Sample details: 223e817bfd889c608908fe92140f0c3e --

Hashes
MD5: 223e817bfd889c608908fe92140f0c3e
SHA1: 332599e284c4f5903fee435c775b74d57e790c3b
SHA256: 6e2a7ab0384d2b84d1b06a48f5a96ac4d3e6479c46a004c9b6df2e0f32816ce1
SSDEEP: 12288:NN9cnSC0xFuS18UqHveAbSd+l/Xk/TicvYdgU3oksy/P3Nv4qVmoCiUt/qxUhUJ8:xEdnPn9lBbg51ADQ7lx
Details
File Type: PE32
Yara Hits
YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/network_http | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers1 | YRP/BASE64_table | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | YRP/UPX | YRP/suspicious_packer_section |
Parent Files
71fdf0066ddac9e559722c59c27c3f25
Strings
		!This program cannot be run in DOS mode.
.rdata
@.data
*#AI-"4m
&AE1sI
(3BJ)#
12B")#
)#v2jl
&AH-l2
m(#BI1
*#AI-~AH-|
*#AI-{a
*#AI-{a
+A})2B-)#
+A})2B
*#AI-{I
;a(3L\,#
*#AI-~AH-|
*#AI-{G
*#AI-|
&AH-l2
*#AI-|
-tAE1sI
*#AI-{G
&AH-l2
*#AI-|
(#BI5"4
r(#BI1
&AH-l2
*#AI-~AH-|
*#AI-~AH-|
*#AI-{Ij
*#AI-{I
*#AI-{I
*#AI-{G
+A})2B
bk(#BI1
*#AI-{I
*#AI-~AH-|
*#AI-{G
*#AI-|
*#AI-{G
(A(#BI5
*#AI-~AH-|
*#AI-{G
*#AI-{I
2e(#BI1
*#AI-{I
&AH-l2
*#AI-{I
*#AI-{Ij
&AE1s&
*#AI-{Ij
)#&-,#
*#AI-{G
&AE1s&
*#AI-{G
3(#BI1
-(#BI5
;|)#AI9
{)#AIE
z)#AI9
z)#AI-{G
Yz)#AI-
y)#AI9
/x)#AI-{Ij
#v)#AI9
Cu)#AI-{a
u)#AI-{a
t)#AI-{a
)xIqzV
-V~p\uAG1u
r)#AI9
r)#AI9
9r)#AI-&
r)#AI-|
q)#AI-&
p)#AI-&
o)#AI-&
n)#AI-&
m)#AIE
m)#AI-&
l)#AI-&
k)#AI-|
[k)#AIE
j)#AI-&
oj)#AI9
Gj)#AI-
7j)#AI-
+j)#AI-{Ij
f)#AI-
e)#AI-
c)#AI-
sc)#AI9
kb)#AI9
+a)#AI9
o`)#AI-
_`)#AI-
^)#AI-
&AH-l2
])#AI-
])#AI]
E])#AI-
\)#AI-
[)#AI-
%[)#AI-
Z)#AI-
aY)#AI-
W)#AI-
W)#AI9
)2L~)#
T)#AI-
/S)#AI-
S)#AI9
R)#AI9
P)#AI9
P)#AI-
P)#AI-
sM)#AI9
3L)#AI9
wK)#AI-
gK)#AI-
J)#AIE
J)#AI-
J)#AI-
J)#AI-
J)#AI-
eI)#AI-
H)#AI-
H)#AIQ
{H)#AI-
G)#AI-
G)#AI-
F)#AI-
F)#AI-
F)#AIE
E)#AI-
E)#AI-
oE)#AI-
_E)#AI-
D)#AI-
D)#AI-
]C)#AI-
B)#AI-
=A)#AI-
@)#AI-
o@)#AIQ
S@)#AI-
@)#AI-
{?)#AI-
>)#AI-
>)#AI-
<)#AI-
g;)#AI-
W;)#AI9
)2L~)#
Q8)#AI-
6)#AI-
6)#AI9
5)#AI9
k4)#AI9
3)#AI-
3)#AI-
1)#AI9
/)#AI9
/)#AI-
.)#AI-
G.)#AIE
+.)#AI-
.)#AI-
-)#AI-
-)#AI-
,)#AI-
W,)#AI-
+,)#AIQ
,)#AI-
+)#AI-
w+)#AI-
g*)#AI-
W*)#AI-
))#AIE
))#AI-
w))#AI-
))#AI-
()#AI-
U()#AI-
')#AI-
&)#AI-
O&)#AI-
$)#AI-
/$)#AI-
$)#AIQ
#)#AI-
#)#AI-
#)#AI-
M")#AI-
!)#AI-
 )#AI-
)2L~)#
	)#AI-
)2L~)#
)2L~)#
z'#BI5
hy'#BI5
)2L~)#
Hw'#BI5
(v'#BI5
t'#BI5
c'#BI5
`^'#BI5
\'#BI5
)2L~)#
Z'#BI5
Y'#BI5
XX'#BI5
F'#BI5
A'#BI5
@'#BI5
)2L~)#
p>'#BI5
.xu#I]
)#AI-|
='#BI5
)#AI-|
;'#BI5
)#AI-|
)V~H(I
(#>D'#
MCAI1s
1N)#AI-
M8)#AI-
uG:m1$
FZ-#IK
5q#"&)#
f6q#"&)#
)#IHN"
)#ILVS
{(#BI5
)#$L/0
-V~pJz
-YAE,G
(#BI1.
