Analysis Date2014-11-22 23:16:48
MD517a9626c66595e00296616f1a90e3ad9
SHA17a2deba30d43dfd45ec87a9af0150811f3cb65f0

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
AV360 SafeTrojan.Encpk.Gen.4
AVAd-AwareTrojan.Encpk.Gen.4
AVAlwil (avast)VB-AIKK [Trj]
AVArcabit (arcavir)Trojan.PSW.Tepfer.stww
AVAuthentiumW32/PWS.GKDX-4248
AVAvira (antivir)TR/PSW.Tepfer.stww
AVBullGuardTrojan.Encpk.Gen.4
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.VbInject.LD3
AVClamAVno_virus
AVDr. WebTrojan.Packed.25105
AVEmsisoftTrojan.Encpk.Gen.4
AVEset (nod32)Win32/Injector.ATMJ
AVFortinetW32/Injector.ATCM!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Encpk.Gen.4
AVGrisoft (avg)Dropper.Generic9.FNR
AVIkarusTrojan-PWS.Win32.Tepfer
AVK7Trojan ( 0049162e1 )
AVKasperskyTrojan-PSW.Win32.Tepfer.stww
AVMalwareBytesTrojan.Inject
AVMcafeePWS-Zbot.gen.oj
AVMicrosoft Security EssentialsVirTool:Win32/VBInject.gen!LD
AVMicroWorld (escan)Trojan.Encpk.Gen.4
AVRisingno_virus
AVSophosTroj/Agent-ADBJ
AVSymantecTrojan.Zbot
AVTrend MicroTSPY_ZBOT.SMUL
AVVirusBlokAda (vba32)TrojanPSW.Tepfer

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\3d77_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 196

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 196

Network Details:


Raw Pcap

Strings

@@,<
!0+,-
040904B0
'*2$*55?##/$1.
@@"4
4.01.0454
4VB|
(]=?84V1
91<-
AccessKeyPress: 
*\AD:\a498d7az879a8zd\REeB.vbp
AmbientChanged: 
AmbientChanged: all
AsyncReadComplete: 
bVShxS
Click
CompanyName
d2uDI5z3HHk
DblClick
Dino1
Dino1.exe
DragDrop: 
DragOver: 
EnterFocus
ExitFocus
FileVersion
GotFocus
hF9RH
hRAWuthv
Initialize
InitProperties
InternalName
ireeghjkrdy
KeyDown: 
KeyPress: 
KeyUp: 
KZDMLv
loihytgvfd
LostFocus
LOWNb6ilU1s
MouseDown: 
MouseMove: 
MouseUp: 
Name
OLECompleteDrag: 
OLEDragDrop: 
OLEDragOver: 
OLEGiveFeedback: 
OLESetData: 
OLEStartDrag: 
OriginalFilename
Paint
ProductName
ProductVersion
rA133F000-CCB0-11d0-A316-00AA00688B10
ReadProperties
Resize: 
s361
seh~fnpkotfo.fo
StringFileInfo
Terminate
Translation
+'U>
VarFileInfo
VS_VERSION_INFO
WriteProperties
ygEDXFXb
-----------------------------0012112B62962E71
-----------------------------0012112B62962E71--
-----------------------------053120535474291C
-----------------------------053120535474291C--
-----------------------------06A30D2F478C2BC0
-----------------------------06A30D2F478C2BC0--
-----------------------------07BD5E2038D83006
-----------------------------07BD5E2038D83006--
-----------------------------09365E8A55061F81
-----------------------------09365E8A55061F81--
-----------------------------0B57033A4BB61EE1
-----------------------------0B57033A4BB61EE1--
-----------------------------0E676AE632CC2358
-----------------------------0E676AE632CC2358--
0Z@	dla
11/a><
-----------------------------11B55DBA06B1302A
-----------------------------11B55DBA06B1302A--
-----------------------------11CF6E7C1BAE262D
-----------------------------11CF6E7C1BAE262D--
-----------------------------12D6423A21122147
-----------------------------12D6423A21122147--
-----------------------------142F1E547F2D2DE8
-----------------------------142F1E547F2D2DE8--
-----------------------------15CD1924732B2FBB
-----------------------------15CD1924732B2FBB--
-----------------------------18CA039D6E592B06
-----------------------------18CA039D6E592B06--
-----------------------------194E2D7C710B2893
-----------------------------194E2D7C710B2893--
-----------------------------1D6568E65D852824
-----------------------------1D6568E65D852824--
1e562854685255h55
1.Hl9Q
`1^TDh
-----------------------------247A0EC9452D2300
-----------------------------247A0EC9452D2300--
-----------------------------24B819F131FB2B5B
-----------------------------24B819F131FB2B5B--
-----------------------------266F25843AF72331
-----------------------------266F25843AF72331--
-----------------------------275D68802B5D2848
-----------------------------275D68802B5D2848--
