Analysis Date2014-10-14 15:19:11
MD55ee34d18a7d2fe251462e20f73ef43f3
SHA13d7fd4e7b646751098235c688ab5ecb62ff3502c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section md5: b7ff39bab69430c7465e34d28a351756 sha1: e94f903daff9dc5a8666e7f54c41458cc8d5628a size: 90112
Section md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section md5: 288d67dafc1234380535bcac5eb3a9f1 sha1: fea0a8c25b16fc7596327b152dc7bf438624a2f4 size: 4096
Section.rsrc md5: 6d04a27628f0b09e57a6838373bb2b10 sha1: 8484fd3345d0c318626188b778aceb638ec13127 size: 4096
Section md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.data md5: 0b142bad37abf4de040464ed803a4783 sha1: b10c26cec65a6846506dcff9019b2c6d8a3ddf46 size: 712704
Timestamp2013-04-20 04:50:20
VersionLegalCopyright: QT7QW1E2ZXCS
InternalName: zzz
FileVersion: 2.00
CompanyName: Y87E4QW1123QWES
LegalTrademarks: QWR312Z3X1C23S
Comments: T78R123QWES
ProductName: T78T41QW32EXZ
ProductVersion: 2.00
FileDescription: F1ZXC1231F23WES
OriginalFilename: zzz.exe
PackerEnigma Protector 1.1X-1.3X -> Sukhov Vladimir & Serge N. Markin
PEhash392bcdca69c2d3f7679e4a6310d774f6eb11c382
IMPhash37c6c0cc4d20c311c793c6b743da8942
AV360 SafeGen:Heur.ManBat.1
AVAd-AwareGen:Heur.ManBat.1
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.MGLG-4961
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVBullGuardGen:Heur.ManBat.1
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.DownLoader8.51960
AVEmsisoftGen:Heur.ManBat.1
AVEset (nod32)Win32/Blohi.A
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-SecureGen:Heur.ManBat.1
AVGrisoft (avg)VB2.TZM
AVIkarusGen:Heur
AVK7Riskware ( 0040eff71 )
AVKasperskyTrojan.Win32.Writos.qep
AVMalwareBytesTrojan.VBAgent
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Heur.ManBat.1
AVNormanwinpe/Troj_Generic.WGOPM
AVRisingno_virus
AVSophosno_virus
AVSymantecTrojan.Dropper
AVTrend Microno_virus
AVVirusBlokAda (vba32)TScope.Trojan.VB
AVYara APTno_virus
AVZillya!Trojan.Writos.Win32.63

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\~DFC7C2.tmp
Creates FileScsi0:
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Winsock DNScfile209.uf.daum.net
Winsock URLhttp://cfile209.uf.daum.net/attach/1759CB3B5124F217143044

Network Details:

DNScfile201.uf.daum.net.cdngc.net
Type: A
174.35.56.150
DNScfile201.uf.daum.net.cdngc.net
Type: A
174.35.56.144
DNScfile209.uf.daum.net
Type: A
HTTP GEThttp://cfile209.uf.daum.net/attach/1759CB3B5124F217143044
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://cfile209.uf.daum.net/attach/1759CB3B5124F217143044
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 174.35.56.150:80
Flows TCP192.168.1.1:1033 ➝ 174.35.56.150:80

Raw Pcap
0x00000000 (00000)   47455420 2f617474 6163682f 31373539   GET /attach/1759
0x00000010 (00016)   43423342 35313234 46323137 31343330   CB3B5124F2171430
0x00000020 (00032)   34342048 5454502f 312e310d 0a416363   44 HTTP/1.1..Acc
0x00000030 (00048)   6570743a 202a2f2a 0d0a4163 63657074   ept: */*..Accept
0x00000040 (00064)   2d456e63 6f64696e 673a2067 7a69702c   -Encoding: gzip,
0x00000050 (00080)   20646566 6c617465 0d0a5573 65722d41    deflate..User-A
0x00000060 (00096)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000070 (00112)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000080 (00128)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000090 (00144)   204e5420 352e313b 20535631 3b202e4e    NT 5.1; SV1; .N
0x000000a0 (00160)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000b0 (00176)   290d0a48 6f73743a 20636669 6c653230   )..Host: cfile20
0x000000c0 (00192)   392e7566 2e646175 6d2e6e65 740d0a43   9.uf.daum.net..C
0x000000d0 (00208)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000e0 (00224)   416c6976 650d0a0d 0a                  Alive....