=s$L*0
D)#AI1
)2B\)#
)#$L/+
)#$L/4
)#$L/%
)#$L/(
)#$L/*
)#$L/&
n3$L)-
AK9r3|
v(#BI-
:9v#K$
6q#"&)#
6q#"&)#
i~(#DE
M'$L*#
x?&6)#
)V~G1#N
)z&T)#
.#AI-`
)#>LmG
|v&<)#
)V~G1#N
)u&]0#
)t&]0#
M3AI1tIS
a *#A}*2Cl+#
!*#I!M
u2Lj)#
+2J.)#
)(G!MK
M7K$9$
lwITrs
0+#AI1
XT(>9v#A}
)u&]0#
)u&]0#
y-#AI1
yt&]0#
H(#BI-
|t&]0#
)#&MFo
B(#BI-
p9\|	)#
A(#BI1
M'Ag+t
:q#"&)#
M2E()#
m.#AI-
o?&m,#
F-#A}.
o{j#IF
9S*#Iu
eM*#A}(
AO*#AI-
I*#A}(
D*#A}(
*2CL)#
)vys,#
u#a=6o
u#aQ6o
M+?g(#
)vys,#
)#aM7o
u#a]7o
u#a)8o
u#a98o
u#aM8o
u#aa8o
u#au8o
u#a-9o
)2B`)#
)#GCi%
)V~G1#N
/#&aFo
)#A}*2CV)#
	W~p.>~
=>-#AI5
'?G-#I
oKAG-vI
)V~G1#N
l'AH-rCE8
(#BH-r
	w(#J}
)s&o,#
%>~*2C
!BN(W~w
(s#K#I%
)#GC='
)#GCE'
)#GC]%
Cs#AK1
(#LC-$
(#B}72E
(HCM~e
)"Ee*#
)#I;}%
MWKCa%
)#A}*2C
/A}(3B
U*)#AI-
x)#AI-
)#?h(#
)#?l(#
M7?pIq
	](#Ju
.Bq#"&)#
a)#AIA
E2LC+#
)s&o,#
=v#I	M
(3Bn)#
!P(#DE8
xu#>O*
)#K@!%
1\]q*#
MCAI1&
0;AI1&
)2CF)#
Bq#"&)#
J9v#CE
)#CE|x
Bq#"&)#
)#KCI'
r#G#I'
)V~G5#N
BN(W~w
\(#B}*
4(#BI-
?(#BI-
=(#BI1
M3zxu#
/2E9*#
u#AN(W~w
(zA}Az
zvI^~yI
m2BO)#
(#BI5&
(#BI-s
)#A}02Ea2#
z'AF-qCW
(W~G-#
)#AI-V~G1#N
|xA}(zI^
fCq#"&)#
wKAE-^
wKAE-^
`)#AI1
|s&m,#
k&.#CE
9|(#BI-V~
F9#A}+
z(#BI-V~
)2CK)#
gDq#"&)#
(#GFs#G
mz'#DE8
M/FFs#G	M
9w'#DE
F-#A}.
