Analysis Date2018-03-28 19:44:49
MD530b69dd376fbe4f336fefed6899f19e5
SHA1906b5355441b4af72b8cf4894a0ed44331300a43

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section md5: 7bccbe8359e914aed4e8ca5899d169ad sha1: 0789c7b299ff8e0ded1488a7beb7262015055d3c size: 222208
Section md5: 33ca07483eccf5fa61db1ced9366a771 sha1: f337617b14675991c5719c776b36f694fa57d107 size: 53248
Section md5: c3e120b4b824373b31581c5c9b2a3306 sha1: 6b6d3ee81752170282a182f45e7d0602b6475af4 size: 5632
Section.rsrc md5: 15a99d7f15f0099478c5f8c7e18e64d0 sha1: 0cd31d8973c225ec2f33c93c24c73b9ed9c5afbe size: 351232
Section md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section55fga md5: 05b89856301602cb906e9f161356ae8e sha1: 8c51632f504c60ec56f59f43c3e17ae83382427b size: 316416
Section.adata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Timestamp2014-01-11 11:42:29
VersionLegalCopyright: Copyright (C) 2014
ProductVersion11: 1, qwerwqer, 0, 1
FileVersion: 1, 1223143, 0, 1
FileVersion11: 1, 12wer321, 0, 1
LegalCopyright11: Copyright (C) 2014
ProductVersion: 1, 123wer21, 0, 1
FileDescription: weqrewqrewr
PackerASProtect v1.2
PEhash2d2644b358f7225e873e02bb4dd83ebb853e219d
AVArcabit (arcavir)Gen:Variant.Adware.Symmi.37537
AVAuthentiumNo Virus
AVGrisoft (avg)FakeAV_r.XQ
AVAvira (antivir)TR/Crypt.XPACK.Gen7
AVAlwil (avast)Evo-gen [Susp]
AVAd-AwareGen:Variant.Adware.Symmi.37537
AVBitDefenderGen:Variant.Adware.Symmi.37537
AVBullGuardGen:Variant.Adware.Symmi.37537
AVClamAVNo Virus
AVDr. WebTrojan.FakeAV.16394
AVEmsisoftGen:Variant.Adware.Symmi.37537
AVMicroWorld (escan)Gen:Variant.Adware.Symmi.37537
AVCA (E-Trust Ino)Gen:Variant.Adware.Symmi.37537
AVFortinetW32/FakeAV.AC!tr
AVFrisk (f-prot)No Virus
AVF-SecureNo Virus
AVIkarusTrojan.Win32.FakeAV
AVK7Error Scanning File
AVKasperskyTrojan-Ransom.Win32.Blocker.kxln
AVMalwareBytesTrojan.FakeAV
AVMcafeeFakeAlert-FSY!30B69DD376FB
AVMicrosoft Security EssentialsRogue:Win32/FakePAV
AVNANOTrojan.Win32.Dapato.ctowph
AVEset (nod32)Win32/AdWare.WindowsExpertConsole.AG
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingError Scanning File
AV360 SafeNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Faldesc
AVSymantecNo Virus
AVTrend MicroTROJ_SPNR.11AI14
AVTwisterTrojan.C88DC58FF81D599C
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderRogue:Win32/FakePAV
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\906b5355441b4af72b8cf4894a0ed44331300a43.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\906b5355441b4af72b8cf4894a0ed44331300a43.exe

Process
↳ C:\Users\Phil\AppData\Roaming\proto-cvsa.exe

Creates FileC:\Users\Phil\AppData\Roaming\proto-cvsa.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates File\??\NUL

Process
↳ C:\Windows\SysWOW64\mshta.exe

Creates MutexLocal\!PrivacIE!SharedMemory!Mutex
Creates Mutex
Creates MutexRasPbFile
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\EnableFileTracing ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\EnableConsoleTracing ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\FileTracingMask ➝
4294901760
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\ConsoleTracingMask ➝
