Analysis Date2015-12-07 21:31:05
MD54b91048ee91193e4f830dd333f757649
SHA1aa731e74a87c551d23e9b9dd042351e3385168f8

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: df27c08ac85cffc71d7a5adfd1e18aef sha1: 5e1704a20d519b3521c879b141697b08778d077c size: 40960
Section.rdata md5: dadbf048d26d4784d37163ef5d71d68e sha1: e7a2ab07d2c8779d43a29d19e6458f3e3d1703ee size: 3072
Section.data md5: 162c2fa4daf8d2ce64e45ea98a69bf9e sha1: 55339dbf535bc022d3e06bb711c33bc66021f645 size: 400896
Section.rsrc md5: 30ec81cc38e2cd24266b241c67b80d6d sha1: 7d54bf7f6ea92a7504d03cccf5c9626fdbfe9c7e size: 1024
Timestamp2015-11-08 19:46:37
Pdb pathd5oV67V8Q523xOS17H7q11pN0n3k59Fa54hU25SDauEz0eNlxb56Et8321k92r2g5p1h19g1HC274VsNW2ti33N1UG7o8eV2x3S8Q5g6bWH6nL6a32NI6N2K21B5gp9W8tRj5l8BT6l42R1574qr6711DuI1SeVAO6186QJ56ecxY2J0gn43k2M3o9o50j0gh6
Versiongaddi: adnascence
: 绾VD
CompanyName: Sony Creative Software Inc
lacerated: glossily kitar
menoplania celtuce: siroccoishly
PEhashbd3542ef259059130cfa72a9462f6314c48e110c
IMPhasha6b2ac274a5d8a103687e2a89d3e76b1
AVAd-Aware Command-LineNo Virus
AVArcaVir AntivirusNo Virus
AVAvast! AntivirusNo Virus
AVAVG AntiVirusNo Virus
AVAvira AntivirusNo Virus
AVBitdefender Command-LineNo Virus
AVBullGuard AntivirusNo Virus
AVClamWin AntivirusNo Virus
AVCommand Anti-MalwareW32/Zbot.B!Generic:Virus infection
AVDr. Web Anti-virusNo Virus
AVEmsisoft Command-Line ScannerNo Virus
AVeScan Anti-VirusNo Virus
AVESET NOD32 AntivirusNo Virus
AVFortinet Command-Line ScannerNo Virus
AVF-PROT AntivirusW32/Zbot.B!Generic:virus
AVF-Secure Anti-VirusNo Virus
AVIkarus Command-Line ScannerNo Virus
AVK7 Anti-VirusNo Virus
AVKaspersky Anti-VirusNo Virus
AVMalwareBytes Anti-MalwareNo Virus
AVMcAfee Command-Line ScannerNo Virus
AVMicrosoft Security EssentialsNo Virus
AVQuick Heal AntiVirusNo Virus
AVRising Command-Line ScannerNo Virus
AVSymantec Command-Line ScannerNo Virus
AVTotal Defense Internet Security SuiteNo Virus
AVTrend Micro System CleanerNo Virus
AVTwister AntivirusNo Virus
AVVirusBlokAda Console ScannerBScope.Backdoor.Butirat.1213
AVZillya! AntivirusNo Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\All Users\gkp\byi.ftg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\geh.tlq
Creates Process -u huu.dll
Creates MutexGlobal\{68207218-3EC4-3851-0EE2-F2DEAA8BDC10}
Creates MutexGlobal\{43A66A43-D840-CD59-A5D4-60CDDF8CE42A}
Creates MutexGlobal\{60CFD28A-6C73-FEF4-098F-ACFBA417EF44}
Creates MutexLocal\{9BCE05F0-711B-7272-082B-8D21062BC6A9}
Creates MutexGlobal\{EF70CD5D-DD45-2D25-3903-3F7C4302B641}

Process
↳ -u huu.dll

Creates FilePIPE\lsarpc
Creates MutexGlobal\{4403E544-82EA-8802-299D-0C157AF24FB8}
Creates MutexGlobal\{C9A9AF81-3726-685F-CB0E-22C483431161}
Creates MutexGlobal\{BCEDC9E6-671D-5873-B42B-183C063FB99F}

Process
↳ \??\C:\WINDOWS\system32\winlogon.exe

Process
↳ C:\WINDOWS\system32\services.exe

Process
↳ C:\WINDOWS\system32\lsass.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileUNC\WORKGROUP*\MAILSLOT\NET\NETLOGON
Winsock DNS192.168.1.1

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
Creates FileC:\WINDOWS\Prefetch\NET1.EXE-029B9DB4.pf
Creates FileC:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
Creates FileC:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf
Creates FileC:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf
Creates FileC:\WINDOWS\Prefetch\monitor.exe-1949D260.pf
Creates FileC:\WINDOWS\Prefetch\RUNDLL32.EXE-1A36D4ED.pf
Creates FileC:\WINDOWS\Prefetch\AA731E74A87C551D23E9B9DD04235-2C4CAE71.pf
Creates FileC:\WINDOWS\Prefetch\svchost.EXE-0C867EC1.pf

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Process
↳ C:\WINDOWS\Explorer.EXE

Creates File\Device\Afd\Endpoint
Creates MutexGlobal\{4403E544-82EA-8802-299D-0C157AF24FB8}
Creates MutexGlobal\{68207218-3EC4-3851-0EE2-F2DEAA8BDC10}
Creates MutexGlobal\{43A66A43-D840-CD59-A5D4-60CDDF8CE42A}
Creates MutexGlobal\{60CFD28A-6C73-FEF4-098F-ACFBA417EF44}
Creates MutexGlobal\{C9A9AF81-3726-685F-CB0E-22C483431161}
Creates MutexGlobal\{BCEDC9E6-671D-5873-B42B-183C063FB99F}
Creates MutexGlobal\{EF70CD5D-DD45-2D25-3903-3F7C4302B641}
Creates MutexGlobal\{325F7B30-CBDB-958E-05AA-C00DAC79C14C}