)t&i*#
)#AI-^
D(#BIU
Mc?k(#
|t&]0#
=*#AI5
Eu&]0#
~tIu(9z
(3B4)#
7t&o,#
Q2BJ-#
)2C^)#
(3B2)#
F9#AAM
)\mY)#
)\m])#
~\mm)#
(#B}*2C
	&(#DE
)#A~Q2M
cA~D2C
er(#DE8
Yp(#B}*2BK'#
E!(#BKA
)2B\)#
Ev&v)#
(#B}(3B
)#w~(#
|u&]0#
(#B}22E
(3Bg)#
)u&]0#
)s&]0#
(#BI-"
!BN(W~w
M;AN(W~
M;AN(W~
MWAIA^
U!3VGs
7cAF-^
zsIS(v
_0)#IT
M3?f($
~/AI5&
i(*#AI5V~-*
r#AK1^
}h-#IS
A,#AI1
\Iq#"&)#
?,#AI-`
>,#AI-`
>,#AI-
>,#AI-
f(#BI1
oYkA}4
xB-#IT
42C7*#
3,#AI-
<,#AI9
3,#AI1
*"@F)#
\"HC%$
4-#IAM?
M??G-;
)2Ls*#
v?v#ISy
-2B|*#
Mo$LmG
MgAEHG
mG:F''
Kq#"&)#
-#AI-^2
~(#BI5
kA}02EY-#
MG?h($
Pr-#CE
Y2JB*#
)2L2*#
MSIKyt
Mq#"&)#
)#A}.2CF)#
F5#A}/
(#BI9^
MS$LmG
)#A}-2Bt+#
)#Im\"
bAIA2m
6Mq#"&)#
VMq#"&)#
9sIS(v
Mq#"&)#
)#AI1V
Mq#"&)#
.kAM!d2
-#AI-^
)2L,)#
MGAf,&
?2DP)#
)2D0)#
MC?l(#
zIv\"H
?sIS(v
?sIS(v
)#AI-kG
)2Bl*#
 3B:)#
 3Bz)#
V\T!)#
V\T!)#
wcA}+2J
?sIS(v
F5#Cr8
ocA}(3B#)#
#&Ls#G
Nq#"&)#
;932Eg)#
4cAF-^
Oq#"&)#
Oq#"&)#
U|(#DE8
5sIS(v
uG6mM-
)#&y*#
MCK	MK
!BN(W~w
)#?IM7
	W~p.>~
|yA}({I^
BN(W~w
	~(#JSN"
d*G-#N
-V(#JP
u2B3>#
S(#DE8
)#G	MK
)#GAM[
)#K	M?
)#I	MK
r#K	M[
)2M"+#
I2CK)#
)fK	Mk
U2Km,#
-#G9M{
!e(#J}
Q9(#Jm
(3B**#
5(#Jmv
-[(#Jm
Q2Lp)#
b)#AI5
iH(#J}
mAg,u(
(tIS({
42B&)#
eG(#JS
QE(#J}
j2C<+#
B}^2E\*#
*2B8*#
M7A}(3CP+#
o|,#I]
z(#B}*
:)#AI5
F5#?h(#
-(#DE8
a,(#DE8
(zI](9
MCAN(W~w
?sIS(v
UW'#BI-
&#BL1q3`
Zq#"&)#
Zq#"&)#
|(#BI5
)#GC1$
[q#"&)#
6[q#"&)#
^[q#"&)#
v[q#"&)#
r(#BI5
,#vQ(#
G-#K@!$
[q#"&)#
)#K@!$
q"B~12E
I*2Cy)#
)2C))#
MK?f($
q/AF-2m
Y2MK)#
MSI]|uIR
M[$L,$
MSI]|uIR
M3$L/#
l/ISyxG
(tI	M/
MoIS~s
2REyyIP
%q(#DE8
n(#J}~zIP
!n(#DE8
MgAf,s
=_(#DE8
(#wf(#
-b(#DE8
ma(#DE8
z3IS{x
)_(#Ju
a`(#D{
2,#CE8
_ytG!M
$*,#IS
(&,#IS
;cAF-^
9yIM(v
$ILT%W
)\|e)#
z\l=)#
)V~G-#N
d2Ey*#
)2EI*#
3Ag*cG
)#IRdq2
M??f($
MW?f(#
,#AI-V~
M7AN(W~
*2Au)#
'Imd!Jb
F"&A~*
Dv#IMT
]%AE-^
r#AI5s
!_q#"&)#
S&,#_q0l
4AF,q3d
V_q#"&)#
~_q#"&)#
n3AI-V~
(3Ly)#
(#BI5^
)t&y,#
)t&n,#
r#A}(3B
BN(W~w
)z&v)#
A}*2RF
]}*#IM
-}*#IM
M3&m,#
i\'#DE
,#&m,#
'>F	'W|
:lm#Iw
y(#BI5
'>F	&W|"3m
mG"p+V~
JAN(W~w
Vrt&6)#
)uI}(9
#3VEqF
0tIT(t
P>Dv#I
r#KC	$
)2L]+#
b@>Dv#
)#G#1$
%AE-r3d
)#A}(3CI)#
_IusuIT
W|"tIL
F-#AM(
E{sIJyt
ejAH1^
8+#A}*
)#>S+H
Ki+^;n#
>*#AI-^
)cAG-^
@2CM)#
92J%)#
)#G#=$
=2L7)#
tCAI1cAG}^
)2LG)#
MCAI1cAG-^
;Am-l3z
*#AI-^
(#BI5V
(#BI1q7x
K\?9)#
)#AI-^
ogAI1^
52SGk&
okAIE^
+2m}k2mU
)#I6m$
acAJ-^
)#AJqN
AE-~AII
)\]%)#
MkAI5^
vGAI=&
AE-~?I1$
MGAj*.
