Analysis Date2018-05-02 07:43:27
MD5bab132f657a0be9e627638ef282b041b
SHA183216ecbbc7310ebc42848b597a90bbc2c23aee0

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 56186307a928062adae4d7d9926e975f sha1: ce35218e3b9a1cdd4fff62bd5bf0e30aff7c2707 size: 344576
Section.rsrc md5: 543743c66099cc2f349f8388f054bcdf sha1: 8d0d2c9d72e54b6fda39b9cee84368e669410653 size: 236032
Timestamp2014-07-04 17:27:25
VersionLegalCopyright: Nevzat
ProductVersion: 3.3.12.0
FileVersion: 1.0.0.0
Comments: http://smarturl.it/Parahit
FileDescription: Para Kazanma Programı - smarturl.it/Parahit
PackerUPX -> www.upx.sourceforge.net
PEhash850499c5ccab9dc7a7bb95f2af9e647d9c91855c
IMPhashef471c0edf1877cd5a881a6a8bf647b9
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)no_virus
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)no_virus
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVK7no_virus
AVKasperskyTrojan.Win32.Autoit.dca
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVNormanno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\83216ecbbc7310ebc42848b597a90bbc2c23aee0.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\83216ecbbc7310ebc42848b597a90bbc2c23aee0.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\83216ecbbc7310ebc42848b597a90bbc2c23aee0.exe
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls

Network Details:

DNSparahit.tr.gg
Type: A
193.238.27.36
HTTP GEThttp://parahit.tr.gg/Parahit_Guncelleme.htm
User-Agent: AutoIt
Flows TCP192.168.1.1:1031 ➝ 193.238.27.36:80

Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f506172 61686974 5f47756e   GET /Parahit_Gun
0x00000010 (00016)   63656c6c 656d652e 68746d20 48545450   celleme.htm HTTP
0x00000020 (00032)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000030 (00048)   3a204175 746f4974 0d0a486f 73743a20   : AutoIt..Host: 
0x00000040 (00064)   70617261 6869742e 74722e67 670d0a43   parahit.tr.gg..C
0x00000050 (00080)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x00000060 (00096)   2d636163 68650d0a 0d0a                -cache....

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a636163 68650d0a 0d0a                .cache....

0x00000000 (00000)   504f5354 202f3365 31363236 34372d63   POST /3e162647-c
0x00000010 (00016)   3364382d 34346333 2d393937 622d3061   3d8-44c3-997b-0a
0x00000020 (00032)   63396135 66363838 33322f20 48545450   c9a5f68832/ HTTP
0x00000030 (00048)   2f312e31 0d0a4361 6368652d 436f6e74   /1.1..Cache-Cont
0x00000040 (00064)   726f6c3a 206e6f2d 63616368 650d0a43   rol: no-cache..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2043 6c6f7365   onnection: Close
0x00000060 (00096)   0d0a5072 61676d61 3a206e6f 2d636163   ..Pragma: no-cac
0x00000070 (00112)   68650d0a 436f6e74 656e742d 54797065   he..Content-Type
0x00000080 (00128)   3a206170 706c6963 6174696f 6e2f736f   : application/so
0x00000090 (00144)   61702b78 6d6c0d0a 55736572 2d416765   ap+xml..User-Age
0x000000a0 (00160)   6e743a20 57534441 50490d0a 436f6e74   nt: WSDAPI..Cont
0x000000b0 (00176)   656e742d 4c656e67 74683a20 3733330d   ent-Length: 733.
0x000000c0 (00192)   0a486f73 743a2031 39322e31 36382e31   .Host: 192.168.1
0x000000d0 (00208)   30302e31 36353a35 3335370d 0a0d0a3c   00.165:5357....<
0x000000e0 (00224)   3f786d6c 20766572 73696f6e 3d22312e   ?xml version="1.
0x000000f0 (00240)   30222065 6e636f64 696e673d 22757466   0" encoding="utf
0x00000100 (00256)   2d38223f 3e3c736f 61703a45 6e76656c   -8"?><soap:Envel
0x00000110 (00272)   6f706520 786d6c6e 733a736f 61703d22   ope xmlns:soap="
0x00000120 (00288)   68747470 3a2f2f77 77772e77 332e6f72   http://www.w3.or
0x00000130 (00304)   672f3230 30332f30 352f736f 61702d65   g/2003/05/soap-e
0x00000140 (00320)   6e76656c 6f706522 20786d6c 6e733a77   nvelope" xmlns:w
0x00000150 (00336)   73613d22 68747470 3a2f2f73 6368656d   sa="http://schem
0x00000160 (00352)   61732e78 6d6c736f 61702e6f 72672f77   as.xmlsoap.org/w
0x00000170 (00368)   732f3230 30342f30 382f6164 64726573   s/2004/08/addres
0x00000180 (00384)   73696e67 2220786d 6c6e733a 6c6d733d   sing" xmlns:lms=
0x00000190 (00400)   22687474 703a2f2f 73636865 6d61732e   "http://schemas.
