Analysis Date2018-03-28 22:36:19
MD50b3e0335771c4e471ddb777dfe7c61cf
SHA17750e906b8bb57f4cded5fc52cc4704aef69398a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section md5: e0966ee69c2549505f6464049e6127d5 sha1: c832dabcf125ac56bdc49c51123ff16733a292de size: 222208
Section md5: 1b920db09c790af8b1430049d2932cd9 sha1: 83189ebabf5ae0237c2ddc5728df50026a81e3c8 size: 52224
Section md5: 51d033f0e547afadbb25900ed0edc4e6 sha1: 8cbee3d7fe866dd794d5f74578ce146b1623f5be size: 5632
Section.rsrc md5: bb1a06fde02e078ce31099cea44e5887 sha1: cacab876d2c9402e9cce2f0cf7c316d34b8dfc80 size: 352256
Section2234 md5: 11b1f03bff1ac871f438ba445e8d7096 sha1: 4258abf0ae734b20b17cc53dd2f109a13e5c5522 size: 355840
Section.adata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Timestamp2014-01-13 07:46:31
VersionLegalCopyright: Copyright (C) 2014-2015
ProductVersion11: 1, 3sdfg, 0, 1
FileVersion: 1, 1wer3, 0, 1
FileVersion11: 1, 1sdfsdf1, 0, 1
LegalCopyright11: Copyright (C) 2014-2015
ProductVersion: 1, 3qrweqwfg, 0, 1
FileDescription: 345sldflsdkflsdkf
PackerASProtect v1.2
PEhash74e376ac1fef6c02e105f65f89841f8f80ccf2dc
AVArcabit (arcavir)Gen:Variant.Adware.Symmi.37537
AVAuthentiumNo Virus
AVGrisoft (avg)FakeAV_r.XP
AVAvira (antivir)TR/Crypt.XPACK.Gen7
AVAlwil (avast)Evo-gen [Susp]
AVAd-AwareGen:Variant.Adware.Symmi.37537
AVBitDefenderGen:Variant.Adware.Symmi.37537
AVBullGuardGen:Variant.Adware.Symmi.37537
AVClamAVNo Virus
AVDr. WebTrojan.FakeAV.16414
AVEmsisoftGen:Variant.Adware.Symmi.37537
AVMicroWorld (escan)Gen:Variant.Adware.Symmi.37537
AVCA (E-Trust Ino)Gen:Variant.Adware.Symmi.37537
AVFortinetW32/FakeAV.AC!tr
AVFrisk (f-prot)No Virus
AVF-SecureNo Virus
AVIkarusTrojan.Win32.FakeAV
AVK7Error Scanning File
AVKasperskyTrojan-Ransom.Win32.Blocker.kxes
AVMalwareBytesTrojan.FakeAV
AVMcafeeFakeAlert-FTE!0B3E0335771C
AVMicrosoft Security EssentialsRogue:Win32/FakePAV
AVNANONo Virus
AVEset (nod32)Win32/AdWare.WindowsExpertConsole.AI
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingError Scanning File
AV360 SafeNo Virus
AVSUPERAntiSpywareError Scanning File
AVSymantecTrojan.FakeAV!gen123
AVTrend MicroNo Virus
AVTwisterTrojan.4DC6DC1722936502
AVVirusBlokAda (vba32)TrojanDropper.Dapato
AVWindows DefenderRogue:Win32/FakePAV
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\7750e906b8bb57f4cded5fc52cc4704aef69398a.exe

Process
↳ C:\Users\Phil\AppData\Roaming\safe-durt.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates File\??\NUL

Process
↳ C:\Windows\SysWOW64\mshta.exe

Creates MutexLocal\!PrivacIE!SharedMemory!Mutex
Creates Mutex
Creates MutexRasPbFile
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\EnableFileTracing ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\EnableConsoleTracing ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\FileTracingMask ➝
4294901760
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\ConsoleTracingMask ➝
4294901760
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\MaxFileSize ➝
1048576