-----------------------------284C2B7C1BC42D5F
-----------------------------284C2B7C1BC42D5F--
-----------------------------28E9661D337320EF
-----------------------------28E9661D337320EF--
-----------------------------29D7291A23DA2606
-----------------------------29D7291A23DA2606--
29pm~WB 
-----------------------------2CA8059D1E222222
-----------------------------2CA8059D1E222222--
-----------------------------2CE710C60AF02A7D
-----------------------------2CE710C60AF02A7D--
2,Gbyd/<
2I!4BO
-----------------------------3094331309B62284
-----------------------------3094331309B62284--
-----------------------------3156681A7936286C
-----------------------------3156681A7936286C--
-----------------------------356D238465B027FD
-----------------------------356D238465B027FD--
-----------------------------3C8249674D5822D9
-----------------------------3C8249674D5822D9--
-----------------------------3CC0548F3A272B34
-----------------------------3CC0548F3A272B34--
3rW$>SH
-----------------------------41041DEF278729F4
-----------------------------41041DEF278729F4--
-----------------------------41DF63B82C0525DF
-----------------------------41DF63B82C0525DF--
-----------------------------437D5E88200327B2
-----------------------------437D5E88200327B2--
-----------------------------442D165C239B246E
-----------------------------442D165C239B246E--
444nHHH
-----------------------------4ABE1260089121BD
-----------------------------4ABE1260089121BD--
-----------------------------4D755E226DDB27D6
-----------------------------4D755E226DDB27D6--
-----------------------------4FD60DFA515A2F90
-----------------------------4FD60DFA515A2F90--
-----------------------------514E0E646D871F0C
-----------------------------514E0E646D871F0C--
-----------------------------548A0405558322B1
-----------------------------548A0405558322B1--
-----------------------------55202B17441E296A
-----------------------------55202B17441E296A--
562854685255h55
562854685255h55221548949mm562854685255h55
-----------------------------5704449F4E00206F
-----------------------------5704449F4E00206F--
-----------------------------581E15903F4C24B5
-----------------------------581E15903F4C24B5--
-----------------------------5C3550FA2BC62446
-----------------------------5C3550FA2BC62446--
-----------------------------5E6972DD0E5E2CD2
-----------------------------5E6972DD0E5E2CD2--
-----------------------------6216152A0D2424D9
-----------------------------6216152A0D2424D9--
-----------------------------62C64CFE10BC2195
-----------------------------62C64CFE10BC2195--
-----------------------------63F21B236DF02F07
-----------------------------63F21B236DF02F07--
-----------------------------640C2BE502EE250A
-----------------------------640C2BE502EE250A--
-----------------------------65AA26B576EC26DD
-----------------------------65AA26B576EC26DD--
-----------------------------6B2051C76A961FE6
-----------------------------6B2051C76A961FE6--
-----------------------------6EE0714855452119
-----------------------------6EE0714855452119--
6IrDv{
6W,4_Ol
>(6W.b
-----------------------------70525E23485D23BD
-----------------------------70525E23485D23BD--
-----------------------------71F058F43C5B2590
-----------------------------71F058F43C5B2590--
-----------------------------728600062AF52C49
-----------------------------728600062AF52C49--
-----------------------------75455F5639551F39
-----------------------------75455F5639551F39--
-----------------------------79AD231C7E863051
-----------------------------79AD231C7E863051--
-----------------------------79C633DE13832654
-----------------------------79C633DE13832654--
-----------------------------7ACE079C18E7216E
-----------------------------7ACE079C18E7216E--
-----------------------------7BE8588D0A3325B4
-----------------------------7BE8588D0A3325B4--
-----------------------------7DC45E866B002FE2
-----------------------------7DC45E866B002FE2--
' A#~3
altblssyeeibwh
B\{f)@
  </binary>
  <binary>
BoundText
<<<c&&&
%C`/?!
