Analysis Date2014-06-30 05:57:40
MD5e4f22f5fe0ea51e499ada5aff9926443
SHA195d4f774bf3d5c63011b4573f98459ccbb0ba4b8

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 2cec663f64ef38694dc96bb9f9cb766d sha1: 2dbdbdd2ed424eee11fabbaea787af436a0ad31f size: 23552
Section.rdata md5: db16645055619c0cc73276ff5c3adb75 sha1: dc47890e999d881a550428f04282c5d35f6928d9 size: 4608
Section.data md5: b9d0aa986d9e766521436f5ad38cd7c5 sha1: 927742031a036d01bac195a0e1bc24228a609713 size: 1024
Section.ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 2f2678dd9e97ae3fdffce33f180dbf60 sha1: fcbefa25078686b0ee63fc88b160a141eeb14240 size: 2048
Timestamp2009-02-21 19:46:23
PackerNullsoft PiMP Stub -> SFX
PEhash958f870eb619b6fd40acbba7c22ed56387172337
IMPhash099c0646ea7282d232219f8807883be0
AVIkarusTrojan.Win32.Jorik
AVAvira (antivir)TR/Dropper.Gen
AVArcabit (arcavir)Gen:Heur.Conrox.2_Gen:Heur.IPZ.6_Gen:Variant.Renos.17_Gen:Heur.Cridex.2
AVEset (nod32)Win32/TrojanDownloader.FakeAlert.BBT
AVMicroWorld (escan)Gen:Heur.Conrox.2[ZP]
AVK7Trojan-Downloader ( 004cba6d1 )
AVEset (nod32)Win32/Olmarik.AMN
AVTwisterNo Virus
AVNANOTrojan.Win32.Hiloti.cduhm
AVBullGuardGen:Heur.Cridex.2
AVSUPERAntiSpywareTrojan.Agent/Gen-FakeAV
AVFortinetW32/CodecPack.ATMJ!tr
AVBitDefenderGen:Heur.Cridex.2
AVBitDefenderGen:Heur.IPZ.6
AVTrend MicroTROJ_HILOTI.SMEA
AVMcafeeDownloader-CEW.ao
AVCAT (quickheal)No Virus
AVNANOTrojan.Win32.Tdss.ccnzm
AVWindows DefenderTrojanDownloader:Win32/Renos
AVZillya!No Virus
AVEmsisoftGen:Heur.IPZ.6
AVBitDefenderGen:Heur.Conrox.2
AVF-SecureNo Virus
AVAlwil (avast)MalOb-KD [Cryp]
AVMcafeeHiloti.gen.w
AVFrisk (f-prot)W32/FakeAlert.PQ.gen!Eldorado
AVEset (nod32)Win32/TrojanDownloader.Harnig.AB
AVIkarusTrojan.Win32.Tdss
AVAlwil (avast)Win32:Cryptor-A04
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Renos
AVAuthentiumW32/FakeAlert.NH.gen!Eldorado
AVEmsisoftGen:Heur.Cridex.2
AVArcabit (arcavir)Gen:Heur.IPZ.6
AVArcabit (arcavir)Gen:Heur.Cridex.2
AVGrisoft (avg)FakeAV.NZB
AVAlwil (avast)Cryptor
AVSymantecTrojan.Gen
AVPadvishNo Virus
AVBullGuardGen:Heur.IPZ.6
AVKasperskyHoax.Win32.FlashApp.a
AVFrisk (f-prot)W32/FakeAlert.NH.gen!Eldorado
AVAuthentiumW32/FakeAlert.PQ.gen!Eldorado
AVFrisk (f-prot)W32/Dropper.AM.gen!Eldorado
AVMalwareBytesTrojan.FraudPack.Gen
AVRisingTrojan.Win32.Generic.129CDD27
AVKasperskyTrojan.Win32.Generic
AVEset (nod32)Win32/Kryptik.NBC
AVKasperskyTrojan.Win32.TDSS.rdlp
AVMcafeeGeneric Dropper.va.gen.v
AVArcabit (arcavir)-
AVCA (E-Trust Ino)No Virus
AVAlwil (avast)Win32:Cryptor
AVAuthentiumW32/Dropper.AM.gen!Eldorado
AVFrisk (f-prot)W32/Hiloti.R.gen!Eldorado
AVVirusBlokAda (vba32)No Virus
AVAuthentiumW32/Hiloti.R.gen!Eldorado
AVNANOTrojan.Win32.Kryptik.ccxne
AVAlwil (avast)Cryptor-A04
AVBitDefenderGen:Variant.Renos.17
AV360 SafeNo Virus
AVDr. WebError Scanning File
AVEmsisoftGen:Variant.Renos.17