Process
↳ C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Creates MutexGlobal\{4403E544-82EA-8802-299D-0C157AF24FB8}
Creates MutexGlobal\{C9A9AF81-3726-685F-CB0E-22C483431161}
Creates MutexGlobal\{BCEDC9E6-671D-5873-B42B-183C063FB99F}

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 1452

Network Details:

DNSgoogle.com
Type: A
216.58.192.78
DNSqycprsv.pw
Type: A
DNSatjuh.com
Type: A
Flows UDP192.168.1.1:1031 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1032 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1033 ➝ 8.8.8.8:53

Raw Pcap

Strings
04090000
7zfI
adnascence
axuZ
CompanyName
CsQs
DakU
gaddi
glossily kitar
iIIP
.IZFq
^JzZy
`krDF
lacerated
menoplania celtuce
MoqY
OVal
<pnxW
/Qrl
SbKp
siroccoishly
Sony Creative Software Inc
StringFileInfo
Translation
VarFileInfo
vFmf
VS_VERSION_INFO
YqGm
<) /+?
<%!<,(
= /)*:
=}-*^.
=+?/;%
></%$;
>:=&%/
>?,/>:
>?	: +
>(";;	
 /%	<?<
 ">.:%
--&	?+
-$,(-;
-#(	/=&
,>-=<(
,!#">%:
,)=%&:
,$:"-*
;>'<=%
;-?"*)
:<=+*%
:<('.:;
:,:?	>
!,,	>)=
!;!&&	"
?)#;##?
//-&>&(
/$=,<	'
/+/:>#
/	# >,
."*;!+
.)& +(&-
.$;+ '
.*(*)>
.#-*-<
';=':;
'!<.:) 
(/%		/
)' %;=
$-+!?(#
$; 	.'
$	'-">
*=/,>.
*>;:?!!+
*-&:.(&
*:='&+
*)?"(&
&(!)$	
&$!'<(
#+/;"+
%-# ?<=
+"&:%')
+#!%<;
	:"	:()
	!:"??
=0#?.:)
>- *')0
>&0$%*%,
-/0#=	#
-",>>0	
-$;$,0
-%<)0;
-	(0*/
,?;/*0&
;';,0"
:>".=0
:*0,-!
! ;*:0
/#.'0$,,
/0?+ *#/	&
/0$!.<
.,(0>/
'?0=  ;;,$
'0-<>/
(	0,%/
)=$ "0>
)-<&$0
)+0,+.
)	&0'(+
*0-$/")
&!;,%0
&(, <0
#,''0	
#.%0?.
%')&$0?
+>0+>/
0/,*(	
0$*03<
 :*0$)1
$/$:&0'1>/
% "01/
+/0<"1
01"./+!
01:/4+<3;
 ',02#
;0$/$2
/;0$(2"
/:(0$=2
&"*02=,:*
%$	';".02
02	4	*
02,)<5
!#0*27
;0'3!	
0 <-#3
0#3*1	6
;0$-32
03+2)(2
%0/3*>5
,+!036';8"
&0%4>-0:
0 ;4		,2
[04394
0=/>#*46;8
&&/:047=
-0&5".
)=:*%'0!5
+0>/;5
0''$5).
0#*+5&&	!
%*:051
0.53*#9
056.9+01!
0;,:+-')59
/*0$/6<
/0=?%)6
06' <!&
!	0$&60!->
06>-*1 9
).>0625
06.b=D
:0#/7$--
?0% "$ 7
#$07,?
%+0,7"
+.:'+07
0%#"!7
:<=$(0=72
=;0$"8
"/'/,?'.0,,856
08>:'6
0)89.*>8
<#0 9/
,;;0'+9;
!	)-:09
0",%9 
0>ERv"
:0f[-w
0-O>;F
$0ul)}
0#v]85
0wykNj
==++(!1$
=,:?%<1
>,-/%1'
>&('$1
-1":<>
-1)&	 
.(*#!1
'.1!>"
)+,-#1
*/ &?1-
&;,=1<>
%'1) +:
1,	+*-
1('$;.
1),	>";
1,,%&0
1+">0'
+105-06
#<:*1 /-1
'11&0)
.#	?12<(
'1?2:,	 <
(1(2$<.
)12 	-'
#"1,*2
#1&,<2
12;?>0
?.12976-
/13.# $
+*13//
1 =<;3
1.(;'(3
;13 $2$!	/
135+/*
1-?3	-%;6=
137//1
1%38&*') 0!;,
*14 ')&
1)4-1-
1:>+* 44'
1+#&44%*.
$1=	4=/;)8
=15+"(
*15.++#
151- '%	
1:>53<)!8<5
/'#1*6+
16(05&)
; 1-64
1<7;0'
1'%7*=0 
?1))76
:+1=796."
<=1:8=
!.<1$8
$1 "'?&#8
1,8*7',:-
.1:89$
$,>'=19)
&%1+/*9&?
+19:+>"
19*/;08"
%192	'
1DDDDD
1)ddzceE
1D}GIz
