Analysis Date2013-11-30 17:03:52
MD5c6278ddf79a9ac6ab82041de6198c67f
SHA138c2f18652f2b271ef8d922e43d2b6e9c42f8533

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b1ae6dcdc3a7ba319c6d5e0b1a2eadbc sha1: 35a4c8038c5866c6a7b999aafac36f430c5a5bbd size: 7680
Section.rdata md5: cd4f20f041a2da05dfe5974fe61bd4ec sha1: 32dba388b7a093695342afde8ac4904196ff5055 size: 2048
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: ed9b445590c5cfedd69aa72f1860e84b sha1: 808d8791b8f78f378a1556463b3211a2486d6653 size: 8704
Section.reloc md5: 938152484b33bca77bd622973abb524e sha1: 6681044b06d2b4c698e751baf66c69ce242a4529 size: 512
Section.tsustub md5: ee2b04a7d11b0007553c23303063ad16 sha1: a86149f778d449fee59ffed176c2d0abb3a0a58a size: 121344
Section.tsuarch md5: 14c6fcacb7244d99ca180e7ff1cb7c27 sha1: 96051f8f245731733e4ca76bd9a27f2369ed6e2f size: 156160
Timestamp2013-03-12 08:51:45
Pdb pathD:\Dev\Tin7\InstallDir\vc80-win32u\Loader.pdb
VersionLegalCopyright: Copyright © 2012 SummerSoft
WebSite:
InternalName: TSULoader
FileVersion: 2013.8.29.1517
CompanyName: SummerSoft
SpecialBuild:
PackageCode: {F2865652-EF8A-43D2-A139-A7A8296574A4}
Comments: WinNT (x86) Unicode Lib Rel
ProductName: SummerSoft
ProductVersion: 1.0.0.1
FileDescription: Installer for SummerSoft
ProductCode: {9F4F7131-B49B-4521-91DA-ECE2C1E54741}
Email:
OriginalFilename: TSULoader.exe
Arguments: /x
PEhashebd939fcb474eabc0dce954d794e29d180a3eadc
AVaviraADWARE/InstallRex.Gen

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeout ➝
600000
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\38c2f18652f2b271ef8d922e43d2b6e9c42f8533.log
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\CACDEFGH.htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\C80C2215.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\{2A5B8A1E-8037-4906-ABED-C815F1B8A8E8}\_Setup.dll
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\down.1532.1.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\{2A5B8A1E-8037-4906-ABED-C815F1B8A8E8}\Setup.ico
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\{2A5B8A1E-8037-4906-ABED-C815F1B8A8E8}\Setup.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\TsuB6080A17.dll
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\{2A5B8A1E-8037-4906-ABED-C815F1B8A8E8}\Custom.dll
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\CADHI41E.htm
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\{2A5B8A1E-8037-4906-ABED-C815F1B8A8E8}\Readme.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\r1.stylezip[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\down.1532.1.ini.part
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\CALGHFYE.htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\C80C2215.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\CALGHFYE.htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\CADHI41E.htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\down.1532.1.ini.part
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutex{F2865652-EF8A-43D2-A139-A7A8296574A4}
Winsock DNSc1.stylezip.info
Winsock DNSr1.stylezip.info

Network Details:

DNSstylezip.info
Type: A
198.7.61.118
DNSstylezip.info
Type: A
198.7.61.118
DNSr1.stylezip.info
Type: A
DNSc1.stylezip.info
Type: A
HTTP POSThttp://r1.stylezip.info/?report_version=5&
User-Agent: TixDll
HTTP GEThttp://c1.stylezip.info/?step_id=1&installer_id=5894752807189877275&publisher_id=1152&source_id=0&page_id=0&country_code=NO&locale=EN&browser_id=1&download_id=15589274446916430577&external_id=0&session_id=836551692934441500&hardware_id=11993134721866020867&filesize=&product_name=Your+File
User-Agent: TixDll
HTTP GEThttp://c1.stylezip.info/?step_id=1&installer_id=5894752807189877275&publisher_id=1152&source_id=0&page_id=0&country_code=NO&locale=EN&browser_id=1&download_id=15589274446916430577&external_id=0&session_id=836551692934441500&hardware_id=11993134721866020867&filesize=&product_name=Your+File
User-Agent: TixDll
