Analysis Date2018-03-28 21:30:41
MD5055267f306c8e113ec84b6b0cc5183f5
SHA1b416c87e9690e753066302bdf279d742f9905a80

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section md5: c1ea11e39517dd04ea41fe193b410811 sha1: a19a7384fbab6f485bc83fc579c8a6f7fd625294 size: 222208
Section md5: 72b616f03b92b7b51793cb567c2be8a0 sha1: c6b02f8814551fda97ba6370ebcc3283f2f76645 size: 52224
Section md5: 55d6ff63429f00b1f872719b5a327318 sha1: e12e3230e9252c0e0980b5dfd6834999a9b7e306 size: 5632
Section.rsrc md5: 5d20bbfa3b787bf3c11078d0d3614811 sha1: 4ca4d205c536af59d1e9ab1f2e3d0e1efa60a970 size: 352256
Section2234 md5: 359e8f9e7936a711f685109b4d36cff7 sha1: 2fd981a0c6f2737e97862574c160d1ca0f7c8f11 size: 356352
Section.adata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Timestamp2014-01-13 07:47:36
VersionLegalCopyright: Copyright (C) 2014-2015
ProductVersion11: 1, 3sdfg, 0, 1
FileVersion: 1, 1wer3, 0, 1
FileVersion11: 1, 1sdfsdf1, 0, 1
LegalCopyright11: Copyright (C) 2014-2015
ProductVersion: 1, 3qrweqwfg, 0, 1
FileDescription: 345sldflsdkflsdkf
PackerASProtect v1.2
PEhashf02c4d98939a7fafa3cd74f14995f52631424163
AVArcabit (arcavir)Gen:Variant.Adware.Symmi.37537
AVAuthentiumNo Virus
AVGrisoft (avg)FakeAV_r.XP
AVAvira (antivir)TR/Crypt.XPACK.Gen7
AVAlwil (avast)Evo-gen [Susp]
AVAd-AwareGen:Variant.Adware.Symmi.37537
AVBitDefenderGen:Variant.Adware.Symmi.37537
AVBullGuardGen:Variant.Adware.Symmi.37537
AVClamAVNo Virus
AVDr. WebTrojan.FakeAV.16412
AVEmsisoftGen:Variant.Adware.Symmi.37537
AVMicroWorld (escan)Gen:Variant.Adware.Symmi.37537
AVCA (E-Trust Ino)Gen:Variant.Adware.Symmi.37537
AVFortinetW32/FakeAV.AC!tr
AVFrisk (f-prot)No Virus
AVF-SecureNo Virus
AVIkarusTrojan.Win32.FakeAV
AVK7Adware ( 004dc8821 )
AVKasperskyTrojan-Ransom.Win32.Blocker.kxfc
AVMalwareBytesTrojan.FakeAV
AVMcafeeFakeAlert-FTE!055267F306C8
AVMicrosoft Security EssentialsRogue:Win32/FakePAV
AVNANOTrojan.Win32.Dapato.cutvao
AVEset (nod32)Win32/AdWare.WindowsExpertConsole.AG
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingError Scanning File
AV360 SafeNo Virus
AVSUPERAntiSpywareError Scanning File
AVSymantecTrojan.FakeAV
AVTrend MicroTROJ_VARNEP.UB14
AVTwisterTrojan.65CB5F8B9446B6E9
AVVirusBlokAda (vba32)TrojanDropper.Dapato
AVWindows DefenderRogue:Win32/FakePAV
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\b416c87e9690e753066302bdf279d742f9905a80.exe

Process
↳ C:\Users\Phil\AppData\Roaming\safe-ionn.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates File\??\NUL

Process
↳ C:\Windows\SysWOW64\mshta.exe

Creates MutexLocal\!PrivacIE!SharedMemory!Mutex
Creates Mutex
Creates MutexRasPbFile
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\EnableFileTracing ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\EnableConsoleTracing ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\FileTracingMask ➝
4294901760
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\ConsoleTracingMask ➝
4294901760
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\MaxFileSize ➝
1048576
