Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: d35c88b0bcffd9bb2d6e4ccd78a4548e --

Hashes
MD5: d35c88b0bcffd9bb2d6e4ccd78a4548e
SHA1: 9d59d76132c57ceb14364ad1c32dd3ea2e22b3a6
SHA256: 57498339f11ec7e5fc1b3fcef9bf3c209449d08fd4920c3e752e3b45019d27ae
SSDEEP: 12288:3Cp0jH/Op7QgxtyN+R5KFMbqBfQdQRyeorWsdnHp9ZpGFTrtXp:3Cp0jfO+7MRAFMbqVQSfcRpR+rtXp
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasModified_DOS_Message | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/screenshot | YRP/keylogger | YRP/win_files_operation | YRP/win_hook | YRP/CRC32_poly_Constant | YRP/RijnDael_AES_CHAR | YRP/RijnDael_AES_LONG |
Parent Files
6feeb2ca7a2654a6f9d1b718a2d50122
Strings
		!Require Windows
`.rdata
@.data
QQSVWh
hSVWj@
t*h<vA
PSSSSSSh 
t3h|vA
ItaIt4IuQf
@@f98u
utj"j Pj:h
YYu$j	V
9u0t V
uDh0wA
>"t"h$
CCf9;u
uDhHwA
uDh\wA
_8Wh=v@
9^8u W
9nHu%3
twHtPHt H
QQSUVW
_^][YY
T$ 9T$
|$D;T$ 
;L$ds3
;T$hs)
D$(;D$
D$(;D$
L$(;L$
9F _^]
9nLtq;
D$ 9F$
L$0_^]
T$0_^]
D$0_^]
D$0_^]
T$0_^]
D$0_^]
;wTt+P
;w(t>P
BBFFf;
8] t09
F 9~ r
F(;F0r
H0;N0t
8^ht6h
MLQh`tA
E49uPr
Ep9}pu
ttNt_Nt.Nt
t6NNt$
_^][YY
x0C;^D|
Ep8XTt
U\;P0|
uf9]hua
UhX9Ed
u[9]huV
Et;FD|
Ex;Fl|
MxA;Mt
E|@;E(r
EL;E\r
EH;EXr
E`@;E|r
MxA;Mt
9~|~!;~pt
YG;~||
<A@C;F
SetThreadPreferredUILanguages
kernel32
SetProcessPreferredUILanguages
IMAGES
STATIC
GetNativeSystemInfo
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
riched20
:Language:%u
Enter password:
Insufficient physical memory.
Extracting may take a long time.
Do you want to continue?
Not enough free space for extracting.
Do you want to continue?
: warning
7z SFX: 
7z SFX: warning
	0x%08x
	0x%08x
Application error:
Exception code:
	0x%08x
Address:
	0x%08x
Exception data:
Finish
Error in command line:
 "%s".
Could not overwrite file "%s".
 "%s".
Could not create file "%s".
Cancel
 "HelpText" 
No "HelpText" in the configuration file.
Really cancel the installation?
Extraction path:
Extraction path
7-Zip: 
7-Zip: Extraction error.
7-Zip: 
 0x%08X.
7-Zip: Internal error, code 0x%08X.
7-Zip: 
7-Zip: Internal error, code %u.
7-Zip: 
7-Zip: Data error.
The archive is corrupted, or invalid password was entered.
7-Zip: 
 (CRC).
7-Zip: CRC error.
7-Zip: 
7-Zip: Unsupported method.
 "%s".
Error during execution "%s".
 "setup.exe" 
Could not find "setup.exe".
 "%s" 
Could not find command for "%s".
 "%s".
Could not delete file or folder "%s".
 "%s".
Could not create folder "%s".
Error in line %d of configuration data:
Could not write SFX configuration.
Could not read SFX configuration or configuration not found.
Non 7z archive.
 "%s".
Could not open archive file "%s".
Could not get SFX filename.
Extracting
: error
7z SFX: 
7z SFX: error
7z SFX
 - Copyright (c) 2005-2012 
	1.6.0 develop [x86] 
 2712 (30 
 2012)
 7-Zip - Copyright (c) 1999-2011 
	9.22 beta (18 
 2011)
SFX module - Copyright (c) 2005-2012 Oleg Scherbakov
	1.6.0 develop [x86] build 2712 (December 30, 2012)
7-Zip archiver - Copyright (c) 1999-2011 Igor Pavlov
	9.22 beta (April 18, 2011)
Supported methods and filters, build options:
Could not allocate memory
7-Zip SFX
Sorry, this program requires Microsoft Windows 2000 or later.
