Analysis Date2018-03-28 22:59:47
MD52c03d2b6ba38a54025c879c8b61cb5dc
SHA1ca1fceddbae5d9d5b9bc1834f61670d4a6152830

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: dfc8ba4cf233ec761eca6943bfd5f1dd sha1: 4dee574afe47e794469675030053a17a6ac4cd97 size: 409600
Section.rdata md5: 62bc5274976d51684b26bf8b2103e0de sha1: f2330ae3febe4f18ee597775bc9421bb7e99ea17 size: 24576
Section.data md5: 58887c88c8d04b01e6070e8035507f86 sha1: 903ed9cbd3351e9b11e4f2a91d82d733cde9adc1 size: 16384
Section.rsrc md5: 8146db5619d3da77f56063f15076034b sha1: faa414722a8c36b453d1ad68e2cd1e6ffea3a2a3 size: 4096
Timestamp2014-09-19 09:10:51
VersionLegalCopyright: Copyright (C) 2012
InternalName: mfc
FileVersion: 1, 0, 0, 1
CompanyName: Micro
LegalTrademarks:
ProductName: mfc Application
ProductVersion: 1, 0, 0, 1
FileDescription: MFC Application
OriginalFilename: mfc.EXE
PackerMicrosoft Visual C++ v6.0
PEhash2f8e5a6c1885ad377f0d50fd8ecfaa8302ede06f
IMPhash919467a879012925c59ab578fc74fc19
AVArcabit (arcavir)Gen:Variant.Dyreza.4
AVAuthentiumW32/Trojan.BMVK-7022
AVGrisoft (avg)Crypt3.APYJ
AVAvira (antivir)TR/Crypt.ZPACK.Gen2
AVAlwil (avast)Agent-AUDV [Trj]
AVAd-AwareGen:Variant.Dyreza.4
AVBitDefenderGen:Variant.Dyreza.4
AVBullGuardGen:Variant.Dyreza.4
AVClamAVNo Virus
AVDr. WebTrojan.Dyre.28
AVEmsisoftGen:Variant.Dyreza.4
AVMicroWorld (escan)Gen:Variant.Dyreza.4
AVCA (E-Trust Ino)Gen:Variant.Dyreza.4
AVFortinetW32/Kryptik.CMRA!tr
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.Dyreza.4
AVIkarusHoax.Win32.ArchSMS
AVK7Trojan ( 004abf9c1 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesNo Virus
AVMcafeeNo Virus
AVMicrosoft Security EssentialsNo Virus
AVNANORiskware.Win32.ArchSMS.dgevxs
AVEset (nod32)Win32/Kryptik.CMDM
AVPadvishNo Virus
AVCAT (quickheal)TrojanPWS.Zbot.R4
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareError Scanning File
AVSymantecTrojan.Gen
AVTrend MicroTROJ_SPNR.11IT14
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderNo Virus
AVZillya!Trojan.ArchSMS.Win32.26229

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\ca1fceddbae5d9d5b9bc1834f61670d4a6152830.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\ca1fceddbae5d9d5b9bc1834f61670d4a6152830.INI
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\(Default) ➝
C:\Users\Phil\AppData\Local\Temp\ca1fceddbae5d9d5b9bc1834f61670d4a6152830.exe

Network Details:

DNSgoogle.com
Type: A
74.125.228.104
DNSgoogle.com
Type: A
74.125.228.105
DNSgoogle.com
Type: A
74.125.228.110
DNSgoogle.com
Type: A
74.125.228.96
DNSgoogle.com
Type: A
74.125.228.97
DNSgoogle.com
Type: A
74.125.228.98
DNSgoogle.com
Type: A
74.125.228.99
DNSgoogle.com
Type: A
74.125.228.100
DNSgoogle.com
Type: A
74.125.228.101
DNSgoogle.com
Type: A