1f52F290iDsvPC42g55wyz9WP66g9r1MXq0bOdS5y45av52b491PW4d8lleKh44481Q07NDY9E347qAM8yl363Q47rz33S2ffb31nx17D6mYqg6C9feK1927SQ8b47bko5P4qTHQl9K908dGXDn2g31zx23w808z2AAj6008tah87W01R2iQL18HEWcuA51jMNovxDt7Q66GA670p5G0RN6G09b4653z6C8rnmo00A76W5ZC2bW76c249B53pQCW0usJbP2GX783w52W6nX3R6Nuz26u89M91wUPwOVV50uV0HH565Ge1g3u9j3wS8tmlW2E8D483730E846W8YoCb2VM2j66T14m506C8C95Lk8Sw91P74ejs9EDkyg7Yak37W072W42U05oU5wo6d5KMFw7j4N4Mi20K40X3kk0JK48G72tnFTOU0BQ7j0v48507c57W2538iSgT33J345w97983I3g573AYAf07VM7igDBIy1j7636O261ct40P6588s33tjLBwtdJ9Fu8813Xp11vKAVP78J5T565tM7LDaRvE053l589029l3T493wm9KA8E0SCOG05HXG151F3QR0RP3orH89Fu02u1V5W0nEf8P7PU09PrDA3L667g5V9bkC7211294rc0mc9Q6408O88X3bD174ylG2HA00Btk5D8207q6Cu8yzb63K2424Cn5r89stAX4585L2G785J9pT57j5lwf13f16890x132o6nY4G5t67B0I8730Jy44e2NaD0u3W14M2j0b6v3Yl35n2wlR93869wMzD8674J1410Ue373Zh5Gs9331rLriyv6C29mV854m5B42Ne0135I17l9T92ZG4x2IieZB400Q4528GSDa3U9a1m8946287yny2vv807r0RJ6UUV50v9tzF3I2mjl79tNif00hR37V1j3v6842Y2TlXY11jO5aMkLl3127g00EiTHkilTB1RP2ZE15V278T5i9C22V45krO6a7bZ5298yyd62ER28HdtvU7768g9162mf00MR7w32nnCdw86S58gsT8jA8m99P1206D57606pE1T540AJc88i81N86yw888APE30E5U259E5k0sDrRa44Ah511m42Z610n926699dEamO4XDd547929SuhXf8e69t5Fj7b6616p27P2F14g2I0SC99c877i5rH836S40ZijKI8d36v032PVfZf7r8M8AvV3GR3O2ah5Qs6K3m0xSK712o3Lg7k8oKS2Pu2a9Ilpb0D964y2m9Z5OtU6ZyLT6p46797pMJzqyG3C67X56m3TbP2YNNpZ0p75KXHeMd35I65KM5Ux2SB8N47Kgdz85wZbQsM5UUXdk4DEyQk8zr5121Ld1931SC8H19l9j2Nk9n95o914c7z19Dl8QeOh7pF2a6da1j47K22T923M62X2Wu9Pgq4736h633D549422eA8Ao8c1s32N4484S7367p64AxY4J45J2izHzV67ZY4JG60CjgB79836o0ZVAZ80qtw8g0vcN4b6otiU1po743770hZ2LYz86Yf1P7a2dw64g9pXIIXQ2O45sg999XW13508rE0hNCoQQ01160KBI80044b452s687i3XKf37OS389X6E53T21R61022h40Bo1ln4a53590Q734K7qXZYaXn9jHzyqQWkh6K14U4582h5L4II78wcW904Ta8298mkSrn9a91w3xxY39sDSKSsSq27n1y3X1C640Vn81tZHIf77uxwJB26hR2264h8s475od565DgpOI41qYr6G8874PQ72e0v5e7kPg7aCrf432X510DR8qsUU41vx1U5ZH5t2098M6G7yzeG790776sF44kFtY1h833573608Oeht6i5tJrCvi6yOv20282AO2ry1tzk3J2mLQs1FG727494H149ZOUvlRC34I9Q9573575D71925f447N92y1Jk790plqm27zEZ5E9g81Aw18r2324KFv4p64u3O403L1Vmpgd5Jz9x3JiV8St5khaA6792R23dn35d1vp9221x8CU8G4kfp08r48LxR44bE13253z8C11P5sW5u0zTs035ED4bi19x504514450Y73906tI0h2726B3uV77zo7K74u4s36t2xIZ8XZz85w62HdXb5U9Uc080m3y093n09b458354Y337et24qUU2c4M37hMV29M8584h550O0u5fF95F
1h?S3'
1L9_;!
 1Rr	aA
1r="?^V*
1U%3	}
}:1Ul.
1V|A!@
>=.2*/
>.<	,2
>"-'2 
>*<&2>*
>%)2$"%;.
-!,2=,<
,,2($)
;"=?2%$
: 	=2+
/-2%&.
/2/' 	+;/,)
'-.<	#=#'&2'*
(!! 2+
)=$%)2
), ?..2)
)?;$'*2+
)	>2'&$
$(	'2,
+!2&=#
	>&:2/
	>2$'&
-2*#0%
!(20	:$*+
.2(><	0
*;>20::?
#=:20#,
=2#03;	
&.?203>1'+
<#$;21
  	2(1
;=$'#>'2>1?(
2-1<6"&*;/)7	
(23:.(
2 3-%%
2.;;3+
*2-3'5
23686/
,23<7-(
:2392/
*(24+?%
!2447-0$>=
:24gn0@
2'5*(#
257:6,0
2/6+?"=
26>*0"
:-<+2=62-
2 662#
2!;>6(8
27.2(?(#
 &&2766=
.,"28.
	=2	80
*/.28?+1
!2. '82
286*':
 2,8<>#	>7?
/!$288
28Lf_K
";)29*1	
**2	,9#"6 <
!,298*642,
2&>)>*#989=7
&2;BG$Rb'
)2d-{fZx
2*FF}dx
=2-.g{
2nMS3{b\T
2W2278fa1qBi0fw00QSC2d46386904D99Kpmj032Hn2k2074OqV2eMd083m5473voj3X874ZACvA2gk3yaH0H3z1Xi62pSA734OV08xa307k8P4Q39qr05Co8go3z8M689150RaX95Tq7rNqOY9E68JcM8n89dfg9UHqYJ08s0v39ES7a3Qr0oGyxMSy47237Q37QN227zUkLtx1j33AQaP721xRrlPjj4F8wq25e9r195Oe02g96WPpQAV7979xFJb01N248V6q4N765vX24Wd6840d236895FKZG2Jt2a10k29tvJ06etd89x975YPVU6e7Wx8YphH56L3ZDJn8ts249RV4g93ST03d928A1Y030Iott90a54l6Fd828884FshFL08b42WpUBFB7ne6j249473HS4OH5B75zast56L7h0hh15lY0J777Gq86c1Qr89507G9Q46P5754kx9Xa7Dx5nel789gu02T0tNs797R5pUZok93x02BP518K4432qxZc42x744R52kBCK0f047Vh4m1MY9i151AY6S057143sT02FKK2Zjqo70n22Y30mP1JP2VA5ErDU3
