Analysis Date2015-10-30 04:17:04
MD501f8d5a1e2c4a326515270c559e3b254
SHA15662c1d19f0cac1cfb224b63e0a818ab6e544eeb

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 5bcbc4f1be2eecaf6597211133914fe2 sha1: c1e00b6fc501b685abfaae522869bfccd7734c54 size: 227328
Section.zVPJ md5: c99a74c555371a433d121f551d6c6398 sha1: 605db3fdbaff4ba13729371ad0c4fbab3889378e size: 2048
Section.iNOYI md5: b4202f7fe985b9648b4676e6f70832bd sha1: d37c2b3927946ed617455b3c5913fcab0bc1af52 size: 3584
Section.rdata md5: 7653ff6ff2ea0ab0a7eb882cca2379a2 sha1: f5f156e7692e99e8a3e0ffdd7a568791a5409390 size: 4096
Section.QNimp md5: d2a70550489de356a2cd6bfc40711204 sha1: 02ec1f60b2e76741dd9848ac432057ff9d58d750 size: 3072
Section.BBZWp md5: b4202f7fe985b9648b4676e6f70832bd sha1: d37c2b3927946ed617455b3c5913fcab0bc1af52 size: 3584
Section.LcOnp md5: b4202f7fe985b9648b4676e6f70832bd sha1: d37c2b3927946ed617455b3c5913fcab0bc1af52 size: 3584
Section.data md5: 12af199e6089354d793eed56f40a4518 sha1: ae3716689c21bee0d9072a5285590a58ff4b8861 size: 8704
Section.rsrc md5: 0de641c0e8a9290b2cff58aa06464c35 sha1: c88a6aa711c59f992a4cc328e6028979c92944cd size: 2560
Section.aelHe md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512
Section.WlnYWfY md5: c99a74c555371a433d121f551d6c6398 sha1: 605db3fdbaff4ba13729371ad0c4fbab3889378e size: 2048
Section.ssqsSfY md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512
Timestamp2009-06-20 21:29:21
VersionLegalCopyright: Recorder
FileVersion: 7.4.6.8
CompanyName: Allelotropy
ProductName: nondisclaim
ProductVersion: 2.3.5.2
FileDescription: Chaetodon
PackerBorland Delphi 3.0 (???)
PEhashea2028298c36047ddd67b6d4c59edd4ca79bd66e
IMPhash020ad0bc1d8aa3e902a81fa07ae43381
AVMalwareBytesno_virus
AVZillya!Backdoor.Shiz.Win32.2565
AVTwisterTrojan.558BEC83EC@2FF8D0.mg
AVEmsisoftGen:Heur.Cridex.2
AVRisingno_virus
AVF-SecureGen:Heur.Cridex.2
AVCAT (quickheal)VirTool.Obfuscator.ZV
AVAd-AwareGen:Heur.Cridex.2
AVFortinetW32/Shiz.NCF!tr
AVGrisoft (avg)SHeur4.ACDJ
AVVirusBlokAda (vba32)Backdoor.Shiz
AVPadvishno_virus
AVEset (nod32)Win32/Spy.Shiz.NCF
AVFrisk (f-prot)W32/Shiz.H.gen!Eldorado
AVArcabit (arcavir)Gen:Heur.Cridex.2
AVBullGuardGen:Heur.Cridex.2
AVMicrosoft Security EssentialsPWS:Win32/Simda
AVTrend MicroTSPY_SI.3C2A777C
AVAuthentiumW32/Shiz.H.gen!Eldorado
AVMcafeeGeneric BackDoor.add
AVAvira (antivir)TR/Rogue.445879845
AVBitDefenderGen:Heur.Cridex.2
AVSymantecInfostealer.Shiz
AVK7Spyware ( 004c108f1 )
AVMicroWorld (escan)Gen:Heur.Cridex.2
AVClamAVWIN.Trojan.Shiz-111
AVKasperskyTrojan.Win32.Generic
AVAlwil (avast)MalOb-KC [Cryp]
AVCA (E-Trust Ino)Win32/Winwebsec.MV
AVIkarusBackdoor.Win32.Shiz
AVDr. WebTrojan.PWS.Ibank.456

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\malware.exe ➝
C:\malware.exe:*:Enabled:Windows Explorer\\x00
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\c059900a ➝
DM\\xbd\\x95\\x1e\\xcbM\\xf2\\xc1\\x8a\\x1a\\xdfO\\xca[\\x88I\\x86\\x8dWs\\x18\\xcd\\xc5\\x95\\xd2}c\\xea/\\x8a3-\\xf5\\x92?\\x9e\\x8e\\xad\\xaf;\\x96\\xda\\xcen\\xd2\\x85\\x935\\xe5\\xfb\\x1b\\x7f\\x15\\x8fi\\x11-\\x9C:\\xbd\\xde\\xa2\\xcd\\x8ds\\xb66\\xc3\\x02+\\xd1\\xefb\\xfd\\x15.\\xd3n.\\x0b\\xb3z.\\x86\\x03\\x83V9\\xde\\x0e\\xde.\\xc5\\xea\\x8b\\x9d\\xcf\\xde"\\x0b6n9\\x96Y\\x9d\\xc3\\xab_6\\xf9^\\xcf:}1\\x9a\\xce\\xa1\\x95\\r\\x9a\\x85%9\\xd1B\\xfa\\x8f\\xcb\\xd5\\x8fv\\xabka\\t>\\xd2-\\xf6\\xbb\\x0f\\xb3\\x87K\\xc9\\xde\\x15\\xf1\\xcfq\\xc5\\xb5~\\xf6\\x11\\x86E~\\xbe/\\xed\\xbe=\\xc2\\xfd\\x1e\\x19\\rVfy\\xd5\\xb2\\x05\\t%\\xd5\\xfa\\x817F\\x96\\x93\\xf9}vr\\xea\\x06\\x8dW\\x95%\\x86\\xdfn\\xf3\\x1f\\xb25\\xf6\\x93\\x82\\x91c\\x7f~\\x07\\xf6E\\x8eM\\xc9>\\x06\\xc1\\xa3"\\xddk:\\xef\\x86\\xab\\x1a\\x86K\\xb9S\\xde\\x86\\xcd\\x8a\\xabN\\xee\\xf3S\\xee\\xad\\xdf\\xda\\xb6\\xa5\\xe6\\x157\\x96\\xeds\\x0e\\xb2\\xa1\\xf5[\\x86\\x89