74.125.228.102
DNSgoogle.com
Type: A
74.125.228.103
DNSgoogle.com
Type: A
74.125.228.103
DNSgoogle.com
Type: A
74.125.228.102
DNSgoogle.com
Type: A
74.125.228.101
DNSgoogle.com
Type: A
74.125.228.100
DNSgoogle.com
Type: A
74.125.228.99
DNSgoogle.com
Type: A
74.125.228.98
DNSgoogle.com
Type: A
74.125.228.97
DNSgoogle.com
Type: A
74.125.228.96
DNSgoogle.com
Type: A
74.125.228.110
DNSgoogle.com
Type: A
74.125.228.105
DNSgoogle.com
Type: A
74.125.228.104
DNSgoogle.com
Type: A
74.125.228.104
DNSgoogle.com
Type: A
74.125.228.103
DNSgoogle.com
Type: A
74.125.228.102
DNSgoogle.com
Type: A
74.125.228.101
DNSgoogle.com
Type: A
74.125.228.100
DNSgoogle.com
Type: A
74.125.228.99
DNSgoogle.com
Type: A
74.125.228.98
DNSgoogle.com
Type: A
74.125.228.97
DNSgoogle.com
Type: A
74.125.228.96
DNSgoogle.com
Type: A
74.125.228.110
DNSgoogle.com
Type: A
74.125.228.105
DNSstun.ideasip.com
Type: A
208.97.25.20
DNSstun.stunprotocol.org
Type: A
107.23.150.92
DNSstun.internetcalls.com
Type: A
77.72.169.165
DNSstun.internetcalls.com
Type: A
77.72.169.167
DNSstun.internetcalls.com
Type: A
77.72.169.154
DNSstun.internetcalls.com
Type: A
77.72.169.157
DNSstun.voipbuster.com
Type: A
77.72.174.161
DNSstun.voipbuster.com
Type: A
77.72.174.163
DNSstun.voipbuster.com
Type: A
77.72.174.165
DNSstun.voipbuster.com
Type: A
77.72.174.167
DNSchi2-tftp2.starnetusa.net
Type: A
64.24.35.201
DNSstun.2talk.co.nz
Type: A
202.180.76.161
DNSstun.noc.ams-ix.net
Type: A
91.200.16.56
DNSs2.taraba.net
Type: A
203.183.172.196
DNSstunserver.org
Type: A
127.0.0.1
DNSstun.voxgratia.org
Type: A
DNSstun1.voiceeclipse.net
Type: A
Flows TCP192.168.1.1:1033 ➝ 74.125.228.104:80
Flows TCP192.168.1.1:1034 ➝ 74.125.228.104:80
Flows TCP192.168.1.1:1035 ➝ 74.125.228.103:80
Flows UDP192.168.1.1:43075 ➝ 208.97.25.20:3478
Flows UDP192.168.1.1:43875 ➝ 107.23.150.92:3478
Flows UDP192.168.1.1:7235 ➝ 77.72.169.165:3478
Flows UDP192.168.1.1:43075 ➝ 77.72.174.161:3478
Flows UDP192.168.1.1:43875 ➝ 64.24.35.201:3478
Flows UDP192.168.1.1:7235 ➝ 202.180.76.161:3478
Flows UDP192.168.1.1:43875 ➝ 91.200.16.56:3478
Flows UDP192.168.1.1:43075 ➝ 203.183.172.196:3478

Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings
q
...M..d
.
.=
.!..
a....U.u
..
./..
..&[
.
...X
B.$:.
@
;
.
..
b
041904B0
1, 0, 0, 1
About Basemfc
CompanyName
Copyright (C) 2012
Copyright (C) 2014
FileDescription
FileVersion
InternalName
LegalCopyright
LegalTrademarks
mfc Application
MFC Application
mfc.EXE
mfc Version 1.2
Micro
MS Sans Serif
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
@@~(" 
0,[	`@#
0?$~3	
0@4{`*
05_AYX
05d,A58E@@
=0A#[a@e
0CDB Tb
@0CQ=bm
/'~0dv
0F]>KT
':&0g6
@&0@Gb
0('HWk[
0Lj&`f
@'0?m%
@0@ n@
0NyXBUb
0O[&(DQ
0<OJ,Ake
=;0+Rb
0sJ<4=
=0U2ND
0Xh^Rsb
14@bB.
