Analysis Date2015-02-14 08:37:45
MD57c092eb54d97197f01a05c811e7a0656
SHA155180803ed228a489933fb1f6c7443a741a48c6b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 1a4a2ff6b0a6a29d59a6d4f631161ff2 sha1: 7731a40ecf6651a1409eab6e9a091800009a2b5d size: 90112
Section.rdata md5: 79871de5bd023861229ec56ecd43f4da sha1: 7826872fef91896ecbd8a29c0682e2c26bf628bf size: 20480
Section.data md5: 54e260faf5996ccd148a5289201fef97 sha1: a9c596bd89bb8769d21cc03362f65c2f5313dbf0 size: 8192
Section.rsrc md5: 11e21e1473a4edc1bfd739fe2397e33f sha1: 6dc450dddedeeef58f50580d718c65b17da28220 size: 8192
Timestamp2015-01-29 19:34:06
PackerMicrosoft Visual C++ v6.0
PEhash07a6a22101e21977926dee8cfd9eacecacdf7f38
IMPhashc4d83cd712ed8e698e1233e597a11c34
AV360 Safeno_virus
AVAd-AwareTrojan.Generic.12769527
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Trojan.Generic.12769527
AVAuthentiumW32/Trojan.IITL-8308
AVAvira (antivir)TR/Crypt.ZPACK.85820
AVBullGuardTrojan.Generic.12769527
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebError Scanning File
AVEmsisoftTrojan.Generic.12769527
AVEset (nod32)Win32/Glupteba.M
AVFortinetW32/Kryptik.CWDU!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Generic.12769527
AVGrisoft (avg)Win32/Cryptor
AVIkarusTrojan.Win32.Glupteba
AVK7Trojan ( 00286e241 )
AVKasperskyTrojan-Downloader.Win32.Goo.rgy
AVMalwareBytesTrojan.Agent
AVMcafeeRDN/Generic Downloader.x!mn
AVMicrosoft Security EssentialsTrojan:Win32/Carberp.I
AVMicroWorld (escan)Trojan.Generic.12769527
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
15150124\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://212.53.89.138:31174/stat?uid=100&downlink=1111&uplink=1111&id=00016963&statpass=bpass&version=15150124&features=30&guid=b9c998dc-d0f7-40c2-bdeb-73319c28feca&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://184.168.221.25:22903/stat?uid=100&downlink=1111&uplink=1111&id=00017D39&statpass=bpass&version=15150124&features=30&guid=b9c998dc-d0f7-40c2-bdeb-73319c28feca&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://159.253.129.110:48439/stat?uid=100&downlink=1111&uplink=1111&id=000190D1&statpass=bpass&version=15150124&features=30&guid=b9c998dc-d0f7-40c2-bdeb-73319c28feca&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://223.165.30.17:36991/stat?uid=100&downlink=1111&uplink=1111&id=0001A478&statpass=bpass&version=15150124&features=30&guid=b9c998dc-d0f7-40c2-bdeb-73319c28feca&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://109.104.94.2:11754/stat?uid=100&downlink=1111&uplink=1111&id=0001B810&statpass=bpass&version=15150124&features=30&guid=b9c998dc-d0f7-40c2-bdeb-73319c28feca&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://65.254.56.90:10703/stat?uid=100&downlink=1111&uplink=1111&id=0001CBA7&statpass=bpass&version=15150124&features=30&guid=b9c998dc-d0f7-40c2-bdeb-73319c28feca&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://41.77.118.74:57136/stat?uid=100&downlink=1111&uplink=1111&id=0001DF3F&statpass=bpass&version=15150124&features=30&guid=b9c998dc-d0f7-40c2-bdeb-73319c28feca&comment=15150124&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 212.53.89.138:31174