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\FileDirectory ➝
%windir%\tracing

Process
↳ C:\Windows\SysWOW64\sc.exe

Creates FileC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
Creates FileC:\Windows\SysWOW64\en-US\sc.exe.mui

Process
↳ C:\Windows\SysWOW64\sc.exe

Creates FileC:\Windows\SysWOW64\en-US\sc.exe.mui

Network Details:

DNScheckip.dyndns.com
Type: A
216.146.38.70
DNScheckip.dyndns.com
Type: A
216.146.39.70
DNScheckip.dyndns.com
Type: A
216.146.43.70
DNScheckip.dyndns.com
Type: A
91.198.22.70
DNScheckip.dyndns.org
Type: A
HTTP GEThttp://checkip.dyndns.org/
User-Agent: Mozilla/4.0
HTTP GEThttp://93.115.86.197/?0=8&1=0&2=11&3=i&4=2600&5=1&6=1111&7=iqfmmjxjrn
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 216.146.38.70:80
Flows TCP192.168.1.1:1033 ➝ 93.115.86.197:80

Raw Pcap

Strings
02ab4vz0
1, 1sdfsdf1, 0, 1
1, 1wer3, 0, 1
1, 3qrweqwfg, 0, 1
1, 3sdfg, 0, 1
345sldflsdkflsdkf
APPROVE
Copyright (C) 2014-2015
DECLINE
DFGHJKL100
DFGHJKL1001
DFGHJKL10399
DFGHJKL111
DFGHJKL1122	DFGHJKL13
DFGHJKL134	DFGHJKL14
DFGHJKL160
DFGHJKL177
DFGHJKL18211
DFGHJKL190
DFGHJKL201
DFGHJKL202
DFGHJKL203
DFGHJKL204
DFGHJKL205
DFGHJKL206
DFGHJKL207
DFGHJKL20797
DFGHJKL208
DFGHJKL20804	DFGHJKL21	DFGHJKL23	DFGHJKL24
DFGHJKL240
DFGHJKL250
DFGHJKL274
DFGHJKL300
DFGHJKL301
DFGHJKL302
DFGHJKL303
DFGHJKL31048
DFGHJKL337
DFGHJKL349
DFGHJKL350
DFGHJKL351
DFGHJKL36867
DFGHJKL36869
DFGHJKL36871
DFGHJKL368711
DFGHJKL36872
DFGHJKL36884
DFGHJKL38738	DFGHJKL47
FileDescription
FileVersion
FileVersion11
FLASH
FORM
LegalCopyright
LegalCopyright11
PANEL1
PANEL2
ProductVersion
ProductVersion11
SETTINGS
StringFileInfo
VS_VERSION_INFO
>{>]|[
:-_\*"'	
(:!<	_
00wp9qq
,"0@48
`0:8^jF
0:$;9#
0Ayv3;U
0<B 6@
0=,Bl-]
0(CPk;
0[F!u*5
0!|Gi<
0i`>D0
*_0k=+
?0k~s	
\0P)Rj)
`0RB`.C
0'<T x3
0T$)YF4
!0Y-]Y4
;1<^=&~>
10:Bhm
15*qd1
 18MYB
#1+dH4
]1DHlE
(1{g5ty$O
1Hn5%%j
;1kXX5
1l}u{W
1{,me(
1oMZpc
1pp@ZB
1rTsx%+
1{#UbsY
1whCjGd
1xzqq8l
1ya5phk
1ymu< =
>1|yn2	
<1*yy"
1Z}A!aN
2.@4\Q
263`Ig
2A<Jg$
>2_@fKcc
,2kq4,
2N^g%R
2	NOHkO&
#2Pp\g>
2<Q?D4-
^2TIg 
2TtWZhr
{<+{*2w
:2WA+T@l~ 
2X<Z];!~h
]2yJuGV
2Y)R4*
2y_@xi1
2ZmYPX
36m'@u
37Sx#.6
3&9pRw
39T__et
3:BfAm
3CNP~r4oz
3=.evf
3Ft2Ewf
3&g7lK
3H@MWY>H'
3HS73,:'
3is[uH
3IY'X^
3{JfN'&
`3&*K(Ums
!3:LrA
3m&hNB
3,NMA]
3P24x"
3PA3iEA
	3p$K/3U5DJO)
3rbBaN
3_) [s(
3#T&}IQ
3^<x~eB:
*3^xTw]5
{]4~{	
42QbNK8<\
&44200
[44b|\a
45%N"[a	
45nM7;
4b"2tV/@V
,4Coc:@,/<N
4cQQA.
4eTn	O
&4f%2"
4hF{Ml
4In1zu=
4(iWOg[
}4JeJ5
(>4JHl
4J|N"&
4(mQVYe
4_M+(r
4Nq-='
4N/yXL
.+%4pJ
;:4PU7
,4q]"d
?4(Qs0
+"4s62
#4&Uxs+Q
}4<=VF)
#4w	-2
4:w3\NJ
4^wtR#R
4x--Zc
4yG(}Zj
4Z<7_P
5:0<goJ
51-p>|
5=!!2M
*!547u
56#).[
581bvz
_59.r<
5!agqQ
5A'IEk
^5,(dK^
*5f7U_
5g1M7K
5Jk<8!
5'}<k(
5kiUBz
:,5N*6`<(4
5:Nk+@
?"5O~>
5qJ0|l6>
*5vSKd
/5Z.fo>
5zn.0*
<&=.>6?
64ORPU
6/5!d1
6~8Khg=
 698u[
~^6G|"
/#6,g(1
6H<2u$qv
>6I`1.[
6iym. 
6J/' Zg\*
'[6NN(
6o	eW>
6!onAX
6rJ2IS>r
<6 #>U
{6U)hv
='.! 7)
7-+2<$
789+/=
7{+#b7
7ce{4^
+7 FlZ
7!GD5b(
7^+k!S+a
7-L3/V
{7~lii
7@;Lk!
7MOMRZ!
#7Op<M
7P.S|9
7ts6M)
;7u^"hB
7&}VB-
7wM0.!
