Sample details: 61b11b9e6baae4f764722a808119ed0c --

Hashes
MD5: 61b11b9e6baae4f764722a808119ed0c
SHA1: 29362d7c25fbb894b3ac9675b4e7770682196755
SHA256: 07529fae9e74be81fd302d022603d9f0796b4b9120b0d6131f75d41b979bbca5
SSDEEP: 6144:tZy/41FQ53iGdjw+SsZy5ZhRdbMe79r+Z/r23w4+42/LSUf8:tl1mlSsZy5Hbra/rk32TSk8
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v2xx_CopyMem_II_additional | YRP/Microsoft_Visual_Cpp_70_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/System_Tools | YRP/WMI_strings | YRP/network_dns | YRP/screenshot | YRP/keylogger | YRP/spreading_file | YRP/rat_webcam | YRP/win_registry | YRP/win_files_operation | YRP/win_hook | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/BASE64_table | YRP/VC8_Random | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | FlorianRoth/Explosive_EXE | FlorianRoth/Explosion_Generic_1 | FlorianRoth/Explosive_UA |
Source
http://94.130.104.170/07529fae9e74be81fd302d022603d9f0796b4b9120b0d6131f75d41b979bbca5
Strings
		!This program cannot be run in DOS mode.
DRich[
`.rdata
@.data
.shared
^<9^<u
8;^(r	
t	;Ftt
MDG;}\r
HN#u<;t
~(9~$u
F$WWWWW
VHWWWWW
FP;FTt
t&97u"j
Ht>Ht*H
uK9^<u
FP_9^Xtx
YYu}9E
uJ9^<u
FP_9^Xtv
YYu{9E
PWhP4D
vzSSSS
VSh<1D
VSh<1D
RShp5D
RSh$5D
SSh<1D
w9} vK
E HPSWV
u0SWVP
t2hL7D
SVhh7D
#t#HHt
(t9HHt&
L$,_^][d
<8\YVt
QQSVW3
QWPhjIA
QWPhz,A
SWSSSSSSh
r2hHCD
VSh 5D
VSQPh0/D
WSh 5D
t?hXDD
t?hLDD
VSh 5D
SVhx`E
WShtKD
WSh`KD
WShHKD
WSh0KD
SShLOA
u%SSh;
PWhP4D
u0SWVP
u2hx1D
r AA@@;M
PShP4D
PWj0_W
E$HPSWV
u0SWVP
< t<<$t3<+t*<vu2
< t<<$t3<+t*<vu2
< t9<$t0<+t'<vu/
VC20XC00U
pd;5LpE
u,hoaC
QQSVWd
t.;t$$t(
xd;=LpE
.;1s(N
HHteHHtPHt+H
atxHtfHt'Ht
SWVt,j
tIHt,Ht
te<%t4
PPPPPPPP
j`hX\D
j8hh\D
FVh8>D
t!SS9]
F,98uX
t%<.u(
PWh8>D
u5SSWh8>D
E SSSS
sVS;7|B;w
pd;5LpE
j@h(dD
j$h@dD
E VVVVW
FT=HtE
HHt`HHt\
GWh8>D
zu^SSS
Yt:SVW
;F(r(8_
>:u>FV
E;=HxE
VVVVVUWUUj
VVVVVj
btFHt+
t$<"u	3
QQSVW3
t#SSUP
t$$VSS
_^][YY
WWWWVSW
t2WWVPVSW
C PjPVj
C$PjQVj
C*PjTVj
C+PjUVj
C,PjVVj
C-PjWVj
C.PjRVj
C/PjSVj
It[IItM
PPPPPPPP
v	N+D$
HHtjHHtF
VWumhx{D
t|h\{D
u+WWSW
t!VV9u
SVWj ^
+t"HHt
YYtGhD|D
YYt3h<|D
YYt"h4|D
uxhP|D
vBWSSSj
Qkkbal
 inflate 1.1.3 Copyright 1995-1998 Mark Adler 
 unzip 0.15 Copyright 1998 Gilles Vollant 
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
need dictionary
==gKg5XI+BmK8oCYxEFQXNSR0IXMgpiP
Delete
NoRemove
ForceRemove
\wship6
\ws2_32
freeaddrinfo
getnameinfo
getaddrinfo
OpenClipFn
registerapp
%i && exit
 /c taskkill /f /PID 
PathProcess
ct_tally: bad match
invalid length
output buffer too small for in-memory compression
wild scan
no future
insufficient lookahead
more < 2
invalid distance code
invalid literal/length code
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
bad cast
inconsistent bit counts
too many codes
not enough codes
bad d_code
bad pack level
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
incorrect data check
incorrect header check
invalid window size
unknown compression method
%s%s%s
ct_init: 256+dist != 512
ct_init: dist != 256
ct_init: length != 256
bad compressed size
<NULL>
<~||~>
(Default)
<~`|~`>
(%d) %s
<~*|~*>
HKEY_CURRENT_USER
\HKEY_LOCAL_MACHINE\
\HKEY_CURRENT_USER\
<~#|~#>HKEY_LOCAL_MACHINE
Couldn't access system information!