Creates FileC:\WINDOWS\apppatch\vysxva.exe
Creates FilePIPE\lsarpc
Creates MutexGlobal\MicrosoftSysenterGate7

Network Details:

DNSany.edge.bing.com
Type: A
204.79.197.200
DNScihunemyror.eu
Type: A
192.42.116.41
DNSdigivehusyd.eu
Type: A
69.195.129.70
DNSvofozymufok.eu
Type: A
195.22.26.253
DNSvofozymufok.eu
Type: A
195.22.26.254
DNSvofozymufok.eu
Type: A
195.22.26.231
DNSvofozymufok.eu
Type: A
195.22.26.252
DNSfodakyhijyv.eu
Type: A
195.22.26.253
DNSfodakyhijyv.eu
Type: A
195.22.26.254
DNSfodakyhijyv.eu
Type: A
195.22.26.231
DNSfodakyhijyv.eu
Type: A
195.22.26.252
DNSnopegymozow.eu
Type: A
195.22.26.253
DNSnopegymozow.eu
Type: A
195.22.26.254
DNSnopegymozow.eu
Type: A
195.22.26.231
DNSnopegymozow.eu
Type: A
195.22.26.252
DNSgatedyhavyd.eu
Type: A
195.22.26.253
DNSgatedyhavyd.eu
Type: A
195.22.26.254
DNSgatedyhavyd.eu
Type: A
195.22.26.231
DNSgatedyhavyd.eu
Type: A
195.22.26.252
DNSmarytymenok.eu
Type: A
195.22.26.253
DNSmarytymenok.eu
Type: A
195.22.26.254
DNSmarytymenok.eu
Type: A
195.22.26.231
DNSmarytymenok.eu
Type: A
195.22.26.252
DNSjewuqyjywyv.eu
Type: A
195.22.26.253
DNSjewuqyjywyv.eu
Type: A
195.22.26.254
DNSjewuqyjywyv.eu
Type: A
195.22.26.231
DNSjewuqyjywyv.eu
Type: A
195.22.26.252
DNSqeqinuqypoq.eu
Type: A
195.22.26.253
DNSqeqinuqypoq.eu
Type: A
195.22.26.254
DNSqeqinuqypoq.eu
Type: A
195.22.26.231
DNSqeqinuqypoq.eu
Type: A
195.22.26.252
DNSkemocujufys.eu
Type: A
195.22.26.253
DNSkemocujufys.eu
Type: A
195.22.26.254
DNSkemocujufys.eu
Type: A
195.22.26.231
DNSkemocujufys.eu
Type: A
195.22.26.252
DNSrynazuqihoj.eu
Type: A
195.22.26.253
DNSrynazuqihoj.eu
Type: A
195.22.26.254
DNSrynazuqihoj.eu
Type: A
195.22.26.231
DNSrynazuqihoj.eu
Type: A
195.22.26.252
DNSxuxusujenes.eu
Type: A
208.100.26.234
DNSciliqikytec.eu
Type: A
195.22.26.231
DNSciliqikytec.eu
Type: A
195.22.26.254
DNSciliqikytec.eu
Type: A
195.22.26.253
DNSciliqikytec.eu
Type: A
195.22.26.252
DNSkeraborigin.eu
Type: A
54.201.30.58
DNSlyvejujolec.eu
Type: A
195.22.26.252
DNSlyvejujolec.eu
Type: A
195.22.26.253
DNSlyvejujolec.eu
Type: A
195.22.26.254
DNSlyvejujolec.eu
Type: A
195.22.26.231
DNStucyguqaciq.eu
Type: A
195.22.26.252
DNStucyguqaciq.eu
Type: A
195.22.26.253
DNStucyguqaciq.eu
Type: A
195.22.26.254
DNStucyguqaciq.eu
Type: A
195.22.26.231
DNSgalokusemus.eu
Type: A
185.28.193.192
DNSgalokusemus.eu
Type: A
31.170.178.179
DNSlysovidacyx.eu
Type: A
185.28.193.192
DNSlysovidacyx.eu
Type: A
31.170.178.179
DNSpuregivytoh.eu
Type: A
185.28.193.192
DNSpuregivytoh.eu
Type: A
31.170.178.179
DNSdimutobihom.eu
Type: A
31.170.178.179
DNSdimutobihom.eu
Type: A
185.28.193.192
DNSjeluganusog.eu
Type: A
31.170.178.179
DNSjeluganusog.eu
Type: A
185.28.193.192
DNStufecagemyl.eu
Type: A
31.170.178.179
DNStufecagemyl.eu
Type: A
185.28.193.192
DNSqexofyqihid.eu
Type: A
185.28.193.192
DNSqexofyqihid.eu
Type: A
31.170.178.179
DNSryleryqacic.eu
Type: A
31.170.178.179
DNSryleryqacic.eu
Type: A
185.28.193.192
DNSlykemujebeq.eu
Type: A
185.28.193.192
DNSlykemujebeq.eu
Type: A
31.170.178.179
DNSpupujeguper.eu
Type: A
31.170.178.179
DNSpupujeguper.eu
Type: A
185.28.193.192
DNSnorumikemem.eu
Type: A
185.28.193.192
DNSnorumikemem.eu
Type: A
31.170.178.179
DNSqebahilojam.eu
Type: A
31.170.178.179
DNSqebahilojam.eu
Type: A
185.28.193.192
DNSkevedorozup.eu
Type: A
31.170.178.179
DNSkevedorozup.eu
Type: A
185.28.193.192
DNSganycyhywek.eu
Type: A
185.28.193.192
DNSganycyhywek.eu
Type: A
31.170.178.179
DNSwww.bing.com
Type: A
DNSdikoniwudim.eu
Type: A
DNSvojacikigep.eu
Type: A
DNSgadufiwabim.eu
Type: A
DNSfogeliwokih.eu
Type: A
DNSmasisokemep.eu
Type: A
DNSpuzutuqeqij.eu
Type: A
DNSnofyjikoxex.eu
Type: A
DNSqetoqolusex.eu
Type: A
DNSjepororyrih.eu
Type: A
DNSryqecolijet.eu
Type: A
DNSvolebatijub.eu
Type: A
DNSfokyxazolar.eu
Type: A
DNSgahihezenal.eu
Type: A
