Analysis Date2015-11-06 07:32:07
MD535a09d67bee10c6aff48826717680c1c
SHA1ce1f0b7dfd91fec1dd0b9a539f7a2c12f2be39b2

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: bee771fbb3cb626922d7ba0f49367229 sha1: f4726666fd4144676954ebbf043acb8950ebfabe size: 354816
Section.rdata md5: ec6b14239c348e7cd89be5585043de96 sha1: 38ad7020bea888c01b8c16eee4830422477fefd8 size: 104448
Section.data md5: 4569a5dc4ca9cd2fcea2f78c21a9dceb sha1: 37aff95b84cb9cc624e05358e5d7136f958fce20 size: 2048
Section.rsrc md5: 103cad1b5df78b007952cefb2f90de13 sha1: 2c2956aa578f8e42f02d19927ea61b3fe744ac19 size: 2048
Timestamp2015-11-03 10:44:45
VersionLegalCopyright: Copyright © 1998-2014 VMware, Inc.
InternalName: toolbox-cmd
FileVersion: 9.6.2.31837
CompanyName: VMware, Inc.
FileDescription: VMware command line Toolbox
OriginalFilename: toolbox-cmd.exe
PEhashf7664b31701bce61c0b2cae2e702818519b719ff
IMPhashd0449493cf82be3b56cea3000b588e87

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\35615d4a-b366-428a-294b-55bd0991785e\0c35517e-6951-444e-3511-2b1f9fd6bca8
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\35615d4a-b366-428a-294b-55bd0991785e\ed1de5e4-5e29-4394-2766-a52ac920fa5e
Creates ProcessC:\WINDOWS\system32\svchost.exe
Creates Mutex::62DFDF4F-C9F7-4416-9688-41C7791D0C33

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\bea4dab3-73c8-4227-35d9-8fb3b954dabc\3e99992e-94ee-4b6b-aa05-6a5a1633c406.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\35615d4a-b366-428a-294b-55bd0991785e\0c35517e-6951-444e-3511-2b1f9fd6bca8
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\bea4dab3-73c8-4227-35d9-8fb3b954dabc\3e99992e-94ee-4b6b-aa05-6a5a1633c406.exe
Creates Mutex::62DFDF4F-C9F7-4416-9688-41C7791D0C33

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\bea4dab3-73c8-4227-35d9-8fb3b954dabc\3e99992e-94ee-4b6b-aa05-6a5a1633c406.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\35615d4a-b366-428a-294b-55bd0991785e\0c35517e-6951-444e-3511-2b1f9fd6bca8
Creates ProcessC:\WINDOWS\system32\svchost.exe
Creates Mutex::62DFDF4F-C9F7-4416-9688-41C7791D0C33

Process
↳ C:\WINDOWS\system32\svchost.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\e1f63730-3c6d-4396-3a94-cf0122baf7b6 ➝
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\bea4dab3-73c8-4227-35d9-8fb3b954dabc\3e99992e-94ee-4b6b-aa05-6a5a1633c406.exe\\x00
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\35615d4a-b366-428a-294b-55bd0991785e\0c35517e-6951-444e-3511-2b1f9fd6bca8
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates Filepipe\core_ps
Deletes FileC:\malware.exe
Creates ProcessC:\WINDOWS\system32\dllhost.exe
Creates Mutex{F4EE296B-9B08-4B04-8443-7E76A45FE740}
Creates Mutex::62DFDF4F-C9F7-4416-9688-41C7791D0C33
Winsock DNSgoogle.com
Winsock DNSwww.microsoft.com
Winsock DNSpomppondy.net

Process
↳ C:\WINDOWS\system32\dllhost.exe

Network Details:

DNSe10088.dspb.akamaiedge.net
Type: A
172.232.135.186
DNSgoogle.com
Type: A
216.58.192.78
DNSpomppondy.net
Type: A
DNSwww.microsoft.com
Type: A
DNSvyx74gpqlgpy.ddns.net
Type: A
DNSs2mjyde4yxu0spo.ddns.net
Type: A
DNSuhwdkf5vov1twtehiru6mxs.ddns.net
Type: A
DNS7r7furmrs07bmnw25vwl34u.ddns.net
Type: A
DNSwvoxs2inwrq4327.ddns.net
Type: A
DNSsde8m2kx5rely2gh7hm.ddns.net
Type: A
DNSmpqruxsf1j3pcxqx7fa.ddns.net
Type: A
DNSircfw818u2y8y8sf76olmro.ddns.net
Type: A
DNS38svmhaxm0o8ohebkt7.ddns.net
Type: A
DNSa0mda25v7jqpkb7rsfcbeva.ddns.net
Type: A
DNSybijshibmr5xs0e.ddns.net
Type: A
DNS1tu0y8g4abwf7lefcts2u8a.ddns.net
Type: A
DNScpyp38kva8ite634q6i.ddns.net
Type: A
DNS1nujqx1hafmfafaritc.ddns.net
Type: A
DNSelwb3t18m05tcdw4kpanuvu.ddns.net
Type: A
DNS1xabuladefqv5xane61.ddns.net
Type: A
DNSkd7t1rev7jirsts.ddns.net
Type: A
DNSk6g03dwhgvmtohexa2gpu2m.ddns.net
Type: A
DNS5tubwvsty2u6qr7pkhi.ddns.net
Type: A
DNSun36g6qvknk2ets.ddns.net
Type: A
DNSw0qv1hy4ypqpwn5xsf1.ddns.net
Type: A
DNS7rmfmr5dqlkpgfqj7hq.ddns.net
Type: A
DNSsvyfofghot7j367fwd3.ddns.net
Type: A
DNSy8ypsdy2wx34op7.ddns.net
Type: A
DNSsrghoxqjq0gv5jypyhm.ddns.net
Type: A
DNSwfovojcjwpk0gt1.ddns.net
Type: A
DNSapsd78cf12qdijuhwnq.ddns.net
Type: A
DNS1pahq6i4op74g25.ddns.net
Type: A
DNSqla2khmt1pmbi21.ddns.net
Type: A
DNSybqlsjcv7n7twrmjg6o.ddns.net
