Analysis Date2015-05-02 12:54:39
MD565818ec5ce4e3a77a444ffda948bdb44
SHA1d4cda794f2f9a27d42cabd1fff162fd345c4d1f7

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6444a4caaedc14eaaa51cb3909d6f27e sha1: 830b04ebe35279dc9048ae79aede55717c88e010 size: 164352
Section.rdata md5: c18103ff820057b7cf081ba356ee3252 sha1: 637e32cd2e70493eacd4c1fe300b8a1e9e16c1c2 size: 10752
Section.data md5: ad46eb4dfdae25d1c7f6bd0a8090d5d6 sha1: 95053d7d7a4fd35efa29c844d91f35fb014caf68 size: 9728
Section.rsrc md5: bde58517ab257c7e1a7682e619c359b7 sha1: ce285e3dc3d49cb2637120bf436c5cf809120aed size: 9728
Timestamp2008-04-08 17:24:48
VersionLegalCopyright: maddening parents
InternalName: naturally
FileVersion: 235, 157, 69, 204
CompanyName: Visioneer
PrivateBuild: philatelic
LegalTrademarks: photometrically
Comments: microprocessor
ProductName: pap
SpecialBuild: parenthesise
ProductVersion: 42, 213, 28, 182
FileDescription: oceanic
OriginalFilename: heathen
Translation: ЉҰ
PackerMicrosoft Visual C++ v6.0
PEhash11fd153de9b256dd26978cb44fa1d8fbdcf07330
IMPhashf2a675eed170eca117af9cae46ea8b13
AVAd-AwareTrojan.GenericKD.2313404
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Trojan.GenericKD.2313404
AVAuthentiumno_virus
AVAvira (antivir)TR/Agent.195584.75
AVBitDefenderTrojan.GenericKD.2313404
AVBullGuardTrojan.GenericKD.2313404
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.DownLoad3.35231
AVEmsisoftTrojan.GenericKD.2313404
AVEset (nod32)Win32/Kryptik.DFTG
AVFortinetW32/Kryptik.DFTG!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.GenericKD.2313404
AVGrisoft (avg)Generic36.BIVN
AVIkarusTrojan.Win32.Crypt
AVK7Trojan ( 004be1e51 )
AVKasperskyno_virus
AVMalwareBytesTrojan.Agent.ALTV
AVMcafeeRDN/Generic.dx!dql
AVMicrosoft Security EssentialsTrojan:Win32/Carberp.I
AVMicroWorld (escan)Trojan.GenericKD.2313404
AVPadvishno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecTrojan.Gen
AVTrend Microno_virus
AVTwisterno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
15150417\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://101.71.8.132:44052/stat?uid=100&downlink=1111&uplink=1111&id=00016E45&statpass=bpass&version=15150417&features=30&guid=703d7a0e-b86e-4f56-b3c3-6e6b5fbabf02&comment=15150417&p=0&s=
User-Agent:
HTTP GEThttp://80.67.28.188:25548/stat?uid=100&downlink=1111&uplink=1111&id=0001824A&statpass=bpass&version=15150417&features=30&guid=703d7a0e-b86e-4f56-b3c3-6e6b5fbabf02&comment=15150417&p=0&s=
User-Agent:
HTTP GEThttp://89.19.20.202:36102/stat?uid=100&downlink=1111&uplink=1111&id=000195E2&statpass=bpass&version=15150417&features=30&guid=703d7a0e-b86e-4f56-b3c3-6e6b5fbabf02&comment=15150417&p=0&s=
User-Agent:
HTTP GEThttp://194.19.245.1:35971/stat?uid=100&downlink=1111&uplink=1111&id=0001A979&statpass=bpass&version=15150417&features=30&guid=703d7a0e-b86e-4f56-b3c3-6e6b5fbabf02&comment=15150417&p=0&s=
User-Agent:
HTTP GEThttp://141.101.113.162:21614/stat?uid=100&downlink=1111&uplink=1111&id=0001BD11&statpass=bpass&version=15150417&features=30&guid=703d7a0e-b86e-4f56-b3c3-6e6b5fbabf02&comment=15150417&p=0&s=
User-Agent:
HTTP GEThttp://159.8.56.248:49126/stat?uid=100&downlink=1111&uplink=1111&id=0001D0A9&statpass=bpass&version=15150417&features=30&guid=703d7a0e-b86e-4f56-b3c3-6e6b5fbabf02&comment=15150417&p=0&s=
User-Agent:
HTTP GEThttp://188.165.222.226:10579/stat?uid=100&downlink=1111&uplink=1111&id=0001E440&statpass=bpass&version=15150417&features=30&guid=703d7a0e-b86e-4f56-b3c3-6e6b5fbabf02&comment=15150417&p=0&s=
User-Agent:
HTTP GEThttp://101.71.8.132:44052/stat?uid=100&downlink=1111&uplink=1111&id=0001F7D8&statpass=bpass&version=15150417&features=30&guid=703d7a0e-b86e-4f56-b3c3-6e6b5fbabf02&comment=15150417&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 101.71.8.132:44052
Flows TCP192.168.1.1:1031 ➝ 101.71.8.132:44052
Flows TCP192.168.1.1:1032 ➝ 80.67.28.188:25548
Flows TCP192.168.1.1:1033 ➝ 89.19.20.202:36102
Flows TCP192.168.1.1:1034 ➝ 194.19.245.1:35971
Flows TCP192.168.1.1:1035 ➝ 141.101.113.162:21614
Flows TCP192.168.1.1:1036 ➝ 159.8.56.248:49126
Flows TCP192.168.1.1:1037 ➝ 188.165.222.226:10579