errorx
vim.sys
AWindows Help
 %Y-%m-%d
NULL NULL|
%s %s|
" type= own type= interact error= ignore start= auto DisplayName= "
 binPath= "
 /c sc create 
 /c sc stop "
 /c sc start 
invalid map/set<T> iterator
==gKg5XI+BmK
\%s-%i.%i.%i.%i.%i.%i.dat
</b></font></li><ul>
<li><b><font color="maroon">The Active Window Title:
<font color="navy" style="font-size:11px"><strong> [RSHIFT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [LCTRL] </strong></font>
<font color="navy" style="font-size:11px"><strong> [RCTRL] </strong></font>
] </strong></font>
<font color="navy" style="font-size:11px"><strong> [
<font color="navy" style="font-size:11px"><strong> [LSHIFT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [DOWN] </strong></font>
<font color="navy" style="font-size:11px"><strong> [PRINT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [INSERT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [DEL] </strong></font>
<font color="navy" style="font-size:11px"><strong> [right] </strong></font>
<font color="navy" style="font-size:11px"><strong> [END] </strong></font>
<font color="navy" style="font-size:11px"><strong> [left] </strong></font>
<font color="navy" style="font-size:11px"><strong> [UP] </strong></font>
<font color="navy" style="font-size:11px"><strong> [ESC] </strong></font>
<font color="navy" style="font-size:11px"><strong> [BK] </strong></font>
<font color="navy" style="font-size:11px"><strong> [TAB] </strong></font>
<font color="navy" style="font-size:11px"><strong> [Enter] </strong></font><br>
<font color="navy" style="font-size:11px"><strong> [CAPLOCK] </strong></font>
TmpZip.sys
==gKg5XI+BmK90TUyMDN1YTWI5kQkUjN
^*!#^`|
%drp.exe
%s_%s%d.exe
autorun.exe
OCreateNewFile
==gKg5XI+BmK==wd2hWZsBnLlhXZ
==gKg5XI+BmK==gOcx1dp52clNmLkxGb
:\autorun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
UNKNOWN
==gKg5XI+BmK==gL0NmLkFGd
==gKg5XI+BmK==gL0BnLkFGd
System
%username%
==gKg5XI+BmK3hWZsBXZypnLzl3c
==gKg5XI+BmK=cHalxGclJnLzl3c
==gKg5XI+BmK=QWY0FmLzl3c
==gKg5XI+BmK==AapNnLzl3c
==gKg5XI+BmK=oXatJjLzl3c
==gKg5XI+BmK=oXatBjLzl3c
==gKg5XI+BmK==gep1mLzl3c
==gKg5XI+BmK==gdp1mLzl3c
==gKg5XI+BmKcxldoRWY0FmLzl3c
==gKg5XI+BmK==AXcZHazRWY0FmLkFGd
##EndData##
##Data##: Active Window--> 
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727)
Host: 
 HTTP/1.1
s failed with error: %ld
0.0.0.0
==gKg5XI+BmKhBXauUGe0VmcuFGbpBnLuVGd
==gKg5XI+BmK3d3ducHahR3ctlXawJjLz9WblVmLj9Wb
==gKg5XI+BmK=0WYrR3bvJmL5FGav9mLj9Wb
==gKg5XI+BmK3d3duIWaudmLj9Wb
==gKg5XI+BmK==wZv92ZsVmLj9Wb
==gKg5XI+BmK=c3d35SbpNmcvN3bmRnLj9Wb
==gKg5XI+BmK==QbpNmcvN3bmRnLj9Wb
http://
?win=4
open=autorun.exe
[autorun]
:\autorun.inf
!W$TGT%$$s
==gKg5XI+BmK=cVauR2b3NHIIVGbwByUlJndpNWZ