Type: A
DNSqtqtetovmjmd3tylmv5.ddns.net
Type: A
DNS3dij14o6kbudejy.ddns.net
Type: A
DNS3dwbsxmlgpml3jytm67.ddns.net
Type: A
DNSarcbs4mjqj58gp1xqjo2onw.ddns.net
Type: A
DNS3h3nwharad7be6ahy2c.ddns.net
Type: A
DNSkfuxq0mve4gpstmxs4o8ufy.ddns.net
Type: A
DNS36inmhwncjw4cja.ddns.net
Type: A
DNSaxa4ux3xw4sngfg.ddns.net
Type: A
DNSq8125ba2up12m4k8g8y2qta.ddns.net
Type: A
DNS50m4m8gh3pipubw2klongb3.ddns.net
Type: A
HTTP GEThttp://www.microsoft.com/
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
HTTP GEThttp://google.com/
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Flows UDP192.168.1.1:1031 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1031 ➝ 8.8.8.8:53
Flows TCP192.168.1.1:1032 ➝ 172.232.135.186:80
Flows TCP192.168.1.1:1033 ➝ 216.58.192.78:80
Flows UDP192.168.1.1:1034 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1035 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1036 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1037 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1038 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1039 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1040 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1041 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1042 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1043 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1044 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1045 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1046 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1047 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1048 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1049 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1050 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1051 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1052 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1053 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1054 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1055 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1056 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1057 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1058 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1059 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1060 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1061 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1062 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1063 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1064 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1065 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1066 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1067 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1068 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1069 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1070 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1071 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1072 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1073 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1074 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1075 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1076 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1077 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1078 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1079 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1080 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1081 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1082 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1083 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1084 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1085 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1086 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1087 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1088 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1089 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1090 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1091 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1092 