0x00000000 (00000)   47455420 2f617474 6163682f 31373539   GET /attach/1759
0x00000010 (00016)   43423342 35313234 46323137 31343330   CB3B5124F2171430
0x00000020 (00032)   34342048 5454502f 312e310d 0a416363   44 HTTP/1.1..Acc
0x00000030 (00048)   6570743a 202a2f2a 0d0a4163 63657074   ept: */*..Accept
0x00000040 (00064)   2d456e63 6f64696e 673a2067 7a69702c   -Encoding: gzip,
0x00000050 (00080)   20646566 6c617465 0d0a5573 65722d41    deflate..User-A
0x00000060 (00096)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000070 (00112)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000080 (00128)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000090 (00144)   204e5420 352e313b 20535631 3b202e4e    NT 5.1; SV1; .N
0x000000a0 (00160)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000b0 (00176)   290d0a48 6f73743a 20636669 6c653230   )..Host: cfile20
0x000000c0 (00192)   392e7566 2e646175 6d2e6e65 740d0a43   9.uf.daum.net..C
0x000000d0 (00208)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000e0 (00224)   416c6976 650d0a0d 0a                  Alive....


Strings
.

041204B0
2.00
Comments
CompanyName
F1ZXC1231F23WES
FileDescription
FileVersion
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
ProductName
ProductVersion
QT7QW1E2ZXCS
QWR312Z3X1C23S
StringFileInfo
T78R123QWES
T78T41QW32EXZ
Translation
VarFileInfo
V{PsJ
VS_VERSION_INFO
Y87E4QW1123QWES
zzz.exe
;>{	;%
!'+()'/
#$%&'()*+,-
./01223456
%05=r:,
05xRPt
0%6]-e
0{8*0Rb
"0B)lt
0BZc{o?M
0&D!'H
0(E2jB
0eV6\x
:}0&IKY0
0Ldv\S
0Lt&o'
_0@MH}"_
0*mN`q
0N2j6y
0[oOZ'
0$$-PQ
0Rnj,j
0T0@b<
0,!vU/j
(|10\X
1;!31mw
14$>S;*
" $%16
17G4hP
"|17k)
!.1#A{&
1ej}R3
1F[-5NF
 1'FZ[/
*1=I_H
 1jLR>
:%1;<l
1l,)~ly
1mBE ^
1$/P)}>
1Q<VBZ
1RUi1R
'1v\BIl
1V.I/8
1W~@2G]
1<ZpJ~
26C0l4
2dUiNo 
2+gN:#\I
2h\S:S
2_J%40,\
2 jxxAR
2Kp*]aK
-2[nA$Q
)2nII6C?
\2N_;m
$2N{~v
2od/Wzl
}2sj<!
2"SZ2C#`#
2tu)7?