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mshta_RASAPI32\FileDirectory ➝
%windir%\tracing

Process
↳ C:\Windows\SysWOW64\sc.exe

Creates FileC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
Creates FileC:\Windows\SysWOW64\en-US\sc.exe.mui

Process
↳ C:\Windows\SysWOW64\sc.exe

Creates FileC:\Windows\SysWOW64\en-US\sc.exe.mui

Network Details:

DNScheckip.dyndns.com
Type: A
91.198.22.70
DNScheckip.dyndns.com
Type: A
216.146.38.70
DNScheckip.dyndns.com
Type: A
216.146.39.70
DNScheckip.dyndns.com
Type: A
216.146.43.70
DNScheckip.dyndns.org
Type: A
HTTP GEThttp://checkip.dyndns.org/
User-Agent: Mozilla/4.0
HTTP GEThttp://93.115.86.197/?0=8&1=1&2=11&3=i&4=2600&5=1&6=1111&7=tnuobqxmds
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 91.198.22.70:80
Flows TCP192.168.1.1:1033 ➝ 93.115.86.197:80

Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000020 (00032)   6c6c612f 342e300d 0a486f73 743a2063   lla/4.0..Host: c
0x00000030 (00048)   6865636b 69702e64 796e646e 732e6f72   heckip.dyndns.or
0x00000040 (00064)   670d0a0d 0a0d0a48 6f73743a 20777777   g......Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings
02ab4vz0
1, 1sdfsdf1, 0, 1
1, 1wer3, 0, 1
1, 3qrweqwfg, 0, 1
1, 3sdfg, 0, 1
345sldflsdkflsdkf
APPROVE
Copyright (C) 2014-2015
DECLINE
DFGHJKL100
DFGHJKL1001
DFGHJKL10399
DFGHJKL111
DFGHJKL1122	DFGHJKL13
DFGHJKL134	DFGHJKL14
DFGHJKL160
DFGHJKL177
DFGHJKL18211
DFGHJKL190
DFGHJKL201
DFGHJKL202
DFGHJKL203
DFGHJKL204
DFGHJKL205
DFGHJKL206
DFGHJKL207
DFGHJKL20797
DFGHJKL208
DFGHJKL20804	DFGHJKL21	DFGHJKL23	DFGHJKL24
DFGHJKL240
DFGHJKL250
DFGHJKL274
DFGHJKL300
DFGHJKL301
DFGHJKL302
DFGHJKL303
DFGHJKL31048
DFGHJKL337
DFGHJKL349
DFGHJKL350
DFGHJKL351
DFGHJKL36867
DFGHJKL36869
DFGHJKL36871
DFGHJKL368711
DFGHJKL36872
DFGHJKL36884
DFGHJKL38738	DFGHJKL47
FileDescription
FileVersion
FileVersion11
FLASH
FORM
LegalCopyright
LegalCopyright11
PANEL1
PANEL2
ProductVersion
ProductVersion11
SETTINGS
StringFileInfo
VS_VERSION_INFO
:-_\*"'	
?>~	["
'+}{[]
00wp9qq
02&av/
,"0@48
060ejm} 
0a*zcXF
0<B 6@
0[b!QxS$
0(CPk;
0Cw;Q~
0#/Eu5k=
0i`>D0
*_0k=+
?0k~s	
0=l0P)I
,0LFiK
0LQhN5
0_Mk	J
`0RB`.C
0T$)YF4
0Vy A?
0w.kqN
0.)WXT[U_
!0Y-]Y4
0Zy"PG
;1<^=&~>
10:Bhm
15*qd1
18JSz^l
 18MYB
1bwh1S'f
#1+dH4
1%ew[b
(1{g5ty$O
1/G-Qf1
1Hjn5(
1Hn5%%j
#;1l.z
1!n)	~
,1nni:E
1oMZpc
1rTsx%+
1wuz#;
&1X'87
1ya5phk
+1&yl}
>1|yn2	
1Z}A!aN
$	1-ZW
2.@4\Q
263`Ig
2A<Jg$
2A,vd	|+
'?2|=b
2:{\[B
2Dc<Ln
>2_@fKcc
2(+`gX8B
?\	$"+2_I
2K;^;j
,2kq4,
$2KZ:{
2 #lZ8~O
2&m3F'S\
2m( vI
2/MzU?
/2'n4J
2	NOHkO&
2)N+=W
2pE0.X
2<Q?D4-
2|R/Qc*>
2r`"x?
2	}SuIu
^2TIg 
2TtWZhr
2U0R#3
{<+{*2w
:2WA+T@l~ 
]2yJuGV
36m'@u
!378L9
37f+2>
37Sx#.6
3B-pcfU
3CNP~r4oz
3e}(I:Q
3&g7lK
3is[uH
3IY'X^
`3&*K(Ums
3N/x+ A
3P24x"
3pas0-O5
3PTcolvB
@/3@q<U
3_) [s(
3^<x~eB:
*3^xTw]5
.3Z*$7
{]4~{	
4}3wn~
[44b|\a
45%N"[a	
4[%6,n
4$"ByI
,4Coc:@,/<N
4cQQA.
4e=KtC
4Fzh<4
4Ht:}I
}4JeJ5
#4K?G0
4l+"=j
4_M+(r
4N/yXL
.+%4pJ
,4q]"d
}:#4sWo
#4&Uxs+Q
}4<=VF)
4V-K:G
#4w	-2
4^wtR#R
4Z<7_P
4zQ<r1
#*$#}5
5:0<goJ
51-p>|
52aYIKXx
52[-&e77
~#5~!4m
5AeCdb
(5ahqB
5A'IEk
5ap]I\
^5,(dK^
5g1M7K
5{G6#6
'",[5h
5,h=Gp
-5JaAiw
5Jk<8!