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1093 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1094 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1095 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1096 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1097 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1098 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1099 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1100 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1101 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1102 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1103 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1104 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1105 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1106 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1107 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1108 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1109 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1110 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1111 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1112 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1113 ➝ 8.8.8.8:53

Raw Pcap
0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000020 (00032)   6c6c612f 352e3020 28636f6d 70617469   lla/5.0 (compati
0x00000030 (00048)   626c653b 204d5349 45203130 2e303b20   ble; MSIE 10.0; 
0x00000040 (00064)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x00000050 (00080)   574f5736 343b2054 72696465 6e742f36   WOW64; Trident/6
0x00000060 (00096)   2e30290d 0a486f73 743a2077 77772e6d   .0)..Host: www.m
0x00000070 (00112)   6963726f 736f6674 2e636f6d 0d0a436f   icrosoft.com..Co
0x00000080 (00128)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x00000090 (00144)   6c697665 0d0a4361 6368652d 436f6e74   live..Cache-Cont
0x000000a0 (00160)   726f6c3a 206e6f2d 63616368 650d0a50   rol: no-cache..P
0x000000b0 (00176)   7261676d 613a206e 6f2d6361 6368650d   ragma: no-cache.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000020 (00032)   6c6c612f 352e3020 28636f6d 70617469   lla/5.0 (compati
0x00000030 (00048)   626c653b 204d5349 45203130 2e303b20   ble; MSIE 10.0; 
0x00000040 (00064)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x00000050 (00080)   574f5736 343b2054 72696465 6e742f36   WOW64; Trident/6
0x00000060 (00096)   2e30290d 0a486f73 743a2067 6f6f676c   .0)..Host: googl
0x00000070 (00112)   652e636f 6d0d0a43 6f6e6e65 6374696f   e.com..Connectio
0x00000080 (00128)   6e3a204b 6565702d 416c6976 650d0a43   n: Keep-Alive..C
0x00000090 (00144)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000a0 (00160)   2d636163 68650d0a 50726167 6d613a20   -cache..Pragma: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 6368650d   no-cache....che.
0x000000c0 (00192)   0a0d0a                                ...


Strings
.
....m
;.SW..
k
3.
h
h.
fd.
.
3
.
x
u
.
X
.
2C
X..e
'
..WiH
.P.......
....MI
040904B0
 1998-2014 VMware, Inc.
9.6.2.31837
CompanyName
Copyright 
FileDescription
FileVersion
InternalName
LegalCopyright
OriginalFilename
StringFileInfo
toolbox-cmd
toolbox-cmd.exe
Translation
VarFileInfo
VMware command line Toolbox
VMware, Inc.
VS_VERSION_INFO
>.# ,)
}!"$" 
$'_. $
0(1l"}K
026P)+
0%3l0s
0)4P'"Bc
,^/06z
08V@n_#
0dhBEy4
&0/gX]
0H<RYR
0M."&o
0m]wzG
0Q1VyJ
0qF@q9
0S?6QV
 ;0\t9&
0t}Eh8
0vI:b]
11IFce9Td@
16d$vg
1`aJ.~V
)1!>b$L{F
1G>Gu;;D@
1HTB`QFE
1jm$Xw
1k88bY47
1Nd?Bn#
1ZA+Tp6`
1Z/!oy
:*(=!2
%`20*~;y
2 4%6.
+28a<*
2? aX~O
2G9q7}
)2i>)W
%! 2S_
+[2XNC
'2Z:IS
!33J[WT
+3,B-+4
	*3D	U
+3dWju
?3F}g]
+3P]6d
*&3#Q;
3s	4c|
3u'68.N6i
(3zz_6
40:0$r
42`ryo
'4<.%4
@4 e}%e
4=FLnW@L
4H	)A7
4h@cL^
(4P^Qd
])4s[e
4;=t#5d4m
# |5:@
56l6:##
56uA&6
5aT,bL
5E#h&e
5f8YEI
5i'7^C
5i;G;Y%
%!5io/
5l"{ag&
5RWO5`jU
5z1Wz\
 68T'A
^6`9Sh
6 CSD.$
6"f@\=p
6kwy6D0
6qQP/J
'6rTaxo
6$XX< 
.6zK-Ar
7[@ 1jG
&7HDY;
>	7-hE
7`"R	b
7(+RDy
?7S1NK
7s JK 
7W%3*9
,7w<%L'
8'*0pd
82b0Qv
87)YDn
!"8b	Jm
8HC/tI
<8!KD]
8k:qc%$
8>Q 18
8R FK<w
8|T#|u
8V0faN
*,929v
9|2V;T7
93DP1d8
&@9Chd
9*D6#s
9!(D?S<F
9,FNs^G
;"9gu'
9Hfr{f
9kxII6
9P'J;-
9%*POo
9: pVL
9QiO^G
9S7Ztm
9yA)1P
,-A'1K
A7$3f}
a-9UK$
}`A![B
AdjustWindowRectEx
ADVAPI32.dll
a=E>dZ.!.)