HTTP GEThttp://c1.stylezip.info/?step_id=1&installer_id=5894752807189877275&publisher_id=1152&source_id=0&page_id=0&country_code=NO&locale=EN&browser_id=1&download_id=15589274446916430577&external_id=0&session_id=836551692934441500&hardware_id=11993134721866020867&filesize=&product_name=Your+File
User-Agent: TixDll
Flows TCP192.168.1.1:1031 ➝ 198.7.61.118:80
Flows TCP192.168.1.1:1032 ➝ 198.7.61.118:80
Flows TCP192.168.1.1:1033 ➝ 198.7.61.118:80
Flows TCP192.168.1.1:1034 ➝ 198.7.61.118:80

Raw Pcap
0x00000000 (00000)   47455420 2f3f7374 65705f69 643d3126   GET /?step_id=1&
0x00000010 (00016)   696e7374 616c6c65 725f6964 3d353839   installer_id=589
0x00000020 (00032)   34373532 38303731 38393837 37323735   4752807189877275
0x00000030 (00048)   26707562 6c697368 65725f69 643d3131   &publisher_id=11
0x00000040 (00064)   35322673 6f757263 655f6964 3d302670   52&source_id=0&p
0x00000050 (00080)   6167655f 69643d30 26636f75 6e747279   age_id=0&country
0x00000060 (00096)   5f636f64 653d4e4f 266c6f63 616c653d   _code=NO&locale=
0x00000070 (00112)   454e2662 726f7773 65725f69 643d3126   EN&browser_id=1&
0x00000080 (00128)   646f776e 6c6f6164 5f69643d 31353538   download_id=1558
0x00000090 (00144)   39323734 34343639 31363433 30353737   9274446916430577
0x000000a0 (00160)   26657874 65726e61 6c5f6964 3d302673   &external_id=0&s
0x000000b0 (00176)   65737369 6f6e5f69 643d3833 36353531   ession_id=836551
0x000000c0 (00192)   36393239 33343434 31353030 26686172   692934441500&har
0x000000d0 (00208)   64776172 655f6964 3d313139 39333133   dware_id=1199313
0x000000e0 (00224)   34373231 38363630 32303836 37266669   4721866020867&fi
0x000000f0 (00240)   6c657369 7a653d26 70726f64 7563745f   lesize=&product_
0x00000100 (00256)   6e616d65 3d596f75 722b4669 6c652048   name=Your+File H
0x00000110 (00272)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000120 (00288)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000130 (00304)   3a205469 78446c6c 0d0a486f 73743a20   : TixDll..Host: 
0x00000140 (00320)   63312e73 74796c65 7a69702e 696e666f   c1.stylezip.info
0x00000150 (00336)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x00000160 (00352)   206e6f2d 63616368 650d0a0d 0a          no-cache....

0x00000000 (00000)   47455420 2f3f7374 65705f69 643d3126   GET /?step_id=1&
0x00000010 (00016)   696e7374 616c6c65 725f6964 3d353839   installer_id=589
0x00000020 (00032)   34373532 38303731 38393837 37323735   4752807189877275
0x00000030 (00048)   26707562 6c697368 65725f69 643d3131   &publisher_id=11
0x00000040 (00064)   35322673 6f757263 655f6964 3d302670   52&source_id=0&p
0x00000050 (00080)   6167655f 69643d30 26636f75 6e747279   age_id=0&country
0x00000060 (00096)   5f636f64 653d4e4f 266c6f63 616c653d   _code=NO&locale=
0x00000070 (00112)   454e2662 726f7773 65725f69 643d3126   EN&browser_id=1&
0x00000080 (00128)   646f776e 6c6f6164 5f69643d 31353538   download_id=1558
0x00000090 (00144)   39323734 34343639 31363433 30353737   9274446916430577
0x000000a0 (00160)   26657874 65726e61 6c5f6964 3d302673   &external_id=0&s
0x000000b0 (00176)   65737369 6f6e5f69 643d3833 36353531   ession_id=836551
0x000000c0 (00192)   36393239 33343434 31353030 26686172   692934441500&har
0x000000d0 (00208)   64776172 655f6964 3d313139 39333133   dware_id=1199313
0x000000e0 (00224)   34373231 38363630 32303836 37266669   4721866020867&fi
0x000000f0 (00240)   6c657369 7a653d26 70726f64 7563745f   lesize=&product_
0x00000100 (00256)   6e616d65 3d596f75 722b4669 6c652048   name=Your+File H
0x00000110 (00272)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000120 (00288)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000130 (00304)   3a205469 78446c6c 0d0a486f 73743a20   : TixDll..Host: 
0x00000140 (00320)   63312e73 74796c65 7a69702e 696e666f   c1.stylezip.info
0x00000150 (00336)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x00000160 (00352)   206e6f2d 63616368 650d0a0d 0a          no-cache....

