Sample details: edc410a6b2cf8d1dae1ee718ad66cd3c --

Hashes
MD5: edc410a6b2cf8d1dae1ee718ad66cd3c
SHA1: 6df5330159f9e99128386ce54790e8904a0fa065
SHA256: e38128fd668f47206ac402eef2310832a2ddaa25a802a06960e59a2acb5a33a2
SSDEEP: 24576:2RaZROMOm8FN7TjsPnzt2heeRhQbJEOeamF3:8kxOm+7TjsPnztyDMmaC
Details
File Type: PE32+
Added: 2019-02-25 13:34:39
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/AutoIt | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/inject_thread | YRP/network_http | YRP/escalate_priv | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API |
Source
http://host.gomencom.website/Downloads/lsass/lsass_servise/X64/lsass1.exe
http://mine.zarabotaibitok.ru/Downloads/lsass/lsass_servise/X64/lsass1.exe
Strings
		!This program cannot be run in DOS mode.
:Rich2
`.rdata
@.data
.pdata
@.rsrc
@.reloc
T$ t43
H UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
0A_A^A]A\_^]
Ew;G0tF
UVWATAUAVAWH
ucM9.t
A_A^A]A\_^]
HcL$`H
	HcL$0H
UVWATAUAVAWH
t$(!L$ 
@A_A^A]A\_^]
WATAUAVAWH
|$(!t$ 3
0A_A^A]A\_
WAVAWH
{ ATAVAWH
t5L9!u;H
A_A^A\
UVWATAUAVAWH
@A_A^A]A\_^]
x ATAVAWH
 A_A^A\
x ATAVAWH
0A_A^A\
|$ UAVAWH
0A_A^]
x ATAVAWH
 A_A^A\
x ATAVAWH
 A_A^A\
UAVAWH
3L9f8u
WAVAWH
 A_A^_
L$ SVWH
L$h9t$`
L$ SUAVH
D$hD9t$`tJH
L$ SWH
L$P9|$Ht0H
D;T$H|
l$ AVH
UAVAWH
@A_A^]
USVWAVAWH
D$xD9a$
A_A^_^[]
|$HA;E$
D$x;A$
UVWATAUAVAWH
t$pI!s
A_A^A]A\_^]
USVWATAUAVAWH
EpfD9B
A_A^A]A\_^[]
UWATAUAWH
A_A]A\_]
USVWATAUAVAWH
G*fA9E
A_A^A]A\_^[]
UWATAVAWH
A_A^A\_]
t$ WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
`A_A^A]A\_^]
t$ WATAUAVAWH
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
x UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
USVWAUAVAWH
Hc9Lci
A_A^A]_^[]
USVWATAUAVAWH
A_A^A]A\_^[]
x ATAVAWH
A_A^A\
USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAVH
pA^A\_^]
D$xv.H
UVWAVH
UVWATAUAVAWH
A_A^A]A\_^]
L$ UVWATAUAVAWH
A_A^A]A\_^]
u.9D$Pu29D$Xu69D$`u:9D$hu>9D$puBH
\$0L;R
WATAUAVAWH
 A_A^A]A\_
H WATAUAVAWH
A_A^A]A\_
UVWAUH
8\$0t*H
IcG0Ic
IcW(IcF
USVWAUI
A]_^[]
p WAVAWH
UAVAWH
D8u8tLA
UATAUAVAWH
A_A^A]A\]
UWATAUAWH
`A_A]A\_]
l$ VWATAVAWH
0A_A^A\_^
WATAUAVAWH
H;+r H
 A_A^A]A\_
UAVAWH
WAVAWH
 A_A^_
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
USVWAWH
A__^[]
x UATAUAVAWH
A_A^A]A\]
@SUVWAUAVAWH
|$0A8_ u2I
`A_A^A]_^][
HcQHE3
@SVWAVAWH
0A_A^_^[
0A_A^_^[
t$ WAVAWH
 A_A^_
fD91tXA
WATAUAVAWH
 A_A^A]A\_
WATAUAVAWH
 A_A^A]A\_
WATAUAVAWH
fE9$Ft!
 A_A^A]A\_
UVWATAUAVAWH
`A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
pA_A^A]A\_^]
UVWATAUAVAWH
|$PAU3!