A*>f1-]sQi
-Ai1iq
AI*9]|
#	AiR1
A&_jr/
*Als3r
am%Mgo
aMXSb^
aoma{C
a!p<#4C^D
AppendMenuW
Apw1.u)
a#/q<]a
AQ nkF
	ar:Mml.
aS|>+jo
</assembly>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
%``a(TjO>i'
aT'M9:
AxGzcm j
(A;xN[
>AYHiTYt
B0SOGr
B2K-uG
b$8$W6
Bb<>:]n
}&[Bc[
BeginDeferWindowPos
BeginPaint
bF`9Ng
!Bfo5x
BitBlt
B_ljp@
bMot(Ae
b# MT[
#BnPBtI:#
BQ9&ai
BringWindowToTop
+b$TI9>
b	UDry
bWfD	(
b];(yWfd
'b=\yY
b,^z9(vy,(
b\Zd@hc
c0K),t
$C0%r"h3H
@C0<V&
c2XmJRp1g
C33vD?
c3?e~a
-"c8lMJ
($C>8Y
CaB_^gWI
CallNextHookEx
CallWindowProcW
cAxFrV*b
CCeCrLu7
/c_[;D*
*CdfX!
cDxi{4
Cg6!$5
ChangeDisplaySettingsW
ChAsK4
 CHb+u
c;hCZ?P!
CheckMenuItem
CheckMenuRadioItem
ChildWindowFromPoint
ChildWindowFromPointEx
ChooseColorW
ChooseFontW
ciWpzK
C jAB;
/?CKV-
ClientToScreen
CloseEnhMetaFile
CloseFigure
CloseHandle
 CMX{wz<<
c$NK{	
CoCreateInstance
CoLockObjectExternal
CombineRgn
COMCTL32.dll
COMDLG32.dll
CommDlgExtendedError
CompareStringW
CopyFileW
CopyRect
CoTaskMemAlloc
#cOW+2g
COXa;~[
cQqNeL
CreateAcceleratorTableW
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDialogIndirectParamW
CreateDialogParamW
CreateDIBitmap
CreateDIBSection
CreateEnhMetaFileW
CreateFileW
CreateFontIndirectW
CreateHatchBrush
CreateIconIndirect
CreateICW
CreateMenu
CreatePalette
CreatePatternBrush
CreatePen
CreatePopupMenu
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
CreateWindowExW
C"X=5Xa
^cy&ag0%f
c|Yyc2;
(d(	=*
d16;	^
d[1I"K
d2^8(@
D34ZKg)p
d3~uo|
d5D|7;~
@.data
_#Db@M
d+c@\[
D.:cD!Xa
DdeClientTransaction
DdeConnect
DdeCreateDataHandle
DdeCreateStringHandleW
DdeDisconnect
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeInitializeW
DdeNameService
DdePostAdvise
DdeQueryStringW
DdeUninitialize
D]d"L*w
DebugBreak
DecodePointer
DeferWindowPos
DefWindowProcW
DeleteCriticalSection
DeleteDC
DeleteEnhMetaFile
DeleteFileW
DeleteObject
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
Df3{dgr
D`Gk6`$
d>H=`(
d.(h|v
di2H=y
DispatchMessageW
dj:YCx
d`KkDG
dkmCdB
d[k"'%qx
DLa%EJb
dL~Oj-
DM	^$ 
D+mM8C
:D'mnY
Dnl%;;k
=d<+P"|g
Dqln'@
DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawMenuBar
DrawStateW
DrawTextW
Duh+B/
*d"Vc4@
E0-CTF
E<0X`>
E	4>0x`
E7 EV#$"/(	
e]8pb<R[\
eDx.'D
eeWq$*w
E,F.7h
Eg"8mZ
e*g@haf
)*EGlxn
ehJ@H(
|,$ei0`
"EJ[CQ$h
eK(sJP
Ellipse
eM"6_W^
E`.%mP$
eM $?p }_Gen
EnableMenuItem
EnableScrollBar
EnableWindow
EncodePointer
EndDeferWindowPos
EndDoc
EndPage
EndPaint
EnterCriticalSection
EnumDisplaySettingsW
EnumFontFamiliesExW
EnumSystemLocalesA
 )eO$<Ec
eP5Hf:
~e{/P9V
@e@Q<	
EqualRgn
eU Q4:
EUVL`}
ewy$QS
ExcludeClipRect
ExitProcess
ExpandEnvironmentStringsW
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtractIconExW
ExtractIconW
ExtSelectClipRgn
ExtTextOutW
EYq[jY7
F0C!%H
F'2!$V%
) ;f4fB':
f4,x`7O2
f7K1?B(2@
	F"8&t(
F~A& z