$2u_'M
2vC$l{
(2\Z\t
31x'#hs
!32*H4{
_)3816
{3bJg>[
3bRPr	
+3$#.d
;3D#?}
3{fBu6l
-3hw%re{
3/_J;ab
?3jb`A
}3m5pO|
3& Mk\
3|OVduvw
3$PK,%
3PL[yH,
*`	^3Q
3\<%qG
3$/Ql3
)3>	%r
<~3 R'
3UEiPE+	
>?:3y#
3|.$	y
49a)4ah
49i|Q@
:4c!kL
>4&D TYv,v
\4g:^,
4gr4!g"
4l^5Y"
4:LjUX
4!$n/{zV
4\O-;X2
]}4p)o
_4q=G`
4Sgu3Ix
[. 4ul
{4vz{\
4wONb*
4YOQ?r
4&y!_p
4YvxAE
4z^l!~
:5-	;/;
_|58i}
!5bcMG
-5C0"i
5.^@Dq
5]^E*V
5f=%bx
%*5iMi
) ,"5),j
5jBg%H
5m\h=]
!	5U1 
(5~_]u3
5u 6xD
5:uq&7
>)`%5V
 5`/y;
5!YIxr
5z,2W$
5zq\I(9c
=|68cIg
69/jfo
6#!9rbv"
[!$6!d{
+6dui;
6fy :9
6,[]gE
6`{=hA<
6I/|	Z
6LZM"Tk
*6Me`*
;%6++N
6,n)b~k
6n Wfu@
6=pry~Il
;6:~;Q
6rC{lzc
?6t3pf~
6Ur"L9Q
6v_ Fv
6_?WQ[
6>zr_V9
7/01223456
72EKkjkX
7%.4b`
79sm^U
7?D3VvA'(
7EJ6AM
`7>/FE
,	.7~I
7?$I5[
^!7&O>
7p5LRmw
|7RLz?-
7trU_:>\
7u(yYr
7{W*rn
7w>v/h
7xma{!z
7(zi6Q
7\zI9c
7zX$KG:
8&2R.@
:86D!9
8~ 6@	r
)876^p*
89:;<=>?@
8AQ#vE<w
8|{b}&V5rQ
8c{[-RRW
{8dYfO
8/F,E&
8Gb88F
8hIzw;
8H=VTV7
8jf(RE
.8;kO_
^]8NG~
8})(~N&u
8OTG!Z
"8-vGqv
8~'VQ<$
'=8V"t	xQd
8Xc/I=
8Xi{.Z
8y%3lWAa 
(8"Zm$
92VkL;
98t&,A
;9/8w>
9_9M,\
9<Ax`'
-*9`bv
\9eg#L@
9GWZ%g
9_H53)
^9h#vY
9ikF8q
:)9j"lR
9NO:4y
9&pJXi,
9rvU)=
;9<'Rz
9t#Lvv<
9*v2[G
9,?w):
9W,D& 
~;."9Y!*
9yzOeuJ
a0|oyZ}
	)'A2.G
A_~{3c
A5I:~?
A5tZCE
aa7-nG"n
AAe"Ox
aa"#/x
ACBe(<[Q
?a:ci(
|a]C_I
ad=SRb
advapi32.dll
aE&Y@5A
	af4x)'50
aFhFXc
AH2lBX
aHr_N43
 aiHkfx
AiobSG
[aj-b(w
al\yQy
Amb/Rw
A Mt#4 
A@Nm5OQ
&}:%A p
aP62 "
_ApfAC
<apJmH
Apq<G<
AqLE~i
AQ|v,jN
~Asg#}
AS@&Oj$pM@
</assembly>
<assemblyIdentity
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
aTVdU.W
AU& ^^H
aVMv<E?
AW [;%
aY|h*sA
ayUNl!
 B$0"}
b08(a1F
B+1fIi
b1UA`I
b3*9*."m
%B4iAB
B4{iUD
b4]nGe
b$?5i!1
b>6*Q-
bA'LAI
B%b]B%b,C%d
B]DbI%
bDJtbI
]b= E`:
"B%/E\
BeJ cb
BGZIq)
bi^ha\
BkC}"U/>
$'[bm6vL
Bn]YhL
-^Boz+~P
+B!P2<
bP%BPP
BQ+x-{1
@!Br_=
	B'rpA
BsA %o
&bSSD;
B/sUJ`
BT5|Js
/BtgJK
bt[-}Y
Buls["
bu~MhT
Bu>zF%
bV}VG#
B]*wuq
BY`0"r
b'YB.kxD
bZ(ru*Q
C,<%0f
,:C1jl
C'3dcV
=c<"7 i
):C"7w
/"c8df$+Z
c=98.)
cbNXx$
\%_C%D
.c+Do@
Ce73Pc
!CEx;>uWU
cF*~0~
CG1v%/j
cg/LOg
CgUx*i
CI1_/J
'*CjLn-c
c}.jN=f
CKGiZL
Cl8k^|A
'&cm#x-`P
[cnLR]W
C"oU(7
Cpevm/j?*
C(P_P2
Cp/z\y
CreateFontA
&Crh5*!