vGA~*2L
F"(Ak8
~(#BI9
0A~82Cc)#
oCAIAV
F$(Ak8
u(#BI9
s(#BI9
q(#BI9
o(#BI9
kA}02E
%aF^s#:`
MGAI9$
xCAI9cAK-
)#I<]$
=V~LmG
5K?nC{
icH ($
EV~LmG
5K?nC{
92Cz'#
3AF,r3M
MGAE-qG
U	3mEd
EcAG-^
A2Ja'#
i2C$&#
)#AI5fAKI^
EjAG-^
]kAsi^
MWAI9jAH+
BFIr3m
BFIr3t
I2My)#
(6AI-y
)2LH)#
MSAI9^
l7AI9V
Kp'^8n#
Kp'n6n#
)#I	M_
M3I7	$
MGK1A#
E#)?g('
M7?G)#
F#6?L)#
F#6?K)#
CAF-kG
)#I	MW
A2Cl&#
MCI1Mw
CAG-kG
)#I	MK
M2CP&#
|xI-i$
-2B4*#
M7'Ey3
MCK	<#
CAG-lG
3*2mw8
1#?g('
CAG-kG
(BDv#FDv#
Ev#FDv#
.fq#"&)#
Iwr2mS
F$(Ah8d
F!*Ae,d
A}(3SF
)#?I5$
)#AH1p3x
H\*#AI9
(#Jm\"Dr8
u(#BI-
&	u#AN(W~w
w(#'b)#
!t*#AI-
Qv(#BK1p3x
ep*#AI-
F!'A}-
n*#AI-
!BN(W~w
1#x#BH
0.#x#n
-#x#BH
y"P])#
x(#BIU
~s&]0#
~s&]0#
|s&]0#
kq#"&)#
'$#BI1
MCA}.2E.*#
F-#A}.
A}22SFr
!BN(W~w
M3K!<(
M3K!4e
MsK	9\
S2C*)#
q7$>9#$
w7$>9#$
w7$>9#$
)#AI5mIG
/A}+2K
M;?K].
)#H!Qs
-An+k$
1tIGN"
~(#BII
(3J$)#
)#AE/jG
q7$>9#$
q7$>9#$
q7$>9#$
q7$>9#$
q7$>9#$
)xIq|yI
M'$L)%
92@D)#
_{(#JK
)2mLy"4
r#&5"n
1#$L).
m2B6)#
v+$L/+
v/$L/+
*V~G1#
i#>G=#v
z+AK-r3w
H2BM)#
*"O5)#
,2C%)#
)#AK9y
%t&mNn
Fqs#I^
*"O5)#
(W~G-#
)V~G-#I
V~G1#I
(W~G-#I
(W~G-#
-V~G5#
)2C))#
)#Aq=v
)jAH9^<
ay"4e(
xIqztI
	3JM+#
)Ag+mI
3AF-t&
)xIqzt
4jAHQ^<
#AKA"3
;I,2B1)#
q2Bf)#
o+V~^)
)#A}42B
v(#CE8
v(#CE8
u(#CE8
)#Am,2B
q2Bb)#
t(#CE8
r(#CE8
b2Bd)#
*"O5)#
*V~G5#I
+V~G9#(
+V~G9#
m#IS(t
)eAFM^
G9#fAo#ZAo#bAo#VAo#jAo#RAo#^Ao#GAo#
)2@6)#
)2E*)#
RAm-2C?)#
)#A~,2B
(#B~O2L$)#
/G*#KCe3
&5*#C{
)#?f)#
)#AI9|
12C|'#
	yIqzt
:G2tHo
:/2tMo"
+"4y|"
(HKU	j
(HSU	j
s(#BI5
(YZ#x#
)#Aq5v
*{AE8G
F!)AEEs
M+AEIs
b@6#x#I
E%3ta;2
)#"&)#
3AI-"!