,1Acrd@
(@1]B@
`(|1C|
1@@K1b
1LiK00@
@1mAkC{
1QeWM~8L n 
(_@@1RL
1rm|9*
1@s2mf
|1Tuk|ma
1U0Zi@S@
$1@U}&x]q
#25[AJt
2BHa4c
2@cAREx
2CcpGf
2D4kP@
2d/9Bs
)2d`SO
2`dU5H
^.@2/fJ
2F(WXJq
2:}G-^@
2(@G]>O
[!2(>H
2HA7EL
2j*!DW
2$)@%K
2L@_wA}]@p
2M|7_{4-
2MlBd-
2Nz7Au
2<@PlJ7
@2%qB 
2RH=6N
2rNB9aI<
2s4C#b
2	 SB`
2Vs|SR
??2@YAPAXI@Z
30x4@@
312/Ad
33 iG a
3@4a$<R
3AndFR
'3^`@BN=
@3BvBS
@3CEk',
3"d	<h
3f33dJ@
/3gg)E
3$h|8a
3!i@<H}
3@(/KF
3L&yytLB
3O@BnB@@
3SLngb
3UF#=@
??3@YAXPAX@Z
3<ydO@
40{9b5@
$4/1)d4
$44sF@
@46N-@
^4;<9p5
4@B6t4
@4b.g@4@
@#4B!J@
4\bM:@
4-B@ZS
4C@	@af*
4cAx@#
4D^d@DD
>/!@4e
@4E1]c
4e@4-&@
4EbVB4>
4G}S'2
4gU@44ZA#
4@*g@w@
4hJ4r@
4=H@nb
4hwZZb
4I.{CA
4J}cIU[
)4K@h@@
4kN54E
4L@)@g
4 LHx~5
4@OW@s-c
`4P9TPqC
@4RR-c
@4s}Xb$q
<4t|Hn[3
4Urx@JwH)
4Vj2(/74.4p
&4VM,@
4y~(ORb
4Zl@A5
@@%*(5$
)53<Ce
$54|BD
55d!@@4
5\,7)OxZ
-57w_@
:5bq<,Ek@z
@5bR$P
5D8(NG
5?d|AQ
@5DZ@O
5E3X7p
"5E]@,$%r
5ft)OtXDy
-5^i %D|`|\b
5jD	.@
*@<5JL
5>Jt@Nb
^5L8#@
<5<O&HM
@5">S'
-5Sg<{
'5-t*Cx
5\TK-1@
{5/Ut<{
5W:O@S
/5&x|o
5xSFEU`l
5yKaD0
61D-F@
@6@3@P
6AEnIH
/6@FAA
{/6FwJ
6g+@T`
\6o,@cB4@
6p!{Le
`<@6PO
6sb-@D
6@Tb~{
6ToJQ,
,6U@@F
6uzngpD=p,?
@[7AAx
\7^k#w]V
(%$7LN?
7n#4\`
'@@`7O
7OIz$8-
7@OpU-Fo
7PX3od@
7R8Zz@
@)8`@(
?{8A!0
	@8a-A
8Ae^y4
|@@8	b
,@~8BE
@'8>Bo
8bZ>4=
8C"\#x
8E#2Hl@%
8E8wl$
8EAQZ(
8f`)O:
8ftCu$
8Fu)@Cy
8G[AO3
@)8)gk
8~<gMu
+@8GvhB}
8HA/DF
8=iN,@
8J-ApD
[8KHqs
8@l=4M
8na'FP
	8nPnK
@8p @B"
8q!,]@
{	8Q|@
8!qlGK
>8REiL
8S S*R+
8%Uh4!
9`0BckdUH
9A\_3b
9@B@aC
9DRW85
@,9#Eyb?B
9)n@Hd
-9Oh5vV
9SvLHC
~9T^\b`
^9)	<!U
@,^@,A
@A$#*_@
@A	 ,{*
 A<@0B
@\A1X	
@A~@2[AI5
@A2WlEg4
A>3:n@l3
A4#n@?(
;A5I=~
@A)6E/
A74-4(
A@84oPA
AA!4A0
AA<{@4t
AAbQds	
`AAL,!
aAszBD
AA=^W@
Abf:~d
Ab"@Gl
A!$b,L
/A&bv.<
@ABX(@
Ac3+4NX
ACd43{
_acmdln
;Ad3xf
Ad4mCIO
ADAxz@
_adjust_fdiv
@AD~l3
A!DLPFb
AdOv@@
@Ae@eY3
` A~fG
#@Ag!@C8
A`gF5NhP
>AGF@H
@`a gx
aH7ZaAd`
@AHb3]A@
@AhB	d@
@Ah{c$
a@'h`@s
-AH[wL
Ahz(xO
@Aih9H
aj&2,@&
@AKAC$
@A&|>LA
Ala`IG
@AL@BB
@al>bb1
^ALm%#
*@A<MlDh9Aj
ao{B$D
<	AOC>b
AOF 	s9n
AoRqf=
apb@83|I}p
+@A@pO4
ApQX|a
@AP@S%
@Aq35!