Flows TCP192.168.1.1:1038 ➝ 101.71.8.132:44052

Raw Pcap
0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303136 45343526 73746174 70617373   0016E45&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 34313726 66656174 75726573   5150417&features
0x00000060 (00096)   3d333026 67756964 3d373033 64376130   =30&guid=703d7a0
0x00000070 (00112)   652d6238 36652d34 6635362d 62336333   e-b86e-4f56-b3c3
0x00000080 (00128)   2d366536 62356662 61626630 3226636f   -6e6b5fbabf02&co
0x00000090 (00144)   6d6d656e 743d3135 31353034 31372670   mment=15150417&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303138 32344126 73746174 70617373   001824A&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 34313726 66656174 75726573   5150417&features
0x00000060 (00096)   3d333026 67756964 3d373033 64376130   =30&guid=703d7a0
0x00000070 (00112)   652d6238 36652d34 6635362d 62336333   e-b86e-4f56-b3c3
0x00000080 (00128)   2d366536 62356662 61626630 3226636f   -6e6b5fbabf02&co
0x00000090 (00144)   6d6d656e 743d3135 31353034 31372670   mment=15150417&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303139 35453226 73746174 70617373   00195E2&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 34313726 66656174 75726573   5150417&features
0x00000060 (00096)   3d333026 67756964 3d373033 64376130   =30&guid=703d7a0
0x00000070 (00112)   652d6238 36652d34 6635362d 62336333   e-b86e-4f56-b3c3
0x00000080 (00128)   2d366536 62356662 61626630 3226636f   -6e6b5fbabf02&co
0x00000090 (00144)   6d6d656e 743d3135 31353034 31372670   mment=15150417&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303141 39373926 73746174 70617373   001A979&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 34313726 66656174 75726573   5150417&features
0x00000060 (00096)   3d333026 67756964 3d373033 64376130   =30&guid=703d7a0
0x00000070 (00112)   652d6238 36652d34 6635362d 62336333   e-b86e-4f56-b3c3
0x00000080 (00128)   2d366536 62356662 61626630 3226636f   -6e6b5fbabf02&co
0x00000090 (00144)   6d6d656e 743d3135 31353034 31372670   mment=15150417&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303142 44313126 73746174 70617373   001BD11&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 34313726 66656174 75726573   5150417&features
0x00000060 (00096)   3d333026 67756964 3d373033 64376130   =30&guid=703d7a0
0x00000070 (00112)   652d6238 36652d34 6635362d 62336333   e-b86e-4f56-b3c3
0x00000080 (00128)   2d366536 62356662 61626630 3226636f   -6e6b5fbabf02&co
0x00000090 (00144)   6d6d656e 743d3135 31353034 31372670   mment=15150417&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303144 30413926 73746174 70617373   001D0A9&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 34313726 66656174 75726573   5150417&features
0x00000060 (00096)   3d333026 67756964 3d373033 64376130   =30&guid=703d7a0
0x00000070 (00112)   652d6238 36652d34 6635362d 62336333   e-b86e-4f56-b3c3
0x00000080 (00128)   2d366536 62356662 61626630 3226636f   -6e6b5fbabf02&co
0x00000090 (00144)   6d6d656e 743d3135 31353034 31372670   mment=15150417&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303145 34343026 73746174 70617373   001E440&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 34313726 66656174 75726573   5150417&features
0x00000060 (00096)   3d333026 67756964 3d373033 64376130   =30&guid=703d7a0
0x00000070 (00112)   652d6238 36652d34 6635362d 62336333   e-b86e-4f56-b3c3
0x00000080 (00128)   2d366536 62356662 61626630 3226636f   -6e6b5fbabf02&co
0x00000090 (00144)   6d6d656e 743d3135 31353034 31372670   mment=15150417&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303146 37443826 73746174 70617373   001F7D8&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 34313726 66656174 75726573   5150417&features
0x00000060 (00096)   3d333026 67756964 3d373033 64376130   =30&guid=703d7a0
0x00000070 (00112)   652d6238 36652d34 6635362d 62336333   e-b86e-4f56-b3c3
0x00000080 (00128)   2d366536 62356662 61626630 3226636f   -6e6b5fbabf02&co
0x00000090 (00144)   6d6d656e 743d3135 31353034 31372670   mment=15150417&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..