DNSnojuletacuf.eu
Type: A
DNSmagofetequb.eu
Type: A
DNSjefapexytar.eu
Type: A
DNSkepymexihak.eu
Type: A
DNSqederepuduf.eu
Type: A
DNScinepycusaw.eu
Type: A
DNStuwikypabud.eu
Type: A
DNSpumadypyruv.eu
Type: A
DNSnozoxucavaq.eu
Type: A
DNSvocumucokaj.eu
Type: A
DNSfoxivusozuc.eu
Type: A
DNSdivywysigud.eu
Type: A
DNSqegytuvufoq.eu
Type: A
DNSmakagucyraj.eu
Type: A
DNStupazivenom.eu
Type: A
DNSjejedudupuc.eu
Type: A
DNSrydinivoloh.eu
Type: A
DNSkefuwidijyp.eu
Type: A
DNSfobonobaxog.eu
Type: A
DNSciqydofudyx.eu
Type: A
DNSdixemazufel.eu
Type: A
DNSvoniqofolyt.eu
Type: A
DNSxutekidywyp.eu
Type: A
DNSlymylorozig.eu
Type: A
DNSrytuvepokuv.eu
Type: A
DNStunujolavez.eu
Type: A
DNSxubifaremin.eu
Type: A
DNSpuvopalywet.eu
Type: A
DNSxuqohyxeqak.eu
Type: A
DNSlyruxyxaxaw.eu
Type: A
DNScicaratupig.eu
Type: A
DNSgacezobeqon.eu
Type: A
DNSnovacofebyz.eu
Type: A
DNSmaxyjofytyt.eu
Type: A
DNSlygananavof.eu
Type: A
DNSkejitanokon.eu
Type: A
DNSryhoqagoxyr.eu
Type: A
DNScitifemifif.eu
Type: A
DNSxudylenyrob.eu
Type: A
DNSvoworemoziv.eu
Type: A
DNSkezapyjolek.eu
Type: A
DNSfoqaqehacew.eu
Type: A
DNSqekusagigyz.eu
Type: A
DNSxuguxujytej.eu
Type: A
DNSdirosehijel.eu
Type: A
DNSpufiluqudic.eu
Type: A
DNSdisafuwokis.eu
Type: A
DNSfotyriwavix.eu
Type: A
DNSgaquviwyrup.eu
Type: A
DNSjenokirifux.eu
Type: A
DNSrycypolavag.eu
Type: A
DNSlyxuworenuz.eu
Type: A
DNScidohukigeq.eu
Type: A
DNSvopepukaxej.eu
Type: A
DNSxukovoruput.eu
Type: A
DNStulimolywan.eu
Type: A
DNScihakotihuz.eu
Type: A
DNSnomebemenid.eu
Type: A
DNSpujoxolufag.eu
Type: A
DNSvofydatacut.eu
Type: A
DNSmavulymupiv.eu
Type: A
DNSjecijyjudew.eu
Type: A
DNStujybuqeqis.eu
Type: A
DNSmaravatudur.eu
Type: A
DNSjewezexigaf.eu
Type: A
DNSkemygexaxab.eu
Type: A
DNSqeqekepokul.eu
Type: A
DNSrynudepebur.eu
Type: A
DNSlyvitexemod.eu
Type: A
DNStucoqepyryk.eu
Type: A
DNSpuzecypigyw.eu
Type: A
DNSxuxanexusov.eu
Type: A
DNScilyzycojod.eu
Type: A
DNSdikujysozyk.eu
Type: A
DNSvojugycavov.eu
Type: A
DNSfogisysemyq.eu
Type: A
DNSnofotycywos.eu
Type: A
DNSgadaqusupyj.eu
Type: A
DNSmasenucifoc.eu
Type: A
DNSjepycudijyq.eu
Type: A
DNSnopiwatyqul.eu
Type: A
DNSdigegazolan.eu
Type: A
DNSfodutazenaf.eu
Type: A
DNSgatonazytab.eu
Type: A
HTTP POSThttp://digivehusyd.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://nopegymozow.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://fodakyhijyv.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://cihunemyror.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://marytymenok.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://gatedyhavyd.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://vofozymufok.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://nopegymozow.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://fodakyhijyv.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://vofozymufok.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://gatedyhavyd.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://digivehusyd.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://cihunemyror.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://marytymenok.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://xuxusujenes.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://ciliqikytec.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://qeqinuqypoq.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://keraborigin.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://jewuqyjywyv.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://lysovidacyx.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://puregivytoh.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://ciliqikytec.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://qeqinuqypoq.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://keraborigin.