0x00000000 (00000)   47455420 2f3f7374 65705f69 643d3126   GET /?step_id=1&
0x00000010 (00016)   696e7374 616c6c65 725f6964 3d353839   installer_id=589
0x00000020 (00032)   34373532 38303731 38393837 37323735   4752807189877275
0x00000030 (00048)   26707562 6c697368 65725f69 643d3131   &publisher_id=11
0x00000040 (00064)   35322673 6f757263 655f6964 3d302670   52&source_id=0&p
0x00000050 (00080)   6167655f 69643d30 26636f75 6e747279   age_id=0&country
0x00000060 (00096)   5f636f64 653d4e4f 266c6f63 616c653d   _code=NO&locale=
0x00000070 (00112)   454e2662 726f7773 65725f69 643d3126   EN&browser_id=1&
0x00000080 (00128)   646f776e 6c6f6164 5f69643d 31353538   download_id=1558
0x00000090 (00144)   39323734 34343639 31363433 30353737   9274446916430577
0x000000a0 (00160)   26657874 65726e61 6c5f6964 3d302673   &external_id=0&s
0x000000b0 (00176)   65737369 6f6e5f69 643d3833 36353531   ession_id=836551
0x000000c0 (00192)   36393239 33343434 31353030 26686172   692934441500&har
0x000000d0 (00208)   64776172 655f6964 3d313139 39333133   dware_id=1199313
0x000000e0 (00224)   34373231 38363630 32303836 37266669   4721866020867&fi
0x000000f0 (00240)   6c657369 7a653d26 70726f64 7563745f   lesize=&product_
0x00000100 (00256)   6e616d65 3d596f75 722b4669 6c652048   name=Your+File H
0x00000110 (00272)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000120 (00288)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000130 (00304)   3a205469 78446c6c 0d0a486f 73743a20   : TixDll..Host: 
0x00000140 (00320)   63312e73 74796c65 7a69702e 696e666f   c1.stylezip.info
0x00000150 (00336)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x00000160 (00352)   206e6f2d 63616368 650d0a0d 0a          no-cache....

0x00000000 (00000)   504f5354 202f3f72 65706f72 745f7665   POST /?report_ve
0x00000010 (00016)   7273696f 6e3d3526 20485454 502f312e   rsion=5& HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   436f6e74 656e742d 54797065 3a206170   Content-Type: ap
0x00000040 (00064)   706c6963 6174696f 6e2f782d 7777772d   plication/x-www-
0x00000050 (00080)   666f726d 2d75726c 656e636f 6465640d   form-urlencoded.
