Analysis Date2017-07-10 20:47:31
MD55c4a0dd97cf11bdeb49048b438e47a37
SHA1c5f303586a63662fbe471d272b7351899117276b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 158ef9eeacf0c4cf881344a659cb348b sha1: 67691f7cd9c17514b307edf4ee2ba15beaf34ed7 size: 135168
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.xcpad md5: sha1: size:
Section.idata md5: sha1: size:
Section.reloc md5: sha1: size:
Section.rsrc md5: 1c167b5e83d3cb582c58a0ec7b3d8000 sha1: 850c220ee2f604be43a80190d99c584563dc2891 size: 65536
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash35e22371bf8c8d37b1995e3b29cc7dff
AV360 SafeNo Virus
AVAd-AwareGen:Variant.Graftor.155269
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVArcabit (arcavir)Error Scanning File
AVAuthentiumW32/Trojan.RTEO-7310
AVAvira (antivir)TR/BAS.Samca.181310
AVBitDefenderGen:Variant.Graftor.155269
AVBullGuardGen:Variant.Graftor.155269
AVCA (E-Trust Ino)Gen:Variant.Graftor.155269
AVCAT (quickheal)TrojanSpy.KeyLogger.A3
AVClamAVWin.Trojan.Agent-1113640
AVDr. WebTrojan.Siggen6.1604
AVEmsisoftGen:Variant.Graftor.155269
AVEset (nod32)Win32/Spy.VB.NWB
AVF-SecureGen:Variant.Graftor.155269
AVFortinetW32/VB.NUB!tr
AVFrisk (f-prot)W32/Trojan2.OJFH
AVGrisoft (avg)Generic35.ARPH
AVIkarusTrojan-Ransom.Win32.Blocker
AVK7Spyware ( 004975271 )
AVKasperskyTrojan-Ransom.Win32.Blocker.dbtz
AVMalwareBytesRansom.Winlock
AVMcafeeNo Virus
AVMicroWorld (escan)Gen:Variant.Graftor.155269
AVMicrosoft Security EssentialsTrojanSpy:Win32/Msposer.A
AVNANOTrojan.Win32.Blocker.dymcbe
AVPadvishNo Virus
AVRisingNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Blocker
AVSymantecInfostealer
AVTrend MicroNo Virus
AVTwisterTrojan.535151C04B964EA2
AVVirusBlokAda (vba32)Hoax.Blocker
AVWindows DefenderTrojanSpy:Win32/Msposer.A
AVZillya!Trojan.Blocker.Win32.12800

Runtime Details:

Screenshot

Process
↳ C:\c5f303586a63662fbe471d272b7351899117276b.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\WINDOWS\system32\MSVBVM60.DLL
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UACDisableNotify ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA ➝
0

Process
↳ C:\WINDOWS\Explorer.EXE

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileWMIDataDevice
Creates FileC:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db
Creates FileC:\WINDOWS\System32\cscui.dll
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates Fileshadow
Creates FileC:\WINDOWS\Resources\themes\Luna\Luna.msstyles
Creates FileC:\c5f303586a63662fbe471d272b7351899117276b.exe
Creates FileC:\c5f303586a63662fbe471d272b7351899117276b.exe
Creates FileWMIDataDevice
Creates FileWMIDataDevice
Creates FileC:\WINDOWS\SYSTEM32\mydocs.dll
Creates FileC:\WINDOWS\system32\SHELL32.dll
Creates FileC:\WINDOWS\system32\NETSHELL.dll
Creates FileC:\WINDOWS\system32\mydocs.dll
Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileWMIDataDevice
Creates FileWMIDataDevice
Creates FileWMIDataDevice
Creates FileIp
Creates FileC:\WINDOWS\system32\SHELL32.dll
Creates FileC:\WINDOWS\Explorer.exe
Creates FileC:\WINDOWS\System32\shell32.dll
Creates FileC:\WINDOWS\system32\moricons.dll
Creates FileC:\WINDOWS\System32\shell32.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates FileC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Admin\Cookies\index.dat
Creates FileC:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat
Creates FileC:\WINDOWS\Resources\themes\Luna\Shell\NormalColor\ShellStyle.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates FileC:\WINDOWS\system32\shell32.dll
Creates FileC:\WINDOWS\explorer.exe
Creates FileC:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
Creates FileC:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
Creates FileC:\Documents and Settings\Admin\Application Data\Microsoft
Creates File:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05DocumentSummaryInformation:$DATA
Creates File:Docf_\\x05DocumentSummaryInformation:$DATA
Creates File:\\x05DocumentSummaryInformation:$DATA
Creates File:Docf_\\x05DocumentSummaryInformation:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05SebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05SebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05SebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05SebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:Docf_\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:Docf_\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:Docf_\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:Docf_\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:Docf_\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:Docf_\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:Docf_\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:Docf_\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:Docf_\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:Docf_\\x05OzngklrtOwudrp0bAayojd1qWh:$DATA
Creates File:\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05Epgykx0vJecku24w1vbvh5k2Nh:$DATA
Creates File:Docf_\\x05Epgykx0vJecku24w1vbvh5k2Nh:$DATA
Creates File:\\x05Epgykx0vJecku24w1vbvh5k2Nh:$DATA
Creates File:Docf_\\x05Epgykx0vJecku24w1vbvh5k2Nh:$DATA
Creates File:\\x05BnhqlkugBim0elg1M1pt2tjdZe:$DATA
Creates File:Docf_\\x05BnhqlkugBim0elg1M1pt2tjdZe:$DATA
Creates File:\\x05BnhqlkugBim0elg1M1pt2tjdZe:$DATA
Creates File:Docf_\\x05BnhqlkugBim0elg1M1pt2tjdZe:$DATA
Creates File:\\x05BnhqlkugBim0elg1M1pt2tjdZe:$DATA
Creates File:Docf_\\x05BnhqlkugBim0elg1M1pt2tjdZe:$DATA
Creates File:\\x05BnhqlkugBim0elg1M1pt2tjdZe:$DATA
Creates File:Docf_\\x05BnhqlkugBim0elg1M1pt2tjdZe:$DATA
Creates File:\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05PebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05CpdjxwbhN2qzewcmQpca1lvyXc:$DATA
Creates File:Docf_\\x05CpdjxwbhN2qzewcmQpca1lvyXc:$DATA
Creates File:\\x05CpdjxwbhN2qzewcmQpca1lvyXc:$DATA
Creates File:Docf_\\x05CpdjxwbhN2qzewcmQpca1lvyXc:$DATA
Creates File:\\x05CpdjxwbhN2qzewcmQpca1lvyXc:$DATA
Creates File:Docf_\\x05CpdjxwbhN2qzewcmQpca1lvyXc:$DATA
Creates File:\\x05CpdjxwbhN2qzewcmQpca1lvyXc:$DATA
Creates File:Docf_\\x05CpdjxwbhN2qzewcmQpca1lvyXc:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05SummaryInformation:$DATA
Creates File:Docf_\\x05SummaryInformation:$DATA
Creates File:\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates File:Docf_\\x05QebiesnrMkudrfcoIaamtykdDa:$DATA
Creates Fileshadow
Creates FileHCD0
Creates Fileshadow
Creates Fileshadow
Creates Fileshadow
Creates Fileshadow
Creates Fileshadow
Creates File\Dfs
Creates Mutex
Creates MutexExplorerIsShellMutex
Creates Mutex
Creates Mutex
Creates MutexShell.CMruPidlList
Creates Mutex
Creates Mutex_SHuassist.mtx
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates Mutexc:!documents and settings!admin!local settings!temporary internet files!content.ie5!
Creates Mutexc:!documents and settings!admin!cookies!