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\2IC.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\1EuroP.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\6tbp.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsz2.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\3E4U - Old.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\e4u.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsk1.tmp
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\e4u.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\1EuroP.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\2IC.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\3E4U - Old.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\6tbp.exe

Process
↳ C:\WINDOWS\system32\cmd.exe /c del C:\WINDOWS\system32\svchost.exe > nul

Creates Filenul
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\1EuroP.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat

Process
↳ C:\WINDOWS\system32\cmd.exe /c del C:\WINDOWS\system32\svchost.exe > nul

Creates Filenul

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\1EuroP.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\\x03\1806 ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Process"C:\WINDOWS\system32\cmd.exe" /q /c "C:\Documents and Settings\Administrator\Local Settings\Temp\Ogf..bat" > nul 2> nul
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\2IC.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\4.tmp
Creates MutexDBWinMutex

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\3E4U - Old.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\nsp3.tmp\6tbp.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Qvunovisidub\Aweziwoji ➝
NULL
Creates FileC:\WINDOWS\mfapori.dll
Creates Processrundll32.exe "C:\WINDOWS\mfapori.dll",Startup
Creates Mutexffdf3db6

Process
↳ C:\WINDOWS\Explorer.EXE

Creates ProcessC:\WINDOWS\system32\svchost.exe

Process
↳ rundll32.exe "C:\WINDOWS\mfapori.dll",Startup

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Qvunovisidub\Fyajow ➝
186\\x00
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ybikiliyo ➝
rundll32.exe "C:\WINDOWS\mfapori.dll",Startup\\x00
Creates Processrundll32.exe "C:\WINDOWS\mfapori.dll",iep
Creates Mutexadce4bd2

Process
↳ C:\WINDOWS\system32\svchost.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\DirectDraw\MostRecentApplication\Name ➝
svchost.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\jmohv.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\hhckoyg.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\wdux.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nrlv.exe
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\hgvngcs.exe
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\-1067872246
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\gysg.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\vdcm.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\xdsf.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\mhshghx.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\lxfy.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\rsftl.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\jmohv.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\hhckoyg.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\-1067872246
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\gysg.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\wdux.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\vdcm.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nrlv.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\hgvngcs.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\mhshghx.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\xdsf.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\lxfy.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\rsftl.exe
Creates ProcessC:\WINDOWS\system32\cmd.exe /c del C:\WINDOWS\system32\svchost.exe > nul
Creates ProcessC:\WINDOWS\system32\cmd.exe /c del C:\WINDOWS\system32\svchost.exe > nul
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSabminute.com
Winsock DNSbbfinity.com

Process
↳ rundll32.exe "C:\WINDOWS\mfapori.dll",iep

Network Details:

DNSrepubblica.it
Type: A
213.92.16.101
DNSseesaa.net
Type: A
59.106.28.139
DNSseesaa.net
Type: A
59.106.98.139
DNSyelp.com
Type: A
198.51.132.60
DNSyelp.com
Type: A
198.51.132.160
DNSvoodoopix.in
Type: A
DNSgrindbuzzchat.in
Type: A
DNSabminute.com
Type: A
DNSbbfinity.com
Type: A