F_d@{H
F` g@a
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputCharacterW
FillRect
FindClose
FindFirstFileW
FindNextFileW
FindWindowExW
fJ6v)C&
fjQ(wN
fL8~_I,"
FlashWindow
F=l EF
FlushFileBuffers
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
F/s:ecw
=Fs`rG
fS;	{w
F"VX{$}
Fy a6:
g*"`<"
~G1rbs
	g28}C
GDI32.dll
GdiFlush
G/`e 	
GetACP
GetActiveWindow
GetAsyncKeyState
GetBkColor
GetCapture
GetCharABCWidthsW
GetClassNameW
GetClientRect
GetClipboardFormatNameW
GetClipBox
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleScreenBufferInfo
GetCPInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDateFormatW
GetDesktopWindow
GetDeviceCaps
GetDialogBaseUnits
GetDIBColorTable
GetDIBits
GetDlgItem
GetDoubleClickTime
GetDriveTypeA
GetDriveTypeW
GetEnhMetaFileHeader
GetEnhMetaFileW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileTime
GetFileType
GetFocus
GetFullPathNameW
GetIconInfo
GetKeyState
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMenuItemCount
GetMenuItemInfoW
GetMenuState
GetMessagePos
GetMessageTime
GetMessageW
GetModuleFileNameW
GetModuleHandleW
GetNearestPaletteIndex
GetObjectW
GetOEMCP
GetOpenFileNameW
GetOutlineTextMetricsW
GetPaletteEntries
GetParent
GetPixel
GetProcAddress
GetProcessHeap
GetRegionData
GetRgnBox
GetSaveFileNameW
GetScrollInfo
GetStartupInfoW
GetStdHandle
GetStockObject
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetSystemPaletteEntries
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextMetricsW
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUpdateRgn
GetUserDefaultLCID
GetUserNameW
GetVersionExW
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GFg@L@"
g!GF$nL
^<G{H7
Gh|<7r
Ghu\b}A
#}$gJ!
"(gJ'p
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
G{O$87
'Gr2<l
gtDcnKLwhD
@gV+Hm
#G\|we,ysa-ab
h- "!"
:h540$\
~Ha{j#J{f5
hB"gd|
hD^:XAt
he<6Ic8
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
HideCaret
'HIVr0
HkuEpUnz
Hn5a-T6
hOA;b2|
HoF+Et
HQk0J89-|ce
	hQ`'U
H+(,R,
[Hr;-~A
		HRZc
Hs~xFS~
Hs~xJS~
@Ht!X:z
h	-'u`
+%hwFM
hz6>4*
 *^<I[-
}i0Sj[
IAHL@uYj
i!cX9(
 +ID$R
i;)]eW
I{e(z_
{Ig,^	t
ihAB21uS
IIF0P2Hq{
iJ#M(s
I%)LZNhu
,`im8B2
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_Draw
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
<!-- Indicate JDK is h-->
<!-- Indicate JDK is high-dpi aware. -->
InDzNsa;g\
InflateRect
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InsertMenuItemW
InsertMenuW
interface\{9a83a958-b859-11d1-aa90-00aa00ba3258}
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
InvalidateRect
iO(:uST
IPb@w$
[IpK]P*
iQ6`3R
IqaQ^28JQI
iqzOFEd
IsBadReadPtr
IsBadStringPtrA
IsClipboardFormatAvailable
IsDebuggerPresent
IsDialogMessageW
IsIconic
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
IT B:~
	ItXkV
';>!J~
J$	]:?