7'.X]0(/{oIS&u
7yZ+qN
7Zuo<y
 	8&:}
[80`:K
84t]=/
85<mN2
8	7cdp
88/QiI
[$89WU
8++A$I
%{8+\aT
8BSf=az
8C2]Z<
8>?DX0
8Ejw79~j
8gCK9~
~8gn\_
$\8i%k
8;jQF/
8@{K\I`6
^/|8lEN
8&L*#&LC
8Mb2?O
/8mg[+
-8MSCg
8&OKTW
:[8p`]u
8&Rcc/
8ruB@<
8@?sm;
_8xD "
8x$V~]D
\8yk)w
-8~[yz
8_ze;t
8zhvZW
8zmp@G
%"%9`(
9+#0##
9{2s*/
9@2XKs
(93M:V
94lD=:
9<>/^a&
{9Dh[\
 ;9d!N%
9`<dWjG
9f"W"%{
9!/&j2
9J`%z~YaX
9k%}7V[
9L0Cc/
9Ldd\)
%9nkMy
9Op!u&,<
9~P:T;X$\
:9q4FK
?9r*&jT
9RR+W@
9W/L_OI
<9=X->
9Y:M6B
9ytA[2
A+0dpK
A3^|98A
a4H9-]
A5+8ie
`-~,A6
a6(4#U
A6E(yD
a8(eeJ
A=`99c
A9~.;q7
A9uVDr
AAlR0"c
@Ab*9c
ABCDpE
.(ABof
Ac(hv#6
.adata
&A(DE?Jm	W
Ad?Tr;
advapi32.dll
ADX>]a
>Ae.A[
A^\EEQv
.af">!	
#AF@=6K\
!aFD<2
AgC&X6
AGEY\\J	
aG.'M\&
aGXe	|
ah?g~h
AHvpDt
]ahXC=
?aI=M&
 AkQ_p
a"LR?a
A$MD\[
An*2V\ 
and`	$j
`ANh7s
=a[,OV
#a#<PL
aR_|6V
ARE\Borl
aR	$xG
aS8!,`
as\*Fr
asra%M
AsS=/:
</assembly>*
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
\A~u5k
a`ufv:Q~
AuPD$Z
aV#!oi}|
A%.VOR
$A$Y#.
=Azh\v
@AzO/[e
=[b?:#>0
b")16<
.b1mN"
 \B*:3
)B )4Xb
*B57'U
b#~|:6
%<B7Ip
b8U@>ul
b9YZ|p
BaIak/
bArPK4/
bB`IKr
BBm]+w
b bPW/a&
Bb&zB@4
B}c-hhb
bc	Pyo
bD%F&u
B~dlom
b`d|wY
./)(be
"Be0](
BeginDeferWindowPos
BFK*uZ
BFU]vmlW
BG8CD6
[bh)}U
|<bi6~1_
bIe*U]gNte
BJEWy>QF
'b.j=n
bKa"%u\T
`bKp=rk
bmaP}Wz
BmES	;O
*BMJ#`
bmZ`Nh
bn/Rb0g0
$Bntd;
B*p ]^
'bP8i`
B{PmOcw
|bP>OgIc
,]BQh/E
B,q(R#
b`r*[3
B],R<*l
${brN-
B,`s0J~U!
b'scRdbL>N
bt	,3.
^BVGfnExe\`
B@VNztLG
:?;B~x!
>by)o95
bzh+Y~k
BZl6s5^ !
]B|zP|
bz`Xxvf
&-C.@@
!c0J4[
C0Sq0nI
C128@%K
.?C/3C
C3PPm9f@_
c53WA0{
c80*qF
<&C9v'3
ca\;EQl
CB.V'1
CBxv%|
C~c]Ba
(?cCV3d$~:
*(.?CD
CDEFW 
CDy:9EK7J
cefA5w
C*e>	Oc
CgLkW,
Cg;s9o
c^hF*f
ChKa0(q,m
cI,#@v
	/C{iyn
clhKo(
C &L+)&LCZ
c	=l<Y
cN5#T:
":c.Nh
cn@]P+
>):C`o
comctl32.dll
comdlg32.dll
CO_r=P_@0
CoTaskMemAlloc
<C\&#o?z
cPDAvr;
Cp/hel
)CpXS%
`~@c?q
cr6N;rp
CreateStdAccessibleObject
C~	(rP9
$;Csu<
"CTN$-r
C,/v`0
CVa7q(
cW6:9'Ga
Cw7{?#
>C?ZS	
CzWc`[f
)=d<|~
#".)d>
>*D	<!,
-=D-0:
; d0>	2
D_-\2f
d2igI{o,B
`&d3kX|
%	<d3n
\$d4{n&
D5oGf&
d; 6l7
d}:7*f
d8 u4dY
<=d9}}
DB5y[g
dBkQ"N
d{~B-t
DBY/`@
d<cd5o
dc?<h&h2
dCR*J+
Dd%d	X
\D= DL
@dD	lH
ddq_w0
ddVi)Im
D"=e:J
  </dependency>
  <dependency>
    </dependentAssembly>
    <dependentAssembly>
'df%0c@
dF4ADpl
d{F^dBJ
d?	:_G
D'(G\0
#dgoli
DhiY6|1
diHi\w
di'>qK
$DjV5't!