Raw Pcap

Strings
 " "
.
.
............
E
msctls_progress32
MS Shell Dlg
SysListView32
*?|<>/":
0!3d}_
07~>]}
>09hj?
0[&nKz@
^0S?USQ
"0VL\xE
1*6,.Q"
1,*dSLl
1e*>Rx|
!>23Kr
2}*"#A
2(DyJP
(2E@xg
2GLQ26
*\2^Jff
)2&=jU
2M?Ye~
2P0,gf
,2tZKG6&
310cjA
}.3(A$
3fh:j;
3WA:F|
$3WG#/bZe
43DFA,
4`D`yk
4i?>VR
4/pn|X+@
(4s%At)O/
4V]CI=
|4VWmA
_|4Zs2f
%%5GT#
5I('$i}
%$5n0c
*5=p3i
:5!	Pg
|_-5vd
5x#qEqe
6eo_{.
/6G%yL
^6JDUF
]6KO\'
$6Mt."Om
6o_DZ7
 6rx>.
6sxMQ@
7}14_<
{79k`x3
7#^e# 
$7J>D<)e?/
7K6jc3
7mda1#
7Ro;8O
^7#:RQxP
7<y5_,
7^ycdm
7Z80w:S
 8>a1<
8/Iv+~U
8NCRCu
|#8-QH
|8qL&.
8QU+D\
8w/;x'5
|8)XS?om<
96YS#H
9<97L_
9oW1y%
9pfT p
9S{!\j
"9>$ws=
A2D{!(
A3-<PJ
+@)aB@
aC`>.L
]a,DG7
AdjustTokenPrivileges
ADVAPI32
ADVAPI32.dll
A@;E |
\ %AG 
aGu0,G
A jai4e
&?aklX
>A$kU@
]a\}mND
a!#^N$GEr
AppendMenuA
At.}({Y|
a`;vem
A+>_XQB
b2qt)/
B2	SrQ9
(b*]51
(B5BNYsp
b)609Y,D
Bd,pJD[,
BeginPaint
b@iAi=
	B(iTK
B/';Iv
b&Mb	]
BnfbV7
>bNN&3
bPXN7U4
)/b?#q
\-BSlZ?
B#UNTAW^
b:y~-Fj
&<bZu^
C$!"<,
CallWindowProcA
,<\\^cDl
CeOL|T&G
:Cfh/<b
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CloseHandle
CoCreateInstance
COMCTL32.dll
CompareFileTime
Control Panel\Desktop\ResourceLocale
CopyFileA
CoTaskMemFree
co){Xh
c-	,p+D[:
C/Q8:k
,cr*1$j
CreateBrushIndirect
CreateDialogParamA
CreateDirectoryA
CreateFileA
CreateFontIndirectA
CreatePopupMenu
CreateProcessA
CreateThread
CreateWindowExA
;&C^-s<
<C|u2b
cv<lt!n,V
cW!/M*f
`<?cx,
... %d%%
D$0+D$(P
D1	+/JJ
D$5<"Q
D@a^d2
@.data
 |(-dC
D$(+D$ SSP
.DEFAULT\Control Panel\International
DefWindowProcA
DeleteFileA
DeleteObject
DestroyWindow
D_Fa)'
di%7s{C
DialogBoxParamA
DispatchMessageA
@ )_'D#{l
&d{mT_v
DND29f
doN.0@
dpP^pP
|^d}?Q
DrawTextA
D$(SPS
Dv|w?g?
dWa+9.w
D{W>=o
Dw^u&+5P
DzKS`H
[\E;	>
e5>;2dg
e6SylO
/E8+_\Pa
Eb_:;(
eBTLpP
<eE_uS
Ef?`ST 
E'IDiC
:e+Jfc
!e|:/Ki
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
E@n.XF
Error launching installer
Error writing temporary file. Make sure your temp folder is valid.
eU;t5A
E$UX9t 
ev<a- Jf5`
ExitProcess
ExitWindowsEx
ExpandEnvironmentStringsA
eyT}(1&
F4	6z*
F- 5ub
~F'Bp7
,F,<D7
FHk2{w>@
(-fHq,
FillRect
FindClose
FindFirstFileA
FindNextFileA
FindWindowExA
fn\H48>
f!oF|F
(FOxEq
FreeLibrary
F$^}un
fVg	~?
\FvHyR
f;"yTp
FZ>D 9Q
g2pYI8
g3:_^O
g69+^^
gc+Rg!
GDI32.dll
g:E=c0
\G.e'k
GetClassInfoA
GetClientRect
GetCommandLineA
GetCurrentProcess