AQlj.b
@A@r@52
@ARl|i
@ARlm*
@AS1R	
Asg`HYb
</assembly>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
A{tc9	@
:atJp>y
A{u:%CX
@Av>^>
|Av5 m"v@
A=vCi4Z8Da
<Avi=+p@
AVWAf9
@A</vz
AW~GT9
axGc[Y@
Ay.c&u=
A_yG[=
ay@]&"@s
a@YTHzr
A zc0D
?@*|b@
b`{}%$
b0,\_h#
b~1&oe
-B2qb,)
=~"b(30
b4k(CT
@b4p#=
/@	b5[
B50h0C1j
B'5H4EB
B~6P7)
b8)Ao*
{b8MEq
@$b%AA-}@p
BAbVi<
b$'Ad`
bAJBNA4&
^ba@?O
?b@b@-{
bb1I<q
BB~	8/BC
[@BBED\
B@	BFH(
Bb-kwi
$B\C(>
^bC<_@c
bc/)Cs
BCG,E4p
@bC$Ho
BC JA<A
B<cn6EG
B@d`$+
Bd|0"4
B@d3|N
B@d49@
Bd)6bB
bd@A@@@
@bd&A@1i<
B@dACg
B@dBb@
+b.DbG
B*d@BG
BdbG`5V
Bdb:$@w
B@dC~b@h
B@d@Cd
Bdc`)rW7
(B)<dD
Bd@eHA%L
B@dF|A
B@dFuTgO
Bd*GDc
B@d<H)@
BdH46B{
B@d|HR8
BdjAHE[5
B@dJ@N
B@dkbR
Bd^,_L
BdL6%*
B@dLCS
B@dN=M
BdoWE4
B@dp(~B
B@d"q0
B@dQ4@
Bdq$8^
B@d@qd
BdQG@	
B@dRXO/
B@dt_dH
Bdxh@@
b	E7iD4
be= R"
B?E&'v@	*	
bEZ6d$
<bFDq4*#@
bf|e@c
BF#qU-@HZ
@@BG$Hv
bg]I*g
)bh/@%
b h[8jc6V
Bh-<-a
,['bHf
bHnCXg@
BHP w@
BiG\A5
@BIMin
BI>w/C
@bJP1*4
b%JwPJ
bkc0GA
b?!K&H0Bp.{
@bK;,@MjJs
Bl}}	Y
;b>M$@
~B,@M&
bM0k@d
~#b'MvbC
$b~M'@@WCPR
*(bN <
.,B@nAc
B==n@b
b/ndy9@
b_n<eD
@@bnRX
BO4@@{y
[@b#ojO
Bo/jRO-
BO\NOD
BOVh|b
@bOXxg
Bp? ssH
+>BRLW
bsb%2bX+
bSd$N|b
&B@sHd
BSMbIFTI(
btb2.g
|BUZfY
bva3#U
$B@v{d
	%bW<AZ
@b-Wvd
)b@>xA]d
@b)xdG
b$X@GeC
b@,x,P
b]>@XQr@
}bx$,w
@b<	*Y
bYB^AQ
B@@y>F\	UB@
@bz /_c
b@ zy`
(	c>*[-!
@@-{C@
@{C4~2
c5[%bK
C5~C28@
c6H35B
c@6LZ		
C6PQ}s
`"c#8@
@C8\DU
c8s#*-)
CA^1AH
c<BA"#
CbCl1@
c{Bh@C@
-CBJkA
@c<~BL
@@^*CC3
%CCCCg
C -d@@
C!@~$d
CD]-0E
CD~4=u
CD9<jC
`cEACD
C@{@fb@
c{|G:b
+>@CGF@.