&~CRlV
;(C?S^
CtJm,o
)Ct?n'
Cu?{'B)^
CusA	0
C^*uUX
Cv]&@\
cVJ)aO
cvo;las
cvqo`M
(^cyo*
D 11$3p
d2'zmow
(d4d8X
d5	:ewbr
d97+^)
DeU^6k	
~d{FlK3
D@G|a}
dHWqLu
DI	+[V=
d!~iY'C
DM{k\X
dm\P?}
d\Mx=p8
?do<ED2
dPEGM4
D-pjiM
+d~t[(
:D uT;
;dvl)T
dVww_%
Dwla|f
d^wQjj
DYl1hu
;-D<-Ym(
!(@|e"
%E0lH(J@x
E0!oiZ
E1wf.S
e{2usX
e5vt-F4
%E64YQ
E7,A!B
E7Rw#j
e8l*b"
#EA]n[	
:"E-AV
EB1Hw^Z
EBMv8m8l
ECYg^o
ed	X@M-[W
ee'I'(
=eEqRJJ
E\ew5jd
EFc^@Ce-
'e|f*nx
EG;9li
e/gg4g
Ehz!#D
/EIj*g
ei$qW,6
E*jjHp+U
Ej-w^jw
En7wIj
ENIGMA
	E-*=P
eQm\|G
E;rhRK
ErrwFy`
{e-ux7
e=V0vO"x
EV7t5n;
e) VCD
EVENT_SINK_GetIDsOfNames
E W,C<J"`
e[!wVE"]
E}Wwe"
e/(x!g6
ExitProcess
E!?x~l
(e!-zQ
ezU/m[
/e-Z;~x
]f"^;*
f],|4Xz|
f5*O&i
)/_F8p`
F}(*aa
FAw2;7
fAW~r"
,f*}b>
)(fb,G
F%?*	?D
f~*DD_
fD'x;<0
%fe{[T
\FfU~"`I
ff'$v.
#$,Fg{
f	 G{2
.fGa"k
/Fj)	c
F	jn}Q
`FJp`VG{
FKk0YU
F_L/{*
(F[LQ2X
f#M_9.A
FM:YQxb>~
fn0^bZ
'*-FOA
fOT\1:
FOVMR7
f|O'wu 
f(SPVC7
"%fU)+
_F_Ub2
F'(v+ 
FvMQo.Ed
)F"V_V
:fWYaa
$fx1y.
F-z#p*
FzYL12
g4hfBj
g6e3G_
?g7&t9
G9^D*[
G9'jD*
`G!)b:
Gbb^cg
@G$cci.
gclDYL
gCSgl~6"
gdi32.dll
gD"Z	x
g,eiA>
GetFileVersionInfoA
GetModuleHandleA
GetProcAddress
(%Gf$%
g).-G,~4
g	hJmb
gk<QhSU
Gkypt-
g"Li8?
g@l}!@O
g]@.LQ
"^Gl]sz
glZP RH
gM']9f|
g?nCrN
GNy(f$
gON=1C
@	 Gp%6
g*qDZ/
gqm	u>
gSV#a:
gVR&j)
%g]W"<
%g{{wQ
GXy	Fm
:gy;JY
GyNxjO
	 Gz2`
!)*h{%
H*>"	/
h%1NNP
.'H2x]
:h\48FN
H4JNu,#K
)h628b
h9<#q]
h%a."0G!