0x00000060 (00096)   0a557365 722d4167 656e743a 20546978   .User-Agent: Tix
0x00000070 (00112)   446c6c0d 0a486f73 743a2072 312e7374   Dll..Host: r1.st
0x00000080 (00128)   796c657a 69702e69 6e666f0d 0a436f6e   ylezip.info..Con
0x00000090 (00144)   74656e74 2d4c656e 6774683a 20363339   tent-Length: 639
0x000000a0 (00160)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x000000b0 (00176)   206e6f2d 63616368 650d0a0d 0a646174    no-cache....dat
0x000000c0 (00192)   613d4c48 38523341 3241334b 37695135   a=LH8R3A2A3K7iQ5
0x000000d0 (00208)   71595355 646d376c 42633073 446d5846   qYSUdm7lBc0sDmXF
0x000000e0 (00224)   5672704f 5a735754 61583270 3459315a   VrpOZsWTaX2p4Y1Z
0x000000f0 (00240)   694b6d52 4469536e 77576256 38336561   iKmRDiSnwWbV83ea
0x00000100 (00256)   574a5648 33504663 62627669 49433255   WJVH3PFcbbviIC2U
0x00000110 (00272)   4b674871 48686c7a 38433252 36777663   KgHqHhlz8C2R6wvc
0x00000120 (00288)   536c574f 70593667 7a693265 33675a53   SlWOpY6gzi2e3gZS
0x00000130 (00304)   3338344d 36463074 4a696f53 67725846   384M6F0tJioSgrXF
0x00000140 (00320)   71784d31 6c6c426c 44383037 45623551   qxM1llBlD807Eb5Q
0x00000150 (00336)   6c545368 45253242 6f513364 4e763055   lTShE%2BoQ3dNv0U
0x00000160 (00352)   58583856 704c6d69 6b4e6241 3774516a   XX8VpLmikNbA7tQj
0x00000170 (00368)   376d3449 336c4531 577a312f 43575257   7m4I3lE1Wz1/CWRW
0x00000180 (00384)   2f785531 76536433 52345141 25324252   /xU1vSd3R4QA%2BR
0x00000190 (00400)   43304251 712f3544 7949676c 58706833   C0BQq/5DyIglXph3
0x000001a0 (00416)   4e676a58 35325938 39744568 4d77626e   NgjX52Y89tEhMwbn
0x000001b0 (00432)   31637177 6a766338 30514259 6b454b47   1cqwjvc80QBYkEKG
0x000001c0 (00448)   6a7a2532 42374738 6a363761 6972456f   jz%2B7G8j67airEo
0x000001d0 (00464)   37744441 6c556c70 4c6a6e4b 4433514c   7tDAlUlpLjnKD3QL
0x000001e0 (00480)   71615439 72414551 6e687566 2f312f66   qaT9rAEQnhuf/1/f
0x000001f0 (00496)   436f665a 4e55632f 34786250 38337053   CofZNUc/4xbP83pS
0x00000200 (00512)   33374b6f 59576f61 566d6a51 77757649   37KoYWoaVmjQwuvI
0x00000210 (00528)   3979595a 4f775953 38486533 56465332   9yYZOwYS8He3VFS2
0x00000220 (00544)   6736365a 6c4d4375 6b722532 424f6b69   g66ZlMCukr%2BOki
0x00000230 (00560)   392f4d47 5a6c636c 77496459 4951546b   9/MGZlclwIdYIQTk
0x00000240 (00576)   43677a75 3278416b 25324239 5433334e   Cgzu2xAk%2B9T33N