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://xuxusujenes.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://jewuqyjywyv.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://puregivytoh.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://lysovidacyx.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://rynazuqihoj.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://lyvejujolec.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://kemocujufys.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://tucyguqaciq.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://rynazuqihoj.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://lyvejujolec.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://kemocujufys.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://dimutobihom.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://galokusemus.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://tucyguqaciq.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://galokusemus.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://dimutobihom.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://qexofyqihid.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://tufecagemyl.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://jeluganusog.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://ryleryqacic.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://kevedorozup.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://pupujeguper.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://norumikemem.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://qebahilojam.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://lykemujebeq.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://ganycyhywek.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://pupujeguper.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://qebahilojam.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://lykemujebeq.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://ganycyhywek.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://jeluganusog.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://qexofyqihid.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://kevedorozup.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://ryleryqacic.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://norumikemem.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
HTTP POSThttp://tufecagemyl.eu/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Flows TCP192.168.1.1:1034 ➝ 204.79.197.200:80
Flows TCP192.168.1.1:1035 ➝ 192.42.116.41:80
Flows TCP192.168.1.1:1036 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1037 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1038 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1039 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1040 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1041 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1042 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1043 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1044 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1045 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1046 ➝ 192.42.116.41:80
Flows TCP192.168.1.1:1047 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1048 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1049 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1050 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1051 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1052 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1053 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1054 ➝ 192.42.116.41:80
Flows TCP192.168.1.1:1055 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1069 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1070 ➝ 195.22.26.231:80