haeg:s
Ha\Ri5G
HB_F.\
_hbKP5
>Hc`0@
@He190
HEhqm/
he(N_W
=hfM+o
H-GZF<x
H*I/&]
Hi6.llkk
\H/iadK
Hi^^^H
^Hi$JJ7
hk>jri]X
-hmV^l
h>=nwV
~+h"=O	h
H\&Qa"
H	|Qk 
"HQ>Q S
H~r&;9"
>hr-G=%v
HS	"[)
hslzuM
?HspjC?Y
	HT&cK
HT}D%=
hudC-x
hVv1	R
?^hw?1hw<
hX6$`}&1
^hXA"P
.hXx#N
hyOi]U
HYP;@j4a
hZ2GQ<
hz:-/o
hZR9/p
&HzZS-
i1)H8+
i2w%%v
i4h4Y'EQ
I5SXB2tK~
I6V1Sa
>i7ju_7I;2?s?Vt
$I;aqQ
?=#i_B
Ib(,Dt
%i=c6N
)i@cVQ
iC<y9i
}{~i~E
IESq&1T
^If]7zt!
i|=*Hj
I{j~G5
iknIv\
iL7bZ{
imF5w3X]
;iN{/*(
i&o}ZN
i		p~yB
${Iq1B
I$~q;9A
Iq*Flt$
=IQ	(K5}]
i(RX!<z
iSGFnks:c
`I-SLiJ
Ite9x!yD 
itoUzc
!+i>VR=:
IVTxc?
<{^;:iWA
IWuAO>
IXx0$1
!i* Y$
IZ*#3h
IZmuJi 
	)/j_*
J=>\\?
!J{0kd
J2nOG0\
j4<DPV
J=>5&T"
j6"M,g
$]J7K5
&JC>lm
$j:h;1
?.ji\>
:}jkt.
J~KW	*s
Jl8@Bq
j)lK1"
jMj0|7wQO
JMPlzi
jO1Faut	>
j|o!2?
JOWeXSw
jP:h2;
Jp^t8| >
?[:jQ8b2
	_@?Jr;
%jr<"-J^z(;
j:	!Rp$*
#jSGv[
^JsG\z
jtBmnqC
JT\i}K
}j^T_.r
\|jvwII
~j[wrZ
!Jw-\X
JyO0:B
jz3`3	
^!<j&Zh
k1;]qP
/K2*0<&
:k4HAK
k^4md2
k^5JmM
\k7~~]K
K804;2!g
kbb_Ec
|kBTtl
K\/dg,
k=E %A
KEJa=v'
kernel32.dll
KF]Mw`5
kg-`b&
K	 Gp2	
*Kh1~x
 KHe A
khGx-C
kHJ:}V
KHK`N!
 )*KjZB
Kk!wb]
kl0fw/
K#]m1 !
kMLB}o
.KN|ea/B%3
knL>[W
knWp2va
~&KP&ek
~Kp@v&E
`KQa0y
?KQ~ C
Ks-@.s
Ks^*Uz
|( %K*X+5Y
,kxGLC
KxnJWO>
kX'vAl7
KY9u&y"
<K{"YL
L-_6m%A
';l6t-)6
"L9{Tp6
la,	{:
L*aILJ
lc}	PT
LD_gk#
lD&I8 .
;l'%$d?X
L~e*SXB
\L"@f0
lF19\dU
;.Lf1mm
==#lFD
Lfdy%xA(
lhsqQh{~k~
|lHX/~
 <lI{"U
'@lJ?!
>L?jf}n
.ljR}M
lku;wM
LoadLibraryA
$L+OAp
l%\Oc@
lO'_NV
-<^l*Qf
lQx@?rB6
/lRt!H
l+S"@;
"Ls:6P
<ltv)Y
l{,:XEm
LXQb0[
{L,/]Y
+Ly3Y5
:L[ys)(
'M1p]A3
M3]]iz
M3!lI\
&M?`5iY
 m6A)S
MaoX%#j
M:Ba@~
mCI5q.
McxKC`
MEB!j:I
MessageBoxA
#M>eZ4.