5kiUBz
5"l2P65
:,5N*6`<(4
5)NC|v
?"5O~>
5+t~P~'
^5V	CP
*5vSKd
5wi_6L
5wVX/92
*5YeDJ
5@yLn>
<&=.>6?
64ORPU
66i 1}
(;6^FQ
~^6G|"
/#6,g(1
6H<2u$qv
>6I`1.[
6J/' Zg\*
*6	`km-
'[6NN(
6!onAX
6O;@,"y
6TImgX
{6U)hv
6_V%Kv
%6XTOLH
='.! 7)
76DbYT
789+/=
7f&hEix
+7 FlZ
7!GD5b(
]7gH K
\7\G|obv
7hh,*Ub
7Ihz|Q
{7~lii
7@;Lk!
7lNS>l
7$me.vA
7M^^O|
7MOMRZ!
7~oICUt
7q4`3W
--7r[@
7sLS5c
]#7t,M
7&}VB-
7wM0.!
7yZ+qN
7Zuo<y
[80`:K
83JZQ{
85<mN2
8	7cdp
88/\FY^
8++A$I
%{8+\aT
8BSf=az
8C1J.dK
8>?DX0
8Ejw79~j
]$8fW0
-8g)#3=
8g7rU-X
$\8i%k
. !8ITz7
8ivH2w
(8j9;(	
8@lvA4
-8MSCg
8O6)quJ
8&OKTW
8O-wCD
]8,prmD
8q|,y@c
8TS[gmZ
%8WYgQ
8xD xeT
\8yk)w
[(8YlQ
8_ze;t
@8~	!Zj
%"%9`(
9@2XKs
(93M:V
/@>9}7
99415fc
9<>/^a&
9=D42<
{9Dh[\
9f"W"%{
9i`SFd
9!/&j2
9Ldd\)
9M"#8,x
![9[mS
~9mVC)Q8
%9nkMy
9Op!u&,<
9~P:T;X$\
.$+9QM
9RR+W@
9sl)K!in
9V7jiW
9W/L_OI
9Wu:b`
<9=X->
9ytA[2
A+0dpK
A3^|98A
A5+8ie
`-~,A6
a6(4#U
+ A&7jB^
a8(eeJ
A=`99c
A9~.;q7
!"#:A@A
a~a=o!
@Ab*9c
ABCDpE
AC&b Y6
ACpN*}
.adata
&A(DE?Jm	W
advapi32.dll
Ae"W&o
.af">!	
#AF@=6K\
!aFD<2
ag7	Q a0
AgC&X6
AGEY\\J	
aG.'M\&
aGXe	|
ah?g~h
@ahig^
=ah-yj"
aIP5-rV
_ajlCX
aJRj&5
a ]k/6
A"m&+9
A$MD\[
;A+.<~N
An*2V\ 
=an3)oi
and`	$j
|a|n~g
`ANh7s
aNLo8~
=a[,OV
#a#<PL
aR}<bk
ARE\Borl
?a{(rH
ARN2l^
aR	$xG
asra%M
AsS=/:
</assembly>*
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
=a?u0W
a`ufv:Q~
AUo8aV+Ey
aV#!oi}|
A%.VOR
.a$VZ6u
@a\{w1
|axV]h
A<"`^Y
Ay!g	4x
,Ayx|@U
azg%]z
aZhAsj
=Azh\v
=[b?:#>0
b")16<
.b1mN"
 \B*:3
b8U@>ul
Ba0_m^u
bArPK4/
]BB3vy
bB`IKr
Bb&zB@4
bcEH=M
B}c-hhb
bc	Pyo
B~dlom
BeginDeferWindowPos
bf;%}!i(
BFK*uZ
BFU]vmlW
BG8CD6
"%bH;uQ
!B`i+Y.*"F
bkf=7[
`bKp=rk
b-l{O}XB
bmZ`Nh
bn/Rb0g0
'bP8i`
bp^G!?E;
BPGL26lKb2
bphW\a*
B{PmOcw
BPQ\^wU
bqWF|c
br=?!&
b'scRdbL>N
bss`fB
^BVGfnExe\`
B@VNztLG
]BvphI
B%WN]K%6
bx0-R7
>by)o95
c	) )"
&-C.@@
!c0J4[
?C39u}
c53WA0{
c@6:mN
c;+6Pn
C7~6o;d
C|7r&+
c80*qF
c8ZZW]
<&C9v'3
ca\;EQl
<cBT)d
CBxv%|
CbY.}1
C~c]Ba
(?cCV3d$~:
CDEFW 
|CD& W
CDy:9EK7J
cefA5w
Cf7@RV
`cfMg(
c#fXC"
CGBBT[
CgLkW,
C	GOJ$
CG)qJ1GT
.c!gXGU
	/C{iyn
&c:J!;"
C\k9)Z
c	=l<Y
cn@]P+
comctl32.dll
comdlg32.dll