Creates Mutexc:!documents and settings!admin!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutex
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates MutexShell.CMruPidlList
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CleanShutdown ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\Generation ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\Generation ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\c5f303586a63662fbe471d272b7351899117276b.exe ➝
c5f303586a63662fbe471d272b7351899117276b\\x00
RegistryHKEY_CURRENT_USER\SessionInformation\ProgramCount ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup ➝
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu ➝
C:\Documents and Settings\All Users\Start Menu\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Programs ➝
C:\Documents and Settings\All Users\Start Menu\Programs\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop ➝
C:\Documents and Settings\All Users\Desktop\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents ➝
C:\Documents and Settings\All Users\Documents\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths ➝
4
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache1\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache2\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache3\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache4\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit ➝
81830
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\0\NodeSlot ➝
10
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\FolderType ➝
Documents\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31374 ➝
Share this folder\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\ExpandDetailsTasks ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{c59b1c52-4fc7-11e5-ae19-806d6172696f}\Drive Type ➝
3
RegistryHKEY_CURRENT_USER\SessionInformation\ProgramCount ➝
2
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\Services ➝
31

Network Details:


Raw Pcap

Strings
Microsoft_Archives
Microsoft_Archives
Users
Users
Users
VB5!
Microsoft Archive
Microsoft_Archives
hl&@
hl&@
hl&@
*DbF
Form1
MdlGenel
clsCDOmail
cFTP
MdlTus
MdlBaslangic
modManifestResource
MdlEkran
Microsoft_Archives
6an6
MailAtici
Picture1
C:\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
Text1
Form
kernel32
CopyFileA
DeleteFileA
h\/@
advapi32.dll
RegSetValueExA
RegOpenKeyExA
RegCloseKey
hD0@
NTDLL
RtlAdjustPrivilege
,)Pnf-@
Class
C:\Windows\SysWOW64\msvbvm60.dll\3
VBRUN
wininet.dll
InternetGetConnectedState
Enviar_Backup
servidor
para
Asunto
Mensaje
Adjunto
puerto
Usuario
PassWord
UseAuntentificacion
Error
EnvioCompleto
InternetOpenA
InternetConnectA
InternetCloseHandle
hH5@
InternetGetLastResponseInfoA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
h@6@
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpPutFileA
h(7@
FtpGetFileA
hl7@
FtpDeleteFileA
FtpRenameFileA
FtpFindFirstFileA
hH8@
InternetFindNextFileA
lstrlenA
Connect
Disconnect
Status
GetCurrentDirectory
DirectoryUp
CreateDirectory
DeleteDirectory
SetCurrentDirectory
EnumDirectories
FC:\Microsoft Visual Studio\VB98\VBA6.dll
PutFile
DeleteFile
EnumFiles
user32
SetWindowsHookExA
UnhookWindowsHookEx
h ;@
CallNextHookEx
hh;@
RtlMoveMemory
GetForegroundWindow
GetKeyState
h@<@
GetWindowTextA
GetAsyncKeyState
SendMessageA
SetWindowLongA
hd=@
CallWindowProcA
__vbaObjSetAddref
SetClipboardViewer
GetDesktopWindow
GetDC
GetWindowRect
gdi32
StretchBlt
__vbaExitProc
__vbaNew
h|?@
ReleaseDC
GDIPlus
GdiplusStartup
GdiplusShutdown
h\@@
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSaveImageToFile
hHA@
ole32
CLSIDFromString
VBA6.DLL
__vbaUI1Str
__vbaVarTstEq
__vbaVarAdd
__vbaVarMove
__vbaFreeObjList
__vbaNew2
__vbaCastObj
__vbaFreeStrList
__vbaStrCat
__vbaStrVarVal
__vbaBoolStr
__vbaFreeVarList
__vbaVarDup
__vbaVarCat
__vbaStrVarMove
__vbaStrMove
__vbaFreeVar
__vbaI4Str
__vbaFreeStr
__vbaStrCmp
__vbaGenerateBoundsError
__vbaStrCopy
__vbaOnError
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
RegOpenKeyA
RegCreateKeyA
RegQueryValueExA
hdG@
__vbaStrToUnicode
__vbaAryUnlock
__vbaAryLock
__vbaAryVar
__vbaAryCopy
__vbaErrorOverflow
__vbaMidStmtBstr
__vbaLenBstr
__vbaFileClose
__vbaSetSystemError
__vbaPrintFile
__vbaFileOpen
__vbaStrToAnsi
__vbaI2I4
__vbaVarLateMemCallSt
__vbaVarVargNofree
__vbaVarCopy
__vbaObjIs
__vbaLateMemCall
__vbaLateMemSt
__vbaI2Abs
__vbaVarLateMemCallLdRf
__vbaLateMemCallLd
__vbaObjVar
__vbaRaiseEvent
__vbaStrFixstr
__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaAryDestruct
__vbaUbound
__vbaRedimPreserve
__vbaI4Var
__vbaLsetFixstr
__vbaFixstrConstruct
kernel32.dll
LoadLibraryA
hP_@
FreeLibrary
comctl32.dll
InitCommonControlsEx
InitCommonControls
hD`@
__vbaBoolVarNull
__vbaStrI4
__vbaLateIdCallLd
Form1
Form1
s3333330DUUUUDDJF
ffJFz
ffJKws3""+JK32&f
MJH2)M
JEf]U
TTS^_a`dh_bg_bf_bf^ae^ae]`d]`c\^b[]`[]`Z\_YZ[+++
NP,NQ,[d6_j7_o9ezAgyCu
AY+Gb7Pp>l
hnBk~U
TTS7^_aT`dhV_bgU_bfV_bfV^aeV^aeV]`dV]`cV\^bV[]`V[]`UZ\_UYZ[V+++$
sttm
tvyn
uvxm
vvyn
qqrn
rstn
ttvn
tx}n
pLLL.