123456789ABCDEFGHJKMNPQRSTUVWXYZ
SetWindowTheme
uxtheme
out of memory
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
GDI32.dll
MSVCRT.dll
ole32.dll
OLEAUT32.dll
SHELL32.dll
USER32.dll
GetFileSize
SetFilePointer
ReadFile
WaitForMultipleObjects
GetModuleHandleA
SetFileTime
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetCurrentDirectoryW
GetDriveTypeW
CreateFileW
GetCommandLineW
GetStartupInfoW
CreateProcessW
CreateJobObjectW
ResumeThread
AssignProcessToJobObject
CreateIoCompletionPort
SetInformationJobObject
GetQueuedCompletionStatus
GetExitCodeProcess
CloseHandle
SetEnvironmentVariableW
GetTempPathW
GetSystemTimeAsFileTime
lstrlenW
CompareFileTime
SetThreadLocale
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
ExpandEnvironmentStringsW
WideCharToMultiByte
VirtualAlloc
GlobalMemoryStatusEx
lstrcmpW
GetEnvironmentVariableW
lstrcmpiW
lstrlenA
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
LoadLibraryA
GetProcAddress
GetModuleHandleW
ExitProcess
lstrcatW
GetDiskFreeSpaceExW
SetFileAttributesW
SetLastError
GetExitCodeThread
WaitForSingleObject
CreateThread
GetLastError
SystemTimeToFileTime
GetLocalTime
GetFileAttributesW
CreateDirectoryW
WriteFile
GetStdHandle
VirtualFree
GetStartupInfoA
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
memcpy
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memset
_wcsnicmp
strncmp
wcsncmp
malloc
memmove
_purecall
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW
GetWindowLongW
GetMenu
SetWindowPos
GetWindowDC
ReleaseDC
GetDlgItem
GetParent
GetWindowRect
GetClassNameA
CreateWindowExW
SetTimer
GetMessageW
DispatchMessageW
KillTimer
DestroyWindow
SendMessageW
EndDialog
wsprintfW
GetWindowTextW
GetWindowTextLengthW
GetSysColor
wsprintfA
SetWindowTextW
MessageBoxA
ScreenToClient
GetClientRect
SetWindowLongW
UnhookWindowsHookEx
SetFocus
GetSystemMetrics
SystemParametersInfoW
ShowWindow
DrawTextW
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
IsWindow
EnableMenuItem
GetSystemMenu
CreateWindowExA
wvsprintfW
CharUpperW
GetKeyState
CopyImage
,!@Install@!UTF-8!
,!@InstallEnd@!
.?AUCInBufferException@@
.?AUCOutBufferException@@
.?AUCSystemException@@
.?AVCInArchiveException@N7z@NArchive@@
GenuineIntelAuthenticAMDCentaurHauls
.?AVtype_info@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.6.0.2712" name="7-Zip.SfxMod" type="win32"></assemblyIdentity>
<dependency><dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df"></assemblyIdentity>
</dependentAssembly></dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security>
<requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges>
</security></trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
</application></compatibility>
</assembly>PA
;!@Install@!UTF-8!
InstallPath="%appdata%\\windos"
GUIMode="2"
OverwriteMode="8"
SelfDelete="1"
RunProgram="%appdata%\\windos\\amddriv.exe"
Shortcut="Tu,{%appdata%\\windos\\amddriv.exe},{},{},{intel},{cpuhandle},{},{},{}"
;This SFX archive was created with 7z SFX Builder v2.1. (http://sourceforge.net/projects/s-zipsfxbuilder/)
;!@InstallEnd@!7z
K2[J Y
\zu^P/
^;{k$k@
 3&eN5
29D9"M-
:vd~3_&gK8
Ht6b!s
cz"m66n{r
71]paD
f{4Ax=%
F@>T-C
m#o-q@=
?nVf.1
mEHS1N
YRMT't#
(\{er;T
{F7i9b%S
1O;,xl
+39{c.f
G~_MnE
%__-}i
nH!:!%
&%=@mw
R[I6r8
nRDa/h3.
gpN?yC
_i~/#Z
ktbj_E
si9@R~
" ~vRQ
2pc-Y%
QBJ@g4
1-9q`}
{izi9<.1
0]><2V
6y=(Q>I\
QhDwO$
AlNyKH7\
AQ(T?iG
C$ ZHF
EVKF%L
$}AK'!
vCvP]$
A(u+a^
Oc^t2eT{F
<?5p|bC
6W&;k_u
`Gx%~.f!