 `J6=wC
!\	j~d{
JE[{*8
. jfnt
>j{+h)
\JIGbF
j+k1F;
Jk,}*'I
!$'JM*%
j m>4xdud
*jP1]v
JsUip6
J	t	*@
JT%RTeE
JU3_/G
juncos pulses nihilistic mapmakers shillelagh forgiver baobabs unnumbered dramatized requites lippier pine hustle fires steerable erelong garbanzos clonking muenster dispensable brassieres footnotes cooing prodded heartburn ermine tensities gentled intellects ephedrine stirs emitter fees rummy lurch hydrolyze methinks anticyclones imitative underbrush stadiums touche semester bogs finny prevision fingertips confrontation batters archipelagos strangles pursuing incomprehensibly obnoxiousness slip becomingly disregarded copywriters flyable ennoblement treeing zlotys depressurizing minced pilgrimage libeling brines glottal chambered convectional furrowed heterosexuality kenneling equilaterals careful comeuppances tobaccoes frightens spatters wellnesses blenders regular memorial neoprene nitrated boxlike restlessness flattering ceremony aquaria rover rutabagas huckstering limestone fractious craving abbes madras scramblers faultily whereas suffers tomahawking imperilled diploid wrested mattings bulling prairie ambulant orals conurbations dependance agglutinations imprisonments principled hurricanes goitre prettily oyster superheroes perturbed antipathy fontanel manipulators huzzahing ominous eventualities interjected soothsaying revitalizes syncope leotard antiknock highs dermatology recyclable kindness semiotic soapy cordite dovetailed contorting ignobler stereotypical causality colones imponderables tromped stitches opaquest dampnesses shuffling 
*Ju$qT
 <'~'K
<%k]2,u
k.}{5x=V
K7%e^Su
$:kbaa
%@Kcj$" 
K-d_7e
;"KE$1QZ)xj5
@kE[/E
keimk#
KERNEL32.dll
keybd_event
KG6"L&p
KillTimer
KJh4jP=P>gE
K"l&EN
klPPm3#
kO%L9;+
kX\d4I
k	zrAz
L0-@ui?
]L45c=
lACF&qU
lB.wk8
LCMapStringW
LeaveCriticalSection
LineTo
lIp@TB
lIWP~[	7;i,
LJ *]t)
L/laD`
.LL#K@ KJ>
"Lm.wh
lnZX	E
LoadBitmapW
LoadCursorW
LoadIconA
LoadIconW
LoadImageW
LoadLibraryW
LocalAlloc
LocalFree
l,OkR{;
lstrlenA
L#sWvN6ta,R
[[ltu3
Lu\$?,"
lU7$,,
luw%	1,
||l_>Vt6
`lVyFH`fGl\
.LYp/P)
:<^M	!
}m0k-.0$
m^0Wa?+#
m;1@g7_
:M3$O%9
Ma] |#
MapVirtualKeyW
MapWindowPoints
mArpN/
MaskBlt
mbSA-+,*
MC%GP.
\mC.WM&
M&@dt6
MessageBeep
MessageBoxA
MessageBoxW
M!feMR
MFz/Tc
>MI P.
;m+]+Lq
?M!#mLu
ModifyMenuW
%mO$PTr
MoveFileW
MoveToEx
MoveWindow
MQd(k!
MQ	INP*
-+Mqq-h
MsgWaitForMultipleObjects
mTqve;
MulDiv
MultiByteToWideChar
m#;U(t
mZ0)0-
N\(0'3
N8<o?X{
n#$%9R
=Nc)Pl^k!
`Ndn(V
NfJv5G
N^"fN	8
Ng7I]&e
nHc4<c+
)NI"Z'
(NJxzc
nLBW:FU
*no` ,
n;OP|`
$n!P)!c
np*GY8Q{4
n,tU''G
Nudd('
nUI"m$#
nvA~3~W
Nv"(R<
Nv	%RL
"#N,W{
N^wQ	b
NWt|k^
#NZ} 9
o 	?},
O5!8HE
O6)aSb
o8trdW
Oa5:[UP#S
Ob`	fD
"oD,=4
;of fE
OffsetRect
OffsetRgn
oFuglB
"ohG9Y
OH@Pcb
oi(N%%
)<)O"k6
oKjE7P
ole32.dll
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
OmNBX2}
_O.my	
o$|-o$d
OoDRtp
ope<Dc
ouJ13Q
O+Up,:
!o;U{rt
OutputDebugStringW
O-v%oi:
~]oX&*LP?
O`(Y^<
P%?/0?