A_A^A]A\_^]
UAVAWH
:#tbf97t
WAVAWH
fD9<Gt
 A_A^_
WAVAWH
 A_A^_
WAVAWH
 A_A^_
9\$hu(
WAVAWH
 A_A^_
f93t!H
USVAVAWH
A_A^^[]
H9y(tf@8y t`I
~D9{L~/
UVWAVH
|$`Lcl$pL
u29]@u-H
Lcl$pL
L$P;T$t
D$xD9L$P
 !"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012RRRRRRRRRRRR3345566789::::;<=<=>?>@ABC>@ABCRRRRRDEFGHIJKLMNO
            
t$ WATAUAVAWH
A_A^A]A\_
x ATAVAWH
 A_A^A\
s WAUAVH
H!t$ L
UVWATAUAVAWH
A_A^A]A\_^]
USVWATAUAVAWH
D$`D9Mo
A_A^A]A\_^[]
GHfD9H
USVWATAUAVAWH
IcL$lI
A_A^A]A\_^[]
I-fD9K
M+t$ A
x ATAUAVH
 A^A]A\
						
												
						
																									
x UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
PA_A^A]A\_^]
WAVAWH
 A_A^_
WAVAWH
fD9<Gt8Hc
fD9<Ou
 A_A^_
wfUD3"
wfUD3"
wfUD3"
ATAVAWH
 A_A^A\
fffffff
@8l$8t
WATAUAVAWH
@A_A^A]A\_
L$ USWH
D8t$8t
fA;8utI
fA;0t)fA98t
t$ WAVAWH
0A_A^_
UVWATAUAVAWH
 A_A^A]A\_^]
WAVAWH
 A_A^_
WATAUAVAWH
 A_A^A]A\_
H SVWAVH
(A^_^[
AUAVAWH
0A_A^A]
fffffff
fffffff
fffffff
fffffff
uLffff
fffffff
ffffff
fffffff
fffffff
fffffff
fffffff
uLffff
fffffff
ffffff
WAVAWH
fD9>u"
0A_A^_
L$ UVWATAUAVAWH
 A_A^A]A\_^]
t$ WATAUAVAW
A_A^A]A\_
^ffffff
fffffff
ffffff
fffffff
^8U)zj
0ffffff
fffffff
fffffff
L$ USVWH
~`HcE H
HcE Hc
x ATAVAWH
@A_A^A\
9\$(tlM
@UVWATAUAVAWH
e0A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
WAVAWH
 A_A^_
WATAUAVAWH
A_A^A]A\_
l$ VWATAVAWH
T$&@8t$&t9@8r
A81t@@8r
A_A^A\_^
t$ WAVAWH
LcA<E3
t$ WATAUAVAWH
D!l$h3
0A_A^A]A\_
UVWATAUAVAWH
 A_A^A]A\_^]
UVWATAUAVAWH
@A_A^A]A\_^]
UVWATAUAVAWH
9D$LupE
A_A^A]A\_^]
WAVAWH
 A_A^_
[ UVWH
!\$0!\$(!\$ L
UVWATAUAVAWH
A_A^A]A\_^]
USVWAVH
A^_^[]
` AUAVAWH
0A_A^A]
` AUAVAWH
t$8Hc0I
\$0D9=
A_A^A]
VWATAVAWH
 A_A^A\_^
\$ UVWATAUAVAWH
D9l$dtXH
HcD$PH;
HcD$PH;
A_A^A]A\_^]
UVWATAUAVAWH
D$DD9T$X
|$h+t$D+
A_A^A]A\_^]
WAVAWH
 A_A^_
@UATAUAVAWH
!t$(H!t$ I
A_A^A]A\]
u1!D$0
UVWATAUAVAWH
0A_A^A]A\_^]
t$ WATAUAVAWH
0A_A^A]A\_
WATAUAVAWH
 A_A^A]A\_
USVWATAUAVAWH
8UXt$@
XA_A^A]A\_^[]
VWATAVAWH
 A_A^A\_^
VWATAVAWH
 A_A^A\_^
p WAVAWH
SVWATAUAVAWH
PA_A^A]A\_^[
uAiD$P
x ATAVAWH
D8&t4H
D8d$Ht
A_A^A\
ATAVAWH
D8d$8t
@A_A^A\
Hct$PH
seHcD$XH
fD9!u:A
fD93tSH
CfD93u
H3E H3E
@UATAUAVAWH
A_A^A]A\]
@SUVWATAVAWH
PA_A^A\_^][
l$ VWAVH
9\$ ~>L
D82u&H
D8t$Ht
|$ UATAUAVAWH
A_A^A]A\]
|$ UATAUAVAWH
A_A^A]A\]
WATAVH
WATAUAVAWH
gfffffffH
D8L$Ht
A_A^A]A\_
x AUAVAWH
A_A^A]
@SUVWH
@SUVWH
@SUVWAVH
A^_^][
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
@USVWH
VWATAVAWH
A_A^A\_^
x AUAVAWH
 A_A^A]
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
D9t$htrH