yffff
yyuvffffffffffffffevr"""""""""
"""""""*
""""""*
"""""
UUS3
UUUS33333333
UUU3333333
3U333
e|s333;
fe|s33;
e|s33
DDDDDDM
DDDDDDM
DDDDDDDD
rP%yX.zY/{Z1}\3
?? GH(HJ(GH&IJ'KM)OR+X\0`e4`g6`g7fn;hs=kwAlyBdt?[j:auAg
7> BL)ER+DR*CQ+DR,HZ/Rk7Vr=]zE]|BZ|A_
;M'Ng7Lc6E[1C[1He6VyCf
Mf8XoBGa9Ca8Ko>^
orJzzSv|Sq
DDDvvv
zzz'''
333&
===0
:::.
;;:/
<<;/
<<;/
;;;/
;;:/
<<;/
;;</
<<</
;;;/
<<</
===/
<<</
==</
==;/
==</
==</
==</
==;/
==<.
<<</
DDD)vvv
>zzz4'''
DDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDD
EffffffffffffffffffffD
fffffT
ffffffT
ffffffT
F3333
fffffffT
F33333
fffffgvT
F333333>
fffffwuD
F;333333333333"""
333333333""""""d
33332"#3""""",fT
3333322"""""""
eDDD
H333333"""""&fa
iuDDDD
H33332"""
tDDDDD
H3333"""&TWwwwwUDDDDDD
F333"""
uUUUUUUUUUTDDD
F32"""iuUUUUUUUUUUUTDD
F""""
UUwUUTUUUUUUUTDD
F""",uwwwwuUUUUUUUUUDD
WuwwwuUUUwwuUUUDDk
EwwywUUWy
wUWUwuUTUUEDk
wuUUWww
UUUDDEWD
uUUwy
uwwUUw
wUUUY
wwUy
UUyDk
DUUUUUUUUUUUUUUEUTDDDDk
DDDDDDDDDDDDDDDDDDDDDDk
DDDDDDDDDDDDDDDDDDDDDDk
pV2jO'nS+nT,oS,oU.pV.qW0tZ3v\3u[4w\6x^7|b:~e<
KK/CD$GH'HK(HJ'HI&HI'HJ(KM)MP*PS,W[0]a2af5bh6_d4`g6hn;hp<gq<iu>mxAlyBiw@an;\h:`n>i{El
FI.<A#>E&AJ'AJ'BJ'BL'BM(CO)EP*JW.Tc3[k7[m8[p:]t=]t<_v>d}Cf
C]~BXx>Vx?`
EJ0=E%CO*GU,HX.FV-DT-EU.FW/GY/Nb4Tm9Tr=WuB\|Hb
DP4CV.Oe6Qh7Mc5F[2CX0D[2G`4Mk:WzC_~Jh
H^9Hd5Nl:Ge7A\3?Z3B`4Fh8Mr>Z
XpE_pD^oDPg=Gb;Hf;Km>T{Fb
szSuwOxxRtxPqyQn|Ro
|{WxwO
888kkk
~~~|||}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}|||}}}|}}{{{||}||||||||||||{{{|||{{{zzz{{{zzz||||||{{{{{{|||{{{zzzzzzzzz|||ddd
{{{)
}}}f
111(
222)
111(
222)
222)
111)
222)
222)
111)
222)
222)
222)
222)
222)
222)
222)
222)
111)
222)
333)
222)
333)
333)
333)
333)
333)
333)
333)
333)
333)
333)
333)
333(
222)
444(
~~~'|||&}}}&}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'|||'}}}'|}}'{{{'||}'|||'|||'|||'|||'{{{'|||'{{{'zzz'{{{'zzz'|||'|||'{{{'{{{'|||'{{{'zzz'zzz&zzz&|||'ddd
2""""*
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDO
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDO(
DVfffffffffffffffffffffffffoTO(
fffffdO(
feO(
ffffl
fffffffdO(
ffffffdO
Dm333
fffffwdO
Dc333333
fffffgwdO
Dc3333333
ffffguUTO
3333333333
fffgUTD
333333333333""".