*Y*1?T
@,a0vi
s>EHGD9
W>O$@9
{dHkCh
AW\? m
Cm)PL&
lqt&V,
sGMo/o
DQd/M;o-
!R{E t
.k)VS)
|l:*60
F-<)>~
5J+eoS
!IU?((
OK[L%v
qx}[*|t
it	8^/
EVNeGG
Bjf{hJ
IkkvSN
Hlz|+k3
>:}9:K<
anG0$6
xiD}s1
,Ex}Fn7rkCZ
4PIih&K
r63l"q
t]L;y? 
0(` Lo
l7V;:,
q)Ut#l
q-]JBw
I5+fX{m
9~\w1#u
z|ZVX2ne
Y%RZxC
cjU!sF-m}
IS!:c!
-?wP})
!Y{Q`w
z,9!g-
+|=l{P
O"7oyR
~[~5.Lc8M(0
aCPrg+
 j3ri;
N1b9gV
i6-A_{
EWn7j|
885:(N
8F%$o-
Z]{$rd
QJ4;T{
?t<"}`
?OmAKb\l<
,Ez65F&
=(7FjR
i0zh)Cf
'pw}I2
~wg2v,L
T;[Y5r
znk&NZs08V
M/C(sdJ
*D)hbS
cGiww7r
MIaY0-QL{Z.
!;nJz%+N
XTW+0i8
F%MGl&O
]qZ-Z]]
Xx .eQS
,xz2B_]
F--)=D
;J/._$z
oMEbJM	
tT #Ehj
h11N\C
\;ZiV]
KX(b%6
5agQ6@6W
R%OpF2O
{G7Dm7
^$T1^ P^|
a8qD+z
sR;~:%
5^k~Q'w
-*=qCB
'afbnU
pEF"u^+
#Urv+?
g]Mvk{
ah*)}P
H)HPF^ 
E^)6lM
@vB;k"
b?^nhV
ccr?Ol
\&1~oB8
ag{|Yu0
}v\K^JQ
XhJ@4:
2o:qwM(
Y,YRU;FK.
mZ]{Li
Yk0O I
?kDTHxV
kbm<PI
n|2V|H"F
+`k{@r
`}0<~j
Xq~!C\
65g7*`
(JCrTb
y0l`u7
:2Xi^~
=<W(H,
/m}[0.
(b<NrrT3*JbemX
k(zR{V
6A+ 53m
'Tz;H`r
TCst5@
`BB7ZsZ]D
Iz)DmNKcivN
yF>`D"q
tfSdy5
H9c|2W
?NT*Ynm
?!KW-oF
'3.3=\
IUP) p5\
KaWH m
j/D!/Z
52{Lg!
Q/GFd5
`C),c:@
Gy:~ICS@
9P*YJ)
ie2D0x
*Q^nDHnX
Tl5~xo
:|aUv0
,Wt%UN
	N!Q6G
3Y%$nN
I|9KZgG
[unZ7O
M=OVw>dp
ceDmn$z
nS$A5Mx
@9k?j~s
A5}:|e
Hr%Ye+
=\|g5e!
m;	}D6@
8mL#gW{
xN-/0n
gfH NA
B^b8B/
L<hH'Z
)Zcj'H
Pu	Tl*
:scF%\V
-G}b^g#
vGxwPh?
"OZrE!