@USVWATAUAVAWH
eHA_A^A]A\_^[]
@8t$8t
D$@;D$ 
D$D;D$$
Lct$pI
D;T$`|
uhL9D$`u
\$PL9D$xu
H9t$xt(H
H9t$`t
@8{ u	
|lD;t$ 
HcL$xH
t$L9} t
T$@HcH
D8xHt4H
L$PuvA
f90t%H
|$TEA06
D$8;D$h
C0;C4A
LcL$`L
T$Hu;L
?Hc{$H
CHcS$Hk
D$h9D$`
H;|$xs
D$`;D$`t H
D$x;T$h
H;|$xw
;T$h}_D
D$xD9L$P
9|$ht)9|$`t#Ic
H;|$xw
H;|$xu
9|$ht#Ic
H;|$xw
H;|$xu
HcD$XD
9D$Pt 
H;|$Xw
HcD$xH
L$Xu#H;
;T$@}NH
HcD$tL
HcT$@H
8HcL$`
uVHcL$`H
HcS$Hk
0HcS$Hk
L9R8u5A
f;D$8H
A+D$0H
A+D$0fD
A+D$0H
](A+D$0H
fA94$t0
u8fA9@
yRE;D$|
IcD$dA
A+D$0fE
yhIcI`I
IcL$`I
IcL$`I
I+z fA
I+D$ I
AfD9	u
HIcL$lI
HI9L$@r
A+L$(I
f90u	A
4FA;t$`|
A;T$|~
A+D$(L
IcD$dM
A;|$|~
fD9;u%A
9t$huJI
t4H;M@s$H
pI;S@s.M
WAVAWH
 A_A^_
t$ WATAUAVAWH
A_A^A]A\_
s WATAUAVAWH
A_A^A]A\_
UVWAVAWH
PA_A^_^]
uYL9D$PuR
u>f9ZHu
UVWATAUAVAWH
fD;x0sKH
fD;x0s
PA_A^A]A\_^]
|$ AVH
UVWATAUAVAWH
A_A^A]A\_^]
UVWAVAWH
A_A^_^]
UVWATAUAVAWH
f9uwr	H
A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
t%8]ot
A_A^A]A\_^]
WAVAWH
k VWAUAVAWH
D9;v=H
0A_A^A]_^
WAVAWH
0A_A^_
WAVAWH
0A_A^_
WATAUAVAWH
D$(+D$ 
D$,+D$$
0A_A^A]A\_
UVWAVAWH
D$`9D$h
tn;D$hrh;D$`rb
t"9|$`t	
 A_A^_^]
x ATAVAWH
@A_A^A\
UATAUAVAWH
A_A^A]A\]
` UAVAWH
UATAUAVAWH
A_A^A]A\]
WAVAWH
fD98u#H
fD98u1H
@A_A^_
H;}gtSH
x ATAVAWH
@A_A^A\
UAVAWH
WATAUAVAWH
 A_A^A]A\_
UWATAVAWH
A_A^A\_]
UATAUAVAWH
D$H+D$@9
D$L+D$D9
A_A^A]A\]
, <^w2H
H;L$(r
f9(t6H
UATAUAVAWH
A_A^A]A\]
x ATAVAWH
 A_A^A\
UVWAVAWH
PA_A^_^]
RX@8s]u
@8s\t<H
L$X@8s\t
UATAUAVAWH
fD9k t
A_A^A]A\]
f9|$ u
UAVAWH
@A_A^]
H;D$(u4H
VWATAVAWH
 A_A^A\_^
USVWATAUAVAWH
E;D$$|	E;
}PE;D$$
T$HD;}h~fI
@88t+I
A_A^A]A\_^[]
UVWATAUAVAWH
}OD9D$Hv'H
A_A^A]A\_^]
@USVWAVH
 A^_^[]
UVWATAUAVAWH
fD9,Cu
fD94Kt
FfE9TF
L$0fD9
L$0fD9
HcT$ D
T$ H;l$8
@A_A^A]A\_^]
f9D$0u
UVWATAUAVAWH
PA_A^A]A\_^]
WAVAWH
<^t	fA
 A_A^_
WATAUAVAWH
0A_A^A]A\_
H9Y(t_8Y tZI
UATAUAVAWH
A_A^A]A\]
WAVAWH
t&Hc+;n
@A_A^_
H9q(toH
8D$0u	@8w
WAUAVH
 A^A]_
t?H9_(u9
H9y(tgH
t$ UWATAVAWH
eDu(E3
A_A^A\_]
UVWAVAWH
|$Tu*E3
 A_A^_^]
UVWATAUAVAWH
fD9(t*H
D8k!uKH
D8k#t5H
A_A^A]A\_^]
WAVAWH
D$@@8s
D$@@8s
L$A@8s
L$B@8s
UAVAWH
@83t	2
D$@@8s
D$@@8s
0L$A@8s
0L$B@8s
t$ WAVAWH
 A_A^_
SUVWATAUAVAWH
(A_A^A]A\_^][
UVWAVAWH
`A_A^_^]
UATAUAVAWH
$fE97u	
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
tTH9(uO
x UATAUAVAWH
fD9&u$H
A_A^A]A\]
t-HcD$0
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
wfD9)u
A_A^A]A\]
@8|$X@
x ATAVAWH
A_A^A\
x ATAVAWH
fD9 t4H
 A_A^A\
WAVAWH
t$ WAVAWH
0A_A^_
WAVAWH
D$(!|$ 3
@A_A^_
f9t$@t
f93tOH
` UAVAWH
0A_A^]
VWATAVAWH
 A_A^A\_^
\$0t&H
WAVAWH
 A_A^_
