Sample details: 31a23367b485f117f873fc3f6180f874 --

Hashes
MD5: 31a23367b485f117f873fc3f6180f874
SHA1: a5b5430055864ca8374647c26871b23136c04e62
SHA256: 15cac873dea71853f06c3ac96239b8b81c753b996444ce3762b378df2e96cbab
SSDEEP: 6144:v4GKzb1uJb/a7b7o1ijbOrtLg94G1oVYYKvqOR2GJQv:v4G6b1ut/+/GiPOVO4GaV5dOR2uo
Details
File Type: MS-DOS
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasModified_DOS_Message | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/DebuggerCheck__QueryInfo | YRP/ThreadControl__Context | YRP/inject_thread | YRP/network_http | YRP/network_dns | YRP/network_dga | YRP/escalate_priv | YRP/screenshot | YRP/keylogger | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Advapi_Hash_API | YRP/CRC32_poly_Constant | YRP/spyeye | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | YRP/suspicious_packer_section |
Strings
		.imports
_][^YY
F,;F8u
N4;N@r
D$ 8L*
N0;N v
O@;OHv
N4;N8s
N4;N8sZ
s,;\$<t&S
\$ ;T$$
D$\;D$`sw
_^][YY
QSUVW3
l$$A8\$
_^][YY
D$ #D$
SVWjhQ
D$ Wh`c
SUVWHj
WWShTA@
<'t	B;
\$DUVWj
IIt	IuGf
D$$PWf
D$L;T$$|
L$,GWVh
SUVWj"
L$(j0^
YY_^][
D$8jdP
dv	jdj'
D$8jdP
E#+E/^ZY
`.data
.reloc
BASECONFIG
HTTP/1.1
http://www.google.com/webhp
=8705~8#9:
tICPTCSEscDOYEZGQBicZ\U_HMa
NHK]irsaqqhoaR_ye
&;1"&1!7!1
6 .500
)5#-+#
rwtFv`}
%57064q:>(<z=*6+}d`1IJd
]ikgqes<'!V
Nk|l?usbfd+62g
J4,(**1)B
W\78<1:5;T
|achi}ohj*z.wvi2zrhv5ld{q{q|ttJ
k+<</#+0*! 4613f{/*=%8496osu
|AKX\K[M{kLGQMROYJauUN\JYSA
vJA\`|h~WGhai
iCOMDLN
w[tu~}re
9))079
:'7#>*:m
.>=!)!6
^p8Y|vxvv{y1Hsw{b<
g0}d5M
'1#! .
)1'#+?
03-%-)#4f $"
p}lss{@sxhvv787phdxo$7
tsfpZtuc_
IX_JLXDJ
BUEXv^BOZEAI~MJZ@@	U17,
22<;s|s448$3`sF@8?*<
01'#le5
*-,jcnoi0`h{JL07>(
(-;;tq0#? %0&
Y]I]ZX\
67'=>557>
&-#0,5*&1,8e/,,
dys`dscucsT_IUJWARysb`}dcb}M_B
_',-*Z
 #4$30
iVRYULK
aURG_EHD_[
iRPIMLK
kW\_OX[
\cgl`y~,Okwe'Kdmw
CXb5OM
#238!?(qjl;]
0gHEtbewo
"$%-*">;;
tg`+981f >kY;l
rwhcl(ae
[p~mq^CJ
ydn}yn~h~dHHUKAWfoWM_S
~]^]PXSQG
"$:<."!(*0
%ieexflz-
~S^_P^SSG
|yVn{~#emk
DYS@DSCUCwmolsm{oZrw\dup
qDRYK_
f+'#-3#'($l
q_YQi[]\^
GZPCGP@V@[
m*EJwqbois]dw|Qf`{}y
2"321(6!
HwsOXJ
:sfpsau;
dwp+ehihkell|%
WDC2V{z{xv
8%/<8/?)?