{c^\[\^^_aabddeghijklmnnpqqrttuwwx8EF99I
C?b[:eu
ccc!xxx
CloseHandle
Content-Disposition: form-data; name="metadata"; filename="10d31ca5ce10d351d8bc2459f2ddc4a64ebd0cb29b5e0c7c8d18f198ad56dbbe.xml"
Content-Disposition: form-data; name="metadata"; filename="12cce6d610ee7fcece782000aed97e1ab6ec29024ff7f7f5ad529d8ef6e57187.xml"
Content-Disposition: form-data; name="metadata"; filename="13f1674d8e126120e59548ab4101e1e2428389ced04cef1f247e49f67025a180.xml"
Content-Disposition: form-data; name="metadata"; filename="16308ee09f21eb4db0c394966525752040d9d622c64321a44a4f1a816903e61a.xml"
Content-Disposition: form-data; name="metadata"; filename="1933280ceb980b10d56a117957aef05291fc8b8f78e0ac93bcdea580293b2793.xml"
Content-Disposition: form-data; name="metadata"; filename="2191d0d044deb66e76fb250c1bb10599c0adc5c88bdbc13c4d7ea4e758f102c8.xml"
Content-Disposition: form-data; name="metadata"; filename="29f5d449beff9c412b027d1e284260e92163a3a6b91862dd3e7885bd211cb8a9.xml"
Content-Disposition: form-data; name="metadata"; filename="3150d0cdcace36261ea630626e45b09c2fe17e9db13c0671c346d8132ec883c0.xml"
Content-Disposition: form-data; name="metadata"; filename="333909d51b5a254fdd875984da752296532645ec62a68daa9c5f16c4c00526b6.xml"
Content-Disposition: form-data; name="metadata"; filename="36016cc992b43a3bf270c520fa005c6b3286b0fc295079ea143d0ddb48c71e0f.xml"
Content-Disposition: form-data; name="metadata"; filename="39503aee11316b4d8a6d7e55ab99c644cc959fd8eb6e3bdf465591398dcac41d.xml"
Content-Disposition: form-data; name="metadata"; filename="3adc79de1c27faa2dbb04683db9461388a0da276aee0df9baa853d92c571eb8f.xml"
Content-Disposition: form-data; name="metadata"; filename="3b52d1da24fda5616f01046c55980ec6fbb8d64236d44c7891c7943d7863f523.xml"
Content-Disposition: form-data; name="metadata"; filename="3fb1aa99d741b500c8f19a92335f712c969d6f8022d129151cf25024a3e40bab.xml"
Content-Disposition: form-data; name="metadata"; filename="4441585439201c5568db407d8c163222ee3a70738d71d5612fbb66f02ff1d835.xml"
Content-Disposition: form-data; name="metadata"; filename="444f14af8a519ed81eefdf5988f834d63050d3c82f3e7558e56bb2e78b662ded.xml"
Content-Disposition: form-data; name="metadata"; filename="4d5c3334ea416d702e490e8d6d74902926a923075ebe2b191a91b6e17bad0c62.xml"
Content-Disposition: form-data; name="metadata"; filename="5466e4c0f47aa4ba220e5e0f60e1c58aa991d7f3ac0d45a6087a3453553049fa.xml"
Content-Disposition: form-data; name="metadata"; filename="5d2a7f0872f5959fb93f8ce2125a7b2eb5683ac8ae736c861df3dd2d944ce9d8.xml"
Content-Disposition: form-data; name="metadata"; filename="632dabf60fb086167975e6739c63286131e067e22782c30ec1ae878d3d6f2a7c.xml"
Content-Disposition: form-data; name="metadata"; filename="6d3c9d59e86e747cd25700d48d81cc92bed9e8a2b349313191384098948f818f.xml"
Content-Disposition: form-data; name="metadata"; filename="7060ac727f6db7be8ed049f64d6a2a9766bd3d5ec0cba4078d16533264f24378.xml"
Content-Disposition: form-data; name="metadata"; filename="724f53d6367915cc506c20a750509f6bd1f942b42058ab868b3924fc252227e5.xml"
Content-Disposition: form-data; name="metadata"; filename="7357fc1ae3d46904cd5d50deb15c4b63c857d47d8acce4d387ecf573c4ea4498.xml"
Content-Disposition: form-data; name="metadata"; filename="7372ce64c6f7c419a2c927898d07c30563170af17b3a301f7c97912267521dd6.xml"
Content-Disposition: form-data; name="metadata"; filename="73fe7d778e2776fd1509508e548d1152f2ddc3b84a8bf29c2f0b6ef8a750fca9.xml"
Content-Disposition: form-data; name="metadata"; filename="7758de23c82331709cb9dc453452a46c3cc7f03f4949d3be7a7cc2f13e199ca7.xml"