$mfT;Q
mGD54G
-M"!Gl^
^|>|Mh
,MhDO5g
m)hxw#i.
MhzA a
MI{5L`Z
|M^_IT
M|k|7S
mk[BWGS
>Mm=we
>Mn<qa
MnZMZ= 
MPo._S!2
>Ms<UM
msvbvm60.dll
MUZB$o
Mvb%AzbS
Mx;bj~g^
.]M*!z
M^zA\,T
M>)#zC
Mz}dxK
n0Ko1Z
n2aa*[
n3|"'/
N3L&g	
?:=N4	2
#'n6vt1'F1y
?na6_.
    name="VB Linker Helper v2 Manifest"
Nb+9zX"~
NbNLO}S
\NBz8{tD
:~><NC&G
N!dB,.c
NDS@6{g
<>N{DT
ne_ez%1=
NE<"v=
N,Ey$wT
!NFm+ts
ngP*J\
N|*^GT%
N/"*H?
nH|Ho	
n;{hRz
nIja\n
N+=k\o
nLJ5aYz
NMp&pF
.nnO5p
nnuZpo
&.n){o
'NoE.(
$\NoF^D
nOP?!l
nOtkZt
n$OVwK0W
'_n\pr
nRcYhX 
"?nRsO
$NS[(;
`Ns4i2
nsHc,_
nsy<Q*
~{~\NT
N:$uo4
n[,u).z
<?Nv(^:
N^V.)	
!nV{LJ
nVURB`>
Nx#>~iA
+N>X'O
nYz.Ap7
N</Z)j/
O0zO=v
O2sN#?
o|~'30
O 32q6
_O]3Is
o@$5EN
o{5h!a
o&7	v>
O9#q9"T
'oeR?R
|O[faW
OFXl#3=
oFY1, 
}OHqwU
oKpLx3
oleaut32.dll
oljLK*
\O=lV!"
oMqFo]Z
o{n?cV
//*O$P-
oQ.K*2
o.w+B0
OWzs&#*J<
O[yE1+
oy	%u>
<p*!	/'
:'-=_p
:`p0kj"G<
P0wo<Z 
%p2?	pL
]*P3 r
p3uq	*|,e
=P#( 6
p6%	ps
P7F~R[
pA\h.eE
%@pbrE4%8
pBX|Z9\oy!y
_pc|np
pC|ra'
PF)[cle
@&,PfV
p?gPbceYs
PlRp;H
#{~pmS
 pN:N.
(~+<;POK
Pr1vig
|PRClk1
    processorArchitecture="x86"
)Ps={7
{"PT/)
}{#p]u
pu6u/j
P_\UK&
_%#+pv\
Pvl9|Jb
pVpUY6$^
P wE<$
p.w=iBe@
PxKNX|
P;xo>s
&q~{{}
q3x 		+H
Q4}:sQ
Q6C1nlJM
Q_8vs9N|
>.q9p$
&]:qA 
Q Bg0R
&}qc=;N
qcw 9+
Q=d)+V
qf &c^
QfFD.r
QFyu?rC
QG~4QA~
;QG(H2
q[i^&0R
_qI|2}
q	<I_X
q=Jl;Lo
Qj'xx]
q^J{}Y
Q ]l2G
q<Lqo!
}Qm`jo
QmYe_2J,A2
Qm#z_iy
Q>Nji]
_QnnI(
Q+`nv	v
qO6!6>
.QpiFt#
Qpv"iZ
^qpz{%
Q{QruK
qsm?o1]
*:qu4/
QVo*_*
#Q,vPS m5
q&|w}>
q<W6i+
!qx{j&
Q*XjH	
R3eH{V
R4TDbZe0
r_?$69%
{}:rA 
r`Ap](@
>rD}=8
RegCloseKey
        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
      </requestedPrivileges>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
Re~xGT
R-F[+0
rfJ~A;
"/=rFR
 *RfR*
RGjZz-R
R GK-OQ#a
rixXpAr`
Rj1~RYv
R>Jec^v
RJPCQ.