GetDeviceCaps
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItem
GetDlgItemTextA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFullPathNameA
GetLastError
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSysColor
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetWindowLongA
GetWindowRect
GetWindowsDirectoryA
gk>Ii7
Gkl~$S%
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
~g/LQ_3
_GnR|$E
GPus1Q
G%Tf8+
GU#;RiYv
g_W\y-J-
GY)jXl
h1|K~)
>=h1k"4
H7fh0K
H<$bmXKBD
:HEUA9
>"`h]h
{hh7xB
HJwQRq0
HOk@#v
Hp5V8t
Hpt:H6
h)q- L1
_hT*;}
htH`Dd
http://nsis.sf.net/NSIS_Error
;hv1mBlO
H'w/vCR
*H/Z&e
h{@ZF #
I&5Rjk
I"\]aABpL
I:"DcJ	i
idF|p>L"
IHu-+2<
)=^i.i
}[IIG6;
$IL)%}(n
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
incomplete download and damaged media. Contact the
Installer integrity check has failed. Common causes include
installer's author to obtain a new copy.
Instu_
InvalidateRect
iNWYBo*
iO/h<}`
;|&IOT
^.iQ;W
IsWindow
IsWindowEnabled
IsWindowVisible
@IUrS:2
/+IuzGJ
iz!%?)
[!}J{~
&'~}J=
J|~^&?
'`j|8$
jd	m-t
je2e7G%"[Y
	Jg3Yo
jg,[Pd^
jn[&u(
JPO,^N|
~jp#yU
JQ !";*
jqbNc~:
_.jt[ 
/j!Vc|{e1
jw3-)3%
JW8j|/
J"X@~ @jU+
=K1ak-
K5z)wL
/k}_7=
k8a@M#
&#K9]a&|
ka%B5bX7
k);C3(
KdTy4z
KERNEL32
KERNEL32.dll
KH!LWd
@kHMaH
&K  i)
`Ki3P|
kOdZJm
K~R}LId
KRq!M~s
_k`rV)
KT5=|L
K~.uIN
K}v,)O_tx
KY3JeD
@kYC=>1Y
:+)/kz
l|3%	;
L^4|B\c
'L5'"m
L(67Q<
L83Dp9D<
Lc64OB
l<"DMv
'l	Ey{
lG-zC!
l# JAh
l&?=K*o
?l\ls<u
L,*M.x
LoadBitmapA
LoadCursorA
LoadImageA
LoadLibraryA
LoadLibraryExA
  lOE%
LookupPrivilegeValueA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA
\_lY'R
L+zcug
~l<Zw@
m!=1!k
m1ZgU2
MessageBoxIndirectA
\Microsoft\Internet Explorer\Quick Launch
mi)<I9
m},Insk
mI(zLRg
ML6YeD
{Ml{=jC+
M=l$K%
m<{!mjD
$mM$k9
m.O{)``
More information at:
MoveFileA
MoveFileExA
"/MR]	
mS)P3G
Msq76L
m{-t;6
mU7Z6-Z
MulDiv
MultiByteToWideChar
mu_v'u
! ,/MV_]
M?\YM0
MYP\Dg
M:z6Y\
n1:MhB
n^|_2" Zy\T
,`N7x5]7
N9v`kz
.NAKw*
n^[<b_
N*B"_Y
.ndata
NDQ[b8_1
*nJ=s*l
nkv)o0FLlP[ 
-=nN'/
nPz  *
NSIS Error
~nsu.tmp
NullsoftInst
NulluM	E
nY%cXY
	N"zPj
{;o3|$
/-o"9W
-)};OG5(F
OIS:2iO
#OL`9Q
ole32.dll
OleInitialize
OleUninitialize
OpenClipboard
OpenProcessToken
O;%([S)
oTLo^v%
oU7Dl%
"ov)+9
O!&!ww
(oz;Sz
P0-A|(Y
pbL#Ea
pe-5%HI
PeekMessageA
_#"P{H	{!&
~pL,&F
PostQuitMessage
PPPPPP
=pQfZW
{Pro#+M
}p@upZ
,puxfm
P >;x_
`p]x|6