Flows TCP192.168.1.1:1071 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1075 ➝ 54.201.30.58:80
Flows TCP192.168.1.1:1081 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1106 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1108 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1109 ➝ 195.22.26.231:80
Flows TCP192.168.1.1:1110 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1111 ➝ 54.201.30.58:80
Flows TCP192.168.1.1:1112 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1113 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1114 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1115 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1116 ➝ 195.22.26.252:80
Flows TCP192.168.1.1:1122 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1120 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1123 ➝ 195.22.26.231:80
Flows TCP192.168.1.1:1121 ➝ 195.22.26.252:80
Flows TCP192.168.1.1:1124 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1125 ➝ 54.201.30.58:80
Flows TCP192.168.1.1:1126 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1127 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1128 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1129 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1130 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1131 ➝ 195.22.26.252:80
Flows TCP192.168.1.1:1132 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1135 ➝ 195.22.26.252:80
Flows TCP192.168.1.1:1133 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1134 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1136 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1137 ➝ 195.22.26.252:80
Flows TCP192.168.1.1:1138 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1139 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1140 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1141 ➝ 195.22.26.252:80
Flows TCP192.168.1.1:1142 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1143 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1155 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1159 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1161 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1163 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1170 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1173 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1175 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1177 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1178 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1179 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1180 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1181 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1182 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1184 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1185 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1186 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1183 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1187 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1188 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1189 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1190 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1191 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1192 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1193 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1194 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1195 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1196 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1197 ➝ 31.170.178.179:80
Flows TCP192.168.1.1:1198 ➝ 185.28.193.192:80
Flows TCP192.168.1.1:1199 ➝ 31.170.178.179:80

Raw Pcap

Strings
.o.