CGl@`]
#@CgWI
@cH(GM
(ChQ08
{<!CJ(
@cKmH@Z
C:,KqC@$
Cl}2Fi
#$@CLA94k<7V
$}cLdd
<cL,%dq
CMainFrame
C]N@Jf
$!C<O5
@_ CoAL
column
_controlfp
CQ@8B<
C@q[@d9
CqLg'LA
$+Cs}`
csELxX
"Csh4j
cSr`[H
C@TMO_@
CView1
Cv@;,m5-@
c\@W{a8
__CxxFrameHandler
cy7PBG
CY<lBAA
czPsoy
 @d('@
\+`>[d
@	*!D@
@D$;?+
d0qF+h8
D4;M4EmD,fF
?D_5R9
D@6@-$8
d7C#Riq	4?8m
|D8!{@
@D?8]gd
@d`8{H
.D@\A#
$DA"[a@
	d@A@>-B 
dA$lOH
@.data
DAw=jGO
Db)e2Ud
Dbk@L*,jF
@dC{{d=
,DCSG@
<D{D.-
{dD2K0
D	D*A(
ddbOx}7
Ddc58)
DD<)Fp
dd{VHcL
@@%dDW
d"$EDdM
DEJ4d_
DE)vAGLd
<df@hB
D	FK`T@_
&d!FX>
dge)3L@
.@Dgh|
dH5E@w
`dHd2%B
D|i"(6n
/Di[%cqnd
D<Ij}@d
d%Ik+KwD
D@IPwl
~dJ[A,F$
Dji,in
dj.OBx
&dJyH4
djz+`#
Dk-JhL@
<` dl5b.
__dllonexit
dlu-WJc
@-	@dM
DM}0zGdmGz
)dm@+P
DNc@2Yi
Dn`|E/
D@@N\h
@d@oLBs
<dP~4bt
	DpNXh
dqLa B
dR-7<C
d@rKF4K*
dr[@-T
/)dswcZl
Dt/Fk9)z
ducOqfA
dUjQ;L
dUM@V(
d<_v`b
~"	dxB	D
^D{x'M
dX-sW{
DzW+95
@\.E]"@
E`"0@(
E&0<@l
	E5w!/BbcC
e9bCX ,
e	9@'l
` {EAC
eAna`*
@E'B(~
EbbW|8a
ebeBv4e9G
ebw~@B
EBY=VyfB
EcBnqHb
ecc~k\
Ed.CR,
EFA-@p
:eFK0Eb
egT4s4
@`/eH8
EH-EL#q
EH@ zBB
EI VPBA
EJCEv\|
el@(BGd
EMHbbH
EnableWindow
EOb&@5
/:E<OwAu
ep@D88{
-Ep`gT
+@&Es#
E&TC`;
@|Ev&4
,+eWZ	@
_except_handler3
eyC*4Ab
E)\,ZH
ezMB0.
<?'F`?
@F,@1I
/F1pPA
F2? D86W8@
@F(=(3
F3Lv#E
*F@4_/
@(f4Dm
`F@95Ba
;FBDb@
@fBiXj
%FbuYLUF
f@b<W&l#
@F(,@@d
,FF%2)S	{
@@FGGq
'fI@N`=
FJxtJa
fk@=@KK
&.Fkl\
@FLhA^
fMbu|!t
@FO[3@
@FPQ%;
fQ~$V@
fsc4D/x
@fSF@}G
@F_UDHpo@
@,fU@q2
FVH#@`eY
fvL>TP
@FxhE0
 ,$FxP
F-yDL0
fZb#~Evu
G0@0Frcc
g1	Y@l
<@@g>}2
@G2fBW
@G*4q^x
G4Rp0A,
@G5]4L@
G5@HDZeCV
&G5~_@ssTB
@(G7)@@
!g90'b
g9m5isE
;GAb.n4
GARG5 
*$GbjxA
g[C<),
gDALBO1
|	}G{E
/GenKq
__getmainargs
GetModuleHandleA
GetStartupInfoA
G@f8c)4
{G@G	@d
;%g@hO
G@HO]@7	
^gh@~T
gITG@}
G@"j@bH
]G}JJb
GJU)!G
gL4I*#
g&N1}i
gOI	53@
@GOm*c`
GPR-bv
gs<d9@E
gU<?09]b
@g@U,I
g@yEj@
^@!~@H
h0b;h$r
H0NS*D
 H2a,\
%H(}=4
h5ysMA
+}hA5$
HA{+Y5#I
hbb@B|JXa
Hb~,@G
Hb	p@bxG
`h&^cCu 
H=C`EtC
hC~h@Wg
@H@Ck9
HD6mGk`<
@HD9fL
HdB{4W
H@#?De
@hdECp
/he@Ads
H;f4co
H*f@JbV
h^G<D"@F
@hHAFR	
hHI6B@
&H[_h[v
HHwLHI
\Hi1-5
H&kA-xO
Hl~1@@
@Hl^5PtA@	
$HM3@6d
hMO@@s~@A@
HN@`3A
;#H)/+O
~hP	(,
!HP@HG+<
@H<Q`HV
hqZ}/@
]&|,hS"
 @hS@o
(/H@su
=>H{T=a]
H@@U:7.