Ob|jN]Z
LQ[HL[K]Kexuafwd
Rn`bog|'4+4_qdtKWS[Hf^]YSGU_nWQYA_E_OZ
lxllww{w4swa
ZejxyJ[^
|{nxdbfz/e{g
WPDCCm
o{kinhj
gM`dswm}
&>76.:
/214"$#-,:
(:!02;3
~rj@pmnk}{|rseMvbllcm
13$,+5"
fatbHuz{ps|k@lxqltd
Y^K]wAEFAUG@E~QFH
hozlF~w{f|gzpiv`Rkjz
Try}ss4au;}a{|iig#cnkjekn+i}.cecW
8>:<%?p<101:4=x&2e(*,$`j;c
nwsujl9smq
mpzimzj|jz]V@\C^H[pzCELFQT
cTlmysnM}ke~{{
&8>, #
4.(,*3)
9;?,:"{{h#()
ACGS`vu\{rsoc
Szon{|}[yoC
azi`g$mdk
gdiplus.dll
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToStream
ole32.dll
CreateStreamOnHGlobal
gdi32.dll
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
SelectObject
BitBlt
DeleteObject
DeleteDC
PR_OpenTCPSocket
PR_Close
PR_Read
PR_Write
GetProcAddress
LoadLibraryA
NtCreateThread
NtCreateUserProcess
NtQueryInformationProcess
RtlUserThreadStart
LdrLoadDll
LdrGetDllHandle
0x0CE85946
IsWow64Process
userenv.dll
CreateEnvironmentBlock
DestroyEnvironmentBlock
del "%s"
if exist "%s" goto d
@echo off
del /F "%s"
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)
Connection: close
urlmon.dll
ObtainUserAgentString
cabinet.dll
FCICreate
FCIAddFile
FCIFlushCabinet
FCIDestroy
script
Basic 
|$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW$$$$$$XYZ[\]^_`abcdefghijklmnopq
aeiouy
bcdfghklmnpqrstvwxz
RFB 003.003
PR_GetNameForIdentity
PR_SetError
PR_GetError
Content-Length
http://
NSS layer
https://
Referer
Content-Type
Authorization
HTTP/1.
Transfer-Encoding
chunked
Connection
Proxy-Connection
identity
Accept-Encoding
If-Modified-Since
QSVWQ3
<x\u+WPS
tE+\$0
j@Xj Z
D$LPVV
D$Nf;D$^u
D$Jf;D$Z
\$ <=t
\$$9L$
L$$;L$
t$,;~(u	
<!t(<-t
~ !r.j
9 A;N(r
ED$ PQ
1f;t$D
T$(;D$@
D$XPRR
D$XVSPj
D$(@v@
D$,{w@
9\$$tB3
tMSUQQ
QQSUVW
PSh<1@
D$@PQQ
D$nXf9D$hu
9D$$u=
Xf9D$hu
Y9L$0j
D$h9D$0u
L$h9L$0u|3
Yf9L$h
t4WWWW
f;t$rt
D$DPQQj
D$PPh~f
|$ WU3
tKhd>B
!_$!_(j
PSSj%S
tcjDZRS
D$ PSVW
PH_^][
D$(Ph(2@
T$<jTY
T$@SUVWj6Y
D$0;l7
T$,jZY
T$@j[Y
T$$j]Y
T$<j^Y
T$0j_Y
T$(jfY
T$LjhY
T$8jiY
T$`jkY
T$xjnY
T$LjoY
T$4jlY
T$8jsY
T$,jtY
T$$juY
D$0PSj
D$PWVU
PVWht2@
D$4j P
t$ VQj
D$Lh4D@
D$@hPD@
D$XhdD@
D$|9l$
D$0h8E@
D$Ph@E@
D$<hPE@
PPPh\E@
D$ _^][
T$PSUVW
^][_YY
VWh|>B
u"VVSh
D$ PVWj
][_^YY
D$0Pj<S
D$8PSh
t$ SPVQU
QQSUVW
_f98u	j
_^][YY
SUVWj 
,WZj	[j
j Zj	[j
_^][YY
Cj ];\$
t5Vj\^f
_^][YY
w>jDZR3
QQSUVW
_^][YY
D$  1@
u797v3
u697v2
_][^YY
F,;F8u
F4;F@r
D$ 8L*
N0;N v
O@;OHv
N4;N8s
N4;N8sZ
s,;\$<t&S
\$ ;T$$
D$\;D$`sw
D$ PUUh
GWh,H@
F(hpH@
VRhlGA
SVh`H@
QQSUVW
_^][YY
#D$$;D$$u
D$8j Yf
t$(UVW
_^][YY
<SVWj<
QSUVW3
t Vj.^f91u
QQSUVW
_^][YY
9;rcWRV
>DAVEu/
=DAVEu"
_^][YY
QQSUVf
t=f9.t8j