VWATAVAWH
A_A^A\_^
HcEWHk
HcEWHk
HcEWHk
D;EW}"Ik
HcEWHk
WAVAWH
BHcD$TD
|$ UAVAWH
+]HD8}X
D8}Xtq
@A_A^]
h UAVAWH
uBI9	t;H
H9G s}H
WAVAWH
@A_A^_
WAVAWH
@A_A^_
@USVWATAVAWH
PA_A^A\_^[]
q(9s u4H
|$ AVH
L$0D+D$8E
UVWATAUAVAWH
A_A^A]A\_^]
x UATAUAVAWH
A_A^A]A\]
H UATAUAVAWH
A_A^A]A\]
` UAVAWH
UVWATAUAVAWH
A_A^A]A\_^]
h UAVAWH
|$ UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
L$DfA9
A_A^A]A\_^]
YHc\$8H
h UAVAWH
WAVAWH
 A_A^_
UWAUAVAWH
A_A^A]_]
x UATAVH
T$@HcH
T$@HcH
HcL$8H
t$ WAVAWH
HcL$HH
 A_A^_
D$8v!H
HcL$8H
D$8v!H
@USVWAWH
A__^[]
UATAUAVAWH
fD9 u4H
fD9 u"H
A_A^A]A\]
h UAVAWH
UWAUAVAWH
A_A^A]_]
|$ UAVAWH
UVWATAUAVAWH
fE9<$t[H
A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
HcL$8H
HcT$8H
x UATAUAVAWH
fE9/t/H
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
~QfA9<^u?
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
x UATAUAVAWH
H;\$(r
E f98u
A_A^A]A\]
|$ ATAVAWH
HcL$hH
@A_A^A\
HcL$8H
UWATAVAWH
A_A^A\_]
UATAUAVAWH
A_A^A]A\]
HcL$HH
x ATAVAWH
A_A^A\
UATAUAVAWH
A_A^A]A\]
WAVAWH
0A_A^_
x ATAVAWH
@A_A^A\
UWAUAVAWH
A_A^A]_]
UATAUAVAWH
A_A^A]A\]
UWAUAVAWH
A_A^A]_]
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
pA_A^A]A\_^]
WAVAWH
0A_A^_
WATAUAVAWH
A_A^A]A\_
UATAUAVAWH
@8}gt*H
A_A^A]A\]
USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
`A_A^A]A\_^]
x ATAVAWH
A_A^A\
UVWAVAWH
 A_A^_^]
T$THcH
UAVAWH
T$tHcH
9|$0tC
UVWAVAWH
0A_A^_^]
x ATAVAWH
 A_A^A\
t$ WAVAWH
@A_A^_
WAVAWH
UAVAWH
UVWAVAWH
A_A^_^]
UVWATAUAVAWH
A_A^A]A\_^]
UAVAWH
UATAUAVAWH
8)u1fD
fD94xt
A_A^A]A\]
UVWATAUAVAWH
0A_A^A]A\_^]
x ATAVAWH
0A_A^A\
t$ UWAVH
E,)E$H
WAVAWH
0A_A^_
UVWATAUAVAWH
pA_A^A]A\_^]
UAVAWH
UWATAVAWH
A_A^A\_]
p WATAUAVAWH
A_A^A]A\_
USVWATAUAVAWH
xA_A^A]A\_^[]
f90t$H
|$ AVH
ATAVAWH
0A_A^A\
` AUAVAWH
0A_A^A]
WAVAWH
0A_A^_
USVWATAUAWH
A_A]A\_^[]
AUAVAWH
@A_A^A]
@USVWAVH
D8uPt	A
PA^_^[]
L$ UVWATAUAVAWH
A_A^A]A\_^]
UATAUAVAWH
+|$t+\$p
\$x+\$pH
D+D$pL
A_A^A]A\]
UVWATAUAVAWH
+|$t+\$p
d$|+\$pD+d$t3
L$|+L$tH
D$x+D$p
A_A^A]A\_^]
WAVAWH
@A_A^_
u"8D$`ttH
|$ UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
pA_A^A]A\_^]
x UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
D9d$PveH
L$89D$LH
D;d$Pr
x UATAUAVAWH
HD9l$`t
A_A^A]A\]
x UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
L$XH9]
A_A^A]A\]
UVWATAUAVAWH
uY9|$tui
A_A^A]A\_^]
x UATAUAVAWH
A_A^A]A\]
` UAVAWH
L$ UVWATAUAVAWH
A_A^A]A\_^]
WAVAWH
L9;tLH
s WATAUAVAWH
0A_A^A]A\_
|$ UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
t#D8MXt