Flows TCP192.168.1.1:1031 ➝ 212.53.89.138:31174
Flows TCP192.168.1.1:1032 ➝ 184.168.221.25:22903
Flows TCP192.168.1.1:1033 ➝ 159.253.129.110:48439
Flows TCP192.168.1.1:1034 ➝ 223.165.30.17:36991
Flows TCP192.168.1.1:1035 ➝ 109.104.94.2:11754
Flows TCP192.168.1.1:1036 ➝ 65.254.56.90:10703
Flows TCP192.168.1.1:1037 ➝ 41.77.118.74:57136

Raw Pcap
0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303136 39363326 73746174 70617373   0016963&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d623963 39393864   =30&guid=b9c998d
0x00000070 (00112)   632d6430 66372d34 3063322d 62646562   c-d0f7-40c2-bdeb
0x00000080 (00128)   2d373333 31396332 38666563 6126636f   -73319c28feca&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303137 44333926 73746174 70617373   0017D39&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d623963 39393864   =30&guid=b9c998d
0x00000070 (00112)   632d6430 66372d34 3063322d 62646562   c-d0f7-40c2-bdeb
0x00000080 (00128)   2d373333 31396332 38666563 6126636f   -73319c28feca&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303139 30443126 73746174 70617373   00190D1&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d623963 39393864   =30&guid=b9c998d
0x00000070 (00112)   632d6430 66372d34 3063322d 62646562   c-d0f7-40c2-bdeb
0x00000080 (00128)   2d373333 31396332 38666563 6126636f   -73319c28feca&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303141 34373826 73746174 70617373   001A478&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d623963 39393864   =30&guid=b9c998d
0x00000070 (00112)   632d6430 66372d34 3063322d 62646562   c-d0f7-40c2-bdeb
0x00000080 (00128)   2d373333 31396332 38666563 6126636f   -73319c28feca&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303142 38313026 73746174 70617373   001B810&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d623963 39393864   =30&guid=b9c998d
0x00000070 (00112)   632d6430 66372d34 3063322d 62646562   c-d0f7-40c2-bdeb
0x00000080 (00128)   2d373333 31396332 38666563 6126636f   -73319c28feca&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303143 42413726 73746174 70617373   001CBA7&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d623963 39393864   =30&guid=b9c998d
0x00000070 (00112)   632d6430 66372d34 3063322d 62646562   c-d0f7-40c2-bdeb
0x00000080 (00128)   2d373333 31396332 38666563 6126636f   -73319c28feca&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303144 46334626 73746174 70617373   001DF3F&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 31323426 66656174 75726573   5150124&features
0x00000060 (00096)   3d333026 67756964 3d623963 39393864   =30&guid=b9c998d
0x00000070 (00112)   632d6430 66372d34 3063322d 62646562   c-d0f7-40c2-bdeb
0x00000080 (00128)   2d373333 31396332 38666563 6126636f   -73319c28feca&co
0x00000090 (00144)   6d6d656e 743d3135 31353031 32342670   mment=15150124&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..


Strings
K

6l-+
a6Pfb
aC ,
BandRich Inc.