0x000001a0 (00416)   6d696372 6f736f66 742e636f 6d2f7769   microsoft.com/wi
0x000001b0 (00432)   6e646f77 732f6c6d 732f3230 30372f30   ndows/lms/2007/0
0x000001c0 (00448)   38223e3c 736f6170 3a486561 6465723e   8"><soap:Header>
0x000001d0 (00464)   3c777361 3a546f3e 75726e3a 75756964   <wsa:To>urn:uuid
0x000001e0 (00480)   3a336531 36323634 372d6333 64382d34   :3e162647-c3d8-4
0x000001f0 (00496)   3463332d 39393762 2d306163 39613566   4c3-997b-0ac9a5f
0x00000200 (00512)   36383833 323c2f77 73613a54 6f3e3c77   68832</wsa:To><w
0x00000210 (00528)   73613a41 6374696f 6e3e6874 74703a2f   sa:Action>http:/
0x00000220 (00544)   2f736368 656d6173 2e786d6c 736f6170   /schemas.xmlsoap
0x00000230 (00560)   2e6f7267 2f77732f 32303034 2f30392f   .org/ws/2004/09/
0x00000240 (00576)   7472616e 73666572 2f476574 3c2f7773   transfer/Get</ws
0x00000250 (00592)   613a4163 74696f6e 3e3c7773 613a4d65   a:Action><wsa:Me
0x00000260 (00608)   73736167 6549443e 75726e3a 75756964   ssageID>urn:uuid
0x00000270 (00624)   3a666361 37623363 352d3036 30332d34   :fca7b3c5-0603-4
0x00000280 (00640)   3232332d 38316331 2d396363 37356234   223-81c1-9cc75b4
0x00000290 (00656)   34333739 333c2f77 73613a4d 65737361   43793</wsa:Messa
0x000002a0 (00672)   67654944 3e3c7773 613a5265 706c7954   geID><wsa:ReplyT
0x000002b0 (00688)   6f3e3c77 73613a41 64647265 73733e68   o><wsa:Address>h
0x000002c0 (00704)   7474703a 2f2f7363 68656d61 732e786d   ttp://schemas.xm
0x000002d0 (00720)   6c736f61 702e6f72 672f7773 2f323030   lsoap.org/ws/200
0x000002e0 (00736)   342f3038 2f616464 72657373 696e672f   4/08/addressing/
0x000002f0 (00752)   726f6c65 2f616e6f 6e796d6f 75733c2f   role/anonymous</
0x00000300 (00768)   7773613a 41646472 6573733e 3c2f7773   wsa:Address></ws
0x00000310 (00784)   613a5265 706c7954 6f3e3c77 73613a46   a:ReplyTo><wsa:F
0x00000320 (00800)   726f6d3e 3c777361 3a416464 72657373   rom><wsa:Address
0x00000330 (00816)   3e75726e 3a757569 643a6565 33666132   >urn:uuid:ee3fa2
0x00000340 (00832)   32332d66 3734352d 34343936 2d396637   23-f745-4496-9f7
0x00000350 (00848)   352d6363 32376438 37386565 65353c2f   5-cc27d878eee5</
0x00000360 (00864)   7773613a 41646472 6573733e 3c2f7773   wsa:Address></ws
0x00000370 (00880)   613a4672 6f6d3e3c 6c6d733a 4c617267   a:From><lms:Larg
0x00000380 (00896)   654d6574 61646174 61537570 706f7274   eMetadataSupport
0x00000390 (00912)   2f3e3c2f 736f6170 3a486561 6465723e   /></soap:Header>
0x000003a0 (00928)   3c736f61 703a426f 64792f3e 3c2f736f   <soap:Body/></so
0x000003b0 (00944)   61703a45 6e76656c 6f70653e            ap:Envelope>


Strings
.c
.
D
.
.tq..k...
0"
...
....
.
:.
.
.
..
W
A
-
0J
R..4
.
.
I....X..
......
mWC
.[....n.
.
..
...
S
;.