D<(+k>3Q$r
]!d?KA
=D;;KG
D/K?Kn
	*"<DL\
D'l6jLQv
dmh^BD
dN|$/.=
&}d(O8
DoG1!0
`doVWo
dp{sAF
d%Qm}	
dR~QyV
D	%Sb;
DSB"2IB%
DS{DjT;3
]D)T"hO{(
d{#TKp@[6
D~Tt1%
dV^L{6
Dx1wG.
dx.>Kl
dY2V0t9
.dye. {n
-d~:yG3y
!d=z2`*
%dZlYdc
DZ@OFi
dZ^S#Zd
$,Dz\U
_&:*e-
-~e^[&
|> ?$'(E,
E2`Me*f
E/3(*[
e*5NO`
~e#5\Wj
E:67is
E7/4QeY7+
e7hBk1?k_`
e8F9	J$N
e$)A.HL
EAY*9^
Eb5nxf
eBd30m
Eb)VJc
&e=}c#B
	EdituQ
<E^@Dj]
	E.g.;X>
%#*E`Gy
e%`&He0
E@j>|a4kK
EJ,F0 
ejUq2	
ek+^YaA1
?E@`$l
E[MHK%
e)Mv*XA
En%Enyuh\x
 En^h5
e=Np~k<A
Enu`!R
EOlgRr
EQdMXD.
E_<qE7*u
%E']@r
E%?`.r
@E ,rd
ErJ`j,
ErTl S]
Escape
@EStre
e*T9. m
E,T j@
etXy}f
>e'u.B?
EU>F*u>
\evS`I
Ew5a?q
e!(xHmn
e<XrWE
}E`Xx9
eY:w]<
^\f,{[
f08VnB
/@F2):=
=f")2M
F]>}2Q
f5I|cc@
`f@6+I
	;F8 Gn
f97)MJ
:F9P	v
f'9"r#
FA@8LU
`fA[]g
f%a~\n
fb!I	/
FBoM8u'
f*B|U5r[
+ fB$?x
F-)C=Z
F(	D,*
Fd[YHs
f"EaU`,
FE\)Of
fEy;tdy[j$
ffbMSCX
^fF h]
Fg+G9"2
FGHIJKLM
FGiV@F
`fGMgft
`]fH%Dt
fH-E(<S
fJ 2aV
"fK2?$:
fL	"0Js^)
{/FLCZ
FlJDiWp
flwMb^
%`fLXi
fm9WW7
F(mAm9;
f`p"e.[
fPxi5A,
}Fr`~Pl
FRtdu.
f%\$RzW
FS>[ECy
ftG_tO
@|;ftw
F%V&5 
[FV6a/wa
F <v]9
f^w^UO}N
Fx!(*F
*~F]#Y
fY/(p+6j
/f(ysi
#f|zX;
%G,%*!
G0(;TC
^(g[1	
G1Bx7p
g1OZmZ
 g1\YD~
G2l$,6>
G^:2pb
g&2)v=
(]g5O6
,G7l&/
G>8ioAB5
G.9K5_
g9$M=i
gA(|?&f
G!cGhL
G ;cx8
gdi32.dll
GdipGetImagePaletteSize
gdiplus.dll
#(]G;e
GetFileTitleW
GetFileVersionInfoSizeW
GetModuleHandleA
GetProcAddress
GetProcessImageFileNameW
 .g%F%
'!G)g3
GglFC:
GhlfQ|
g@"("I[
{?g+J&Ab
g|~J<R'
gJ[V>4
GKZ@/(@
gM0b^|
GMC	Og
`GNnvW
g%ok@C
*{go][X
g*+PT4
GPW7$m
GradientFill
G]s%1'|
G_S<t_
gT1<#f
(gt/[7
gu&b}y
<<guhP
G[Vx)bk~
GW5"yX
g!|wLqVH7
Gw/Nw)
G#)x0#
G.y*C_i$
gYZ9R8k
; @H=-
H0|et#
h]&0NWd
H1J*"R
h1zk#:
^ h@_4
h6.bOa
H)/)[6Zc
h_a(<`1
ha'	9I
HAPoV-
hAZ+wXS
~ hb]4
HBlW>M
&/`{H>C
H"\D<@
H{D$FAD
H|dh-(
:?-H	Ff
h<!g4\
HGMNe>E
<h:}.h
#HhbFU
hH`lK{
hH=Q5a
hijklmnpo
Hi}+&Yy+
hJgW^l
hj[nZ[2
h]j;y,U
"hKX0'L
HMC4>b
hmYGV<
H:nlYGT
HNWZ~_#
ho_5$y
HoHzO#1
H}:o?wdy
h"P2<,Ncn
HpQ;wE
@:H;P,X
h>p.xp
#H:Qc+
H};Q#=/I
HRf(Ym
(h~*>s
.Hs!	L8D
hSX7XN{-
h&*u:0E*
$h>U9;
H UCH'
h<uFI^
HuWBjvj
hUz^db
HVam$>
hWH/2$
h\X'>1
h*Y?*^"
h@Z>DO
HZ#j?/
:**I% 