Strings
..I...a.:.E.X..q.c.
..
......4....x.A0.G.@...a.s.F..U
..j..*.ET..L:.r..{...2...uz...
...Ms.tf...q.e~..:`$H?I./.~.V.9.......
B.8o\.GK.f.:Iz.X.....^.....#.EA..>,+.EK%......C..=...H.!...8
..+a:...Tp9..n%....N.|}
.....A.H$0
.@~Nu.<....fg..:......LN.b..dU[
pq./...
C.%km.TJ.....A.w2.&^..5..nO../E..vM..a..3...x.>.2.....y.
.....2.]y.......B.lz.].L'.=.I..
...`.O2.r....!.V..c.^...y..$,@...YD.
..
a"
.9.
..y.
~B0.
\...wRC.NcXPpBE.
u.S........
.#..X;s.......
..#X.
.
.8.u(
....h..A.B...CEk..Jn.+...E+6=......~.%.
..P..H.EXZ......
....
.;....k
.=.....t..q;.H_.M..W:%.
....4.;
)Z..p.i29U.
.i=Q.~..#....scX'R)A...1V@
u......Z.Y...\.G..&.y
...D....Fm.
NIM
...MU.
.....
n...).E!..Q.~0n..jl4?.{....C.
.v....a0.)..S..Y.
c........I..;.*.|....7s....
L...4.1).?=A|N3.
.!....L.%@.
&I..Y;...
:.X
Yu.j.:y..
..(....9..D..
o
{d.C.
b ..r.B..4i*a.)f.....2.5.}...+R..>.i..R...G...b..
,Zf...
........

040904b0
0Century Gothic
235, 157, 69, 204
42, 213, 28, 182
&AlU NPxS a8vDOM
&AyU05ccn iM4
B[!)
&b1WC9 p0d76Tkt
&B7812eH
bC1,
&ber725q lfYt3d
&bI6 w1X oa7n04F W1C6P6
Bj64O1 R585 Z2M7 p119
BVPpi9 s3H2Ff1 g2D
:C%#
&C2gx
&C43C
C56s77 Yj5e6e9 r8qja753 o1945J5
&C5n3A y0w6rw
&cd0
CF4pWU4 J5kG2 f987 m493m
Comments
CompanyName
&cP0 q8i8 Xh7o28 Am4
&cP0TRz E73993UZ
cU7uL8I o30x0j7y
&cW8 mKSVl9 Un3 a3E8Vh
&CyI e35LG
&daXl w94v
&dd17l8 Yo5QL oL454 hN5Gq3
&DF8C98ZC PL1 PL5H jHVbi7I
DKjW0n6
&dMp09o qFvf1SG
&do5q845 N3U4c
&E02 W653 xKZg427g x6CX
&E747hF81 O76
e76 B720c7s0 Q0tu
&eFX6ASs WF0021e
Ek46X9X hZ8m smD LtH24D7C
&f03H5
&f26w29
&f2V3 gH26p fCCveBa0
&f5w9k p029M5i4
FileDescription
FileVersion
&fM6TV
&fx9 g6lo359 t2x
&g0D s7FeR9B ED3pQL
GDJ4D U32286 vkFEW5
&geIX9
&H020V HZ73iv51
H3d6
heathen
I3V80 dQ0sRiW8 tm5O06Rs D83804Y9
I7L5b mYI2
&iFaQ9 G8B61Aa9
&ih8B08 Z62n6kVX
iKil Gz6fNPF OcPxH Bx268066
InternalName
IQO12QE8 vJm4G
&Iug r8HXh
iva J59 N04rhs
IvXoKf2U Vq7716e vpj92 C7M3
&J36Q j3a
&j55i8I7 V0zq W824 yKqr
JC66 N3b4XUU m60Q5Vr EBAJ
Jf6e4I0N R3nR7z7Y SuG89SWq
jIGLjo Af5b015
&Jx65 v7qD1vr9
&jXtuY0AI Ydvf06
K1859lW
&K3vI99tu Np1ox5H
kHMJ16wY tjMs7mD
&KN91P uP6fs ic9 a820R
&kT18xs jGOi37B ey9hD rV370
&l0io Bx1l S00 XmJj
&L8ieF882 B601G D93
&l8x ILXU2K b084e
LegalCopyright