.
i
h

041F04b0
1.0.0.0
3.3.12.0
Comments
FileDescription
FileVersion
http://smarturl.it/Parahit
LegalCopyright
Nevzat
Para Kazanma Program
ProductVersion
SCRIPT
  - smarturl.it/Parahit
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
 	&,[\
{)&&~^
&&'()*+
##@,&,//,))
0_0_0?@
00/@5n96H
(,,00;Ak
--./012R
01$G}:
 02NNN@P`
$(,0''''4
,048y.
07\}1|
08|=,P
08vtDr
0BBPLj
0B_OgnXr
@0}cbwQs@,!
$;(0f0
0F (n0
`0f}]s~
0 <!Hr
#^=0KJo
0}L,jnn
. .0.<.P
0Pg$@N
0P.PZu
`0v;L8,
0&)	/y
&#10.C
(;12\n
13syg{
|:#1*9
:	19K3
$)1/aV
1b]w/NZ(
1	ittu
}1M=;c
1nQ=8M
1`oa_\wq
<1o:IVy
1p#_! 
%1P??C
1#SNAN
*%|1TT;6uE
1T#U>t:
1	z^xy
,';2~,
@+2\$-
22>?> #
|> 255n
$+29@z
+2bB] z
|- 2k:H1R
2Np|hL
2pGyPJ
2RAGxw
?-2RC[
+ 2SgY"
2xKD+^4
3(-,'')-*/%'+
32Cu$*
345SBGS
3`7\+{%
^@3 9T2f
]3A:fCi
_3BtK,B
3b>wsN
3DxBq	
{3`ep2
3Fd#A)
3f$l*6
3f!q?<d
)3~hm$
3Id&MultiByteToWide
!3KQ#U
3.	LgY
3q+aM }
(3QHsTt-
?3S"	!	#%A
3T!#v;
{3V5aT*
3V6lcb
3wSU)L_P
3wtH|V
!~&40Pa
40t}g0
	<[4%6
|49Ox?,
"4-ANu5^
,4ar9b
(`4|cp
4E\8;r 
*4F_`=
4f&PwtR
4{gp	.
@4H45S%)
?4j<_I
4&jPV$8\2
4k@Q7[~
4M<<@@
4M $$((,@
4MkMs@
\4M{o_B
4Nn''31o0.;
^4~O3kP
4O7V7"
4SO"4U
]4Sw|,
4TX\`d
4(Uyg7
4VnRMJ
4W`ll_
4XGfY3
4YWR`;
4z*-*b
{/~>5&-
<	;51>5
52zc)L2]>
53{[>GCl
5\9|4n
^{5,bc
>5Cb:?miss(0
5\$?G!
'5G'@k
(5hf0/,
5Ns!,4
5`p>cR
5r$yYh
5s3R6/
5TH	*d
5vu'SV
	5^x:8
5y_lCp2
60V#>,&
63tU$=\
66$|& p
66r[w.*'&+
	6	/9C
!(/6=D
6{e8iU!
6H00 ((@
\6k/48
6Li4X%
@6lU..
:6|N$*
6OIY kC
6~<p@ 
6,$r4A
6<Srs|L
6'u	rx(
6v*6m8
6-?WgD
!]6WRn
6%xZ{!
6Ze)4>GE=
!`7;."
7!	+1+
)7//22b
74>U".
\*7*+a*
'7:]$A
7mEssgY6'Hn
7`mH@D
7MK	`q
7`"~o*v	9
7PrJD?
7qP432-,{
7r	:P8
?7Tf(_m
7TX\`f.
*7WZ_,)
@~7Z8>	
7-+z!9
7:zexjc}
80y16{
+8\3b{
	/8!3o9
85$d`K
88|x&yY
<8bunz8r
$|+8BW
'(8d5h
;8~D<kOD
8DP\ht<
8%fmzt
\.8P<T
8>S0p 
$8T7+)
8.w\`d
	8Y5gV
8Y|c<@;d
915%t&O
91uqa+
9$(,\6
,98:D;P>
9Cp\{|U
}9D^AR
9F}+,8H4{
:_9FBp
9*(%F*E
*/9@GS
9!)(=H3
9Hph88
9(+i7 
9%iqo<t
9l$x$W&
9,$Lz:
$9N@zf1&P
%;9o_~s
9;O|s,
9r '()0*8+
9S-H(U
^$9^,u
9u(v?VS>P
#9Wi:0N|
9X\dvTr
 9$z<@
9zu::D
a0xaaT
`[A`1Z
A2Au`p
A2KKF[
a3	(4b_
a8saSh[
(Aa7],'
a-.a=dB
AA!:vpY
a|avwB
_Ab"8zmM
@A)BA<d
?>@ABC	GDEFGHIJKLMNO
a{c``&9
'AcM"s
{;;AC}u
ADcS+?