0x00000250 (00592)   6a653736 496b6266 51583676 2f70326a   je76IkbfQX6v/p2j
0x00000260 (00608)   25324241 33763870 63576b6f 4e4a426e   %2BA3v8pcWkoNJBn
0x00000270 (00624)   6a496368 67686364 574a4937 71414542   jIchghcdWJI7qAEB
0x00000280 (00640)   4437472f 49427a37 2f544365 67564d62   D7G/IBz7/TCegVMb
0x00000290 (00656)   4d767173 57314d57 32386967 7677487a   MvqsW1MW28igvwHz
0x000002a0 (00672)   577a516f 52304467 33786372 58694531   WzQoR0Dg3xcrXiE1
0x000002b0 (00688)   71636571 31762532 42487530 746c6525   qceq1v%2BHu0tle%
0x000002c0 (00704)   32427677 58367238 6732304e 6e784b72   2BvwX6r8g20NnxKr
0x000002d0 (00720)   4b6e3368 63424861 66584a62 6a323933   Kn3hcBHafXJbj293
0x000002e0 (00736)   52753525 32426365 70335131 2f723325   Ru5%2Bcep3Q1/r3%
0x000002f0 (00752)   32426b67 59573270 55556855 6f305942   2BkgYW2pUUhUo0YB
0x00000300 (00768)   6b645638 66354a45 4c703638 7370726a   kdV8f5JELp68sprj
0x00000310 (00784)   556d3165 6862654a 356f7a55 2f384944   Um1ehbeJ5ozU/8ID
0x00000320 (00800)   345a6a44 366f6471 66525a67 50494830   4ZjD6odqfRZgPIH0
0x00000330 (00816)   4644484b 536d4b68 54775465            FDHKSmKhTwTe


Strings
000004b0
1.0.0.1
 2012 SummerSoft
2013.8.29.1517
333f3
{9F4F7131-B49B-4521-91DA-ECE2C1E54741}
Arguments
Comments
CompanyName
Copyright 
 /d:"%s"
Email
{F2865652-EF8A-43D2-A139-A7A8296574A4}
f3fff
FileDescription
FileVersion
Installer for SummerSoft
InternalName
LegalCopyright
OriginalFilename
PackageCode
ProductCode
ProductName
ProductVersion
SpecialBuild
StringFileInfo
\StringFileInfo\%04x%04x\Arguments
SummerSoft
Translation
Tsu%08lX.dll
TSULoader
TSULoader.exe
VarFileInfo
\VarFileInfo\Translation
VS_VERSION_INFO
WebSite
WinNT (x86) Unicode Lib Rel
"""""/
050607080910Z
0D1i1x1
0eY4qN
0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
0/IA9Q
0IwF5X
'0L0xkM
>;&0V	X
0$_wU;
110824000000Z
1#2=2o2x2
12%Ip`
130710000000Z
140710235959Z0
15lKd%q
17xwSW
!=(19w
$1b"%y
1bzM~Z
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
(1I,b`i
!1^m%l
1PQ|0<,
"":"1r
1~Sy~a
1wgk.<
1+!WQ'7
200530104838Z0
200530104838Z0{1
2$	[{3
26$q&M
2]7}`-
~'2J6(
2MR0\Q