LegalTrademarks
&lH0V J892 aY0k54
&lj3 Cw5S4I Y3l4oH y392g40
&LR3W
&M5j62k64 V3L0 Q8DZ236E
maddening parents
&MH1 hE39 DU474 Fsq8W7
microprocessor
&MoV99Dv B2s0iEFB eYF
N1A s88d1A7 H3yFG212 e6W2g64
n6qC91 V1zsq0
&n8401Hg
naturally
nF3669F J5Fb4
NI%$
nKSq2P7 DoJ3E
&nLhZI0GT P43vJ v411Q6DB
o^&#
&O1Tr
o43 i52kC5
o6S5wQG4 Sl29p5e tb18R
o7G la24zfi lWk huHGlE
O7K7l71f je6c p7owF1S w9D9
oceanic
oP1K3 G0dPJz b7622S SK0MW2kP
OriginalFilename
&OW076ID vCQvx03 I33 ndL
&P512HMp dt4y1
&P9H w3yI GLGED c21
parenthesise
philatelic
photometrically
PrivateBuild
ProductName
ProductVersion
&Q0aG2d9 sid8Rhh V8BaD8oa iZX3z
&Q5P0u4 Ggoz51 U4u0fNb
Q9bie pJ8 W78i AjOj
Q9p04 k561eH1 LoA58x
&QMx2X
qpt7F7F kN3J07V f6L562 q20T3507
&QV0T0r SAh5w5uv W1bc94k
&Qy8g92 J83
&RDL0H T88 OG41 bM3
RF486S2M cF0w9 h3sI04yF
&rgPk6 HEJf6s7
&RNchy t72qj
&rP71 Ile3033 a0hg
S1u9080 Z5np4 Cfg5WN
S52P3o3 sJx6yeWN
&s7Z9B35
S8272s
Segoe Print
SH01U12SU9
sl3059
SpecialBuild
StringFileInfo
T217qSJ66
&T39
Translation
&u04pN C596S9 nOkJB5 L82j
&U2Pg84v b7j7
&U2y7He66 pc939H
U490lf TF3Wtb2D YOZel9
&u4xOOTB tRl P7Zck J94qa
&Ue2O yXv1k
&ugHJ21N5 j4l
&v0p q3402yD0 Sf9s47 pCiN18C
v2110
&V31m1 F2T0937 k80855d d25620
v3nc64X0
&v715SOD G8ti0jx k4u
VarFileInfo
Visioneer
VJr782 ggd a990 wQ1134b5
VS_VERSION_INFO
&VVX7W5 vQ3426
&vXlPO0n8
W037Y a6Bje7R j7cS12wk
w220 fV70t Hp9A39J7 V18
&w402C3 f1y3 G8B7N
W4X t0p8JK fm1904
WmaSjG F94 y1R7j uF9y30l
&X217 wdng
&X3879r4H
&XC9L
&xZ3UZ1 j4V22f MI32858 E5nTN2
&Y05eu VF30 oYehmS65
y0n608
y48kOPz lkHF37Qh xS8zRO5
&Yd16640 o94a
YHkuFO5 KXRzu3 K168 MtuQ
&YSO56 vcN9 fpf1F73
z6Kc5474 ea20 y1f3cO N2Bo9lX9
Z6S3 F70 uDFq BP3K82Q
&Z97e1 W7zKS e321p5Q
Z97Z
&zUP56FOu DyI286 y72My4
Zv33 fT18 mI26x i9674
1eO:M}m
1@yk#$
 3ArE$
3DDP$r
3D@ELtDL3
3$e3utDEP
!3`Iol
3ki$e5
@  3 o
A$$3@He E
aaQJfGhv
aasVSay
_acmdln
_adjust_fdiv
AdjustWindowRectEx
ADVAPI32.dll
AEGGTpCAR
AEIAhgPJh
aGjBpcGn
AHOmmgmdbSm
aIMJtfV
ajMJYdlKG
AkhMwrmUInB
AmyiyScjDe
AnXOkfAkrAr
Ao3@oD
AObMwTt
AoeaQxtAj
aOlVUiCEKE
apKNsorm
APKVrdQ
ArGbYhJV
Ar$PLrot
aRSpep
ASahMCWrEQ
avimopVPsrh
a$@yaf
.}b7u'
bBOQqlDyYaT
bcAeqjOr
BCbhdKFKIfF
BdjOMX
bDkHcqUa
begHrWlq
BfMcWOPO
bFXXFPBLiy
BHQbxSF
bHYkwEe