CO_r=P_@0
CoTaskMemAlloc
cPDAvr;
)CpXS%
`~@c?q
CreateStdAccessibleObject
CRK5~Al7t
C~	(rP9
|C,S1O
$;Csu<
"CTN$-r
C,/v`0
Cw7{?#
C`&$WX
>C?ZS	
)=d<|~
>*D	<!,
; d0>	2
d1>8@V
@D23+s
D_-\2f
d2igI{o,B
`&d3kX|
d5g\rh
d; 6l7
_D8@n`
d8 u4dY
D(A7	_
DB5y[g
!Db.}G
dBkQ"N
d{~B-t
DBY/`@
dcvb5E(G
\D= DL
@dD	lH
ddVi)Im
  </dependency>
  <dependency>
    </dependentAssembly>
    <dependentAssembly>
'df%0c@
dF4ADpl
D'(G\0
D[g~R!~
DiAddP
D/K?Kn
^DkZ]R
	*"<DL\
D'l6jLQv
dmh^BD
dmWx(O
&}d(O8
@$dO+T
`doVWo
dQ%6M[
d%Qm}	
dR~QyV
DS{DjT;3
]D)T"hO{(
dV^L{6
d^wCax
dx.>Kl
dXM@<C
d"xt^g
dy9$1~
@.|d	z
!d=z2`*
DZ@OFi
_&:*e-
|> ?$'(E,
%e1fdN_
e1NBKhm=
E/3(*[
e*5NO`
~e#5\Wj
E7/4QeY7+
e8F9	J$N
E<abrh
e$)A.HL
EAY*9^
eBd30m
e.c7V 
&e=}c#B
E]D2D?cK
Edg3RZ&
	EdituQ
eE"'iN`
een'~3
:E}g~0
e<gK-/;
	E.g.;X>
eI#|m}J
?E@`$l
_em)9j
E[MHK%
em<(_l
 En^h5
eNKKVmL^J
Enu`!R
E~psDk
EQdMXD.
E@	Q^K
E	'r]?
@E ,rd
ErJ`j,
Ero ~v
Escape
@EStre
E,T j@
ETk#W	}
E#tneY+R
E*/>tq
etXy}f
>e'u.B?
EU>F*u>
\evS`I
ewbN&$:
}E`Xx9
(<EY'i
EyMAxJ
E{y$We8
^\f,{[
'([f'%
^^F|=-
f08VnB
:f15Ab
/@F2):=
-F 3Za}2
f5I|cc@
f6h{?/f
F79<<S
f8bby`
	;F8 Gn
:F9P	v
f'9"r#
fBe"%{j
FBoM8u'
+ fB$?x
F-)C=Z
F(	D,*
Fd396S
Fd[YHs
f"EaU`,
#FEjSr
FE\)Of
fEy;tdy[j$
FfAe$k
ffbMSCX
&Ff!C;9H
F/f@e+
^fF h]
FGHIJKLM
Fh2$WtQ
`]fH%Dt
fI6*24Kb
FlJDiWp
flwMb^
%`fLXi
	FlZ{~d?S
fm9WW7
F(mAm9;
 $F"OF
_fOl98
.FO	MuA
f`p"e.[
fPxi5A,
}Fr`~Pl
FRtdu.
=	f~S8
F-s\86
=FTv3"!
@|;ftw
F%V&5 
;=Fw+^
F&$XeW
F:x,q[
F|X{X{
fY/(p+6j
fZZ	8n
%G,%*!
G0(;TC
G1Bx7p
 g1\YD~
g&2)v=
@G48`9;
G63=|j
\g7^4CN
,G7l&/
g86AnK
G>8ioAB5
	G&+A}
Ga8	t*@
gav	ed<$
G ;cx8
gdi32.dll
GdipGetImagePaletteSize
gdiplus.dll
#(]G;e
geQavx:
GetFileTitleW
GetFileVersionInfoSizeW
GetModuleHandleA
GetProcAddress
GetProcessImageFileNameW
 .g%F%
gfk>a%
'!G)g3
GglFC:
GhlfQ|
G(Io@M
"GI)S='c
g|~J<R'
]#gk%9
GK~gFv$7
Gl7AV5
GMC	Og
`GNnvW
#gO-l$cf	
`:g&qK
GradientFill
G]s%1'|
g|so,y
gT1<#f
(gt/[7
(;\=gtab
gu&b}y
]'G}'UD@
gUDl)t
G[Vx)bk~
>;]'gW
gwMbR}
*Gws^ll
G#)x0#
_"GX1-
gx&^>9
.G(yD	
GZ}6xJ+=
; @H=-
H0|et#
</H1\4[9Kg
h1tq[u
^ h@_4
(h4&<X
h6.bOa
h7]HpfN;
H^8KE^q
ha'	9I
HAPoV-
hb;~wT.