buvw826 cd4k9 dN3L
C0W92Q C3bdV H2Ys7HQU
c296RE TOW6 N1A2kqY
CKOMxX w7JH16 Bqq
CompanyName
D6Q3t I13u3446 gy5 c0J
device
differs
dimensionality
dishwater
drained
egalitarians
endive
eQC96mCv oxFqoAf0 q78V6W9f
evilly
extracts
"f &
falser
FF3eDX5A B84287 p7SDupkg
frauds
freedoms
friendly
Garamond
generalisable
goofing
governing
grooved
guide
h6W75yo1 hgK8VZ
handsets
hatching
headband
hH14b0
holdall
hooligans
hyphenating
I853729 UcdA2
idlers
impersonality
impounded
In7 q60C974 ivZxsm
intelligences
interdict
J7595H7J
jabbed
jumbled
lank
lentils
m21tDH
MS Sans Serif
n3B40kM1
nD39v9q4 rsN2Pqp4 x6v2A0X2
nq6Bp009 b7E bz53WMsP
o0X08T2 MK293 X929P1 u96
O9x M0328 f9x3 S56iQ36m
plwd hEb f8zSU8
q"*#
q0TE8
Q4em7q xDJh0ML gE964G7
Qaq2E Z1xsd73 TkNpE3
QLT698NR
QO3z17h9
R>*#
S299i7q
s7A5 CIX90x6n dUo25426
SE.0
T40zg5R Ap9kq2i5 ilSM a6Y1
Tahoma
tH00 Aa33U6C jQgw7 sy4
U81 W061z4z2 EV2 n9550
v1646c T1H7M3 K217TM6 q93
V4453ac Ao3Jf6a s6P N9I648
VS_VERSION_INFO
W639dB7r
wDlx
x07Cp9X caR4636R y59A5 k3s4
x0obFqT8 SP4Ix7Z H2000
X2y86E4
YF32 Cw36
Z66 kn3O O2QaM9
zbpT I5jK83 E1t0iY w4oC
()+{# 
0<9>+,
0F*TdN
0![j>'l
;0|{Pp
?1$c;~
/1+;{\P
/$ 2/'
2:3$sJ?M,M
=243,k
.2+#s:?|Lx
2z#0b;&L3
:3>.$?
31+;kTOU)U[^
3a[V>~lX
3js'c%V
<44PQ3
4a\6^<
:+4cS>e
+',4p|
4Z{>x$
5>|48|, 
5=#4RSI
5]|6h\_
59,dkNw
5a<V<Vd
5?b=Uk[S
5%\cnv
?5\\^^N
5O$%N[
5t,?cT6
65|,`#V
6clN_5f
6IteW'f#oZ
6:<\l.
6-,s+J	e
6Xdf^'
7:$,2S;%
. 76+",$
7P|]p^'&
)7S4UOU
80<#l*'+
80T3u+
8 4b{;
>8$|c 
8~dhv?]'
8d<&T]Q
91<34k{
91\3vsP/.$
	?+954+
9KTu=`
;9Ld}nP
9M\%^c^.~;`
9mtg?_l.
9:T4][
9tdPn}?0
?9t$SO-
9\\^^v>04;<
_acmdln
AddAccessAllowedAce
AddAce
AddAuditAccessAce
AddClusterResourceDependency
AddJobA
AddPortW
AddPrinterConnectionA
AddPrinterDriverExA
AddPrinterW
AddPrintProvidorW
_adjust_fdiv
AdjustTokenPrivileges
AdjustWindowRect
ADVAPI32.dll
}aH.=kT
AiL(\|TK
aj6WLV-
BackupEventLogA
BackupRead
BeginUpdateResourceA
BuildSecurityDescriptorW
	by&x\
CallNamedPipeA
CallNamedPipeW
CanResourceBeDependent
:cdvVH^-
CG	(|r
CharUpperBuffA
cI&mko_
ClearCommBreak
ClearEventLogW
CloseClusterNetwork
CloseClusterNotifyPort
;cL&u{p8
CLUSAPI.dll
ClusterEnum
ClusterRegCloseKey
ClusterRegCreateKey
ClusterRegDeleteValue
ClusterRegEnumKey
ClusterRegGetKeySecurity
ClusterRegQueryInfoKey
ClusterRegSetKeySecurity
ClusterRegSetValue
ClusterResourceControl
ClusterResourceEnum
ClusterResourceTypeControl
CoCreateFreeThreadedMarshaler
CompareStringA
_controlfp