3\Sy!PW
C-Tg, 
AMqlvW
.>Va2e#
FiS~Km-x
SC]+tz
	<'\@=
O:@8!nA
_=,?TB
E\Zb1G
z6O?]j
K@SpVqb
#q^2;N
1?D}& r
Slb]i*
/9I?.AG!'+
e:Q{)'
O\Z\Io
EdMLO5>=
?m8}O/02
mZjk/oi
}0 lls
8:SyEb
fHPh_Qf
EeO$5)
pF)G7|
Q	(-:D
RXCF|/
#M=(C v5,
"M*T?Pe=
}jA0%N
'e=g~up&
;,hTIvq
V<	J6X
0mWiX)"?m
N!'p%~
,?PxQ@
Tn?=-i$]
E%S[3?PY
}c5<H[N
Q!^J.y}
I$CmJ>B
^,:m;Q~
,{)J%/
	=@~Os
*[J=aO
C[B/;<
}{O"z D
Q}@F(#
xO/aHNF[9x
	"y:5e
=~6	t5
NUvj9L;
)WSi{.q
==5pDEW
)7^9l$
pLiZ=6
@zu Ra
Cp-wk%
SLVUD9U
&c-=b"
dpw^"q
y?CEpHOgA<
R9mmp>
b11O\f%
8.|^`U
cMnTKc
bWjVdL%pL
gWuzRi
9St.3R
phefm9 oX.
;\\e R
&6x)j?
GdK`X G
XhmGpuE
zfa$)b
&EONn1
X%V]TD
'SgC|!,?)G
l$r[ZF
_dq1]p
>Eehh%G
o_`Vtf
6 t;`TD'k
Xf	0o2?4a
fKSPy~#
sMMp/5
EcmS?AZ
(j|oV~
dHr +E
.Rus8vG
H/On$m
#]JZJdF
ILk4fE
P:I&]6d<,P
b:TObzM
$,X]A@
>EOWm/'
%}te7J
KdGVzM
u"]M!N
DRdEfV
Iz}RKh
POati7
fw`08v
lNGY@t
s1ZNke45l]e
<i[6<<n
p~';wi?j
!l6omS
r&^SaU
fvoD-C
5rgWNS
fFs4?]
?J*'S*
@3S&`v
,VW%pS^
e?Tc{dm
O>V*b)Z
P:TZxz
|9Rjr3?
wbkLg0jb
bwjcmbA
wbv`abS
5-e:Hj
bM-yO~+
iv~G'U
eZ0+`OR
?1#u?R
+r&-MHY
WnC+w%
1mIJL	^
2ay7q^
SOjQ]Z
ML5BuE
$'C,?Pc
ef]jk"0
puYn\G5,
 _U!"o
#JH|8EL=
H	&{`4
S<$'61
TFxN&Lk
P?!W%b
IRp(;z}[
ka>pCx
t3E /+
$x\4-T?
CJ^xPW
[A!T8;LR
#jh)6PI(6@1
~Zvp>55
k19B|p
)W{G,'
P2#lf^Vc
)c*U.[
R>xc!T
QzK)@9
p7`]MX
nJVs2m
Aif,Hk
>_1-u/
wD5~Q"
#p<)=6
^$;o\R
}]rWoG
1Y<vz$
*?|P_2B(W,,
{=ri(O
s-hWSB{)
qNe{de
*#sxtge
t2~*)O~D^
[E$wz-P
HBk>vh
6^6ol@
1l_7)C
]fz%V2N~I
`4dBHW{
3'.^	Vv
"xh<@E
]0'kSg4{
Y*uErFg
z\_3)2
'm7b\;
Ss8gb~
%EFH'U
;F`H)=
{GQu/m<1
dIHc6J
`Kh~:P
4F1'i?
A&>b%zZD
i*H'$mT
)ddvMy
'PGRsbT
.Os,0Dc
Fp??wK/
8D60co
VWe_>14
/'_w:=
_W>z66
p!IgVa
Co r{{
) bfoO
6gxj)[
x}+o!~.J
%HH^_E
Y\ITXgpX
[h^0jH|
NYRy*Ng
#iT2^5K
Jm{P(=
gUe=@t
)%a?prUk
@c!("R
#|D2Yg
maXEw)F
]z5|dx
N]BR" ~
oT/fAN
],#p~5'
vV._h-
: N2((
r~mQUy
16B`@Q
p|hXR3
 j4MP?NZx
srK_8q"p
`~.+b0
xgb&ZQ
+yUllF
yO^N?7(
bjoP7B5
+*1:&!h
@5<A?	