2	x)!uqJ
><+>*=!3
 &<)"3
-3 ;*"
,-3- !
,	-&3:#
;, 3."
! 3,.$
!(>$='3
/<3 &<)?
';"3!'
) $)!<*&3
)(";3''
$)%:='"3"
$3#)&.
&3(*%.
+;3)'(
	 ,-3<'
	-:3'&
	(.,+/3
	3+).!.
3 	%"(
3-$	!#
3?%-!/
3(("/'
,3&0 #>
(!30&'
3-(#=0{
3#(0-%
>3%?'05%"!#
%?3.09
30g88J66616830R79f7iR3Qu2335y23besN9abVoV97eBCn08r73x64Zn9233908LXv936888Vs4264D94141JiO4j751hDOrA069L3B2YN957rC08w07t50593k66PF246x4059706flsY6KK0O3J26Y28q554J9C99C8wZZXcK1Zf37136mIE12K9zX7pw8f443O3v300i00Ckf46Lk410C4W96uDPY8VJqILW0WkE08993UG494F5H1VWm8V1NAE2D8428C26S278E3K23VQXKNGED2roB1Z34YD5nNN0Dufi998umXh
3!"*1/
3+(#-1.
3+18!	
;'3>&2)
/&)32	
+3)21.
(3"2'<3
3+2#98
!,.3&3++
?3+&:?3
3;><	31
'3;3.13
&3+#3,5
/;*#"3 ;4
"$";:34
34;>&#	
;*-3$436
34) '5
.=35%** 
.; )%35
.3,5:(.,
3%5$44:*
,3" 		58.
>3++6$*
;;*36;	= 
(3<6'&
(3(,6*
3 $'%6
36#$#;
(36/&3
$.3'6>31;$
,?-:.37.
' 37";
3>7#&)
3/70%2
=3/)!	 "8
3;+:8 ,
3*845)
%38(8.
#38)8	3
<38?%VIe
;*3./9
'3;9";:!
'3?) $ 9!
*%3!9;
	.39+>'-
3/ 	!9
|39772
3>jM)7
3L?shQ
3>-	X?b
3Yrg<;
3Yv90}+
<<4%?;
<%4&&	
=:-=;4	
-=-'*4
,":4);
!4.:+/
?%;!4"
/=</,4-
"$:!4 
$:.'4#;
&.4$	%
#;4+."
	&/#4<
:40),)
"4$	/0
+$4)	0
4>0</*(
.<=4..0	47
.4+*.,$1
	<42 <:	
4'%2!%/
4&2(49&
>=!426;)+
%*$43-;
4	'3<"%
43)2*<*/
)4$33+*
4"?!3!8
4 38%1(
43"9+5:
;&%4=4
?+4,$4%
4<,--4/
4+:#.4#/
44	244<
.'>4$4*40(
-44'+6.
-4=#5*
)!<4!-5
$-:45$
%4)"5 
(<4523
>4:5*8
$)	);4:-(65;
4*=$$70
"4,7>!,;1,
47/3"28178
 (48-:*#
	! ; 48
4"%) >8'6
&4)8$7
?*(4"9
**"4!<#9
49&05:#'*&8=
4aLG-,
4J1e5U2
@=?4T>?
4,:'xD
<--.:5
,=--:5*
?/&<#5
?	5,=/
/*%" 5
.'5	?#%
'?%5%<
'')#<<5
$5?<+=
*5<:?;
%'?(<5%%
	5* *<
5%<:,	
;&>'5<0>
*5%,0!
#:5	-*0 
5 0:(*
''507	
5'),)07
'51(< 
5)($1>
5%$+"1
51 (" 
"*51438
51T(C+N
'=5:=*/+2
#.52#,
+5=,2"
5, '%2
523388
5*!-26
:5# ?3&*
$5==-'3
53.	&(
'534*6
 &535=
5#3#+/;6
;53)"8#:
,5!4+!>
;!5-%4
5468=$!;0&
,>'*+5.5+
5?+"+5
'553,#
>*+5!6
).5(6:
562=<8
5>#65.
5/6=:5
.5@6/]cx>%
5<-7;$,
>572( 
.<57?5
57.;#%7
5-7?75
57!8-'
5,7814
/58	==
&/&"5 =8
5-%-8)
58'(&-$
5<'<823=&
58$31)0; 
/,59:7+7
5;9>/%!9?
5By	4XM
5?/t6?
<;:/6%
<">#6?
=,<= 6
>( ()6:
, '6?+,#
,,;6	>
;6&==/
/6,"!!
"*%<!6
"&6--;-<-'(	
));6 ,
$+6;&/%+
*$",=%<.6
%&%&6(
+;$6!&
6?'%":
6.%%$+
6(;!$<
6)!-','
#6-,0=>$%"
;6',=<03
6)0	&3
<60501
.;60!9#
*:.609+
60!,)=!9 ?(
-61, &/
*'6 1"<
61."<>$
62=2*<
623+88
	63?>)$
<6>*"33
'#6'+382
6-39 :)
6"-%+/4
642&-=
%'6<4 70>
 +-648
!=65%?
!$	6>/)+5
+#!6 5"==
	6#5""
65>=.2+
#:6#.6
6*?6+4*
!6!:72 
":;672''
;<#676=
+6</)-79
>6<!-<,8
;6(81<
6+81&%1
#(6'89:
,&69>>-%
(?/;#696
6=-:%97
%;6*98
6cm+OZ
6f?	#g?
6>nm:>
6(tK[#
6v	6/L
>)7%#<
 &>?7<
 7..,="&
; %7;>
!	.'/7.#+
/$(,'+7
).%&7%+
*<;7?*
*/<7!;
7<,) $
7->=,(?---.
7;':/'
7'.!, >
7) #- 
!7)?%0
7(0!; 
$70=8<
 71$),+
:7'>:1
?>:.'71
$7:#1>