  <$2OLnkWqh6GK4fxztvqhqRAp8GcdqLb2PFD+dWkx6hG/Q3dia0mUIERkvu/I0mYxCE/54gIOytde08SeVHMi0kwVTQ52nfQ7MK6Y+bZZwsxEqxBRAeGUFl9sZ7YmdEc1CAzcuQ+GOmxHX4wWZfHXjins4pT8dMe4o2WNHjvJfdmbYlAdhIqrYC8/GJ45COmF6NWrov/B24b2wfxr/5GaWlOq47wpzH13U+kusUhEyxliiHpbfPaCDsNpg+5fsJSEyTWCmAzcsLTTZK46nxp/+mFKi+BJTTtPjcWJAm/yYPtoPb+5DLZRpjjzKkOrbRn5RCIfbo7yIslVRqMn4TIea/Q1kH/AZe+lWp6SqvRpB2PKSopCKhCEjcBGtUnLKZS3S2kRFllfsSjCIz8Ag1zJ9MCLV+FdNnvb2yH1crX765ObCbXMKdogZcf7FSjCZ4zGtNJoFLI0a2mOAB2xwaRpYnucCiz1cyr+R4sdjWHYPmUtXpxIzsKrwRpSwnY7q7zgGMk6tREHh2VlS7FqhDj7YWc2hQDC79JiDL/gQFMYBmbygiTqC2a00Jy8pWpztAGQq3xE6PojONMgYgV6pvcUaFK1f7Uuno3bcpfpmJO325pWA5XL0NFYFMw+h5ObBwU89fjaDUYxtkNrGDkNXFXgc4SpF6oaRW0BJh5KvoqQIi+Rjs/y6itKRi6Qu5TFtKfEOXn5DTNCjQlXlk5NoXe6sI52R32X/+kYkTKbn457S2/uJ5hB7pGCoXKv6ZLZvLQmdHRAxYkSOJGL5i55mjJojcF8zlqj+7an6sua98jg6VYd8wP0cBQoEvsrmWi+z5Wq/i6gWnYPf2ZeB21fly8M0RkIvaWGIz2Aus9PkWHZKdIJsCclb0cGILPgpT6K9QMOcLV8K30VQE4oirZZkCok8SLmfy+R+yPGtntbNsD0/tyQ1AqLNHugyzL6oq1Tys2iaW2EBAgfhinxIMVkXC1jHme4HQn/pz4s0zdup8Po8ICrVwz2qlPP2Okd330KY/LnskeQuyv/8tsPNjxqANAhbSK4+ND2P7iEjfO64O+isMD5bY8tfJOpO6qyExVEsQiZ0J2zcg2N2aRoV7yUEmWyxhh14FxVEUTFgOYRKwkrZCpTLG498ShzIX/cBIGr0BllUrrUG7JuV+XKxk8w+WM+Er2lqJOUEwRqbmnFoKFVjTCCIxDQ9kpBw62F78vDlkqaURnH7vRJV4MOXbaAivc2PjyqeelnLHjSPtjcS4FfjwNStUrG3VDRmnh+tswYPWUmj4UpZd9scETuDLQmtH7QZxeiqIGtT7P5E6icTK2JmlRZc56LwA6O+SZOmxvhxIltlYj$>
2rso;5I
2tn"U70
2TrLi:
38S#>Y
39N9C?2
)3Ft7tR
3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
3o+4z&
3~qTpit
\40c/'m
40tL?j%
/43]2M
~45Eh=
'4b%`_Z
4FC=/-
4FKAhO
?4j##\
_4KbE f&
}4LI!$
4mdGCx
4y~B21y
5"/^%/ 
5!5>5H5R5^5m5z5
5Lu$,,{
5 P``2
 :5s%C_
640421
6$6H6M6
6	7>7N7U7a7t7~7
6 c1`2c
6C$6ZY
6DD"(r
6&DY's
&	6gWv_
6\ja5]
6L'CKp
6.Pfk#
6Rqgj(e
)6^_U	*
"6WNMI
6$x$e,
6}XFrx+
7#1;s7
74\%_<=0?
7;8Y8,9i9
.7bI|W0
7dqb_Rh
+7g	&I
>7lJoZ=
 7O&.L
,&7PRV
7@/	QV}
7r	lK8j
7rWX-@p
7wJTJ7
8=]<,)
84Ru7I
@866pf
8M(+1K
8t2i }
.8|xY<\
9{4.@lpe;
97"5A\E
(:	9CR
9f*<Z,m
9KqT}TE
9Owr`4#
9Ysi--s
9%	=Z)0i
A<!0K$
A*\32q
>!A`6R
a 6:Ui
A`7|E-M
A8[.Hm
AbD&qN
AddTrust AB1&0$
AddTrust External CA Root0
AddTrust External TTP Network1"0 
a@GmPx2
AG	uEP
?aj&`_
aKf0Fdi
a!MR+`+
\)|AOT
</assembly>
	<assemblyIdentity
			<assemblyIdentity
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
:>a\UH
>A(ux>
\AVgZ$PN
aXO"ZK
A#/|Z{>>
<b"2`8
b3r>ABwY
B75.+,H
b9IT7Ct
BBP<-<
,BBr{)
=@beKPe
bfzetGk8
BH9CrE5\
b"j$3p
Bmh+ij
b!O{Zn
bt8OH+Nd
B.tsuarch
B.tsustub{
<;{B\y
(c4]MD
C	8)~}
~CDN8=
@CH^*-
=]cIID
cIn@[,<N
CloseHandle
COMODO CA Limited1!0
COMODO Code Signing CA 2
COMODO Code Signing CA 20
@C:\r,
cr4xr~
CreateFileMappingW
CreateFileW
C:s0Je
*C(slM|Vv
CU5w&6
!c~vA:Y
CVdbF	
cWU3TS2
CZ~:>S+%
"+d{<	
`d3nbM
_D57<r
D&8(}i
@.data