E9Nf#;
pg8>]_
}i>gJWw
"n1$H8
Yw6E^Iw
7iW<$P
^c$0F&
d_nz%:
v=:n4>82f
ko>_WQ
#,A&`z0b/
>&3Bx"
"r#Z51m
n!M	@|
i{7;AwX4
Cl{'_za
`cnj(0
nN(-LiB
SaQx2v)
<g0EPe
QIuVVot
/zVX#^
w9X	g9i0
9=53x;
h7IDv<a
wf(|m5]
~h:4g]3
tJ-wL9
:vn@\!
r#%.IF
$O9k!L
<"S?;B
$XS/Rw
M	o}I9
Bdt"=z*
;`OmY8jD_
y+YnCP~
@CU+hH
oB62hx$bO
U4_$@s[
_hXWe#@
 ;M)k;
Lr|`M&j8k
Qz)Rk@
M^:dwN
VIMM[@
]V'$wP
'G\`m`
\t:3YYBa
Pp69FC
~CI@85
(;<Cl*n
7k63GB^
A4/TlOV
^(8Ch*
4G7*2H
\hgaz0i
PegMKt
5I%}n6#
wXpI4<Q}
K[hh!5
JGa]K3h
*'w4.$9
'}k"ud
L_-uGCuG
_SqT))
<`Y3HO
0;1PPr
9%DH]6
A6MM>J
Gpnc<o
HNrSP"
C$:Bn#
D)*:a9
&h:z0I
#a	S6+:
HeSl-q?q
k_}5=L
3seMCC
23xS(DS
?N02bGG
|Y^vu9
J[ 5u {y?
Ou7CBg
3;IW=U
@3.0'x
"Udw/B
+Ey|Zu
!YcabQ
{7tQjS{
TLe	p+
^\S*GpK8
DnX@Bf1
Dc:I/}
?&R/CoFM
n*wzE[
N5YG{F
5-N	M]
VWXyuzz
$	e4f`
^nZ3%*
H1fx@; 
lePU0i
Te,s1+
V?]P07[T
\UfwA;
;;lu(8
wfkG(LV
/.no,p
!SqpfH
|'3k&=
>7[{Yc
F-4G#BF
DIiBHWF/z
O:qCW1
n6PbNeU
q 2J	n
;l*wsb
UWST.u
%ORL+O
m"%5@|
=>YT0i
[TPL|H
TZp|~$
71<Bv"
c.{\O?n
-.lwDXf#
T9I3g Q
cIthE-
kl*(*7
}s.h@i
CT:vMn
Lb"b!U
#y 9SP"
TQ5}JN
vm@R-F.it
K&Ag)b
jYeR!<`
'bM*l~
ZU^$EK
m"!9>\
D:]bv3Hh
/QT4\D-,
6]:`LxS
U<|4@1
0RL@yq>R
vp'T`x(
aw;[#(
oR3dqh
YZ7uq\FY
<7IHW!w
>f!4u\
J:2(ac
1v7<y9
FJLyG-
4\6>ml
$-:@}>l
]xQ7Geo`
B;i6:6
1a^m{GE9B%
`^>QF2'{
BM1)NN
f)XoZ/b
IA7	dUO+
gS"HzX
 CH!A}
|=~k/+~?
c(*E&J RIU 
cF.u-v\
+o8{2~n
du}9?s
*Y*:l9t^
I@Wz<IE
W^V0K	
VXqmJA
6SenBB
YK({Ld}&
8S,f|i
kI{ce$
IWL~	?B
^%<=1E
\gNu[=S
 O6k]o
R. CW>
YEH%C#
m]Z\';
4.'muT
Kty#[+"
?4#J6w
P}GgHE
pHUW|O
YzS7%5
P~k"yP'_
_<6cYt
oyL"(Yc
\|(x2,
Az#{UV
pZY`vw
tO*Hh5
Rge-H6X
XTE"N0
e`U!r"C
*(&%RDFil
,wVj-Y
R/1_6%
mJeN }I
dv0:r|
Uc;Y=o
u1t.86
H|EY*bu
cGw`	S
(KGG18
59L,=,7
Gs#w8>]w
I}	 !*
C=WgD_
^R>F@$
Fut%[?
{EUs&VM0
-@#bEG
1hO<DM
IgJ1!6
<%_{Z1	
 	2\./5
]X'k@:.w'N
S~)]sc
arfM?z}
Nd^sSI
R K&Vv
xT;lsp
olcDtpd=
	IZ{iB
^8=9{(LhwC
U}jL}PoyR
x=UDM A
V1#EwK
JwV6QG
Lj8x=U
_$)&5u
y1F#|P
]i~\2?
hCF's%O0E1
4gP:Wa
8t+P`>4
p4^d=`
d=G5<E
\uL&xMI