bKixkmIdYqH
BkwJTGbQrcl
BlgaCOxtQjn
blhVcQVUUi
bmCbWp
BMTHOy
BPVWDE
bTSAuPYEuW
bXoXmQK
bYaaurhT
ByLINHsUV
'.{:c>
CallWindowProcA
CDuPytSJ
CEtvEyE
cFKqNOO
ChangeServiceConfigA
CharLowerBuffW
CharPrevW
CharToOemA
CharUpperBuffW
CharUpperW
CheckMenuRadioItem
chVmfDR
cHXtSHc
cIaqjcIN
cikOGO
cILvUyNq
CloseDesktop
cOfxoxoKQt
_controlfp
ControlService
CpQnem
CrAHngbmCD
CreateAcceleratorTableW
CreateDialogParamA
CreateWindowExA
CSsSNVpCa
CuXFsUrioRn
CVGRrYRnbc
CwUFgsN
CxiIQjg
CxwiqomILfd
@.data
DdeFreeDataHandle
DdeQueryStringW
DDlsae
ddVhWO
DeferWindowPos
@$DeL$
DeregisterEventSource
DEruDet
DestroyCaret
dhQbHrPw
DialogBoxIndirectParamW
dimj@nq
djkEVoA
DKBRmgMiY
DKIHdgBCcvx
DKKNKV
DLeEru
dNcJOm
DndVLavDu
DNkEvrpQdJ
Do3HPA
Do$3oD
DoHro 
Dplacn
DpNDYqjCdi
DragDetect
DrawTextExW
DrQJpO
dSeLOYrhl
dsITIhIOQaw
dsjBdwG
DuplicateToken
duWtGbCDxdb
DvSjkioN
DwYNEiCke
DYnPuoa
Ec?|:1
eCeRWMQdM
edNLouv
EDPAE 
EdRphj
e?E7A~5
eeEe$e
e EE uEE
EeH@ u@H
E@eoAePr
eEQYLaxKP
EEr@tH
eFNctPP
	Egjx*,
EgkancnFMI
$E  H3$
eHreA@E@$
eiCNnqFQixQ
EJGQBBR
EJOsxSPbsT
EkONLxEJQ
eLuPD@
EnableWindow
EndDialog
ENuDOXMaN
EnumDesktopsA
EnumThreadWindows
eoqGoW
epFkwXsJB
ePo3$H
EPu3De
errotr
eru@Au
EsSPFNOTgce
e@t@H H
eutete3A@
EviWWICO
eVmjKjEX
eVSTAjCFtLl
eVyiMvWqE
_except_handler3
eYKJhPfRlEb
FaomqcLy
fbnWEIf
fEaCLeowa
FekEuXNmG
FindCloseUrlCache
FindNextUrlCacheEntryExA
fkXwSTyJ
fMKhbyPWJ
FnNtVKkVsH
FoGWNsXSV
fPhFVdqQ
fQeCQJnphr
ftvVdXs
fulsiWRde
FykAdesYxSS
fYpNPgpfX
fyvGnDx
GAKJIRTdR
gAVJMiUoOI
gdohVMdgMT
gerAyWsLr
GetAce
GetClassInfoA
GetClassInfoW
GetClassNameA
GetClientRect
GetClipboardFormatNameA
GetCursor
GetCursorPos
GetDlgItemInt
GetDlgItemTextA
GetFocus
GetGUIThreadInfo
GetKernelObjectSecurity
GetKeyboardLayout
GetKeyboardState
GetKeyState
__getmainargs
GetMenuCheckMarkDimensions
GetMenuItemInfoA
GetMenuStringA
GetMessageA
GetMessagePos
GetMessageTime
GetModuleHandleA
GetNamedSecurityInfoA
GetScrollPos
GetServiceDisplayNameA
GetStartupInfoA
GetWindow
GetWindowContextHelpId
GetWindowDC
GetWindowRgn
GetWindowTextA
GFlVekMPN
gifVoM
GIugcC
gIVRJfj
gliExCd
gSjwQmnGyg
gSNwaK
gSPAjwnL
GSWOGo
GSXyJF
GtqydPFup
guUJxGEiKr
GyNoCEFu
H33o@L
HAeA P
hbsSlavCQtQ
HCYYkpI