P0$/!H4
P5#DBU3 
p/$7yY
p\&"A	
PageSetupDlgW
Pa>]Ps
p`avEw
pAZbpJ
^P'bIh
]&PBM!'
pe4`Mh9
PeekMessageW
peL_Bsu
	Pg&M#
PG%Mwq
P,Gv]$ 
"~	Pha_n
P+KjZc;
PlayEnhMetaFile
pM(ft#
PN!<7u8
Pn9#<a:
#(po%_
po7HP-
PolyBezier
Polygon
Polyline
PolyPolygon
PostMessageW
PostQuitMessage
PostThreadMessageW
|$P o('v
[>pP$	
ppS$kS
pR6NwR
'pReHgp
PrintDlgW
p#sU_l]|=eZ
PtInRect
PtInRegion
pu2@hW
pU`a^N
pv6M'W
	pW~2N
PXpC\ WwjH
"p@,Xq<2x
p]\yp-X
P:ZA$J7
q1F~o}
$Q1('=i
q6@-!%
Q8$,u>
QaN+.dHz
Q<?=Gp
QGvFP7w.
QhfB<_}!
QjMi	?
qJYMv4
Q<K_Qe3
Q/LG=P8
^!QreN
QR%iJN
qsIloy
`Qt4hOP3fWe"}#
qt|aMw
QueryPerformanceCounter
QueryPerformanceFrequency
QVa3I@
'QVj/C
QwDkb`
qz+b7W
r /*)\
*;<r0kV
%@R2_l
!&=>}r75p
R8${+X
r}#aFk:
RaiseException
~"rC9nU
`.rdata
ReadConsoleOutputCharacterA
ReadFile
RealizePalette
Rectangle
RectInRegion
RedrawWindow
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegisterClassW
RegisterClipboardFormatW
RegisterDragDrop
RegisterHotKey
RegOpenKeyA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
ReleaseCapture
ReleaseDC
ReleaseStgMedium
RemoveMenu
r	eniB(YY
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
      <requestedPrivileges>
RestoreDC
RevokeDragDrop
r'	fdI
rg4Z(de@
riwAL|
rkEWd:H[KC
#"R,Kf
rl22vg><z
}Rm5e`F
roq#	d
RoundRect
r(O&%~X
:R`P.'
$@|.Rqh
%+RqlA`
r$ ]t<
RtlUnwind
r_T~m)
rtTOkpgp
,R[;tx
RUe6wUj
RW	6j<
rXj/2"EPg
Ry%^)_
/|{R=Z
s1TGN+
s3\>ENk
//,s,5
s7=z/A@#
{s~8ISX
|s~8JS~
s8* m~
SaveDC
s:B4j|d
:!sB%(L
ScreenToClient
ScrollWindow
sdmD`8
s`![d	/o
    </security>
    <security>
SelectClipRgn
SelectObject
SelectPalette
SendMessageW
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetCapture
SetConsoleCursorPosition
SetCurrentDirectoryW
SetCursor
SetCursorPos
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuItemInfoW
SetParent
SetPixel
SetPolyFillMode
SetRect
SetROP2
SetScrollInfo
SetStdHandle
SetStretchBltMode
SetTextAlign
SetTextColor
SetTimer
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowLongW
SetWindowOrgEx
SetWindowPos
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
| sez 
SfPhdY
SHELL32.dll
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShowCursor
ShowWindow
_SI}5p
s'lD28
S`n	71
soap fantasy pugs fishhooks newsprints marihuanas menstruated publicity triumphal vacancies stammeringly daybreak hauteurs commutative prescriptive touchscreen unclasp drunker sectional strained reproductions nonviolent positioning phrenologies doe packers snatch earmuffs overdrawn faculties backboard screenplay repatriation corked 
_sOOt9
SQ5 #n
	S',qaX(+#/
StartDocW
StartPage
StretchBlt
StretchDIBits
swgb>_L
SWhP G
S$xc,^zI%#
s$y7g\tS
SystemParametersInfoW
$szSSl
t.:;^\
t09kxZ)'I
T17[\p
;T{3epV
T'3IR`
[T4H2.
T5scNOVl
t@cDk9
TdUC)8>E
TerminateProcess
tFV- |j
![]T;h
!This program cannot be run in DOS mode.