CopyAcceleratorTableA
CountClipboardFormats
CreateClusterResourceType
CreateConsoleScreenBuffer
CreateEventW
CreateUrlCacheEntryW
CreateWindowExA
cr>OTu&
c_SAO^1
@.data
DdeGetLastError
DdePostAdvise
DdeUninitialize
DefWindowProcA
DeleteClusterGroup
DeleteClusterResourceType
DeletePrinterDataW
DeletePrinterDriverExW
DeletePrintProcessorA
DestroyPrivateObjectSecurity
DocumentPropertiesW
DragAcceptFiles
DragObject
DuplicateTokenEx
dz>x\(>
EncryptFileW
EnterCriticalSection
EnumJobsW
EnumMonitorsA
EnumMonitorsW
EnumPrinterDataA
EnumPrinterDriversW
EnumResourceNamesA
EnumResourceNamesW
EnumSystemLocalesW
EqualPrefixSid
[ErwEu
e`WVfc_
eX7ndo
_except_handler3
ExcludeUpdateRgn
&:?FB]b
FillConsoleOutputCharacterW
FindAtomA
FindAtomW
FindExecutableA
FindNextChangeNotification
FindNextFileA
FindNextPrinterChangeNotification
FreeDDElParam
FreeSid
FtpGetFileW
FtpRenameFileW
GenerateConsoleCtrlEvent
GetClusterGroupState
GetCommState
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExplicitEntriesFromAclA
GetFileAttributesA
GetFileAttributesW
GetFileVersionInfoW
GetFocus
GetJobA
GetKeyboardLayoutNameA
GetLengthSid
GetLongPathNameW
__getmainargs
GetMenuCheckMarkDimensions
GetMenuItemInfoW
GetModuleHandleA
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetNumberOfConsoleMouseButtons
GetOverlappedResult
GetPrinterDataA
GetPrinterDataExA
GetPrinterDataExW
GetPrintProcessorDirectoryW
GetPrivateProfileSectionNamesA
GetPrivateProfileStringW
GetProfileStringA
GetQueuedCompletionStatus
GetQueueStatus
GetScrollRange
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityInfo
GetServiceDisplayNameW
GetSidLengthRequired
GetSidSubAuthorityCount
GetStartupInfoA
GetStringTypeExA
GetSysColorBrush
GetSystemTime
GetTempFileNameW
GetThreadContext
GetTimeFormatW
GetTrusteeNameA
GetWindowRect
GlobalCompact
GlobalGetAtomNameA
gL{y}:
GopherCreateLocatorW
H0p.WKV
H3-{sHgeW
"hDEKL
H?-d#SJe}W`&V
Hi%/k+Wkn_
{Hp-7c
?hT_&f+c
HttpAddRequestHeadersA
HttpOpenRequestA
~}h`W&n[
I`->+|
i0WcVN.e
i8n^Y^,
I	-acv
I]-fsow
IMM32.dll
ImmGetContext
ImpersonateLoggedOnUser
IMPGetIMEA
InitializeSecurityDescriptor
InitiateSystemShutdownW
_initterm
introverted
$&irMfY
IsCharLowerW
IsCharUpperW
*Isuw(hsoW
IU]>&\
I?-\{VxnH
i*W#.b
i}W Vj
IY%.K[en/_
IZMnuo o2
izWpno'o3
#|J0}1X
jE_D-1J
<,$#JJ%5{
Jjmww(0ss
J$~NX}V .
^j&Wbh
JY}{X`V~
%`[.^k
K/1fE/
K8utX_
KERNEL32.dll
KJ%ucx
KlUWff/w{ (bc
:&,Ks%/3csv
k*/{SP
Kt%03{
K~uP0U#vK]=.