h{v7An:
Hvb<rB
@HvRBLr
hVX@9*
"}hW~`
h	yvv$
HZ$xHbu
i0 ~Y,
@,I(3u[@=@
?,I;-3U
I$8$s_$
iAR|o@
`@'i@D0
	@,-IFS
i<H+?5
@{ihL&
"#i@@I
I@,L#n
iM,(bR@
=ImUe7@IJq
_initterm
_iP;,dmb~
I@PPXL%
I$&PRH~
i'PUGv
Is _A@9tt
iUliCgO
,IvB{fy
<iX@,5
IxGurC
@iy(&j
iZ,CUACX
IZvD4	
]	=j~@
@<;&$j
{	J$@ }`
j4#Hb8Oi
J`@ ]5
J@5+`<
J6A<@k@
j6$Hv	Bi
@)JB3)
JB4S@p
$@j@C`k
jCm@I:b
[Jdm5E
jE$5+:
je?HC@I5v
jeJJZk
jFHIbM
jf l3)
jh|~Bb
JhdC@b
+ =J)i
jiA(q;b
>J@@ie
Jk(l:h) 
+J)K/O
jLe1s4
@J/m@&
jMA@*Qs
J	N@4&
'jnA}k
jN@MqBb
@J`o4	z
@@;jpb
JqUBjya
jRc37q
j"{RK4
J]&:R,WF
jsE@@@K
JT| 4m
Jt*cnR;
JT-)ePB
^Jt@H;rA
jU	+j2
jVFlf8
jXEtYO
J@Zfbo
K0,]|$
@~k@5B.
;K7s]AT
Ka7@A5(
Kb(Y@d
K@{CB:)/9
 -,@kd
K@d6@k@
k<:_db
{kD)xK
KE%2C@ 
@KE8F@
KERNEL32.dll
@KF@H@
kgne6>
k%H@PD6
khuakB
?kKG1@M
kLAd,AA
-@k_-m
@#K$m*s
K:n_`y
@kPs*Ta!
kre6Vc
Krps@Ag<D
]KUbV2A
@kU*``<L@
&*(Kz-G
L(1U@&
l5cA`/<
\	l64W
l8bb9`O
@L,9@b
L9O<GV
LAC{Xj
l@A(H<cF
lAO9]@@
@LAOQ4)
L+BFA	
l	bhp`
lb{Zd,
L	(C~/
@)lCPb
LCqie@D$YB
LD@+E}
Lf[cUt
@@@lGA3
LGDJ3s
LgkHUG@J
l,^H{7
L.hA#,
lHB;Hhu 
@LHDl6@04S(@m
-LH~@Lv02
Lhsl`t
L[@iBv
ljz>ai
Lk8Jw/
LKc,S(
+LmAbI
LoadCursorA
LoadIconA
l@Og3@{
L>!o!t/
l $p!s
Lr a&U	b
LSzbOi
L%TFJC_
Lv"#	B~&
lw4(p~A
@L_W5[
&L@w\\mS@b
"@L@x!
L^&x0@
Lxv]!%
=$|@-m
M$@0Sw1
m@4{9l
M'@84t
 M98b@
M(Abs]
@mAt]<
&m#;AuS@A"
mBaph(l
mB@]l@@L
M=$br3
mCBxXN[@
Mc}Jb{
M-dbrdP
Md,tLbs
@md|v?
ME'@@5?