#H&=C1
.Hc]x	h
H"\D<@
H{D$FAD
/H~E}'P%
:?-H	Ff
h;f:sz$
h<!g4\
hH`lK{
hH=Q5a
hijklmnpo
HIn?0Up
Hi}+&Yy+
hjk	(y
HKwOsP{
_>^h{L
#/HM.*
HMC4>b
]H)M^k
HM]SJ8_8
+H/;N%
(hNJT_&
H:nlYGT
hny'Ip
HoHzO#1
H}:o?wdy
h"P2<,Ncn
{HP@R9
HPR-Ac
@:H;P,X
h>p.xp
#H:Qc+
*hqqSW
HRf(Ym
hRgnAN
HrXCOZ
(h~*>s
.Hs!	L8D
HT0eQCgw5Ljb
h&*u:0E*
h<uFI^
{@Hui]
HuWBjvj
HVam$>
;-H,	w
h^Wr{ &A
hxJD[.d
h*Y?*^"
hYXsx\|O
*~@Hz*
hz3Tv$
h@Z>DO
:**I% 
$@I}%-
I*/::$
=i|3Lm
i4~{0q
i6eKsr
]:+i/7NA
|i7</Y
i+=9UA
I.(Adi
i%B|:K
Ibk3#3
ibm.Ff
_%ibP6
i~bw^z
I<c8!@
\<IC>|Gm
icO]ql
id~,C~9
i$]Ep+
iFOO7h
ig6<j{
	=IG~7BXHGe
iGbo(W
$(igHx`
i`}GV/
" iH-A
':Ih]C
=,:Ihj
II[ gt
iI!r.D
iiyR_J
IjbB4'
i=K'=)
i;kkV~
ilEB)~1
I|lilE
ILPH24
I{'m\#
_{$&in
	;=I[n_
INfu;M
InternetOpenA
i<+Ny'4#
{IONVe
=IO)U6
I~p].o5
Ipt kl
(I{Q{y+
Ir=K=H
ITBho=
I[TjjR
i.^TsT=
	#I}U5
%i$UbG{
|.-IUj
|iv8\p
i\v@t/
{i./W_
{i?W`D
iWlmCqUF
i/WRy{eSh
I+x"W(
I}ygWK
iyWxQJ
iz#1\)
iZ3ED{D
i@@?/Zwq[
J0Uq67
=J34w zb6
J6!R>g
]JA?A&K7
Jac@P`
|j%]B4o
jc3?;%
jC|;7D@e
jC;bnLZP
>$jE5^d
Jfq!%X
(_J"g|e
/JgsGv`
J\HC(9
Jjgh?mr
$Jju|t
]jk5ne
>})JkC
JKKt5N
J}K:o|
jl1|g=
#J)^l6~(1P
]JLe@J8
jL$%;f
)!JlG,
j?m.L^
><Jml2L>
jM/V2k4
JN Q-Jg
.joE$q
>JOop$
JO%Pn-
jS B_Q
jSFI/:
},j}SM
#jT6Pn+
>'jtBf
	-j_`U
\*j!UE
)J#Uo	
J?'+V`
jX'B?	
!#";JY^2
k0GZt 
K]0Qwd=
K1rWOd
k#	2l\
k7Tv'x
K9LDPG]
K9XQN=y
k9y#$W
^k/a5I
KAu.La~
]kbL+Q
Kc a\Z
KC/J8I
kdj$P\f0
K%DO1.
K,E|;@
kernel32.dll
KEVE7@m
kFskwb
kF,v8s
Kg	a@l
>?KgAN
;kgrsD:F
:KhJ#X
KHTz&X
k;Ia(rM
kISzg6
-&k J/dg
kJ{~e%
kk[xPT	
kL4*>I(
kl<:o%!C
Kmp@u 
KN/;VSjOi
_	kPd~
K	P,~M
Kq"1zY
Kqdz,*
kqy2[]
K"rb!}`
ks?c_	
KSHx7{z
Ks{kRM
KTwKSA
%`KUk.
"K$u~P
.KWD0-
Kxa7&$
kY(h']
ky\@|i9
K?-y`"j
kYS5VhU1
]K$Z9H
kZf*MB
Kz$n6-YX
]l1j\B
L	*=2M
l32:.d
L]3B5,M
"L3Zmf
|'-L5k
.<l7YEl
&.>;L"#b
	lBH!|:L
[%%~lC>
[ =lc%:JA
+\LDh[S
le}`2Z
L/E)9pRte|
L[eaZ>
L#ed$*f#
]L}EY{a
lfbxX0
LG#x<	
L\;h|a
	LibcP
lI't')|
#"~lJ(
[LJ8-,
l&jepy
Ljq'gi
Lkl;Q4o(
Ll6TS>
(lN:"=H
!L?Nn=]
LoadLibraryA
_L(oZU
#l"p+9b
L'PGTg`
lqrdy#4
lqR}vM4
Lru7EM\
*<lTai
ltI8'!