+t!^HP/
tkd Inx6
TL3BE&
TLnEZc7
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
T-oT^562
TrackPopupMenu
TranslateAcceleratorW
TranslateMessage
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
TTDV&d
TUBS[H
tV[/!2.z
tX`o@];7
TY#sB (
U*0I@[
U0;k		Gct
"u5V|[
u@9kxwF
u@?agY
U)dHCb
u%f7|R
#UgeBpwaFwvnei-l#
Uh5P$4
Uh;:yO"V
&u\[I06
uis|Va]NQe\
u#JTm'
u`K;*Jv|V*n
uM4&@D
uMPm5(2
underclassman forging gunmetals dud liberalness valedictions glees potassium windrow haze opposing insolvable preserved refueled scubaing mouses cotillions grab aluminums privates sonatina tun unqualified portrayal inkblot sleighing freelancer affronting electrifying subsisting antimacassar conveyer zoologically gerontologist kickstands antisera midyears jeerings vituperation cumbersome brawling reprehension threat quadriplegia mewls longueurs sprout habitue testifiers calumnies causal tetrahedrons arboretums fudging join florae fire gloat 
UnhandledExceptionFilter
UnhookWindowsHookEx
UnionRect
&]Un-O*'
UnregisterClassW
UnregisterHotKey
Uoi8L3
Uo^sa^	
UpdateWindow
UpP%:(Sl
U&Q{7Jt
uRg0L$
<>`uS'
u?S&8(
USER32.dll
Uvr_ o
*"v'.>
<v0m:Ca\' M
)v1HvQz
v2#"<y
v4+ tkK
v6F{}*<9
v8`f(R
v!_9~'
V9@8]TQ
ValidateRect
ValidateRgn
vd2gq4
]vd"2OoO
;@(VD8L1h
V[dPn~
VE#]Wj
v-<f57J
vhBnkV{
VirtualAlloc
vixa4b
"<Vjc"
/]`VJ'K
VJl#MI
VkKeyScanW
v	k"W 
vl:cPb
&Vm6UI#
~VMJ'2
V*pX2N
!vR6%.
V	=tY>
^~	VU	
Vv{t<8
vXQg{m
[-;vZe
/~;vzx
W2 {l~
WaitForMultipleObjects
WaitForSingleObject
WDq!Z7
We2.p'o
:wF:&+
w!fN;.(
WFnEArH
W{~Gc?
>w>ggJ~
WideCharToMultiByte
WindowFromPoint
)WJ_H7I!
,w;k{`
wn|5YhI>
WN8@?G1
WOs(]o
wPD'pd
WpLKXy
WpS4\+
Wrd+qd
WriteConsoleA
WriteConsoleW
WriteFile
wsprintfW
WT_1x/
\WuCRS
wuj$`@k
)	Wv.1g
w^	w/rg]+%
:~WxIA
WYJ ~t
w'zL :
x:0Lq4?
X2!0y(s
 X[8~Xs
xbW$tbg$pb_$|bo$h;r
xcW$tco$pc_$|
x(|c|xHC~
XE+M;+s
XfPgMQ
';Xhct
xH_o r
x~h%oU	
xH*^TZ
X}jv-`0U
XL,OUH
	x(NJ8a
XO6t]V
|Xo]'a
x`R^{r
!xr<SGh)
	Xs4d{-g+
xt7tr[j
x)TmwU
xTnx?&c
X;>Ua'#
=x`v]Zr
xYOf27O!
]{Y{>}
Y)}4v'A0f
y6GpD _e
-y[8	j2
y8V*qj
Y9t\S`
yA5prw
	y.A[Q
-yfEU/f
YFYkH5
Y^ IR%
{)Yj 3
Yj'kKw
YjOd;i
Ylzh%c
yNR [S
'YpM*A
YRhS`.
(yu&&oI
YutF@8
{YUu8R
Yxx=pjZP
y)y15\S;p
YznR`V
Z2Fp=Dd
Z].7c 
Za!A.x?
zC>dIVDQ
zCuxwm26
z<e3\!
zFlOk#
ZgD-i 
^zgS[0f
\z&M4B
Zm)e9ePL
ZMRk<o
zQ0435
^>ZT!|
Z,T%}d
z+u)B#
z'vgLe q
z]vJw@
zX{s~xIS~
zX|s~xJS~