PxfIrZA
Q.1)F(u!f
/,Q3co
Q&9]E\a
~q!|ae
*Qafp7
qDjlOy	
Q%eiL%s
Q~~Gms
qHkF$O
qj(?![
q<k*-_
_Qkzt	
:Q!m,5
+Q@pL`
:QQ(MM
qqtp8f
Qt"rkF
qu35L>RB
%@Qu*D
Qv2}dI,
Q}VGKg
,Q=z~h
QZiI%X
r37uHX`
$)R	B	
`.rdata
ReadFile
-REcJ?
r*E$FZG
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegisterClassA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RemoveDirectoryA
[Rename]
Rf!\{&
+??RgpA<"
rhq{2$@
RichEd20
RichEd32
RichEdit
RichEdit20A
rkYc-_
{}[rl8
R'N53f9
rojVE2"
`RTnz+
 R* T"w`
r;^%vo
$-rw=c
rx104p
RX7l{-YkWK
RxBs+*
|s'2lz
s"4qxF!~
s7 S?H
S|8sz^
/S8v r5
sB Duy
ScreenToClient
SearchPathA
SelectObject
SendMessageA
SendMessageTimeoutA
SeShutdownPrivilege
SetBkColor
SetBkMode
SetClassLongA
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetForegroundWindow
SetTextColor
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
Sf	&rN
Sf`y?qa
%s!H	:
SHAutoComplete
SHBrowseForFolderA
SHELL32.dll
ShellExecuteA
SHFileOperationA
SHFOLDER
SHGetFileInfoA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLWAPI
ShowWindow
}SJl|L
&SN]}-
S&n3kx
softuV
Software\Microsoft\Windows\CurrentVersion
sP8qP)
SQSSSPW
s}S\qK
su\2b# 
Sur"5kA)q#
S.x`'(
@SxQ6]
SystemParametersInfoA
<_s=YV~
sZr.E,
> _?=t
t +4zdF
tcL{*a
te~'EW
-t_Ev0
T[fhXv?
T)}gwU.
!This program cannot be run in DOS mode.
)tJ1&Q
t@`?Ln
^TLy~q
TneK^#
_^[t	P
tQSg(f
T$(R\?0+@
TrackPopupMenu
TRR1L%u
{T/Yph
U28\kS
u49-l'z
u6.aV(
U9xj>y
u&*.AA
uay$c$
u`c|N{QN
U?dfaA
uDkX)h
u/hUHZk.oK
u.jf.1
U}js<y
unpacking data: %d%%
| 	}U&|>Q
USER32.dll
	u`Sj1
%u.%u%s%s
UvOmdj]
u<xynFW;F
,v1V&p[.
V9$7rV
 )vDAm^I
verifying installer: %d%%
VerQueryValueA
VERSION.dll
;Vfa2C
#Vh;+@
		-Vh$
"v{#i,
/:=vlo
];vMbyZ
v(PpP[e
v$PTmu
V/-PWT
{.VQC(]
vSOru(E
v#_y?'
!v/Z,^
>|vzo7
w0~9;62
@/w0y_
w3t_f\
W5na:k
w&6-:$
: ]|W6
W6]^u_H
}>W8}'
WaitForSingleObject
".w$aO|U"
Wc:BSy
wFK<)~
&w(h:>
wI#A"Kzr
w==@I^f
W(k8Yas
wmNFmf
w_m:Z;
WQ2BYK
WriteFile
WritePrivateProfileStringA
wrk] el
wsprintfA
:w^,tv	
==w{U{f
wwwwww
wwwwwwwx
wwwwwx
#W%yoSFh
X,3:Bn
X5/Qc@J
Xd?f84
X*dh7UX
{x+g,`
x;_.Gy6
x=H41HE
X,@mvm#
]Xnp$j
xO4|NZ
%X*]os?
Xpw%8v
XQ9)f7
Xqm1h$P
=Xs`i7
xvlHJl
xwOoo4
xYm=^U
<<?y^	
y(0Pe%
yAR*x 
y)by|I
Yc(Y)Jw
y+EG*3|%
"YG%o9
Ylg{jJp
ynu_XY
y"uik;9
_"-yVr
yXcS 0
~;Yy#wn
`y="z}O
z{4x:TO
-z_]%A
zg0vgfR
Zg;gk;
zglJF-
zI/2{'
zjtb6_
zjVqIS
ZK7~__
(zKo~U
Zl9Biz
ZMv8("
ZNf5Y<
+z<'p<
ZPuP7t2G\
+`:Zq7b[
zwah4S