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
` UAVAWH
x UATAUAVAWH
A_A^A]A\]
` UAVAWH
fD9$^u
UWATAVAWH
A_A^A\_]
|$ UATAUAVAWH
A_A^A]A\]
@8}ouWH
L$ UVWATAUAVAWH
A_A^A]A\_^]
UATAUAVAWH
t$@fE9&tQH
A_A^A]A\]
UAVAWH
` UAVAWH
H9>u:E
WATAUAVAWH
 A_A^A]A\_
L9s8~K3
@$9G(u
9w$~[H
UVWATAUAVAWH
A_A^A]A\_^]
WAVAWH
@A_A^_
UATAWH
@A_A\]
WAVAWH
t$ UWATAVAWH
A_A^A\_]
h UAVAWH
l$ VWAVH
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
D$`v.H
A_A^A]A\_^]
UVWAUAVH
A^A]_^]
UWATAVAWH
fD9$Nu
A_A^A\_]
UVWATAUAVAWH
A_A^A]A\_^]
L$ H9_
VWATAVAWH
 A_A^A\_^
VWATAVAWH
A_A^A\_^
WAVAWH
 A_A^_
UATAUAVAWH
A_A^A]A\]
VATAUAVAWH
A_A^A]A\^
UVWATAUAVAWH
@A_A^A]A\_^]
|$ UATAUAVAWH
A_A^A]A\]
` UAVAWH
WAVAWH
@A_A^_
fD93u!
t+f90t&H
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
WATAUAVAWH
u:!\$(
0A_A^A]A\_
WATAUAVAWH
0A_A^A]A\_
|$ UATAUAVAWH
A_A^A]A\]
` UAVAWH
|$8+|$0
\$<+\$4
UATAUAVAWH
A_A^A]A\]
UAVAWH
UVWATAUAVAWH
A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
D;|$0wTH
`A_A^A]A\_^]
UVWATAUAVAWH
@A_A^A]A\_^]
D!D$(D!D$ E3
L$ UVWH
HcL$pH
WAVAWH
L9|$Pu
HcL$HHc|$PH
WATAUAVAWH
f9+tvH
A_A^A]A\_
WAVAWH
L$|+D$p+L$t
WATAUAVAWH
fE9!t%E3
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
HcM@LcE H
x ATAVAWH
A_A^A\
WAVAWH
x ATAVAWH
A_A^A\
WATAVH
D8shtI
HcL$@L
UATAUAVAWH
A_A^A]A\]
BHc\$@H
BHcL$0H
USVWAUAVAWH
1HcMXH
 A_A^A]_^[]
HcL$@H
)HcL$XH
LcL$PE3
UATAUAVAWH
HcL$0H
9HcL$ H
D$hfD9
LcD$TL
D$ LcD$T
A_A^A]A\]
WAVAWH
HcL$PH
UVWATAUAVAWH
HcL$PH
)HcMpH
H9\$@u
LcepHc
uaH9rhu[H
L$8+D$hM
D$t+D$l
A_A^A]A\_^]
HcL$@H
HcL$0I
UATAUAVAWH
u L9ihu
A_A^A]A\]
tLcL$0L
HcL$HH
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
Lcl$@H
A_A^A]A\_
UWATAVAWH
HcMOLcu
H!|$XH
D$PH!|$HH
A_A^A\_]
UVWATAUAVAWH
`A_A^A]A\_^]
SUVWATAUAVAWH
hA_A^A]A\_^][
D$(+D$ +\$$
;D$ |G;D$(
;D$$|5;D$,
UVWATAUAVAWH
0A_A^A]A\_^]
WAVAWH
 A_A^_
WATAVH
@A^A\_
HcL$0H
HcL$HH
UVWATAUAVAWH
HcL$pH
0A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_H
UVWATAUAVAWH
EHH9uH
0A_A^A]A\_^]
UWATAVAWH
MPE9&u
A_A^A\_]
UVWATAUAVAWH
@A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]H
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
` UAVAWH
D+{lD+cp
@A_A^]
USVWATAUAVAWH
D$XFt5
HcuPE3
A_A^A]A\_^[]
WATAUAVAWH
f#D$pA
t,f;D$8
A_A^A]A\_
x ATAVAWH
D;T$xt6H
0A_A^A\
WATAUAVAWH
D9i`~W
 A_A^A]A\_
WATAUAVAWH
0A_A^A]A\_
HLcGlH
WAVAWH
@A_A^_
x AVAWI
|$0A_A^
WAVAWH
 A_A^_
x ATAUAVAW
|$@A_A^A]A\
kernel32.dll
[:>:]]
[:<:]]
bad allocation
CorExitProcess
_hypot
RoInitialize
RoUninitialize
_nextafter
UUUUUU
UUUUUU
"e?<<<<<<l?