u>UUUU
T$(j%Y
D$8PWWj!W
WWWPhXzA
D$ PhXzA
C^_hxNB
SUVWjH
D$ Pj-S
C9\$|u$
T$$j#Y
D$hhxNB
!|$$!|$(V3
D$4+D$,3
D$8+D$0C
D$ jDZRUP
t2Ht!HuH
t/Ht"Ht
D$ +D$
t$,Wj{
D$h+D$<
D$d+D$8
\$ 9T$P
;\$P}l
L$$;\$P
!D$dF2
9D$8~R
D$d9D$
T$<;T$@
D$,;|$P
\$,9D$H
Qf;D$L
;\$H}j
t$8f9tU
;T$8}$
4C;L$8|
9D$@~j
D$p9D$lv
T$`f;D$(t 
T$`f;L$8t,
D$4;|$X
;\$L}m
|$0;\$L
l$@;T$,
9L$<~P
;L$ t,
;T$4t9
D$D;l$,
D$ ;D$P
D$XA;L$Tr
|$4;D$L
D$ ;D$P
D$lPVf
FAHtRHt+HHt	
_^][YY
|$Lh@w
D$3f9D$
f;CHsH
CLEf;kHr
D$\< t
T$@j.Y
u	j\Yj/f
4SUVWjH
T$LRWP
D$,PhtJ@
_^][YY
D$0+t$
D$4RPS
F4;F0u
D$\h8K@
w$+_$h
SUVWhlK@
SVhlK@
D$Pj>P
9L$ ve
F;t$ r
_^][YY
D$XPSS
u=SSSS
=\[EPt
=]QPGt)=OMAVt"=YISTt
=Z\AVt
<et2<d
D$#SSP
E#+E/^ZY
WaitForSingleObject
CreateRemoteThread
OpenProcess
VirtualFreeEx
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
ExitProcess
FreeLibrary
CreateDirectoryW
SetEvent
LoadLibraryW
GetFileAttributesW
CreateFileW
lstrcmpiA
GetProcAddress
WTSGetActiveConsoleSessionId
lstrcmpiW
SetFileAttributesW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetSystemTime
CreateThread
MoveFileExW
GetTickCount
GetModuleFileNameW
GetUserDefaultUILanguage
CreateEventW
WaitForMultipleObjects
GetThreadContext
SetThreadContext
VirtualAlloc
GetProcessId
GetFileAttributesExW
CreateMutexW
MapViewOfFile
UnmapViewOfFile
GetCurrentThread
SetThreadPriority
CreateFileMappingW
GetCurrentThreadId
TlsAlloc
TlsFree
GlobalLock
GlobalUnlock
GetPrivateProfileStringW
GetPrivateProfileIntW
LocalFree
ExpandEnvironmentStringsW
LoadLibraryA
GetNativeSystemInfo
GetVersionExW
GetModuleHandleW
GetCommandLineW
SetErrorMode
GetComputerNameW
VirtualFree
OpenEventW
DuplicateHandle
GetCurrentProcessId
WriteProcessMemory
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
WriteFile
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
ResetEvent
TlsGetValue
TlsSetValue
TerminateProcess
KERNEL32.dll
CharToOemW
GetShellWindow
RegisterClassA
GetWindowThreadProcessId
DefFrameProcW
DefWindowProcW
CallWindowProcW
EndMenu
CallWindowProcA
SendMessageW
GetUserObjectInformationW
RegisterClassW
HiliteMenuItem
DefMDIChildProcA
PostThreadMessageW
DefDlgProcA
GetMenuItemCount
SwitchDesktop
DefMDIChildProcW
DefWindowProcA
GetMenuState
ReleaseDC
GetClassNameW
SystemParametersInfoW
TrackPopupMenuEx
GetMenuItemRect
RegisterClassExW
GetMenu
MenuItemFromPoint
OpenDesktopW
OpenInputDesktop
DefFrameProcA
DefDlgProcW
GetSubMenu
SetKeyboardState
GetMenuItemID
GetThreadDesktop
RegisterWindowMessageW
RegisterClassExA
ToUnicode
GetClipboardData
GetKeyboardState
TranslateMessage