Content-Disposition: form-data; name="metadata"; filename="831aac30ffb9a71fb7d85bfb014b7cc498e2f8ab35b87226748d2a68e9a9e173.xml"
Content-Disposition: form-data; name="metadata"; filename="84ab402dba749258dd6ef9065435d559f32a811a7e93a8cd01e0ac779d21f4a9.xml"
Content-Disposition: form-data; name="metadata"; filename="865577a3e59b1f275fea57441057d899f43e6e49d0e579e2ba59e7834b059077.xml"
Content-Disposition: form-data; name="metadata"; filename="8dbfa3d78d6c8fc5830cb18544d7ee31e9e6f77e8b54b3d582c2ba30e305f294.xml"
Content-Disposition: form-data; name="metadata"; filename="8e0331deea662c53bd7b67dcb6cfe1489dfee4d7e532c206df784c1a20d1f3f7.xml"
Content-Disposition: form-data; name="metadata"; filename="95f45ab07a506e513feaaae408594655fdabce732623e3a48f03d60ee9d7acaa.xml"
Content-Disposition: form-data; name="metadata"; filename="96381b156f8dd581b514f0ff3ed598d064141385db20f7fa1f10a1550a7456f3.xml"
Content-Disposition: form-data; name="metadata"; filename="985ec488da62146090556d850f8ca44aff5ff8f50871e2c1509b182970253fa0.xml"
Content-Disposition: form-data; name="metadata"; filename="9969c626320cfbea5996d4c03b70e5de7adc2c8e997b8349e74453456e7dda62.xml"
Content-Disposition: form-data; name="metadata"; filename="a8c7bd28a75efb37a5d011218a1812f6f0d4e8d7cbee16d7c4d22d1c7ff65bac.xml"
Content-Disposition: form-data; name="metadata"; filename="b843bd05e81ce4e7d98bfa35f07b54758c56508c1cbe06926c0a4e291da2748c.xml"
Content-Disposition: form-data; name="metadata"; filename="b8fa444247d24ee91b0fc97d87fe226a3c0fbdc416be1a3076d5074e19fb4c48.xml"
Content-Disposition: form-data; name="metadata"; filename="bee34830e4cfebbd3775888a29ecb77fa24d7dd9d2fd7fa62ab782ecae367eed.xml"
Content-Disposition: form-data; name="metadata"; filename="c73bf040689816640135d0fa129ec9c5087415569202e4172043414bec8b9511.xml"
Content-Disposition: form-data; name="metadata"; filename="cd247faeb922da3b1744989fac8be6b90440da15a23eda8007d70e92010e9446.xml"
Content-Disposition: form-data; name="metadata"; filename="d1ae2b621cb29df512776eb4fea4db973d23830a5fe12600c6552b06120b646d.xml"
Content-Disposition: form-data; name="metadata"; filename="d6436b24c7a7345e7ba15d18907f88e810f5073dfebb56629abfb84fe0da96e0.xml"
Content-Disposition: form-data; name="metadata"; filename="d78eeeae81c197fd052d7e0706f9add7de7746df8deb5853ca59aadc33d66e0d.xml"
Content-Disposition: form-data; name="metadata"; filename="d7afea8033d4e69802092fe83e9ff93ccfc80f902f1b7552c8f846e8392111cb.xml"
Content-Disposition: form-data; name="metadata"; filename="d84ffcbd5bb2cca87b89763b606962a62b173fdb2df225cd365eafb5e54dd836.xml"
Content-Disposition: form-data; name="metadata"; filename="dd972d39cd024b963150d6ff9094783e865c218b65706f1857ee95f2a02e85f4.xml"
Content-Disposition: form-data; name="metadata"; filename="e378d0f7cfe0d753b3bdaeef31d09662a73efe9498a9c2d1fc339f6b2a62acec.xml"
Content-Disposition: form-data; name="metadata"; filename="e45988459b5371c819b0e66888c846f1122ce12a778db7c673ca66e9dcfd1fe9.xml"
Content-Disposition: form-data; name="metadata"; filename="e4f089366508f5b2462a26fa766e5555635741f74b35777c9ec1e83c62b6dd79.xml"
Content-Disposition: form-data; name="metadata"; filename="eabbd8f086ac73ae344f72abf160c21d75aa77eddec06fd5c9a59f55c598fab1.xml"
Content-Disposition: form-data; name="metadata"; filename="eea30bf76bb3d5fd638419ce9ad05dde1659cdff3b599aef958005ec637529a0.xml"
Content-Disposition: form-data; name="metadata"; filename="f2503ee5bb8c296f388267d5db2f8221407d4d29c1ca605ec742b3687c6cc0fa.xml"
Content-Disposition: form-data; name="metadata"; filename="f3a3df7712536c58903f3987cc753eb2dfd854ffa53bec310b2b23d34a558118.xml"
