SSSSS
tR:Q
t<:Q
t&:Q
FVh0	A
9] SS
v$;5
PPPPPPPP
PPPPPPPP
h JA
h@JA
WWWWW
WWWWV
t<Vj
t+WWVPV
WWWWW
<Xt
u,9u
v	N+D$
^_[3
ccs=
UTF-8
UTF-16LE
UNICODE
CorExitProcess
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
R6032
- not enough space for locale information
R6031
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
R6030
- CRT not initialized
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
.mixcrt
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
InitializeCriticalSectionAndSpinCount
kernel32.dll
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
July
June
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
 GeeW
A@N?
gAX@
iW?4
oUGi
33""
G?.4
"yV_
at|GG
4WCn
3U#U
F@D4T
pUBU
C@Ai@
@"^"
"f"/
RnnCW_
."v"
DYpD
:UwU
@IVO
&U4U
1"e"
FiAG
DuD5
.3t[
drps
uuuDt%
`%k%)
E(E$$
l;E*
33EE33/
Ao@Re
Bere
tBtE
^ESQ
Ac5B
dlee
<": %Wo
6BBB
@(F@@
GGeD
ig/
xAoF
Ldex@
S<Bu
.nyGex
  Or
BC"&e&
Uoc
PBx'
vu%G
lFGe
BBati
dSpg
$Epoe
FDlkc
DgCYfB
os/G
Bse"
lctyv
aB<F
M i[
B Od(l
RSDSKG
c:\winter\Set\Bottom\Up\value\wild\industry\Support\nearcare.pdb
CoInitialize
CoCreateInstance
CoUninitialize
ole32.dll
GetProcAddress
PrepareTape
LoadLibraryA
VirtualProtect
GetTickCount
Sleep
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetLastError
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
CloseHandle
FlushFileBuffers
GetModuleHandleA
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
VirtualAlloc
HeapReAlloc
ReadFile
SetEndOfFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
KERNEL32.dll

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
guide six
youkind
0@ H(2
82`7
Xsrz
eVNm[
	*qJ
[n2{{
'x;P^
@_0m>
+vnO
"8O4_
#Qit
*'W`K?
lTk=
,}<~
-4zbT|
y$g0
T7!<
fBCu
.?AVCHandleMap@@
E @d@
073I
D_D]
DD""
"*"A
RVSrG
"R""
1D:D
33Fw
m3a3
??DG.
SrdF_?
AP%@
@to@e@
G4dg
OeV4G
hC.|
@eT@
#+DD
<PAt
33"c"
En2GD
mh3t3i
lusP
PHAH
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
</assembly>PA