CharLowerBuffA
OpenWindowStationW
SetThreadDesktop
CloseDesktop
GetProcessWindowStation
CreateWindowStationW
CloseWindowStation
SetProcessWindowStation
CreateDesktopW
GetCursorPos
GetIconInfo
DrawIcon
GetMessagePos
ReleaseCapture
PeekMessageA
GetDCEx
PeekMessageW
SetCursorPos
GetCapture
GetUpdateRect
BeginPaint
SetCapture
GetWindowDC
GetMessageW
GetUpdateRgn
GetMessageA
EndPaint
ExitWindowsEx
DispatchMessageW
GetWindow
SendMessageTimeoutW
SetWindowLongW
CharUpperW
CharLowerA
GetWindowLongW
WindowFromPoint
MsgWaitForMultipleObjects
LoadImageW
GetTopWindow
IsRectEmpty
PrintWindow
EqualRect
IntersectRect
DrawEdge
GetWindowInfo
PostMessageW
FillRect
MapWindowPoints
IsWindow
SetWindowPos
GetAncestor
GetClassLongW
GetParent
GetWindowRect
MapVirtualKeyW
GetSystemMetrics
CharLowerW
USER32.dll
GetLengthSid
EqualSid
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ConvertSidToStringSidW
IsWellKnownSid
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW
ADVAPI32.dll
PathRemoveFileSpecW
StrCmpNIW
PathRenameExtensionW
StrStrIA
StrStrIW
PathRemoveBackslashW
UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
SHDeleteValueW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
PathMatchSpecW
StrCmpNIA
wvnsprintfA
PathIsURLW
PathQuoteSpacesW
SHLWAPI.dll
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
SHELL32.dll
GetUserNameExW
Secur32.dll
CoCreateInstance
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeEx
ole32.dll
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
GetDIBits
CreateDIBSection
RestoreDC
SaveDC
SetRectRgn
GdiFlush
SetViewportOrgEx
GDI32.dll
freeaddrinfo
getaddrinfo
WSAEventSelect
WSASend
WSAAddressToStringW
WSAIoctl
WS2_32.dll
CryptUnprotectData
PFXImportCertStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
PFXExportCertStoreEx
CRYPT32.dll
HttpQueryInfoA
InternetConnectA
InternetCrackUrlA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
HttpSendRequestExA
HttpSendRequestExW
InternetQueryDataAvailable
InternetReadFileExA
InternetReadFile
HttpSendRequestW
InternetQueryOptionW
InternetSetOptionA
InternetQueryOptionA
GetUrlCacheEntryInfoW
InternetSetStatusCallbackW
HttpAddRequestHeadersW
WININET.dll
OLEAUT32.dll
NetUserGetInfo
NetApiBufferFree
NetUserEnum
NETAPI32.dll
9(949@9L9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
0$0,040<0D0L0T0\0d0l0t0|0
X9\9`9d9h9l9p9t9x9|9
=)>e>x>
6j7q7w8
:-:Q:]:
6A6L6X6]6d6J7q8
?#?2?9?
-030V0
=E?^?k?
1#1>1Y1
3+333Y3p3w3
4%4X4t4
5D5j5q5
949g9z9
:1;;;E;X;
<:<L<`<t<
=-=D=o=
>)>K>Y>o>
?+?A?f?t?