Content-Disposition: form-data; name="metadata"; filename="f4628a91b79cd9b7f5b88eb9d1be1ccebcb90751d918c6c5192ae6c209358684.xml"
Content-Disposition: form-data; name="metadata"; filename="f5a39e992c683481bfd37acf8768d7459b56c10551fe40bdd2b7e80a5fec49b7.xml"
Content-Disposition: form-data; name="metadata"; filename="fb3689b82384612acc10943c50c7e4059c16ec5df1bdf33f4a4088d8eba93be0.xml"
Content-Disposition: form-data; name="metadata"; filename="fc7118dc9a6541561865579a479852ca4159a4bd5f1cd6b0abd983c2b4b3e7f2.xml"
Content-Type: application/octet-stream
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
CreateFileW
d	9~9muN
`.data
DataCombo
DataCombo1
~DataCombo1
DataList
DataList1
DC[82.S
DefWindowProcA
}d^ekklnnopqrsttv
^^^!]]]djjj
DllFunctionCall
euAyp5
Events
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
F0!!Hg$=
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\00372FD3-FBB0-4D61-B83E-9C6BD4EAF0EE.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\05A29644-D603-47BC-A7E8-02802AD9639B.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\05ADEE0F-FCAB-4B6B-8B7C-55B0064E5619.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\0767B2E9-464D-4009-8234-4EADD1CA2C3A.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\09905FD3-C5CE-4E9A-A83F-C2634A8F40EC.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\0B594E46-8F34-4796-BB84-77FBBDCA2303.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\110B159E-F356-47D1-A477-CB9E4505BE26.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\11810974-2BD2-46D8-BDEB-A4F4ABF89285.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\17DD04E2-6E7F-4796-9C6F-576606F63E8E.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\228363E2-3818-47A0-A571-2405E378E341.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\247E74FC-6229-4B8C-8471-E9026E040F6C.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\32ADA1F2-EF69-44F5-9065-7E2E1D6FD1F7.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\34923232-C57A-4F47-A36A-E05DF07EDEF1.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\363000FA-80B4-489F-A1B5-0CB0D17F42D2.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\3DE4B9D5-F29D-4F1C-AE49-87A7D99D97B0.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\421FAD21-9D45-472F-AE41-EAAD3B6F3885.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\44391F44-A1C3-4ADA-992C-0079C3C2C2A8.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\47465726-2688-43F0-A2D0-0B3270610A29.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\481D6CD5-4DC3-4441-9DEB-BD2AD479AD39.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\48BF856A-F338-450B-91CC-DD0E6F567D38.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\52468E44-5A00-4BED-9636-BF11FE325A71.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\535965B5-0C9A-4220-9ABB-2F00F4294DE3.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\5BC858B6-FA15-4760-ACE8-1943652EBC25.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\616629C7-7406-4651-BC32-380EFE2CEB5B.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\654FE4F1-FD7A-4DB2-9BB3-982C7CBAB014.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\690CB9CA-F24D-40D2-A282-C90A46F0C5B7.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\69BCBE1A-03BB-4576-8807-E23AE6820B23.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\6E52DFE9-ACCC-49A6-9513-22E170E13BEF.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\70708EB3-7408-4A76-A87E-91361862CC46.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\71E6935E-384E-4B1D-90DB-C299FC9E7629.