)#AI5"
7u():#x#A
t(1:#x#(
^#x#A},2C
	3Ev)#
dXV#x#5
)2B6*#
yy"4u(
	3E-)#
;id`V#x#5
(YZ#x#
v+?~($
($?g)#
T(~pu#G
)#A}v2MM)#
7"r-)#
q2CQ)#
5"o))#
o/"o!)#
Jn7 nJ%
)#Am.2Bg)#
yo#"&)#
^#x#A},
dXV#x#5
yo#"&)#
x7A~n2JN*#
)2MB*#
er(#DE
r#A}*2C
}prV~C)$
d(~$x#1
)#AI5^
(#B}(}3
;o)2BV)#
%I}b`~$x#;
F")AeH
(YrHu#
)s&UFn
YcIMa;2
x#A}*2Bm)#
(#'=In
(Z(y(9
xIqztA
;uV2RE\
 "J_)|
;uV2RE,h
aEGAq1
($@h6$
k'Aq30
)#AIA"4
v7?f(3
92BI)#
v2>bn+
(#?*a 
(#BIY}
=2CM)#
)#Aq5v
)#Aq5v
)#AK1y
b`~ x#3
)#A}*2CX)#
E2B7)#
(YZ#x#
J#x#CE8
0B#x#I
8R#x#K
d(J#x#4
~-lA~I
F#x#I]d
(YZ#x#
"#m#GA
)V~nl$
)yIOdd
`Nou#K
5Am,2C+/#
#Y)2tH
-2Jq2B
0Vou#G
AHY"4e
F()AfH
t(1:#x#
)#Aq9v
N2C^1#
)#Am,2Bm)#
;n)2Ba)#
s5%$.5$G
v;)Ne&
)#AqAv
F")AeH
C2B3)#
dX~$x#1
dX~$x#1
C2B/'#
0~pu#H
0~pu#H
0V~nu$
nK)Ee&
0*qu#G
]$AE-m3z
)#?p(c
)#IMN#>
)#AqYv
oLzv=Kn
HjA}42E
1Am,2CY+#
Y2C:*#
x{A}32B
a2B^)#
_b@6#x#2
xIq|yI
Ou#A}*
12SFz"4
0>Hu#_	
n+$Ln	
t(1:#x#
wu#A}(
)#Am:2B
q2Bb)#
)V~pQ^
G1#IF\
='AI5q3j
(#BI5L<
G-#IF\
|yA}({Iv
-d'W(#
o3Am5l3w
1jAE-^
)zIu(9N
~(#JL\
(#@qu$
_y(#JK
(#BI5y
p+V~G9#v
)xIq|yI
(#Bq]v
5"4q(9
(#BqAv
/"OQ)#
)#Iu(96
-V~pMz(
)#AmC2B
)2C7)#
"4m(9>
"4e(v*
m(#wc%k
9yIM(v
9{'#BqYv
t+0vdn
Ds(#DE8
	)#C`8
)2@2)#
BEXkA}Y2EK+#
y2uKy"4
s92}Szs
puyIT(
To(#DE
8n(#DE
)V~G-#
a"Q-)#
p7V~p3"4
y2uG6#
)xIq|y
9xIM(v"
Mk(#DE
M+AFI"5
-V~p{"4
M3&v)#
uA}A2E>*#
qk22qk
(HC4bk
q2C>)#
(#Bm/2B
KAm22B
r"(#DE
*AK;2uV
q"4E(9*
)Nws#K
/zIS(t
3~&#Ju
1"4y(9
5$|%)#
1yIvy"4
)xIq|yI
9"OA)#
'#BqMyIv
o+V~G-#I
B(#Bey_
-y"4m(9
(#BL-q3]
ocA}+2B8)#
 !Jo~v
(3uE6#
=(#Bey_
)xIq|y
)"O%)#
)"O%)#
2uEy"3
/zIS(t
)vyq2#
~d&#wU
d ;xd 
)xIqzv
~}(#J]
*"4y|"
4x(#DE
l(#B==$
lAf,lIF
'#BI5"
,V~Hi^
pCAE-s
`"4m(9
(#4Q(9
|"/}yx
=2JK)#
o&AE,G
!B~92E+)#
\R(#Jub
%$AF-t
?c(#BJ]V
-=AH1"
)~AI1|
kernel32.dll
kernel32.dll
ole32.dll
ole32.dll
kernel32.dll
kernel32.dll
kernel32.dll
kernel32
lstrcpyn
lstrcpyn
CoInitialize
CoUninitialize
MultiByteToWideChar
WideCharToMultiByte
WideCharToMultiByte
GetVolumeInformationA
CreateThread
d09f2340818511d396f6aaf844c7e325
707ca37322474f6ca841f0e224f4b620
F7FC1AE45C5C4758AF03EF19F18A395D
5014D8FA6DCA40b68FA626D8183666EB
A512548E76954B6E92C21055517615B0
4BB4003860154917BC7D8230BF4FA58A
window
ComObject
Variant
HtmlViewer
KO>F^=
_9!<	5
+p=^Q8j
gp CMW
SI#'#r{
(Fg%+C
TE"av 
<GWuR 
]UYDnk
/&1ypY
KU.^gE/
8'/r<X[
'W	Diu
Wmz2cJ
Ah@6N[
!This program cannot be run in DOS mode.