Il?333333c?
.i?0@I
d?000000`?
)|B?d!
L?UUUUUUU?
&?PPPPPPP?
0X8b?~
%GoU?*
(T?j?Y
Zod(^?
D W?{W
qS>g?h3
c?FA@s}
UUUUUU
UUUUUU
?UUUUUU
?UUUUUU
?UUUUUU
?UUUUUU
UUUUUU
UUUUUU
2]fQ	?5!
?UUUUUU
?UUUUUU
?UUUUUU
Unknown exception
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
(null)
`h````
xpxxxx
A03>A|
Q5rHg,>
j>>A?1
.>PJ;I:qE>
:>t6k'
])6M>&
CWD>~3
:>)*	v
_oD>Kg
N>O=I9
F>qUxv
/2GG>!B
zY;>u:m	
P>q_Y~
0><[cZUg^>
Y>kX>M
H[><y5
[*ncd>0
S>$hkDh$h>[2
UA>N0Wl
?8bunz8
?@En[vP
?UUUUUU
?7zQ6$
@^8U)zj
UUUUUU
UUUUUU
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
`h`hhh
xppwpp
CreateFile2
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
1#SNAN
1#QNAN
GetNativeSystemInfo
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
pqrstuvwxyz{$--%"!' 	&,[\
`abcdefghijkmno]
 !"#$%&'()))*+,-./0123456789:;<=>?@ABBCDEFGHIGJKLLBMBBNOPQRSTUVWXYZ[\]^G___________________________________________________`___________________________________________________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{__|}~
_____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
________________________________
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
Qkkbal
xdigit
ACCEPT
COMMIT
no error
\ at end of pattern
\c at end of pattern
unrecognized character follows \
numbers out of order in {} quantifier
number too big in {} quantifier
missing terminating ] for character class
invalid escape sequence in character class
range out of order in character class
nothing to repeat
operand of unlimited repeat could match the empty string
internal error: unexpected repeat
unrecognized character after (? or (?-
POSIX named classes are supported only within a class
missing )
reference to non-existent subpattern
erroffset passed as NULL
unknown option bit(s) set
missing ) after comment
parentheses nested too deeply
regular expression is too large
failed to get memory
unmatched parentheses
internal error: code overflow
unrecognized character after (?<
lookbehind assertion is not fixed length
malformed number or name after (?(
conditional group contains more than two branches
assertion expected after (?(
(?R or (?[+-]digits must be followed by )
unknown POSIX class name
POSIX collating elements are not supported
this version of PCRE is compiled without UTF support
spare error
character value in \x{} or \o{} is too large
invalid condition (?(0)
\C not allowed in lookbehind assertion
PCRE does not support \L, \l, \N{name}, \U, or \u
number after (?C is > 255
closing ) for (?C expected
recursive call could loop indefinitely
unrecognized character after (?P
syntax error in subpattern name (missing terminator)
two named subpatterns have the same name
invalid UTF-8 string
support for \P, \p, and \X has not been compiled
malformed \P or \p sequence
unknown property name after \P or \p
subpattern name is too long (maximum 32 characters)
too many named subpatterns (maximum 10000)
repeated subpattern is too long
octal value is greater than \377 in 8-bit non-UTF-8 mode
internal error: overran compiling workspace
internal error: previously-checked referenced subpattern not found
DEFINE group contains more than one branch
repeating a DEFINE group is not allowed
inconsistent NEWLINE options
\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
a numbered reference must not be zero
an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
(*VERB) not recognized or malformed
number is too big
subpattern name expected
digit expected after (?+
] is an invalid data character in JavaScript compatibility mode
different names for subpatterns of the same number are not allowed
(*MARK) must have an argument
this version of PCRE is not compiled with Unicode property support
\c must be followed by an ASCII character
\k is not followed by a braced, angle-bracketed, or quoted name
internal error: unknown opcode in find_fixedlength()
\N is not supported in a class
too many forward references
disallowed Unicode code point (>= 0xd800 && <= 0xdfff)
invalid UTF-16 string
name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
character value in \u.... sequence is too large
invalid UTF-32 string
setting UTF is disabled by the application
non-hex character in \x{} (closing brace missing?)
non-octal character in \o{} (closing brace missing?)