&7:1;,
7=1;	3	:
71f{HQ
=&!7#-+2
/ 7(<2&(
7('%*:2!
%7*2	(2.
7:$'2<4
- %7+.3
?7 3?;
/'73<"
'::73,
7,3)(##	>+,
+73*.3
:=;;74
7;>&/*4);.
,74,1.
7*4!(8,"0"
-<7%%6,
'7!<"-#6
+'?&7>6 
	./76=
76	);:.&
.7>6!3
& +76>-<5,
766*<3
76(7 3
=7>&7/
&;!770%
. 7#:719
"7)+72=
'7'7	"/2&#2
77<:	"84
<.7%8*)
 7.8)/
;78=)'
7	8;K;z
*;*:79
79%166':?
/)793<<<8+
+7,9>7
7:-988(
7CcLnvVb64KRX56kG0XvJy8HQ67ad5AnsUgxb3ngPvhz9J00J8H41Y31ZVIe22Vf008Gej01Wb5y2U384epjg141a2DV5rX8F6Ym3lg950S6rb9aHKz38585Di8h261d4n1R659P08O89F07kvH1l67462Lh5wOW89z06k10n96089N3FDhb8PzGZF8M5RKZ1wJ0s0R1Onp187Tr7Npv9BbqQ21khLa342Fhpq1538C1wL0ph46g46W7a73N95x73T28o3U4XJ38782vD	
))7K'1
7}NO$)
7RBbg)
7t;^L|
7	wU0R
7W#\Z)3f
=>**%8(
 *<><8
/=:)$8
/>>&:><8
/&8?#)
.)'"8%: 
"8;$%*
$	=8=)
++?8);
8</#: ,
8!:%&;-/;
8?!!! 
8*#;/&
8+!$..>/
*8;;0'
#8;;0&
8'0$+,2
!%80 ?3
*+#8060
80::;)+9
-#<8.1
8'13#	/9
81#=6>
 $ 8&2
+8;+>2
82-*++
8+,2,0<
>=823$$
&	$82,3"(
82#:?5.8(
>82w?1
.;#8.	3
.8$(%3
*83?#.
&8*><3&
+,?+)8$3
8?+3#,
8$<3	)
8 34)03
+=835)
<8)%37*
8)*/4-
84%,0#%
841(-)
$)847:=&1(
 <85(!,?
	85%,/3.?
8 -53&?0
$"8$-6
+!<8$6
8>&6")
8'.<	6
8"6#) $)$
?8 (6469;0&4
,865270%/
	$8$)7
8+"!+7+
87(%>)
8-78)9>
)8 ="*&8: 
&&!<&88.
&*8'80:3$&
885	 9
8-!86' <
8=(;'8;*7
.,'8,,9)
.89*,	!
$`8f|n
8l<w-?
8%o*	g
<*<#9%
<+!%9*
=(:*/ 9
=%>%9!
-;><	9
-(9*&>
;=$ $ 9
.9 .%';
'/9 '&,
'9'<")
)9:	*.
%9 ;>,	$?*
+:9# $"
+."9=/>
+% >'9,?+!"
9(*">';+ 
9(%:?=
9&;/.'
9".0;0'
&;(!902
."=!?90213"'65$#<
 905	&9
>$<+91/-
 91'+'%
;9:1<<-
.9.-$1;!
+9>!)>1
9-+,-1
;9&2:<=
/9?<#(&)2
9$ "/ ?2::$
9)&2) >3
 92*7,	: 2%/:
<9%"&=<*3:
+93 & !
9"(3	.
-934*"
?9)<35(	+
.) 94)
#9:(+4
+%94.'
	"&=+#9%4/
&&;"941
9'4??	1
.9#481
)+9-	5
&/-*9+5
%95=7+65
95!94=
>9<#6#
$= 96-'!
"&.=97<"
	)9;;7
#"9(71
.9	 '&!&'8
"9#/(/8	*
98>6;:;,
*#".-"-#;99:$
9=*(	?,9,
9 =9	'
9:!>#-9%
#9$985(
	9;9:/98
9j:	:P
9Lxn$2
9X9NOa640J5D06O4Xy2S04leGo14425k909v1D2J206J635l53U285357E0C4Y814E2ve75bN70z21!
9+>?z`gJ
	A5^eK
	A7#@H
A8_UNORM
aA!h`C
aAy)	(
\AbW"b
    AddressU = Clamp; 
    AddressV = Clamp; 
(a>Dke>
aFg}*@
%AheK_
:AlZB2r
An'MSn
	)Ao1N}
ao9V30Oc0118SuC3wJ1L3dxhd5oV67V8Q523xOS17H7q11pN0n3k59Fa54hU25SDauEz0eNlxb56Et8321k92r2g5p1h19g1HC274VsNW2ti33N1UG7o8eV2x3S8Q5g6bWH6nL6a32NI6N2K21B5gp9W8tRj5l8BT6l42R1574qr6711DuI1SeVAO6186QJ56ecxY2J0gn43k2M3o9o50j0gh6
A}p	B;
ARGIC )D2
armouchiquois
</assembly>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
a?$u#\*
aUKPxKb
Auowv8
AVC|M>
AZC93r
[?+B\;
:B1VS_
=B2J;s
	!b4T|
BC1_TYPELESS
BC1_UNORM
BC1_UNORM_SRGB
BC2_TYPELESS
BC2_UNORM
BC2_UNORM_SRGB
BC3_TYPELESS
BC3_UNORM
BC3_UNORM_SRGB
BC4_SNORM
BC4_TYPELESS
BC4_UNORM
BC5_SNORM
BC5_TYPELESS
BC5_UNORM
b?enc?
BF>g[gh
%b^Ig@Y`p{
bj9451
B[Kl	)
bLetDJB
Bm+!:8
bmV=]`w
b<nlOa
Bo&o-Q
B@(R[ih
BsizN&
BUPblY
BX[`0*b
BysbBLJ
Ca=gwp9
cbuffer SpriteBuf 
=c"dc|
cD*=Z:
cG9,|Hw,
	CGqd/g
+cIoO<
cK*D)\p
CloseHandle
clS"(f
cmVE]B
cMZ20\N
c|OCE2
	col = texSprite.Sample(spriteSampler, Input.UV); 
CompareFileTime
CompareStringW