lT[lOL
ltu,Zd
lTzfoUqg
;\<l=u>
l`UOU2
-lUW:g@
L%>W(U4
|'L:y}
l:/z<nT
lZw$Qh
m0/4~j%
m0jyWb
m27A[C
-M2*PY
M3;4Vu
m3FK$n*
M3Y2:9
#,M5aM
m'5^KB
M@ 7q[
m8qD+2
Mav.=qO
maY6<u
m{BiPu
MC~G!1
m(@+cqd
mDBH$c
MD#C!4d
^"mDH|
mf4`8Np
M&g=y,
MHE't'
 ?MHn~X%P
MI2`O/
Mi<CNT
m/i!h.
miVgRv
/|mJU"
%m`}=k
m|^K^&
M(^^le
[M)#-M
M#n^\%
;:mne;
MNj&~N
mnpqrst
Mo	[d&
MOZ9^+
mq}}0"A
[M#;qE
MQJrQ)
m~}rCId
Msd)Ci
msimg32.dll
M:sqKiL
MTm>u1
mTV]k	
mtzi7 Ov
`/-M>V
mV4nWW
mVa}$LM
+]mWNQ;
MwNVA#
m@wtCus
^&MY?%
M/ y&s
`my"xf
N-\]19-%	
n:3M)\
N4b8p6
n6{:3"
n8a>7Gn=O
;n#8J@O
n8:.vH
N9v%6~
Na-1o[
?n/a9`
n,ax{k
nd$&!4
n&}D$ps
/NdR]27
+N*e}h
netapi
,n:/fE|
NFGnbw|+
nG	wlu
nH<")?
n+H6q&
n>jrDu%BpK
+N`$%Jt
-NKC H)
N~|?}KIYsI
nlEc(5
nLlT4F
n	&LOf
NlPAq~
NN-&Bph
nNE$D*c
nN~Xy 
N>"`O]
Nodxk 
?N*pMx
n|qr8u
|n~rR	
N[S	yd
'~(n?Tdf'sH
*nu[{#
 nudpqk
NU`^eT;~E
nv<mc6
NwJ5*[
NXfiqi
N(xH9	e
Ny\AO6
NZDs>}
,o0@I8
O^5A`m
=*O-5l
O6dLTI8
O7AZ]c
o\B)Mb
oBzTs\
od{e!r
oEm,{v
O<e=wG)
oe%z',
OfJ*!8
O\?G"	
o>%g@V
	oHfiC
|o\Hn,Q
OH@WP(
OINH~w
OjBiTY~
okQQD%5
O	.l%"
ole32.dll
oleacc.dll
oleaut32.dll
oledlg.dll
OleUIBusyW
oLo+!c&w
oL}qd4
>>o	,M
o(ml9{[
o<(mr \
ON[(w{
oN[wzf
Op4$xQ
OpenPrinterW
+;	opPA
OPQRSTU
/OPS!V
oqvY8?
orPe' 
OSRj(2
|OT1B8
otu3;Czw
OuAqmsw
OUjXFT<
OU.`zQ
>/oVK[
o?v;)V
o,v|wL
]Ow.bx
^OW%XtfW
o@WZ^e
OyvG<-r
_`o=z#
OZ4gM<
'p0Y0#8O
P-5xtY
p`6[L"+
p7y)qE
p9qzDG
Pa/,6y)
	P$aHr
PathIsUNCW
/p~avY
P`az`]
P.b.(}9
P`C?u)
PemZvf
pfmP+y
;pFTM'
p$FW/o
/PH }k
Ph&Ub	
_pHX)l
pibOJ:
|PiV^,B
*;PiyM
P'J/Dn
PKBeAS
`!pKhN
[Pmi0s
'pMlSw
PNDON|
P.^o!]
Po%X4)@~(
PPYxnK
p)qN i
pqrstuvw
p %~Rf
printf
P:rpV1
psapi.dll
$PSj&K
P!t3S`
p+Uf\v
PUMaskV
#PVI$%7
Pv:'j(1
pwj}Z27j
pwM*OpW
PXK]h^V
pXvhXN
pyWj=\'2
`P*/z~A4
q;^"%*&
Q0"dj=
q0e-;O
Q0H.~Q
 q0K}_}
Q45n5Q
q7N`Qu
Q9;KM3
q9V)sq
qaTs?r
*qb3|/
q\]bR&
QbT9-z
Qc478'n
qcBh@K
q_:d?(
Q;D'TT9
qdX,`T
{&q[/e
q%eiuw
QEJ[s=
QE]M6(S'
^qE-U:E
%qF:4;
QFIao$d
[QFJ3W
Q=F}M'I
"Qfqrm
#Q?'fwTg
QGkPb'
qHHFs,
[qI}3F
qixDd~
Qj&B6j
Q	JiVu
-q;-jk*
^ qkcr	
Q"/KMD(
%Qk<Y.
Q{l3{g~p
+qln2h
.QN8@f=
,%Q_o<
QOhaGI
QQ\3w/E
|	qrBj4
;Qs!_L
 qt=Ex
QUt0z{
QVS[-	
Q]W6\<
q{w)sgwrw"
*q%x?!
:q@X7jQ
qXC34?