0;0I0_0
2F2a2l2r2}2
3%313:3@3I3X3j3q3
4 4>4w4}4
:(;5;?;I<N<U<1?O?y?
=D>X>t>
4:5Z7i7t7
669F9Q9\9l9<:
0P3Y3f3t3~3
5>5C5W5
6(6^6r6
7/747b7i7u7
8 8)8<8F8R8^8j8v8
9J9_9n9
;~;x<A=r=L>Z>
>/?>?Q?
1"1'1,11161;1@1E1J1O1T1Y1^1c1h1m1r1w1|1
2!2&2+20252:2?2D2I2N2S2X2]2b2g2l2q2v2{2
3#30383@3E3M3R3Z3_3g3o3
4)4A4\4
5%5*52575=5D5I5O5V5[5a5h5m5s5z5
6&606:6]6i6x6
7#7?7G7i7v7
7,8I8[8
9'9,929;9A9G9M9T9Z9k9
:,:2:<:R:`:f:l:r:x:~:
;/;5;A;O;
</<5<R<X<j<s<
?2?_?f?
1$1R1`1o1}1
6,6=6G6
7Y7c7j7
8)8N8T8`8f8
: <=<D<M<[<b<j<
=8=U=r=
=5>[>j>
1-1H1[1f1
2'212X2d2{2
6!7*7o7x7
9A9]9y9
:*;2;=;D;
<,<:<W<
0&1:1e1
1!262<2X2l2}2
3$3.3?3U3n3u3
4.5J5w5
808@8z8
9!9'90969?9G9M9S9Y9
: :%:*:1:
;3<A<t<
><>V>j>
0(151N1y1
8&9S9f9
>%?8?`?x?
0@0G0m0
2!3.3a3
4$535b5
<'<4<;<\<
<4=a=q=
0%1o1u1
1(2.2P2X2z2
5_6P7p7
7+8:8H8Z8i8
9/9E9\9
:*:0:M:o:
;L;W;n;t;
<'<1<H<N<f<p<
="=8=G=^=d=
0-0?0c0
111H1v1
:":<:B:[:h:
;$;6;<;P;a;j;p;
=:=R=Z=
>">'>S>`>q>4?J?s?
 2H435
8$8D8M8
2D2R2_2e2
4P4'5S5y5
;:<Y<l<
?W?]?x?
2O2U2o2
3i4o4z4
5)5Q5|5
6M7^7h7t7
=4=Q=j=s=}=
2"3R3X3
3)484M4e4t4
6#6A6I6[6u6
:.:5:V:
0$040T0d0t0
1$141D1T1d1t1
2$242D2T2d2t2
3$343D3T3d3t3
Mathewx86
set_url
data_before
data_inject
data_after
data_end
staticconfig
encryption_key
dynamicconfig
url_loader
url_server
advancedconfigs
webfilters
webdatafilters
webfakes
file_webinjects
url_config
botnet
timer_config
timer_logs
timer_stats
remove_certs
disable_tcpserver
MultiByteToWideChar
GetFileSizeEx
GetLastError
lstrcmpiA
VirtualAlloc
CreateFileW
CloseHandle
GetVolumeNameForVolumeMountPointW
DeleteFileW
SetFileAttributesW
CreateThread
GetFileAttributesExW
ExitProcess
GetModuleFileNameW
lstrcpyW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetUserDefaultUILanguage
WideCharToMultiByte
ReadFile
WriteFile
IsBadReadPtr
GetProcessHeap
VirtualFree
GetTickCount
GetModuleHandleW
WaitForSingleObject
HeapFree
HeapAlloc
HeapReAlloc
OpenProcessToken
CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
GetLengthSid
CryptAcquireContextW
GetTokenInformation
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CLSIDFromString
CoUninitialize
CoInitializeEx
StringFromGUID2
ShellExecuteW
SHGetFolderPathW
StrCmpNIA
PathFindFileNameA
PathRemoveBackslashW
PathCombineW
PathAddBackslashW
PathRemoveFileSpecW
wvnsprintfW
LoadImageW
GetWindowTextLengthW
EnableWindow
SetDlgItemTextW
MessageBoxW
SendDlgItemMessageW
GetDlgItem
SendMessageW
SetWindowTextW
CreateDialogParamW
ShowWindow