4294901760
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\MaxFileSize ➝
1048576
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\FileDirectory ➝
%windir%\tracing

Process
↳ C:\Windows\SysWOW64\sc.exe

Creates FileC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
Creates FileC:\Windows\SysWOW64\en-US\sc.exe.mui

Process
↳ C:\Windows\SysWOW64\sc.exe

Creates FileC:\Windows\SysWOW64\en-US\sc.exe.mui

Network Details:

DNScheckip.dyndns.com
Type: A
91.198.22.70
DNScheckip.dyndns.com
Type: A
216.146.38.70
DNScheckip.dyndns.com
Type: A
216.146.39.70
DNScheckip.dyndns.com
Type: A
216.146.43.70
DNScheckip.dyndns.org
Type: A
HTTP GEThttp://checkip.dyndns.org/
User-Agent: Mozilla/4.0
HTTP GEThttp://93.115.86.197/?0=13&1=1&2=10&3=i&4=2600&5=1&6=1111&7=gqdslbatsl
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 91.198.22.70:80
Flows TCP192.168.1.1:1033 ➝ 93.115.86.197:80

Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000020 (00032)   6c6c612f 342e300d 0a486f73 743a2063   lla/4.0..Host: c
0x00000030 (00048)   6865636b 69702e64 796e646e 732e6f72   heckip.dyndns.or
0x00000040 (00064)   670d0a0d 0a0d0a48 6f73743a 20777777   g......Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings
02ffb4zz0
1, 1223143, 0, 1
1, 123wer21, 0, 1
1, 12wer321, 0, 1
1, qwerwqer, 0, 1
APPROVE
Copyright (C) 2014
DECLINE
DFGHJKL100
DFGHJKL1001
DFGHJKL10399
DFGHJKL111
DFGHJKL1122	DFGHJKL13
DFGHJKL134	DFGHJKL14
DFGHJKL160
DFGHJKL177
DFGHJKL18211
DFGHJKL190
DFGHJKL201
DFGHJKL202
DFGHJKL203
DFGHJKL204
DFGHJKL205
DFGHJKL206
DFGHJKL207
DFGHJKL20797
DFGHJKL208
DFGHJKL20804	DFGHJKL21	DFGHJKL23	DFGHJKL24
DFGHJKL240
DFGHJKL250
DFGHJKL274
DFGHJKL300
DFGHJKL301
DFGHJKL302
DFGHJKL303
DFGHJKL31048
DFGHJKL337
DFGHJKL349
DFGHJKL350
DFGHJKL351
DFGHJKL36867
DFGHJKL36869
DFGHJKL36871
DFGHJKL368711
DFGHJKL36872
DFGHJKL36884
DFGHJKL38738	DFGHJKL47
FileDescription
FileVersion
FileVersion11
FLASH
FORM
LegalCopyright
LegalCopyright11
PANEL1
PANEL2
ProductVersion
ProductVersion11
SETTINGS
StringFileInfo
VS_VERSION_INFO
weqrewqrewr
 <.=['
_<=(#!
:-_\*"
]|(^!{
$%&'()
%|*}-~
%$,<*[
	`\:]<
(",@04
?0@4/8
04z:ht
0![7"6
0'8"!{
08@P`p
08X9;)
0]aF%zo
#=0'cGig
0E%Tcq
0g@SmI
0|[%}*hw
0i	,F2
0"?ijf
0Keja)ic
0~\M6x
)\'0{n
0nsgR9
\0"oo3
0,qH7N
0*	R^F1
;,0S;$
0SOfkH03	
0@	TM'
0T~v/H
=0YLT17
@0zM\`
0Z[ODL
12345867
1;6znv'
1{7eiD8C
\1A4Cxk
[1CDkz
	&^1(d
]1D&Pj:
1E:szx
1e{>u'
1fSGlwIaZL'
1@H;_D
^1Ic[=0+
1j`K9	
;1<^=~L>
1 lOr3m'
1M(c4Ho!
.1/PV3^
1=rBfX
1Un\~5
	1W^>5
1'XMPN
1Z ]-X]}
@@:}2/<
2>1,$	
:!22(f
22NDyArKy
2 3L3D3
26@8JH
'2Ad|"
2cGofH
2CK'~r
2D]]3m
2&<=E5
#'_2\F`
2#fxh/
2*gkBO
2H3nE|9
2;N>eK
2N<V=\
<2nZ7+
_2p e~
2]Rvd.
2t;IQPEC
2Ty<I9
2$Umxp
2U/RLs0Lp
^2v^!$
2]`?X#
$.31rF
330*h9
37~-$i
$3^8dI(_
38q`<]>
}3"94j
3/}~A-I
 ~3B{cO2
3B"j';Ha
)3D;>M
3G_>+.
|>~3*gZ
3 ]I9o
#3IQ\gW
3KHKe+
3K~U0(
3[*o)x
3p|%0*A
	@3p%?f
3`py9:$
[%3Q~'
3	T!$@
3TU.P#
3.!%uJ
3W7**"
42B#B^
$:44Tv
 486DX
48_%&J+u
?4 8pH@
48WxHZ[f/
4?[9=,u
4 (black
4cD2mx
4e1u[~
*4fzuU
4IGSD9
#4m`v<
4Pb{oq
4.Tq$^
_4#v9o
4vLIhP
]-4YOI
4y&/zg^
54VY_{
56789+/=
56:pHC
5*>a/+~
5A e92a
<~5D'q
-5<e2[
5"e6')+
5(e{KU
5hd1Th
"@$@5i
	5kNU@kof
 #5o_.
@5qD?j$
5+QM"!