=f%4ho
G:CvfV
\r\W_N.
^u2>*}q
\,VTbm
E	m9d5N~
g5rb\]
k%jPJo
s.f}db
e^4eds
I%nUOE1!93
|F#9{J
C*m#ysv
bz49N.
ThG1sE
E4"0$(
NyLM+@q
)?:X`Z
VI$:jg|
29	hg%fpM
(V`yr(8
?~\dikh
.,v%,<
S.Ac9SR
c.(!>gM
B]ne>`6q
g|^;#|
B+X!>'
(?sQW^
BCM8]|/
	HN~\i
s+Lhn@[0/
tuZ=d&
tAKNE'
d<VC*AN
;'+GTz
bq|w1U
0.I%3s
cx;9OMq`
A6_&Zv
,wAe.kI
z&^0nZ^
@'dBbY
aiUy'%34xu
'>h.B'
3^FeL*/Y
X3:c@J
zW9#g&
q^8AVaz7
kkJ^/f`
TogslH
3X)4nYg
8G)mHFd
#5H	h"
,zQbyO
LpO1z5=
7i`xaX
&b4*~r
jYI&oh
xx0H>>
%u	d,P
,]Iqq/
+mirhj
Zk_'2=
!H\`wf/[;
#H3	_pw.
MVB9Y@x
[^dYz[
y'+xq?
F;l=cv
SxvOhqu
T*spwd
\<wp]w
qVbv=K
M\WJZZ
CE*P)$
%`#nD'
&eW?Ua}V%
S3`8P%~
Y4~mrO
QypmUH
3OyMbc
(@`"i5
@=05]vm
mC]pF~
v$/_cR
P2"Tby"
zg}ey2
PTMSrj
pS>Q2C
:+OG&X/f
`	|la:
GqW/zI
^P8QfWj
QqZmLz
2+uGer
d+Tg`V
|Cu	{M
dO!&_(L
pgp3 ~~~
<EV#/'
2mFyf:
|CkD -
k`,l~MK3
zqol#6#0L
lRZm?P
3;a~l(I
BOEi	H
T`Ju#r)6^J
Fv1?r@
HQ[1AH
O]-`]_
PlEaM0T
fF^E	s
K|Ky\@V
13:`cK&VM
^>E<&f	
;x#3:K_
V;vGWR
Gnvax/
axZ!7}h
x7(8D#
^**9;LY
*tVU[T#
xe%CNs
_[Qdte
;=77WE
t8VQ2\
9F.cLe
NOW=\y
_7hE]m
F^Vp}!;
Z~'<5d
hJK.ZH
O/";_)
fZnF)M
*omj Y
#A3*Vs
Z6w}oz
vn2}sp
65JSSe
\Uc4~_
0<E*9Uu
6]on<X<
'	I vi
R?~?&_&
j*mI~1
(DA/Rv
h+c"gf
K/k]-kD
x>K7GZ
HpO9'+
A{JZ%{
7,QM1A
N'Uth='z
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H)
s`)L$4
D$t+D$\
9l$\w_
XPTPSW
KERNEL32.DLL
COMCTL32.dll
GDI32.dll
MSIMG32.dll
MSVCRT.dll
MSVFW32.dll
USER32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ImageList_Draw
BitBlt
TransparentBlt
DrawDibOpen
SkinH_EL.dll
SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign
SkinH_AttachRes
SkinH_AdjustHSV
@abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
http://a.mingpaikeji.com.cn/new/info.txt
http://a.mingpaikeji.com.cn/new/dxc.txt
http://a.mingpaikeji.com.cn/new/one.txt
WinHttp.WinHttpRequest.5.1
@SetTimeouts
SetProxy
SetProxyCredentials
Option
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Content-Type: application/x-www-form-urlencoded
Referer: 
Cookie
SetRequestHeader
ResponseBody
GetallResponseHeaders
Location:
Set-Cookie
Set-Cookie:
=deleted
http://a.mingpaikeji.com.cn/new/ip.asp
&sd=ver12.2-
&time=
&sd=ver12.3&name=
?date=
QQ1003175
http://open.baidu.com/special/time/
window.baidu_time(
@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
C:\Program Files\
kernel32.dll
ole32.dll
kernel32
lstrcpyn
CoInitialize
CoUninitialize
MultiByteToWideChar
WideCharToMultiByte
GetVolumeInformationA
CreateThread
|?5^<@
BKbhTb~XBK!;
?u='@^
								
UUUUUU
CNotSupportedException
CMemoryException
CException
CMemFile
CTempGdiObject
CTempDC
CPalette
CBitmap
CBrush
CGdiObject
CPaintDC
CWindowDC
CClientDC
CUserException
CResourceException
CDialog
MS Sans Serif
MS Shell Dlg
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