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\77EE687B-AA76-425F-BFCE-0DD40D9644A3.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\7BD875DC-53C6-432F-8929-CF47CA3E15C9.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\81F77F3D-B615-4DD5-BEBE-FA5E4391857B.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\875D1B63-B1BA-4ED5-A2D8-6F5E000382A5.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\96362B9C-F22A-4905-AC89-CA8278C73172.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\9AD63473-2E41-48CB-96BA-CDF5F6482059.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\9BA7A3BF-0841-44E3-92E9-3D58C482068D.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\A129C832-4D4C-4540-8985-DEEF89B4179C.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\A2512080-4B7C-4EAE-8D97-E57CE1CF3AFE.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\A8516BD0-76F8-4336-8141-9C1D4BFD1F0B.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\AE9F194F-B986-4FE1-A0E8-51379C1A91FD.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\B45BC5B1-A2DB-44DC-97B9-B86486BFAD17.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\B4EF0AFB-4A80-494C-85EA-17A8EB06ADB4.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\BD662AC4-2F07-4329-9D41-2D0536456064.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\D2F4D458-9951-47FB-AA6C-72CC49BFBECD.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\D8A1A6DA-FABB-4532-AFC2-4A7A7DE20D7F.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\DAC620F5-60FE-4889-B49F-BDEC8F75A68A.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\DB47B0B4-49C8-4F1F-87C3-F819EBCC1634.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\DD47D684-1CE2-42C6-AAAE-08A2604C0447.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\E1BEBF14-1271-45BB-A9CA-EB3F6F1B4587.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\E1D5A4EF-4BC1-4F47-BF46-2BE01A3880D3.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\E3AD1268-D0D0-4461-9F4D-88BF78A1EBE4.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\E4BFB47D-4CBF-4AF1-99B3-B6F16C89C3FD.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\E4E4F077-5647-44DD-ABA9-6A13C7994009.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\E5ECB415-04AE-467D-AE93-ACCC3692E2AD.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\ECDB0550-EA21-41CE-995E-DDEA6B0ABAEB.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\F7BF1F68-DEB8-4CE2-A72C-1CBE5E951A55.mtmp</filename>
   <filename>\\?\C:\WINDOWS\system32\Ocular\Temp\F856FFA9-FEF0-4B2D-AF84-E770F46C25E7.mtmp</filename>
   <filename>\\?\E:\downloads\solaris-9-intel.zip.crdownload</filename>
Frame1
FreeLibrary
F#{[zq
fZSUWXY\]^abcfhikmnprsuwxy
g^adfghikklmnopqqsttvwy
GCtA:j
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
]G,''}Y=
H5;4c_
HgBf8L
---?HHH
h/i->~
H			u)))
I5)L{c
   <innerfile>1</innerfile>
J[<\|'~
jjoaal
	jx!C7
kernel32
kernEl32
kernel32.dll
kernEl32.DLL
kh|]2G
kijnbg
~k-K~@
k`XVXXZ[[\^^_aabddeghijkkmnnpqqrttuwwx7GDC
L}A~OMM
l`imoqrsy
llllllll
{llllllllostt
LoadLibraryW
lolololp
@*_mbD
MethCallEngine
M!jO4D
MSDataListLib
MSDataListLib.DataCombo
MSDataListLib.DataList
MSDATLST.OCX
MSVBVM60.DLL
n^2Nd,
/NGHyYy
nhbgvfcdl
o%8EQy
O8"h3_
o_^_aabddeghijklmnopqqsttuwwz:
OduB|-V
(({OIPwe
o=L !gR
'oMlVN'T
ON!$FM
OpenProcess
#(o(Ww
/p&3JV
P3=S8\
P"@,=ks
PPPBMMMv???=
PQQSTTVXXY[[\^^_`abcddfhhjkk
ProcCallEngine
Process32First
Process32Next
PropertyPage
PropertyPage1
pXAR+EY
qC:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc30554.oca
Q-e@a.