5~qN==}'
5r-eA@
/5SN<-
5}t8$dE
5./#u`
5UsIxte
5`"`v"/
5{v	?^
~5Vvpm
/+(6-+
@&.>6	
6275<-%
6!7.jM
69B!{$
";69'O/
/}6CE)
6d2Sj4
6DYa?Xw
6ewD}/
6)h!3@
#6hfu#C
-6LNaG
6LZu(*
6m_L~P
6nVC;I
6@og	R
6#O{*'J]
6pj&L(z
6{?QxL
}6XL}Kt
|6xv\L
"[#6z 
72	Wf6
755%1<
7 5;R )
7(:*6j
7/9r<c
7dfB\M~E
;7\DV%
7eW&!P
7>(fs|b
7<FYrO6{xcb2
~"*7"g'
_7+g{}
7+g%be&
7#' G+g/
7|HW@Q
@7|"JG
7J-J,	
7j@uk|
;<7K7$
7kl_rqt`{VTM#`
.! 7L)"
 7m6wNJ
7@m$Y]%,
7`pTN/,
+7"rgf
"7T{M1%6L
7v7dkP
`7w&[|`J
7,_W_LN
)%7Wob 
7y?N51
'8\~%|
$8	{;")
?84@l'^
!8(=8b
8a^aMGp
8b.l<[
8C+1<{
8c="R1
(8dNAQ
^8dR2W
8$F v"
8g"h a0
8GJ{ZB
8;huxX
|8$iPr
8(		:'l
,#~8n0
/:8+.q
8r.0f9~R
8RB=f7
<8REM^
8'	#sX
:]8^T9
?8TJ'(]E
^8uNE{(
+-_9!<
  9:1NWr
\9	3q]v
95}VtUC
97=fpw!
9>b,~)
,~9%CgLq2m
9cwmw)
9;# />eB
@9fcBe
9 GDUc
|9hr8c
[9IM4u
9#~iycD
/9'~)j
9.j DxmB
^9\J:H
9ktvn.
$9P]ke
9qSBNlzuD
.9qUt*
9`\^Ri
9Rnd]Q=
,!;9	s
9tbi(F
9TWQRw-~
:9uF3@O
9uw$WB
9v5(q^
@9V,f	&
9<*Y{+8
9Y%#Gn
9*yJ$[
>9:]z~
>A(]@+
~'A0fY
_a1a^(
![A*"2
a4I]$h.
A}6->C
a7Id.`W2
[a8$A;
% a8yRZ
"!a9=1
A+:cbp
"AC&z<O#
.adata
ADl%zpe4
advapi32.dll
)[^aek
'a!eP?E
afuWRh}
Ag0LY*
aG53Do
{AH`CH
AI(3v+
A]j=#g
(A"jn)
;AJu.N
&a	j=V
;&A-:L
ALE>u	
al[Y0^
 ALY*ra
AM/sPx
#aNG}P
-AN>klDr
~aoFD\
|a$oL[
aqh	>td&
</assembly>
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
a-T;9pu
at^Vso
aTy$pe
`} au(
AukS$T
/\)aVf
$aVkRB
a&:Vte
aW_S\Y
a'yAA|M
aY{(G>
A]Y&RU
$,A=ywO
aZAS;c
AZHivP?
B0D#Da
B1FK*u
\b2NgCzJ/n
b3mxF:
b4U*WN
B]>5	~
b$@5AN
^b5?Ly
B5rm0a
B^*_|6;
`B_66^
b6i'<r)
b['9=y
$b9?Yf
b,aCh&_
\BA~Lu(
BargFBVq
B[B@3	
)bB/F<W"	{
BctO%rD
BD 1%0!R~]
b/dceBt
bDzW.%B
BeginDeferWindowPos
BE+MZ7
B/"E{Uc8
Bez9_]4FD0
b{fKoU
bgK%a\dM
bI6vqg~
BKb]aLA
:|bkmW
	b	L]	
bl-!|E
b!mf}O
"b"Ms]
<BOuD7
bpfQIg
)BrSlo
B.sH_`
>bT+=yq
b&UP7;l
b{wh|^`d%!
BW{s.?
bW<tw8
BY!0M}C
b"ybu?