$@I}%-
I*/::$
i:/<09
I1Z=x(
i 3M5>3
I5+D:y
I]68l,
:I'-6i
i&7[	_
]:+i/7NA
|i7</Y
i+=9UA
IA`Em~0ta
I(B/|F^q{
ib-]"G
i%B|:K
ibm.Ff
icO]ql
.iC*^S
]IEjv!A
iemBM"
i$]Ep+
IEs01T
iFOO7h
iGbo(W
$(igHx`
IG;sKk*
IgupI=
iguR`Qxd
" iH-A
=,:Ihj
II @gs
II[ gt
iiyR_J
I	Iyxoo
i:j6kC
i)k1t=J
-i{Ki"
i;kkV~
i.kt	^O"
i$lC}]
ILPH24
I{'m\#
I>M8hN
_{$&in
.@In8g
i_nboJ8
INfu;M
InternetOpenA
i<+Ny'4#
`ioYq~
Ipt kl
(I{Q{y+
-%iqZjC
I[TjjR
i.^TsT=
 }I^T=#v
|iv8\p
i\v@t/
{i?W`D
iWlmCqUF
i/WRy{eSh
I+Wv++
I+x"W(
iYH@OQWX
iyWxQJ
iz#1\)
iZ3ED{D
iZj$;>L
+i,ZO	
i@@?/Zwq[
=]^]@j
?j'*0*
J0Uq67
J0YhD{
J}2}pf
=J34w zb6
j5k{^&
J6N]7L
Jac@P`
J aiWWq~
JAP}49
J(AUl=
|j%]B4o
jc3?;%
jC|;7D@e
>$jE5^d
jEGB.iHS
{j|ePf
j&'	Fk
(_J"g|e
]jk5ne
JKKt5N
J}K:o|
jl1|g=
jL$%;f
)!JlG,
j?m.L^
><Jml2L>
jM/V2k4
JncQ`o#
>JOop$
JO%Pn-
JOpZ+|
j'P{rh
Jqiv(-
-jqnbG
jQNnR^
JRR@b]
jS B_Q
},j}SM
':jSxD
$/j}T *
	-j_`U
	J;(v)<
j]wL-$
J`X9?ld
jX'B?	
J(xE!#
~JxVAjJ
Jx|xf{V(<
JyLX=1
jz_Mw[
(K})-#
k0GZt 
K0M:bb
K]0Qwd=
K1rWOd
K|~7~s~
K9XQN=y
k9y#$W
KAu.La~
.KCxKV
kdj$P\f0
K%DO1.
KDybj|
K,E|;@
kernel32.dll
KetJft
KEVE7@m
kfG4%C
%=kF{q
kF,v8s
|kF"x:
>?KgAN
KGD}Tr
\k[GI{
k?G@}&]k
;kgrsD:F
:KhJ#X
kISzg6
kl<:o%!C
klunr_Tj
Kmp@u 
Km:._t
KN/;VSjOi
ko~#[o
_	kPd~
']K;PL
K	P,~M
K|$p|u3?
KqJ' *
K;QROqb
<k)'R{
ks?c_	
kS_K::V
Ktl%rJ
`$=ktTvH
KTwKSA
KU%>Hm`2
%`KUk.
"K$u~P
_-KV<R
kvuSVv
<( Kw0
kWe)dLT
kWV4%:h
Kxa7&$
K?-y`"j
K(+	YM
l14sO?
]l1j\B
L	*=2M
L2Qq$`
l32:.d
"L3Zmf
L6M%!u
`l7|ge
)?@-l8
l8z!nC
L91"tcmnI'|4
`L!9W(
lAkty$
	lBH!|:L
[ =lc%:JA
"lcy!$b
lfbxX0
lFh;YiK
LG#x<	
LH[OOHM
.Li	*A-
	LibcP
lIb&o0{y
LIO<-S
lI't')|
L"J''kr
Ljq'gi
?ljROr
?^LK'm
lLYEl7
\l-}=ME
Lm])K=
LM!TG`
{=Lmv*
(lN:"=H
!L?Nn=]
lnq4~D
LoadLibraryA
_L(oZU
#l"p+9b
L'PGTg`
lqrdy#4
LQzK#G
l,>(Rt
Lru7EM\
*<lTai
ltcwAI}
ltI8'!
LtWg?u
lTzfoUqg
;\<l=u>
l`UOU2
L,u$u(j
lu%v"+'
lU"/;:WG
@lW=wC'
l|Zc3M
=l!zNN
lZw$Qh
_$M]}^:
-M2*PY
#,M5aM
m'5^KB
m`6yIVSf+
?M,7H"
^m7Lrg
MAAOQH
M:B8}n
M>BD!R
m{BiPu
?Mb`n!
m!*br	
*<}MC"
mc*g6"
{MC,pn
m(@+cqd
MD#C!4d
^"mDH|
@)MDuE
MePl:j
m>}f{&]
mf4`8Np
Mg~iZ*
M&g=y,
MHE't'
 ?MHn~X%P
Mi<CNT
miVgRv
%m`}=k
m|^K^&
MKix2k
MK.=PM
mk_T5!