RKIO7;
(RL<5SO
{R]l&_e
\R$.Lm
?&{<rm
;}[_Rn
$R`NId
R^o}Kbm
%r_#&P;
RP]H&p
r	q	b	
RQ~W[-
$"RrA<
R);%t#lJX9T 
RT*xkP
Ru4+`D
r!]%UE
>r{v~l{*
rwbyo5N9F$
r{Y_jCLO
S1)& e6
 s1SnlwB
s-2zAu
$~S{$;4A
&	.s6I&z
S(+7!X
SB"6C`:
sbOZSd
sBv13`
>s.C@:
s~Dn`	U
SdRd$9
    </security>
    <security>
SE|T%$8
Sf3rFR
sfqc.J
s?frvr
s	([gH
sGl5qPjeD
.&S[h;
shell32.dll
ShellExecuteA
:Shg6U
>[SI_*
Si,DxF
sJ9Skx
SjAQtx
sJnxG$
SJyoVF
SK($Uq
($SL,K
]S\lr,{
!SMF6o
SO%um&b
spkbn!
S"qjvOm
s>r~\;|
Sr-B<`
.s,RF_
@srt97
S$RtRjD,cu
#{:^Ss
sSJ|Jd$
s/SQDo%w
StP+|s
S\@;(}U*
-suN\8U
s-UU&$
Suwjs=6?
Sv\]mw
swF<$d
sW^jzzs
sxw-Aq
SysFreeString
sy<Uxk'B
^SZ>q|
T 0gm?
T4pKWW/Bid
T5P8d'5L
t6oY~2
t7*n	$
=T"\}a
tA#n\r,
taP)/.
.T@BY"
Td+?!#3
tERi>H
tG|p6u6
t^+h9x
!This program cannot be run in DOS mode.
tH(^L|<.,wD]#$\MWA
Ti$V_$FV
T$J7v+
$t`KjL
T'KM^\
!t||L'
tlh?s)f
tL!oPzs
$tm6uro 
tm {h~
tNf-f}
tPws@S
T"rQitV,d
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
TsNQ7L
* ts#s
'TtzZZ
*T(U,G""
tU>[mf
T/UqxL|
tu/+zZ
T.,w>^q
t.+`x"
/tXUQ|=;
T~{y,m
    type="win32"
|'!(u-
u</{(.
@U0H5&
]u0'Ss1
U0ywr;6
%u/13n
U2%6.-"
U5tMzJ
u~_6>\i
?u6=/v*
+u"$8n
Ua&b7#
[U!,bSsD;
	U^BWyB
uBx6cJ*
uD~{Y\
uea"'l
uEcG|?
u*FP.V
(U`gGkZ{
>u-g~R
Uh$'e=
U#hSzp.hc
uJe43-
U)J=J>
)UkG:W
>~u_!l
`ULR!&R
:Um&	L
UMYy3,
^u.N`O
u`OJu-
,uqL"\w
_%U&R]
u&r&Li
user32.dll
U^sUkk
=!uT<7
utfYh@
<uTh&,Z
U.U_*	
uU1V96%
u$u*/f
_uUxOU
'uvt"g
u@ZtAQ6f
@	%^%v
V0zo@Z
v&1,(rZ
$v*(4$
|V?4}x<
v5P|!.
v8a?pv^
~V8.Q0
v9~4<	
@VAC y
VA#Ka1
"."vatO
:)vBk\
VCWjp 
 vDC-/d
vdh<#LOj
    version="1.0.0.0"
version.dll
 <v)fS@rn
^vGjW.