B.Y&h)#
'C[1fX
*}?C4B'
C4S&s#
C-6&9?=
c7"\r	[/$
c8a3mP
;c8Pbkc\
c-9K/et
(caC[5y
Cancexl
CAwY2e
	}c+!B
c|B	'>3a
Cb#D	J
CB-E4	
;C%CB>
CcNWrq
Cd:I@;
CDuAsrR
)cf-`.
cGt-]6
'ci\(t
CK{^-2\
CK_5cr
c'&Kq)
cK\Rmh\
[-)?cL
@  Cla\sr
#C]m(|3
C{_m)Z
CNH0}.
c}nL;0
comctl32.dll
comdlg32.dll
C}&OMi#R
CoTaskMemAlloc
CreateStdAccessibleObject
cROZ9c|	K%
`Cr__Q
crt..9
CrU~Xpe<
cUWcY|
^|'Cv{
c'V]fk
CwQhNv
}c#xC`
CY&]%H
C/y"jN=
].CZ)}
CZ|L|iz
(*>{D?:
D>]='/
#d0om'E
d1l,6m
d))|1WJ
D2>b==
D3atNU
d#;4a4
d8r4>G
d'A8?}=
d	B;HJ
D{B}jT
\d!duf
 DE1Ri!
  </dependency>
  <dependency>
    </dependentAssembly>
    <dependentAssembly>
Der^a'
$df^*C
d|F&m$
d]&F"S
-dG1	(
d(	,H*
d]HYVG
#dI%l$'t
~{Div$
D/%(Jf
dj%[SC*
DK1@0r3	K>
dK%@,MAR
dkSx}!c
dm&C2C
<d@mv)ks
`dNh*<
/Do\d3
(DoV<Q
dP`Jl	
-&,D(Q
dQ^!7B
(}DQ8|
DQ~Q	"
D}QQ?4
%dR){*
d> ;@R
|d_~rn
D`Spec
)dtR`|
DtX,Ir
#/d/ui
 }-DxsY
dZg^|8
dzX[B,
}E/.[@
e0U}9n?
^E1Y:e
)e4'>o
"E5HpK
_=e5_u
E7N3D:4
E8{;sz
E('9l	l
'eA-3.
?_ECl2v
e CtXV7
[*Ed<=j
}\Edx1
E=E_>)D`I
Ef5T$Ap
ef97?&	`c
Efc>xrf
e Fp$T.
'eI@#B
eII0$Xs
,eIq @
Ei-raMI
{E<IU#
$ eJJ4
e%"jxIq1
e?kJxL
EKytvzfG
'EL!T5T
EM9?~j
e'oGv`{
EomK8=
`e`oZQ
e_P'Bwl7
e:pD8Bv0}LWA
Ep^<(n
eR9we?
ern`l32.
Escape
:,Es"d
{ES{f~
@EsS$8
($<etQ
evN1FmAIt
EV%RhY
EW]	5e
EW%QMYp
_&EX0O
ex68oi
E.X8ZK
ExA:$L
ExBK6w
e'@:XE
'{[e+XV3
eYkTO'
eZ0z!X?
$e=Z2i
E'zg&!QE
=E[Zq1h2s
?f+-_,
&F;2f[
"F3}l='H
<f3//Nx
F3,t!u'
f4|i8(
F5^$*)
F<71`]
f~7`oL
*_Fc4N
F>c$Z!
f=EYMw
 Ff3AN
FF9 ;m
f_f%vJr
Fgavqc
fGDO$	
Fge|+z
FGHIJK8LM
!'F$>h
-f*H*eL
FI}x5g
~{fI$'_Y
Fkzbn\
f)>'l(
flow4t(G
fMemory
FNd}yo`cm
fngx*6k
fo7EZ	
fOj0vdw
;f]PFrR(
;&^Fq0
FRk(~j
f- rL%
F"|s=[
@_fsjz
fsy_0V
]fT_^e0#
FtEVXC
@Ft=;L
.fV2bZ
$fW/er
fWGZ@=
fwMct,C
&@=FXAy
f:. ?y
*f$y:L	
=*>F'zG
fZG0*bl
G'0cY:
g0Ynx"
g1.BcNQ
*g2b17
G3'0X9P
g{3=Wb
)g+46^
g+616?x
@G=7Q 
  <g8?
',G8g<
g`At ;(
gBQup6
/gbXqP
^$g_c 
gc 0vb
%Gc4oymI)
+>GCe(
gcyy"+
!GD5b(
gdi32.dll
GDIJd59
GdipGetImagePaletteSize
gdiplus.dll
gdj|Eb
G@E"'[d@
$Ge(~r
GetFileTitleW
GetFileVersionInfoSizeW
GetModuleHandleA
GetProcAddress
GetProcessImageFileNameW
g-E^y8
g	/f/4\
gf6~<$L
}Gf^aZ
ggdo V :
^G^g_s>
GgvT-_{
"G_hEG
GhlfrQ
GJb!5D@
Gk8*9[
G-%k8V
g(ku#~
gM2kb#
gm5lk 
G>m|f1
\GnCXX
'_Gngy
g.@}Oq*
GPjHRK_)
Gr=;[%
GradientFill
g&rC&K
_g~R|e5{
@$;gRX
GTU6s\
 G"v1\T
g/V2g2V
g|X_1E<
gYthaj
&~.>_h
+$`:H,
H~1=C5
h=1{{X
)%H2#X
{h5<d2
h7SzyD%YggR
!h_bmv
hbz>)	
;	!hDp;
hD.s	,[
h~D^WC
{He[bE'D
	HeP}>
H";*<F
hG3=af
Hg\Ez&Bk
hG-Tk)
,hhKj8:}l
=hhU=D
HI`pDR
,H%(#j
hJRbL 0
hkEiJU;9
h$kVx+n
!__H+lb
H; /+LB
hL!M2Hp
[h,ly@
H'lyCY2
hLy=dL
\|&_Hm
H*	M,K
	^~Hn}
-hn"C)
HN|hgA
^>h~Nl
HO}T*]
H 	_.'P
HP,pQq\
hQ$_-?