==gKg5XI+BmKXlmbk92dzhUZsB3UlJndpNWZ
WService
SetWinHoK
map/set<T> too long
Program Manager
<*ENUM*>
==gKg5XI+BmK=oSVupVawpCP
==gKg5XI+BmKqoVawpCP
==gKg5XI+BmK==gKDVHdQF2c0VmRpxWZzpCP
==gKg5XI+BmK=oyQvBXeQF2c0VmRpxWZzpCP
==gKg5XI+BmK=oCRlxWZ0VmRpxWZzpCP
==gKg5XI+BmK=wTIq82aqEiP
GetAllData
GetIEHistory
==gKg5XI+BmK=oyQslGci9WYyRGTvdmK
==gKg5XI+BmK=oySllHTvdmK
==gKg5XI+BmK==gKEVXbwhUazRnK
==gKg5XI+BmK==gKEVXbwBVYzNnK
==gKg5XI+BmK=oyUjNFavRnK
==gKg5XI+BmKqcUZ0ZUasVmK
" /s /q & exit
cmd /c RMDIR "
==gKg5XI+BmKqQUZsRUaypCP
==gKg5XI+BmKqEEZkRUaypCP
==gKg5XI+BmK==APqA2cppXZgpiP<%d>
==gKg5XI+BmK=oSRuVXbXlmbk92dzpCP
 is closed
 is open
The command completed successfully.
==gKg5XI+BmKqQVZs5WZ0pCP
==gKg5XI+BmK==gKHVGdSV2ZWFGb1VmK
==gKg5XI+BmK=oSRuVXbS92b0tUZ5NnK
==gKg5XI+BmK==gKF5WdttUZ5NnK
==gKg5XI+BmK==gKF5WdtdVauR2b3NnK
==gKg5XI+BmKqIVduNUbkpCf
==gKg5XI+BmKqcUZ0RkcpZXZzpCP
==gKg5XI+BmKqsUasxGUy92YlN3c
==gKg5XI+BmKqwUazRHUy92YlN3c
==gKg5XI+BmK==gKHVGdEJXa2V2cG9GbkVmc
==gKg5XI+BmKq8Ecl5GUGpyW
==gKg5XI+BmK==gKqMEbvNXZGlGblpiK
%d:%s:
error.renamefile
.renamefile
==gKg5XI+BmK=oiRpxWZTVmbkpCP
==gKg5XI+BmK=wTIqIVRSVlTqEiP
==gKg5XI+BmK==APhoySJxETqEiP
& RMDIR "%s" /s /q & DEL /q "%s"  & DEL /f /q "%s" & DEL /f  /q "%s" & DEL /f /q "%s" & DEL /f /q "%s" & DEL /f /q "%s" & sc stop %s & sc delete %s & exit
/c taskkill /f /PID 
==gKg5XI+BmK8EiKEVETqEiP
==gKg5XI+BmK==APhoSRuRGVhN3aqEiP
==gKg5XI+BmK8oCYF9kRgpiP
==gKg5XI+BmK8EiKj9mbuV2Y092aqEiP
==gKg5XI+BmK=wTIqIXZyVnbqEiP
==gKg5XI+BmK8EiKzV2Y1JXZk92aqEiP
<!*secure*!>
</PORT>
<PORT>
==gKg5XI+BmK3ZHalxGc
==gKg5XI+BmK==AXcdXauR3Y
==gKg5XI+BmK==AXcdXauRHc
:DLD-C0
DLD-C0:
:DLD-C
DLD-C:
:DLD-E
DLD-E:
:DLD-P
DLD-P:
:DLD-S
DLD-S:
?win=1
:DLD-D
DLD-D:
:DLD-ACT
DLD-ACT:
:DLD-USI
DLD-USI:
:DLD-NTI
DLD-NTI:
:DLD-IH2
DLD-IH2:
:DLD-IH1
DLD-IH1:
:DLD-IHC
DLD-IHC:
:DLD-PRT
DLD-PRT:
:DLD-IP
DLD-IP:
:DLD-ST
DLD-ST:
:DLD-SN
DLD-SN:
:DLD-RCH
DLD-RCH:
:DLD-RN
DLD-RN:
:DLD-RL
DLD-RL:
:DLD-TN
DLD-TN:
==gKg5XI+BmKcx1dp52clNmLkxGb
\Secure
==gKg5XI+BmK=0UajJ3bz9mZ0BCSlxGc
/c type "
Access Is Ok
==gKg5XI+BmKcx1dhN2YlN3c
WINDIR
127.0.0.1
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
ios_base::eofbit set
ios_base::failbit set
ios_base::badbit set
invalid string position
string too long
0123456789abcdefABCDEF
bad allocation
+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v+ $v $++$ v+$ v$ v++$ v$ +v
:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
CorExitProcess
mscoree.dll
Unknown exception
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
Microsoft Visual C++ Runtime Library
Program: 
<program name unknown>
A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state.  The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