V@H8p|
(>VH&c
vH'{Z*vp	
<vicu7
viiq6z
v[/IR",&J
>*?Vj%5
vj"cd&i
(>\vJV
V:JWXE;
V.kA<>e
V@l(&#
|Vl3I[
vMv7n(k
VN1o5m
V_q4{E6
+v\SMj
V^t&`I
VT lq]
vTNtnRG
VtWQ.P
+@~v	v
VX$afCvM
vXfd<+i
V*=X%o
v;xPy8
{?v;Y%
vYI*z	
v<yP;@6jO
@vZx2~J~U
 (w0hQ
@'w 1)
	W1".=
.<w2`6g
?{w3M\y
w!6=/j
w!6-/j
w6qtqWv
{~W[]7
?w7_v*s
w-9A+u
w:?ARXg
WC`Lo?	
\W<Cn$6
Wc\SY\
'-wFVq
wF|YvdG$
wGhhi.
Wgu~2N
$W^^^H
WHtS|71
Wi0yn"t
">WIxT	
*>WJX,
{Wk` l
w>{Km<
w(l.;iz
.wNd_Uz
WNfW{M
w):obB&
woQ<y?M
W%<}pOX*
wp+qBWw
{wp>Sh
wpu96v
w\Q*8]@j`X%
WQE<G{
W rZdX
w*"[S'Ln
|#wUmJ,
)/W^*V.
=W\v3@
wvQ-I&+K\Y!
w	v~$yw
ww+xxq6
w#]X:e
WxEh]'
W=xqv]
	wy-#d
X,/:/0
+X(0E)
x12(h>
x2mVEV@
x6K<bA
%X7x:O
X_<8y~
@xa?\^]
X[-*$,a>=`
[X<`&b
xCDP_W?
-x(D#J
|xDtQ<E
 &x"/e
x%Ec08g
xev	ja
.-xf^	
X\f+h[
_XFm];
xf"%qg
x@Gao^f
xGUG"!
XIw@qj
xJ"edX
xJIZ*\
x@jXI`u
XkeN]Ie
x-K_oi
xk=Zzqn:
"xlDC7-V$
)xlI;p]
x%:LQe
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
x-<mmR
x.!Np+
XP5daB
XPAPXp
xp;Cay=o4
?^xqA1&y
xQbx&"u
X$qKg_
XR`IWw
XRk|Mf
	?/Xs9
xsVsQP
'x+/_U
x^u"Bz
XU{l^+Z
xWNd(g
xwS/J&
X.W	=TD
Xx5X},
%+;Xx>g
xX.hPCY
XxTeZ,_wA;
=#X#\Y
xY3(/P
x}YS;]
XZiDpj
;x(ZSK
~+Y<+{
Y,|<|'0
Y2otB>
\Y57|P\
Y]:6A&
.'@`y70
y@`a,$
ybHvIH
y,bu{?
')]y!C"K
ydrVz"
y'F&T:~
._y h+@
.Y]H`Q2
(Y/!I9
yIc2glUqk
YIukRp
&YkJN\
@yKY.A
y{kz2@/c
~<(yLdY=
yLH22c
yLRxA{.
%yM09`
ymQ~}u
Y]'m`ZwMr
[YN0%bD
YNwDt[
YoE6qc
!yP3'a
&Y~^pA
Y%{s7n;
YsC@d)
YUha)@
<y.Ut~b9D
"YV`6'i
y{vyRo4Yj(
~y}xqs
YXZ}J2 
yYn_X<
Y#:#Zv
[|;Z-^
z1`UTb
 z21	W;<
Z2W7mV)
.Z3wUC
Z4fiP~
z"*=6BQA
Z8FT6j
za*c)Gm
zBh7{A*
ZBKvtX
zBVI~]
	,^Zc#
zcf<@c
#Z|D*<
#{?zEE
z&E[}	u
zh$d]$"&
z>.J	at
'ZK0yx
Zka&	-
?zK(EZ
((ZLl6
!'zMG)
|zNh5?
zp)]I,
Zqq+xe
Zr56d'g
Z^r6/A:R
ZSBi\"
<<z)SK
Zs:o0XP
ztfuL02
`zT	L"|B
 ~zuO^
&ZvA/o
}z,vdH
zvwJ\#
Zx1*t@
/zx<P.
zy^e6a
ZZx#_[})