`hQyA/;rr
\^hR`?3"
 $HR|PP,
hs_]:f
hsT2SV
[hTLKqPp
htn"V<
HU?Y>L
hvjzZ[6
HVnZ|X
/HV	{U
hzt/fX
i2hRxy
I3`Iwb
I5'-'a)
I6}gOk
i[6jw^=
I7Jv-{
#I)83	X.
,I8.r`
`iA*)3
Ib_c1J
}I\	#c
Ic";Q 
,I|d D
if&)U	
@>.'IG^
IGJ-Qi
=,:Ihj
ij/=l$
i+Ke[W
iKv)AD
iL)<b5
IM{j?U
I_]}mPo-
{ImttX
INrFtA
InternetOpenA
IN}@]w
IProdu
ip@)%x
$#i\'q,
iQmzj!=
=~$iR;$8/I
irs&($
IrZ~ai
IsA<sSWU#
I;Sb~c2
^IS{d4\y
!IT=n7
?I[U4]
_	I{U<R
i$vbZuG
IV}jhbZ]
)=IvSX
iw'-Qv9b
IWwz@bP
I=yiNz
?iy?j~\'&
IYO2jZa
iY!]@Oh
IZnvg?
j%1j"1
`J*!2{
|&j2Ds
=j36?^
(^J3V.
&%J3V'
j4j!gU
|j5e#x>
"+&_J6
j`6	|g
j[~6zh
j7$g:T
J@|`8M
J*	9-I
J(a5V~H
j^ADe 
+|jAr>vYq
#Ja~ZA$_
JB @dHP
j.,B=s
jcH7#Dh
jectdi
j(_er0
+jf0B)
]j#fp`
)J$fv%.
jg'22`E(
JgG=hO%B
j~H'5_
&j@H{J
jHk,f8
`j,J=+
JKjR2| I
jk}P\8
~J	l@l
JL)szg
jMXpOG~.C
{JN[6#
JNoO`Xy
j~NU"+[
J@! Ps
j=[Q7+d
j$QUA'
?JSazaG
JS?~B9
+jTb\A17
\JTP=ZS
,ju}&dG
jURh>L
	JYF[/U
=?] @k
k0@@|L
k3f\[*
_!-K!5.O
kaSLt	I
|KbL\\jR?48
kdx6TJO.
kernel32.dll
kE$[YHl
kfl:{kV~!&V
"KfVU1)
Kgek6a
:k!h{-}
KHH4_+o
<Kj$q'
*k!_k>+
:<kk14
,kl-#E
K&L?Xy
-$	#KM
k]	mPy$Zj
knn:wrT,
kn-z8u
KP>T&#
]~KqEH
}kQ'JI
K)%]qS
Kr	?"[:
Kr]J'j
<Ks,_e76
kSu*Vs
/`KTYL
ku*fiD
 kUY?J%u. w'U
kV4?e%
KVVnlBY
K<%'xD
K(y9A`uT
;<KZ"]
k>/)$:z'/av
L'!~;#
L0>7*p
l0DUMpw-
L0[F*`
L1EH}EgM
%l2Gsn
(l&2YF
l3=E/+
L)5/Gm~3No]
l5oS]a
)L7G[)X
l/8v\D
La6<SmMB
lae"CrBUL8
la~HKId"z
LaWw3(
LBL#^k
l.}(dd
lDrp=2
Le*hEs
!lEyJZ
l'_;*!f
;`lgF 
@|l%HB
LhF$Lz
LHg.MT
LibP1 
!LisNe
lISs@w
,L(KPl
/$,+]ll
*L(L/<=
LLL~R&
*L	L<W
/$^]lm
^lMH$ng
lNUVD+k
LoadLibraryA
l@ofn.