333333333332"""""""
3333333#332"""""""
33332"""""""""".
eDDD
33332""""""".
gTDDDD
3333333"""""".
fkuTDDDDD
333333"""""
UDDDDDDD
333332""""
UDDDDDDDD
33332""""
uDUUUuUUUTDDDDDDDD
3333""""
UUUUUUUUUUUUUTDDDDD
Db33""""
fuUUUUUUUUUUUUUUTDDDD
Db3"""".eUUUUUUTUUUUUUUUUUDDDD
Db"""""
UUUUUUUTEUUUUUUUUUTDDD
Db"""",uUUUUUUUUEUUUUUUUUUUDDD
UUUwwUUUUEUUUUUUUUUUDDD
DVgwvfuUUUUwwuUUUUUUUUUUUUUDDD
DEuwwwUUUUUwwuUUUuUUUUUTEUUDTD
DEUWwwuUUUUWwuWwwwwUUTUTDDDUTD
DEUUwwwUUUUUUww
wwwUUUUUTUUwTD
DEUUWwwUUUUwww
wUWwwUUwwwtD
DWwUWwuUUwwww
wUUWwuW{
wuWuUW
UUUUUU
wUUU{
wuTEUU{
wUWw{
wUUw
UwwUE{
wuwUUw{
uUU{tD
UUDUTD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}|||||||||||||||||||||||||||||||||||||||||||||||||||||||||xxxRRR
taBbM(dO)fQ*fR,gR,gR,hS,hS-iT.jU/lW1nY2nY2nY3p[5q\5s_7vb9wd:ye;ye<|h?
ZYAEE&GG'II(JL)JL)JK(JK(JK(JK)KL)MN*OQ+OR,RT-X[1\`2`d4bg6ch7bg6_d5ci8in;io<iq=ir=ku?nxBozCnzClxBfs?`l;_j<`m>fvCm
UW@>B%?D&@F'BJ(CK(BJ(CJ'CJ(CK(CL)EN*FO*HR,NY/Ub3\i6`n9_n9^n:_o:\n9^q:at=cw?e{Be|Be}Bg
Cb}B]x?Xr<Wr=]zBe
UX@>B%?E&@H'CL)DN)EN*DP*EP*EQ+FR,FS,FT-HV.M]1Tf5Xl8Yn:Xo;Ys?`{D`|C_zB^zAc
SYA<E'AK)ER,HW.JZ0J[0HY/EV.EV/FW/GY0H[1J_3Qi8Up<Us>WwCZzG^
S\C?N,H[1Od6Rh8Qg7Mc5H]2DY1DY1E\3G`4Kf7Rq=Z|E]~Ib
TcGCY0Lf7Qm;Pl;Jd7E]4B[3C]4Ea5Ge7Kk:RvB[
XnKIe8Ql=Ok<Ig9B_5?\5A^6Cc7Gj:Ls?S{F^
e{T^rEhtKdrH[mCQg?Lf>Li?Nn@RvE[
_rwNwxQxxRuxPrxPnyPl{Rm
dwwOyyR||T
dyyQ}}T
444ccc
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzyyyyyyyyyyyyyyyyyyzzzzzzzzzzzzzzzzzzzzzyyyyyyyyyyyyyyytttTTT
k~~~k~~~k~~~k~~~k~~~k~~~k~~~k~~~k~~~k~~~k~~~k}}}k}}}k}}}k}}}k}}}k}}}k}}}k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||kxxxbRRR;
v+++#
000)
000)
000)
000)
000)
000)
000)
000)
111)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
222)
~555$
J444
Form1
Picture1
Text1
Timer1
`4TA
hpTA
hdTA
h|TA
hxTA
h@TA
htTA
hlTA
`<TA
h`TA
hXTA
hTTA
`LTA
hPTA
`DTA
hHTA
h\TA
hhTA
`lUA
anonymous
Microsoft_Archives
value
Descripcion
Numero