InitCommonControlsEx
COMCTL32.DLL
CPtrArray
CComboBox
CButton
CStatic
CFileDialog
CStringArray
CWinApp
PreviewPages
Settings
CTempImageList
CImageList
CProgressCtrl
CArchiveException
CSharedFile
CCmdTarget
CWinThread
CTempMenu
combobox
CDWordArray
CWordArray
CFileException
CMapPtrToPtr
CToolTipCtrl
tooltips_class32
CColorDialog
UNLINK
DELETE
CObject
COleDispatchException
CByteArray
COleException
System
commdlg_SetRGBColor
commdlg_help
commdlg_ColorOK
commdlg_FileNameOK
commdlg_ShareViolation
commdlg_LBSelChangedNotify
CPtrList
software
CSyncObject
CCriticalSection
CMapStringToPtr
RichEdit Text and Objects
Rich Text Format
FileNameW
FileName
Link Source Descriptor
Object Descriptor
Link Source
Embed Source
Embedded Object
ObjectLink
OwnerLink
Native
COleBusyDialog
COleDialog
%2\CLSID
%2\Insertable
%2\protocol\StdFileEditing\verb\0
%2\protocol\StdFileEditing\server
CLSID\%1
CLSID\%1\ProgID
CLSID\%1\InprocHandler32
ole32.dll
CLSID\%1\LocalServer32
CLSID\%1\Verb\0
&Edit,0,2
CLSID\%1\Verb\1
&Open,0,2
CLSID\%1\Insertable
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultIcon
CLSID\%1\MiscStatus
CLSID\%1\InProcServer32
CLSID\%1\DocObject
%2\DocObject
CLSID\%1\Printable
CLSID\%1\DefaultExtension
%9, %8
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GAIsProcessorFeaturePresent
KERNEL32
_hypot
`h````
ppxxxx
(null)
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
+ LOOP 
Dw=|:s
RasGetConnectStatusA
RasHangUpA
RASAPI32.dll
GetAdaptersInfo
iphlpapi.dll
SHLWAPI.dll
MPR.dll
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
WINMM.dll
WS2_32.dll
VERSION.dll
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
lstrlenW
lstrlenA
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
GetLastError
ReadFile
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
FileTimeToSystemTime
GetTimeZoneInformation
SetLastError
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetVersion
KERNEL32.DLL
WaitForInputIdle
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
MessageBeep
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DefWindowProcA
GetClassInfoA
DeleteMenu
GetSystemMenu
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
LoadIconA
TranslateMessage
SystemParametersInfoA
SetWindowTextA
GetDesktopWindow
GetClassNameA
GetDlgItem
GetWindowTextA
USER32.dll
GetDeviceCaps
GetTextExtentPoint32A
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
CreateCompatibleDC
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
CombineRgn
CreateRectRgn
FillRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
GDI32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
ADVAPI32.dll
ShellExecuteA
Shell_NotifyIconA
SHELL32.dll