.
.w'..
.....
.
000004b0
2.3.5.2
7.4.6.8
Allelotropy
Chaetodon
CompanyName
FileDescription
FileVersion
LegalCopyright
nondisclaim
ProductName
ProductVersion
Recorder
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
<$0C%X1
0E!h{O6M
0h( @`  @h(
0wAmAf
?`\](1
1eYDf2
:1FHqn
	1G!m m
$1$QU	[
1sF np
2]c7N,
\#[2'uD
&33333333330
@36mDwHP5
(3F#k>
3romzQF~
3X6zkj
)429=?
|4(4h?
;4~|C7
4{`eWH
	4g<T%
4JfDNc
~.'4+n
4n=3g=
?4o1yQ
4QWSVR
4RzRc;^F&
4S?,	}Cp
4SRVWQ
4S{t)1
4uR :dD>
4/U=uG9R<
^"5@(.}
_5>4B<<=
5.=8{+
(58V=C^
5c:@t7O
5Eq*hK
5fI;PY/:'u
5'FpN%
(5jP;#O
5nHi}5
<:;5^o7t
5rOUkP
`5)wKR
62ZFB|
63Q^k&Oh
{6(67-
6GMbG@;
)	6xMQ
{_6Y?e
72`.{u
77w5ei
7dj\`3
$7{X0S%~
7XCR{F
'\88H2
8<A@%V
8GlAaH
8RVQSW
8S8pxG{
8SQVWR
8SRWVQVPj
8WSVRQVP
92xIo,
9^4Y2u
9OFPsx6
a2+W!x
A-4#fCg0u)
*Aaj4gy
-Ab2:o
.ab/8t.
ADVAPI32.DLL
@.aelHe
,AJ{(+
AKjXc>
aol,g4g4F0&
a(P-4)
Apc*S'
#aPw]x
AQ@P@A@
_ARzf1
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
!a`T<3
aT<Rtb
auG#ad
.BBZWp
bDOFFSTZ
B%(\{F
!BGw(~
b%mgR2
B_R|M=
:C1+UHv
=-C5CH
C9tS(k
CAAccessCheck
CACreateNewCA
CADeleteCA
CAEnumCertTypesForCA
CAFindByName
CAGetCAFlags
CAGetCertTypeFlags
CAOIDCreateNew
CAUpdateCA
c)>ay9#
#cd`25
CertAddCertificateContextToStore
certcli.dll
CertCloseStore
CertCompareCertificate
CertCompareIntegerBlob
CertCreateCertificateContext
CertDuplicateCertificateContext
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateContext
CertGetIntendedKeyUsage
CertGetIssuerCertificateFromStore
CertNameToStrA
CertOpenStore
CertVerifyValidityNesting
Cf%0x<
:cFkB9
cG]3'j
CharNextA
CharPrevA
CILA/{@
CI?Q}pL
CloseHandle
CLSIDFromString
		cm(FJ
c':n8;
CompareFileTime
CopyFileExA
CopyFileW
}C##<r
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileW
CreateHardLinkA
CRYPT32.DLL
CryptAcquireContextA
CryptCreateHash
CryptDecodeObjectEx
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptMemAlloc
CryptMemFree
CryptMemRealloc
CryptMsgClose
CryptMsgControl
CryptMsgGetParam
CryptMsgOpenToDecode
CryptMsgUpdate
CryptReleaseContext
CSbgN#
cS|j7=)
C _	u9
CzOqXb
D3H~Tu
d6s6w^
d7)cI<
@.data
@<Dd$!