Loh|"6
%lpbj[
'LpZdy
lRo-db
lSgKEb)
.LsM=^
lsvFEkV._
LT\KmB
ltV\)w
lU(R^7
L	Var	
l/wQ`D
::#LWw.rJ
	L{[WZ
lx3rma
lY.56_
/Ly-6!
l^Y P}
{:.+m,
M #1=]
M2bp!7
M5ao.ho iK
m6c. ck
;m.{6N
	M7WXd^|
M9c]&]
 m9Img
m9ssHe~
MAz3'|
mcj,Xw
M>e`P*
	;=mf3
.m/gr5
Mg{zU`
mJDL5`9/a
~m<|J(	}n
mJX7{i
}MmINL
M^NgV0:
{mOK2Y
)mo[n9D
<M}^p4
m*p826
|MqZ@Ap
Mrd[uM
M>!s]E
msimg32.dll
MSrB\g
mSsJ}]4
	{M??u;{
mv3N?<J
M:V;\<l=
my0KK%
[my9?;.
*mYuZ,^
mz{>.y
.N=6{t
n6y.Ts
N7Bvdv
>=n^80	
\N*99E8
Na4G:G3<
Nbl1GC
nC53xe
N<Cbd5f
nD`x)o
N#Ew5 l
nF4}HH
{ng)a!
Ng?C8)
N@%GV|D
n~H&24p
Ni%m& &:
~+&,nJ
njI(uX
NmAQEbK
no^^J7
N,;O>Ld[}:
NOng{g
NOPQRST
?npx=rS
nrTqwK.
n%Rwh6
NS.<E^l 
+n}T/I
\$NT|W1r
n	 u9D
n\UXXV
>nVs?E
nv<vm;6
NW-+2I
NX[N{u
NyiFG~
/>&\o`
].	=:#o
\o:'.=
^&O%	%
_o/	2*
o4pf?,
o6;:!~
@O70j@
(O7q"}
O89~oe
O~8r1/4
o#9;2P
obA^Vz^m
obH15?V
\OB	iN
]oBS>f)
o\++cW
odeInvf
OEDA9b9?
%'O FP
]ogr$c
 #	|O:gv
OHhl`N
Ohq).=Gh
OhsLCT
O	h'WVAT
oI{k($
OI[NE)
?OJ$R.
[OK{tBq<
ole32.dll
oleacc.dll
oleaut32.dll
oledlg.dll
OleUIBusyW
;'O/]m
/&oMi/K
o{No/$<
~o"N|"q
OpenPrinterW
@oppSIO
O=qlk"M
ORPU\Y
O.rV!2A
oS8UsS
/O{<sR
OsWR0Q
&O&TY6
~OU8E7
O"XDaj
\oXJ1Ug8
~OXR3KoM
oYDu 2
O/Z&aC
!P0C1$eZ[C
?P]~1"S;@
P29!49M
P2C7,1
p$2FHqH
	p4~$v
P5?GJ4Z
P5NS0-
"p6k}<
P6Mx]/)
P72	l`C
@(P7rHrGm
p9)cZp
p9)[g#
paf(QIZ9
*p%agB
@PAkXL
PathIsUNCW
	pb:""
[p*B9p/~
pB}}gY
pByn\}
P/c/RX
;pDNv^
pDT:ju>
PFmB)zU
P--F]sZ
Pf,ue	UD
pgW-_ PX
pHIHkJ
_PHUR9h=
PI6(X#
Pi|AWOz
P/L0@!D
pLG<DnI=
pl*gpt
PMxKi6
P N8wt
pN@kbq%e
pNNfz}:(
(PnU!Y
_,poFGy
p~Ox8Q!Fp
ppJ+WU9n
pp*]=sN
!<pQ|hj
pqrstu8vw
PR*]a ?]
printf
P%"S:_
@PS@3)
psapi.dll
PSz{v:
pth(VS
]P|t&R
p:_uC:
PV5~x(
	!PVMx
'	PW'8
:{{P{X{`
pYRCRs
P#yR=,x!0
|PZV.=
q!<0=\
"q1B%;zER
Q2C%jP0
%Q3E<"
q3sWu.cwm
Q$4>;>
q6|lX}G
@q74<V
Q9(Bms
qbEg?v
QbLmULV~
Q{CNlB
.q>$cT`
 qd8A7
/qd\/c
QeRj%Hy
!QFa$od}
Q+\}#Fz
Qg=xVW
Q_<hS2
q!HxN2m
Qi0z}@
QI.1>3
=QK[['@
q%^K2v
qk/cvln
q}\,Kt
QKwq,.
] qKz%7A
q`l\4j@
qll})`
qOk;&HG
q"pZEH
qQ}9"G
%qQ*?J/n
'QqT[-
q(SHGpG
QS)m;H
%q<sN-
qspiZX
q	S,`V
QT4tpu
QtqTB^
\q+.;u
qV=w6g	
qW1	!3C
QWph?K
Q<XIc4
qxII}O
Q@Yy2uZ
QZ%o}Z
<% .>,r
?R$%:$
R?0 ocV:
r-12AC;
]r2L`(
r2-t` 
:r3c[~
r7ICp<b.