sUrl
sUsername
sPassword
lPort
bPassiveSemantic
eAccessType
sProxyName
sProxyBypass
sDir
sFilter
sLocalFile
sRemoteFile
sFile
j$h(1@
jTh(1@
jlh(1@
jth(1@
j\h(1@
jdh(1@
j<h(1@
j4h(1@
j,h(1@
jLh(1@
jDh(1@
h(1@
h(1@
h<:@
h4:@
hX4@
j8hX4@
j0hX4@
j8hX4@
j0hX4@
j8hX4@
j0hX4@
j8hX4@
RhD:@
j@hX4@
Rh\:@
j@hX4@
j hX4@
hX4@
h8D@
hE~A
hl&@
Ph$ B
QhXF@
PhtF@
RhlF@
PhlF@
PQhlF@
Rh0H@
RhHH@
hdH@
hdH@
hl&@
hl&@
hl&@
hl&@
hl&@
} jPh(1@
hPK@
h4K@
hPK@
h4K@
hXL@
hPK@
h4K@
hhL@
hXL@
hPK@
h4K@
hXL@
hPK@
h4K@
hXL@
hPK@
h4K@
hXL@
hPK@
h4K@
hXL@
hPK@
h4K@
h8O@
h@O@
hLO@
h\O@
QPRhtO@
hPK@
h4K@
}#j|h
}#j|h
hhP@
h,Q@
}#j,h
}#j|h
j hX4@
4SVW
U PR
h`-@
W8PR
0SVW
N8PQ
pSVW
j(hX4@
j8hX4@
RPht4@
QRht4@
QRht4@
QRht4@
 SVW
V8PR
RIPj
RPht4@
QRht4@
QRht4@
QRht4@
(SVW
(SVW
hl&@
<SVW
5\ B
 SVW
5\ B
htO@
Ph@R@
hl&@
PhtO@
hl&@
RhtO@
hLR@
=` B
hLR@
hl&@
hl&@
hLR@
$SVW
?0u|
?1u|
?2u|
?3u|
?4u|
?5u|
?6u|
?7u|
?8u|
?9u|
SVWh
SVWh
(SVW
TSVW
PhD]@
DSVW
hl&@
hl&@
h|`@
hTa@
MSVBVM60.DLL
EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaI2Abs
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
__vbaBoolStr
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaLateMemCall
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaCastObj
__vbaUI1Str
_allmul
__vbaVarLateMemCallSt
_CItan
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr
s3333330DUUUUDDJF
ffJFz
ffJKws3""+JK32&f
MJH2)M
JEf]U
TTS^_a`dh_bg_bf_bf^ae^ae]`d]`c\^b[]`[]`Z\_YZ[+++
NP,NQ,[d6_j7_o9ezAgyCu
AY+Gb7Pp>l
hnBk~U
TTS7^_aT`dhV_bgU_bfV_bfV^aeV^aeV]`dV]`cV\^bV[]`V[]`UZ\_UYZ[V+++$
sttm
tvyn
uvxm
vvyn
qqrn
rstn
ttvn
tx}n
pLLL.
yffff
yyuvffffffffffffffevr"""""""""
"""""""*
""""""*
"""""
UUS3
UUUS33333333
UUU3333333
3U333
e|s333;
fe|s33;
e|s33
DDDDDDM
DDDDDDM
DDDDDDDD
rP%yX.zY/{Z1}\3
?? GH(HJ(GH&IJ'KM)OR+X\0`e4`g6`g7fn;hs=kwAlyBdt?[j:auAg
7> BL)ER+DR*CQ+DR,HZ/Rk7Vr=]zE]|BZ|A_
;M'Ng7Lc6E[1C[1He6VyCf
Mf8XoBGa9Ca8Ko>^
orJzzSv|Sq
DDDvvv
zzz'''
333&
===0
:::.