kernel32.dll
`h````
ppxxxx
(null)
GAIsProcessorFeaturePresent
KERNEL32
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
runtime error 
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Runtime Error!
Program: 
InitializeCriticalSectionAndSpinCount
Paraguay
Uruguay
Ecuador
Argentina
Colombia
Venezuela
Dominican Republic
South Africa
Panama
Luxembourg
Costa Rica
Switzerland
Guatemala
Canada
Spanish - Modern Sort
Australia
English
Austria
German
Belgium
Mexico
Spanish
Basque
Sweden
Swedish
Iceland
Icelandic
France
French
Finland
Finnish
Spanish - Traditional Sort
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
GetDesktopWindow
SendMessageA
ReleaseDC
CloseClipboard
GetClientRect
GetClipboardData
OpenClipboard
BeginPaint
GetSystemMetrics
GetWindowTextW
GetWindowTextLengthW
GetForegroundWindow
GetKeyNameTextA
ToUnicodeEx
MapVirtualKeyExA
ToAscii
MapVirtualKeyA
GetKeyState
GetKeyboardState
GetKeyboardLayout
GetWindowThreadProcessId
CallNextHookEx
DefWindowProcA
CreateWindowExA
RegisterClassExA
MsgWaitForMultipleObjects
PeekMessageA
GetWindowTextA
IsWindowVisible
EnumWindows
USER32.dll
GetProcessMemoryInfo
PSAPI.DLL
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
OpenProcess
GetCurrentProcessId
FileTimeToSystemTime
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
SystemTimeToFileTime
GetLocalTime
LocalFileTimeToFileTime
CreateDirectoryA
GetFileAttributesA
GetCurrentDirectoryA
SetFileTime
UnmapViewOfFile
GetTickCount
InterlockedDecrement
SetCurrentDirectoryA
SetFileAttributesA
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
GetLastError
CreateProcessA
CreatePipe
MoveFileA
GetCompressedFileSizeA
CopyFileA
GetComputerNameA
ExpandEnvironmentStringsA
GlobalUnlock
GlobalLock
CreateThread
GetModuleHandleA
CreateEventA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpA
CopyFileExA
WinExec
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
LocalFree
KERNEL32.dll
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GDI32.dll
SetServiceStatus
RegisterServiceCtrlHandlerA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
DeleteService
StartServiceCtrlDispatcherA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
ole32.dll
OLEAUT32.dll
capCreateCaptureWindowA
AVICAP32.dll
DeleteUrlCacheEntry
InternetCloseHandle
WININET.dll
WS2_32.dll
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipCloneImage
GdiplusStartup
gdiplus.dll
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
ExitThread
ResumeThread
RtlUnwind
GetCPInfo
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapReAlloc
CompareStringA
CompareStringW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetOEMCP
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
SetStdHandle
SetEnvironmentVariableA
SetEndOfFile
FileTimeToLocalFileTime
RemoveDirectoryA
GetFullPathNameA
http://www.microsoft.com/en-us/default.aspx
whelper.sysn
;;`vdO6$
V|WG#/
tHWY\]
D72u:D
8OSRjM
xc&]i:
\a"%cQ
Bbm^a_
DlE9Y+
%iPGd,
S!!NeF
xIdmai
T}I;nl
(BK3g-
zZ]su%l$N
Wo$\,l
OBv6NT
if:eAw
CzUcEp
hU~y`	
tlrE2h
nr<rwT@
e#A62$
7%_t.d
:}5;FDE
L2@w`X
R?'_YY^
\dn!:u
<Z9V/)
xQ*9R1w
0+d@M%
'U"kkt
44_b5R
,7c*w'
QU'73;
Bh@qRR6
7g%IOy
r-91kfm
,jY7(U
:+n[]Yx
FBG1V^O
pw*QX1
/-RzI:
IYuL>b
DrE]VU
vBFp."t
A53Xywn=Oy
xb^6bt
s%cdq{
H]a^1,;
[!'I(M>
<OU+$=
g4f s,wH
Sj&^-4y
vtuIB2
qS;r23*
pq-MV@E
.)?;^f
whelper.sysPK
.?AVexception@@
.?AVbad_cast@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVlength_error@std@@
.?AV_com_error@@
.?AVfacet@locale@std@@
.?AV_Locimp@locale@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
.?AVruntime_error@std@@
.?AVfailure@ios_base@std@@
.?AVcodecvt_base@std@@
.?AUctype_base@std@@
.?AV?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$ctype@D@std@@
.?AV?$codecvt@DDH@std@@
.?AV?$numpunct@D@std@@
Copyright (c) 1992-2001 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVbad_alloc@std@@
.?AUmessages_base@std@@
.?AUmoney_base@std@@
.?AUtime_base@std@@
.?AV?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$codecvt@_WDH@std@@
.?AV?$codecvt@GDH@std@@
.?AV?$ctype@_W@std@@
.?AV?$ctype@G@std@@
.?AV?$collate@_W@std@@
.?AV?$messages@_W@std@@
.?AV?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$_Mpunct@_W@std@@
.?AV?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$collate@G@std@@
.?AV?$messages@G@std@@
.?AV?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$_Mpunct@G@std@@
.?AV?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$numpunct@_W@std@@
.?AV?$numpunct@G@std@@
.?AV?$moneypunct@_W$0A@@std@@
.?AV?$moneypunct@_W$00@std@@
.?AV?$moneypunct@G$0A@@std@@
.?AV?$moneypunct@G$00@std@@
.?AV?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$collate@D@std@@
.?AV?$messages@D@std@@
.?AV?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$_Mpunct@D@std@@
.?AV?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$moneypunct@D$0A@@std@@
.?AV?$moneypunct@D$00@std@@
.?AV?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVtype_info@@
wwwwwp
tdelv||~
DtlvLv
Eddtext
l|lv|x
FDlFFLlee
tl|gFv
deFv|lv
FTddtv
klppqojke
>IKNUUVb``]]HFe
)68IIKNUUVV``H]XXWEe
	!#68>IINUUVVVaaa]]XXWF|
!!77I8>69)E-.EHa]]XX]XFs
!!7!)kt
t>+H]]X]X]Gn
.H]][]]Ex
m+HaH]HaF
 ``a`a`>
4q*T`````n
z-TVV`V>
eGVVVVSs
78>AJu
*VVU`U>
88AIIAN5
FVUSSK}
hCCB1A
7778>IIIA
z:UKSKSg
$$$8788IIAu
)FUKGJ5
#%%$7'7888IIA
t@:KJJ4
%%'%''778867w
{^RRRCO72"
%%%%'''7
yc^RRR
(('%''%$
{cc^^C
AIII7?