*RA7&<P
ra	Bt08yS
RaiseException
?R^a$j~
RA#Qi\
:.;>rB<
Rb/%9Wx=
Rd|&	9
RdCM;K
<"RDht
R"\Djx
rdkOLu
RegQueryValueW
@r'E(Gz
rei:`?x
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
      <requestedPrivileges>
Re&sVA
Rf;6b 
rFK&aC-
rgpC8bw
RGtvs~
|(R{]h+
rhg!lg
 Rich|
'r(iV!
RJ8J:B
r/_$k8
R!K/T 
R\L=^/
R}LUEge,
.r'm_CD6
ROI0+Z
rP!BTy<
{rPd~+O
+RQ +I}<
r&.R%K
Rs/F(p
rSgj/|"
;Rs,N[3
rT0EA1
|> ?r$t(P,
;r&t.vnx
rU8: J
Runtim
RUo7sP
RUu$?O
RWU6z;
RX1u<9Ix
R$xaZe8{l
rXtYvZx[z\|]~^
,ryA_B|
rZ.7feZ
 rZgH&
r=zwaQ
@)*S/{
S@$\$[
[s-*0	
S0Q^N@
S?##1l
S	$1v~
s2DGF[
s44Qoh
s}AB,{K
s/>[$B
s;Ch(^:
ScH<u$
ScsiWqt
    </security>
    <security>
_sEjkC 
sEJm5:
SF'(17~
$sFt47|
(`SFviU4
{SG4T 
sh6(<N
shell32.dll
ShellExecuteExW
Sh	|i|
shlwapi.dll
{sI5Wx
"Si[wNuy
/^SJcR
sKD}%^
s?^K~s
s|Lc^y
	s`l|E
s'M}UT
sN?!2n
sp Rai
>SQ>CB
(Sq Co
$s] =QHd
S)~qT<
SQWRVvD
sR.#|Iuh
;SRP0NNF
S?sU[2'
stomIni.;
SuUE`]
S:]V#[
#?=s/w
=->S?w
$[|`Sw
}S_W[l
sw	Puc5X=
{:[:SX
}-SxeA
sx>sr@
s)xY[a
~Sy![+
syLAjs2
)T2ON:
t3u6@R+\
(.t40G
t7/Lp X
-t]>7RD3
)()T!A
Tb'R,Q{}
:&~tc7
t<&Cgw]
(tCK:H
!]$Td;
TDd\wS
t	ds'f
td\tk9
TEhFuy
te?|Q4R$Ag
TF69(r
-t}{G(-F
=TGoKp
TH\3{5
THanLd	
T=he(p>7du
!This program cannot be run in DOS mode.
T<i%~\@
t%!itEU
	{(TixP
tj\?b^/
TKR&Y(
tLjD>f
T?m6Kf
@$TMul
;[Tn"B
tnvvx~
ToM1ul
tON+SL
)\Tp&8k
tP8syE
tQKS^'(
Tq$y2M
t@r\3%
_TrackMouseEvent
TR<J6T
T]RoMM
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
)&tSw(4
TT5:Mo
ttD2]Y
tTmw#"G[(
t-vO^[	
twarKe
t"WeZ$
tWHu_w
TYWrUK~
T^ZJBy
:tzn^/R {
tZ@R8c
t"$"z{<Y;
*+	,-./u
|)-,U}
+U[@\'
!U#2`P
U3gPQi;
^U6<O9r
u6%yjl1
\)U91~K
U-Ag?b
uBgEJt
Ubxg{N})
Uc81dq*
/~uC+g
u([CQIrJ
uD4e~\
u?{dP8
~\u@E.	
u]Ecya
&uF:E*
UFIH6_
u(fJFc
uge?GX
Ug=v@x
^&UGXy
]}&U(I
;.ukVw
?ul,?`
U=LwiC
&'u`.M
u#mW]F
,u/Mwy
un<$*)
uO`7}	
'|u-O:h
uok6x<%
u[p(x~Je
uQ[d6rg4
U-.rlwF
user32.dll
uS~X0[
+u"%sy
?utGO>
]uT-m$
?U;u/3
u	V#]*]
u;v~$_p
u+w4`)&
uWB#*}
UWn5:p
U!wO'9k
ux'fVK1
U#x)-G
;u]xha
`@=u$YJR
;uYVf75
@#,|V<
V0_"Jj
[v}1[F
V_}1I`t
v2u1n[
(v6aTT
}V8GJ/
V8\=Jz
V)8prP
~v'8?t
>V{9*v
VariantChangeTypeEx
vaZxXZ!