>ml)he=i
mM$c+i<
M#n^\%
MNj&~N
mnpqrst
mNz!n'
]M_O{:
MO`-7	
Mo	[d&
MootR(
MOZ9^+
m$PdC[^
M!__@Q
mq}}0"A
mQ7d><
[M#;qE
M#QKm:
!MqlK}D*
M;R#1U
m~}rCId
;MS8&=
msimg32.dll
mTV]k	
mtzi7 Ov
mV4nWW
@_mVX:$z
+]mWNQ;
MwNVA#
m@wtCus
M]|\x1
	 mxWY
^&MY?%
M/ y&s
mz2]Yy
mz]frD2
 n0G[4
N1w<uy)e
n>4wF}
n6{:3"
n7x6v/a
N!*8+K
n8:.vH
?n/a9`
n,ax{k
n%<Bb~A
Nc&+1?
`~N`ei^
{n:{Er
netapi
,n:/fE|
*NGg6v
$N|Gj~hf
nG	wlu
nH<")?
n+H6q&
N]J"PL
+N`$%Jt
<)?n}K
-NKC H)
Nk.Q,F
n>kXeC"qWb
nlEc(5
*n&Lo3
*_Nm,@
n)!(M[l
NMl|]/
&-(nmv
^!n|NE
nNE$D*c
nN~Xy 
_:>NO.
N>"`O]
nofO7C
?N*pMx
`np_R3+^Gd
|n~rR	
*nu[{#
 nudpqk
NU`^eT;~E
Nu`OwY}
N,Vg&e"
nv<mc6
NV'~oO4Z
NXfiqi
,o0@I8
o"&3<]D
=*O-5l
O6dLTI8
O6GSH\J>
+O)?6>X
O"8>$@
^.O84>s
o8}NH]
o\B)Mb
oBzTs\
~	o>CW1
$o>d	A
od{e!r
(oefx8
oe[K	Z
oEm,{v
)#OeSW
oe%z',
o>%g@V
	oHfiC
OH@WP(
OINH~w
OjBiTY~
Okd2kY-{
okQQD%5
o[L"'`
ol<129X
ole32.dll
oleacc.dll
oleaut32.dll
oledlg.dll
OleUIBusyW
oL}qd4
o(ml9{[
o/]mw\5
+ONo.A
OnpSqz
oN[wzf
oo#+ zwQ
OpenPrinterW
OPQRSTU
/OPS!V
orPe' 
OSRj(2
OtwSSj
OuAqmsw
!.~O>Ugf
OUjXFT<
o?v;)V
^OW%XtfW
`o|wYx
OY1_\J
OyvG<-r
_`o=z#
\@O\zO
Ozzn!Kb
P02lsn@'Z
'p0Y0#8O
P2MI*Y
P-5xtY
p92Ea1
Pa/,6y)
	P$aHr
PathIsUNCW
P`az`]
P}c15|g
peA@/e
Pf\F5Xdf&*3og
;pFTM'
p~FWv4
Phb[3V5V
/PH }k
Ph&Ub	
_pHX)l
pI,?xD
PIyj.x}
*;PiyM
P'J/Dn
+PJ ]kI#
P@[:JOfC
pls[iE
,pm:9V8
PM'D\m
[Pmi0s
-$PM=ij
'pMlSw
p.Mofn[x#
Pn5d]R
PNDON|
_	PO{[JX
P; q 3
p)qN i
PQqdXF
pqrstuvw
pqxfO\
prfNb"
printf
Pr+.ko
P:rpV1
psapi.dll
P!t3S`
pU+B y
p+Uf\v
PUMaskV
/puOW b
#PVI$%7
p\=vo=
+p w	C
)P+.X"
.PXe~RJ
pXvhXN
q;^"%*&
_/Q;+$
q0e-;O
Q45n5Q
(>/+-q!4e	
/Q9{ad&
q9V)sq
*QAQ,f
Qc478'n
'QcaOi
*QcE=gP
QCI0xqo
)<Q@'D
Q;D'TT9
qdX,`T
[- QEH
q%eiuw
QE]M6(S'
$`QF[:
%qF:4;
QFIao$d
Q=F}M'I
"Qfqrm
#Q?'fwTg
QGkPb'
~q(/g	l
[qI}3F
QiPB[*NZ
Qjd\4b;
Q	JiVu
^ qkcr	
+qkLVHH
Q"/KMD(
[QmPE("
.QN8@f=
<qNGiQ
|	qrBj4
Q{,R_y
Q_~(R_Z
Qs/W>oX
|qT`h@
}qTr+D
QUt0z{
qv8X@d7
*q%x?!
qX"Bl&
qXC34?