!(A17''
7BBIBBII;I8I>6
>CBBBBIAA8AA8
8CBOBBBBAAAAA
8OOBBBBBBAB8?
IOOOOCBBBAAA
IROOOBOBBBAy
ARRROOOCBBk
I^RRROOCCk
B^cRRRROr
ccbcRRQ
cccbRu
bWTTTd
46?ABLIGE3
46AA@LIIGFC\
$ ^ (,GGFD-
!EIII*
*<LLL\
m'/4'46
m*//4'&&&`
r00//*4&
r0<00**&{
u===0=*9
vJJ>>0:
SRRROOJM
QJOSiiSOJQ
FAm;]jh"
MOQKS41rm
KS@Il[
r'$SKQO_3^
JgB:k>
QLcC:1
OLd_CHG=YdLO
QJOSiiSOJQ
@@AFTTU|]]^
888#ZZ[kggh
``agppq
^^_<oop
gghXvvw
sst/xxy
sst	uuv
sst&wwx
sst*wwx
sst8{{|
sst[{{|
sst7vvw
sst]vvw
sst]sst
sstZsst
sstZsst
sst*sst]sst
sst]sst*
jjkjjkjjkjjkjjkjjkjjkjjkjjkjjkjjkjjk
jjkuuvxxy
xxyuuvjjk
jjk|||
|||jjk
jjkxxy
yyzjjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjkxxy
xxyjjk
jjk|||
|||jjk
jjkuuvxxy
xxyuuvjjk
jjkjjkjjkjjkjjkjjkjjkjjkjjkjjkjjkjjk
rqrFrqr
rqr rqr
rqr rqr
rqrFrqr
rqr rqr
rqr rqr
rqrFrqr
DLD-VR:v2:
DLD-VR:v2:
DLD-VR:v2:DLD-VR=DLD-TN:69@120@112@108@111@115@105@118@101@45@52@52@51@:DLD-TN
DLD-RCH:false:DLD-RCH
DLD-RL:0:DLD-RLCDLD-RN:87@105@110@100@111@119@115@32@72@101@108@112@101@114@:DLD-RN@DLD-SN:87@105@110@100@111@119@115@72@101@108@112@101@114@:DLD-SNCDLD-ST:87@105@110@100@111@119@115@32@72@101@108@112@101@114@:DLD-ST
DLD-IHC:true:DLD-IHC
DLD-IH1:13:DLD-IH1
DLD-IH2:15:DLD-IH2
DLD-NTI:500:DLD-NTI/DLD-IP:54@57@46@54@52@46@57@48@46@57@52@:DLD-IP
DLD-PRT:52@52@51@:DLD-PRT
DLD-USA:0:DLD-USA
DLD-USI:false:DLD-USI
DLD-ACT:true:DLD-ACT
DLD-D:104@116@116@112@58@47@47@115@97@118@101@119@101@98@46@119@105@110@107@46@119@115@47@118@50@47@52@52@51@47@105@110@100@101@120@46@112@104@112@:DLD-D
DLD-S:redotntexplore:DLD-SHDLD-P:47@118@50@47@52@52@51@47@105@110@100@101@120@46@112@104@112@:DLD-P
DLD-E:.info:DLD-EYDLD-C:119@105@110@100@111@119@115@45@104@101@108@112@45@115@101@114@118@105@99@101@:DLD-C[DLD-C0:119@105@110@100@111@119@115@45@104@101@108@112@45@115@101@114@118@105@99@101@:DLD-C0