AddAce
AdjunTok
ADVAPI32.dll
a]DXBn$
ae#b{9
ag1uA,0
ag(|bo
A'gC_mm
	Ah5)|%
A`hApFW
(`ahAXl$
aI[jDb
aIy{lK
aJ&O8\
@ajorukv
A_jZ|[
Ak|4AT
a.l LA
alphJowe
~aM:(dJ
`~A%My
Anyjbj
a[o&\	@
AoD5A<
aokcNO
 aO:+U
a@PC006
 		<application>
		</application>
APV,]~^
a"-'QcW6
ar.fw)A
Ase@"E
</assembly>
 			<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
Athd"a
|$`AU3!
A)]U)o
AutoIt Yx
`.?AV@
a(+.VMKrw
Aw@@h=E
}a!wtD
AxL7i-
AxuN}*
!a:)\z
A,Z0<[
AZoJIw4
\]+">b
;|B?-^
B)248I(
+_b ]3
B.345B.
B3uGVj(
. 	B4$
B6@ttRRL
B7z PxG
B8 !z58Y
>b95/ 
bad allocation
__based
bB#.}@
BC1JiS
-b|DB\Yt
BE5B^2P
/b;FDL,
Bh;^-X^
!B(~ k
bK 8.Bx
B&LDjb
Bl+:~t
	BNC8l
BNee`j
Bnok?jj
`B'nYJ
+bo#oS
<B+qba
Bquh_aq
.,BrrQ
BueLE[
bu?P/Y
b]uXVl
ByFgul
B}zqVi
C02L>P
C"58`B
C6ISEXpaa
*;C8taj
&cah{-
c<AKZ7
calstd
C B/m4
cbSJcj
C_CC?_&
cD45RC
cd=~cX
"Cd:kXT
cDs"<I
c;/EH	`?
c/}E,I
&#`&Cf
)CF:{CD7
CfymHm
CH6@4KXX$
.charac
Ch+@f?
C I$Ej
.}C^iu
CkGCwD
ckSizeC
"|cLCZx0
cl)*nf
CLssssC
|}CNS-C
cOc?c_
CoGetObject
COMCTL32.dll
COMDLG32.dll
 	</compatibility>
	<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
CorExitPr
CPNO_A&
$:cq[I
CqTR;?
!cR9IE
Cs%~{`,
c`spY&A
\:C]]T-
ct7etc
c=u:^I
^@C[un
c_U?S/
c w$(|
CwtV>wPB
?CZUq1m
>??d.,
d@*(,0d@
$}D1$$
 d_@2k=o
D}4oz8
D5KV)F
d	7b`c
d7P0kt
D_9n92
DAom0;
D#B#?*
 Dbctp
d? cf>	
Dcr2mN
D^E'6Z
D'eFRF
dEl $u/
 	</dependency>
 	<dependency>
 		</dependentAssembly>
 		<dependentAssembly>
^$Df" 
d#<F<:O
d{%FS}a
\d gp<
d{GQ_s
dh\Pu7
{d`I0h
?Dj0Q:W~
&dKipf
.d.l.|.
`&DL3(
dL@@ejy
@$@DNNNn
DP@5[j
[dpcvV,Ch
DP;GLu
D/pl~l
dp#vB3<v
DqwlU`Y
/D,')R
DragFinish
DrR0&S
,.dStackG
dst=pW2
+dT1|>
<d$TZ*
D|#uMq
DuZDF@
D>V:e:
:dwk^Y
dx_~ 1V
d	XA0u
}Dxj^?
D<xZu`\@
D<"^|Y0
dy<k6pO(;
E?8;)h<
eAcI#yq
eAn+d2_
EaSQ0}
E_B#paP
e{Bs1X.d
eC>"y]
e<`\d2 
ED9M`U;^y
&@eDH2
eDiv0;
EFIN`UTF16)f
~EhNjJL
,+EHv^/
Ei @g:
`~Ejaids
e"jG=FA.
,*E<~K
eLC5 z
)")eLP
~e')lW
:}EN(:
*>E\nc
<@En[vP
EoJFK"K7H
eOP9j 
eQnVW<
Er?>?\ '
e seF;
es,o[04
Et+4Ii
=^*Et8~
_,ET$jh{
E`tst.