confirmable
contagiously
_counterwager
CQA#1(
CreateCompatibleDC
CreateDIBSection
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateFontIndirectA
CreateFontIndirectW
D|~ %-
D16_UNORM
D24_UNORM_S8_UINT
D32_FLOAT
D32_FLOAT_S8X24_UINT
d3d10_1.dll
D3D10CreateBlob
D3D10CreateDevice
D3D10CreateDevice1
D3D10CreateDeviceAndSwapChain
D3D10CreateDeviceAndSwapChain1
D3D10CreateEffectFromMemory
D3D10CreateEffectPoolFromMemory
D3D10CreateStateBlock
d3d10.dll
D3DCompileFromMemory
D3DCompiler_36.dll
D3DDisassembleCode
D3DDisassembleEffect
D3DPreprocessFromMemory
D3DReflectCode
@.data
*DDDDD
DeleteCriticalSection
DeleteDC
DeleteObject
dgJCBb$
dhm<*s
,'[di 
&^DI5K
DisableD3DX10PSGP
divisibleness
Dk	@#k"6?
dm<pKI
	du = Input[0].UVSize.x; 
dV4|$,1
	dv = Input[0].UVSize.y; 
"DwtKlpL
DXGI_FORMAT_B5G5R5A1_UNORM
DXGI_FORMAT_B5G6R5_UNORM
DXGI_FORMAT_B8G8R8A8_UNORM
DXGI_FORMAT_B8G8R8X8_UNORM
dX{X{X{X{X{
{_e'#=
E1$@|D
E7]	V6
\EAx_	
e#fn<9u
eH~i~i~ix
Ek9g>@F
;_[ElO
E(M`B6!	
^_eN. 
EnterCriticalSection
e&O}kJ
e+=q*T
`	'eRc|
ER -saOB9
e#?RZ$?pO%?iD&??9'?
	E$)Sb;
'E]S-bR
eustachium
ExtTextOutA
ExtTextOutW
"	eZhi?
e	zTyKq
F0gI;	=
f2w`Ib
*_F}6	
f7?6Y8?
f99843
{<F[BU
f~*Ez{
F~g:M"
^/F*+h
f!IbuRmn
FileTimeToLocalFileTime
FileTimeToSystemTime
	Filter = MIN_MAG_MIP_LINEAR; 
FindResourceW
?Fk^vE
f+>%LH~
	float2 UVSize : UVSize; 
	float3 UV : Texcoord; 
	float4 col; 
   float4 ColorModulate : Color; 
	float4 Pos = float4(0, 0, 0, 1); 
	float4 Pos : SV_POSITION; 
float4 psmain(GSOut Input) : SV_TARGET 
	float4x4 matVProj; 
	float4x4 matWorld : World; 
	float4x4 mWVP = mul( transpose(Input[0].matWorld), matVProj); 
	float du, dv; 
	float vecH, vecV; 
fMPCBJ
FNjb=o
FormatMessageW
F'pJ_^
FreeLibrary
F RlJ#m
FsiLmq
Fs xsN
<\.f/T
fvhdxpwhvfv
fVlxl 
F.wyPx
@[^]fX:
F_y2ys
FYU[[0oR
G@@|)+
|g0Q"F
	g10h.
G8R8_G8B8_UNORM
G924582
g&C	<4
gdi32.dll
GDI32.dll
GenuineIntel
GetCharABCWidthsI
GetCharacterPlacementA
GetCharacterPlacementW
GetCharWidthI
GetCommandLineW
GetComputerNameExW
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFontLanguageInfo
GetFontUnicodeRanges
GetGlyphOutlineA
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetObjectA
GetObjectW
GetProcAddress
GetShortPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTextMetricsA
GetTextMetricsW
GetTickCount
GetTimeFormatW
GetUserDefaultLangID
GetVersionExW
GetWindowsDirectoryW
gf-KN_
gF<R(,	
Gg= 1{
[G@[G	[GL[
g	K}uJ0A
 gL9h4
+gL;B	
g	{lB7
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
[g	L#V
[go -#\K1
\gp1$K
GphAkG8
G	!rh?6Z
gs_4_0
gsmain
	GSOut Output; 
gVX+(U
g!?Yw"?
(="H6=Y
H6zZ|	
h-{(9o9
H(#"Gt
$HH)=	%
H@^)hd
|>hHIR
HJ1.|in 
	HJ"RA
HK{9FQl
hl>:Kp>
	h$MQ3"
 @@HP	
hparallelinervate
`Hq>y&
"h\*	S
hydriodide
.i=&1#
I1nt|"
i|aA^~
iAG"4c
IAIAIAIANF
i`}b@G
|IceFw
iCU0J_5"kv
IdBr}#
-@If!-@$$
I^GOX4
i"HQ\JL
~i% J?!
`.ILPC
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IN}	X^WA
IOv%(tJ
i=}pZvH
iRHu\r