QXcfz#55Qh=
qYAZJ(
qYe+%=
)qz&!~*
qZ+R.l
=}&`R~
R02c{;
r-0$&w
@r1Nk{
r4&?PGf
r6m*JN
}?R70lX
r7~Idw
R,?)83
;/R8xZb
+rA2[a
rA_bVm
RaiseException
>RB4&r
Rb%bux
# RBHw
=[rb@s
r]c=1TC
r}cF0uy)
RC	n.TE
RC;`ok~=
]Rc]@_^X
;RdA-YP
RdlO&?
RegQueryValueW
#rem){
;r=F&[
-Rf;bl 
RFjW].
RgF.s0
:~R*gL
-	rH-|}\
[RH+#o
: Rich
r&ISM@
^R_!iU
rktxR,
rlB=CK
r Lu"F
^R)<LY
R$m]PU
rmqVF~q_S
r] MWsZS
R#n0iGG
rNf*I**6D
r=nLN6
r*Otf*C0C
rpXG&)aU
Rq1I:Zy
RQG>VH
R}:R\5w
rr:_.N
R/=ssJ`
RsUHr"R9~/
R:|@sY
Ruf]y]
r`u)+KE
r{Un"<
=rV3L?/
'r,Vyw
>rX1)p
r$;XEA
RxWc,r
r?YC;b
R|Z~b'jGrg{
/&+	`&s
$"!s\=
-@s"#1
{+s1m1
s1urE9I
s2|~$r
S2Z tj
S3nV%0
?s5}Qdi'
/$S5Zy
{#,S6F
s8(&1r
&s8G!^
s9"ClB3
Sa0DEG
#sA8EI
S\}aqBY
`_?=Sb
,S&D(,
SelE m
SeMf`F
^S};e|v
sFIaj]
*sFPXBnj
?sFSS*
?,SG?#
S|`'Gk
shell32.dll
ShellExecuteExW
shlwapi.dll
%S~Hnv
shuD^S
s&^hx#
SHy Kl
s&:i{(
}%	S)J
sJBV&?
S:@	Jg
SJM tp
}=sK&l
s&KNut
{<SL"Kr
sl^|q	
<SnL-S
SOFTpW
s	otGYu
sOvz;S#
sOzQcE
SpBwzl
SpI0.'
spv&ub
s|Q <(
sqz"E@
*Ss6Dm
%`ssqKJ
><S^S	v
sT5';tQ
STb;-Q
stomInKi
Strin5g:X
Su'f[Lv+R
	SuK+ss!
su/(|rr
()	$sV
S#vzS<
S.W(=4
sW;~x$
SXE./\K-
sXuYwZH[_{}]
S!zrM,
(.	T\}
+T[;1"
=T3}SGhFE
T#@3VW
T%|4W)
t4(^X 1k
t5BF.Y
?<t :@7
&~&t7/
/	T7:_+G
t>8 5O=
t9&9`*
%T9[^Q?	^
t]^')a~4
tAS &Po
=Tb2$ 
_ +Tc9'j
>TCd:z
tdh)v@
%Tdo'H"}J;
td{`"PE
TdWW+Q
te7$ Q
@TE]kgF
>t] f3
@tFgavc
	TFile
T/f-x1f
Tfyl1Z
!This program cannot be run in DOS mode.
Th.=wKp#
$t*$=I
TIv#$d%
t:js(?
t{@}kc
tkC0U&
$TM3ul
^.Tn}.
tN7+>`
tO^;9U_4B%6
tp),:8
tp&D-(F6
<TpwYM
TqNY&lw
_TrackMouseEvent
&T'Sh).
T.sKcCp
TSmT1;
Tt]!S[j
t_t!xOx
? t@u@B,&
tuu$g~
tv4x8Y
t:vBxJz
t$VeC@f
tvNd.	
T"VZf	
TW:PcP
t`yC^R
t=YT9[C
#+"TZ~
TZ~.XIiV
U0-Cvw.
u0lRV,
U2e:Z'
^`[U2:l
>u2@ZD
u|=8A.J
U'.@9vr
u(`AIK
u?B4z?
:Ub|QX=bta
uB^V~[
u-De*<Zo
u)d{p9R
Uds 7-
}ueg_h [
U<!EO(F
uf.U.K
@U_$\G
uHfMCc6_
U{hn9IG
-UI3-w
u,I4r]A
uIM 01
UjUL!e
 uK.dVK
UlN*Q4
um	j*gy
uNHAx %@
unihq2W
UnkGowZ
U=nr=e
UOO%Tcl
upex	~
uP&j8m
U!pRSX
&$?uQ>
uQ(eP~
uQlVs%
URC1]8%Q
user32.dll
ut`fMemo
UUnp*3
UvG89}
U,=+,W
ux	;a=
UxJ1 E
	:{Uy.
u,	:YK
UzQ"a 
uZz']5K
`,-&~V
[`<^~V!
v03Ft)
V0J&	/ml
v1wfAjT i
v4kq9g
@"v6'$K
v!6&>PE
v7bDr"
V7I`:rR	C
^v8\:[
v]~;8(
v8N4b{
VariantChangeTypeEx
VA*VI_
vC	gs*
!vCxd}
vd~+~b
version.dll
V]Fa<I
vfb1<P
vFr8gNmw
vGS>$j
VG!UmF|
V=\Gv?