QXcfz#55Qh=
QX}Jt}Y
qYAZJ(
qZ+R.l
=}&`R~
R02c{;
r-0$&w
@r1Nk{
R&#*51
}?R70lX
R,?)83
;/R8xZb
r_9P"s
RaiseException
>RB4&r
!/RBhcP
# RBHw
R^(Bq`
=[rb@s
R}~$)c
RC	n.TE
RC;`ok~=
]Rc]@_^X
rcyH@	
@Rd6K4
^rD*zu
RegQueryValueW
-Rf;bl 
RFjW].
RgF.s0
:~R*gL
: Rich
rktxR,
r"l>%'
r Lu"F
R}"M'}
rmqVF~q_S
;"r/mx
R.ol10
r*Otf*C0C
rpXG&)aU
Rq1I:Zy
rQE.76^
R/=ssJ`
r%<t=#
r{Un"<
Ru:=`Wn.
(rV|l=
R%~W{@
>rX1)p
r?YC;b
R|Z~b'jGrg{
RzK}sl
/&+	`&s
$"!s\=
S+0='q
-@s"#1
s2|~$r
S2Z tj
+s3(0.U
S3nV%0
?s5}Qdi'
/$S5Zy
s8?k1k8
Sa0DEG
#sA8EI
`_?=Sb
, ,Sb,
)?S\b5
Sb/Ocs
,S&D(,
/s dc{J=4
SelE m
#"SElL
SeMf`F
sFIaj]
?,SG?#
S|`'Gk
shell32.dll
ShellExecuteExW
shlwapi.dll
;shS1h
shuD^S
*sHV#!i
SHy Kl
}%	S)J
sJBV&?
S:@	Jg
sj(RQpj
}=sK&l
#SKl\v
sKT2$$:
SMQB_aK
SOFTpW
s	otGYu
sOvz;S#
sp'gXF
spv&ub
s|Q <(
sq	K?N
sqz"E@
%`ssqKJ
SsTEt-
sT5';tQ
STb;-Q
stomInKi
S|TP*/
Strin5g:X
Su'f[Lv+R
su/(|rr
+Sv0lq
)s<w&&
swBkc\i
sW;~x$
sXuYwZH[_{}]
S!zrM,
S+ZvBE<K~]
t0NaJe cG
t3;QRo|
T#@3VW
t4(^X 1k
t/+5b5
@.+(T>6
.T6e&J
?<t :@7
&~&t7/
t>8 5O=
t9"#K>
%T9[^Q?	^
t]^')a~4
TaMk<F
tAS &Po
=Tb2$ 
t(BZ(T
TCQ_R3L	
tdh)v@
td{`"PE
TdWW+Q
te7$ Q
@TE]kgF
>t] f3
tF,#'5GH\g
@tFgavc
	TFile
T/f-x1f
Tfyl1Z
tg;H%.=,
!This program cannot be run in DOS mode.
ThJ~yP
*T_#HQ
$t*$=I
}Ti)@7wb
TIv#$d%
TIX_H*t
Tl=ry7
@_TLtf
$TM3ul
t/!	MC
!T%mMA
tO^;9U_4B%6
tp),:8
{tqK|z
(tR,0,>
_TrackMouseEvent
/	ts,>]
&T'Sh).
T.sKcCp
TSmT1;
t_t!xOx
? t@u@B,&
?TUO>k
tuu$g~
tv4x8Y
t:vBxJz
tvNd.	
`tVWN>
T"VZf	
TW\H;R=)?
TW:PcP
t`yC^R
t=YT9[C
;TY|u	,*
#+"TZ~
TZ~.XIiV
};U( ]_
u0lRV,
u0nuh%
U	\2JB
>u2@ZD
-U4Z'/
=<U5$(
u|=8A.J
$U]*!9
U'.@9vr
UB4ihV
u?B4z?
Ub^F2G/c
:Ub|QX=bta
uBZ%z0
UCWL<H0 e
= Ud	|
uDk<F]m
u)d{p9R
u{e8X2
uf.U.K
U{hn9IG
uHQPja
UHW\$B
-UI3-w
UjUL!e
u+kE^Q~
$[{ul>
UlN*Q4
um	j*gy
uNHAx %@
unihq2W
UnkGowZ
U=nr=e
uO"\A\
"UOgrn
UOO%Tcl
?Uos8=e]
upex	~
U!pRSX
&$?uQ>
uQlVs%
user32.dll
.!u(Sq<
USSkw`
ut`fMemo
u}U7$p
UUCYGi
UUnp*3
U<v	-_
U;<vC7
uv%d[83
UvG89}
U+VT;UR
uW=hu-NGJ
U&Xlq	Y
U };Z{
}U](zR
~/_>v]
[`<^~V!
v03Ft)
=v[\.2
v4kq9g
v5MH~a
@"v6'$K
v!6&>PE
V7I`:rR	C
V7Tg6Ig
^v8\:[
v8N4b{
VariantChangeTypeEx
V#bewJ
!vCxd}
Vd1,)xXD
vd~+~b
version.dll
'vEYZLM
vFr8gNmw
vF<S1'g`
Vg3l1i
vGS>$j
V=\Gv?
|VH,bk
VhnGEh	
VjF0:]
VJG{'N
#vKFlA
,vLqnoPj
V<<mAp
VmY@k5
\V(NaU
,V{Nu]
VpFf5Y}s|
VpR{Mj
@Vs0z lTz
>	vs<9SF
VSaJ).