@M+f>B
MFC42.DLL
.+m@g<
M@g0s5=
mGJ.h_
%MhlE@
@mH 	LNZ<c$Z0A~
m`@h"$ZI
m#I(Ax
Microsoft Sans Serif
m@LAcP
m^M\@{
<M@q1&
mq@B=}
mqwR4l
@MR{%R<
MsN}N=L
MSVCRT.dll
MT@709
MtD%8D
m@`T	LA
@mU9Z4
MU=P&/
MXdyk%v8
m@x{[k
mXt~G@q
 .${N@
N12zWP
N1:ApAq
[@`-n4
n4	|\@K
n6_4<D^
n7cUW>4
N@7r)Y
n8$	FBG@
nA1D@LG
NAHdBbS
Nd)c%B
!.NdGm~
?nd-jTQ|
N@FhkG
@N&(g(
n$=@kn
nOKSni
NP0	@u/Kb@u
,NsSea
NUdT@.
<@NvcLQE
nX=@dP4
<+nxUg
 _O@$$
O0F#F?
@O(?0Rs
@ <O|`1R
O5E|4@%{Fh\
o<8c`7
/o,A B
 OaJbC
@	ob0b
}oc@)C
o\CP5 b
ocUd$4
@OCUxD
OCVLr8
o@`D9"
o d]q@
^OE)&g
oEU!	)
ogAxc1
o	gPaa
@Oh`}I>CAAb
oi8SAwH[
OJBLZOH
O@%k(Yd
OmXe@m
@oMzBb
	ON}*@
_onexit
@OO8)P
~oP	(6M
@@opH)
Opnx2a}
#+OR-2
@oR@BH
orP04dg
/O$ R=xSm
Os{k@l
@O&SUC
		%O	,sz
OT/7D,s
OVaf6@
{Ox`8b
o?"xBw
?P2D4}>b
P2Icd#
p@2O^P
p@|${@4
)`P4$/
,p4chp@
P4=n<@
P:@5,3
pA.HLG
p"b(#Ge
P@b}^@OAlP
;p}BUQ
P@C1cV
Pc{@DC/>@
P@ChRb
p=%C;I<
__p__commode
{PC>,W
pd@gF!)_
PD"Q6A,
.	:pDT
PEHot"
PEJ;-y6
__p__fmode
@|p*FP
)PFY|t
PHr6VT
p Jo@ds2I6,
|@pJSb@
PKx1y2
)<PlAH
p@~lci
pM@RJ|E
#pNH@@
PN[HRGn_
=PoLdJ
&=po@"P$o
 P):/P
PP@dGt
@pPI(Ui
PqG%&e@M4|
%pr>4 _
P_T@@@
@#@Pt04#h3
@(p.U4
pU@ (lC@
(p-vNfig
`pXE^@
pzp{R$
-&>\Q)
q14s$j@
Q3O39Qt
q3'u@@
<(^Q4	P?
$q`5Zb
~,.+Q&Alv
=)'(qb
qB@URwz
q[{Cl5
q)`CZG
q dc@@x
<<qGH(
QhNeD4*H4hu#{3
Qi(&gd%|@
qmCB@?
qN@CHD
qNO@< 
Qp,Hy@=d
,QP@*ZF4
Q[@<t(m
@?!qU`a
qWb4{mT
 qwRVhy
\@Q"Zc
r0@Eb@
r2Eu&@
r2J3f?
R2nFXH
@R@&3BQ
R3/{Tb
+(r4AO0
R75Fbu
>RBb:X2S
rb<dC+
R@*C@@
R$cU_$D
R,dA\{
`.rdata
r@,(^DLB8b
&RdMz 
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
      <requestedPrivileges>
R%=>H<@pd
RIbb}@
r<(~<J
RJ,0,c
rJA88AgsK@
@RjG<@HC
`@rKB4
rKm)x'@
@R!@KYy!b
rn@vKMf`
)RO2eW
:>rQ@A
rrA/b_
RRS6BUz
@RShudA
Rsqek<.H
RT??C&
'?R}v*?