 H$@eL
HFaxnu
HHAo$3E
HHBEkIaxPIC
hHiDTUO
HH  o$
hIBMjmmfuu
hihnQn
hISpkNrY
hJGKnhPbCA
hJQktoag
HLkHkECJ
hMrYULOqSc
HmXPIFon
HP$r33
HrPteLt
HtdNnRMAuq
@HtErt u$
hvfxGV
HxOonIXVOR
hXxRtELuFsl
hYKBuV
HyTkIJ
iBpcQVTtj
IdqdVlQkxI
iEfHMD
IEpuKPEFsTA
ieQsmuf
IfwBLx
igiCepoexd
IGruAvha
iIWCmXvTj
IJBXuxBmsYv
IkpcbDk
iLkgwy
IMfmdXXthl
ImpersonateSelf
InitializeSid
InitiateSystemShutdownA
_initterm
inlldAOVEG
inVBIXrvfiT
IrKPvG
IRyMansD
IsCharUpperA
IsCharUpperW
IsDialogMessageW
IsMenu
IsWindow
IsZoomed
iTyVvC
+IU#1,
IUGYaF
iwKTNMh
iWNDlEVlK
ixtqNYdDhA
IyhdTsXnNlE
jawpNSJHGag
JbLuwb
jCDDdFUYNd
jCVFdqtECur
jEsJTb
.#=}Jg
jJIcgND
jkDiyJREK
jlyvsmmDL
jNMxlAVPcqt
JPqvni
JqdAYcpX
JRt&fW
JsaerbNdeE
jTpDYAkI
jUCOYHshGIa
juIHFgAN
jVJSvX
JVUPIoR
JWGqphkUv
JxawcD
jYOMfWsWxxK
jysXebNs
kBJJMSUgEK
KCkVmwNPqM
KeaHCagEhNk
KERNEL32.dll
kFkwwI
KfRKKvSmfKu
KgcqQe
kGjoNla
KHrWkb
KhSqKS
KiVbPAOqgf
KjfXdmYt
KLRJSD
KLUrKVHPPI
KMHgUU
kMmOkD
KnnEtpC
KnxKVTxj
KpCUQXRV
kPKvCi
KpoOADNi
KpRFvflHMU
kRqSmpFdP
kstIAvHeWQP
KuQOwlE
kWSgiE
kwtvFcxuYAS
KYhFNYuig
lAjPWYY
LCsuDCbtc
LDD PA
$@LDe3
L$Dt$A3
LEeeuD
LEGqShM
LEPDAL
LFnRcX
lIQajs
LIsBRVJDIu
LjTyGY
LLfwarRSF
LL$$Ho3H
LL@rAD
lLTFUREF
LnIiMA
LoadBitmapA
LoadBitmapW
LoadMenuW
LoadStringW
LockWindowUpdate
LookupAccountSidW
LookupPrivilegeValueW
LOvixD
lpEyTS
LsaFreeMemory
LsaNtStatusToWinError
LsaRemoveAccountRights
LsaStorePrivateData
LvXfkq
Lwb#K-
LweSSBj
mAfgwbuTMK
MapDialogRect
MapVirtualKeyA
MBlhjTtGFe
mDApAAqm
mdbCjxsmFxB
MeYQanM
MfVTrR
MhpWFyCKVWe
MhxLKk
mkBOiSPAwiT
mKnaCpY
MKOEGf
MLfCAMMn
mLoeGnE
MnMGTclxgY
moEfSnfvkw
MoveWindow
MPcDDe
MRaOcIITJUQ
MSfQvaQPv
Msi.dll
MsjigpYHB
MSVCRT.dll
mTnLRcExa
MtQffFrNB
mVCnHd
MVJjPrC
mXMAijU
NbavhVRhnK
ncGKWdjihef
NdGSpo
ndHvmC
NDvNaDvDIi
neDaQYya
neyQOI
NMrcBo
nMtaFNCpd
NNNNNN
NNNNNNN
/n)OwE
nOxvbHni
NQdntQkX
nuLYdpvcdp
NvhMPaW
NvRcuiGC
nvSuWWKmKcm
NXojxTih
NxPYgYRq
nxYAXDQqD
NydxuKI
OCRbBUrsSmu
oDCBTVS
$o DtAr@
oeHD$@
OemToCharBuffA
oexinTY
OfpukVufrt
okFyNgx
OlETCt
oMMBbpixTi
oNAlXJy
oOPXbg
OpenDesktopA
OpenEventLogW
OpenSCManagerA
OsuDhN
OTpTleicRCT
ouJRvIOpkX
PathAppendA
PathBuildRootW
PathFindNextComponentA
PathFindOnPathW
PathGetArgsW
PathGetCharTypeA
PathGetDriveNumberA