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
ole32.dll
OLEAUT32.dll
ImageList_Destroy
COMCTL32.dll
oledlg.dll
WSOCK32.dll
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
WININET.dll
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LocalFree
FormatMessageA
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
lstrcmpiA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
InterlockedExchange
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
CharNextA
SetWindowContextHelpId
MapDialogRect
LoadStringA
GetSysColorBrush
GetNextDlgGroupItem
PostThreadMessageA
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
GetMapMode
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
comdlg32.dll
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
UnregisterClassA
0R>\W[
nzzpenc
eQpenc
SbpS:g:
SbpS0R
SbpS@b	gu
SbpS0R
kXEQ>\u
ck(WSbpS
-NbkSbpS(
SbpS\O
-NbkSbpS
ech1Y%
ech1Y%
OX[0R 
ech1Y%
RSbpS\O
QX[gbL
YX[(W	
N/f@b	g
l	g~b0Rdk
-N"N1Y
0dk:ghV
N*Ntepe
N*N(W%
N*N(W%
N*N(W0
N*Ncktepe
T/f&Tcknx
l	g~b0R 
[/fS_MR
g~b1Y%
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="">
<assemblyIdentity version="1.0.0.0" name=".add"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
      </requestedPrivileges>
    </security>
</trustInfo>
</asmv1:assembly>
(Sx'u4
i5|%&8
$i#-ti
ug(*GM	
LMr4< 
$#,AM7],
_RATg3
r~g$)$
WFGX	Y
E0U{c-
gkul)S
F\	0D/
GJsch8
go=QY)
Fx2Bx3
6?9"Ec
a>(W&	
Pkk|im
TIDATK
;SVJi}J
Gu@DdTB
q>$sA&
}EzH)vB&
p@%uD(
mPq?$r@%
eTvluuV]
tFctvt
>zqzYp
>?.M&=
jiihi	
C5hnmmS
!. I.%
,3[]<|$]R
(,4aX7
 U"~	nMh
Mcd	a2/>
MW4K[b
>fY9,Y
^~~b LO
CiTU3KYHL
\|=\z;
X]]"YX
Ldj,;^
uu(;?7
C8s)3	O
U-]nh?
n8+A>/ 
t|8=MOv
w-DDX@
ln V@N$U
x ;|VJJX
`LrEbQ^)
yBbL*d-9
p;G%=A(
\xN-% 8
\^Rv5N
f)d?[N
uB@AE#I
`wD8lE
g''Hf2$3ib
J31;K*;
!;9Avr
_QU&ff
-v*w{,
@VePdd]E
	$Mio$k
}cf6MVo
z)XwYo^
|$	IWE0*
GIBIFP
>(#'#h
<wik}cd
4A1vw*8
y0eC%zj
m*~KV6o
0b A2>E
#I" ho
c"8Yl`
:dC%rrZ
RTuTF 
N6)fr	
[i;'Wi
v$C`:xe
6^ctpp
au@@SpK
u8g>yv
">P1E~{
xUQe&w
@Ue4EFW
DBerLem
"K3(	a
7i&#ZA
[om Gu
$UA64|
T*u</ 
UVa:8[
\AhP p
Xj`p0@
x'kRW4
*mgJ:F
b,x:+Z^
Qm vjJ
!"/@;:
G1NOB(
/m<-D6
x$E&vr
,CmTcJ\G
$#%f@K
/32<C"
XJLE6I-
D2N&)c
PIQ5$<$Y
6XqS}WI
/a5\BBl
VV+XN@
TBfrLcvn
`Gn"x"
;4%DUU
3X^-pg
\Y'(60N
+WR&j:&
B7 (E0
%D+pua
6)37W!(6
~xTLx6Y
zrWKX7
Fj;j6!r
Xdmi)Z
<*)1N0
qxr r/'b
Bq@&m+
4d}yPF
*m:o_G
A-B_c?
DWv-Bo
c/UCo`3
MgI=~X
MeH=q8
a0:>A:
IDATi4
v<QW]j`
5t[%'c
 0u$!8
:q=B'~
''D?Wk
30DK/:_Q
1TEG,v
 K.r,Ar
h5:Tj`h
H%evMh4
4y}@Ig
WiuLd$<
@>7C.3
qtK`hBN
xmKtkr
RLA?<.t
IWQ2qq~
6Ps	$UA
mACHOE
X[Ze$?2
^fae	#
08hYMJ
n iIb1	
IDAT6,
"w=<<1
=<.`9=jC
LRb|TES
eya	#a
]w>M*=
3c=*@N_
54p=.\
X&PV~[
d	[6666
c|hTs6zg
D$oO@\N
^{Z]X3%/
<{DN(*
ma^Qf6 
DZz}jn
g}3Cvgg
3D343!
tSP*6wT
*>J]Mw
-+$2 3
)>Jll>T
/4fb</
y	aMk62
1?b>bGfby
{{{$#JF