IsBadReadPtr
IsBadWritePtr
i<TZxf
=IutVD
iV?xXW?
	iw4]f*	
iwvqhpfibvxfbe
	IxCq5
\	i[XS
izhC`l1Q
:J0R_}
j7:\#a
|+Jdd	
JDFR|B
jE	T"g
Jh@s.B
 JHw!N
`jmJTR
.)_]Jp
j+rgR9Cq
jRJHRO4\
J^Rs}M,
"&#J	T
	`j#u.	
JW?KbX?
k0d(ZJ(R
K2t]O&
	K3n]S8
k)4qn^
K5L;Ve7
'KAtXG
Kdbz$b
Kd	'q5
KerNel32.DLL
KERNEL32.DLL
kgr=w+b
+Khz2|
kj<-*@
KLSLw+
km>ir!>o
KM^r*H
:k(N+}
KP,me}yl
,`kQ	{
K>:"Qm
kThWN\V
[>KuM?
kV-`3#C!
kvQ5N.
kvW=OnK6$
	:K_xC
	KYzG(
l:;	{^
	L$7XL
LabB20
	Lbt~ n
>)lCf^
ld7486
LeaveCriticalSection
	linear float3 UV : Texcoord; 
L~|-js
l\lQ=I
"LMTv(
LoadLibraryA
LoadLibraryW
LoadResource
l$oBpNz
LocalAlloc
LocalFree
lq:O!`T
^lR=@k
Lr OTA
lRTu@un
lstrcmpiW
lstrcpynW
lstrcpyW
lstrlenW
)LzTWl
M+2L(i
M436Q47217240N4Ym25J
M	6+Y]
malanders
MapViewOfFile
MapViewOfFileEx
[maxvertexcount (4)] 
MBx6t=G
M\BZ`rf*
mcePZ@	 0
m>E'r>
MEztEXG
;MFx3)j
@*m)}i[
mJeLPK
(mJrg'gM
	.mLS34
M Ml:Rf
MoveToEx
M.%^P{
MPK)=Ewv
&M)Q x
MultiByteToWideChar
	n1+C)
N2:	yk
-N2;:YR2s
N_2zZOP9x
N5**	+K
)^n 7`W
#]n8v4
N>a8b9X
naiant
)#`nB@
N+B"c	
'nFHnpg,
NFIAIAIANFf
?;nH>r
n/HWxP
N+%I'`
@nI	8ZLL^+
Nj15_\
NMk%5%(
N`P3{&
>nPxI|G-Z
NPY:W&
Nq">+BU
nsr\(t
N{S-u:
,NsUwL
"N}}V	
O:0m@p
	O1d63Z
o2}f W
/O$|?7o
(}oAB6k
'<\oCM
oDKs}	
	"o_eO|^
Ok1:wB
olyg:?P
O|Mg|\-
o'nx[0
oOblU^
OpenEventW
%O?PrG?) ]>6
O<qJ	.
ou6s6-
   Output.ColorModulate = Input[0].ColorModulate; 
OutputDebugStringA
	 Output.Pos = mul(Output.Pos, mWVP); 
	Output.Pos = mul(Output.Pos, mWVP); 
    Output.Pos = Pos; 
    Output.Pos.x -= vecH; 
    Output.Pos.x += vecH; 
    Output.Pos.y -= vecV;   
    Output.Pos.y += vecV;  
    Output.Pos.y += vecV;   
    Output.UV = Input[0].UV; 
    Output.UV.x += du; 
    Output.UV.y += dv; 
OUVSize
>)p0`F
>p[3?p[3?
[p9(s#'
p<$ %a
PADDINGXXPADDING
	PC[;9
p\{(CdN
!|	pf[
pG?q`H?
phantoplex
*pLeK["`
pMX^k!P
pp\kOB
pR=lQo
#[proH
ps_4_0
psmain
pvO7bU
PWj?h~
p}yeL%
	-#@\q
Q53wc73097wsdWTy1k355dP4ZLv2BD645GTE4a5pk04fM7BG05l9IP4I27k2qk41xzlRg8W86iV4vT20SP571qP9Uxg2147ZcAd7Jv8c51L8eBY5l3F934B008P1WO3oL8wDXg49rCL6PzG7o6J8U4XLF9UZQ7U0d8z4016654F1467nvHI91h5275q3u0mHs31790d32EFnB8mH8FkU
Qa8_w]A
qDK^*2l
_QE"<^
q.^IvU
q<J7Ky
QK1OOzq)
qMw}Gy
q	M Z^
qObK\e
{qO.tX
>QPO~Z
Qq|8cM
quadrivalvular
QueryPerformanceCounter
)\}Qws
Qxc>g%l
QZwvziV
=%R)>,)
R10G10B10A2_TYPELESS
R10G10B10A2_UINT
R10G10B10A2_UNORM
R11G11B10_FLOAT
R16_FLOAT
R16G16B16A16_FLOAT
R16G16B16A16_SINT
R16G16B16A16_SNORM
R16G16B16A16_TYPELESS
R16G16B16A16_UINT
R16G16B16A16_UNORM
R16G16_FLOAT
R16G16_SINT
R16G16_SNORM
R16G16_TYPELESS
R16G16_UINT
R16G16_UNORM
R16_SINT
R16_SNORM
R16_TYPELESS
R16_UINT
R16_UNORM
R1_UNORM
R24G8_TYPELESS
R24_UNORM_X8_TYPELESS
R32_FLOAT
R32_FLOAT_X8X24_TYPELESS
R32G32B32A32_FLOAT
R32G32B32A32_SINT
R32G32B32A32_TYPELESS
R32G32B32A32_UINT
R32G32B32_FLOAT
R32G32B32_SINT
R32G32B32_TYPELESS
R32G32B32_UINT
R32G32_FLOAT
R32G32_SINT
R32G32_TYPELESS
R32G32_UINT
R32G8X24_TYPELESS
R32_SINT
R32_TYPELESS
R32_UINT
R8G8B8A8_SINT
R8G8B8A8_SNORM