dA]uzz
<dAvpJ
D:\Dev\Tin7\InstallDir\vc80-win32u\Loader.pdb
'd&dP.Qh
DeleteFileW
	</dependency>
	<dependency>
		</dependentAssembly>
		<dependentAssembly>
	<description>Tarma InstallMate v7 Setup Loader</description>
 Df\S*9
dIOT5a
"DL,'N
DSDx!I
_DUc"#b
dxo"Ar
DycZMc
`:}*e{
:]@'e2B
E.3'Hg
(e8Sm1
+>EA <Z
:e_(b'
EcT>	\
e;-dF.0p
E?eE'$0
+E<;EHv
E@	ELf
E\;EXu-
E\;EXu0
E-hwn1
E	LnYX
eP=U|z
Eran Vaterfeld0
Eran Vaterfeld1
Error %u while extracting TSU.DLL to %ls
Error %u while loading TSU.DLL %ls
Error %u while retrieving entry point from %ls
eR	rQl<U
{et{::
;";=;><E<t<
ET+EL;
ET+EL;E,r
@e:uD"
EuD"*C
eUfnQ-2
EX9E\u(
Executable has no .tsustub section
Executable has no valid MZ signature
ExitProcess
!e'+y2x
)f6[!{
FaZ,(wf
fdL<79
?F{E6{
F{h7]mb
fiE,e9I
FQ\iM,
fR/CSq
FreeLibrary
(f$.	T
'>FTIW
F==uFq"
f\$v	-
f?y^5G
G%_0Bx\
(g^;4w
G}\A<ou
gd{Cv?,
_G_dDcz
Ge0{(B
GetCommandLineW
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetFileSize
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetLastError
GetModuleFileName() failed => %u
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
GetTempPath() failed => %u
GetTempPathW
GetTickCount
-G_?g*>V6
GJ.bE,r-
}GJ`.t
{GjUl9
gL'dO[
Go*a{ox*
{-g-Q[()
Greater Manchester1
gUR$GTL
#}g}%UWl
Guxg.P
Gw]*&#
	gWa%-
.GWa=)
g$x@Bijp1
GZh h$)
H0*LA*
<h{%1_
h2d!,R!
%H;4qy
H8Dl\^
h$C@Ev
@#hc$z
HeapAlloc
HeapFree
=.'HFo
HJNFnn
h<.o,@
+/h=OchJ
HPC7-T
HRe1.V	
http://ocsp.comodoca.com0
http://ocsp.usertrust.com0
https://secure.comodo.net/CPS0A
http://www.usertrust.com1
)h{U*j
	HYrVLkI
]i>**_
i4H	equ
i&8jLr
i8'N=h
iDDp#+
$I$G57B
i&JXZh
imdx+_
iP+Z9n
I-	Q,h
)i$s-H
It<Pa[?
ivD3OX
ivS	DZ
IWBi`6
I@$ZMm
j-{3gC
[j4m>k^[)
'(JbpO
:;JG[V
JH#F#e[
Ji>;	e
jNgh@dq
jp&\3f
J\_r5a
JtE4:Q
+JuN	\L:
Jv6q4C
K0\^D8
?~K4]mv}g
K67	^r
kAnUT_
k`>!@<b
[K~b/I
KERNEL32.dll
]?K	H":
K~n^"l
kQO~F/
K,y#}J
K"Z%|=
l5]twC
 L(6;	
L9De{)_3QilCi
				language="*"
LNXcQ,
LoadLibraryW
lPgMvo
L_#SospTmJFomt
lstrcpynW
lstrlenW
L-T~(f
Lw0=HT
#L~Y6Po
M8;Mxs5
MapViewOfFile
mB`f4HqW
md%~<K
mEG,xEx
MessageBoxA
MfJhZ;]
m	ge@n(x
^m{iN4
m>ljTQa
}MlNG\
M)Lz]^D
M\;MXu-
M\;MXu)
M\;MXu0
?M*P>~
MqK3Kk
M\sD;MXu-
#m].=T
||_M&#<uHv
MultiByteToWideChar
<&@MU; O4
mu%%WB'
./My$8
n2cX8H
N2Ur+"
n4'zVi
^N6C.cv
n*?6D>
				name="Microsoft.Windows.Common-Controls"
		name="Tarma.InstallMate7.Loader"
n;CGT{W
 NcHc*
n`IK?S
NLzt(i
[N	q~Cl
:nqpr i
<|nu3>
N+&Uj"=
nY!wAx
nzp/X?