r@>xQh2
.S@4A6
s	4tMe
s51d8D
s6;6@,A
@|s9D@T
SA&tc0
`@@Sb@
sb^6Zb
SBBK~;@
sBDCIb
Sb*mLHt
s@bM,X@
~,@sbU{
s@BXED=
_@{(^sC
sc&4,?@
,sCmDC
@SdlB@L
|Sdx{h
@sE3#4+
Se@@8l(b
    </security>
    <security>
SendMessageA
__set_app_type
_setmbcp
__setusermatherr
ShAfAX{
SHhXl3k
sh|L8O6
sIEGD{c
sjGe|@A?q@< 
)s]K3hO
sLPH}E
sLRO@5
(sM$<NG{
_#sMzACD
snyv8A
S@O2jx
SO6]+@
s,sjD6 ,u
 ss	QdA
SWJ2)^
s<wz5E
@s+x4C2Q@
s.^^XQ
SysListView32
SYyd@E
;t0c>*
t45=p@
t4H$DRCa
T%@5s2A
T6ClSb
< t$AA
t_^AbY
]TAx@8
.T_)B<
$Tb>4\
:@T	`@BB5
t_.B@H
tEX%5s
@>T~FKt
TF%zzdC
t@gIF*
@T}@G	N
tgt\o<0 c
t@H"[@@
!This program cannot be run in DOS mode.
ThX&%b
	Tjpv@A
T@!l`CIvK|
T	oP<i
tPKJ>		^RA`
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
tS@0VFB
@@T",T
TTauB$
!_tX@	
u@&2{8
 u@6(BbgO
u72Dz*
u83dJQz
@uAIF8
ubOf9cd
)<Uc}@
UcdUa}
'UcG.A
u;cO61)
/u]@~D@
u@D@.@
UEl28@
u(E(.P
u ?^fF`
 Ugb{0&@d
UGz(%@K
@uk&$)I
u.PAhY@ct
UpdateWindow
uQ93cbJ
/&Uq|Ct
<Uscb"	=q
USER32.dll
_'uTQC
U?@)U}
uu3vb)
UUkY*/
u=@Z4`@
UZdz0@,I
-)<v,%
v+0Fx'
V.1d5rC5
:}V'3IB
v4 H&5
v6@3jl
(v9@b<!gG
V! a0@O
VAS>@d@0@,oQ@
,v@b&,
Vb%jBqEbb
V@cpB{
"vCsY\
v?d1h	u
V~dR|2
ve	dhH
vhSD.qO
}(*Vj@
V[J5<V
v`*JBB=
VkHKp5
VLFdZtA
Vm@@6D
:VM-PC
{vQ$$h
v#?q+y
vR`0=2@A
v$sB]A2E
v t,sv
VUbC>Ab	yA@
(  VUN
@VVOmj
VWPy`xDwH
W!	0b@
W	4dK/
=WA2jq
wAP@A2{
wC}f-y
W@D$G@
@w[@DS
W@G+}b
&Wgq D
wheMFc{
Wiy@.=
WjB@IU{\
wLx0VDDd
W%mrW@%t
 ,;Wnf
WN@I@Xb
@W@sA@
WsqUX5m
WT,bbB
WtSb$T5
w	Xz<s,o
W^Z-IRlb
W=zzJc
$@%X5d
X@;5fF
x6|AB=gN
x90f{]
-xAT@A
@XB_./
@Xb"<4c
xb9Zr*
@XbN<]
X	BTqM
XCeI2w)
+xcj3{
_XcptFilter
xDdW@D}
XE{w=%
XF|E'(
@XgHA3
xILUs6
XJ^@CGpK@B
XjrDIj
x@`(jZ@
$xK~@C
"xLxyB
xMr%DCdB
XQ1A0G
xs{:O02
X	)U%@
xUeq5c+
-))/Xy[
X'.zSVb^eyd|
@XzUM,
Y2@BApGO
Y2ocoAPj
=!y3@2<
.Y4BzX
"@y84%
@{Y>>9
@yA$iX:d@
@ybtvF
]YDB>@
YETbG3
,Yf%4-
].Y@FP@
,y)G@@?
@yh@B}
yHC}/b
@Yi&@`
YKs@6\E
yNf9TI(ki
/YOhr@
yORFJA
@yps4R
#yPy@P
*Yr3X@
Y@sGFfPBe^
@y>XmBBmJv
z$0RH@C
z@0xZ$
z2@E{i@B
?Z3cU!5@
@@Z3I{
Z@')44
zALxZ2d*L;
Z@	c4@
^zcT*D
zEdJb@
zE	h@*
ZFD@-@I
Z[@GYaJ
ZJ/-Xi_
zlA[,@
z|O](|
z@O@;G
ZPW_bB[
ZqPYm3
.ZsbA@ (L
ZsHP]@
Z@T~_6
z	~tOi
Z@Ut}4
Z@XSHE=