%vbIRV
VC61AS*X
vCiTZN)\t/
/?vDc'bK^
v:d.'x9
version.dll
v=Fp8Y 
v"]fPa<+
Vg#I'}
vg->|U
Vh-Dk0R
Vh,If=
VHiYLf
vHL{A!
vI"1, 
ViGtua
~v|.{J
VjBqMh
}VJh-VD
:vk`r-
,VL )J
V#^L]N
\v$l{p
#v@:m]
Vm'paz
VN5Ws,
%,_vnc<N
V*OpGK?
vp4U*qF
v/p<\&6+
VPQ(]y
Vpt."h
v-q?%>
{)"VQ^
V#Q;\91D
v{~|?R
v]=sA*fqjs
v_|SCe
&,\vSVZ
!VT]NV
v<:ts7v
-VUfA%
V~ us'
-V)uzQ,
VV'CSl8
v!w(#/
(("vW6J
^.VwkK
V*X+\k
vY^{`<
v+%Ya 
VZZ:\T
;w-49"?
W4pUIHm,_
W4{	xN
.W@5:4
W*5!k'}
w5myo>h
w^;6	|
W6`/f`
%W6KC/N
-:w`6w
W8&rW<
W*a6rN')/f
:wak3[
Wa{`uW"
w bhVi
wBo/27
W*$Bt8
wdML[Yy
wfqy`K
w|g2a,L
Wh	DY\=
Wh OZ[
{whuS>W
wininet.dll
winspool.drv
w^Iu#B
))W*J~
;w,j@7")
wJSXzn
wjy<t:
;:W=N?
WQ|,eB
WQk1>'0l?n
'wq*uBf
\wrv~9)Y
W&S 7kT
wt<@:8Q
@wtCuss
)wu;fa
w<|U{j
wxM?CK
$wxXtHJ
W<)Xy~
Wz7}!h
/~Wz8V
w{za6'
$)W'ZN
x)2+QV
%-x2ZK
x4=:9E
x8&3}v
X8m'/j
?XbP!G{X
X{<*/c
xd%`$Kf
XDsP91
xE!{%4
x?eho',
xEK#"I@
x&eo(Pq
x=EwGp
&XF#utGR<
^`XHS>
XI08[pr
*XidV%b
[;#(Xj
xJ88>2l
	xj<h.c
x|;JMD
x+ J@Od~A
xJzR|Z~b
x=]:KF
xlAt\e m
*xmdm:
 ]XMU&
XMyn=!7
~XnmGl
]XOMo-/
Xp8`sz5
X`pf),
X@P%^@t
-\xRDV
X)S}0}X+S
X#Sx3Q
xSX&zp
xTxJWS
[XU}]A}
XUTY	EYvj
XVbHR6
=|Xw}S#
XwX{uo
Xy_l=`
x{}\yz
xyz0123p4
xzD=wO
x@zH|T
XZ	lh"
y$*'~*
$Y%,#	
 Y~4;DU
Y4ie	 d
y5	|#,
[^&Y.5
y]5~8>
y">=5X
Y69P.Zo=
]Y/8Y.-Y
	Y|9<`
Ya@\O"
?YC;`k
y,Cy;W
'y}FfU6
YFG6yvq
^yG%;B
^Yhdj5^
Y\Hk~E&GH
yiJIu&
YjGcr(
YJ{Z/r;p
=YK<,_6
Yk-(>h
ym+@1s=
.y.mY,
YMz}e0
YnG&=0
yQI|($
Y-|rDT:~K
YrM}V-
YRrXaJX
,YR)xN
YsWrbL
Y'?vJ4m
Y(v^Q31
yw4O**
yWa e)E
y\=x}1
Y?	XG/
-Y^X%pK
Y.YF,5f
yz$a,w
y -zli
+Yzt3!e
Z0bB?/
z1]E62
Z1nO}f?
z;]1/X
#Z3'Ww
z5'DXXF
Z`6	8!
=z9bul
Z_9F!?
$:%z9O
Za*bmx
zanRCY`W#
Z<>B=</
zb12/r%
ZbARG=
	zB"h#v
ZCPLwk
Z#dd"x
Ze.e<C4
$zEOu7
=zF"mqJ
+Z'f*V@%
*Z	h7I
zHvv1[w
]ZI0D	BHe
^[$zJ4
_zk(>0
-Zmg+,
z(`mWfu
ZnJ{D=,[
@z=|O<[
z	o,>b
ZotK=L
zp740::
$\z;Ps
Z<R$nO;
,zs-}c;
zs.g'`
_zs(hAbu
%zTE26
ZTU}W	Sb
!@?zU"
]>=ZV =
;Z!=Wh
Z>WWR}
Z	X':2
Zxj,N;
^Z_,Y[
-ZYi\\`v
ZY}_r8
..Zy@s
zZw<BlB