;;:/
<<;/
<<;/
;;;/
;;:/
<<;/
;;</
<<</
;;;/
<<</
===/
<<</
==</
==;/
==</
==</
==</
==;/
==<.
<<</
DDD)vvv
>zzz4'''
DDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDD
EffffffffffffffffffffD
fffffT
ffffffT
ffffffT
F3333
fffffffT
F33333
fffffgvT
F333333>
fffffwuD
F;333333333333"""
333333333""""""d
33332"#3""""",fT
3333322"""""""
eDDD
H333333"""""&fa
iuDDDD
H33332"""
tDDDDD
H3333"""&TWwwwwUDDDDDD
F333"""
uUUUUUUUUUTDDD
F32"""iuUUUUUUUUUUUTDD
F""""
UUwUUTUUUUUUUTDD
F""",uwwwwuUUUUUUUUUDD
WuwwwuUUUwwuUUUDDk
EwwywUUWy
wUWUwuUTUUEDk
wuUUWww
UUUDDEWD
uUUwy
uwwUUw
wUUUY
wwUy
UUyDk
DUUUUUUUUUUUUUUEUTDDDDk
DDDDDDDDDDDDDDDDDDDDDDk
DDDDDDDDDDDDDDDDDDDDDDk
pV2jO'nS+nT,oS,oU.pV.qW0tZ3v\3u[4w\6x^7|b:~e<
KK/CD$GH'HK(HJ'HI&HI'HJ(KM)MP*PS,W[0]a2af5bh6_d4`g6hn;hp<gq<iu>mxAlyBiw@an;\h:`n>i{El
FI.<A#>E&AJ'AJ'BJ'BL'BM(CO)EP*JW.Tc3[k7[m8[p:]t=]t<_v>d}Cf
C]~BXx>Vx?`
EJ0=E%CO*GU,HX.FV-DT-EU.FW/GY/Nb4Tm9Tr=WuB\|Hb
DP4CV.Oe6Qh7Mc5F[2CX0D[2G`4Mk:WzC_~Jh
H^9Hd5Nl:Ge7A\3?Z3B`4Fh8Mr>Z
XpE_pD^oDPg=Gb;Hf;Km>T{Fb
szSuwOxxRtxPqyQn|Ro
|{WxwO
888kkk
~~~|||}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}|||}}}|}}{{{||}||||||||||||{{{|||{{{zzz{{{zzz||||||{{{{{{|||{{{zzzzzzzzz|||ddd
{{{)
}}}f
111(
222)
111(
222)
222)
111)
222)
222)
111)
222)
222)
222)
222)
222)
222)
222)
222)
111)
222)
333)
222)
333)
333)
333)
333)
333)
333)
333)
333)
333)
333)
333)
333(
222)
444(
~~~'|||&}}}&}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'}}}'|||'}}}'|}}'{{{'||}'|||'|||'|||'|||'{{{'|||'{{{'zzz'{{{'zzz'|||'|||'{{{'{{{'|||'{{{'zzz'zzz&zzz&|||'ddd
2""""*
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDO
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDO(
DVfffffffffffffffffffffffffoTO(
fffffdO(
feO(
ffffl
fffffffdO(
ffffffdO
Dm333
fffffwdO
Dc333333
fffffgwdO
Dc3333333
ffffguUTO
3333333333
fffgUTD
333333333333""".