D$ekXP5
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
`dfONG)Lo PP
di#b[vD
DisableThreadLibraryCalls
D_J8'QX
DllGetClassObject
_-dLph
DQVRSWj
DRMu!<B5
DSQWRV
D}T>Gr
DuplicateHandle
DWSVRQ
E4#fhw
e6q0%k
_E awqq
:$eBGBCO
&ec6\dHD
e<D_Qy
E{F"	c
efgr0MZF0
EjI?;O
e$$k5w
eLF'2M#n{`
+E&L+G
eM29o&
EnterCriticalSection
eON"Z*
E`SJDx
  {eU	
 E|x6|
;E$YZ[_^
E Z^[_Y
F!00Vo
\\?F7Fu
F83(pw#
fAnm=5
%~&fIA
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FindResourceExA
FJI	HVUV
FjP5>r 
,fl*u 
f#-}PBF
FPmfV^
FreeLibrary
FSAs%T2
fXw1Zt
g8$r\P
]GAC>E
GetCurrentThreadId
GetFileAttributesExA
GetFileSize
GetModuleHandleA
GetProcessHeap
GetSystemTimeAsFileTime
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetWindowsDirectoryA
\G>F|:
^G;gb@"U
?gHJ b
(gwLy$
|gzyR(U 
h( (` @
+H0G0q
Hc|s9_?DP
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
hFM25$
hFy|bK
_HgY0iWi
 HH``@
@hh@`(`HH``hhh`@ (` 
hiQ/fU0
hj#<ly
Hn.w;u#m
`htE;y@
hw	a9p-F
IER-,r
#:.ie'uPL
iHLQ@P
@	IJBB	
@~)I\k
?IlIOrnf
.iNOYI
iqEE.}cy
IsDebuggerPresent
iWN?`w{bl
i)w~vm
i\w[w69K
j*#$?{
,&j1bW
;J1F6aVR
:j5a;S
|J|bdD
JD0#e4
Je_?.i
Ji&HN^
jij_h&BD
jIj>)L
J#lBo;u 
jL%Rl.
jQ^F)5
JTh}xS\
J\,W'(3
jz31)v
>k];+;
=#~k"0
}k`3gZn
\k!3$QzI
`}*K3U(
k3W`7o
KBDHU.DLL
KbdLayerDescriptor
K~d0CJ^
!KegGy
KERNEL32.dll
K@jfy,(
k{!lVEx
K-M aO
*kt$0_
\Kv[eI\1e]
#K'Wmo
l1M<p>
L&2>ZH
l6tGj:
l7Te-1
L8"a:LW
@.LcOnp
LeaveCriticalSection
;#(;;l+:m
l+NQ=K
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
 LoUx.
LqO{8W
lQ+ps4
lR3"{G
l|rB	C
lSQ#JM
LSRQVW
lstrlenA
lstrlenW
LSVQWRh>[
L&\ ^U
l uYu;
LVWSRQh
^:L\w@
LWVQRS3
lx&tu%
~m[`$^
*|M&#c
mg`-I 
mHhv,2D
Mik71ik
MJOXUO
#mmb!#
m~'N[So
MoveFileExA
MoveFileW
Mrl$O}FUe`
MuN@rK
?]m"Wj?$
N_3U)s
n6+e{J
}.n9CDZ
n-9YO`(
N_bwoqQP
nilX?D.
|>nK7I
NL53I!ilQ
	N%mg/
 "Nna&
nOFU_F|&
|NR99F
n/S2F}
NUNTL[
:n\XW'
OaMAV_
O:B`Q-
o<@BtZ
o$?iM@
ole32.dll
OmD+i`
on#X!v
OpenEventA
OpenProcess
oSbb-N
OSkD@&
@OU2>|N_#) 
$Ova0 
OVrI!	1d
|;_\P.