&_nzz6
o0MH$m
O61{ &
?ob2hm
o,d.~gP
odLjM\
OMjdrN
OutputDebugStringA
)OVdrM
O>vl,3
Ow&`6&i
OYjzCC
oy*Q1gL/E
p0J/uV
p2EQe?5
p2I@}A
p3,s91cg
`p^5JXVu
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
&pB#K,
p:]dmO
>.PG6%M
|PLXjU
pl\Yix
]_pOcl
PostMessageW
%(pq7~P
				processorArchitecture="*"
		processorArchitecture="*"
				publicKeyToken="6595b64144ccf1df"
-,[PV<
-P"vbn
pY1t_B%
p}za]<$
~Q(6pr
Q8+Q0`
q>dsC 5]
QgZNEl
qkn(7I
?)`qO(3'-wJT% ed
q`P/C&
}	Qq1zJv^
;|qQ;RpP
q%.UQ#
r1D<)!
^Ra3Qi-4>
+rBtmU
`.rdata
ReadFile
@.reloc
ReM#E9
				<requestedExecutionLevel level="requireAdministrator"/>
			</requestedPrivileges>
			<requestedPrivileges>
_[?rf.
Ri#$l|
rOL2Bc\w
rsQD	R
R:uq-J
:R.=uy
r`Wlbo
rW^,<M
=?*"<>s
s3_*dO
Salford1
Salt Lake City1
,ScPo&
S'D\WQZ
		</security>
		<security>
SetFileAttributesW
SetFilePointer
SetFileTime
(SE*yW
&{s[F"
|_?sh>
	Shtruk 151
S(mSP*W
] Spqqx
S^*@}@r
sr/g/eb
@S+S&4zs
.st3 f
-Sx0<^"A
.syX6/
SYznGG
%T1+kN
t1`X$V
T2K<MN
t6B!M*
 TC!q.
t*E_D%
Tel Aviv1
,tEWr_
tF*/Aja
TFc\sc
The USERTRUST Network1!0
(tH'HI
This installer is for Windows 2000 and later
!This program cannot be run in DOS mode.
tIniW*
^T({O#
TPD%!.
tPD5TB~
Tq%BKM
	</trustInfo>
	<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
TSU Loader
_TsuMainW@8
.tsustub
#'TWLX
ty(2&a7*4
				type="win32"
		type="win32"
?tzf3t
U5a/YB
u#as,#
UeD(Fd;hk
+Ued|P17
U#EQ_X
uf,?fh
/UjqQ}c
)]`	ULOu
UnmapViewOfFile
us/dnx
USER32.dll
UsmH`2
UTN-USERFirst-Object0
uWe9wb
uWsJje
v>2 G5g7
*v]]9j
=vA9TN
}v_|Bb
VerQueryValueW
				version="6.0.0.0"
		version="7.2.0.0"
VERSION.dll
V\F`N.e&
|vH95ih
v:HWP6
v+M^?mj<K
VT$7Uh
v}Yc&Ab
!]:W{)
w2#XYzG
w>8Qt~
W9w&(1
\w,Aaq
wa)	S9
W>,c*A
wFs5X;#
W~HFcS
wL00g" MG
wlsGu%j9}
	wM_L&~
~wPr&x
WriteFile
wsprintfW
|WSx5r
wvsprintfA
>.W~Wn
wwwwwwww
wwwwwwwxp
x[5`]^
:x)a@V
x'd8jA
,XDVyf
|XI3Xq
\XkD<(
=xL~2/
X%'lu(t
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
xoK9|)G
'Xz,<#
@X^Z]x
YA<kUt
yFmgR[
Yg0M	F
Y`HTm*
}y!&lu 
Ym=^{z=4O
-{Y+w)rG
y@;YHSXl
Y[\?ZEd
^yz@hs*
z|*#0y
[z3kSK
{Z6TL)
_^<z,A{
\ZCab6P+
'ZDg9Kb/
zf=+8|
Zg]4;}hy.P
~z<H'?
Z"IO/	
}z(ji(
?}%Z:K8
zP!n#x
z"Svq-\
zTW6 )
zxN{vr
 zy`F 7M
zzei4#