EndDialog
DialogBoxParamW
DestroyWindow
GetWindowTextW
SetWindowLongW
`.rdata
@.data
E3M3R3Z3_3g3o]
!I5O5V5[5a5h5m
7#7?7G
7,8I8[8
RE'9,929;9A9G9M9T9Z9k
r:x:~:
</<5<R<X<j<s<
1$1R1`1o1p
6,6=6G6
7Y7c7-
N8T8`8f8
o5!7*7o7x
gC"0-y
U3n3u3
?1S9Y9
151N1yC
1j2s[&
g%?8?`
0@0G0m0
4$535b
1(2.2Pqz2
5_6P7p7
7+:8H8Z8i8
B:[:h:
=:=R=Z=
>'>S>`>qF?J?s
7/$8D8M
KR2_2e+
%X0|[;
2O2U2o2
3i4o4z
7Q=j=s=}=
Z0oU"KXC
3E84M4e4t
I6[6uu
_keyKy
rW'serv[
s!v'Ivz
,d`!web
x_<2su
/rKtAs
1&cAp;
ToSn'vHY
sUsky{H
;oENHY
soTdc\D
:<&cOu
) :[b$x)
lS{.c$$
%\hyIB+[I
0`R)i	
^I=U{I
stimer!
Clogs?l
7A@_tcp
/0<{KpPf
K<qQ4$Qh
uoM0,)
ND==ng
V2 &i`
aogi#h
XPTPSW
`beQ-04
1`cgx-04
7rtwmOQU
(stwX:=@
xyzeSUX
58<p$',
%024<Z]_>suw@
z|~hopt
Kpqtp<=A
mosT36;
`cfv%(-
egjq69<
Ffikc369
?BG\UX]
ORVl>AE
uvv+jkkw46:
MPTZwz~/58=
bdeKlnq
0y|~L@CGq
A $)s]ad
2bde9ceg:
4)+-V<>@X_bdY
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"/></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo></assembly>
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
ole32.dll
SHELL32.dll
SHLWAPI.dll
USER32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
GetLengthSid
InitCommonControlsEx
GetSaveFileNameW
CoUninitialize
ShellExecuteW
StrCmpNIA
EndDialog
KERNEL32.DLL
MultiByteToWideChar
GetFileSizeEx
GetLastError
lstrcmpiA
VirtualAlloc
CreateFileW
CloseHandle
GetVolumeNameForVolumeMountPointW
DeleteFileW
SetFileAttributesW
CreateThread
GetFileAttributesExW
ExitProcess
GetModuleFileNameW
lstrcpyW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetUserDefaultUILanguage
WideCharToMultiByte
ReadFile
WriteFile
IsBadReadPtr
GetProcessHeap
VirtualFree
GetTickCount
GetModuleHandleW
WaitForSingleObject
HeapFree
HeapAlloc
HeapReAlloc
ADVAPI32.dll
OpenProcessToken
CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
GetLengthSid
CryptAcquireContextW
GetTokenInformation
COMCTL32.dll
InitCommonControlsEx
COMDLG32.dll
GetSaveFileNameW
GetOpenFileNameW
ole32.dll
CLSIDFromString
CoUninitialize
CoInitializeEx
StringFromGUID2
SHELL32.dll
ShellExecuteW
SHGetFolderPathW
SHLWAPI.dll
StrCmpNIA
PathFindFileNameA
PathRemoveBackslashW
PathCombineW
PathAddBackslashW
PathRemoveFileSpecW
wvnsprintfW
USER32.dll
LoadImageW
GetWindowTextLengthW
EnableWindow
SetDlgItemTextW
MessageBoxW
SendDlgItemMessageW
GetDlgItem
SendMessageW
SetWindowTextW
CreateDialogParamW
ShowWindow
EndDialog
DialogBoxParamW
DestroyWindow
GetWindowTextW
SetWindowLongW