qlllov
QRTTVXXY[[\]^_`abcddf
r_`dghjlmnqrsvw{
ReadFile
Re%rGn)
rJe(o	
RowMember
RowSource
RSTVXY[]^`bcfs
RtlMoveMemory
-rTu^L
```S___
   <sha256>10d31ca5ce10d351d8bc2459f2ddc4a64ebd0cb29b5e0c7c8d18f198ad56dbbe</sha256>
   <sha256>12cce6d610ee7fcece782000aed97e1ab6ec29024ff7f7f5ad529d8ef6e57187</sha256>
   <sha256>13f1674d8e126120e59548ab4101e1e2428389ced04cef1f247e49f67025a180</sha256>
   <sha256>16308ee09f21eb4db0c394966525752040d9d622c64321a44a4f1a816903e61a</sha256>
   <sha256>1933280ceb980b10d56a117957aef05291fc8b8f78e0ac93bcdea580293b2793</sha256>
   <sha256>2191d0d044deb66e76fb250c1bb10599c0adc5c88bdbc13c4d7ea4e758f102c8</sha256>
   <sha256>29f5d449beff9c412b027d1e284260e92163a3a6b91862dd3e7885bd211cb8a9</sha256>
   <sha256>3150d0cdcace36261ea630626e45b09c2fe17e9db13c0671c346d8132ec883c0</sha256>
   <sha256>333909d51b5a254fdd875984da752296532645ec62a68daa9c5f16c4c00526b6</sha256>
   <sha256>36016cc992b43a3bf270c520fa005c6b3286b0fc295079ea143d0ddb48c71e0f</sha256>
   <sha256>39503aee11316b4d8a6d7e55ab99c644cc959fd8eb6e3bdf465591398dcac41d</sha256>
   <sha256>3adc79de1c27faa2dbb04683db9461388a0da276aee0df9baa853d92c571eb8f</sha256>
   <sha256>3b52d1da24fda5616f01046c55980ec6fbb8d64236d44c7891c7943d7863f523</sha256>
   <sha256>3fb1aa99d741b500c8f19a92335f712c969d6f8022d129151cf25024a3e40bab</sha256>
   <sha256>4441585439201c5568db407d8c163222ee3a70738d71d5612fbb66f02ff1d835</sha256>
   <sha256>444f14af8a519ed81eefdf5988f834d63050d3c82f3e7558e56bb2e78b662ded</sha256>
   <sha256>4d5c3334ea416d702e490e8d6d74902926a923075ebe2b191a91b6e17bad0c62</sha256>
   <sha256>5466e4c0f47aa4ba220e5e0f60e1c58aa991d7f3ac0d45a6087a3453553049fa</sha256>
   <sha256>5d2a7f0872f5959fb93f8ce2125a7b2eb5683ac8ae736c861df3dd2d944ce9d8</sha256>
   <sha256>632dabf60fb086167975e6739c63286131e067e22782c30ec1ae878d3d6f2a7c</sha256>
   <sha256>6d3c9d59e86e747cd25700d48d81cc92bed9e8a2b349313191384098948f818f</sha256>
   <sha256>7060ac727f6db7be8ed049f64d6a2a9766bd3d5ec0cba4078d16533264f24378</sha256>
   <sha256>724f53d6367915cc506c20a750509f6bd1f942b42058ab868b3924fc252227e5</sha256>
   <sha256>7357fc1ae3d46904cd5d50deb15c4b63c857d47d8acce4d387ecf573c4ea4498</sha256>
   <sha256>7372ce64c6f7c419a2c927898d07c30563170af17b3a301f7c97912267521dd6</sha256>
   <sha256>73fe7d778e2776fd1509508e548d1152f2ddc3b84a8bf29c2f0b6ef8a750fca9</sha256>
   <sha256>7758de23c82331709cb9dc453452a46c3cc7f03f4949d3be7a7cc2f13e199ca7</sha256>
   <sha256>831aac30ffb9a71fb7d85bfb014b7cc498e2f8ab35b87226748d2a68e9a9e173</sha256>
   <sha256>84ab402dba749258dd6ef9065435d559f32a811a7e93a8cd01e0ac779d21f4a9</sha256>
   <sha256>865577a3e59b1f275fea57441057d899f43e6e49d0e579e2ba59e7834b059077</sha256>
   <sha256>8dbfa3d78d6c8fc5830cb18544d7ee31e9e6f77e8b54b3d582c2ba30e305f294</sha256>
   <sha256>8e0331deea662c53bd7b67dcb6cfe1489dfee4d7e532c206df784c1a20d1f3f7</sha256>
   <sha256>95f45ab07a506e513feaaae408594655fdabce732623e3a48f03d60ee9d7acaa</sha256>