PathIsContentTypeW
PathIsFileSpecW
PathIsSameRootA
PathIsSystemFolderA
PathMakeSystemFolderW
PathQuoteSpacesA
PathRelativePathToW
PathRemoveArgsW
PathRemoveBlanksA
PathSkipRootW
PathUnmakeSystemFolderA
pbHvRHUCS
PbsSlIO
PcItBhIDI
__p__commode
pdlgENj
pDSSlmfF
PeD A 
PeekMessageA
PeekMessageW
pEIjknm
PEPpjUeEf
pFCSDvoXxd
__p__fmode
PGipBlvbWfl
PjiMiIG
pKlOKJmPVw
PLgJMJMwPX
PmKmNXDccLN
Pooo r
PpKQTTyxsHH
pqCJAPO
PrilEWMvXtm
pRMlVnyHbl
PtInRect
PtkoWYXRT
PtNbbYLDsHp
pTxrSyo
pvrirpRn
PXSxSnfHLT
;Q8wA+/
QDvFhwCB
QebEEB
qEbqbRpE
qeJPcfJla
QfcseVibgl
QJsKXdccPrV
QKGEipqaa
QLoevrGa
qNJgihFvsLB
qRSYTAcn
QUyUBcpvX
qVFexJAr
QVfVqJOWRf
qVGmIYMB
qvlvXOnT
QWsacge
QxOwiG
qxYaAI
raKPqJN
rALQNcoekpm
RASAPI32.dll
RasCreatePhonebookEntryA
RasGetCountryInfoW
RasGetErrorStringW
RasSetEntryDialParamsA
RasSetEntryPropertiesW
RAwoTgs
`.rdata
rdphoe
REAxKmNfd
RegCloseKey
RegConnectRegistryW
RegCreateKeyExA
RegisterClipboardFormatW
RegisterEventSourceA
RegisterWindowMessageA
RegQueryInfoKeyA
RegSetValueA
RegUnLoadKeyW
relbxMW
ReleaseCapture
RemoveMenu
rErCIfVq
ResUtilFindDwordProperty
ResUtilFreeParameterBlock
ResUtilGetAllProperties
ResUtilGetBinaryProperty
ResUtilGetDwordProperty
RESUTILS.dll
ResUtilSetPropertyTable
ReuseDDElParam
rFYnbj
RHKfVaLYP
Rj2\ET
rjaEjiXgbDO
rLDe$A
RldwjqtCua
RLqbwxSKv
ro E$H
RONmvyLTJe
rorttADH@
RpRRZ=T~
R	:PxQD
RQoBBmifJ
rsOfqVl
rtpSnUiN
r$ u@t
rwGaWIHPAiW
sBCRcyrJQ
sbDOKVFp
SbhovG
sDEGLVFCkKX
SdwgOsyrG
seDEvJ
SejvKmoFtS
SendInput
SendMessageA
SendMessageCallbackW
__set_app_type
SetCapture
SetCursor
SetDlgItemInt
SetFileSecurityA
SetFocus
SetForegroundWindow
SetMenuItemInfoA
SetMenuItemInfoW
SetParent
SETUPAPI.dll
SetupCloseInfFile
SetupCommitFileQueueW
SetupCopyErrorW
SetupDecompressOrCopyFileW
SetupDefaultQueueCallbackW
SetupDiClassGuidsFromNameExW
SetupDiClassNameFromGuidExA
SetupDiClassNameFromGuidW
SetupDiDestroyClassImageList
SetupDiDestroyDriverInfoList
SetupDiGetClassDevPropertySheetsW
SetupDiGetClassDevsExA
SetupDiGetClassImageIndex
SetupDiGetClassImageListExW
SetupDiGetClassInstallParamsW
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDriverInfoDetailA
SetupDiGetDriverInstallParamsW