{V"s>G
~Vv>4x^n
[Vv<z7H
VW6xe![[\
{v`WAI
V(Wk;~G_1
vxaN1Kt
v;{Xva7e
v(x@zH
vY#o#F3
v,z s-}
W1F8+U
W1F`[9
W3),2`
W-3KMs
w4L'm`
}w5hD+
W^!AK%):S
W&bC>9
w;Bkq.
wC\3H4K
 w#'{D
w<d)6J
wDiBQ9A
#Wdpqjrl
WDv+:R
WdyAAQ
]wEEd<$fXv;
W@eXP8
w|g\Jy
wG|w=*
}wHDe6
wininet.dll
winspool.drv
Wj!9kr
w`JG!gf'
Wj-k"k
wjQIkp@
WM3u0s.
W>mE04
wME,I~k
WM<}%;I
wmNq'[
WN?dI,
wo'i^e
WOq}IX
wOSfy<U
`W%pJm-
\~|;wQ
Wripb--B~U
W|SaJ^
& WSKS
+WtoNW
WTPuuD
w((}Ubl
]wu)/o
 W%VGZ
]wVj^Z*
wV>T1p6
;]wXjKt
w&;@ Z
X0@?X&0?
X"3"8A
`x?3PO
x"3we-
x4+Tvw
x7AZ=w
x\7-lN
X?`8a7
$X`8(P
^&x{%9
X9l(&c<
x/a12$v
XA.3|+
xbXLeVS
X@c;}=
xc7AnQ
xchR;Y
#X[CWch
Xd:M72
/;>X]e
X#)f[A
<XfF0b 
(:|XJH
{XJh_m
xkz,w|`
|X:L9R
xNH\g4/O
`X[N'K
#&XNLD
x@:O./
X?^@O?
!xo*W?
?,>X#Pm
xq"6<RM
xQz1?L
)xsmeGp1
XSQWRV
`xs_SY
x|.[T:pf
X[@U"m
~Xw6aD1
/%XWb0
X_x14?-GX
x~"(XjJ
xyDJ[@~&
x_zc|g~k
"Y0d8'.
~Y/0>>h
 Y22	j
y*2w=ac
Y3R/Aw'
Y3XLMPi
y7Uv~v
Y8VR-4
y8YtG*
Ya5E|4)o
YA b^}VZL
;]ya)G
yA(sCt
Y<Bo{a
yc%iK	{
y'CwJN
+ydM\U
,Y-do[
%Ye+<ag
Yep5cN
'yEr/d#
#y|H%>
YhG);b	c
Y]hUHA
y'IAuR
YIco{J
yiK"ag
Yi>"xT
y_*<K_
#Yk6uj70
yKK&wS
yk)M)9Z
yKR^^v
ylS9 O
	\yL.X'
YMz}e0
',+y,o
.=}yop
\:	YOP
Y!{pZ8
ysg6f`?
Y[tp49
yt_uG3Kn]M
@yU%~1F
YUkKg;
y.vJBr
YWqSdl
yx},5~o
{}\:yz
\"^	YZ
yz01234
"=yZ]L
YZqQ-G@
$yzr%t%C
z::,^}
Z18h^&]
Z1@UbU
Z4s'wG
_@Z87xWX
Z	@!$9
ZA@[?0
Zabcde8fg
za~d#c
z:Al>D
Z~*B^1
zba+[\9
~Zb\dH,
+Zb?.O
Z)^C;s
#zCZ?W
Zd"Mmt
zDpJ7&
ZdVvxt
/?z%|F
z+F*Wb
ZgEt9+
Z]<GU%
zHC~	'ZD
zhe[.'`6
zHpM_n
	?ZH>Q
z\i@GvD
ZK6QwW
\ZkeqW
z'kGt]
zk_om#
<_ZL{+
?Z{l6DW
Zl-#Jx
[zo;b9
Z)oPzV
?zOtyt!
./]~zP:;
ZPKfda
Z^P,.Q
z^pWK0l
\zqi]j
-zQusC
zrYP4?4m
zs5 ;z
zsag:1
ZS~MA%7
_;[ Zt
;Zt22R
Zt@V`BS
zUUM3C
][Zv4bq
z"vg??
ZVH6Ye^zW
;Z!=Wh
Zw/I*x
(zX,&?
z_*$Xd
Zyd2%5
@^zY_pLH
^Z_Y:z[
Zyz[)y	
!zz~-?
?z[)%z