   <sha256>96381b156f8dd581b514f0ff3ed598d064141385db20f7fa1f10a1550a7456f3</sha256>
   <sha256>985ec488da62146090556d850f8ca44aff5ff8f50871e2c1509b182970253fa0</sha256>
   <sha256>9969c626320cfbea5996d4c03b70e5de7adc2c8e997b8349e74453456e7dda62</sha256>
   <sha256>a8c7bd28a75efb37a5d011218a1812f6f0d4e8d7cbee16d7c4d22d1c7ff65bac</sha256>
   <sha256>b843bd05e81ce4e7d98bfa35f07b54758c56508c1cbe06926c0a4e291da2748c</sha256>
   <sha256>b8fa444247d24ee91b0fc97d87fe226a3c0fbdc416be1a3076d5074e19fb4c48</sha256>
   <sha256>bee34830e4cfebbd3775888a29ecb77fa24d7dd9d2fd7fa62ab782ecae367eed</sha256>
   <sha256>c73bf040689816640135d0fa129ec9c5087415569202e4172043414bec8b9511</sha256>
   <sha256>cd247faeb922da3b1744989fac8be6b90440da15a23eda8007d70e92010e9446</sha256>
   <sha256>d1ae2b621cb29df512776eb4fea4db973d23830a5fe12600c6552b06120b646d</sha256>
   <sha256>d6436b24c7a7345e7ba15d18907f88e810f5073dfebb56629abfb84fe0da96e0</sha256>
   <sha256>d78eeeae81c197fd052d7e0706f9add7de7746df8deb5853ca59aadc33d66e0d</sha256>
   <sha256>d7afea8033d4e69802092fe83e9ff93ccfc80f902f1b7552c8f846e8392111cb</sha256>
   <sha256>d84ffcbd5bb2cca87b89763b606962a62b173fdb2df225cd365eafb5e54dd836</sha256>
   <sha256>dd972d39cd024b963150d6ff9094783e865c218b65706f1857ee95f2a02e85f4</sha256>
   <sha256>e378d0f7cfe0d753b3bdaeef31d09662a73efe9498a9c2d1fc339f6b2a62acec</sha256>
   <sha256>e45988459b5371c819b0e66888c846f1122ce12a778db7c673ca66e9dcfd1fe9</sha256>
   <sha256>e4f089366508f5b2462a26fa766e5555635741f74b35777c9ec1e83c62b6dd79</sha256>
   <sha256>eabbd8f086ac73ae344f72abf160c21d75aa77eddec06fd5c9a59f55c598fab1</sha256>
   <sha256>eea30bf76bb3d5fd638419ce9ad05dde1659cdff3b599aef958005ec637529a0</sha256>
   <sha256>f2503ee5bb8c296f388267d5db2f8221407d4d29c1ca605ec742b3687c6cc0fa</sha256>
   <sha256>f3a3df7712536c58903f3987cc753eb2dfd854ffa53bec310b2b23d34a558118</sha256>
   <sha256>f4628a91b79cd9b7f5b88eb9d1be1ccebcb90751d918c6c5192ae6c209358684</sha256>
   <sha256>f5a39e992c683481bfd37acf8768d7459b56c10551fe40bdd2b7e80a5fec49b7</sha256>
   <sha256>fb3689b82384612acc10943c50c7e4059c16ec5df1bdf33f4a4088d8eba93be0</sha256>
   <sha256>fc7118dc9a6541561865579a479852ca4159a4bd5f1cd6b0abd983c2b4b3e7f2</sha256>
  </signature>
  <signature>
SlVP<<
SSSBvvv
SSS!SSSt___
SystemParametersInfoA
tbWQRSTTVXXY[[\^^_aabcdeghijkkmnnoqqrttuw
TerminateProcess
!This program cannot be run in DOS mode.
   <timestamp>12/13/13 09:16:54</timestamp>
_TkGMo
]TTUWXY[[\]^_`v
.+Tu%Oq'Jdr
TUWXYZe
TVXY[]
uaA;2q
 </upload>
 <upload>
user32.dll
UserControl
UserControl1
%>. -v
VBA6.DLL
__vbaExceptHandler
   <verified>0</verified>
VlW)Vl
>VOW&qn
Vq,3{Iy*
VS"5-oJ
VVVSVVV
V(%Wot
]wjFBdQ
wjX2ZK&
wkuO.{8
WriteProcessMemory
x\bjopqrsx
x{k0em
@X[O0}
XOPQQSTTVXXY[[\^^_aabcdeghhjkkmnnoqq
XP2C|S
XPRSTWXY\]^`bcfhikmnp
x|~R'M
Y`	3mM
y`\\]_abcfhilmnprsuwx8F7F
YI`;b:
Z8Iqal
ZZZ2lllv
ZZZ2WWW