R8G8B8A8_TYPELESS
R8G8B8A8_UINT
R8G8B8A8_UNORM
R8G8B8A8_UNORM_SRGB
R8G8_B8G8_UNORM
R8G8_SINT
R8G8_SNORM
R8G8_TYPELESS
R8G8_UINT
R8G8_UNORM
R8_SINT
R8_SNORM
R8_TYPELESS
R8_UINT
R8_UNORM
R9G9B9E5_SHAREDEXP
	`?r"a?
`.rdata
r	D~ba
ReadFile
		<requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges>
ResetEvent
	return col * Input.ColorModulate; 
	return Input; 
:rg~c%?
RGiL&:l
RGjKV8{d
[:rgtM}
`RJs<6Q
rjV_@@
rKEe`K<
RkklMF
	]Rmt0
rNZk)d
=rO7>z
rompish
ROsJ5B+nW
r>PCX7
rRr:`Y
Rs7~g"x
Rt=B~(4
Rt;	c.
R^,TJc
;R	Ym#
rZ2l@w
S"{`(!
s"056yM
s19987
S1L%ZPI
s2|G,F8	
S7a`.Vz~
s8AfS_e
sampler spriteSampler = sampler_state 
sA~YS_
sCd<$M
ScriptApplyDigitSubstitution
ScriptBreak
ScriptFreeCache
ScriptGetFontProperties
ScriptGetProperties
ScriptItemize
ScriptJustify
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringOut
ScriptString_pSize
ScriptTextOut
@s:;_D@Vd
		</security>
		<security>
SelectObject
semiconversion
SetBkColor
SetBkMode
SetEvent
SetLastError
SetMapMode
SetTextAlign
SetTextColor
SetUnhandledExceptionFilter
"sG0V+G
sL'c	2
	SLS{X
s|%m/d-
s=nS3I
'SO1-u
Software\Microsoft\Direct3D
SQRWVf
    Stream.Append(Output); 
	Stream.Append(Output); 
	Stream.RestartStrip(); 
struct GSOut 
struct VSIn 
SV_POSITION
S'-~y'7
syQ_%O
SystemTimeToFileTime
szZ+V9].
{[+T1E
	t^3gP
t}48>|
T8#(@*#
>-T97Qt-
*T+9;S
TA|FUV
:tAT.	
tD3N\{z^
teasler
Texcoord
TEXTURE2D
Texture2DArray<float4>
Texture2D<float4>
TEXTURE2D texSprite; 
Tfl8`p/
^T:~|/h
!This program cannot be run in DOS mode.
}T?i^"
t$jOh@
	+TkXt
.T n6cMe_
+tOD+tQ
_}tqW 	]6P-
TranslateCharsetInfo
trioecism
truncatellidae
	</trustInfo>
	<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
T-Rz>b
	tU6x*
tudwss
Tv:n]k
TYZ sM.k
T(Z>?5w
tZK^7y
/?u"!?%?
>u2lEf$yxm7U
%/u3?2*
^?	u8^8|
u\)[b?
>u!D|4
uGoaHkH
UjjUhU2UQ
UnhandledExceptionFilter
UNKNOWN
unkoshered
UnmapViewOfFile
unproportioned
U"NTaA
]UR900
UR[\e;
usp10.dll
u-)	Te4o'
~uuTKO
u-\?xOR
u	~YMB
U@yR^5t
#u$@Y)V1
+|U[;zV"
'>$V+>
V8H|Un
VcrY{H
V/@] e
	vecH = 0.5f; 
	vecV = 0.5f; 
VK}ih:vc
v	K,!zN
>V,>?L
 Vlxr?
vmDU6#
void gsmain(point VSIn Input[1], inout TriangleStream<GSOut> Stream) 
vs_4_0
VSIn vsmain(VSIn Input) 
vsmain
VvF&Dj
VWK?V_`
w19;(G
W~|3w2
w42<~AOx
w90DyY 
WaitForSingleObject
wD(qdi
 wEJr9
WeO	]:
WICCreateImagingFactory_Proxy
WindowsCodecs.dll
WJ^E&B
WK&)[7O
WKr*6}
wKRMbX
w!	`lX
W;my&R
WQ	jSL
w:R)A 
WR	cddq[M
WRNLzTd
W%?S[J>
;X# )@
X0?fk1?
X24_TYPELESS_G8_UINT
X32_TYPELESS_G8X24_UINT
#X<5vKG
X!bshLp
xc4)XM
xHrhAJc
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
XN+(nM`
XnvOKw
[xQZ>4k
:[xRv1
XT{5vK\
X$vV}p
X~WQ:p
*-X{X{
	xXhcU
*X{X{X{X{
X{X{X{X{
x`Yn	j
@x? [y?Qvz?
:XzhSu
+`XZT O
Y0[%?#
"Y&6d!X#$AN
Y#=b;9d
Y?fK<)F
%Y@frt
<y!`H%
y:>hF>>
[yi?!;
YjF?2sq
?Y}k1{\
ynVa{m
YpsF	C8
}y	V?9
YWeKvf
YZfzqm
z~.}}$
-$+:Z%}
@z04906
Z7RR08
[\Z80_
z]C2U0L
ZdV\]}/_
zeWz]s
zgUbi3
z?%j{?
zlk2Kn
/ZL+n~
[Z>N B
Z&w3fx
ZX-O"A[
Zz6'v7lz
'Z.,zJ:
ZZ	-LV-A