-%KU	Yt^w
K'V_AU
K&][~^ vbb;.
k&_;VT
KZUN&]+v3
L]}~ 8rt??<
?	la_^
LamnW7^t
la_V)\c^
=Ll%_k
LM%-{#xz
LoadKeyboardLayoutA
LookupAccountNameA
LookupAccountSidW
LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
LookupPrivilegeValueA
lQ/-{+
LsaNtStatusToWinError
LsaOpenPolicy
LsaSetDomainInformationPolicy
LsaSetInformationPolicy
L&U3~#Hz] V0b2
LXU>^,
LZ32.dll
LZInit
LZStart
M^5V\~
M{e`'n
MessageBoxA
miOo-os
Mm]?vlx
M(}s0OKue[X
MsM'ukp
MSVCRT.dll
;MTu]xv8
Mx5mZ/
mZO~ep
N8ST=ga
N %b+&
Nb"?Z\V
n|C?9E
n!gzW n
N'm+/+c
NOe%'3
NPu}p 7
Nt%/Z%
N	UyZ8^
nYO&e#_
Nz=`\&
%o1]KdF
>O4+R[
Oa}f8od
ObjectDeleteAuditAlarmW
OemToCharBuffW
OfflineClusterGroup
OfflineClusterResource
Of'g[W&fcgf7'\c
O}fsMK
ole32.dll
O-m[/~
O}M8%dS
OnlineClusterGroup
OnlineClusterResource
o)oc_n
OO-US~m
OpenCluster
OpenClusterGroup
OpenClusterNetwork
OpenSCManagerW
OpenServiceW
OQU}n`_
O{&	[qV'
O=-<Slu
OV5~|p0
p!0;1<
;P4]sN
PauseClusterNode
__p__commode
__p__fmode
P]hh			!C
pH_%V3
pI'u+ c
P<%lk?/
P`]~N0-
:P\Uf>
PUU~n _
>q4ot/w*eK/
Q58dTVU>
q8/s#OJ
-qFs/F
QI%-csnO
Qiu'XsvOp
Q:mto_
Q;mT'u
Qn:"T*
QXurT_
R7u$8"|R
`.rdata
ReadPrinter
RegCreateKeyExW
RegCreateKeyW
RegDeleteValueA
RegEnumKeyA
RegEnumKeyW
RegisterClusterNotify
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryMultipleValuesW
RegQueryValueA
RegReplaceKeyW
RegSetValueA
RegSetValueExA
ResumeClusterNode
ReuseDDElParam
rhKbFqIM
ri_-6{
R/>kTW~&
RP%%k#
R\UnV7
R<,vR6
S2US6e
S6elWO
SendMessageCallbackA
SetActiveWindow
__set_app_type
SetClusterResourceName
SetCursor
SetDlgItemTextA
SetFormA
SetKernelObjectSecurity
SetPrinterDataA
SetServiceStatus
__setusermatherr
SetUserObjectInformationW
SetWindowPlacement
SetWindowsHookExW
SHELL32.dll
Sie7wl
:-\sn'
{s`,rI
StartDocPrinterA
sYOn=WTV.
szWH.}#X2&c
>>$t+ 
<:|T`-
=T!/)|
</	>T3..
t:F*m=m
!This program cannot be run in DOS mode.
TI-}3 
?"TjR|
ToAscii
tWn0d^
:u4X+.s3
u" ::d
u/h+Wkf
uj`wvx  rJ'
U!Nbe~
USER32.dll
;UtvQ^enWw
u]`.VcV
u[veL(
U`vvxp
V9bt^O
v"b:nL7
V	cu^x
VerInstallFileA
VerInstallFileW
VERSION.dll
_"V"fb
vip''+{#p
Vq^5^$V
/-[[VvV
Wh~/8{
WININET.dll
WINSPOOL.DRV
Wj&'+{;(lcgv7
Wp^'&{K(
W!>Rde
wRHUU^6&
WritePrinter
wvsprintfA
_XcptFilter
XcvDataW
)x#mH/
XQ>-4+T+
Xs^_V.n+W
XXnm__
%YK&u{``.vc 6J
Y[SbNy
\Y^~v0x;0<
_yV ~b
}yx(H[U
y*xsHo5/l+Wk
yY8V\v
,zc8.43
=z<`dn
 Zjno/(
,Zk~o('{3x
+ZKVe~
?Zl6W\.
#Z^tN/
	zy(xc
zY`y0`#