EvqP{n
eWindow
eW`T@iM
ExitProcess
-<$,\f
[f;?\`
@F&>??&
=F,0>/5
(f[0*A
f1djG2 
	`)@F2E
f6FCs7
=F&7Js
F@9W!}
FAHIRh}
+:fa<M=
fasthrG
Fbo1UPJ
fCZqJ2
fD&-wp
feddocn'''bba?`NNNN__^]
f.EXpi
(F,F0F4
`fGIPJ
FGL(*{
()~^f|h||
fIV}\es
'fkDm8e
F`KI!L R
f(-kpV
fL4l]b
F l$t$9=[;
@F_?M#
FM,PHh0
*!FN1T6u2
@F#:OC+oO
 foh@[
-!F,(ol]
f+P-Gn~Z
fQE.R	
F+Q#FaO
FqkOHgZ
F"qU-&m
{{fr?y0
><^"Fs#
F`s5+Z6]Q
FtpOpenFileW
=Ft%Vf
F U1JQ
fv|a~oNU
fVi\6#
FvRpI8
FvSsL!]
fX,Gr#.4
f<,z[:#
 _  'G
,G-0J 
= g#2(
@g8-|Z
G|a6"3
G\$c^@H
g[-CVY\
g@D8(^
G`dg`V
GDI32.dll
G;dqxBQ:
Ge3~mYi*
Genuu_
GetProcAddress
GetProcessMemoryInfo
GetSaveFileNameW
GetValu
g[eW5poolTim
_g/fnL0i
GGaB;r
Ggl{<(y
GgMRtC
#G@,H-P/
GIH_B+G
 `>	gIlG
g	<	JM'`>
g"juYs
'g~+L[
gl"7j,_
G/N'7k
\$gNRE\
G'O:,iWk
#G	OW&
GR9>;w
gS3G7X
G?`t"+]
 +G<+W@
G<;y0}j
Gy*?n/
gz]BoQ
>*_H0?
*h0B]=
(H1tW`
,H<$]@6
@<H{6by:
h6p789
!	,H7Uk
H9GcLP
H}AU3!EA06M
`\?HB`
Hc5,$E
H%d=j@
HD~yDO1
!hdz\kO
H:[Eii9
HgVD%Y
/H!{ h5
hH7,i:
(,HH:mm:
!HI74$
hI>{fT
HIvRzx+
h_*L?-
Hl0&Th
HLCaQ5
\hlpsy
\hlpt}g
/HLX,2
H'_)M%
h&\M^n
HNN*H(8G}
Ho>#Y#FE
<Hpi5)
hpSTRu!
]{h)q.[f
hqZpG}*I
 :h}$>S
;[<Hs)8
;hs$oTGG
{`hsQ 
hsWria*x
\?h@tA9r
)HtE!T4%
htHjlYB
Ht`jCG
huXri.
`hv0t9
H>V`hy
HV}V]t
\HX(04
H;x5)1
hx|5EP
:H[x"n
HXSAhTjE
?Hx ^z$F
h*yIc~ 
Hz/lG[
!?I7R	 
?|I7Z#
i 87 t
i9_/T|
IcmpSendEcho
id)LCM
idl,\}U
iewppOr
igl!rm
I!H e$A;
ihQ2 m
iK.sapx
IK XT^#
i\l@M;
i~l~#mu
ImageList_Remove
i$MwOt
ineIuV
{IoWxT
IPHLPAPI.DLL
i.Ptt	
iqc*Vh
=@i|&s4V
IsThemeActive
	iXQlQ
\[iZ0^(
`J-0G,
,J1F~L
J1P	TxV
J~~"1V
~'!j5	
j\6jh$
,J/:6N
ja 2&R{B
JAcu{z.
J>,eXNH
jG7G?V@
j(HaKU
-jHX84f
J?JoJ-
J  @[k	
JKYCCS
J]]`L"
j&lVrZ
JM OUA
[JNr#^I}
-j_O&j)
-jO jH
j	pX6T'
JqFn{m
JqK]Py
J=rhXj.
=Jrnqt.
Jt?'[8
?	J%$TLzrnc_
\^j#_V
j@VO2d
:j/vpf5
jxcvH	
j.Y	+	
 K0}+J
K3345566789:;<=
k4%iPQRSTUVWv
<K5r]Ko
k6ivub
K+`9gu
]\>KA&
K[_~A>P
% Ka]St-
'Kc\$Ax
KeE?-rRn
kernel32.dll
KERNEL32.DLL
"K'G_"9
KIBHENou
	k_JE;xr
KJoJIHbW
kK&`@n
KlcA.-
k/.L+H'
Kl.YmsJ
km!7{7
Kmk0[0
kN4		M
kni[JR
:known ex4
*kog[7
kPukXJ
K@*<v5!