/v+h,_
V]h:Cy
VhnGEh	
Vhx( gb
vIdJy[q
VJG{'N
#vKFlA
VK$<FWh
VKj"s_c}
VlGSap
#V%_lt
-V:ms*
[=-^VN^
|VNozgP@
,V{Nu]
+VoAEm
!+/v_p
VP6R1JL
VpFf5Y}s|
vpM`E+
Vq3F(vE6
VQd1_#C
[VR)]8`
}v[RC{
VR#SS{
@Vs0z lTz
*vS$F1C
[)vV	h
[Vv<z7H
V(Wk;~G_1
vxaN1Kt
$VX' M5O
v;{Xva7e
v(x@zH
-VyHo"!
v,z s-}
;.W~;.
	W@0Qqr
W1F8+U
w}&2|E
}w5hD+
<W7HhU
~w!7x[/
W^!AK%):S
W&bC>9
wC\3H4K
wCHcX&
 w#'{D
#Wdpqjrl
WDv+:R
WdyAAQ
]wEEd<$fXv;
W@eXP8
W+EYVj
-wf/9-
WF?D(R
WfWJL"E
.*WGe^b
:|WH;_
W;HAi]L
Whan=p
.	W~he
Wh.x<$
wininet.dll
winspool.drv
W-j7#X6n
wJ&jl!
wLGmB:
`W%pJm-
\~|;wQ
Wripb--B~U
W|SaJ^
w_sYC6
wT	b^P
Wu=0Y13<
W)u*DG
]wu)/o
wuZ.|b&
 W%VGZ
Wv!R]p
<	Wv<Z
`w|wYp
`W}x~7
] &&Wxj
;]wXjKt
wY$7_=
Wy!VF*J%u.
w&;@ Z
x$"/0D
X0@?X&0?
x1`_d:a
X2?3^q
X<#=27+
[:x3&8i
`x?3PO
<X9b=J
X9l(&c<
[]|Xa'
x/a12$v
XA.3|+
#X[CWch
x/@+D&e
Xd:M72
/;>X]e
XEy5+[9q
X#)f[A
xfcgWJ
-xi6|iX
[XjN@:
<"XJt\
xK{vVG
xkz,w|`
|X:L9R
/xlOER
+(Xn&]
`X[N'K
#XpK[9
?,>X#Pm
xq"6<RM
xQz1?L
~xR1O"
XsG]?|)a'
)xsmeGp1
XSQWRV
x|.[T:pf
Xtq#TW
/%XWb0
XWdz5>9g
X_x14?-GX
xyDJ[@~&
x_zc|g~k
XZn(Ii
|XZZyr
"Y0d8'.
 y\0oo
y2"i[]
y*2w=ac
Y3XLMPi
y7Uv~v
y8YtG*
y9r.t}3
YA b^}VZL
Ya%KN$
ybD,l_
yb#|'ER
yc%iK	{
Y%c)lt
+ydM\U
,Y-do[
yduKEfU\
<y+E8K
'yEr/d#
y"FgZ%2&
#y|H%>
YhG);b	c
$*Yi-r
Yi>"xT
\.)]Yj
"YJa_ne
Y?j[+vh'
*yj%xu
YKC_0^4
yKK&wS
y$lb|-
ylS9 O
	\yL.X'
*ymgob
Ym<I7eD
YMz}e0
yo[/d_
~Y--P$
y_QgwG
Ys9Gdg
ysg6f`?
yt_uG3Kn]M
@yU%~1F
`Y}]v]
"ywt~p
yx},5~o
y*"X%d
yX:{lP
_YydZYy|
{}\:yz
yz01234
"=yZ]L
$yzr%t%C
#,&\z'
Z1@UbU
z\$2C&6
Z4s'wG
z*?`4yTs
Z7Jw96
_@Z87xWX
Zabcde8fg
z:Al>D
zba+[\9
ZBi@4!|
+Zb?.O
z=bQ<42
Z%|!=c
`ZC3ov
Z)^C;s
#zCZ?W
Zd"Mmt
zDqCA|F
ZdVvxt
z+F*Wb
?z.%-.g
ZG_vGT
zHpM_n
	?ZH>Q
Zi8*RY
z\i@GvD
Z"-j,H
ZK6QwW
z'kGt]
<_ZL{+
?Z{l6DW
-ZLltq
Zm?`#x
ZNa\>@8
{Z,,nLXW
z-[NPRu
]=zN!z(
[zo;b9
~ZOe}f
./]~zP:;
ZS~MA%7
'<#Z{u
zUUM3C
 zUYxf
][Zv4bq
>ZvQb.[
-ZW#{&
;Z!=Wh
Zw/I*x
':zxV+
Zyd2%5
^Z_Y:z[
Zyz[)y	
?z[)%z
]ZZU	W