-p5yFw4
PathAppendA
PathFileExistsW
`/$ph-
PH9{{u
~p[	J7
PjQPj0
P\{+kb
p$%	lE
,]PN]i
po7/ V
p#qUk\'
P:=#scY
PSh'ED
pU4u$k
PulseEvent
;P"/V#
Q5r=tA
qA`ndR#/t
qc[dUh
@Qg	uy
qm*	yk
@.QNimp
qnua%y
qOfW{*
 QRSVW
qTluYx
QVRSWjN
Q`wc#k
R|8d=B
RaiseException
#rCm^k
@.rdata
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegisterTraceGuidsA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RemoveDirectoryA
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
      <requestedPrivileges>
RJhzW%J
rpo/wn%
:RrI\Y
,RSVWQ3
Ru2S]\
ruF;Qh*
RWQVS3
#rx_?v
<<RZ=3
! %^-s
s0	vI]Dc
S1I8bf
s545bqf
S8g'N	
,S9-zJ
    </security>
    <security>
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetUnhandledExceptionFilter
sgyb^[
SHELL32.dll
SHGetSpecialFolderPathA
SHLWAPI.dll
SizeofResource
S@j-Dw
SK([h1:
SMYf*!#
SQRVWVh
<SRQVW
.ssqsSfY/
SWVRQjD^
s))x%%
+&sXVe
-t%!3g
t+*7hZ
TbZ+N|
tDl:VH
!This program cannot be run in DOS mode.
t*Iu:V
TJeh1k
%t^	K$
;tK"h7]
TraceEvent
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
u8^`h)
U=ah|6('
uCjlGb
U[G'sx
}UK"! 
U_%KN)ML
;uL_^YZ[
um\.4(
U	N9U_
UnhandledExceptionFilter
unQVSJ
UnregisterTraceGuids
%u|P-7
u#Q7!b
*)u)s(2
USER32.dll
uYc!Hi
;u(YZ[^_
@vam4TX<
V`dcge
v\DXDM
vG]atZ
VirtualAllocEx
-v-~_J
v}]q^)Xjwc
VSQWRWj
Vsr)>nt\
v@t^wM
vula6GZf(k7L
V-uP:"
 VWQSR
#|vwZh
vw^ZLL:
V,X9)!)
`}V!XN
vY{&b$/h
@vyq>2
w2GS~T
wA|eUh
WaitForSingleObject
W(cA5ne
wdpsXp
'wE9Z_
Whn`2i
WideCharToMultiByte
wI" L/
_Wip0p
@.WlnYWfY
wMyi>o
w^;(O0E
WriteFile
WRVQS3
wsprintfA
$WSVRQ
W<urGy
<WVSRQj
}WYB4'r
x2:bzw
X]3F! 
+X3S^*[
 |*x>4
x|9Jr1_
'[X=b[
XBOiwr
Xc"n7*
xE4q/%
xGVrlC
:xID:'Q
xJ3IYz
]XtqGv)
$xUV,w}^
X$uw9l
 y--=&"
Y6Ri P
Y:^9~>;
Y>C",_B
;yd)ik8
Yh?QM9
Y_I<7_
_Y_lBq
Yng\Z1
\&YP0,^h
yt/_R-#
;yT{&U
YwMm.A
 &-;yy
!zB@\r
$]:zDC|
$ZhiIR
{/ZHrM
^`z\hs
	zIzRHud{
-zKe]/
ZP_!gFb
*z/p*X-E
zq!Lz5t
{Zs{ln
z%)	.v
zVO!=m@D
`.zVPJ
Z&|.<w
-<>z^xjWZ