kw:lmc>n
K^_x!'j
kxOql5
K#x.w;
+Kx;[WA
K+zPHv
k$'ZxS
l0-QT#"8`
L'1"IR
l3Sk?i
l3z8a7)
l{53j~
_^l[5xi
l(66	-
l7phP2
L"\9=+5
l"9"Rsi
l$A3	K
-Lab0I
LbFMO 
LbU^pC
,(;@>LC#/
lCmMu:Q
l{Cpt6
ldfLCmA
!L	El<
"lG=-3eT
]l+gJ8>[
,!lh}!
lhelp32S:phot2E$
LHf@>A4
LineTo
!,)l=j
L` ^J^
Lj:cQaA
LK9PD$
LLL9rr6
lM|5Yl
l/mV p
	lNl|l_
LoadLibraryA
LoadUserProfileW
$&lo( s
lP#\GX
?`Lp.ls
(l$.p,t
lqC%j8a
)L'qjC
L,QW\<x
L rRm^
LSIDFr
LSW3e`
lu.;~r)<@^i
l?V<&?
lwi;.I
]lZ0kqk
-LZ#^*mV+cP
-///#m
M]0th)p
<m7FB;;?
\M7^Lv
m8(c	(
m|9B:A
m{9|R;xl
 &;&Ma
'm|C`Csw
mFirtu
m];G#3F{
*mg(B3
M(g+cVL
mHWLSUp
M`i!])hI
mit_tSx
M JD9i
Ml;[3$
|)MLh8iQH
m_McgG
m	Mesi
MmZJ_,
Mo)5^?
ModuleHandlx&6]
M^OI	m
<MP0sTI
mp>nSGt
MPR.dll
MQZcY2[j
#MRXh`
M{t1mZ4
'muI`E
Mv4|rr
M\X/H 
mYjOnW
:n{'#'
`N,:(<>~
>?>@N.
n!1O?dz
N4()@A
:N5[3<
>n?b+_
'>NCHD
nEchok
N?F-;:
,ng3KF@
n'GNr@U9/
_n''''[H5#r
#n;hkT
N*{Led
N?MML''
nMm>s3
N#n@I~
NNNA0 /
nnnatTStKstF
NNwvovu9
$$n{:o
+n:oF)
_No<fy)W
nomofo
N.o@ql
NP99y2
n?}rD*q
nRegia
NS3Dpy
nTj1;D
nT[r>f9U
&`nTt	
.N.TWjI
"nujsci
NULB3`
(null)B
Nv+>+K
nw9`lP
n;XZA{
n`y+ rU>
Nz:00l
"&N|Zo
NzSVPw
NZ#YW(;
O%].]* 
#	o0jk
o2/^{O
o55_5r
@O7ImZ
O8>6uB
o8?Mfmr8
O9=XtG
O>aK%U
ObwW;Y
OCXESX0,#
o+e_//
'oEv(i
^ofy@j8z
o#,i>s
\oKxG+BPr
ole32.dll
oleaut
OLEAUT32.dll
~}o||{NNn'z?yyx
oN]O>A
oP}d>x
o\%pp&
OPQ`Ueu
!Or94LH
orADF@
orJF++
=os.ak[bS
o_t,1=3%]2
{<Ot{x
O&|U^@
Ougl,^
OUSdUf
OV;*D[
#oxx5 
oy8jkn.
;oy|Z'
o]\[Z999
Oz,a9@
>~p0g&
p0xU2 o0;
P4i=Wo
p5gWkz|)
P:5!Hf
P"~5H|U
P:6[x|
P[_7_C'
( @p8l
Pa71N,
PAoWz~
p-A&Xc
!pB@2B
pBBv\m
;Pb'n6
pDDC;<
|P' >E
:]peMof
perat?
;:PfD>
P/fGCo
PfrK+$
PF"!W.Z][/
/pg)([|X>H1
phj^w5LV=
p*<h-w;
#p%i;f
%p_'ISub%CI
p!jaHIz
PjdWnv
pkH`.v
PK}y{V#>
pkz!':
P/L2"W
P:mfi@
PMM/dd/y
PMyg,X
pno e|A
(|+Po;
P\Pj}]2
P>&PO2
pp_r/r
PQLO|`
P,QR*<
<p,QVR
PSAPI.DLL
ptr64Nrerict]X
ptx|l.
 p	tZu
 pu2C-
|)P!?Ua0
p@uu A
@PvX!=
+PW+2@p
;p,W|Q
PwTCuB:
PXNO	#L;
PYKN$g
Q4Xu;\
#Q74KWc3[o<
qa&fY@
qAt3y9U
qAZV X
]Q_\b@a/
q&CFl-2/l5
QC(PjbLE
,\%q&D
-q.DD?