333333333332"""""""
3333333#332"""""""
33332"""""""""".
eDDD
33332""""""".
gTDDDD
3333333"""""".
fkuTDDDDD
333333"""""
UDDDDDDD
333332""""
UDDDDDDDD
33332""""
uDUUUuUUUTDDDDDDDD
3333""""
UUUUUUUUUUUUUTDDDDD
Db33""""
fuUUUUUUUUUUUUUUTDDDD
Db3"""".eUUUUUUTUUUUUUUUUUDDDD
Db"""""
UUUUUUUTEUUUUUUUUUTDDD
Db"""",uUUUUUUUUEUUUUUUUUUUDDD
UUUwwUUUUEUUUUUUUUUUDDD
DVgwvfuUUUUwwuUUUUUUUUUUUUUDDD
DEuwwwUUUUUwwuUUUuUUUUUTEUUDTD
DEUWwwuUUUUWwuWwwwwUUTUTDDDUTD
DEUUwwwUUUUUUww
wwwUUUUUTUUwTD
DEUUWwwUUUUwww
wUWwwUUwwwtD
DWwUWwuUUwwww
wUUWwuW{
wuWuUW
UUUUUU
wUUU{
wuTEUU{
wUWw{
wUUw
UwwUE{
wuwUUw{
uUU{tD
UUDUTD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}|||||||||||||||||||||||||||||||||||||||||||||||||||||||||xxxRRR
taBbM(dO)fQ*fR,gR,gR,hS,hS-iT.jU/lW1nY2nY2nY3p[5q\5s_7vb9wd:ye;ye<|h?
ZYAEE&GG'II(JL)JL)JK(JK(JK(JK)KL)MN*OQ+OR,RT-X[1\`2`d4bg6ch7bg6_d5ci8in;io<iq=ir=ku?nxBozCnzClxBfs?`l;_j<`m>fvCm
UW@>B%?D&@F'BJ(CK(BJ(CJ'CJ(CK(CL)EN*FO*HR,NY/Ub3\i6`n9_n9^n:_o:\n9^q:at=cw?e{Be|Be}Bg
Cb}B]x?Xr<Wr=]zBe
UX@>B%?E&@H'CL)DN)EN*DP*EP*EQ+FR,FS,FT-HV.M]1Tf5Xl8Yn:Xo;Ys?`{D`|C_zB^zAc
SYA<E'AK)ER,HW.JZ0J[0HY/EV.EV/FW/GY0H[1J_3Qi8Up<Us>WwCZzG^
S\C?N,H[1Od6Rh8Qg7Mc5H]2DY1DY1E\3G`4Kf7Rq=Z|E]~Ib
TcGCY0Lf7Qm;Pl;Jd7E]4B[3C]4Ea5Ge7Kk:RvB[
XnKIe8Ql=Ok<Ig9B_5?\5A^6Cc7Gj:Ls?S{F^
e{T^rEhtKdrH[mCQg?Lf>Li?Nn@RvE[
_rwNwxQxxRuxPrxPnyPl{Rm
dwwOyyR||T
dyyQ}}T
444ccc
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzyyyyyyyyyyyyyyyyyyzzzzzzzzzzzzzzzzzzzzzyyyyyyyyyyyyyyytttTTT
k~~~k~~~k~~~k~~~k~~~k~~~k~~~k~~~k~~~k~~~k~~~k}}}k}}}k}}}k}}}k}}}k}}}k}}}k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||k|||kxxxbRRR;
v+++#
000)
000)
000)
000)
000)
000)
000)
000)
111)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
000)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
111)
222)
~555$
J444
3u
4u
5u
6u00
7u00
8u00
9u@@
:u@@
;u@@
<?xml version="1.0" encoding="UTF-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="1.0.0.0"
    processorArchitecture="X86"
    name="Project1"
    type="win32"
    />
  <description></description>
    <dependency>
        <dependentAssembly>
            <assemblyIdentity
                type="win32"
                name="Microsoft.Windows.Common-Controls"
                version="6.0.0.0"
                processorArchitecture="X86"
                publicKeyToken="6595b64144ccf1df"
                language="*"
             />
        </dependentAssembly>
    </dependency>
<!-- Identify the application security requirements: Vista and above -->
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
      <security>
        <requestedPrivileges>
          <requestedExecutionLevel
            level="requireAdministrator"
            uiAccess="false"
            />
        </requestedPrivileges>
      </security>
  </trustInfo>
</assembly>