missing opening brace after \o
parentheses are too deeply nested
invalid range in character class
group name must start with a non-digit
parentheses are too deeply nested (stack check)
digits missing in \x{} or \o{}
Arabic
Armenian
Avestan
Balinese
Bassa_Vah
Bengali
Bopomofo
Brahmi
Braille
Buginese
Canadian_Aboriginal
Carian
Caucasian_Albanian
Chakma
Cherokee
Common
Coptic
Cuneiform
Cypriot
Cyrillic
Deseret
Devanagari
Duployan
Egyptian_Hieroglyphs
Elbasan
Ethiopic
Georgian
Glagolitic
Gothic
Grantha
Gujarati
Gurmukhi
Hangul
Hanunoo
Hebrew
Hiragana
Imperial_Aramaic
Inherited
Inscriptional_Pahlavi
Inscriptional_Parthian
Javanese
Kaithi
Kannada
Katakana
Kayah_Li
Kharoshthi
Khojki
Khudawadi
Lepcha
Linear_A
Linear_B
Lycian
Lydian
Mahajani
Malayalam
Mandaic
Manichaean
Meetei_Mayek
Mende_Kikakui
Meroitic_Cursive
Meroitic_Hieroglyphs
Mongolian
Myanmar
Nabataean
New_Tai_Lue
Ol_Chiki
Old_Italic
Old_North_Arabian
Old_Permic
Old_Persian
Old_South_Arabian
Old_Turkic
Osmanya
Pahawh_Hmong
Palmyrene
Pau_Cin_Hau
Phags_Pa
Phoenician
Psalter_Pahlavi
Rejang
Samaritan
Saurashtra
Sharada
Shavian
Siddham
Sinhala
Sora_Sompeng
Sundanese
Syloti_Nagri
Syriac
Tagalog
Tagbanwa
Tai_Le
Tai_Tham
Tai_Viet
Telugu
Thaana
Tibetan
Tifinagh
Tirhuta
Ugaritic
Warang_Citi
This is a third-party compiled AutoIt script.
DllGetClassObject
GetModuleHandleExW
GetSystemWow64DirectoryW
RegDeleteKeyExW
advapi32.dll
Error text not found (please report)
DEFINE
UTF16)
NO_AUTO_POSSESS)
NO_START_OPT)
LIMIT_MATCH=
LIMIT_RECURSION=
ANYCRLF)
BSR_ANYCRLF)
BSR_UNICODE)
argument is not a compiled regular expression
argument not compiled in 16 bit mode
internal error: opcode not recognized
internal error: missing capturing bracket
failed to get memory
WSOCK32.dll
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VERSION.dll
timeGetTime
mciSendStringW
waveOutSetVolume
WINMM.dll
InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
COMCTL32.dll
WNetAddConnection2W
WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
MPR.dll
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable
WININET.dll
GetProcessMemoryInfo
PSAPI.DLL
IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
IPHLPAPI.DLL
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile
DestroyEnvironmentBlock
USERENV.dll
IsThemeActive
UxTheme.dll
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
DecodePointer
lstrcmpiW
GetCurrentDirectoryW
IsDebuggerPresent
SetCurrentDirectoryW
GetFullPathNameW
CloseHandle
GetCurrentThread
GetCurrentProcess
DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
KERNEL32.dll
DestroyIcon
MessageBoxA
GetForegroundWindow
GetSysColorBrush
LoadCursorW
LoadIconW
RegisterClassExW
CreateWindowExW
ShowWindow
SetTimer
RegisterWindowMessageW
CreatePopupMenu
KillTimer
PostQuitMessage
SetFocus
MoveWindow
DefWindowProcW
MessageBoxW
GetUserObjectSecurity
OpenWindowStationW
GetProcessWindowStation
SetProcessWindowStation
OpenDesktopW
CloseWindowStation
CloseDesktop
SetUserObjectSecurity
GetWindowRect
PostMessageW
MapVirtualKeyW
SendMessageW
GetDlgCtrlID
GetParent
GetClassNameW
CharUpperBuffW
EnumChildWindows
SendMessageTimeoutW
ScreenToClient
GetWindowTextW
GetFocus
AttachThreadInput
GetWindowThreadProcessId
GetWindowLongPtrW
InvalidateRect
EnableWindow
IsWindowVisible
IsWindowEnabled
IsWindow
GetDesktopWindow
EnumWindows
DestroyWindow
GetMenu
GetClientRect
BeginPaint
EndPaint
ReleaseDC
CopyRect
SetWindowTextW
GetDlgItem
SendDlgItemMessageW
EndDialog
MessageBeep
DialogBoxParamW
LoadStringW
VkKeyScanW
GetKeyState
GetKeyboardState
SetKeyboardState
GetAsyncKeyState
SendInput
keybd_event
SystemParametersInfoW
FindWindowW
IsIconic
SetForegroundWindow
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuItemCount
GetMenuItemID
CheckMenuRadioItem
DeleteMenu
GetCursorPos
TrackPopupMenuEx
IsMenu
InsertMenuItemW
SetMenuDefaultItem
EnumThreadWindows
FindWindowExW
SetActiveWindow
ExitWindowsEx
mouse_event
CreateIconFromResourceEx
LoadImageW
MonitorFromRect
CharLowerBuffW
UnregisterHotKey
PeekMessageW