,q/fKn
/QfLC	
qGbHyI
qg@ f~
 `%QKF
Qkkbal
QlMr`."_J
Q{n<!`
Q)!#N`
qNvZ4D;$
qoq\0*.
qO!ve`
: Q:Pm
QR">4L
QR4Z*y8
QRiU!Jwn
qrNH@t
q"	S^M
qSV#v<
QS_WIe
#q#tm,
 {} quantifiK to
Q`ud$r+
QureA1@] qCa{f)W
QwA,_ex
Q@W=Wj
QY=OI=M*=
qZkM-$3f
q=Zt0>
r048<q@
r~~0vK
|r.1OC
r23P]84
R2e'"JO
r3]JK&
r4vD*bj
R5jGrj/
r7Yr7]D
.RA-vN
rBA<0H
rb`"C8
[R_)bU
(rCg`+X
"rdI71VUIW
r)Diva
rDL8X9
rDnkC[R
RECURSION'CRRL
rEj9CD#
rep8t)
 				<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
 			</requestedPrivileges>
 			<requestedPrivileges>
#Revert
RFK$RI
RfY).Du:
Rg!|6s
RGykXw
r{gyt<q
RH~8F4~)
rH/G\ ^
`rHsrd
RJJdzyKe
RL&F[Y
Rl\gLBa	vB&
rNM>6Zx
roW 7h`
R}O'<</Xi
RPoX	Hl
RQy54)
rror text no
RSCZf;
rtbAtY
!rTpHo
rU`zVf,
RX0DHWr #L,D y*#
rXzdPM
r@)+:Y!
r(YhR6
RY'+i	
Rzj\W2
 s:&*;
(=	>s	+
S<&7j;
S9r6%G2
S.aL^)
=S[c|N
S$\CW{L48
|SD}N"
 		</security>
 		<security>
SHELL32.dll
SjB44o
s]j]dY
S+"J/I
)S;jM,
!,,Sj?NX
SK"nlW|F2
S/'n4Ou
So7*-taG
+so V31hS
SpEn@	j7
spucw Y,ZT
]s@ Py3
]Ss_(Fx
'START_OPT!L
SU@[	C"
			<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
			<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
			<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
 			<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
s$--%"!'V`
sv#A-h
sVPvu]q66l
sWow64
_SY64 V
syncH 
s_Z4Yx\
|]S?Zc
^~';_t|%
<=t @`
)t:@[ 
}][:<:]T
-t*4(t
't4;T#t
t5j@C#
'T5Rtg
t7]Sl`
t7yH1N
,t8pt2B
_]T9_A
)$tA\(B
t,&Bp	@
t$CTKP
T_ D0!
|tDWK3
tE3R}M/
$te$Fd
tember&
TF,"3|
^<t+fN
@tg#<C_>
T,G@j|
T*]/gt
tgVM95$
+t\HHtTN*
!This program cannot be run in DOS mode.
TH,`Kh^
<!th<otd<]t`<[t\<\tX<
t`Ht1V
tHtbE5
Ti8'vvpKQ
timeGetTime
't#It1m
$t+`kH.
tkK}LH5|
t!|+_l
"T#`$l%G
%~ _t$m
T,M_6A
/t+N=Fj
TnOBS;
TOToT_Tr;
tP83/{
tP<_tL
t<`P*,!Wh4X_
TQ&^B0*
 	</trustInfo>
 	<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
^Ts@e~
tsEtZfu
`t(s) P
tt?srr;99qqpoo
ttW!Next
\tt x|
T@>`U9
TVkB/v
:tweX}
T=)%!x
'tX4.J
<%tx<'tt
`tyRof
TY$vAm
)=tzh%
U1'1@ 
+`u2j 
u4 j !