SetupDiGetHwProfileFriendlyNameExW
SetupDiInstallClassExA
SetupDiInstallDriverFiles
SetupDiOpenDeviceInfoA
SetupDiOpenDeviceInterfaceA
SetupDiOpenDeviceInterfaceRegKey
SetupDiRemoveDevice
SetupDiSetClassInstallParamsA
SetupDiSetDeviceRegistryPropertyA
SetupDuplicateDiskSpaceListA
SetupFindFirstLineW
SetupGetInfFileListA
SetupGetMultiSzFieldW
SetupInitializeFileLogA
SetupLogErrorA
SetupOpenAppendInfFileW
SetupOpenInfFileA
SetupOpenInfFileW
SetupQuerySourceListA
__setusermatherr
SetWindowLongW
SEucbbTqJeD
sFeyeXNWWO
sgHFJecNvy
SHDeleteEmptyKeyW
SHEnumKeyExW
SHEnumValueA
SHgVyALrL
SHLWAPI.dll
SHQueryInfoKeyW
SHRegDeleteEmptyUSKeyW
SHRegEnumUSValueA
SHRegEnumUSValueW
SiVbVI
sJpMayDAl
SJvTjVclm
SKalFw
sNAewga
snPEhSeaa
SQixjP
sRMtuoI
StrDupA
StrFormatByteSizeW
StrToIntW
STSEUI
sXvUfi
SyVSDORMaT
SywmAFbd
$t3 Lu
tAue$u
tBgKLnEtcV
tCkmFoJCYk
TDgRMaGCm
tDlGuqY
TDLXxyc
TEojaEt
TFBpvNse
tFyfxxfjn
tGOPnXGUEF
!This program cannot be run in DOS mode.
THpsAW
TKMMrjyhjNq
$,t;L;
tLr@Er
TMwXurK
TNNkJWmEmx
TOQGJXMjC
TPefmyjXH
TpOVYTIwHSB
tqipRkjNa
TQxKKmT
TranslateAcceleratorA
trFVUJJHv
 trPHt$u
trSNpRlU
ttHL$o Eu
ttt@HP P@D
TVllRvYlve
tw6(ZK
txQvEvgDEk
txrBFuOmHjB
u3EEoDH
u3otEL
u3u$3 
UBcUbk
UBeEuvXn
UBkBXA
UBpQfjh
UekXyrOaS
ue$PA3
UIhJsUM
uIRiLgjhaah
UJPMJNbp
UlWUsWcQSot
uOgsMkydmDl
uor$EL
uouyHtpbLW
u P3@E
)<uPax
uRhVUe
usCCUMoFaa
USER32.dll
UslLTE
uuHetP
uuLqQn
uVfnFx
uVFvoBSK
UVIBanT
UvjaJkrFb
UwLesWdpQ
UXCULVOVeLY
UxNMiYLRmg
UXpvddAtRLG
uXXXhhyTsAn
vCIIpxInta
vCXdldNKeS
VdDBQGTG
VDstFyYwJ
VDywWp
VeUQKOEJwHn
vevKdQG
vfGrdNQTjW
vG45$$(
VjRkq|"
VkiRMrUHSSk
vlkMjcYqkuJ
vLSgiwEYrh
VQdXmjw
vqJSWDa
vqscyT
VRBNCqsq
vRhxlUQ
VrsMuKH
vtitpeud
vTlVDYrhx
VtmmRl
VYlJYH
WaMWQJAuOQ
wBCwsaSr
wbGUwrWd
WeZryS
wfaIPUHJ
WGqDMOG
WindowFromDC
WinHelpA
WININET.dll
WiOyjMKtbS
wiYYyFWlUY
WJqLlfyhx
WKwcvtAFgTF
wMcNXeSEfA
wmdXYEoHb
WpcmdQqMNl
wQqeDR
WSsFCTUIta
wsUJOE
wvmJhmJVtH
wWrGetpGp
XahiTi
XBPeYS
xckhFhXWoN
_XcptFilter
xHpoMU
xHyOqD
xMKlIETJ
xNiMPUNsPpf
xNuXywO
]-=XO 
xoqgMfG
XQUxbsdqs
XrSOUSsGvSd
xTclNaBx
xUPdcxXol
XVTUdEN
YamAgB
YaxoNk
ycbmcjphA
YCQgieEP
YehNuuiYv
<%YeZG
YggQNKwoNn
yLRtiaV
YlXHytJ
yMUXUTrHMfx
YrGgfuh
YSXEfin
YVESAFepG
yVKIqv
YXUgWaLe
Z6JdGZ
Z~9SdH