TranslateMessage
DispatchMessageW
LockWindowUpdate
GetMessageW
BlockInput
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
CountClipboardFormats
EmptyClipboard
SetClipboardData
SetRect
AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetWindowLongW
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongPtrW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
SetWindowLongPtrW
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
USER32.dll
GetDeviceCaps
DeleteObject
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
CreateSolidBrush
CreatePen
SetBkColor
RoundRect
SetBkMode
GetObjectW
SetViewportOrgEx
Rectangle
BeginPath
PolyDraw
Ellipse
MoveToEx
AngleArc
LineTo
CloseFigure
SetPixel
EndPath
StrokePath
StrokeAndFillPath
ExtCreatePen
GDI32.dll
GetOpenFileNameW
GetSaveFileNameW
COMDLG32.dll
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW
GetUserNameW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
ADVAPI32.dll
ShellExecuteW
Shell_NotifyIconW
ExtractIconExW
SHFileOperationW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHCreateShellItem
SHBrowseForFolderW
SHGetPathFromIDListW
SHEmptyRecycleBinW
DragQueryFileW
ShellExecuteExW
DragQueryPoint
DragFinish
SHELL32.dll
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
ole32.dll
OLEAUT32.dll
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
RtlPcToFileHeader
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableA
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
,[Bome
,[Bome
wwwwwwwwwwwwwx
wwwwwwwwwwwwwx
xwxwxx
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
jqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
~~~~~z~zzzzzzzzzzzzzzz
vvvvvvvvvvvvvvzvvvv~zz~zzzzzwzwzvzvz
knnnnnnnnnnnnnnnnnkv~z~zzzzzzzzxzxxxx
nGGHHH
nv~zsssssssszxzzzzx
nGGGHH
nv~~~~~~~z~zzzzxzxy
n..GGHHH
nv~~ssssssss{zzzyyy
n...GGHHH
nv~~~~~~~~~{{zzzzyz
n+....HGHHHH
ssssssst~{{zzyy
n++....G.HHH
~~~~{~{{{{
n!!+....HGHHHH
ssssstts~{~{{{{
n!!++.....HHHHHH
~~~~~~{~{{
!!!++....GGHHH
!!""....-HHHH
!!"".....HHHHnv
ssssssss
"""+....G-Hnv
""""..-.-Gnv
ssssssss
"""...-.nv
""""..-nv
ssssssss
nU_[_[D
!""".+nv
nOTUTU[[ED'
"""+nv
ssssssss
nCODOSSSWWWWXWLWaanv
n;;>D;DDDEESLWLLLLnv
ssssssss
;;:::3***3444nv
'''*"31nv
ssssssss
mnnnnnnnnnnnnnnnnnm
ssssssss
jurrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrruj
juuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuj
juuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
J>>>>>>>>>>>>>>>>ACA>>>>>>>>>G
>S]]]]]]]]]]]]]]]]]]]]]]]]]]]>
>S]]a]aaa]]]]]]a```____R_R_U]>
>_]]QQQQQQRQRQQQ_``__STTRRRR]>
>\]FIIIIIIIIIIFQ`LLLLLL_TRRR]>
>_]I$$$
IQ```a\a_`_URR]>
IQ^LLLLLL___RR]>
	IQ`_``a\a\_SRU]>
IQ````ca\a__a]]>
IQ`LLLLLL\]a_a]>
$$$IQ````aca_a\]_]>
$$IQ`LLLLLL]`
IQ``_`a\a`a
IQ`LLLLLLa\$
>_]IE=,
IQ``````a\a
>_]I66;;80-&&7IQ`LLLLLL`\
>]]I11255880::IQ`````a\ac
C]]I****,+...-IQ`LLLLLLca
  ""IQ````aca\c
C]]HIIIIIIIIIIH]aLLLLLLa\
C]]]]]]]]]]]]]]]]]]]]]]]]]]]]>
C_]a`a]]ac]a]a]a]a`a\a\a\ac]]>
DKLKKKLKKLKKKKLKLKLKLMKKKKLKL>
APOOOOOOOOOOOOOOOOOOOOO
>>>>>>>>>>>>>>>>>>>>>>>>>>>>J
H}AU3!EA06M
?g>%!d
Ta]`CT
|3e4?X
>)6%'u
n`2j&X]
pe7QVx
cqFf*z 
3&M`ti
-hAf.2c
0{dRW8
5Yk7%d
d4{.WhO
jTQ2%1
DGO)K.
!?ena0
S`iDJ_(8
*\xQ?Y!
V;/ld,
AU3!EA06
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 	<dependency>
 		<dependentAssembly>
 			<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>
 		</dependentAssembly>
 	</dependency>
 	<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
 		<security>
 			<requestedPrivileges>
 				<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
 			</requestedPrivileges>
 		</security>
 	</trustInfo>
	<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
 		<application>
 			<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
			<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
			<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
			<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
			<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
		</application>
 	</compatibility>
</assembly>