u668#;
u6Et5V
U(8v2 %
u9AA#d
u],9x@\
<Uabcde
 uaI5B
u'bPjt
UcI">,f7L
U?C)N;
uCnza3
uCSo9b
UfVCDp
uG+\[d
  u`h`
Uh1G"x
uH&F;"
uI<(Hv
uIJzR8
\~U`K 
\UK#e~
uktL*EVpj
U`mwPK}
u}*@nh
UNICODEA
unJign
uNu%g=
.,u!oM
UQ0=c\ 
ur}zcw
uS9q4uN
USER32.dll
USERENV.dll
|u?!u$
UVf:1%
uvwt7e
U%W4<x
Uw5wC6
UxTheme.dll
ux~U!jy_e
uy"RhG
UZSi:f
@V<;$}
V%09vYs
[v*=3VQ
]v`4]3
v4FH;w0$<
-*V~|5{g
<_V 6At
v9b;6ZI
v;9@>O=o;
"VA6F5#Y[
[V?ama
VAU3!EA06
VB6y^}MIZ
VBR$^q[
V ,BXQ
v CDV%Z
vc#JSH
VCRLt#0
V	C/`w
^ vdLn
$?v e_
VERB)qU#
VerQueryValueW
VERSION.dll
`\vew>^
VgH2	Tze
Vietkl
VirtualAlloc
VirtualFree
VirtualProtect
v-jHtg
vkAXu-
\:Vl3]
vl#W\O
vm 32As
"Vm?sw";
vmvpU7/B_P/o_k
V&nEt@
VN $hqgd(,4A4<
Vn\j=z`
v;?o?/?
$:vO:O
vooiOs?k
VoS_(Q
vPJ5,V
]vQ<)8h
VqfOL'0
V~QGfHA
vr'&o$#
vrronm?l
vS04uB
v-}sP 
vT?SRR
VV4gIE2
&VV87u
;Vv	N+0
vw>OY[N
 v\wRM
vW/WMMO
vwxyz{|}~
v	X+Kp
(V:Z@(+
Vz-WRZnZ
@:w	?"
W28"E(
~{_?W8^
W8JR.yn
?>?W(9
w]9(2e$
wa[fGv
wb<:0	NY
Wb7J/K
WE;n<}+
W=EOK,
w?fr:+
WG4rcb
WG[)A:
WG!a4 %g
wGjV2&
WG?U/mCP
	W^+\ht1
W,I=9Ob
WININET.dll
WINMM.dll
WKJNtX
?wltUI
%w^M~I
WNetUseConnectionW
w	nXYj9'.
wOP;Iu
wO<SF*
|wq[Sr
W@R}Kb'k
WSOCK32.dll
w={tGF
w[tHng
Wt~ tEc
WuBOO\r
/Wv^bku1
(WVSxav
"WwK)_R
^w_wu8
(w (+WXz/
{w+#%xE
WyjK$	u!
#WyrL`
_^?,,x
%}?x!~
x$0H>H
/X0 .R
,&X184
X2(p00/
:"X5j#
X6`7h8p9
X9d@-N
Xa.c\`
x>A)Nw
XA*S7.
xb# Y*
(X'DG1
"xDk|W
XdY$\$
{_XfZf
@XiRPA
%)$Xj(
}xj~5A
-X(k4u
_&Xk6%hN
x	Km(p)i
'Xkp+-
 ?xKX2*
Xl:Arc7
x.Ly,V
X+muY(q
x,o,f,
XPTPSW
}x'Q8_
XQPRs!
X	?'q.VJ]i
xRTTIw
X]SqhL
{~@X-u	j
X#VXCd
xw4OtY
xwTNt+R
XX\	Hq
XX<K{T
x,XYX2}
?#%X.y
^xYOeBk
XYZ[\]^_`abcdefghijklm
x$z>l(
"\X?zu
y$(,0^4
>y[0Rr
y1~?|"
)y4f6#,
+	/Y@6
>Y8<Lm
y9@/0Q2
Y:/(A6_
YAEN \
]Y`akuo
YC.Dn,<
Y.c$tW
#<Yd8+
<{yh=~
'yj2 %
&?~YK|
|Ym^G30M
Ymn/DC
YnD* Mh
Yoc0"1
 y|:oef
yOn:LV
Y!#p 'tb!
Yu	@`n
?;#=YuP
Y:utJ$e
yvFwvH
"yv&`=Qc
YWU`/R
YXY/CXT
y}@Y/X
YYY][<G
Y;ZQ])
yZT"XX0M
|+;Z}&
(z,_&0d'
z0M]H@x
Z1Z$p2Z
Z257(:
Z"6xAaAx
z+_7g7
Z!7OQZ!
z7w(,0.
ZBf GC
*ZBGPK|
<<`z!d
ZdB[F3C
ZEM-'^
z,fHQA
>+Z'fp
zg@]CjJ
zii.<PnQ
Z\(Iu-Y
zi;Vn;
;>ZJFlr
z[|@[j-^P
ZJwBLY
zm{l63
z:Nt	ib
#@ZPe`k_
ZS8SG)
!$Zt$[
zTn5>9
+!z.u@B
ZUKtsLLw
Z]Ve:+ 
zw:i;"
z{?Xy/
zXzn5p
?ZYXWrrr;WoVUU